IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Thursday, 23 November


Holiday season scams: Fake deals, fake stores, fake opportunities Help Net Security

Black Friday is widely regarded as the beginning of the US (and increasingly global) Christmas shopping season. Cyber Monday, which comes three days later, was created to persuade people to shop online more. They are a huge boon for retailers, both online and offline, but also for cybercriminals. Phishing As these shopping holidays approach, phishers are impersonating e-commerce and consumer brands and bombarding inboxes with fake deals and gift cards. They try to create a More


Six data security questions that every board needs to ask Help Net Security

As data breaches become a constant headline, data security should be a major concern for company boards everywhere. Unless a board member has been hired specifically to provide oversight for cybersecurity programs, many boards may find themselves unprepared to perform the necessary level of due diligence. This lack of understanding and the inability by the board to challenge cybersecurity assumptions is one of the key reasons why Chief Information Security Officers perennially lack the resources More


Only 12% or organizations are likely to detect a sophisticated cyber attack Help Net Security

Organizations believe that todays cyber threat landscape places them at high risk of cyber attacks. The EY survey of nearly 1,200 C-level leaders of the worlds largest and most recognized organizations examines some of the most urgent concerns about cybersecurity and their efforts to manage them. Findings show that 56% of those surveyed are making or planning to make changes to their strategies and plans due to the increased impact of cyber threats, risks and More


Defining and securing the Internet of Things Help Net Security

The EU Cybersecurity Agency ENISA published a report on the security of the Internet of Things (IoT). The study aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments. IoT threats impact Security recommendations crucial for functionality ENISA defines IoT as a cyber-physical ecosystem of interconnected sensors and actuators, which enables intelligent decision making. IoT brings More

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Wednesday, 22 November


Black Friday: When is a deal too good to be true? Help Net Security

Black Friday, the American sales phenomenon that allegedly marked the time of year when retailers began to make a profit moving from the red to the black has increasingly become a fixture on bargain hunters calendars across the world. Not restricted to traditional brick-and-mortar stores, the likes of Amazon, Dell, Microsoft and many more have already launched online Black Friday campaigns to encourage purchases of discounted goods. The advertising emails sent out by More


After Getting Hacked, Uber Paid Hackers $100,000 to Keep Data Breach Secret The Hacker News

Uber is in headlines once againthis time for concealing last year's data breach that exposed personal data of 57 million customers and drivers. On Tuesday, Uber announced that the company suffered a massive data breach in October 2016 that exposed names, e-mail addresses and phone numbers of 57 million Uber riders and drivers along with driver license numbers of around 600,000 drivers.


OpenMandriva Is Going To Do Away With 32-bit Support Phoronix

Following in the steps of Ubuntu 17.10 dropping 32-bit desktop images and other Linux distributions also lessening their focus on 32-bit support, OpenMandriva has issued its final i586 release...


Game of Thrones Leaks Carried Out By Former Iranian Military Hacker TorrentFreak

Late July it was reported that hackers had stolen proprietary information from media giant HBO.

The haul was said to include confidential details of the then-unreleased fourth episode of the latest Game of Thrones season, plus episodes of Ballers, Barry, Insecure, and Room 104.

Hi to all mankind, an email sent to reporters read. The greatest leak of cyber space era is happening. Whats its name? Oh I forget to tell. Its HBO and Game of Thrones!!!!!!

In follow-up correspondence, the hackers claimed to have penetrated HBOs internal network, gaining access to emails, technical platforms, and other confidential information.

Image released by the hackers

Soon after, HBO chairman and CEO Richard Plepler confirmed a breach at his company, telling employees that there had been a cyber incident in which information and programming had been taken.

Any intrusion of this nature is obviously disruptive, unsettling, and disturbing for all of us. I can assure you that senior leadership and our extraordinary technology team, along with outside experts, are working round the clock to protect our collective interests, he said.

During mid-August, problems persisted, with unreleased shows hitting the Internet. HBO appeared rattled by the ongoing incident, refusing to comment to the media on every new development. Now, however, it appears the tide is turning on HBOs foe.

In a statement last evening, Joon H. Kim, Acting United States Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director-in-Charge of the New York Field Division of the FBI, announced the unsealing of an indictment charging a 29-year-old man with offenses carried out against HBO.

Behzad Mesri, an Iranian national who had previously hacked computer systems for the Iranian military, allegedly infiltrated HBOs systems, stole proprietary data, including scripts and plot summaries for unaired episodes of Game of Thrones, and then sought to extort HBO of $6 million in Bitcoins, Kim said.

Mesri now stands charged with federal crimes, and although not arrested today, he will forever have to look over his shoulder until he is made to face justice. American ingenuity and creativity is to be cultivated and celebrated not hacked, stolen, and held for ransom. For hackers who test our resolve in protecting our...


Roll Your Own Rotary Tool Hackaday

Rotary tools are great little handheld powerhouses that fill the void between manual tools and larger shop machines. Theyre also kind of expensive for what they are, which is essentially a power circuit, a switch, and a high-RPM motor with a tool coupling on the shaft. If your tooling needs are few and you have the resources, why not make your own?

[DIY King 00] built himself a cordless rotary tool for less than $10 out of commonly-available parts. It doesnt run nearly as fast as commercial rotary tools, but thats not necessarily a bad thing. He made the body out of 2 diameter PVC and mounted a 12 V, 400 RPM DC motor directly to one of the fiberglass end caps. Tools are chucked into a collet that screws into a coupler on the motor shaft.

For power, [DIY King 00] built a 7.4 V battery pack by wiring two 18650 cells from an old laptop battery in series. It isnt the full 12 V, but its enough power for light-duty work. These 2200 mAh cells should last a while and are rechargeable through the port mounted in the other end cap.

Drill down past the break to see the build video and watch the tool power through plywood, fiberglass, and inch-thick lumber. Once youve made your own rotary tool, try your hand at a DIY cordless soldering iron.

Filed under: Tool Hacks


Unbelievable: Uber concealed data breach that exposed 57 Million records in 2016 Security Affairs

Unbelievable: Uber concealed data breach that exposed 57 Million records in 2016 and paid hackers to delete stolen records.

Uber CEO Dara Khosrowshahi announced on Tuesday that hackers broke into the company database and accessed the personal data of 57 million of its users, the bad news is that the company covered up the hack for more than a year.

The attackers accessed also the names and drivers license numbers of roughly 600,000 of its drivers in the United States.

The hack happened in 2016, it was easy for hackers that according to a report published by Bloomberg, obtained credentials from a private GitHub site used by the Uber development team. The hackers tried to blackmail Uber and demanded $100,000 from the company in exchange for avoiding publish the stolen data.

Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company. states Bloomberg.

In a statement on Tuesday, Khosrowshahi said the intruders accessed cloud-hosted data stores:

I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure.

At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts. reads a CEOs statement.

You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.



What does successful SEO look like? good coders code, great reuse

You know you're doing SEO correctly when EVERY SINGLE BACKLINK contains the keywords you're targeting. No garbage anchor texts, no "click here" links, just links that will make you rank #1.

This is what SEO that I constructed and executed for my new online tools network looks like after 30 days of launching.

69 links to, all 69 contain keyword "string":

33 backlinks to, all 33 contain keyword "csv":

Pro tip of the day: Get your SEO right, outrank your competitors, and succeed. See you next time!


Free Wheelin' in New York: the Big Apple Bike Boom SoylentNews

Pedal power:

Expanding bike lanes, handing out free helmets and making lessons free: New York is making great strides in encouraging pedal power at the expense of exhaust fumes, even if some cyclists are still nervous about navigating bottleneck traffic.

For years, the city of 8.5 millionwhich has the most extensive public transport network in the United Statesstood and watched the bike boom take off in European capitals.

In 2013, then billionaire mayor Michael Bloomberg launched the Citi Bike sharing scheme and since then, New York has seen the fastest growth rate in cycle use of any big US city.

"The city has come a long ways in terms of having a much stronger commitment to promoting bicycling," says Rich Conroy, education director for Bike New York, a non-profit organization that encourages safe cycling.

"People realize we can't grow as a city by building more streets and adding more cars," explained Conroy.

Get exercise time in, lose weight, get to work, and save money all at the same time. What's not to love?

Original Submission

Read more of this story at SoylentNews.


Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Open Source Security

Posted by Peter Bex on Nov 22

Hi there,

Is this fuzzer freely available? I'd love to try it out on the bignum
support I added to the CHICKEN Scheme implementation for its upcoming
new major release (probably somewhere mid-2018). Being able to release
it with a bit higher confidence in its correctness would be nice, as this
is almost all brand new code.

Peter Bex (CHICKEN core maintainer)


Attempted murder Terra Forming Terra

Here is another clinical case in which  our so called cancer treatments were used.  The writer is a chap i have been in contact with and is one of two men who survived agent orange induced liver cancer whom i know.  I also knew plenty of liver cancer victims as well who are no longer with us.

Without question the first thing all should do is switch to a vegan diet and then go from there.  surgery may still be necessary but if the cancer is in retreat it can be postponed safely.

Then the second thing needed is CBD therapy.  We are still mastering that art but it needs to be said.

All good.

Doc S has left a new comment on your post "The Real Reason Big Pharma Wants to Own the Patent...":

Attempted Murder

Jesse came in this past September. I hardly recognized him. Well, I didnt recognize him. He used to be a solid, strong, good ole boy. About 510, stocky build, probably close to 200 pounds. Not flab either. This boy was tough.

I didnt recognize him until I talked to him a couple of minutes. It had been about three years since I saw him last. Oh Jesse, I remember now. What the hell happened?

He was skin and bones, hardly anything left of him. To talk he had to plug the tube coming out of his neck and you could hardly hear him. He was pale and had that gray cast on him that people close to death get. Probabl...


Hiding in plain sight: The mystery of the suns missing matter Terra Forming Terra

hole sun main

 One of the direct consequences of my cloud cosmology derived from understanding the first act of creation being the Space time Pendulum naturally impling three tiers of matter is that all the stars and planets are shells fed by an inner sun of first tier matter actually producing second tier ( Dark Matter) and the observed third tier matter.

Needless to say, i do not want to say all that too loudly.

Yet today we have this.  Better data has opened up the prospect of a hollow sun and even the existence of an outer shell of dark Matter and I did not say this.

Hiding in plain sight: The mystery of the suns missing matter

A mass equivalent to 1500 Earths has vanished from the sun. Tracking it down could transform how we see the stars

18 October 2017

By Shannon Palus

THERE is a hole in the sun. Right in the middle, a mass the size of 1500 Earths has simply disappeared. Much of what we know about the suns behaviour says it should be there but when we interpret the data encoded in sunlight, that chunk of stuff is nowhere to be seen.

That has shaken up our understanding of how the sun works, and physicists are struggling to figure out what fills that hole. It could be a thing, like dark matter. It could be a concept, with elements such as carbon and nitrogen simply behaving in a way we didnt expect under crushing pressure. Or perhaps were looking at the sun in the wrong way.

Its a very hot problem, says Sunny Vagnozzi, a physicist at Stockholm University in Sweden. Thats no joke. The sun is important not just because...


Harvard Immunologist: Unvaccinated Children Pose ZERO Risk to Anyone and Heres Why Terra Forming Terra

This spells it out pretty clearly, although i will soon see some ad homin attacks on this particular individual.

It also supports the possible ending of vaccination as a universal tool for at least a reasonable test period in order to find out what actually happens.  It would still be the weapon of choice for an emergency situation where we have good knowledge.

Right now a valuable local field tool has been turned into a cash flow monster by Dr Frankenstein.
Harvard Immunologist: Unvaccinated Children Pose ZERO Risk to Anyone and Heres Why

Nov 8, 2017

Dear Legislator:

My name is Tetyana Obukhanych. I hold a PhD in Immunology. I am writing this letter in the hope that it will correct several common misperceptions about vaccines in order to help you formulate a fair and balanced understanding that is supported by accepted vaccine theory and new scientific findings.

Do unvaccinated children pose a higher threat to the public than the vaccinated?

It is often stated that those who choose not to vaccinate their children for reasons of conscience endanger the rest of the public, and this is the rationale behind most of the legislation to end vaccine exemptions currently being considered by federal and state legislators country-wide. You should be aware that the nature of protection afforded by many modern vaccines and that includes most of the vaccines recommended by the CDC for children is not consistent with such a statement. I have outlined below the recommended vaccines that cannot prevent transmission of disease either because they are not designed to prevent the transmission of infection (rather, they are intended to prevent disease symptoms), or because they are for non-communicable diseases. People who have not received the vaccines mentioned below pose no higher threat to the general public than those who have, implying that discrimination against non-immunized children in a public school setting may not be warranted.

IPV (inactivated poliovirus vaccine) cann...


Lazarus APT uses an Android app to target Samsung users in the South Korea Security Affairs

The North Korea linked group Lazarus APT has been using a new strain of Android malware to target smartphone users in South Korea.

The hacking campaign was spotted by McAfee and Palo Alto Networks, both security firms attributed the attacks to the Hidden Cobra APT.

The activity of the Lazarus APT Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated.

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.  Security researchers discovered that North Korean Lazarus APT group was behind recent attacks on banks, including the Bangladesh cyber heist.

According to security experts, the group was behind, other large-scale cyber espionage campaigns against targets worldwide, including the Troy Operation, the DarkSeoul Operation, and the Sony Picture hack.

The malicious code used in this last campaign is an Android malware delivered as an APK file that has been designed to mimic a Korean bible app that was published in the Google Play by a developer named GODpeople.

The malicious APK wasnt available on the Google Play store and it is still unclear how the APT distributed it.

The McAfee Mobile Research team recently examined a new threat, Android malware that contains a backdoor file in the executable and linkable format (ELF). The ELF file is similar to several executables that have been reported to belong to the Lazarus cybercrime group. (For more on Lazarus, read this post from our Advanced Threat Research Team.)...


Google Caught Tracking Android User Location Data SoylentNews

Quartz has found that Android phones have been tracking user locations and sending them to Google throughout 2017:

Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they're connected to the internet, a Quartz investigation has revealed.

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towerseven when location services are disabledand sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals' locations and their movements that go far beyond a reasonable consumer expectation of privacy. Quartz observed the data collection occur and contacted Google, which confirmed the practice.

The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.

"In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery," the Google spokesperson said in an email. "However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID."

Also at TechCrunch and Engadget.

Original Submission

Read more of this story at SoylentNews.


Re: Re: CVE-2017-16845 Qemu: ps2: information leakage via post_load routine Open Source Security

Posted by P J P on Nov 21

Hello Ian,

+-- On Tue, 21 Nov 2017, Ian Zimmerman wrote --+
| > ->
| Hi, what can I do with these QEMU reports? I can try to apply the
| patch, but I have no idea if it will work, because I don't know which
| branch or revision it is based on.

Patch is sent against upstream Qemu git repository(below) and is merged
after due review on the -devel list....


Reanimating Boney the Robot Dog Hackaday

[Divconstructors] cashed in after Halloween and picked up a skeleton dog prop from the Home Depot, for the simple and logical purpose of turning it into a robot.

The first step was to cut apart the various body parts, followed by adding bearings to the joints and bolting in a metal chassis fabricated from 1/8 aluminum stock. This is all pretty standard stuff in the Dr. Frankenstein biz. For electronics he uses a Mega with a bark-emitting MP3 shield on top of it. Separately, a separate servo control board manages the dozenish servos not to mention the tail-wagging stepper.

[Divconstructors] actually bought two skeletons, one to be his protoype and the other to be the nice-looking build. However, we at Hackaday feel like he might have missed an opportunity: As any necromancer can tell you, a freakish combination of two skeletons beats out two normal skeletons any night of the week. Also, two words for you to consider: cyberdog ransomeware. We imagine you dont really feel ransomware until theres the family robodog ready to test out its high-torque jaw servos on your flesh. Of course if he were a real dog we could either remotely control him with a hot dog, or just give him a talking collar.

Filed under: Robots Hacks


Meet the November 2017 Melbourne Changemakers Blog - Random Hacks of Kindness

We have 8 excited changemakers - a diverse range of social organisations with real business problems. Come along to our Melbourne Hackathon Nov 25-26 (this weekend!):

Carers Couch

After her personal journey caring for a friend with cancer, Martina Clark created Carers Couch providing information, education, advice and assistance that increases carers capacity and resilience. Many carers just don't get a break; emotional burnout, depression, anxiety and chronic illness are common and impact the overall mortality of carers. Self-care is crucial in preventing this but due to high workload and lack of support. In a role that no one applies for, carers currently lack resources and support that are centralised. Building on her personal experiences as a carer as well as running the current Carers Couch site,  Martina hopes that the hack weekend will help her deliver this information and support all in one place.

Care to Compare?

care to compare.png

When Roberto Pietrobon isnt working in corporate partnerships for the Stroke Foundation hes working on his project Care to Compare. The project aims to provide online health insurance comparisons that capture the profits of health insurance referrals to provide funding to health charities. Having already hacked with RHoK in June, as well as work ongoing work since, Roberto is excited for both UXers and backend developers who might be interested in helping to realise the Care to Compare concept.

Berry Street



Revolutionary Imaging Technique Uses CRISPR to Map DNA Mutations SoylentNews

Awesome. Bio-hackers, on your marks, get set, go!

A team of scientists led by Virginia Commonwealth University physicist Jason Reed, Ph.D., have developed new nanomapping technology that could transform the way disease-causing genetic mutations are diagnosed and discovered. Described in a study published today in the journal Nature Communications, this novel approach uses high-speed atomic force microscopy (AFM) combined with a CRISPR-based chemical barcoding technique to map DNA nearly as accurately as DNA sequencing while processing large sections of the genome at a much faster rate. What's morethe technology can be powered by parts found in your run-of-the-mill DVD player.

The human genome is made up of billions of DNA base pairs. Unraveled, it stretches to a length of nearly six feet long. When cells divide, they must make a copy of their DNA for the new cell. However, sometimes various sections of the DNA are copied incorrectly or pasted together at the wrong location, leading to genetic mutations that cause diseases such as cancer. DNA sequencing is so precise that it can analyze individual base pairs of DNA. But in order to analyze large sections of the genome to find genetic mutations, technicians must determine millions of tiny sequences and then piece them together with computer software. In contrast, biomedical imaging techniques such as fluorescence in situ hybridization (FISH) can only analyze DNA at a resolution of several hundred thousand base pairs.

Reed's new high-speed AFM method can map DNA to a resolution of tens of base pairs while creating images up to a million base pairs in size. And it does it using a fraction of the amount of specimen required for DNA sequencing.

Original Submission

Read more of this story at SoylentNews.


Re: CVE-2017-16845 Qemu: ps2: information leakage via post_load routine Open Source Security

Posted by Ian Zimmerman on Nov 21

Hi, what can I do with these QEMU reports? I can try to apply the
patch, but I have no idea if it will work, because I don't know which
branch or revision it is based on.

By my unscientific counting, there are only 2 other userspace projects
which earn CVEs as frequently as QEMU: openjpeg and graphicsmagick. In
both these cases, starting with the message posted here and following
the references, I can quickly locate the actual VC commit...


Looking At The Power Use From Linux 4.6 To Linux 4.15 Phoronix

In addition to looking at system boot times from Linux 4.6 to Linux 4.15, while doing this kernel testing session on the Lenovo ThinkPad I also took some battery power consumption measurements...


Peeling Away Memory Chips IEEE Spectrum Recent Content full text

As consumers demand smaller memory chips with greater capacity, engineers optimize the manufacturing process to ensure the chips will hold up.

The following is an excerpt from Multiphysics Simulation 2017.

By: Lexi Carver

In the 1980s, during the dawn of what would become a booming tech industry, flash memory made a splash by offering erasable and programmable computer storage. These storage chips now appear in cameras, memory cards, USB sticks, and phones that can store thousands of photo, music, and video files.

Though they often go unnoticed by consumers, designers work tirelessly to keep up with demands for smaller size and greater capacity. Behind the production of a single memory device stands a long line of researchers, engineers, and assemblers who must overcome the manufacturing challenges associated with processing these tiny chips.


Memory chips are produced by placing a 300 mm diameter semiconductor wafer onto a carrier tape, then separating the wafer into single chips. Once removed, the tape leaves behind a thermoplastic adhesive on the chip undersides, later enabling bonding to a substrate using heat and compression. Chips are bonded into stacks to increase the amount of memory in a given area. Wire bonds connect the chips and the substrate. Finally, an entire sheet of stacks is put into a molding machine, encased in protective plastic, and then separated into many pieces, each containing a stack of memory chips (Figure 1).

Figure 1. Top left: Dies being bonded onto a substrate before being wire bonded,

Figure 1. Top left: Dies being bonded onto a substrate before being wire bonded, coated in the plastic mold, and separated. Center: Stacks of dies on a substrate. Right: Back of the substrate showing the interfaces for connecting the memory chips to larger devices.

But removing the tape without bending the thin dies too much poses a tricky problem. With thicker chips from decades past, manufacturers used a multi-needle ejector to remove the tape using a series of pins. But these place too much stress on the thinner dies; the multi-needle ejector runs the risk of wrecking them.

As chips got thinner eight or ten years ago, we were shocked at how many dies broke, says Stefan Behler, senior expert process engineer at Besi Switzerland AG. We needed a new way of peeling off the tape that...


Sinking Container Ships by Hacking Load Plan Software SoylentNews

Now that's cyber-terrorism:

A Suezmax container ship can hold over 10,000 TEUs or Twenty Foot Equivalent Units. Most containers carried are double this length FEUs or Forty Foot Equivalent Units but that still means in the region of 5,000 containers.

Only around one third of that cargo is on-deck though most is hidden in the holds, under massive hatch covers. To get a container out from the bottom of the hold could involve removing 50 containers from that hatch cover, removing the hatch cover, then taking a further 8 containers to access the bottom of a stack.

