IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Friday, 22 September

04:35

Equifax directed consumers to fake phishing site for weeks Help Net Security

You can now add another blunder to the already long list of Equifaxs missteps in the wake of the massive breach it announced earlier this month: the company has been pointing affected customers to a fake phishing site. In a series of tweets pushed out over the last two weeks, the company sent them to securityequifax2017.com instead of equifaxsecurity2017.com, the address of the dedicated Web site the company set up to inform users of the More

04:15

Hackers behind CCleaner compromise were after Intel, Microsoft, Cisco Help Net Security

There is a new twist in the CCleaner hack saga: the attackers apparently didnt set out to compromise as many machines as possible. A covert, highly targeted attack According to Cisco, their actual targets were computers at a number of huge tech companies like Intel, Microsoft, Linksys, Dlink, Google, Samsung and Cisco, telecoms such as O2 and Vodafone, and (the odd man out) Gauselmann, a manufacturer of gaming machines. Cisco researchers came at this conclusion More

02:32

Three things to know about the dark web Help Net Security

One of the more curious aspects about the dark web is that it didnt start out as such a dark place: it began with bulletin boards in the 80s and 90s the markets of that day and continued in the early 2000s, when Freenet launched as a private peer-to-peer network for sharing content. At about the same time, the United States Naval Research Laboratory came up with what would be called The Onion More

01:26

Legacy networks holding back cloud and digital transformation Help Net Security

A new global survey by Riverbed Technology, which includes responses from 1,000 IT decision makers across nine countries, revealed an incredible level of agreement that legacy infrastructures are holding back their cloud and digital strategies. Nearly all respondents (97%) agree that legacy network infrastructure will have difficulty keeping pace with the changing demands of the cloud and hybrid networks. Conversely, 91% of respondents say their organizations cloud strategy will only reach its full potential with More

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Thursday, 21 September

23:54

PostgreSQL 10 Release Candidate 1 Arrives Phoronix

The first release candidate of PostgreSQL 10.0 is now available for testing...

23:30

Re: CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Open Source Security

Posted by Solar Designer on Sep 21

Hi,

This was sent to the list with only "CVE-2017-14160" as the Subject.
That's against oss-security list content guidelines:

http://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines

"When applicable, the message Subject must include the name and
version(s) of affected software, and vulnerability type. For example, a
Subject saying only "CVE-2099-99999" is not appropriate, whereas...

23:22

Death Becomes AR: How The Military Is Using Augmented Reality SoylentNews

Arthur T Knackerbracket has found the following story:

Depending on where you rest your hat, the words "AR battle" could mean some very different things. You might still be hankering to have your Pikachu rain down lightning on a friends' Squirtle in Pokemon Go, or, if you're recovering from the iPhone X launch, be wondering when you'll be able to send your mini troops into a tabletop augmented reality warzone in Directive Games' The Machines.

But if you're among the thousands in attendance at the Defence and Security Equipment International 2017 (DSEI) conference at London's Excel Centre, those battles and warzones in question become altogether more real. As, while the consumer world waits patiently for the giants of Cupertino to lift the covers off the rumored Apple AR glasses, the military has been dabbling in augmented reality interfaces for years.

The transparent nature of AR glasses lets the wearer maintain situational and environmental awareness.

What was once the reserve of fighter pilots, the advances of Moore's Law means that impressive heads-up display units will soon be standard issue for regular ground troops. Through the use of wearable glasses and headsets, key data points will be overlaid onto a battlefield everything from mapping information to mission parameters to markers defining the movements of allied troops and enemy forces.

Topographical data can be relayed to a troop along with video feeds from remote overhead drones or fellow forces elsewhere on the field. All the while, the transparent nature of AR glasses (as opposed to the all-encompassing view of a virtual reality headset) lets the wearer maintain situational and environmental awareness. The potential chaos of what's going on around a soldier can still be seen and actioned upon.

Read more of this story at SoylentNews.

23:20

Advanced lm-sensors Tips and Tricks on Linux

Title: 
Advanced lm-sensors Tips and Tricks on Linux

23:15

Pam Keefe, Co-Organizer of RAADfest Bangkok, joins our Life Extension Board. Lifeboat News

Pam Keefe, Co-Organizer of RAADfest Bangkok, joins our Life Extension Board.

23:00

Maintaining Windows 10 security tops list of enterprise challenges Help Net Security

Companies are experiencing significant challenges in their attempts to keep their endpoints secure. Maintaining Windows 10 security topped the list of challenges with over half of respondents to an Adaptiva survey indicating it can take a month or more for IT teams to execute Windows OS updates, which ultimately leaves systems vulnerable. The survey revealed that most companies are unable to maintain endpoint security with consistency for a number of reasons, such as: The pace More

22:59

CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Open Source Security

Posted by on Sep 21

Hi,

Im a security researcher of Qihoo 360 GearTeam.
My partner Zhibin Hu and I found a vulnerability of libvorbis-1.3.5.
And we have applied for CVE-2017-14160 of this vulnerability.
================== test command ====================

ffmpeg Ci poc.mp4 Cy 1.mkv
// libvorbis-1.3.5 has been compiled into ffmpeg static.


I compile it as...

22:44

Shocker: U.S. Allies Dont Trust NSA cryptogon.com

Via: Reuters: An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies. In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel []

22:24

How SS7 Flaw Can Be Used to Hack Gmail ID and Bitcoin Wallet HackRead

By Waqas

An old vulnerability in the Signalling System No. 7 (SS7)

This is a post from HackRead.com Read the original post: How SS7 Flaw Can Be Used to Hack Gmail ID and Bitcoin Wallet

21:50

Google Signs Agreement to Tackle YouTube Piracy TorrentFreak

Once upon a time, people complaining about piracy would point to the hundreds of piracy sites around the Internet. These days, criticism is just as likely to be leveled at Google-owned services.

YouTube, in particular, has come in for intense criticism, with the music industry complaining of exploitation of the DMCA in order to obtain unfair streaming rates from record labels. Along with streaming-ripping, this so-called Value Gap is one of the industrys hottest topics.

With rightsholders seemingly at war with Google to varying degrees, news from France suggests that progress can be made if people sit down and negotiate.

According to local reports, Google and local anti-piracy outfit ALPA (lAssociation de Lutte Contre la Piraterie Audiovisuelle) under the auspices of the CNC have signed an agreement to grant rightsholders direct access to content takedown mechanisms on YouTube.

YouTube has granted access to its Content ID systems to companies elsewhere for years but the new deal will see the system utilized by French content owners for the first time. Its hoped that the access will result in infringing content being taken down or monetized more quickly than before.

We do not want fraudsters to use our platforms to the detriment of creators, said Carlo DAsaro Biondo, Googles President of Strategic Relationships in Europe, the Middle East and Africa.

The agreement, overseen by the Ministry of Culture, will see Google provide ALPA with financial support and rightsholders with essential training.

ALPA president Nicolas Seydoux welcomed the deal, noting that it symbolizes the collapse of the wall of incomprehension that previously existed between Frances rightsholders and the Internet search giant.

The deal forms part of the French governments Plan of Action Against Piracy, in which it hopes to crack down on infringement in various ways, including tackling the threat of pirate sites, better promotion of services offering legitimate content, and educating children from an early age on the need to respect copyright.

The fight against piracy is the great challenge of the new century in the cultural sphere, said Frances Minister of Culture, Franoise Nyssen.

I hope this is just the beginning of a process. It will require other agreements with rights holders and other platforms, as well as at the European level.

According to...

21:47

Apache Bug Leaks Contents of Server Memory for All to SeePatch Now SoylentNews

Submitted via IRC for SoyCow1937

There's a bug in the widely used Apache Web Server that causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets, a freelance journalist has disclosed.

The vulnerability can be triggered by querying a server with what's known as an OPTIONS request. Like the better-known GET and POST requests, OPTIONS is a type of HTTP method that allows users to determine which HTTP requests are supported by the server. Normally, a server will respond with GET, POST, OPTIONS, and any other supported methods. Under certain conditions, however, responses from Apache Web Server include the data stored in computer memory. Patches are available here and here.

[...] Optionsbleed, by contrast [to Heartbleed], doesn't pose as big a threat, but its effects can still be damaging. The risk is highest for server hosts that allow more than one customer to share a single machine. That's because Optionsbleed allows customers to exploit the flaw in a way that exposes secret data from other customers' hosts on the same system. On the Internet at large, the threat is less serious.

[...] Interestingly, the bug was first identified in 2014. Why it's only now being patched is unclear.

Source: https://arstechnica.com/information-technology/2017/09/apache-bug-leaks-contents-of-server-memory-for-all-to-see-patch-now/

[Note: I checked with TheMightyBuzzard, and was informed that, though SoylentNews does run Apache, our systems are configured in such a way as to not expose OPTIONS. In other words, it is believed that we are not susceptible. --martyb]


Original Submission

Read more of this story at SoylentNews.

21:30

See This Mesmerizing 3D Printed Water Droplet Automaton Hackaday

Water Experiment No. 33 by [Dean OCallaghan]Most modern automata are hand-cranked kinetic sculptures typically made from wood, and [videohead118] was inspired by a video of one simulating a wave pattern from a drop of liquid. As a result, they made a 3D printed version of their own and shared the files on Thingiverse.

In this piece, a hand crank turns a bunch of cams that raise and lower a series of rings in a simulated wave pattern, apparently in response to the motion of a sphere on a central shaft. The original (shown in the animation to the right) was made from wood by a fellow named [Dean OCallaghan], and a video of it in its entirety is embedded below the break.

If this sort of thing piques your interest, you can see examples of some modern takes on the art or marvel at the 240 year old clockwork masterpiece known as the Boy Writer.


Filed under: 3d Printer hacks ...

21:29

NVIDIA Continues Prepping The Linux Desktop Stack For HDR Display Support Phoronix

Besides working on the new Unix device memory allocator project, they have also been engaged with upstream open-source Linux developers over preparing the Linux desktop for HDR display support...

21:13

SEC Discloses Hackers Broke Into Edgar Corporate Filing System Last Year The Hacker News

This month has been full of breaches. Now, the Securities and Exchange Commission (SEC), the top U.S. markets regulator, has disclosed that hackers managed to hack into its financial document filing system and may have illegally profited from the stolen information. On Wednesday, the SEC announced that its officials learnt last month that a previously detected 2016 cyber attack, which

21:07

Beignet OpenCL Now Supports LLVM 5.0 Phoronix

For those making use of Beignet for Intel graphics OpenCL acceleration on Linux, it finally has added support for LLVM 5.0...

20:53

H1 2017 Twitter suspended a total of 935,897 accounts for the promotion of terrorism Security Affairs

Twitter published its Transparency Report related to H1 2017, the company suspended 935,897 accounts for the promotion of terrorism.

Twitter suspends 299,000 accounts linked to terrorism in the first six months of 2017, the company revealed that 75 percent of the infringing accounts were suspended before their first tweet confirming the huge efforts in fighting online propaganda and other activities linked to this threat.

According to data provided in the transparency report, Twitter confirmed that 95 percent of the suspended accounts for the promotion of terrorism were identified by using internal tools designed to identify and block spam, government requests accounted for less than 1% of account suspensions.

One-quarter of those infringing accounts were suspended before the accounts posted their first tweet.

It is interesting to note that according to the report published by the social media giant, fewer than 2 percent of accounts that were suspended were reported by governments worldwide.

Governments submitted 716 separate reports that triggered the suspension of 5,929 accounts.

The second largest volume, a little more than 2% of global reports, fell within the promotion of terrorism category. Under this category of reports, we are referring to accounts that actively incite or promote violence associated with internationally recognized terrorist organizations, promote internationally recognized terrorist organizations, and accounts attempting to evade prior enforcement. states a blog post published by Twitter.

Twitters continued commitment to eliminate such activity from our platform has resulted in an 80% reduction in accounts reported by governments compared to the previous reporting period of July 1, 2016 through December 31, 2016. Notably, government requests accounted for less than 1% of account suspensions for the promotion of terrorism during the first half of this year.

Almost every government is stressing technology company to adopt measures to fight online terrorism, UK and France proposed fines for those companies that dont collaborate or fail to curb terrorist activities online.

Tech giants Facebook, Microsoft, Twitter, and YouTube pledged to improve the information sharing by building a database of digital fingerprints of terrorism-related content removed from their services.

Twitter received 6,448 demands for data from governments in the...

20:49

Intel Preps Their First Batch Of Graphics Changes For Linux 4.15 Phoronix

The first batch of drm-intel-next changes are ready to be queued in DRM-Next as feature work for eventually merging to mainline come the Linux 4.15 merge window...

20:47

The Eye-Opening Power of Cultural Difference

Inclusivity is the quality of an open organization that allows and encourages people to join the organization and feel a connection to it. Practices aimed at enhancing inclusivity are typically those that welcome new participants to the organization and create an environment that makes them want to stay.

20:34

Valve Is Collaborating On GPUVis For Tuning Radeon Linux VR Performance Phoronix

One of the many interesting talks at yesterday's XDC2017 conference was Valve's Pierre-Loup Griffais talking about GPUVis...

20:30

Intel Unleashes Clear Containers 3.0, Written In Go Phoronix

Intel's Clear Linux team has rolled out their Clear Containers 3.0 technology...

20:12

I was just doing my job: Soviet officer who averted nuclear war dies at age 77 Lifeboat News: The Blog

A Soviet officer who prevented a nuclear crisis between the US and the USSR and possible World War III in the 1980s has quietly passed away. He was 77. In 2010 RT spoke to Stanislav Petrov, who never considered himself a hero. We look at the life of the man who saved the world.

A decision that Soviet lieutenant colonel Stanislav Petrov once took went down in history as one that stopped the Cold War from turning into nuclear Armageddon, largely thanks to Karl Schumacher, a political activist from Germany who helped the news of his heroism first reach a western audience nearly two decades ago.

On September 7, Schumacher, who kept in touch with Petrov in the intervening years, phoned him to wish him a happy birthday, but instead learned from Petrovs son, Dmitry, that the retired officer had died on May 19 in his home in a small town near Moscow.

20:12

Furiosity takes hike after information leak on live show Hacker News Bulletin | Find the Latest Hackers News

Ferocity and bad attitudes over malfunctions on shows has become widespread nowadays but a latest video leak of behind the scenes of a show has taken it to another level. An eight minute video released shows cuts of clips of Donnell getting extremely angry and fumed up over earpiece malfunctioning. In the video, Lawrence ODonnell

The post Furiosity takes hike after information leak on live show appeared first on Hacker News Bulletin | Find the Latest Hackers News.

20:11

Similar to robots.txt, security.txt Standard Proposed SoylentNews

Submitted via IRC for SoyCow5743

Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF Internet Engineering Task Force seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site's security policies.

The file is akin to robots.txt, a standard used by websites to communicate and define policies for web and search engine crawlers.

The distinction between security.txt and robots.txt is that security.txt will be used to communicate a company's security practices only, and is likely to be read by humans, rather than automated scanners.

For example, if a security researcher finds a security vulnerability on a website, he can access the site's security.txt file for information on how to contact the company and securely report the issue.

"When x0rz [well-known security researcher] tweeted about my proposal I realized that this was something people really wanted and that it was time to start writing up an RFC draft," Foudil said.

[...] Right now, security.txt is at the status of Internet Draft, which is the first IETF regulatory step in a three-stage process that also includes RFC (Request For Comment) and official Internet Standards.

"Once security.txt becomes an RFC the focus will shift to spreading the word and encouraging companies to setup a security.txt file," Foudil told Bleeping Computer.

"Several bug bounty platforms have already offered to help out with this step and hopefully if some of the big companies have a security.txt this will set a good example that could convince others to follow suit."

Source: https://www.bleepingcomputer.com/news/security/security-txt-standard-proposed-similar-to-robots-txt/


Original Submission

Read more of this story at SoylentNews.

19:57

Kubernetes Gains Momentum as Big-Name Vendors Flock to Cloud Native Computing Foundation

Like a train gaining speed as it leaves the station, the Cloud Native Computing Foundation is quickly gathering momentum, attracting some of the biggest names in tech.

19:30

The Cloud-Native Architecture: One Stack, Many Options

As the chief technology officer of a company specialized in cloud native storage, I have a first hand view of the massive transformation happening right now in enterprise IT. In short, two things are happening in parallel right now that make it radically simpler to build, deploy and run sophisticated applications.

The first is the move to the cloud. This topic has been discussed so much that I wont try to add anything new. We all know its happening, and we all know that its impact is huge.

19:25

Scientists Edit Embryos Genes to Study Early Human Development cryptogon.com

Via: Reuters: British scientists have used a genome editing tool known as CRISPR/Cas9 to knock out a gene in embryos just a few days old, testing the techniques ability to decipher key gene functions in early human development. The researchers said their experiments, using a technology that is the subject of fierce international debate because []

19:12

East Asias Patent Peril and the Curse of Patent Trolls Techrights

From manufacturing to merely taxing manufacturers?

A factory

Summary: The high cost of Chinas new obsession with patents and the never-ending saga of Samsung (Korea), which gets dragged into courts not only in the US but also in China

THE unit once owned by Google (now Lenovo) namely Motorolas mobile business is in the news again. IAM says that the judge who oversaw Microsofts patent war on Linux (Android/Motorola) is upset that Britain now enables patent trolls to operate in London (we wrote a lot about this decision at the time). Huawei, a Chinese giant and leading Android OEM, was attacked by Ericssons patent troll. As IAM puts it:

US district court judge James Robart has taken aim at the decision handed down by Justice Colin Birss in the high profile London High Court SEP/FRAND case of Unwired Planet v Huawei, decided earlier this year. Speaking at the annual IPO meeting in San Francisco yesterday, Robart who handed down the famous Microsoft v Motorola decision in 2013 and sits in the Western District of Washington said that Birss was wrong to offer specific royalty rates for the technology in question, rather than offering a range, and stated that he did not expect the judgment to be particularly influential in US courthouses.

[...]

Robarts claim that the Unwired decision wouldnt have much influence over US courts has previously been made by former Chief Judge for the Federal Circuit Paul Michel who told this blog after the London ruling was handed down that the US legal system was traditionally inward looking and so rarely paid much heed to overseas cases. Of course, judges around the world often disagree on key areas of patent law the Supreme Courts rulings in several patent eligibility cases has meant that the US is out-of-step with many jurisdictions in sectors like medical diagnostics but Robarts comments highlight the degree to which the law in FRAND licensing remains unsettled.

This decision ought to have been a wake-up call for Huawei, Lenovo (now holding Motorolas assets), and China in general. Patent maximalism harms them everywhere. IAM also wrote about t...

19:12

Nanotechnology to treat cancer? Lifeboat News: The Blog

The therapy has been approved by the FDA for phase one clinical trials at three U.S. institutions: the Greenebaum Cancer Center of the University of Maryland, the Medical University of South Carolina and the University of Virginia Cancer Center.

19:06

Why you should care about the meat industry Terra Forming Terra


What is so wrong about the meat industry is the attempt to subject it to mass production.  So far the results have been unsatisfactory in a number of ways. This is a pretty good list.

I do think that we have to abandon the whole protocol generally and focus on establishing land and human friendly herds.  That does mean small pastured cattle herds which the land can bear.  It means free range chicken growing that also specializes in soil turning as well; as egg production.  Both methods sharply lowers the use of grains except to late fatten for slaughter.

We already know how to do this using modern  power equipment as well to assist.

The whole butchering enterprise needs to also be sharply scaled back to a size where an operator can avoid throughput thinking...

...

WHY YOU SHOULD CARE ABOUT THE MEAT INDUSTRY


September 6, 2017


Wes Annac, Contributor

http://www.wakingtimes.com/2017/09/06/care-meat-industry/


You dont have to be a vegetarian or animal activist to be angry with whats happening in the meat industry. Corruption and abuse litter an industry that provides food in inhumane ways for the sake of profit.


In this article, well be discussing things I wish werent happening and am therefore doing my part to help stop. Some parts of this article might be tough to read, but by sharing this difficult information with you, I hope to help you see why you should care.


Vegetarians and meat eaters can work together to effect much-needed change in the industry if we can learn the facts and commit to this common goal. The cause is important for those who want to protect animals and those who want to ensure meat is produced ethically (and is thus safer for consumption).


The first reason you should be concerned is that despite recent changes in regulation, the industry remains the same.


Recent Regulation Changes Have Not Solved the Industrys Biggest Problems


Henry Imhoff Helena wrote...

18:52

Discovery helps engineer more accurate Cas9s for CRISPR editing Lifeboat News: The Blog

Detailed study of how Cas9 protein domains move when they bind DNA leads to re-engineered Cas9 with fewer off-target effects.

18:33

Instead of Protecting the Earth, EPA Agents Now Forced to Serve as Pruitt Bodyguards SoylentNews

Common Dreams reports

Thanks to a hiring freeze, budget cuts, and the exorbitant travel needs of Trump's cabinet, Environmental Protection Agency (EPA) agents are being forced to ditch climate crime investigations in order to serve as personal bodyguards for EPA administrator Scott Pruitt, resulting in what one critic called an "evaporation of criminal enforcement".

"The EPA head has traditionally had one of the smallest security details among cabinet members," the Washington Post reported [September 19]. But Pruitt's expansive security team--which cost taxpayers over $830,000 in his first three months as EPA chief--has shattered all precedent.

"This never happened with prior administrators", Michael Hubbard, former head of the EPA Criminal Investigation Division's Boston office.

Pruitt's 24/7, 18-member security detail "demands triple the manpower of his predecessors" and is forcing "officials to rotate in special agents from around the country who otherwise would be investigating environmental crimes", the Post's Juliet Eilperin and Brady Dennis noted.

These officials "signed on to work on complex environmental cases, not to be an executive protection detail", Hubbard observed. "It's not only not what they want to do, it's not what they were trained and paid to do."

The impact of this transfer of resources can already be seen in the rapidly falling number of new cases opened by the EPA's Criminal Investigation Division. Eilperin and Dennis note that the "current fiscal year is on pace to open just 120 new cases...down sharply from the 170 initiated last year".


Original Submission

Read more of this story at SoylentNews.

18:30

Pneumatic Origami Hackaday

Odds are that if youve been to the beach or gone camping or somewhere in between, you are familiar with inflatable products like air mattresses. Its nothing spectacular to see a rectangle inflate into a thicker, more comfortable rectangle, but what if your air mattress inflated into the shape of a crane?

Weve seen similar ideas in quadcopters and robots using more mechanical means, but this is method uses air instead. To make this possible, the [Tangible Media Group] out of [MITs Media Lab] have developed aeroMorph a program that allows the user to design inflatable constructs from paper, plastic or fabric with careful placement of a few folding joints.

These designs are exported and imprinted onto the medium by a cartesian coordinate robot using a heat-sealing attachment. Different channels allow the medium to fold in multiple directions depending on where the air is flowing, so this is a bit more complicated than, say, a bouncy castle. That, and its not often you see paper folding itself. Check it out!

...

18:29

USPTO Starts Discriminating Against Poor People, and Does So Even When They Rightly Point Out Errors Techrights

Forget these photo-ops, he doesnt work for the children (patent indoctrination starts early)

USPTO's Leadership
Source: USPTOs Leadership blog

Summary: Even though the burden of proof ought to be on one who grants a monopoly, the legal costs are being offloaded onto those who challenge an erroneously-granted monopoly (even if the court sides with the challenger)

YESTERDAY we wrote about a bogus Google patent making its way through the system. The Polish challenger could not afford legal advice and therefore it seems likely that Google will get its way. Such is the nature of the system today and it seems to have just gotten worse. As one firm put it a few days ago (emphasis below is ours):

The US Patent and Trademark Office (USPTO) recently began making applicants who challenge agency rulings on trademarks and patents in district court pay the attorney fees and expenses of the agency, regardless of the cases outcome. This was supported by the Fourth Circuit Court of Appeals for trademarks in 2015, and more recently by a panel of the Court of Appeals for the Federal Circuit for patents in Nantkwest, Inc v Matal (June 23 2017). However, the Federal Circuit appears to be having second thoughts, as in August 2017 it vacated the Nantkwest panel decision of its own accord and ordered a rehearing by the full court.

This is really bad. So its going to get a lot harder for anyone other than large corporations to point out errors in examination. In addition to this, theres now a big lobby (led by trolls and parasites) against PTAB, which has made challenges more affordable.

Whose system is this and what is it for? It was supposed to correctly issue patents and revoke/reject applications where triviality/prior art, for instance, could be demonstrated/shown.

The USPTO grants patents which certainly look like parody sometimes. Consider this example of a patent, spotted by Dennis Crouch the other day. Notice the length:

...

17:56

Ambrose Chan Enters Document Security Systems (DSS), a Partly Patent Troll Entity Techrights

De-storying the destructive strategy of destroying ones competitors (by litigation).

Summary: The Board of Directors of DSS enlists a man from Singapore, whose lack of technical background suggests that the company is still more of a bully than an innovator

Serial litigator DSS is at it again, hiring non-technical people as its real business collapses. For background, read this 2012 article about DSS (comparing it to Vringo, a patent troll).

According to this press release and form (8-K), DSS turns to Singapore, which harbours some patent trolls (not just tax evaders, having become one of the top 5 places for people to pursue tax havens in), and hires this man:

While Chan does not appear to have much of a background in technology or intellectual property, his comments when appointed as a board member suggest that his focus is on the operating part of DSSs business.

[...]

Todays incarnation of DSS is the product of the first known merger between an NPE (Lexington Technology Group) and an operating business. Ronaldi, who led the previous standalone patent licensing business, took over as chief of the merged entity in 2013.

