Berlin Builds a Giant Thermos to Help Heat Homes This Winter

The Associated Press reports on a massive new 150-foot (45-meter) tower going up in Berlin — just to hold 56 million liters (14.8 million gallons) of hot water that “will help heat Berlin homes this winter even if Russian gas supplies dry up…”

“[T]he new facility unveiled Thursday at Vattenfall’s Reuter power station will hold water brought to almost boiling temperature using electricity from solar and wind power plants across Germany. During periods when renewable energy exceeds demand the facility effectively acts as a giant battery, though instead of storing electricity it stores heat…”

“It’s a huge thermos that helps us to store the heat when we don’t need it,” said Tanja Wielgoss, who heads the Sweden-based company’s heat unit in Germany. “And then we can release it when we need to use it…. Sometimes you have an abundance of electricity in the grids that you cannot use anymore, and then you need to turn off the wind turbines,” said Wielgoss. “Where we are standing we can take in this electricity.”

The 50-million-euro ($52 million) facility will have a thermal capacity of 200 Megawatts — enough to meet much of Berlin’s hot water needs during the summer and about 10% of what it requires in the winter. The vast, insulated tank can keep water hot for up to 13 hours, helping bridge short periods when there’s little wind or sun….

Berlin’s top climate official, Bettina Jarasch, said the faster such heat storage systems are built, the better. “Due to its geographic location the Berlin region is even more dependent on Russian fossil fuels than other parts of Germany,” she told The Associated Press. “That’s why we’re really in a hurry here.”
“While it will be Europe’s biggest heat storage facility when it’s completed at the end of this year, an even bigger one is already being planned in the Netherlands.”

Read more of this story at Slashdot.

As TikTok Promises US Servers, FCC Commissioner Remains Critical of Data Privacy

On Tuesday Brendan Carr, a commissioner on America’s Federal Communications Commission,warned on Twitter that TikTok, owned by China-based company ByteDance, “doesn’t just see its users dance videos:
It collects search and browsing histories, keystroke patterns, biometric identifiers, draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device’s clipboard. Tiktok’s pattern of misrepresentations coupled with its ownership by an entity beholden to the Chinese Community Party has resulted in U.S. military branches and national security agencies banning it from government devices…. The CCP has a track record longer than a CVS receipt of conducting business & industrial espionage as well as other actions contrary to U.S. national security, which is what makes it so troubling that personnel in Beijing are accessing this sensitive and personnel data.

Today CNN interviewed Carr, while also bringing viewers an update. TikTok’s China-based employees accessed data on U.S. TikTok users, BuzzFeed had reported — after which TikTok announced it intends to move backup data to servers in the U.S., allowing them to eventually delete U.S. data from their servers. But days later Republican Senator Blackburn was still arguing to Bloomberg that “Americans need to know if they are on TikTok, communist China has their information.”

And FCC commissioner Carr told CNN he remains suspicious too:
Carr: For years TikTok has been asked directly by U.S. lawmakers, ‘Is any information, any data, being accessed by personnel back in Beijing?’ And rather than being forthright and saying ‘Yes, and here’s the extent of it and here’s why we don’t think it’s a problem,’ they’ve repeatedly said ‘All U.S. user data is stored in the U.S.,” leaving people with the impression that there’s no access…. This recent bombshell reporting from BuzzFeed shows at least some of the extent to which massive amounts of data has allegedy been going back to Beijing.

And that’s a problem, and not just a national security problem. But to me it looks like a violation of the terms of the app store, and that’s why I wrote a letter to Google and Apple saying that they should remove TikTok and boot them out of the app store… I’ve left them until July 8th to give me a response, so we’ll see what they say. I look forward to hearing from them. But there’s precedence for this. Before when applications have taken data surreptitiously and put it in servers in China or otherwise been used for reasons other than servicing the application itself, they have booted them from the app store. And so I would hope that they would just apply the plain terms of their policy here.