Screw up the load plan and you create chaos. What if the load plan, which is just a CSV list or similar, is hacked and modified? No-one knows what container is where. instead of taking 24-48 hours to load and unload, it could take weeks to manually re-inventory the ship. Time is money for a ship. Lots of money. Blocking a port for a period whilst the mess is resolved incurs enormous costs and could even jeopardise supplies to an entire country.

Seems like more bang-for-the-buck than an IED [Improvised Explosive Device].

Original Submission

Read more of this story at SoylentNews.


Secunia Research: Oracle Outside In Denial of Service Vulnerability Bugtraq

Posted by Secunia Research on Nov 21


Secunia Research 2017/10/21

Oracle Outside In Denial of Service Vulnerability

Table of Contents

Affected Software....................................................1
Description of...


[SECURITY] [DSA 4045-1] vlc security update Bugtraq

Posted by Moritz Muehlenhoff on Nov 21

Debian Security Advisory DSA-4045-1 security () debian org Moritz Muehlenhoff
November 21, 2017

Package : vlc
CVE ID : CVE-2017-9300 CVE-2017-10699



CSNC-2017-029 MyTy Blind SQL Injection Bugtraq

Posted by Advisories on Nov 21

# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-029
# CVE ID: -
# Subject: Blind SQL injection
# Risk: High
# Effect: Remotely exploitable
# Author: Nicolas Heiniger <nicolas.heiniger () compass-security...


[security bulletin] HPESBHF03798 rev.1 - HPE Proliant Gen10 Servers, DL20 Gen9, ML30 Gen9 and Certain Apollo Servers Using Intel Server Platform Service (SPS) v4.0, Local Denial of Service and Execution of Arbitrary Code Bugtraq

Posted by security-alert on Nov 21


Document ID: hpesbhf03798en_us
Version: 1

HPESBHF03798 rev.1 - HPE Proliant Gen10 Servers, DL20 Gen9, ML30 Gen9 and
Certain Apollo Servers Using Intel Server Platform Service (SPS) v4.0, Local
Denial of Service and Execution of Arbitrary Code



[SECURITY] [DSA 4044-1] swauth security update Bugtraq

Posted by Yves-Alexis Perez on Nov 21

Debian Security Advisory DSA-4044-1 security () debian org Yves-Alexis Perez
November 21, 2017

Package : swauth
CVE ID : CVE-2017-16613
Debian Bug :...


CSNC-2017-030 MyTy Reflected Cross-Site Scripting (XSS) Bugtraq

Posted by Advisories on Nov 21

# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-030
# CVE ID: -
# Subject: Reflected Cross-Site Scripting (XSS)
# Risk: High
# Effect: Remotely exploitable
# Author: Nicolas Heiniger <nicolas.heiniger ()...


A look at Chinese Value Engineering Hackaday

Seventy cents doesnt buy you a lot these days. Maybe some sweets or candies at most. How about a string of LEDs that you can use to decorate your home during the festive season? [Amaldev] was curious to know what was, or wasnt, inside these blinky LED strings which made them so cheap. Hes done a Christmas LED Light Teardown and shows how blinky LED string lights can be built with the bare minimum of components.

The string he purchased had 28 LEDs seven each in four colors, a controller box with one push button and a  power cord. Without even knowing what is inside the controller box, the cost of the product seems astonishing based on this BoM. The single push button cycles through eight different light patterns for each press. It even has a faux CE mark for the supply plug. Cracking open the case, he finds that the controller board is sparsely populated with just seven through hole components and a COB (chip on board) module. A simple, 8-bit, 8-pin microcontroller is possibly what controls the device.

[Amaldev] sketches out a schematic to figure out how it works. There are two arms with 14 LEDs of alternating colors, each of which is controlled by an SCR. Two GPIO output pins from the COB control the gates of each of these SCRs. The button is connected to a GPIO input, and a second input is connected to the AC supply via a current limiting resistor. Most likely, this is used to determine the zero crossing of the waveform so that the COB can generate the appropriate trigger signals for the gate outputs.

It is unlikely that these products are manufactured using automated processes. The PCB production could be automated, but soldering all the wires, fitting it all in the enclosure and preparing the LED string itself would require manual labor. At US$ 0.7 retail on the street, it is difficult to imagine the cost breakdown even when the quantities are in large numbers. Maybe a combination of cheap components, recycled or rejected parts (mains cord/enclosure), lack of safety and protection measures (no fuses, no strain reliefs) and reducing the component BoM to an absolute, bare minimum, coupled with very high volumes lets them pull it off? What are your thoughts chime in with comments.

Filed under: Teardown


Darwins Lost Beetle Is Back - Facts So Romantic Nautilus

Its difficult to overstate the importance of finding an original Darwin specimen, collected during the Beagles first voyage. But finding it, and realizing it was a lost specimen collected by Darwin, was just the first step in a much longer journey.Photograph by fiddledydee / Flickr

On August 24, 1832, HMS Beagle dropped anchor at Bahia Blanca, a deep natural harbor in present-day Argentina. On board was a 23-year-old naturalist, Charles Darwin. He had been at sea since December 27, 1831, when the Beagle left Plymouth. Darwin had spent most of those months incapacitated with seasickness. During one bout of nausea, staring sadly down at a long, slow inescapable swell unfurling below him, he wrote, This & three following days were ones of great & ceaseless suffering.

A few days before arriving at Bahia Blanca, Darwin had sent his first shipment of specimens home to Cambridge. Among them were four bottles of animals in preservative, rocks and tropical plants, several marine animals, and many, many beetles. On the coast, at Bahia Blanca, Darwin continued collecting specimens. Among the material was an unusually large species of rove beetle with a long, segmented body and an iridescent blue-green head. There, too, in the sandy ground
Read More


Why cyborg creators must self-govern security, privacy efforts Lifeboat News: The Blog

Most people probably arent aware of this, but the 2016 U.S. Presidential election included a candidate who had a radio-frequency identification chip implanted in his hand. No, it wasnt Donald J. Trump. It was Zoltan Istvan, a nominee representing the Silicon Valley-based Transhumanist Party and his body-worn chip unlocked his front door, provided computer password access and sent an auto-text that said: Win in 2016!

The transhumanist movement employing technology and radical science to modify humans offers a glimpse into the marriage of machines and people, the focus of a recent paper released by the Institute for Critical Infrastructure Technology (ICIT). With cybernetic implants already available to consumers, the prospect for techno-human transmutation cyborgs is not as far away as many may think.

We are moving towards automation, we are moving towards machine learning, said Parham Eftekhari (pictured), co-founder and senior fellow at ICIT. Were seeing it impact a lot of our society.

Eftekhari stopped by the set of theCUBE, SiliconANGLEs mobile livestreaming studio, and spoke with co-hosts John Furrier (@furrier) and Dave Vellante (@dvellante) at CyberConnect 2017 in New York City. They discussed ICITs recent cybersecurity research and the potential for increased government regulation. ( Disclosure below.)


DARPA Seeking AI That Learns All the Time Lifeboat News: The Blog

The agency wants ideas for turning computers into lifelong learners.


Chinese Social Network Tencent Surpasses Facebook in Market Value SoylentNews

Tencent's $292 Billion Rally Ousts Facebook From Global Top Five

Tencent Holdings Ltd. has surpassed Facebook Inc. in market value, becoming the first Chinese technology company to join the ranks of the world's five largest corporations.

Investors piled into the Chinese social networking giant, extending this year's rally to 127 percent and boosting its market value by some $292 billion as of Tuesday's close. That year-long surge has made founder Ma Huateng the mainland's second-richest man and lifted the entire Hong Kong bourse. The operator of the ubiquitous WeChat messaging service is now valued at $523 billion, a whisker above Facebook's $522 billion on Monday.

Investors are betting that Tencent can lean on its billion-plus users and hit games like Honour of Kings to evolve into an advertising and entertainment titan along the lines of a Google or Facebook. Created almost two decades ago as a web portal before morphing into one of the world's biggest purveyors of video games, the argument is that its dominance of Chinese social networking also bankrolls an expansion into newer markets from video streaming to finance.

Also at TechCrunch.

Original Submission

Read more of this story at SoylentNews.


Walmart is secretly testing self-driving floor scrubbers, signaling that more robots are coming Lifeboat News: The Blog

Planning to try and automate the entire store.

Walmart (WMT) has been quietly testing out autonomous floor scrubbers during the overnight shifts in five store locations near the companys headquarters in Bentonville, Arkansas.

Continue Reading Below

A spokesperson for Walmart told FOX Business that the move, which was first reported by LinkedIn, is a very small proof of concept pilot that we are running and that the company still has a lot more to learn about how this technology might work best in our different retail locations.


The U.S. Military Is Building a Fleet of Star Trek-Inspired Shadow Bombers Invisible to Radar Lifeboat News: The Blog

The Pentagon is developing a new fleet of shadow bombers that possibly disappear on radar like those featured in Star Trek movies.

The unit of B-21 stealth bombers, a futuristic combat aircraft, are being created at a secret desert plant in Palmdale, California, after the company Northrop Grumman won the contract for their development two years ago, The Times reported.

The U.S. military has sanctioned the development of around 100 of the bat-like bombers for as much as $80 billion. The precise amount remains top secret.


Whats Wrong with Godless AI Technological Salvation, the Singularity? Lifeboat News: The Blog

In a recent article, I began to unpack Rodney Brooks October 2017 essay The Seven Deadly Sins of AI Predictions. Now I continue my analysis by looking into the faulty atheistic thinking that motivates the AI salvation preached by futurists such as Googles Ray Kurzweil. Although Brooks does not address this worldview dimension, his critique of AI predictive sins provides a great opportunity for just that.

Brooks is a pioneer of robotic artificial intelligence (AI) and is MIT Panasonic Professor of Robotics Emeritus. He is also the founder and chief technology officer of Rethink Robotics, which makes cobotsrobots designed to collaborate with humans in a shared industrial workspace.

Previously I discussed Brooks remark that all the evidence that I see says we have no real idea yet how to build the superintelligent devices that Kurzweil and like-minded singularity advocates imagine.


Distribution Release: LXLE 16.04.3 News

The LXLE distribution is an Ubuntu-based project which is designed to be lightweight and run on lower-end computers. The LXLE project has released a new version, LXLE 16.04.3, which is supported through to the year 2021 and includes several bug fixes. "LXLE 16.04.3 is built upon Ubuntu Mini....



NEW 'Off The Wall' ONLINE 2600 - 2600: The Hacker Quarterly

NEW 'Off The Wall' ONLINE

Posted 22 Nov, 2017 1:35:29 UTC

The new edition of Off The Wall from 21/11/2017 has been archived and is now available online.


Apple iPhone X Is Reportedly Assembled with Illegal High-School Student Labor

Via: CNBC: Apple supplier Foxconn has been employing students illegally work overtime to help assemble the iPhone X, the Financial Times reported Tuesday. Six high school students told the Financial Times they would usually work 11-hour shifts to help manufacture Apples flagship phone at a factory in Zhengzhou, China. The long hours breach Chinese laws []


FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat [REVISED] Bugtraq

Posted by FreeBSD Security Advisories on Nov 21

FreeBSD-SA-17:10.kldstat Security Advisory
The FreeBSD Project

Topic: Information leak in kldstat(2)

Category: core
Module: kernel
Announced: 2017-11-15
Credits: Ilja van Sprundel
TJ Corley
Affects: All supported...


MI6s Secret Multi-Million Pound Cold War Slush Fund

Via: BBC: What was it for? Cs answer in 1952 is revealing. He thought it right to have a large sum to meet such contingencies as (a) a very large inducement to some person in an absolutely key position, or (b) the Vote for the Service being drastically cut in some political emergency in a []


The Driverless Revolution May Exact a Political Price

Via: Los Angeles Times: In its race to embrace driverless vehicles, Washington has cleared away regulatory hurdles for auto companies and brushed aside consumer warnings about the risk of crashes and hacking. But at a recent hearing, lawmakers absorbed an economic argument that illustrated how the driverless revolution they are encouraging could backfire politically, particularly []


Meet the Man Who Has Lived Alone on This Island for 28 Years

Via: National Geographic: Seventy-eight-year-old Mauro Morandi often walks along the rocky shores of Budelli Island and looks out over the disconsolate sea, feeling dwarfed by the phantom forces that tug and twist the tides. We think we are giants that can dominate the Earth, but were just mosquitos, Morandi says. In 1989 on a stretch []


Google collects Android location data even if location service is off HackRead

By Waqas

Smartphones are fun to use, but what if someone is

This is a post from Read the original post: Google collects Android location data even if location service is off


Battery-Switching Device Promises More Road Time for Tesla, Leaf Drivers SoylentNews

Finer grained battery discharge boosts range:

Nissan Leafs, which go about 107 miles on a charge, sometimes end up relegated to commuter cars due to battery-life worries. The mass-market, standard Tesla Model 3 can go double that, but even that distance can be disconcerting on long road trips.

Both batteries could work about 50 percent longer with a device provisionally patented by Vanderbilt University's Ken Pence, professor of the practice of engineering management, and Tim Potteiger, a Ph.D. student in electrical engineering. It reconfigures modules in electric car battery packs to be online or offlinedepending on whether they're going to pull down the other modules.

The two used Tesla's open-source, high-density, lithium-ion battery to model their method of improving durability, adding a controller to each of the battery's cells.

"We know there are some battery cells that run out of juice earlier than others, and when they do, the others run less efficiently," Potteiger said. "We make sure they all run out of energy at the same time, and there's none left over."

Is a 50% boost in range worth the expense of the extra controllers?

Original Submission

Read more of this story at SoylentNews.


Google Collects Android Users Locations Even When Location Services Are Disabled

Shocker. Via: Quartz: Many people realize that smartphones track their locations. But what if you actively turn off location services, havent used any apps, and havent even inserted a carrier SIM card? Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google []


Bolt-Together Belt Grinder for the No-Weld Shop Hackaday

Belt grinding offers a lot of advantages for the metalworker, and since belt grinders are pretty simple machines, shop-built tools are not an uncommon project. A bolt-together belt grinder makes this tool even more accessible to the home gamer.

With no access to a welder but with a basic milling machine and an ample scrap bin at his disposal,  [IJustLikeMakingThings] had to get creative and modify some of the welding-required belt grinder designs he found online to be bolt-up builds.  The key to a cool running belt grinder is for the belt to be as long as possible, and the 2x72 belt seems to be the sweet spot, at least here in the States. Machined drive and idler wheels with the crown needed for proper belt tracking were sourced online, as was the D-bracket for holding the two guide wheels. But the rest of the parts were fabricated with simple tools and bolted together. [IJustLikeMakingThings] provides a lot of detail in his write-up, and it shouldnt be too hard to build a belt grinder just like this one.

Looking for other belt grinder plans to compare notes? Heres a grinder with an even simpler design, but with welding required.

Filed under: Tool Hacks


HPR2428: git Blobs Hacker Public Radio

How do you manage large binary blobs, like pictures or video or sounds, when using git? In this episode, Klaatu explains two popular options&#58; git-media git-annex Thanks to CapsLok at


Great news! Photo Lifeboat News: The Blog

Great news! Dr. Aubrey de Grey is going to be doing an AMA on Reddit. This is your chance to ask anything you like about SENS and the scientific progress we are making. Find out more about SENS and how you can help us at:


Uber paid hackers $100,000 to keep data breach quiet Graham Cluley

Uber paid hackers $100,000 to keep data breach quiet

You can ask forgiveness for being hacked, but many people will find it harder to forgive and forget if you deliberately concealed the truth from them.


Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Open Source Security

Posted by Guido Vranken on Nov 21

Dear list,

I've written a bignum fuzzer that compares the results of mathematical
operations (addtion, subtraction, multiplication, ...) across multiple
bignum libraries. Among these is the Go programming language,
specifically the "math/big" package [1]. Recently, the fuzzer found a
problem in its exponentiation operation [2]. This was reported to the
Go security address, and according to developer Russ Cox there are no


Re: phusion passenger CVE-2017-1000384 Open Source Security

Posted by John Lightsey on Nov 21

Yes, that is accurate as far as I'm aware.


Google gathers Android users' location data even with setting turned off: report The Hill: Technology Policy

Phones using Googles operating system, Android, have been collecting their users location data, even when a user has turned off the device's location services, Quartz reported on Tuesday.The company has been collecting such data on Android...


FCC moves to ease rules on TV station ownership The Hill: Technology Policy

Federal Communications Commission Chairman Ajit Pai is moving forward with a controversial proposal to ease restrictions on the ownership of broadcast stations.In a statement Tuesday, Pai said he is seeking comments on raising the cap on how much of...


Le Guess Who Random Thoughts

I went to Le Guess Who in Utrecht, and it was very good. Heres a festival report.

The festival is spread out all over Utrecht, like here in front of a church where
Le Mystre des Voix Bulgares performed. (The doors closed mysteriously before the huddled throng and nobody let us know what was happening, so we stood there for half an hour until most people decided by themselves that perhaps de kerk is vol.) But the main bulk of the concerts took place either in the enormodome TivoliVredenburg, or 30 minutes south in the De helling/Pastoefabriek/LE:EEN/etc cluster of venues.



Sabrent EC-SS31: A $10 USB 3.1 To SATA 2.5-Inch Drive Adapter Phoronix

If you are looking out for a SATA 2.5-inch HDD/SSD to USB3 adapter, the Sabrent EC-SS31 is quite simple, works with Linux, supports USB 3.1, and retails for about $10 USD...


FCC Will Reveal Vote to Repeal Net Neutrality This Week SoylentNews

The FCC will reveal vote to repeal net neutrality this week

The new rules are expected to be announced on Wednesday, whilst most Americans are distracted by getting home to loved ones for Thanksgiving.

This will then be followed by a vote on 10 December, which would see the 2015 rules designed to protect the internet being torn down.

[...] The important point, as we've said before, is that once the genie is out of the bottle, getting it back in is almost impossible and for our readers outside the US, don't think this doesn't affect you - everything that passes through US servers will be affected in some way and will knock on to you.

Original Submission

Read more of this story at SoylentNews.


Uber covered up cyberattack that exposed data of 50M users: report The Hill: Technology Policy

Uber covered up a massive cyberattack that exposed the data of 57 million passengers and drivers last year, according to Bloomberg.Hackers reportedly stole the names, email addresses and phone numbers of 50 million Uber riders around the world in...


Re: phusion passenger CVE-2017-1000384 Open Source Security

Posted by Tomas Hoger on Nov 21

Is passenger-status the only way to obtain the content of the target
file? If so, this problem is mitigated in versions prior to 5.0.10
where root privileges were required to get the status information.


Links 21/11/2017: LibreELEC (Krypton) v8.2.1 MR, Mesa 17.3.0 RC5 Techrights

GNOME bluefish



  • Desktop

    • Microsoft Worker Leaves for Google, Criticizes Post-Windows Vista Dev Strategy

      Microsoft employee Tim Sneath, who spent no less than 17 years with the company, announced in a blog post that hes leaving the software giant to work for Google on the new Flutter mobile framework.

      Sneath started his post by emphasizing how great Microsoft is, explaining that he company has incredibly diverse interests and is filled with talented people.

      Despite the good parts, however, the former Microsoft Program Manager who worked on a series of projects for developers, discussed what he described as the missteps that the Redmond-based software giant embraced beginning with the Windows Vista era.

    • Goodbye Microsoft, hello Linux

      Sir, It is encouraging to see a pro-Linux article in The Irish Times, with Derek Scally promoting the many advantages of the free and open-source operating system, without glossing over the difficulties a user may have when installing and using it for the first time on their personal computer (Goodbye Apple, goodbye Microsoft hello Linux, Technology, November 18th).

    • Windows 10 switchover will cost Linux champion Munich 50m

      A major factor driving the decision to return to Windows appears to be changes in the political make-up of the council since the LiMux project began in 2003. Today the CSU political party, which has a long track record of opposition to LiMux, is also part of the ruling coalition in Munich. It was this coalition of CSU and SPD politicians that put forward the proposals to switch back to Windows 10 earlier this year.

  • Server

    • ...


Your Holiday Cybersecurity Guide Errata Security

Many of us are visiting parents/relatives this Thanksgiving/Christmas, and will have an opportunity to help our them with cybersecurity issues. I thought I'd write up a quick guide of the most important things.

1. Stop them from reusing passwords

By far the biggest threat to average people is that they re-use the same password across many websites, so that when one website gets hacked, all their accounts get hacked.

To demonstrate the problem, go to and enter the email address of your relatives. This will show them a number of sites where their password has already been stolen, like LinkedIn, Adobe, etc. That should convince them of the severity of the problem.

They don't need a separate password for every site. You don't care about the majority of website whether you get hacked. Use a common password for all the meaningless sites. You only need unique passwords for important accounts, like email, Facebook, and Twitter.

Write down passwords and store them in a safe place. Sure, it's a common joke that people in offices write passwords on Post-It notes stuck on their monitors or under their keyboards. This is a common security mistake, but that's only because the office environment is widely accessible. Your home isn't, and there's plenty of places to store written passwords securely, such as in a home safe. Even if it's just a desk drawer, such passwords are safe from hackers, because they aren't on a computer.

Write them down, with pen and paper. Don't put them in a MyPasswords.doc, because when a hacker breaks in, they'll easily find that document and easily hack your accounts.

You might help them out with getting a password manager, or two-factor authentication (2FA). Good 2FA like YubiKey will stop a lot of phishing threats. But this is difficult technology to learn, and of course, you'll be on the hook for support issues, such as when they lose the device. Thus, while 2FA is best, I'm only recommending pen-and-paper to store passwords. (AccessNow has a guide, though I think YubiKey/U2F keys for Facebook and GMail are the best).

2. Lock their phone (passcode, fingerprint, faceprint)

You'll lose your phone at some point. It has the keys all all your accounts, like email and so on. With your email, phones thieves can then reset passwords on all your other accounts. Thus, it's incredibly important to lock the phone.

Apple has made this especially easy with fingerprints (and now faceprints), so there's little excuse not to lock the phone.