Its true that DSS may still have some products, but those are gradually going away as the company turns to serial litigation (NPE is a euphemism for patent troll). Earlier this year it filed lawsuits in the Eastern District of Texas.

Meanwhile, over at IP Kat theres...

17:43

Night Vision Enabled Security Cameras Secretly Transfer Your Data HackRead

By Waqas

A team of researchers from the Ben-Gurion University of the

This is a post from HackRead.com Read the original post: Night Vision Enabled Security Cameras Secretly Transfer Your Data

17:30

Dear Texas, how many times do we have to rebuild the same house? (You're next Florida) Terra Forming Terra




















How Precient as Irma barrels in to possibly take out Miami while i write this.

Look ladies, in terms of geologic time and not human time, coastal builds are destroyed consistently and should not be entertained unless necessary and then be built to withstand  a major tsunami at least.  Recall that the entire East Coast was depopulated 1500 years ago deep inland through what appears to be the effect of an asteroid impact in the Atlantic.


We need to anticipate a water line similar to what Houston just experienced and deep set backs from the coast itself preferably filled with healthy woodland several miles deep to break up a storm tide.

Then all builds need to insist on concrete to the top of that water line.  I am getting tired of seeing wet dry wall and moldy studs.

At the same time all subsidy needs to be dropped and a premium insurance scheme for anything built there.

I would also go as far as insisting that beach residences be simply movable as well.  Who needs piles of debris?  Of course pretty soon we can build gravity platforms and then perhaps we can elevate buildings :-).  Or perhaps we simply insist on jack up buildings on piles that climb twenty feet when needed.  Great for a beach and may well become popular..



Dear Texas, how many times do we have to rebuild the same house? (You're next Florida)

Written by Jim Bovard Date: 09-01-2017 

https://www.freedomsphoenix.com/Article/224737-2017-09-01-dear-texas-how-many-times-do-we-have-to-rebuild.htm

...

17:30

Obama's heartfelt post on DACA Terra Forming Terra

  



As it should of course.  However, it is also rather clear that this is a hard ball tactic aimed at getting congress to generate a proper immigration act.  The problem is that it is even necessary at all.  

More obviously the original resolution was by executive order and that is also deemed unconstitutional no less by observers.  Thus the situation added to the behavior in simply applying the law by the administration is a tell that we have a war going on that has eliminated rational resolution without serious duress applied.

What Trump has done is put himself in position to blame his opponents for their real failures, rather than wearing it all himself.  This may work to focus their attention as well instead of dreaming up bombs to throw at Trump.

.

Obama's heartfelt post on DACA is going viral.

'Its up to Members of Congress to protect these young people and our future. Im heartened by those whove suggested that they should.'




by Parker Molloy 

http://www.upworthy.com/obamas-heartfelt-post-on-daca-is-going-viral?c=upw1

On Tuesday morning, Attorney General Jeff Sessions announced plans to wind down former President Obama's Deferred Action for Childhood Arrivals (DACA) program.

Announced in June 2012, DACA was implemented to give undocumented immigrants who were brought here as children some peace of...

17:30

Bionic lens can make vision three times better than 20-20 Terra Forming Terra







This is the beginning that essentially eliminates all forms of corrective lenses.  Add in the three fold improvement over normal vision and this becomes a profitable trade off.

Now if we can add in a few extras such an ability to sense a wide range of ultraviolet light as well it would soon be unstoppable.

It should not be too difficult to integrate this with computer tech as well to allow data gathering that is noninterfering.
.
Bionic lens can make vision three times better than 20-20


brian wang | September 5, 2017 |


https://www.nextbigfuture.com/2017/09/bionic-lens-can-make-vision-three-times-better-than-20-20.html

The Bionic Lens is a dynamic lens that replaces the natural lens inside the eye via one of the most common and successful procedures in medicine cataract surgery. Once there, the lens restores clear vision at all distances without any visual quality problems. It can auto-regulate within the eye by connecting to the muscles that change the curvature of our natural lenses, which allows it to focus at different ranges potentially much wider ranges than our natural sight is capable of. In addition, because the Bionic Lens responds with less than 1/100 the amount of energy of the natural lens, you can also focus on something all day without any strain on the eyes.

The Bionic Lens could improve on the 20/20 vision threefold. Imagine that you can see a clocks dial 10 feet away. With the lens you would be able to see the dial in the same detail when it is 30 feet away.



Future Bionic lens could also include projection systems that will give the user capabilities of projecting their phone screen, or integrating NASA technologies to allow for better focusing resolution than anything seen before, or even installing a system that allows for slow drug delivery inside the eye.

Initially the system will cost $3200 per lens without including the cost of the surgery.
...

17:13

How to find and replace text/IP address with Ansible nixCraft

I need to find an IP address in the sshd_config file and replace with a fresh one for over 100+ VMs. How do I use Ansible to do so? Is it possible to search replace single string or IP address? Yes, you can use the following Ansible modules: replace This module will replace all Continue reading "How to find and replace text/IP address with Ansible"

17:08

UPC Threatens to Weaponise Software Patents in Countries That Forbade These Techrights

Cannon

Summary: The reality of software patents in Europe and what a Unified Patent Court (UPC) would mean for these if it ever became a reality

Having to inspect the patent database before writing a single line of code, thats not what I call Happy Programmers Day, Benjamin Henrion wrote the other day, adding that it does not change much to the fact that the EPO and al [sic] still forces you to read their invention garbage.

The EU rejects software patents, but the EPO flagrantly disobeys the rules, instructions, common sense etc.

Henrion took note of this new article from an EPO-friendly site, relaying the words of Francisco Mingorance [who is] executive secretary of IP Europe, a lobby group representing European technology companies and research institutes.

Open standards and Francisco Mingorance do not go well in the same sentence, Henrion wrote. We now await a communication from the European Commission on FRAND licensing this autumn, he added. FRAND is a euphemism for patent traps inside standards.

To say the least, Mingorance is an enemy of programming. He used to work for the Business Software Alliance (BSA), a pro-FRAND, anti-FOSS, pro-software patents lobby (and the whole bundle of Microsoft lobbying).

At the moment, the main concern we have is that Unitary Patent lobbying threatens to bring software patents to more countries, even countries which explicitly disallow software patents. We wrote many articles about that before.

Theres one particular comment in IP Kat which reinforces our views about the UPC. The comment is very long so its author was prevented from posting it (or rather having it published) to the point of...

16:55

Iranian cyber spies APT33 target aerospace and energy organizations Security Affairs

The Iran-linked APT33 group has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea.

According to security firm FireEye, a cyber espionage group linked to the Iranian Government, dubbed APT33, has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea.

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production.

From mid-2016 through early 2017, APT33 compromised a U.S. organization in the aerospace sector and targeted a business conglomerate located in Saudi Arabia with aviation holdings. reads a blog post published by FireEye.

During the same time period, APT33 also targeted a South Korean company involved in oil refining and petrochemicals. More recently, in May 2017, APT33 appeared to target a Saudi organization and a South Korean business conglomerate using a malicious file that attempted to entice victims with job vacancies for a Saudi Arabian petrochemical company.

According to the experts, the APT33 group is gathering information on Saudi Arabias military aviation capabilities to gain insight into rivals in the MiddleEast.

We assess the targeting of multiple companies with aviation-related partnerships to Saudi Arabia indicates that APT33 may possibly be looking to gain insights on Saudi Arabias military aviation capabilities to enhance Irans domestic aviation capabilities or to support Irans military and strategic decision making vis a vis Saudi Arabia, continues FireEye.

We believe the targeting of the Saudi organization may have been an attempt to gain insight into regional rivals, while the targeting of South Korean companies may be due to South Koreas recent partnerships with Irans petrochemical industry as well as South Koreas relationships with Saudi petrochemical companies, 

The cyberspies leverage spear phishing emails sent to employees whose jobs related to the aviation industry.

...

16:54

Study Says Apple Data-Mining Safeguards Don't Protect Privacy Enough SoylentNews

Submitted via IRC for SoyCow5743

During last year's WWDC in June 2016, Apple noted it would be adopting some degree of differential privacy methods to ensure privacy while the company mined user data on iOS and Mac OS. In short, the technique adds noise to data that scrambles it enough to prevent it from becoming identifiable -- though the company made clear at the time that its data collection process was opt-in. Over a year later, a study claims that Apple's methods fall short of the digital privacy community's expectations for how much a user's data is kept private.

As they reveal in their study (PDF), researchers from the University of Southern California, Indiana University and China's Tsinghua University evaluated how Apple injects static into users' identifiable info, from messages to your internet history, to baffle anyone looking at the data, from the government to Apple's own staff. The metric for measuring a setup's differential privacy effectiveness is called a "privacy loss parameter" or, as a variable, "epsilon." In this case, the researchers discovered that Apple's epsilon on MacOS allowed a lot more personal data to be identifiable than digital privacy theorists are comfortable with, and iOS 10 permits even more.

Apple has refuted the study's findings, especially on its alleged ability to link data to particular users.

Source: https://www.engadget.com/2017/09/15/study-says-apple-data-mining-safeguards-dont-protect-privacy-en/


Original Submission

Read more of this story at SoylentNews.

16:24

The Latest Lies About the Unitary Patent (UPC) and CIPOs Participation in Those Techrights

They got CETA, but they wont get UPC

UPC truth

Summary: Team UPC continues to overplay its chances, conveniently ignoring simple facts as well as the Rule of Law

THE EPO is quiet. So is SUEPO, the staff union of the EPO, whose Web site has not been updated for a while. On the UPC front, however, spin continues. Left unchallenged, some people out there might even believe it. Team UPC extravagantly lies, exaggerates, and places too much emphasis on perceived positives. Everything else is discarded, ignored, or ridiculed.

As we noted earlier this week, theres UPC propaganda coming to Canada pretty soon. We cant help but wonder, why would anyone actually pay to be lied to by Team Battistelli about the UPC in Montreal (Canada)? Maybe to make contacts/connections? A few days ago CIPO wrote: Only 2 days left to register to the #Montreal roadshow with @EPOorg on Unitary #Patent & Unified Patent Court!

Thats just basically Battistellis right-hand liar. Shell be spreading the usual lies there. They will have the audience believe that the UPC is coming very soon. Bristows is doing the same thing this week, with staff pretty much repeating themselves regarding Scotland (never mind the reality of Brexit).

IAMs chief editor also did his thing earlier this week. The UK-based IAM is perfectly happy that the EPOs declining patent quality (which IAM helps Battistelli deny) brings its beloved patent trolls to Europe. Joff Wild speaks of the UPC again, joined by the term BigTech with the usual whipping boy being Google. Here are some portions:

And that brings me to patents. As everyone in the IP market knows, over recent year Europe has emerged as a much more important part of the equation for patent owners seeking to assert their rights. For multiple reasons including the perceived quality of EPO-granted assets, speed to get a decision, the relatively low cost of litigating, the expertise of courts and...

15:59

FedEx announces $300m in lost business and response costs after NotPetya attack Security Affairs

FedEx is the last firm in order of time that disclosed the cost caused by the massive NotPetya, roughly $300m in lost business and response costs.

The malware compromised systems worldwide, most of them in Ukraine, the list of victims is long and includes the US pharmaceutical company Merck, the shipping giant Maersk, the Ukraines central bank, Russian oil giant Rosneft, advertising group WPP, TNT Express and the law firm DLA Piper.

According to the second quarter earnings report published by Maersk, there were expecting losses between $200 million and $300 million due to significant business interruption because the company was forced to temporarily halt critical systems infected with the ransomware.

The situation announced by FedEx is also disconcerting, its systems will only be fully restored only at the end of September, three months after the incident.

The worldwide operations of TNT Express were significantly affected during the first quarter by the June 27 NotPetya cyberattack. Most TNT Express services resumed during the quarter and substantially all TNT Express critical operational systems have been restored. However, TNT Express volume, revenue and profit still remain below previous levels, the company said on Tuesday.

Operating results declined due to an estimated $300 million impact from the cyberattack, which was partially offset by the benefits from revenue growth, lower incentive compensation accruals and ongoing cost management initiatives,

NotPetya

 

During a conference call with financial analysts on Tuesday, FedEx chief information officer Rob Cart...

15:30

An Unconference Badge Thats Never Gonna Give You Up Hackaday

When your publication is about to hold a major event on your side of the world, and there will be a bring-a-hack, you abruptly realise that you have to do just that. Bring a hack. With the Hackaday London Unconference in the works this was the problem I faced, and Id run out of time to put together an amazing PCB with beautiful artwork and software-driven functionality to amuse and delight other attendees. It was time to come up with something that would gain me a few Brownie points while remaining within the time I had at my disposal alongside my Hackaday work.

The badge internals.The badge internals.

I evaluated a few options, and ended up with a Raspberry Pi Zero as an MP3 player through its PW...

15:10

The Patents Policy of Facebook is Causing an Exodus Techrights

They trust me. Dumb fucks

Mark Zuckerberg, President and Founder of Facebook (source)

Summary: Yet another major player walks away from Facebooks code because of software patents

THE history of Facebook when it comes to patents is anything but relieving.

Facebooks dirty patent games have in fact just driven away another company. We didnt write much about this controversy until recently (relegated to our daily links), but now that the cautionary tale grows wings we decided its worth a mention. Last night there was another new example of this, with Gitlab being the latest to walk away. As The Register put it:

Using GraphQL, an increasingly popular query language for grabbing data, may someday infringe upon pending Facebook patents, making the technology inherently problematic for corporate usage.

In an analysis posted to Medium and in a related discussion in the GraphQL repo on GitHub, attorney and developer Dennis Walsh observed that Facebooks GraphQL specification doesnt include a patent license. In other words: using GraphQL in your software may lead to your code infringing a Facebook-held patent on the technology in future.

The patents (as of a few weeks ago) were granted but not issued, said Walsh in an email to The Register today. Damages can start before issuance but litigation cannot. But post-issuance, the threat is very real. My reading of two GraphQL granted applications and the GraphQL spec is that any properly implemented GraphQL server infringes.

Whats pleasing to see here is that fairly large companies, not just individual developers, are willing to throw away code because of patent clauses. Spectators should take that for a sign that software patents have no room in software development. Theres a price to be paid for clinging onto them.

15:05

"Researcher" Says This Saturday Will be the End of the World SoylentNews

If you had big plans this weekend, David Meade regrets to inform you that the world will be ending Saturday.

Meade, a Christian numerologist and self-described "researcher," says Sept. 23 is foretold in the Bible's Book of Revelation as the day a series of catastrophic events will begin, and as a result, "a major part of the world will not be the same," the Washington Post reports.

The Bible prophecies a woman "clothed with the sun" and a "crown of 12 stars" giving birth to a boy who will "rule all the nations" while she fights off a seven-headed dragon. The woman, Meade says, is the constellation Virgo, which on Saturday will be positioned under nine stars and three planets, per Popular Mechanics.

The baby boy will be the planet Jupiter, which will be moving out of Virgo on that night.

According to Meade, who says he studied astronomy at an unspecified university in Kentucky, the great change in our world will be the result of the arrival of Nibiru, a planet famous in conspiracy circles but which astronomers say doesn't exist.

http://wnep.com/2017/09/20/researcher-says-this-saturday-will-be-the-end-of-the-world/
https://www.washingtonpost.com/news/acts-of-faith/wp/2017/09/17/the-world-as-we-know-it-is-about-to-end-again-if-you-believe-this-biblical-doomsday-claim/ (soft paywalled)


Original Submission

Read more of this story at SoylentNews.

14:31

Links 20/9/2017: Wine Staging 2.17, Randa 2017, Redox OS 0.3.3 Techrights

GNOME bluefish

Contents

GNU/Linux

  • 5 fundamental differences between Windows 10 and Linux

    This comparison really only scratches the surface. And dont get me wrong, there are areas where Windows 10 bests Linux (few, but they do exist). In the end, however, the choice is yours. Chances are youll be making the choice based on which platform will allow you get more work done and do so with a certain level of efficiency and reliability. I would highly recommend, to anyone, if Linux can enable you to get your work donegive it a go and see if you dont find it more dependable and predictable.

  • Desktop

    • Manchester police still relies on Windows XP

      Englands second biggest police force has revealed that more than one in five of its computers were still running Windows XP as of July.
      Greater Manchester Police told the BBC that 1,518 of its PCs ran the ageing operating system, representing 20.3% of all the office computers it used.
      Microsoft ended nearly all support for the operating system in 2014. Experts say its use could pose a hacking risk.
      The figure was disclosed as part of a wider Freedom of Information request.
      Even if security vulnerabilities are identified in XP, Microsoft wont distribute patches in the same way it does for later releases of Windows, said Dr Steven Murdoch, a cyber-security expert at University College London.

    • Pixelbook leak: Googles new high-end Chromebook expected October 4

      The Chomebook Pixel was the Rolls-Royce of Chromebooks. It was faster, more powerful, and came with a better display than any other laptop in its day. Google, however, decided that, while the company would still release ne...

14:06

NEW 'Off The Hook' ONLINE 2600 - 2600: The Hacker Quarterly

NEW 'Off The Hook' ONLINE

Posted 21 Sep, 2017 3:36:22 UTC

The new edition of Off The Hook from 20/09/2017 has been archived and is now available online.

14:05

Equifax Breach: Setting the Record Straight Krebs on Security

Bloomberg published a story this week citing three unnamed sources who told the publication that Equifax experienced a breach earlier this year which predated the intrusion that the big-three credit bureau announced on Sept. 7. To be clear, this earlier breach at Equifax is not a new finding and has been a matter of public record for months. Furthermore, it was first reported on this Web site in May 2017.

equihaxIn my initial Sept. 7 story about the Equifax breach affecting more than 140 million Americans, I noted that this was hardly the first time Equifax or another major credit bureau has experienced a breach impacting a significant number of Americans.

On May 17, KrebsOnSecurity reported that fraudsters exploited lax security at Equifaxs TALX payroll division, which provides online payroll, HR and tax services.

That story was about how Equifaxs TALX division let customers who use the firms payroll management services authenticate to the service with little more than a 4-digit personal identification number (PIN).

Identity thieves who specialize in perpetrating tax refund fraud figured out that they could reset the PINs of payroll managers at various companies just by answering some multiple-guess questions known as knowledge-based authentication or KBA questions such as previous addresses and dates that past home or car loans were granted.

On Tuesday, Sept. 18, Bloomberg ran a piece with reporting from no fewer than five journalists there who relied on information provided by three anonymous sources. Those sources reportedly spoke in broad terms about an earlier breach at Equifax, and told the publication that these two incidents were thought to have been perpetrated by the same group of hackers.

The Bloomberg story did not name TALX. Only post-publication did Bloomberg reporters update the piece to include a statement from Equifax saying the breach was unrelated to the hack announced on Sept. 7, and that it had to do with a security incident involving a payroll-related service during the 2016 tax year.

I have thus far seen zero evidence that these two incidents are related. Equifax has said the unauthorized access to customers employee tax records (well call this the March breach from here on) happened between April 17, 2016 and March 29, 2017.

The criminals respo...

13:26

SEC says hackers may have profited from stolen insider information The Hill: Technology Policy

The Securities and Exchange Commission said Wednesday that hackers infiltrated its corporate filing system in 2016 and may have profited from stolen insider information.The SEC announced that hackers exploited security flaws in the agencys Edgar...

13:26

Google to Buy HTC Phone Business SoylentNews

Android Central and many others are reporting that HTC has issued a Trading Halt pending a Major Announcement order to the markets.

The reason:

Google is expected to buy HTC's smartphone business altogether, taking on its research and development, manufacturing, distribution and supplier ties. HTC will continue to operate its other business units, but it isn't yet clear what would come of its HTC-branded phones.

It has been rumored that HTC was in the "final stage of negotiation with Google" for selling off its smartphone business, and it looks like things are coming to a head.

Google needs handsets to support its Pixel line of phones for Project Fi demands and has only been partly successful in filling these needs by contracting with manufacturers for the custom phones needed to support the multi-carrier Fi phones. HTC is currently manufacturing the Pixel line of phones for Google.

HTC has made outstanding phones that suffered from poor marketing, and has never garnered a significant market share.

See also https://www.bloomberg.com/news/articles/2017-09-20/google-is-said-close-to-buying-htc-assets-to-bolster-hardware (Warning Auto-play Video) where Bloomberg's analysts points out:

A more Apple-like approach to smartphone production would also allow Google to steer Android in its preferred direction. The tech giant has struggled to get handset makers and carriers to ship Android devices with new, secure software. The Pixel was designed, in part, to prompt other Android phone makers to follow on the latest Google bells and whistles. Still, some Android partners are moving ahead with competing software efforts -- Huawei Technologies Co. linked up with Amazon's assistant, and Samsung Electronics Co. is building its own.


Original Submission

Read more of this story at SoylentNews.

12:30

Fun-Size Geiger Counter Sits atop a 9-Volt Battery Hackaday

Want a little heads-up before walking into a potentially dangerous radioactive area? Sure, we all do. But the typical surplus Civil Defense Geiger counter is just too bulky to fit into the sleek, modern every-day carry of the smartphone age. So why not slim down your first line of defense against achieving mutant status with this tiny Geiger counter (Facebook)?

We jest about the use cases for a personal-sized Geiger counter, as [Ian King]s inspiration for this miniaturized build was based more on a fascination with quantifying the unseen world around us. Details are thin in his post, but [Ian] kindly shared the backstory for this build with us. Working on a budget and mostly with spare parts, the big outlay in the BOM was $20 for a Soviet-era SBM-10 tube, itself a marvel of miniaturization. While waiting the two months needed for the tube to arrive, [Ian] whipped up a perf board circuit with a simple oscillator and a CFL transformer to provide the 400 volts needed for the tube. The whole circuit, complete with tiny speaker and an LED to indicate pulses, sits neatly on top of a 9-volt battery. The video below shows it in action with a test source.

Geiger counters are not exactly rare projects on Hackaday, and with good reason. Take a look at this no-solder scrap bin counter or this traveling GPS Geiger counter built dead-bug style.

Thanks to [Cyphixia] for spotting this one for us.


Filed under: misc hacks

12:19

Distribution Release: Kali Linux 2017.2 DistroWatch.com: News

Kali Linux is a Debian-based distribution with a collection of security and forensics tools. The project's latest version, Kali Linux 2017.2, introduces a number of new security and penetration tools, as well as package updates from Debian's Testing branch. "In addition to all of the standard security and....

12:17

11:37

Apple Watch Series 3 Ships with LTE Bug SoylentNews

The major feature of the third iteration of the Apple Watch, LTE cellular connectivity, can fail due to a bug involving Wi-Fi. This problem has been reflected in reviews of the device:

The new Apple Watch is mostly an iterative update over its predecessor, but for one major feature: LTE. The addition of cellular connectivity has been touted as everything from "nice" to "game changing," but reviewers appear to have early issues in testing. I didn't run into any in my own testing, but the Verge reported some big hiccups connecting to the cellular network on the device.

An Apple spokeswoman confirmed the problem with TechCrunch, stating, "We have discovered that when Apple Watch Series 3 joins unauthenticated Wi-Fi networks without connectivity, it may at times prevent the watch from using cellular. We are investigating a fix for a future software release."

The LTE also does not work if you take the device to another country.

Also at The Verge, Fox Business (WSJ/Dow Jones reprint), and Fortune.


Original Submission

Read more of this story at SoylentNews.

Apple Watch Series 3 Ships with LTE Bug SoylentNews

The major feature of the third iteration of the Apple Watch, LTE cellular connectivity, can fail due to a bug involving Wi-Fi. This problem has been reflected in reviews of the device:

The new Apple Watch is mostly an iterative update over its predecessor, but for one major feature: LTE. The addition of cellular connectivity has been touted as everything from "nice" to "game changing," but reviewers appear to have early issues in testing. I didn't run into any in my own testing, but the Verge reported some big hiccups connecting to the cellular network on the device.

An Apple spokeswoman confirmed the problem with TechCrunch, stating, "We have discovered that when Apple Watch Series 3 joins unauthenticated Wi-Fi networks without connectivity, it may at times prevent the watch from using cellular. We are investigating a fix for a future software release."

The LTE also does not work if you take the device to another country.

Also at The Verge, Fox Business (WSJ/Dow Jones reprint), and Fortune.


Original Submission

Read more of this story at SoylentNews.

11:32

Fathers pass on four times as many new genetic mutations as mothers study Lifeboat News: The Blog

Researchers studied 14,000 Icelanders and found that men passed on one new mutation for every eight months of age, compared with women who passed on a new mutation for every three years of age.

The figures mean that a child born to 30-year-old parents would, on average, inherit 11 new mutations from the mother, but 45 from the father.

11:10

CVE-2017-14609 Kannel privilege escalation via PID file manipulation Open Source Security

Posted by Michael Orlitzky on Sep 20

Product: Kannel (open source WAP and SMS gateway)
Versions-affected: all
Bug-report: https://redmine.kannel.org/issues/771
Author: Michael Orlitzky

(This hasn't been fixed upstream but I don't expect a response, so I'd
rather not make people wait for the workaround.)

== Summary ==

The Kannel daemons create their PID files after dropping privileges to
a non-root user. That may be exploited (through init scripts or other...

10:55

[$] LWN.net Weekly Edition for September 21, 2017 LWN.net

The LWN.net Weekly Edition for September 21, 2017 is available.

