Government

The FBI's Internal Guide For Getting Data From AT&T, T-Mobile, Verizon (vice.com) 10

An anonymous reader quotes a report from Motherboard: A newly obtained document written by the FBI lays out in unusually granular detail how it and other law enforcement agencies can obtain location information of phones from telecommunication companies. Ryan Shapiro, executive director of nonprofit organization Property of the People, shared the document with Motherboard after obtaining it through a public record act request. Property of the People focuses on obtaining and publishing government records. The document, a 139 page slide presentation dated 2019, is written by the FBI's Cellular Analysis Survey Team (CAST). CAST supports the FBI as well as state, local, and tribal law enforcement investigations through the analysis of call data and tower information, the presentation adds. That can include obtaining the data from telecommunications companies in the first place; analyzing tower dumps that can show which phones were in an approximate location at a given time; providing expert witness testimony; and performing drive tests to verify the actual coverage of a cell tower.

"When necessary, CAST will utilize industry standard survey gear drive test equipment to determine the true geographical coverage breadth of a cell site sector," the presentation reads. The presentation highlights the legal process required to obtain information from a telecommunications company, such as a court order or search warrant. The LinkedIn profile of one CAST member Motherboard found says they have a "special emphasis in historical cell site analysis which is typically used for locating phones (and the individuals attached to those phones) for cases such as kidnappings, homicides, missing persons, and robberies." CAST provides its own cell phone data visualization tool to law enforcement officials around the country called CASTViz for free. "CASTViz has the ability to quickly plot call detail records and tower data for lead generation and investigative purposes," the presentation reads. The document includes images of and instructions for the CASTViz software itself.

The document also explains how data requests from Mobile Virtual Network Operators (MVNOs) such as Boost Mobile are handled, explains how to obtain location data from what the FBI describes as "burner phones," and how to obtain information from OnStar, General Motors' in-vehicle system. The document also provides the cost of some of this data for law enforcement to request. The presentation provides more recent figures on how long telecoms retain data for. AT&T holds onto data such as call records, cell site, and tower dumps for 7 years. T-Mobile holds similar information for 2 years, and Verizon holds it for 1 year. The slide also shows that AT&T retains "cloud storage internet/web browsing" data for 1 year. Another section that provides an overview of the different engineering and location datasets held by telecoms and potentially available to law enforcement agencies tells officials to use some AT&T data "cautiously." "AT&T does not validate results," the presentation reads. That section also mentioned that Verizon has a "new" location tool that law enforcement agencies can use. Rich Young, a Verizon spokesperson, told Motherboard in an email that "This is a tool that our security team uses in response to lawful warrants and emergency requests. For example, this tool would be used in response to cases involving armed fugitives or missing children. As a common industry practice, the tool uses network-based cell site location information. All other major providers use a similar approach."

The Military

US Air Force Announces Plans for a Micro Nuclear Reactor in Alaska (thedrive.com) 103

This week the U.S. Air Force announced that it's chosen Alaska's Eielson Air Force Base as the site for its first "micro" nuclear reactor test program.

The Drive reports: The U.S. military, as a whole, together with the Department of Energy has been increasingly looking into micro-reactor designs as possible ways to meet ever-growing electricity demands, including for units on the battlefield, as well as to help cut costs and improve general operational efficiency by reducing reliance on fossil fuels. The base is situated deep within the interior of Alaska near the city of Fairbanks and is around 110 miles south of the Arctic Circle [and 26 miles from Fairbanks].

It is not clear exactly what the specifications might be for the reactor that is now set to be constructed at Eielson... The Air Force did say that the project in question had been initiated in response to language in the annual defense policy bill, or National Defense Authorization Act for the 2019 Fiscal Year and that the goal is for the micro-reactor to be fully operational by the end of 2027. This would seem to indicate that this reactor is the one that the Office of the Secretary of Defense's Strategic Capabilities Office is leading the development of as part of an effort known as Project Pele. The goal of that project, which started in 2019 and that you can read more about here, is to demonstrate a small reactor capable of producing between one and five megawatts of power...

In March, the Pentagon awarded contracts for prototype Project Pele reactors to X-Energy and BWX Technologies. These deals cover the continued maturation of the respective designs over the next two years, with the expectation being that a winning design will be selected afterward. The hope is that work on an actual microreactor will begin by the end of the 2022 Fiscal Year...

It is worth pointing out that 19,780 acres associated with Eielson are already designated by the U.S. Environmental Protection Agency (EPA) as a so-called "Superfund site," due to existing toxic chemical contamination related to "closed and active unlined landfills, shallow trenches where weathered tank sludge was buried, a drum storage area, and other disposal and spill areas."

Waste from the micro-reactor "will be subject to the same rigorous storage and control requirements of the commercial nuclear industry," explains an Air Force FAQ. (Though more specifically, it says that "Used fuel will be stored on-site using NRC-licensed storage casks pending a decision on the ultimate disposition of commercial spent fuel.") The FAQ also notes the reactor will not be connected to the commercial grid.

