Researchers aim to recreate intense emotional experience astronauts reported on seeing Earth from space for the first time. From a report: The spectacle of Earth suspended in space was so overwhelming for Edgar Mitchell that the Apollo 14 astronaut and sixth man on the moon wanted to grab politicians by the scruff of the neck and drag them into space to witness the view. Such drastic measures may not be necessary, however. Scientists are about to welcome the first participants on an unprecedented clinical trial that aims to reproduce the intense emotional experience, known as the "Overview effect," from the comfort of a health spa. If the trial goes well, what led Mitchell to develop "an instant global consciousness" and a profound connection to Earth and its people could be recreated with nothing more than a flotation tank, a half tonne of Epsom salts, and a waterproof virtual reality (VR) headset. "There's a lot of division and polarisation and disconnection between people," said Steven Pratscher, a psychologist and principal investigator on the trial at the University of Missouri. "We'd like to see if we can recreate the Overview effect on Earth to have an impact on those issues." Pratscher will recruit about 100 volunteers who are willing to don the VR headset and clamber into a dark, salt-laden flotation tank at the city's Clarity Float spa. The silence and buoyancy will mimic the sensation of floating in space, while the VR headset plays high-definition, 360 degree immersive video recorded by the Silicon Valley startup, SpaceVR.

A Google Brain and Imperial College London team have built a system -- Pre-training with Extracted Gap-sentences for Abstractive SUmmarization Sequence-to-sequence, or Pegasus -- that leverages Google's Transformers architecture combined with pretraining objectives tailored for abstractive text generation. From a report: They say it achieves state-of-the-art results in 12 summarization tasks spanning news, science, stories, instructions, emails, patents, and legislative bills, and that it shows "surprising" performance on low-resource summarization, surpassing previous top results on six data sets with only 1,000 examples. As the researchers point out, text summarization aims to generate accurate and concise summaries from input documents, in contrast to executive techniques. Rather than merely copy fragments from the input, abstractive summarization might produce novel words or cover principal information such that the output remains linguistically fluent.

Transformers are a type of neural architecture introduced in a paper by researchers at Google Brain, Google's AI research division. As do all deep neural networks, they contain functions (neurons) arranged in interconnected layers that transmit signals from input data and slowly adjust the synaptic strength (weights) of each connection -- that's how all AI models extract features and learn to make predictions. But Transformers uniquely have attention. Every output element is connected to every input element, and the weightings between them are calculated dynamically.

Long-time Slashdot reader UnderAttack writes: DNS over HTTPS has been hailed as part of a "poor mans VPN". Its use of HTTPS to send DNS queries makes it much more difficult to detect and block the use of the protocol.

But there are some kinks in the armor. Current clients, and most current DoH services, do not implement the optional passing option, which is necessary to obscure the length of the requested hostname. The length of the hostname can also be used to restrict which site a user may have access [to].

The Internet Storm Center is offering some data to show how this can be done.
Their article is by Johannes B. Ullrich, Ph.D. and Dean of Research at the SANS Technology Institute.

It notes that Firefox "seems to be the most solid DoH implementation. Firefox DoH queries look like any other Firefox HTTP2 connection except for the packet size I observed." And an open Firefox bug already notes that "With the availability of encrypted DNS transports in Firefox traffic analysis mitigations like padding are becoming relevant."

"We're at a turning point for driving surveillance," reports the Washington Post (in an article shared by long-time Slashdot reader davidwr ). "In the 2020 model year, most new cars sold in the United States will come with built-in Internet connections, including 100 percent of Fords, GMs and BMWs and all but one model Toyota and Volkswagen."

Often included for free (or sold as an add-on), these connections mean "Cars are becoming smartphones on wheels," collecting and sending data "pretty much wherever their makers want. Some brands even reserve the right to use the data to track you down if you don't pay your bills...." On a recent drive, a 2017 Chevrolet collected my precise location. It stored my phone's ID and the people I called. It judged my acceleration and braking style, beaming back reports to its maker General Motors over an always-on Internet connection... Modern vehicles don't just have one computer. There are multiple, interconnected brains that can generate up to 25 gigabytes of data per hour from sensors all over the car... Most hide what they're collecting and sharing behind privacy policies written in the kind of language only a lawyer's mother could love...

