Bipartisan Proposed Legislation To Curtail Secretive Email Seizure

“A bipartisan proposal in both the House and Senate would sharply limit the ability to seize emails without notice to the owner,” writes longtime Slashdot reader hawk. “It places a six-month limit on the length of gag orders in warrants.” The Hill reports: The Government Surveillance Transparency Act, sponsored by a bipartisan group of lawmakers from both chambers, puts limitations on gag orders that seek to block tech companies from altering users whose data has been seized. It targets a practice brought into the spotlight after journalists from CNN, The New York Times and The Washington Post all had their records seized by the Department of Justice (DOJ). The bill requires law enforcement agencies to notify surveillance subjects that their email, location and web browsing data has been seized, aligning with current practices for phone records and bank data.

“When the government obtains someone’s emails or other digital information, users have a right to know,” Sen. Ron Wyden (D-Ore.) said in a release. “Our bill ensures that no investigation will be compromised, but makes sure the government can’t hide surveillance forever by misusing sealing and gag orders to prevent the American people from understanding the enormous scale of government surveillance, as well as ensuring that the targets eventually learn their personal information has been searched.”

Read more of this story at Slashdot.

NASA Wants Another Moon Lander For Artemis Astronauts, Not Just SpaceX’s Starship

NASA plans to encourage the development of another commercial vehicle that can land its Artemis astronauts on the moon. Space.com reports: In April 2021, NASA picked SpaceX to build the first crewed lunar lander for the agency’s Artemis program, which is working to put astronauts on the moon in the mid-2020s and establish a sustainable human presence on and around Earth’s nearest neighbor by the end of the decade. But SpaceX apparently won’t have the moon-landing market cornered: NASA announced today (March 23) that it plans to support the development of a second privately built crewed lunar lander.

“This strategy expedites progress toward a long-term, sustaining lander capability as early as the 2026 or 2027 timeframe,” Lisa Watson-Morgan, program manager for the Human Landing System Program at NASA’s Marshall Space Flight Center in Alabama, said in a statement today. “We expect to have two companies safely carry astronauts in their landers to the surface of the moon under NASA’s guidance before we ask for services, which could result in multiple experienced providers in the market,” Watson-Morgan added. […] Congress is “committed to ensuring that we have more than one lander to choose [from] for future missions,” [NASA Administrator Bill Nelson] said during a news conference today, citing conversations he’s had with people on Capitol Hill over the past year. “We’re expecting to have both Congress support and that of the Biden administration,” Nelson said. “And we’re expecting to get this competition started in the fiscal year [20]23 budget.”

Exact funding amounts and other details should be coming next week when the White House releases its 2023 federal budget request, he added. “So what we’re doing today is a bit of a preview,” Nelson said. “I think you’ll find it’s an indication that there are good things to come for this agency and, if we’re right, good things to come for all of humanity.” NASA plans to release a draft request for proposals (RFP) for the second moon lander by the end of the month and a final RFP later this spring, agency officials said. If all goes according to plan, NASA will pick the builder of the new vehicle in early 2023. That craft will have the ability to dock with Gateway, the small moon-orbiting space station that NASA plans to build, and take people and scientific gear from there to the surface (and back). This newly announced competition will be open to all American companies except SpaceX. But Elon Musk’s company will have the opportunity to negotiate the terms of its existing contract to perform additional lunar development work, NASA officials said during today’s news conference.

Read more of this story at Slashdot.

Calgarians Detail Life With an Electricity Load Limiter

Limiters cap amount of electricity households can use, making many appliances unusable. From a report: Josie Gagne was stumbling in the dark, sobbing while on the phone with an Enmax customer assistant, as she tried to locate the tiny orange button under the utility meter that would restore heat inside. It was the shock that got her. The young single mother with two kids under two returned home one winter day last year to find a note on her door from Enmax. She’d fallen behind on bills; the home was now on a limiter, capping her electricity. The furnace was off and at that point, she had no idea what a limiter even was. “I’m freaking out. I’m crying, thinking ‘What am I going to do?'” she said. “It’s the middle of winter, it’s still cold outside. How am I going to feed my children when my oven doesn’t work?”

Rising utility bills have community advocates worried the number of Calgarians facing this scenario will increase, and many don’t know what a load limiter is. It’s often the first step before disconnection. Several Calgary residents flagged the issue while sharing their utility bill experiences with CBC Calgary through text messaging, and on Calgary Kindness, a mutual aid Facebook group. They’ve shared their personal stories with CBC journalists so others know what to expect. Contributors said they were scared their fridge would lose power and their groceries would rot. They relied on air fryers, barbecues or a hot plate to make it through. The extra fees — $52 for the notice, $52 to remove the limiter — only made it worse. Plus, the black mark on their files means they often can’t get a contract with more favourable fixed rates. When the device is installed, a stove or anything else requiring 240 volts of electricity won’t work.