Note that Apple iPhones are the most secure. I give my mother my old iPhones so that they will have something secure....


Police are using DNA mugshots to arrest innocent people MassPrivateI

A recent Washington Times article, boasts that Texas law enforcement used predictive DNA imaging or 'Phenotyping' to guess what a suspects physical characteristics might be.

This is not a joke, this is actually happening in police departments across the country.

Parabon Nanolabs, claims their new analysis service can accurately predict what a suspect or victim looks like based on a sample of their DNA.

"Snapshot is a revolutionary new forensic DNA analysis service that accurately predicts the physical appearance and ancestry of an unknown person from DNA. "

Parabon, boasts that Snapshot will produce a 'detailed report and composite profile that includes eye color, skin color, hair color, face morphology, and detailed biogeographic ancestry based on a single DNA sample'.

A 2015, NY Times article warns that Parabon has not published any information in peer-reviewed journals that could validate their claims.

In other words, law enforcement should be questioning their claims about providing DNA mugshots (Snapshots) of alleged suspects or victims.

But as you will see, that is not the case.

Phenotyping used to create gov't mugshots 


Phoronix Test Suite 7.6 M3 Is The Last Ahead Of The Stable "Alvdal" Phoronix

Phoronix Test Suite 7.6 Milestone 3 is now available as the last planned development release ahead of the stable debut of 7.6.0-Alvdal...


2017 OWASP Top 10 Final Release is out, whats new? Security Affairs

The Open Web Application Security Project (OWASP) presented the final release for the 2017 OWASP Top 10.

  • insufficient attack detection and prevention
  • unprotected APIs.

The 2017 OWASP Top 10 is based on data from 23 contributors covering more than 114,000 applications. OWASP published on GitHub the data used for its report.

The categories have been selected based on the risk they pose, but what are the application Security Risks?

Attackers can potentially use many different paths through your application to do harm to your business or organization. Each of these paths represents a risk that may, or may not, be serious enough to warrant attention. states the OWASP.

Sometimes these paths are trivial to find and exploit, and sometimes they are extremely difficult.

The OWASP Top 10 vulnerabilities are injection, broken authentication, sensitive data exposure, XML external entity (XXE), broken access control, security misconfiguration, cross-site scripting (XSS), insecure deserialization, using components with known vulnerabilities, and insufficient logging and monitoring.

The insufficient attack detection and prevention results from the merger of the current 4th and 7th items, Insecure direct object references and the Missing Function Level Access Control.

The categories have been merged into the item Broken access control that was dated back in 2004.

2017 OWASP Top 10 Final

The OWAS...


Using Magnets to Control Chemical Reactions That Target Release of Medicines Inside the Body SoylentNews

The magnets can tightly target drug release:

A team of researchers with the University of Georgia in Athens has developed a technique for controlling chemical reactions that release drugs inside the body. In their paper published in the journal Nature Catalysis, the group describes coating chemicals to prevent a reaction from occurring until the application of a magnetic field that releases a desired drug.

In some medical applications, it is better for a medical treatment if a chemical can be applied directly to a certain part of the body and nowhere else. Chemicals meant to treat tumors are the prime examplechemotherapy drugs act on every cell they contact, causing a host of negative side effects. In this new effort, the group took a novel approach to solving this problem, using a magnet to force coated chemicals together, prompting a drug releasing reaction.

To provide a means for controlling when chemicals come into contact inside the body, the researchers created tiny packets by first coating iron oxide nanoparticles with silica and then coating them further with two types of polymers, which, when combined, form a brush-like structure. Each of the packets was then loaded with either an enzyme or a substrate meant to react with the enzyme, and, of course, the drug to be released.

The technique is intended to better target chemotherapy in cancer treatments such that only tumors are exposed to the chemical agents. It is hoped the more precise targeting can avoid the side effects of chemotherapy.

Original Submission

Read more of this story at SoylentNews.


Flip-Dot Display Brought Out of Retirement by New Drivers Hackaday

LED matrix displays and flat-screen monitors have largely supplanted old-school electromechanical models for public signage. We think thats a shame, but its also a boon for the tinkerer, as old displays can be had for a song these days in the online markets.

Such was the case for [John Whittington] and his flip-dot display salvaged from an old bus. He wanted to put the old sign back to work, but without a decent driver, he did what one does in these situations he tore it down and reverse engineered the thing. Like most such displays, his Hannover Display 7 x 56-pixel flip-dot sign is electromechanically interesting; each pixel is a card straddling the poles of a small electromagnet. Pulse the magnet and the card flips over, changing the pixel from black to fluorescent green. [John] used an existing driver for the sign and a logic analyzer to determine the protocol used by the internal electronics to drive the pixels, and came up with a much-improved method of sending characters and graphics. With a Raspberry Pi and power supply now resident inside the case, a web-based GUI lets him display messages easily. The video below has lots of details, and the code is freely available.

You may recall [John] from a recent edge-lit Nixie-like display. Looks like hes got a thing for eye-catching displays, and were fine with that.

Filed under: classic hacks, Teardown


Trump: AT&T-Time Warner merger 'not good for the country' The Hill: Technology Policy

President Trump said that AT&T's proposed merger with Time Warner is "not good for the country," one day after the Department of Justice announced it was suing to block the $85 billion deal."Personally, Ive always felt that that...


Intel chips riddled with deadly flaws Help Net Security

As were waiting for security researchers to detail the Intel Management Engine vulnerability that can allow attackers to run undetectable, unsigned code on machines with Intel processors, the US-based chip maker has announced the release of firmware that plugs a number of potentially critical flaws in Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS). What is Intel ME, TXE and SPS? Intel Management Engine (ME) is a subsystem More



Sacramento Regional Transit System in California Held for $7,000 Ransom HackRead

By Waqas

On Saturday night an unknown hacker targeted the Sacramento Regional

This is a post from Read the original post: Sacramento Regional Transit System in California Held for $7,000 Ransom



Anouk Wipprecht: Robotic Dresses and Human Interfaces Hackaday

Anouk Wipprechts hackerly interests are hard to summarize, so bear with us. She works primarily on technological dresses, making fashion with themes inspired by nature, but making it interactive. If that sounds a little bit vague, consider that shes made over 40 pieces of clothing, from a spider dress that attacks when someone enters your personal space too quickly to a suit with plasma balls that lets her get hit by Arc Attacks giant musical Tesla coils in style. She gave an inspiring talk at the 2017 Hackaday Superconference, embedded below, that you should really go watch.

Anouk has some neat insights about how the world of fashion and technology interact. Technology,...


Discussion: 'Do Speed Cameras Really Save Lives?' SoylentNews

Speed cameras have been the focus of motorists' anger and frustration for years, although we are told repeatedly that they are an effective means of reducing death and injury on the roads. But is this really the case?

Whether speed cameras actually do save lives seems an easy assertion to test: measure the numbers of casualties at a site over a period, say two years; introduce a speed camera; re-measure the number of casualties over an equal period, and any reduction is due to the camera. But it's not really that simple. Many other factors are at play that might make cameras appear to be more effective than they really are. And these factors are often ignored when evaluating the performance of speed cameras at improving road safety.

Do speed cameras actually save lives?

[...] In road safety data, there is a general tendency for collision incidents at a site to reduce anyway following a short-term rise in their number, without any treatment (such as a speed camera) being applied. In statistics, this is known as regression-to-the-mean (or RTM). We also know that the long-term trend in collisions has generally been downward due to factors such as improved vehicle safety and better driver education[PDF].

So if we observe a reduction in casualties at a site following the installation of a camera, we need to ask how much of this reduction would have happened anyway (the RTM effect)? How much is due to general trends in road safety? And how much can we actually attribute to the camera itself?

[...] To make matters worse, half of the UK's fixed speed cameras may not even be turned on. So the situation is far from simple.

Methods to accurately account for RTM and trend often require knowledge of advanced statistics which may not always be available within a road safety team, and so it is likely that these confounding factors are not being considered consistently across the country.

[...] So, do speed cameras save lives? The answer is almost certainly yes, but probably not always to the extent that people are led to believe.

Original Submission

Read more of this story at SoylentNews.


Webinar: Running a SOC with security orchestration Help Net Security

Whether an Enterprise SOC or an MSSP the challenges of too many alerts, disconnected tools and a shortage of analysts continue to plague security operations. Security Automation and Orchestration are increasingly looked to enable analysts to triage the tsunami of alerts flooding the organisation, provide context to accelerate investigation, and provide the playbooks and workflow to drive consistency and efficiency throughout security operations. In this webinar Amos Stern, CEO of Siemplify and, Arthur Hedge, CEO More


A Big Hydro Project in Big Sky Country IEEE Spectrum Recent Content full text

Its novel design makes this pumped hydro project nearly as flexible as a storage battery. Whether the market is ready for it remains to be seen Photo: Absaroka Energy An artist's rendering of the Gordon Butte pumped hydro facility shows the upper and lower reservoirs and nearby Colstrip transmission line.

A pumped hydro project in southcentral Montana could provide electric utilities in the Pacific Northwest with a US billion-dollar, 400-megawatt facility that mimics both a battery and a fast-start natural gas-fired plant.

The Gordon Butte pumped storage project received its 50-year operating license from the Federal Energy Regulatory Commission in December 2016. The project holds a water right issued by the state of Montana to withdraw water from a nearby stream to fill the project reservoirs, and replace water lost to evaporation and seepage.

With a FERC license in hand, Gordon Butte is in search of a customer for its pumped hydro capacity.

According to Carl Borgquist, president and CEO of Bozeman, Montana-based Absaroka Energy, an engineering contract with a design-construction firm is almost complete. But the project is by no means assured.

For one thing, two 40-year-old coal-fired units at the Colstrip power plant in southeastern Montana would need to close as expected in 2022. The closure was agreed to in 2016 by Allentown, Penn.-based Talen Energy and Seattle-based Puget Sound Energywhich own and operate the two unitsand environmental groups that sued over air emissions from the 2,094 MW plant.

For another thing, at least one of a handful of Pacific Northwest utilities still needs to sign a long-term purchase power agreement (PPA) to buy flexible capacity and ancillary services from the pumped hydro project. That may not be as simple as it sounds: Few U.S. power markets have set a value for the kinds of capacity and ancillary services the project could provide.

Whats more, in a straight-up comparison of installed capacity costs, Gordon Butte loses, according to numbers crunched for Absaroka by the consultancy Energy and Environment Economics, Inc., and presented by Borgquist in February 2017.

The numbers show that the cost per kilowatt for 400 MW of pumped hydro capacity is around $2,250. By contrast, the cost for gas-fired capacityprovided by technology that ranges from an aeroderivative combustion turbine to a reciprocating enginewas calculated to be an...


Apple: Letting China block apps lets us keep bolstering free speech The Hill: Technology Policy

Apple told senators that capitulating to the Chinese government's ban on certain privacy apps would help the iPhone continue to "promote greater opennness [sic] and facilitate the free flow of ideas and information."The comments came...


NVIDIA's Binary Driver Doesn't Yet Play Nicely With Linux 4.15 Phoronix

If you are using the NVIDIA proprietary graphics driver and anxious to try out the Linux 4.15 kernel for its many new features/improvements, unfortunately you will need to wait a few days as the current public driver is broken against this latest code...


This Gene-Editing Tech Might Be Too Dangerous To Unleash Lifeboat News: The Blog

With gene drives, scientists are trying to supercharge evolution to eradicate malaria and save endangered species from extinction. But is this DARPA-funded tech safe enough to test in the wild? One of its creators isnt so sure.


Google adds Fuchsia OS support for Apples Swift programming language TechWorm

Google is working on adding Fuchsia OS support for Apples Swift programming language

We had reported over a year ago that Google is working on a new in-development operating system named Fuchsia, which is not Android or Chrome OS based. It instead runs on top of the real-time Magenta kernel instead of Linux. Fuchsia is based on a new microkernel called Zircon, derived from Little Kernel, a small operating system intended for embedded systems. It runs across cross computers, mobile phones, tablets, and Internet of Things (IoT) devices.

Android Police noted that some of the most recent code commits that Google is working to integrate Swift, an open-source programming language developed by Apple with its Fuchsia OS. Fuchsia already supports programming languages like Dart, a language similar to C developed by Google and other languages like C/C++ and Go.

For those unaware, Swift, the successor of Objective-C, is a relatively clean, fast and error-free programming language that can reduce the length of the code, saving time and energy. Developed by Apple, Swift is suitable for building applications for iOS, macOS, watchOS and tvOS. It can be mixed with existing C/Objective-C/C++ code on Apples own platforms.

The support for Swift on Fuchsia was spotted on GitHub repository via a pull request adding Fuchsia OS support to the compiler. It was created by a Google employee and there are discussions about splitting it into several smaller pull requests in order to make it easier to review the code changes.

Confirming the move in a tweet, Apples Swift creator, Chris Lattner who currently works at Google, suggesting that it plans to have its own code.

Google intends to make a code to meet their special requirements by making changes to Swift, and releasing it to Swift official repository. In fact, Google has already done this work. Google developer Zac Bowling posted a message in his social media account, which says that Swift GitHub has established a pull request to require support for the Fuchsia OS in t...


Company Will Create an "Artificial Meteor Shower" Over Hiroshima, Japan in 2019 SoylentNews

Stuff will be flown into space for the purpose of burning it so people can look at it:

Meteor showers are an awe-inspiring sight, and skywatchers often plan well in advance for their shot at spotting shooting stars as they rain down from the heavens. The rare events have, up until now, been a totally natural phenomenon, but one company is planning on turning on-demand meteor showers into big business, and it's scheduled its first man-made shooting star showcase for early 2019.

The company, called ALE, has created a spectacle it calls Sky Canvas, and it's as close to controlled meteor showers as we may ever get. What makes it so interesting is that this isn't some kind of slight of hand or illusion, but actual material dropped from special satellites burning up in the atmosphere to produce a brilliant light show overhead. It's wild, wild stuff.

The cube-shaped satellites that control ALE's Sky Canvas are tiny less than two feet on each side but they carry the proprietary pellets that create the "shooting stars" and can be controlled remotely from the ground. On command, the satellites release their payload, which then falls to Earth and, after coming into contact with the intense friction of the atmosphere, ignite.

Manmade explosions over Hiroshima?

Original Submission

Read more of this story at SoylentNews.


Joan Feynman Found Her Place in the Sun Hackaday

Google Joan Feynman and you can feel the search behemoth consider asking for clarification. Did you mean: Richard Feynman? Image search is even more biased toward Richard. After maybe seven pictures of Joan, theres an endless scroll of Richard alone, Richard playing the bongos, Richard with Arline, the love of his life.

Yes, Joan was overshadowed by her older brother, but what physicist of the era wasnt? Richard didnt do it on purpose. In fact, no one supported Joans scientific dreams more than he did, not even their mother. Before Richard ever illuminated the world with his brilliance, he shined a light on his little sister, Joan.

Baby Joan works on the Feynman smirk. Image via r/physics

A Sign From Above

Joan Feynman was born in Queens, New York City in 1927 to Lucille and Melville Feynman, nine years after Richard came along. Both children were raised to be insatiably curious. Their parents encouraged them to always ask why, and to take notice of the world around them.

Joan deeply admired her brother and was always interested in whatever he was doing. Richard capitalized on this right away, making Joan his first student. He taught her how to a...


Marek Posts Gallium3D HUD Multi-Context Support Phoronix

Marek Olk's latest project has been adding support for multi-context applications to the Gallium3D Heads-Up Display (HUD)...


PTAB Inter Partes Reviews (IPRs) Are Essential in an Age When One Can Get Sued for Merely Mocking a Patent Techrights

Reexaminations (akin to but not identical to IPRs) can help weed out stupid patents like the one below

US patent 6368227 B1
USPTO patent quality (US 6368227 B1)

Summary: The battle over the right to criticise particular patents has gotten very real and the Electronic Frontier Foundation (EFF) fought it until the end; this is why we need granted patents to be criticised upon petitions too (and often invalidated as a result)

THE USPTO, prior to some recent reforms, had been granting a lot of dubious patents on software patents which were later invalidated by PTAB, the appeal board which is half a decade old (US patents typically last two decades).

GEMSA wrote to EFF accusing us of false and malicious slander. It subsequently filed a lawsuit and obtained an injunction from a South Australia court purporting to require EFF to censor itself.
We are very gratified to see PTABs growth and the crackdown on software patents. Earlier today I saw this press release about a new software patent on brain segmentation (my field of research). Do examiners seriously think that computer vision is anything but software and reducible to mathematics? Did words like brain and fancy jargon like dynamic atlas make them think that this is not an algorithm? This is where PTAB comes handy and such stupid patents (as the EFF calls them) get invalidated as though they were never granted.

Yesterday we saw this press release about Axon potentially losing its patent lawsuit (patent aggression against a practising rival [1,...


Google Wipes 786 Pirate Sites From Search Results TorrentFreak

Late July, President Vladimir Putin signed a new law which requires local telecoms watchdog Rozcomnadzor to maintain a list of banned domains while identifying sites, services, and software that provide access to them.

Rozcomnadzor is required to contact the operators of such services with a request for them to block banned resources. If they do not, then they themselves will become blocked. In addition, search engines are also required to remove blocked resources from their search results, in order to discourage people from accessing them.

Removing entire domains from search results is a controversial practice and something which search providers have long protested against. They argue that its not their job to act as censors and in any event, content remains online, whether its indexed by search or not.

Nevertheless, on October 1 the new law (On Information, Information Technologies and Information Protection) came into effect and it appears that Russias major search engines have been very busy in its wake.

According to a report from Rozcomnadzor, search providers Google, Yandex,, Rambler, and Sputnik have stopped presenting information in results for sites that have been permanently blocked by ISPs following a decision by the Moscow City Court.

To date, search engines have stopped access to 786 pirate sites listed in the register of Internet resources which contain content distributed in violation of intellectual property rights, the watchdog reports.

The domains arent being named by Rozcomnadzor or the search engines but are almost definitely those sites that have had complaints filed against them at the City Court on multiple occasions but have failed to take remedial action. Also included will be mirror and proxy sites which either replicate or facilitate access to these blocked and apparently defiant domains.

The news comes in the wake of reports earlier this month that Russia is considering a rapid site blocking mechanism that could see domains rendered inaccessible within 24 hours, without any parties having to attend a court hearing.

While its now extremely clear that Russia has one of the most aggressive site-blocking regimes in the world, with both ISPs and search engines required to prevent access to infringing sites, its uncertain whether these measures will be enough to tackle rampant online piracy.

New research published in October by Group-IB revealed...


Even Light Exercise is Beneficial to Health and Can Reduce Mortality Risk Lifeboat News: The Blog

Even very moderate activity levels can influence the risk of death, according to a new study led by the University of Buffalo. The study showed that there was a significant reduction of mortality risk in women over 65 who regularly engaged in light physical activites, such as household chores.

Yes, folding the laundry, ironing, vacuuming the house and other menial tasks might not seem the most glamorous of activities, but they may help you to live longer.


Hackers hit Sacramento transit system, demand money to stop attack Help Net Security

Hackers looking for a payout have hit the Sacramento Regional Transit (SacRT) system, defacing the agency website, erasing data from some of its servers, and demanding money to stop the attack and not do further damage. The attack According to the Sacramento Bee, the hackers announced their presence on Saturday (November 18) by placing a message on the agencys main webpage saying that they wanted to help the agency fix vulnerabilities. On Sunday, they began More


Colorado fines Uber $9M for hiring drivers with bad records The Hill: Technology Policy

Colorado has slapped Uber with a nearly $9 million fine for letting dozens of drivers with serious criminal or motor vehicle offenses work for the ride-hailing firm, The Associated Press reported.The Colorado Public Utilities Commission...


Chinese Patent Policy Continues to Mimic All the Worst Elements of the American System Techrights

This will crush Chinese innovation

Chinese flag

Summary: China is becoming what the United States used to be in terms of patents, whereas the American system is adopting saner patent policies that foster real innovation whilst curtailing mass litigation

THE USPTO, together with US courts, may have done whats necessary to stave off at least some patent trolls. With software patents on the rocks, venue-shifting becoming tough and various other notable factors, patent trolls either go out of business [sic] or move somewhere else. Some of them go to China.

Even China, based on yesterdays blog post, is lost in an appalling trap of a patent gold rush. The Chinese government now signals that competing/emergent players (those which compete against state-connected giants) are to be banned. From the blog: While many past customs enforcement campaigns have focused on foreign rights owners (often big international brands), this one was carried out on behalf of domestic tech companies. China Daily explains that it is part of the governments plan to nurture Chinese companies with IP advantages in their exported goods. In planning the Soaring Dragon operation, the Shenzhen authorities selected patent owners that were deemed capable of independent innovation Huawei and ZTE chief among them.

The Chinese government now signals that competing/emergent players (those which compete against state-connected giants) are to be banned.So put another way, a quarter million products were denied access to the market. Who exactly benefits from that? Whatever the details behind the numbers GACC is publicly promoting, it concludes, the message is clear: if youre an innovative Chinese company and your patents are being infringed, the customs services is one of the tools at your disposal. The more proactive they become, the more potent a remedy this will be, especially for the likes of Huawei and ZTE.

Those are massive corporations. They now shield themselves with a massive number of low-quality patents, just like in the US. This actually suppresses innovation and reduces competition. Its like ITC in the US.

Earlier today Watchtroll...


Five fresh kernels

Stable kernels 4.14.1, 4.13.15, 4.9.64, 4.4.100, and 3.18.83 have been released. They all contain important fixes and users should upgrade.


Net neutrality group plans holiday protests at Verizon stores The Hill: Technology Policy

Net neutrality proponents are planning a last-ditch holiday protest against the Federal Communications Commission's (FCC) move to scrap Obama-era rules. Protesters in cities including Phoenix, Denver, San Francisco, New York City,...


Security updates for Tuesday

Security updates have been issued by Debian (ldns and swauth), Fedora (kernel and postgresql), Mageia (botan, krb5, and sssd), and Ubuntu (apport, linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-hwe, linux-lts-xenial, procmail, and samba).


