sciencehabit writes: A mini-arms race is unfolding in the supposed field of quantum radar, spurred by press reports in 2016 that China had built one -- potentially threatening the ability of stealthy military aircraft to hide from conventional radars. Governments around the world have tasked physicists to look into the idea. Whereas a conventional radar searches for objects by detecting pulse of microwaves reflected from them, quantum radar would utilize pulses of microwaves linked by a quantum connection called entanglement. The system would retain one pulse and measure it in concert with the one reflected from the object. Correlations between the two would make it easier to spot an object through the glare of the surroundings. Or so researchers hoped. Groups have demonstrated elements of a quantum radar, but only in limited experiments that a nonquantum system can still match. And fundamental physical limits suggest the scheme can't beat ordinary radar for long-range detection. Even one of the inventors of the basic concept thinks it won't work when applied to radar.

"When the history of autonomous cars is written, the winner will be Tesla," speculates long-time technology pundit Robert Cringely. "Heck, I think they've already won."

But his article includes a disclaimer that it's "based pretty much on logic, not knowledge, which is to say I might again be too frigging stupid to read, much less write." Tesla has more than a million data-gathering devices on the roads. We call them cars. Tesla cars have no LIDAR but they have eight cameras and RADAR. Every night all those cars wirelessly report their driving data back to Tesla. I would love to know how Tesla decided what to put in those reports. Given the limited bandwidth LTE connection involved, it can't be a complete data dump. They have to pick and choose what to report. And what does Tesla do with the reports? I think it comes down to algorithms, mapping, and exceptions. They are logically trying to improve their algorithms, improve their maps, but mainly — after having already parsed billions of miles of driving data — they are looking for exceptional events that are testing their algorithms in ways never seen before...

Tesla has a dual processor system in their cars — two completely distinct computers. Why...? Because every night is an A-B test for Tesla — a test that is running on your car. One processor is driving the car (or following the driver's actions if Autopilot isn't being used, which is most of the time) with production software while the second processor is running beta software, simulating the drive, and noting discrepancies between the two software versions. Multiply this times a million cars per night. Whether Autopilot is used or not doesn't matter: the evolution of the software continues. And it's finished when the beta software stops improving and the outcome shows the only difference between human and Autopilot driving is that Autopilot does it better. Continue for another month or year or decade just to confirm your results, then announce that full autonomous mode is available. That is exactly where I believe Tesla has been heading for as long as those two-processor cars have been on the road.

Tesla's autonomous driving software could be ready right now for all we know. Elon certainly hints at this from time to time in his tweets. And THAT's why I believe Tesla has already won the autonomous driving war, because they have real cars facing real exceptions that you won't find in a simulation, and their dual processor system knows what it knows.

Yes, I reached out to Tesla about this last week. They still haven't replied.
Again, Cringely wants that this is "based pretty much on logic, not knowledge, which is to say I might again be too frigging stupid to read, much less write."

schwit1 shares a report from NewsNation Now: The Justice Department has charged five Chinese citizens with hacks targeting more than 100 companies and institutions in the United States and elsewhere, including social media and video game companies as well as universities and telecommunications providers, officials said Wednesday. The five defendants remain fugitives, but prosecutors say two Malaysian businessmen accused of conspiring with the alleged hackers to profit off the attacks on video game companies were arrested in that country this week and face extradition proceedings. The indictments announced Wednesday are part of a broader effort by the Trump administration to call out cybercrimes by China.

"A few years ago, a hacker managed to exploit vulnerabilities in Tesla's servers to gain access and control over the automaker's entire fleet," remembers Electrek (in a story shared by long-time Slashdot reader AmiMoJo).

Tesla enthusiast Jason Hughes had already received a $5,000 bug bounty for reporting a vulnerability, but "knowing that their network wasn't the most secure, to say the least, he decided to go hunting for more bug bounties." After some poking around, he managed to find a bunch of small vulnerabilities. The hacker told Electrek, "I realized a few of these things could be chained together, the official term is a bug chain, to gain more access to other things on their network. Eventually, I managed to access a sort of repository of server images on their network, one of which was 'Mothership'." Mothership is the name of Tesla's home server used to communicate with its customer fleet.

