Science

• All your DNS were belong to us: AWS and Google Cloud shut down spying vulnerability

  Security researchers found they could snoop on dynamic DNS traffic
  Thomas Claburn in San Francisco Fri 6 Aug 2021 // 19:34 UTC

  Until February this year, Amazon Route53's DNS service offered largely unappreciated network eavesdropping capabilities. And this undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider.

  In a presentation earlier this week at the Black Hat USA 2021 security conference in Las Vegas, Nevada, Shir Tamari and Ami Luttwak from security firm Wiz, described how they found a DNS name server hijacking flaw that allowed them to spy on the dynamic DNS traffic of other customers.

  "We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," explained Tamari in a blog post. "Essentially, we 'wiretapped' the internal network traffic of 15,000 organizations (including Fortune 500 companies and government agencies) and millions of devices."

  Continue reading

• Foxconn buys chip factory off Macronix in bid to break into the electric vehicle market

  Electronics giant must conquer its supply chain as US eyes domestic production
  Laura Dobberstein Fri 6 Aug 2021 // 15:37 UTC 3

  Taiwanese electronics giant Foxconn has purchased a chip plant for $90.8m from its compatriot, Macronix International.

  "Macronix is pleased to see the subject 6-inch wafer fab continue to make its contribution to Taiwan as Foxconn commits to have the fab be used as an important base for Foxconn to reinforce its semiconductor development plan and to meet the demand of electric vehicles," said Miin Wu, chairman and CEO of Macronix, in a canned statement on Foxconn's website.

  The sales agreement includes Macronix's 6-inch wafer fab and equipment, but no employees, in Taiwan's Hsinchu Science Park and is planned to close by the end of 2021.

  Continue reading

• THX Onyx: A do-it-all DAC for the travelling audiophile

  Hi-res, MQA, DSD, supports Apple Music's highest quality – but is it worth the hassle?
  Tim Anderson Fri 6 Aug 2021 // 14:27 UTC 29

  Review Apple introduced hi-res lossless audio to its music service last month, but third-party hardware is required to enjoy it – if indeed the difference is audible. We took a look at the THX Onyx, a portable DAC and headphone amplifier that claims to be just the thing.

  There is a strange cocktail of ingredients that flavours the music and audio industry. There is a drive towards greater convenience, which means streaming music and true wireless, as popularised by Apple's Bluetooth-driven AirPods, first introduced in September 2016. Then there is a push towards higher quality, with vendors touting higher resolution such as 24-bit 192kHz digital, or exotic formats such as DSD (Direct Stream Digital), MQA (Master Quality Authenticated) – all of which are supported by the THX Onyx – and Dolby Atmos/Spatial audio, which is a new approach to surround sound.

  These two demands sometimes pull in opposite directions. Streaming audio has largely meant lossy compression, formats such as MP3 and AAC (Advanced Audio Coding), which reduce data size by omitting parts of the signal that are inaudible or hardly audible. Wireless has largely meant Bluetooth audio, for which none of the available codecs are lossless. Lossy compression at levels like Apple's 256 Kbps AAC is excellent and not an issue for most people yet there remains the nagging annoyance that it is potentially compromising quality for the sake of convenience and efficiency.

  Continue reading

• Does the world need another cross-platform framework? Tough, here's JetBrains with Compose Multiplatform

  'A different way of thinking about applications' says project lead
  Tim Anderson Fri 6 Aug 2021 // 13:32 UTC 7

  An open-source Kotlin framework for cross-platform applications, based on Jetpack Compose for Android, is now in preview.

  Google's Jetpack Compose is an official framework for building a user interface in an Android application, and reached version 1.0 last week, at the same time as the first stable release of Android Studio, 2020.3.1 or "Arctic Fox".

  Despite only just hitting 1.0, Google said: "There are already over 2,000 apps in the Play Store using Compose – in fact, the Play Store app itself uses Compose."

  Continue reading

• Your Computer Is On Fire, but it will take much more than this book to put it out

  Detailed diagnosis of tech industry delusion falls short of prescribing a cure
  Lindsay Clark Fri 6 Aug 2021 // 12:32 UTC 4

  Book review Seasoned industry watchers will welcome Your Computer Is on Fire as a thorough and unflinching debunking of Big Tech's outlandish self-mythologising. They might even hope that governments, business, and the media organisations who buy into the barrage of propaganda start to ask a few important questions. But there are limits to this niche text that is at times prone to academic navel-gazing.

  In the 1990s, despite the outward differences between the industry big guns, the background hum was the same. The internet offered opportunity for all, ecommerce could lead to frictionless economics, software made people more productive, and companies more competitive. Such delusions survived the dotcom crash and financial crisis then re-emerged in the early days of social media as the Arab Spring became a use case for the positive impact of Twitter and Facebook. Together with that movement's difficult development, the nefarious exploitation of social media user data that contributed to the election of US presidential regime with ever-so-slightly insurrectionist tendencies should have given pause for thought.

  It's a wonder, then, that tech industry propaganda has barely shifted. Instead, it's a case of different tech, same tune. Last month, Google CEO Sundar Pichai told the BBC that AI would be the "most profound technology" that humanity will ever develop. Similarly, UK Cabinet Office minister Julia Lopez adopted industry language when she said that "now, more than ever, digital must be front and centre of government's priorities to meet user needs."

  Continue reading

• Flushing roulette: Southern Water installing digital sewer monitors to prevent blockages

  Plan to deal with fatbergs NOT related to that £90m fine for dumping effluent into sea on England's south coast
  Paul Kunert Fri 6 Aug 2021 // 11:34 UTC 19

  Where's there's muck there's brass, and there won't be many places more mucky than a sewer system as bidders for a network digitalisation contract in southern England are about to rediscover.

  According to a tender published this week, Southern Water is wading through the market to sniff out a supplier to "significantly and rapidly improve the visibility of the gravity wastewater network."

  "We plan to achieve this by installing 10,000's (up to 30,000 across Kent, East and West Sussex, Hampshire and the Isle of Wight) of sewer monitors and developing in parallel the associated analytics to make appropriate and effective use of the additional information to prevent sewer blockages developing into a pollution or flooding incident," the document states.

  Continue reading

• Hey, AI software developers, you are taking Unicode into account, right ... right?

  Here's how to switch around account numbers, slip past moderation, and mix up names in production-level models
  Katyanna Quach Fri 6 Aug 2021 // 10:31 UTC 15

  Analysis Computer scientists have detailed ways in which AI language systems – including some in production – can be hoodwinked into making bad decisions by text containing unseen Unicode characters.

  Account numbers can be switched around, recipients of transactions changed, and comment moderation bypassed by special hidden characters, we're told. And it is claimed software built by Microsoft, Google, IBM, and Facebook can be potentially fooled by carefully crafted Unicode.

  The issue is that ambiguity or discrepancies can be introduced if the machine-learning software ignores certain invisible Unicode characters. What's seen on screen or printed out, for instance, won't match up with what the neural network saw and made a decision on. It may be possible abuse this lack of Unicode awareness for nefarious purposes.

  Continue reading

• Q: Post-lockdown, where would I like to go? A: As far away from my own head as possible

  About 238,855 miles would do the trick
  Alistair Dabbs Fri 6 Aug 2021 // 09:27 UTC 39

  Something for the Weekend, Sir? More good news for Team GB's Tokyo Games medal winners: you're going to the Moon.

  This is true because I read it. It was in a press release sent to me this week. "Olympic Medalists Get Free Ticket to the Moon," it says. That is going to be one expensive flight, with more than 50 medals awarded to Brits so far, and the Paralympics yet to begin.

  Unless… yep, here it comes in the first sentence. "LifeShip Inc. today announced they will be sending Olympic and Paralympic gold, silver, and bronze medalists' DNA to the Moon for free."

  Continue reading

• Breaking Bad or just a bad breakpoint? That feeling when your predecessor is BASIC

  Here I am to save the day!
  Richard Speed Fri 6 Aug 2021 // 08:30 UTC 58

  On Call That Friday feeling is upon us again after a week of dealing with IT issues and dodging the gimlet gaze of the boss. Hopefully yours didn't involve some impromptu debugging in production. Welcome to On Call.

  Today are pleased to salute the return of Who, Me? contributor Susan, who previously regaled us with a tale from two decades ago.

  Susan's latest anecdote takes place in the months before Christmas 2001 when she found herself suddenly bereft of work. She had been enjoying the lucrative life of a Visual Basic 6 and SQL Server contractor before her employer of four years abruptly went bust, putting her dreams of a lavish festive holiday in the Scottish Highlands at risk.

  Continue reading

• AI to be bigger than IaaS and PaaS combined by 2025

  $500bn a year to be spent on electro-brain and supporting tech vs $400bn on cloud infrastructure
  Simon Sharwood, APAC Editor Fri 6 Aug 2021 // 07:28 UTC 6

  Analyst firm IDC has predicted that by the year 2025 more money will be spent on artificial intelligence software and services than on infrastructure-as-a-service and platforms-as-a-service.

  The firm on Wednesday published details of its Worldwide Semi-annual Artificial Intelligence Tracker, which predicted global spending of $341.8 billion this year – representing 15.2 per cent year-over-year growth.

  Growth will accelerate to 18.8 per cent in 2022, leading IDC to predict the market is on track to pass $500 billion annual spend by 2024.

  Continue reading

• South Korea to test grenade-launching drones

  Back on terra firma, ransomware rampage sees elevated security threat levels and giveaways to SMBs
  Laura Dobberstein Fri 6 Aug 2021 // 06:30 UTC 21

  South Korea has this week announced two new weapons: grenade-launching drones for its military, and anti-ransomware software for businesses.

  The nation's Defense Acquisition Program Administration (DAPA) has revealed that in 2022 South Korea will test grenade-launching drones that can be remotely controlled over a range of two kilometres, carrying gunpowder-filled 40mm shells. The operator uses optical and thermal imaging cameras and a laser range finder to shoot up to six consecutive shots, with two seconds between firing. A two-axis gimbal and a recoil absorber stabilize the equipment after firing.

  A second drone – a small modular affair – weighs less than two kilograms and is intended for monitoring and reconnaissance. Operators can attach specialized kit – like optical and thermal imaging cameras, speakers, searchlight and laser rangefinders – depending on the purpose of the mission.

  Continue reading