DARPA Seeking AI That Learns All the Time IEEE Spectrum Recent Content full text

The agency wants ideas for turning computers into lifelong learners Illustration: iStockphoto

Earlier this month a self-driving shuttle in Las Vegas patiently waited as a delivery truck backed up, then backed up some more, then backed right into it. Inconveniently for the roboshuttles developer Navya, this happened within hours of the shuttles inauguration ceremony. The real problem is that the shuttle cant learn from the incident the way a human would: immediately and without forgetting how to do everything else in the process.

The U.S. Defense Advanced Research Projects Agency (DARPA) is looking to change the way AI works through a program it calls L2M, or Lifelong Learning Machines. The agency is looking for systems that learn continuously, adapt to new tasks, and know what to learn and when. We want the rigor of automation with the flexibility of the human, says the programs director Hava T. Siegelmann. The US $65-million program has already chosen 16 groups for 4-year projects, but according to Siegelmann there is still opportunity to propose 12- or 18-month projects.

AIs big problem stems from the structure in use today. Neural networks are adaptable systems whose ability to learn comes from varying the strength of connections between its artificial neurons. Today these networks are trained on a set of dataimages of cars and people for example. The strength of a networks connections are then fixed, and the system goes out into the world to do its thing.

The problem comes when the AI encounters something it was never trained to recognize. Without retraining, the system would make the same mistake over and over again. But right now, AIs cant really be retrained on the job. Trying to do so with todays systems leads to a phenomenon called catastrophic forgetting, Siegelmann explained at the IEEE Rebooting Computing Conference. Its a situation where learning the new item disrupts the knowledge of all the other things the system already knew how to do.

Even humans suffer some performance drop when they encounter something new, but we can recover while still performing a function. If you raise the net in a basketball game by 30-centimeters, players will miss most of the time at first, but as they continue playing theyll learn to score at the new height. You dont have to pull them off the court and teach them the entire game over again.

The 16 major grants went to two sets of group...

Python keeps a gecko happy: terrarium automation with Raspberry Pi Hackaday

For better or worse, pets often serve as inspiration and test subjects for hardware hacks: smarten up that hamster wheel, tweet the squirrel hunting adventures from a dogs point of view, or automate and remote control a reptile enclosure. [TheYOSH], a gecko breeder from the Netherlands, chose the latter and wrote TerrariumPi for the Raspberry Pi to control and monitor his exotic companions home through a convenient web interface.

The right ecosystem is crucial to the health and happiness of any animal that isnt native to its involuntarily chosen surroundings. Simulating temperature, humidity and lighting of its natural habitat should therefore be the number one priority for any pet owner. The more that simulation process is reliably automated, the less anyone needs to worry.

TerrariumPi supports all the common temperature/humidity sensors and relay boards you will find for the Raspberry Pi out of the box, and can utilize heating and cooling, watering and spraying, as well as lighting based on fixed time intervals or sensor feedback. It even supports location based sunrise and sunset simulation your critter might just think it never left Madagascar, New Caledonia or Brazil. All the configuration and monitoring happens in the browser, as demonstrated in [TheYOSH]s live system with public read access (in Dutch).

It only seems natural that Python was the language of choice for a reptile-related system. On the other hand, it doesnt have to be strictly used for reptiles or even terrariums; TerrariumPi will take care of aquariums and any other type of vivarium equally well. After all, we have seen the Raspberry Pi handling greenhouses and automating mushroom cultivation before.

Filed under: green hacks, Raspberry Pi


FCC will vote to overturn net neutrality rules in December The Hill: Technology Policy

Ajit Pai, the Republican chairman of the Federal Communications Commission (FCC), announced on Tuesday that the FCC will vote to roll back Obama-era net neutrality rules that require internet service providers to treat all web traffic...


The Stage Has Been Set For The Next Financial Crisis Lifeboat News: The Blog

We are in a multidimensional and fully internationalized carry trade game, folks, which means there is a very serious and tangible risk pool sitting just below the surface across worlds largest insurance companies, pensions funds and banks, the so-called mandated undertakings


World Scientists Warn Humanity for a Second Time SoylentNews

Human well-being will be severely jeopardized by negative trends in some types of environmental harm, such as a changing climate, deforestation, loss of access to fresh water, species extinctions and human population growth, scientists warn in today's issue of BioScience, an international journal.

The viewpoint article"World Scientists' Warning to Humanity: A Second Notice"was signed by more than 15,000 scientists in 184 countries.

The warning came with steps that can be taken to reverse negative trends, but the authors suggested that it may take a groundswell of public pressure to convince political leaders to take the right corrective actions. Such activities could include establishing more terrestrial and marine reserves, strengthening enforcement of anti-poaching laws and restraints on wildlife trade, expanding family planning and educational programs for women, promoting a dietary shift toward plant-based foods and massively adopting renewable energy and other "green" technologies.

Global trends have worsened since 1992, the authors wrote, when more than 1,700 scientistsincluding a majority of the living Nobel laureates at the timesigned a "World Scientists' Warning to Humanity" published by the Union of Concerned Scientists. In the last 25 years, trends in nine environmental issues suggest that humanity is continuing to risk its future. However, the article also reports that progress has been made in addressing some trends during this time.

The article was written by an international team led by William Ripple, distinguished professor in the College of Forestry at Oregon State University. The authors used data maintained by government agencies, nonprofit organizations and individual researchers to warn of "substantial and irreversible harm" to the Earth.

"Some people might be tempted to dismiss this evidence and think we are just being alarmist," said Ripple. "Scientists are in the business of analyzing data and looking at the long-term consequences. Those who signed this second warning aren't just raising a false alarm. They are acknowledging the obvious signs that we are heading down an unsustainable path. We are hoping that our paper will ignite a wide-spread public debate about the global environment and climate."

Other links:

Here is the official page where you can read the full article, endorse the article, view signatories, and endorsers

Direct link to full article in PDF



Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable The Hacker News

In past few months, several research groups have uncovered vulnerabilities in the Intel remote administration feature known as the Management Engine (ME) which could allow remote attackers to gain full control of a targeted computer. Now, Intel has admitted that these security vulnerabilities could "potentially place impacted platforms at risk." The popular chipmaker released a security


State Dept. to lose top IT official The Hill: Technology Policy

The State Department will lose its top information technology official early next month, adding to a growing list of federal IT leaders who have left their roles this year. States chief information officer (CIO), Frontis Wiggins, is...


WebAssembly Will Finally Let You Run High-Performance Applications in Your Browser IEEE Spectrum Recent Content full text

Online applications could work as smoothly as the programs you install on your machine Photo: Gabriela Hasbun

img Photo: Gabriela Hasbun The author, Luke Wagner [right], and his Mozilla colleague Alon Zakai strive to make browsers run programs faster and better.

What if you could share a computer-aided design (CAD) model and even allow a colleague to manipulate it from afar? Click on this link, check out my design, and feel free to add more holes or fill some in, you might say. You wouldnt have to instruct your distant coworker to install special software or worry about whether her operating system could run it. Imagine that all your programs and data were stored in the cloud and that even computationally intensive applications like multimedia editing ran just as well in your browser as they would if they had been installed locally.

Since the early days of the World Wide Web, a lot of smart, passionate people have wanted to make it into a vehicle for running almost any kind of program. What makes that dream so tantalizing is that the Web is different from other software platforms. Its defined by open standards, so anyone can build on it. Its not owned by any company, so developers are beholden only to their users. And its constructed largely around open-source technologies, so it has the potential to be very democratic.

Over the past three decades, a whole generation of developers has worked to make this vision a reality. Weve added new capabilities to the Web, like audio and video streaming, 2D and 3D graphics, typography, peer-to-peer communication, data storage, offline browsing, as well as multitouch, location, and camera inputs. But we continue to struggle with performance, specifically the ability to run Web applications as quickly as non-Web applications.

Seven years ago, the team I work with at Mozilla chose to focus on one of the oldest and hardest obstacles to progress: the performance of the JavaScript programming language. JavaScript is one of th...


Using Unsecured IoT Devices, DDoS Attacks Doubled in the First Half of 2017 Security Affairs

According to a report recently published by the security firm Corero the number of DDoS Attacks doubled in the First Half of 2017 due to unsecured IoT.

Denial of Service (DoS) attacks have been around as long as computers have been networked. But if your business relies on the Internet to sell products or collaborate, a DoS attack is more than a nuisance, it can be critical.

Over the past few years, the number of DoS attacks has continued to slowly grow in a cat and mouse evolution bad actors get a slightly stronger attack, and network vendors come up with slightly more resilient equipment to defend. Generally the attacks came from botnets comprised of infected computers and servers. The cost of acquiring and keeping these systems in the botnet was relatively expensive, so there was an economic limiter on how fast the attacks would grow. Then Mirai happened in 2016 and everything changed.

The Mirai botnet didnt struggle with corporate security teams and technical security controls like anti virus software and firewalls.


Instead, it focused on the millions of Internet of Things (IoT) devices like webcams and Internet routers in the home to build the botnet. With no security controls to overcome, the Mirai botnet was able to grow and launch Distributed Denial of Service (DDoS) attacks larger than ever seen before. A high-profile attack against Internet journalist Brian Krebs signaled that things had changed, then the October 2016 attack against DNS provider Dyn, showed how devastating a DDoS attack can be. And in the world of a cyber...


Optical Cochlear Implant Turns Light Against Hearing Loss IEEE Spectrum Recent Content full text

European researchers assemble the components for a new kind of cochlear implant Photo: CSEM Two of the vertical cavity surface-emitting lasers used in a new optical cochlear implant are shown here next to a matchstick. Each laser rests within a sapphire box.

Blinking lights could soon serve a whole new purpose. Recent findings have led German, Swiss, and Austrian researchers to develop a prototype hearing implant based on the concept that a series of laser pulses can trigger auditory signals from hair cells located within the inner ear.

An array of near-infrared lasers can produce a soundwave using whats called the optoacoustic effect, the researchers believe. In their device, tiny vertical cavity surface-emitting lasers, which pulsate light at a spectrum of 1.4 to 1.9 microns, act upon the fluid within the nautilus-shaped cochlear canals in the inner ear.

Basically, the infrared light is absorbed by the liquid inside the cochlea. A small fraction of the liquid will expand due to heat. If that happens rapidly enough, it generates a soundwave inside the duct of the cochlea. This stimulates or moves tiny hair cells located there, which in turn sends a signal along the auditory nerve which the brain understands as sound.

Over the last three years, the researchers have built tiny laser arrays and completed tests on guinea pigs, finding they could generate action potentials, the signals carried by auditory nerves, using vertical laser light and the optoacoustic effect. They compared stimuli in the guinea pigs from the laser array with an acoustic click. Both generated nerve signals matching in form and amplitude.

It is still early days but the hope is that this technology can be used to replace or improve hearing devices and cochlear implants, says Mark Fretz, a physicist and project manager at the Centre Suisse dElectronique et Microtechnique (CSEM), an applied research and technology nonprofit based in Alpnach, Switzerland.

The next steps would be to improve the energy efficiency of the device and make it smaller. Individual components developed for the prototypeincluding a tiny sapphire case for hermetically sealing implanted body sensors and an improved laser lens designmay also find other uses, such as allowing laser light to shine within the ear to improve balance.

An illustration shows the inner ear canal and cochlea. Illustration: Chittka and Brockman, PloS Biology...


Re: Fw: Security risk of vim swap files Open Source Security

Posted by Matthias Weckbecker on Nov 21


this is not limited to swap files.

One might want to consider adding e.g. .un~ files to the scanning too.
Unless 'undodir' is configured in ~/.vimrc, those files end up in the
same directory if 'undofile' is set.



Hackers steal $30 million worth of cryptocurrency in Tether hack HackRead

By Waqas

Tether, a start-up firm known for offering dollar-backed cryptocurrency has announced that hackers have

This is a post from Read the original post: Hackers steal $30 million worth of cryptocurrency in Tether hack


The Impact Of HDD/SSD Performance On Linux Gaming Phoronix

Last week we presented our initial benchmarks of the Intel Optane SSD 900P on Linux and it offers mighty performance potential for those using I/O heavy workloads thanks to the use of 3D XPoint memory. But is a solid-state drive like this really worth the price if you are just a Linux gamer? Here are some tests comparing load times and boot times between a HDD, SATA 3.0 SSD, NVMe SSD, and this 3D XPoint NVMe U.2 SSD.


Finding Files with mlocate: Part 3

Finding Files with mlocate: Part 3


Hackers vs. Mold: Building a Humidistat Fan Hackaday

Having a mold problem in your home is terrible, especially if you have an allergy to it. It can be toxic, aggravate asthma, and damage your possessions. But lets be honest, before you even get to those listed issues, having mold where you live feels disgusting.

You can clean it with the regular use of unpleasant chemicals like bleach, although only with limited effectiveness. So I was not particularly happy to discover mold growing on the kitchen wall, and decided to do science at it. Happily, I managed to fix my mold problems with a little bit of hacker ingenuity.

What Level of Humidity Leads to Mold?

I did some research into the underlying causes of the issue. We know mold loves moisture, but the specific root of the problem seems to be a high relative humidity in the surrounding air.

There is a limit to how much water vapor the air can contain at a given temperature. Relative humidity is the percentage of that water vapor limit at the current air temperature. High relative humidity also makes condensation worse, another source of moisture for mold growth. The thing to know is that moisture is our enemy here and the unit of measure that gives us the most reliable information about that is relative humidity.

A study done in Tokyo (PDF warning) seemed to show that the magic num...


BankBot Trojan bypasses again security checks implemented by Google for the Play Store Security Affairs

Experts from several security firms has spotted two new malware campaigns targeting Google Play Store users, once of them spreads the BankBot Trojan.

Once again crooks succeeded in publishing a malware in the official Google Play Store deceiving the anti-malware protections implemented by the tech giant.

The BankBot banking Trojan creates phishing login overlays for several real banking applications (i.e. Citibank, WellsFargo, Chase, and DiBa) in efforts to steal users login details, it also uses the same technique to steal credentials for many popular apps, including Facebook, WhatsApp, Instagram, Twitter, Youtube, Snapchat, Viber, WeChat, and Uber.

The android malware is also able to intercept text messages and delete them from the victims device, in this way it could bypass 2FA implemented by banks.

Google removed at least four previous versions of this banking trojan from the Play Store from the beginning of the year, but crooks always succeeded in proposing a new variant infecting victims of major banks worldwide.

Experts found a second campaign that spreads the same BankBot trojan alongside with the Mazar and Red Alert malware.

Another set of malicious apps has made it into the official Android app store. Detected by ESET security systems as Android/TrojanDropper.Agent.BKY, these apps form a new family of multi-stage Android malware, legitimate-looking and with delayed onset of malicious activity. reads the analysis published by ESET.

We have discovered eight apps of this malware family on Google Play and notified Googles security team about the issue. Google has removed all eight apps from its store; users with Google Play Protect enabled are protected via this mechanism.

Researchers from security firms ESET, AVAST, and SfyLabs shared their knowledge on the threat and wrote a joint report.

The latest variant of the BankBot Trojan has been hiding in Android apps that pose as supposedly harmle...


TOP500 List #50 and Green500 List #21: November 2017 SoylentNews

The fiftieth TOP500 list has been released. Although there has been little change at the top of the list, China now dominates the list in terms of the number of systems, rising to 202 from 160 in June, with the U.S. falling to 143 systems from 169. However, this seems to be the result of Chinese vendors pushing more commercial systems to get on the list:

An examination of the new systems China is adding to the list indicates concerted efforts by Chinese vendors Inspur, Lenovo, Sugon and more recently Huawei to benchmark loosely coupled Web/cloud systems that strain the definition of HPC. To wit, 68 out of the 96 systems that China introduced onto the latest list utilize 10G networking and none are deployed at research sites. The benchmarking of Internet and telecom systems for Top500 glory is not new. You can see similar fingerprints on the list (current and historical) from HPE and IBM, but China has doubled down. For comparison's sake, the US put 19 new systems on the list and eight of those rely on 10G networking. [...] Snell provided additional perspective: "What we're seeing is a concerted effort to list systems in China, particularly from China-based system vendors. The submission rules allow for what is essentially benchmarking by proxy. If Linpack is run and verified on one system, the result can be assumed for other systems of the same (or greater) configuration, so it's possible to put together concerted efforts to list more systems, whether out of a desire to show apparent market share, or simply for national pride."

Sunway TaihuLight continues to lead the list at just over 93 petaflops. The Gyoukou supercomputer has jumped from #69 (~1.677 petaflops) in the June list to #4 (~19.136 petaflops). Due to its use of PEZY "manycore" processors, Gyoukou is now the supercomputer with the highest number of cores in the list's history (19,860,000). The Trinity supercomputer has been upgraded with Xeon Phi processors, more than tripling the core count and bringing performance to ~14.137 petaflops (#7) from ~8.1 petaflops (#10). Each of the top 10 supercomputers now has a measured LINPACK performance of at least 10 petaflops.

The #100 system has an Rmax of 1.283 petaflops, up from 1.193 petaflops in June. The #500 system has an Rmax of 548.7 teraflops, up from 432.2 teraflops in June. 181 systems have a performance of at least 1 petaflops, up from 138 systems. The combined peformance of the top 500 systems is 845 petaflops, up from 749 petaflops.

Things are a little more interestin...


Google Collects Android Location Data Even When Location Service Is Disabled The Hacker News

Do you own an Android smartphone? If yes, then you are one of those billions of users whose smartphone is secretly gathering location data and sending it back to Google. Google has been caught collecting location data on every Android device owner since the beginning of this year (that's for the past 11 months)even when location services are entirely disabled, according to an investigation


Unusual Visitor: A Deeper Look at Oumuamua Centauri Dreams

When I first wrote about the interstellar interloper now called Oumuamua, I made reference to Arthur C. Clarkes Rendezvous with Rama because of the delightful symmetry between the novel and the object, though noting that were unlikely to find that A/2017 U1 is as intriguing as Clarkes mysterious starship bound for the Magellanics (see An Interstellar Visitor?). Still, an interstellar object entering the Solar System only to go careening back out of it could not help but recall Clarke, whose asteroid 31/439 wound up being artificial.

Then came the paper from Karen Meech (University of Hawaii Institute for Astronomy, where the object was first detected with the Pan-STARRS1 telescope). Drawing on data from telescopes around the world, Meechs team has been able to characterize our first nearby object from another stellar system, with equally delightful results. For it turns out that Oumuamua (pronounced oh MOO-uh MOO-uh) has an unusual axis ratio, being about ten times longer than it is wide. Jim Benford couldnt resist suggesting I show a cover from Rendezvous with Rama depicting just such an axis ratio, and I agreed wholeheartedly.

Any science fiction fan familiar with Clarke (and are there any who arent?) will have fun with the similarities, but how much do we actually know about Oumuamua? Meechs team based its conclusions on the objects shape on the fact that its brightness changed so dramatically as it rotated (spinning on its axis every 7.3 hours). Lance Benner, who specializes in radar imaging of near-Earth and main-belt asteroids at JPL, calls the axis ratio here truly extraordinary. We know of no Solar System objects elongated more than 3 times longer than they are wide.

Nothing in our Solar System, in other words, quite matches an object shaped like this. Of course, it might also look like the image below, courtesy of the European Southern Observatory.



Samsung accidentally confirms foldable Galaxy X launch through live support page TechWorm

Samsung Galaxy Xs Support Page Appears On Samsungs Website

Samsung, the South Korean technology giant, has accidentally confirmed the launch of a new foldable smartphone Galaxy X through the devices support page.

The support page is for a smartphone with the model number SM-G888N0, a label that is widely believed to be the upcoming Samsung Galaxy X. According to the Dutch site, Mobiel Kopen (as reported by Lets Go Digital) found a support page for the smartphone on Samsungs Korean site. Although, the support page doesnt provide specifications of the device, it does confirm the existence of a foldable smartphone. The SM-G888 had already received a few certifications from regulators including the Bluetooth SIG, Wi-Fi Alliance, and South Koreas own National Radio Research Agency, reports Mobiel Kopen.

One can expect Samsung to launch the Galaxy X initially in South Korea and also get it certified there. Based on the reception of the Galaxy X, it may decide when to release the device in the other countries. Also, since its a foldable smartphone, it might see a limited launch.

The post Samsung accidentally confirms foldable Galaxy X launch through live support page appeared first on TechWorm.


New scam launches users default phone app, points it to fake tech support hotline Help Net Security

The latest variants of tech support scams targeting Apple users have done away with the usual visually prominent error messages. Instead, they open the potential victims default communication or phone call app, and prompt them to call the fake tech support scam hotline (the number is already prepopulated in the app): With click-to-call links, tech support scams do not have to be as elaborate as many current tech support scam websites. They dont have to More


Nanosys Wants Printing Quantum Dot Displays to be as Cheap as Printing a T-Shirt IEEE Spectrum Recent Content full text

The company plans to capture the printed display market from right under the noses of OLED manufacturers Illustration: Nanosys

Quantum dots have established themselves as a go-to material for photoluminescence, in which light is emitted when stimulated by a light source. Based on this capability, companies such as Nanosys have been able to help display companies like Samsung capture a growing segment of the display market from competing technologies such as LED-backlit LCD and organic light-emitting diode (OLED) displays.

Nanosys currently has more than 60 quantum dot-enabled products on the market, and the company now wants to make a big push to expand the capabilities of quantum dots beyond just photoluminescence into the area of electroluminescence, where photons are emitted in the presence of an electric field or current. Nanosys expects this development to lead to a new era of what Nanosys is terming: Electro Luminescent Quantum Dot (ELQD) displays.

Executives at Nanosys believe that ELQD displays have the potential to disrupt the display industry over the next decade. The displays dont need a backlight and, because each subpixel is addressable, the display wastes no energy while the light travels from the backlight to the pixel. This should translate into lower power consumption, along with wider viewing angles, purer colors, and perfect black levels, according to Jeff Yurek, Director of Marketing and Investor Relations at Nanosys.