Any kind of remote commands or diagnostic information from the car to Tesla goes through "Mothership." After downloading and dissecting the data found in the repository, Hughes started using his car's VPN connection to poke at Mothership. He eventually landed on a developer network connection. That's when he found a bug in Mothership itself that enabled him to authenticate as if it was coming from any car in Tesla's fleet.

All he needed was a vehicle's VIN number, and he had access to all of those through Tesla's "tesladex" database thanks to his complete control of Mothership, and he could get information about any car in the fleet and even send commands to those cars.
Last week Hughes released an annotated version of the bug report he'd submitted to Tesla. "Hughes couldn't really send Tesla cars driving around everywhere..." reports Electrek, "but he could 'Summon' them..." Telsa gave him a special $50,000 bug report reward — several times higher than their usual maximum — and "used the information provided by Hughes to secure its network."

Electrek calls it "a good example of the importance of whitehat hackers."

An anonymous reader quotes a report from CNBC: Japan's SoftBank was reportedly the "Nasdaq whale," that bought billions of dollars in individual stock options in big tech companies over the past month, driving up volumes and contributing to a trading frenzy. Softbank declined comment on a Financial Times story that quoted unnamed sources who said it was buying equity derivatives on a massive scale. Rumors had circulated in the market that there were large players behind the frenzied activity in the options market for big tech and internet stocks, and SoftBank was one named mentioned in connection with extreme volumes in some out-of-the-money calls.

According to the Wall Street Journal, SoftBank had made regulatory filings showing it bought nearly $4 billion in shares of Amazon, Microsoft, and Netflix, plus a stake in Tesla. The paper quoted a source saying that SoftBank spent roughly $4 billion buying call options tied to its stock holdings, but also in other names. It then could profit from the run up in stocks and subsequently unload its position to other parties. SoftBank was trading in names that are among the key drivers of the stock market. Apple, Amazon , Microsoft, Facebook and Google equal about a quarter of the S&P 500, and they have been drivers of a big chunk of its gains. One options trader explained that those names can be proxies for the market, and can be hedged against the S&P 500 and vice versa. The options market activity was credited by analysts for adding froth to the stock market itself. Some of that is now reversing.

An anonymous reader quotes a report from Ars Technica: Google and Facebook have withdrawn plans to build an undersea cable between the United States and Hong Kong after the Trump administration raised national security concerns about the proposal. On Thursday, the companies submitted a revised plan that bypasses Hong Kong but includes links to Taiwan and the Philippines that were part of the original proposal. One of the original project's partners, Hong Kong company Pacific Light Data Communication, has been dropped.

Federal law requires a license from the Federal Communications Commission to build an undersea cable connecting the United States with a foreign country. When Google and Facebook submitted their application for an undersea cable connecting the US to Hong Kong, Taiwan, and the Philippines, a committee of federal agencies led by the Justice Department recommended against approving the connection to Hong Kong, citing the "current national security environment." The Trump administration cited "the [People's Republic of China] government's sustained efforts to acquire the sensitive personal data of millions of U.S. persons" as a reason to deny the application. The proposed cable's "high capacity and low latency would encourage U.S. communications traffic crossing the Pacific to detour through Hong Kong before reaching intended destinations in other parts of the Asia Pacific region," the government argued.

