Mozilla will add a new security sandbox system to Firefox on Linux and Firefox on Mac. The new technology, named RLBox, works by separating third-party libraries from an app's native code. From a report: This process is called "sandboxing," and is a widely used technique that can prevent malicious code from escaping from within an app and executing at the OS level. RLBox is an innovative project because it takes sandboxing to the next level. Instead of isolating the app from the underlying operating system, RLBox separates an app's internal components -- namely its third-party libraries -- from the app's core engine. This technique prevents bugs and exploits found inside a third-party library from impacting another project that uses the same library.

Last month, 109 people gathered in a Singapore hotel for an international sales conference held by a U.K.-based company that makes products to analyze gas. When the attendees flew home, some unwittingly took the coronavirus with them [Editor's note: the link may be paywalled]. From a report: The virus had a 10-day head start on health authorities who, after belatedly learning a 41-year-old Malaysian participant was infected, began a desperate effort to track the infection through countries including South Korea, England and France. Health investigators have found at least 20 people in six Asian and European countries who were sickened, some who attended the conference and others who came in contact with participants. A globalized economy, one that's far more integrated than in the early 2000s when the SARS virus broke out, is complicating the task of responding to epidemics.

After this one conference alone, 94 participants left Singapore, authorities determined. Some joined Lunar New Year dinners. Others went on vacation, one to an Alpine ski town. They had eaten, taken car rides and shared a roof with others who then boarded more planes to places the virus hadn't yet reached. Health officials used international communications channels to share names of the potentially infected and relied on self-reporting by sickened conference-goers, creating "activity maps" that detailed their movement. They checked flight manifests and called passengers. French authorities closed down schools in sparsely populated towns. U.K. public-health officials isolated health-care workers who got the illness and searched for patients with whom they came in contact.

Disney-owned Hotstar, India's largest on-demand video streaming service with more than 300 million users, has blocked the newest episode of HBO's "Last Week Tonight with John Oliver" that was critical of Prime Minister Narendra Modi. From a report: The move has angered many of its customers ahead of Disney+'s launch in one of the world's largest entertainment markets next month. In the episode, aired hours before U.S. President Donald Trump's visit to India, Oliver talked about some of the questionable policies enforced by the ruling government in India and recent protests against "controversial figure" Modi's citizenship measures. The 19-minute news recap and commentary sourced its information from credible news outlets. The episode is available to stream in India through HBO's official channel on YouTube, where it has garnered more than 4 million views. Hotstar is the exclusive syndicating partner of HBO, Showtime and ABC in India.

Two programmer-musicians wrote every possible MIDI melody in existence to a hard drive, copyrighted the whole thing, and then released it all to the public in an attempt to stop musicians from getting sued. From a report: Programmer, musician, and copyright attorney Damien Riehl, along with fellow musician/programmer Noah Rubin, sought to stop copyright lawsuits that they believe stifle the creative freedom of artists. Often in copyright cases for song melodies, if the artist being sued for infringement could have possibly had access to the music they're accused of copying -- even if it was something they listened to once -- they can be accused of "subconsciously" infringing on the original content. One of the most notorious examples of this is Tom Petty's claim that Sam Smith's "Stay With Me" sounded too close to Petty's "I Won't Back Down." Smith eventually had to give Petty co-writing credits on his own chart-topping song, which entitled Petty to royalties.

Defending a case like that in court can cost millions of dollars in legal fees, and the outcome is never assured. Riehl and Rubin hope that by releasing the melodies publicly, they'll prevent a lot of these cases from standing a chance in court. In a recent talk about the project, Riehl explained that to get their melody database, they algorithmically determined every melody contained within a single octave. To determine the finite nature of melodies, Riehl and Rubin developed an algorithm that recorded every possible 8-note, 12-beat melody combo. This used the same basic tactic some hackers use to guess passwords: Churning through every possible combination of notes until none remained. Riehl says this algorithm works at a rate of 300,000 melodies per second. Once a work is committed to a tangible format, it's considered copyrighted. And in MIDI format, notes are just numbers.