When CNN points out the FCC doesn’t have jurisdiction over social media, Carr notes “speaking for myself as one member” they’ve developed “expertise in terms of understanding how the CCP can effectively take data and infiltrate U.S. communications’ networks. And he points out that the issue is also being raised by Congressional hearings and by Republican and Democrat Senators signing joint letters together, so “I’m just one piece of a broader federal effort that’s looking at the very serious risks that come from TikTok.”
Carr: At the end of the day, it functions as sophisticated surveillance tool that is harvesting vast amounts of data on U.S. users. And I think TikTok should answer point-blank, has any CCP member obtained non-public user data or viewed it. Not to answer with a dodge, and say they’ve never been asked for it or never received a request. Can they say no, no CCP member has ever seen non-public U.S. user data.
Carr’s appearance was followed by an appearance by TikTok’s VP and head of public policy for the Americas. But this afternoon Carr said on Twitter that TikTok’s response contradicted its own past statements:

Today, a TikTok exec said it was “simply false” for me to say that they collect faceprints, browsing history, & keystroke patterns.

Except, I was quoting directly from TikTok’s own disclosures.

TikTok’s concerning pattern of misrepresentations about U.S. user data continues.
toay

Read more of this story at Slashdot.

How Bug Bounty Platform HackerOne Handled Its Own ‘Internal Threat’ Actor

Bug bounty platform HackerOne has “a steadfast commitment to disclosing security incidents,” according to a new blog post, “because we believe that sharing security information far and wide is essential to building a safer internet.”

But now they’ve had an incident of their own:
On June 22nd, 2022, a customer asked us to investigate a suspicious vulnerability disclosure made outside of the HackerOne platform. The submitter of this off-platform disclosure reportedly used intimidating language in communication with our customer. Additionally, the submitter’s disclosure was similar to an existing disclosure previously submitted through HackerOne… Upon investigation by the HackerOne Security team, we discovered a then-employee had improperly accessed security reports for personal gain. The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties.

This is a clear violation of our values, our culture, our policies, and our employment contracts. In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data. We have since terminated the employee, and further bolstered our defenses to avoid similar situations in the future. Subject to our review with counsel, we will also decide whether criminal referral of this matter is appropriate.

The blog post includes a detailed timeline of HackerOne’s investigation. (They remotely locked the laptop, later taking possession of it for analysis, along with reviewing all data accessed “during the entirety of their two and a half months of employment” and notification of seven customers “known or suspected to be in contact with threat actor.”)

“We are confident the insider access is now contained,” the post concludes — outlining how they’ll respond and the lessons learned. “We are happy that our previous investments in logging enabled an expedient investigation and response…. To ensure we can proactively detect and prevent future threats, we are adding additional employees dedicated to insider threats that will bolster detection, alerting, and response for business operations that require human access to disclosure data….”

“We are allocating additional engineering resources to invest further in internal models designed to identify anomalous access to disclosure data and trigger proactive investigative responses…. We are planning additional simulations designed to continuously evaluate and improve our ability to effectively resist insider threats.”

Read more of this story at Slashdot.

Amazon Bars Off-Duty Warehouse Workers from Its Buildings

The Associated Press spoke to an Amazon warehouse worker in North Carolina who wants to unionize. “On our days off, we come to work and we engage our co-workers in the break rooms,” he said.

But now the Associated Press reports “Amazon is barring off-duty warehouse workers from the company’s facilities, a move organizers say can hamper union drives.”
Under the policy shared with workers on Amazon’s internal app, employees are barred from accessing buildings or other working areas on their scheduled days off, and before or after their shifts. An Amazon spokesperson said the policy does not prohibit off-duty employees from engaging their co-workers in “non-working areas” outside the company’s buildings.

“There’s nothing more important than the safety of our employees and the physical security of our buildings,” Amazon spokesperson Kelly Nantel said….

The notice of the new policy, dated Thursday, says the off-duty rule “will not be enforced discriminatorily” against employees seeking to unionize. But organizers say the policy itself will hinder their efforts to garner support from co-workers during campaigns.
The article notes Amazon told employees their move was instead motivated partly by a need to, in an emergency situation, know exactly which employees were still in the building.