As 5G networks have continued to spread across the world, the biggest issue with ultra-fast millimeter wave (mmWave) towers has been their short transmission distance, which is generally measured in city blocks rather than miles. Today, Qualcomm announced a breakthrough in mmWave transmission range, successfully achieving a 5G data connection over a 3.8-kilometer (2.36-mile) distance -- over twice the range originally promised by its long-range QTM527 antenna system last year. VentureBeat reports: It's important to put today's news into perspective, as the record is specific to broadband modems rather than smartphones. Qualcomm is touting the achievement as evidence of mmWave's viability as a fixed wireless access solution, enabling carriers to offer fiber-speed 5G coverage in rural, suburban, and urban communities that might have had poor wired home broadband options in the past. The successful test was conducted in Regional Victoria, Australia, presumably with minimal physical interference between the sending and receiving devices. The test relied on two existing Qualcomm hardware solutions -- the Snapdragon X55 modem and QTM527 antenna -- inside a consumer premises equipment broadband modem, communicating with Ericsson's Air5121 and Baseband 6630 tower hardware, enhanced by extended-range software. No details were provided on speeds or other details of the connection, but Qualcomm characterized the successful range test as "the first step in utilizing mmWave for an extended-range 5G data transfer," hinting that there may have been compromises in speed or other areas. The company previously noted that carriers would be able to deliver up to 7Gbps download speeds if the QTM527 could access a full 800MHz of mmWave spectrum. Existing tower hardware has hit 4.3Gbps for a single device or 8.5Gbps for two devices.

TikTok, the video-sharing application owned by Chinese parent company ByteDance, filed a lawsuit against the U.S. government Monday, challenging the Trump administration's efforts to ban the company's American operations. From a report: TikTok explained its rationale for the lawsuit in a blog post on Monday, arguing the ban prevents the company from due process, as guaranteed by the Fifth Amendment. TikTok argued Trump's executive order, made earlier this month under the International Emergency Economic Powers Act, ignored the company's efforts to prove it doesn't share data with the Chinese government and isn't a national security threat. "We do not take suing the government lightly, however we feel we have no choice but to take action to protect our rights, and the rights of our community and employees," TikTok said in the blog post. "With the Executive Order threatening to bring a ban on our US operations -- eliminating the creation of 10,000 American jobs and irreparably harming the millions of Americans who turn to this app for entertainment, connection and legitimate livelihoods that are vital especially during the pandemic -- we simply have no choice."

An anonymous reader quotes a report from Forbes: The security research team at Comparitech today disclosed how an unsecured database left almost 235 million Instagram, TikTok and YouTube user profiles exposed online in what can only be described as a massive data leak. The data was spread across several datasets; the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram. The third-largest was a dataset of some 42 million TikTok users, followed by just under 4 million YouTube user profiles.

Comparitech says that, based on the samples it collected, one in five records contained either a telephone number or email address. Every record also included at least some, sometimes all, the following information: Profile name; Full real name; Profile photo; and Account description. Statistics about follower engagement, including: Number of followers; Engagement rate; Follower growth rate; Audience gender; Audience age; Audience location; Likes; Last post timestamp; Age; and Gender. "The information would probably be most valuable to spammers and cybercriminals running phishing campaigns," Paul Bischoff, Comparitech editor, says. "Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation," Bischoff adds. Indeed, Bischoff told me that it would be easy for a bot to use the database to post targeted spam comments on any Instagram profile matching criteria such as gender, age or number of followers. The data appeared to have originated from a company called Deep Social, which was banned by both Facebook and Instagram in 2018 after scraping user profile data. The company was wound down sometime after this.

The researchers reached out to Deep Social, which then forwarded the disclosure to a Hong Kong-registered social media influencer data-marketing company called Social Data. Social Data shut down the database about three hours after the researchers' initial email. "Social Data has denied any connection between itself and Deep Social," reports Forbes, citing Comparitech.

Amid a flurry of concern over reports that frozen chicken wings imported to China from Brazil had tested positive for the coronavirus, experts said on Thursday that the likelihood of catching the virus from food -- especially frozen, packaged food -- is exceedingly low. From a report: "This means somebody probably handled those chicken wings who might have had the virus," said Angela Rasmussen, a virologist at Columbia University. "But it doesn't mean, 'Oh my god, nobody buy any chicken wings because they're contaminated.'" Guidelines from the Centers for Disease Control and Prevention maintain that "there is no evidence to suggest that handling food or consuming food is associated with Covid-19." The main route the virus is known to take from person to person is through spray from sneezing, coughing, speaking or even breathing.