10:30

HPR2384: Slackware in Scotland Hacker Public Radio

Beni aka @Navigium visited Andrew aka @mcnalu in Scotland as part of a cycling tour and they decided to record a follow up to their previous HPR show on Slackware to mark the release of Slackware 14.2, or rather the first anniversary of its release. Some points and links mentioned are: Arch is for fruitflies, Slackware for elephants? Destroying a hard drive hammer or drill? Grub vs Lilo? Changes in Slackware - no changes an end user would notice! Pulseaudio now included as needed for bluetooth support. In Andrew's experience of 14.1 and before, only one package needed Pulseaudio, namely the game VVVVVV and even then it just wanted to see it installed, didn't need it for sound to work! You can get gnome for slackware with dropline GNOME. Digression: Trains in Switzerland vs Scotland Beni and Andrew generally build our packages using the slackbuilds.org. There can be dependency issues but it's rare. Worst case is Pandoc with its Haskell deps but sbopkg queue files are a great help there. Beni recommends sbotools as an alternative that deals with this and feels like portsnap on FreeBSD. Digression: Recommend this HPR show on open-sourcing of Colossal Cave Adventure by ClaudioM. Managing WiFi networks: wicd vs NetworkManager vs rc.inet1 (slackware network config script). When camping and cycling, power is precious. Beni explains how to pack a bicycle for air travel. Expect Slackware in Switzerland! The hosts wish to clarify that no Italian Arch linux users nor fruitflies were harmed during the recording of this show.

10:24

Distribution Release: Endian Firewall 3.2.4 DistroWatch.com: News

Endian has announced the release of Endian Firewall 3.2.4, tan updated build in the 3.2 series of the project's CentOS-based Linux distribution for firewall and routers: "The Endian team is proud to announce an updated image for the 3.2 release. Check out the new release today by downloading....

10:03

Mesa Sees An Initial Meson Build System Port Phoronix

A few months ago was a vibrant discussion about a Meson proposal for libdrm/Mesa while today the initial patches were posted in bringing a possible Meson build system port for Mesa...

09:52

Stanislav Petrov, Credited for Averting Nuclear War, Dies at Age 77 SoylentNews

'I Was Just Doing My Job': Soviet Officer Who Averted Nuclear War Dies at Age 77

A Soviet officer who prevented a nuclear crisis between the US and the USSR and possible World War III in the 1980s has quietly passed away. He was 77. In 2010 RT spoke to Stanislav Petrov, who never considered himself a hero. We look at the life of the man who saved the world.

A decision that Soviet lieutenant colonel Stanislav Petrov once took went down in history as one that stopped the Cold War from turning into nuclear Armageddon, largely thanks to Karl Schumacher, a political activist from Germany who helped the news of his heroism first reach a western audience nearly two decades ago.

On September 7, Schumacher, who kept in touch with Petrov in the intervening years, phoned him to wish him a happy birthday, but instead learned from Petrov's son, Dmitry, that the retired officer had died on May 19 in his home in a small town near Moscow.

On September 26, 1983, Stanislav Petrov was on duty in charge of an early warning radar system in a bunker near Moscow, when just past midnight he saw the radar screen showing a single missile inbound from the United States and headed toward the Soviet Union.

"When I first saw the alert message, I got up from my chair. All my subordinates were confused, so I started shouting orders at them to avoid panic. I knew my decision would have a lot of consequences," Petrov recalled of that fateful night in an interview with RT in 2010.
...
It was later revealed that what the Soviet satellites took for missiles launch was sunlight reflected from clouds.

Many of us feel that one person can't make a real difference in the world. Stanislov Petrov did.

R.I.P. Stanislav Petrov, the man who saved the world

The Guardian and other news sources report, that Soviet Colonel Stanislav Petrov has died, age 77.

Petrov has become (not very) famous, because in 1983 his quick decision making averted a possible nuclear war.

I think that we, humans, are bad at recognizing significant events that led to everything continuing as normal..


Original Submission #1 Original Submission #2

Read more of this story at SoylentNews.

09:50

Smashing Security podcast #043: Backups - a necessary evil? Graham Cluley

Smashing Security podcast #043: Backups - a necessary evil?

When did you last backup your data? How and what should you backup? And where should you store them?

All is revealed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Vamarzis.

09:30

The Illuminated Waterways of the United States Hackaday

A recent convert to the ways of the laser cutter, redditor [i-made-a-thing] was in want of a project and stumbling on some waterways maps on Etsy launched into fabricating an illuminated map of all the waterways in the United States.

The map itself was laser-cut out of 1/4 inch plywood at his local makerspace. Thing is, smaller rivers and tributaries were too narrow at the scale [i-made-a-thing] wanted, so he ended up spending several hours in Photoshop preparing the image so larger rivers would be laser-cut and not break off while the rest would be etched onto the surface. After testing the process by making a few coasters, he was ready to get started on the real deal.

...

08:45

Overnight Tech: Senate Intel wants Facebook to testify | Apple's Tim Cook calls DACA 'biggest issue of our time' | Amazon algorithm suggested bomb-making items | Dems want new rules for online political ads The Hill: Technology Policy

BURR EXPECTS FACEBOOK TO TESTIFY: The Senate Intelligence Committee is expecting Facebook executives to testify at a public hearing as part of the panel's investigation into Russia's efforts to meddle in the 2016 presidential election.Sen....

08:23

US Navy to Use Xbox 360 Controllers for Submarine Periscopes SoylentNews

Submitted via IRC for Fnord666_

Each one of the US Navy's Virginia-class submarines costs about $2.6 billion. So, it should come as no surprise that it contains a lot of custom, high-end electronics and military hardware. The Navy is looking to save a little money on future submarines, and make them a bit easier to operate, by ditching some of that fancy custom technology in favor of a game console controller. According to Lockheed-Martin, the US government is in the process of outfitting Virginia-class submarines with Xbox 360 controllers to control the periscope.

[...] The idea to switch to gaming peripherals comes from Lockheed-Martin's classified research lab in Manassas, Virginia, which is lovingly referred to as "Area 51." Engineers and officers work together at this facility to find new uses for commercial hardware in the military. That could include hardware like the 360 controllers, Kinect, or a touch-screen tablet, but also consumer software like Google Earth.

[...] The Navy currently has 13 Virginia-class nuclear submarines to outfit with gamepads. Six new subs are already in various stages of production, and as many as 29 more might be built before a new vessel is ready for production in about 20 years.

Source: https://www.extremetech.com/extreme/256049-us-navy-use-xbox-360-controllers-submarine-periscopes


Original Submission

Read more of this story at SoylentNews.

08:03

Free Software Directory meeting recap for September 15th, 2017 FSF blogs

Every week free software activists from around the world come together in #fsf on irc.freenode.org to help improve the Free Software Directory. This recaps the work we accomplished at the Friday, September 15th, 2017 meeting.

Last week's theme was again adding new entries. This time we ended up filing a lot of bugs with packages, rather than getting to add a lot of packages. That's still a very useful part of the work that we do on the Directory. The Directory helps users to find free software, and making sure that there isn't a freedom issue with a particular package ensures that there's more free software out there for them to find. Often the issue is something simple, like a missing license file. But sometimes it can get a bit tricky to sort out, when there are multiple conflicting licenses. So there's work to be done that can be accomplished by volunteers of any skill level, from just starting out to license-hacking gurus. Hope to see you all there again at the next meeting.

If you would like to help update the directory, meet with us every Friday in #fsf on irc.freenode.org from 12 p.m. to 3 p.m. EDT (16:00 to 19:00 UTC).

07:32

The Way We Get Power Is About to Change Forever Lifeboat News: The Blog

Solar and wind power are all about the batteries.


The age of batteries is just getting started. In the latest episode of our animated series, Sooner Than You Think, Bloombergs Tom Randall does the math on when solar plus batteries might start wiping fossil fuels off the grid.

07:15

Facebook COO 'disgusted' by ad targeting tools, will add more human oversight The Hill: Technology Policy

Facebook chief operating officer Sheryl Sandberg announced new steps her company is taking in response to the discovery that advertisers could target individuals who expressed interest in racist and bigoted categories.Previously, advertisers could...

07:14

Mail Call - Voice Mail from 1967 Techmoan

The Mail Call from 1967 predicted the future of communication would be Voice Mailbut just not as we know it.
 
 

 

 

07:12

Dems ask FEC to create new rules in response to Russian Facebook ads The Hill: Technology Policy

Democratic lawmakers on Wednesday asked the Federal Election Commission (FEC) to establish new guidelines for online advertising platforms that would prevent foreign spending to influence U.S. elections.The move comes after Facebook provided...

07:12

Bacon Express Review Techmoan

Rubbish video - rubbish product, lets move on.
   

06:55

Critics of Sinclair merger urge Dems to block FCC chair's reconfirmation The Hill: Technology Policy

Opponents of Sinclair Broadcast Groups proposed acquisition of Tribune Media are calling on Senate Democrats to put a hold on the reconfirmation of Federal Communications Commission (FCC) Chairman Ajit Pai.A coalition of groups consisting of Allied...

06:51

Infrared Signals in Surveillance Cameras Let Malware Jump Network Air Gaps SoylentNews

Submitted via IRC for SoyCow1937

Researchers have devised malware that can jump airgaps by using the infrared capabilities of an infected network's surveillance cameras to transmit data to and from attackers.

The malware prototype could be a crucial ingredient for attacks that target some of the world's most sensitive networks. Militaries, energy producers, and other critical infrastructure providers frequently disconnect such networks from the Internet as a precaution. In the event malware is installed, there is no way for it to make contact with attacker-controlled servers that receive stolen data or issue new commands. Such airgaps are one of the most basic measures for securing highly sensitive information and networks.

The proof-of-concept malware uses connected surveillance cameras to bridge such airgaps. Instead of trying to use the Internet to reach attacker-controlled servers, the malware weaves passwords, cryptographic keys, and other types of data into infrared signals and uses a camera's built-in infrared lights to transmit them. A nearby attacker then records the signals with a video camera and later decodes embedded secrets. The same nearby attackers can embed data into infrared signals and beam them to an infected camera, where they're intercepted and decoded by the network malware. The covert channel works best when attackers have a direct line of sight to the video camera, but non-line-of-sight communication is also possible in some cases.

Researchers at Israel's Ben-Gurion University of the Negev and Shamoon College of Engineering said the malware establishes a two-way channel that attackers can use to communicate with compromised networks even when they're air-gapped. The covert channel can transmit data from a video camera to an attacker at 20 bits per second and from an attacker transmitter to a video camera at 100 bits per second. When more than a camera is used in the attacks the bit-rate may be increased further.

Source: https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/


Original Submission

Read more of this story at SoylentNews.

06:46

Optionsbleed bug makes Apache HTTP Server leak data from memory Help Net Security

On Monday, security researcher Hanno Bck detailed a memory-leaking vulnerability in Apache HTTP Server thats similar to the infamous OpenSSL Heartbleed bug uncovered in April 2014. Unlike Heartbleed, Optionsbleed (as Bck dubbed it) affects a relatively limited number of servers. About Optionsbleed (CVE-2017-9798) The bug affects Apache HTTP Server 2.2.x through 2.2.34 and 2.4.x through 2.4.27, and only those that sport a certain configuration in the .htaccess file. The vulnerability is actually a use after More

06:45

NVIDIA Offers Update On Their Proposed Unix Device Memory Allocation Library Phoronix

James Jones of NVIDIA presented this morning at XDC2017 with their annual update on a new Unix device memory allocation library. As a reminder, this library originated from NVIDIA's concerns over the Generic Buffer Manager (GBM) currently used by Wayland compositors not being suitable for use with their driver's architecture and then the other driver developers not being interested in switching to EGLStreams, NVIDIA's original push for supporting Wayland...

06:30

Salvaging Your Way to a Working Tesla Model S for $6500 Hackaday

If you possess modest technical abilities and the patience of a few dozen monks, with some skillful haggling you can land yourself some terrific bargains by salvaging and repairing. This is already a well-known ideology when it comes to sourcing things like electronic test gear, where for example a non working unit might be purchased from eBay and fixed for the price of a few passive components.

[Rich] from Car Guru has taken this to a whole new level by successfully salvaging a roadworthy Tesla Model S for $6500!

Sourcing and rebuilding a car is always a daunting project, in this case made even more challenging because the vehicle in subject is fairly recent, state of the art electric vehicle. The journey began by purchasing a black Tesla Model S, that [Rich] affectionately refers to as Delorean. This car had severe water damage rendering most of its electronics and mechanical fasteners unreliable, so [Richs] plan was to strip this car of all such parts, and sell what he could to recover the cost of his initial purchase. After selling the working modules of the otherwise drenched battery, motor and a few other bells and whistles his initial monetary investment was reduced to the mere investment of time.

With an essentially free but empty Tesla shell in his p...

05:33

More than three dozen schools call off classes after 'cyber terrorist' threat Graham Cluley

More than three dozen public schools and other educational institutions canceled classes after receiving threats from a "cyber terrorist."

David Bisson reports.

05:30

Friday Hack Chat: All About Drones Hackaday

In the future, drones will fill the skies. The world is abuzz (ha!) with news of innovative uses of unmanned aerial vehicles. Soon, our flying robotic overlords will be used for rescue operations, surveillance, counter-insurgency missions, terrorism, agriculture, and delivering frozen dog treats directly from the local Amazon aerodrome to your backyard. The future is nuts.

For this weeks Hack Chat, were going to be talking all about unmanned aerial vehicles. This is a huge subject, ranging from aeronautical design, the legal implications of autonomous flying machines, the true efficiency of delivering packages via drones, and the moral ambiguity of covering a city with thousands of mobile, robotic observation posts. In short, the future will be brought to us thanks to powerful brushless motors and lithium batteries.

Our guest for this weeks Hack Chat will be [Piotr Esden-Tempski], developer of UAV autopilot hardware for Paparazzi UAV. Paparazzi can be used for autonomous flight and control of multiple aircraft, and well be talking about the types of embedded systems that can be used for these applica...

05:23

APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware The Hacker News

Security researchers have recently uncovered a cyber espionage group targeting aerospace, defence and energy organisations in the United States, Saudi Arabia and South Korea. According to the latest research published Wednesday by US security firm FireEye, an Iranian hacking group that it calls Advanced Persistent Threat 33 (or APT33) has been targeting critical infrastructure, energy and

05:17

Scientists Want to Explore Asteroids With a Fleet of Nanoprobes SoylentNews

Submitted via IRC for SoyCow1937

Researchers at the Finnish Meteorological Institute (FMI) presented a mission plan today at the European Planetary Science Congress that would allow scientists to observe hundreds of asteroids over the course of just a few years. Their plan is to send 50 nanoprobes -- small space instruments -- into the asteroid belt that lies between Mars and Jupiter to take images and chemical measurements of around 300 large asteroids. "Asteroids are very diverse and, to date, we've only seen a small number at close range. To understand them better, we need to study a large number in situ. The only way to do this affordably is by using small spacecraft," FMI's Pekka Janhunen told Popular Mechanics.

The five kilogram probes would be affixed with a tiny telescope and a spectrometer that would analyze chemical samples from the asteroids. The nanoprobes would be propelled through space with electric solar wind sails, or E-sails. The E-sail would be composed of the main spacecraft, a smaller remote unit and a 20-kilometer-long tether that connects the two. That tether would be kept at a positive charge so that when positive ions emitted by the sun and traveling through space come in contact with it, they'll repel each other, giving the probe a nice boost.

[...] You can read the conference paper here.

Source: https://www.engadget.com/2017/09/19/scientists-explore-asteroids-fleet-nanoprobes/


Original Submission

Read more of this story at SoylentNews.

05:02

Using security cameras and infrared light to extract data from air-gapped networks Help Net Security

Researchers have demonstrated that its possible for attackers to covertly exfiltrate data from and send data into an air-gapped network by using the infrared light capabilities of (indoor and outdoor) security cameras connected to it. Infrared (IR) light is invisible to humans, but cameras are optically sensitive to it. They are also equipped with IR LEDs (used for night vision), which can be used to send out data. Infiltration and exfiltration scenarios The researchers have More

05:01

Viacom cloud config goof exposed Paramount Pictures, Comedy Central, MTV, and more Graham Cluley

Carelessness is believed to have exposed access credentials and other critical information assets owned by media giant Viacom Inc, leaving them viewable by anyone with an internet connection.

David Bisson reports.

04:47

A New DRM Driver Is Coming For Linux 4.15 Phoronix

TVE200 is a new Direct Rendering Manager driver being queued for Linux 4.15...

04:30

Hackaday Prize Entry: MOLBED Braille Display Hackaday

Electromechanical braille displays, where little pins pop up or drop down to represent various characters, can cost upwards of a thousand dollars. Thats where the Modular Low-cost Braille Electro Display, aka MOLBED, steps up. The projects creator, [Madaeon] aims to create a DIY-friendly, 3D-printable,  and simple braille system. Hes working on a single characters display, with the idea it could be expanded to cover a whole row or even offer multiple rows.

[Madeon]s design involves using Flexinol actuator wire to control whether a pin sticks or not. He designed a rocker system consisting of a series of 6 pins that form the Braille display. Each pin is actuated by two Flexinol wires, one with current applied to it and one without, popping the pin up about a millimeter. Swap polarity and the pin pops down to be flush with the surface.

This project is actually [Madeon]s second revision of the MOLBED system. The first version, an entry to the Hackaday Prize last year, used very small solenoids with two very small magnets at either end of the pole to hold the pin in place. The new system, while slightly more complex mechanically, should be easier to produce in a low-cost version, and has a much higher chance of bringing this technology to people who need it. Its a great project, and a great entry to the Hackaday Prize.

The HackadayPrize2017 is Sponsored by:
Digi-Key
Supplyframe
Microchip

04:29

XDC2017 Kicks Off With X.Org, Wayland & Graphics Talks Phoronix

The X.Org Developers Conference kicked off a short time ago at the Googleplex in Mountain View, CA. But even if you are not at the event, there is a livestream...

04:29

White House offered Peter Thiel intel adviser post: report The Hill: Technology Policy

Peter Thiel, a Silicon Valley venture capitalist and close ally of President Trump, has had talks to be a top intelligence adviser to the White House, according to a Vanity Fair report on Wednesday.The magazine cited three unnamed White House...

04:24

Windstream Gives Up Preemptive Fight Over ISPs Piracy Liability TorrentFreak

Can an Internet provider be held liable for subscribers who share pirated files? Yes, a Virginia federal jury ruled two years ago.

This verdict caused great uncertainty in the ISP industry, as several companies suddenly realized that they could become the next target.

Internet provider Windstream is among the companies that are worried about the fallout. With 1.1 million subscribers nationwide, it is one of the larger Internet providers in the United States. As such, it receives takedown notices on a regular basis.

Many of these notices come from music rights group BMG, which accused Windstream and its subscribers of various copyright infringements. These notices are issued by the monitoring outfit Rightscorp and often come with a settlement demand for the account holders.

When Windstream refused to forward these notices, as its not required to do so by law, BMG and Rightscorp increased the pressure. They threatened that the ISP could be liable for millions of dollars in piracy damages for failing to disconnect repeat infringers.

Faced with this threat, Windstream filed a request for declaratory judgment at a New York District Court last year, requesting a legal ruling on the matter. This preemptive lawsuit didnt turn out as planned for the ISP.

In April the court ruled that there is no actual controversy and that it cant issue a hypothetical and advisory opinion without concrete facts. As such, the case was dismissed for lack of jurisdiction.

Windstream didnt throw in the towel right away though and appealed the verdict. The ISP argued that the $150,000 in damages per infringement BMG claimed caused a real controversy.

BMGs accusations were not idle threats in light of the undisputed fact that BMG had recently obtained a $25,000,000 recovery against another conduit ISP based on similar claims, the ISP wrote in a brief last month.

Thus, the undisputed facts conclusively establish that an actual controversy exists to support Windstreams request for a declaration that it is not liable for any alleged infringement of BMGs copyrights.

Despite Windstreams initial persistence, something changed in recent weeks. Without any prior signs in the court docket, the company has now asked the Judge to dismiss the case entirely, with both parties paying their own costs.

Windstream respectfully requests that this Court dismiss in full Windstreams present...

04:04

When Google Used Alex Converse to Raid the Public Domain With Software Patents Techrights

Alex Converse

Summary: In its overzealous pursuit of software patents, Google is now turning public domain methods into private property (in defiance of critics)

Google lost its way; it lost its way on patents too. Google is not only pursuing software patents but it is also trying to privatise the public domain. As we had covered this twice already [1, 2] we decided to explore where things stand.

It turns out that the person who first brought up the subject is currently pursuing ways to find legal help for defending ANS coding, according to him.

Google is not only pursuing software patents but it is also trying to privatise the public domain.I have seen your Techrights article mentioning my ANS Goolge patent situation, he told us. There is also another ongoing patent attempt which is nearly granted by USPTO (second Notice of Allowance), also for basic obvious possibility.

This defense requires a serious legal help, I have no chance to afford. I have tried asking EFF and EFFE, but there was nearly no response (I wouldnt be surprised if they were supported by Google, like in the Barry Lynn sandal).

We have decided that the least we can do is raise this subject again (mention it publicly) and name the culprit/s in hope that bad PR alone would discourage him/them from proceeding. Failing that, we shall escalate with patent offices or whatnot.

We have decided that the least we can do is raise this subject again (mention it publicly) and name the culprit/s in hope that bad PR alone would discourage him/them from proceeding.It was all over the media in Poland, we have been told, but as usual, Google does not comment.

I have this experience too.

As it turned out, the so-called inventor has fled Google. His name is Alex Converse and people have already noticed that he left. From a comment:

According to his LinkedIn profile he is no longer with Google https://www.linkedin.com/in/al [linkedin.com]

And another right after that:

...

03:56

Russian groups organized pro-Trump rallies on Facebook: report The Hill: Technology Policy

Russia-linked groups attempted to organize over a dozen pro-Trump rallies around Florida during the 2016 elections, The Daily Beast reported on Wednesday.The rallies, which dozens attended, are the first known instance of Russian actors...

03:43

Amazon is Working on Smart Glasses to House Alexa AI, Says FT SoylentNews

Submitted via IRC for Fnord666_

Amazon is working on building a pair of smart glasses to house its Alexa voice assistant, and a home security camera that could be linked to its existing Echo connected devices to further expand their capabilities, according to a report in the FT citing people familiar with the company's plans.

The newspaper says one or both of these products could be launched before the end of the year, alongside updates to existing Echo devices.

An Amazon spokesperson declined to comment, saying company policy is not to comment on rumors or speculation.

According to the FT, the smart glasses are intended to be purely an earbuds-free housing for Amazon's Alexa AI with a bone-conduction audio system that would enable the wearer to hear Alexa without the need to be wired in.

With no mobile platform of its own to build on, Amazon has a strategic disadvantage vs Google and Apple because it cannot bake its voice AI into smartphone hardware where millions of engaged users could easily summon it hence the company working on a plethora of alternative connected devices to try to put Alexa within earshot anyway.

The idea for the glasses, which would be its first wearable, would be to do just that: Enable Alexa to be summoned from anywhere, vs the current situation where users are barking commands at static in-home speakers.

The FT reports the glasses would wirelessly tether to a user's smartphone for connectivity. They are also apparently being designed to look like a regular pair of spectacles, so they could be worn comfortably and unobtrusively.

Source: https://techcrunch.com/2017/09/20/amazon-is-working-on-smart-glasses-to-house-alexa-ai-says-ft/

Also at Reuters and USA Today.


Original Submission

Read more of this story at SoylentNews.

03:38

Errant Equifax tweet sends breach victims to site flagged for phishing The Hill: Technology Policy

Beleaguered credit agency Equifax tweeted a link to a would-be phishing site to a victim of its massive breach rather than the breach information site it intended.The exchange happened Monday evening when a current customer of Equifax's credit...

03:38

Hacker Can Steal Data from Air-Gapped Computers Using IR CCTV Cameras The Hacker News

Air-gapped computers that are isolated from the Internet and physically separated from local networks are believed to be the most secure computers which are difficult to infiltrate. However, these networks have been a regular target in recent years for researchers, who have been trying to demonstrate every possible attack scenarios that could compromise the security of such isolated networks.

03:31

Spy Tech: Nonlinear Junction Detectors Hackaday

If you ever watch a spy movie, youve doubtlessly seen some nameless tech character sweep a room for bugs using some kind of detector and either declare it clean or find the hidden microphone in the lamp. Of course, as a hacker, you have to start thinking about how that would work. If you had a bug that transmits all the time, thats easy. The lamp probably shouldnt be emitting RF energy all the time, so thats easy to detect and a dead give away. But what if the bug were more sophisticated? Maybe it wakes up every hour and beams its data home. Or perhaps it records to memory and doesnt transmit anything. What then?

High-end bug detectors have another technique they use that claims to be able to find active device junctions. These are called Nonlinear Junction Detectors (NLJD). Spy agencies in the United States, Russian and China have been known to use them and prisons employ them to find cell phones. Their claim to fame is the device doesnt have to be turned on for detection to occur. You can see a video of a commercial NLJD, below

Theory

The idea behind an NLJD is to flood a volume with an RF signal at a particular frequency. Normal insulators and conductors in the area wont alter the signal. However, anything that has a nonlinear response like a diode junction will emit harmonics. They might be at a low level, but if you can detect the harmonics, you can identify these junctions.

Sounds simple, but the RF has to be powerful enough to get there and produce a harmonic you can detect. It also shouldnt be so powerful that you cant localize the volume or extremely that it would damage circuits. The other problem is that any dissimilar metal junction will exhibit nonlinear behavior. So in addition to bugs and cell phones, youll detect rusty nails and similar items.

You can get an overview of how a pro uses an NLJD. It is a little more involved than in the movies. In broad terms, the operator gets an idea of any radio sources in the area first, to try to avoid false positives. Apparently, by looking at the ratio of the second and third harmonics, an experienced operator (or a smart computer) can differentiate between a rusty nail and a real piece of electronic equipment.

Off the Shelf

You can buy NLJDs off the shelf. They arent cheap though. Even on the usual Chinese import sites, the good-looking models run about $10,000. The more mainstream versions all want you to ask for the price and we...

03:16

Mark Kokes, the Man Behind BlackBerrys Patent Aggression, Leaves the Company Techrights

Hell be biking his scooter somewhere else

Mark Kokes

Summary: The man behind the patent troll-like behaviour of BlackBerry is leaving

DURING the weekend we wrote about BlackBerry becoming more like a patent troll. It was far from the first time we dabbled in this subject; we had been covering that for years.

BlackBerrys patent deal was still in the news on Monday, e.g. [1, 2, 3, 4, 5, 6]. This non-story (press release) simply refused to die.

But then, the following day, IAM said that the man behind this strategy was leaving. To quote:

Mark Kokes has left BlackBerry and is no longer its senior vice president of intellectual property, licensing & standards, IAM has learned. In a sudden move, Kokes departed in mid-August and is not thought to have taken another position. For its part, BlackBerry does not seem to have appointed a direct replacement. In a recent press release announcing that Timex had entered into a patent-based agreement with the company, reaction from BlackBerry came from senior director of intellectual property licensing, Jerald Gnuschke.

Kokes is the third big name corporate IP departure in the space of just a month, following Allen Los move from Google to Faceboo...

02:57

WordPress Demonstrates That Facebooks Patent Strategy is Deterring/Alienating Developers Techrights

Yeah, Im going to fuck them in the ear

Mark Zuckerberg, President and Founder of Facebook (source)

Summary: React is being dumped following Facebooks attempt to restrict distribution/derivatives using software patents

HAVING spent years covering Facebooks patent strategy, we recently came to see its troubling licensing issue resurfacing again in the media (its actually fairly old news, but Apaches intervention brought that back from the dead). Theres a lot more about it in our daily links; we considered that mostly a software issue rather than a patents issue.

This week, however, things got a little hotter for Facebook because one of the main project that disseminated React said that it would cease doing that. In a sense, Facebook is killing its own projects/products with software patents. The subject was covered not only by WordPress and its founder but also by technical media yesterday and the day before that.

As US media put it:

Facebook is in the middle of a fraught battle. No, its not over the pernicious tide of fake news surging onto our newsfeeds, nor is it about privacy issues on the platform. Rather, it pertains to how the social media giant deals with the open source community, the code it releases to the world, and one cool piece of software called React.

Put simply, React is a JavaScript library that makes it easier for developers to write sophisticated front-ends. It was built by an engineer at Facebook, and in 2013, Facebook released it to the developer community under an open-source license. This isnt unusual; tech companies release open source software all the time.

Facebook used a license derived from the popular BSD license, which is used by other popular open source projects. But heres the problem: Facebook also threw in a few other clauses, which many developers and companies are finding to be problematic.

British media put it like this:

...

02:52

China Upgrading Milky Way 2 Supercomputer to 95 Petaflops Lifeboat News: The Blog

We have some breaking news from the IHPC Forum in Guangzhou today. Researchers in China are busy upgrading the MilkyWay 2 (Tianhe-2) system to nearly 95 Petaflops (peak). This should nearly double the performance of the system, which is currently ranked at #2 on TOP500 with 33.86 Petaflops on the Linpack benchmark. The upgraded system, dubbed Tianhe 2A, should be completed in the coming months.

Details about the system upgrade were presented at the conference opening session. While the current system derives much of its performance from Intel Knights Corner co-processors, the new system swaps these PCI devices out for custom-made 4-way MATRIX-200o boards, with each chip providing 2.46 Teraflops of peak performance.

02:49

[$] Linking commits to reviews LWN.net

In a talk in the refereed track of the 2017 Linux Plumbers Conference, Alexandre Courouble presented the email2git tool that links kernel commits to their review discussion on the mailing lists. Email2git is a plugin for cregit, which implements token-level history for a Git repository; we covered a talk on cregit just over one year ago. Email2git combines cregit with Patchwork to link the commit to a patch and its discussion threads from any of the mailing lists that are scanned by patchwork.kernel.org. The result is a way to easily find the discussion that led to a piece of codeor even just a tokenchanging in the kernel source tree.

02:38

Apple CEO: DACA is 'the biggest issue of our time' The Hill: Technology Policy

Apple CEO Tim Cook on Wednesday urged for government action to protect undocumented immigrants brought to the U.S. as children, calling their plight the biggest issue of our time.These people, if you havent met them at Apple we have...

02:36

Transfer Photos to Your New iPhone? Quickly Make a Backup Without iCloud TechWorm

Want to back up your iPhone images/videos and files without Apple iCloud/iTunes account, here is a quick way to do it!

Apple has finally announced its new iPhones. As always, many people will upgrade their old iPhone to new iPhone 8 or iPhone X, or buy an iPhone 7 at a favorable price. Some Android users possibly grab a new iPhone to try out a different mobile OS as well. After getting a new phone, the first thing should be transferring files from the old one to it. Besides contacts, photos are believed to be what we need most. Well, how can we transfer photos to our new iPhone?

iCloud is a feasible way. Turn on My Photo Stream, sign in the same Apple ID on both old and new iPhones, and then you should get access to photos of old iPhone on your new iPhone. However, 5GB free storage isnt enough for almost all users to backup all old iPhone photos. Besides, this method isnt suited for those switching from non-Apple users. Luckily, theres another option WinX MediaTrans which can transfer selective or all photos to new iPhone from old iPhone and Android devices without Apple ID.

Want to back up your iPhone images/videos and files without Apple iCloud/iTunes account, here is a quick way to do it!

6 Reasons to Choose WinX MediaTrans to Transfer Photos to New iPhone

WinX MediaTrans is a well-received iTunes alternative for Windows, capable of managing and transferring photos, videos, music, e-books, voice memos, ringtones, podcasts, and more files, and unlocking iTunes purchases. It is available to transfer photos from (old) iPhone to PC and copy pictures from PC to (new) iPhone, in a simple and fast way. Below are a few reasons for why choose WinX MediaTrans as your preferred photo transfer option.

...

02:34

Counterintelligence for Cyber Defence Stories by the grugq on Medium

Intelligence analysis enables better defences against threat actors

Counter intelligence analysis provides a framework both for understanding threat actors and also for conceptualising cyber defence. The fundamentals of counterintelligence threat analysis are familiar from law enforcement themed media (cop shows):

Means, motive, and opportunity

In intelligence parlance the terms used are:

  • Capability
  • Intent
  • Opportunity

These are the foundational characteristics of a threat actor that a counterintelligence analyst considers when developing a defence. Theyre valid for cyber security threats of course, but where things get interesting is using the framework to model defence techniques. That is, how does a given defence technique impact the threat actors fundamentals? For example, hardening systems (such as ASLR) are essentially a capability defence, and those rapidly devolve into an arms race. An air gap is an opportunity based defence, which can be extremely robust due to the offence costs imposed on the threat actor.

Cybersecurity same thing

These fundamental aspects of threat actors provide paradigms through which cyber defence techniques can be assessed.

  • What element of a threat actor does this defence address?
  • How will they respond?
  • Does it provide a good ratio of defender investment to reduced threat actor capacity?

Conducting this type of intelligence analysis can reveal attacker weaknesses that defenders can, and should, exploit.

There are three potential vectors on which to battle an adversary in cyberspace:

  • Opportunity reduce attack surface, segment and air gap networks
  • Capability build secure systems, engage in an arms race
  • Intent reduce the value of compromising the target for an attacker

Countering the reason for the attackthe motivation driving the threat actoris a powerful defence with a better chance of success than engaging in an expensive arms races against attackers capabilities.

The intent of the threat actor is the primary factor which generates intrinsic vulnerabilities. Attackers are all attempting to achieve mission success (exfiltrating data, monetizing access, defacing a website etc.) without getting caught, and as quickly and quietly as possible. Mission success occurs as soon as the the threat actor achieves their intent. Defeat their intent and they are denied the ability to achieve mission success.

Threat Actors are Motivated and Constrained

Considering cybersecurity it is worth remembering a couple important points:...

02:31

Huge Names Confirm Their Supercon Appearances Hackaday

Were excited to announce the next batch of speakers for the 2017 Hackaday Superconference.

We are especially pleased to welcome Michael Ossmann as a speaker. He presented an RF design workshop at the 2014 Superconference which was sold out, standing room only, and still turned away dozens of people before becoming a hit on the Internet. This year he takes the stage with colleague Dominic Spill as they focus on infrared communications and the uses and abuses of such.

Dr. Christal Gordon threw down an incredible talk on biologically inspired sensors last year and we suspect she will outdo herself this year. Her talk will cover the fanciest of cutting-edge sensors and the trade-offs of selecting the new hotness for your designs. Coming out of this you will know when to go with a suite of tried and true components and when to make the leap to new tech.

Several of this years Hackaday Prize Judges will be on hand and presenting talks. In addition to Christal Gordon and Danielle Applestone (announced as a speaker last week), were thrilled to have Anouk Wipprecht internationally known for her work in fashion and engineering, pushing the boundaries of how technology can interface with humans as a speaker. Nadya Peek from the Center for Bits and Atoms wh...

02:19

A Fleet of Sail-driven Asteroid Probes Centauri Dreams

One of the great values of the Kepler mission has been its ability to produce a statistical sample that we can use to analyze the distribution of planets. The population of asteroids in our own Solar System doubtless deserves the same treatment, given its importance in future asteroid mining as well as planetary protection. But when it comes to main belt asteroids, were able to look up close, even though the number of actual missions thus far has been small.

Thus its heartening to see Pekka Janhunen (Finnish Meteorological Institute), long a champion of intriguing electric sail concepts, looking into how we might produce just such an asteroid sampling through a fleet of small spacecraft.

Asteroids are very diverse and, to date, weve only seen a small number at close range. To understand them better, we need to study a large number in situ. The only way to do this affordably is by using small spacecraft, says Janhunen.

The concept weds electric sails riding the solar wind with a fleet of 50 small spacecraft, the intent being that each should visit six or seven asteroids, collecting spectroscopic data on their composition and taking images. Dr. Janhunen presented the idea at the European Planetary Science Congress (EPSC) 2017 in Riga on Tuesday September 19.

Image: The single-tether E-sail spacecraft. Credit: Janhunen et al.

Electric sails ride the solar wind, that stream of charged particles that flows constantly out of the Sun. While solar sails take advantage of the momentum imparted by photons on the sail, and beamed energy sails are driven by microwave or laser emissions, electric sails use the solar winds charged particles to generate all the propulsion they need without propellant. What Janhunen envisions is a tether attached to one end of a spacecraft, to which is attached an electron emitter and a high-voltage source, all connected to a remote unit at the other end.

The tether makes a complete rotation every 50 minutes, creating a shallow cone around a center of mass close to the primary spacecraft. Each small craft can change its orientation to the solar wind, and thereby alter its thrust and direction. Janhunens presentation at the EPSC made the case that a 5 kg spacecraft with a 20 kilometer tether could accelerate at 1 millimeter per second squared at the Earths distance from the Sun. Coupled with the boost provided by the launch itself, this is enough to complete a tour through the asteroid belt and return with...

02:12

How AI can Help Reduce the Cost of Drug Discovery Lifeboat News: The Blog

The cost of drug discovery and subsequent development is a massive challenge in the pharmaceutical industry. A typical drug can cost upwards of $2.5 billion and a decade or more to identify and test a new drug candidate[1].

These costs have been increasing steadily over the years, and pharmaceutical manufacturers are constantly seeking ways to improve efficiency to save time and money and speed up research progress.

Automation in the lab is one example; tasks that were traditionally carried out by technicians can now be done by machines. Increasingly sophisticated assays to detect new drug candidates have also helped to slash development time. Now a new ally has arrived to aid drug development artificial intelligence and a powerful ally it is.

02:10

GNOME Foundation partners with Purism to support its efforts to build the Librem 5 smartphone LWN.net

Last week KDE announced that they were working with Purism on the Librem 5 smartphone. The GNOME Foundation has also provided its endorsement and support of Purisms efforts to build the Librem 5. "As part of the collaboration, if the campaign is successful the GNOME Foundation plans to enhance GNOME shell and general performance of the system with Purism to enable features on the Librem 5. Various GNOME technologies are used extensively in embedded devices today, and GNOME developers have experienced some of the challenges that face mobile computing specifically with the Nokia 770, N800 and N900, the One Laptop Per Child projects XO laptop and FICs Neo1973 mobile phone."

02:09

Uber: We Don't Have to Pay Drivers Based on Rider Fares SoylentNews

Submitted via IRC for SoyCow1937

Uber is fighting a proposed class-action lawsuit that says it secretly over charges riders and under pays drivers. In its defense, the ride-hailing service claims that nobody is being defrauded in its "upfront" rider fare pricing model.

The fares charged to riders don't have to match up with the fares paid to drivers, Uber said, because that's what a driver's "agreement" allows.

"Plaintiff's allegations are premised on the notion that, once Uber implemented Upfront Pricing for riders, it was required under the terms of the Agreement to change how the Fare was calculated for Drivers," Uber said (PDF) in a recent court filing seeking to have the class-action tossed. "This conclusion rests on a misinterpretation of the Agreement."

The suit claims that, when a rider uses Uber's app to hail a ride, the fare the app immediately shows the passenger is based on a slower and longer route compared to the one displayed to the driver. The rider pays the higher fee, and the driver's commission is paid from the cheaper, faster route, according to the lawsuit.

Uber claims the disparity between rider and driver fares "was hardly a secret."

"Drivers," Uber told a federal judge, "could have simply asked a User how much he or she paid for the trip to learn of any discrepancy."

Source: https://arstechnica.com/tech-policy/2017/09/uber-driver-pay-plan-puts-a-significant-risk-on-ride-hailing-service/


Original Submission

Read more of this story at SoylentNews.

01:56

Trump Facebook ads reassure supporters he will build border wall The Hill: Technology Policy

President Trump is using targeted Facebook ads to assure supporters he will build a wall on the U.S. border with Mexico, reports BuzzFeed News."There's been a lot of noise and a lot of rumors," reads the ad from Trump's personal Facebook...

01:55

Wine Staging 2.17 Released With More Direct3D 11 Functionality Phoronix

Wine Staging 2.17 is now available as the latest experimental/testing build of Wine with various patches added in...

01:47

An intro to machine learning (Opensource.com) LWN.net

Ulrich Drepper, once again an engineer at Red Hat, writes about machine learning on opensource.com. "Machine learning and artificial intelligence (ML/AI) mean different things to different people, but the newest approaches have one thing in common: They are based on the idea that a program's output should be created mostly automatically from a high-dimensional and possibly huge dataset, with minimal or no intervention or guidance from a human. Open source tools are used in a variety of machine learning and artificial intelligence projects. In this article, I'll provide an overview of the state of machine learning today."

01:43

Security updates for Wednesday LWN.net

Security updates have been issued by CentOS (emacs), Debian (apache2, gdk-pixbuf, and pyjwt), Fedora (autotrace, converseen, dmtx-utils, drawtiming, emacs, gtatool, imageinfo, ImageMagick, inkscape, jasper, k3d, kxstitch, libwpd, mingw-libzip, perl-Image-SubImageFind, pfstools, php-pecl-imagick, psiconv, q, rawtherapee, ripright, rss-glx, rubygem-rmagick, synfig, synfigstudio, techne, vdr-scraper2vdr, vips, and WindowMaker), Oracle (emacs and kernel), Red Hat (emacs and kernel), Scientific Linux (emacs), SUSE (emacs), and Ubuntu (apache2).

01:35

Comparing Employee Advocacy Apps: Smarp vs. Dynamic Signal TechWorm

Smarp vs. Dynamic Signal: Here is a comparison between the two Employee Advocacy Apps

Do you want to improve your company culture while also getting help from employees to share your content? Choose the best employee advocacy tool for your companys needs, and youll unlock better engagement, both within your office and with the general public.

Work occupies a major chunk of your employees lives. They spend about a third of their days working, and the vast majority are likely satisfied with their jobs. As it is a major part of their lives, theyre bound to chat about work both online and offline. Some 50% of employees already share content about their employers online. People will always be on the lookout for quality content to share.

Therefore, it is important for companies to equip employees with the right information and resources. Employees can share information while having offline conversations and on social media.

An informed employee will share the latest and best information about your company. This helps to create a positive brand reputation and drive traffic to your website, as employees can increase reach tenfold.

The best way to keep employees informed and spreading the good word is with an employee advocacy platform. Choosing the right platform can be hard, though, as there are so many options available. Two of the options you cant go wrong with are Smarp and Dynamic Signal. Both have their strengths and weaknesses. I have compared them side by side in this article to help you select the right one for your companys situation.

The Pros and Cons of Using Smarp

Smarp is a well-rounded employee advocacy tool. It has all the features you need to encourage employees to share content on social media, to measure impact and to collaborate and inform one another regarding projects.

The Pros and Cons of Using SmarpOne of the biggest advantages of using Smarp is that it is so easy to post content. You c...

01:31

AT&T CEO: Failure to pass tax reform would be 'bad indictment' for GOP The Hill: Technology Policy

AT&T CEO Randall Stephenson said Wednesday it would be a "bad indictment" of Republicans' effectiveness if they cant enact tax reform while controlling both chambers of Congress and the White House I absolutely believe, and I...

01:31

Seriously, Is It That Easy To Skim Cards? Hackaday

Weve all heard of card skimmers, nefarious devices that steal the identity of credit and debit cards, attached to ATMs and other machines in which unsuspecting consumers use them. Often they have relied on physical extraction of data from the card itself, such as by inserting a magnetic stripe reader in a fake ATM fascia, or by using a hidden camera to catch a picture of both card and user PIN entry.

The folks at Sparkfun write about an approach they received from a law enforcement agency bearing a selection of card skimmer devices that had been installed in gasoline pumps. These didnt rely on interception of the card itself, instead they sat as a man-in-the-middle attack in the serial line between the card reader unit and the pump electronics. Let that sink in for a minute: a serial line that is readily accessible to anyone with the pump manufacturers standard key, carries card data in an unencrypted form. The owner of the skimming device is the criminal, but the company leaving such a wide-open vulnerability should really be joining them in having to answer to authorities.

...

01:30

Can you please help someone in dire straights? Antarctica Starts Here.

Reece Markowsky is a friend and colleague of mine from work who lives and works in British Columbia.  Late last week he received word that his brother passed away after a protracted period of hospitalization.  As one might imagine he's devastated by this.  Unfortunately his sister-in-law Shari is now a single mother of two young boys who is now on a single income, trying to pay for the funeral, and trying to get by until she can find a job.  Reece has started a crowdfunding campaign on her behalf.

If you can spare it, would you please donate to their Gofundme campaign to help the family get back on their feet?  If not, could you please spread the word?

Thank you in advance.

01:24

Redox OS 0.3.3 Released, Lowers RAM Usage Phoronix

The Rust-written Redox operating system is out with a new feature release...

01:20

Setting the standard for a blockchain protocol for IoT Help Net Security

A wide range of blockchain technology companies and enterprises like Cisco, Gemalto and Bosch have launched the Trusted IoT Alliance, an initiative that aims to bring companies together to develop and set the standard for an open source blockchain protocol to support IoT technology in major industries worldwide. No doubt, the volume of data exchanged between devices will grow dramatically as IoT device deployments continue to expand. We are already seeing the emergence of M2M More

01:14

Stable kernels 4.13.3, 4.12.14, and 4.9.51 LWN.net

The 4.13.3, 4.12.14, and 4.9.51 stable kernels have been released; each contains another set of important fixes. Note that this is the final update for the 4.12.x series.

01:10

GNOME Joins The Librem 5 Party, Still Needs To Raise One Million More Dollars Phoronix

One week after announcing KDE cooperation on the proposed Librem 5 smartphone with plans to get Plasma Mobile on the device if successful, the GNOME Foundation has sent out their official endorsement of Purism's smartphone dream...

00:55

Dip update 87/n wherestheflux

[Orig: Sept 20, 2017]
Hi everyone,
Below are the latest TFN and OGG measurements from LCO.  
Have a great day!
~Tabby and team
PS: These observations are happening because of the wonderful backers of our 2016 Kickstarter project. The Kickstarter campaign has ended, but we are still accepting donations to purchase additional observing time on the LCO 0.4m network. Thanks in advance for your support!      

00:55

The evolving nature of the CISO role Help Net Security

As IT security increasingly becomes a priority, CISOs influence within companies is growing. However, security strategy in many organizations is still largely reactive and not yet aligned with business functions. Conducted by the Ponemon Institute, the findings are based on interviews with senior-level IT security professionals at 184 companies in seven countries: The United States, the United Kingdom, Germany, Brazil, Mexico, India, and China. Its clear CISOs are making progress in how they drive the More

00:52

How do you grow bone in a lab? Good vibrations Lifeboat News: The Blog

A team from the Universities of Glasgow, Strathclyde, the West of Scotland and Galway have created a device that sends nano vibrations across mesenchymal stem cells suspended in a collagen gel.

The authors of the paper, published in the Nature Biomedical Engineering journal, found that these tiny vibrations turn the cells into a 3D model of mineralised bone putty. This putty isnt quite as hard as bone at this stage. Thats where the body comes in.

We add the bone putty to an anatomically correct, rigid living scaffold, that we made by 3D printing collagen, says Matthew Dalby, professor of cell engineering at the University of Glasgow, and one of the lead authors of the paper. We put lots of cells in the body so it has a chance to integrate this new bone. We tell the cells what to do in the lab, then the body can act as a bioreactor to do the rest.


Scientists have grown living bone in the lab by sending vibrations through stem cells. It could help amputees and people with osteoporosis.

00:52

Are We Killing Ourselves With Antioxidants? Lifeboat News: The Blog

Summary: The mitochondrial free radical theory of aging says that if we consume antioxidant supplements, we can repair the damage caused by free radicals. However, this recommendation is contradicted by a large body of evidence which shows that antioxidant supplements are often harmful. Researchers are discovering more effective ways to improve health by clearing our mitochondrial damage caused by free radicals.

Are you killing yourself in a bid to live a longer healthier life?

A growing body of evidence shows that if you take antioxidant supplements, and you are otherwise healthy, then you are wasting your money, and damaging your liver and nervous system.

00:38

Amazon 'reviewing' its site after report found suggestions of bomb ingredients The Hill: Technology Policy

Amazon said it will review its website after a British news report found that the companys algorithms have been recommending combinations of items that can be used to make bombs.An investigation by the United Kingdom's Channel 4 News found that the...

00:36

Washington DC Braces for Net Neutrality Protests Later This Month SoylentNews

Submitted via IRC for SoyCow1937

Net neutrality advocates are planning two days of protest in Washington DC this month as they fight off plans to defang regulations meant to protect an open internet.

A coalition of activists, consumer groups and writers are calling on supporters to attend the next meeting of the Federal Communications Commission on 26 September in DC. The next day, the protest will move to Capitol Hill, where people will meet legislators to express their concerns about an FCC proposal to rewrite the rules governing the internet.

The FCC has received 22 million comments on "Restoring Internet Freedom", the regulator's proposal to dismantle net neutrality rules put in place in 2015. Opponents argue the rule changes, proposed by the FCC's Republican chairman Ajit Pai, will pave the way for a tiered internet where internet service providers (ISPs) will be free to pick and choose winners online by giving higher speeds to those they favor, or those willing or able to pay more.

The regulator has yet to process the comments, and is reviewing its proposals before a vote expected later this year.

Source: https://www.theguardian.com/technology/2017/sep/15/washington-dc-net-neutrality-protests-restoring-internet-freedom


Original Submission

Read more of this story at SoylentNews.

00:32

Insanely Concentrated Wealth Is Strangling Our Prosperity Lifeboat News: The Blog

Just like the game of Monopoly, which was created to illustrate the operation of laissez faire capitalism, there is always one big winner at the end of the game.

Wealth concentration drives a vicious, downward cycle, throttling the very engine of wealth creation itself.

Because: people with lots of money dont spend it. They just sit on it, like Smaug in his cave. The more money you have, the less of it you spend every year. If you have $10,000, you might spend it this year. If you have $10 million, youre not gonna. If you have $1,000, youre at least somewhat likely to spend it this month.


These people could spend $20 million every year and theyd still just keep getting richer, forever, even if they did absolutely nothing except choose some index funds, watch their balances grow, and shop for a new yacht for their eight-year-old.

If youre thinking that they deserve all that wealth, and all that income just for owning stuff, because theyre makers, think again: between 50% and 70% of U.S. household wealth is earned the old-fashioned way (cue John Houseman voice): its inherited.

The bottom 90% of Americans arent even visible on this chart and its a very tall chart. The scale of wealth inequality in America today makes our crazy levels of income inequality (which have also expanded vastly) look like a Marxist utopia.

00:31

The Narrowing Gap Between Amateur and Professional Fabrication Hackaday

The other day I saw a plastic part that was so beautiful that I had to look twice to realize it hadnt been cast and no, it didnt come out of a Stratysys or anything, just a 3D printer that probably cost $1,500. It struck me that someone who had paid an artisan to make a mold and cast that part might end up spending the same amount as that 3D printer. It also struck me that the little guys are starting to catch up with the big guys.