The Drive points out that currently the Air Force has just been using a fleet of diesel locomotives that bring the base trainloads of coals.
Data Storage

Audio Tape Interface Revives Microcassettes As Storage Medium (hackaday.com) 78

Zack Nelson decided to go back in time and add a suitably classic storage medium to a retrocomputing project, in the form of a cassette interface. Hackaday reports: The cassette player he had available was a Pearlcorder L400, which uses the smaller microcassette instead of the familiar audio tapes used in your Walkman or boombox. [Zack] designed the entire thing from the ground up: first he decided to use differential Manchester encoding, which provides immunity against common disturbances like speed variations (which cause wow and flutter). The data is encoded in the frequency range from 1 kHz to 2 kHz, which suits the bandwidth of the cassette player. Next, he designed the interface between the computer and the tape recorder; built from an op-amp and a comparator with a handful of discrete components, it filters the incoming signal and clips it to provide a clean digital signal to be read out directly by the computer.

The system is demonstrated by hooking it up to an Arduino Nano, which reads out the data stream at about 3000 baud. The noise it makes should bring back memories to anyone brought up with the "PRESS PLAY ON TAPE" message.

United Kingdom

Boris Johnson Strikes Deal With Bill Gates To Boost Green Technology (theguardian.com) 64

An anonymous reader quotes a report from The Guardian: The UK government has announced plans to launch a $551 million (400 million pounds) package of investment alongside the US billionaire Bill Gates to boost the development of new green technologies. Boris Johnson said the deal would help power a "green industrial revolution" and develop emerging technologies that were currently too expensive to be commercially successful but were essential to hitting the government's climate goals. Speaking at a Global Investment Summit at the Science Museum in London on Tuesday, the prime minister said the partnership would help develop UK technology related to carbon capture and storage, long-term battery life, jet zero (zero-carbon aviation) and green hydrogen technology.

"I think these are all technologies that have massive potential but are currently underinvested in, by comparison with some others," Johnson said. "We will only achieve our ambitious climate goals if we rapidly scale up new technologies in areas like green hydrogen and sustainable aviation fuels -- technologies that seemed impossible just a few years ago." The UK has already pledged at least £200m to the development of new British green technologies. Gates announced on Tuesday that he would match the commitment via Breakthrough Energy Catalyst, a coalition of private investors he leads in funding innovative approaches to tackling the climate crisis.

Businesses

Why a Former Netflix Exec Facing 7 Years in Prison for Bribery is a Cautionary Tale for Startups (businessofbusiness.com) 29

A contract with a tech giant can put a startup on the map with venture capitalists and the market at large. That's what happened for Netskope, a cloud-based data security provider. Founded in 2012, the company was able to quickly scale up and secure multiple rounds of funding -- in part because it had a top-tier customer right out of the gate: Netflix. From a report: There was just one catch to landing that deal: It had to hire the streaming company's vice president of IT operations, Michael Kail, as a consultant and an advisor, and pay him with fees and stock options. Netskope (not to be confused with the now-defunct Netscape) wasn't the only startup confronted with that proposition. At least nine firms that worked for Netflix entered into similar arrangements, according to the U.S. Justice Department. Other companies drawn into Kail's web included software, cloud-storage and analytics companies Docurated, Numerify, NetEnrich, Platfora, VistaraIT, ElasticBox, Maginatics and Sumo Logic. The shady-sounding plot was described by the government during a criminal trial earlier this year in San Jose federal court. Kail was found guilty of more than two dozen fraud and money laundering counts. At his sentencing Oct. 19, prosecutors will ask that he get a stiff punishment of seven years in prison as well as be ordered to pay fines, restitution, and forfeit a $3.3 million home in Los Gatos, California.

The former Netflix VP, who also briefly served as chief information officer at Yahoo, "leveraged his status as a leader of the IT community in Silicon Valley to subvert the trust of Netflix and others to profit at their expense," prosecutors said in a recent court filing. They added that the similar schemes are "almost certainly" common among high-level tech executives, but that in no way excuses the behavior. The startups that paid to play, and possibly many others, believed this was how Netflix did business." A disturbing element of this narrative is the unequal playing field startups are on when they negotiate with big companies. As the government suggested, the crimes also seem relatively easy for an influential executive to carry out -- especially since the founders of fledgling firms have little if any incentive to blow the whistle, and may feel they have no choice but to go along with a pay-to-play scheme. In his own memorandum to the court, requesting that he be sentenced to a year of house arrest, Kail, 49, described himself as a "global power leader, top dev ops influencer and a thought leader." He appeared to minimize the impact of the crimes, describing them as "regrettable flaws in communication and transparency," and asserting that his undisclosed business relationships were more helpful than harmful to all involved. Yet many startup founders already have ample complaints about overly-generous advisor compensation and messy cap tables, even without the added corporate bribery wrinkle.

