IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Thursday, 22 February


To prevent data breaches, AWS offers S3 bucket permissions check to all users Help Net Security

Amazon Web Services (AWS) has announced that all customers can now freely check whether their S3 buckets are leaking stored data. Previously available only to Business and Enterprise support customers, [the S3 bucket permissions check] identifies S3 buckets that are publicly accessible due to ACLs or policies that allow read/write access for any user, the cloud computing giant noted. The check is available through AWS Trusted Advisor, an online tool that helps users inspect their More


Poor communication between CEOs and technical officers leads to misalignment Help Net Security

A misalignment between CEOs and technical officers is weakening enterprise cybersecurity postures, according to Centrify. CEOs are incorrectly focused on malware, creating misalignment within the C-suite, which results in undue risk exposure and prevents organizations from effectively stopping breaches. Technical officers (CIOs, CTOs and CISOs) on the front lines of cybersecurity point to identity breaches including privileged user identity attacks and default, stolen or weak passwords as the biggest threat, not malware. As More


Afraid of AI? We should be Help Net Security

Not (yet!) of a sentient digital entity that could turn rogue and cause the end of mankind, but the exploitation of artificial intelligence and machine learning for nefarious goals. What sorts of AI-powered attacks can we expect to see soon if adequate defenses are not developed? According to a group of 26 experts from various universities, civil society organizations, and think-tanks, the threat landscape can undergo dramatic changes in the next five to ten years. More


Clear Linux Is The Latest Distribution Figuring Out What To Do With Python 2 Phoronix

While Python 3 has been around now for a decade, most Linux distributions are still working towards moving away from Python 2 and that includes Intel's Clear Linux distribution...


Bigelow Aerospace Forms New Company to Manage Space Stations, Announces Gigantic Inflatable Module SoylentNews

Bigelow Aerospace has created a spinoff company that will manage its orbital space stations, and has announced plans for an inflatable module that would be even larger than the B330:

Bigelow Aerospace the Las Vegas-based company manufacturing space habitats is starting a spinoff venture aimed at managing any modules that the company deploys into space. Called Bigelow Space Operations (BSO), the new company will be responsible for selling Bigelow's habitats to customers, such as NASA, foreign countries, and other private companies. But first, BSO will try to figure out what kind of business exists exactly in lower Earth orbit, the area of space where the ISS currently resides.

Bigelow makes habitats designed to expand. The densely packed modules launch on a rocket and then inflate once in space, providing more overall volume for astronauts to roam around. The company already has one of its prototype habitats in orbit right now: the Bigelow Expandable Activity Module, or BEAM, which has been attached to the International Space Station since 2016. The BEAM has proven that Bigelow's expandable habitat technology not only works, but also holds up well against the space environment.

Now, Bigelow is focusing on its next space station design: the B330. The habitat is so named since it will have 330 cubic meters (or nearly 12,000 cubic feet) of interior volume when expanded in space. That's about one-third the volume provided by the ISS. Bigelow hopes to launch two B330s as early as 2021, on top of the United Launch Alliance's Atlas V rockets, and the company even has plans to put a B330 around the Moon. After that, Bigelow has bigger plans to create a single station with 2.4 times the entire pressurized volume of the ISS, the company announced today. Such a huge station will need to be constructed in an entirely new manufacturing facility that Bigelow plans to build though the company hasn't decided on a location yet.

Bigelow's BEAM is currently attached to the ISS and has a volume of about 16 cubic meters, which has been described as that of "a large closet with padded white walls". The B330 will have 330 cubic meters of pressurized volume. The newly proposed module is called the...


Whitepaper: What is GDPR and what does your organisation need to do to comply? Help Net Security

On May 25, the General Data Protection Regulation will bring sweeping changes to data security in the European Union. If your organisation collects personal data or behavioural information from anyone in an EU country, its subject to GDPR requirements. Wherever your team stands on its path to readiness, this whitepaper will help you better understand GDPR and your companys compliance obligations. Download the document for insights as you prepare, including the steps to put a More


New Quantum Crypto Scheme Looks Ahead to "Quantum Internet" IEEE Spectrum Recent Content full text

A new quantum key distribution method uses a quantum state with the potential to encode more than one bit per photon Image: iStock Photo

Chinese researchers have put forward a new quantum cryptography standard that could, if confirmed, substantially increase the speed of encrypted messages. The proposed new standard has been simulated on computers although not yet tested in the lab.

Quantum cryptography, the next-generation of secret messages whose secrecy is guaranteed by the laws of quantum mechanics, has been in the news recently. Last fall a group from the Chinese Academy of Sciences transmitted quantum cryptographically encoded communications (via satellite) to a ground station in Vienna, Austria.

The communications included quantum-encoded images and a 75-minute quantum-cryptographically secured videoconference, consisting of more than 2 gigabytes of data. IEEE Spectrum reported on the event at the time. And now, as of last month, the entire project has been detailed in the journal Physical Review Letters.

Media coverage of the event stressed its significance in moving toward a so-called quantum Internet. Yet the quantum internet would still be a distant dream when quantum cryptography can only mediate one or, at most, a few quantum-secured communications channels. To scale up to anything worthy of the name quantum Internet, quantum cryptography would need to generate not only thousands of cryptographic keys per second. Rather, a scalable quantum crypto system should aspire to key-generation rates closer to billions per second or greaterin the gigahertz (GHz) range and up, not kilohertz (kHz).

Theoretically we can get gigahertz levels of quantum key distribution, says Pei Zhang, professor of applied physics at Xian Jiaotong University in Xian, China.

Zhang and five other researchers from his university and Tsinghua University in Beijing have built a quantum crypto protocol on a different and potentially more capacious standard than what last falls video teleconference used. (To be fair, other GHz-speed quantum crypto protocols have recently been proposed as well.)

The teleconference, mediated by a dedicated quantum communications satellite China launched in August 2016, was secured by a kilohertz-speed quantum encoder that gener...


Protecting Code Integrity with PGP Part 2: Generating Your Master Key

Protecting Code Integrity with PGP Part 2: Generating Your Master Key


SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors Bugtraq

Posted by SEC Consult Vulnerability Lab on Feb 21

We have published an accompanying blog post to this technical advisory with
further information:

SEC Consult Vulnerability Lab Security Advisory < 20180221-0 >
title: Hijacking of arbitrary video baby monitors
product: miSafes Mi-Cam...


AMD Launches EPYC Embedded 3000 & Ryzen Embedded V1000 Series Phoronix

AMD is taking their Zen microarchitecture to the embedded space now with the announcement of the AMD Launches EPYC Embedded 3000 and Ryzen Embedded V1000 series...


Control Flow Integrity, a fun and innovative Javascript Evasion Technique Security Affairs

Javascript evasion technique Security Expert Marco Ramilli detailed a fun and innovative way to evade reverse-engineering techniques based on Javascript technology.

Understanding the real code behind a Malware is a great opportunity for Malware analysts, it would increase the chances to understand what the sample really does. Unfortunately it is not always possible figuring out the real code, sometimes the Malware analyst needs to use tools like disassemblers or debuggers in order to guess the real Malware actions. However when the Sample is implemented by interpreted code such as (but not limited to): Java, Javascript, VBS and .NET there are several ways to get a closed look to the code.
Unfortunately attackers know what the analysis techniques are and often they implement evasive actions in order to reduce the analyst understanding or to make the overall analysis harder and harder. An evasive technique could be implemented to detect if the code runs over a VM or it could be implemented in order to run the code only on given environments or it could be implemented to avoid debugging connectors or again to evade reverse-engineering operations such as de-obfuscations techniques. Today post is about that, Id like to focus my readers attention on a fun and innovative way to evade reverse-engineering techniques based on Javascript technology.
Javascript is getting day-by-day more important in term of attack vector, it is often used as a dropper stage and its implementation is widely influenced by many flavours and coding styles but as a bottom line, almost every Javascript Malware is obfuscated. The following image shows an example of obfuscated javascript payload (taken from one analysis of mine).


Example: Obfuscated Javascript


As a first step the Malware analyst would try to de-obfuscate such a code by getting into it. Starting from simple cut and paste to more powerful substitution scripts the analyst would try to rename functions and variables in order to split complexity and to make clear what code sections do. But in Javascript there is a nice way to get the callee function name which could be used...


OpenStreetMap May be in Serious Trouble SoylentNews

Serge Wroclawski, a long-time contributor to OpenStreetMap, has posted a criticism of the management choices he believes are preventing the OpenStreetMap Foundation from fulfilling its mission (much like the Wikimedia Foundation):

I feel the OpenStreetMap project is currently unable to fulfill that mission due to poor technical decisions, poor political decisions, and a general malaise in the project. I'm going to outline in this article what I think OpenStreetMap has gotten wrong. It's entirely possible that OSM will reform and address the impediments to its success- and I hope it does. We need a Free as in Freedom geographic dataset.

Original Submission

Read more of this story at SoylentNews.


A Look Into the Kubernetes Master Components

This blog post looks at the most important control plane components of a single Kubernetes master node etcd, the API server, the scheduler and the controller manager and explains how they work together. Although other components, such as DNS and the dashboard, come into play in a production environment, the focus here is on these specific four.

AT&T Puts Smart City IoT 'Edge' Computing On Direct Dial

Technology platforms in the post-millennial era are heavily characterized by their use of automation and optimization techniques. As we increasingly analyze our software in order to quantify and qualify what applications and data workloads work well in situation A, we can start to automate an element of other software deployments with managed optimized controls in situation B.


Even with cloud providers implementing defenses, glaring weaknesses remain Help Net Security

A new report from RedLock offers a look at the threats and vulnerabilities that continue to mount in public cloud computing environments. Account compromises keep rising Poor user and API access hygiene, combined with ineffective visibility and user activity monitoring, are causing organizations to be more vulnerable to breaches. For example, 73% of organizations allow the root user account to be used to perform activities behavior that goes against security best practices. Furthermore, 16% More

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Wednesday, 21 February


Andra Keay, Managing Director of Silicon Valley Robotics, joins our Robotics/AI Board. Lifeboat News

Andra Keay, Managing Director of Silicon Valley Robotics, joins our Robotics/AI Board.


F. Marek Modzelewski, General Manager at Treeline Interactive, joins our Business Board. Lifeboat News

F. Marek Modzelewski, General Manager at Treeline Interactive, joins our Business Board.


Learning The 555 From The Inside Hackaday

One way to understand how the 555 timer works and how to use it is by learning what the pins mean and what to connect to them. A far more enjoyable, and arguably a more useful way to learn is by looking at whats going on inside during each of its modes of operation. [Dejan Nedelkovski] has put together just such a video where he walks through how the 555 timer IC works from the inside.

We especially like how he immediately removes the fear factor by first showing a schematic with all the individual components but then grouping them into what they make up: two comparators, a voltage divider, a flip-flop, a discharge transistor, and an output stage. Having lifted the internals to a higher level, he then walks through examples, with external components attached, for each of the three operating modes: bistable, monostable and astable. If youre already familiar with the 555 then youll enjoy the trip down memory lane. If youre not familiar with it, then you soon will be. Check out his video below.

This isnt the only time weve toyed with the guts of this wonderful chip. A few years ago we were all delighted with this mega-sized discrete 555 kit and a little more recently, this teardown of the actual chip.


Leaning Tower of NASA SoylentNews

NASA's nearly billion-dollar mobile launcher tower for the Space Launch System (SLS) is leaning, and may be discarded after a single use:

[The "mobile launcher" component] supports the testing and servicing of the massive SLS rocket, as well as moving it to the launch pad and providing a platform from which it will launch.

According to a new report in, the expensive tower is "leaning" and "bending." For now, NASA says, the lean is not sufficient enough to require corrective action, but it is developing contingency plans in case the lean angle becomes steeper.

These defects raise concerns about the longevity of the launch tower and increase the likelihood that NASA will seek additional funding to build a second one. In fact, it is entirely possible that the launch tower may serve only for the maiden flight of the SLS rocket in 2020 and then be cast aside. This would represent a significant waste of resources by the space agency.

[...] [From] the tower's inception in 2009, NASA will have spent $912 million on the mobile launcher it may use for just a single launch of the SLS rocket. Moreover, the agency will have required eight years to modify a launch tower it built in two years.

The second mobile launcher, intended for larger versions of the SLS, will cost about $300 million (if not more).

Related: Maiden Flight of the Space Launch System Delayed to 2019
Trump Space Adviser: Mars "Too Ambitious" and SLS is a Strategic National Asset
NASA Opens Door to Possibly Lowering SLS Cost Using Blue Origin's Engines
After the Falcon Heavy Launch, Time to Defund the Space Launch System?

Original Submission

Read more of this story at SoylentNews.


Sharutils 4.15.2 Heap-Buffer-Overflow Bugtraq

Posted by nafiez on Feb 21

Unshar scans the input files (typically email messages) looking for the start of a shell archive. If no files are
given, then standard input is
processed instead. Shipped along with Sharutils.

Bug was found with AFL. Password: abc123

==11164==ERROR: AddressSanitizer: heap-buffer-overflow on address
0xb5901100 at pc 0x0804c695 bp 0xbfe86f28 sp 0xbfe86f18
READ of size 1 at...


Sharutils 4.15.2 Heap-Buffer-Overflow Bugtraq

Posted by nafiez on Feb 21

Unshar scans the input files (typically email messages) looking for the
start of a shell archive. If no files are given, then standard input is
processed instead. Shipped along with Sharutils.

Bug was found with AFL.

==11164==ERROR: AddressSanitizer: heap-buffer-overflow on address
0xb5901100 at pc 0x0804c695 bp 0xbfe86f28 sp 0xbfe86f18
READ of size 1 at 0xb5901100 thread T0...


Oliver Isaacs joins our New Money Systems Board. Oliver is Marketing Advisor for Cryptocurrency, Blockchain, and ICOs. Lifeboat News

Oliver Isaacs joins our New Money Systems Board. Oliver is Marketing Advisor for Cryptocurrency, Blockchain, and ICOs.


Will We Ever Be Able to Upload a Mind to a New Body? Lifeboat News: The Blog

The Netflix series takes place hundreds of years in the future, but references versions of technology that have been in development for years, like brain mapping, human and AI neural links, and mind uploading to computers. Millions of dollars has been bumped into technological ideas that promise, one day, our brains will be turned digital. That said, there are those who believe the human mind is too complex, and our consciousness too nuanced, to be recreated in a digital product. And none of that even goes into what would happen if someones digitized mind was placed into real human flesh.

Will we ever be able to upload our minds into other bodies? Furthermore, should we? And honestly, if we ever achieved such a feat, could we even call ourselves human anymore? On this weeks Giz Asks, we reached out to experts in neuroscience, philosophy and futurism.


Choosing a Tool to Track and Mitigate Open Source Security Vulnerabilities

To successfully deal with open source security, you need your developers (and DevOps teams) to operate the solution. Given the fast pace of modern development, boosted in part by the use of open source itself, an outnumbered security team will never be able to keep you secure. Therefore, the SCA solution you choose must be designed for developers to be successful with.


Intel GLSL On-Disk Shader Cache Enabled By Default Phoronix

For Mesa 18.0 is the initial Intel shader cache support for archiving compiled GLSL shaders on-disk to speed up the load times of subsequent game loads and other benefits. For the Mesa 18.0 release the functionality isn't enabled by default but it will be for Mesa 18.1...


Rumour: European Patent Office to Lay Off a Significant Proportion of Its Workforce Techrights

While Team Battistelli gives itself major bonuses

Just dont mention anything about luxury cars of top-level management or bars built secretly at the 10th floor (among other ludicrous spendings on media influence, Eurovision-type festivals, plenty of personal bodyguards and so on)

Summary: While the Administrative Council of the EPO praises Battistelli for his financial accomplishments (as laughable as it may seem) a lot of families stuck in a foreign country may soon see their breadwinner unemployed, according to rumours

THE EPO is in trouble/peril; insiders started to insinuate that something wrong and very major was brewing at the Office yesterday. Weve waited long enough and we now hear it from multiple sources. So here it goes.

According to rumours heard at the EPOs canteen, one source told us, the EPO seems to be planning dismissals of 700 to 1000 employees.

If they have as much money as they claim, why would the Office shrink this much?This does not surprise us. We wrote about layoffs just earlier this week and many imminent changes seem to be hinting at that. Battistelli is just planting the seeds of catastrophe, which no doubt already causes super-hard-working examiners to panic.

Now that we hear these things we cant help but recall some recent comments. One such comment said that the only bells to which the Administrative Council of the EPO usually reacts to are the cash register bells operated by Mr. Battistelli.

What cash register?

If they have as much money as they claim, why would the Office shrink this much? This is unprecedented; the Office grew over time rather than shrink.

Here is another interesting new comment:

If the Freie Whler stand up and file a pretty sensible and non-ideological resolution like this one, then I would not be surprised if it will actually be passed by...


MIPS Gets Spectre Variant Two Mitigation In LLVM Phoronix

Besides x86_64, we have seen Spectre mitigation work happen recently for ARM, POWER, and IBM s390, but no prominent MIPS activity to report until now...


Samsung unveils massive 30.72TB SSD, largest capacity SSD ever TechWorm

Samsung unveils worlds largest 30.72TB capacity SSD for enterprise storage systems

Samsung Electronics, the world leader in advanced memory technology, unveiled its largest 30.72 terabyte (TB) solid state drive (SSD) for use in in next-generation enterprise storage systems.

The 30.72TB SSD, dubbed the PM1643, is double the capacity of Samsungs current 15.36TB SSD that it unveiled in March 2016. Not intended for consumer use, the new SSD is designed to meet the growing storage needs in a host of market segments, including the government, health and education markets, and others.

With our launch of the 30.72TB SSD, we are once again shattering the enterprise storage capacity barrier, and in the process, opening up new horizons for ultra-high capacity storage systems worldwide, said Jaesoo Han, Executive Vice President, Memory Sales & Marketing Team at Samsung Electronics. Samsung will continue to move aggressively in meeting the shifting demand toward SSDs over 10TB and at the same time, accelerating adoption of our trail-blazing storage solutions in a new age of enterprise systems.

Samsung claims the product is the industrys largest solid state drive (SSD). To make the breakthrough possible, Samsung used its V-NAND technology and 64-layer 3-bit 512-gigabit (Gb) chips. It combined 16 stacked layers of 512GB V-NAND chips into 1TB into super-dense 1TB packages, of which 32 were then combined into each 2.5-inch SSD form factor. This allows around 5,700 (5GB, Full HD) movie files and countless files to be stored on a single drive.

The new PM1643 SSD is based on a 12Gbps Serial Attached SCSI (SAS) interface. The PM1643 sports random read and write speeds of up to 400,000 IOPS and 50,000 IOPS, and delivers sequential read and write speeds of up to 2,100MB/s and 1,700 MB/s, respectively. These are basically four times the random-read performance and three times the sequential-read performance of a typical 2.5-inch SATA SSD, Samsung said.

Samsung said it achieved the new capacity and performance improvements through several technology progressions in the design of its controller, DRAM packaging and associated software. These advancements include a highly efficient controller architecture that integrates nine controllers from the previous high-capacity SSD lineup into a single package, enabling a greater amount of space within the SSD to be used for storage. The PM1643 drive also applies Through Silicon Via (TSV) technology to interconnect 8Gb DDR4 chips, creating 10 4GB TSV DRAM packages, totaling 40GB of DRAM. This marks the first time that TSV-applied DRAM has been used in an SSD, Samsung added.

The new SSD comes with a five-year warranty, rated for one full...


Cryptocurrencies Could Drop To Near-Zero Any Time, Warns Ethereum Founder Vitalik Buterin TechWorm

Cryptocurrency not a sound long-term investment, cautions Ethereum Founder Vitalik Buterin

More and more people are looking to invest in cryptocurrency, as it is currently seen as one of the best investment opportunity in the market. For instance, Bitcoin the virtual currency also called as cryptocurrency started off at the price of $1,000 in January 2017 and has now crossed the $11,000 mark as of yesterday.

While investing in Bitcoin or any other cryptocurrency does sound promising, however, these markets are highly unpredictable because of its volatile nature.

In a tweet over last weekend, Vitalik Buterin, the founder of blockchain network Ethereum and its associated cryptocurrency (ether), warned investors that cryptocurrency could fall violently at any time, as cryptocurrencies are still a new and hyper-volatile asset class. He also warned people to think twice before throwing their entire life savings into virtual coins.

Bitcoin, Ethereum, Ripple, Litecoin and other cryptocurrencies could drop to near-zero at any time, Buterin said on Twitter. Dont put in more money than you can afford to lose, he added. If youre trying to figure out where to store your life savings, traditional assets are still your safest bet.

This is not the first time Buterin has warned cryptocurrency investors about its dangers. Back in December 2017, he warned investors about bubbles and volatility in the high-flying digital currency market. He also criticized some crypto players for displaying their newfound wealth, and said that they should instead be thinking about how to use the technology for achieving something meaningful for society.

The last 12 months has witnessed the value of Bitcoin rising from $1,000 to nearly $20,000, before falling below $6,000 in early 2018 and then again crossing the $11,000 mark yesterday. Similarly, one ether coin that was around $13 a year ago is now worth $950. However, the last couple of months has also seen a fluctuation in the value of ether coin, which has hit high of $1,400 as well a low of $580.


The post Cryptocurrencies Could Drop To Near-Zero Any Time...


Godot Working On Ramping Up Their VR Support Phoronix

With the recent release of Godot 3.0 there is an OpenVR module, but that's just the beginning of this open-source 3D game engine in supporting virtual reality...


Samsung Announces a 30.72 TB 2.5" SSD SoylentNews

Samsung has announced a 30.72 TB SSD. It uses 64-layer 512 Gb TLC NAND dies, with 16 of each stacked to make a 1 TB package. It has 40 GB of DDR4 DRAM cache, also using layered packages:

The PM1643 drive also applies Through Silicon Via (TSV) technology to interconnect 8Gb DDR4 chips, creating 10 4GB TSV DRAM packages, totaling 40GB of DRAM. This marks the first time that TSV-applied DRAM has been used in an SSD.

Complementing the SSD's hardware ingenuity is enhanced software that supports metadata protection as well as data retention and recovery from sudden power failures, and an error correction code (ECC) algorithm to ensure high reliability and minimal storage maintenance. Furthermore, the SSD provides a robust endurance level of one full drive write per day (DWPD), which translates into writing 30.72TB of data every day over the five-year warranty period without failure. The PM1643 also offers a mean time between failures (MTBF) of two million hours.

Samsung started manufacturing initial quantities of the 30.72TB SSDs in January and plans to expand the lineup later this year with 15.36TB, 7.68TB, 3.84TB, 1.92TB, 960GB and 800GB versions to further drive the growth of all-flash-arrays and accelerate the transition from hard disk drives (HDDs) to SSDs in the enterprise market.

