"But they knew in their hearts that once science had declared a thing possible, there was no escape from its eventual realization..."
25790 stories
·
16 followers

Google ordered to open up the Play Store in Epic Games antitrust ruling

1 Share

Google has to open up the Play Store. On Monday, US District Judge James Donato issued a permanent injunction forcing the company to open its storefront to competitors for three years and make Android apps available in alternate stores. The ruling stems from Google’s four-year antitrust battle with Epic Games. Google said on Monday it will appeal the injunction, highlighting its competition with Apple and potential security concerns.

As part of the ruling, Google must allow third-party app stores access to the Google Play library. In addition, CNBC reports that the company has to make those alternate app stores available for download in the Play Store. Google also can’t make deals (using fees or revenue sharing) to launch apps exclusively on Google Play or preinstall its store on new hardware.

Billing changes will also emerge from the injunction. Google can’t require developers to use its own billing system. Nor can it stop devs from notifying users about less expensive payment options.

CNBC reports that a three-person committee will monitor Google’s compliance and technical issues stemming from the ruling. Google and Epic will form the committee.

When reached for comment by Engadget, a Google spokesperson pointed to a blog post explaining why it will appeal. Google VP of Regulatory Affairs Lee-Anne Mulholland wrote that the company’s competition with Apple helps to negate antitrust concerns. “The decision fails to take into account that Android is an open platform and developers have always had many options in how to distribute their apps,” Mulholland wrote. “In fact, most Android devices come preloaded with two or more app stores right out of the box.”

“For example, Epic Games has made its popular Fortnite app available to Android users through the Samsung Galaxy Store, sideloading, and the Epic Games Store — all while Fortnite was not distributed through Google Play,” Google’s Regulatory Affairs VP wrote. “These are options that developers have never been able to offer to their American users on iPhones.”

In December, a jury found Google’s Play Store to violate US antitrust laws. The unanimous verdict stated that the company held an illegal monopoly on app distribution and in-app billing for Android devices. It also ruled that its deals with other gaming companies and device manufacturers were anti-competitive. 

In April, Epic listed a proposed permanent injunction that largely matches Donato’s decision today. For its part, Google said at the time Epic’s demands went too far and were too self-serving.

The ruling went in a very different direction from a similar one Epic filed against Apple, which the Fortnite maker mostly lost. CNBC notes that a jury decided Google’s trial, while the fate of Apple’s suit fell into the hands of a judge.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/google-has-to-open-up-the-play-store-in-epic-games-antitrust-ruling-195239228.html?src=rss



Read the whole story
zipcube
9 hours ago
reply
Dallas, Texas
Share this story
Delete

Oklahoma's Push for Bibles in Schools Comes With a Trump-Sized Price Tag

1 Share
An illustration of Bibles with red price tags | Illustration: Lex Villena; Novichok654, Natis76 | Dreamstime.com

Former President Donald Trump's various financial ventures are rolling out faster than most casual observers can track, from relaunching $99 NFTs and debuting a new cryptocurrency platform to hawking six-figure watches. Trump's holiest hustle is the $60 "God Bless the USA" Bible, complete with the U.S. Constitution, the Bill of Rights, the Declaration of Independence, and the Pledge of Allegiance.

About 1,300 miles from Mar-a-Lago, Oklahoma State Superintendent of Public Instruction and Trump loyalist Ryan Waters has been pushing biblical education in public schools. The Republican—and self-proclaimed "lifelong advocate of improving Oklahoma's education system"—declared in June that "every teacher, every classroom in the state will have a Bible…and will be teaching from the Bible in the classroom." This was followed by a memo stating: "Effective immediately, all Oklahoma schools are required to incorporate the Bible, which includes the Ten Commandments, as an instructional support into the curriculum….Immediate and strict compliance is expected."

Walters has a history of injecting right-wing cultural politics into the public schools. In January, he drew bipartisan criticism for appointing Chaya Raichik—a 29-year-old former Brooklyn real estate agent who lives in Los Angeles, does not have children (in Oklahoma schools or any other schools), and spends her time harassing LGBTQ people from her LibsofTikTok X account—to the State Library Advisory Committee. In September 2023, Walters announced a partnership with PragerU, which is not a school but a conservative nonprofit media organization, boasting to a crowd in Tulsa: "We are continuing that MAGA agenda….We're gonna have PragerU in every school."

At September's Oklahoma State Board of Education meeting, Walters requested an additional $3 million (for a total of $6 million) to purchase New King James Version Bibles. But when bids opened last week for 55,000 bibles, the specs had changed. According to the request for proposal (RFP), "only the King James Version" qualifies, and it "must include copies of The United States Pledge of Allegiance, The U.S. Declaration of Independence, The U.S. Constitution, and The U.S. Bill of Rights." Oh, and the Bible "must be bound in leather or leather-like material."

The Oklahoman reported on Friday, that none of the 2,900 Bibles carried by Mardel Christian Bookstore meet Walters' qualifications. But the Trump-endorsed "God Bless the USA" Bible fits the bill like a grift-lined glove. A second Bible that fits the RFP was also identified: the We the People Bible, endorsed by Donald Trump Jr., available for $90.

Beyond the obvious church-state issues, which are already working their way through the courts, there is some murky math here. The author and YouTuber Hemant Mehta (known online as the Friendly Atheist) has tracked Walters for years; he points out that the superintendent's request for $6 million to buy 55,000 Bibles breaks down to about $140 per Bible. (Oklahoma has only about 43,000 classroom teachers.)

"Walters thinks he has come up with a neutral way to send Trump his share of over $3 million of taxpayer money," Mehta said on YouTube. "And we know that because the requirements…make no sense financially or academically….The only way Walters could be more clear about what he wanted to do is if he demanded every copy of this Bible had a giant 'T' on the front cover, and even then he would say, 'No, this has nothing to do with Trump, that's just a cross.'"

Former Oklahoma Attorney General Drew Edmondson suspects that the RFP may violate state law. "It appears to me that this bid is anything but competitive," Edmondson told The Oklahoman. "The special binding and inclusion of government documents will exclude almost all bidders. If the bid specs exclude most bidders unnecessarily, I could consider that a violation."

It is unclear whether Oklahoma's current attorney general, Gentner Drummond, shares these concerns. But at least two dozen Oklahoma House Republicans have signed onto a letter calling for an investigation into Walters. The letter from state Rep. Mark McBride (R–Moore)—a professing Christian as well as the chair of the Subcommittee on Education—outlined several specific concerns, including Walters' failing to follow orders regarding public money for school security, and his refusal to provide information about how he was spending taxpayer dollars for his office's travel budget.

"To me, it's almost scary [that] he thinks that he has the power that he does," McBride told the Oklahoma City NBC affiliate KFOR. "It's just tyranny….I don't necessarily have a total disagreement in everything he does, it's just the way he goes about it. And the way the people around him talk to legislators, the press, the public, and the demeaning nature of what they do."

Walters didn't want the media to have access to the meeting where he made this budget request. In September, KFOR and the Institute for Free Speech filed a motion against Walters and his press secretary, Dan Isett, noting that "journalists have been refused access to public State Board of Education meetings." A judge granted a temporary restraining order allowing members of the press to be present for the meeting.

Vendors have until Monday, October 14, to respond to the RFP with their bids.

The post Oklahoma's Push for Bibles in Schools Comes With a Trump-Sized Price Tag appeared first on Reason.com.

Read the whole story
zipcube
13 hours ago
reply
Dallas, Texas
Share this story
Delete

Turning Everyday Gadgets into Bombs is a Bad Idea

1 Comment and 4 Shares

I think turning everyday gadgets into bombs is a bad idea. However, recent news coverage has been framing the weaponization of pagers and radios in the Middle East as something we do not need to concern ourselves with because “we” are safe.

I respectfully disagree. Our militaries wear uniforms, and our weapons of war are clearly marked as such because our societies operate on trust. As long as we don’t see uniformed soldiers marching through our streets, we can assume that the front lines of armed conflict are far from home. When enemies violate that trust, we call it terrorism, because we no longer feel safe around everyday people and objects.

The reason we don’t see exploding battery attacks more often is not because it’s technically hard, it’s because the erosion of public trust in everyday things isn’t worth it. The current discourse around the potential reach of such explosive devices is clouded by the assumption that it’s technically difficult to implement and thus unlikely to find its way to our front door.

That assumption is wrong. It is both surprisingly easy to do, and could be nearly impossible to detect. After I read about the attack, it took half an hour to combine fairly common supply chain knowledge with Wikipedia queries to propose the mechanism detailed below.

Why It’s Not Hard

Lithium pouch batteries are ubiquitous. They are produced in enormous volumes by countless factories around the world. Small laboratories in universities regularly build them in efforts to improve their capacity and longevity. One can purchase all the tools to produce batteries in R&D quantities for a surprisingly small amount of capital, on the order of $50,000. This is a good thing: more people researching batteries means more ideas to make our gadgets last longer, while getting us closer to our green energy objectives even faster.

Above is a screenshot I took today of search results on Alibaba for “pouch cell production line”.

The process to build such batteries is well understood and documented. Here is an excerpt from one vendor’s site promising to sell the equipment to build batteries in limited quantities (tens-to-hundreds per batch) for as little as $15,000:

Pouch cells are made by laying cathode and anode foils between a polymer separator that is folded many times:

Above from “High-resolution Interferometric Measurement of Thickness Change on a Lithium-Ion Pouch Battery” by Gunther Bohn, DOI:10.1088/1755-1315/281/1/012030, CC BY 3.0

The stacking process automated, where a machine takes alternating layers of cathode and anode material (shown as bare copper in the demo below) and wraps them in separator material:

There’s numerous videos on Youtube showing how this is done, here’s a couple of videos to get you started if you are curious.

After stacking, the assembly is laminated into an aluminum foil pouch, which is then trimmed and marked into the final lithium pouch format:

Above is a cell I had custom-fabricated for a product I make, the Precursor. It probably has about 10-15 layers inside, and it costs a few thousand dollars and a few weeks to get a thousand of these made. Point is, making custom pouch batteries isn’t rocket science – there’s a whole bunch of people who know how to do it, and a whole industry behind it.

Reports indicate the explosive payload in the cells is made of PETN. I can’t comment on how credible this is, but let’s assume for now that it’s accurate. I’m not an expert in organic chemistry or explosives, but a read-through the Wikipedia page indicates that it’s a fairly stable molecule, and it can be incorporated with plasticizers to create plastic explosives. Presumably, it can be mixed with binders to create a screen-printed sheet, and passivated if needed to make it electrically insulating. The pattern of the screen printing may be constructed to additionally create a shaped-charge effect, increasing the “bang for the buck” by concentrating the shock wave in an area, effectively turning the case around the device into a small fragmentation grenade.

Such a sheet could be inserted into the battery fold-and-stack process, after the first fold is made (or, with some effort, perhaps PETN could be incorporated into the spacer polymer itself – but let’s assume for now it’s just a drop-in sheet, which is easy to execute and likely effective). This would have the effect of making one of the cathode/anode pairs inactive, reducing the battery capacity, but only by a small amount: only one layer out of at least 10 layers is affected, thus reducing capacity by 10% or less. This may be well within the manufacturing tolerance of an inexpensive battery pack; alternatively, the cell could have an extra layer added to it to compensate for the capacity loss, with a very minor increase in the pack height (0.2mm or so, about the thickness of a sheet of paper – within the “swelling tolerance” of a battery pack).

Why It Could Be Hard to Detect

Once folded into the core of the battery, it is sealed in an aluminum pouch. If the manufacturing process carefully isolates the folding line from the laminating line, and/or rinses the outside of the pouch with acetone to dissolve away any PETN residue prior to marking, no explosive residue can escape the pouch, thus defeating swabs that look for chemical residue. It may also well evade methods such as X-Ray fluorescence (because the elements that compose the battery, separator and PETN are too similar and too light to be detected), and through-case methods like SORS (Spatially Offset Raman Spectroscopy) would likely be defeated by the multi-layer copper laminate structure of the battery itself blocking light from probing the inner layers.

Thus, I would posit that a lithium battery constructed with a PETN layer inside is largely undetectable: no visual inspection can see it, and no surface analytical method can detect it. I don’t know off-hand of a low-cost, high-throughput X-ray method that could detect it. A high-end CT machine could pick out the PETN layer, but it’d cost around a million dollars for one machine and scan times are around a half hour – not practical for i.e. airport security or high throughput customs screening. Electrical tests of capacity and impedance through electromechanical impedance spectroscopy (EIS) may struggle to differentiate a tampered battery from good batteries, especially if the battery was specifically engineered to fool such tests. An ultrasound test might be able to detect an extra layer, but it would require the battery to placed in intimate contact with an ultrasound scanner for screening. I also think that that PETN could be incorporated into the spacer polymer film itself, which would defeat even CT scanners (but may leave a detectable EIS fingerprint). Then again, this is just what I’m coming up with stream-of-consciousness: presumably an adversary with a staff of engineers and months of time could figure out numerous methods more clever than what I came up with shooting from the hip.

Detonating the PETN is a bit more tricky; without a detonator, PETN may conflagrate (burn fast), instead of detonating (and creating the much more damaging shock wave). However, the Wikipedia page notes that an electric spark with an energy in the range of 10-60 mJ is sufficient to initiate detonation.

Based on an available descriptions of the devices “getting hot” prior to detonation, one might suppose that detonation is initiated by a trigger-circuit shorting out the battery pack, causing the internal polymer spacers to melt, and eventually the cathode/anode pairs coming into contact, creating a spark. Such a spark may furthermore be guaranteed across the PETN sheet by introducing a small defect – such as a slight dimple – in the surrounding cathode/anode layers. Once the pack gets to the melting point of the spacers, the dimpled region is likely to connect, leading to a spark that then detonates the PETN layer sandwiched in between the cathode and anode layers.

But where do you hide this trigger-circuit?

It turns out that almost every lithium polymer pack has a small circuit board embedded in it called the PCM or “protection circuit module”. It contains a microcontroller, often in a “TSSOP-8” package, and at least one or more large transistors capable of handling the current capacity of the battery.

I’ve noted where the protection circuit is on my custom battery pack with a blue arrow. No electronics are visible because the circuit is folded over to protect the electronics from damage.

And above is a selection of three pouch cells that happen to have readily visible protection circuitry. The PCM is the thin green circuit board on the right hand side, covered in protective yellow tape. One take-away from this image is the diversity inherent in PCM modules: in fact, vendors may switch out PCM modules for functionally equivalent ones depending on component availability constraints.


Normally, the protection circuit has a simple job: sample the current flow and voltage of the pack, and if these go outside of a pre-defined range, turn off the flow of current.

Above: Example of a protection circuit inside a pouch battery. U1 is the controller IC, while U2 and U3 are two separate transistors employed to block current flow in both directions. One of these transistors can be repurposed to short across the battery while still leaving one transistor for protection use (able to block current flow in one direction). Thus the cell is still partially protected despite having a trigger circuit, defeating attempts to detect a modified circuit by simply counting the number of components on the circuit board, or by doing a simple short-circuit or overvoltage test.

A small re-wiring of traces on the protection circuit board gives you a circuit that instead of protecting the battery from out-of range conditions, turns it into a detonator for the PETN layer. One of the transistors that is normally used to cut the flow of electricity is instead wired across the terminals of the battery, allowing for a selective short circuit that can lead to the melting of the spacer layers, ultimately leading to a spark between the dimpled anode/cathode layers and thus detonation of the PETN.

The trigger itself may come via a “third wire” that is typically present on battery packs: the NTC temperature sensor. Many packs contain a safety feature where a nominally 10k resistor is provided to ground that has a so-called “negative temperature coefficient”, i.e., a resistance that changes in a well-characterized fashion with respect to temperature. By measuring the resistance, an external controller can detect if the pack is overheating, and disconnect it to prevent further damage.

However, the NTC can also be used as a one-wire communication bus: the controller IC on the protection circuit can readily sample the voltage on the NTC wire. Normally, the NTC has some constant positive bias applied to it; but if the NTC is connected to ground in a unique pattern, that can serve as a coded trigger to detonate.

The entirety of such a circuit could conceivably be implemented using an off-the-shelf microcontroller, such as the Microchip/Atmel Attiny 85/V, a TSSOP-8 device that would look perfectly at-home on a battery protection PCB, yet contains an on-board oscillator and sufficient code space such that it could decode a trigger pattern.

If the battery charger is integrated into the main MCU – which it often is in highly cost-reduced products such as pagers and walkie-talkies – the trigger sequence can be delivered to the battery with no detectable modification to the target device. Every circuit trace and component would be where it’s supposed to be, and the MCU would be an authentic, stock MCU.

The only difference is in the code: in addition to mapping a GPIO to an analog input to sample the NTC, the firmware would be modified to convert the GPIO into an output at “trigger time” which would pull the NTC to ground in the correct sequence to trigger the battery to explode. Note that this kind of flexibility of pin function is quite typical for modern microcontrollers.

Technical Summary

Thus, one could conceivably create a supply chain attack to put exploding batteries into everyday devices that is undetectable: the main control board is entirely unmodified; only a firmware change is needed to incorporate the trigger. It would pass every visual and electrical inspection.

The only component that has to be swapped out is the lithium pouch battery, which itself can be constructed for an investment as small as $15,000 in equipment (of course you’d need a specialist to operate the equipment, but pouch cells are ubiquitous enough that it would not be surprising to find a line at any university doing green-energy research). The lithium pouch cell itself can be constructed with an explosive layer that I hypothesize would be undetectable to most common analytical methods, and the detonator trigger can be constructed so that it is visually and mostly electrically indistinguishable from the protection circuit module that would be included on a stock lithium pouch battery, using only common, off-the-shelf components. Of course, if the adversary has the budget to make a custom chip, they could make the entire protection circuit perfectly indistinguishable to most forms of non-destructive inspection.

How To Attack a Supply Chain

Insofar as how one can get such cells and firmware updates into the supply chain – see any of my prior talks about the vulnerability of hardware supply chains to attack. For example: this talk which I gave in Israel in 2019 at the BlueHat event, outlining the numerous attack surfaces and porosity of modern hardware supply chains.

Above is a cartoon sketch of a supply chain. Getting fake components into the supply chain is easier than you might think. As a manufacturer of hardware, I have to deal with fake components all the time. This is especially true for batteries – most popular consumer electronic devices already have a healthy gray market for replacement batteries. These are batteries that look the same as OEM batteries and fetch an OEM price, but are made with sub-par components.

Aside from taking advantage of gray and secondary markets, there are multiple opportunities along the route from the factory to you to tamper with goods – from the customs inspector, to the courier.

But you don’t even have to go so far as offering anyone a bribe or being a state-level agency to get tampered batteries into a supply chain. Anyone can buy a bunch of items from Amazon, swap out the batteries, restore the packaging and seals, and return the goods to the warehouse (and yes, there is already a whole industry devoted to copying packaging and security seals for the purpose of warranty fraud). The perpetrator will be long-gone by the time the device is resold. Depending on the objective of the campaign, no further targeting may be necessary – just reports of dozens of devices simultaneously detonating in your home town may be sufficient to achieve a nefarious objective.

Note that such a “reverse-logistics injection attack” works even if you on-shore all your factories, and tariff the hell out of everyone else. Any “tourist” with a suitcase is all it takes.

Pandora’s Box is Open

Not all things that could exist should exist, and some ideas are better left unimplemented. Technology alone has no ethics: the difference between a patch and an exploit is the method in which a technology is disclosed. Exploding batteries have probably been conceived of and tested by spy agencies around the world, but never deployed en masse because while it may achieve a tactical win, it is too easy for weaker adversaries to copy the idea and justify its re-deployment in an asymmetric and devastating retaliation.

However, now that I’ve seen it executed, I am left with the terrifying realization that not only is it feasible, it’s relatively easy for any modestly-funded entity to implement. Not just our allies can do this – a wide cast of adversaries have this capability in their reach, from nation-states to cartels and gangs, to shady copycat battery factories just looking for a big payday (if chemical suppliers can moonlight in illicit drugs, what stops battery factories from dealing in bespoke munitions?). Bottom line is: we should approach the public policy debate around this assuming that someday, we could be victims of exploding batteries, too. Turning everyday objects into fragmentation grenades should be a crime, as it blurs the line between civilian and military technologies.

I fear that if we do not universally and swiftly condemn the practice of turning everyday gadgets into bombs, we risk legitimizing a military technology that can literally bring the front line of every conflict into your pocket, purse or home.

Read the whole story
zipcube
13 hours ago
reply
Dallas, Texas
Share this story
Delete
1 public comment
ScottInPDX
9 days ago
reply
"I fear that if we do not universally and swiftly condemn the practice of turning everyday gadgets into bombs, we risk legitimizing a military technology that can literally bring the front line of every conflict into your pocket, purse or home."

That's the last line, and spent the rest of the article explaining exactly how to do this. I'm already dreading when this happens again.
Portland, Oregon, USA, Earth

Data breach leaks SSNs of over 230,000 Comcast customers

1 Share
Illustration of a computer screen with a blue exclamation point on it and an error box.
Photo by Amelia Holowaty Krales / The Verge

A data breach has exposed the names, addresses, social security numbers, and birthdates of more than 237,700 Comcast customers. The breach stems from a security incident at Financial Business and Consumer Solutions (FBCS), a debt collection agency Comcast previously used, according to a filing with the state of Maine on Friday, as reported by BleepingComputer and TechCrunch.

FBCS revealed that it had suffered a breach in February, exposing the sensitive information of more than 4.2 million people. FBCS informed Comcast in July that its customer data had been affected, saying an “unauthorized party downloaded data from FBCS systems and encrypted some systems as part of a ransomware attack.”

Breach Information:

Total number of persons affected (including residents): 237,703

Total number of Maine residents affected: 22

Date(s) Breach Occurred: February 14, 2024

Date Breach Discovered: July 17, 2024

Description of the Breach: External system breach (hacking)

Comcast says the data included in the breach “dates from around 2021” and that it stopped using FBCS’s services in 2020. Truist Bank also revealed that some of its customers were impacted by the FBCS breach. Comcast is providing identity theft protection and credit monitoring services to customers affected by the leak.

Last December, Comcast disclosed a massive data breach impacting more than 35 million people, including names, contact information, partial social security numbers, and birth dates.

Read the whole story
zipcube
13 hours ago
reply
Dallas, Texas
Share this story
Delete

OpenAI’s Canvas can translate code between languages with a click

1 Share

On Thursday, OpenAI unveiled Canvas, a new interface for ChatGPT designed to enhance collaboration on writing and coding projects. The feature bears similarities to a feature called Artifacts in Anthropic's Claude AI assistant, introduced in June. Canvas displays content in a separate window alongside the AI chat history, allowing users to keep an eye on working document drafts or programming code while collaborating with the AI assistant.

OpenAI began rolling out canvas to ChatGPT Plus and Team users globally on Thursday, while Enterprise and Education users will gain access next week. The company also plans to make canvas available to all free ChatGPT users once it exits the beta stage.

Like Artifacts, Canvas is sort of a scratch pad, a way to visually separate portions of the active working context (the user prompt) to keep them from getting lost in the chat backlog. From our experience, Artifacts can ease the process of working on projects with Claude that require editing and revisions, and Canvas functions in a very similar way.

Read full article

Comments



Read the whole story
zipcube
13 hours ago
reply
Dallas, Texas
Share this story
Delete

Meta hides warning labels for AI-edited images

1 Share

Starting next week, Meta will no longer put an easy-to-see label on Facebook images that were edited using AI tools, and it will make it much harder to determine if they appear in their original state or had been doctored. To be clear, the company will still add a note to AI-edited images, but you'll have to tap on the three-dot menu at the upper right corner of a Facebook post and then scroll down to find "AI Info" among the many other options. Only then will you see the note saying that the content in the post may have been modified with AI. 

Images generated using AI tools, however, will still be marked with an "AI Info" label that can be seen right on the post. Clicking on it will show a note that will say whether it's been labeled because of industry-shared signals or because somebody self-disclosed that it was an AI-generated image. Meta started applying AI-generated content labels to a broader range of videos, audio and images earlier this year. But after widespread complaints from photographers that the company was flagging even non-AI-generated content by mistake, Meta changed the "Made with AI" label wording into "AI Info" by July.

The social network said it worked with companies across the industry to improve its labeling process and that it's making these changes to "better reflect the extent of AI used in content." Still, doctored images are being widely used these days to spread misinformation, and this development could make it trickier to identify false news, which typically pop up more during election season. 

This article originally appeared on Engadget at https://www.engadget.com/social-media/meta-hides-warning-labels-for-ai-edited-images-143004313.html?src=rss



Read the whole story
zipcube
1 day ago
reply
Dallas, Texas
Share this story
Delete
Next Page of Stories