We expect to see these displays in the three to five year timeframe, said Yurek. We think that quantum dots have the potential to deliver on the promise of OLED.

It has long been promised that OLEDs would someday be available in...


Ethernaut CTF walk through David Wong | Cryptologie | HTML

This is a walk through of the Ethernaut capture-the-flag competition where each challenge was an ethereum smart contract you had to break.

I did this at 2am in a hotel room in Romania and ended up not finishing the last challenge because I took too long and didn't want to re-record that part. Basically what I was missing in my malicious contract: a function to withdraw tokens from the victim contract (it would have work since I had a huge amount of token via the attack). I figured I should still upload that as it might be useful to someone.


5 cloud storage predictions for 2018 Help Net Security

At this point, the cloud is old news. This does not, however, diminish its continuing impact on individuals and businesses worldwide. As cloud-based services strive towards ubiquity, their impacts will likewise scale, as will their effects. In fact, 74 percent of CTOs today believe that cloud computing will have the most measurable impact on their business this year. Specifically in the area of file storage, the cloud has swiftly become the domain of governmental regulations, More


Correcting the Record on vDOS Prosecutions Krebs on Security

KrebsOnSecurity recently featured a story about a New Mexico man who stands accused of using the now-defunct vDOS attack-for-hire service to hobble the Web sites of several former employers. That piece stated that I wasnt aware of any other prosecutions related to vDOS customers, but as it happens there was a prosecution in the United Kingdom earlier this year of a man whos admitted to both using and helping to administer vDOS. Heres a look at some open-source clues that may have led to the U.K. mans arrest.

Jack Chappell, outside of a court hearing in the U.K. earlier this year.

In early July 2017, the West Midlands Police in the U.K. arrested 19-year-old Stockport resident Jack Chappell and charged him with aiding the vDOS co-founders two Israeli men who were arrested late year and charged with running the service.

Until its demise in September 2016, vDOS was by far the most popular and powerful attack-for-hire service, allowing even completely unskilled Internet users to launch crippling assaults capable of knocking most Web sites offline. vDOS made more than $600,000 in just two of the four years it was in operation, launching more than 150,000 attacks against thousands of victims (including this site).

For his part, Chappell was charged with assisting in attacks against Web sites for some of the worlds largest companies, including Amazon, BBC, BT, Netflix, T-Mobile, Virgin Media, and Vodafone, between May 1, 2015 and April 30, 2016.

At the end of July 2017, Chappell pleaded guilty to those allegations, as well as charges of helping vDOS launder money from customers wishing to pay for attacks with PayPal accounts.

A big factor in that plea was the leak of the vDOS attacks, customer support and payments databases to this author and to U.S. law enforcement officials in the fall of 2016. Those databases provided extremely detailed information about co-conspirators, paying customers and victims.

But as with many oth...


Top 10 Moments in 2017 Linux Foundation Events

See the Top 10 moments of 2017 Linux Foundation events, including a conversation with Linus Torvalds, a video created by actor Joseph Gordon-Levitt through his colloborative production company, the Diversity Empowerment Summit, and Auto Grade Linux in the new Toyota Camry.


Most businesses to invest in artificial intelligence by 2020 Help Net Security

Eighty-five per cent of senior executives plan to invest in artificial intelligence (AI) and the Internet of Things (IoT) by 2020, according to a new survey of UK digital leaders by Deloitte. The findings come from the first edition of a new regular report from Deloitte, the Digital Disruption Index. The index will track investment in digital technologies and create a detailed picture of their impact on the largest and most influential business and public More

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Tuesday, 21 November


DNS Resolver Will Check Requests Against IBM Threat Database SoylentNews

The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features.

The Quad9 DNS service, at, not only turns URIs into IP addresses, but also checks them against IBM X-Force's threat intelligence database. Those checks protect agains landing on any of the 40 billion evil sites and images X-Force has found to be dangerous.

The Alliance (GCA) was co-founded by the City of London Police, the District Attorney of New York County and the Center for Internet Security and styled itself "an international, cross-sector effort designed to confront, address, and prevent malicious cyber activity."

[...] The organisation promised that records of user lookups would not be put out to pasture in data farms: "Information about the websites consumers visit, where they live and what device they use are often captured by some DNS services and used for marketing or other purposes", it said. Quad9 won't "store, correlate, or otherwise leverage" personal information.

[...] If you're one of the lucky few whose ISP offers IPv6, there's a Quad9 resolver for you at 2620:fe::fe (the PCH public resolver).

takyon: Do you want to give the City of London Police control of your DNS?

Original Submission

Read more of this story at SoylentNews.


Scammed via Western Union? Claim your share of a $586 million refund now! Graham Cluley

Western Union has agreed to pay more than half a billion dollars (an eye watering $586 million) to scam victims.

Read more in my article on the Tripwire State of Security blog.


Identity theft concerns wont hold back holiday shopping Help Net Security

Despite concerns about identity theft and fraud, consumers dont plan to curb their holiday shopping, according to Discover. While 62 percent of consumers are very or moderately concerned about identify theft or fraud this holiday season, 73 percent, say concerns over recent data breaches wont affect how theyll go about their holiday shopping. Discover has commissioned its annual holiday shopping survey since 2004. Consumers are taking proactive steps to safeguard their identities When it comes More


Sophisticated industrial network monitoring without connectivity risks Help Net Security

SecurityMatters and Waterfall Security Solutions announced a global partnership to protect industrial control systems from the most advanced cyber threats. The joint solution integrates SecurityMatters SilentDefense network monitoring platform with Waterfalls Unidirectional Security Gateways to enable industrial enterprises to continuously and centrally monitor industrial control networks, while thoroughly protecting those networks from cyber attacks. SecurityMatters flagship product, SilentDefense, is an OT network monitoring and intelligence platform that empowers industrial operators with unrivaled visibility, threat detection More


Why the Open Source Community Needs a Diverse Supply Chain

At this year's Community Moderator's meeting in Raleigh, North Carolina, Red Hat CEO Jim Whitehurst made a comment that stuck with me.

"Open source's supply chain is source code," he said, "and the people making up that supply chain aren't very diverse."

Diversity and inclusivity in the technology industryand in open source communities more specificallyhave received a lot of coverage, both on and elsewhere. One approach to the issue foregrounds arguments about concepts that are more abstractlike human decency, for example.


Mad Eye For The WiFi Hackaday

In the Harry Potter universe, Professor Moody was, perhaps unfairly, given the nickname Mad Eye for the prosthetic eye he wore. His eye remains a challenge for technically-minded cosplayers aiming to recreate the look and feel of this unique piece of headgear. [cyborgworkshop] had already mastered the basic eye, but wanted to take things further.

The original build relied on a sub-micro servo to move the eyeball. This was done at random as an attempt to simulate the eyes behaviour in the books and films. However, wanting more, [cyborgworkshop] decided to make the eye more reactive to its surrounding environment. Using the Adafruit Huzzah, a breakout board for the ESP8266, code was whipped up to detect the number of WiFi access points in the area. The more access points, the more frequent and erratic the movement of the eye. Occasional slower periods of movement are coded in before the eye resumes its wild darting once more, depending on just how saturated the local WiFi environment is.

Its a great twist on the project, and [cyborgworkshop] has provided more details on the initial build, too. If you think youre having dja vu, check out this build using recycled parts.

Filed under: Wireless Hacks


170 Pirate IPTV Vendors Throw in the Towel Facing Legal Pressure TorrentFreak

Pirate streaming boxes are all the rage this year. Not just among the dozens of millions of users, they are on top of the anti-piracy agenda as well.

Dubbed Piracy 3.0 by the MPAA, copyright holders are trying their best to curb this worrisome trend. In the Netherlands local anti-piracy group BREIN is leading the charge.

Backed by the major film studios, the organization booked a significant victory earlier this year against Filmspeler. In this case, the European Court of Justice ruled that selling or using devices pre-configured to obtain copyright-infringing content is illegal.

Paired with the earlier GS Media ruling, which held that companies with a for-profit motive cant knowingly link to copyright-infringing material, this provides a powerful enforcement tool.

With these decisions in hand, BREIN previously pressured hundreds of streaming box vendors to halt sales of hardware with pirate addons, but it didnt stop there. This week the group also highlighted its successes against vendors of unauthorized IPTV services.

BREIN has already stopped 170 illegal providers of illegal media players and/or IPTV subscriptions. Even providers that only offer illegal IPTV subscriptions are being dealt with, BREIN reports.

In addition to shutting down the trade in IPTV services, the anti-piracy group also removed 375 advertisements for such services from various marketplaces.

This is illegal commerce. If you wait until you are warned, you are too late, BREIN director Tim Kuik says.

You can be held personally liable. You can also be charged and criminally prosecuted. Willingly committing commercial copyright infringement can lead to a 82,000 euro fine and 4 years imprisonment, he adds.

While most pirate IPTV vendors threw in the towel voluntarily, some received an extra incentive. Twenty signed a settlement with BREIN for varying amounts, up to tens of thousands of euros. They all face further penalties if they continue to sell pirate subscriptions.

In some cases, the courts were involved. This includes the recent lawsuit against MovieStreamer, that was ordered to stop its IPTV hyperlinking activities immediately. Failure to do so will result in a 5...


Underside of Pine Island Glacier Imaged Using Radar SoylentNews

Antarctic glacier's rough belly exposed

The melting Antarctic ice stream that is currently adding most to sea-level rise may be more resilient to change than previously recognised. New radar images reveal the mighty Pine Island Glacier (PIG) to be sitting on a rugged rock bed populated by big hills, tall cliffs and deep scour marks. Such features are likely to slow the ice body's retreat as the climate warms, researchers say. The study appears in the journal Nature Communications [open, DOI: 10.1038/s41467-017-01597-y] [DX].

"We've imaged the shape of the bed at a smaller scale than ever before and the message is really quite profound for the ice flow and potentially for the retreat of the glacier," said lead author Dr Rob Bingham from Edinburgh University. "Where the bed is flat - that's where we will see major retreat. But where we see these large hills and these other rough features - that's where we may see the retreat slowed if not stemmed," he told BBC News.

Original Submission

Read more of this story at SoylentNews.


Ubuntu Boot Times From Linux 4.6 To 4.15 Kernels Phoronix

It's been a while since last doing any Linux boot speed comparisons while this morning I have some numbers to share when looking at the boot performance from the Linux 4.6 kernel through Linux 4.15 Git to see how it's changed over time,..


Ecommerce Platform Review: BigCommerce TechWorm

If you plan on immersing yourself into the booming world of ecommerce, you need a dynamo tool that can propel you to the heights of success. The platform you choose needs an appealing and effective range of features for displaying your goods and collecting funds. And it needs to be as intuitive as it is powerful.

The multitude of ecommerce platforms have a lot to offer. Many of these solutions make it easy enough for novices to master creating professional storefronts, uploading products, establishing checkout processes and and all the other ecommerce ins-and-outs.

There are plenty of well-known options for merchants to choose from, such as Shopify, Magento and WooCommerce. Today I will give you the skinny on another one of the most popular solutions on the market: BigCommerce.

BigCommerce offers users a vast selection of powerful features that provide value to both ecommerce veterans and rookies. Despite a relatively simple interface and design, BigCommerce still touts high-level capabilities, effectively creating a one-stop shop for all of a merchants needs. Its not a perfect platform, but its pretty darn close.

Is BigCommerce your ideal ecommerce partner? Lets find out.

Packages and Offerings

For anyone who wants to test out BigCommerces features or interface, check out the 15-day free trail. Thats a good chunk of time to see if the platform is suited to your brands needs.

BigCommerce has four different tiers of service: Standard ($29.95/month), Plus ($79.95/month), Pro ($249.95/month), and Enterprise (custom).

Ecommerce Platform Review: BigCommerce

Unlike other ecommerce solutio...


Tether Hacked Attacker Steals $31 Million of Digital Tokens The Hacker News

Again some bad news for cryptocurrency users. Tether, a Santa Monica-based start-up that provides a dollar-backed cryptocurrency tokens, has claimed that its systems have been hacked by an external attacker, who eventually stole around $31 million worth of its tokens. With a market capitalization of $673 million, Tether is the world's first blockchain-enabled platform to allow the


Weekly phpMyAdmin contributions 2017-W46 Michal iha's Weblog

Last week was equally spent on refactoring, bugfixing and infrastructure. We're looking for replacement our oldish server and it seems that rented server or virtual hosts seems to be best fit for us these days. Still there are quite some choices to consider.

I've done quite some development as well - I'm most happy with Util::linkOrButton refactoring which helped to cleanup the code quite a lot, but there were other fixes and improvements as well.

Handled issues:

Filed under: English phpMyAdmin


NVIDIA Wants Feedback On Its Device Memory Allocator Project Phoronix

After apologizing how they handled the EGLStreams proposal for NVIDIA Wayland support, James Jones of NVIDIA is trying to get the development of their proposed generic device memory allocator library back on track...


Exploring the Linguistics Behind Regular Expressions

Little did I know that learning about Chomsky would drag me down a rabbit hole back to regular expressions, and then magically cast regular expressions into something that fascinated me. What enchanted me about regular expressions was the homonymous linguistic concept that powered them.


Introducing BuildKit

BuildKit is a new project under the Moby umbrella for building and packaging software using containers. Its a new codebase meant to replace the internals of the current build features in the Moby Engine.


Early Linux 4.15 AMDGPU Linux Gaming Tests Indicate Some Regressions Phoronix

Here are some early AMD Radeon Linux gaming benchmarks using the in-development Linux 4.15 kernel. Unfortunately, there are a few performance regressions...


Campaign Information Security Stories by the grugq on Medium

In Theory and Practice

A committee of top tier infosec heavy weights (and a half dozen interns) got together and wrote a guide to campaign information security. Its a fine document produced by a lot of talented people and definitely a good starting point. Indeed, it mirrors much of the advice I put together in August 2016 for political campaigns. Im sure the authors have considerably more expertise on the details and ground realities of political campaigns than I do. Still, theres some additional content that I believe is worth sharing, perhaps it will be of use to someone.

dont fear the trolls, f#*k with them.
Rule #1: your objective is not dont get hacked, your objective is dont let the adversary get useable information

The first and most important thing to keep in mind that your goal is to deny the adversary useful information. Not getting hacked is certainly the first step towards that goal, but it is not the final step.

Rule #2: authenticity is the only thing that people believe.

If the worst case scenario happens and the adversary begins leaking your data, verify that it hasnt been tampered with or altered. The Soviets preferred a mixture of 9 parts truth to 1 part dezinfomatsiya for their influence operations. When you encounter an alteration or manipulation, you must immediately expose it by showing the original. This robs the adversary of authenticity. Their lost credibility is your gain.

Rule #3: the e in email stands for evidence

Do not use email for anything that isnt routine or mundane (anyone hungry? Lets get lunch, is ok, gossip or rumours is not.) Communications are critical and in descending order of preference:

  1. Face to face
  2. Encrypted ephemeral messenger (Signal, Wire, Wickr)
  3. Encrypted messenger (Signal, Threema, Wire, Wickr, WhatsApp)
  4. Mass blast emails to everyone, because anything on email may as well be public
Rule #4: use deception to lure the adversary out

Get a Canary for your office network and configure it as a file or email server. They are ridiculously easy to setup, theyre cheap, they have essentially zero false positives. This means that an alert from the Canary is highly likely to be indicative of malicious activity on your network.

Rule #5: use deception to consume the adversarys analytic resources

Your team can focus on a limited number of real files while the adversary has to sift through everything that you produce. They cannot skimp on analytic resources because they have a deadline. Use this to your advantage by generating volumes of irrelevant...


Vigilante or bug hunter? Graham Cluley

Vigilante or bug hunter?

A website is taken down after a vulnerability researcher discovers a way to extract customers' personal details.

The media, however, describe him as a "vigilante". And the website's owner say it's a "false alarm."


Intel Lands Support For Vector Neural Network Instructions In LLVM Phoronix

Intel continues bringing up support for the 2019 Icelake processors within the open-source compiler toolchains...


Maximize the impacts of space science Lifeboat News: The Blog

In our view, to get the most from space-science programmes in terms of impacts on research and reputation government agencies and institutions need to choose, manage and assess missions in ways that optimize the scientific outputs. As heads of space-science agencies and institutes from around the world gather at a forum next week in Beijing to identify principles for maximizing returns on such missions, we call on them to put science first.

Put research goals first when prioritizing and managing national and international projects, urge Ji Wu and Roger Bonnet.


R600 Gallium3D Picks Up Another OpenGL 4.5 Extension Phoronix

Just days after David Airlie landed R600g image shader support and other patches for this Radeon HD 2000 through HD 6000 series open-source driver, he's enabled support for another GL4 extension...


Man Gets Threats-Not Bug Bounty-After Finding DJI Customer Data in Public View SoylentNews

A bug bounty hunter shared evidence; DJI called him a hacker and threatened with CFAA.

DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.

Finisterre found the security error after beginning to probe DJI's systems under DJI's bug bounty program, which was announced in August. But as Finisterre worked to document the bug with the company, he got increasing pushbackincluding a threat of charges under the Computer Fraud and Abuse Act (CFAA). DJI refused to offer any protection against legal action in the company's "final offer" for the data. So Finisterre dropped out of the program and published his findings publicly yesterday, along with a narrative entitled, "Why I walked away from $30,000 of DJI bounty money."

-- submitted from IRC

Original Submission

Read more of this story at SoylentNews.


Introducing Fn: Serverless Must Be Open, Community-Driven, and Cloud-Neutral

Fn, a new serverless open source project was announced at this years JavaOne. Theres no risk of cloud lock-in and you can write functions in your favorite programming language. You can make anything, including existing libraries, into a function by packaging it in a Docker container. We invited Bob Quillin, VP for the Oracle Container Group to talk about Fn, its best features, next milestones and more.


Did Facebook remove delete post option from the desktop website? TechWorm

No, Facebook hid the delete post option from some users

This unusual activity was first spotted by The Next Webs Director Matt Navarra along with some users who flocked across different social media sites complaining about facing the same problem.

Some suggested that it could be a temporary bug and some claiming that Facebook has intentionally deleted this feature.

However, a newest update confirmed that the company didnt remove the delete post button and its still in its beta period. Instead, it appears that the delete post option was disabled for a large group of users leading to the rumor that one would no longer be able to remove posts. For desktop users looking to access the delete post option can still see it in the activity log section.

On the other hand, there were many others who reported to still have the delete post option in their profiles, which leaves one guessing if Facebook has restored the feature after a lot of users started complaining about the inability to delete something they posted on Twitter and on Facebook.

While the company has yet to officially address this issue, it makes one think if Facebook has again played mind games with its users. In the past, the company had deliberately labelled posts as Fake News to test peoples reaction. This is a developing story and we shall keep you updated once we receive information on it.

The post Did Facebook remove delete post option from the desktop website? appeared first on TechWorm.


AT&T Wants White Box Routers with an Open Operating System

AT&T says its not enough to deploy white box hardware and to orchestrate its networks with the Open Network Automation Platform (ONAP) software. Each individual machine also needs its own operating system, writes Chris Rice, senior vice president of AT&T Labs, Domain 2.0 Architecture, in a blog post.


Prototyping, Making A Board For, And Coding An ARM Neural Net Robot Hackaday

[Sean Hodgins]s calls his three-part video series an Arduino Neural Network Robot but wed rather call it an enjoyable series on prototyping, designing a board with surface mount parts, assembling it, and oh yeah, putting a neural network on it, all the while offering plenty of useful tips.

In part one, prototype and design, he starts us out with a prototype using a breadboard. The final robot isnt on an Arduino, but instead is on a custom-made board built around an ARM Cortex-M0+ processor. However, for the prototype, he uses a SparkFun SAM21 Arduino-sized board, a Pololu DRV8835 dual motor driver board, four photoresistors, two motors, a battery, and sundry other parts.

Once hes proven the prototype works, he creates the schematic for his custom board. Rather than start from scratch, he goes to SparkFuns and Pololus websites for the schematics of their boards and incorporates those into his design. From there he talks about how and why he starts out in a CAD program, then moves on to KiCad where he talks about his approach to layout.

Part two is about soldering and assembly, from how he sorts the components while still in their shipping packages, to tips on doing the reflow in a toaster oven, and fixing bridges and parts that arent on all their pads, including the microprocessor.

In case you want to replicate this, [Sean]s provided a GitHub page with BOM, code and so on. Check out all three parts below, or watch just the parts that interest you.

[Sean]s neural network is one that learns using supervised learning, an approach where you iterate through a table of inputs and expected outputs. If you instead want your robot to learn from experimenting in its environment, called unsupervised learning, then check out...


Mastodon is Free Software, But It Does Not Respect Free Speech (Updated)

This is what I get when I log in

Mastodon oops

SO-called social networks (Ive coined the term social control networks for these) are supposed to facilitate a diversity of views. Not threats. Not calls for genocide. These strands of speech constitute violations of very particular laws and for defensible reasons. But the point being, let people express their views, even if and when you disagree with these views.

I am not vulgar, I dont really curse, and I dont write negatively about vulnerable groups; my criticisms are usually directed at large organisations, institutions, corporations, political parties and so on. I never really considered myself worthy of censorship of any kind, yet Twitter has, on several occasions, shadowbanned me for no reason at all or simply because I was being bullied (shadowban by algorithms can lead to that). Time-limited shadowbans are not so severe because the user is typically not aware of them and can still post (albeit the audience is severely limited, its almost like talking to oneself sometimes).

Twitter, to its credit, never ever suspended me. Ever. The funny thing is that people in Mastodon say that I should delete Twitter and not participate in it. Eventually, as it turns out, its actually Mastodon that censors me. Its an actual suspension for which I have not been given reason other than some people reporting me (as if that alone merits action, DMCA-style).