"I make no connection between this and any fear that this is the cause of any long-distance transmission events," said C. Brandon Ogbunu, a disease ecologist at Yale University. When the virus crosses international boundaries, it's almost certainly chauffeured by people, rather than the commercial products they ship. The chicken wings were screened on Wednesday in Shenzhen's Longgang district, where officials have been testing imports for the presence of coronavirus genetic material, or RNA. Several samples taken from the outer packaging of frozen seafood, some of which had been shipped in from Ecuador, recently tested positive for virus RNA in China's Anhui, Shaanxi and Shandong provinces as well. Laboratory procedures that search for RNA also form the basis of most of the coronavirus tests performed in people. But RNA is only a proxy for the presence of the virus, which can leave behind bits of its genetic material even after it has been destroyed, Dr. Ogbunu said. "This is just detecting the signature that the virus has been there at some point," he said.

The Democratic and Republican nominating conventions, long mainstays of the US presidential election cycle, have been forced online, creating the biggest test yet for conducting life remotely during the coronavirus. From a report: Robbed of the energy of convention halls, the parties will seek to re-create that enthusiasm in high-production streaming events that beam their luminaries from around the country to online audiences. The Democrats, whose convention begins on Monday after a roughly month-long delay, have lined up the party's most visible figures, including former President Barack Obama. The Republicans, who will make their case for four more years in the White House, grab the spotlight on Aug. 24. Done with savvy and pizzazz, the Democrats and Republicans could galvanize support for their candidates -- former Vice President Joe Biden and President Donald Trump, respectively -- despite the absence of cheering crowds, over-amplified rock music and blizzards of confetti. If technical glitches hobble the proceedings, the parties risk broadcasting a mammoth Zoom call derailed by freezes, connection mishaps and mute fails.

An anonymous reader quotes a report from The Intercept: Documents published in the BlueLeaks trove, which was hacked by someone claiming a connection to Anonymous and published by the transparency collective Distributed Denial of Secrets, show the information that TikTok shared with U.S. law enforcement in dozens of cases. Experts familiar with law enforcement requests say that what TikTok collects and hands over is not significantly more than what companies like Amazon, Facebook, or Google regularly provide, but that's because U.S. tech companies collect and hand over a lot of information. The documents also reveal that two representatives with bytedance.com email addresses registered on the website of the Northern California Regional Intelligence Center, a fusion center that covers the Silicon Valley area. And they show that the Federal Bureau of Investigation and Department of Homeland Security actively monitored TikTok for signs of unrest during the George Floyd protests.

The number of requests for subscriber information that TikTok says it receives from law enforcement is significantly lower than what U.S. tech giants reportedly field, likely because police are more accustomed to using data from U.S. companies and apps in investigations. TikTok enumerates its requests from law enforcement in a biannual transparency report, the most recent of which says that for the last half of 2019, the company received 100 requests covering 107 accounts. It handed over information in 82 percent of cases. Facebook, by contrast, says it received a whopping 51,121 requests over the same period, and handed over at least some data in 88 percent of cases. A 2018 document found in BlueLeaks titled "Law Enforcement Technology Investigations Resource Guide" gives police details on how to obtain records from Musical.ly, which was acquired by ByteDance and merged into TikTok that year. "In the releases shown in BlueLeaks, TikTok handed over multiple IP addresses, information about the devices used to register for accounts, cellphone numbers, and unique IDs tied to platforms including Instagram, Facebook, or Google if the user logged in using a social media account," the report adds.

"It is unclear whether these data releases were in response to warrants, subpoenas, or other requests, and the company would not give details, citing user privacy. The accounts for which TikTok handed over data in the BlueLeaks dump range from influencers with tens of thousands of followers to people who primarily post for friends."

China's Great Firewall "is now blocking HTTPS connections set up via the new TLS 1.3 encryption protocol and which use ESNI (Encrypted Server Name Indication)," reports ZDNet: The block has been in place for more than a week, according to a joint report authored by three organizations tracking Chinese censorship — iYouPort, the University of Maryland, and the Great Firewall Report. ZDNet also confirmed the report's findings with two additional sources — namely members of a U.S. telecommunications provider and an internet exchange point (IXP) — using instructions provided in a mailing list...

The reason for the ban is obvious for experts. HTTPS connections negotiated via TLS 1.3 and ESNI prevent third-party observers from detecting what website a user is attempting to access. This effectively blinds the Chinese government's Great Firewall surveillance tool from seeing what users are doing online.

There is a myth surrounding HTTPS connections that network observers (such as internet service providers) cannot see what users are doing. This is technically incorrect. While HTTPS connections are encrypted and prevent network observers from viewing/reading the contents of an HTTPS connection, there is a short period before HTTPS connections are established when third-parties can detect to what server the user is connecting. This is done by looking at the HTTPS connection's SNI (Server Name Indication) field.

In HTTPS connections negotiated via older versions of the TLS protocol (such as TLS 1.1 and TLS 1.2), the SNI field is visible in plaintext.

An anonymous reader quotes a report from ZDNet: The next generation of Amazon's Scout bots -- the fully-electric autonomous delivery devices the company is hoping to deploy soon -- is currently being designed and built by a team of mechanical engineers in Seattle, and not in the most orthodox of settings. Instead of working in sleek labs, Amazon's engineers have effectively resorted to re-arranging their homes and garages to accommodate the development of the sophisticated piece of technology the Scout bot is promising to be.

The cooler-sized bot is already deployed in a handful of US cities where it is being tested, albeit always accompanied by a human. And to make sure that Scout bots ever reach the next stage of development, Amazon's team had to work their way around the new restrictions suddenly imposed by the COVID-19 pandemic. Unfortunately, engineers need a lot more than a decent internet connection to be able to work remotely. In early March, therefore, Seattle-based Amazon mechanical engineer Jeff Gorges transformed his garage into an R&D lab of motors and wheels in anticipation of office closures. Since then, Gorges has been iterating the bot from his garage workbench, testing various new features by driving the device around his patio. The new Scout bot has now been assembled and debugged by Gorges, all from the comfort from his own home. Amazon's Canvas robotics team, which works on small autonomous carts that use spatial AI to move items through the company's fulfillment centers, moved their testing and manufacturing equipment from their office and lab space to several team members' homes.

"With the new tools set up in their apartment living rooms, hardware engineers were able to build and assemble the sub-components for the carts, and then to pass the prototypes onto an R&D technician's home, who set up test and safety systems from his garage," reports ZDNet. "The robots were then sent to a computer vision scientist who worked on calibrating the devices' cameras by reconstructing the carts' future surroundings in the fulfillment center in 3D. All in all, six robots circulated through seven team members home, with precautions taken to disinfect the devices on each transition."

Microsoft plans to make its Project xCloud streaming service for its Xbox Games Pass subscription service available to the public starting Sept. 15, following nearly a year of public testing. From a report: The company said the service, which allows people to play games over the internet in a similar way we stream Netflix movies today, will be included in its $14.99 per month Xbox Games Pass Ultimate service. That subscription, which launched last year, gives players access to more than 100 games on the Xbox and PC, as well as access to Microsoft's Xbox Live social network. Microsoft plans to offer the accompanying app for its service for tablets and phones powered by Google's Android software, using a Wi-Fi or cellular connection. The company also teased a partnership with Samsung, which will likely be announced at that tech giant's big Unpacked event on Aug. 5. The company declined to say when a version of its app will be made available for Apple iPhones and iPads powered by that company's iOS software. "It's our ambition to scale cloud gaming through Xbox Game Pass available on all devices," a Microsoft spokesman added.