Also at Ars Technica and The Verge.

Related: SK Hynix Plans 72-Layer 512 Gb NAND for Late 2017
SK Hynix Developing 96 and 128-Layer TLC 3D NAND
Western Digital Announces 96-Layer 3D NAND, Including Both TLC and QLC
Toshiba Develops 512 GB and 1 TB Flash Chips Using TSV
Expect 20-30% Cheaper NAND in Late 2018

Original Submission

Read more of this story at SoylentNews.


An Especially Tiny And Perfectly Formed FM Bug Hackaday

It used to be something of an electronic rite of passage, the construction of an FM bug. Many of us will have taken a single RF transistor and a tiny coil of stiff wire, and with the help of a few passive components made an oscillator somewhere in the FM broadcast band. Connect up a microphone and you were a broadcaster, a prankster, and probably set upon a course towards a life in electronics. Back in the day such a bug might have been made from components robbed from a piece of scrap consumer gear such as a TV or VCR, and perhaps constructed spider-web style on a bit of tinplate. It wouldnt have been stable and it certainly wouldnt have been legal in many countries but the sense of achievement was huge.

As you might expect with a few decades of technological advancement, the science of FM bugs has moved with the times. Though you can still buy the single transistor bugs as kits there is a whole range of fancy chips designed for MP3 players that provide stable miniature transmitters with useful features such as stereo encoders. Thats not to say there isnt scope for an updated simple bug too though, and here [James] delivers the goods with his tiny FM transmitter.

Gone is the transistor, and in its place is a MAX2606 voltage-controlled oscillator. The on-chip varicap and buffer provided by this device alleviate some of the stability issues suffered by the transistor circuits, and to improve performance further hes added an AP2210 low-dropout regulator to catch any power-related drift. If it were ours wed put in some kind of output network to use both sides of the differential output, but his single-ended solution at least offers simplicity. The whole is put on a board so tiny as to be dwarfed by a CR2032 cell, and we can see that a bug that size could provide hours of fun.

This may be a small and simple project, but it has found its way here for being an extremely well-executed one. Its by no means the first FM bug weve shown you here, just a few are this one using scavenged SMD cellphone parts, or this more traditional circuit built on a piece of stripboard.


Great Storms of Jupiter and Neptune Are Disappearing SoylentNews

The most famous atmospheric features of both Jupiter and Neptune may be gone soon:

When we think of storms on the other planets in our Solar System, we automatically think of Jupiter. Jupiter's Great Red Spot is a fixture in our Solar System, and has lasted 200 years or more. But the storms on Neptune are different: they're transient.

[...] "It looks like we're capturing the demise of this dark vortex, and it's different from what well-known studies led us to expect," said Michael H. Wong of the University of California at Berkeley, referring to work by Ray LeBeau (now at St. Louis University) and Tim Dowling's team at the University of Louisville. "Their dynamical simulations said that anticyclones under Neptune's wind shear would probably drift toward the equator. We thought that once the vortex got too close to the equator, it would break up and perhaps create a spectacular outburst of cloud activity."

Rather than going out in some kind of notable burst of activity, this storm is just fading away. And it's also not drifting toward the equator as expected, but is making its way toward the south pole. Again, the inevitable comparison is with Jupiter's Great Red Spot (GRS). The GRS is held in place by the prominent storm bands in Jupiter's atmosphere. And those bands move in alternating directions, constraining the movement of the GRS. Neptune doesn't have those bands, so it's thought that storms on Neptune would tend to drift to the equator, rather than toward the south pole.

Neptune's Great Dark Spot may not have the support of atmospheric storm bands, but Jupiter's Great Red Spot is also on the decline:

A ferocious storm has battered Jupiter for at least 188 years. From Earth, it is observed as red swirling clouds racing counter-clockwise in what is known as the planet's "Great Red Spot." But after shrinking for centuries, it may now be on the brink of disappearing for good.

"In truth, the GRS [Great Red Spot] has been shrinking for a long time," lead Juno mission team member and planetary scientist at NASA's Jet Propulsion Laboratory Glenn Orton told Business Insider in an email. "The GRS will in a decade or two become the GRC (Great Red Circle). Maybe sometime after that the GRM"the Great Red Memory.

Original Submission



Pirate Site Admin Sentenced to Two Years Prison & 83.6 Million Damages TorrentFreak

Way back in 2011, Streamiz was reported to be the second most popular pirate streaming site in France with around 250,000 visitors per day. The site didnt host its own content but linked to movies elsewhere.

This prominent status soon attracted the attention of various entertainment companies including the National Federation of Film Distributors (FNDF) which filed a complaint against the site back in 2009.

Investigators eventually traced the presumed operator of the site to a location in the Hauts-de-Seine region of France. In October 2011 he was arrested leaving his Montrouge home in the southern Parisian suburbs. His backpack reportedly contained socks stuffed with almost 30,000 euros in cash.

The man was ordered to appear before the investigating judge but did not attend. He also failed to appear during his sentencing this Monday, which may or may not have been a good thing, depending on ones perspective.

In his absence, the now 41-year-old was found guilty of copyright infringement offenses and handed one of the toughest sentences ever in a case of its type.

According to an AFP report, when the authorities can catch up with him the man must not only serve two years in prison but also pay a staggering 83.6 million euros in damages to Disney, 20th Century Fox, Warner Bros and SACEM, the Society of Authors, Composers and Music Publishers.

Streamiz is now closed but at its peak offered around 40,000 movies to millions of users per month. In total, the site stood accused of around 500,000,000 infringements, earning its operator an estimated 150,000 euros in advertising revenue over a two year period.

This is a clear case of commercial counterfeiting based on a very structured system, David El Sayegh, Secretary General of SACEM, told AFP. His sentence sends a very clear message: there will be no impunity for pirates, he added.

With an arrest warrant still outstanding, the former Streamiz admin is now on the run with very few options available to him. Certainly, the 83.6 million euro fine wont ever be paid but the prison sentence is something he might need to get behind him.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons



Thunderbird Spotted in Alaska? Terra Forming Terra

I am more impressed by just how rarely this creature is seen.  This publicity sprang just one other sighting covering at least a generation.  In fact all our sightings are low and easily identifiable.   My own sighting of a putative Marsh Hawk back in the day could more properly be described as a juvenile Thunder Bird.  The wing span was easily several feet as it glided and flapped low over our stubble field.  It was much bigger than a bald eagle which at the time i had never seen.

What i saw was way too big to be any known bird from the manuals.   The wingspan was easily that of a frigate bird but much wider and quite raptor like.  I saw this in Mid Western Ontario which is far distant from the sea but close by the Great Lakes.  Gulls were commonly seen there.

As i have posted in the past, these raptors easily hole up inside a full skirted evergreen providing an excellent view while fully camouflaged.  All real hunting would be at night.  We now have ample sightings to confirm the existence of this bird.  This one is typical.  Further away and size will be confused.


Thunderbird Spotted in Alaska?

February 06, 2018

The Alaskan city of Juneau is buzzing after a resident reported what can best be described as a 'thunderbird' soaring through the sky.

The weirdness began when the witness, named Tabitha, posted about her sighting to a Juneau community Facebook group.

According to her, as she was driving down the road a "huge black bird" appeared overhead and sported a wingspan which she estimated to be "at least 20 feet."

Despite living in the area her entire life, Tabitha insisted that his bird was unlike anything she had ever seen before and marveled that it was "almost the size of a small airplane."



Hydrogen for Surgery & ICU Terra Forming Terra

Now that we understand this it needs to be fully implemented.  This will facilitate resuscitation on a much larger scale than now seen.
We can get a heart attack victim to an ER in much less than an hour.  Saving him and avoiding serious damage has been spotty.  This can change that outcome significantly even to the point in perhaps most cases to full recovery.
Note that hypothermia and hydrogen combined jumped their numbers to 80%.  What this means is that we can properly flip the survival stats.  Saving a heart attack victim inevitably involves a person still in full productive mode as well so this could well mean preservging his or her productivity as well.
Hydrogen for Surgery & ICU

Published on January 29, 2018

Medical gas is critical to the function of hospitals and many other healthcare facilities. Medical gas systems in hospitals are, in a word, lifesaving. Piped in oxygen, nitrous oxide, nitrogen, carbon dioxide, and medical air to hospital areas such as patient rooms, recovery areas, operating rooms, and ICU departments is critical to the survival of patients and now hydrogen needs to be added to the list.

It is imperative that hospitals get on the program with hydrogen because it is a perfect and safe substance to put out the fires of oxidative stress. Evidence of massive oxidative stress is well established in adult critical illnesses characterized by tissue ischemiareperfusion injury and by an intense systemic inflammatory response such as during sepsis and acute respiratory distress syndrome. Oxidative stress exacerbates organ injury and thus overall clinical outcome.[1] Oxygen-derived free radicals play an important role in the development of disease in critically ill patients.

Critically ill patients suffer from oxidative stress caused by reactive oxygen species (ROS) a...


Let Us Eradicate Poverty, Not Demolish Wealth Terra Forming Terra

If you are reading this, you are surely part of the choir.  The only reason that the economic fools have any political leverage whatsoever is that it is inevitable that our population will have three tiers.
The first tier are those doing just fine.  Whatever it took, they planned for and received a full middle class life.  Perhaps a handful got rich and famous but the rest have theirs as well.
The second tier are really doing well enough but still have a ways to go and are engaged in doing just that.  None of this is truly inherited, although that can certainly help.  Something had to be done to maintain status.  After all the fastest way to lose a great fortune is to hand it over to a natural loser and those are born into every family.
What i am saying loudly is that the majority of our civilization is able to do fine on average over an entire lifespan.
Then we address the lower third.  I make this expansive because this is where economic reform will revolutionize our whole civilization.  Helping this sector to become efficient and thriving will super charge the top two tiers.  In fact the only proper task of all governance needs to be the strengthening this lower third.  And it is not particularly done by cash transfers, but by providing ample locally managed credit along with empowering the natural community itself.  Do this along with applying the rule of twelve for local governance and we estabilsh a dynamic thriving base for the whole economy that grows without significant external inputs..
Let Us Eradicate Poverty, Not Demolish Wealth

Daniel Lacalle

By the time you finish reading this article, some 600 people from all over the world will have escaped poverty.

In 1990, 35% of the world population lived in extreme poverty. Today, that figure h...


Non Civilian Courts for Treason Terra Forming Terra


From sources that i am not too sure of we hear that Hilary is facing 27 indictments for treason alone.  

At the same time the 13,000 plus sealed indictments has also morphed into a 13,000 cell building program in GITMO.  What is absolutely true is that some information is been allowed out to trusted distribution nodes so that supporters of the Admin will not be in complete shock.  All the information  that we have has at least been vouched for.

The big story though is that those 13,000 sealed indictments are facing non civilian courts because they were all involved wittingly or not in an assault of the Republic.  I do want to add that the large numbers may well include a large number of low level political operatives who manipulated the vote count. Certainly the Mueller investigation has targeted the validity of that count.

Today we hear that Russia will forthwith send first time pedophiles to prison for life.  Obvious when we understand that no cure is known and the threat simply does not go away.  Thousands of low level pedophiles have been arrested during the past year.  This must feed into a hierarchy numbering at least one to two thousand folks, often embedded in government and justice.  I may still be too low but this fits the apparent scale now revealed. 

The fact remains that thousands will likely face military tribunals for their actions. The lucky ones will be seconded to a civilian trial.  The seriously unlucky will be quickly put in front of firing squads and shot and we will have limited appeals or none at all.  The administration has essentially taken the position that we are opposing a hostile foreign attack.  This has a lot of truth but may be also smaller than presently thought.

I personally would not give two cents for Hilary's chances.  Yet in her special case her crimes need to be fully aired until her fate will be a relief.


What Does David Attenborough Really Think of Darwin? - Facts So Romantic Nautilus

A casual viewer of nature documentariesor anyone who hasnt heard of or seen the film Attenborough wrote called, Charles Darwin and the Tree of Lifemight surmise that the man was hired to narrate the scripts merely because hes got a great voice.Photograph courtesy Johann Edwin Heupel / Flickr

The name David Attenborough has, to me, always been an enchanting but disembodied voice narrating the hidden struggles and splendors of the natural world. In the last few months Ive seen several of his documentaries (out of the 23 I could count on Netflix) from start to finishLife, Africa, and Planet Earth. Theyre mesmerizing, and some segments can be heart-racing, some distressing, and some morally confusing, as you feel your sympathies tugged in opposite directions (quite often, the offspring of one creature is taken as food to feed the offspring of another). Attenborough doesnt take sidesthe cruelty of necessity in nature is a spectacle he dramatizes neutrally.

What Attenborough doesnt do in his nature documentaries is discuss Darwin and his theory of natural selection. Sure, every so often hell utter the word evolveitd be cumbersome not to, especially when its, say, birds with specialized, elongated beaks that hes describing. But, watching these shows, youll
Read More


The Car of the Future Will Sell Your Data

No. Via: Bloomberg: Picture this: Youre driving home from work, contemplating what to make for dinner, and as you idle at a red light near your neighborhood pizzeria, an ad offering $5 off a pepperoni pie pops up on your dashboard screen. Are you annoyed that your cars trying to sell you something, or pleasantly []


CDC Warns of Salmonella Infections Linked to Kratom SoylentNews

At this time, the CDC recommends that people not consume kratom in any form because it could be contaminated with salmonella:

An outbreak of 28 salmonella infections in 20 states has been linked to kratom products, the US Centers for Disease Control and Prevention said in a statement Tuesday. Though no deaths have been reported, 11 people have been hospitalized.

[...] California had the highest number of salmonella cases (three). North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania and Utah each reported two cases while Alabama, Arizona, Colorado, Florida, Kansas, Kentucky, Louisiana, Massachusetts, Michigan, North Dakota, New York, South Carolina and Tennessee each reported a single case, the CDC found.

Kratom should not be consumed in any form, the CDC said, because the source of salmonella contamination has not been identified.

Also at The Verge, STAT News, and CBS.

Previously: DEA Welcomes Kratom to the Schedule I List Beginning September 30
The Calm Before the Kratom Ban
FDA Blocks More Imports of Kratom, Warns Against Use as a Treatment for Opioid Withdrawal
FDA Labels Kratom an Opioid

Related: Opioid Commission Drops the Ball, Demonizes Cannabis

Original Submission

Read more of this story at SoylentNews.


North Korean APT Group tracked as APT37 broadens its horizons Security Affairs

Researchers at FireEye speculate that the APT group tracked as APT37 (aka Reaper, Group123, ScarCruft) operated on behalf of the North Korean government.

Here we are to speak about a nation-state actor dubbed APT37 (aka Reaper, Group123, ScarCruft) that is believed to be operating on behalf of the North Korean government.

APT37 has been active since at least 2012, it made the headlines in early February when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users.

Cyber attacks conducted by the APT37 group mainly targeted government, defense, military, and media organizations in South Korea.

FireEye linked the APT37 group to the North Korean government based on the following clues:

  • the use of a North Korean IP;
  • malware compilation timestamps consistent with a developer operating in the North Korea time
    zone (UTC +8:30) and follows what is believed to be a typical North Korean workday;
  • objectives that align with Pyongyangs interests(i.e. organizations and individuals involved in Korean
    Peninsula reunification efforts);

Researchers from FireEye revealed that the nation-state actor also targeted entities in Japan, Vietnam, and even the Middle East in 2017. The hackers targeted organizations in the chemicals, manufacturing, electronics, aerospace, healthcare, and automotive sectors.

APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities reads the report published by FireEye.



DIY Peristaltic Pump Keeps the Booze Flowing Hackaday

A few months ago we showed you a bar bot built by [GreatScott] that uses peristaltic pumps to food-safely move the various spirits and mixers around behind the curtain. The bar bot uses three of them, and at $30 each for pumps with decent flow rate, they added a lot to the parts bill. These pumps are pretty much the ideal choice for a bar bot, so what do you do? [GreatScott] decided to see if it was worth it to make them instead.

Peristaltic pumps are simple devices that pump liquids without touching them. A motor turns a set of rollers that push a flexible tube against a wall. As the motor turns, the rollers move liquid through the tube by squeezing it flat from the outside in turns. Typically, the more you pay for an off-the-shelf peristaltic, the higher the flow rate.

[GreatScott] figured it was cheaper to buy the motor and the control circuitry. He chose a NEMA-17 for their reputation and ubiquity and a DRV8825 controller to go with it. The pump is driven by an Arduino Nano and a pot controls the RPM. After trying to design the mechanical assembly from scratch, he found [Ralf]s pump model on Thingiverse and modified it to fit a NEMA-17.

The verdict? DIY all the way, assuming you can print the parts. [GreatScott] was trying to beat the purchased pumps flow rate of 100mL/minute and ended up with 200mL/minute from his DIY pump. Squeeze past the break for the build video and demonstration.

Is there a bar bot build on your list? No? Is it because youre more of a single-malt scotch guy? Build a peristaltic pachyderm to pour your potion.


Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS Bugtraq

Posted by preethiknambiar on Feb 20

1. Introduction

Vendor : Yab
Affected Product : Quarx through 2.4.3
Fixed in : Quarx 2.4.5 and 2.4.6
Vendor Website :
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-7274

2. Technical Description

There are multiple Persistent XSS vulnerabilities in Quarx Content Management System. These vulnerabilities exists


Microsoft Document Details Windows 10 on ARM Limitations SoylentNews

Microsoft accidentally reveals Windows 10 on ARM limitations

Microsoft launched ARM-powered Windows 10 PCs with "all-day" battery life back in December. While HP, Asus, and Lenovo's devices aren't on sale just yet, we're still waiting to hear more about the limitations of Windows 10 running on these new PCs. Microsoft published a full list of limitations last week, spotted first by Thurrott, that details what to expect from Windows 10 on ARM. This list must have been published by accident, as the software giant removed it over the weekend so only cached copies of the information are available.

Also at Engadget and ZDNet.

Related: Big Changes Planned by Microsoft - Windows 10 on ARM, Laptops to Behave More Like Phones
First ARM Snapdragon-Based Windows 10 S Systems Announced
Microsoft Pulls Back on Windows 10 S

Original Submission

Read more of this story at SoylentNews.


Xorgproto 2018.3 Brings RandR Leasing + Non-Desktop Monitors Phoronix

Xorgproto debuted earlier this month as a centralized package of all X.Org protocol headers that used to be versioned and developed independently. Given the slower development now of the xorg-server and lots of the protocols being intertwined, they are now all bundled together. Tuesday marked the 2018.3 release with the new additions for Keith Packard's SteamVR Linux infrastructure work...


Sports Drink of Choice for German Olympians: Nonalcoholic Beer SoylentNews

German Olympians Drink a Lot of (Nonalcoholic) Beer, and Win a Lot of Gold Medals

When Simon Schempp, a biathlete on the German Olympic team, was training for the Pyeongchang Games, he often capped a hard day on the trail with a bottle of nonalcoholic beer. He enjoys the taste of beer like most Germans, who drink more of it per capita than the people of almost any other nation. But he drank the nonalcoholic variety for more than just the flavor. "It's a really good drink directly after training or after competition," said Schempp, who won a silver medal in the 15-kilometer mass start event on Sunday.

Schempp's sober assessment is popular in Germany. While most people see nonalcoholic beer as a responsible replacement for regular beer, Germans often drink it in place of sports drinks after exercise. Beer or Gatorade? No contest.

Johannes Scherr, the doctor for the German Olympic ski team, said nearly all of his athletes drink nonalcoholic beer during training. And the brewery Krombacher has supplied 3,500 liters (about 1,000 gallons) of nonalcoholic beer to the athletes' village so German athletes can enjoy it during competitions at the Pyeongchang Games, where Germany is tied for the most gold medals.

[...] Scherr conducted a double-blind study [open, DOI: 10.1249/MSS.0b013e3182250dda] [DX] [alt], financed by a brewing company, in which he gave runners in the 2009 Munich Marathon nonalcoholic beer every day for three weeks before and two weeks after the race. These runners suffered significantly less inflammation and fewer upper respiratory infections after the race than runners who had been given a placebo.

Original Submission

Read more of this story at SoylentNews.


Dungeons and Dragons TV Tabletop! Hackaday

With little more than pen, paper, dice, and imagination, a group of friends can transport themselves to another plane for shenanigans involving dungeons and/or dragons. An avid fan of D&D and a budding woodworker, Imgurian [CapnJackHarkness] decided to build gaming table with an inlaid TV for their inaugural project.

The tabletop is a 4x4 sheet of plywood, reinforced from underneath and cut out to accommodate a support box for the TV. Each leg ended up being four pieces of 1x4 wood, laminated together with a channel cut into one for the tables power cable. An outer ledge has dice trays if theyre even needed in todays world ready for all those nat 20s, cupholders because nobody likes crying over spilled drinks, and electrical outlets to keep devices charged. Foam squares cover the tabletop which can be easily removed and washed if needed but more on that in a second. [CapnJackHarkness] painted the table as the wood rebuffed many attempts at staining, but theyre happy with how it turned out.

[CapnJackHarkness] based their build on a table made by Gaminggeek, adapting it t...


A Hacker Has Wiped a Spyware Company's Servers Again SoylentNews

Last year, a vigilante hacker broke into the servers of a company that sells spyware to everyday consumers and wiped their servers, deleting photos captured from monitored devices. A year later, the hacker has done it again.

Thursday, the hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company that sells spyware products targeted at parents and employers, but that are also used by people to spy on their partners without their consent.

[...] "None of this should be online at all," the hacker told Motherboard, claiming that he had deleted a total of 1 terabyte of data.

"Aside from the technical flaws, I really find this category of software disturbing. In the US, it's mainly targeted to parents," the hacker said, explaining his motivations for going after Retina-X. "Edward Snowden has said that privacy is what gives you the ability to share with the world who you are on your own terms, and to protect for yourself the parts of you that you're still experimenting with. I don't want to live in a world where younger generations grow up without that right."

[...] Retina-X was not the only spyware company hacked last year. Other hackers also breached FlexiSpy, an infamous provider of spyware that has actively marketed its apps to jealous lovers. At the time, the hackers promised that their two victimsFlexiSpy and Retina-Xwere only the first in line, and that they would target more companies that sell similar products.

Original Submission

Read more of this story at SoylentNews.


NEW 'Off The Wall' ONLINE 2600 - 2600: The Hacker Quarterly

NEW 'Off The Wall' ONLINE

Posted 21 Feb, 2018 1:47:15 UTC

The new edition of Off The Wall from 20/02/2018 has been archived and is now available online.


