Slashdot

Health, science and technology

Slashdot

文章 #1  未閱讀文章News Express[FIND] » 2021-05-07 11:30

Slashdot
News for nerds, stuff that matters

Study: Using Apple's Night Shift To Improve Your Sleep? Don't Bother

Researchers at Brigham Young University conducted a study to see how much blue-light-reducing features like Apple's Night Shift improve sleep quality. Their conclusion? Night Shift doesn't help at all. From a report: In the study, which was published in Sleep Health, the BYU researchers assessed the sleep quality of 167 young adults, asking each to wear a wrist accelerometer before sleep. Participants were randomly assigned three conditions regarding iPhone use before bed: one group didn't use their iPhones at all, one group used their iPhones without Night Shift enabled, and another group used their iPhones with Night Shift enabled. "There were no significant differences in sleep outcomes across the three experimental groups," the researchers concluded. For individuals who slept more than 6.8 hours per night, there was some improvement in sleep quality for those who did not use their smartphones at all. But Night Shift didn't have a significant impact, and there was no difference between those who used smartphones and those who didn't when the amount of sleep was less than 6.8 hours per night. "This suggests that when you are super tired, you fall asleep no matter what you did just before bed... the sleep pressure is so high, there is really no effect of what happens before bedtime," said Chad Jensen, one of the researchers.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


Google Will Automatically Enroll Users in Two-Factor Authentication Soon

Most security experts agree that two-factor authentication (2FA) is a critical part of securing your online accounts. Google agrees, but it's taking an extra step: It's going to automatically sign Google account holders up for two-factor accounts. From a report: In a way, Google sees two-factor authentication as a replacement for passwords, which Mark Risher, Google's director of product management for identity and user security, in a statement called "the single biggest threat to your online security." Because they're easy to steal and hard to remember, users will end up reusing passwords. If stolen, they can be used to unlock multiple user accounts, adding to the risk. Google already uses 2FA to secure accounts, but it's been optional until now. According to Risher, Google will start "automatically enrolling users in 2SV [what Google calls 2FA] if their accounts are appropriately configured." However, Google said that users would be given an opportunity to opt out, too.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


Amazon Drivers Are Instructed To Drive Recklessly To Meet Delivery Quotas

Amazon delivery companies around the United States are encouraging reckless and dangerous driving by ordering delivery drivers to shut off an app called Mentor that Amazon uses to monitor drivers' speed and give them a safety score to prevent accidents. Drivers say they are being ordered to turn the app off by their bosses so that they can speed through their delivery routes in order to hit Amazon's delivery targets. From a report: Sign out of Mentor if you haven't already," an dispatcher at an Amazon delivery company texted a delivery driver at DDT2, an Amazon warehouse in the suburbs of Detroit, Michigan a little after noon on a day in March, according to a screenshot obtained by Motherboard. This was less than five hours into his 10-hour shift. "Starting tomorrow everyone needs to be logged into Mentor for at least 2 hours no more no less, so make sure that's one of the first things we're doing in the mornings," a dispatcher at DAT2, an Amazon delivery station in the suburbs of Atlanta told drivers who work 10-hour shifts in a group chat in May 2020.

Mentor is a smartphone app made by a company called eDriving, which partners with Amazon to monitor the driving behaviors of delivery drivers at Amazon Delivery Service Partners, which are quasi-independent companies who are contracted by Amazon to deliver packages in Amazon-branded vans. Using sensors in a driver's smartphone, Mentor collects information about a driver's acceleration, braking, cornering, and speeding. It also detects "phone distraction" based on how much a driver is using their phone outside of the Mentor app. It then gives drivers a "FICO Safe Driving Score" in order to "objectively measure how safe a driver is." Amazon ties driver bonuses to several metrics, including a delivery worker's driving score.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


Netflix is Exploring Developing 'N-Plus'