Bitcoin

Why a Bitcoin ETF On Futures Might Not Be Such a Good Idea (bloomberg.com) 36

Tomorrow morning, the ProShare Bitcoin Strategy ETF is scheduled to begin trading. "Before you rush headlong into this market, it's important to understand that there are crucial differences" between an exchange-traded fund that's backed by actual Bitcoin and an exchange-traded fund like ProShare's that is backed by futures tied to the cryptocurrency," says Jared Dillian via Bloomberg. Here's why he says "a Bitcoin ETF on futures might not be such a good idea: The vast majority of commodity-based mutual funds and ETFs and are also backed by futures, but that's because the actual physical storage of most commodities is impractical, like with oil. Also, with almost all commodities most of the trading action and liquidity tends to happen in the futures market, not the spot market. The United States Oil Fund LP is the classic example of a commodity fund that is backed by futures. The fund earned some notoriety in 2020 when it scrambled to roll its futures contracts out the curve (in violation of its prospectus) in order to prevent the fund's bankruptcy in the event that the price of oil went negative -- which it did.

The United States Oil Fund case is an example of why a Bitcoin ETF on futures might not be such a good idea; it's impossible to predict what will happen in the futures market. But the main reason that people oppose futures-based ETFs is the cost of carry. When commodity futures are in contango, or when the price of deferred month contracts trade above front-month contracts, there is a significant cost to roll futures contracts from one month to the next, and that underperformance is passed to the investor. This has been a major complaint about commodity ETFs for years.

While commodity futures frequently trade in contango, they can also trade in backwardation, which is when deferred month contracts trade below front month contracts. In this case, investors earn a positive roll yield. Many commodity futures are trading in backwardation at the moment, although Bitcoin is in contango. There is no reason to believe that it might not one day be in backwardation. Gold is an example of a commodity where the ETFs hold the actual metal and not futures, because the storage and accounting of physical gold is fairly straightforward. So why can't a Bitcoin ETF hold actual Bitcoin? The reason is because the U.S. Securities and Exchange Commission's primary objection to physical Bitcoin funds is that the underlying market is unregulated. Well, the gold market is unregulated and we have physical gold ETFs, so what gives? The Bitcoin people are trying to figure this out.
Dillian says there should be a physical Bitcoin ETF. "The Winkelvoss twins were the first to apply for one, back in 2013, when Bitcoin was trading below $1,000 (it's now around $62,000). If their fund had been approved, it would now likely be the largest, most liquid ETF in existence, and would have provided supercharged returns to a whole generation of investors."
Books

In New Sequel to 'The Circle', Dave Eggers Satirizes Algorithms Instead of Surveillance (arstechnica.com) 29

Novelist Dave Eggers has just published a sequel to his 2013 dystopian tale of a tech company called The Circle — in which a low-tech crusader now tries to destroy the most powerful tech company in the world. Ars Technica quips that "When big tech rules all, don't say Dave Eggers didn't warn us." The Every quickly asserts itself as a logical progression from its literary forebear. Moving past simply recording everything, this world now revolves around measuring everything so that technology can spit out directions... The Every's health app tells you when to get up and jump at your desk. The Every's storage solution will digitize all your belongings as 3D-printable files so you can incinerate your waste and lower your carbon footprint. Media from The Every is driven by data-tracking technology that can tell when readers/viewers/listeners tend to abandon ship; it then tells creators how to improve...

"The Circle was more about surveillance and whether privacy is possible," said Eggers. "This is more about whether we want to exercise free will on a daily basis, or are we happier to have these algorithms feed us and free us of all these decisions and anxieties? What if there was one monopoly who promised to make you your best self so long as you basically gave up control over every decision?"

Though its themes are no laughing matter, The Every is littered with the smirk-inducing ideas you'd expect from Eggers. Each matter-of-fact aside about how life has evolved from our present day into this book's near future is a comedic dystopian gem... You don't have to go far these days to see how tech-reliant society has become; it's painfully evident that our world is quite comfortable with outsourcing decisions and plans to the algorithm. In this light, The Every isn't blazing new trails with its central themes, but few works will so reliably stop you mid-sentence or post-chapter for a moment of reflection. And that's because Eggers has a gift. Consistently, his ideas are amusing and laugh-out-loud funny, but there's also a deep sense of reality beneath them. When that clicks for you during a reading session, you arrive at the realization that the real world isn't so far behind the Every world.

Comedy can turn into horror quickly.

"The best way to hold a mirror up to the way we live now is to turn the absurdity up just a little more, and we can reflect back on how we're living now," Eggers tells Ars Technica. "Then, maybe, there's a fork in the road where we say, 'Well, we actually don't want that, if that comes to fruition, maybe we'll fight back.' That's about the only hope you can have writing something like this."

Ars Technica notes that Eggers and his publisher McSweeney's "took extra care to sell through places beyond Amazon... 'It felt like a book about the increasing saturation and reach of a monopoly was a good opportunity to make a bit of a point: We still have a choice for the time being. You can go into [a local store like] Book People and buy a book there and support the local economy as opposed to giving money to the apex predator. If we want retail diversity, we need to feed smaller operations."

The article adds that Eggers doesn't have a smartphone, and he tries to stay offline.
BSD

OpenBSD 7.0 Released (openbsd.org) 12

Long-time Slashdot reader ArchieBunker writes: Everyone's favorite security focused operating system OpenBSD released version 7.0 Thursday. In addition to the usual bug fixes and performance enhancements, support for RISC-V processors has been added.
It's 26 years old, and still chugging along. One interesting feature highlighted by Phoronix: Improving the ARM64 platform support with improved drivers for the Apple Silicon / Apple M1 but still not considered ready yet for end-users. OpenBSD 7.0 improvements on the Apple M1 include support for installing on a disk with a GPT and various Apple driver improvements for USB, GPIO, SPMI, NVMe storage, and other Apple M1 hardware components.
Also check out the 7.0 Song: "The Style Hymn" (part of an archive of all the OpenBSD release songs).
Cellphones

Pine64 Announces Updated PinePhone Pro Linux Powered Cellphone (tomshardware.com) 30

Pine64 today announced its latest Linux-powered device, the PinePhone Pro, an update to the original PinePhone which sees a more powerful device running mainline Linux (Manjaro in this case) on a mobile device that works as a cellphone and a desktop computer. Tom's Hardware reports: This combination of hardware and software makes the still slightly futuristic idea of confluence between mobile and desktop devices seem a step closer. Carry it around with you, and it's a phone. Plug it into a monitor, and it's a desktop PC. The KDE Plasma Mobile front-end adapts to the circumstances. Inside, it's much like any other phone, with a Rockchip RK3399S six-core SoC operating at 1.5GHz, 4GB of dual-channel LPDDR4 RAM, and 128GB of internal eMMC flash storage. It features a 13MP main camera sensor and a 5MP front-facing camera. There's a Micro-SD slot for expanded storage, and a six-inch 1440 x 720 IPS touchscreen. The PinePhone Pro is not a typical cell phone, rather the concept of convergence, the ability to use your phone as a computer is intriguing. Plug your PinePhone Pro into an external display and use it as a low-power desktop computer is something that has been attempted by a number of companies, including Canonical's attempt with Ubuntu Edge.

PinePhone Pro offers something that is missing from the majority of phones, privacy. A series of hardware DIP-switches, hidden under a rear cover, cut off access to the cameras, microphone, Wi-Fi 5 and Bluetooth 4.1 chips, headphone jack, and LTE modem (including GPS) should you ever need to. The layout and Pogo Pins of the new phone are identical to the original PinePhone, so all existing accessories should work. Retailing at $399, the PinePhone Pro's makers are realistic about the challenges of putting desktop Linux on a mobile device, especially in an ecosystem dominated by iOS and Android.

Hardware

Modular Framework Laptop Gets Marketplace For All Those Modules (theverge.com) 38

Framework, makers of the modular 13.5-inch Framework laptop that's designed to be easily repaired and upgraded, has launched a dedicated marketplace filled with replacement parts and upgrades for its portable computer. The Verge reports: Writing in a blog post, the company said the marketplace is currently focused on replacement parts and expansion cards, but that it hopes to add more customization modules like additional language keyboards later this year, as well as third-party and community developed modules in 2022.

The marketplace already includes a range of expansion cards for the laptop, which are designed to slot into its four modular compartments to add everything from extra storage to features like MicroSD card slots or more USB ports. There's also user upgradeable RAM and storage for sale. But the store is clearly a work in progress, and lists a host of other items like replacement CPU-equipped mainboards, keyboards, and spare parts like batteries and displays as "coming soon."

Power

Solar Panels On Half the World's Roofs Would Power the Planet (thedailybeast.com) 287

An anonymous reader quotes a report from The Conversation: Our new paper in Nature Communications presents a global assessment of how many rooftop solar panels we'd need to generate enough renewable energy for the whole world -- and where we'd need to put them. Our study is the first to provide such a detailed map of global rooftop solar potential, assessing rooftop area and sunlight cover at scales all the way from cities to continents. We found that we would only need 50 percent of the world's rooftops to be covered with solar panels in order to deliver enough electricity to meet the world's yearly needs.

We designed a program that incorporated data from over 300 million buildings and analyzed 130 million km of land -- almost the entire land surface area of the planet. This estimated how much energy could be produced from the 0.2 million km of rooftops present on that land, an area roughly the same size as the U.K. We then calculated electricity generation potentials from these rooftops by looking at their location. Generally, rooftops located in higher latitudes such as in northern Europe or Canada can vary by as much as 40% in their generation potential across the year, due to big differences in sunshine between winter and summer. Rooftops near the equator, however, usually only vary in generation potential by around 1% across the seasons, as sunshine is much more consistent. This is important because these large variations in monthly potential can have a significant impact on the reliability of solar-powered electricity in that region. That means places where sunlight is more irregular require energy storage solutions -- increasing electricity costs. Our results highlighted three potential hotspots for rooftop solar energy generation: Asia, Europe and North America.

Of these, Asia looks like the cheapest location to install panels, where -- in countries like India and China -- one kilowatt hour (kWh) of electricity, or approximately 48 hours of using your laptop, can be produced for just 0.05p. This is thanks to cheap panel manufacturing costs, as well as sunnier climates. Meanwhile, the costliest countries for implementing rooftop solar are the U.S., Japan and the U.K. Europe holds the middle ground, with average costs across the continent of around 0.096p per kWh.
The report mentions this endeavor would be "extremely expensive," and won't be a solution for some industries that require very large currents and specialized electricity delivery. However, the report concludes by saying: "If the costs of solar power continue to decrease, rooftop panels could be one of the best tools yet to decarbonize our electricity supply."
News

The Ship That Became a Bomb (newyorker.com) 67

Stranded in Yemen's war zone, a decaying supertanker has more than a million barrels of oil aboard. If -- or when -- it explodes or sinks, thousands may die. From a report: Soon, a vast, decrepit oil tanker in the Red Sea will likely sink, catch fire, or explode. The vessel, the F.S.O. Safer -- pronounced "Saffer" -- is named for a patch of desert near the city of Marib, in central Yemen, where the country's first reserves of crude oil were discovered. In 1987, the Safer was redesigned as a floating storage-and-off-loading facility, or F.S.O., becoming the terminus of a pipeline that began at the Marib oil fields and proceeded westward, across mountains and five miles of seafloor. The ship has been moored there ever since, and recently it has degraded to the verge of collapse. More than a million barrels of oil are currently stored in its tanks. The Exxon Valdez spilled about a quarter of that volume when it ran aground in Alaska, in 1989.

The Safer's problems are manifold and intertwined. It is forty-five years old -- ancient for an oil tanker. Its age would not matter so much were it being maintained properly, but it is not. In 2014, members of one of Yemen's powerful clans, the Houthis, launched a successful coup, presaging a brutal conflict that continues to this day. Before the war, the Yemeni state-run firm that owns the ship -- the Safer Exploration & Production Operations Company, or sepoc -- spent some twenty million dollars a year taking care of the vessel. Now the company can afford to make only the most rudimentary emergency repairs. More than fifty people worked on the Safer before the war; seven remain. This skeleton crew, which operates with scant provisions and no air-conditioning or ventilation below deck -- interior temperatures on the ship frequently surpass a hundred and twenty degrees -- is monitored by soldiers from the Houthi militia, which now occupies the territory where the Safer is situated. The Houthi leadership has obstructed efforts by foreign entities to inspect the ship or to siphon its oil. The risk of a disaster increases every day.

A vessel without power is known as a dead ship. The Safer died in 2017, when its steam boilers ran out of fuel. A boiler is a tanker's heart, because it generates the power and the steam needed to run vital systems. Two diesel generators on deck now provide electricity for basic needs, such as laptop charging. But crucial processes driven by the boiler system have ceased -- most notably, "inerting," in which inert gases are pumped into the tanks where the crude is stored, to neutralize flammable hydrocarbons that rise off the oil. Before inerting became a commonplace safety measure, in the nineteen-seventies, tankers blew up surprisingly often, and with lethal consequences: in December, 1969, three of them exploded within seventeen days, killing four men. Since the boilers on the Safer stopped working, the ship has been a tinderbox, vulnerable to a static-electric spark, a discharged weapon, a tossed cigarette butt. [...] The Safer is not sinking. It is not on fire. It has not exploded. It is not leaking oil. Yet the crew of the ship, and every informed observer, expects disaster to occur soon. But how soon? A year? Six months? Two weeks? Tomorrow? In May, Ahmed Kulaib, the former executive at sepoc, told me that "it could be after five minutes."

The Internet

Cloudflare Doesn't Have To Cut Off Copyright-Infringing Websites, Judge Rules (arstechnica.com) 21

An anonymous reader writes: Cloudflare is not liable for the copyright infringement of websites that use its content-delivery and security services, a federal judge ruled yesterday. Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and sellers that alleged Cloudflare was guilty of contributory copyright infringement because it didn't terminate services for websites that infringed on the dressmakers' copyrighted designs. The companies sought a jury trial, but Judge Vince Chhabria yesterday granted Cloudflare's motion for summary judgment in a ruling (PDF) in US District Court for the Northern District of California. Chhabria noted that the dressmakers have been harmed "by the proliferation of counterfeit retailers that sell knock-off dresses using the plaintiffs' copyrighted images," and that they have "gone after the infringers in a range of actions, but to no avail -- every time a website is successfully shut down, a new one takes its place." [...] While the ruling resolves the lawsuit's central question in Cloudflare's favor, the judge scheduled a case management conference for October 27 "to discuss what's left of the case."

A defendant is liable for contributory copyright infringement if it has knowledge of another's infringement and materially contributes to or induces that infringement, the judge noted in his ruling against the dressmakers. "Simply providing services to a copyright infringer does not qualify as a 'material contribution,'" he wrote. "Rather, liability in the Internet context follows where a party 'facilitate[s] access' to infringing websites in such a way that 'significantly magnif[ies]' the underlying infringement." Although a defendant can be found to materially contribute to copyright infringement if it acts as "an essential step in the infringement process," this should not be interpreted too broadly, the judge wrote. "As the Ninth Circuit has recognized, the language used in these tests is 'quite broad' and could encompass much innocuous activity if considered out of context. An analysis of contributory copyright infringement must therefore be cognizant of the facts in the key cases in which liability has been found," Chhabria wrote.

Mon Cheri Bridals and Maggie Sottero Designs alleged that Cloudflare contributes to copyright infringement by providing performance-improvement services, including its content-distribution network and caching capabilities that improve the quality of webpages and make them load faster, Chhabria wrote. But the "plaintiffs have not presented evidence from which a jury could conclude that Cloudflare's performance-improvement services materially contribute to copyright infringement. The plaintiffs' only evidence of the effects of these services is promotional material from Cloudflare's website touting the benefits of its services. These general statements do not speak to the effects of Cloudflare on the direct infringement at issue here." The plaintiffs did not prove that the faster website-load times enabled by Cloudflare "would be likely to lead to significantly more infringement." Additionally, Cloudflare removing infringing material from its cache would not prevent users from seeing the copyrighted images. "[R]emoving material from a cache without removing it from the hosting server would not prevent the direct infringement from occurring," Chhabria wrote.

Data Storage

Scientists Have Successfully Recorded Data To DNA In a Few Short Minutes (interestingengineering.com) 29

Researchers at Northwestern University have devised a new method for recording information to DNA that takes minutes rather than hours or days. Interesting Engineering reports: The researchers utilized a novel enzymatic system to synthesize DNA that records rapidly changing environmental signals straight into its sequences, and this method could revolutionize how scientists examine and record neurons inside the brain. To record intracellular molecular and digital data to DNA, scientists currently rely on multipart processes that combine new information with existing DNA sequences. This means that, for an accurate recording, they must stimulate and repress the expression of specific proteins, which can take over 10 hours to complete.

The new study's researchers hypothesized they could make this process faster by utilizing a new method they call "Time-sensitive Untemplated Recording using Tdt for Local Environmental Signals," or TURTLES. This way, they would synthesize completely new DNA rather than copying a template of it. The method enabled the data to be recorded into the genetic code in a matter of minutes. "Nature is good at copying DNA, but we really wanted to be able to write DNA from scratch," Northwestern engineering professor Keith E.J. Tyo, the paper's senior author, said, in the press release. "The ex vivo (outside the body) way to do this involves a slow, chemical synthesis. Our method is much cheaper to write information because the enzyme that synthesizes the DNA can be directly manipulated. State-of-the-art intracellular recordings are even slower because they require the mechanical steps of protein expression in response to signals, as opposed to our enzymes which are all expressed ahead of time and can continuously store information."

Facebook

Oculus Quest Becomes a Paperweight When Facebook Goes Down (vrfocus.com) 79

When Facebook went down yesterday for nearly six hours, so did Oculus' services. Since Facebook owns VR headset maker Oculus, and controversially requires Oculus Quest users to log in with a Facebook account, many Quest owners reported not being able to load their Oculus libraries. "[A]nd those who just took a Quest 2 out of the box have reported that they're unable to complete the initial setup," adds PCGamer. As VRFocus points out, "the issue has raised another important question relating to Oculus' services being so closely linked with a Facebook account, your Oculus Quest/Quest 2 is essentially bricked until services resume." From the report: This vividly highlights the problem with having to connect to Facebook's services to gain access to apps -- the WiFi connection was fine. Even all the ones downloaded and taking up actual storage space didn't show up. It's why some VR fans began boycotting the company when it made all mandatory that all Oculus Quest 2's had to be affiliated with a Facebook account. If you want to unlink your Facebook account from Oculus Quest and don't want to pay extra for that ability, you're in luck thanks to a sideloadable tool called "Oculess." From an UploadVR article published earlier today: You still need a Facebook account to set up the device in the first place and you need to give Facebook a phone number or card details to sideload, but after that you could use Oculess to forgo Facebook entirely -- just remember to never factory reset. The catch is you'll lose access to Oculus Store apps because the entitlement check used upon launching them will no longer function. System apps like Oculus TV and Browser will also no longer launch, and casting won't work. You can still sideload hundreds of apps from SideQuest though, and if you want to keep browsing the web in VR you can sideload Firefox Reality. You can still use Oculus Link to play PC VR content, but only if you stay signed into Facebook on the Oculus PC app. Virtual Desktop won't work because it's a store app, but you can sideload free alternatives such as ALVR.

To use Oculess, just download it from GitHub and sideload it using SideQuest or Oculus Developer Hub, then launch it from inside VR. If your Quest isn't already in developer mode or you don't know how to sideload you can follow our guide here.

Bug

Researcher Refuses Telegram's Bounty Award, Discloses Auto-Delete Bug (arstechnica.com) 6

An anonymous reader quotes a report from Ars Technica: Telegram patched another image self-destruction bug in its app earlier this year. This flaw was a different issue from the one reported in 2019. But the researcher who reported the bug isn't pleased with Telegram's months-long turnaround time -- and an offered $1,159 bounty award in exchange for his silence. In February 2021, Telegram introduced a set of such auto-deletion features in its 2.6 release: Set messages to auto-delete for everyone 24 hours or 7 days after sending; Control auto-delete settings in any of your chats, as well as in groups and channels where you are an admin; and To enable auto-delete, right-click on the chat in the chat list > Clear History > Enable Auto-Delete. But in a few days, mononymous researcher Dmitrii discovered a concerning flaw in how the Telegram Android app had implemented self-destruction.

Messages that should be auto-deleted from participants in private and private group chats were only 'deleted' visually [in the messaging window], but in reality, picture messages remained on the device [in] the cache," the researcher wrote in a roughly translated blog post published last week. Tracked as CVE-2021-41861, the flaw is rather simple. In the Telegram Android app versions 7.5.0 to 7.8.0, self-destructed images remain on the device in the /Storage/Emulated/0/Telegram/Telegram Image directory after approximately two to four uses of the self-destruct feature. But the UI appears to indicate to the user that the media was properly destroyed.

But for a simple bug like this, it wasn't easy to get Telegram's attention, Dmitrii explained. The researcher contacted Telegram in early March. And after a series of emails and text correspondence between the researcher and Telegram spanning months, the company reached out to Dmitrii in September, finally confirming the existence of the bug and collaborating with the researcher during beta testing. For his efforts, Dmitrii was offered a $1,159 bug bounty reward. Since then, the researcher claims he has been ghosted by Telegram, which has given no response and no reward. "I have not received the promised reward from Telegram in [$1,159] or any other," he wrote.

Cellphones

Fairphone's Latest Sustainable Smartphone Comes With a Five-Year Warranty (theverge.com) 65

New submitter thegreatnick writes: The next generation of Fairphone -- an attempt to make an ethical smartphone -- has been announced with the Fairphone 4. The base specs include a Qualcomm Snapdragon 750G SoC, 6GB of RAM, and 128GB of storage (upgradeable to 8GB and 256GB). On the front, you'll get a 6.3-inch, 2340x1080 LCD display with slimmer bezels (compared to the Fairphone 3 design) and a teardrop notch for the 25-megapixel front camera. The 3,905mAh battery is Qualcomm Quick Charge 4.1 compatible, so if you have a compatible USB-C charger (not included in the box to reduce waste) you can take the battery from 0-50% in 30 minutes. The phone ships with Android 11 and has a side-mounted fingerprint reader in the power button, a MicroSD slot, and the option for dual-SIM usage via one physical nanoSIM and an eSIM.

Continuing Fairphone's progress in making a "fair" supply chain -- both ethically-clean raw materials and paying workers a fair wage -- it also describes the 4 as "e-waste neutral." This is a neat way of summing up the idea that the company will recycle one device for every Fairphone 4 it sells. In addition, Fairphone can boast that it now uses 70% "fair" materials inside the handset, including FairTrade Gold and Silver, aluminum from ASI-certified vendors, and a backplate made from 100% post-consumer recycled polycarbonate. In an upgrade to previous models, the Fairphone 4 has dual cameras, though it loses the headphone jack. The company says this was to achieve an IP54 waterproof rating (light splashes) -- a first for the Fairphone brand. It's also been announced that it will come with an industry-leading 5-year warranty and aims to get 6 years of software updates for the phone.

Data Storage

Cloudflare To Enter Infrastructure Services Market With New R2 Storage Product (techcrunch.com) 19

Cloudflare, which has a network of data centers in 250 locations around the world, announced its first dalliance with infrastructure services today, an upcoming cloud storage offering called R2. From a report: Company co-founder and CEO Matthew Prince says that the idea for moving into storage as a service came from the same place as other ideas the company has turned into products. It was something they needed in-house and that led to them building it for themselves, before offering it to customers too. "When we build products, the reason that we end up building them is usually because we need them ourselves," Prince told me. He said that the storage component grew out of the need to store object components like images on the company's network. Once they built it, and they looked around at the cloud storage landscape, they decided that it would make sense to offer it as a product to customers too. [...] The R2 name is a little swipe at Amazon's S3 storage product and obviously a play on the name. The difference, according to Prince, is that they have found a way to reduce storage costs by up to 10% by eliminating egress fees. Cloudflare plans to price storage at $0.015 per GB of data stored per month. That compares with S3 pricing that starts at $0.023 per GB for the first 50 TB per month. Ben Thompson, writing at Stratechery: The reason that Cloudflare can pull this off is the same reason why S3's margins are so extraordinary: bandwidth is a fixed cost, not a marginal one. To take the most simplified example possible, if I were to have two computers connected by a cable, the cost of bandwidth is however much I paid for the cable; once connected I can transmit as much data I would like for free -- in either direction.

That's not quite right, of course: I am constrained by the capacity of the cable; to support more data transfer I would have to install a higher capacity cable, or more of them. What, though, if I already had built a worldwide network of cables for my initial core business of protecting websites from distributed denial-of-service attacks and offering a content delivery network, the value of which was such that ISPs everywhere gave me space in their facilities to place my servers? Well, then I would have massive amounts of bandwidth already in place, the use of which has zero marginal costs, and oh-by-the-way locations close to end users to stick a whole bunch of hard drives.

In other words, I would be Cloudflare: I would charge marginal rates for my actual marginal costs (storage, and some as-yet-undetermined-but-promised-to-be-lower-than-S3 rate for operations), and give away my zero marginal cost product for free. S3's margin is R2's opportunity.

Earth

Natural-gas Prices Are Spiking Around the World (economist.com) 135

Across the world, a natural-gas shortage is starting to bite. Prices of power in Germany and France have soared by around 40% in the past two weeks. In many countries, including Britain and Spain, governments are rushing through emergency measures to protect consumers. Economist: Factories are being temporarily switched off, from aluminium smelters in Mexico to fertiliser plants in Britain. Markets are frantic. One trader says it is like the global financial crisis for commodities. Even in America, the world's biggest natural-gas producer, lobby groups are calling on the government to limit exports of liquefied natural gas (LNG), the price of which has climbed to $25 per million British thermal units (mBTU), up by two-thirds in the past month. In one sense the crisis has fiendishly complex causes, with a mosaic of factors from geopolitics to precautionary hoarding in Asia sending prices higher. Viewed from a different perspective, however, its causes are simple: an energy market with only thin safety buffers has become acutely sensitive to disruptions. And subdued investment in fossil fuels may mean higher volatility is here to stay.

The shortfall has taken almost everyone by surprise. In 2019 there was plenty of gas on the international market, thanks to new LNG plants coming online in America (see chart). When the covid pandemic struck and lockdown constrained demand, much of the excess gas went into storage in Europe. That came in handy last winter, which was particularly cold in northern Asia and Europe. The freeze pushed up demand for heating. In Asia gas prices quadrupled in three months. Buyers, such as national gas companies, looked to the LNG market to fill out supply. Many Europe-destined cargoes were diverted to Asia. Europe, by contrast, drew down on its reserves. Prices there only inched up. This year odd weather has featured again. A hot summer has added to booming gas demand in Asia. The region accounts for almost three-quarters of global LNG imports, according to AllianceBernstein, a financial firm.

Wireless Networking

Ring Puts An Eero Router Inside Its New Home Alarm System (engadget.com) 28

Eero and Ring -- two Amazon-owned companies -- have teamed up to produce a home security system that incorporates an Eero router inside. Engadget reports: Ring COO Mike Harris said that the decision to work with Eero was not one foisted down from upon high by Amazon. Instead, Harris said that both companies saw the opportunity to work together to help leverage their individual skills in tandem. To take advantage of the technology, you'll need to sign up to Ring's new subscription product, dubbed Protect Pro. The package offers cloud video storage, professional monitoring, Alexa Guard Plus, 24/7 backup internet for your security devices (via an LTE module in the Ring Pro base station) and Eero's cybersecurity subscription product for network protection. This, at least in the US as it launches, will set you back $20 a month, or $200 per year per location up front.

At the same time, Ring is launching a system dubbed "Virtual Security Guard," which connects users to third-party security guards. You'll need to pay for that separately, but you can hand over access to select Ring camera feeds to those companies who can keep a watch over your property. It is only when motion is detected that an operator can access your feed, and can speak to whoever is there to determine their intentions. Ring adds that third parties can't view motion events when the camera is disarmed, and can't download, share or save the clips of what's going on in your front yard. The first company to sign up for the program is Rapid Response, with others expected to join in the near future.
The Virtual Security Guard service will require you to apply for early access, but the Ring Alarm Pro can be pre-ordered today for $250. (Since this isn't a Slashvertisement, we won't include a link to the product; you'll have to search for it yourself. Sorry not sorry.)

Slashdot Top Deals