AirTags, Apple’s Bluetooth-powered item trackers, were designed with good intentions: They’re useful for attaching to important things like keys and luggage to help you find them if they get lost. However, said devices also apparently come with a small design flaw—one that could allow an unscrupulous individual to…
Source: Gizmodo – How Apple AirTags Could Get You Hacked
A controversy about the handling of the Time Zone Database (tzdb) has
been brewing since May, but has come to a head in recent weeks.
Changes that were proposed to simplify the main database file have some
consequences in terms of time-zone history and changes to the
representation of some zones. Those changes have upset a number of users
of the database—to the point where some have called for a fork. A
September 25 release of tzdb with some, but not
all, of the changes seems unlikely to resolve the conflict.
Source: LWN.net – [$] A fork for the time-zone database?
Arturia already has a lineup of audio interfaces. They’re fairly well regarded. But one thing they’re not, is cheap. The base model AudioFuse is $699. It is not for the casual bedroom producer. But, the company knows that the more people making music, the bigger its customer base, so serving that entry level is important. The MiniFuse line is the answer to that need.
The lineup of three models starts at $99 for the MiniFuse 1. It’s the most basic of the new devices with a single combo input for XLR and 1/4-inch instruments. But it has the same preamps, 110db dynamic range, five-year warranty and software bundle as the rest of the lineup. All the MiniFuses can also act as USB hubs, so you can connect a controller through the interface and save some port space on your PC. What you lose mostly by opting for the most affordable option is the MIDI in and out ports. You also can’t blend direct monitoring with the USB output, you can only switch between the two.
The $149 MiniFuse 2 adds a second input, MIDI in and out ports and has a mix control for balancing between direct monitoring of your input and what’s coming out of your PC. This is handy for recording live audio when even the tiniest of latency is unacceptable.
The MiniFuse 4 hasn’t gotten a price tag yet, and wont be shipping until next year. But it has line inputs around the back, two additional audio outputs and an additional headphone jack so you and a collaborator can both monitor a track together without filling your recording space with more noise. If you use a decent amount of outboard gear or frequently work with a vocalist this is probably the way to go. The extra outputs and inputs are especially handy for routing audio out of your computer, processing it with external effects then running it back into your DAW for final mixing.
The MiniFuse line comes with a solid bundle of software including Ableton Live Lite, Analog Lab Intro, a bundle of four Arturia FX, Native Instruments Guitar Rig 6 LE and three month subscriptions to both Auto-Tune Unlimited and Splice.
The MiniFuse 1 and MiniFuse 2 are available to pre order now and will start shipping in November.
Source: Engadget – Arturia announces MiniFuse lineup of affordable audio interfaces
Enlarge / Activision Blizzard’s settlement over harassment and discrimination allegations is a drop in the bucket compared to what it made in revenue last year. (credit: Aurich Lawson | Getty Images)
Less than a day after a lawsuit alleging discrimination and sexual harassment was brought against it by a federal agency, Activision Blizzard has agreed to settle the case for $18 million. That’s less than a half-percent of Activision Blizzard’s total 2020 revenue.
The Diablo and Call of Duty maker, which denied any wrongdoing, will create an $18 million restitution fund for affected employees as part of the agreement. It will also comply with antidiscriminatory laws and ensure its workplace is free from harassment, discrimination, and retaliation practices. Any money that isn’t claimed from the $18 million fund will be donated to charities dedicated to the advancement of women in gaming and tech sectors and otherwise used to improve upon Activision Blizzard’s internal programs to promote inclusion, gender equality, and diversity.
Last year, Activision Blizzard earned $8.1 billion in revenue, putting the total settlement number at 0.22 percent of its total 2020 earnings.