Custom TV show playlists? In memoriam pages? They're all things that Netflix is weighing for "N-Plus," a project it describes as a "future online space where you can learn more about the Netflix shows and things related to them." From a report: In a survey sent to users, including Protocol reporter Biz Carson, Netflix queried people about a wide range of features and content, including podcasts, user-generated playlists, how-tos and more. "N-Plus is a future online space where you can learn more about the Netflix shows you love and anything related to them," the survey said. Contacted by Protocol, a Netflix spokesperson said that the survey was part of regular efforts to poll its audience on things the company was exploring, but said that it didn't have anything further to share for now. Netflix has long produced behind-the-scenes interviews, podcasts and other supporting content to promote its originals, and shared it through YouTube, Instagram and other platforms; examples for this include its Netflix Family Instagram account or Strong Black Lead Twitter following. The survey now suggests that the company may double down on those promotional efforts, while also adding some additional social features.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


Broadband Companies Paid For 8.5 Million Fake Net Neutrality Comments, New York AG Reports

The Office of the New York Attorney General said in a new report that a campaign funded by the broadband industry submitted millions of fake comments supporting the 2017 repeal of net neutrality. wiggles shares a report: The Federal Communications Commission's contentious 2017 repeal undid Obama-era rules that barred internet service providers from slowing or blocking websites and apps or charging companies more for faster speeds to consumers. The industry had sued to stop these rules during the Obama administration but lost. The proceeding generated a record-breaking number of comments -- more than 22 million -- and nearly 18 million were fake, the attorney general's office found. It has long been known that the tally included fake comments. One 19-year-old in California submitted more than 7.7 million pro-net neutrality comments. The attorney general's office did not identify the origins of another "distinct group" of more than 1.6 million pro-net neutrality comments, many of which used mailing addresses outside the U.S. A broadband industry group, called Broadband for America, spent $4.2 million generating more than 8.5 million of the fake FCC comments. Half a million fake letters were also sent to Congress.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


Biden Backs Waiving International Patent Protections For COVID-19 Vaccines

President Biden threw his support behind a World Trade Organization proposal earlier this week to waive intellectual property protections for COVID-19 vaccines, clearing a hurdle for vaccine-strapped countries to manufacture their own vaccines even though the patents are privately held. From a report: "This is a global health crisis, and the extraordinary circumstances of the COVID-19 pandemic call for extraordinary measures," U.S. trade representative Katherine Tai said in a statement. "The Administration believes strongly in intellectual property protections, but in service of ending this pandemic, supports the waiver of those protections for COVID-19 vaccines." The pace of vaccinating against COVID-19 in the U.S. is slowing down. In some places, there are more vaccine doses than people who want them. Meanwhile, India is now the epicenter of the pandemic, and just 2% of its population is fully vaccinated. The WTO is considering a proposal to address that inequity, as India, South Africa and over 100 other nations advocate to waive IP rights for COVID-19 vaccines and medications, which could let manufacturers in other countries make their own.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


Google Play's App Listings Will Require Privacy Info Next Year, Just Like the App Store

Starting next year, apps on Google Play will show details about what data they collect, as well as other information about their privacy and security practices, in a new safety section in their listing. From a report: The announcement comes just a few months after Apple started displaying similar privacy information in the App Store. In the same way Apple's policy covers both its own apps and those developed by third parties, Google says its first-party apps will also be required to provide this information. According to Google, the initiative is meant to "help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security." The section will detail what user data an app has access to (like location, contacts, or personal info like an email address), but Google says it also wants to let developers give context to explain how it's used and what it means for their apps' functionality.

In particular, Google says apps will give information about whether data is encrypted, whether they comply with Google's policies around apps aimed at children, and whether users can opt out of data sharing. Google says the information will also highlight whether a third party has verified the app's safety section, and whether users can request that their data be deleted. The new policy won't come into effect for several months, and Google says this should give developers enough time to implement the changes.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


Apple Offered Special App Store API Access To Hulu and Other Developers

App Store Vice President Matt Fischer is on the stand answering questions from Apple and Epic lawyers, and one of the emails shared as evidence confirms that Apple has established special deals with major app developers like Hulu. From a report: In 2018, a tweet from developer David Barnard commented about App Store subscriptions being automatically cancelled through the StoreKit API, questioning why there hadn't been more offers to swap billing away from the App Store. Matt Fischer asked Cindy Lin about it, and she explained that Hulu is a developer with special access to a subscription cancel/refund API. Hulu is part of the set of whitelisted developers with access to subscription cancel/refund API. Back in 2015 they were using this to support instant upgrade using a 2 family setup, before we had subscription upgrade/downgrade capabilities built in. Apple does not further detail who other developers with special access might have been in the correspondence, but these are not features that all developers have access to. Apple has long said that the App Store provides a "level playing field" that treats all apps in the App Store the same with one set of rules for everybody and no special deals or special terms, but it's clear that some apps are indeed provided with special privileges.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


Opposing PRO Act, Uber and Other Gig Companies Spend Over $1 Million Lobbying

An anonymous reader quotes a report from The Intercept: Even as President Joe Biden called for Congress during his joint address last week to pass labor reform legislation, a slate of gig companies has spent over $1 million lobbying Congress to influence the PRO Act and other related issues in 2021 alone, according to newly released lobbying disclosures. Ride-hailing companies Uber and Lyft and delivery apps DoorDash and Instacart spent at least $1,190,000 on 32 lobbyists to persuade members of Congress on the PRO Act, first quarter disclosure reports show. The bill, which the House of Representatives passed in early March, would allow many gig workers to unionize and make it harder for companies to union-bust, among other changes.

Uber alone spent $540,000 in the first quarter of 2021 lobbying on "issues related to the future of work and the on-demand economy, possible anti-competitive activities that could limit consumers access to app-based technologies," the PRO Act, and other related labor issues. Lyft spent $430,000, DoorDash $120,000, and Instacart $100,000 on lobbying on the PRO Act and other issues, according to disclosures. The PRO Act would make the most pivotal changes to labor law since the 1970s. In addition to giving many gig workers the right to unionize, it would grant employees whistleblower protections and prohibit companies from retaliating against participants in strikes and other union-related activities. A 2019 report from Gallup commissioned by Intuit estimated that 17 percent of U.S. adults engaged in self-employment. These reforms threaten the profits of gig companies, which rely on a large and fluid group of independent contractors.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


Microsoft Is Finally Ditching Its Windows 95-Era Icons

Microsoft is now planning to refresh the Windows 95-era icons you still sometimes come across in Windows 10. The Verge reports: Windows Latest has spotted new icons for the hibernation mode, networking, memory, floppy drives, and much more as part of the shell32.dll file in preview versions of Windows 10. This DLL is a key part of the Windows Shell, which surfaces icons in a variety of dialog boxes throughout the operating system. It's also a big reason why Windows icons have been so inconsistent throughout the years. Microsoft has often modernized other parts of the OS only for an older app to throw you into a dialog box with Windows 95-era icons from shell32.dll. Hopefully this also means Windows will never ask you for a floppy disk drive when you dig into Device Manager to update a driver. That era of Windows, along with these old icons, has been well and truly over for more than a decade now. These new changes are part of Microsoft's design overhaul to Windows 10, codenamed Sun Valley. "We're expecting to hear more about Sun Valley at Microsoft's Build conference later this month, or as part of a dedicated Windows news event," notes The Verge.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


Coinbase To Close San Francisco Offices For Good, Will Have No Headquarters

The biggest U.S. cryptocurrency exchange, Coinbase, has announced it will close its San Francisco offices for good. SFGate reports: The company -- founded in June 2012 by former Airbnb engineer Brian Armstrong -- has had a speedy rise to the top in the nascent crypto industry, though its practices have also sometimes stoked controversy. [...] Coinbase's 1,200 employees are now decentralizing, and the company will no longer have a physical headquarters at all. The announcement on Twitter on Wednesday that the company's Market Street offices would shutter next year wasn't a total shock. A year ago, Armstrong announced the company would be "remote first" and not have a specific headquarters. Coinbase say they will instead offer some smaller offices elsewhere, but didn't give details. "Closing our SF office is an important step in ensuring no office becomes an unofficial HQ and will mean career outcomes are based on capability and output rather than location," the company said in a statement. "Instead, we will offer a network of smaller offices for our employees to work from if they choose to."

