The soil beneath our feet is something we take for granted – but we are running out.www.bbc.com
The government will switch the operating system of its computers from Windows to Linux, the Ministry of the Interior and Safety said Thursday.The Interior Ministry said the ministry will be test-running Linux on its PCs, and if no security issues arise, Linux systems will be introduced more widely within the government. (Yonhap)The decision comes amid concerns about the cost of continuing to maintain Windows, as Micr...www.koreaherald.com
Metropolitan Police officers set up the camera on a van in Romford, East London, which then cross-checked photos of faces of passers-by against a database of wanted criminals.www.dailymail.co.uk
\* It’s easy to introduce bugs on uncommon code paths that would be much more obvious in a compiled language.
\* The performance of an interpreted language is almost always slower than a compiled language.
\* detect faces in an image using off-the-shelf tools
\* for each face
\* roughly locate the forehead/hair region
\* get the dominant color of the face and of the top of the head
\* compare the two colors
\* consider a bald subject to be one where the two colors are very close, i.e. the top of the head is the same color as the face (skin tone)
\* attempt to inpaint the region containing the bald individual
The Boombox Incident · Matt's programming blogmatthewbilyeu.com
The search engine has been fined for blocking rival online search advertisers.www.bbc.com
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
KDE Connect has been removed from @GooglePlay for violating their new policy on apps that access SMS [1]. The policy has an explicit exception for companion apps (like KDE Connect), but it was removed anyway and *there's no way to talk to Google*. 1/N
— Albert Vaca Cintora (@albertvaka) March 19, 2019
[1] https://t.co/WDXEqTUhHl
EU government websites have undisclosed adtech trackers from Google and others
Plus: UK health service sites contain commercial trackers
Article word count: 857
HN Discussion: https://news.ycombinator.com/item?id=19424041
Posted by snaky (karma: 3287)
Post stats: Points: 162 - Comments: 44 - 2019-03-18T19:03:20Z
\#HackerNews #adtech #and #from #google #government #have #others #trackers #undisclosed #websites
Article content:
All but three of the European Union member statesʼ government websites are littered with undisclosed adtech trackers from Google and other firms, with many piggy-backing on third-party scripts, according to an analysis of almost 200,000 webpages.
The [1]report (PDF), published today by Cookiebot in collaboration with civil rights association European Digital Rights (EDRi), scanned 184,683 EU government webpages on 11 and 12 March to assess the cookies on each.
It found that there were 112 companies slurping up information on EU citizensʼ browsing habits on the webpages of the governments supposedly fighting the good fight against excess stalking of netizens.
Adtech trackers were found on 25 of the 28 member statesʼ sites, with only Spain, Germany and the Netherlands clean of commercial cookies. There were 52 companies identified on Franceʼs government sites, 27 on Latviaʼs and 19 on Belgiumʼs. Twenty cookies were [2]identified on GOV.UK, of which 12 were marketing, and all belonged to one company – Google.
Indeed, the search giant is described as the "kingpin of tracking" within the report, present on 82 per cent of all the sites and accounting for three of the top five trackers: YouTube, DoubleClick and Google.
The report authors said this was of "special concern" because Google can cross-reference trackers with its first-party account details via its widely used consumer services such as Mail, Search and Android apps.
Separately, the work assessed public health service sites, again finding that cookies were widespread, with 52 per cent of those tested having commercial trackers.
And again, Google was right up there, making up two of the top five, with the others being Adobeʼs eversttech.net, AppNexusʼ adnxs.com and Mediamathʼs Mathtag.com.
For this assessment, the researchers chose six EU countries and carried out 15 health-related search queries – such as "How do I know if I have HIV?", "Signs of being an alcoholic" and "I want to terminate my pregnancy" – from IP addresses in each country to identify the relevant landing pages on each nationʼs health service.
In the UK, some 60 per cent of these landing pages had such ad trackers, less only than Irish sites, where trackers appeared on 73 per cent of landing pages. A single German website about maternity leave was monitored by 63 companies, while a French page about abortion was tracked by 21 firms.
The group said this could be used to "infer sensitive facts about [usersʼ] health condition and life situation" and be resold to target ads. "These citizens have no clear way to prevent this leakage, understand where their data is sent, or to correct or delete the data," it said.