The Tesla Model 3 can collect video snippets from the car's many cameras. Coming next: face data, used to personalize the vehicle and track driver attention... Coming 5G cellular networks promise to link cars to the Internet with ultra-fast, ultra-high-capacity connections. As wireless connections get cheaper and data becomes more valuable, anything the car knows about you is fair game. GM's view, echoed by many other automakers, is that we gave them permission for all of this...

Five years ago, 20 automakers signed on to volunteer privacy standards, pledging to "provide customers with clear, meaningful information about the types of information collected and how it is used," as well as "ways for customers to manage their data." But when I called eight of the largest automakers, not even one offered a dashboard for customers to look at, download and control their data.... GM's privacy policy, which the company says it will update before the end of 2019, says it may "use anonymized information or share it with third parties for any legitimate business purpose." Such as whom? "The details of those third-party relationships are confidential," said GM spokesman David Caldwell.

There are more questions. GM's privacy policy says it will comply with legal data demands. How often does it share our data with the government? GM doesn't offer a transparency report like tech companies do....
GM said "much" of their data can't be linked to a specific person, though the Post adds that "there were clues to what more GM knows on its website and app. It offers a Smart Driver score -- a measure of good driving -- based on how hard you brake and turn, and how often you drive late at night."

Meanwhile, the Post also reports that OnStar's privacy policy lets them keep the data they collect "pretty much forever... At least smartphone apps like Google Maps let you turn off and delete location history."

Car and Driver noted that the Post's reporter even found photos of his phone's contacts, concluding "Your car is collecting and transmitting a lot more data than you think." In 2017, the U.S. Government Accountability Office looked at automakers and their data privacy policies and found that the 13 car companies it looked at are not exactly using best practices. For example, while the automakers say they obtain "explicit consumer consent before collecting data," the GAO says they "offered few options besides opting out of all connected vehicle services to consumers who did not want to share their data."

On Friday, Facebook and Twitter shut down a network of fake accounts that pushed pro-Trump messages all while "masquerading" as Americans with AI-generated faces as profile photos. The Verge reports: In a blog post, Facebook said that it connected the accounts to a US-based media company called The BL that, it claims, has ties to Epoch Media Group. In August, NBC News first reported that Epoch Media Group was pushing messages in support of President Donald Trump across social media platforms like Facebook and Twitter. Epoch has extensive connections to Falun Gong, an eccentric Chinese spiritual community that has faced significant persecution from the country's central government. In a statement provided to The Verge, the Epoch Times denied any connection to The BL.

Facebook noted that many of the fake accounts used in the latest campaign employed false profile photos that appeared to have been generated by artificial intelligence. Those accounts would post BL content in other Facebook groups while pretending to be Americans. Pro-Trump messages were often posted "at very high frequencies" and linked to off-platform sites belonging to the BL and The Epoch Times. The accounts and pages were managed by individuals in the US and Vietnam. Facebook said that it removed 610 accounts, 89 Facebook pages, 156 groups, and 72 Instagram accounts that were connected to the organization. Around 55 million accounts followed one of these Facebook pages and 92,000 followed at least one of the Instagram accounts. The organization spent nearly $9.5 million in advertisements, according to Facebook.

An anonymous reader quotes a report from ProPublica: Multiple state attorneys general, including Josh Stein of North Carolina, have opened investigations of TurboTax maker Intuit, following ProPublica's reporting that the company charged millions of Americans for tax filing services they were eligible to receive for free, according to people with knowledge of the investigations. As part of the investigations, Intuit has been subpoenaed for records. At least four states besides North Carolina are investigating, but the exact number is not clear.