Haz Bridgeport, Will Mill

Sometimes its just a matter of getting a hold of the equipment. If you need a Bridgeport mill for your project, and you dont have one, you have to pay for someone else to make the thing no matter how simple. Youre paying for the operators education and expertise, as well as helping pay for the maintenance and support of the hardware and the shop its housed in.

I once worked in a packaging shop, and around 2004 we got in a prototype to use in developing the product box. This prototype was 3D printed and I was told it cost $12,000 to make. For the era it was mind blowing. The part itself was simplistic and few folks on Thingiverse circa 2017 would be impressed; the print quality was roughly on par with a Makerbot Cupcake. But because the company didnt have a 3D printer, they had to pay someone who owned one a ton of cash to make the thing they wanted.

Unparalleled Access to Formerly Professional-Only Tools

But access to high end tools has never been easier. Hackerspaces and tool libraries alone have revolutionized what it means to have access to those machines. There are four or five Bridgeports (or similar vertical mills) at my hackerspace and I believe they were all donated. For the cost of membership, plus the time to get trained in and checked out, you can mill that part for cheap. Repeat with above-average 3D printers, CNC mills, vinyl cutters, lasers. The spaces South Bend lathe (pictured) is another example of the stuff most people dont have in their basement shops. This group ownership model may not necessarily grant you the same gear as the pros, but sometimes its pretty close.

Being too afraid to use an expensive and unfamiliar tool is a stumbling block for a lot of people. But I dont need to tell you that hackerspaces are a motherlode of knowledge. Find those subject matter experts the machine shop ninja, the person with the cleanest welds, the dude whose PLA prints always look great. When that falls short, we have a resource our ancestors did not: the Internet. YouTube alone has revolutionized getting trained in on tools. People go to trade school to learn how to operate big expensive machines, but you can learn what to do for free.

Just Send it Out

...

00:30

Orcabox LEB Execlusive Offer: 1GB KVM VPS from $3/month! Low End Box

Hello all! We have a couple of interesting offers from a new-to-LowEndBox provider, Orcabox a brand from Aracanum Services LLC. Theyre a registered company in the USA (L16000098249 FEI/EIN Number 81-2741033 State: FL), their WHOIS is public, and you can find their ToS/Legal docs here. They accept PayPal, Bitcoin, and XMR as methods of payment.

A note from the company: 

We are specialists in vps hosting, our company aims to provide highly reliable services at affordable rates. We have been offering VPS/Dedicated hosting since 2016 and Orcabox is our new brand for KVM Services and we would like to offer a special exclusive for LEB Readers. 

The offers: 

Super
2 Xeon 1270v6 vCPU
1 GB RAM
20 GB SSD (RAID1)
2 TB Bandwidth
1 IPv4
20Gbps in-house DDoS Protection
KVM/Virtualizor
24/7 Online Support
Coupon: LEB50
Price after applying coupon: $3/month

Predator
3 Xeon 1270v6 vCPU
3 GB RAM
50 GB SSD (RAID1)
5 TB Bandwidth
1 IPv4
20Gbps in-house DDoS Protection
KVM/Virtualizor
24/7 Online Support
Coupon: LEB50
Price after coupon: $7.5/month

NETWORK INFO:

Datacenter Name Location: Clouvider London, UK
Test IPv4: 185.198.190.33
Test file: https://lg.orcabox.com/static/100MB.test
Looking glass: https://lg.orcabox.com/
-
Node Specifications.
Intel Xeon E3-1270v6 CPU
64GB RAM
MIN of 2x 512GB SSDs
Software RAID1
1Gbps uplink

00:29

Encrypted Fitbit data can be intercepted and manipulated, claim researchers TechWorm

Fitbit fitness trackers vulnerable to data theft

All those health freaks wearing Fitbit fitness bands BEWARE, as vulnerabilities in your device that track heart rate, steps taken and calories burned could enable a hacker to steal your personal information and data.

To prove this point, a team at the University of Edinburgh carried out a detailed security investigation of two popular models of wearable fitness trackers, Fitbit One and Fitbit Flex, made by Fitbit.

Fitbit secures its devices with end-to-end encryption. However, when Fitbit One and Fitbit Flex were modified to bypass encryption system, the researchers were able to gain access to stored information proving that these devices provided no protection against the hack. In other words, such an access could allow illegal sharing of personal data with third parties such as marketing agencies and online retailers. Also, it will allow fraudsters to create fake activity records by manipulating the data in order to obtain cheaper insurance policies with lower premiums.

Researchers notified Fitbit, who has since updated its software to fix the vulnerabilities to improve the privacy and security of its devices.

We are always looking for ways to strengthen the security of our devices, and in the upcoming days will start rolling out updates that improve device security, including ensuring encrypted communications for trackers launched prior to Surge [summer 2016], the company said in a statement.

The trust of our customers is paramount and we carefully design security measures for new products, continuously monitor for new threats, and diligently respond to identified issues.

Dr Paul Patras, of the University of Edinburghs School of Informatics, who took part in the study, said: Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development. We welcome Fitbits receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services.

The findings will be presented at the International Symposium on Research in Attacks (RAID) on 18-20 September. The research was carried out in collaboration with Technische Universitat Darmstadt, Germany, and the University of Padua, Italy. The Edinburgh researchers were part-funded by the Scottish Informatics and Computer Science Alliance.

Source: EurekAlert

The post Encrypted Fitbit data can be intercepted and manipulated, claim researchers appeared first on...

00:00

Linux Weather Forecast

Welcome to the Linux Weather Forecast

This page is an attempt to track ongoing developments in the Linux development community that have a good chance of appearing in a mainline kernel and/or major distributions sometime in the near future. Your "chief meteorologist" is Jonathan Corbet, Executive Editor at LWN.net. If you have suggestions on improving the forecast (and particularly if you have a project or patchset that you think should be tracked), please add your comments below. 

00:00

The three least effective enterprise security measures Help Net Security

Fifty-nine percent of respondents to a Bitglass survey at Black Hat USA 2017 identified phishing as the best data exfiltration strategy, as human error and ignorance will always be exploitable. Understandably, and in line with recent cyberattacks, malware and ransomware ranked second, at nearly 27 percent. Least effective enterprise security measures Hackers also pointed out the three least effective enterprise security measures: password protection, facial recognition and access controls. Phishing and malware are threats made More

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Wednesday, 20 September

23:54

Hurricane Maria: Direct Hit Puerto Rico cryptogon.com

Via: Weather.com: Metal roofs were flying off buildings and windows were breaking in San Juan, Puerto Rico even before Hurricane Maria made landfall as a Category 4 storm on the islands southeastern coast early Wednesday morning. According to the Associated Press, nearly 900,000 people were already without power as the storm approached.

23:35

Optionsbleed vulnerability can cause Apache servers to leak memory data Security Affairs

The vulnerability Optionsbleed in Apache HTTP Server that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests.

The freelance journalist and security researcher Hanno Bck discovered a vulnerability, dubbed Optionsbleed. in Apache HTTP Server (httpd) that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests.

Bck was analyzing HTTP methods when he noticed that requests with the OPTIONS method, which is normally used by a client to ask a server which HTTP methods it supports, were returning apparently corrupted data via the Allow header instead of the list of supported HTTP methods (e.g. Allow: GET, POST, OPTIONS, HEAD). However, some of the responses to the researchers requests looked like this:

Below an example of the response obtained by Bck:

Allow: POST,OPTIONS,,HEAD,:09:44 GMT
Allow: GET,HEAD,OPTIONS,,HEAD,,HEAD,,HEAD,, HEAD,,HEAD,,HEAD,,HEAD,POST,,HEAD,, HEAD,!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
Allow: GET,HEAD,OPTIONS,=write HTTP/1.0,HEAD,,HEAD,POST,,HEAD,TRACE

Apache leaked server memory due to a use-after-free bug tracked as CVE-2017-9798.

optionsbleed

Respect other flaws bleeding memory contents like Heartbleed, the Optionsbleed vulnerability is less severe because in order to be exploited the targeted system needs to be configured in a certain way, and anyway the response doesnt always contain other data.

Security firm Sophos published a detailed analysis of the vulnerability.

The expert tested the Optionsbleed flaw in the Alexa Top 1 Million websites and received corrupted Allow headers from only 466 of them.

With the support of the Apache developer Jacob Champion, Bck verified that the Optionsbleed vulnerability only affects specific configurations. Bck has released a proof-of-concept (PoC) script for Optionsbleed.

...

23:30

uniprof: Transparent Unikernel for Performance Profiling and Debugging

Title: 
uniprof: Transparent Unikernel for Performance Profiling and Debugging

23:30

Number of lost, stolen or compromised records increased by 164% Help Net Security

According to Gemaltos Breach Level Index, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017. Compared to the last six months of 2016, the number of lost, stolen or compromised records increased by 164%. A large portion came from the 22 largest data breaches, each involving more than one million compromised records. Of the 918 data breaches more than 500 (59% of all breaches) had an More

23:30

AI to Help Power Grids Resist Disruptions IEEE Spectrum Recent Content full text

A new project explores how artificial intelligence could help power grids anticipate and recover from natural disasters Photo-illustration: John Lund/Getty Images

<>

The U.S. Department of Energy will explore whether artificial intelligence could help electric grids handle power fluctuations, avoid failures, resist damage, and recover faster from major storms, cyberattacks, solar flares and other disruptions.

A new project, called GRIP, for Grid Resilience and Intelligence Project, was awarded up to $6 million over three years on September 12 by the U.S. Department of Energy. GRIP is the first project to use artificial intelligence (AI) to help power grids deal with disturbances, says Sila Kiliccote, GRIP's principal investigator and director of the Grid Integration, Systems and Mobility lab at the SLAC National Accelerator Laboratory in Menlo Park, Calif.

GRIP will develop algorithms to learn how power grids work by analyzing smart meter data, utility-scale SCADA (supervisory control and data acquisition) data, electric vehicle charging data, and even satellite and street-view imagery.

"By looking at satellite and street-view imagery, we can see where vegetation is growing with respect to power lines, how long it takes to grow, and anticipate what the effects of high winds might have on that vegetation, such as pulling trees onto power lines during storms," Kiliccote says.

The aim with GRIP is to address three different kinds of problems. "First we need to anticipate and get in front of grid events," Kiliccote says. "Next we'd like to minimize the effects of grid events when they do happen. Finally, after the event ends, we'd want to bring systems back as quickly as possible."

GRIP's first year is devo...

23:26

Jumping Airgaps The Isoblog.

So this paper operates on the premise that there is a high security installation. Because of that it has an isolated network, and also physical protection, in the form of common cameras with the ubiquitous IR lighting.

Turns out, so the developers of aIR-Jumper, you can code data into flashes of IR camera lights, and you can read input using the security cameras. So after the initial infection (which would have to take an different route) you can talk to your implant using the security features of the isolated network.

23:25

NVIDIA Legacy Linux Drivers Updated With Newer Kernel Support Phoronix

NVIDIA has issued new releases of its two legacy drivers for Linux...

23:00

Apple releases iOS 11 Help Net Security

Starting yesterday, iPhone and iPad customers around the world can update their devices to iOS 11. While the list of new features and improvements is huge, here are some that Help Net Security readers might be interested in: The all-new Files app provides a central place to access and organize files no matter where they are located on iPad or in the cloud with built-in support for iCloud Drive as well as providers, such More

22:57

Call to Action: Write to the European Parliaments Legal Affairs Committee on Upcoming Copyright Law SoylentNews

Rick Falkvinge writes that on October 10th a committee within the European Parliament will vote on future copyright law in Europe. Former MEP (2009-2014), Christian Engstrm, provided a description of how to provide feedback to the European Parliament. Polite, clear, to the point feedback from EU citizens and residents would be most useful.

In particular, there are two really bad proposals and three really good proposals that warrant special attention, mixed in and buried in all the words. The good propoals are the mandatory freedom of panorama, the freedom to remix, and the freedom for anybody to datamine. The two bad proposals, quite dreadful actually, are to require sites to carry out mandatory upload filtering and a link tax which makes it impossible to link to articles in the legacy media.


Original Submission

Read more of this story at SoylentNews.

22:40

Chrome 62 Beta Released With OpenType Font Variations, DOM Media Capture Phoronix

Google has rolled out their public beta of the upcoming Chrome/Chromium 62 web-browser update...

22:30

Watch the Keynote Videos from Open Source Summit in Los Angeles

If you werent able to attend Open Source Summit North America 2017 in Los Angeles, dont worry! Weve rounded up the following keynote presentations so you can hear from the experts about the growing impact of open source software.

21:30

Knitting ALUs (and Flipdots) Hackaday

[Irene Posch] is big into knitted circuits. And while most of the textile circuits that weve seen are content with simply conducting enough juice to light an LED, [Irene]s sights are set on knittable arithmetic logic units (ALUs). While we usually think of transistors as the fundamental building-blocks of logic circuits, [Irene] has developed what is essentially a knit relay. Be sure to watch the video after the break to see it in construction and in action.

The basic construction is a coil of conductive thread that forms an electromagnet, and a magnetic bead suspended on an axle so that it can turn in response to the field. To create a relay, a flap of knit conductive thread is attached to the bead, which serves as the pole for whats essentially a fabric-based SPDT switch. If youve been following any of our relay-logic posts, youll know that once youve got a relay, the next step to a functioning computer is a lot of repetition.

...

21:23

Science Magazine Interview With European Southern Observatory Chief SoylentNews

http://www.sciencemag.org/news/2017/09/top-astronomer-challenges-building-world-s-largest-telescope-and-what-s-next

Spanish astronomer Xavier Barcons took over the reins this month of the European Southern Observatory (ESO), the world's foremost international astronomy organization. It is currently building the European Extremely Large Telescope (E-ELT), destined to be the world's largest when completed in 2024.

In the 1980s Barcons set up the first x-ray astronomy group in Spain at the University of Cantabria. He is a specialist on active galactic nuclei, superbright galactic cores thought to be caused by giant black holes sucking in and heating up quantities of gas and dust. To study them, he's been heavily involved in European x-ray space telescopes such as XMM-Newton and the forthcoming Athena, due for launch in 2028. Barcons has also worked at the University of Cambridge in the United Kingdom, Spain's Council for Scientific Research, and served as chair of ESO's council from 2012 to 2014.

He joins ESO in a period of high activity as the organization embarks on the E-ELT, its biggest project so far. But a shadow hangs over the 1.1 billion facility: Because of a shortfall in funding, the ESO council has only approved a first phase of construction, which will produce a working telescope but with certain desired components delayed until extra funding can be found. Those components include 210 of the 798 segments that make up the 39-meter main mirror, back-up mirror segments, some lasers for the adaptive optics system, and a few instrument components.

Meanwhile, ESO's current main facility, the Very Large Telescope (VLT) at Cerro Paranal in Chile, continues to be the world's most productive ground-based instrument, and the Atacama Large Millimeter/submillimeter Array (ALMA), a new radio observatory built jointly with North American and East Asian countries, is opening up this previously little-studied window on the universe.

European Southern Observatory
Very Large Telescope
Atacama Large Millimeter Array
Extremely Large Telescope
Giant Magellan Telescope
Thirty Meter Telescope


Original Submission

...

21:19

Viacom left the keys of its digital kingdom on a publicly exposed AWS S3 bucket Security Affairs

The security researcher Chris Vickery discovered that Media giant Viacom left sensitive data and secret access key on unsecured Amazon AWS S3 bucket.

Media giant Viacom left sensitive data and secret access key on unsecured Amazon AWS S3 bucket, a gift for hackers. Viacom controls Paramount Pictures, MTV, Comedy Central and Nickelodeon.

The huge trove of data store was discovered by the popular security researcher Chris Vickery, director of Cyber Risk Research at security shop UpGuard.

The Amazon AWS S3 bucket contained 72 compressed .tgz files in a folder labeled MCS name which appears to be Viacoms Multiplatform Compute Services division that operates IT systems for the firm.

The cloud storage exposed a gigabytes worth of credentials and configuration files for the backend of dozens of Viacom properties.

While Viacom has not confirmed to UpGuard the purpose of this bucket, the contents of the repository appear to be nothing less than either the primary or backup configuration of Viacoms IT infrastructure. The presence of this data in an S3 bucket bearing MCSs name appears to further corroborate the Viacom groups mission of moving its infrastructure onto Amazon Web Services cloud. states Vichery.

The Amazon AWS S3 contained the passwords and manifests for Viacoms servers, as well as the access key and private key for the corporations AWS account. Some of the data was encrypted using GPG, but the disconcerting news is that the bucket also contained the related decryption keys.

While the exposure has since been closed, following UpGuards notification to Viacom, this incident highlights the potentially enormous cost such data leaks can evince upon even the largest and most sophisticated organizations. Exposed in this incident were nothing less than the master controls needed to harness the power of a digital media empire and turn it towards nefarious aims. added Vickery.

The leaked Viacom data is remarkably potent and of great significance, an important reminder that cloud leaks need not be large in disk size to be devastating; when it comes to data exposures, quality can be as vital as quantity, 

...

20:43

First ever crypto-mining Chrome extension discovered Graham Cluley

First ever crypto-mining Chrome extension discovered

A Chrome browser extension, with over 140,000 users, is gobbling up the resources of users' computers by secretly mining for virtual cash.

Read more in my article on the Hot for Security blog.

20:37

The Ten Essentials for Good API Documentation

API documentation is the number one reference for anyone implementing your API, and it can profoundly influence the developer experience. Because it describes what services an application programming interface offers and how to use those services, your documentation will inevitably create an impression about your productfor better or for worse.

20:30

Local Development Environment for Kubernetes using Minikube

Kubernetes can be an ultimate local development environment particularly if you are wrangling with a large number of microservices. In this post, we will cover how you can create a local development workflow using Minikube and tools such as Make to iterate fast without the wait imposed by your continuous integration pipeline. With this workflow, you can code and test changes immediately.

20:30

How AMD EPYC & Intel Xeon Gold Compare To Various Amazon EC2 Cloud Instances Phoronix

Last week we began with our EPYC 7601 Linux benchmarking of this high-end AMD server CPU featuring 32 cores / 64 threads per socket. Earlier this week were also some 10-year old Opteron vs. EPYC benchmarks and power efficiency tests while the latest in our EPYC Linux testing is seeing how the new AMD processor compares to various Amazon EC2 cloud instances.

20:12

Chips Off the Old Block: Computers Are Taking Design Cues From Human Brains Lifeboat News: The Blog

Now, some of the worlds largest tech companies are taking a cue from biology as they respond to these growing demands. They are rethinking the very nature of computers and are building machines that look more like the human brain, where a central brain stem oversees the nervous system and offloads particular tasks like hearing and seeing to the surrounding cortex.


New technologies are testing the limits of computer semiconductors. To deal with that, researchers have gone looking for ideas from nature.

19:50

The Future of Work in Tasmania Paris B-A

Im really excited to be on a panel at the University of Tasmania in a few weeks on The Future of Work in Tasmania! Its a free event, and there are refreshments! Come along! You can learn more, and register, on the UTAS website.

19:50

Architecting the Future with Abstractions and Metadata

Abstractions and metadata are the future of architecture in systems engineering, as they were before in software engineering. In many languages, there are abstractions and metadata; however, systems engineering has never adopted this view. Systems were always thought of as too unique for any standard abstractions. Now that weve standardized the lower-level abstractions, were ready to build new system-level abstractions.

19:50

IBM Simulates Beryllium Hydride Molecule Using a Quantum Computer SoylentNews

https://www.hpcwire.com/2017/09/14/ibm-breaks-ground-complex-quantum-chemistry/

IBM [reported] in Nature Communications the use of a novel algorithm to simulate BeH2 (beryllium-hydride) on a quantum computer. This is the largest molecule so far simulated on a quantum computer. The technique, which used six qubits of a seven-qubit system, is an important step forward and may suggest an approach to simulating ever larger molecules.

"Instead of forcing previously known classical computing methods onto quantum hardware, the scientists reversed the approach by building an algorithm suited to the capability of the current available quantum devices. This allows for extracting the maximal quantum computational power to solve problems that grow exponentially more difficult for classical computers," according to the IBM announcement.

[...] Today, simulating even small molecules with the needed accuracy to predict energy states and reactivity is hard. IBM performed the numerical simulation on H2, LiH, and BeH2. "While this model of BeH2 can be simulated on a classical computer, IBM's approach has the potential to scale towards investigating larger molecules that would traditionally be seen to be beyond the scope of classical computational methods, as more powerful quantum systems get built," noted IBM.

Beryllium hydride

Hardware-efficient variational quantum eigensolver for small molecules and quantum magnets (DOI: 10.1038/nature23879) (DX)


Original Submission

Read more of this story at SoylentNews.

19:37

aIR-Jumper A malware exfiltrates data via security cameras and infrared Security Affairs

Researchers at the Ben-Gurion University developed a PoC malware dubbed aIR-Jumper that uses security cameras with Infrared capabilities to exfiltrate data.

The team of researchers at the Ben-Gurion University of the Negev in Israel composed of Mordechai Guri, Dima Bykhovsky, Yuval Elovici developed a PoC malware that leverages security cameras with Infrared capabilities to steal data.

The security cameras are used as a covert channel for data exfiltration and to send commands to the malicious code.

Modern surveillance and security cameras are equipped with infrared LEDs for night vision, experts decided to exploit them because infrared light is imperceptible to the human eye making impossible for users to discover the data transmission through led blinking.

The same research team has devised numerous techniques to exfiltrate data from air-gapped networks across the years, including DiskFiltration, AirHopperBitWhisperLED-it-GoSPEAKE(a)RUSBee, Fansmitter, xLED.

The current research project dubbed aIR-Jumper, leverage on a malicious code that must be installed on the target computers which enables the attackers to control it with security surveillance cameras/software, or on a computer in the same network with the camera.

In this paper, we show how attackers can use surveillance cameras and infrared light to establish bi-directional covert communication between the internal networks of organizations and remote attackers. We present two scenarios: exfiltration (leaking data out of the network) and infiltration (sending data into the network). reads the paper published by the team and titled aIR-Jumper: Covert Air-Gap Exfiltration/Infiltration via Security Cameras & Infrared (IR)

The malicious code is able to steal data from an infected system and then convert it into a sequence of ones and zeros that is then transmitted by making the devices infrared LE...

Fast Track Apache Spark

My upcoming Strata Data NYC 2017 talk about big data analysis of futures trades is based on research done under the limited funding conditions of academia. This meant that I did not have an infrastructure team, therefore I had to set up a Spark environment myself. I was analyzing futures order books from the Chicago Mercantile Exchange (CME) spanning May 2, 2016, to November 18, 2016.

19:09

Another Chinese Developer Arrested For Selling VPN Access TorrentFreak

Early 2017, Chinas Ministry of Industry and Information Technology said that due to Internet technologies and services expanding in a disorderly fashion, regulation would be needed to restore order.

Announcing measures to strengthen network information security management, the government said it would begin a nationwide Internet network access services clean-up.

Months later, it became evident that authorities were taking an even more aggressive stance towards Virtual Private Networks, since these allow citizens to evade the so-called Great Firewall of China. The government said that in future, operating such a service without a corresponding telecommunications license would constitute an offense.

Now, according to local news reports, a citizen who apparently failed to heed the governments warnings has fallen foul of the new rules.

The Nanjinger reports that a software developer, named as Mr. Zhao from Nanjing, was arrested August 21 for contravening the new laws on VPN licensing.

Zhao reportedly told authorities hed initially set up the VPN for his own use in order to access content hosted abroad, which presumably involved circumventing Chinas firewall. However, once he recognized there was a demand, the developer decided to let others use the service for a small fee.

The prices he asked were indeed small just $1.50 per month or around $18 for two years service. Based on reported total revenues of just $164 for the entire business, its possible he had around 100 customers, or indeed far fewer.

What will happen to the man isnt clear but hell be keen to avoid the fate of Deng Jiewei, who previously ran a small website through which hed sold around $2,100 worth of VPN software.

Early September it was reported that the 26-year-old had been sentenced to nine months in prison for offering tools that enable people to visit foreign websites that cannot be accessed via a domestic (mainland) IP address.

These cases are part of an emerging pattern in China centered around the supply and sale of VPN products and services. Back in July, Apple began banning VPN applications from its iOS store in China. The company reported that the apps contained content that is illegal locally, thereby violating the companys policies.

Source: TF, for th...

18:30

Cronk The Gonk Droid Hackaday

The Gonk droids from the Star Wars universe are easy to overlook, but serve the important function of mobile power generators. Here on Earth, [bithead942]s life-size replica droid fulfills much the same purpose.

Cronk functionally an oversized USB charging hub with a lot of bells and whistles is remotely controlled by a modified Wii Nunchuck very controller similar to the one [bithead942] used to control his R2-D2. With the help of an Adafruit Audio FX Mini, an Adafruit Class D 20W amp, and two four-inch speakers, the droid can rattle off some sound effects as it blows off some steam(really, an inverted CO2 duster). An Arduino Mega acts as Cronks brain while its body is sculpted from cast-able urethane foam for its light weight and rigidity. It also houses a FPV camera, mic, and DVR so it can be operated effectively from afar.

And, it can dance!

Those legs are a robot platform kit with servos that have enough torque to support and move the droids weight. In the face of overwhelming balance issues, [bithead942] attached a set of training wheels which solve the stability problems, improve the battery life, and make it more convention-friendly easily contending with jostling, prodding, and uneven floors.

If one of these droids arent around when your mobile device runs low, hit up a nearby Pokmon Centre.


Filed under: robots hacks

18:17

Butterfly Wing Patterns Altered with CRISPR SoylentNews

Scientists have used CRISPR to disrupt the genes responsible for forming the patterns on butterfly wings:

The brilliant, intricate patterns on butterfly wings from haunting eye spots to iridescent splashes of blue look as if they were painted on by teams of artists. Researchers thought that a complex collection of genes might be responsible, interacting to build up the final pattern. But two studies now suggest that two genes play an outsize role in determining the wing's lines and colours. Turning off these 'master' genes disrupts the canvas, dulling the colours or turning the insects monochromatic.

The studies published this week in Proceedings of the National Academy of Sciences challenge the old paradigm of wing-pattern development, says Bob Reed, an evolutionary developmental biologist at Cornell University in Ithaca, New York, and lead author of one of the papers and a co-author on the other. Understanding how wing patterns are controlled gives scientists greater insight into the evolution of traits that help the insects to avoid predation and attract mates.

"The two different genes are complementary. They are painting genes specialized, in a way, for making patterns," says Arnaud Martin, a developmental biologist at George Washington University in Washington DC, and lead author of one of the studies.

Also at New Atlas, the The New York Times, and BBC (2m video).

Macroevolutionary shifts of WntA function potentiate butterfly wing-pattern diversity (DOI: 10.1073/pnas.1708149114) (DX)

Single master regulatory gene coordinates the evolution and development of butterfly color and iridescence (DOI: 10.1073/pnas.1709058114) (DX)


Original Submission

Read more of this story at SoylentNews.

18:09

Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server The Hacker News

Viacomthe popular entertainment and media company that owns Paramount Pictures, Comedy Central, MTV, and hundreds of other propertieshas exposed the keys to its kingdom on an unsecured Amazon S3 server. A security researcher working for California-based cyber resiliency firm UpGuard has recently discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket

17:57

Bitcoin instead of Ads The Isoblog.

Scandinavia and the World

If Web Pages are using Bitcoin mining Javascript instead of advertising, it means Adblockers are winning.

Of course it wont work even if it worked, but one can try.

That is, as expected uBO is blocking the SATW miner by default by blacklisting the external JS domain with the mining plugin.

If it didnt, it would still be too inefficient to actually generate profit, because these days you would need dedicated mining rigs for this.

And of course, if that even worked, then you have Bitcoin and not money.

So mostly this is a demonstration about how Ads do not work any more. At all. Ever again.

17:50

APPLE-SA-2017-09-19-1 iOS 11 Bugtraq

Posted by Apple Product Security on Sep 20

APPLE-SA-2017-09-19-1 iOS 11

iOS 11 is now available and addresses the following:

Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
erase a device during Exchange account setup
Description: A validation issue existed in AutoDiscover V1. This
issue was addressed through requiring TLS.
CVE-2017-7088: Ilya Nesterov, Maxim...

17:30

Shocking' Holocaust Study Claims Nazis Killed Up To 20 Million People Terra Forming Terra

holocaust-concentration-camp-birkenau-train



This needed to be done.  The original estimates were hardly the result of any serious scholarship but more an exercise in proxies and back of the envelope calulations. They provided a ball park and a low one at that.  Corrected calculations were always certain to be upwards.

From this it appears that a real number will be toward  the high point of a range of 15 to 20 millions.  Say 18 million +/- 2 million.

These are awful numbers, yet similar in size to the efforts of Stalin as well.  He at least could hide behind a vastly larger population.  Within all that several millions of Jews lost their lives..

..

Shocking' Holocaust Study Claims Nazis Killed Up To 20 Million People

Mar. 4, 2013, 6:23 AM

http://www.businessinsider.com/shocking-new-holocaust-study-claims-nazis-killed-up-to-20-million-people-2013-3

The Nazi Holocaust may have claimed up t...

17:30

Mercks Former Doctor Predicts Gardasil to Become the Greatest Medical Scandal of All Time Terra Forming Terra

gardasil
 


It only gets worse.  Essentially the whole pharmaceutical industry jumped into the vaccine industry as a cash.  None of this is slightly justified and it naturally endangers consumers.  It all compares to bloodletting.

I do not know what can stop this.  The science is completely bought out and largely fabricated.  i no longer think they even err on the side of safety.

It is a very bad scene..
.
Mercks Former Doctor Predicts Gardasil to Become the Greatest Medical Scandal of All Time 


 http://realfarmacy.com/gardasil-scandal/

It is simply no longer possible to believe much of the clinical research that is published, or to rely on the judgment of trusted physicians or authoritative medical guidelines. I take no pleasure in this conclusion, which I reached slowly and reluctantly over my two decades as an editor of The New England Journal of Medicine  (source)&nb...

17:30

How 37 Banks Became 4 In Just 2 Decades, All In One Astonishing Chart Terra Forming Terra

bank-chart



 

This is impractical nonsense of course and needs to be seriously changed.  We need competitive banking scaled at the State level at least.  We have needed this for a long time.

This happened because the merger of banking with investment banking back in 1999 ending the most important reform out of the Great Depression.

The real problem is the economic ignorance of the political class itself who will buy any sort of nonsense and never listen to those who truly know better and are also truly independent...


How 37 Banks Became 4 In Just 2 Decades, All In One Astonishing Chart

posted by Aaron Jackson May 6, 2014

https://www.exposingtruth.com/37-banks-became-4-just-2-decades-one-astonishing-chart/

If you were wondering how banks got too big to fail, heres a good place to start. This chart shows us how, over the last couple of decades, 37 banks have became just 4 mega-banks. These same 4 mega-banks have, thus far, been immune to the consequences of any and all of their terrible decisions that places the entire world economy in jeopardy.

Click the image below to view the full size image.


17:30

Mystery of the slimy brain-like 'alien blobs' found in a Canadian lagoon that appear to be SPREADING Terra Forming Terra

They might look like props from a low-budget horror flick, but these mysterious slimy blobs are actually colonies of hundreds of tiny creatures. The pond-dwelling jellies were recently spotted for the first time in Canada

  
I have seen this before in fossil form in photographs from Australia.  It happens to be just about the oldest possible fossil.  So here we have a life form we know has been with us for almost 500,000,000 years..

It is even nearby to me.  However is do suspect this is far more common than imagined.  After all it likes muddy pond water and likely deep as well.

It is neat to see it though in the living form.

.
Mystery of the slimy brain-like 'alien blobs' found in a Canadian lagoon that appear to be SPREADING

The jellies were recently spotted for the first time in a park in Vancouver, Canada 

The creatures, known as bryozoans, have been around for millions of years 

But the species found normally only dwells east of the Mississippi river 
...

16:44

Celex - Nanosecond Image Acquisition SoylentNews

Phys.org and other sites report on a new type of camera that is extremely fast, it looks for the slope of intensity at individual pixels and at the same time requires much less bandwidth than a conventional video camera,
    https://phys.org/news/2017-02-ultrafast-camera-self-driving-vehicles-drones.html
Said to be useful for any type of real time use, in particular self-driving cars.

From the company site, http://www.hillhouse-tech.com/

Each pixel in our sensor can individually monitor the slope of change in light intensity and report an event if a threshold is reached. Row and column arbitration circuits process the pixel events and make sure only one is granted to access the output port at a time in a fairly ordered manner when they receive multiple requests simultaneously. The response time to the pixel event is at nanosecond scale. As such, the sensor can be tuned to capture motion objects with speed faster than a certain threshold. The speed of the sensor is not limited by any traditional concept such as exposure time, frame rate, etc. It can detect fast motion which is traditionally captured by expensive, high speed cameras running at tens of thousands frames per second and at the same time produces 1000x less of data.

Sounds sort of like an eye (human or animal), which has a lot of hardware (wetware?) processing directly behind the retina and only sends a relatively slow data rate to the brain.


Original Submission

Read more of this story at SoylentNews.

15:30

Field Expedient Quenches Your Thirst for a Soldering Station Hackaday

In the category of first world problems, it seems that these days no one is happy with just a plain old soldering iron. Today, everyone wants a station with bells, whistles, and features. If all you have is the iron, take heart. Grab a soda, drink it, and then duplicate [Kalvin178s] makeshift solder station.

The idea is simple: cut or tear a soda can and press in the sides to make a V-shaped holder for the iron. A smaller part of the can might hold a wet paper towel, a sponge, or some copper scrubbing pads to clean your tip.

We tried to think about using a lollipop stick to hold your solder, but we didnt come up with anything sufficiently clever. Some cheap reading glasses might serve for magnification and a dollar store USB or battery fan could blow fumes.

Weve seen clothes pins used for helping hands. Weve also seen people make quick and dirty iron holders out of stiff wire.

If you really want to make your own big-time station, you can. If thats not hackish enough for you, then you can always strap on a thermocouple.


Filed under:...

15:11

Solar-to-Fuel System Recycles CO2 to Make Ethanol and Ethylene SoylentNews

Scientists at the Department of Energy's Lawrence Berkeley National Laboratory (Berkeley Lab) have harnessed the power of photosynthesis to convert carbon dioxide into fuels and alcohols at efficiencies far greater than plants. The achievement marks a significant milestone in the effort to move toward sustainable sources of fuel.

....
For this JCAP study, researchers engineered a complete system to work at different times of day, not just at a light energy level of 1-sun illumination, which is equivalent to the peak of brightness at high noon on a sunny day. They varied the brightness of the light source to show that the system remained efficient even in low light conditions.

The ethanol-fueled rejoice.


Original Submission

Read more of this story at SoylentNews.

14:08

Using Signal Without Giving Your Phone Number Stories by Martin Shelton on Medium

Nelson Sosa (CC BY-NC-ND 2.0)

Encrypted messaging apps like Signal, as well as WhatsApp and Viber, use your phone number as your main username. This means that if I want to chat with someone on these apps, I have to give them my phone number.

But we may have many reasonsboth practical and principlednot to share our number with someone. These digits are personal.

Ideally, apps like Signal would allow us to use something besides our phone number as the main identifier we share with others. For example, a few competing encrypted messengers, such as Wire, allow users to choose a username.

This is a big deal. It means that users dont need to choose between strong encryption, and protecting other personal information.

So lets talk about a workaround.

Getting a Second Number

If you want to withhold your personal phone number, the good news is that you can use a secondary phone number to register for these apps.

For example, on Signal you register a phone number during startup.

You might think you have to use your mobile number, but you can really use any number you have access to.

Heres the catch: You need to have persistent access to the number. If someone else gets access to it, they can use it to re-register Signal, and you will lose access. The new owner of the phone number can quickly become the new owner of your Signal number.

If you use an alternative number, you also need to keep it.

Here are a few options to help you access an additional long-term number:

  • Second SIM. You can register your app with an alternative SIM card, which will give you a new phone number. This second SIM must be kept active with regular account payments, or you will lose the number. To learn more, read this post by Jillian York of the Electronic Frontier Foundation. Note: While in many countries this can be reasonably cheap, in the United States, this typically means purchasing a bundled data and phone plan, which can be expensive.
  • Google Voice. If youre in the U.S. and dont mind using your existing phone number to sign up, you can use a free Google Voice number. This is easy to set up.
  • Twilio....

13:36

NEW 'Off The Wall' ONLINE 2600 - 2600: The Hacker Quarterly

NEW 'Off The Wall' ONLINE

Posted 20 Sep, 2017 3:06:24 UTC

The new edition of Off The Wall from 19/09/2017 has been archived and is now available online.

13:33

Cassini Spacecraft Post-Mortem SoylentNews

Timeline of CassiniHuygens

NASA's Cassini Spacecraft Ends Its Historic Exploration of Saturn

Telemetry received during the plunge indicates that, as expected, Cassini entered Saturn's atmosphere with its thrusters firing to maintain stability, as it sent back a unique final set of science observations. Loss of contact with the Cassini spacecraft occurred at 7:55 a.m. EDT (4:55 a.m. PDT), with the signal received by NASA's Deep Space Network antenna complex in Canberra, Australia.

[...] As planned, data from eight of Cassini's science instruments was beamed back to Earth. Mission scientists will examine the spacecraft's final observations in the coming weeks for new insights about Saturn, including hints about the planet's formation and evolution, and processes occurring in its atmosphere.

[...] Cassini launched in 1997 from Cape Canaveral Air Force Station in Florida and arrived at Saturn in 2004. NASA extended its mission twice first for two years, and then for seven more. The second mission extension provided dozens of flybys of the planet's icy moons, using the spacecraft's remaining rocket propellant along the way. Cassini finished its tour of the Saturn system with its Grand Finale, capped by Friday's intentional plunge into the planet to ensure Saturn's moons particularly Enceladus, with its subsurface ocean and signs of hydrothermal activity remain pristine for future exploration.

Farewell, Cassini: a 20 year mission to Saturn comes to a life-protecting end

During the Jovian flyby, Cassini performed scientific observations of the planet, showing that Jupiter's cloud belts were areas of "net-rising atmospheric motion."

This observation contradicted previous hypotheses about Jupiter's dark and light belts and served to highlight differences in planetary weather systems.

During the flyby, Cassini was also able to study Jupiter's thin ring system, revealing that Jupiter's rings were composed of irregularly shaped particles that likely originated as ejecta from micrometeorite impacts with the moons Metis and Adrastea.

Cassini: The legend and legacy of one of NASA's most prolific missions

Previously:

Read more of this story at SoylentNews.

12:31

Strong Earthquake Near Mexico City Kills Hundreds cryptogon.com

Via: Reuters: Rescue crews and ordinary citizens searched through rubble for survivors as night fell on Tuesday on battered cities in central Mexico, including the capital, where the death toll from a major earthquake grew to at least 226. The magnitude 7.1 quake toppled dozens of buildings, broke gas mains and sparked fires less than []

12:30

Need a Night-Light? Hackaday

[Scott] created an LED candle in preparation for the big mac daddy storm (storms?) coming through.  Like millions of other people in Florida, he was stuck at home with his roommates when an oncoming hurricane headed their way.  Worrying about blundering about in the dark when the power inevitably went out, they set off to gather up all of the candles they had lying around.  Realizing the monstrous pile of candles and matches looked more and more like a death wish, the decision was made to create a makeshift light out of what components they had on hand.  Now, not having access to any outside sources for parts means that you are going to have a bare bones model.

That being said, this straightforward light only takes a couple of seconds to put together.  Jury rig a couple of AA or AAA batteries up, then slap on a resistor, LED, and jumper to get that sucker running.  Wrap electrical tape around the whole thing, or even try duct tape, whatever gets the job done.  A little paper hat on top of it will diffuse the light and bada bing, bada boom, youre all done.  Generally though, soldering directly onto a battery is not a wise idea.  So, if you want to get fancy, perhaps a better alternative is to have a battery casing as shown below.

...

12:02

The Rare, Potent Fuel Powering North Korea's Weapons SoylentNews

When North Korea launched long-range missiles this summer, and again on Friday, demonstrating its ability to strike Guam and perhaps the United States mainland, it powered the weapons with a rare, potent rocket fuel that American intelligence agencies believe initially came from China and Russia.

The United States government is scrambling to determine whether those two countries are still providing the ingredients for the highly volatile fuel and, if so, whether North Korea's supply can be interrupted, either through sanctions or sabotage. Among those who study the issue, there is a growing belief that the United States should focus on the fuel, either to halt it, if possible, or to take advantage of its volatile properties to slow the North's program.

But it may well be too late. Intelligence officials believe that the North's program has advanced to the point where it is no longer as reliant on outside suppliers, and that it may itself be making the potent fuel, known as UDMH. Despite a long record of intelligence warnings that the North was acquiring both forceful missile engines and the fuel to power them, there is no evidence that Washington has ever moved with urgency to cut off Pyongyang's access to the rare propellant.

Classified memos from both the George W. Bush and Obama administrations laid out, with what turned out to be prescient clarity, how the North's pursuit of the highly potent fuel would enable it to develop missiles that could strike almost anywhere in the continental United States.

Source: NY Times

Pop Science earlier has a more detailed look at how their missile might work:
How North Korea's Theoretical ICBM Would Work

What is UDMH?

Toxic Propellant Hazards ~ 1966 NASA KSC; Hydrazine Rocket Fuel & Nitrogen Tetroxide Oxidizer

It's really nasty stuff...


Original Submission

Read more of this story at SoylentNews.

11:38

Senate panel expects Facebook to testify publicly for Russia probe The Hill: Technology Policy

The Senate Intelligence Committee is expecting Facebook executives to testify at a public hearing as part of the panel's investigation into Russia's efforts to meddle in the 2016 presidential election.Sen. Richard Burr (R-N.C.), the committee's...

11:33

Links 19/9/2017: Pipewire, Mir Support for Wayland, DRM in W3C Techrights

GNOME bluefish

Contents

GNU/Linux

  • Seven things about Linux you may not have known so far

    One of the coolest parts about using Linux is the knowledge you gain over time. Each day, youre likely to come across a new utility or maybe just an unfamiliar flag that does something helpful. These bits and pieces arent always life-changing, but they are the building blocks for expertise.

    Even experts dont know that all, though. No matter how much experience you might have, there is always more to learn, so weve put together this list of seven things about Linux you may not have known.

  • Desktop

    • Black screen of death after Win10 update? Microsoft blames HP

      Microsoft is pointing the finger of blame at HPs factory image for black screens of death appearing after a Windows Update.

      Scores of PC owners took to the HP forums last week to report that Windows 10 updates released September 12 were slowing down the login process. Users stated that once they downloaded the updates and entered their username and password, they only saw black screens for about five to 10 minutes.

      The forum members said that clean installs or disabling a service called app readiness, which gets apps ready for use the first time a user signs in to this PC and when adding new apps seemed to fix the delay.

      Today, a Microsoft spokesperson told The Register: Were working to resolve this as soon as possible and referred affected customers to a new support post.

  • Server

11:30

Re: [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow Open Source Security

Posted by Luciano Bello on Sep 19

The link is 404ing. I might be creating the pcap wrongly. Can you make a
input pcap available?

thanks! /luciano

10:36

Music Piracy On Increase Worldwide: Industry Group SoylentNews

Music piracy is on the increase worldwide, with 40 percent of users are accessing unlicensed music, up from 35 percent last year, the global recorded music industry group IFPI said.

Internet search engines are making piracy easier, the International Federation of the Phonographic Industry (IFPI) said in a report on Tuesday, calling for government action.

The increase in piracy follows a slump in recent years when policing of the digital music landscape appeared to be clamping down on the practice.

"Copyright infringement is still growing and evolving, with stream ripping the dominant method," said IPPI chief, Frances Moore.

"With the wealth of licensed music available to fans, these types of illegal sites have no justifiable place in the music world," she said, calling for greater regulation of the digital music sector.

If they defeat stream ripping, there's always the analog hole...

[Ed Note - OTOH "The report also revealed the continuing rise in audio streaming. It found that 45 percent of respondents were now listening to music through a licensed audio streaming serviceup from 37 percent in 2016." ]


Original Submission

Read more of this story at SoylentNews.

10:30

HPR2383: What's In My Ham Shack Hacker Public Radio

What's In My Ham Shack In this episode I am starting what I hope will become a series where Amateur Radio operators talk about what equipment they have and use in their Ham Shacks. Ham Shack Definition A good definition of exactly what a Ham Shack is can be found on Wikipedia. https://en.wikipedia.org/wiki/Radio_shack Categories of Ham Radio gear I tend to divide gear into the following categories. Portable - hand-held devices designed for carrying. Mobile - equipment that is designed to be used in a vehicle. Base - gear used in a fixed station environment. Miscellaneous - other stuff. My Ham Shack You can google any of these model numbers to see what the hardware looks like and learn more about it. Portable Gear Allinco DJ-190 Handy-Talkie Yeasu VX-6R tri-band Handy-Talkie Mobile Gear Yeasu FT-8800 dual-band radio New Motorolla Mount (NMO) antenna mount Comet B-10nmo mobile antenna Comet SBB-5nmo mobile antenna Base Station Gear ICOM IC-746 HF+6m+2m radio Grasshopper II vertical HF antenna Unknown brand vertical 2-meter/70-cm base station antenna MFJ-4225MV Switching Power Supply MFJ-949E Manual Antenna Tuner LDG Electronics AT-200Pro II Automatic Antenna Tuner Computer running Xubuntu 16.04 West Mountain RIGblaster Advantage digital interface Miscellaneous Gear MFJ-269C Antenna Analyzer Stereo head-phones and microphone Push-to-Talk pedal RTL-SDR Dongle Collection of various connectors and adaptors

09:30

Wind Chimes and Dry Ice Make an Unusual Musical Instrument Hackaday

When it comes to making music, there are really only a few ways to create the tones needed pluck something, blow into something, or hit something. But where does that leave this dry-ice powered organ that recreates tunes with wind chimes and blocks of solid CO2?

It turns out this is firmly in the hit something camp, as [Leah Edwards] explains of her project. When the metal wind chime tubes come in contact with dry ice, the temperature difference sublimates the solid CO2. The puff of gas lifts the tube slightly, letting it fall back against the brick of dry ice and making a tone. The process is repeated rapidly, providing a vibrato effect while the tube is down. [Leah] used solenoids to lift the tubes and, having recently completed a stint at National Instruments, a bunch of NI gear to control them. The videos below show a few popular tunes and a little bit about the organ build. But what no songs from Frozen?

We can easily imagine this same build using an Arduino or some other microcontroller. In fact, it puts us in mind of a recent reed organ MIDI project that has a few ideas to offer, like ways to quiet those solenoids. 


Filed under: musical hacks

09:03

Startup Pi Out to Slice the Charging Cord SoylentNews

Silicon Valley youngster Pi on Monday claimed it had developed the world's first wireless charger that does away with cords or mats to charge devices.

Pi chargers, about the size of a small table vase, operate on standard charging technology used in Apple or Android smartphones designed to be powered up wirelessly.

But instead of cords or mats, the conical creation charges smartphones with magnetic waves.

Magnetic fields are an ideal way to safely send energy to portable electronics, said Pi chief technology officer Lixin Shi, who co-created the charger with John MacDonald.

The trick was bending magnetic waves to find smartphones, the co-founders said during a presentation for an AFP journalist at the TechCrunch Disrupt startup scrum in San Francisco.

[...] The pair figured out how to shape the magnetic field so energy could be beamed to smartphones placed or in use within a foot of a Pi.


Original Submission

Read more of this story at SoylentNews.

08:26

Overnight Tech: Senate panel debates sex-trafficking bill | Massachusetts AG sues Equifax | Twitter touts progress against terrorist accounts | Anti-virus firm calls Avril Lavigne the most dangerous celeb online The Hill: Technology Policy

SENATE COMMERCE TAKES ON SEX TRAFFICKING BILL: The Senate Commerce Committee on Tuesday took up a controversial online sex-trafficking bill, hearing testimony from victims' families who urged lawmakers to act.The hearing room was silent as...

07:28

Toys 'R' Us Files for Bankruptcy Protection in US SoylentNews

Toys 'R' Us has filed for bankruptcy protection in the US and Canada as it attempts to restructure its debts.

The firm was once a dominant player in the US toy market, but has struggled against larger rivals such as Amazon.

The move casts a shadow over the future of the company's nearly 1,600 stores and 64,000 employees.

The firm's European operations are not part of the bankruptcy proceedings and Toys R Us says it does not expect any immediate impact on its UK stores.

Toys R Us's operations in Australia, about 255 licensed stores and a joint venture partnership in Asia are also not included in the bankruptcy move.

[...] The bankruptcy filing is more evidence that traditional retailers are struggling in the US, as online retailers continue to capture market share.

Amazon marches on, or we're just at 'Peak Toy'?


Original Submission

Read more of this story at SoylentNews.

07:12

Someone checked and, yup, you can still hijack Gmail, Bitcoin wallets etc via dirty SS7 tricks Lifeboat News: The Blog

Two-factor authentication by SMS? More like SOS

Once again, its been demonstrated that vulnerabilities in cellphone networks can be exploited to intercept one-time two-factor authentication tokens in text messages.

07:12

Equifax Officially Has No Excuse Lifeboat News: The Blog

A patch that would have prevented the devastating Equifax breach had been available for months. Theres no excuse for that.

07:00

Wikileaks Spy File Russia the surveillance apparatus implemented by firm Peter-Service Security Affairs

Wikileaks releases a new batch of documents that claim to detail the Russia mass surveillance apparatus implemented with the help of firm Peter-Service.

Wikileaks has released a batch of documents, dubbed Spy File Russia, that detail the surveillance infrastructure implemented by Russia. The Kremlins surveillance apparatus allows the Russian agencies to spy online activities and mobile devices.

According to the Italian Wikileaks media partners, the Italian newspaper La Repubblica, the documents cover an extended timespan from 2007 to June 2015.

This is the first time Wikileaks has leaked material related to the Russian state, documents report of a Russian company which supplies software to telecommunication companies that is also installing equipment used by Russian state agencies to tap into.

It is a surveillance apparatus that enable the Russian intelligence to search and spy on citizens digital activity,

...

06:55

T-Shirt: Pflger, gr mir die Sonne! The Isoblog.

Sorry, but I am not sorry.

PNG Pflger, gr mir die Sonne, Background transparent

Idee: Ralf Ertzinger

06:41

Google Chrome most resilient against attacks, researchers find Help Net Security

Researchers have analyzed Google Chrome, Microsoft Edge, and Internet Explorer, and found Chrome to be the most resilient against attacks. Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves, noted Markus Vervier, More

06:36

LibrePlanet 2018: Let's talk about Freedom. Embedded. FSF blogs

The call for sessions is open now, until November 2nd, 2017. General registration and exhibitor and sponsor registration are also open. Pre-order a LibrePlanet 10th anniversary t-shirt when you register to attend!