The extent of tracking on these sites is even more alarming, the report argued, because they donʼt rely on ad revenue. In some cases, governments will want to use companiesʼ services, but in others the firms gained access to these non-commercial sites through "free" third-party JavaScript tech services, like share buttons or plugins.
"These scripts can act as Trojan horses, opening backdoors to the website code through which ad tech companies can silently insert their trackers," the report said.
It urged website owners to be more careful when including third-party components on their sites; to make sure they had a detailed overview of the current trackers; and to remove any unwanted ones from the source code.
Visitors should also be offered full transparency and control over trackers on the site – but it shouldnʼt just be up to users to lock down their browsing habits. Stronger regulations need to be in force, and adhered to.
"How can any organisation live up to its [European General Data Protection Regulation] GDPR and ePrivacy obligations if it does not control unauthorised tracking actors accessing their website?" asked Cookiebot founder Daniel Johannsen.
"Public sector bodies now have the opportunity to lead by example – at a minimum by shutting down any digital rights infringements that they are facilitating on their own websites."
Diego Naranjo at EDRi used the opportunity to lament the delay to the long-awaited [3]ePrivacy Regulation, which was initially meant to be enforced as the yin to the GDPRʼs yang, covering communications data rather than personal data.
However, it has been [4]stuck in discussions between member states for more than a year, and privacy activists fear it is being watered down as a result of lobbying from adtech industry and concerns among member states.
If it does lose ground, Naranjo warned, it will "open a Pandoraʼs box of more and more sharing, merging and reselling of personal data in huge online commercial surveillance networks, in which citizens are being unwittingly tracked and micro-targeted with commercial and political manipulation."
Their calls for progress echo those made by the European Data Protection Board last week. The group – made up of the blocʼs data protection watchdogs and EU data protection supervisor – issued a statement urging legislators to "intensify efforts" to adopt it.
"The future ePrivacy Regulation should under no circumstance lower the level of protection offered by the current ePrivacy Directive and should complement the GDPR by providing additional strong guarantees for all types of electronic communications," it [5]said. ®
Sponsored: [6]Becoming a Pragmatic Security Leader
References
Visible links
1. https://www.cookiebot.com/media/1121/cookiebot-report-2019-medium-size.pdf
2. https://www.dropbox.com/sh/uz5lrz5bqglracj/AAD9s8fzdpZem1KE-1KvNKqFa/UK?dl=0&subfolder_nav_tracking=1
3. https://www.theregister.co.uk/2017/12/11/european_parliament_eprivacy_rapporteur_birgit_sippel_interview/
4. https://www.theregister.co.uk/2019/01/02/2019_eprivacy_brexit/
5. https://edpb.europa.eu/news/news/2019/european-data-protection-board-eighth-plenary-session-interplay-eprivacy-directive_en
6. https://go.theregister.co.uk/tl/1818/-7142/becoming-a-pragmatic-security-leader?td=wptl1818
HackerNewsBot debug: Calculated post rank: 122 - Loop: 125 - Rank min: 100 - Author rank: 24Public disgrace: 82% of EU govt websites stalked by Google adtech cookies – report
Plus: UK health service sites contain commercial trackerswww.theregister.co.uk
Plus: UK health service sites contain commercial trackerswww.theregister.co.uk
Italy now requires children to prove they have been vaccinated before attending school.www.bbc.com
[4]
[IMG][5]Olga Khazan is a staff writer at The Atlantic.
Doctors’ bills play a role in 60 percent of personal-bankruptcy filings.www.theatlantic.com
A simple explanation of how they work and how to implement one from scratch in Python.victorzhou.com
People accused of social offences blocked from booking flights and train journeyswww.theguardian.com
\* Egg yolks 680
\* Egg whites 270
\* Liver 195 – 333
\* Toasted wheat germ 152
\* Meat/seafood 34 – 103
\* Nuts 29 – 72
\* Brussels sprouts/broccoli 40
\* Point #1. People with heart disease tend to have higher TMAO levels [Wang 2011].
\* Point #2. Vegans and vegetarians naturally have lower TMAO levels.
\* Point #3. Vegans and vegetarians produce less TMAO after consuming steak and L-carnitine than meat-eaters do.
\* Point #4. Vegans and vegetarians have different kinds of bacteria living in their colon than omnivores do, and this may explain why they produce less TMAO.
\* Point #5. L-carnitine supplements increase atherosclerosis in genetically-altered mice.
\* Point #6. TMAO interferes with “Reverse Cholesterol Transportt” (RCT) in genetically-altered mice, so it’s harder for their bodies to get rid of excess cholesterol.
\* Yes, L-carnitine supplements caused an increase in atherosclerosis in genetically altered mice. However, L-carnitine is not red meat. It is not even the form of carnitine found in red meat (acetyl-L-carnitine).
\* The dose of L-carnitine used in these mice was extremely high. According to [12]Chris Masterjohn, it was the equivalent of a human eating 1000 sirloin steaks.
\* For reasons I don’t understand, the mice used in these studies were genetically-altered so that they were missing a gene (apoE) required for normal cholesterol processing. These mice are popular with scientists who study heart disease because they are very good at developing atherosclerosis. It’s already a big stretch to apply information from mouse studies to human health, why widen the gap by using unnaturally defective mice? Absurd.
An open letter from New York State Budget Director Robert Mujica regarding Amazon.www.governor.ny.gov
Millions of smartphone users confess their most intimate secrets to apps, including personal health information. Unbeknown to most people, in many cases that data is being shared with someone else: Facebook.www.wsj.com
People who get into the water can carry in and spread germs. <a href="https://twitter.com/hashtag/SwimHealthy?src=hash">#SwimHealthy</a> <a href="http://t.co/wsCJw3zWB0">http://t.co/wsCJw3zWB0</a> <a href="http://t.co/4A2liL48Zm">pic.twitter.com/4A2liL48Zm</a>
—[3]@CDCgov
U.S. public health officials confirm that it's not chlorine giving red-eye to swimmers, as many believe — it's people who pee in the pool.www.cbc.ca
Growing a Compiler Getting to machine learning from a general purpose compiler CGO C4ML 2019 Keno Fischer and Jameson Nash With Tim Besard, James Bradbury, Valentin Churavy, Dhairya Gandhi, Mike Innes, Neethu Joy, Tejan Karmali, Matt Kelley, Avik Pal, Chris Rackauckas, Marco Rudilosso, Elliot Sab...docs.google.com
Not to put too fine a point on it, but what the frak is 'Oumuamua?www.syfy.com
A simple drug cocktail that converts cells neighboring damaged neurons into functional new neurons could potentially be used to treat stroke, Alzheimer's disease, and brain injuries.www.technologynetworks.com
Making My Own USB Keyboard From Scratch » Blake Smithblakesmith.me
Every device that you use, every company you do business with, every online account you create – they all collect data about you and analyze it to figure out minute details of your life.theconversation.com
\* choose a new programming language with better performance characteristics and rewrite the Dispatcher
\* identify biggest bottlenecks, rewrite those parts of the code and somehow integrate them in the current code
\* build an external service and provide an API to communicate with
\* build a native extension
\* it has high performance (comparable to C)
\* it is memory safe
\* it can be used to build dynamic libraries, which can be loaded into Ruby (using extern "C" interface)
\* write a dynamic library in Rust with extern "C" interface and call it using [2]FFI.
\* write a dynamic library, but use the Ruby API to register methods, so that you can call them from Ruby directly, just like any other Ruby code.
\* it has macros which look like writing Ruby in Rust, which was a bit more magical for us than we were comfortable with
\* the Coercion Protocol wasn’t well documented and it wasn’t clear how would you go about passing non-primitive Ruby objects into Helix methods
\* we were not sure about the safety - it looked like Helix didn’t call Ruby methods using [3]rb_protect, which could lead to undefined behavior
\* loading data
\* running computation, calculating assignments
\* saving/sending assignments
How we migrated our Tier 1 service from ruby to rust and didn’t break production.deliveroo.engineering
Russia may briefly disconnect from the internet as part of a test of its cyber-defences.www.bbc.com
\* RavenDB is a document database.
\* It is about a decade old.
\* The server is released under the AGPL / commercial license.
\* We offer free community / developer licenses without any AGPL hindrance.
\* The RavenDB client APIs are licensed under the MIT license.
\* RavenDB (the product) is created by Hibernating Rhinos (the company).
\* I already knew that I couldn’t sustain the project as a labor of love, and donations are not a sustainable way (or indeed, a way) to make money.
\* Sponsorship seemed like it would be unlikely unless I got one of my clients to start using RavenDB and then have them pay me to maintain it. That seemed… unethical, so wasn’t an option.
\* Services / consulting was something that I was already doing quite heavily, and was quite successful at it. But this is a labor intensive way of making money and it would compete directly with the time that it would take to build RavenDB itself.
\* Support is a model I really don’t like, because it put me in a conflict of interest. I take pride in what I do, and I wanted to make something that would be easy to use and not require support.
\* Open Core / N versions back – are models that I don’t like. The open core model often leaves out critical functionality (such as security) and the N versions back mean that you give the users you most want to have the best experience (since that would encourage them to give you money) the worst experience (here are all our bugs that we fixed but won’t give to you yet).
\* Itʼs not obvious that you canʼt add more sites until youʼve created a user account (command line only right now)
\* There are animations which occur on graphs and data every time you click on things (this will be able to be turned off soon)
\* The UI has a few elements which arenʼt very accessible (e.g. font size is small and it has grey-on-grey... it looks like they copied one bad feature from Google Analytics 🙄).
\* Date selection
\* Hourly or daily graph frequency
\* Basic metrics (unique visits, pageviews, avg. time on site, and bounce rate)
\* A list of top pages
\* A list of top referrers
\* The ability to track more than one site
\* The ability to add more than one user to access the UI
\* Browser / OS metrics (right now theyʼre not exposed in any way)
\* The ability to drill into referrer data (right now every siteʼs top referrer is "Google"... but you have no way of seeing the previous URL or search that led to the site)
\* The ability to see the graph in near-real time (though there is a nice continuously-updating "current visitors" metric)
It's not me, Google, it's you - from GA to Fathom | Jeff Geerlingwww.jeffgeerling.com
Where possible, use open standards and open source software first.
...
If a custom-built application is the appropriate option, by default any source code written by the government must be released in an open format via Government of Canada websites and services designated by the Treasury Board of Canada Secretariat.
All source code must be released under an appropriate open source software license.
Metropolitan Police had said people declining to be scanned would 'not necessarily be viewed as suspicious'www.independent.co.uk
Key fobs that suddenly won't unlock vehicles. Cars that won't start. Alarms that go off for no reason. Something mysterious is thwarting drivers outside a grocery store in the small Alberta town of Carstairs — and it's sparking all kinds of theories.www.cbc.ca
Google joins Facebook in Apple’s banning spreewww.theverge.com
Facebook’s internal iOS apps simply don’t launch anymore.www.theverge.com
Key iPhone assembler Hon Hai, also known as Foxconn Technology Group, is increasing its presence in Vietnam and Indiawww.bloombergquint.com
\* draft-ietf-httpbis-p1-messaging
\* draft-ietf-httpbis-p2-semantics
\* draft-ietf-httpbis-p4-conditional
\* draft-ietf-httpbis-p5-range
\* draft-ietf-httpbis-p6-cache
\* draft-ietf-httpbis-p7-auth
\* [71]RFC 7230 - Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
\* [72]RFC 7231 - Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
\* HTTP Semantics (draft-ietf-httpbis-semantics)
\* HTTP Caching (draft-ietf-httpbis-caching)
\* HTTP/1.1 Message Syntax and Routing (draft-ietf-httpbis-messaging)
Explore HTTP/3 from root to tip and discover the backstory of this new HTTP syntax that works on top of the IETF QUIC transport.blog.cloudflare.com
/e/'s source code repository Please browse contents below, including full OS source code, and instructions how to install and compile. Learn more at: https://e.foundation (main website) and https://community.e.foundation (community forums)gitlab.e.foundation
The two-phase commit protocol (2PC) has been used in enterprise software systems for over three decades . It has been an an incredibly impa...dbmsmusings.blogspot.com
Apple dismissed just over 200 employees from Project Titan, its autonomous vehicle initiative, according to people familiar with the group.www.cnbc.com