Read more of this story at Slashdot.

Android’s Messages, Dialer Apps Quietly Sent Text, Call Info To Google

Google’s Messages and Dialer apps for Android devices have been collecting and sending data to Google without specific notice and consent, and without offering the opportunity to opt-out, potentially in violation of Europe’s data protection law. From a report: According to a research paper, “What Data Do The Google Dialer and Messages Apps On Android Send to Google?” [PDF], by Trinity College Dublin computer science professor Douglas Leith, Google Messages (for text messaging) and Google Dialer (for phone calls) have been sending data about user communications to the Google Play Services Clearcut logger service and to Google’s Firebase Analytics service.

“The data sent by Google Messages includes a hash of the message text, allowing linking of sender and receiver in a message exchange,” the paper says. “The data sent by Google Dialer includes the call time and duration, again allowing linking of the two handsets engaged in a phone call. Phone numbers are also sent to Google.” The timing and duration of other user interactions with these apps has also been transmitted to Google. And Google offers no way to opt-out of this data collection. […] Both pre-installed versions of these apps, the paper observes, lack app-specific privacy policies that explain what data gets collected — something Google requires from third-party developers. And when a request was made through Google Takeout for the Google Account data associated with the apps used for testing, the data Google provided did not include the telemetry data observed.

Read more of this story at Slashdot.

Browser-in-the-Browser Attack Can Trick Even Savvy Users

apoc.famine shares a report from Ars Technica: Hundreds of thousands of sites use the OAuth protocol to let visitors login using their existing accounts with companies like Google, Facebook, or Apple. Instead of having to create an account on the new site, visitors can use an account that they already have — and the magic of OAuth does the rest. The Browser-in-the-Browser (BitB) technique capitalizes on this scheme. Instead of opening a genuine second browser window that’s connected to the site facilitating the login or payment, BitB uses a series of HTML and cascading style sheets (CSS) tricks to convincingly spoof the second window. The URL that appears there can show a valid address, complete with a padlock and HTTPS prefix. The layout and behavior of the window appear identical to the real thing.

While the method is convincing, it has a few weaknesses that should give savvy visitors a foolproof way to detect that something is amiss. Genuine OAuth or payment windows are in fact separate browser instances that are distinct from the primary page. That means a user can resize them and move them anywhere on the monitor, including outside the primary window. BitB windows, by contrast, aren’t a separate browser instance at all. Instead, they’re images rendered by custom HTML and CSS and contained in the primary window. That means the fake pages can’t be resized, fully maximized or dragged outside the primary window. All users should protect their accounts with two-factor authentication. One other thing more experienced users can do is right click on the popup page and choose “inspect.” If the window is a BitB spawn, its URL will be hardcoded into the HTML.

Read more of this story at Slashdot.

Scientists Say They Can Read Nearly the Whole Genome of an IVF-Created Embryo

sciencehabit shares a report from Science.org: A California company says it can decipher almost all the DNA code of a days-old embryo created through in vitro fertilization (IVF) — a challenging feat because of the tiny volume of genetic material available for analysis. The advance depends on fully sequencing both parents’ DNA and “reconstructing” an embryo’s genome with the help of those data. And the company suggests it could make it possible to forecast risk for common diseases that develop decades down the line. Currently, such genetic risk prediction is being tested in adults, and sometimes offered clinically. The idea of applying it to IVF embryos has generated intense scientific and ethical controversy. But that hasn’t stopped the technology from galloping ahead.
Predicting a person’s chance of a specific illness by blending this genetic variability into what’s called a “polygenic risk score” remains under study in adults, in part because our understanding of how gene variants come together to drive or protect against disease remains a work in progress. In embryos it’s even harder to prove a risk score’s accuracy, researchers say. The new work on polygenic risk scores for IVF embryos is “exploratory research,” says Premal Shah, CEO of MyOme, the company reporting the results. Today in Nature Medicine, the MyOme team, led by company co-founders and scientists Matthew Rabinowitz and Akash Kumar, along with colleagues elsewhere, describe creating such scores by first sequencing the genomes of 10 pairs of parents who had already undergone IVF and had babies. The researchers then used data collected during the IVF process: The couples’ embryos, 110 in all, had undergone limited genetic testing at that time, a sort of spot sequencing of cells, called microarray measurements. Such analysis can test for an abnormal number of chromosomes, certain genetic diseases, and rearrangements of large chunks of DNA, and it has become an increasingly common part of IVF treatment in the United States. By combining these patchy embryo data with the more complete parental genome sequences, and applying statistical and population genomics techniques, the researchers could account for the gene shuffling that occurs during reproduction and calculate which chromosomes each parent had passed down to each embryo. In this way, they could predict much of that embryo’s DNA.

The researchers had a handy way to see whether their reconstruction was accurate: Check the couples’ babies. They collected cheek swab samples from the babies and sequenced their full genome, just as they’d done with the parents. They then compared that “true sequence” with the reconstructed genome for the embryo from which the child originated. The comparison revealed, essentially, a match: For a 3-day-old embryo, at least 96% of the reconstructed genome aligned with the inherited gene variants in the corresponding baby; for a 5-day-old embryo, it was at least 98%. (Because much of the human genome is the same across all people, the researchers focused on the DNA variability that made the parents, and their babies, unique.) Once they had reconstructed embryo genomes in hand, the researchers turned to published data from large genomic studies of adults with or without common chronic diseases and the polygenic risk score models that were derived from that information. Then, MyOme applied those models to the embryos, crunching polygenic risk scores for 12 diseases, including breast cancer, coronary artery disease, and type 2 diabetes. The team also experimented with combining the reconstructed embryo sequence of single genes, such as BRCA1 and BRCA2, that are known to dramatically raise risk of certain diseases, with an embryo’s polygenic risk scores for that condition — in this case, breast cancer.

Read more of this story at Slashdot.

Apple’s New Studio Display Has 64GB of Onboard Storage

New submitter Dru Nemeton shares a report from 9to5Mac: Apple’s new Studio Display officially hit the market on Friday, and we continue to learn new tidbits about what exactly’s inside the machine. While Apple touted that the Studio Display is powered by an A13 Bionic inside, we’ve since learned that the Studio Display also features 64GB of onboard storage, because who knows why… […] as first spotted by Khaos Tian on Twitter, the Studio Display also apparently features 64GB of onboard storage. Yes, 64GB: double the storage in the entry-level Apple TV 4K and the same amount of storage in the entry-level iPad Air 5. Also worth noting: the Apple TV 4K is powered by the A12 Bionic chip, so the Studio Display has it beat on that front as well. Apple hasnâ(TM)t offered any explanation for why the Studio Display features 64GB of onboard storage. It appears that less than 2GB of that storage is actually being used as of right now.

One unexciting possibility is that the A13 Bionic chip used inside the Studio Display is literally the exact same A13 Bionic chip that was first shipped in the iPhone 11. As you might remember, the iPhone 11 came with 64GB of storage in its entry-level configuration, meaning Apple likely produced millions of A13 Bionic chips with 64GB of onboard storage. What do you think? Will Apple ever tap into the A13 Bionic chip and 64GB storage inside the Studio Display for something more interesting?

Read more of this story at Slashdot.

Linux Random Number Generator Sees Major Improvements

An anonymous Slashdot reader summarizes some important news from the web page of Jason Donenfeld (creator of the open-source VPN protocol WireGuard):

The Linux kernel’s random number generator has seen its first set of major improvements in over a decade, improving everything from the cryptography to the interface used. Not only does it finally retire SHA-1 in favor of BLAKE2s [in Linux kernel 5.17], but it also at long last unites ‘/dev/random’ and ‘/dev/urandom’ [in the upcoming Linux kernel 5.18], finally ending years of Slashdot banter and debate:

The most significant outward-facing change is that /dev/random and /dev/urandom are now exactly the same thing, with no differences between them at all, thanks to their unification in random: block in /dev/urandom. This removes a significant age-old crypto footgun, already accomplished by other operating systems eons ago. […] The upshot is that every Internet message board disagreement on /dev/random versus /dev/urandom has now been resolved by making everybody simultaneously right! Now, for the first time, these are both the right choice to make, in addition to getrandom(0); they all return the same bytes with the same semantics. There are only right choices.

Phoronix adds:
One exciting change to also note is the getrandom() system call may be a hell of a lot faster with the new kernel. The getrandom() call for obtaining random bytes is yielding much faster performance with the latest code in development. Intel’s kernel test robot is seeing an 8450% improvement with the stress-ng getrandom() benchmark. Yes, an 8450% improvement.

Read more of this story at Slashdot.