The company has not specifically disclosed the state investigations to shareholders. Its recent quarterly financial report contains a broad statement that, "Beginning in May 2019, various legal proceedings were filed and certain regulatory inquiries were commenced in connection with the provision and marketing of our free online tax preparation programs." It continues: "We believe that the allegations contained within the legal proceedings are without merit. We intend to vigorously defend against the legal proceedings and cooperate in the investigations." Previous ProPublica reports described how Intuit routinely charged millions of Americans who were eligible to file their taxes for free, sometimes luring them in with deceptive marketing. They also found that Intuit had even hidden its free tax-filing program, offered through a partnership with the IRS, from search engines such as Google.

Because some internet websites unfairly block browsers from accessing their services, starting with Vivaldi 2.10, released today, the Vivaldi browser plans to disguise itself as Chrome to allow users to access websites that unfairly block them. From a report: Vivaldi will do this by modifying its default user-agent (UA) string to the UA string used by Chrome. A UA string is a piece of text that browsers send to websites when they initiate a connection. The UA String contains data about the browser type, rendering engine, and operating system. For example, a UA string for Firefox on Windows looks like this: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0. UA strings have been in use since the 90s. For decades, websites have used UA agent strings to fine-tune performance and features or block outdated browsers. However, many website owners these days use UA strings to block users from accessing their sites. Some do it because they're not willing to deal with browser-specific bugs, some do it because of pettiness, while big tech companies like Google and Microsoft have done it (and continue to do it) to sabotage competitors on the browser market.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission is giving $87.1 million in rural-broadband funding to satellite operator Viasat to help the company lower prices and raise data caps. The FCC's Connect America Fund generally pays ISPs to expand their networks into rural areas that lack decent home Internet access. Viasat's satellite service already provides coverage of 98 percent of the US population in 50 states, so it doesn't need government funding to expand its network the same way that wireline operators do. But Viasat will use the money to offer Internet service "at lower cost to consumers, while also permitting higher usage allowances, than it typically provides in areas where it is not receiving Connect America Fund support," the FCC said in its announcement yesterday.

Viasat's $87.1 million is to be used over the next 10 years "to offer service to more than 121,700 remote and rural homes and businesses in 17 states." Viasat must provide speeds of at least 25Mbps for downloads and 3Mbps for uploads. While the funding for Viasat could certainly improve access for some people, the project helps illustrate how dire the broadband shortage is in rural parts of many states. Viasat's service is generally a last-ditch option for people in areas where there's no fiber or cable and where DSL isn't good enough to provide a reasonably fast and stable connection. Viasat customers have to pay high prices for slow speeds and onerous data limits. A Viasat spokesperson wouldn't comment on what prices and data caps will be applied to the company's FCC-subsidized plans. Viasat said it will provide the required 25Mbps service "along with an evolving usage allowance, and at FCC-defined prices, to certain areas, where we will be subject to a new range of federal and state regulations."

An anonymous reader quotes a report from Los Angeles Times: Waters off the California coast are acidifying twice as fast as the global average, scientists found, threatening major fisheries and sounding the alarm that the ocean can absorb only so much more of the world's carbon emissions. A new study led by the National Oceanic and Atmospheric Administration also made an unexpected connection between acidification and a climate cycle known as the Pacific Decadal Oscillation -- the same shifting forces that other scientists say have a played a big role in the higher and faster rates of sea level rise hitting California in recent years. El Nino and La Nina cycles, researchers found, also add stress to these extreme changes in the ocean's chemistry.

This study, published Monday in the journal Nature Geoscience, came up with a creative way to confirm these greater rates of acidification. Researchers collected and analyzed a specific type of shell on the seafloor -- and used these data to reconstruct a 100-year history of acidification along the West Coast. The study analyzed almost 2,000 shells of a tiny animal called foraminifera. Every day, these shells -- about the size of a grain of sand -- rain down onto the seafloor and are eventually covered by sediment. Scientists took core samples from the Santa Barbara basin -- where the seafloor is relatively undisturbed by worms and bottom-feeding fish -- and used the pristine layers of sediment to create a vertical snapshot of the ocean's history. The more acidic the ocean, the more difficult it is for shellfish to build their shells. So using a microscope and other tools, the research team measured the changes in thickness of these shells and were able to estimate the ocean's acidity level during the years that the foraminifera were alive. Using these modern calibrations, the scientists concluded that the waters off the California coast had a 0.21 decline in pH over a 100-year period dating back to 1895 (the lower the pH, the greater the acidity, according to the logarithmic pH scale of 0 to 14). This is more than double the decline -- 0.1 pH -- that scientists estimate the ocean has experienced on average worldwide.

An anonymous reader quotes USA Today: Two programmers in Las Vegas recently admitted to running two of the largest illegal television and movie streaming services in the country, according to federal officials... An FBI investigation led officials to Darryl Polo, 36, and Luis Villarino, 40, who have pleaded guilty to copyright infringement charges for operating iStreamItAll, a subscription-based streaming site, and Jetflix, a large illegal TV streaming service, federal officials said Friday.

With roughly 118,000 TV episodes and 11,000 movies, iStreamItAll provided members with more content than Netflix, Amazon Prime, Hulu and Vudu, according to prosecutors. Polo urged members of iStreamItAll via email to cancel licensed services in favor of pirated content, according to his plea agreement. He also admitted to earning $1 million from his piracy operations, officials said. He also admitted to downloading the content from torrent websites. "Specifically, Polo used sophisticated computer programming to scour global pirate sites for new illegal content; to download, process, and store these works; and then make the shows and movies available on servers in Canada," officials said.

Slashdot reader alaskana98 writes: In the February 2001 issue of Maximum PC, technical editor Will Smith described in his column what he would like to see in the "perfect set-top box". At a time when arguably the best 'PVR' experience was being provided by the first iterations of the Tivo (with no HDTV or LAN connectivity), Will's description of what a set-top box could and should be comes eerily close to what we now know as the Apple TV and other 'set-top' boxes such as Roku and Amazon Firestick...

To be fair, not every feature on his list would come to pass. For example, he envisioned this device as essentially serving as the main "broadband router of a household, sharing your Internet connection with any networkable device in your house". Also, he envisions the media box as providing a "robust web experience" for the whole family, something that today's set-top boxes aren't especially good at (anyone remember WebTV?).

Still, in wanting an "elusive magical box" that "will set on top of our HDTV's and do everything our computers, game consoles, and VCRs do, only better", he was prescient in his descriptions of what would eventually materialize as the Apple TV and other like-minded set-top boxes, impressive for a denizen of the year 2001.
Are you impressed with Smith's predictive ability? Here's what he wrote...

• On networking: "My set-top box will have to have a high-speed broadband connection...sharing your Internet connection with any networkable device in your house via standard Ethernet, Wi-Fi compatible wireless Ethernet, Bluetooth".

• On gaming: "[W]ill include state-of-the-art 3D acceleration and gaming support" and "will include Bluetooth-style wireless connections for all your controllers".

• On media playback: "[W]ill also serve as a media store, handing the duties of both my high-def personal video recorder (HD-PVR) and digital audio jukebox".

• On device collaboration: "integrating the ability to automatically synchronize with Bluetooth-enabled" devices. [Though the original article says "PDAs"]

"Facebook will now use information about your Oculus activity, like which apps you use, to help provide [...] more relevant content, including ads" -- assuming you've connected your Oculus ID to your Facebook account. UploadVR reports: The company is updating its privacy policy and rolling out new social VR features backed by your "Facebook identity" with the intention of "clarifying how Oculus data is shared with Facebook to inform ads when you log into Facebook on Oculus." "These changes won't affect third-party apps and games, and they won't affect your on-device data," according to the company. For years now, buyers of Facebook VR headsets needed an Oculus ID to operate the system that could be optionally connected to your "Facebook identity" -- in other words, you could connect the two accounts. More recently, to access certain features like concerts in Venues, Facebook started requiring the use of the Facebook account. According to the company's terms, this account "must ... use the same name that you use in everyday life."

With this most recent change "If you choose not to log into Facebook on Oculus, we won't share data with Facebook to allow third parties to target advertisements to you based on your use of the Oculus Platform," according to Facebook. But denying that connection may also make it difficult to connect with others using virtual reality on Oculus systems. [...] Facebook suggests that for those who log into the account it will target "relevant content" based around "Oculus activity" including "which apps you use" with examples given including "Oculus Events you might like to attend or ads for VR apps available on the Oculus Store." The company says this "won't affect your on-device data" which, based on our previous reporting, Facebook says is the location where "3D maps of your environment" are kept. "We don't collect and store images or 3D maps of your environment on our servers today -- images are not stored anywhere, and 3D maps are stored locally on the headset [for Quest] and on your local PC, where you have access to delete it [for Rift S]," a Facebook representative originally wrote in an email. Facebook also says the changes "won't affect third-party apps and games" and "if you choose not to log into Facebook on Oculus, we won't share data with Facebook to allow third parties to target advertisements to you based on your use of the Oculus Platform."

An anonymous reader writes: Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams. They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

This security flaw "allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website," according to William J. Tolley, Beau Kujath, and Jedidiah R. Crandall, Breakpointing Bad researchers at University of New Mexico. "Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections," the researchers said.

If you just bought a smart TV on Black Friday or plan to buy one for Cyber Monday tomorrow, the FBI wants you to know a few things. From a report: Smart TVs are like regular television sets but with an internet connection. With the advent and growth of Netflix, Hulu and other streaming services, most saw internet-connected televisions as a cord-cutter's dream. But like anything that connects to the internet, it opens up smart TVs to security vulnerabilities and hackers. Not only that, many smart TVs come with a camera and a microphone. But as is the case with most other internet-connected devices, manufacturers often don't put security as a priority. That's the key takeaway from the FBI's Portland field office, which just ahead of some of the biggest shopping days of the year posted a warning on its website about the risks that smart TVs pose. "Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router," wrote the FBI. The FBI warned that hackers can take control of your unsecured smart TV and in worst cases, take control of the camera and microphone to watch and listen in.

An anonymous reader writes: The New York Times just profiled 15-year-old "businessman" Rowan Winch, who made up to $10,000 a month from his Instagram feed. ("He planned to purchase a Tesla next year, when he's eligible to get his driver's license.") Rowan started by re-selling goods he'd bought online, eventually creating an online storefront that acted as a middleman for third-party retailers, but it was his meme accounts that brought him online fame, and what he really wanted: clout. "Rack up enough while you're young, and doors everywhere begin to open," the Times notes. "College recruiters notice you. Job opportunities and internships come your way. Your social status among peers rises, money flows in. Even fame becomes a possibility, if that's what you're after...."

His Instagram account gave him a feeling of helping others on a daily basis. ("His mother said that when she would try to restrict Rowan's phone use, his followers would send DMs protesting her parenting decisions...") Then in July his account was shut down as part of Instagram's great meme page purge. "A lot of my friends think I've become depressed, and I think that's right," Rowan said. (His mother tells the Times "he's not in a healthy state.")

From the article:

His parents have tried to get him to engage with life offline. They've urged him to get an hourly job at the hot dog shop by their house, just for social connection. "Any extracurricular activity, sports or a physical job, not selling something on the internet," Ms. Winch said.

But he loves the internet. He created a Discord server called The Fallen with over 200 other teenagers whose meme accounts were also deactivated, mostly in two major waves over the last 12 months. He started a podcast. He still posts to his personal Instagram account, with 60,000 followers, and two other meme pages with 120,000 followers and 197,000 followers. But losing [his Instagram account] was like suddenly getting fired from a big job. Rowan's identity was so intertwined with the page, he's still trying to figure out who he is without it.

Lately, he's been thinking he might become a YouTuber...