Read 7 remaining paragraphs | Comments
Source: Ars Technica – Activision Blizzard settles discrimination lawsuit for a fraction of its yearly earnings
Streaming giant Netflix has acquired Night School Studio, a developer founded by former Telltale Games employees that released Oxenfree, an intriguing supernatural mystery game, and Afterparty, a barhopping comedy journey through Hell. Though now a Netflix subsidiary, Night School Studio confirmed that Oxenfree 2‘s…
Source: Kotaku – Netflix Acquires Oxenfree Dev As Its First Game Studio
A three-year coma couldn’t kill Sterling Archer—or his namesake animated series. FXX has just ordered up an eight-episode 13th season of Archer, which will air next year and will presumably see the gang continue to carry on with top-secret spy missions, international intrigue, dirty jokes, and snarky-as-hell humor……
Source: Gizmodo – Archer Will Get a Lucky 13th Season
Thomas Claburn writes via The Register: Microsoft Exchange clients like Outlook have been supplying unprotected user credentials if you ask in a particular way since at least 2016. Though aware of this, Microsoft’s advice continues to be that customers should communicate only with servers they trust. On August 10, 2016, Marco van Beek, managing director at UK-based IT consultancy Supporting Role, emailed the Microsoft Security Response Center to disclose an Autodiscover exploit that worked with multiple email clients, including Microsoft Outlook. “Basically, I have discovered that it is extremely easy to get access to Exchange (and therefore Active Directory) user passwords in plain text,” he wrote. “It doesn’t necessarily require any breach of corporate security, and at its most secure, is only as secure as file level access to the corporate website.” His proof-of-concept exploit code, which affected Outlook (both Mac and PC), default email apps for Android and iOS, Apple Mail for Mac OS X, and others, consisted of 11 lines of PHP, though he insisted the exploit probably could have been reduced to three lines.
Microsoft acknowledged on August 11, 2016, that it had reproduced the issue in van Beek’s report. Then on August 30, 2016, the Windows titan responded to van Beek by saying the report doesn’t describe a genuine vulnerability: “Our security engineers and product team have reviewed this report and determined that it is not a security issue to be serviced as part of our monthly Patch Tuesday process. ‘Never accept an SSL certificate without a matching host name’ is already recommended for clients in the doc cited by your report: [link]. Before you send a request to a candidate, make sure it is trustworthy. Remember that you’re sending the user’s credentials, so it’s important to make sure that you’re only sharing them with a server you can trust. At a minimum, you should verify: That the endpoint is an HTTPS endpoint. Client applications should not authenticate or send data to a non-SSL endpoint. That the SSL certificate presented by the server is valid and from a trusted authority.”
“This response casually forgets to consider that a hacked web server still retains a perfectly valid certificate — it just happens to use that trusted tunnel to serve up problems,” said van Beek. “Also, I have only found one Exchange client so far which actually checks the hostname against the certificate, which is Microsoft’s own test tool.” Van Beek said he thought it was incredible that Microsoft confirmed the behavior he reported within hours but does not consider it to be a problem. He suggested three mitigations: changing the order of operations so that DNS gets checked first; never accepting an SSL certificate without a matching host name; and reviewing why and when clients respond to authentication requests. When asked if the company plans to take any steps to address credential exposure and whether it believes its guidance adequately addresses the problem, a Microsoft spokesperson said: “We are continuing to investigate the specific scenario shared by the researcher.”
Read more of this story at Slashdot.
Source: Slashdot – Microsoft Knew of Exchange Autodiscover Flaw Five Years Ago
HTTPS is the secure version of Hypertext Transfer Protocol (HTTP). HTTPS uses the SSL/TLS protocol for encryption and authentication, and for securing the communication between the browser and the web server.
Source: LXer – How To Enable HTTPS Protocol with Apache 2 on Ubuntu 20.04
AMD open-source driver developers today merged another big set of patches providing various micro-optimizations and other enhancements to the RadeonSI Gallium3D driver…
Source: Phoronix – RadeonSI Driver Merges NGG Improvements, Other Optimizations For Mesa 21.3
The team behind hit indie game Oxenfree is joining Netflix, marking the first time the streaming giant has acquired a game developer. The company announced the purchase of Night School Studio on Tuesday. Netflix didn’t share many details about what it plans for the Night School team, but at very least it sounds like the studio will continue work on Oxenfree II: Lost Signals, and that its previous games will be available through the streaming platform.