Read more of this story at Slashdot.

How the Higgs Boson Particle Ruined Peter Higgs’s Life

93-year-old Peter Higgs was awarded a Nobel Prize nine years ago after the Large Hadron Collider experiments finally confirmed of the existence Higgs boson particles he’d predicted back in 1964. “This discovery was a seminal moment in human culture,” says physicist Frank Close, who’s written the new book Elusive: How Peter Higgs Solved the Mystery of Mass .

But Scientific American reports there’s more to the story:
For years, the significance of the prediction was lost on most scientists, including Higgs himself. But gradually it became clear that the Higgs boson was not just an exotic sideshow in the particle circus but rather the main event. The particle and its associated Higgs field turned out to be responsible for giving all other particles mass and, in turn, creating the structure of galaxies, stars and planets that define our universe and enable our species… Yet the finding, however scientifically thrilling, pushed a press-shy Peter Higgs into the public eye. When he shared the Nobel Prize in Physics the next year, Higgs left his home in Edinburgh and camped out at a pub across town on the day of the announcement so the prize committee wouldn’t be able to reach him.

Physicist Close shares more details in an interview with Scientific American:

Close: One of the biggest shocks I had when I was interviewing him was when he said the discovery of the boson “ruined [his] life.” I thought, “How can it ruin your life when you have done some beautiful mathematics, and then it turns out you had mysteriously touched on the pulse of nature, and everything you’ve believed in has been shown to be correct, and you’ve won a Nobel Prize? How can these things amount to ruin?” He said, “My relatively peaceful existence was ending. My style is to work in isolation and occasionally have a bright idea.” He is a very retiring person who was being thrust into the limelight.

That, to my mind, is why Peter Higgs the person is still elusive to me even though I’ve known him for 40 years…

Higgs had spent two to three years really trying to understand a particular problem. And because he had done that hard work and was still trying to deepen his understanding of this very profound concept, when a paper turned up on his desk posing a related question, Higgs happened to have the answer because of the work he’d done. He sometimes says, “I’m primarily known for three weeks of my life.” I say, “Yes, Peter, but you spent two years preparing for that moment.”

Q: The discovery of the Higgs boson came nearly 50 years after Higgs’s prediction, and he said he never expected it to be found in his lifetime. What did it mean to him that the particle was finally detected?

He said to me that his first reaction was one of relief that it was indeed confirmed. At that moment he knew [the particle existed] after all, and he felt a profound sense of being moved that that was really the way it was in nature — and then panic that his life was going to change.

Read more of this story at Slashdot.

Thunderbird 102 Released

slack_justyb writes: Thunderbird 102 has been released with some new UI improvements and new features. There has been a change in the icons, the layout of the address book has been upgraded to feature a more modern UI, and a new UI feature known as the spaces toolbar to get around Thunderbird. New features include an updated import and export wizard, a UI for editing the email header settings, and Matrix client support within Thunderbird, which is a messaging system using HTTPS that is similar to Discord if you’ve used that.

Finally, the Thunderbird Twitter account released the first screenshot of the new UI that is being targeted for the 114 release. For those wondering what the Thunderbird team has done and is doing, you can always head over to the planning section of the developer site. The roadmap are things they’re working on the current release and the backlog are the things they are working towards.

Read more of this story at Slashdot.

DOJ Files Charges Against Baller Ape Club ‘Rug Pull’

The Department of Justice this afternoon announced criminal charges against the creator of the Baller Ape Club NFT collection for orchestrating a so-called “rug pull.” From a report: The charges, announced alongside those in three other cryptocurrency fraud cases, mark the second time that federal prosecutors have gone after an NFT “rug-pull” scheme, in which an NFT project’s creators sell NFTs on false promises of community benefits and utility, only to abandon the project and make away with investors’ funds. Le Anh Traun, a Vietnamese national, is charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit international money laundering. Traun allegedly collected $2.6 million from Baller Ape NFT buyers, only to shortly thereafter delete the organization’s website and launder the funds. According to the Justice Department, he converted the ill-gotten gains into different cryptocurrencies and moved them across multiple blockchains, in a practice known as “chain-hopping.” If convicted, Traun could face up to 40 years in prison.