Do you want to discuss or teach others about a topic relevant to the free software community? You've got until Thursday, November 2nd, 2017 at 10:00 EDT (14:00 UTC) to submit your session proposals.

LibrePlanet is an annual conference for free software enthusiasts and everyone who cares about the intersection of technology and social justice. For the past nine years, LibrePlanet has brought together free software developers, policy experts, activists, hackers, students, and people who are at the beginning of their free software journeys. LibrePlanet 2018 will feature programming for all ages and experience levels.

If you're new to the community or to the LibrePlanet conference, check out last year's conference site and session videos, including the opening keynote, a look at the 21st century techno-surveillance state by Kade Crockford of the Massachusetts chapter of the ACLU.

What kinds of sessions are we looking for?

Each year, LibrePlanet offers both technical talks and sessions examining the intersection of free software and activism, culture, and current events. Here are a few examples of talks or sessions you might propose:

  • An examination of how free software can aid in an aspect of life that is important to you, like education, medicine, social movements, or community organizing

  • A workshop (for beginners or experienced users) on how to use a free software program or free hardware project

  • A project sprint, where new and current contributors to a free software project can meet and work together on an aspect of the project

  • An introduction to free software licensing, copyleft, or a deep dive into a current legal issue

  • An update on your free software project

Check out talk recordings from LibrePlanet 2017 for more ideas.

LibrePlanet's 10th anniversary theme is "Freedom. Embedded." Embedded systems are everywhere, in cars, digital watches, traffic lights, and even within our bodies....

06:30

OptionsBleed Apache bleeds in uncommon configuration Hackaday

[Hanno Bck] recently uncovered a vulnerability in Apache webserver, affecting Apache HTTP Server 2.2.x through 2.2.34 and 2.4.x through 2.4.27. This bug only affects Apache servers with a certain configuration in .htaccess file. Dubbed Optionsbleed, this vulnerability is a use after free error in Apache HTTP that causes a corrupted Allow header to be replied by the webserver in response to HTTP OPTIONS requests. This can leak pieces of arbitrary memory from the server process that may contain sensitive information. The memory pieces change after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.

Unlike the famous Heartbleed bug in the past, Optionsbleed leaks only small chunks of memory and more importantly only affects a small number of hosts by default. Nevertheless, shared hosting environments that allow for .htaccess file changes can be quite sensitive to it, as a rogue .htaccess file from one user can potentially bleed info for the whole server. Scanning the Alexa Top 1 Million revealed 466 hosts with corrupted Allow headers, so it seems the impact is not huge so far.

The bug appears if a webmaster tries to use the Limit directive with an invalid HTTP method. We decided to test this behaviour with a simple .htaccess file like this:

<Limit A>
 Allow from all
 </Limit>
 <Limit BB>
 Allow from all
 </Limit>
 <Limit CCC>
 Allow from all
 </Limit>

Soon enough, after a dozen of requests or so, the webserver replies clearly started to look very suspicious:

$ curl -sI -X OPTIONS http://10.9.0.1/index.html

HTTP/1.1 200 OK
 Date: Tue, 19 Sep 2017 15:03:59 GMT
 Server: Apache/2.4.7
 Allow: GET,HEAD,,allow,HEAD,,allow,HEAD,POST,OPTIONS,8,HEAD,8,HEAD,dex.html,HEAD, ,HEAD, ,HEAD,all,HEAD,,HEAD
 Content-Length: 0
 Content-Type: text/html

Filed under:...

05:55

Fujitsu Develops World's First Wearable, Hands-Free Speech Translation Device SoylentNews

Fujitsu Laboratories today announced the development of the world's first wearable, hands-free speech translation device, suitable for tasks in which the users' hands are often occupied, such as in diagnoses or treatment in healthcare.

In recent years, with an increase in the number of visitors to Japan, more and more non-Japanese patients are going to hospitals, creating issues in supporting communication in multiple languages. In 2016, Fujitsu Laboratories developed hands-free technology that recognizes people's voices and the locations of speakers, and that automatically changes to the appropriate language without physical manipulation of the device. That same year, it also worked with the University of Tokyo Hospital and the National Institute of Information and Communications Technology (NICT) to conduct a field trial of multilingual speech translation in the medical field using stationary-type tablets. Based on the results, Fujitsu Laboratories learned that, as there are many situations in which healthcare providers have their hands full, such as when providing care in a hospital ward, there was a great need for a wearable speech translation device that could be used without being physically touched.

In order to expand the usability of multilingual speech translation, Fujitsu Laboratories has developed the world's first compact, wearable, hands-free speech translation device by developing technology to differentiate speakers using small omnidirectional microphones. This is possible through an ingenious modification of the shape of the sound channel, and by improving the accuracy of speech detection technology that is highly resistant to background noise. Use of this device is expected to reduce the burden on healthcare providers whose hands are often constrained by other tasks.

Alas, the JET Program did not solve this problem.


Original Submission

Read more of this story at SoylentNews.

05:46

05:37

AMD Zen Temperature Monitoring On Linux Is Working With Hwmon-Next Phoronix

If you want CPU temperature monitoring to work under Linux for your Ryzen / Threadripper / EPYC processor(s), it's working on hwmon-next...

05:30

Low-Power Devices Use Backscatter to Transmit Data Several Kilometers IEEE Spectrum Recent Content full text

A special modulation scheme and LoRa combine to boost backscatter for the Internet of Things Photo: Dennis Wise/University of Washington

As the Internet of Things grows, sensors and other devices must collect and transmit data while consuming as little power as possible. One way to do this is to take advantage of backscatter by having IoT devices reflect radiofrequency signals transmitted to them. Tuned properly, these waves can deliver information over short distances.

A team from the University of Washington, with the Internet of Things in mind, has expanded the range of backscatter to several kilometers. Last week, the group presented research at Ubicomp 2017.  They showed that small sensors, transmitting signals using a special modulation technique, can backscatter data over greater distances than ever before.

That group plans to commercialize its technology through a startup called Jeeva Wireless, and expects to have a commercial backscatter system for sale within six months.

If backscatter can be used over long distances, it would be easier to build huge networks of sensors that could periodically send data to administrators. In theory, such a network could allow you to collect basic data from anything within range that you wished to stick a tag onincluding yourself, other people, or pets.

In the past, sending signals via backscatter was possible only over distances of a few meters. The most common use of backscatter today is in radiofrequency identification tags, which are often used to track boxes during shipping. But those tags receive a signal and harness power from a scanner held just a few centimeters away.

In their research, the UW group tested a custom-built backscatter device, and paired it with an off-the-shelf transmitter and receiver. The transmitter sent a single tone in the 900-megahertz band to the tag, which the device then modulated and reflected onto the receiver.

With their design, the group had to overcome the fact that the signal transmitted from the backscatter device is a million times weaker than the signal transmitted to it. And the transmitter itself can cause interference if the receiver picks up that stronger signal at the same time the tag or some other such device is trying to send its weaker one.

The group tested the setup on a vegetable farm, in a large house, and in an office building. In all three places, they found that they could achieve reliable communications over hundreds of meters or several kilometers by...

05:28

Stream Ripping Piracy Goes From Bad to Worse, Music Industry Reports TorrentFreak

Free music is easy to find nowadays. Just head over to YouTube and you can find millions of tracks including many of the most recent releases.

While the music industry profits from the advertisements on many of these videos, its not happy with the current state of affairs. Record labels complain about a value gap and go as far as accusing the video streaming platform of operating a DMCA protection racket.

YouTube doesnt agree with this stance and points to the billions of dollars it pays copyright holders. Still, the music industry is far from impressed.

Today, IFPI has released a new music consumer insight report that highlights this issue once again, while pointing out that YouTube accounts for more than half of all music video streaming.

User upload services, such as YouTube, are heavily used by music consumers and yet do not return fair value to those who are investing in and creating the music. The Value Gap remains the single biggest threat facing the music world today and we are campaigning for a legislative solution, IFPI CEO Frances Moore writes.

The report also zooms in on piracy and stream ripping in particular, which is another YouTube and Google related issue. While this phenomenon is over a decade old, its now the main source of music piracy, the report states.

A survey conducted in the worlds leading music industry markets reveals that 35% of all Internet users are stream rippers, up from 30% last year. In total, 40% of all respondents admitted to obtaining unlicensed music.

35% stream ripping (source IFPI)

This means that the vast majority of all music pirates use stream ripping tools. This practice is particularly popular among those in the youngest age group, where more than half of all Internet users admit to ripping music, and it goes down as age increases.

Adding another stab at Google, the report further notes that more than half of all pirates use the popular search engine to find unlicensed music.

Stream rippers are young (source IFPI)

TorrentFreak spoke to former RIAA executive...

05:13

Equifax says 100,000 Canadians affected by breach The Hill: Technology Policy

Equifaxs Canada division has revealed that as many as 100,000 Canadian consumers may have had their personal information compromised by hackers in a massive security breach that the credit reporting firm disclosed earlier this month. ...

05:00

Hackaday Prize Entry: The $50 Raspberry Pi Smartphone Hackaday

The Hackaday Prize is a challenge to create hardware, and the ZeroPhone is quite possibly the most popular project entered in the Hackaday Prize. What is it? Its a mobile phone built around the Raspberry Pi Zero that can be assembled for about $50 in parts. Already, its a finalist in the Hackaday Prize best product competition, a finalist for the grand prize of $50,000, and one of the most popular projects on Hackaday.io of all time.

We took a look at the ZeroPhone early this year, and while there have been significant advances in this project, the philosophy is still pretty much the same. This is a mobile phone with a numeric keypad and a 128 x 64 pixel OLED display basically the same user interface as a Nokia brick. The brain of the phone is a Raspberry Pi Zero wrapped in a PCB sandwich, with options for WiFi, Bluetooth, HDMI and audio outputs, a USB port, battery charging, and a ton of GPIOs that include ISM band radios, infrared receivers and transmitters, more flash storage, and anything else you can imagine. Basically, were looking at one of those modular, reconfigurable smartphone ideas, using a Raspberry Pi as the brains. Tech journos should be creaming themselves over this. Were looking forward to [Arsenijs] cover story in Wired.

As with any Open Source / DIY cell phone, the big question surrounding the ZeroPhone is the cellular radio. 2G radios are cheap and plentiful, but the infrastructure is either coming down shortly, or already is down. A 3G radio is a must for a minimum viable product, and [Arsenijs] says there are provisions for replacing the 2G radio with a 3G module. Of course, 3G modules arent as capital-O-Open as their technological predecessors, but thats a discussion for another time.

Already the ZeroPhone is a huge success. Theres an actual team working on this project, the ZeroPhone subreddit is bigger than the Hackaday subreddit, there are newsletters, a wiki, and there will be a crowdfunding campaign shortly. This is one to look out for, and a very worthy project in the running for the 2017 Hackaday Prize.

The...

04:32

Can We Stop Mitochondria From Causing Cancer to Grow? Lifeboat News: The Blog

Summary: A new report on mitochondria and cancer shows how our mitochondria help our cancers to grow. With its 37 genes, mitochondria are an attractive druggable target and researchers are looking it as an angle to develop powerful cancer cures. Cover Photo: FatCamera iStock/Getty Images.

Scientists believe the cure for cancer lies within our mitochondria.

Once considered an academic backwater, researchers suddenly have a renewed interest in the metabolism of cancer cells and are focusing on the lowly mitochondrion. New research shows that the mitochondria within our bodies bend over backward to help cancer cells grow. Scientists are publishing increasing amounts of evidence showing that cancer-induced changes in our mitochondria contribute to the growth of cancer. As Dr. Dario C Altieri, Head of the Altieri Lab at the Wistar Institute said in a review in the July 2017 British Journal of Cancer.

04:32

Measuring a mains choke with Hermes-Lite VNA Daniel Estvez

I have made a mains choke for my HF station, following Ian GM3SEK's design, which involves twisting the three mains wires together and passing as many turns as possible through a Fair-Rite 0431177081 snap-on ferrite core. I wanted to measure the choke's impedance to get an idea of its performance, so I've used my Hermes-Lite 2.0 beta2 in VNA mode.

I am using the measurement method described by G3TXQ and Claudio IN3OTD. The choke is measured in transmission mode (S_{12} parameter) using a test fixture to minimize parallel capacitance. The test fixture is made of two coaxial cables with the braids soldered to a copper clad board and crocodile clips soldered to the centre conductor. The coaxial cables are connected to the low power TX and RX ports of the Hermes-Lite 2.0 through 6dB attenuators. Using attenuators makes the Hermes-Lite see a constant 50 Ohm impedance regardless of the DUT's impedance.

Test fixture, with 6dB attenuators

I am using the Hermes VNA software, since unfortunately Quisk doesn't support the Hermes-Lite 2 in VNA mode yet. The VNA is calibrated with the crocodile clips shorted and then the choke is connected between the crocodile clips and measured. The complex impedance of the choke can be computed from the complex S_{12} parameter. I am using the formulas in G3TXQ's spreadsheet and a Jupyter note...

04:30

First Prescription App for Substance Abuse Approved by FDA IEEE Spectrum Recent Content full text

App helps drug and alcohol users stay clean Photo: Pear Therapeutics

Drug and alcohol users will soon be able to get prescriptions for a mobile app that could help them stay clean. Developed by Pear Therapeutics in Boston and San Francisco, the app helps people recovering from addiction stay on track while participating in outpatient treatment. The U.S. Food and Drug Administration (FDA) last week approved the prescription-only software for the American market. 

The FDAs decision marks the first time in the United States that software has been approved to treat disease, says Corey McCann, founder and CEO of Pear Therapeutics. The company plans to make the digital therapeutic available commercially in 2018, he says. 

The app, called reSET, is aimed at people with substance use disorders involving alcohol, marijuana, cocaine, and stimulants. Patients prescribed the software must be involved in some type of outpatient treatment. Only a prescription will enable the patient to unlock the software and use it. 

The app prompts patients each week to answer questions that help them stay on top of their cravings and keep them educated about ways to deal with their addictiona type of treatment called cognitive behavioral therapy. Its very much like what patients would get face-to-face, with clinicians, says McCann.

Patients can use the app to report cravings and what they think is triggering them, along with any slip-ups. The information gets sent to the patients clinician, who can view the activity on a back-end dashboard. It can help clinicians have more effective in-office visits, says McCann. Clinicians can use the information to help patients identify behavioral patterns that might lead to relapse. 

The FDA based its approval largely on data from a 12-week clinical trial of 399 patients who received either standard treatment or standard treatment with the addition of the software program. The study found that patients using the digital therapy had a more than 20-percent greater adherence to the treatment program and abstinence from the substance than patients undergoing standard treatment alone.

Pear Therapeutics spent at least $20 million developing the software program and testing it in clinical trials . Now, to recoup the investment, the company has to convince payers to see the value of the software and cover it in their insurance plans. 

The FDA in 2010 approved another prescription-only app, called ...

04:24

Excited to join Dropbox! Security

Im excited to announce that Ive joined Dropbox as their new Head of Security. Truth be told, Ive been here a little while and Ive been enjoying on-boarding too much to make the announcement. If you were wondering why my blog has been quiet for a while, now you know why!

I exited a fun period of semi-retirement to take up this challenge. What attracted me to Dropbox enough to make the switch? Many things but briefly:
  • Scale and sensitivity of the data. Half a billion users storing sensitive files is a worthy stash to protect.
  • The excellent caliber and decent size of the existing security team. Working with strong leaders and team members is a big draw.
  • Perhaps above all else, the warmth of the people and the culture. This is the friendliest, most collaborative company Ive worked at. I fully expect to become less of a jerk by imbibing the vibe! :)

The assertion about the warmth of the people and culture deserves some supporting evidence. This is a little story from before I joined. As you may recall, I was researching server-side usage of ImageMagick and ...

04:22

Twitter touts progress in curbing terrorist content The Hill: Technology Policy

Twitter says it is making progress in weeding out terrorism and abuse on its platform in its latest transparency report.The company says it has seen an 80 percent reduction in accounts reported by the government over terror concerns in the latter...

04:12

IC Insights Predicts Additional 40% Increase in DRAM Prices SoylentNews

IC Insights has predicted that DRAM prices will continue to increase this year:

According to IC Insights, DRAM prices will continue to increase even though they have more than doubled (+111%) over the last 12 months. IC Insights predicts that by the end of the calendar year DRAM's price per bit will have jumped a record 40% (or more).

[...] Of course, the record pricing levels are great for our friends at the major foundries. Samsung, Micron, and Sk Hynix are also raking in their own record profits and enjoying healthy margins. We have both DRAM and NAND shortages occurring at the same time, which is great for the foundries, and unless a player breaks ranks to gain market share, we can expect more foot-dragging before any of the foundries increases output.

The booming mobile industry and server markets are exacerbating the issue, so you would expect that the fabs would boost DRAM output. Unfortunately, the three primary fabs (Micron bought Elpida, reducing the number of players) don't share the same vision.

IC Insights indicates that Micron will not increase production capacity, instead relying upon improvements in yields and shrinking down to smaller nodes to boost its DRAM bit output. Sk Hynix has expressed its desire to boost DRAM output but hasn't set a firm timeline for fab expansion (unlikely to occur in the near term). Samsung is as tight-lipped as usual, so we aren't sure of its intentions.

In the 1980s there were 23 major DRAM suppliers, but cutthroat pricing and continual oversupplies eventually led to the wave of consolidation that left us with the current three suppliers.

Previously:

December 2015: DDR4 Memory Prices Declined 40% in 6 Months

May 2017:
DRAM Price Surge Continues
Samsung Set to Outpace Intel in Semiconductor Revenues

July 2017:
Micron Temporarily Suspends Operation of DRAM Production Facility
Samsung Increases Production of 8 GB High Bandwidth Memory 2.0 Stacks

August 2017:
DRAM Prices Continue to Climb
Samsung & SK Hynix Graphics Memory Prices Increase Over 30% In August


...

04:08

Senators hear emotional testimony on controversial sex-trafficking bill The Hill: Technology Policy

The Senate Commerce Committee on Tuesday took up a controversial online sex-trafficking bill, hearing testimony from victims' families who urged lawmakers to act.The hearing room was silent as Yvonne Ambrose tearfully told the panel about how her...

04:06

How to hack Gmail and a Bitcoin Wallet using SS7 Flaw TechWorm

Hack Gmail And A Bitcoin Wallet With Just A Name And A Mobile Number Using SS7 Flaw

Long back we had published a report how anybody can hack WhatsApp using the SS7 flaw. The SS7 flaw has existed for eons now along with fixes but the GSM and Telecom companies are neither inclined nor bothered to patch their infrastructure against the flaw.

Now a cybersecurity company called Positive Technologies has come out with a video detail how anyone can hack any Gmail account with simply a name and a mobile number using the SS7 flaw. After hacking the Gmail account of the victim, the researchers then proceed to steal a Bitcoin Wallet using the same SS7 flaw. The Positive researchers sent their video to Thomas Fox-Brewster, an ace investigative reporter from Forbes along with the details how to achieve the hack.

What is SS7 flaw?

The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down most of the worlds public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.

SS7 is vulnerable to hacking and this has been known since 2008. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%. In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each callers carrier release a temporary encryption key to unlock the communication after it has been recorded. Researchers created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers.

How to hack Gmail using the SS7 flaw

In the PoC video, the researchers used a phone number to first crack Googles email service, Gmail.  Once the email account was identified, the researchers sent a password request to Gmail servers. As per the protocol, Gmail sent the one-time authorization codes to the victims phone. Positive Technology researchers then used the SS7 flaw to intercept the SMS text containing the OTP. Once they got the OTP, hacking the victims Gmail account and resetting the password was easy.  They immediately chose a new password and took control of the Gmail account.

Using these details they headed to the Coinbase website. Here also they used the same modus operandi, i.e. do another password reset using the email they had hacked. Coinbase also sent...

03:48

[$] Building the kernel with clang LWN.net

Over the years, there has been a persistent effort to build the Linux kernel using the Clang C compiler that is part of the LLVM project. We last looked in on the effort in a report from the LLVM microconference at the 2015 Linux Plumbers Conference (LPC), but we have followed it before that as well. At this year's LPC, two Google kernel engineers, Greg Hackmann and Nick Desaulniers, came to the Android microconference to update the status; at this point, it is possible to build two long-term support kernels (4.4 and 4.9) with Clang.

03:46

Red Edge Biomarkers on M-dwarf Planets Centauri Dreams

When we think about the markers of possible life on other worlds, vegetation comes to mind in an interesting way. Wed like to use transit spectroscopy to see biosignatures, gases that have built up in the atmosphere because of ongoing biological activity. But plants using photosynthesis offer us an additional option. They absorb sunlight from the visible part of the spectrum, but not longer-wavelength infrared light. The latter they simply reflect.

What we wind up with is a possible observable for a directly imaged planet, for if you plot the intensity of light against wavelength, you will find a marked drop known as the red edge. It shows up when going from longer infrared wavelengths into the visible light region. The red-edge position for Earths vegetation is fixed at around 700760nm. What wed like to do is find a way to turn this knowledge into a practical result while looking at exoplanets. Where would we find the red edge on planets circling stars of a different class than our own?

Led by Kenji Takizawa, researchers at the Astrobiology Center (ABC) of National Institutes of Natural Science (NINS) in Japan have taken up the question with regard to M-dwarfs. These stars have lower surface temperatures than the Sun and emit more strongly at near-infrared wavelengths than at visible wavelengths. Assuming vegetation in such an environment evolves to use the most abundant photons for photosynthesis, shouldnt we expect the red edge to shift accordingly? Perhaps not, argue the authors, as only blue-green light penetrates beyond a few meters of water. Visible light, in other words, may play a larger role than we imagine.

This is a useful study, because we will begin our observations of possible biosignatures on exoplanets around stars like these, using not only upcoming space missions but ground observatories like the European Extremely Large Telescope, the Thirty Meter Telescope, and the Giant Magellan Telescope. The question is, what effect does the radiation of the star itself have on the red edge?

Image: Artists impressions of a habitable planet around M-dwarfs (left) and primordial Earth (right). Credit: ABC/NINS.

The authors believe that the first oxygenic phototrophs would have evolved underwater, using light at visible wavelengths. The star AD Leonis (AD Leo), an M-dwarf located 16 light years away, served as their model, with Takizawa and team plugging in a hypothetical planet of Earths size and insolation in orbit in the habitable zone there, allowing light conditions on the plan...

03:32

Thanks to Gene Thieves We Have Alien DNA in Our Mitochondria Lifeboat News: The Blog

Most people dont realize that all human beings have two sets of DNA in their bodies, the DNA inside our chromosomes, and a foreign DNA inside our mitochondria, that our ancestors stole from bacteria over a billion years ago.

Look into any of your cells, and youll see mysterious foreign DNA lurking inside your mitochondria, the tiny organelles that litter your cells. Recently, mitochondria have come under a growing scientific spotlight; scientists increasingly believe they play a central role in many, if not most, human illnesses. Mitochondria are the powerhouses of the cell, and when they falter, our cells lose power, just as a flashlight dims when its batteries weaken. Recently, researchers have linked mitochondria to an array of metabolic and age-related maladies, including autism, type 2 diabetes, cancer, Alzheimers, Parkinsons, and cardiovascular disease.

While our mitochondria did not come from another planet, they might as well have. Peer through a microscope, and youll swear that tiny aliens have invaded your cells. You are partially correct. Mitochondria appear out of place compared to the other structures within the cell. Something alien has invaded our cells, eons ago, but it came from primordial bacteria, a distinctly terrestrial source.

03:31

There Is No Such Thing As An Invalid Unit Hackaday

The Mars Climate Orbiter was a spacecraft launched in the closing years of the 1990s, whose job was to have been to study the Martian atmosphere and serve as a communications relay point for a series of other surface missions. It is famous not for its mission achieving these goals, but for the manner of its premature destruction as its orbital insertion brought it too close to the planets atmosphere and destroyed it.

The ill-fated Mars Climate Orbiter craft. NASA [Public domain].The ill-fated Mars Climate Orbiter craft. NASA [Public domain].The cause of the spacecraft entering the atmosphere rather than orbiting the planet was found in a subsequent investigation to be a very simple one. Simplifying matters to an extent, a private contractor supplied a subsystem which delivered a reading whose units were in the imperial system, to another subsystem expecting units in the SI, or metric system. The resulting huge discrepancy caused the craft to steer t...

03:15

Gigabyte X399 AORUS Gaming 7 Works As A Linux-Friendly Threadripper Motherboard Phoronix

For the past few weeks that I have been testing the AMD Threadripper 1950X on Linux, I have been using the Gigabyte X399 AORUS Gaming 7 motherboard. Overall, it's been a pleasant experience and is running fine under Linux. Here's a quick summary.

03:13

Cyber-attacks can be more dangerous to the stability of democracies and economies than guns and tanks. President Jean-Claude Juncker Lifeboat News: The Blog

How can we protect Europeans in digital age? Our proposals:
An EU Cybersecurity Agency to defend us from cyber-attacks.

A European certification scheme to ensure that products and services in the digital world are safe to use.

02:44

Pornhub Couple Arrested For Recording Explicit Acts At Public Library, Walmart, Burger King TechWorm

Louisiana couple was arrested for recording explicit acts in a number of public places and uploading explicit videos on Pornhub

A married couple who are known as sexybeast82 and LaylaDevine on Pornhub were arrested for filming their explicit personal acts and posting them online.  The married couple from Lousiana were arrested by police on obscenity charges after they allegedly filmed themselves indulging in various explicit acts in a Louisiana public library followed by Walmart and Burger King and then uploading the video on Pornhub.

An anonymous person filed a complaint against the Pornhub couple with the Lousiana authorities. According to police, they received a report of lewd activity that occurred within a public library in Houma, a city about 55 miles southwest of New Orleans. The suspects, cops charge, recorded themselves performing NSFW activities on each other and uploaded them on Pornhub. The police started investigating and found that the Pornhub couple were habitual offenders and had earlier uploaded videos of their explicit acts at the Public Library, Walmart, and Burger King. The police identified the two as Elizabeth Jernigan, 33, and her husband Rex, 35.

According to the police, the Pornhub couple had their own Pornhub page which contains more than 160 explicit videos. All the 160 videos feature the Jernigans themselves engaged in various NSFW activities in different public locations throughout the City of Houma and Terrebonne Parish.

The duos PornHub videos show Elizabeth exposing herself to the public at various businesses at the Southland Mall in Houma, a local Walmart, and a Burger King. The Jernigans also used the Houma public library video for their explicit exploits using the periodicals rack in the library to perform various NSFW acts.

The Jernigans were each charged with six counts of obscenity and were later released on bail. The Jernigans seemed amused at the turn of events and promised more explicit videos in days to come. Rex shared the news of arrest and bail on the couples PornHub page with this post:

To all my friends and followers,the wife and i just recently bailed out of jail for our public videos we posted on Pornhub, hopefully soon well get to post a new video soon, wrote Jernigan, who uses the handle Sexybeast82.

The couple are famous on Pornhub with their page having 4187 subscribers and their videos have been viewed more than 1.7 million times. In a brief About notation on PornHub, Rex Jernigan wrote that, Ive always loved to be nude and show off the body since I was a teenager. He added, hope everyone enjoys our videosthe more attention we receive,the more well post.

The post...

02:42

Massachusetts attorney general sues Equifax after hack The Hill: Technology Policy

Massachusetts Attorney General Maura Healey filed suit against Equifax on Tuesday, alleging that the credit reporting company ignored obvious cybersecurity vulnerabilities for months before hackers accessed the personal information of as many...

02:39

Jim Channon, Corporate Shaman and Basis for Hollywood Character, Dies at 77 SoylentNews

http://westhawaiitoday.com/news/local-news/jim-channon-corporate-shaman-and-basis-hollywood-character-dies-77

Channon, whose work with the U.S. military was featured in the book "The Men Who Stare at Goats," and served as the basis for a character in the film of the same name, died Sept. 10 at his ecohomestead in Hawi. He was 77.

[...] In 1979, Channon returned from a two-year research trip, presenting Pentagon leaders with the "First Earth Battalion Operations Manual," according to a report from The Boston Globe.

The book, a copy of which can be found at Channon's online archive, is the man's vision for "warrior monks" in the U.S. Army.

"The First Earth wants the action orientation of the warrior, but tempered with the patience and sensitivity and ethics of the monk," reads a page from the manual. "These are the soldiers who have the power to make paradise. Why go for anything less?"

Channon later pivoted to consulting work for corporations, becoming the first "corporate shaman," consulting with the likes of AT&T, Du Pont and Whirlpool, according to an article published in Fortune.

"I think for him it was the collision of the two worlds," Dee said of the corporate shaman moniker. "You know, very straight, stiff corporate guys. And here's this wild medicine man talking to them not just about numbers and spreadsheets but also heart and soul and vision and corporate values and just kind of turning up the color on that part of their work."

Parker Channon said he believes his father's attitude and clear position as an intelligent, curious explorer got people to give him their attention.


Original Submission

Read more of this story at SoylentNews.

02:06

Red Alert 2.0: New Android banking trojan can block and log incoming calls from banks Graham Cluley

New families of trojans continue to prosper on the Android platform as malicious hackers increasingly target mobile users in their attempt to steal login credentials and personal information.

Read more in my article on the Tripwire State of Security blog.

02:00

Hybrid Technique Breaks Backscatter Distance Barrier Hackaday

Low cost, long range, or low power when it comes to wireless connectivity, historically youve only been able to pick two. But a group at the University of Washington appears to have made a breakthrough in backscatter communications that allows reliable data transfer over 2.8 kilometers using only microwatts, and for pennies apiece.

For those unfamiliar with backscatter, its a very cool technology that modulates data onto RF energy incident from some local source, like an FM broadcast station or nearby WiFi router. Since the backscatter device doesnt need to power local oscillators or other hungry components, it has negligible power requirements. Traditionally, though, that has given backscatter devices a range of a few hundred meters at most. The UW team, led by [Shyamnath Gollokota], describe a new backscatter technique (PDF link) that blows away previous records. By combining the spread-spectrum modulation of LoRa with the switched attenuation of incident RF energy that forms the basis for backscatter, the UW team was able to cover 2800 meters for under 10 microwatts. Whats more, with printable batteries or cheap button cells, the backscatter tags can be made for as little as 10 cents a piece. The possibilities for cheap agricultural sensors, ultracompact and low power wearable sensors, or even just deploy-and-forget IoT devices are endless.

Weve covered backscatter before, both for agricultural uses and for pirate broadcasting stations. Backscatter also has also seen more cloak and dagger duty.

[via r/AmateurRadio]


Filed under: radio hacks, wearable hacks ...

01:40

DHS pays police millions to ticket and prosecute motorists MassPrivateI

image credit: Star Gazette

It used to be the DOJCOPSNHTSA and the USDOT were responsible for paying police to ticket motorists.

In the past few years, things have taken a turn for the worse. It now appears that DHS has become the largest cash provider for police departments.

What does that mean for motorists?

It means more tickets.

A recent article in the Knoxville News Sentinel, reveals that the Blount County Sheriff's Office received $91,488 from DHS to create 'specialized enforcement' on The Dragon, a section of U.S. Highway 129 near the North Carolina state line.

Another article in the Tennessean revealed how DHS is giving prosecutors millions to target motorists.

"State Department of Safety and Homeland Security Commissioner David Purkey was joined by Vic Donoho, director of the Tennessee Highway Safety Office, in Dickson on Aug. 30 as one part of a four-city, statewide tour Wednesday to announce $19 million in federal grants for programs to reduce road fatalities."

"The District Attorney General for the 23rd Judicial District - $187,000 (DUI prosecutors and support personnel)"

Two years ago, I exposed how DHS has been ...

01:25

Mir 1.0 Still Planned For Ubuntu 17.10, Wayland Support Focus Phoronix

Following our reporting of Mir picking up initial support for Wayland clients, Mir developer Alan Griffiths at Canonical has further clarified the Wayland client support. It also appears they are still planning to get Mir 1.0 released in time for Ubuntu 17.10...

01:16

Moore: The 2017 Linux Security Summit LWN.net

Paul Moore has posted his notes from the 2017 Linux Security Summit, held September 14 and 15 in Los Angeles. "LinuxKit was designed to make it easy for people to create their own Linux distribution, with a strong focus on minimal OS installs such as one would use in a container hosting environment. LinuxKit has several features that make it interesting from a security perspective, the most notable being the read-only rootfs which is managed using external tooling. Applications are installed via signed container images."

01:11

Friday Free Software Directory IRC meetup: September 22nd starting at 12:00 p.m. EDT/16:00 UTC FSF blogs

Participate in supporting the Directory by adding new entries and updating existing ones. We will be on IRC in the #fsf channel on irc.freenode.org.

While the Directory has been and continues to be a great resource to the world for over a decade now, it has the potential to be a resource of even greater value. But it needs your help!

On the 22nd of this month back in 1893, bicycle makers Charles and Frank Duryea showed off the first American automobile produced for sale by cruising through the streets of Springfield, Massachusetts. This momentous day requires two themes: first is CAD Software for the design of the parts, and second, in the modern car we can't overlook the navigation system.

If you are eager to help, and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today! There are also weekly Directory Meeting pages that everyone is welcome to contribute to before, during, and after each meeting.

01:11

Security updates for Tuesday LWN.net

Security updates have been issued by Arch Linux (apache and ettercap), Debian (gdk-pixbuf and newsbeuter), Red Hat (kernel), Slackware (httpd, libgcrypt, and ruby), SUSE (kernel), and Ubuntu (bind9, kernel, libidn2-0, libxml2, linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-hwe, linux-lts-trusty, and linux-lts-xenial).

01:06

A New Way to Create 'Soft Robots'DNA Triggers That Cause Hydrogels to Change Shape SoylentNews

Biochemical engineers at Johns Hopkins University used sequences of DNA molecules to cause water-based gels to change shape, demonstrating a new tactic to produce soft robots and "smart" medical devices that don't rely on cumbersome wires, batteries, or tethers.

[...] The team members reported that their process used specific DNA sequences called "hairpins" to cause a centimeter-sized hydrogel sample to swell to 100 times its original volume. The reaction was then halted by a different DNA sequence, dubbed a "terminator hairpin." This approach could make it possible to weave moving parts into soft materials, which, the researchers said, could someday play a role in creating smart materials, metamorphic devices, complex programmed actuators, and autonomous robots with potential marine and medical applications.

To control how shape-shifting occurs in different parts of the target hydrogel, the researchers took a cue from the computer industry. They employed a photo-patterning technique similar to the one used to make tiny but intricate microchips. Various biochemical patterns embedded in different regions of the gel were designed to respond to specific DNA instructions to cause bending, folding, or other responses.

I, for one, welcome our gelatinous robotic overlords!

Angelo Cangialosi et al. DNA sequencedirected shape change of photopatterned hydrogels via high-degree swelling, Science (2017). DOI: 10.1126/science.aan3925


Original Submission

Read more of this story at SoylentNews.

00:54

Progress On KDE Plasma Mobile From Randa 2017 Phoronix

KDE contributor Bhushan Shah has shared some highlights of Plasma Mobile progress made from this year's Randa Meetings in Switzerland...

00:32

Alphaville - 11 August 2017 Antarctica Starts Here.

I've been a fan of the band Alphaville since I was quite small.  They seem to have a knack for catch hooks and lyrics that never fail to make you think about when and why they were written.  If you're not familiar with them, you've probably heard Big In Japan and Sounds Like A Melody, so that should job your memory.  So, when I heard that they'd be coming to the States to tour for the first time in eleven years I bought a ticket immediately.  It caught my attention that Christopher Anton (former frontman for InSoc) had assembled a band and would be opening for them.  I'm sorry to say that Anton did not put on a show of the caliber I've come to expect; they did four covers of classic InSoc songs... they did pretty much all covers, really, and not particularly inspired ones.  It was plain to see that Anton and his band were trying to ride on the notoriety of InSoc, even jibbing at them on their t-shirts.  On the other hand, Alphaville killed it.  They played a wide selection of songs throughout their entire stage career and threw in some new tracks from their latest album, entitled Strange Attractor.  It was like a walk down memory lane for me, finally getting to hear all the songs I heard in the car as a child driving around with my grandparents.  Another concert has been knocked off my bucket list.

Anyway, here are my pictures, taken from halfway back in the crowd and here's their setlist if you're curious.  I'm sorry that they're not the greatest quality, I couldn't afford front row seats (which were sold out, anyway).

00:31

Joint Letter Concerning Bill C-59, National Security, and Human Rights News The Citizen Lab

September 19, 2017 Today, a joint public letter was sent to the federal government concerning Bill C-59 (An Act respecting national security matters). Bill C-59 was introduced following last years National Security Consultation, and seeks both to respond to Bill C-51 (the former governments controversial anti-terrorism law) and to other longstanding issues in Canadian national security policy. The public letter presents the concerns of more than 40 organizations and individual experts from across Canadian civil society.

Four Citizen Lab members are amongst the signatories, including Director Dr. Ronald Deibert, Research Associate Dr. Christopher Parsons, and Research Fellows Bill Robinson and Lex Gill. These individuals are members of an internal Citizen Lab working group on signals intelligence which has studied the proposed legislation in detail. Bill C-59 was also the subject of a full-day workshop hosted at the Citizen Lab Summer Institute in July 2017, which convened experts from across Canada to discuss the proposed laws implications for national security and human rights.

Citizen Lab researchers reiterate their support for the concerns raised in the joint letter. In particular, they highlight Bill C-59s troubling implications for cybersecurity and human rights as they pertain to Canadas signals intelligence activities, which are undertaken by the Communications Security Establishment (CSE), and Canadas human intelligence activities, which are undertaken by the Canadian Security Intelligence Service (CSIS). Their concerns are linked with:

Mass surveillance: Provisions in the new CSE Act, which explicitly authorize mass surveillance, and amendments to the ...

00:31

In-Band Signaling: Quindar Tones Hackaday

So far in this brief series on in-band signaling, we looked at two of the common methods of providing control signals along with the main content of a transmission: DTMF for Touch-Tone dialing, and coded-squelch systems for two-way radio. For this installment, well look at something that far fewer people have ever used, but almost everyone has heard: Quindar tones.

Whats a Quindar?

You may never have heard what Quindar tones are, but youve certainly heard them if youve ever seen any manned spaceflight videos. Quindar tones are those short beeps you hear when NASA is communicating with astronauts, as heard in this radio network check conducted between Houston and the Honeysuckle ground station in Australia during Apollo 11:

If you listen carefully to the controllers five-count, youll hear two slightly different tones. The higher pitch tone (2525 Hz) comes before a vocal transmission, while the lower pitch (2475 Hz) comes after. These iconic 250-millisecond beeps are called Quindar tones.

So what did they do? Youd be forgiven for assuming that they were some sort of roger beep used to automatically signal that the channel was clear and ready to be turned around for the other side of the conversation. Thats understandable, as many two-way radios today, even the cheap Family Radio Service walkie-talkies, have some kind of roger beep. For my part, I always thought those beeps were something akin to the tones overlaid onto phone conversations that are being recorded, like when you call 911. Had I given a moments thought to it, though, I would have realized that astronauts would have been painfully aware that everything they said was being recorded for posterity, and wouldnt need any reminders.

Really Remote Control

Quindar tones had a much more practical purpose that makes sense when you consider the scale of a manned spaceflight mission. Keying the microphone on a radio generally closes contacts that switch the microphone into the audio circuit and trips relays that apply power to the transmitter, allowing the operator to speak on the air. That works fine when the radio is on the desk in front of you, or perhaps even when its down the hall. But remote transmitters present a problem, since cable runs between the operator position and the transceiver become unmanageable.

In NASAs case, mission control in Ho...

00:19

TorrentProject.se Is Down; The Pirate Bay And Other Best Torrent Sites- 2017 TechWorm

Is Torrent Project Dead? The Pirate Bay And Other Best Alternatives

TorrentProject.se, one of the best torrent site has been down for more than 3 weeks now and is still throwing a 403 Forbidden error message or a blank page.

With no response from the admins of Torrent Project the future of the website remains uncertain, Is TorrentProject Down or Dead?

With recent demise of ExtraTorrent and earlier Torrentz.eu and KickassTorrents. Torrent Project was serving as one of the best torrent sites and giving a tough competition to The Pirate Bay.

TorrentProject.se Is Down; The Pirate Bay And Other Best Torrent Sites- 2017

Error message on Torrent Project website

The Pirate Bay- Best Torrent Site 2017

The Pirate Bay which is currently holding the crown of the best torrent site with global alexa ranking of 87 has come under fire after it was found that The Pirate Bay website was running a cryptocurrency miner which used users CPU power to mine Monero coins.

If you are looking for sites similar to Torrent Project, we have compiled a list of 3 best torrent sites of 2017 that may fulfill your needs for torrent downloads.

Best torrent sites 2017 (Alternative to Torrent Project)

  1. The Pirate Bay: The first in our list is the best torrent site right now. The Pirate Bay with its powerful search of torrents content makes it the best alternative to TorrentProject
  2. YTS aka YIFY.ag : YTS.ag is not the original YTS or YIFY website but a good clone. After the demise of original YIFY/YTS this torrent website took its place and since it has gained lots of popularity with its unique style website look.
  3. RARBG : RARBG gained quick popularity and provides torrent files and magnet links to facilitate p2p file sharing. The site has been blocked by UK, Saudi Arabia, Denmark, Portugal and several other countr...

00:14

Red Hat Formally Rolls Out Pipewire For Being The "Video Equivalent of PulseAudio" Phoronix

Red Hat has quietly been working on PipeWire for years that is like the "video equivalent of PulseAudio" while now it's ready to make its initial debut in Fedora 27 and the project now has an official website...

00:13

Dip update 86/n wherestheflux

[Orig: Sept 19, 2017]
Hi everyone,
Below are the latest TFN and OGG measurements from LCO.  Other than this new data, there is not much to report right now.  
Have a great day!
~Tabby and team
PS: These observations are happening because of the wonderful backers of our 2016 Kickstarter project. The Kickstarter campaign has ended, but we are still accepting donations to purchase additional observing time on the LCO 0.4m network. Thanks in advance for your support!      

00:05

[SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure Open Source Security

Posted by Mark Thomas on Sep 19

CVE-2017-12616 Apache Tomcat Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 7.0.0 to 7.0.80

Description:
When using a VirtualDirContext it was possible to bypass security
constraints and/or view the source code of JSPs for resources served by
the VirtualDirContext using a specially crafted request.

Mitigation:
Users of the affected versions should apply one of the following...

00:03

[SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload Open Source Security

Posted by Mark Thomas on Sep 19

CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP Upload

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 7.0.0 to 7.0.79

Description:
When running on Windows with HTTP PUTs enabled (e.g. via setting the
readonly initialisation parameter of the Default to false) it was
possible to upload a JSP file to the server via a specially crafted
request. This JSP could then be requested and any code...

00:01

Heres How Hackers Can Hijack Your Online Bitcoin Wallets The Hacker News

Researchers have been warning for years about critical issues with the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks. Despite fixes being available for years, the global cellular networks have consistently been ignoring this serious issue, saying

Tuesday, 19 September

23:57

This developer has created an Android app that can turn your phone into an iPhone X TechWorm

Want to have your own iPhone X? Try this Android app made by a developer that converts your phone into an iPhone X

We recently saw Apple Inc. celebrating the 10th anniversary of its first ever iPhone model with the launch of iPhone X. Apples CEO Tim Cook at the launch called iPhone X as the biggest leap forward since the original iPhone that features radical redesign and new technology.

The iPhone X is an all-glass (front and back) and stainless steel device with a curved edge-to-edge screen display and the first smartphone from Apple to feature a bezel-less design. Apparently, its top center screen cutout design has inspired a developer with the Reddit handle name damianpiwowarski so much that he has developed an app that can convert any smartphone into an iPhone X.

Current trends in smartphones business are following one idea smartphones have to bezel less. But all of that fancy stuff like cameras has to go somewhere! And they do, in some sort of a hole or a notch. Without that your phone is so ollldddddddd and uglyyyyyy.

Once you install the app, it also has an option for Android users to turn it into Essentials PH-1 phone. Installers can also donate, which does nothing but remove ads from the app, according to the developer.

The Smartphone upgrader 2017 app is available for free on the Google Play Store. However, the app comes with a warning message (see below) on the Play Store page which is in connection to the loud color show that one gets when the phone is set in iPhone X or Essential mode.

The message reads: This app may potentially trigger seizures for people with photosensitive epilepsy. Viewer discretion is advised.

Smartphone upgrader 2017 has been downloaded 1,000 times as of writing and has an overall rating of 4.0 stars. So, what are you waiting for? Try out the app to experience the iPhone X.

Besides the above app, the developer also has apps such as Adapticons and Navbar Apps to his credit.

The post This developer has created an Android app that can turn your phone into an iPhone X appeared first on TechWorm.

23:45

Using Redir to Alter Network Traffic: Part 1

Title: 
Using Redir to Alter Network Traffic: Part 1

23:33

Octlantis is a Just-Discovered Underwater City Engineered by Octopuses SoylentNews

Gloomy octopusesalso known as common Sydney octopuses, or octopus tetricushave long had a reputation for being loners. Marine biologists once thought they inhabited the subtropical waters off eastern Australia and northern New Zealand in solitude, meeting only to mate, once a year. But now there's proof these cephalopods sometimes hang out in small cities.

In Jervis Bay, off Eastern Australia, researchers recently spotted 15 gloomy octopuses congregating, communicating, dwelling together, and even evicting each other from dens at a site the scientists named "Octlantis." The international team of marine biologists, led by professor David Scheel of Alaska Pacific University, filmed these creatures exhibiting complex social behaviors that contradict the received wisdom that these cephalopods are loners. Their study was published in the journal Marine and Freshwater Behavior and Physiology (paywall).

The discovery was a surprise, Scheel told Quartz. "These behaviors are the product of natural selection, and may be remarkably similar to vertebrate complex social behavior. This suggests that when the right conditions occur, evolution may produce very similar outcomes in diverse groups of organisms."

Octopus cities suck.


Original Submission

Read more of this story at SoylentNews.

23:31

New Android Banking Trojan Red Alert 2.0 available for sale on crime forums Security Affairs

Researchers discovered a new Android banking Trojan, dubbed Red Alert 2.0, that is being offered for rent on many dark websites for $500 per month.

Researchers with security firm SfyLabs have discovered a new Android banking Trojan, dubbed Red Alert 2.0, that is being offered for rent on many dark websites for $500 per month.

The Red Alert 2.0 Android banking malware has been developed from scratch and has been offered for rent via many online hacking forums since last few months. The authors of the malware are continuously updating it, adding new features.

The Red Alert 2.0 is currently targeting over 60 banks and social media apps across the world, it works on Android 6.0 Marshmallow and previous versions.
The malware implements features that are common to many other similar threats, it is able to steal login credentials, hijack SMS messages, display an overlay on the top of legitimate apps, steal the contact.

Researchers noticed the authors also added interesting features to Red Alert 2.0, including blocking and logging all incoming calls associated with banks and financial associations.

Red Alert actors are regularly adding new functionality, such as blocking and logging incoming calls of banks (see image below), which could affect the process of fraud operation departments at financials that are calling users on their infected Android phone regarding potential malicious activity. continues the post. 

This would potentially allow the Red Alert malware to intercept warnings of a compromised account to be received by the victims.

Red Alert banking trojan also leverages Twitter as backup C&C Infrastructure when the C2 server is taken offline,

...

23:30

Linux Foundation LFCE Georgi Yadkov Shares His Certification Journey

Title: 
Linux Foundation LFCE Georgi Yadkov Shares His Certification Journey

23:00

Phoronix Test Suite 7.4 Officially Released Phoronix

Phoronix Test Suite 7.4.0-Tynset has been officially released as the newest quarterly feature update to our cross-platform, open-source automated benchmarking software...

22:47

Diversity Empowerment Summit Features Stories from Individual Persistence to Industry-wide Change

Last week at The Linux Foundations first Diversity Empowerment Summit we heard from so many amazing speakers about how they are working to improve diversity in the tech industry.

20:30

Linux 4.14 'Getting Very Core New Functionality' Says Linus Torvalds

Memory management wonks, this release is for you. And also you Hyper-V admins.

Linus Torvalds has unsentimentally loosed release candidate one of Linux 4.14 a day before the 26th anniversary of the Linux-0.01 release, and told penguinistas to expect a few big changes this time around.

19:30

Microsoft Announces General Availability of Azure App Service on Linux and Web App for Containers

Microsoft recently announced the availability of Azure App Service running on Linux and support for Web App for Containers. With this recent news, Microsoft is expanding its developer reach by providing more options for developers when bringing their apps and technology stacks to Azure. When provisioning web apps, developers now have the ability to choose an underlying Operating System of Windows or Linux.

06:40

These Robots Can Merge and Split Their Brains to Form New Modular Bots IEEE Spectrum Recent Content full text

Researchers are developing splittable, mergeable nervous systems for truly modular robots Image: Marco Dorigo and Nithin Mathews/Nature Communications Researchers are developing splittable, mergeable nervous systems for truly modular robots.

We cover all kinds of modular robotics around here, and when we do, were almost always talking about one overall robotic system made up of many different modules, some number of which can be individually controlled or swapped around. What these systems generally have in common is that theres one brain (usually a computer sitting on a desk somewhere) that interprets all of the sensory data from the modules, and then provides directions to each module. Essentially, the individual robots form a nervous system that passes information to the centralized brain, which is the same way that humans work, and so do most non-modular robots.

While this sort of system works quite well in a research environment, the ideal use case for modular robots is to make them more decentralized, such that any individual module can be part of a nervous system or a brain on-demand, depending on what the robot as a whole is trying to accomplish. In a recent paper in Nature Communications , Nithin Mathews, Anders Lyhne Christensen, Rehan OGrady, Francesco Mondada, and Marco Dorigo from universities in Lisbon, Brussels, and Switzerland, present the idea of a mergeable nervous systems for robots, with a framework for fully modular robotic systems:

We present robots whose bodies and control systems can merge to form entirely new robots that retain full sensorimotor control. Our control paradigm enables robots to exhibit properties that go beyond those of any existing machine or of any biological organism: the robots we present can merge to form larger bodies with a single centralized controller, split into separate bodies with independent controllers, and self-heal by removing or replacing malfunctioning body parts. This work takes us closer to robots that can autonomously change their size, form and function.

Cool!

The robots used in this research are Swarmanoids, modular robots that weve covered extensively in the past, although in the paper, theyre referred to as mergeable nervous system (MNS) robots. A single MNS robot can consist of an arbitrary number of Swarmanoid units, and MNS rob...

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog