NOAA Unveils a Warmer Climate 'Normal' For the US 45

An anonymous reader quotes a report from Axios: The National Oceanic and Atmospheric Administration revealed new standards on Tuesday for what an average or "normal" U.S. climate looks like, showing average temperatures in the U.S. rising significantly. Updating these standards is important for helping shape government policies and what your local weather forecaster says the "average" high temperature is on a given date.

NOAA releases climate averages for the preceding 30-year period every 10 years. The "climate normals" released Tuesday cover 1991-2020 and indicate that the U.S. climate has warmed, and also become wetter over time. NOAA noted that parts of the U.S. may also get drier, due to climate change. "The influence of long-term global warming is obvious," per a press release. The new normals may shift how the climate is described for particular parts of the U.S. With the changes, Fairbanks, Alaska is no longer considered a sub-Arctic climate, but is now termed a "warm summer continental" climate.

Biden Team May Partner With Private Firms To Monitor Extremist Chatter Online (cnn.com) 243

schwit1 shares a report from CNN: The Biden administration is considering using outside firms to track extremist chatter by Americans online, an effort that would expand the government's ability to gather intelligence but could draw criticism over surveillance of US citizens. The plan being discussed inside DHS, according to multiple sources, would, in effect, allow the department to circumvent' [restrictions the U.S. government has to surveil American citizens]. A source familiar with the effort said it is not about decrypting data but rather using outside entities who can legally access these private groups to gather large amounts of information that could help DHS identify key narratives as they emerge.

In response to CNN's story, DHS said it "is not partnering with private firms to surveil suspected domestic terrorists online" and "it is blatantly false" to suggest that the department is using outside firms to circumvent its legal limits. "All of our work to address the threat of domestic terrorism is done consistent with the Constitution and other applicable law, and in close coordination with our privacy and civil liberties experts," the DHS statement added. But the department has considered partnering with research firms who have more visibility in this space, though it has not done so to this point, the sources said. If that ultimately happens, DHS could produce information that would likely be beneficial to both it and the FBI, which can't monitor US citizens in this way without first getting a warrant or having the pretext of an ongoing investigation. The CIA and NSA are also limited on collecting intelligence domestically.

Researchers who already monitor such activity online could act as middlemen to obtain the information. DHS officials maintain the materials provided would only consist of broad summaries or analysis of narratives that are emerging on these sites and would not be used to target specific individuals. But some of the research firms and non-profit groups under consideration by the DHS periodically use covert identities to access private social media groups like Telegram, and others used by domestic extremist groups. That thrusts DHS into a potential legal gray area even as it plugs an intelligence gap that critics say contributed to the failure to predict the assault on the Capitol.


21Nails Vulnerabilities Impact 60% of the Internet's Email Servers (therecord.media) 56

The maintainers of the Exim email server software have released updates today to patch a collection of 21 vulnerabilities that can allow threat actors to take over servers using both local and remote attack vectors. The Record reports: Known as 21Nails, the vulnerabilities were discovered by security firm Qualys. The bugs impact Exim, a type of email server known as a mail transfer agent (MTA) that helps email traffic travel across the internet and reach its intended destinations. While there are different MTA clients available, an April 2021 survey shows that Exim has a market share of nearly 60% among all MTA solutions, being widely adopted around the internet. The 21Nails vulnerabilities, if left unpatched, could allow threat actors to take over these systems and then intercept or tamper with email communications passing through the Exim server.

As Qualys explains in its security advisory, the 21Nails vulnerabilities are as bad as it gets. All Exim server versions released in the past 17 years, since 2004, the beginning of the project's Git history, are affected by the 21Nails bugs. This includes 11 vulnerabilities that require local access to the server to exploit, but also 10 bugs that can be exploited remotely across the internet. Security experts recommend that Exim server owners update to Exim version 4.94 to protect their systems against attacks.


Sale of Coal and Wet Wood Restricted in England (bbc.com) 109

Curbs on the sale of house coal and wet wood for household burning in England have come into force under new rules aimed at cutting air pollution. From a report: People will still be able to use stoves and open fires but they will need to burn cleaner alternatives. These are the first restrictions on what people can burn in their homes since the clean air acts of the 1950s. The UK's air is far cleaner now, but in recent years pollution from log burners has increased dramatically. Only 8% of households use them, but they are now the biggest source of the tiny pollution particles that are most damaging to health, according to government data. It shows domestic wood burning in both closed stoves and open fires was responsible for 38% of pollution particles under 2.5 microns in size, three times more than road traffic. These tiny particles can enter the bloodstream and lodge in lungs and other organs, the Department for Environment Food and Rural Affairs (Defra) warns, and have been identified by the World Health Organization as the most serious air pollutant for human health.

New Emails Show Steve Jobs Referred To Facebook As 'Fecebook' Amid App Store Conflict (9to5mac.com) 59

The Apple vs. Epic legal battle has brought new documents to light, revealing the strained relationship between Apple and Facebook that dates as far back as 2011. 9to5Mac reports: Around this time, Facebook had not yet released a dedicated app for the iPad, which debuted in 2010. Apple's Scott Forstall, then serving as the company's software chief, sent an email to Phil Schiller and Steve Jobs regarding a meeting he had with Mark Zuckerberg about bringing Facebook to the iPad. At the heart of Facebook's concerns was that Apple would not allow the Facebook for iPad application to include "embedded apps." Forstall wrote: "I just discussed with Mark how they should not include embedded apps in the Facebook iPad app -- neither in an embedded web view or as a directory of links that would redirect to Safari. Not surprisingly, he wasn't happy with this as he considers these apps part of the 'whole Facebook experience' and isn't sure they should do an iPad app without them. Everything works in Safari, so he is hesitant to push people to a native app with less functionality, even if the native app is better for non-third party app features."

Zuckerberg suggested a few compromises to Forstall: Do not include a directory of apps in the Facebook app, links, or otherwise; Do not have third-party apps run in the embedded web view; Allow user posts in the news feed related to apps; and Tapping on one of these app-related links would (1) fast switch to a native app if one exists and the user has it installed, (2) take the user to the App Store if a native app exists and the user has not installed it, (3) link out to Safari otherwise.

"I think this is all reasonable, with the possible exception of #3," Forstall wrote in the email. Steve Jobs responded and wrote, "I agree -- if we eliminate Fecebooks third proposal it sounds reasonable." Note Jobs's spelling of Facebook there. A few days later, Forstall followed up and said that Zuckerberg did not like Apple's counterproposal. [...] CNBC adds: "When Facebook's iPad app eventually launched, it said that it would not support its own Credits currency on iOS for apps like Farmville -- a compromise along the lines of what Apple's executives discussed.

United States

US Commerce Dept Pressing Taiwan To Supply More Chips To US Automakers (reuters.com) 52

The U.S. Commerce Department is pressing Taiwan Semiconductor Manufacturing and other Taiwanese firms to prioritize the needs of American automakers to ease chip shortages in the near term, Commerce Secretary Gina Raimondo said on Tuesday. From a report: Raimondo told a Council of the Americas event that longer term, increased investment is needed to produce more semi-conductors in the United States and other critical supply chains need re-shoring, including to allied countries. "We're working hard to see if we can get the Taiwanese and TSMC, which is a big company there, to, you know, prioritize the needs of our auto companies since there's so many American jobs on the line," Raimondo said in response to a question from a General Motors executive.

Pandora Says Laboratory-Made Diamonds Are Forever (bbc.com) 164

An anonymous reader quotes a report from the BBC: The world's biggest jeweller, Pandora, says it will no longer sell mined diamonds and will switch to exclusively laboratory-made diamonds. Concerns about the environment and working practices in the mining industry have led to growing demand for alternatives to mined diamonds. Pandora's chief executive, Alexander Lacik, told the BBC the change was part of a broader sustainability drive. He said the firm was pursuing it because "it's the right thing to do." They are also cheaper: "We can essentially create the same outcome as nature has created, but at a very, very different price." Mr Lacik explains they can be made for as little as "a third of what it is for something that we've dug up from the ground."