Read more of this story at Slashdot.

TikTok Confirms Some China-Based Employees Can Access US User Data

TikTok, the viral video-sharing app owned by China’s ByteDance, said certain employees outside the US can access information from American users, stoking further criticism from lawmakers who have raised alarms about the social network’s data-sharing practices. From a report: The company’s admission came in a letter to nine US senators who accused TikTok and its parent of monitoring US citizens and demanded answers on what’s becoming a familiar line of questioning for the company: Do China-based employees have access to US users’ data? What role do those employees play in shaping TikTok’s algorithm? Is any of that information shared with the Chinese government?

Currently, China-based employees who clear a number of internal security protocols can access certain information on TikTok’s US users, including public videos and comments, TikTok Chief Executive Officer Shou Zi Chew said in the June 30 letter obtained by Bloomberg News. None of that information is shared with the Chinese government, and it is subject to “robust cybersecurity controls,” he said. The social network said it’s working with the US government on strengthening data security around that information — particularly anything defined as “protected” by the Committee on Foreign Investment in the US, or CFIUS.

Read more of this story at Slashdot.

Robot Umpires Could Be Coming To MLB In 2024

Major League Baseball plans to introduce robot umpires in the 2024 season, MLB Commissioner Rob Manfred told ESPN this week. The Verge reports: He framed the change as a way to speed up games, but anyone who’s watched baseball the last few years will tell you that a machine would almost certainly call balls and strikes better than the humans do. There are two ways the “Automated Ball-Strike System,” which is the technical term for these robot umpires, might be implemented. One is the fully automated version, in which the AI-powered system calls every pitch a ball or a strike and relays the call to the umpire. Or the MLB could decide to use the AI as a review system, like VAR in soccer or the Hawk-Eye system used in professional tennis: each side gets a certain number of challenges, which are then adjudicated by the automated system.

Read more of this story at Slashdot.

Google Launches Advanced API Security To Protect APIs From Growing Threats

Google today announced a preview of Advanced API Security, a new product headed to Google Cloud that’s designed to detect security threats as they relate to APIs. TechCrunch reports: Built on Apigee, Google’s platform for API management, the company says that customers can request access starting today. Short for “application programming interface,” APIs are documented connections between computers or between computer programs. API usage is on the rise, with one survey finding that more than 61.6% of developers relied on APIs more in 2021 than in 2020. But they’re also increasingly becoming the target of attacks. According to a 2018 report commissioned by cybersecurity vendor Imperva, two-thirds of organizations are exposing unsecured APIs to the public and partners.

Advanced API Security specializes in two tasks: identifying API misconfigurations and detecting bots. The service regularly assesses managed APIs and provides recommended actions when it detects configuration issues, and it uses preconfigured rules to provide a way to identify malicious bots within API traffic. Each rule represents a different type of unusual traffic from a single IP address; if an API traffic pattern meets any of the rules, Advanced API Security reports it as a bot. […] With the launch of Advanced API Security, Google is evidently seeking to bolster its security offerings under Apigee, which it acquired in 2016 for over half a billion dollars. But the company is also responding to increased competition in the API security segment. “Misconfigured APIs are one of the leading reasons for API security incidents. While identifying and resolving API misconfigurations is a top priority for many organizations, the configuration management process is time consuming and requires considerable resources,” Vikas Ananda, head of product at Google Cloud, said in a blog post shared with TechCrunch ahead of the announcement. “Advanced API Security makes it easier for API teams to identify API proxies that do not conform to security standards… Additionally, Advanced API Security speeds up the process of identifying data breaches by identifying bots that successfully resulted in the HTTP 200 OK success status response code.”

Read more of this story at Slashdot.