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


How China Turned a Prize-Winning iPhone Hack Against the Uyghurs

An attack that targeted Apple devices was used to spy on China's Muslim minority -- and US officials claim it was developed at the country's top hacking competition. An anonymous reader shares an excerpt from an MIT Technology Review article: The Tianfu Cup offered prizes that added up to over a million dollars. [It was held in November 2018, shortly after the Chinese banned cybersecurity researchers from attending overseas hacking competitions.] The $200,000 top prize went to Qihoo 360 researcher Qixun Zhao, who showed off a remarkable chain of exploits that allowed him to easily and reliably take control of even the newest and most up-to-date iPhones. From a starting point within the Safari web browser, he found a weakness in the core of the iPhones operating system, its kernel. The result? A remote attacker could take over any iPhone that visited a web page containing Qixun's malicious code. It's the kind of hack that can potentially be sold for millions of dollars on the open market to give criminals or governments the ability to spy on large numbers of people. Qixun named it "Chaos."

Two months later, in January 2019, Apple issued an update that fixed the flaw. There was little fanfare—just a quick note of thanks to those who discovered it. But in August of that year, Google published an extraordinary analysis into a hacking campaign it said was "exploiting iPhones en masse." Researchers dissected five distinct exploit chains they'd spotted "in the wild." These included the exploit that won Qixun the top prize at Tianfu, which they said had also been discovered by an unnamed "attacker." The Google researchers pointed out similarities between the attacks they caught being used in the real world and Chaos. What their deep dive omitted, however, were the identities of the victims and the attackers: Uyghur Muslims and the Chinese government.

Shortly after Google's researchers noted the attacks, media reports connected the dots: the targets of the campaign that used the Chaos exploit were the Uyghur people, and the hackers were linked to the Chinese government. Apple published a rare blog post that confirmed the attack had taken place over two months: that is, the period beginning immediately after Qixun won the Tianfu Cup and stretching until Apple issued the fix. MIT Technology Review has learned that United States government surveillance independently spotted the Chaos exploit being used against Uyghurs, and informed Apple. (Both Apple and Google declined to comment on this story.) The Americans concluded that the Chinese essentially followed the "strategic value" plan laid out by Qihoo's Zhou Hongyi; that the Tianfu Cup had generated an important hack; and that the exploit had been quickly handed over to Chinese intelligence, which then used it to spy on Uyghurs. The US collected the full details of the exploit used to hack the Uyghurs, and it matched Tianfu's Chaos hack, MIT Technology Review has learned. (Google's in-depth examination later noted how structurally similar the exploits are.) The US quietly informed Apple, which had already been tracking the attack on its own and reached the same conclusion: the Tianfu hack and the Uyghur hack were one and the same. The company prioritized a difficult fix.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


WallStreetBets Forum Members Targeted in Telegram Cryptocurrency Scam

Members of Reddit's WallStreetBets forum were targeted in a probable cryptocurrency scam that could have left its victims with at least $2 million in losses. Bloomberg reports: Using the Telegram messaging service, an account called "WallStreetBets - Crypto Pumps" offered users the chance to buy a new token known as WSB Finance before it was listed on crypto exchanges, in what is referred to as a pre-mine sale. The account isn't affiliated with the infamous stock message board. The account running the sale told users to send Binance Coin, known as BNB, or Ether to a cryptocurrency wallet and then to contact its "token bot" on Telegram to receive WSB Finance coins. Those coins were never delivered. A second message then went out on Telegram telling those that had already sent payment that because of a problem with the bot, they'd have to send an equal amount again or they would lose their initial investment. Now thousands of people are taking to Telegram to voice their regrets and try and track down the person or persons behind the account.

More than 3,451 Binance Coin tokens were removed Tuesday from the wallet listed in the Crypto Pumps messages, according to data from BscScan, a validator on the Binance Smart Chain, a blockchain network that runs so-called smart-contract applications. At Binance Coin's current price of $625, that comes to more than $2.1 million and doesn't account for any Ether the account may have been sent. The "WallStreetBets - Crypto Pumps" account has since been deleted from Telegram, but whoever controlled it left those waiting on their payouts with a clue as to where there funds were going: "Buying lambo now."

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


When Autonomous Cars Teach Themselves To Drive Better Than Humans

schwit1 shares a report from IEEE Spectrum, written by Evan Ackerman: A few weeks ago, the CTO of Cruise tweeted an example of one of their AVs demonstrating a safety behavior where it moves over to make room for a cyclist. What's interesting about this behavior, though, is that the AV does this for cyclists approaching rapidly from behind the vehicle, something a human is far less likely to notice, much less react to. A neat trick -- but what does it mean, and what's next? In the video [here], as the cyclist approaches from the rear right side at a pretty good clip, you can see the autonomous vehicle pull to the left a little bit, increasing the amount of space that the cyclist can use to pass on the right.

One important question that we're not really going to tackle here is whether this is even a good idea in the first place, since (as a cyclist) I'd personally prefer that cars be predictable rather than sometimes doing weirdly nice things that I might not be prepared for. But that's one of the things that makes cyclists tricky: we're unpredictable. And for AVs, dealing with unpredictable things is notoriously problematic. Cruise's approach to this, explains Rashed Haq, VP of Robotics at Cruise, is to try to give their autonomous system some idea of how unpredictable cyclists can be, and then plan its actions accordingly. Cruise has collected millions of miles of real-world data from its sensorized vehicles that include cyclists doing all sorts of things. And their system has built up a model of how certain it can be that when it sees a cyclist, it can accurately predict what that cyclist is going to do next.

Essentially, based on its understanding of the unpredictability of cyclists, the Cruise AV determined that the probability of a safe interaction is improved when it gives cyclists more space, so that's what it tries to do whenever possible. This behavior illustrates some of the critical differences between autonomous and human-driven vehicles. Humans drive around with relatively limited situational awareness and deal with things like uncertainty primarily on a subconscious level. AVs, on the other hand, are constantly predicting the future in very explicit ways. Humans tend to have the edge when something unusual happens, because we're able to instantly apply a lifetime's worth of common-sense knowledge about the world to our decision-making process. Meanwhile, AVs are always considering the safest next course of action across the entire space that they're able to predict.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...


US Physics Lab Fermilab Exposes Proprietary Data For All To See

Multiple unsecured entry points allowed researchers to access data belonging to Fermilab, a national particle physics and accelerator lab supported by the Department of Energy. Ars Technica reports: This week, security researchers Robert Willis, John Jackson, and Jackson Henry of the Sakura Samurai ethical hacking group have shared details on how they were able to get their hands on sensitive systems and data hosted at Fermilab. After enumerating and peeking inside the fnal.gov subdomains using commonly available tools like amass, dirsearch, and nmap, the researchers discovered open directories, open ports, and unsecured services that attackers could have used to extract proprietary data. The server exposed configuration data for one of Fermilab's experiments called "NoVa," which concerns studying the purpose of neutrinos in the evolution of the cosmos. The researchers discovered that one of the tar.gz archives hosted on the FTP server contained Apache Tomcat server credentials in plaintext. The researchers verified that the credentials were valid at the time of their discovery but ceased experimenting further so as to keep their research efforts ethical.

Likewise, in another set of unrestricted subdomains, the researchers found over 4,500 tickets used for tracking Fermilab's internal projects. Many of these contained sensitive attachments and private communications. And yet another server ran a web application that listed the full names of users registered under different workgroups, along with their email addresses, user IDs, and other department-specific information. A fourth server identified by the researchers exposed 5,795 documents and 53,685 file entries without requiring any authentication. [...] Fermilab was quick to respond to the researchers' initial report and squashed the bugs swiftly.

圖檔
圖檔

Read more of this story at Slashdot.

Read more...
News Express[FIND]
 
文章: 399
註冊時間: 2010-04-14 04:51

回到 醫藥與科技

誰在線上

正在瀏覽這個版面的使用者:沒有註冊會員 和 1 位訪客

cron