The Japanese government on Tuesday urged companies to recommend telecommuting and staggered shifts for workers in a bid to curb the spread of the new coronavirus. From a report: The plan, approved at a cabinet meeting on Tuesday, also urged people with symptoms of cold or fever to stay at home and asked event organizers to carefully consider whether to proceed with their plans. Japan has 159 cases of infections from the flu-like coronavirus, apart from 691 on a cruise ship docked south of Tokyo. On Tuesday, broadcaster NHK reported a fourth death among passengers. Rather than trying to contain the disease outright, authorities are seeking to slow its expansion and minimize deaths. Telecommuting, or working online or from home, would reduce the infection risk from people gathered in one place.

Some people are early risers, wide awake at the crack of dawn. Others are night owls who can't seem to get to bed until well after midnight and prefer to sleep in. Why is this? An NIH-funded team has some new clues based on evidence showing how a molecular "switch" wired into the biological clocks of extreme early risers leads them to operate on a daily cycle of about 20 hours instead of a full 24-hour, or circadian (Latin for "about a day"), cycle. From a report: These new atomic-level details, shared from fruit flies to humans, may help to explain how more subtle clock variations predispose people to follow different sleep patterns. They also may lead to new treatments designed to reset the clock in people struggling with sleep disorders, jet lag, or night-shift work. This work, published recently in the journal eLIFE, comes from Carrie Partch, University of California, Santa Cruz, and her colleagues at Duke-NUS Medical School in Singapore and the University of California, San Diego. It builds on decades of research into biological clocks, which help to control sleeping and waking, rest and activity, fluid balance, body temperature, cardiac rate, oxygen consumption, and even the secretions of endocrine glands. These clocks, found in cells and tissues throughout the body, are composed of specialized sets of proteins. They interact in specific ways to regulate transcription of about 15 percent of the genome over a 24-hour period. All this interaction helps to align waking hours and other aspects of our physiology to the 24-hour passage of day and night. In the latest paper, Partch and her colleagues focused on two core clock components: an enzyme known as casein kinase 1 (CK1) and a protein called PERIOD. Clock-altering mutations in CK1 and PERIOD have been known for many years. In fact, CK1 was discovered in studies of golden hamsters more than 20 years ago after researchers noticed one hamster that routinely woke up much earlier than the others. It turns out that the timing of biological clocks is strongly influenced by the rise and fall of the PERIOD protein. This daily oscillation normally takes place over 24 hours, but that's where CK1 enters the picture. The enzyme adjusts PERIOD levels by chemically modifying the protein at one of two sites, thereby adjusting its stability. When one site is modified, it keeps the protein protected and stable. At the other site, it leaves it unprotected and degradable.

Two years ago, Amazon introduced the idea of high-tech, cashierless shopping with a store that was a cross between a 7-Eleven and a Pret A Manger sandwich shop. Now, Amazon is bringing the same concept to its full-size supermarket. On Tuesday, Amazon will open the doors to a 10,000-square-foot Amazon Go Grocery store in Seattle's Capitol Hill neighborhood, less than a mile from the tech giant's downtown Seattle headquarters. From a report: It'll be stocked with 5,000 different products -- from organic fruit to grass-fed beef -- and outfitted with cameras, sensors, and computer vision that eliminate the need for shoppers to fork over cash or plastic before walking out the door with their groceries. The new store, which is the first of its kind in the US, highlights Amazon's unsated appetite for gobbling up market share in the $900 billion US grocery industry, even after spending nearly $14 billion in 2017 to acquire Whole Foods and making same-day grocery delivery a free perk for Prime members last year. At the same time, the expansion of the cashierless store concept raises the question of when -- not if -- the technology will be ready for installation in Whole Foods stores, and what might happen to the chain's thousands of cashiers when it is.

Hackers have found a bug in PayPal's Google Pay integration and are now using it to carry out unauthorized transactions via PayPal accounts. From a report: Since last Friday, users have reported seeing mysterious transactions pop up in their PayPal history as originating from their Google Pay account. Issues have been reported on numerous platforms, such as PayPal's forums, Reddit, Twitter, and Google Pay's Russian and German support forums. Victims reported that hackers abused Google Pay accounts to buy products using linked PayPal accounts. According to screenshots and various testimonies, most of the illegal transactions are taking place at US stores, and especially at Target stores across New York. Most of the victims appear to be German users.