NEW 'Off The Wall' ONLINE 2600 - 2600: The Hacker Quarterly

NEW '[node:field_name]' ONLINE

Posted 21 Feb, 2018 1:45:15 UTC

The new edition of [node:field_name] from 20/02/2018 has been archived and is now available online.


South Korean Cryptocurrency Regulator Found Dead at Home

Via: Wall Street Journal: A South Korean official who guided Seouls regulatory clampdown on cryptocurrencies was found dead on Sunday, according to a government spokesman. Jung Ki-joon, 52, was head of economic policy at the Office for Government Policy Coordination. He helped coordinate efforts to create new legislation aimed at suppressing cryptocurrency speculation and illicit []


Hovmller: Moving a large and old codebase to Python3

Anders Hovmller has posted an account of migrating a large application to Python 3. There were multiple steps on the journey and plenty of lessons learned. "Our philosophy was always to go py2 -> py2/py3 -> py3 because we just could not realistically do a big bang in production, an intuition that was proven right in surprising ways. This meant that 2to3 was a non starter which I think is probably common. We tried a while to use 2to3 to detect Python 3 compatibility issues but quickly found that untenable too. Basically it suggests changes that will break your code in Python 2. No good. The conclusion was to use six, which is a library to make it easy to build a codebase that is valid in both in Python 2 and 3."


KDE Receives $200,000 Donation From The Pineapple Fund SoylentNews

KDE e.V. is announcing today it has received a donation of 200,000 USD from the Pineapple Fund.

With this donation, the Pineapple Fund recognizes that KDE as a community creates software which benefits the general public, advances the use of Free Software on all kinds of platforms, and protects users' privacy by putting first-class and easy to use tools in the hands of the people at zero cost. KDE joins a long list of prestigious charities, organizations and communities that the Pineapple Fund has so generously donated to.

"KDE is immensely grateful for this donation. We would like to express our deeply felt appreciation towards the Pineapple Fund for their generosity" said Lydia Pintscher, President of KDE e.V.. "We will use the funds to further our cause to make Free Software accessible to everyone and on all platforms. The money will help us realize our vision of creating a world in which everyone has control over their digital life and enjoys freedom and privacy".

Original Submission

Read more of this story at SoylentNews.


Hackers Compromise Tesla Cloud Server to Mine Cryptocurrency HackRead

By Waqas

It is 2018 and the easiest way to make quick

This is a post from Read the original post: Hackers Compromise Tesla Cloud Server to Mine Cryptocurrency



Meta: Subscription Wonkiness SoylentNews

Over the past week we've had at least three occurrences of this particular bug crop up. It's currently already fixed but I thought I'd fill you lot in just in case it got you too and you haven't noticed yet.

On the subscription page there are two radio buttons if you're logged in. One is to subscribe for yourself and one is to give a gift subscription. For some reason they were both set unchecked. If you didn't check one your subscription would to go NCommander's non-admin account, mcasadevall. It beats the complete hell out of me why this would be the default but it is.

If you've purchased a subscription recently please check that you got credit for it. If you didn't please let us know either here or via email.


Read more of this story at SoylentNews.


Cross-Brand Adapter Makes for Blended Battery Family Hackaday

Even though hes a faithful DeWalt cordless tool guy, [Richard Day] admits to a wandering eye in the tool aisle, looking at the Ryobi offerings with impure thoughts. Could he stay true to his brand and stick with his huge stock of yellow tools and batteries, or would he succumb to temptation and add another set of batteries and chargers so he could have access to a few specialty lime green tools?

Luckily, we live in the future, so theres a third way building a cross-brand battery adapter that lets him power Ryobi tools with his DeWalt batteries. [Richard]s solution is a pure hack, as in physically hacking battery packs and forcing them to work and play well together. Mechanically, this was pretty easy a dead Ryobi pack from the recycling bin at Home Depot was stripped down for its case, which was glued to a Dewalt 20-v to 18-v battery adapter. The tricky part came from dealing with the battery control electronics. Luckily, the donor DeWalt line has that circuitry in the adapter, while Ryobi puts it in the battery. That meant simply transplanting the PCB from the adapter to the Ryobi battery shell would be enough. The video below shows the process and the results Ryobi tools happily clicking away on DeWalt batteries.

While [Richard] took a somewhat brute-force approach here, we imagine 3D-printed parts might make for a more elegant solution and offer other brand permutations. After all, printing an adapter should be easier than whipping up a cordless battery pack de novo.


Overnight Tech: Judge blocks AT&T request for DOJ communications | Facebook VP apologizes for tweets about Mueller probe | Tech wants Treasury to fight EU tax proposal The Hill: Technology Policy

JUDGE BLOCKS AT&T REQUEST FOR WHITE HOUSE-DOJ COMMUNICATIONS: A federal judge overseeing the Justice Department's lawsuit against the AT&TTime Warner merger rejected AT&T's request for records of communications between the agency...


FinFETs Shimmy to 5G's Frequencies SoylentNews

Engineers at Purdue University and GlobalFoundries have gotten today's most advanced transistors to vibrate at frequencies that could make 5G phones and other gadgets smaller and more energy efficient. The feat could also improve CPU clocks, make wearable radars, and one day form the basis of a new kind of computing. They presented their results today at the IEEE International Solid-States Circuits Conference, in San Francisco.

Original Submission

Read more of this story at SoylentNews.


FCC to officially rescind net neutrality rules on Thursday The Hill: Technology Policy

The Federal Communications Commission is slated to publish on Thursday its order scrapping net neutrality rules, a source with knowledge of the matter told The Hill on Tuesday.The official publication of the measure, which was first reported by...


LibrePlanet 2018 is on the way: check out the talks and register! FSF blogs

On March 24th and 25th, 2018, the free software community will come together at the Massachusetts Institute of Technology (MIT) to learn, exchange ideas, catch up with friends, and plan the future of the movement. Will you join us?

It's the tenth anniversary of LibrePlanet, and now is a good time to register to attend. As always, Free Software Foundation (FSF) members and students attend gratis.

Hundreds of people from across the globe will converge on Cambridge, Massachusetts to explore this year's theme, "Freedom Embedded." We'll look at embedded systems in everything from our cars to our bodies, discuss how these systems affect our entire society, and talk about how to change the narrative, making free software the norm, instead of walled gardens, Digital Restrictions Management (DRM), and proprietary code.

In addition to the keynote speakers we announced last month, LibrePlanet 2018 will feature a panoply of presentations. Our lineup includes Jeremiah Foster, who will examine free software and vehicles; a panel of speakers including Karen Sandler, Mad Ball, Rachel Kalmar, and Dana Lewis, who will discuss freedom and devices used for health, medicine, and wellness; and Bob Call, who will talk about libreCMC, a distro for embedded devices.

LibrePlanet 2018 offers lots of opportunities for fun, too: in addition to the annual FSF open house the evening of Friday, March 23rd, and the LibrePlanet party on Saturday night, there will be a special piano concert featuring freely licensed arrangements. And the conference looks at gaming and art, too: Noah Swartz will walk us through the roguelikes game genre, and Bassam Kurdali will teach a workshop in free software photogrammetry! The full program will be published soon. In the meantime, check out the list of confirmed speakers.

LibrePlanet brings together software developers, activists, policy experts, and computer users to share accomplishments, learn new skills, and address challenges to software freedom. Newcomers are always welcome, and LibrePlanet 2018 will feature programming for all experience levels, including students.

LibrePlanet 2018 is produced by the Free Software Foundation in partnership with the Student Information Processing Board (SIPB) at MIT.

Pre-order a LibrePlanet 2018 T-shirt by February 28th

You can also pre-order a LibrePlanet 2018 commemorative T-shirt in the GNU Press shop. Order your shirt by February 28th, 7am EST/13:00 UTC to guarantee availabilit...


A Linux Kernel Driver Is Being Worked On For Valve's Steam Controller Phoronix

Right now to make most use of the Steam Controller on Linux you need to be using the Steam client while there have been independent user-space programs like SC-Controller to enable Steam Controller functionality without the Steam client running. A new and independent effort is a Linux kernel driver for the Steam Controller...


Tallest Timber Tower Tipped for Tokyo SoylentNews

TreeHugger reports:

Sumitomo Forestry, an industry giant in Japan, [is] pivoting to plyscrapers and proposing a 70-story, 350 meter (1148') tower for the Marunouchi district in Tokyo. It's called W350, the plan being that it will be finished in 2041, the 350th anniversary of the founding of the company.

[...] Using a hybrid 9:1 ratio of wood to steel, Sumitomo Forestry aims to replace concrete, which is one of the world's largest carbon footprint contributors. The skyscraper would be a 70-floor mixed-use building that would include a hotel, office space, commercial space, and residences. Wrap-around balconies at different intervals would be planted with lush wildlife. And greenery would extend throughout the entire complex, creating a vertical forest where humans and wildlife can flourish.

[...] It is a brace tube structure, "a structural system that forms a cylindrical shell (brace tube) with columns / beams and braces. By placing braces diagonally in a set of shafts assembled with columns and beams, it prevents the building from deforming against lateral forces such as earthquakes and wind."

The images are beautiful.

Previously: Super Wood Could Replace Steel
The Case for Wooden Skyscrapers
Can You Build A Safe, Sustainable Skyscraper Out Of Wood?

Original Submission

Read more of this story at SoylentNews.


Coldroot RAT cross-platform malware targets MacOS without being detected Security Affairs

The former NSA hacker and malware researcher Patrick Wardle is back, this time he spotted a new remote access Trojan dubbed Coldroot RAT.

The Coldroot RAT is a cross-platform that is targeting MacOS systems and the bad news is that AV software is not able to detect it. The malware acts as a keylogger on MacOS systems prior to the OS High Sierra allowing it to capture user passwords and credentials.

Wardle published a detailed analysis of the RAT that is currently available for sale on the underground markets since Jan. 1, 2017, while some versions of the Coldroot RAT code have also been available on GitHub for nearly two years.

The expert explained that the RAT masquerades as an Apple audio driver that when clicked on displays an authentication prompt requesting the victim to provide its MacOS credentials.

an unflagged file named caught my eye. It was recently submitted for a scan, in early January.  wrote Wardle

Though currently no AV-engine on VirusTotal flags this application as malicious, the fact it contained a reference to (TCC.db) warranted a closer look. 

Once obtained the credentials the RAT modifies the privacy TCC.db database. The researchers analyzed a sample that once installed attempts to provide the malware with accessibility rights (so that it may perform system-wide keylogging) by creating the


file and then modifies the privacy database TCC.db that keep track of the applications installed on the machine and the related level of accessibility rights.

Think, (ab)using AppleScript, sending simulated mouse events via core graphics, or directly interacting with the file system. An example of the latter was DropBox, which directly modified macOSs privacy database (TCC.db) which contains the list of applications that are afforded accessibility rights. Wardle wrote.

With such rights, applications can then interact with system UIs, other applications, and even intercept key events (i.e. keylogging). By directly modifying the database, one could avoid the obnoxious system alert that is normally presented to the user:  



Using a laser to wirelessly charge a smartphone safely across a room Lifeboat News: The Blog

Although mobile devices such as tablets and smartphones let us communicate, work and access information wirelessly, their batteries must still be charged by plugging them in to an outlet. But engineers at the University of Washington have for the first time developed a method to safely charge a smartphone wirelessly using a laser.

As the team reports in a paper published online in December in the Proceedings of the Association for Computing Machinery on Interactive, Mobile, Wearable & Ubiquitous Technologies, a narrow, invisible beam from a laser emitter can deliver charge to a sitting across a room and can potentially charge a smartphone as quickly as a standard USB cable. To accomplish this, the team mounted a thin power cell to the back of a smartphone, which charges the smartphone using power from the laser. In addition, the team custom-designed safety features including a metal, flat-plate heatsink on the smartphone to dissipate from the laser, as well as a reflector-based mechanism to shut off the laser if a person tries to move in the charging beams path.

Safety was our focus in designing this system, said co-author Shyam Gollakota, an associate professor in the UWs Paul G. Allen School of Computer Science & Engineering. We have designed, constructed and tested this laser-based charging system with a rapid-response safety mechanism, which ensures that the laser emitter will terminate the charging beam before a person comes into the path of the laser.


The Patent Trolls Lobby, Bristows and IAM Among Others, Downplays Darts-IP/IP2Innovate Report About Rising If Not Soaring Troll Activity in Europe Techrights

Because theyre not interested in facts; they actively promote the UPC and patent trolls, which theyre even paid to promote


Summary: Exactly like last year, as soon as IP2Innovate opens its mouth Bristows and IAM go into attack dog mode and promote the UPC, deny the existence or seriousness of patent trolls, and promote their nefarious, trolls-funded agenda

Dj vu today. We saw that last year in spring. Lobbyists of patent trolls come out of the woodwork and relentlessly attack those who dare point out that todays EPO gives rise to patent trolls and UPC would further exacerbate this problem. But lets structure what happened yesterday and today chronologically, having researched this the entire day. Well leave this for readers to decide on, e.g. who is right and who is wrong.

It has long been known that low-quality patents granted by the USPTO were partly responsible for a trolls epidemic in the United States. Almost nobody would deny this, not even patent extremists; they just use different words for patent trolls. The same thing is happening in China right now because patent scope is broadened and examination weakened. Its an avalanche of low-quality patents.

The same thing is happening in China right now because patent scope is broadened and examination weakened. Its an avalanche of low-quality patents.This brings us to the EPO. We last wrote about decline of patent quality just earlier today, based on a two-page report/bulletin from EPO insiders. Anyone still in denial about the decline of European Patents (EPs) quality is either deluded or called Benot Battistelli (he probably lies to himself about it, maybe he actually believes his own lies).

Weve long warned (long before we covered EPO scandals) about low-quality EPs ushering in patent trolls, more so if the UPC ever becomes a reality. We werent alone. Others were saying the exact same thing. Its so evident that in order to deny this one has to be both greedy and financially-motivated (Bristows comes to mind).

Patent trolls are already soaring in Germany. This was measured last year. Patent trolls representatives make a load of money out of it and they want to make it worse with unitary effect (more defendants, higher damages and so on). The UPC is a disaster in the making,...


Tesla cloud account hacked to mine cryptocurrency The Hill: Technology Policy

An unidentified outside hacker infiltrated Tesla's Amazon cloud account and used its systems to quietly mine for cryptocurrencies, a cybersecurity firm announced Tuesday.The hack also potentially exposed the electric car company's...


Easy, Modular Alphanumeric Displays are Full of Flappy Goodness Hackaday

There are plenty of ways to make large alphanumeric displays that are readable at great distances. LED signboards come to mind, as do big flat-screen LCD displays. But such displays feel a little soulless, and nothing captures the atmosphere of a busy train station like an arrivals and departures board composed of hundreds of split-flap displays.

In a bid to make these noisy but intriguing displays practical for the home-gamer, [Scott Bezek] has spent the last couple of years on a simple, modular split-flap display unit, and from the look of the video below, its pretty close to ready. The build log details the design process, which started with OpenSCAD and took advantage of the parametric nature of the scripting language to support any number of characters, within reason. Costs are kept low with laser-cut MDF frames and running gear, and cheap steppers provide the motion. Character cards are just PVC ID badges with vinyl letters, and a simple opto-sensor prevents missed steps and incorrect characters. The modules can be chained together into multi-character displays, and the sound is satisfyingly flappy.

[Scott] has put a lot of thought into these displays, and even if its not the simplest split-flap display weve seen, its really worth checking out.

[via r/DIY]


Ubuntu Server 18.04 LTS Will Default To The New Installer Phoronix

Last year Canonical announced work on a new text-based server installer for Ubuntu. It's come a long way over the past year and will be the default server installer with 18.04 LTS...


Tips for an Information Security Analyst/Pentester career - Ep. 57: Forensic challenge (pt. 1) The S@vvy_Geek Tips Tech Blog

I was watching this John Strand's video on live memory analysis some days ago.

I love his tutorials because they're really inspirational but, in this case, John came out with a series of labs intended for his forensic students at SANS.

I thought to myself, "Yes, I got this, I can do it". You know, I graduated in Cyber Security & Forensics, so I thought I should've been able to follow through.

Here's my tutorial about it.

In this first part I'll analyze a clean Window configuration, for us to have a baseline, and in the second part I'll perform the same steps against a system compromised with a Meterpreter shell.


I create a backdoor by running netcat on TCP port 2222 (in the upcoming second part of this tutorial, I'll create an actual Meterpreter backdoor).

If we run netstat -nao and we include an interval parameter of 5 in the command, we can see a list of active network connections that will be redisplayed every 5 seconds.

You'll notice a connection to TCP port 2222 in LISTENING state, which means the port is open.

Intelligence on running processes

To have information on running processes, we can run three different commands, which return a different amount of intelligence about the system.

a) Task Manager (taskmgr.exe): That's a well-known command. Not everyone knows, though, Task Manager can display information on the processes from all users and not only from the user currently logged on.


Even With AMDGPU DC, HDMI/DP Audio Isn't Working Out For All Radeon Linux Users Phoronix

While the newly-released Raven Ridge APUs could make for nice HTPC systems given the number of compatible mini-ITX/micro-ATX motherboards and these 65 Watt APUs offering Zen CPU cores with Vega graphics, besides the current problematic Raven Ridge graphics support, there are still some broader AMDGPU DC audio problems for newer graphics cards...


Mitsubishi Electric Develops Hybrid 16-beam Spatial-Multiplexing Technology for 5G Base Stations IEEE Spectrum Recent Content full text

The company successfully tested a parallel transmission of 16 data streams to a single device achieving 25.5 Gbps downlink speed--an industry first Photo: Mitsubishi Electric

5G report logo, link to report landing page

With mobile traffic in the coming 5G era expected to be a thousand times greater than what were generating today, mobile wireless infrastructure companies will need to provide greater transmission capacity, lower latency, and vastly more connectivity. To help achieve these goals, researchers at Mitsubishi Electric are testing a hybrid super-high-frequency massive multiple-input multiple-output (MIMO) system using hundreds of antenna elements with multibeam multiplexing to achieve efficient spectrum usage.

On 14 February, the company announced the development of a 16-beam spatial-multiplexing technology operating at 28 gigahertz for 5G small mobile base stations. Whats more, Mitsubishi claimed, is that it had demonstrated what it believes is the first 5G system to transmit 25.5 gigabits per second to one user device using the 500 megahertz bandwidth.

Details of the system will be announced at the IEICE Technical Committee on Radio Commutation System conference on 28 February.

The prototype base station used in the test consists of eight analog front-end-processing low-power units that together formed 16 beams, plus a MIMO digital processing algorithm that reduced interference between the beams.

The system attained a gain of 4096 antenna elements, yet its computational complexity is just that of 16 antenna elements, explains Atsushi Okamura, general manager of the Communication Technology Department, a unit in Mitsubishi Electric's Information Technology R&D Center in Kamakura, just south of Tokyo.

While all-digital massive MIMO produces high transmission performance, Okamura notes that it requires a digital signal processor, a digital-to-analog converter, and analog circuitry for each antenna. This would result in extremely high implementation and computation costs, not to mention a prohibitive increase in size.

"So we have implemented a hybrid beamforming system using active phased-array antenna and digital MIMO signal processing," he explains. This dramatically reduces number of components, yet yields almost the same performance, he adds.

Thats because each antenna element constitutes a sub-array and employs an analog variable-phase-shifter for controlling beam direction. Fo...


VPNs in General at Risk From Overblocking by ISPs SoylentNews

An increasing number of Internet Service Providers (ISPs) around the world have been blocking more and more access based on accusations of copyright infringement. Those demanding the blocking assert that high standards are followed when making the decision. However, those studying the situation are finding otherwise. Given the scope creep demonstrated by these activities there is legitimate concern for the future availability of Virtual Private Networks (VPN) on those providers.

TorrentFreak covers analysis from University of Ottawa law professor Michael Geist on the topic via his personal blog:

A group of prominent Canadian ISPs and movie industry companies are determined to bring pirate site blocking efforts to North America. This plan has triggered a fair amount of opposition, including cautioning analyses from law professor Michael Geist, who warns of potential overblocking and fears that VPN services could become the next target.

Michael Geist's personal blog jumps right in with a discussion of likely expansions to the scope of blocking and other sources of blocking over-reach.

The Bell coalition website blocking proposal downplays concerns about over-blocking that often accompanies site blocking regimes by arguing that it will be limited to "websites and services that are blatantly, overwhelmingly, or structurally engaged in piracy." Having discussed piracy issues in Canada and how the absence of a court order makes the proposal an outlier with virtually every country that has permitted site blocking, the case against the website blocking plan now turns to the inevitability of over-blocking that comes from expanding the block list or from the technical realities of mandating site blocking across hundreds of ISPs for millions of subscribers. This post focuses on the likely expansion of the scope of piracy for the purposes of blocking and the forthcoming posts will discuss other sources of blocking over-reach.

Once a technology or practice is in place, it is usually extended and abused beyond its original purpose. Even in the short history of the World Wide Web as well as the Internet, scope creep has shown itself to be a real problem.

Sources :
Canadian Pirate Site Blocks Could Spread to VPNs, Professor Warns
The Case Against the Bell Coalition's Website Blocking Plan, Part 5: The Inevitable Expansion of the Block List Standard for "Piracy" Sites



BitTorrent Client uTorrent Suffers Security Vulnerability (Updated) TorrentFreak

With dozens of millions of active users a day, uTorrent has long been the most used torrent client.

The software has been around for well over a decade and its still used to shift petabytes of data day after day. While there havent been many feature updates recently, parent company BitTorrent Inc. was alerted to a serious security vulnerability recently.

The security flaw in question was reported by Google vulnerability researcher Tavis Ormandy, who first reached out to BitTorrent in November last year. Googles Project Zero allows developers a 90-day window to address security flaws but with this deadline creeping up, BitTorrent had remained quiet.

Late last month Ormandy again reached out to BitTorrent Incs Bram Cohen, fearing that the company might not fix the vulnerability in time.

I dont think bittorrent are going to make a 90 day disclosure deadline, do you have any direct contacts who could help? Im not convinced they understand the severity or urgency, Ormandy wrote on Twitter.


While Googles security researcher might have expected a more swift response, the issue wasnt ignored.

While no specific details about the vulnerability have yet to be released (update below), it is likely to be a remote execution flaw. Ormandy previously exposed a similar vulnerability in Transmission, which he said was the first of a few remote code execution flaws in various popular torrent clients.

BitTorrent Inc. told us that they have shared their patch with Ormandy, who according to the company confirmed that this fixes the security issues (update below).

uTorrent Beta release notes

We have also sent the build to Tavis and he has confirmed that it addresses all the security issues he reported, Rees told us. Si...


IBM Index: A Community Event for Open Source Developers

IBM Index: A Community Event for Open Source Developers


The Legal Hazards of Virtual Reality and Augmented Reality Apps IEEE Spectrum Recent Content full text

Liability and intellectual property issues are just two areas developers need to know about Photo: Joan Cros Garcia/Corbis/Getty Images

img Photo: Joan Cros Garcia/Corbis/Getty Images

As virtual- and augmented-reality technologies mature, legal questions are emerging that could trip up VR and AR developers. One of the first lawyers to explore these questions is Robyn Chatwood, of the international law firm Dentons. VR and AR are areas where the law is just not keeping up with [technology] developments, she says. IEEE Spectrum contributing editor Tam Harbert talked with Chatwood about the legal challenges.

Tam Harbert: What critical legal issues do engineers need to know about?

Robyn Chatwood: IP rights are the most important. In VR, IP rights come in two categories: real-world-IP rights in the virtual world and virtual-IP rights in the real world. To give you an example of the first category, McDonalds has trademarks on its brand in the real world. But what if someone depicts a McDonalds burger or restaurant in a virtual world? Does trademark registration stretch to cover everything in a virtual world?

The second category is virtual-IP rights in the real world. For example, I design an app that geotags a building, and when I view the building through my smartphone, the app augments that view with information about the building, such as height, number of tenants, etc. Who owns the rights when you overlay information virtually onto a real physical object? At the moment, there are no effective laws on who owns such rights. Owners of landmark buildings might want to own those rights, but today they cant control who presents information about their buildings in an augmented-reality application.

The other thing is an issue thats normally sorted out by contract, but I still consider it a gray area. Users can design and build things virtually. Say someone comes up with a really incredible and exciting design for a building or a city. Who owns the rights to that design? That is normally spelled out in the terms and conditions users are required to sign, but it becomes more important with VR content. Engineers should think through what people might do with this technology and make sure that their companies sort out who owns what in the terms and conditions.

T.H.: What about dangers to users?

R.C.: This technology can be used to help people in...



Turn Your Lathe into a Shaper Hackaday

Ingenuity is the name of the game with manual machine tools. You often have to get creative to use the tools you have to create the part you want. Thats exactly what happened when [John] needed to cut internal splines and keyways using his lathe.

Lathes are usually used to turn metal, but internal keyways and splines are operations often performed with a broach. An older tool called a shaper would be perfect here, but shapers are relatively rare these days or are they? There are many examples of shaper attachments for lathes. These are human-powered devices that scrape a bit of metal off each pass. The lathe itself is used to keep the workpiece in place and move the tool in a repeatable way.

Rather than create a shaper jig from scratch, [John] decided to use his compound slide as the shaper slide itself. He removed the compound slide lead screw, which allowed the compound to slide freely. He then fabricated a double hinged bar and bolted this to the compound slide. Moving the bar causes the slide to move. Just add a cutting tool, and youre ready to cut a keyway. Add an indexing plate, and youre ready to cut a spline. You can see the tool in action after the break.

If you want to learn more about lathes and what goes into them, you can learn how to build one from scratch.




Judge rejects AT&T inquiry into possible Trump influence in merger case The Hill: Technology Policy

A federal judge overseeing the Justice Department's lawsuit against the AT&TTime Warner merger rejected AT&T's request for records of communications between the agency and the White House.AT&T had been preparing to argue in the upcoming...


Steal This Show S03E13: The Tao of The DAO TorrentFreak

stslogo180If you enjoy this episode, consider becoming a patron and getting involved with the show. Check out Steal This Shows Patreon campaign: support us and get all kinds of fantastic benefits!

In this episode, we meet Chris Beams, founder of the decentralized cryptocurrency exchange Bisq. We discuss the concept of DAOs (Decentralised Autonomous Organisations) and whether The Pirate Bay was an early example; how the start of Bitcoin parallels the start of the Internet itself; and why the meretricious Bitcoin Cash fork of Bitcoin is based on a misunderstanding of Open Source development.

Finally, we get into Bisq itself, discussing the potential political importance of decentralized crypto exchanges in the context of any future attempts by the financial establishment to control cryptocurrency.

Steal This Show aims to release bi-weekly episodes featuring insiders discussing copyright and file-sharing news. It complements our regular reporting by adding more room for opinion, commentary, and analysis.

The guests for our news discussions will vary, and well aim to introduce voices from different backgrounds and persuasions. In addition to news, STS will also produce features interviewing some of the great innovators and minds.

Host: Jamie King

Guest: Chris Beams

Produced by Jamie King
Edited & Mixed by Riley Byrne
Original Music by David Triana
Web Production by Siraje Amarniss

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons


Uber CEO: Air taxis could become a reality within decade The Hill: Technology Policy

Uber CEO Dara Khosrowshahi said Tuesday that he sees his company taking to the skies within the next five to 10 years. Khosrowshahi said at an investor forum in Tokyo that he expects flying vehicles to become an affordable means...


The advent of GDPR could fuel extortion attempts by criminals Help Net Security

The number of exploit kit attacks is, slowly but surely, going down, and malware peddlers are turning towards more reliable tactics such as spam, phishing, and targeting specific, individual vulnerabilities. Thats the good news. The bad news is that everything else is on the rise: BEC scams, ransomware, stealthy crypto-mining, the number of enterprise records compromised in data breaches. 2017 threat landscape Trend Micro has released its annual security roundup the past year, and it More


Links 20/2/2018: Mesa 17.3.5, Qt 5.11 Alpha, Absolute 15.0 Beta 4, Sailfish OS 2.1.4 E.A., SuiteCRM 7.10 Techrights

GNOME bluefish



  • Now Just Five Men Own Almost as Much Wealth as Half the Worlds Population

    Why Do We Let Unqualified Rich People Tell Us How To Live? Especially Bill Gates!

    In 1975, at the age of 20, Bill Gates founded Microsoft with high school buddy Paul Allen. At the time Gary Kildalls CP/M operating system was the industry standard. Even Gates company used it. But Kildall was an innovator, not a businessman, and when IBM came calling for an OS for the new IBM PC, his delays drove the big mainframe company to Gates. Even though the newly established Microsoft company couldnt fill IBMs needs, Gates and Allen saw an opportunity, and so they hurriedly bought the rights to another local companys OS which was based on Kildalls CP/M system. Kildall wanted to sue, but intellectual property [sic] law for software had not yet been established. Kildall was a maker who got taken.

    So Bill Gates took from others to become the richest man in the world. And now, because of his great wealth and the meritocracy myth, MANY PEOPLE LOOK TO HIM FOR SOLUTIONS IN VITAL AREAS OF HUMAN NEED, such as education and global food production.

  • Hackers Turn the Nintendo Switch into a Linux Tablet with KDE Plasma Desktop
  • Nintendo Switch has been hacked to run full-fat Linux

    The fail0verflow nerds got Linux running on the Switch by using code execution, though they didnt say how they got around Nintendos own operating system and boot process to load up Linux.

  • Hackers have turned the Nintendo Switch into a functional Linux tablet
  • ...


U.S. Abandons Extradition Case Against Lauri Love SoylentNews

Lauri Love case: US abandons extradition case

Efforts to extradite alleged computer hacker Lauri Love have been abandoned by US authorities.

[...] Mr Love said he may help UK investigators to bring charges to get the case "over and done with".

American authorities confirmed they will not fight a High Court decision to block Mr Love's extradition to the US, on the grounds it would be "oppressive". A Crown Prosecution Service spokesman confirmed Mr Love will not be extradited.

Also at Bloomberg and The Hill.

Previously: Lauri Love to be Extradited to the U.S.
Lauri Love's Appeal Will be Heard in the UK on November 28th and 29th
Cracking Suspect Lauri Love Wins Appeal Against Extradition to US

Original Submission

Read more of this story at SoylentNews.


Hack In The Box announces keynote speakers for 2018 Amsterdam event Help Net Security

Hack In The Box Security Conference (HITBSecConf) is returning to Amsterdam in April this year with more than 70 speakers who will take to stage. This years marks the 9th annual HITBSecConf in Europe, and will run from April 9th to 13th at the NH Grand Krasnapolsky. Keynotes Michel van Eeten, Professor of Cybersecurity at Delft University of Technology will deliver the welcome address on 12 April Following this, the first keynote address will be More


Vera Rubin: Shedding Light on Dark Matter Hackaday

Vera sat hunched in the alcove at Kitt Peak observatory, poring over punch cards. The data was the same as it had been at Lowell, at Palomar, and every other telescope shed peered through in her feverish race to collect the orbital velocities of stars in Andromeda. Although the data was perfectly clear, the problem it posed was puzzling. If the stars at the edges of spiral galaxy were moving as fast as the ones in the center, but the pull of gravity was weaker, how did they keep from flying off? The only possible answer was that Andromeda contained some kind of unseen matter and this invisible stuff was keeping the galaxy together.

Though the idea seemed radical, it wasnt an entirely new one. In 1933, Swiss astronomer Fritz Zwicky made an amazing discovery that was bound to bring him fame and fortune. While trying to calculate the total mass of the galaxies that make up the Coma Cluster, he found that the mass calculation based on galaxy speed was about ten times higher than the one based on total light output. With this data as proof, he proposed that much of the universe is made of something undetectable, but undeniably real. He dubbed it Dunkle Materie: Dark Matter.

But Zwicky was an insufferable jerk who regularly bad-mouthed his colleagues and other astronomers in general. As a result, his wild theory was poorly received and subsequently shelved until the 1970s, when astronomer Vera Rubin made the same discovery using a high-powered spectrograph. Her findings seemed to provide solid evidence of the controversial theory Zwicky had offered forty years earlier.



Imec Boosts Bluetooth Battery Life IEEE Spectrum Recent Content full text

Low-voltage circuit extends battery life by 50 percent Photo Imec

A Bluetooth transceiver design that dramatically boosts battery life could enable richer sensor networks and extend the lifetime of implanted medical devices. At the International Solid-State Circuits Conference in San Francisco this week, engineers from European research organization imec and Renesas Electronics Corporation (a semiconductor company in Tokyo) showed off the record-low-voltage communications chip.

Over the past eight years, engineers have brought down Bluetooth power consumption by a factor of ten, says Christian Bachmann, program manager for ultralow power wireless systems at imec Holst Centre in Eindhoven, Netherlands. The imec transceiver, which meets the Bluetooth 5 standard, uses 0.8 volts, down from a full volt. That reduction is enough to extend battery life by 50 percent. This achieves another power of five reduction and will enable new applications, Bachmann says.

Bachmann is excited about the potential for ultralow-power communications not only to extend battery life in conventional applications, but also to open up new ones. For wireless sensor networks, communications are the power bottleneck, says Bachmann. Power-hungry transceivers can rule out the use of low-voltage printed batteries and energy harvesters. More efficient transceivers could open up new possibilities for wearable electronics and distributed sensor networks.


There's Experimental Work On A Vulkan Renderer For KDE's KWin Phoronix

There is an experimental branch of KDE's KWin window manager / compositor with support for Vulkan compositing...


Big tech lobbying groups push Treasury to speak out on EU tax proposal The Hill: Technology Policy

Top technology trade associations are pushing the Trump administration to fight back against an expected European Union tax proposal.Lobbying groups for major firms like Google, Amazon and Apple say the firms are worried by the...


This Is the Most Distant Confirmed Supernova Ever Observed Lifeboat News: The Blog

Supernovae are already some of the brightest explosions in the universebut theres more mysterious type, called superluminous supernovae, that can shine a hundred times brighter than the usual ones. And on August 22, 2016, astronomers spotted one whose light traveled over 10 billion years to reach us.

The discovery of the event, called DES16C2nm, was exciting enough on its own since it would normally have been invisible to telescopes if not for the fact that the universe is expanding, thus stretching the light from the explosion into wavelengths we can see from Earth. More generally, these flashes can tell the story of our universe, like what kinds of stuff lives between stars in distant galaxies, and other quirks of the cosmos.

The more distant supernovae we see, the more information we get on those stars. one of the studys authors, Charlotte Angus from the University of Southampton in the United Kingdom, told Gizmodo.


Hackers Exploite Tegra Chipset Flaw to Run Linux OS on Nintendo Switch HackRead

By Waqas

The exploit is unpatched putting Nintendo Switch devices at risk.

This is a post from Read the original post: Hackers Exploite Tegra Chipset Flaw to Run Linux OS on Nintendo Switch


Aerojet Rocketdyne Seeks More U.S. Air Force Funding for AR1 Rocket Engine SoylentNews

Aerojet Rocketdyne wants the U.S. Air Force to contribute more funding for the development of its AR1 rocket engine. But that may be a hard sell when the mostly privately funded BE-4 from Blue Origin is close to being ready to fly:

In recent years, Aerojet has sought funding from the US Air Force to design and build the AR1, which has approximately 20 percent more thrust than a space shuttle main engine. The Air Force, in turn, has pledged as much as $536 million in development costs provided that Aerojet puts its own skin in the gameabout one-third of research and development expenses.

According to a new report in Space News, Aerojet is now saying that even this modest investment is too much, and the company is seeking to reduce its share of the development costs from one-third to one-sixth. "As we look to the next phase of this contract, we are working with the Air Force on a smart and equitable cost-share," Aerojet spokesman Steve Warren told the publication. "We are committed to delivering an engine in 2019."

According to the report, the Air Force is not inclined to renegotiate the agreement. The Air Force's hesitation to increase its investment is probably because the military may not really need the AR1 rocket engine any more due to the emergence of Blue Origin, the rocket company founded by Amazon founder Jeff Bezos.

Related: Blue Origin Will Build its Rocket Engine in Alabama
NASA Opens Door to Possibly Lowering SLS Cost Using Blue Origin's Engines
After the Falcon Heavy Launch, Time to Defund the Space Launch System?

Original Submission

Read more of this story at SoylentNews.


US, UK regulators join forces on regulating financial technology firms The Hill: Technology Policy

Two top U.S. and British trading watchdogs have agreed to join forces on efforts to help financial technology companies navigate regulations.The U.S. Commodity Futures Trading Commission (CFTC) and the United Kingdom's Financial Conduct...


AnyVision's facial recognition cameras are being installed in 'smart cites' everywhere MassPrivateI

Everywhere you turn politicians and corporations are trying to convince the public we need to convert our cities into 'smart cities'.

Last week AnyVision and Nvidia announced that they are working together to put facial recognition cameras in cities across the globe.

"Nvidia has partnered with AI developer AnyVision to create facial recognition technology for 'smart cities' around the world. The two companies will work to install automatic facial recognition into CCTV (closed-circuit television) surveillance cameras". 

AnyVision is an Israel-based company that profits from spying on everyone.

Five months ago, I warned everyone that Nvidia also wants to turn police vehicles into 360 degree facial recognition platforms.

Facial recognition cameras are being used to spy on everyone.

Facial recognition cameras identify marathon runners in real-time

AnyVision claims their facial recognition technology can detect, track and recognize any person of interest with more than 99% accuracy. Their video also claims they can identify marathon runners in real-time.

Soon nowhere will be safe from law enforcement's prying eyes.

"AnyVision utilizes Nvidia hardware to achieve high-speed, real-time face recognition from surveillance video streams. Our system is highly optimized for GPU acceleration allowing us to deliver real-time analysis of streaming data whilst achieving u...


Oversight Dems urge Equifax to extend protections for breach victims The Hill: Technology Policy

A group of House Democrats is urging Equifax to extend protections for those affected by its massive data breach last year, arguing that the credit bureaus offering is inadequate.Every Democrat on the House Oversight and Government Reform Committee...


Expected changes in IT/OT convergence and industrial security Help Net Security

Ten years ago, I was brought into the industrial security arena by a top company executive in who was convinced that we needed traditional endpoint protection on smart meters. I had spent fifteen years before that in enterprise security, so it took a while to shape my focus around the nature of the problem of IT/OT convergence and industrial security. I have had the pleasure of being on both sides of the fence from More


ESP-01 Bridges the Gap Between IR and WiFi Hackaday

[Emilio Ficara] dropped us a line recently about his efforts to drag his television and receiver kicking and screaming into the modern era. His TV is old enough that it needs an external tuner, which means it requires two separate remotes to properly channel surf. He wanted to simplify the situation, and figured that while he was at it he might as well make the whole thing controllable over WiFi.

To begin the project, [Emilio] had to capture the IR signals from the two remotes he wanted to emulate. He put together a quick little IR receiver out of parts he had in the junk bin which would connect up to his computers microphone port. He then used an open source IR protocol analyzer to capture the codes and decode them into hex values.

As a proof of concept he came up with a little device that combines an ESP-01 with an ATmega88. The ESP-01 runs a minimal web server that receives hex codes as URL query strings. These hex codes are then interpreted by the ATmega88 and sent out over the IR LED. [Emilio] notes that driving the IR LED directly off of the ATmega pin results in fairly low range of around one meter, but thats good enough for his purposes. If you want to drive the IR LED with more power, youll need to add a transistor to do the switching.



Security updates for Tuesday

Security updates have been issued by Debian (libav), Gentoo (chromium, firefox, libreoffice, mysql, and ruby), SUSE (kernel), and Ubuntu (bind9).


Flight Sim Lab installed Chrome passwords stealer in piracy check tool HackRead

By Waqas

Flight Simulator Lab is caught secretly installing a software which

This is a post from Read the original post: Flight Sim Lab installed Chrome passwords stealer in piracy check tool


Google's Project Zero Discloses Microsoft Edge Vulnerability SoylentNews

Google's Project Zero has disclosed a vulnerability in the Microsoft Edge web browser that bypasses the browser's Arbitrary Code Guard (ACG). Project Zero disclosed the bug 14 days after the end of the usual 90-day period, but it apparently wasn't enough time for Microsoft to patch it:

Google's Project Zero initiative tasks its security researchers with finding flaws in various software products developed by the company itself as well as other firms. Back in 2016, it revealed a serious vulnerability present in Windows 10, and reported a "crazy bad vulnerability" in Windows in 2017. Now, the firm has disclosed another security flaw in Microsoft Edge, after the Redmond giant failed to fix it in the allotted time.

[...] According to the Microsoft Security Response Center (MSRC), the problem turned out to be more complex than initially believed, due to which it was given an additional 14-day grace period by Google. Although the company missed this deadline in its February Patch Tuesday too - which forced Google to make the flaw public - Microsoft is confident that it will resolve the issue by March 13, aligning the shipment of the fix with the Patch Tuesday in March.

Also at The Verge and BetaNews.

Original Submission

Read more of this story at SoylentNews.


Deconstructing A Simple Op-Amp Hackaday

Maybe you are familiar with the op-amp as an extremely versatile component, and you know how to quickly construct a huge variety of circuits with one. Maybe you even have a favorite op-amp or two for different applications, covering many possible niches. Standard circuits such as an inverting amplifier are your bread and butter, and the formula gain=-Rf/Ri is tattooed on your forearm.

But you can know how to use op-amps without really knowing how they work. Have you ever peered under the hood of an op-amp to find out whats going on in there? Would you like to? Lets take a simple device and examine it, piece by piece.

The First IC Op-amp

The Fairchild A702 was the first integrated circuit op-amp, a then-revolutionary component designed by Bob Widlar and first brought to market in 1964. Though it was long-ago deleted from semiconductor catalogues it has the advantage of an extremely simple internal circuit, one that can be easily explained in an article such as this one.

The A702's internal circuit, as shown on its data sheet.The A702s internal circuit, as shown on its dat...


How to Get Started Using WSL in Windows 10

How to Get Started Using WSL in Windows 10


ArchHosting 2GB KVM + SSD + DDoS Protection starting @ $5.99/mo! Low End Box

Hey everyone, Liam from ArchHosting is back after just a little over a year since their last offer and they have some nice speedy services to offer with DDoS protection included as well!

Heres a note from Liam:

Arch Hosting excels in offering premium web hosting and virtual servers at lightning fast speeds with insanely high reliability while still offering competitive and affordable prices. Weve been in business since 2015, and have previously been featured on LEB a year ago in February, 2017. Since then, weve been featured on websites such as Android Authority and TheNextWeb. These offers are special because theyre powered by a solid infrastructure, and our support team is focused on providing an impeccable user experience. Dont take our word for it check out some of our many positive reviews. Were offering some high RAM KVM VPS today, with a limited opening stock.

Theyre a registered company under the name Arch Industries our of Los Angeles, California (#2017107486) and their WHOIS is public. You can find their ToS and Legal Docs here. 

They currently accept PayPal, Credit/Debit Cards and Bitcoin (along with other crypto).

Anyways, heres the offer:

LEB Exclusive x1
  • 2GB RAM
  • 1 x vCore
  • 10GB Storage Space (SSD)
  • 1TB Bandwidth
  • 1Gbps
  • 1 x IPv4
  • KVM (Virtualizor)
  • $5.99/mo
  • [Order Now]
LEB Exclusive x2
  • 4GB RAM
  • 2 x vCores
  • 15GB Storage Space (SSD)
  • 1TB Bandwidth
  • 1Gbps
  • 1 x IPv4
  • KVM (Virtualizor)
  • $10.99/mo***
  • [Order Now]

More information after the break!

***(You may have noticed the 4GB plan goes $0.99 over our $10/mo limit on self-managed virtual machines. We are temporarily allowing this for any provider as long as it is within reason while we aim to find the best price point for our readers!)***

Network Info: 

Datacenter/TestIP Info
Datacenter Name Location: QuadraNet Los Angeles, USA
Test IPv4:
Test IPv6: 2607:fcd0:106:5c00::9a10:7ed7...


DNA Data Storage Gets Random Access IEEE Spectrum Recent Content full text

Researchers have devised a system to recover targeted files from 200 megabytes of data encoded in DNA Illustration: iStockphoto

DNA data storage just got bigger and better. Scientists have reported the first random-access storage system from which they can recover individual data files, error free, from over 200 megabytes of digital information encoded into DNA.

Random access is key for a practical DNA-based memory, but until now, researchers have been able to achieve it with only up to 0.15 megabytes of data.

Since submitting their research, published in Nature Biotechnology , the team from Microsoft Research and the University of Washington has already improved on what they reported. Their storage system now offers random access across 400 megabytes of data encoded in DNA with no bit errors, says Microsoft Researchs Karin Strauss, who led the new work with Luis Ceze from the University of Washington.

Microsoft and other tech companies are seriously considering the possibility of archiving data in DNA. Current data storage technologies are not keeping up with the breakneck pace at which we generate digital content, Strauss says. Synthetic DNA is an attractive storage medium because it can, in theory, store 10 million times as much data as magnetic tape in the same volume, and it survives for thousands of years. Technology Review reports that Microsoft Research aims to have an operational DNA-based storage system working inside a data center toward the end of this decade.

DNA data storage involves translating the binary 0s and 1s of digital data into sequences of the four bases A, C, G, and T that make up DNA. The encoded sequences are synthesized and stored in vials. A DNA sequencing machine then decodes the data by recovering the sequences from DNA molecules. But it has been hard to access specific data files. Most research efforts until now have sequenced and decoded the entire bulk of the information stored in a vial. It is not economical to sequence all the data you have stored every time you want to read a portion of it, Strauss says. 

To make a random access system, Strauss, Ceze, and their colleagues devised clever coding algorithms and turned to the polymerase chain reaction, a well-known lab technique used to make thousands of copies of DNA strands, called amplifying DNA.

The researchers worked with 35 files ranging in size from 29 kilobytes to over 44 MB,...


New Wine-Vulkan Patches Are Under Review Phoronix

Roderick Colenbrander's Wine-Vulkan work for Vulkan infrastructure support under Wine has been updated and is ready for review, making these initial bits a candidate for soon being incorporated into mainline Wine...


Study Identifies Decline in Lung Function Associated With Use of Cleaning Sprays SoylentNews

Impact of Cleaning Products on Women's Lungs as Damaging as 20-a-Day Cigarette Habit: Study

Regular use of cleaning sprays can have as much of an impact on health as smoking a pack of cigarettes a day, according to a new study. Scientists at Norway's University of Bergen tracked 6,000 people, with an average age of 34 at the time of enrolement in the study, who used the products over a period of two decades, according to the research published in the American Thoracic Society's American Journal of Respiratory and Critical Care Medicine [open, DOI: 10.1164/rccm.201706-1311OC] [DX].

They found that lung function decline in women regularly using the products, such as cleaners, was equivalent over the period to those with a 20 cigarettes a day smoking habit. [...] The experts attribute the decline in lung function to the damage that cleaning agents cause to the mucous membranes lining the airways, resulting over time in persistent changes.

The results follow a study by French scientists in September 2017 that found nurses who used disinfectants to clean surfaces at least once a week had a 24 percent to 32 percent increased risk of developing lung disease.

Original Submission

Read more of this story at SoylentNews.


Facebook exec apologizes for claim that Russian goal wasnt to sway election: report The Hill: Technology Policy

Facebooks vice president of ads apologized for his claim that the goal of Russian ads on the social media platform was not to sway the 2016 presidential election.I wanted to apologize for having tweeted my own view about Russian interference...


Facebook SMS spam risks spoiling adoption of 2FA Graham Cluley

Facebook lock thumb

It's hard enough getting people to turn on 2FA without sites using it to send non-security notifications.


Hyundais Hydrogen-Powered, Self-Driving SUV Runs on Level 4 Autonomy Lifeboat News: The Blog

Hyundai recently showcased that their latest autonomous SUV, Nexo, can deliver Level 4 autonomy. Its electric motor runs on hydrogen fuel.


Add-on clip turns smartphone into fully operational microscope Lifeboat News: The Blog

Australian researchers from the ARC Centre of Excellence for Nanoscale BioPhotonics (CNBP) have developed a 3D printable clip-on that can turn any smartphone into a fully functional microscope.

Reported in the research journal Scientific Reports, the smartphone microscope is powerful enough to visualise specimens as small as 1/200th of a millimetre, including microscopic organisms, animal and plant cells, blood cells, cell nuclei and more.

The clip-on technology is unique in that it requires no external power or light source to work yet offers high-powered microscopic performance in a robust and mobile handheld package.


Japan has just invented Robo-bees that can legitimately pollinate the earth Lifeboat News: The Blog

In an example of life imitating art, scientists have come up with a technology straight out of an episode of Black Mirror: Bee-like pollinating drones.

A team at the National Institute of Advanced Industrial Science and Technology (AIST) in Japan engineered the devices using a combination of horsehair, $USD 100 drones and a sticky ion gel.

Its pretty simple really first, the drones fly into flowers much like a bee would. Inside the flower, pollen gets stuck to the drone due to the combination of the ion gel and horsehair. That same pollen is then shaken off into the next flower, and so on. Its just your run of the mill birds and the robots bees.


Researchers Have Created a New Camera Capable of Seeing Through the Human Body Lifeboat News: The Blog

For many years doctors have been able to get a look inside a persons body using X-ray scans, or placing a tiny camera inside the body. But those tools provide a limited view and can only reveal so much. A recently developed camera, however, may give doctors the ability to see everything happening in the human body, no matter where it is.

The camera was developed by researchers from the University of Edinburgh, and its meant to work while paired with an endoscope a long, slender piece of equipment that usually has a camera, sensors, and lights at its tip.

Light emitted by the endoscope typically scatters when it comes into contact with structures within the body, such as body tissue, but the new camera is able to pick up on it thanks to the photon detectors inside of it. The camera is able to detect light sources behind as much as 20 centimeters (7.9 inches) of bodily tissue.


DeepMinds latest AI transfers its learning to new tasks Lifeboat News: The Blog

By using insights from one job to help it do another, a successful new artificial intelligence hints at a more versatile future for machine learning.

Backstory: Most algorithms can be trained in only one domain, and cant use whats been learned for one task to perform another, new one. A big hope for AI is to have systems take insights from one setting and apply them elsewherewhats called transfer learning.

Whats new: DeepMind built a new AI system called IMPALA that simultaneously performs multiple tasksin this case, playing 57 Atari gamesand attempts to share learning between them. It showed signs of transferring what was learned from one game to another.


Entangled universe: Could wormholes hold the cosmos together? Lifeboat News: The Blog

Weird connections through space-time might make reality real, giving us a promising new route to a theory of everything.


Thats odd: Quantum entanglement mangles space and time Lifeboat News: The Blog

Spooky action at a distance the dislocated effect of the quantum world is real without a doubt. So the problem must lie in our perception of space and time.


DNA designer bodies are no longer the stuff of science fiction Lifeboat News: The Blog

Entrepreneur Juan Enriquez has outlined a future where we will be able to survive in extreme environments and even hack our memory thanks to DNA manipulation.


Russian bots turn to gun control after Florida high school shooting: report The Hill: Technology Policy

Twitter accounts with suspected ties to Russian actors have sent a series of posts and hashtags on the gun violence debate sweeping across the U.S. following the deadly shooting at a high school in Parkland, Fla., last week, according to The...


Benchmarking Amazon EC2 Instances vs. Various Intel/AMD CPUs Phoronix

Given the recent performance changes following the Spectre/Meltdown CPU vulnerability mitigation and having just wrapped up some fresh CPU bare metal benchmarks as part of that testing as well as the recent AMD Raven Ridge launch, I've carried out a fresh round this week of benchmarks on various Amazon EC2 on-demand instance types compared to a number of bare metal Intel and AMD processors in looking at how the compute performance compares.


The four myths hampering cybersecurity maturity Help Net Security

Weve seen tremendous advances in technology over the last 15 years or so, but security continues to struggle as much today as it did a decade ago. A large part of the problem is that security professionals and their leaders have bought into myths that hamper their ability to move their organizations forward and achieve maturity the kind of maturity thats necessary to be able to survive and recover from a cyber attack. In More


Apple fixes 'killer text bomb' vulnerability with new update for iOS, macOS, watchOS, and tvOS Graham Cluley

Apple released updates on Monday that will protect owners of iPhones, iPads, iMacs, MacBooks, iMac Pros, Apple Watches, and (phew!) Apple TVs from having toerags crash their devices.

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Tuesday, 20 February


What types of hospitals experience data breaches? Help Net Security

An estimated 16 million patient records were stolen in the United States in 2016, and last summer the British health system was crippled by a ransomware attack. While we know these events are on the rise, what do we know about the hospitals that are vulnerable to these attacks? A study in The American Journal of Managed Care took on this question, and found that while the network attacks in the headlines do affect millions More


Re: CVE-2017-17712 net/ipv4/raw.c: raw_sendmsg() race condition Open Source Security

Posted by Mohamed Ghannam on Feb 20


It looks great!, awesome work


2018-02-20 9:45 GMT+00:00 Alexander Popov <alex.popov () linux com>:


Ubuntu Wants PCs' Vital Stats Like Location And Makes Users "Opt Out" SoylentNews

The Register spotted Ubuntu behaving badly again with respect to users' privacy. In their article "Ubuntu wants to slurp PCs' vital statistics even location with new desktop installs: Data harvest notice will be checked by default", they note that in addition to installing popcon and apport by default, Canonical seeks much deeper data mining (without using the word "telemetry"):

[...] "We want to be able to focus our engineering efforts on the things that matter most to our users, and in order to do that we need to get some more data about sort of setups our users have and which software they are running on it," explained Will Cooke, the director of Ubuntu Desktop at Canonical.

[...] Data Canonical seeks "would include" the following: Ubuntu Flavour, Ubuntu Version, Network connectivity or not, CPU family, RAM, Disk(s) size, Screen(s) resolution, GPU vendor and model, OEM Manufacturer, Location (based on the location selection made by the user at install). No IP information would be gathered, Installation duration (time taken), Auto login enabled or not, Disk layout selected, Third party software selected or not, Download updates during install or not, [and] LivePatch enabled or not.

The system plans to leverage the power of the default setting by making the choice opt-out, not opt-in as popcon has been in the past: Cooke explained to the ubuntu-devel audience that "Any user can simply opt out by unchecking the box, which triggers one simple POST stating, 'diagnostics=false'. There will be a corresponding checkbox in the Privacy panel of GNOME Settings to toggle the state of this."

El Reg also noted Ubuntu's plan to address user privacy concerns:

"The Ubuntu privacy policy would be updated to reflect this change."

This seems less egregious than Ubuntu's past invasions of privacy, but much more invasive and Windows 10-like.

Original Submission

Read more of this story at SoylentNews.


Multiple Persistent XSS vulnerabilities in Radiant Content Management System Bugtraq

Posted by suparna . kachru on Feb 20

*1. Introduction*

Vendor : Radiant
Affected Product : Radiant CMS 1.1.4
Fixed in : NA
Vendor Website :
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-7261

*2. Overview*

Technical Description:

There are multiple Persistent XSS vulnerabilities in Radiant Content Management System. These vulnerabilities exists
due to...


The Strange Physics of Curling Hackaday

It turns out that curling involves some complex physics. [Destin] of Smarter Every Day has jumped in to find out why scientists on opposite sides of the Atlantic disagree about why curling stones curl.

If youve been watching the Olympics, youve probably seen some curling, the Scottish sport of competitively pushing stones on ice. As the name implies, curling stones dont go straight. The thrower pushes them with a bit of rotation, and the stones curve in the direction they are rotating. This is exactly the opposite of what one would expect try it yourself with an inverted drinking glass on a smooth table.  The glass will curl opposite the direction of rotation. Clockwise spin will result in a curl to the left, counterclockwise in a curl to the right.

The cup makes sense when you think about the asymmetrical friction involved. The cup is slowing down, which means more pressure on the leading edge. The rotating leading edge pushes harder against the table and causes the cup to curl opposite the direction of rotation.

The problem is that curling stones dont do this. Scientists at Uppsala University in Sweden believe it is due to the scratch theory the leading edge of the stone scratches the ice as it passes, which imparts a force on the trailing edge of the stone.

Dr. Mark Shegelski from Canadas University of Northern British Columbia disagrees. H...


How to use Chomper Internet blocker for Linux to increase productivity nixCraft

Chomper is a free and open source Python cli for Linux desktop. It lets you block access to distracting websites for specified periods of time. The program is intended to help you with issues being productive on a desktop due to Internet distractions. One can set a period to block websites. Until that timer expires, you will be unable to access sites.

The post How to use Chomper Internet blocker for Linux to increase productivity appeared first on nixCraft.


Vega Gets Its Last Fix For Dawn of War III On Linux With Vulkan Phoronix

Samuel Pitoiset of Valve has worked through the last of the Dawn of War 3 issues for Radeon Vega GPUs with the RADV Vulkan driver...


Money Laundering Via Author Impersonation on Amazon? Krebs on Security

Patrick Reames had no idea why sent him a 1099 form saying hed made almost $24,000 selling books via Createspace, the companys on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book thats full of nothing but gibberish.

The phony $555 book sold more than 60 times on Amazon using Patrick Reames name and Social Security number.

Reames is a credited author on Amazon by way of several commodity industry books, although none of them made anywhere near the amount Amazon is reporting to the Internal Revenue Service. Nor does he have a personal account with Createspace.

But that didnt stop someone from publishing a novel under his name. That word is in quotations because the publication appears to be little more than computer-generated text, almost like the gibberish one might find in a spam email.

Based on what I could see from the sneak peak function, the book was nothing more than a computer generated story with no structure, chapters or paragraphs only lines of text with a carriage return after each sentence, Reames said in an interview with KrebsOnSecurity.

The impersonator priced the book at $555 and it was posted to multiple Amazon sites in different countries. The book which as been removed from most Amazon country pages as of a few days ago is titled Lower Days Ahead, and was published on Oct 7, 2017.

Reames said he suspects someone has been buying the book using stolen credit and/or debit cards, and pocketing the 60 percent that Amazon gives to authors. At $555 a pop, it would only take approximately 70 sales over three months to rack up the earnings that Amazon said he made.

This book is very unlikely to ever sell on its own, much less sell enough copies in 12 weeks to generate that level of revenue, Reames said. As such, I assume it was used for money laundering, in addition to tax fraud/evasion by using my Social Security number. Amazon refuses to issue a corrected 1099 or provide me with any information I can use to determine where or how they were remitting the royalties.

Reames said the books he has sold on Amazon under his name were done through his publisher, not directly via a persona...


Mr. Rogers' Neighborhood 50th Anniversary SoylentNews

The first episode of "Mister Rogers' Neighborhood" was broadcast on PBS on February 19, 1968. Fifty years later, the program is still being shown on public television stations, to the delight of both children and adults. Though he passed away in 2003, Fred Rogers' philosophy continues to influence children's television today.

Original Submission

Read more of this story at SoylentNews.


GitHub Predicts Hottest 2018 Open Source Trends

According to the GitHubs announcement of its findings, the company looked at three different types of activity. It identified the top 100 projects that had at least 2,000 contributors in 2016 and experienced the largest increase in contributors in 2017. It also identified the top 100 projects that received the largest increase in visits to the projects repo in 2017. It also identified the top 100 projects that received the most new stars in 2017.


Replacing Patent Sharks/Trolls and the Patent Mafia With Icons Like Thomas Edison Techrights

Dolphins and innovation not quite what the optimistic vision of patent systems led to


Summary: The popular perceptions of patents and the sobering reality of what patents (more so nowadays) mean to actual inventors who arent associated with global behemoths such as IBM or Siemens

WHEN I was a lot younger I was told that patents were supposed to make life better. When I won some competitions which the media covered it oddly enough chose to frame that as our youth is getting us lots of patents (I still have that newspaper headline preserved). But we hadnt applied for any patents. We had no interest in patents. I was in charge of finances for that particular project, which flew us to Denmark to represent the country. That was a long time ago, almost exactly 20 years ago. Back then I (aged 15-16) knew next to nothing about patents, except by name. I had only done programming for a year or two. I could do electronics (relatively simple circuitry, which our next project revolved around a gadget to be attached to doors).

Back then I (aged 15-16) knew next to nothing about patents, except by name.Anyway, this post isnt about my school days; the point is, a lot of people know next to nothing about patents. My mother still knows next to nothing about them (she thinks theyre synonymous with things that do clever things), so Ive quit trying to explain that to her. It would probably be interesting to give people a 10-question survey in order to understand just what proportion of the population really understands what patents are and how they work.

Yesterday (February 19th) this press release said that Siemens had joined an LTE patent pool. Good for Siemens. They can afford it. They have the money and the patents. But what about those who arent a multi-billion, multi-national, multi-faceted corporation like Siemens? What about that legendary (or mythical) lone wolf, small guy, independent inventor? That sort of inventor just looks at these pools as a rich peoples club, intended for the most part to guard them from competition. Its like a cartel, to put it quite bluntly

Well never forget how Siemens lobbied for software patents in Europe (something which the EPO practices now). We wrote a lot of articles about that at the time...


Vulkan 1.0.69 Released With Fixes & New AMD Buffer Marker Extension Phoronix

While waiting to see what Khronos could have in store for GDC 2018 next month around Vulkan, today marks the Vulkan 1.0.69 point release availability...


Copyright Trolls Target Up to 22,000 Norwegians for Movie Piracy TorrentFreak

Last January it was revealed that after things had become tricky in the US, the copyright trolls behind the action movie London Has Fallen were testing out the Norwegian market.

Reports emerged of letters being sent out to local Internet users by Danish law firm Njord Law, each demanding a cash payment of 2,700 NOK (around US$345). Failure to comply, the company claimed, could result in a court case and damages of around $12,000.

The move caused outrage locally, with consumer advice groups advising people not to pay and even major anti-piracy groups distancing themselves from the action. However, in May 2017 it appeared that progress had been made in stopping the advance of the trolls when another Njord Law case running since 2015 hit the rocks.

The law firm previously sent a request to the Oslo District Court on behalf of entertainment company Scanbox asking ISP Telenor to hand over subscribers details. In May 2016, Scanbox won its case and Telenor was ordered to hand over the information.

On appeal, however, the tables were turned when it was decided that evidence supplied by the law firm failed to show that sharing carried out by subscribers was substantial.

Undeterred, Njord Law took the case all the way to the Supreme Court. The company lost when a panel of judges found that the evidence presented against Telenors customers wasnt good enough to prove infringement beyond a certain threshold. But Njord Law still wasnt done.

More than six months on, the ruling from the Supreme Court only seems to have provided the company with a template. If the law firm could show that the scale of sharing exceeds the threshold set by Norways highest court, then disclosure could be obtained. That appears to be the case now.

In a ruling handed down by the Oslo District Court in January, its revealed that Njord Law and its partners handed over evidence which shows 23,375 IP addresses engaged in varying amounts of infringing behavior over an extended period. The ISP they have targeted is being kept secret by the court but is believed to be Telenor.

Using information supplied by German anti-piracy outfit MaverickEye (which is involved in numerous copyright troll cases globally), Njord Law set out to show that the conduct of the alleged pirates had been exceptional for a variety of reasons, categorizing them variously (but non-exclusively) as follows:

IP addresses involved in BitTorrent swarm sizes greater than 10,000 peers/pirates
IP addresses that have shared at least two of the plaintiffs&...


Qt 5.11 Alpha Released With Many Toolkit Additions Phoronix

Hitting right on time even when the branching was running one week late is the first alpha release for the upcoming Qt 5.11 tool-kit update...


Rookies Guide to Ethereum and Blockchain

Rookies Guide to Ethereum and Blockchain


RadeonSI Now Offers NIR Shader Cache Support Phoronix

Earlier this month Valve Linux GPU driver developer Timothy Arceri landed NIR shader caching support within the Gallium3D Mesa state tracker as an alternative to the existing TGSI IR caching support. Arceri has now worked through implementing this NIR cache support for the RadeonSI driver...


Re: CVE-2017-17712 net/ipv4/raw.c: raw_sendmsg() race condition Open Source Security

Posted by Alexander Popov on Feb 20

Hello Mohamed,

Thanks a lot for your report, PoC and patch fixing the issue. Really great!

The exploitation of this kind of vulnerabilities should be blocked by STACKLEAK.

STACKLEAK is a Linux kernel hardening feature initially developed by
Grsecurity/PaX. I'm doing my best to introduce it to the mainline kernel:

I've tested your PoC against the kernel with STACKLEAK. The...


Jolla Pushes Out Sailfish OS 2.1.4 Into Early Access Phoronix

For those still interested in Jolla's Linux-based but locked down Sailfish mobile operating system, the Sailfish OS 2.1.4 release is now available to early access users...


AT&T Sharpens Edge With New Open Source Effort, Test Lab Launch

AT&T is continuing its aggressive edge computing push, today announcing that its first test zone for edge applications is up and running at its AT&T Foundry in Palo Alto, Calif., and that it is creating a new open source project focused on automated, distributed cloud infrastructure for carrier and enterprise networks.


The Patent Trolls Lobby is Distorting the Record of CAFC on PTAB Techrights

Distortion has become an art form

Summary: The Court of Appeals for the Federal Circuit (CAFC), which deals with appeals from PTAB, has been issuing many decisions in favour of 101, but those arent being talked about or emphasised by the patent industry

THE last post from yesterday, which was about the Patent Trial and Appeal Board (PTAB), showed an increase in activity and likely growing pressure for USPTO examiners to reject software patents (PTAB watches what they do). Clearly, based on recent studies, not enough software patents are being rejected (not yet anyway) as many are pure rubbish and it's still profitable to the Office (the financial incentive perturbs the process).

According to these two examples from yesterday [1, 2], not only PTAB rejects software patents; examiners do too (PTAB Affirmed Examiners [Section] 101 Rejection of Software Claims in a patent application and PTAB Affirmed Examiners 101 Rejection of Philips Patent Application Claims for Shape Sensing with optical fiber).

This is generally very encouraging. Its just a shame that examiners do let software patents slip in sometimes.

Eventually, however, its the courts (not PTAB or examiners) that get to decide on things unless theres an out-of-court settlement. Affirmations of PTAB decisions by CAFC are as recent as days ago, citing Alice/Section 101. This has become the new normal. There are other grounds for dismissal, but this scenario is most common. At lower courts the situation is a tad different, for instance:

The court denied defendants motion to dismiss on the ground that...


Hackers convert the Nintendo Switch into a functional Linux tablet TechWorm

Nintendo Switch turned into a Linux tablet by hackers

Recently, a hacker group named fail0verflow had successfully managed to run Debian Linux on Switch by exploiting its boot code. The group had posted a still image on Twitter that displayed the Nintendo console running the Debian Linux distro and user login, along with a serial adapter that was connected to one of the Joy-Con terminal on the right side.

Now, the same group fail0verflow has converted the console into a full-fledged tablet PC. In a video posted on Twitter, it shows the hacked Switch running a full-on Linux distro with complete touchscreen support, and a fully operational web browser.

It shows that by using the console touchscreen, you can move windows, start applications and enlarge websites. Further, you can also enter texts using an on-screen keyboard. Additionally, the video shows how an installed software manages to calculate complex 3D graphics.

Until date, the hackers have not published any instructions or details on how they proceeded with the exploit. It is only known that the hackers have exploited a vulnerability in the boot ROM grouping. According to the hackers, the exploit cannot be patched via future software or firmware updates and also does not require a modchip. The only way to resolve the problem for Nintendo is to install a new processor in the hybrid console.

Nintendo has not yet commented on the issue so far.

Source: The Verge


The post Hackers convert the Nintendo Switch into a functional Linux tablet appeared first on TechWorm.


Understanding SELinux Labels for Container Runtimes

"I've just started to deal with some software that is containerized via Docker, and which is ordinarily only ever run on Ubuntu. Naturally this means nobody ever put any thought into how it will interact with SELinux.

"I know that containers get a pair of randomly chosen MCS [Multi-Category Security] labels by default, and that the files they create obviously end up with those same categories. However, when it's time to rebuild or upgrade the container, the files are now inaccessible because the new container has a different pair of categories.


Scientists Grow Sheep Embryos Containing Human Cells SoylentNews

Breakthrough as scientists grow sheep embryos containing human cells

Growing human organs inside other animals has taken another step away from science-fiction, with researchers announcing they have grown sheep embryos containing human cells.

Scientists say growing human organs inside animals could not only increase supply, but also offer the possibility of genetically tailoring the organs to be compatible with the immune system of the patient receiving them, by using the patient's own cells in the procedure, removing the possibility of rejection. [...] "Even today the best matched organs, except if they come from identical twins, don't last very long because with time the immune system continuously is attacking them," said Dr Pablo Ross from the University of California, Davis, who is part of the team working towards growing human organs in other species.

[...] Ross and colleagues have recently reported a major breakthrough for our own species, revealing they were able to introduce human stem cells into early pig embryos, producing embryos for which about one in every 100,000 cells were human. These chimeras a term adopted from Greek mythology were only allowed to develop for 28 days.

Now, at this week's meeting of the American Association for the Advancement of Science in Austin, Texas, the team have announced that they have managed a similar feat with sheep embryos, achieving an even higher ratio of human to animal cells. "About one in 10,000 cells in these sheep embryos are human," said Ross.

Japan is expected to lift a ban on growing human organs inside of animals.

Here's another article about pig-to-human organ transplants.

Also at The Telegraph.

Related: Surgeons Smash Records With Pig-to-Primate Organ Transplants
Human-Animal Chimeras are Gestating on U.S. Research Farms
Pig Hearts Survive in Baboons for More than Two Years
NIH Plans To Lift Ban On Research Funds For Human-Animal Chimera Embryos


What is LLVM? The Power Behind Swift, Rust, Clang, and More

LLVM makes it easier to not only create new languages, but to enhance the development of existing ones. It provides tools for automating many of the most thankless parts of the task of language creation: creating a compiler, porting the outputted code to multiple platforms and architectures, and writing code to handle common language metaphors like exceptions. Its liberal licensing means it can be freely reused as a software component or deployed as a service.


A new multi-stage attack deploys a password stealer without using macros Security Affairs

Security researchers at Trustwave spotted a new malicious campaign that uses a multi-stage attack to deploy a password stealer.

Researchers at Trustwave have spotted a new malware-based campaign that uses a multi-stage infection to deploy a password stealer malware.

Hackers leverage the infamous Necurs botnet to distribute spam emails delivering Microsoft Office documents that embedded malicious macros.

DOCX attachments used by the attackers contain an embedded OLE object that has external references, the external access is provided to remote OLE objects to be referenced in the document.xml.rels.

Anyone can easily manipulate data in a Word 2007 file programmatically or manually. As shown below, the DOCX attachment contains an embedded OLE object that has external references. This feature allows external access to remote OLE objects to be referenced in the document.xml.rels. states the analysis published by trustwave.

When user opens the DOCX file, it causes a remote document file to be accessed from the URL: hxxp://gamestoredownload[.]download/WS-word2017pa[.]doc. This is actually a RTF file that is downloaded and executed.

Once the victim opened the file, it will attempt to trigger the CVE-2017-11882 memory-corruption flaw that was used by many threat actors in the wild, including the Cobalt hacking group. Microsoft fixed the vulnerability in November, the CVE-2017-11882 flaw was discovered by the security researchers at Embedi, it affects the MS Office component EQNEDT32.EXE that is responsible for insertion and editing of equations (OLE objects) in documents.

The component fails to properly handle objects in the memory, a bug that could be exploited by the attacker to execute malicious code in the context of the logged-in user.

Back to the macro-based Multi-Stage attack discovered by Trustwave, the RTF file accessed after the victim opens the DOCX files executes an MSHTA command line to download and execute a remote HTA file.

The HTA file contains VBScript with obfuscated code that decodes to a PowerShell Script designed to eventually downloads and executes a remote binary file that is a Password Stealer Malware.



Linux: To Recurse or Not

Linux and recursion are on very good speaking terms. In fact, a number of Linux commands recurse without ever being asked, while others have to be coaxed with just the right option.

When is recursion most helpful and how can you use it to make your tasks easier? Lets run through some useful examples and see.


Debunking Moon Landing Denial with an Arduino and Science Hackaday

Its sad that nearly half a century after the achievements of the Apollo program were still arguing with a certain subset of people who insist it never happened. Poring through the historical record looking for evidence that proves the missions couldnt possibly have occurred has become a sad little cottage industry, and debunking the deniers is a distasteful but necessary ongoing effort.

One particularly desperate denier theory holds that fully spacesuited astronauts could never have exited the tiny hatch of the Lunar Excursion Module (LEM). [AstronomyLive] fought back at this tendentious claim in a clever way with a DIY LIDAR scanner to measure Apollo artifacts in museums. The hardware is straightforward, with a Garmin LIDAR-Lite V3 scanner mounted on a couple of servos to make a quick pan-tilt head. The rig has a decidedly compliant look to it, with the sensor flopping around a bit as the servos move. But for the purpose, it seems perfectly fine.

[AstronomyLive] took the scanner to two separate museum exhibits, one to scan a LEM hatch and one to scan the suit Gene Cernan, the last man to stand on the Moon so far, wore while training for Apollo 17. With the LEM flying from the rafters, the scanner was somewhat stretching its abilities, so the point clouds he captured were a little on the low-res side. But in the end, a virtual Cernan was able to transition through the virtual LEM hatch, as expected.

Sadly, such evidence will only ever be convincing to those who need no convincing; the willfully ignorant will always find ways to justify their position. So lets just celebrate the achievements of Apollo.


Google Pixel 2 and Pixel 2 XL users suffer from overheating and battery drain issues TechWorm

Google Pixel 2 and Pixel 2 XL Smartphones Affected Due To February Security Update, Causes Overheating And Reduced Battery Life

A few of Googles Pixel 2 and Pixel 2 XL are experiencing battery and overheating issues after installing the February 2018 Android security update earlier this month.

Pointed out first by 9to5Google, Pixel 2 and the Pixel 2 XL users have taken to Reddit and Googles Pixel User Community website, to complain that their devices are running warm in standby mode and are experiencing reduction in battery life than usual. While some users are claiming to have experienced both the battery and heating issue, some claim to have experienced either of them.

For instance, Reddit user noobsquared talking about the battery issue posted, Battery is terrible since the latest update. Phone is getting pretty warm just using reddit anymore. January update broke all calling for me, had to factory reset.

While another Reddit user ElitePixelGamer posted: It gets fairly warm almost instantly after starting to use it, within about a minute or so of anything really. Anyone got any advice? Battery life seems unaffected.

Sudarshan Sarang, who started one of the big threads on the Pixel User Community, said that the phone was heating to up to 45 degrees Celsius with screen-on time down by 30 percent since the latest update. Even after doing two full factory resets on his phone, the issue was not resolved.

My battery should not be at 40 percent from less than an hour of screen on time with no new apps at all, said braidenis on Reddit.

Google Support has yet to address the issue. In case, you are facing trouble with your Google Pixel 2 or Pixel 2 XL smartphone, we suggest you to wait for Googles update containing a fix or contact Pixel Support for immediate assistance.


The post Google Pixel 2 and Pixel 2 XL users suffer from overheating and battery drain issues appeared first on TechWorm.


Japan Demonstrates Sanity on SEP Policy While US Patent Policy is Influenced by Lobbyists Techrights

Last year: Delrahim to head Justice Department antitrust unit

Revolving Door: Makan Delrahim Employment Summary
Reference: Revolving Door: Makan Delrahim Employment Summary

Summary: Japans commendable response to a classic pattern of patent misuse; US patent policy is still being subjected to never-ending intervention and there is now a lobbyist in charge of antitrust matters and a lawyer in charge of the US patent office (both Trump appointees)

PATENTS are about markets and competition. Theyre about publishing of ideas without risk to ones business. The Japan Patent Office (JPO) seems to understand that patents which cannot be worked around, e.g. because theyre essential for standards compliance, are a barrier to markets and competition. These patents can actively damage progress in science and technology something which the USPTO proclaims to be promoting.

The Japan Patent Office (JPO) seems to understand that patents which cannot be worked around, e.g. because theyre essential for standards compliance, are a barrier to markets and competition.As weve been noting repeatedly in recent years, Japans courts got tougher on software patents. It wasnt always the case. Japans government also gets it better than the Trump administration, where lobbyist Delrahim is now in charge of antitrust matters. The US, which fails to understand the concept of antitrust, would do its industry irreparable damage for the sake of few large corporations (like Qualcomm); Japan is at least recognising the issue with SEP. It is taking action. We last wrote about that a couple of days ago, citing Japenese bloggers.

Patent owners have litt...


Green Automotive Manufacturing Lifeboat News: The Blog

Divergent has created a green 3D print automotive manufacturing platform that radically reduces materials, energy, and cost.


Amidst Election Security Worries, Suddenly, Paper Ballots Are Making a Comeback SoylentNews

The Intercept reports

The nation's secretaries of state gathered for a multi-day National Association of Secretaries of State (NASS) conference in Washington, D.C., this weekend, with cybersecurity on the mind.

Panels and lectures centered around the integrity of America's election process, with the federal probe into alleged Russian government attempts to penetrate voting systems a frequent topic of discussion.

[...] One way to allay concerns about the integrity of electronic voting machine infrastructure, however, is to simply not use it. Over the past year, a number of states are moving back towards the use of paper ballots or at least requiring a paper trail of votes cast.

For instance, Pennsylvania just moved to require all voting systems to keep a paper record of votes cast. Prior to last year's elections in Virginia, the commonwealth's board of elections voted to decertify paperless voting machines--voters statewide instead voted the old-fashioned way, with paper ballots.

[...] Oregon is one of two states in the country to require its residents to vote by mail, a system that was established via referendum in 1998. [Oregon Secretary of State Dennis] Richardson argued that this old-fashioned system offers some of the best defense there is against cyber interference.

"We're using paper and we're never involved with the Internet. The Internet is not involved at all until there's an announcement by each of our 36 counties to [the capital] Salem of what the results are and then that's done orally and through a confirmation e-mail and the county clerks in each of the counties are very careful to ensure that the numbers that actually are posted are the ones that they have," he said. "Oregon's in a pretty unique situation."

[...] In New Hampshire, the state uses a hybrid system that includes both paper ballots and machines that electronically count paper ballots with a paper trail.

Karen Ladd, the assistant secretary of state for New Hampshire, touted the merits of the system to The Intercept. "We do a lot of recounts, and you can only have a recount with a paper ballot. You can't do a recount with a machine!" she said.

America's paper ballot states may seem antiquated to some, but our neighbors to the north have used...


FISA-Gate: The Plot To Destroy Our Republic Terra Forming Terra

What should be talked about is the inferred conspiracy with the Democratic party and a Saudi colluders using Pakistani intelligence assets no less.  Where they out of their minds or was it set up in conjunction with Obama to facilitate an Islamic Agenda?
Worse for them, is that Trump certainly has all the data on it and knew about it long before.
As this makes completely clear, a group of powerful insiders of the Deep State took it upon themselves to work toward eliminating the duly elected president by all possible means. Problem is that the Trump administration has turned this attack on its perpetrators.
Huge amounts of the related Intel has been provided to the media but has also been ignored by the MSM.  Saddening actually.  Their demise is certain.  A media monopoly is not a free press...

FISA-Gate: The Plot To Destroy Our Republic

by Justin Raimondo Posted onFebruary 05, 2018

You dont need any special analytical abilities to understand the memo and its meaning. A simple reading reveals that allegations of skullduggery peeking by the Obama administration during the presidential campaign were entirely accurate: the memo just filled us in on the details. And while the debate has largely been over whether the proper legal procedures were followed by the FBI and administration officials in spying on Carter Page someone only marginally connected to the Trump campaign the real question is: why were they sneaking around Page at all?

Oh, he claimed to b...


To automate is human Terra Forming Terra

That is really the truth of it.  The combination of our improvable brain and our free and flexible hands make it all work and this is what we are converging toward.
Soon we will communicate mind to mind with our animal brothers and our robots as well.  This frees up the human mind in many new ways as well.  Perhaps we can universally gain the value of a photographic memory if such has value.

Whatever the event it all needs to be formed into natural communities operated through the rule of twelve and the pot-latch.  Modernity will allow the rule of twelve to be properly shared though the human landscape.

To automate is human 

Its not tools, culture or communication that make humans unique but our knack for offloading dirty work onto machines 


IG poised to reignite war over FBIs Clinton case Terra Forming Terra

Does anyone really think that a fair review of the handling of the Clinton Email gig is wanted by the principals involved?  Yet that is coming. Not for a few months yet and other rising events could well make it mute.

Most likely it will simply close out a sad chapter in our history.

Way more serious actions seem likely to dominate the agenda. In fact it would be a source of disappointment if we actually care about this then.

IG poised to reignite war over FBIs Clinton case


Six months in, Kelly emerges as policy force White House: We didn't have anything to do with McCabe exit Judge blocks Trump move to end DACA IG poised to reignite war over FBIs Clinton case GOP leaders to attach defense funding to CR McCain, Coons immigration bill sparks Trump backlash IG poised to reignite war over FBIs Clinton case GOP leaders to attach defense funding to CR McCain, Coons immigration bill sparks Trump backlash 00:1300:54 IG poised to reignite war over FBIs Clinton case3



The Patent Microcosms Embrace of Buzzwords and False Marketing Strives to Make Patent Examiners Redundant and Patent Quality Extremely Low Techrights

Patent maximalism defeats the very purpose of patent systems


Summary: Patent maximalists, who are profiting from abundance of low-quality patents (and frivolous lawsuits/legal threats these can entail), are riding the hype wave and participating in the rush to put patent systems at the hands of machines

THE USPTO keeps tightening patent scope (more on that later today), whereas the EPO goes in the opposite direction and broadens the scope of patents. This is a recipe for disaster and it puts at greater threat plenty of European businesses. Not law firms, but actual European businesses.

This is a recipe for disaster and it puts at greater threat plenty of European businesses.Sadly, a lot of policy decisions are steered by lawyers, not scientists, and law firms rather than actual European businesses (which make things) have leverage over law. Thats how UPCA managed to get as far as it has.

Yesterday we saw another dumb idea resurrected, owing to a lot of hype. We are going to continue hearing for some time about #blockchain methods being applied to #patent transactions and procedures, said a patents person from the US. We were recently told similar things about AI. The craze over these things (especially in the media) is troubling; not only is AI not a new thing but its also not so Earth-shattering. Something as simple as patent searches (based on text and word density, textual patterns etc.) can already be framed as AI. The more one knows about the origins of the term, the more easily one accepts that almost any algorithm can be painted AI (given the will/motivation). As for blockchain, its not a buzzword but an actual implementation or set of implementations (based on the concept of blockchains), yet theres plenty of hype around it.

The craze over these things (especially in the media) is troubling; not only is AI not a new thing but its also not so Earth-shattering.Alexander Esslinger responded to a commenter (context being the above) by stating: Blockchain could provide a global, distributed, immutable, time-stamped invention disclosure register independent of patent offices, fees, and formality requirements

Algorithms, however, cannot quite correlate patents based on words and ima...


RubyGems 2.7.6 addresses several flaws and implements some improvements Security Affairs

The RubyGems 2.7.6 update released last week for RubyGems includes several security improvements and addresses several types of vulnerabilities.

The new RubyGems 2.7.6 release addresses several vulnerabilities in Ruby Gems and implements several security improvements.

The updates prevent path traversal when writing to a symlinked basedir outside of the root and during gem installation.

RubyGems 2.7.6

The updates also address a cross-site scripting (XSS) vulnerability in the homepage attribute when displayed via gem server and an Unsafe Object Deserialization issue in gem owner.

The new RubyGems release raises a security error when there are duplicate files in a package and enforce URL validation on spec homepage attribute.

To update to the latest RubyGems you can run:

gem update --system

Pierluigi Paganini

(Security Affairs  RubyGems, security)

The post...


Cyberattacks cost the United States between $57 billion and $109 billion in 2016 Security Affairs

The report published by the White House Council of Economic Advisers examines the cyberattacks cost that malicious cyber activities cause to the U.S. economy.

The report analyzed the impact of malicious cyber activities on public and private entities, including DoS attacks, sabotage, business disruption, and theft of proprietary data, intellectual property, and sensitive financial and strategic information.

Damages and losses caused by a cyber attack may spill over from the initial target to economically linked organizations. More exposed are critical infrastructure sectors, at attack against companies and organization in this industry could have a severe impact on the US economy.

The document warns of nation-state actors such as Russia, China, Iran, and North Korea, that are well funded and often conduct sophisticated targeted attacks for both sabotage and cyber espionage.


Electronic skin animates heartbeat on the back of your hand Lifeboat News: The Blog

A flexible e-skin containing a few hundred micro LEDs can display your vital signs or messages from your doctor.


How to restore View Image option in Googles Image Search in three simple ways TechWorm

Here are 3 alternatives to get the View Image button back on Googles Image Search

Recently, Google took its users by surprise when it announced the removal of View Image button in image search results. Lifeline for manythe decision to remove the View Image button was met with a lot of anguish and disappointment by Google users.

Previously, the View Image feature allowed the users to quickly find the image they are searching for without having to open the source website. With the new change, users will now have to click the visit button instead to view the image on the website.

The change implemented by Google was due to the multi-year global licensing deal between the search giant and Getty Images, which gives Google the right to use Getty content in its products and services. Basically, Google now wants users to visit the original website of the image that they are looking to download from the Internet, and bring revenue to the site hosting the images, thus helping their businesses. Additionally, Google also removed the Search by Image button that appeared when users opened up an image.

However, the move to remove View Image button has not deterred users who have found ways to look for Google images search alternatives. Given below are 3 alternatives for Google images search .

  1. DuckDuckGo

DuckDuckGo, one of the most popular rivals of Google search engine, provides you the option to download images directly from the search results. Although, there isnt a separate Images tab on DuckDuckGos homepage, it does offer a View file link which is similar to the View image button.

All you need to do is, just click on the image that you want to view on the DuckDuckGo image search result page and then click the View File button to load the image in full resolution.

  1. View Image extensions for Firefox and Chrome

Thanks to developer, Joshua B, who has developed ViewImage extensions for both Chrome and Firefox that returns the View Image button to its familiar home. The ViewImage extension is now available on the Chrome Web Store page and also on Firefox.

Once the extension is added, you will be able to see the View Image button when you search Google Images the next time. The extension also restores the Search by Image button that was removed by Google.

  1. Startpage

If you are not interested in adding extensions, you can use Startpages anonymous Google-powered search engine. This will show up images along with the View Image button, which on clicking loads the imag...


Academic Investigating Chinese Influence Peddling in New Zealand Had Break-Ins at Home and Work

Via: New Zealand Herald: A New Zealand academic who made international waves researching Chinas international influence campaigns has linked a number of recent break-ins to her work. University of Canterbury professor Anne-Marie Brady, speaking today from Christchurch to the Australian Parliaments Intelligence and Security Committee in Canberra, outlined three recent events which caused her concern. []


Today, at 12:30 CET, Bavarian State Parliament Will Speak About EPO Abuses (Updated) Techrights

Team UPC does not want such abuses to be debated as that can kill the UPC for good

Bavarian flag

Summary: The politicians of Bavaria are prepared to wrestle with some serious questions about the illegality of the EPOs actions and what that may mean to constitutional aspects of German law

SEVERAL days ago, in English even (we received a full translation), we wrote about the imminent debate at the Bavarian State Parliament. Its an important day ahead of us as EPO abuses will be discussed by the host country (which is quite rare; it typically just looks the other way in order to shield the cash cow).

ow that the EPO habitually breaks the law of the land its just too hard to ignore the impact this may have on a Germany-centric UPC.Last night, readers told us about this new blog post titled Constitutional Law Alert for the EPO a post which we are guessing SUEPO will soon notice and add to its list of recommended articles. Now that the EPO habitually breaks the law of the land its just too hard to ignore the impact this may have on a Germany-centric UPC. As the author put it:

What can people, in particular citizens of Munich and Bavaria, do if they feel that elementary constitutional rights are infringed, not somewhere abroad and far away, but literally next door, at the Isar river banks or in the Pschorrhfe building?

Unfortunately, this is no rhetorical question. If such things happen in the jurisdiction of German courts and under German government, German citizens can discuss them with the relevant office or authority, seek redress to court, or they can choose the political pathway and vote for a party that at least promises to deal with the violation by changing the law, if others choose to ignore it.

Do not expect Team UPC to have any sympathy for EPO staff or have any respect for the law; in my experience, all that these people care about is money. Money, money, money. They even insinuate that the UPC complaint must have been motivated by mon...


Nov. 9th "Scuffle" Over the "Nuclear Football" in China SoylentNews

Axios: Kelly, Secret Service agent scuffled with Chinese officials over nuclear 'football'

White House chief of staff John Kelly and a Secret Service agent scuffled with Chinese security officials over the U.S. nuclear "football" during a trip to China in November, Axios reported Sunday.

[...] The interaction reportedly took place during President Trump's trip to Beijing's Great Hall of the People. The aide carrying the briefcase was blocked from entering the hall, and another official quickly told Kelly, five sources told Axios.

Kelly then came over and told the officials to continue walking in, after which a Chinese security official grabbed at Kelly, and the chief of staff pushed him off, according to Axios. A Secret Service agent then tackled the Chinese security official, the publication reported.

U.S. officials were asked to not discuss the interaction, according to Axios. Chinese officials were never in possession of the bag containing the launch codes, and a top Chinese security official apologized to the Trump team afterward.

The nuclear football (also known as the atomic football, the President's emergency satchel, the Presidential Emergency Satchel, the button, the black box, or just the football) is a briefcase, the contents of which are to be used by the President of the United States to authorize a nuclear attack while away from fixed command centers, such as the White House Situation Room. It functions as a mobile hub in the strategic defense system of the United States. It is held by an aide-de-camp.

Original Submission

Read more of this story at SoylentNews.


Another Loud Warning From EPO Workers About the Decline of Patent Quality Techrights

Patent examiners must be able to examine patent applications thoroughly and to deliver valid monopoly rights.

Decadence of monopoly

Summary: Yet more patent quality warnings are being issued by EPO insiders (examiners) who are seeing their senior colleagues vanishing and wonder what will be left of their employer

TECHRIGHTS was never a foe of the EPO. It was actually a lot more supportive of the EPO than of the USPTO and Ive personally sent letters to the EPO for over a decade with constructive suggestions (mostly regarding software patents). The reason Techrights is now blocked by the EPO is that Team Battistelli cannot stand any constructive suggestions and it cannot tolerate criticism. EPO insiders know the feeling as some of them too got fired for that. If the EPO was a scientific institution, it would sack people with differing/dissenting points of view, like Galileo and his crazy theory about the Solar System.

If the EPO was a scientific institution, it would sack people with differing/dissenting points of view, like Galileo and his crazy theory about the Solar System.Either way, our history speaks for itself. Ive long loved the EPO personally and none of us who are connected to this site (mostly Europeans) have anything to gain from EPO weaknesses/detriments. Quite the contrary.

Yesterday, once again, the EPO gave the false impression of caring for outside input. Battistelli will make all decisions on his own regardless, I told them, just like in the Disciplinary Committee. This is just EPO giving the illusion of public participation

Ive long loved the EPO personally and none of us who are connected to this site (mostly Europeans) have anything to gain from EPO weaknesses/detriments. Quite the contrary.The Boards of Appeal invite users to participate in this online consultation on proposed amendments to their rules of procedure, they said, but I very much doubt Battistelli will care what the users have to say. He repeatedly ignores, overrides and sometimes derives suggestions given to him. Its like a mental illness. Its megalomania.

Right now, as before, the EPOs management or the Administrative Council (which is in theory supposed to govern Battistelli) is being warned about immine...


Invasion of the Tiny Magnetic PCB Vises Hackaday

[Proto G] recently wrote in to share a very slick way of keeping tabs on all the tiny PCBs and devices that litter the modern electronics workbench. Rather than a big bulky PCB vise for each little board, he shows how to make tiny grippers with magnetic bases for only a couple bucks each. Combined with a sheet metal plate under an ESD mat, it allows him to securely position multiple PCBs all over his workspace.

The key to this hack is the little standoffs that are usually used to mount signs to walls. These already have a clamping action by virtue of their design, but the grip of each standoff is improved with the addition of a triangular piece of plastic and rubber o-ring.

With the gripping side of the equation sorted, small disc magnets are glued to the bottom of each standoff. With a suitable surface, the magnets are strong enough to stay upright even with a decently large PCB in the jaws.

An especially nice feature of using multiple small vises like this is that larger PCBs can be supported from a number of arbitrary points. It can be difficult to clamp unusually shaped or component-laden PCBs in traditional vises, and the ability to place them wherever you like looks like it would be a huge help.

Weve recently covered some DIY 3D printed solutions for keeping little PCBs where you want them...


Indian Scientists Find Anti-Cancer Properties in Three Rice Varieties SoylentNews

Scientists have claimed to have detected anti-cancer properties in three traditional varieties of rice found in Chhattisgarh.

[...] These varieties were taken from the rice germplasm bank preserved in IGKV, said Sharma, principal scientist at the genetics and plant breeding department of the agriculture university.

The three varieties of rice have properties to cure lungs and breast cancers without affecting normal cells, Sharma told PTI.

Indian scientists find anti-cancer properties in three rice varieties

Original Submission

Read more of this story at SoylentNews.


AHA names 2017s top advances in heart disease and stroke research Lifeboat News: The Blog

The AHA names the top 10 heart disease and stroke research advances of 2017, including new drugs, guidelines, research, and a gene therapy.


Breakthroughs in Targeted Cancer Therapies to Fight Tumors Lifeboat News: The Blog

New targeted cancer therapies have emerged to fight tumors, and scientists have much more in the pipeline.

Summary: New targeted cancer therapies have been highlighted this month as emerging technologies to fight tumors, and scientists have much more in the pipeline. [This article first appeared on LongevityFacts. Author: Brady Hartman. ]

Targeted cancer therapies the most famous of which are immunotherapies such as CAR T-cell therapy are the current focus of excitement in cancer treatment. New therapies and developments in the immunotherapy field prompted the National Cancer Institute (NCI) to update their guidance on targeted cancer therapies a little over a week ago. As the NCI says.

Many targeted cancer therapies have been approved by the Food and Drug Administration (FDA) to treat specific types of cancer.


Breakthrough cancer immunotherapy treatments to be curative by 2025 says prominent research head Lifeboat News: The Blog

Summary: Cancer immunotherapy treatments and other approaches to cure nearly all cancers within 8 years says Dr. Gilliland, a prominent cancer research head. [This article first appeared on LongevityFacts. Author: Brady Hartman. ]

Gary Gilliland, M.D., Ph.D. is the President and Director, Fred Hutchinson Cancer Research Center and in an opinion piece published at the beginning of this month, writes.

Ive gone on record to say that by 2025, cancer researchers will have developed curative therapeutic approaches for most if not all cancers.


Team paves the way for immunotherapy to treat aggressive colon tumors Lifeboat News: The Blog

Team paves the way for cancer immunotherapy demonstrating a novel technique that attacked tumors and inhibited cancers from spreading.

Summary: Team paves the way for cancer immunotherapy with a novel technique that attacked tumors and inhibited cancers from spreading. [This article first appeared on LongevityFacts. Author: Brady Hartman. ]

While cancer immunotherapy is a powerful treatment for some types of tumors, up until now, it hasnt worked well on colon cancer.

However, a team of researchers in Barcelona just showed a new technique that allows the immune system to recognize and begin fighting the tumor in mice. The treatment was so successful that it inhibited the tumors from spreading, or metastasizing to other parts of the body as cancer is prone to do. Moreover, for those cancers that had already spread, the treatment enabled the immune system to eliminate them quickly.


APPLE-SA-2018-02-19-1 iOS 11.2.6 Bugtraq

Posted by Apple Product Security on Feb 19

APPLE-SA-2018-02-19-1 iOS 11.2.6

iOS 11.2.6 is now available and addresses the following:

Available for: iPhone 5s and later, iPad Air and later, and
iPod touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher

Installation note:

This update is available through iTunes...


Browserling is now a top 40k website in the world good coders code, great reuse

According to Alexa, Browserling is now a top 40k website in the world. 10k positions up from 50k a few months ago. It another small step for a ling, but one giant leap for ling-kind.

My goal is to make Browserling a top 10k website and beyond. Thanks for following along my adventure and see you next time!


APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update Bugtraq

Posted by Apple Product Security on Feb 19

APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update

macOS High Sierra 10.13.3 Supplemental Update is now available and
addresses the following:

Available for: macOS High Sierra 10.13.3
Impact: Processing a maliciously crafted string may lead to heap
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher

Installation note:

macOS High...


APPLE-SA-2018-02-19-3 tvOS 11.2.6 Bugtraq

Posted by Apple Product Security on Feb 19

APPLE-SA-2018-02-19-3 tvOS 11.2.6

tvOS 11.2.6 is now available and addresses the following:

Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to heap
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher

Installation note:

Apple TV will periodically check for software updates....


APPLE-SA-2018-02-19-4 watchOS 4.2.3 Bugtraq

Posted by Apple Product Security on Feb 19

APPLE-SA-2018-02-19-4 watchOS 4.2.3

watchOS 4.2.3 is now available and addresses the following:

Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to heap
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher

Installation note:

Instructions on how to update your Apple Watch software are
available at...


[SECURITY] [DSA 4119-1] libav security update Bugtraq

Posted by Moritz Muehlenhoff on Feb 19

Debian Security Advisory DSA-4119-1 security () debian org Moritz Muehlenhoff
February 19, 2018

Package : libav
CVE ID : CVE-2017-16803

Several security...


Supercomputer on a fingernail, artificial synapse ushers in new AI revolution Lifeboat News: The Blog


There is nothing on Earth like the human brain, even todays AI doesnt come close, but now researchers have created an Artificial Synapse thats 200 million times faster than a human synapse, and one day it will revolutionise AI and computing.


The Secret on the Ocean Floor

Via: BBC: In the summer of 1974, a large and highly unusual ship set sail from Long Beach in California. It was heading for the middle of the Pacific where its owners boasted it would herald a revolutionary new industry beneath the waves. Equipped with a towering rig and the latest in drilling gear, the []


L.A. Countys Homeless Problem Is Worsening Despite Billions from Tax Measures

Build the sprawling San Angeles favelas with autonomous construction drones! No? Via: Los Angeles Times: Los Angeles Countys homeless population is increasing faster than the supply of new housing, even with the addition of thousands of beds in the last two years and millions of dollars beginning to flow in from two ballot measures targeting []


Blood and Urine Tests for Autism May be Possible SoylentNews

Autism: Scientists take 'first steps' towards biological test

Scientists have taken the first steps towards what they say could become a new blood and urine test for autism. Their study tested children with and without the condition and found higher levels of protein damage in those with the disorder.

The researchers said the tests could lead ultimately to the earlier detection of the condition, which can be difficult to diagnose. But experts expressed caution, saying such a test was still a long way off.

[...] For this new study, published in the Molecular Autism journal, researchers looked for chemical differences in the blood and urine of 38 autistic children and 31 children without the condition, all aged between five and 12. In those with autism they found higher levels of protein damage - particularly in the blood plasma - which they said were associated with ill health.

Dr Naila Rabbani, from the University of Warwick, who led the study, told the BBC the tests could ultimately be used by doctors to diagnose autism earlier in childhood by detecting these markers.

Advanced glycation endproducts, dityrosine and arginine transporter dysfunction in autism - a source of biomarkers for clinical diagnosis (open, DOI: 10.1186/s13229-017-0183-3) (DX)

Original Submission

Read more of this story at SoylentNews.


San Francisco Streets More Filthy Than Third World Slums

Via: NBC: How dirty is San Francisco? An NBC Bay Area Investigation reveals a dangerous mix of drug needles, garbage, and feces throughout downtown San Francisco. The Investigative Unit surveyed 153 blocks of the city the more than 20-mile stretch includes popular tourist spots like Union Square and major hotel chains. The area []


Scientists Develop A Way To Use A Smartphone To Prevent Food Poisoning Lifeboat News: The Blog

The Salt A microscope that clips on to your phones camera can detect bacteria, such as salmonella or E. coli, even in tiny amounts. But the technology cant yet distinguish between good and bad bacteria.


Smarticle Robot Swarms Turn Random Behavior into Collective Intelligence Lifeboat News: The Blog

New algorithms show how very simple robots can be made to work together as a group.


A Jukebox For The 21st-Century Kit Blends Raspberry Pi, Sonos, QR Codes Hackaday

When [Chris Campbell]s children wanted to play an album in the background over dinner, switching the outputs on his familys Sonos sound system was perhaps too involved for their budding mastery of technology. This got him thinking about using kid-friendly inputs so they could explore his music collection. Blending QR codes, some LEGO, and a bit of arts and crafts, a kid-friendly QR code reader media controller comes out!

Working with a Raspberry Pi 3 Model B and a cheap camera, [Campbell] whipped up some code to handle producing and reading the QR codes though hes running the media server on another computer to maintain fast response times. Once [Campbell] had his QR codes, he printed them out and got his kids involved in cutting and gluing the double-sided cards. Additional cards access different functions starting a playlist queue, switching output channels, and full album playback, among others. Cue spontaneous dance-parties!

Seeing his kids flip through the QR cards, [Campbell] is left to muse on a childhood spent browsing records, and how his children are able to share in that experience albeit in a properly 21st century fashion.


James Damore's Labor Complaint Against Google Was Completely Shut Down SoylentNews

From The Verge:

Google didn't violate labor laws by firing engineer James Damore for a memo criticizing the company's diversity program, according to a recently disclosed letter from the US National Labor Relations Board. The lightly redacted statement is written by Jayme Sophir, associate general counsel of the NLRB's division of advice; it dates to January, but was released yesterday, according to Sophir concludes that while some parts of Damore's memo were legally protected by workplace regulations, "the statements regarding biological differences between the sexes were so harmful, discriminatory, and disruptive as to be unprotected."

Damore filed an NLRB complaint in August of 2017, after being fired for internally circulating a memo opposing Google's diversity efforts. Sophir recommends dismissing the case; Bloomberg reports that Damore withdrew it in January, and that his lawyer says he's focusing on a separate lawsuit alleging discrimination against conservative white men at Google. NLRB records state that its case was closed on January 19th.

There are White House Staff positions open, I hear.

Previously: Google Fires Author of Divisive Memo on Gender Differences
Google Cancels "Town Hall" Due to Leaks

Original Submission

Read more of this story at SoylentNews.


How UK Spies Hacked a European Ally and Got Away With It SoylentNews

For a moment, it seemed the hackers had slipped up and exposed their identities. It was the summer of 2013, and European investigators were looking into an unprecedented breach of Belgium's telecommunications infrastructure. They believed they were on the trail of the people responsible. But it would soon become clear that they were chasing ghosts fake names that had been invented by British spies.

[...] The covert operation was the first documented example of a European Union member state hacking the critical infrastructure of another. The malware infection triggered a massive cleanup operation within Belgacom, which has since renamed itself Proximus. The company of which the Belgian government is the majority owner was forced to replace thousands of its computers at a cost of several million Euros. Elio di Rupo, Belgium's then-prime minister, was furious, calling the hack a "violation." Meanwhile, one of the country's top federal prosecutors opened a criminal investigation into the intrusion.

The criminal investigation has remained open for more than four years, but no details about its activities have been made public. Now, following interviews with five sources close to the case, The Intercept in collaboration with Dutch newspaper de Volkskrant has gained insight into the probe and uncovered new information about the scope of the hack.

Interesting both from the technical and the political viewpoints, this episode could have unexpected results for the future. Despite the egregious misuse of "hack" and related words.

Original Submission

Read more of this story at SoylentNews.


Scan Your Film The 3D Printed Way Hackaday

Everyone has a box or two at home somewhere full of family photographs and slides from decades past. That holiday with Uncle Joe in Florida perhaps, or an unwelcome reminder of 1987s Christmas jumper. Its fair to say that some memories deserve to be left to gather dust, but what about the others in a world of digital images?

You could of course buy a film scanner to digitize Uncle Joe on the beach, but aside from the dubious quality of so many of them wheres the fun in that? Instead, how about 3D printing one? Thats what [Alexander Gee] did, in the form of an adapter to fit the lens mount of his Sony camera that contains both a 50mm enlarger lens and a mount for the slide. Its a simple enough print, but hes made enough parts parametric for users to be able to adjust it to their own cameras mount.

Sometimes builds do not have to be complex, push boundaries, or contain more computing power than took us to the Moon. This one is simple and well-executed, and for anyone prepared to experiment could deliver results with a variety of cameras and lenses. Of course, you have to have some film to scan before you can use it, so perhaps youd like to try a bit of home developing.


HPR2492: An Evening Subway Ride Hacker Public Radio

An experiment in background noise. Having seen so many people fall asleep on subway trains, I wonder if the sound only would also be somniferous. Using my cellphone I recorded the ride (including boarding and alighting) on the Toronto subway (line 1) from College Station, north to Sheppard/Yonge Station. There was always at least one person sleeping (or at least appearing to be asleep) during the ride. Google Maps - So far, listening to the recording has not put me to sleep.


Dark Webs worst pedophile sentenced to 32 years in prison HackRead

By Carolina

Birmingham Crown Court (UK) has jailed a dark web pedophile for

This is a post from Read the original post: Dark Webs worst pedophile sentenced to 32 years in prison


Indonesian volcano erupts Lifeboat News: The Blog


Mount Sinabung spews volcanic ash as it erupts in Karo, North Sumatra, Indonesia on Feb. 19, 2018. The volcano on the Indonesian island of Sumatra has shot billowing columns of ash more than 16,000 feet into the atmosphere. Sinabung is one of the most active volcanos in Indonesia. It erupted in 2010 and has killed 17 people in eruptions in 2014 and another nine people in 2016.


[$] BPF comes to firewalls

The Linux kernel currently supports two separate network packet-filtering mechanisms: iptables and nftables. For the last few years, it has been generally assumed that nftables would eventually replace the older iptables implementation; few people expected that the kernel developers would, instead, add a third packet filter. But that would appear to be what is happening with the newly announced bpfilter mechanism. Bpfilter may eventually replace both iptables and nftables, but there are a lot of questions that will need to be answered first.


Mesa 17.3.5 Released To Fix A RADV Bug Phoronix

While Mesa 17.3.4 was just released a few days ago with 90+ changes, Mesa 17.3.5 is now available as a quick follow-up release due to a serious bug...


Uber Eats Driver Shoots and Leaves SoylentNews

An Uber Eats driver is being sought in Atlanta, Georgia for allegedly shooting a customer after a dispute and fleeing the scene:

An UberEATS driver was on the run Monday after a man who ordered a meal from the online food delivery service was killed in a late night shooting in Atlanta over the weekend, police told local media.

The 30-year-old man was shot multiple times after exchanging words with the driver in Atlanta's Buckhead neighborhood at about 11:30 p.m. Saturday, police told Atlanta's NBC affiliate WXIA, channel 11.

Also at WSB-TV, 11Alive, and AJC.

Update: Driver accused of shooting customer had been with Uber Eats for 1 week

Original Submission

Read more of this story at SoylentNews.


Does saving more lives lead to overpopulation? Lifeboat News: The Blog

Longevity dont lead to demographic crisis.

Explains why the improvement of health is not a danger.

As counterintuitive as it may seem, population sizes dont go up as the world gets healthier. They go down. Heres why.


Canadian Pirate Site Blocks Could Spread to VPNs, Professor Warns TorrentFreak

ISP blocking has become a prime measure for the entertainment industry to target pirate sites on the Internet.

In recent years sites have been blocked throughout Europe, in Asia, and even Down Under.

Last month, a coalition of Canadian companies called on the local telecom regulator CRTC to establish a local pirate site blocking program, which would be the first of its kind in North America.

The Canadian deal is backed by both copyright holders and major players in the Telco industry, such as Bell and Rogers, which also have media companies of their own. Instead of court-ordered blockades, they call for a mutually agreed deal where ISPs will block pirate sites.

The plan has triggered a fair amount of opposition. Tens of thousands of people have protested against the proposal and several experts are warning against the negative consequences it may have.

One of the most vocal opponents is University of Ottawa law professor Micheal Geist. In a series of articles, processor Geist highlighted several problems, including potential overblocking.

The Fairplay Canada coalition downplays overblocking, according to Geist. They say the measures will only affect sites that are blatantly, overwhelmingly or structurally engaged in piracy, which appears to be a high standard.

However, the same coalition uses a report from MUSO as its primary evidence. This report draws on a list of 23,000 pirate sites, which may not all be blatant enough to meet the blocking standard.

For example, professor Geist notes that it includes a site dedicated to user-generated subtitles as well as sites that offer stream ripping tools which can be used for legal purposes.

Stream ripping is a concern for the music industry, but these technologies (which are also found in readily available software programs from a local BestBuy) also have considerable non-infringing uses, such as for downloading Creative Commons licensed videos also found on video sites, Geist writes.

If the coalition tried to have all these sites blocked the scope would be much larger than currently portrayed. Conversely, if only a few of the sites would be blocked, then the evidence that was used to put these blocks in place would have been exaggerated.

In other words, either the scope of block list coverage is far broader than the coalition admits or its piracy evidence is inflated by including sites that do not meet its piracy standard,...


In living color: Brightly-colored bacteria could be used to grow paints and coatings Lifeboat News: The Blog

Researchers have unlocked the genetic code behind some of the brightest and most vibrant colours in nature. The paper, published in the journal PNAS, is the first study of the genetics of structural colour as seen in butterfly wings and peacock feathers and paves the way for genetic research in a variety of structurally coloured organisms.

The study is a collaboration between the University of Cambridge and Dutch company Hoekmine BV and shows how genetics can change the colour, and appearance, of certain types of brightly-coloured . The results open up the possibility of harvesting these bacteria for the large-scale manufacturing of nanostructured materials: biodegradable, non-toxic paints could be grown and not made, for example.

Flavobacterium is a type of bacteria that packs together in colonies that produce striking metallic colours, which come not from pigments, but from their internal structure, which reflects light at certain wavelengths. Scientists are still puzzled as to how these intricate structures are genetically engineered by nature, however.


New blood test predicts autism with 92 percent accuracy Lifeboat News: The Blog

Scientists have designed a test they believe is the first of its kind. Using blood and urine samples, the test correctly identified autism in children.


SIM Hijacking T-Mobile customers were victims an info disclosure exploit Security Affairs

Lorenzo Franceschi-Bicchierai published an interesting post on SIM hijacking highlighted the risks for the end users and their exposure to this illegal practice.

In 2017, hackers stole some personal information belonging to T-Mobile customers by exploiting a well-known vulnerability.

A video tutorial titled T-Mobile Info Disclosure exploit showing how to use the flaw was also published on the Internet.

Exploiting the vulnerability it is possible to access certain customers data, including email addresses, billing account numbers, and the phones IMSI numbers.

Such kind of info could be used by hackers in social engineering attack against T-Mobiles customer support employees with the intent of stealing the victims phone number.

SIM hijacking

The attackers can use them to impersonate the target customer, crooks call the T-Mobile customer care posing as the victim with the intent to trick the operator to issue a new SIM card for the victims number.

The crooks activate the new SIM and take control of your phone number, then they can use is to steal the victims identity. This is the beginning of the nightmare for the victims that suddenly lose their service.

Many web service leverage on users phone number to reset their password, this means that the attackers once activated the new SIM can use it to carry on password reset procedures and take over the victims accounts on many web services.

Lorenzo reported many stories of SIM hijacking victims, this is the story of the T-Mobile customer Fanis Poulinakis

Today I lived a nightmare.

My phone all of the sudden stopped worki...


In our eyes, Googles software sees heart attack risk Lifeboat News: The Blog

The new approach could one day allow people to screen themselves for the risks that could lead to heart disease.


Israeli scientists complete a mock mission to Mars Lifeboat News: The Blog

The experiment was held near the isolated Israeli township of Mitzpe Ramon, whose surroundings resemble the Martian environment in its geology, aridity, appearance and desolation, the ministry said.

The participants were investigating various fields relevant to a future Mars mission, including satellite communications, the psychological affects of isolation, radiation measurements and search ing for life signs in soil.

Participant Guy Ron, a nuclear physics professor from the Hebrew University in Jerusalem, said the project was not only intended to look for new approaches in designing a future mission to the Red Planet, but to increase public interest.


Danish researcher finds 95 new planets Lifeboat News: The Blog

Ninety-five new exoplanets planets that orbit around stars other than our sun can now be added to the long list of planets that have been discovered since the 1990s.

The discovery was made by a Danish Ph.D. student with the help of the once damaged Kepler telescope, reports ScienceNordic.

Andrew Mayo from the Technical University of Denmark (DTU Space) is behind the discovery, which is described in a new study.


Tiny Guitar Amp Rebuilt with Tiny Tubes Hackaday

[Blackcorvo] wrote in to tell us how he took a cheap retro guitar amplifier and rebuilt it with sub-miniature vacuum tubes. The end result is a tiny portable amplifier that not only looks the part, but sounds it to. Hes helpfully provided wiring schematics, build images, and even a video of the amplifier doing its thing.

Detail from the circuit diagram

The original Honeytone amplifier goes for about $26, and while it certainly looks old-school, the internals are anything but. [Blackcorvo] is too much of a gentleman to provide before pictures of the internals, but we looked it up and lets just say it doesnt exactly scream high quality audio. Reviews online seem to indicate it works about as well as could be expected for an amplifier that costs less than $30, but this is definitely no audiophile gear.

Powering up the miniature vacuum tubes takes a bit of modern support electronics, including a buck converter to provide the high voltage for the tubes as well as a 6V regulator. The plus side is that the new circuit can power the tubes from an input voltage between 12 and 30 volts, meaning t...


Computers learn to learn Lifeboat News: The Blog

Intel and Researchers from Heidelberg and Dresden present three new neuromorphic chips.

Researchers from Heidelberg University and TU Dresden, together with Intel Corporation, will reveal three new neuromorphic chips during the NICE Workshop 2018 in the USA. These chips have an extraordinary ability: They are able to mimic important aspects of biological brains by being energy efficient, resilient and able to learn. These chips promise to have a major impact on the future of artificial intelligence. Computers are many times faster than humans in solving arithmetical problems, yet they have thus far been no match when it comes to the analytic ability of the brain. Up until now, computers have not been able to continually learn and can therefore not improve themselves. The two European chips were developed in close collaboration with neuroscientists as part of the Human Brain Project of the European Union. NICE 2018 will be held from 27 February until 1 March on the Intel Campus in Hillsboro/Oregon.

Dr Johannes Schlemmel from the Kirchhoff Institute for Physics at Heidelberg University will present prototypes of the new BrainScaleS chip. BrainScaleS has a mixed analogue and digital design and works 1,000 to 10,000 times faster than real time. The second generation neuromorphic BrainScaleS chip has freely programmable on-chip learning functions as well as an analogue hardware model of complex neurons with active dendritic trees, which based on nerve cells are especially valuable for reproducing the continual process of learning.


Freelancing Abroad in a World Obsessed With Trump SoylentNews

"There's always more of a response when I have a Trump peg," Sulome says of her pitches since Trump's election."Why are we giving in to this man's narcissistic dream?" she would like to ask editors. "When people lose sight of what's going on around the world, we allow our government to make foreign policy decisions that don't benefit us. It makes it so much easier for them to do that when we don't have the facts. Like if we don't know that the crisis in Yemen is killing and starving so many people and making Yemenis more extremist, how will people know not to support a policy in which we are attacking Yemenis?"

Applewhite agrees that this exclusive focus on Trump and other domestic issues could be detrimental to Americans' understanding of the world, and our ability to make sound political decisions.

Original Submission

Read more of this story at SoylentNews.


Handheld GPS Tracks All The Things Hackaday

With a GPS on every smartphone, one would be forgiven for forgetting that handheld GPS units still exist. Seeking to keep accurate data on a few upcoming trips, [_Traveler] took on a custom-build that resulted in this GPS data logger.

Keeping tabs on [_Traveler] is a Ublox M8N GPS which is on full-time, logging data every 30 seconds, for up  to 2.5 days. All data is saved to an SD card, with an ESP32 to act as a brain and make downloading the info more accessible via WiFi . While tracking the obvious like position, speed, and time this data logger also displays temperature, elevation, dawn and dusk, on an ePaper screen which is a great choice for conserving battery.

The prototyping process is neat on this one. The first complete build used point-to-point soldering on a protoboard to link several breakout modules together. After that, a PCB design embraces the same modules, with a footprint for the ESPs castellated edges and header footprints for USB charing board, SD card board, ePaper, etc. All of this finds a hope in a 3D printed enclosure. After a fair chunk of time coding in the Arduino IDE the logger is ready for [_Traveler]s next excursion!

As far as power consumption in the field, [_Traveler] says the GPS takes a few moments to get a proper location with the ESP chewing through battery l...


City Union Bank is the last victim of a cyber attack that used SWIFT to transfer funds Security Affairs

The Indian bank Kumbakonam-based City Union Bank announced that cyber criminals compromised its systems and transferred a total of US$1.8 million.

During the weekend, the Russian central bank revealed a new attack against the SWIFT system, unknown hackers have stolen 339.5 million roubles (roughly $6 million) from a Russian bank last year.

Even if the SWIFT international bank transfer system enhanced its security after the string of attacks that targeted it since 2016, the news of a new attack made the headlines.

The victim is the Indian bank Kumbakonam-based City Union Bank that announced that criminals compromised its systems and transferred a total of US$1.8 million.

Taiwan bank hach

On Sunday, February 18, the Kumbakonam-based City Union Bank issued a statement after local media reported that three unauthorized transactions were initiated by staff. The Indian bank confirmed that it has suffered a security breach launched international cyber-criminals and there is no evidence of internal staff involvement.

During our reconciliation process on February 7, it was found out that 3 fraudulent remittances had gone through our SWIFT system to our corespondent banks which were not initiated from our banks end. We immediately alerted the correspondent banks to recall the funds, reads the statement issued by City Union Bank.

The three transactions took place before February 7, when they were discovered during the reconciliation processes.

One transaction of $500,000 that was made through Standard Chartered Bank, New York, to a Dubai based bank was immediately blocked.

A second transaction $372,150 was made through a Standard Chartered Bank account in Frankfurt to a Turkish account, and the third transaction of 1 million dollars was sent through a Bank of America account in New York to a China-based bank.

The City Union Bank confirmed it was working with the...


The U.S. Military Will Have More Robots Than Humans by 2025 Lifeboat News: The Blog

In Trumps Pentagon-controlled presidency a dystopian vision of a military dominated by DARPA robots is quickly becoming a reality.


Human beings could achieve immortality by 2050 Lifeboat News: The Blog

Dr Ian Pearson, a leading futurologist from Ipswich, claims that if people can survive until 2050 they could live forever thanks to advances in AI, android bodies and genetic engineering.


Hackers made $3M on Jenkins server in one of biggest mining ops ever HackRead

By Waqas

Another day, another Monero ming scam This one, researchers

This is a post from Read the original post: Hackers made $3M on Jenkins server in one of biggest mining ops ever


Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Open Source Security

Posted by Karol Babioch on Feb 19


Am 18.02.2018 um 22:44 schrieb Solar Designer:

This has been assigned: CVE-2018-7226.

Best regards,
Karol Babioch


An Early Look At Linux 4.16 Performance On Five Systems Phoronix

Here are some preliminary benchmarks of the Linux 4.16 development kernel compared to Linux 4.15 stable on five different systems.


You All Know Reginald Fessenden. Who? Hackaday

Quick, name someone influential in the history of radio. Who do did you think of? Marconi? Tesla? Armstrong? Hertz? Perhaps Sarnoff? We bet only a handful would have said Reginald Fessenden. Thats a shame because he was the first to do something that most of us do every day.

Few know this Canadian inventors name even though he developed quite a few innovations. Unlike Colpitts and Hartley we dont have anything named after him. However, Fessenden was the first man to make a two-way transatlantic radio contact (Marconis was one way) and he was a pioneer in using voice over the radio.

He did even more than that. He patented transmitting with a continuous wave instead of a spark, which made modern radio practical. This was unpopular at the time because most thought the spark was necessary to generate enough energy. In 1906, John Fleming (who gave us tubes that are sometimes still called Fleming valves) wrote that a simple sine-curve would not be likely to produce the required effect. That was in 1906, five years after Fessendens patent.

Start at the Beginning

Reginald Fessenden was born in Quebec in 1866. He dropped out of Bishops College at 18 even though he had essentially completed his degree, to take a job in Bermuda teaching. Eventually, he would move to New York City hoping to work for Thomas Edison. This didnt work out at first because he didnt know...


Mueller Investigation: Thirteen Russians Charged With Interfering in US Election SoylentNews

A federal grand jury in Washington, DC has indicted 13 Russian nationals and a Kremlin-linked internet firm on charges that they had meddled in the 2016 presidential election.

The US government said Russian entities began interfering in US political processes, including the 2016 presidential election, as early as 2014, according to a court document.

[...] The charges which include conspiracy, wire fraud, bank fraud and aggravated identity theft are the most direct allegations to date of illegal Russian meddling in the election.

Video -

Link to the Indictment:

Original Submission

Read more of this story at SoylentNews.


19feb2018 Trivium


Critical macOS Sierra disk image flaw leads to data loss HackRead

By Uzair Amir

Apple and its much-hyped APFS or Apple File System have

This is a post from Read the original post: Critical macOS Sierra disk image flaw leads to data loss


Asteroid miners might need a few good applied astronomers to show them the way Lifeboat News: The Blog

AUSTIN, Texas Mining asteroids for water and other resources could someday become a trillion-dollar business, but not without astronomers to point the way.

At least thats the view of Martin Elvis, a researcher at the Harvard-Smithsonian Center for Astrophysics, whos been taking a close look at the science behind asteroid mining.

If the industry ever takes off the way ventures such as Redmond, Wash.-based Planetary Resources and California-based Deep Space Industries hope, that opens up new employment opportunities for astronomers, Elvis said today in Austin at the annual meeting of the American Association for the Advancement of Science.


Predicting Starmans Return To Earth Hackaday

Theres a Starman, waiting in the sky. Hed like to come and meet us, but hell have to wait several million years until the Yarkovsky effect brings him around to Earth again.

In case youve been living under a rock for the past few weeks, SpaceX recently launched a car into space. This caused much consternation and hand-wringing, but we got some really cool pictures of side boosters landing simultaneously. The test launch for the Falcon Heavy successfully lobbed a Tesla Roadster into deep space with an orbit extending out into the asteroid belt. During the launch coverage, SpaceX said the car would orbit for Billions of years. This might not be true; a recent analysis of the random walk of cars revealed a significant probability of hitting Earth or Venus over the next Million years.

The analysis of the Tesla Roadster relies on the ephemerides provided by JPLs Horizons database (2018-017A), and predicts the orbit over several hundred years. In the short term a thousand years or so there is little chance of a collision with anything. In 2091, however, the Tesla will find itself approaching Earth, and after that, the predicted orbits change drastically. As an aside, we should totally bring the Tesla back in 2091.

Even though the Tesla Roadster, its payload adapter, and the booster are inert objects floating in space right now, that doesnt mean there arent forces acting on it. For small objects orbiting near the sun, the Yarkovsky effect is a huge influence on the orbit when measured on a timescale of millennia. In short, the Yarkovsky effect is a consequence of a spinning object being heated by the sun. As an object (a Tesla, or an asteroid) rotates, the side facing the sun heats up. As this side faces away from the sun, this heat is radiated out, imparting a tiny, tiny force. This force, over a period of millions of years, can send the Tesla into resonances with other planets, eventually sending it crashing into Earth, Venus, or the Sun.

The authors of this paper find there is a 6% chance the Tesla will collide with Earth and a 2.5% chance it will collide with Venus in the next one Million years. In three Million years, the probability of a collision with Earth is 11%. These are, according to the authors, extremely preliminary calculations and more observations are needed. If the Tesla were to hit the Earth, its doubtful whatever species populates the planet would notice; the mass of the Tesla is only 1250 Kg, and Earth flies through meteoroids weighing that much very frequently.


Security updates for Monday

Security updates have been issued by Arch Linux (irssi), Debian (bind9, gcc-4.9, plasma-workspace, quagga, and tomcat-native), Fedora (p7zip), Mageia (nasm), openSUSE (exim, ffmpeg, irssi, mpv, qpdf, quagga, rrdtool, and rubygem-puppet), and SUSE (p7zip and xen).


Flight Sim Company Embeds Malware to Steal Pirates Passwords TorrentFreak

Anti-piracy systems and DRM come in all shapes and sizes, none of them particularly popular, but one deployed by flight sim company FlightSimLabs is likely to go down in history as one of the most outrageous.

It all started yesterday on Reddit when Flight Sim user crankyrecursion reported a little extra something in his download of FlightSimLabs A320X module.

Using file FSLabs_A320X_P3D_v2.0.1.231.exe there seems to be a file called test.exe included, crankyrecursion wrote.

This .exe file is from and is touted as a Chrome Password Dump tool, which seems to work particularly as the installer would typically run with Administrative rights (UAC prompts) on Windows Vista and above. Can anyone shed light on why this tool is included in a supposedly trusted installer?

The existence of a Chrome password dumping tool is certainly cause for alarm, especially if the software had been obtained from a less-than-official source, such as a torrent or similar site, given the potential for third-party pollution.

However, with the possibility of a nefarious third-party dumping something nasty in a pirate release still lurking on the horizon, things took an unexpected turn. FlightSimLabs chief Lefteris Kalamaras made a statement basically admitting that his company was behind the malware installation.

We were made aware there is a Reddit thread started tonight regarding our latest installer and how a tool is included in it, that indiscriminately dumps Chrome passwords. That is not correct information in fact, the Reddit thread was posted by a person who is not our customer and has somehow obtained our installer without purchasing, Kalamaras wrote.

[T]here are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.

There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites, he added.

In a nutshell, FlightSimLabs installed a password dumper onto ALL users machines, whether they were pirates or not, but then only activated the password-stealing module when it determined that specific pirate serial numbers had been used which matched those on FlightSi...


Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Open Source Security

Posted by Karol Babioch on Feb 19


Am 18.02.2018 um 19:09 schrieb Solar Designer:

this has been assigned: CVE-2018-7225

Best regards,
Karol Babioch


3Dfx History: The GPUs Great Turning Point? SoylentNews

Submitted via IRC for TheMightyBuzzard

Today's startup companies seem to have a certain arc to themthey get some seed funding, they launch, they draw some interest for their good idea, they keep growing, and maybe they become a part of the fabric of our lives ... or a part of the fabric of a significantly larger company. Strangely, 3Dfx didn't so much draw interest as blow the lid off of a trend that redefined how we think of video games. Its graphics processing units were just the right technology for their time. And, for that reason, the company was everywhere for a few years ... until it wasn't. So, what happenedwhy did 3Dfx turn into a cautionary tale? Today's Tedium sifts through all the polygons and the shaded textures. Ernie @ Tedium


Original Submission

Read more of this story at SoylentNews.


Milspec Teardown: CP-142 Range Computer Hackaday

As some of my previous work here at Hackaday will attest to, Im a big fan of World War II technology. Something about going in with wooden airplanes and leaving with jet fighters and space capable rockets has always captivated me. So when one of my lovingly crafted eBay alerts was triggered by something claiming to be a Navy WWII Range Computer, its safe to say I was interested.

Not to say I had any idea of what the thing was, mind you. I only knew it looked old and I had to have it. While I eagerly awaited the device to arrive at my doorstep, I tried to do some research on it and came up pretty much empty-handed. As you might imagine, a lot of the technical information for hardware that was developed in the 1940s hasnt quite made it to the Internet. Somebody was selling a technical manual that potentially would have covered the function of this device for $100 on another site, but I thought that might be a bit excessive. Besides, wheres the fun in that?

I decided to try to decipher what this device does by a careful examination of the hardware, consultation of what little technical data I could pull up on its individual components, and some modern gear. In the end I think I have a good idea of how it works, but Id certainly love to hear if thereR...


'Killer text bomb' crashes iPhones, iPads, Macs, and Apple Watches Graham Cluley

Apple has confirmed that it is working on a bug fix that will stop apps like Messages from crashing when they attempt to display a Unicode symbol representing a letter from the south Indian language of Telugu.

Read more in my article on the Hot for Security blog.


90 days have passed, Google discloses unpatched flaw in the Microsoft Edge browser Security Affairs

Google Project Zero disclosed details of an unpatched flaw in the Edge browser because Microsoft failed to address it within a 90-day deadline.

White hackers at the Google Project Zero have disclosed details of an unpatched vulnerability in the Edge browser because Microsoft failed to address it within a 90-day deadline according to the Googles disclosure policy.

The flaw could be exploited by attackers to bypass the Arbitrary Code Guard (ACG) that was implemented in Windows 10 Creators Update alongside Code Integrity Guard (CIG).

The security features allow preventing Edge browser exploits from loading and executing malicious code.

An application can directly load malicious native code into memory by either 1) loading a malicious DLL/EXE from disk or 2) dynamically generating/modifying code in memory. CIG prevents the first method by enabling DLL code signing requirements for Microsoft Edge. This ensures that only properly signed DLLs are allowed to load by a process. ACG then complements this by ensuring that signed code pages are immutable and that new unsigned code pages cannot be created. states the description published by Microsoft.

Microsoft Edge browser flaw

Google Project Zero researcher Ivan Fratric who discovered the vulnerability demonstrated that the ACG feature can be bypassed. The expert reported the issue to Microsoft on November 17, but the tech giant had initially planned to include a fix in the February Patch Tuesday updates, but evidently, something went wrong because the fix is more complex than initially anticipated.

The vulnerability was classified as having medium severity, Project Zero has published details of the issue in a blog post.

If a content process is compromised and the content process can predict on which address JIT process is going to call VirtualAllocEx() next (note: it is fairly predictable), content process can: 1. Unmap the shared memory mapped above above using UnmapViewOfFile() 2. Allocate a writable memory region on the same address JIT server is going to write and write an soon-to-b...


SuiteCRM 7.10 Released For Open-Source Customer Relationship Management Phoronix

SuiteCRM 7.10 is now available as the latest major feature release to this customer relationship management (CRM) software forked from SugarCRM's last open-source release...


5 Proven Cyber Security Certifications That Will Boost Your Salary in 2018 HackRead

By Alex Bennett

Looking for which cyber security certifications you should get your

This is a post from Read the original post: 5 Proven Cyber Security Certifications That Will Boost Your Salary in 2018


IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts Krebs on Security

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms clients, the crooks contact those clients posing as a collection agency and demand that the money be returned.

This is exactly what happened to a number of customers at a half dozen banks in Oklahoma earlier this month. Elaine Dodd, executive vice president of the fraud division at the Oklahoma Bankers Association, said many financial institutions in the Oklahoma City area had a good number of customers who had large sums deposited into their bank accounts at the same time.

Dodd said the bank customers received hefty deposits into their accounts from the U.S. Treasury, and shortly thereafter were contacted by phone by someone claiming to be a collections agent for a firm calling itself DebtCredit and using the Web site name debtcredit[dot]us.

Were having customers getting refunds they have not applied for, Dodd said, noting that the transfers were traced back to a local tax preparer whod apparently gotten phished or hacked. Those banks are now working with affected customers to close the accounts and open new ones, Dodd said. If the crooks have breached a tax preparer and can send money to the client, they can sure enough pull money out of those accounts, too.

Several of the Oklahoma banks clients received customized notices from a phony company claiming to be a collections agency hired by the IRS.

The domain debtcredit[dot]us hasnt been active for some time, but an exact copy of the site to which the banks clients were referred by the phony collection agency can be found at jcdebt[dot]com a domain that was registered less than a month ago. The site purports to be associated with a company in New Jersey called Debt & Credit Consulting S...


Health and the crypto-economy. Health Blockchain Lifeboat News: The Blog

AI and blockchain, the main innovations in #Longevity, are united in platform.

DAYS tokens are to be sort of guarrantee for longevity services effectiveness. partner supported Longevity Impact Forum.

The first step to rhe most effective healthcare, based on blockchain consensus regarding health span technologies.

Thanks omar fogliadini, ondej piln, ben kraus, alex lightman, avi roy, liz parrish, george kyriakos sergei sevriugin edgar kampers kirill zhukov philippe van nedervelde anton dziatkovskii darr aita.


Lawmakers worry about rise of fake video technology The Hill: Technology Policy

Lawmakers are concerned that advances in video manipulation technology could set off a new era of fake news. Now legislators say they want to start working on fixes to the problem before its too late.Technology experts have begun to sound the alarm...


Ryzen 3 2200G Video Memory Size Testing On Linux Phoronix

One of the discussion items in the forums this week was about the video memory allowance for the Vega graphics on Raven Ridge APUs as well as efficiences or inefficiencies around the TTM memory manager as used by the AMDGPU kernel driver. Here are some vRAM size tests with the Ryzen 3 2200G...


SuiteCRM 7.10 released

SuiteCRM is a fork of the formerly open-source SugarCRM customer relationship management system. The 7.10 release has been announced. "SuiteCRM 7.10 includes a long list of enhancements, improving user experience, adding new functionality and providing a new REST API. This edition of SuiteCRM also assists companies to be ready for GDPR, including opt-in functionality to track the consent of individuals."


Top 10 Most Pirated Movies of The Week on BitTorrent 02/19/18 TorrentFreak

This week we have four newcomers in our chart.

Justice League is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the weekly movie download chart.

This weeks most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 (7) Justice League 7.1 / trailer
2 (2) Thor Ragnarok 8.1 / trailer
3 () Pitch Perfect 3 6.2 / trailer
4 (1) Coco 8.9 / trailer
5 (4) The Shape of Water (DVDScr) 8.0 / trailer
6 () Three Billboards Outside Ebbing, Missouri 8.3 / trailer
7 (3) Daddys Home 2 6.0 / trailer
8 ()

Monday, 19 February


Find Large Files in Linux

Find Large Files in Linux


Loneliness Is a Warning Sign to Be Social - Facts So Romantic Nautilus

Loneliness spurs the brain into a hyper-vigilant state, unable to relax. The lonely brain doesnt passively take the world in, but actively interprets it as an unfriendly place.Nighthawks (1942)  by Edward Hopper / Wikicommons

In 2002, a group of adults aged 50 and over answered a series of questions about their physical and mental health. A subset of the questions went as follows.

How often do you feel

1) A lack of companionship

2) Left out

3) Isolated from others

The adults rated their answers on a scale of 0-3 with hardly ever or never to often. Three points or more qualified that person as lonely. Six years passed. In 2008, the researchers followed up with the participants. They discovered lonely individuals were at greater risk to be depressed and less mobile than their non-lonely counterparts. They were also more likely to be dead.

The physiological ravages of loneliness are no mystery to those sunk in a perfect solitude, which is, perhaps, the greatest punishment we can suffer, wrote philosopher David Hume. The stress hormone cortisol, we now know, suffuses our bloodstream, taxing our hearts and brains, our appetites and sleep.

In her 2016 book, The
Read More

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog