• 2 Posts
  • 48 Comments
Joined 1 year ago
Cake day: June 5th, 2023
  • ironsoap@lemmy.onetoTechnology@lemmy.worldHacking Millions of Modems (and Investigating Who Hacked My Modem)English
    25·
    26 days ago

    If this request worked, it meant that I could use an “encryptedValue” parameter in the API that didn’t have to have a matching account ID.

    I sent the request and saw the exact same HTTP response as above! This confirmed that we didn’t need any extra parameters, we could just query any hardware device arbitrarily by just knowing the MAC address (something that we could retrieve by querying a customer by name, fetching their account UUID, then fetching all of their connected devices via their UUID). We now had essentially a full kill chain.

    I formed the following HTTP request to update my own device MAC addresses SSID as a proof of concept to update my own hardware:

    Did it work? It had only given me a blank 200 OK response. I tried re-sending the HTTP request, but the request timed out. My network was offline. The update request must’ve reset my device.

    About 5 minutes later, my network rebooted. The SSID name had been updated to “Curry”. I could write and read from anyone’s device using this exploit.

    This demonstrated that the API calls to update the device configuration worked. This meant that an attacker could’ve accessed this API to overwrite configuration settings, access the router, and execute commands on the device. At this point, we had a similar set of permissions as the ISP tech support and could’ve used this access to exploit any of the millions of Cox devices that were accessible through these APIs.

    Blows me a away that an unauthenticated API with sensitive controls and data was publicly facing. Corporations these days want all your data but wonder why some customers are worry about how it is protected, it let alone if it’s being sold. Why should I allow you to control my hardware when you can’t protect yourself.

  • ironsoap@lemmy.onetoAsklemmy@lemmy.mlDoes Trump being found guilty actually matter?English
    1·
    30 days ago

    Trying to find independent analysis that I read, but can’t find it. This will likely have the most impact on swing voters in the 7 states, which are the most important voters in the US. Everyone else is much more likely to have already made their mind up. And remember about 50-66% of the registered voters in the US actually vote even in a presidential year, although the electoral college complicates the proportional representation of those voters.

    From Washington post article

    With 158 days until Election Day, he is fighting for a plurality of 30 million voters in seven battleground states — a far cry from the tens of thousands of Iowa party activists he courted a year ago. His advisers have long feared that a felony conviction could hurt Trump with independent voters, particularly skeptical suburban women. In places such as the Atlanta suburbs, those voters cost him the 2020 election.

  • ironsoap@lemmy.onetoLinux@lemmy.mlLinux is now an option for safety-minded software-defined vehicle developersEnglish
    3·
    2 months ago

    While I agree with the sentiment, I have accepted that the simple way to make “things” work now is to leverage the cheap computing that is ubiquitous. That headunit is likely now built on a SoC or some embedded OS and is easier and cheaper because of it.

    Functionally we need regulations and safeguards in place that maintain the accountability for making the choice to use and build an OS as a life safety device that also serves Bluetooth audio. If the cost of supporting it, or failing to properly develop it, then perhaps the choice to make it dumb will become more adopted. Other economic forces are more likely to play out, but it’s a possibility that we can reinforce by what we buy and signal.

  • ironsoap@lemmy.onetoWorld News@lemmy.worldPopulation tipping point could arrive by 2030: global fertility will drop below replacement level years earlier than expected.English
    16·
    3 months ago

    Two point one: That’s how many children everyone able to give birth must have to keep the human population from beginning to fall. Demographers have long expected the world will dip below this magic number—known as the replacement level—in the coming decades. A new study published last month in The Lancet, however, puts the tipping point startlingly near: as soon as 2030.

    It’s no surprise that fertility is dropping in many countries, which demographers attribute to factors such as higher education levels among people who give birth, rising incomes, and expanded access to contraceptives. The United States is at 1.6 instead of the requisite 2.1, for example, and China and Taiwan are hovering at about 1.2 and one, respectively. But other predictions have estimated more time before the human population reaches the critical juncture. The United Nations Population Division, in a 2022 report, put this tipping point at 2056, and earlier this year, the Wittgenstein Centre for Demography and Global Human Capital, a multidisciplinary research organization dedicated to studying population dynamics, forecasted 2040.

    Christopher Murray, co-author of the new study and director of the University of Washington’s Institute for Health Metrics and Evaluation (IHME), suspects his study’s forecast is conservative. “With each passing year … it’s becoming clearer that fertility is dropping faster than we expect,” he says. Because the 2030 figure is already a hastening of IHME’s previous estimate of 2034, “I would not be surprised at all if things unfold at an even faster rate,” he says.

    SIGN UP FOR THE SCIENCEADVISER NEWSLETTER The latest news, commentary, and research, free to your inbox daily A drop below replacement fertility does not mean global population will immediately fall. It will likely take about 30 additional years, or roughly how long it takes for a new generation to start to reproduce, for the global death rate to exceed the birth rate. Even then, because countries’ fertility may vary dramatically, global fertility rate is a “very abstract concept that doesn’t mean much,” says Patrick Gerland, chief of the Population Estimates and Projection Section of the U.N. Population Division. But he says the trend points to a world increasingly split between low-fertility countries, in which a diminishing number of young people support a burgeoning population of seniors; and high-fertility countries, largely poorer sub-Saharan African nations, where continued population growth could hamper development.

    Estimating when the world will reach the turning point is challenging. The new model from IHME is based on how many children each population “cohort”—people born in a specific year—will give birth to over their lifetime. It captures changes such as a move to childbirth later in life. But full cohort fertility data are thus far only available for generations of people older than 50, and so the IHME model builds projections within itself to try to capture trends as they are unfolding.

    A steady decline Global fertility has been dropping for several decades. Low-income countries in sub-Saharan Africa and high-income countries such as the United States and Japan are expected to dip below the level needed to sustain the human population in the coming decades. But a new model says the global fertility rate could drop below the replacement level as soon as 2030.

    D. AN-PHAM/SCIENCE In contrast, the U.N. and Wittgenstein models are based on each country’s total fertility rate, or the sum of age-specific fertility rates, typically for those between the ages of 15 and 49, which is considered reproductive age. As a result, temporary fluctuations in childbearing behaviors—say, people decades ago delaying giving birth to children so they could advance in their education and careers—can throw off their projections, and they can miss longer term changes in childbearing behaviors. These models may have been prone to undercounting fertility in the past, then finding a temporary rebound in fertility rate, and therefore predicting a longer time frame for world population decline.

    ADVERTISEMENT This is one reason that Wittgenstein is considering moving to a cohort model, says Anne Goujon, director of the Population and Just Societies Program at the International Institute for Applied Systems Analysis, one of the three institutions that form the Wittgenstein Centre.

    Other factors also contribute to the differences between the projections, including how the IHME model accounts for four variables that impact fertility, including access to contraceptives and higher education among those who give birth. (The other two models generally do not, although Wittgenstein considers education.)

    Regardless of when the turning point comes, “growing disparity in fertility levels could contribute to widening of [other] disparities,” says Alex Ezeh, a global health professor at Drexel University, who was not involved in the Lancet study. For middle- to high-income, low-fertility countries, falling below replacement level could mean labor shortages and pressure on health care systems, nationalized health insurance, and social security programs. Meanwhile, low-income countries that still have high fertility are at heightened risk of falling further behind on the world’s economic stage, Ezeh says. “They will not be able to make the necessary investments to improve health, well-being, and education” with too few resources to support a booming population.

    Although some experts, including Goujon, think there isn’t yet reason for alarm, others call for urgency. “This is going to be a very big challenge for much of the world,” Murray says. “There’s a tendency to dismiss this as sort of like, yeah, we’ll worry about it in the future. But I think it’s becoming more of an issue that has to be tackled sooner rather than later.”

  • ironsoap@lemmy.onetoApple@lemmy.worldApple faces five shareholder proposals, and doesn't like any of themEnglish
    19·
    4 months ago

    Five shareholder proposals With three management proposals, the shareholder proposals are numbered 4 to 8 inclusive.

    4: Employment protection for opinions differing from Apple policy This argues that Apple doesn’t promise not to discriminate against applicants and employees on the basis of “viewpoint” and “ideology.” The proposal expressed a concern that those with conservative views are disadvantaged.

    Apple responds by stating it has a commitment to “a culture where every great idea can be heard and where everyone belongs, including those with differing viewpoints and ideologies.” It says that the company’s existing policies and practices already address this concern.

    5: Report on the company’s removal of religious apps in China Another proposal demands a report into the company’s removal of religious apps from its Chinese app store, and threatened removal of the social network X.

    Apple says that it already offers transparency on this issue, and must comply with the laws of each of the jurisdictions in which it operates.

    6: Report on unadjusted pay gaps for women and minorities Apple currently reports on weighted pay gaps between men and women, and between minorities and non-minorities. This reporting adjusts for factors like time spent out of the workplace for things like childcare. The proposal calls on Apple to also report on unadjusted pay gaps, in order to make visible “structural bias” in pay differentials.

    The company responds that it believes its own reporting provides “more meaningful” data, and that Apple achieved gender pay equity globally by 2017, and full pay equity “at the intersections of gender and race and ethnicity” in the US by 2022.

    7: Prepare a transparency report on Apple’s use of AI The proposal asks that Apple disclose its use of AI, as well as any ethical guidelines it has adopted to govern such use.

    Apple asked the SEC for permission to exclude this proposal, on the basis that it would risk disclosing commercially-sensitive information about the company’s plans. The SEC denied this, and the company now asks shareholders to vote against it for the same reason.

    8: Report on human rights policies The proposal points to “inconsistent” application of Apple’s stated values when it comes to complying with legal demands in China to remove apps and adopt other policies, like introducing a timeout for AirDrop. It calls for the company to issue a report on this.

    Apple says that it already does so.

  • ironsoap@lemmy.onetoWorld News@lemmy.mlThe Red Sea Conflict Is Scrambling Shipping. Europe Is Bearing the Brunt.English
    1·
    5 months ago

    The Red Sea Conflict Is Scrambling Shipping. Europe Is Bearing the Brunt. Europe is again on the front line of the latest geopolitical tensions, a development that threatens to widen the economic gap between it and the U.S. By Paul Hannon and William Boston Jan. 18, 2024 11:00 pm ET

    Ships traveling through the Red Sea carry about 40% of the goods traded between Europe and Asia. PHOTO: LUKE DRAY/GETTY IMAGES For the second time in three years, a conflict in Europe’s unruly neighborhood is threatening to weaken an already struggling economy while a more robust U.S. is watching from a safer distance. This time, attacks by Houthi rebels in Yemen targeting cargo ships in the Red Sea have persuaded more carriers to opt for the safer but longer and more expensive journey around Africa via the Cape of Good Hope. Those detours are raising freight costs and leading retailers to worry about running out of stock. Some factories have suspended work in the absence of needed parts. Should the threat persist, economists think the decline inflation Europe enjoyed last year could slow down, pushing back a potential cut in key interest rates. “This is clearly one of the major downside risks to growth, and upside risks to inflation,” said Ana Boata, chief economist at insurer Allianz Trade. “We could talk about a recessionary risk.” Re-Route Shipping companies with vessels idling in or near the Suez Canal are considering taking a detour around Africa. The Cape of Good Hope route is considerably longer and burns more fuel, making it less popular than the Suez Canal option.

    Major world shipping routes Suez route Cape of Good Hope route Other Example: Singapore-Rotterdam, Netherlands Rotterdam Med. Sea Suez Canal Atlantic Ocean Singapore Indian Ocean Cape of Good Hope Distance Round-trip voyage Suez route 8,301 naut. miles 34 days 11,758 43 Cape route Sources: Jean-Paul Rodrigue, Hofstra University (global routes); Bimco (distance, voyage) The latest geopolitical flare-up could cement a growing asymmetry between Europe and the U.S. As a large energy producer, the U.S. has emerged arguably stronger from the crisis sparked by the Ukraine war. And while some of its imports transit via the Suez Canal, their share is comparatively small, and the Pacific offers an alternative route for cargo out of Asia. For now, the interruptions to supply chains are on a modest scale compared with the more widespread blockages seen in 2020 and 2021, and their economic impact is likely to be proportionately smaller. Businesses have also learned lessons from interruptions during the Covid-19 pandemic, and have larger inventories than they did then. IKEA boss Jesper Brodin said the Red Sea conflict has lengthened its shipping routes by about 10 days or longer though its customers aren’t affected. “The huge difference at the moment is that we have recuperated after the pandemic,” he said at the World Economic Forum in Davos, Switzerland. “So that means our stocks in our warehouse are in good shape.”

    Discount retailer Pepco said conflict in the Red Sea has had a limited effect on product availability, but could hurt supply in the coming months if it continues. The discount retailer—which houses Poundland in the U.K. and Dealz and Pepco in continental Europe—said Thursday that Houthi attacks on vessels were leading to higher spot freight rates and delays to container lead times. But coming in the wake of a global pandemic and the largest European war in eight decades, the escalation of the conflict that began with an attack on Israel by Hamas in early October is a reminder that the outlook for the global economy is increasingly shaped by developments beyond the reach of economic policymakers. Ships traveling through the Red Sea carry about 40% of the goods that are traded between Europe and Asia. The Houthis initially claimed to target Israeli ships or those bound for its ports but in practice, their attacks have been indiscriminate. That has prompted more operators to divert their traffic around the Cape of Good Hope.

    Jesper Brodin said the Red Sea conflict has lengthened IKEA’s shipping routes by about 10 days or longer. PHOTO: DENIS BALIBOUSE/REUTERS Last week, Tesla said delays in delivery of components caused by the rerouting of ships would force it to suspend production at its only large factory in Europe, the GigaBerlin plant outside Berlin. Volvo Cars, the Chinese-Swedish automaker, said gearboxes needed to build conventional combustion vehicles at a plant in Belgium were delayed, forcing the company to halt production for three days. Volkswagen, Europe’s largest carmaker by sales, said its plants hadn’t been affected, but that it continued to monitor the situation in close contact with its suppliers. VW said it was rerouting shipments, which was causing some delay. Oxford Economics estimates that a ship traveling at 16.5 knots from Taiwan to the Netherlands via the Red Sea and the Suez Canal takes about 25½ days to complete the journey. But this rises to about 34 days if the journey is diverted around the Cape. Extra traveling time reduces the annual capacity of each ship, and can have a knock-on effect on freight costs on other routes, including those between Asia and the U.S. According to the Freightos Baltic Index, the average cost of transporting goods in a container across the globe doubled between Dec. 22 and Jan. 12.
    Those times could lengthen even further if diverted ships have to wait to take on additional fuel to complete their unplanned journeys at overstretched African ports, of which South Africa’s Durban is the largest. “We haven’t seen tremendous congestion in Durban,” said Ami Daniel, CEO of shipping consulting firm Windward.

    Attacks by Houthi rebels in Yemen have disrupted global shipping. PHOTO: YAHYA ARHAB/SHUTTERSTOCK For Europe, the impact of the crisis would largely depend on the extent and duration of the disruption. Economists at Allianz Trade calculate that a doubling of freight costs sustained for more than three months could push the eurozone’s inflation rate up by three-quarters of a percentage point and reduce economic growth by almost a percentage point. With the eurozone’s economy already weakened, that could push it into contraction during 2024. Paolo Gentiloni, the European Union’s top economic official, told reporters on Monday that the situation in the Red Sea “should be monitored very closely” because it could cause energy prices and inflation to rebound. There are several reasons why the crisis’s impact on Europe’s economy might be less severe than previous episodes of surging freight costs. For one, businesses have been through a number of supply-chain disruptions over recent years and believe they are better prepared. “We are affected by the crisis,” said Matthias Zink, CEO of Schaeffler Automotive Technologies. “But it’s under control. Maybe the explanation is that we have a lot of experience now in this resilience or in the reaction to these crises.” Stellantis, the French-American-Italian maker of Fiat, Peugeot and Jeep, said it was compensating for delays in rerouted ships “by using some limited airfreight solutions,” adding that the delays had “almost no impact on manufacturing to date.” Patrick Lepperhoff, a consultant with Inverto, a unit of BCG, said past crises had made companies better prepared for sudden shocks. Many companies invested in IT to gain better visibility on their supply chains and got closer to their main suppliers, he added. In addition to greater preparedness, the economic environment is also different from during the pandemic—a global event affecting supply chains around the world. The current crisis is local, leaving suppliers with more alternatives and many businesses now hold bigger inventories than they did before the pandemic struck. In Europe, weak consumer demand has padded this cushion. “The Red Sea is not as dangerous to global trade as the events were a few years ago,” said Lepperhoff.