Pandora's lab-made diamonds are being made in Britain, and the UK is the first country where they will be sold. The new diamond jewelry will start at $350. [...] One problem with lab-made diamonds, though, is that they can take a lot of energy to produce. Between 50% and 60% of them come from China, where they are made in a process known as "high-pressure, high-temperature technology." The use of coal powered electricity is widespread. However in the United States, the biggest retail market for lab-grown diamonds, there is a greater focus on using renewable energy. The largest US producer, Diamond Foundry, says its process is "100% hydro-powered, meaning zero emissions." Both types are chemically and physically identical to mined diamonds.


Two More Windows 10 Updates Will Remove Adobe Flash For Good (zdnet.com) 47

Microsoft is preparing to issue two more Windows 10 updates in June and July that will eliminate unsupported Adobe Flash Player from Windows PCs for good. ZDNet reports: The update KB4577586 called "Update for Removal of Adobe Flash Player" has been available as an optional update since October and now looks set for a broader deployment. Flash Player officially reached end of life on December 31, 2020 as per an announcement by Adobe and major browser makers in 2017.

"Starting in June 2021, the KB4577586 "Update for Removal of Adobe Flash Player" will be included in the Preview Update for Windows 10, version 1809 and above platforms. It will also be included in every subsequent Latest Cumulative Update," Microsoft said. "As of July 2021, the KB4577586 "Update for Removal of Adobe Flash Player" will be included in the Latest Cumulative Update for Windows 10, versions 1607 and Windows 10, version 1507. The KB will also be included in the Monthly Rollup and the Security Only Update for Windows 8.1, Windows Server 2012, and Windows Embedded 8 Standard," it added.


Dogecoin Spike Crashes Robinhood Token Trading (theverge.com) 63

Robinhood's trading app crashed for around an hour this morning, as Dogecoin hit record highs and Ethereum continued to gain ground. The outage is reminiscent of the Robinhood-GameStop fiasco last January, where Robinhood deliberately blocked users from trading GameStop stock as it catapulted in value. The Verge reports: Robinhood ran into issues processing cryptocurrency trades this morning, during a spike in the price of Dogecoin that sent users flocking to the app. The website DownDetector shows the outage starting around 9:30AM ET and reducing in severity about an hour later. Robinhood confirmed that it experienced a "partial outage" in crypto trading and said the issues had been resolved as of 11:15AM ET. The outage was particularly noticeable since it came during a spike (and subsequent dip) in Dogecoin prices. Coins were priced at around $0.40 USD at the beginning of the day. Around 8AM ET, they spiked past $0.50 USD and reached as high as $0.60 USD near 10AM ET.

Users were quick to voice their frustrations with the app on Twitter, seeing it as a repeat of the situation that happened in January when Robinhood limited trading on buzzy, soaring stocks, including GameStop and AMC. In the app this morning, a message told users, "We are experiencing intermittent issues with crypto trading. We are working to resolve this issue as soon as possible." Meanwhile, the price ticker on Dogecoin continued its rapid flip up and down.


frontier Exits Bankruptcy, Claims It Will Double Fiber-To-the-Home Footprint (arstechnica.com) 30

An anonymous reader quotes a report from Ars Technica: frontier Communications emerged from Chapter 11 bankruptcy on Friday, saying that it plans to double its fiber-to-the-premises footprint by extending fiber to an additional 3 million homes and businesses. "frontier is deploying capital and pursuing an extensive fiber build-out plan that will accelerate the company's transformation from a legacy provider of copper-based services to a fiber-based provider... Under the first phase of the plan, frontier intends to invest heavily and pass more than 3 million homes and business locations, enabling a total of over 6 million homes and businesses with Gig-plus speeds," the company said in a press release.

