Sunday, 25 September 2016

Fast cars and paddock life: the IMSA Lone Star Le Mans gallery

ISP explains data caps to FCC: Using the Internet is like eating Oreos

Liveblog: IT, the cloud, and productivity at Microsoft Ignite 2016 Keynote

Embattled Oculus founder receives support of two top executives

A Turkish Company Is Building Real-World Transformers

Real-life Transformers are apparently already a thing thanks to a Turkish company called Letvision. They can't do battle with Decepticons, but they can turn their heads from side to side and move their arms and fingers and, erm, shoot smoke from between their legs. Oh, and they can do the whole changing from a 2013 BMW to an upright robot bit. That's pretty cool, too.

But of course there's a catch. Each of the four available Transformers (which Letvision gave the copyright-friendly name of "Letrons") has a functional steering wheel, but you can only "drive" them remotely because Letvision stuffed the seating spaces with the hydraulics and electronics needed for the conversion. (And since you'd be stuck staring straight up at the sky, being inside during the moment of transformation probably isn't the best of ideas.)

It can't even walk, although Letvision points out that this could change provided "reasonable funding is provided for a new research and development project."

Naturally you'll want some "reasonable funding" yourself if you ever plan on owning one of these things. Letvsision doesn't even include the price for its Letrons; instead they claim they'll only work with potential buyers whose "project and reason to use" match up with their own unspecified criteria.

from A Turkish Company Is Building Real-World Transformers

Changing Passwords After a Breach Is Still Way Too Hard

Yahoo’s announcement earlier this week that 500 million user accounts were compromised inspired another prolonged sigh, at a time when data breaches are so commonplace they sometimes seem like background noise.

According to the company, a “state-sponsored actor” was responsible for the breach, which exposed “names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers." The notification also came a month after a hacker known as “Peace” posted to a cybercrime forum claiming to have data from 200 million Yahoo accounts for sale.

Security experts have repeatedly offered sound advice after such breaches: Never reuse passwords and start using a password manager, which generates unique passwords for each login and stores them in one encrypted file protected by a single, strong “master” password. But one thing that remains unnecessarily frustrating about this setup is the crucial post-breach task of identifying and changing a potentially compromised password.

If, like me, you’re someone who uses a password manager (and you really, really should look into it if you’re not) you’ve probably noticed just how annoying it is to do this. Since all of your passwords are stored in one encrypted file, a data breach anywhere requires you to not only go to the affected site and change your password, but also update your password file with the new password for that login.

Specifically, that means you have to:

  • Get notified when a breach occurs
  • Go to the site and initiate a password reset
  • Open your password manager and generate a new random password for that site
  • Copy the new password into the site’s password reset form
  • Save the new login information in your password manager

This is all worth it in the end, because it means you can easily login to any site or app with one or two clicks without having to remember any of the actual usernames or passwords (usually through a browser extension that automatically fills them in).

But every time I introduce people to password managers (I help train local activists and community organizers in computer security in my spare time), this vigilant process of constantly generating new, unique passwords is always the biggest hurdle to convincing them to adopt the password manager lifestyle.

A big part of it is the fact that no password manager has a really effective system for notifying and responding to data breaches. 1Password’s Watchtower, which was initially created to handle the infamous Heartbleed vulnerability in 2014, is supposed to notify you when a site you have saved in your password vault is at risk. But in my 2 years of using it I’ve never gotten a single notification, despite being affected by plenty of breaches.

Even if you are notified, updating your password using a password manager is still a pretty clunky experience. Most password managers have browser extensions that auto-detect when you’re entering login information into a form, and offer to save it to a new or existing entry in your password manager’s vault.

But the password reset forms on most sites are formatted differently than their login screens, and as a result you often end up with multiple password entries for the same site or app. Then, the next time you go to auto-fill your login information, the password manager will often wind up entering your old password instead of the new one—unless you manually go into your password vault and modify or delete the duplicate entries. Even more irritating, sites like Google have separate screens for entering a username and password, making password managers’ auto-fill process unnecessarily arduous.

To be totally clear, none of this should convince you not to use a password manager. The inconvenience of having to do occasional maintenance in the aftermath of a breach is far preferable to putting yourself at risk by using the same password everywhere.

But in a world where data breaches happen practically every week, websites and developers should work together on making the password-changing process as painless as humanly possible for people who use password managers. Sites could adhere to a password manager-friendly template for their login and password reset screens, so that password manager apps could more easily point compromised users to those forms and securely record the new password inside their password file.

The integration wouldn’t be easy or cheap, but users have a lot to gain from using password managers—and they deserve better.

from Changing Passwords After a Breach Is Still Way Too Hard

Monsanto Agrees to Use Gene-Editing Tool CRISPR Responsibly

Monsanto announced on Thursday that it has struck a deal which will allow the biotech giant to use the gene-editing tool CRISPR/Cas9 on agricultural products. It is the first company to receive approval to deploy CRISPR/Cas9 for agricultural use.

The license was approved by the Broad Institute, a genomic research center maintained by MIT and Harvard, and will be used by Monsanto to create genetically modified plants that are tailored to its needs. The “wide array of crop improvements” that Monsanto sees as enabled by CRISPR/Cas9 could mean anything from drought resistant crops to agricultural products that are designed to taste and look more appealing to the consumer.

“Genome-editing techniques present precise ways to dramatically improve the scale and discovery efficiency of new research that can improve human health and global agriculture,” said Issi Rozen, the Broad Institute’s Chief Business Officer. “We are encouraged to see these tools being used to help deliver responsible solutions to help farmers meet the demands of our growing population.”

CRISPR/Cas9 has been taking the world by storm since it was first developed in 2013 by researchers at the Broad Institute. The gene-editing technology works by taking advantage of a property of DNA called clustered regularly interspaced short palindromic repeats, or small repetitions of DNA base sequences. These sequences produce an enzyme called Cas9, which essentially functions as a pair of genetic scissors which can cut the DNA sequences at certain points to add or remove small DNA segments.

Yet the ease with which researchers and companies like Monsanto could use gene-editing technology to irreversibly fuck with living things like people and plants has also raised concern that the technology might become widely deployed without understanding the consequences. This is why the “responsible use” of CRISPR/Cas9 cited by Rozen is a key stipulation in Monsanto’s latest move to corner the GMO industry (as the most recent acquisition of the chemical company Bayer, Monsanto and its affiliates now control a full 25 percent of the world’s seeds and pesticides).

Monsanto has never been a company that has been particularly lauded for doing responsible things, and its forays into genetically modified plants have had a number of unintended consequences, such as encouraging pesticide resistant “super bugs” and weeds. In order to ensure more responsible use of this powerful gene-editing tool, the agreement prohibits Monsanto from using CRISPR/Cas9 to promote gene drives (where a genetically modified trait, such as pesticide resistance, is intentionally spread through an entire plant population), the production of sterile “terminator” seeds, or the production of tobacco to be used for smoking.

Gene drives were recently cited as a concern in a National Academy of Sciences report on the topic since genetically modified plant traits could ravage ecosystems in ways that aren’t yet fully understood. The terminator seeds previously developed by Monsanto have been condemned by agricultural workers around the globe because they require the farmers to buy a new round of seeds from Monsanto every year since the seeds produced naturally by their crops are sterile. Although Monsanto worked on developing terminator seeds throughout the 90s, the company insists they will never be sold commercially.

While these restrictions on the use of CRISPR/Cas9 in agriculture are a step in the right direction, it’s hard to shake the feeling that the deployment of a controversial and fledgling technology in the hands of a perennially controversial corporation might not lead to the best results.

from Monsanto Agrees to Use Gene-Editing Tool CRISPR Responsibly