Feed aggregator

Toyota's New Power Plant Will Create Clean Energy From Manure

Slashdot -

schwit1 shares a report from Futurism: Japanese automobile giant Toyota is making some exciting moves in the realm of renewable, clean energy. The company is planning to build a power plant in California that turns the methane gas produced by cow manure into water, electricity, and hydrogen. The project, known as the Tri-Gen Project, was unveiled at this year's Los Angeles Auto Show. The plant, which will be located at the Port of Long Beach in California, will be "the world's first commercial-scale 100% renewable power and hydrogen generation plant," writes USA Today. Toyota is expecting the plant to come online in about 2020. The plant is expected to have the capability to provide enough energy to power 2,350 average homes and enough fuel to operate 1,500 hydrogen-powered vehicles daily. The company is estimating the plant to be able to produce 2.35 MW of electricity and 1.2 tons of hydrogen each day. The facility will also be equipped with one of the largest hydrogen fueling stations in the world. Toyota's North America group vice president for strategic planning, Doug Murtha, says that the company "understand[s] the tremendous potential to reduce emissions and improve society."

Read more of this story at Slashdot.

People Who Can't Remember Their Bitcoin Passwords Are Really Freaking Out Now

Slashdot -

An anonymous reader quotes a report from Slate: Bitcoin has had quite a week. On Thursday, the cryptocurrency surged past $19,000 a coin before dropping down to $15,600 by Friday midday. The price of a single Bitcoin was below $1,000 in January. Any investors who bought Bitcoins back in 2013, when the price was less than $100, probably feel pretty smart right now. But not all early cryptocurrency enthusiasts are counting their coins. Instead they might be racking their brains trying to remember their passwords, without which those few Bitcoins they bought as an experiment a few years ago could be locked away forever. That's because Bitcoin's decentralization relies on cryptography, where each transaction is signed with an identifier assigned to the person paying and the person receiving Bitcoin. "I've tried to ignore the news about Bitcoin completely," joked Alexander Halavais, a professor of social technology at Arizona State University, who said he bought $70 of Bitcoin about seven years as a demonstration for a graduate class he was teaching at the time but has since forgotten his password. "I really don't want to know what it's worth now," he told me. "This is possibly $400K and I'm freaking the fuck out. I'm a college student so this would change my life lmao," wrote one Reddit user last week. The user claimed to have bought 40 bitcoins in 2013 but can't remember the password now. "A few years ago, I bought about 20 euros worth of bitcoin, while it was at around 300eur/btc.," lamented another Reddit user earlier this week. "Haven't looked at it since, and recently someone mentioned the price had hit 10.000usd. So, I decided to take a look at my wallet, but found that it wasn't my usual password. I have tried every combination of the password variations I usually use, but none of them worked."

Read more of this story at Slashdot.

Insurers Are Rewarding Tesla Owners For Using Autopilot

Slashdot -

Britain's largest auto insurance company Direct Line is testing out an idea to let Tesla owners receive a 5% discount for switching on the car's autopilot system, seeking to encourage use of a system it hopes will cut down on accidents. Reuters reports: The move - confirmed by company representatives in response to Reuters' questions - is Tesla's only tie-up in the UK and comes at a time when the company is trying to convince insurers that its internet-connected vehicles are statistically safer. Direct Line said it was too early to say whether the use of the autopilot system produced a safety record that justified lower premiums. It said it was charging less to encourage use of the system and aid research. "Crash rates across all Tesla models have fallen by 40 percent since the introduction of the autopilot system ... However, when owners seek to insure their Tesla vehicles, this is not reflected in the pricing of premiums," Daniel Pearce, Financial Analyst at GlobalData, said. Direct Line, which is enjoying soaring motor insurance prices in Britain, said it sets premiums for Tesla drivers based on the risk they present, including who is driving, their age, driving experience and claim history.

Read more of this story at Slashdot.

Zero-Day iOS HomeKit Vulnerability Allowed Remote Access To Smart Accessories Including Locks

Slashdot -

Apple has issued a fix to a vulnerability that allowed unauthorized control of accessories, including smart locks and garage door openers. "Our understanding is Apple has rolled out a server-side fix that now prevents unauthorized access from occurring while limiting some functionality, and an update to iOS 11.2 coming next week will restore that full functionality," reports 9to5Mac. From the report: The vulnerability, which we won't describe in detail and was difficult to reproduce, allowed unauthorized control of HomeKit-connected accessories including smart lights, thermostats, and plugs. The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers, the former of which was demonstrated to 9to5Mac. The issue was not with smart home products individually but instead with the HomeKit framework itself that connects products from various companies. The vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple's mobile operating system, connected to the HomeKit user's iCloud account; earlier versions of iOS were not affected.

Read more of this story at Slashdot.

'Process Doppelganging' Attack Bypasses Most Security Products, Works On All Windows Versions

Slashdot -

An anonymous reader quotes a report from Bleeping Computer: Yesterday, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelganging." This new attack works on all Windows versions and researchers say it bypasses most of today's major security products. Process Doppelganging is somewhat similar to another technique called "Process Hollowing," but with a twist, as it utilizes the Windows mechanism of NTFS Transactions. "The goal of the technique is to allow a malware to run arbitrary code (including code that is known to be malicious) in the context of a legitimate process on the target machine," Tal Liberman & Eugene Kogan, the two enSilo researchers who discovered the attack told Bleeping Computer. "Very similar to process hollowing but with a novel twist. The challenge is doing it without using suspicious process and memory operations such as SuspendProcess, NtUnmapViewOfSection. In order to achieve this goal we leverage NTFS transactions. We overwrite a legitimate file in the context of a transaction. We then create a section from the modified file (in the context of the transaction) and create a process out of it. It appears that scanning the file while it's in transaction is not possible by the vendors we checked so far (some even hang) and since we rollback the transaction, our activity leaves no trace behind." The good news is that "there are a lot of technical challenges" in making Process Doppelganging work, and attackers need to know "a lot of undocumented details on process creation." The bad news is that the attack "cannot be patched since it exploits fundamental features and the core design of the process loading mechanism in Windows." More research on the attack will be published on the Black Hat website in the following days.

Read more of this story at Slashdot.

Google Puts Android Accessibility Crackdown On Hold

Slashdot -

Last month, Google issued a warning to Android app developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically used to help users with "disabilities." Since a lot of password managers use the Accessibility API, as well as poplar apps like Tasker automation and Greenify battery saver, there was a large amount of backlash from developers and users alike. According to SlashGear, Google is putting the Android accessibility crackdown on hold. From the report: Google has now sent another email that basically says "we'll think about it." It is evaluating "responsible and innovative use" of those services on a case to case basis. It is also requiring developers to explicitly inform users why they are asking for accessibility permissions rather than just informing them. This, of course, puts a heavier burden on Google, as it has to be more involved in the screening of apps rather than just rely on good ol' machine learning and automation. Developers and users probably won't mind, if it means still having access to those features that make Android a platform above all the rest.

Read more of this story at Slashdot.

Elon Musk Says Tesla Is Building Dedicated Chips For Autopilot

Slashdot -

Elon Musk says Tesla is developing its own chip to run the Autopilot system in future vehicles from the firm. The news was revealed at a Tesla party that took place at the intelligence conference NIPS. Attendees at the party told The Register that Musk said, "I wanted to make it clear that Tesla is serious about AI, both on the software and hardware fronts. We are developing custom AI hardware chips." From the report: Musk offered no details of his company's plans, but did tell the party that "Jim is developing specialized AI hardware that we think will be the best in the world." "Jim" is Jim Keller, a well-known chip engineer who was lead architect on a range of silicon at AMD and Apple and joined Tesla in 2016. Keller later joined Musk on a panel discussing AI at the Tesla Party alongside Andrej Karpathy, Tesla's Director of AI and chaired by Shivon Zilis, a partner and founding member at Bloomberg Beta, a VC firm. Musk is well known for his optimism about driverless cars and pessimism about whether AI can operate safely. At the party he voiced a belief that "about half of new cars built ten years from now will be autonomous." He added his opinion that artificial general intelligence (AGI) will arrive in about seven or eight years.

Read more of this story at Slashdot.

Apple Is Reportedly Buying Shazam For Nearly Half a Billion Dollars

Slashdot -

Apple is close to acquiring Shazam, one of the most recognized services for music recognition. While the exact amount is unknown, the service may be purchased by Apple for around $400 million. PhoneDog reports: Apple is close to acquiring Shazam, say sources speaking to TechCrunch. The deal will reportedly be signed this week and could be announced as early as next Monday. A report from Recode echoes the news of Apple acquiring Shazam, adding that Shazam will likely be valued at around $400 million. Apple -- and other companies -- already offer a music recognition service, but Apple must see something in Shazam's services that it thinks can help improve its own music recognition if it's going to drop nearly half a billion dollars on this deal. Shazam is able to identify TV shows, films, and advertisements in addition to music, so perhaps Apple sees some benefit to these abilities, too.

Read more of this story at Slashdot.

Chrome 63 Offers Even More Protection From Malicious Sites, Using Even More Memory

Slashdot -

An anonymous reader quotes a report from Ars Technica: To further increase its enterprise appeal, Chrome 63 -- which hit the browser's stable release channel yesterday -- includes a couple of new security enhancements aimed particularly at the corporate market. The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another. [...] Naturally, this greater use of multiple processes incurs a price; with this option enabled, Chrome's already high memory usage can go up by another 15 to 20 percent. As such, it's not enabled by default; instead, it's intended for use by enterprise users that are particularly concerned about organizational security. The other new capability is the ability for administrators to block extensions depending on the features those extensions need to use. For example, an admin can block any extension that tries to use file system access, that reads or writes the clipboard, or that accesses the webcam or microphone. Additionally, Google has started to deploy TLS 1.3, the latest version of Transport Layer Security, the protocol that enables secure communication between a browser and a Web server. In Chrome 63, this is only enabled between Chrome and Gmail; in 2018, it'll be turned on more widely.

Read more of this story at Slashdot.

Wim Leers: API-First Drupal — really!

Drupal Planet -

This blog has been quiet for the last year and a half, because I don’t like to announce things until I feel comfortable recommending them. Until today!

Since July 2016, API-First Drupal became my primary focus, because Dries felt this was one of the most important areas for Drupal’s future. Together with the community, I triaged the issue queue, and helped determine the most important bugs to fix and improvements to add. That’s how we ended up with REST: top priorities for Drupal … plan issues for each Drupal 8 minor:

If you want to see what’s going on, start following that last issue. Whenever there’s news, I post a new comment there.

But enough background. This blog post is not an update on the entire API-First Initiative, it’s about a particular milestone.

100% integration test coverage!

The biggest problem we encountered while working on rest.module, serialization.module and hal.module was unknown BC breaks 1. Because in case of a REST API, the HTTP response is the API. What is a bug fix for person X is a BC break for person Y. The existing test coverage was rather thin, and was often only testing “the happy path”: the simplest possible case. That’s why we would often accidentally introduce BC breaks.

Hence the clear need for really thorough functional (integration) test coverage2, which was completed almost exactly a year ago. We added EntityResourceTestBase, which tests dozens of scenarios3 in a generic way4, and used that to test the 9 entity types, that already had some REST test coverage, more thoroughly than before.

But we had to bring this to all entity types in Drupal core … and covering all 41 entity types in Drupal core was completed exactly a week ago!

The test coverage revealed bugs for almost every entity type. (Most of them are fixed by now.)

Tip: Subclass that base test class for your custom entity types, and easily get full REST test coverage — 41 examples available!

Guaranteed to remain at 100%

We added EntityResourceRestTestCoverageTest, which verifies that we have test coverage for all permutations of:

  • entity type
  • format: json + xml + hal_json
  • authentication: cookie + basic_auth + anon

It is now impossible to add new entity types without also adding solid REST test coverage!

If you forget that test coverage, you’ll find an ASCII-art llama talking to you:

Good people of #Drupal, I present unto you the greatest method of all time. https://github.com/drupal/drupal/blob/8.5.x/core/modules/rest/tests/src/Functional/EntityResource/EntityResourceRestTestCoverageTest.php#L141 pic.twitter.com/TiWLPt7duH

— webcsillag (@webchick) December 8, 2017

That is why we can finally say that Drupal is really API-First!

This of course doesn’t help only core’s REST module, it also helps the contributed JSON API and GraphQL modules: they’ll encounter far fewer bugs!

Thanks

So many people have helped! In random order: rogierbom, alexpott, harings_rob, himanshu-dixit, webflo, tedbow, xjm, yoroy, timmillwood, gaurav.kapoor, Gábor Hojtsy, brentschuddinck, Sam152, seanB, Berdir, larowlan, Yogesh Pawar, jibran, catch, sumanthkumarc, amateescu, andypost, dawehner, naveenvalecha, tstoeckler — thank you all!5

Special thanks to three people I omitted above, because they’re not well known in the Drupal community, and totally deserve the spotlight here, for their impressive contribution to making this happen:

That’s thirty contributors without whom this would not have happened!

And of course thanks to my employer, Acquia, for allowing me to work on this full-time!

Next

What is going to be the next big milestone we hit? That’s impossible to say, because it depends on the chains of blocking issues that we encounter. It could be support for modifying and creating config entities, it could be support for translations, it could be that all major serialization gaps are fixed, it could be file uploads, or it could be ensuring all normalizers work in both rest.module & jsonapi.module

The future will tell, follow along!

  1. Backwards Compatibility. ↩︎

  2. Nowhere near 100% test coverage, definitely not every possible edge case is tested, and that is fine↩︎

  3. Including helpful error responses when unauthenticated, unauthorized or just a bad request. This vastly improves DX: no need to be a Drupal expert to talk to a REST API powered by Drupal! ↩︎

  4. It is designed to be subclassed for an entity type, and then there are subclasses of that for every format + authentication combination. ↩︎

  5. And this is just from all the per-entity type test issues, I didn’t look at the blockers and blockers of blockers. ↩︎

  • Acquia
  • Drupal

The Neon Glow of Tokyo Modified Car Culture

Slashdot -

Jason Kottke: New Zealand drift racer Mike Whiddett recently travelled to Japan to explore Tokyo's "extraordinary after-dark modified auto scene." He found people making California-style lowriders, Dekotora (my favorite, if only for the sheer spectacle), illegally modified cars, and a man who says with a straight face that "driving an unmodified Lamborghini is boring."

Read more of this story at Slashdot.

Let's Encrypt looks forward to 2018

LWN Headlines -

The Let's Encrypt project, working to encrypt as much web traffic as possible, looks forward to the coming year. "First, we’re planning to introduce an ACME v2 protocol API endpoint and support for wildcard certificates along with it. Wildcard certificates will be free and available globally just like our other certificates. We are planning to have a public test API endpoint up by January 4, and we’ve set a date for the full launch: Tuesday, February 27."

Fedora council elections canceled

LWN Headlines -

The Fedora Project's currently underway elections for the Fedora Council, FESCo, and the Mindshare committee have been canceled due to some glitches in making the interview material available. The project plans to get its act together and retry the elections in early January.

Twitter Says It Accidentally Banned A Bunch Of Accounts

Slashdot -

An anonymous reader shares a report: Over the past 24 hours, some Twitter users had their profiles replaced with a notice saying their accounts were now being "withheld in: Worldwide." The "country withheld" program run by Twitter typically prevents users based in a specific country from from seeing tweets sent by a withheld account. This was the first time people could recall the company withholding accounts globally, which was in effect a total ban for the user. At the time of writing, BuzzFeed News had identified 21 accounts that were being withheld worldwide, and users on Twitter were beginning to wonder if this was a new method being used by the company to suspend accounts. But a Twitter spokesperson tells BuzzFeed News that the worldwide withholdings were in fact the result of a bug. "We have identified a bug that incorrectly impacted certain accounts. We have identified a fix, are working to resolve the issue, and anticipate it will be fully resolved shortly," the spokesperson told BuzzFeed News.

Read more of this story at Slashdot.

YouTube to Launch New Music Subscription Service in March

Slashdot -

An anonymous reader shares a report: YouTube plans to introduce a paid music service in March, according to people familiar with the matter, a third attempt by parent company Alphabet Inc. to catch up with rivals Spotify and Apple. The new service could help appease record-industry executives who have pushed for more revenue from YouTube. Warner Music Group, one of the world's three major record labels, has already signed on, said the people, who asked not to be identified discussing private talks. YouTube is also in talks with the two others, Sony Music Entertainment and Universal Music Group, and Merlin, a consortium of independent labels, the people said.

Read more of this story at Slashdot.

'Nature' Editorial Juxtaposes FOIA Email Release With Illegal Hacking

Slashdot -

Jason Koebler and Sarah Emerson, reporting for Motherboard: Private emails between scientists working on a controversial genetic technology called "gene drive" were released last week. Obtained through a Freedom of Information Act (FOIA) request, their publication has been criticized by some as an attempt to discredit the science community. Gene drives are a genetic engineering approach with huge implications. They're meant to seed genetic traits -- one that stops mosquitoes from carrying malaria, for instance, or hampers invasive rodents' ability to reproduce -- in a population, and with terrifyingly high odds of inheritance. If things go wrong, gene drives could destabilize ecosystems. (So far, they've only been applied to yeast, fruit flies, and mosquitoes in a lab setting.) More ideally, they could wipe out deadly plagues by targeting their vectors, or give threatened species a fighting chance. Like any young technology, there are a lot of unknowns, and stakeholders are hoping to provide clarity at the United Nations Convention on Biological Diversity next year; the same convention where a proposed gene drive moratorium was rejected in 2016. The emails and other documents reveal details about gene drive's biggest funders, including DARPA, the US military's research agency.

Read more of this story at Slashdot.

Zimbabwe's Internet Went Down for About Five Hours. The Culprit Was Reportedly a Tractor.

Slashdot -

Zimbabweans lost internet access en masse on Tuesday when a tractor reportedly cut through key fiber-optic cables in South Africa and another internet provider experienced simultaneous issues with its primary internet conduits. From a report: The outage began shortly before noon local time and persisted for more than five hours, affecting not only citizens' day-to-day internet usage but businesses that rely upon web access. And while five internet-free hours might sound unfathomable to those of us accustomed to having the web constantly at our fingertips, large-scale internet outages -- from inadvertent lapses caused by ship anchors to government-calculated blackouts designed to showcase political power -- do happen, and maybe more frequently than you'd thought. According to local news sources, a tractor in South Africa damaged cables belonging to Liquid Telecom, which has an 81.5 percent market share of Zimbabwe's international-equipped internet bandwidth as of the second quarter of 2017 and leases capacity to other internet providers. In a bad coincidence, city council employees in Kuwadzana, a suburb of Zimbabwe's capitol city of Harare, cut an additional TelOne cable around the same time. (According to NewsDay Zimbabwe, it was an accident. The company blamed "faults that occurred on our main links through South Africa and Botswana" in a statement.)

Read more of this story at Slashdot.

Bangladesh Bank, NY Fed Discuss Suing Manila Bank For Heist Damages

Slashdot -

An anonymous reader shares a report: Bangladesh's central bank has asked the Federal Reserve Bank of New York to join a lawsuit it plans to file against a Philippines bank for its role in one of the world's biggest cyber-heists, several sources said. The Fed is yet to respond formally, but there is no indication it would join the suit. Unidentified hackers stole $81 million from Bangladesh Bank's account at the New York Fed in February last year, using fraudulent orders on the SWIFT payments system. The money was sent to accounts at Manila-based Rizal Commercial Banking Corp and then disappeared into the casino industry in the Philippines.

Read more of this story at Slashdot.

Amazon Bringing Echo and Alexa To 80 Additional Countries in Major Global Expansion

Slashdot -

Amazon is launching three of its Echo devices with Alexa in 80 additional countries starting today -- a major international expansion for the company's smart speakers and voice-based assistant. From a report: New markets for the Echo, Echo Dot, and Echo Plus include Mexico, China, Russia and other countries in regions and continents including Europe, Africa, South America, the Middle East and Asia. Other Echo devices, such as the touch-screen Echo Show, are not included as part of the international expansion. Echo devices were previously only available in the US, UK, Germany, India, Japan, and Canada. Amazon earlier announced plans to bring Echo and Alexa to Australia and New Zealand next year. In addition, Amazon says its Music Unlimited subscription streaming service is available in 28 additional countries, including many of those where the Echo is now expanding, as well. Recommended reading: Don't buy anyone an Amazon Echo speaker.

Read more of this story at Slashdot.

Pages

Subscribe to Heydon Consulting aggregator