Expanding to 3 million additional homes will take multiple years, as frontier said it plans to reach "approximately 495,000 additional locations in 2021." That apparently includes 100,000 new fiber locations already built in the first three months of this year. frontier is analyzing whether it can "at least double the build rate next year," frontier's newly hired CEO Nick Jeffery said, according to FierceTelecom. "We have 3.4 million total fiber passings today and plan to at least double this footprint over the coming years," Jeffery also said.

frontier's current network consists of copper lines that pass 11.8 million homes and businesses and fiber lines passing 3.4 million homes and businesses, frontier said in a presentation for investors. Even if frontier achieves its goal of doubling its fiber network, over 8 million homes and businesses would remain stuck on frontier's old copper network, which provides slower DSL service. Although frontier didn't promise to extend fiber to all or even to a majority of its copper locations, its presentation said the company's network has a "substantial competitive advantage relative to competitors" because it includes "12 million copper passings to potentially convert to fiber."


Belgium's Government Network Goes Down After Massive DDoS Attack 26

Most of the Belgium government's IT network has been down today after a massive distributed denial of service (DDoS) attack knocked offline both internal systems and public-facing websites. From a report: The attack targeted Belnet, a government-funded ISP that provides internet connectivity for Belgian government organizations, such as its Parliament, educational institutes, ministries, and research centers. The incident, which Belnet is still dealing with at the time of writing, is believed to have impacted the activities of more than 200 Belgian government organizations. Impacted services include My Minfin, the government's official tax- and form-filing portal, but also IT systems used by schools and universities for remote learning applications. In a tweet today, the Belgium Justice Department also reported disruptions but did not go into details.
The Courts

#FreeFortnite Hecklers Add a Shout-Out To Epic-Apple Trial (bloomberg.com) 54

Fans of Fortnite aren't happy that Apple pulled the game app off the iPhone last year -- and some aren't shy about appealing to the federal judge who has the power to make things right. From a report: "Can we please have Fortnite mobile back?" a voice was heard saying Tuesday as a clerk was testing dial-in access for the public to monitor Epic Games' trial against Apple in federal court in Oakland, California. Yesterday, as the three-week trial opened, there were enough hecklers who'd figured out how to unmute themselves -- against the court's rules -- that the phone system was briefly shut down, prompting some online commentators to refer to the situation as a hijacking. Further reading: The Apple vs. Epic Games trial airs private emails.
It's funny.  Laugh.

Belgian Farmer Accidentally Moves French Border (bbc.com) 91

A farmer in Belgium has caused a stir after inadvertently redrawing the country's border with France. From a report: A local history enthusiast was walking in the forest when he noticed the stone marking the boundary between the two countries had moved 2.29m (7.5ft). The Belgian farmer, apparently annoyed by the stone in his tractor's path, had moved it inside French territory. Instead of causing international uproar, the incident has been met with smiles on both sides of the border. "He made Belgium bigger and France smaller, it's not a good idea," David Lavaux, mayor of the Belgian village of Erquelinnes, told French TV channel TF1. That sort of move caused a headache between private landowners, he pointed out, let alone neighbouring states. The border between France and what is now Belgium stretches 620km (390 miles). It was formally established under the Treaty of Kortrijk, signed in 1820 after Napoleon's defeat at Waterloo five years earlier. The stone dates back to 1819, when the border was first marked out. "I was happy, my town was bigger," the Belgian mayor added with a laugh. "But the mayor of Bousignies-sur-Roc didn't agree."

India Grants Approval For 5G Trials, Avoids Chinese Firms (techcrunch.com) 34

Indian telecom ministry on Tuesday said it has granted several telecom service providers permission to conduct a six-month trial for the use and application of 5G technology in the country. From a report: New Delhi has granted approval to over a dozen firm spanning multiple nationalities -- excluding China. Among the telecom operators that have received the grant include Jio Platforms, Airtel, Vodafone Idea, and MTNL. These firms, the ministry said, will work with original equipment manufacturers and tech providers Ericsson, Nokia, Samsung, and C-Dot. Jio Platforms, additionally, has been granted permission to conduct trials using its own homegrown technology. In a press note, the Department of Telecommunications didn't specify anything about China, but a person familiar with the matter confirmed that Chinese giants Huawei and ZTE aren't among those who have received the approval. [...] India's move on Tuesday follows similar decisions taken by the U.S., UK, and Australia, all of which have expressed concerns about Huawei and ZTE and their ties with the Chinese government.

Dell Patches 12-year-old Driver Vulnerability Impacting Millions of PCs (therecord.media) 23

Hundreds of millions of Dell desktops, laptops, notebooks, and tablets will need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks. From a report: The bug, tracked as CVE-2021-21551, impacts version 2.3 of DBUtil, a Dell BIOS driver that allows the OS and system apps to interact with the computer's BIOS and hardware. In a report published today and shared with The Record, security firm SentinelOne said it found a vulnerability in this driver that could be abused to allow threat actors access driver functions and execute malicious code with SYSTEM and kernel-level privileges. Researchers said the DBUtil vulnerability cannot be exploited over the internet to gain access to unpatched systems remotely. Instead, threat actors who gained initial access to a computer, even to a low-level account, could abuse this bug to take full control over the compromised PC -- in what the security community typically describes as a privilege escalation vulnerability.
The Almighty Buck

Dogecoin Creator Sold All His Coins in 2015 To Buy a Used Honda Civic; Doge Now Has a Bigger Market Cap Than Honda Motor (benzinga.com) 79

Dogecoin, which hit an all-time high near the 45-cent level on Monday night, has now surpassed automaker Honda Motor in terms of market capitalization. From a report: The joke cryptocurrency has risen 10.8% in the past 24 hours to $0.4245 at press time, giving it a market capitalization of $54.64 billion. In comparison, Honda has a market capitalization of $54.52 billion as per Monday's close. The event is significant as Dogecoin co-creator Billy Markus recently revealed that he sold off his entire cryptocurrency holdings in 2015 for an amount equivalent to what a used Honda Civic would cost at that time.
The Almighty Buck

Apple Exec Suggested Cutting App Store Commission To 20% as Early as 2011 (theverge.com) 62

Phil Schiller, the Apple executive in charge of the App Store, raised the possibility of the company cutting its 30 percent commission rate to 25 or even 20 percent back in 2011 in response to competition. From a report: Schiller floated the idea in an email to then Apple CEO Steve Jobs and head of Apple services Eddy Cue. The email has been made public as part of the company's legal battle with Epic Games. "Do we think our 70/30 split will last forever?" Schiller's email begins. "I think someday we will see enough challenge from another platform or web based solutions to want to adjust our model." Schiller goes on to suggest that if Apple were to ever change its fee structure, that it should do so "from a position of strength rather than weakness" and floats the idea of Apple dropping its commission rate once the App Store is generating over $1 billion in annual profit. "I know that this is controversial, I just tee it up as another way to look at the size of the business, what we want to achieve, and how we stay competitive," Schiller wrote. "Just food for thought." Attached to the email is a Wall Street Journal article from 2011 which discussed the possibility of developers using web apps to bypass Apple's App Store fees.

Surprise COVID Trend: Doomscrolling Moved To Desktop (axios.com) 29

New data from Chartbeat finds that working from home has pushed people to scroll deeper through article pages on desktop, and slightly less through articles on mobile. From a report: The change, which coincides with the start of the pandemic, could suggest that users prefer to engage more with article pages when they have the opportunity to read them on a bigger screen. Several factors could be influencing the trend, says Bonnie Ray, head of data science at Chartbeat, an analytics company. Desktop usage has spiked overall as people spend more time at home. Pre-pandemic article reading habits on mobile may have shifted to desktop. Articles are encountered differently on desktop versus mobile. Ray found the portion of article views from search with no scrolling has gone down significantly over time, but hasn't changed on social. A higher percentage of search traffic versus social occurs on desktop, so "it could be that articles we seek out via search are more relevant to us versus ones served up to us on social," Ray says.

Window heights: Desktop scrolling may have increased more relative to mobile because window heights on desktop have changed very little over the past year, hovering at ~780 pixels, while window heights on mobile have increased from ~580 to 650 pixels. The trend mostly holds true for all but the smallest of websites.

The Almighty Buck

Amazon Had Sales Income of $53 Billion in Europe in 2020 But Paid No Corporation Tax (theguardian.com) 304

Fresh questions have been raised over Amazon's tax planning after its latest corporate filings in Luxembourg revealed that the company collected record sales income of $53 billion in Europe last year but did not have to pay any corporation tax to the Grand Duchy. From a report: Accounts for Amazon EU Sarl, through which it sells products to hundreds of millions of households in the UK and across Europe, show that despite collecting record income, the Luxembourg unit made a $1.4 billion loss and therefore paid no tax. In fact the unit was granted $67.3 million in tax credits it can use to offset any future tax bills should it turn a profit. The company has $3.25 billion worth of carried forward losses stored up, which can be used against any tax payable on future profits. Margaret Hodge, a Labour MP who has long campaigned against tax avoidance, said: "It seems that Amazon's relentless campaign of appalling tax avoidance continues."

"Amazon's revenues have soared under the pandemic while our high streets struggle, yet it continues to shift its profits to tax havens like Luxembourg to avoid paying its fair share of tax. These big digital companies all rely on our public services, our infrastructure, and our educated and healthy workforce. But unlike smaller businesses and hard-working taxpayers, the tech giants fail to pay fairly into the common pot for the common good. President Biden has proposed a new, fairer system for taxing large corporations and digital companies but the UK has not come out in support of the reforms. The silence is deafening. The government must act and help to grasp this once-in-a-generation opportunity to banish corporate tax avoidance to a thing of the past."


New Micro-Op Cache Vulnerability Evades All Previous Fixes For Spectre-Like Attacks (virginia.edu) 40

ffkom writes: Modern x86 and ARM CPUs translate opcodes into ops, which are usually stored in a cache of their own for later re-use. Researchers from the university of Virginia have found a way to exploit this for side-channel attacks, where malicious code exfiltrates information from other processes or virtual machines based on measurable characteristics of the op-cache state, which they describe in their scientific paper.. This side-channel attack evades all previous fixes for SPECTRE-like attacks, and poses yet another difficult-to-address risk to all software that runs on CPUs that are used by possibly malicious code at the same time -- like code running on other people's computers ("the cloud") or code running on CPUs that at the same time run "sandboxes" with code from some untrusted sources on the Internet.

Tesla Car Hacked Remotely From Drone Via Zero-Click Exploit (securityweek.com) 126

wiredmikey shares a report from SecurityWeek: Security researchers have shown how a Tesla -- and possibly other cars -- can be hacked remotely without any user interaction from a drone. This was the result of research conducted last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of Comsecuris. The attack, dubbed TBONE, involves exploitation of two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices. A hacker who exploits the vulnerabilities can perform any task that a regular user could from the infotainment system. That includes opening doors, changing seat positions, playing music, controlling the air conditioning, and modifying steering and acceleration modes. They showed how an attacker could use a drone to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters (roughly 300 feet). They claimed the exploit worked against Tesla S, 3, X and Y models. "Tesla patched the vulnerabilities with an update pushed out in October 2020, and it has reportedly stopped using ConnMan," the report notes. Since the ConnMan component is widely used in the automotive industry, similar attacks could be launched against other vehicles.

High-Energy Cosmic Ray Sources Get Mapped Out For the First Time (wired.com) 19

DesertNomad writes: A dull, dark, otherwise unremarkable spot near the constellation Canis Major appears to be the locus of extra-galactic, super-high-energy cosmic ray production, with the actual source in the Virgo cluster and the cosmic rays' paths distorted by the complex galactic magnetic field. Astrophysicists crafted the most state-of-the-art model of the Milky Way's magnetic field, and found that this model explains the significant change in direction of the cosmic rays. The findings appear in a paper via arXiv.

slashdot Top Deals