📣 Small team of story-loving game people joins big team of game-loving story people, @Netflix.https://t.co/xJvtYUJVNZ
— Night School Studio (@nightschoolers) September 28, 2021
“Our explorations in narrative gameplay and Netflix’s track record of supporting diverse storytellers was such a natural pairing,” Sean Krankel, the founder of Night School Studio said. “It felt like both teams came to this conclusion instinctively.”
The move comes as Netflix works on an expansion into the gaming space. It was only earlier today it added several Android titles to its streaming app in Spain and Italy. Over the next year, the company plans to offer more games in this way.
Source: Engadget – Netflix buys ‘Oxenfree’ developer Night School Studio
The Wall Street Journal on Tuesday published the latest in its investigative series “The Facebook Files,” diving even deeper into the ubiquitous platform’s efforts to target and recruit young children.
Source: Gizmodo – Leaked Facebook Docs Depict Kids as ‘Untapped’ Wealth
An anonymous reader quotes a report from Bloomberg: How about paying for your Taco Bell order with Dogecoin? Or some of Whole Food’s avocado ice cream with Bitcoin. That’s the goal of a new partnership between crypto payment processor BitPay and Verifone, one of the world’s largest providers of those little machines you use to pay via a credit card or Venmo at a checkout line. Later this year, the newest Verifone terminals will start accepting payments for U.S. merchants from a range of cryptocurrency wallets and tokens, the companies said in a statement Tuesday. Terms of the agreement weren’t disclosed.
Widespread use of tokens for purchases has been a goal that has long eluded the crypto industry, with most users focusing on speculation and merchants scared off by the price volatility of the digital assets. BitPay said it will provide greater protection from price swings since the funds will be settled promptly into the merchant’s bank account in traditional currency once a transaction is completed. BitPay already processes more than 60,000 transactions a month, more than half of them in Bitcoin, according to the company. By comparison, Visa handles an average of 150 million transactions a day. While the companies didn’t say which merchants will be included, some brands that Verifone works with already include American Eagle Outfitters, Macy’s, Williams Sonoma, Taco Bell and Whole Foods.
Read more of this story at Slashdot.
Source: Slashdot – Paying For Taco Bell With Dogecoin May Be Soon Be a Reality
Enlarge / The $83,500 BMW iX is the brand’s new technology flagship. It’s a battery electric SUV with a range of more than 300 miles. (credit: Jonathan Gitlin)
MUNICH—Regular readers of Ars will know that we make no bones about our love for the BMW i3. BMW’s third-generation electric car taught the automaker plenty about EV powertrains as well as more sustainable manufacturing. But the i3 has taught BMW all it could, and now the time has come to apply those lessons to more mainstream EVs. And nothing is more mainstream these days than an SUV, so BMW has developed an all-new one to showcase the company’s fifth-generation electric powertrain.
Enter the 2022 BMW iX.
Trickle-down might be a myth in economics, but the principle does work in the auto industry. Car makers develop new technology and launch it in their high-end vehicles first before economies of scale see such features show up in cheaper models. This is particularly true of the German luxury brands like BMW, which in the past used its 7 Series flagship sedan as its standard-bearer, introducing things like the first true infotainment system. But big sedan have fallen out of favor with the people who buy big luxury cars, and so the time has come for the flagship SUV instead.
Read 30 remaining paragraphs | Comments
Source: Ars Technica – Forget the looks, love the tech: The ,200 BMW iX electric SUV
It’s getting harder and harder for Google to pretend it’s not the anticompetitive bully we all know it to be. Case in point: as part of the company’s ongoing battle to fend off the largest antitrust fine ever imposed by the European Union, the company argued in an EU court on Tuesday that it’s… the most-searched-for…
Source: Gizmodo – Google Says It’s Bing’s Most Popular Search Term
Warhammer is an expensive hobby and has been for a very long time. Grabbing yourself a viable force of Games Workshop’s tabletop miniatures—whether it’s in Age of Sigmar’s fantasy or 40K’s far future flavors—can cost hundreds and hundreds of dollars, even before all the kit to build, paint, carry, and play with it.…
Source: Gizmodo – Watch a Rare Warhammer Model Become the Most Expensive in the World
Amazon’s new massively multiplayer online role-playing game New World opened its doors earlier today, reaching a peak of over 700,000 players. That said, not even Jeff Bezos’ piggy bank has kept the MMO’s grand debut from being plagued with the usual launch day woes, including ridiculous wait times to just play the…
Source: Kotaku – New World Players Face Massive Queues, Wait Times On Overloaded Servers
After roughly five years of work, the Lucid Air is finally close to reaching customers’ garages. Lucid Motors said it has started production of the luxury EV and expects to deliver the first Dream Edition models in late October. There will only be 520 Dream units (conveniently a match for the car’s 520-mile estimated range). However, Lucid won’t be hurting for early customers. Even if only some of the 13,000 reservation holders commit to a purchase, that’s a significant volume for an upscale car from a relatively new brand.
Those numbers might climb. The fledgling automaker plans a rapid expansion that will add about 65 acres (2.85 million square feet) to its Casa Grande, Arizona factory. It may need the extra output, too. Lucid plans to mass-produce its first SUV, the Gravity, in 2023, and electric SUVs have lately been in high demand.
The Air starts at $77,400. In addition to its potentially Tesla-beating range, it promises rare perks like Dolby Atmos audio, very quick charging (20 minutes for 300 miles) and a 34-inch cockpit display.
There’s no guarantee Lucid will succeed when competing against Tesla, Rivian and rapidly electrifying incumbent car brands. While its strategy is familiar to Tesla fans (its first truly large-scale EV was also a luxury sedan), Lucid is entering a much more established market with competitors that have ample resources and name recognition. With that said, just making it to production is notable feat. EV startups like Faraday Future and Lordstown Motors are still struggling to reach that point, giving Lucid a considerable lead over some of its key rivals.
Source: Engadget – Lucid will begin delivering its Air luxury EV in late October
Rideshare companies’ big pitch has always been about efficiency. Cities, the argument goes, would reap the benefits of fewer cars on the roads. Fewer greenhouse gas emissions and air pollution along with less congestion, the rare triple win.
Source: Gizmodo – Why Rideshares Suck, According to Science
Enlarge (credit: Getty Images | eccolo74)
Tesla has been sued by five Texas police officers who were injured when a Tesla Model X in Autopilot mode crashed into police vehicles that were stopped and had their flashing lights turned on. The officers also sued the owner of a restaurant accused of overserving alcohol to the X’s driver.
“On February 27, 2021, a Tesla Model X engaged in Autopilot and equipped with Tesla’s proprietary system of safety features, crashed into several police officers who were engaged in a traffic stop in a blocked-off lane of traffic on the Eastex Freeway in Texas. All were badly injured,” the lawsuit said. The officers include four Montgomery County constables and a Splendora police officer, according to a Houston Public Media article.
The lawsuit accuses Tesla of gross negligence for “failing to safely and properly design, market, and manufacture the Autopilot system” and, among other things, “failing to warn the public of the Autopilot system’s inability to detect emergency cars with flashing lights.” The plaintiffs are seeking “damages for the severe injuries and permanent disabilities they suffered as a result of the crash,” and they want to “force Tesla to publicly acknowledge and immediately correct the known defects inherent in its Autopilot and collision avoidance systems, particularly as those impact the ongoing safety of our nation’s first responders,” the lawsuit said.
Read 10 remaining paragraphs | Comments
Source: Ars Technica – Tesla on Autopilot slammed into police cars despite flashing lights, lawsuit says
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published today technical guidance on properly securing VPN servers used by organizations to allow employees remote access to internal networks. From a report: The NSA said it put together the nine-page guide [PDF] after “multiple nation-state advanced persistent threat (APT) actors” weaponized vulnerabilities in common VPN servers as a way to breach organizations. “Exploitation of these CVEs [vulnerabilities] can enable a malicious actor to steal credentials, remotely execute code, weaken encrypted traffic’s cryptography, hijack encrypted traffic sessions, and read sensitive data from the device,” the NSA said today in a press release announcing the guide’s publication. “If successful, these effects usually lead to further malicious access and could result in a large-scale compromise to the corporate network,” the agency added.
Read more of this story at Slashdot.
Source: Slashdot – NSA, CISA Publish Guide for Securing VPN Servers