Mozilla will bring its new DNS-over-HTTPS security feature to all Firefox users in the U.S. by default in the coming weeks, the browser maker has confirmed. From a report: It follows a year-long effort to test the new security feature, which aims to make browsing the web more secure and private. Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site. These unencrypted DNS queries can also be used to snoop on which websites a user visits. DoH works at the app-level, and is baked into Firefox. The feature relies on sending DNS queries to third-party providers -- such as Cloudflare and NextDNS -- both of which will have their DoH offering baked into Firefox and will process DoH queries.

An anonymous reader quotes a report from The Register: Samsung has admitted that what it calls a "small number" of users could indeed read other people's personal data following last week's unexplained Find my Mobile notification. Several Register readers wrote in to tell us that, after last Thursday's mystery push notification, they found strangers' personal data displayed to them. Many readers, assuming Samsung had been hacked, logged into its website to change their passwords. Now the company has admitted that a data breach did occur.

Of potentially greater concern is the mystery 1/1 push notification from Find my Mobile, a baked-in app on stock Samsung Android distributions. Although the firm brushed off the worldwide notification as something to do with unspecified internal testing, many of those who wrote to El Reg said they had disabled the app. Stock apps cannot be uninstalled unless one effectively wipes the phone and installs a new operating system -- unlocking the bootloader and reformatting with a new third-party, customized ROM. Samsung did not answer our questions as to how a "disabled" app was able to receive and display push notifications. Nor did it say what other functions this "disabled" app was capable of executing. A spokeswoman told The Register: "A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed." She added: "We will be contacting those affected by the issue with further details."

The Transportation Security Administration told employees to stop posting to TIkTok on Sunday, after New York Senator Chuck Schumer raised security concerns about the China-owned app. The Verge reports: The TSA's announcement to ban employees from using TikTok came shortly after Sen. Chuck Schumer (D-NY) penned a letter to its administrator, David Pekoske, requesting that the agency halt its use. According to The Hill, TSA employees have used TikTok to create and post videos explaining some of the agency's boarding processes and rules. The Department of Homeland Security, which houses the TSA, banned the use of TikTok from government-issued devices last month. Schumer cited this policy in his letter on Saturday. In December, the US Army banned soldiers from using the app, too. "TSA has never published any content to Tik Tok nor has it ever directed viewers to Tik Tok," a TSA spokesperson told The Verge. "A small number of TSA employees have previously used Tik Tok on their personal devices to create videos for use in TSA's social media outreach, but that practice has since been discontinued."

The first results from NASA's quake-hunting InSight Mars lander just came out, and they reveal that Mars is a seismically active planet. Space.com reports: Martian seismicity falls between that of the moon and that of Earth, [says InSight principal investigator Bruce Banerdt, of NASA's Jet Propulsion Laboratory]. "In fact, it's probably close to the kind of seismic activity you would expect to find away from the [tectonic] plate boundaries on Earth and away from highly deformed areas," he said. InSight's observations will help scientists better understand how rocky planets such as Mars, Earth and Venus form and evolve, mission team members have said. The mission's initial science returns, which were published today (Feb. 21) in six papers in the journals Nature Geoscience and Nature Communications, show that InSight is on track to meet that long-term goal, Banerdt said.

The new studies cover the first 10 months of InSight's tenure on Mars, during which the lander detected 174 seismic events. These quakes came in two flavors. One hundred and fifty of them were shallow, small-magnitude tremors whose vibrations propagated through the Martian crust. The other 24 were a bit stronger and deeper, with origins at various locales in the mantle, InSight team members said. (But even those bigger quakes weren't that powerful; they landed in the magnitude 3 to 4 range. Here on Earth, quakes generally must be at least magnitude 5.5 to damage buildings.) That was the tremor tally through September 2019. InSight has been busy since then as well; its total quake count now stands at about 450, Banerdt said. And all of this shaking does indeed originate from Mars itself, he added; as far as the team can tell, none of the vibrations were caused by meteorites hitting the Red Planet. So, there's a lot going on beneath the planet's surface. What's interesting to note is that unlike Earth, where most quakes are caused by tectonic plates sliding around, Mars' quakes are caused by the long-term cooling of the planet since its formation 4.5 billion years ago. "As the planet cools, it contracts, and then the brittle outer layers then have to fracture in order to sort of maintain themselves on the surface," Banerdt said. "That's kind of the long-term source of stresses."

"A wealth of information can be gleaned from InSight's quake measurements," reports Space.com. "For example, analyses of how the seismic waves move through the Martian crust suggest there are small amounts of water mixed in with the rock, mission team members said." They can't say one way or the other whether there are large underground reservoirs of water at this point, but the research is convincing.

The new papers also mention a variety of other discoveries as well. "For example, InSight is the first mission ever to tote a magnetometer to the Martian surface, and that instrument detected a local magnetic field about 10 times stronger than would be expected based on orbital measurements," the report says. "InSight is also taking a wealth of weather data, measuring pressure many times per second and temperature once every few seconds. This information helps the mission team better understand environmental noise that could complicate interpretations of the seismic observations, but it also has considerable stand-alone value."

"As China ramps up efforts to control the narrative around the coronavirus outbreak, it is also expanding its efforts to leverage online platforms to track down people who dare to speak out," reports Vice. "From tracking down Twitter users using their mobile numbers to hacking WeChat accounts to find out someone's location, Beijing is eager to stop any negative news from being shared online -- and is will to use intimidation, arrests and threats of legal action." From the report: Joshua Left, a 28-year-old entrepreneur who runs a self-driving car startup in Wuhan, China, arrived in San Francisco in mid-January for a vacation, just as the first reports of a new "SARS-like" virus outbreak in China reached the U.S. He almost immediately began worrying about his family back in his hometown of Wuhan, where the disease appeared to originate, and where panic was starting to set in. Concerned that his family might not be getting information on the scale of the burgeoning epidemic, he posted messages on his WeChat account sharing information he was afraid were not available inside China. "But then things started to get weird," he told VICE News.

Left, who asked not to be identified by his full Chinese name, said he first received a warning message from WeChat administrators. Then he began receiving strangely specific messages that appeared to come from four of his friends on WeChat, all asking him for his location, what hotel he was staying at in San Francisco, what his room number was, and what his U.S. phone number was. Then his cell phone received a warning message that someone in Shanghai was trying to log into his account. Finally, when he wouldn't tell them where he was staying, the same accounts all simultaneously began urging him to return to China as soon as possible. Left told VICE News the he believes his friends only sent the messages after they were coerced by agents from the Ministry of State Security in an attempt to get him to reveal his location, and part of a much wider effort by the Chinese government to crack down on any dissenting voices who are sharing content related to the coronavirus outbreak. The report also mentions a separate incident where agents from the Ministry of State Security detained and interrogated a Chinese resident for criticizing the Chinese government's delayed response to the coronavirus outbreak on Twitter. After the resident refused to meet with the Ministry over the phone, the agents showed up at his front door with a screenshot of his tweet that they say "attacks the Communist Party of China."

The resident was forced to sign a "promise note" saying he would not repeat the "threat" he had made.

New submitter John Trumpian shares a report from Reuters: The U.S. Supreme Court on Monday refused to hear Apple's bid to avoid paying about $440 million in damages for using patent licensing firm VirnetX's internet security technology without permission in features such as FaceTime video calling. The justices rejected Apple's appeal in the long-running case in which a federal jury in 2016 found that Apple had infringed VirnetX's patents and awarded $302 million. A judge later increased that amount to $439.7 million including interest and other costs.

The case dates back to 2010 when Nevada-based VirnetX filed suit in federal court in the Eastern District of Texas accusing Cupertino, California-based Apple of infringing four patents for secure networks, known as virtual private networks, and secure communications links. VirnetX said Apple infringed with its FaceTime and VPN on Demand features in products such as the iPhone and iPad. The U.S. Court of Appeals for the Federal Circuit in Washington, which specializes in patent disputes, upheld the judgment against Apple last year.