I am guessing that the suspension will eventually be undone, but that may still result in self-censorship. I was actually very surprised when it happened and spent over an hour investigating what I assumed to be a technical fault. The above says error; it does not tell me that I got suspended.

As Mastodon has just suspended me ( to be precise), I believe it can do it to virtually anyone. Apparently all it takes is a complaint citing something from the rather vague ToS, which can be interpreted as dont cause people offense (or make an oppressive environment whatever exactly that may mean). Even without insulting any other user let alone a mention of another user ones views/links can apparently get one the boot, without as little as due process of some kind.

Mastodon was always known to be tough on Nazis; it was known that they were strict on free speech only to a degree. After the treatment that I received yesterday, however, I can no longer recommend Mastodon. It may be Free software, but its very weak on free speech.

The most insul...


Windows 8 and newer versions fail to properly implement ASLR Security Affairs

CC/CERT is warning the Address Space Layout Randomisation (ASLR) isnt properly implemented in versions of Microsoft Windows 8 and newer.

The researcher Will Dormann from the Carnegie-Mellon CERT has discovered the Address Space Layout Randomisation (ASLR) isnt properly implemented in versions of Microsoft Windows 8 and newer.

The Address Space Layout Randomization (ASLR Protection) is a security mechanism used by operating systems to randomize the memory addresses used by key areas of processes, it makes hard for attackers to find the memory location where to inject their malicious code.

The Address Space Layout Randomisation is particularly effective against stack and heap overflows and is able to prevent arbitrary code execution triggered by any other buffer overflow vulnerability. The security measures are present in almost any modern operating system, including Windows, Linux, macOS, and Android.

Applications running on Windows 8 and newer versions were allocated addresses with zero entropy, this means that it was possible to predict where the code is allocated in memory due to the failure of the randomisation. Windows 10 has the problem, too.

The CERT/CC published a security advisory late last, Dormann found the ASLR issue while he was analyzing a recently fixed bug in Microsofts equation editor, tracked as CVE-2017-11882, that could be exploited by remote attackers to install a malware without user interaction.

Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomise executables that do not opt in to ASLR. states the security advisory.

According to the CERT, the bug only affe...


Apple Starts Pushing High Sierra to Mac Users SoylentNews

Quoted from the "If you're running macOS 10.12 Sierra or earlier, and do not want to upgrade to 10.13 High Sierra right now, be careful because Apple has started pushing High Sierra to older Macs and making it all too easy to upgrade inadvertently." [...]

Original Submission

Read more of this story at SoylentNews.


Repair decayed teeth with bioactive glass that remineralizes teeth without fluoride Terra Forming Terra

Image: Repair decayed teeth with bioactive glass that remineralizes teeth without fluoride


New York Times confirms Mumps now spread mostly by vaccinated children Terra Forming Terra

There have been specific cases for which the vaccination protocol appears to have succeeded.  What has happened though is that the protocol has been applied to a wide range of other biological disease agents as if this one protocol could always succeed.

Worse we are now learning that there is ample reason to suspect much of our so called past success was illusionary or outright fraud.  Plausible claims regarding this have been made not least because some of those events are not supported naturally.

The real success in the past century has been public hygiene.  *It really matters to have clean drinking water.  The past truly lacked just that.  We now have armies able to go anywhere, operate and not be made sick.  That was never true and we still have no vaccine for dysentery.

In the event it essentially turns out that mumps is likely extinct in the wild and we now contract it through vaccination.  Even back in the day the so called vaccine was dangerous and it nearly killed me when i was twelve.  We were injected in the midst of an outbreak no less.  How stupid..

New York Times confirms investigation: Mumps now spread mostly by vaccinated children

Posted on November 7, 2017 by Mike Adams

(Natural News) The New York Times is now confirming that Natural News has been right all along about the real cause of mumps outbreaks in America. In a bombshell article entitled, Mumps Makes a Comeback, Even Among the Vaccinated, the NYT admits that vaccinated children are spreading mumps. Via the NYT: (bolding added)

Most of the recent cases occurred in outbreaks, including a large one in Arkansas, rather than as a sporadic here-a-case, there-a...


. How this couple earns a six figure annual income with 1.5 acres of land Terra Forming Terra

Image: How this couple earns a six figure annual income with 1.5 acres of land

The technology exists today to make this particular scenario work out.  It naturally helps to supply a 200 family client base.

Add in robotic support for close grooming and we have a hugely productive agricultural protocol.

Integrating livestock allows close grooming of woodlands and natural grasslands as well.  Chickens are used to initially process garden lands such as shown here to produce a weed and insect suppressed growing environment.  Throw in a biochar enriched organic mulch and the soils will continuously improve.

Right now a couple can master an acre or two well enough of garden and perhaps several additional acres in orchard trees along with free range chickens and a couple of goats to suppress the understory.

This way of life will dominate human existence for the coming millennia and will be known as heaven on earth..
How this couple earns a six figure annual income with 1.5 acres of land 

Friday, November 03, 2017 by:...


Song of Pheryllt Terra Forming Terra


Much of the material here is drawn from medieval sources inspired by the work of Virgil.  Pheryllt is the welsh form of Virgil.

However do note the immediate affinity to metal workers and alchemy as we discovered through the Kolbrin Bible which does have internal authenticity.  This work at least remembers an ancient sect of teachers or Druids who were also out of the Bronze Age tribe of global metal workers central to the Atlantean world.

Beyond that the time of Stonehenge was prior to 2500 BC and the historical knowledge of the druids time in during Roman times. Linking them is questionable but considering the concurrent Egyptian world and the natural continuity of shared scholarship as shown us with the Kolbrin, it is not impossible at all.

That we are now dredging up bits and pieces is excellent, particularly as i also have a clear grasp of the physicality of the after life and can authenticate much of the material from that aspect.


Song of the Pheryllt - who were the Mysterious Druid builders of Stonehedge?

Welsh history alludes to a very ancient and enigmatic sect of Druids that may be the very first wave of magician priests in the British Isles, even predating the Celtic Druids by hundreds or even thousands of years. Both historical documents in Wales, as well as the rhythmic poems regularly recited by the Welsh Bards, mention an obscure...


A massive cyber attack hit the Algerian state telecom operator Algerie Telecom Security Affairs

The Algerian state telecom operator Algerie Telecom was hit by a series of cyber attacks aimed to hack and disrupt its system.

The Algerian state telecom operator Algerie Telecom confirmed on Friday that it was hit by a series of cyber attacks aimed to hack and disrupt its system.

The company was able to repel the attack and security services managed to identify and arrest the attackers.

At the time of writing, there are no further details about the attacks or the motivation of the hackers.

According to a statement issued by the company, its staff was able to protect the operational infrastructure with the help of security services.

Algerian state telecom operator Algerie Telecom

The rapid increase in the number of cyber attacks is raising concerns in Algeria especially over the security of recently launched services, such as the recently adopted e-payment system for electricity and water bills.

Iman Houda Faraoun, Minister of Post, Information and Communication Technologies and Digital Economy, said the e-commerce bill, which had been approved by the Council of Ministers, will come into force as soon as it is approved by the parliament. reported the website.

She promised that the e-commerce process will be fully protected, as e-financial transactions data, invoices and postal and bank cards will remain confidential.

Pierluigi Paganini

(Security Affairs  Algerie Telecom, hacking)



Marvell Technology to Buy Cavium for $6 Billion SoylentNews

Marvell is buying Cavium. Both are "fabless" semiconductor manufacturers:

Chipmaker Marvell Technology Group Ltd (MRVL.O) said it would buy smaller rival Cavium Inc (CAVM.O) in a $6 billion deal, as it seeks to expand its wireless connectivity business in a fast consolidating semiconductor industry.

[...] Hamilton, Bermuda-based Marvell makes chips for storage devices while San Jose, California-based Cavium builds network equipment. "With Marvell facing secular challenges on its core chip business, this acquisition is a smart strategic move which puts the company in a stronger competitive position for the coming years," said GBH Insights analyst Daniel Ives.

Marvell, which has been trying to diversify from its storage devices business, had come under pressure from Starboard Value LP last year, when the activist investor called the company undervalued. "This is an exciting combination of two very complementary companies that together equal more than the sum of their parts," Marvell's Chief Executive Matt Murphy said in a statement.

Also at Ars Technica.

Related: HPC Chips Abound

Original Submission

Read more of this story at SoylentNews.


Home Brew Augmented Reality Hackaday

In July of 2016 a game was released that quickly spread to every corner of the planet. Pokemon Go was an Augmented Reality game that used a smart phones GPS location and camera to place virtual creatures into the persons real location. The game was praised for its creativity and was one of the most popular and profitable apps in 2016. Its been download over 500 million times since.

Most of its users were probably unaware that they were flirting with a new and upcoming technology called Augmented Reality. A few day ago, [floz] submitted to us a blog from a student who is clearly very aware of what this technology is and what it can do. So aware in fact that they made their own Augmented Reality system with Python and OpenCV.

In the first part of a multi-part series the student (we dont know their name) walks you through the basic structure of making a virtual object appear on a real world object through a camera. He 0r she gets into some fairly dense math, so you might want to wait until you have a spare hour or two before digging into this one.

Thanks to [floz] for the tip!

Filed under: Virtual Reality ...


Some 'Security People Are F*cking Morons' Says Linus Torvalds SoylentNews

[...] Torvalds has long been unafraid to express himself in whatever language he chooses on the kernel and has earned criticism for allowing it to become a toxic workplace. He's shrugged off those accusations with an argument that his strong language is not personal, as he is defending Linux rather than criticising individuals. On this occasion his strong language is directed at a team and Cook's approach to security, rather than directly at Cook himself. It's still a nasty lot of language to have directed at anyone.

Some 'security people are f*cking morons' says Linus Torvalds

[Reference]: [GIT PULL] usercopy whitelisting for v4.15-rc1
[Linus' Response]: Re: [GIT PULL] usercopy whitelisting for v4.15-rc1

Original Submission

Read more of this story at SoylentNews.


Distribution Release: LibreELEC 8.2.1 News

LibreELEC is a minimal operating system dedicated to running the Kodi media centre. LibreELEC runs on x86 personal computers and ARM-based computers, such as the Raspberry Pi. The project has released LibreELEC 8.2.1 which features time zone fixes and security improvements to Samba network shares. "LibreELEC 8.2.1 is....


How Would You Define "A Successful Human Head Transplant"? SoylentNews

Over at Newsweek, Hannah Osborne is reporting - First Human Head Transplant Successfully Performed on Corpse, Sergio Canavero Announces Key bits:

Scientists have carried out a head transplant on a human corpse, the neurosurgeon behind the operation has announced.

At a press conference in Vienna, Austria, Sergio Canavero said his team was able to remove the head from one body and connect it to the body of another by fusing the spine, nerves and blood vessels. He said the next step will be to carry out the operation on a living person, The Telegraph reports.

"The first human transplant on human cadavers has been done. A full head swap between brain dead organ donors is the next stage, he said. "And that is the final step for the formal head transplant for a medical condition which is imminent.

Canavero said a high number of people have volunteered to be his first head transplant patient. It is thought he will carry out the operation in China in December.

Because, of course, some of us are aware of the special dynamics of the intersection between Ethics, Journalism, and the Chinese government.

And then the next kicker to sufficiently anti-bait the click:

The Italian neurosurgeon did not present any evidence of his claims at the conference.

But, who knows what gruesome story we'll hear about in December.

Original Submission

Read more of this story at SoylentNews.


Kaspersky: Yes, we obtained NSA secrets. No, we didnt help steal them Lifeboat News: The Blog

He said, she said.

Kaspersky: Yes, we obtained NSA secrets. No, we didnt help steal them.

Moscow-based AV provider challenges claims it helped Russian spies.



[CVE-2017-15044] DocuWare FullText Search - Incorrect Access Control vulnerability Bugtraq

Posted by Graham Leggett on Nov 20

CVE-2017-15044: DocuWare FullText Search - Incorrect Access Control vulnerability

Severity: High



DocuWare Europe GmbH
Therese-Giehse-Platz 2 82110 Germering Germany



The default installation of DocuWare FullText Search server allows remote
users to connect to and download and or modify all searchable text from
the embedded Solr...


ESP8266 Home Monitor Is Stylishly Simplistic Hackaday

Its often said that Less is More, and we think that the chic ESP8266 environmental monitor posted by Thingiverse user [bkpsu] definitely fits the bill. Dubbed Kube, the device is a 3D printed white cube with an OLED display in the center, which [bkpsu] says was designed specifically for the approval of his wife. Weirdly, she didnt like the look of bare PCBs on the wall.

Multiple Kubes allow for whole-house monitoring.

Inside, things are a little more complex. The Kube uses the NodeMCU development board, and a custom breakout that [bkpsu] designed to interface with the display and sensors. For temperature and humidity monitoring, the Kube is using the ever-popular DHT22, and [bkpsu] mentions that he has future plans for things like motion sensors and direct control of RGB LED strips. All the data collected by the Kube is piped into openHAB via MQTT.

On the very detailed Thingiverse page, [bkpsu] gives background information on his design goals for the project, tips for printing out a high-quality case, a parts list with Amazon links, and pinout information for getting it all wired up. The PCB is even available on OSH Park for those who want a Kube of their own.

Even with all the stick home monitoring and automation products on the market today,...


Texas Rangers Serve Apple a Warrant for Mass Shooter's iPhone Data SoylentNews

The Texas Rangers have served Apple a warrant for iPhone and iCloud data connected to the recent mass shooter Devin Patrick Kelley. However, it is unknown whether Kelley actually used iCloud to store data, and unlikely that Apple will be able or willing to help unlock the iPhone:

Texas Rangers investigating the mass shooting in Sutherland Springs have served a search warrant on Silicon Valley giant Apple Inc. and are seeking digital photos, messages, documents and other types of data that might have been stored by gunman Devin Patrick Kelley, who was found with an iPhone after he killed himself.

Court records obtained by the San Antonio Express-News show Texas Ranger Kevin Wright obtained search warrants on Nov. 9 for files stored on Kelley's iPhone, a second mobile phone found near his body and for files stored in Kelley's iCloud account Apple's digital archive that can sync iPhone files.

The iCloud feature is an optional service. Obtaining such records, if they exist, directly from Apple could aid authorities investigating the worst mass shooting in modern Texas history. Apple's policy regarding iCloud content states that material may be provided to law enforcement agencies if they obtain search warrants.

In addition, the FBI may have already screwed it up.

Also at Engadget, BGR, and Fast Company.

Original Submission

Read more of this story at SoylentNews.


On-orbit satellite servicing: The next big thing in space? By Sandra Erwin | SpaceNews Lifeboat News: The Blog

Technology has been developed to approach, grasp, manipulate, modify, repair, refuel, integrate, and build completely new platforms and spacecraft on orbit, he said. But the lack of clear, widely accepted technical and safety standards for on-orbit activities involving commercial satellites remains a major obstacle to the expansion of the industry.

Read more


Tesla Roadster might fly By Peter Valdes-Dapena | CNN Tech Lifeboat News: The Blog

Musk seems to be talking about something different, a sports car that could hop over obstacles. The emphasis would, presumably, still be on performance and practicality with four wheels on the ground.

Read more


Christiana Figueres Europe Regional Round TableUnited Nations Environment Programme Finance Initiative (UNEP FI) Lifeboat News: The Blog

Former Executive Secretary to UNFCCC, Christiana Figueres has laid down a challenge to UNEP FIs banking members, and the wider finance industry to increase their allocations to low carbon investments to avoid a 2 degrees scenario. Watch her recording which she made for participants at UNEP FIs Europe Regional Roundtable on Sustainable Finance which took place in October 2017.

Read more


Al Gore Fiduciary Duty in the 21st centuryPrinciples for Responsible Investment (PRI) Lifeboat News: The Blog

Former Vice President and Chairman of Generation Investment Management, Al Gore, introduces PRI, UNEP FI and The Generation Foundations Fiduciary duty in the 21st century programme. The project finds that, far from being a barrier, there are positive duties to integrate environmental, social and governance factors in investment processes.

Read more


Report: FCC chair to push for complete repeal of net neutrality The Hill: Technology Policy

Federal Communications Commission (FCC) Chairman Ajit Pai will reportedly seek to completely repeal net neutrality rules put in place under former President Obama, according to a Monday report.Sources close to the matter tell Politico that...


Fifty years since the first United Nations Conference on the Exploration and Peaceful Uses of Outer Space (1968 2018): UNISPACE+50 United Nations Office for Outer Space Affairs (UNOOSA) Lifeboat News: The Blog

UNISPACE+50 will celebrate the fiftieth anniversary of the first United Nations Conference on the Exploration and Peaceful Uses of Outer Space. It will also be an opportunity for the international community to gather and consider the future course of global space cooperation for the benefit of humankind.

From 20 to 21 June 2018 the international community will gather in Vienna for UNISPACE+50, a special segment of the 61 st session of the Committee on the Peaceful Uses of Outer Space (COPUOS).

Read more


Extra KVM Changes For Linux 4.15 Bring UMIP Support, AMD SEV Changes Delayed Phoronix

As some additional work past the KVM changes for Linux 4.15 submitted last week, a few more feature items have been queued...


Distributed Air Quality Monitoring via Taxi Fleet Hackaday

When [James] moved to Lima, Peru, he brought his jogging habit with him. His morning jaunts to the coast involve crossing a few busy streets that are often occupied by old, smoke-belching diesel trucks. [James] noticed that his throat would tickle a bit when he got back home. A recent study linking air pollution to dementia risk made him wonder how cities could monitor air quality on a street-by-street basis, rather than relying on a few scattered stations. Lima has a lot of taxis, so why wire them up with sensors and monitor the air quality in real-time?

This taxi data loggers chief purpose is collect airborne particulate counts and illustrate the pollution level with a Google Maps overlay. [James] used a light-scattering particle sensor and a Raspi 3 to send the data to the cloud via Android Things. Since the Pi only has one native UART, [James] used it for the particle sensor and connected the data-heavy GPS module through an FTDI serial adapter. Theres also a GPS to locate the cab and a temperature/humidity/pressure sensor to get a fuller environment...


HPR2427: Server Basics 101 Hacker Public Radio

Klaatu covers the very very basics of servers: what they are, how to know one when you see one, what one ought to run, and why we have them.

How good should we expect decisions to be? Dan Luu

A statement I commonly hear in tech-utopian circles is that some seeming inefficiency cant actually be inefficient because the market is efficient and inefficiencies will quickly be eliminated. A contentious example of this is the claim that companies cant be discriminating because the market is too competitive to tolerate discrimination. A less contentious example is that when you see a big company doing something that seems bizarrely inefficient, maybe its not inefficient and you just lack the information necessary to understand why the decision was efficient.


Alternative Keystone XL Route Gets Approved in Nebraska SoylentNews


Nebraska regulators approved an alternative route Monday for the proposed Keystone XL pipeline. It was the last major regulatory hurdle facing project operator TransCanada Corp., though opponents say another round of federal approval may now be needed.

The Nebraska Public Service Commission's ruling was on the Nebraska route TransCanada has proposed to complete the $8 billion, 1,179-mile (1,897-kilometer) pipeline to deliver oil from Alberta, Canada, to Texas Gulf Coast refineries. The proposed Keystone XL route would cross parts of Montana, South Dakota and most of Nebraska to Steele City, Nebraska.

The long-delayed project was rejected by President Barack Obama in 2015, citing concerns about carbon pollution. President Donald Trump revived it in March, approving a permit.

[...] The five-member Nebraska Public Service Commission was forbidden by law from factoring pipeline safety or the risk of spills into its decision because pipeline safety is a federal responsibility. So, it couldn't take into account a spill of 210,000 gallons (790,000 liters) of oil on the existing Keystone pipeline in South Dakota announced on Thursday.

Also at Alternative Keystone XL route gets approved in Nebraska

Original Submission

Read more of this story at SoylentNews.


Microsoft attempts to provide internet in Puerto Rico with unused TV frequencies The Hill: Technology Policy

Microsoft is taking advantage of unused airwaves between TV stations or white spaces to provide wireless internet in Puerto Rico after its broadband infrastructure was severely damaged during Hurricane Maria. The U.S. territory is still...


BankBot banking malware found in flashlight and solitaire apps HackRead

By Waqas

In a joint research, IT security researchers at Avast, ESET, and

This is a post from Read the original post: BankBot banking malware found in flashlight and solitaire apps


Dems to FCC: Force Sinclair to sell stations for merger approval The Hill: Technology Policy

Top House Democrats want the Federal Communications Commission (FCC) to force Sinclair Broadcasting Group to sell off some television stations if the agency approves its proposed merger with Tribune Media.House Minority Leader Nancy Pelosi (D-Calif...



Re: distros list archive Open Source Security

Posted by Solar Designer on Nov 20

I've just updated these with message headers until November 19 (although
there was nothing posted after November 9, until further still-embargoed
messages appeared today).



Sony's Iconic Flamingo Record Player Techmoan

If Sony are looking for other classic products to bring back following their relaunch of the Aibo robotic dog, I'd like to suggest they turn their attention to the Flamingo record player from 1983. 
In the video below you'll see an attempt to repair one of these expensive and highly collectable turntables...and then, assuming I'm successful, there will be a demonstration of it in action. 
Ebay (well it doesn't cost to look) PS-F5 & PS-F9


How an Unpaid UK Researcher Saved the Japanese Seaweed Industry SoylentNews

Scientist's lives matter:

The tasty Japanese seaweed nori is ubiquitous today, but that wasn't always true. Nori was once called "lucky grass" because every year's harvest was entirely dependent on luck. Then, during World War II, luck ran out. No nori would grow off the coast of Japan, and farmers were distraught. But a major scientific discovery on the other side of the planet revealed something unexpected about the humble plant and turned an unpredictable crop into a steady and plentiful food source.
Fortunately, on an island at the other end of Eurasia, Kathleen Drew-Baker had recently gotten fired. She had been a lecturer in botany at the University of Manchester where she studied algae that reproduced using spores rather than flowers. But the university did not employ married women. So when she got married to fellow academic Henry Wright-Baker she was kicked off the faculty and relegated to a job as an unpaid research fellow.

Drew-Baker focused on a type of nori unfamiliar to nearly everyone: Porphyra umbilicalis. It's a leafy seaweed that grows off the coast of Wales. Locals harvest it, grind it up, and use it to make bread or soup. Known colloquially as laver, it's still eaten in Britain but has not attained the international standing of nori.
Thanks to Drew-Baker's work, Segawa was able to invent the industrial process that lead to the stable, predictable production of nori, for which everyone with a taste for sushi should be grateful.

If not for her work, sushi rolls would probably not be eaten today.

Original Submission

Read more of this story at SoylentNews.


Distribution Release: Raspberry Slideshow 10.0 News

Raspberry Slideshow (RSS) is a operating system for Raspberry Pi computers which provides a system which displays a series of images or videos in sequence. Marco Buratto has announced the release of Raspberry Slideshow 10.0 which is based on Raspbian Stretch. "Marco Buratto has just released Raspberry Slideshow....


VLT reveals dark, reddish and highly-elongated object Lifeboat News: The Blog

For the first time ever astronomers have studied an asteroid that has entered the Solar System from interstellar space. Observations from ESOs Very Large Telescope in Chile and other observatories around the world show that this unique object was traveling through space for millions of years before its chance encounter with our star system. It appears to be a dark, reddish, highly-elongated rocky or high-metal-content object. The new results appear in the journal Nature on 20 November 2017.

On 19 October 2017, the Pan-STARRS 1 telescope in Hawaii picked up a faint point of light moving across the sky. It initially looked like a typical fast-moving small asteroid, but additional observations over the next couple of days allowed its orbit to be computed fairly accurately. The orbit calculations revealed beyond any doubt that this body did not originate from inside the Solar System, like all other asteroids or comets ever observed, but instead had come from interstellar space. Although originally classified as a comet, observations from ESO and elsewhere revealed no signs of cometary activity after it passed closest to the Sun in September 2017. The object was reclassified as an interstellar asteroid and named 1I/2017 U1 (Oumuamua) [1].

We had to act quickly, explains team member Olivier Hainaut from ESO in Garching, Germany. Oumuamua had already passed its closest point to the Sun and was heading back into interstellar space.


Sites using session replay scripts leak sensitive user data Help Net Security

When we enter sensitive information our names, passwords, payment card information, medical information, what have you into websites, we do it with the expectation that it will be kept confidential and safe and will not be misused by the company running the site. Most tech-savvy users know that there are many ways this kind of information can end up in the wrong hands: machines infected with keyloggers, traffic interception/man-in-the-middle attacks, sniffing of unencrypted More


Links 20/11/2017: Why GNU/Linux is Better Than Windows, Another Linus Torvalds Rant Techrights

GNOME bluefish



  • Desktop

    • A soft push for the fairer sex

      International Centre for Free and Open Source Software (ICFOSS), an autonomous institution under Government of Kerala and Society for Promotion of Alternative Computing and Employment (SPACE), an NGO promoting free software, have been conducting Women Hackers, a project to bring more women into free software. The programme involves intensive residential workshops on college campuses.

      It was during one such hackathon that the idea for I install was put forward by the students of LBS College of Engineering, Kasaragod. A GNU/Linux installation camp, the event aims to promote the idea of taking control over the technology that you use. Those students who received training at the hackathon will be part of I install where they impart their learning to other students.

  • Server

    • 6 Reasons Why Linux is Better than Windows For Servers

      A server is a computer software or a machine that offers services to other programs or devices, referred to as clients. There are different types of servers: web servers, database servers, application servers, cloud computing servers, file servers, mail servers, DNS servers and much more.

      The usage share for Unix-like operating systems has over the years greatly improved, predominantly on servers, with Linux distributions at the forefront. Today a bigger percentage of servers on the Internet and data centers around the world are running a Linux-based operating system.

    • All the supercomputers in the world moved to Linux operating systems

      In the June 2017 Linux system stood at 498 computers from the list of TOP 500.

  • Kernel Space

    • ...


AMD EPYC Is Running Well On Linux 4.15 Phoronix

Of the many changes coming for Linux 4.15, as detailed this weekend Radeon GPU and AMD CPU customers have a lot to be thankful for with this new kernel update currently in development. Here are some initial benchmarks of the Linux 4.15 development kernel using an AMD EPYC 7601 32-core / 64-thread setup...



Acetone Smoothing Results in Working Motor Hackaday

Heres something only 90s kids will remember. In 1998, the Air Hogs Sky Shark, a free-flying model airplane powered by compressed air was released. This plane featured foam stabilizers, wings, a molded fuselage that served as a reservoir, and a novel engine powered by compressed air. The complete Sky Shark setup included an air pump. All you had to do was plug the plane into the pump, try to break the pressure gauge, and let the plane fly off into a tree or a neighbors rooftop. Its still a relatively interesting mechanism, and although were not going to see compressed air drones anytime soon its still a cool toy.

Since [Tom Stanton] is working at the intersection of small-scale aeronautics and 3D printing, he thought he would take a swing at building his own 3D printed air motor. This is an interesting challenge the engine needs to be air-tight, and it needs to produce some sort of usable power. Is a standard printer up to the task? Somewhat surprisingly, yes.

The design of [Tom]s motor is more or less the same as what is found in the Air Hogs motor from twenty years ago. A piston is attached to a crank, which is attached to a flywheel, in this case a propeller. Above the cylinder, a ball valve keeps the air from rushing in. A spring is mounted to the top of the piston which pushes the ball out of the way, allowing air into the cylinder. At the bottom of the stroke, the ball closes the valve and air escapes out of the bottom of the cylinder. Simple stuff, really, but can it be printed?

Instead of the usual printer [Tom] uses for his builds, he pulled out an old delta slightly modified for higher quality prints. Really, this is just a 0.2 mm nozzle and a few tweaks to the print settings, but the air motor [Tom] designed came out pretty well and was smoothed to a fine finish with acetone.

After assembling the motor, [Tom] hooked it up to a soda bottle serving as a compressed air reservoir. The motor worked, although its doubtful a plane powered with this motor would fly for very long. You can check out [Tom]s video below.

Filed under: 3d Printer hacks ...


DOJ sues AT&T to stop Time Warner merger The Hill: Technology Policy

The Justice Department on Monday sued AT&T to block its $85 billion merger with Time Warner, court filings show.In a lawsuit filed in U.S. District Court in Washington, federal prosecutors argued that the merger would hurt...


Uber strikes $1B deal with Volvo for self-driving cars The Hill: Technology Policy

Uber has reached an agreement with Volvo to purchase a fleet of driverless cars as the ride-hailing firm seeks to deploy autonomous vehicle technology.As part of the deal, Uber will buy as many as 24,000 XC90 Volvo SUVs between 2019 to...


Uber to Purchase 24,000 Volvo SUVs for Autonomous Vehicle Fleet SoylentNews

Uber plans to purchase 24,000 Volvo XC90 SUVs between 2019 and 2021. The number is set to change:

Uber has entered into an agreement with carmaker Volvo to purchase 24,000 of its XC90 SUVs between 2019 and 2021 to form a fleet of autonomous vehicles, according to Bloomberg News. The XC90 is the base of Uber's latest-generation self-driving test car, which features sensors and autonomous driving computing capability installed by Uber after purchase on the XC90 vehicle.

The deal is said to be worth around $1.4 billion, per the Financial Times, with the XC90 starting at $46,900 in the U.S. in terms of base model consumer pricing. Uber is already testing the XC90 in Arizona, San Francisco and Pittsburgh in trials with safety drivers on board to help refine and improve their software. Uber also paired up with Volvo to jointly develop autonomous driving and a vehicle ready for self-driving implementation, with investment from both sides committed last year.

Also at NYT.

Previously: Uber Testing Driverless Car in Pittsburgh
Uber to Begin Picking Up Passengers With Autonomous Cars Next Month
Uber's Self-Driving Cars to be Tested in San Francisco

Original Submission

Read more of this story at SoylentNews.


How iRobot's Roomba Will Roomify Your Home IEEE Spectrum Recent Content full text

iRobot is testing software that will be able to make sense out of all the rooms in your house Illustration: IEEE Spectrum; Roomba: iRobot iRobot is testing software to make sense of all the rooms in your house.

Based on conversations weve had with iRobot CEO Colin Angle, were expecting that within the next six months or so, robot vacuums will be able to understand our homes on a much more sophisticated and useful level than ever before. Specifically, theyll be able to generate maps that persist between cleaning sessions, and these maps will allow the robots to identify and remember specific rooms and adjust their cleaning behavior accordingly. (Neato is also  implementing this kind of capability .) For example, if your robot vacuum knows where your kitchen is, it can respond to commands like Go clean the kitchen, or autonomously clean there as often as it needs to.

At IROS in September, we got a bit of a sneak peak into how iRobot is going to make this happen, and how much of a difference it can make to the speed and efficiency of home navigation. Its a big difference, and it can even work on your older (and affordable) Roomba that only has bump sensors on it.

The problem that iRobot is trying to solve here is how to turn a cluttered, messy occupancy grid into something useful. An occupancy grid is a sort of binary map, a representation of whether a given space has something in it or not. As a robot like a Roomba roams around, it adds to the occupancy grid whenever it bumps into something, whether that thing is a wall, a table leg, or a shoe. As you might expect, the occupancy grid that a robot vacuum creates isnt a very accurate representation of the rooms in your house, but with a little image processing, it doesnt look all that far off:

iRobot Image: iRobot

The next step is the tricky one. Using the kind of CPU power that even old Roombas have, the occupancy grid needs to be segmented into a bunch of different rooms in a way that would make sense to a human. Once thats done, the robot can plan the most efficient path possible. 

iRobot Image: iRobot

iRobot has developed a method called RoomsSeg thats able to turn a clut...


Electric Vehicles Arent Taking Over Our Roads as Fast as Hype Artists Claim IEEE Spectrum Recent Content full text

Both the rate of EV adoption and the environmental benefits the vehicles will produce have been oversold Photo-illustration: Stuart Bradford

opening illustration Photo-illustration: Stuart Bradford

Let me begin with a disclaimer: I am neither promoting electric vehicles nor denigrating them. I simply observe that the rational case for accepting EVs has been undermined by unrealistic market forecasts and a disregard for the environmental effects involved in producing and operating these vehicles.

Unrealistic forecasts have been the norm. In 2008, Deutsche Bank predicted that EVs would claim 7 percent of the U.S. market by 2016; in 2010, Bloomberg Businessweek put the 2016 share at 6 percent. But actual sales came to 158,614 units, just 0.9 percent of the record 17.55 million vehicles sold that year.

In his 2011 State of the Union address, thenU.S. president Barack Obama called for 1 million EVs on the road by 2015, and a concurrent report by the Department of Energy claimed [PDF] that the countrys production capacity in that year would reach 1.2 million units. But the 2015 total came to 410,000 units, representing just 0.15 percent of all vehicles on the road, and sales of U.S. brands reached about 100,000 cars.

And this triumph of hope over experience continues. The worldwide total of EVs on the road reached 2 million units in 2016. If you plot the trajectory of the global stock of EVs since the beginning of their sales to the year 2016, you will see that the equation that best fits the data (a fourth-order polynomial) projects about 32 million units in 2025. But the International Energy Agencys 2017 EV outlook [PDF] estimates growth from 40 million to 70 million units worldwide by 2025 and from 160 million to 200 million by 2030. Then there are the environmental consequences. If EVs are to reduce carbon emissions (and thus minimize the extent of global warming), their batteries must not be charged with electricity generated from the combustion of fossil fuels. But in 2016, 68 percent of global electricity originated in fossil fuels; 5.2 percent came from wind and solar and the rest from hydro energy and nuclear fission.

As a g...

Automatic Speaker Verification Systems Can Be Fooled by Disguising Your Voice IEEE Spectrum Recent Content full text

Such systems are used to build evidence in criminal cases, and grant access to personal information Illustration: Getty Images

Automatic speaker verification (ASV) systems are sometimes used to grant access to sensitive information and identify suspects in a court of law. Increasingly, they are being baked into consumer devices, such as Amazons Echo and Googles Home, to respond to person-specific commands, such as play my music or read my email.

But such systems make mistakes when speakers disguise their voices to sound older or younger, according to a new study published in Speech Communication by researchers from the University of Eastern Finland. Earlier research by the same group has shown that some ASV systems cant distinguish between a professional impersonator and the person they are imitating.  

Its hard to tell how similar the systems tested for these studies are to commercial technologies, but Tomi Kinnunen, a coauthor and computer scientist at the University of Eastern Finland, says theyre probably not too far off. There are many variants of how this is implemented in practice, but pretty much, they are still based on a lot of machine learning and signal processing, he says.

Specifically, the researchers found that the equal error rate of an ASV systema measure that captures times when the system mistook the same speaker for someone else, and when it tagged different speakers as the same personincreased by 11 times for male speakers and six times for female speakers who tried to sound younger than they were. When speakers tried to sound older, the systems equal error rate increased by seven times for males and five times for females.

This means that people can fool ASV systems by changing the sound of their own voice. Speaking at a higher frequency, which most speakers did to produc...


Tips for an Information Security Analyst/Pentester career - Ep. 39: NFS shares The S@vvy_Geek Tips Tech Blog

When we analyzed NSE, I'd performed an analysis of our Ubuntu target.

By using the nfs-ls script, I found a share called export/georgia, accessible to everyone.

This share contained a hidden folder called .ssh, which is a very juicy information.

Said folder, in fact, normally holds SSH public and private key pair, allowing to securely SSH to a server without a password.

As matter of fact, this is our case, too.

Though we don't know the password for user georgia, we should be able to steal her keys and authenticate through them.


a) Mount the share to Kali

We first create a directory called /tmp/georgia, where we mount the share to our Kali attacking machine through the command: mount -t nfs /tmp/georgia
Analyzing the contents of this new directory, we see the public and private key pair for user georgia.

b) Copy the keys locally 

At this point, we can copy those keys over to Kali /root/.ssh directory.

Next, we add a new identity for ourselves (ssh-add).



Can Commodity RC Controllers Stay Relevant? Hackaday

Visualize some radio controlled airplane fanatic of yesteryear, with the requisite giant controller hanging from a strap, neck craned to see the buzzing dot silhouetted against the sky. Its kind of a stereotype, isnt it? Those big transmitters were heavy, expensive, and hard to modify, but that was just part of the challenge. Additionally, the form factor has to a degree remained rigid: the box with gimbals or for the 3-channel controller, the pistol-grip with the big pot that looks like a cheesy race car wheel.

With so much changing in RC capabilities, and the rise of custom electronics across so many different applications, can commodity RC controllers stay relevant? Were facing an age where the people who invest most heavily in RC equipment are also the ones most likely to want, and know how to work with customization for their rapidly evolving gear. It only makes sense that someone will rise up to satisfy that need.

Clunky Junky

The RC hobby is rife with bad hardware and software. It hails from an era that valued cheapness over openness, with little in the way of standards. Every manufacturer has their own way of doing things.

Like a lot of expensive hobbies, manufacturers have placed no va...


Amazon launches new 'secret' cloud service for intelligence agencies The Hill: Technology Policy

The cloud computing company Amazon Web Services (AWS) announced on Monday that its launching a new service capable of hosting government data classified as secret.AWSs new Secret Region is part of its $600 million cloud services contract with...


[$] Replacing x86 firmware with Linux and Go

The Intel Management Engine (ME), which is a separate processor and operating system running outside of user control on most x86 systems, has long been of concern to users who are security and privacy conscious. Google and others have been working on ways to eliminate as much of that functionality as possible (while still being able to boot and run the system). Ronald Minnich from Google came to Prague to talk about those efforts at the 2017 Embedded Linux Conference Europe.


Huge Population and Lack of Genetic Diversity Killed Off the Passenger Pigeon SoylentNews

Four billion passenger pigeons vanished. Their large population may have been what did them in

Four billion passenger pigeons once darkened the skies of North America, but by the end of the 19th century, they were all gone. Now, a new study reveals that the birds' large numbers are ironically what did them in. The pigeons evolved quickly, but in such a way to make them more vulnerable to hunting and other threats.

[...] In 2014, Wen-San Huang, an evolutionary biologist at National Taiwan Normal University (NTNU) in Taipei, and colleagues turned to DNA in an attempt to solve the mystery. Genetic material from four 19th century museum specimens revealed that the species had relatively low genetic diversitymeaning that most individuals were remarkably similar to each otherand that its numbers had fluctuated 1000-fold for millions of years. Hunting and habitat loss came during a time when the species was already declining, the team concluded, which pushed the birds over the edge.

But the new study lays the lion's share of the blame back on people. Beth Shapiro, a paleogenomicist at the University of California, Santa Cruz, and colleagues sequenced the complete genomes of two passenger pigeons, and analyzed the mitochondrial genomeswhich reside in structures that power cellsof 41 individuals. The specimens came from throughout the bird's range. In addition, they reanalyzed data from Hung's group, and, for comparison, sequenced the bird's closest living relative, the band-tailed pigeon.

Read more of this story at SoylentNews.


Why Longer Lives Thanks to Science Will Probably Not Create Cultural Stagnation Lifeboat News: The Blog

You probably know the quote by Steve Jobs saying that death is lifes single best invention because it gets rid of the old and makes room for the new. This view is the core of another fairly common objection to rejuvenation, codename cultural stagnation.

Wouldnt all those rejuvenated people, however physically young, be always old people inside, and drag everyone down with them into their anachronistic, surpassed ways of thinking, making it harder for fresh ideas to take hold, ultimately hindering social progress and our growth as a species? Maybe itd be best not to take the risk, forget rejuvenation, and be content with old age as it is.

Well, try explaining to your grandfather that the reason he has to put up with heart disease is that were afraid people his age may all become troublemakers when you let them live too long.


GitHub starts alerting developers of security vulnerabilities in dependencies Help Net Security

Popular Git repository hosting service GitHub has introduced a new feature to help developers keep their projects safer: security alerts for vulnerabilities in software packages which their projects depend on. GitHub hosts some 67 million code repositories, and is among the largest collections of open source data. According to their statistics, 45% of the 100 largest companies in the United States (by revenue) use GitHub Enterprise to build software. Over 75 percent of GitHub projects More


HaptX Inc Reveals New Haptic Glove for Virtual Reality IEEE Spectrum Recent Content full text

The company formerly known as AxonVR unveils its first product, the HaptX Glove Photo: HaptX The new HaptX Glove, announced on Monday, is the first product from the Seattle-based startup HaptX. It is designed to be paired with an HTV Vive headset.

In early October, I showed up at an old firehouse on Staten Island for a glimpse into the future of virtual reality. That future depends largely on haptics. Now that we can use VR headsets to transport ourselves to another world, the thinking goes, we need systems to recreate sensations to bring those virtual experiences to life.

I went to Staten Island to meet up with a little-known company that fancies itself the leader of realistic haptic feedback. The companynow called HaptXhad promised to let me try out a prototype of its very first product.

I was looking forward to it, because Id seen a spectacular demo by the same company, then named AxonVR, at CES 2017. That demo consisted of putting on an HTC Vive and sticking my hand into a large metal box to experience the thrill of feeling a tiny virtual deer lay down in my palm.

The technology was bulky and awkward back then, but the results were absolutely magical, as my coworker Evan Ackerman wrote at the time. When we left CES, the company promised more announcements later in the year. In September, they said they were about to make a big one.  

At the Staten Island firehouse (now an Airbnb the company had rented), the HaptX team showed me a prototype of the HaptX Glove, officially announced today, which will ship in 2018. It looks and feels like a big black ski glove, except it has plastic clips on the fingertips and is connected by a very thick black cord to a slick, glowing box (which the team says is 26 times smaller than the box I stuck my hand into at CES).

A photo shows a woman wearing the HaptX glove, holding it palm up over a table with the HaptX system below it. Photo: HaptX HaptX hopes to sell its HaptX Glove to companies that want to give employees a more realistic environment in which to train, practice making...

An Interview with Alex Williams, Grand Prize Winner Hackaday

Alex Williams pulled off an incredible engineering project. He developed an Autonomous Underwater Vehicle (AUV) which uses a buoyancy engine rather than propellers as its propulsion mechanism and made the entire project Open Source and Open Hardware.

The design aims to make extended duration missions a possibility by using very little power to move the vessel. Whats as remarkable as the project itself is that Alex made a goal for himself to document the project to the level that it is fully reproducible. His success in both of these areas is what makes the Open Source Underwater Glider the perfect Grand Prize winner for the 2017 Hackaday Prize.

We got to sit down with Alex the morning after he won to talk about the project and the path he took to get here.

The bouyancy engine Alex speaks about is located in the nose of the glider. He was clever to choose medical syringes as an off-the-shelf option for moving water in and out of the glider to affect boyancy. Theyre cheaply and readily available, and designed for moving liquids in exactly the way needed for the project. Alex collects six of them together and moves the plungers in union with a single machine screw at the center. After comparing tests between this and a peristaltic pump design he found that the syringe design operates more efficiently and to us it appears to be much less complicated to build.




Former employee says lawmakers should crack down on Facebook The Hill: Technology Policy

A former Facebook employee is calling for the company to be strictly regulated to prevent it from abusing the mass amounts of user data it handles.Sandy Parakilas, a former platform operations manager for Facebook, wrote in an op-ed for The New...


6-Way Enterprise Focused Linux Distribution Comparison With An Intel Core i9, Dual Xeon Gold Systems Phoronix

Here's our latest Linux distribution comparison with this time looking at the out-of-the-box performance of six Linux distributions while running a range of enterprise/workstation-focused benchmarks while using two systems. One system is a high-end Core i9 7980XE desktop system and the other a Tyan 1U Xeon Scalable server with dual Xeon Gold 6138 processors.


Back online in time for the holiday season, I guess. Antarctica Starts Here.

I guess I should wish everybody out there a happy Thanksgiving that celebrates it.

I haven't been around much lately, certainly not as much as I would like to be.  Things have been difficult lately, to say the least.

Around this time of year things go completely berserk at my dayjob.  For a while I was pulling 14 hour days, capped off with feverishly working three days straight on one of the biggest projects of my career, which not only wound up going off without more than the expected number of hitches but has garnered quite a few kudos from the community.  I'm rather proud of how it turned out.  Unfortunately, it also took its toll, namely, on my health.  During the final leg of the project I noticed that I was starting to get sick, and by that Tuesday my cow-orkers were telling me to go home and sleep because I looked like death warmed over.  Unsurprisingly, I've been battling a nasty cold that's kicked the legs out from under me.  I still haven't kicked out of big-project mode yet, because the last few times I've started to feel better I've run myself aground again without realizing I was doing so.  This is not good.  It also seems that I brought this particular nasty home, and now my family is in various stages of fighting it off.

I'm still trying to come to terms with the death of my grandfather earlier this year.  It still does't feel real even though the hole in my life is almost tangible.  I'm not going home for the holidays this year, and I wonder what effect that's going to have on my family.  I miss him.  I keep meaning to write about the details of it, but I fear that it's far too morbid for most people, and I don't want to cause casual readers trouble in an attempt to exorcise my own haunted memories.

A couple of weeks ago, somebody I knew on another social network committed suicide.  We weren't particularly close though I did hang out in her "conspiracy theory and chill" chats once in a while.  She was easily one of the most prolific beings in that particular feed.  Her parents, however, chose to dishonor her in death by burying her under her deadname in inappropriate clothing, holding a service for same, and setting things up so that her 'real' family (the people who acted more like family toward her than her bloodline did) would be tripped up and stonewalled in every avenue available to try to set things right.  For complex and difficult to serialize reasons I'm quite upset by this.  I realize this all sounds clinical and remote, but it isn't.  This manner of writing is really the only way I have of expressing what's going on, and it's an effort to get even this far.

This has lead me to consider my own mortality once again, as one might expect.  My body's not getting any younger, it's pushing 40 these days, and I think I've hit the point where I don't bounce back the way I used to.  So, I've started to lay plans fo...

The Secret Correspondence Between Donald Trump Jr. and WikiLeaks SoylentNews

The Secret Correspondence Between Donald Trump Jr. and WikiLeaks

The Atlantic writes:

The transparency organization asked the president's son for his cooperationin sharing its work, in contesting the results of the election, and in arranging for Julian Assange to be Australia's ambassador to the United States.

[...] The messages, obtained by The Atlantic, were also turned over by Trump Jr.'s lawyers to congressional investigators. They are part of a longand largely one-sidedcorrespondence between WikiLeaks and the president's son that continued until at least July 2017. The messages show WikiLeaks, a radical transparency organization that the American intelligence community believes was chosen by the Russian government to disseminate the information it had hacked, actively soliciting Trump Jr.'s cooperation. WikiLeaks made a series of increasingly bold requests, including asking for Trump's tax returns, urging the Trump campaign on Election Day to reject the results of the election as rigged, and requesting that the president-elect tell Australia to appoint Julian Assange ambassador to the United States.

Its a quite long, but interesting article.

Kushner Failed to Hand Over Emails

Senators: Kushner Didn't Disclose Emails On WikiLeaks, 'Russian Overture'

Senior White House adviser and son-in-law to the president Jared Kushner failed to hand over to Senate investigators emails concerning contacts with WikiLeaks and a "Russian backdoor overture," according to a letter sent by two senior lawmakers.

The letter, released Thursday by Sen. Chuck Grassley, the chairman of the Senate Judiciary Committee, and its ranking Democrat, Sen. Dianne Feinstein, says Kushner failed to turn over "September 2016 email communications to Mr. Kushner concerning WikiLeaks" and other emails pertaining to a "Russian backdoor overture and dinner invite."

Original Submission #1 Original Submission #2

Read more of this story at SoylentNews.


UK Government Publishes Advice on Illicit Streaming Devices TorrentFreak

With torrents and other methods of obtaining content simmering away in the background, unauthorized streaming is the now the method of choice for millions of pirates around the globe.

Previously accessible only via a desktop browser, streaming is now available on a wide range of devices, from tablets and phones through to dedicated set-top box. These, collectively, are now being branded Illicit Streaming Devices (ISD) by the entertainment industries.

Its terminology the UK governments Intellectual Property Office has adopted this morning. In a new public advisory, the IPO notes that illicit streaming is the watching of content without the copyright owners permission using a variety of devices.

Illicit streaming devices are physical boxes that are connected to your TV or USB sticks that plug into the TV such as adapted Amazon Fire sticks and so called Kodi boxes or Android TV boxes, the IPO reports.

These devices are legal when used to watch legitimate, free to air, content. They become illegal once they are adapted to stream illicit content, for example TV programmes, films and subscription sports channels without paying the appropriate subscriptions.

The IPO notes that streaming devices usually need to be loaded with special software add-ons in order to view copyright-infringing content. However, there are now dedicated apps available to view movies and TV shows which can be loaded straight on to smartphones and tablets.

But how can people know if the device they have is an ISD or not? According to the IPO its all down to common sense. If people usually charge for the content youre getting for free, its illegal.

If you are watching television programmes, films or sporting events where you would normally be paying to view them and you have not paid, you are likely to be using an illicit streaming device (ISD) or app. This could include a film recently released in the cinema, a sporting event that is being broadcast by BT Sport or a television programme, like Game of Thrones, that is only available on Sky, the IPO says.

In an effort to familiarize the public with some of the terminology used by ISD sellers on eBay, Amazon or Gumtree, for example, the IPO then wanders into a bit of a minefield that really needs much greater clarification.

First up, the government states that ISDs are often described online as being Fully loaded, which is a colloquial term for a device with addons already installed. Although they wont all be infringing, its very often the case that the majority are intended to be, so no problems here.

However, the IPO then says that people should keep an eye out for the term ...


Various Physics News Not Even Wrong

First, two local events, involving well-known physics bloggers:

  • Last Thursday I had the pleasure of attending an event at NYU featuring Sabine Hossenfelder and Natalie Wolchover in conversation. You can watch this for yourself here. If youre not following Hossenfelder on her blog and at Twitter (and planning to read her forthcoming book), as well as reading Wolchovers reporting at Quanta magazine, you should be.
  • Next week there will be an event out in Brooklyn advertised as covering the Scientific Controversy over string theory. The idea seems to be to address this controversy by bringing to the public two well-known and very vocal proponents of one side of it.

For a Q and A with another well-known physics blogger, theres Tommaso Dorigo at Physics Today.

For a couple of encouraging indications that the theoretical physics community may finally be taking seriously the need to give up on failed thinking and try something new, theres

  • A conference next month in Italy on Weird Theoretical Ideas (Thinking outside the box).
  • An interesting talk at a recent IPMU conference by Yuji Tachikawa. I like his conclusion:

    Basically, all the textbooks on quantum field theories out there use an old framework that is simply too narrow, in that it assumes the existence of a Lagrangian.

    This is a serious issue, because when you try to come up e.g. with a theory beyond the Standard Model, people habitually start by writing a Lagrangian but that might be putting too strong an assumption.

    We need to do something

In General Relativity related news, theres a new edition out of Misner, Thorne and Wheeler, the book from which many of us learned both geometry and GR. It comes with new prefaces from David Kaiser as well as Misner and Thorne (which an appropriate search on the Amazon preview might show you). In other Wheeler-related news, Paul Halpern has a new book out, The Quantum Labyrinth, which tells the entangled stories of Feynman and Wheeler.

Finally, also GR related, the Perimeter Institute has announced the...


Everything You Need to Know About 5G Lifeboat News: The Blog

Millimeter waves, massive MIMO, full duplex, beamforming, and small cells are just a few of the technologies that could enable ultrafast 5G networks.

Todays mobile users want faster data speeds and more reliable service. The next generation of wireless networks5Gpromises to deliver that, and much more. With 5G, users should be able to download a high-definition film in under a second (a task that could take 10 minutes on 4G LTE). And wireless engineers say these networks will boost the development of other new technologies, too, such as autonomous vehicles, virtual reality, and the Internet of Things.

If all goes well, telecommunications companies hope to debut the first commercial 5G networks in the early 2020s. Right now, though, 5G is still in the planning stages, and companies and industry groups are working together to figure out exactly what it will be. But they all agree on one matter: As the number of mobile users and their demand for data rises, 5G must handle far more traffic at much higher speeds than the base stations that make up todays cellular networks.


Security updates for Monday

Security updates have been issued by Arch Linux (icu and lib32-icu), CentOS (firefox), Debian (imagemagick, konversation, libspring-ldap-java, libxml-libxml-perl, lynx-cur, ming, opensaml2, poppler, procmail, shibboleth-sp2, and xen), Fedora (firefox, java-9-openjdk, jbig2dec, kernel, knot, knot-resolver, qt5-qtwebengine, and roundcubemail), Gentoo (adobe-flash, couchdb, icedtea-bin, and phpunit), Mageia (apr, bluez, firefox, jq, konversation, libextractor, and quagga), Oracle (firefox), Red Hat (firefox), and Scientific Linux (firefox).


Android Flaw Lets Attackers Capture Screen and Record Audio HackRead

By Waqas

If your Android smartphone has Lolipop, Nougat or Marshmallow, then

This is a post from Read the original post: Android Flaw Lets Attackers Capture Screen and Record Audio


The King of All Game Genies In An Arduino Hackaday

While Nintendo is making a killing on nostalgic old consoles, there is a small but dedicated group of hackers still working with the original equipment. Since the original NES was rolled out in the 80s, though, there are a few shortcomings with the technology. Now, though, we have Arduinos, cheap memory, and interesting toolchains. What can we do with this? Absolutely anything we want, like playing modern video games on this antiquated system. [uXe] added dual-port memory to his ancient NES console, opening up the door to using the NES as a sort of video terminal for an Arduino. Of course, this is now also the King of All Game Genies and an interesting weekend project to boot.

Most NES cartridges have two bits of memory, the PRG and CHR ROMs. [uXe] is breaking out the cartridge connector onto an exceptionally wide rainbow ribbon cable, and bringing it into a custom Arduino Mega shield loaded up with two 16K dual-port RAM chips. These RAM chips effectively replace the PRG and CHR ROMs Since these are dual-port RAM chips, they can be written to by the Arduino and read by the NES simultaneously.

The NES sees one port of the RAM and can read and write from it while the Arduino still has access to make changes to the other post while thats happening. A trick like this opens up a whole world of possibilities, most obviously with tiling and other graphics tricks that can push beyond the consoles original capabilities. [uXe] is currently playing Arduboy games on the NES a really neat trick to pull off. Well done [uXe]!

Be sure to check out the video below of the NES running some games from the Arduboy system. It seems to integrate seamlessly into the hardware, so if youve always had a burning desire to fix crappy graphics on some of your favorite games, or run some special piece of software on an NES, now might just be your time to shine.

Filed under: nintendo hacks


Criminals leverage unsecured IoT devices, DDoS attacks surge Help Net Security

Organizations experienced an average of 237 DDoS attack attempts per month during Q3 2017 equivalent to 8 DDoS attack attempts every day as hackers strive to take their organisations offline or steal sensitive data, according to Corero Network Security. The data, which is based on DDoS attack attempts against Corero customers, represents a 35% increase in monthly attack attempts compared to the previous quarter (Q2 2017), and a 91% increase in monthly attack More


Magnetic Field Controls Drug Delivery IEEE Spectrum Recent Content full text

Nanoparticles release drugs on command using magnetic field Image: Ella Maru Studio

Researchers have developed a new way to control the delivery of drugs to the body using nanoparticles and a weak magnetic field. The inventors, at the University of Georgia in Athens, GA tested their system with a chemotherapy drug, and published the results today in the journal Nature Catalysis

Patients undergoing treatments for cancer and other diseases often must take drugs that affect the whole body, when they really only need the medicine in a small area. Chemotherapy drugs typically act on all cells killing cancer cells and also healthy cells, says Sergiy Minko, a professor at the University of Georgia and an author of the report. As a result, a big number of patients die because of complications from the drugs, he says. 

To address the problem, scientists have proposed all sorts of tiny gadgets that can selectively deliver drugs in the body, including organic electronic ion pumpssilicon nanowires, amoeba-like molecular robotssquishy micromachines, and robots controlled by magnetic fields

In the new design, Minko uses nanoparticles that carry either a drug or a catalyst, and release the substances when exposed to a magnetic field. One difference between Minkos tool and previous concepts is that the drug isnt encapsulated inside a device, so the release is easy. And it doesnt rely on a mechanical action or heat or salinity or light to do its job.

Minkos nanoparticles are composed of an iron oxide core encased in a silica shell. The shell is coated with a polymer layer consisting of polyacrylic acid (PPA), and a second polymer layer of poly(ethylene glyco) methyl ether acrylate macromer (PPEGMA). The two layers form a brush-like structure that holds and shields substances...

Drones Distribute Swarms of Sterile Mosquitoes to Stop Zika and Other Diseases IEEE Spectrum Recent Content full text

Keeping a million mosquitoes alive on board a drone isnt as easy as you think Photo: Dan Vostok/Getty Images

Photo: Dan Vostok/Getty Images Bug Off: Of the 3,000 mosquito species in the world, just three spread most human diseases.      

The deadliest animal onEarth, by far, is the mosquito. Each year, mosquitoes infect about 700 million people with diseases such as malaria, dengue fever, West Nile virus, and Zika. Millions of people die annually from mosquito-borne illnesses, and many of those diseases cant be cured with drugs. Its best to avoid being bitten in the first place, but this is becoming more difficult as the insects expand their range, migrating north with warming climates.

For decades, government agencies and nonprofit organizations have tried to prevent the spread of mosquito-borne diseases in developing countries by spraying large areas with insecticides. But that process is expensive, especially as mosquitoes develop resistance to commonly used chemicals. The United States Agency for International Development (USAID) has begun to look for other mosquito control methods.

One approach is to breed male mosquitoes in captivity, expose them to radiation that renders them sterile, and release them into the wild. These mosquitoes, being mosquitoes, dont understand that they can no longer successfully reproduce, and do their best to make it happen anyway. In large enough numbers, the sterile males will outcompete wild males for female mosquitoes, which can reduce local populations by as much as 90 percent.

This method has been around for half a century, but spreading sterile mosquitoes in the developing world is a challenge. Roads are nonexistent or in poor condition, so it may not be possible to release insects from a car or truck, and using a crewed aircraft is too expensive.



Pentagon Contractor Leaves Social Media Spy Archive Wide Open on Amazon SoylentNews

A Pentagon contractor left a vast archive of social-media posts on a publicly accessible Amazon account in what appears to be a military-sponsored intelligence-gathering operation that targeted people in the US and other parts of the world.

The three cloud-based storage buckets contained at least 1.8 billion scraped online posts spanning eight years, researchers from security firm UpGuard's Cyber Risk Team said in a blog post published Friday. The cache included many posts that appeared to be benign, and in many cases those involved from people in the US, a finding that raises privacy and civil-liberties questions. Facebook was one of the sites that originally hosted the scraped content. Other venues included soccer discussion groups and video game forums. Topics in the scraped content were extremely wide ranging and included Arabic language posts mocking ISIS and Pashto language comments made on the official Facebook page of Pakistani politician Imran Khan.

[...] In Friday's post, UpGuard analyst Dan O'Sullivan wrote:

Massive in scale, it is difficult to state exactly how or why these particular posts were collected over the course of almost a decade. Given the enormous size of these data stores, a cursory search reveals a number of foreign-sourced posts that either appear entirely benign, with no apparent ties to areas of concern for US intelligence agencies, or ones that originate from American citizens, including a vast quantity of Facebook and Twitter posts, some stating political opinions. Among the details collected are the web addresses of targeted posts, as well as other background details on the authors which provide further confirmation of their origins from American citizens.


Original Submission

Read more of this story at SoylentNews.


German government bans childrens smartwatches, tells parents to destroy them Help Net Security

The Federal Network Agency (Bundesnetzagentur), Germanys regulatory agency for public utility companies, has categorized childrens smartwatches as spying devices, and has banned their sale. Why? The watches have a SIM card and limited telephony function that are set up and controlled using an app. This kind of listening function is often described as a monitor. The app user is able to make the watch call a desired number unnoticed by its wearer or those nearby. More


How to Install Cacti Monitoring on Ubuntu 16.04 LTS Low End Box


In this tutorial, we will be covering how to install Cacti on a server running Ubuntu 16.04 LTS.
Cacti is supported on any type of virtualization platform (OpenVZ/XEN/KVM), so you can run
your monitoring server on a Low End VPS!

Step 1: Its always good practice to first make sure everything on your Ubuntu system is up to

sudo apt-get update

Step 2: Install LAMP (Linux, Apache, MariaDB, PHP) server.

Please keep in mind that Cacti only supports MySQL 5.6, whereas the current version in
the Ubuntus default repository is MySQL 5.7. In order to install this older version of
MySQL, follow the below steps:

nano /etc/apt/sources.list
deb trusty universe
apt-get update

Now install the following packages for Cacti setup on your Ubuntu server with the help of
given below command:

apt-get install apache2 mysql-server-5.6 php libapache2-mod-php -y

Start the web server and MySQL server. Set them to automatically start up on server

systemctl start apache2.service
systemctl enable apache2.service
systemctl start mysql.service
systemctl enable mysql.service

Step 3: Installing the Cacti packages.

Install SNMP and SNMP and RRDtools:

apt-get install snmp snmpd rrdtool -y

Now use the following command to install Cacti:

apt-get install cacti cacti-spine -y

During the installation process you will be prompted to configure Cacti with few options to select
from available options. Choose the web server that you wish to use. I would recommend
Apache, which is what we will be using in this particular tutorial.

Next it will ask to configure the Cacti database, select Yes.

Once the installation process is complete, you will have to restart all services to reflect
the changes made:

systemctl restart apach...


Uber To Buy 24,000 Self-Driving Volvos IEEE Spectrum Recent Content full text

This robocar purchase order, the biggest ever, will stretch over three years, beginning in 2019 Photo: Volvo

Volvo today announced that it would supply Uber with 24,000 self-driving cars over a three-year period, beginning in 2019. Its the biggest robocar deal yet.

"Our objective is to be able to operate them without anyone behind the wheel in select cities and environments; the more common definition of that is Level 4 [autonomy]," said Uber's head of automotive alliances, Jeff Miller, in an interview with Automotive News Europe

Miller said Uber chose Volvo in part for its new SPA architecture, which includes wiring that can hook up with todays advanced driver assistance systems (ADAS) and any further self-driving components that Uber may specify. Uber may, for instance, need additional features in a vehicle meant to be used purely in a ride-hailing service. The electrical system connects all aspects of the cars functioningmovement, safety, infotainment, navigationseamlessly.

Such seamlessness does pose certain risks. The company, based in Gothenburg, Sweden, but owned by Chinas Geely, has to ensure that the cars electronic backbone is rock-solid and resistant to hacking. Still, Volvoperhaps more than any other car makerhas emphasized the importance of multiple redundant safety systems.

The model in question is the Volvo XC90 crossover, which can seat up to seven people. Presumably that means seven passengers and no driver, although who knows, maybe the service will start with a safety driver. Thats what Waymo is doing right now in its ride-hailing pilot program in Chandler, Ariz. However, this month Waymo took the safety driver from behind the steering wheel and put him into the back seat.

Volvo plans to begin its own self-driving program with a fleet of 100 XC90s in Gothenburg, Sweden, beginning next month.

Neither Volvo nor Uber put a price on the project or a precise date for its rollout. The technology would first have to be ready, of course, but so would new rules of the road, at least in the districts where the ride-hailing service is to operate.  


The most popular programming languages in 2017, according to TIOBE and PYPL TechWorm

Java Tops TIOBEs and PYPLs Programming Language Popularity Index

TIOBE (The Importance of Being Earnest), one of the most popular rating index for programming languages, has released its latest index for November 2017. According to their rankings, Java continues to remain the most popular programming language followed by C and C++.

On the other hand, PYPL (PopularitY of Programming Language), which looks at the popularity of language tutorials on Google, shows Java as the most preferred programming language followed by Python and PHP.

For those unaware, TIOBE calculates the rankings based on the number of search engine queries, which contain the name of the programming language as a keyword. Alternatively, PYPL uses the raw data from Google Trends to calculate the rankings, which is based on the more number of searches for a particular language tutorial, the more popular it is assumed to be.

While Python continued to maintain its popularity, other scripting languages such as Perl, PHP, and Ruby have seen a decrease in their popularity. The reason behind this is the difficulty in writing a critical and large software system, which meets high-quality demands.

Even a scripting language such as JavaScript that is inevitable while doing web programming was forced to evolve to a safer language, stated the report.

Based on research data as of November 2017, here is the list of the top programming languages in 2017, according to the TIOBE Index and PYPL rankings.

The most popular programming languages in 2017, according to TIOBE and PYPLPYPL ...


New Music Random Thoughts

Music Ive bought this month.

(Well, mostly recorded from old tapes.)

jukebox.php?image=micro.png&group=Various&album=%23savefabric+(1) jukebox.php?image=micro.png&group=Various&album=%23savefabric+(2) jukebox.php?image=micro.png&group=Unknown+Tape&album=4AD+Rarities+etc jukebox.php?image=micro.png&group=Various&album=5+Reel ...


Android malware found in hundreds of music player apps on Play Store HackRead

By Waqas

Its just another day with just another news explaining the

This is a post from Read the original post: Android malware found in hundreds of music player apps on Play Store


The Database of the Time Lords Hackaday

Time zones have been a necessity since humans could travel faster than a horse, but with computers, interconnected over a vast hive of information, a larger problem has emerged. How do you keep track of time zones? Moreover, how do you keep track of time zones throughout history?

Quick question. If its noon in Boston, what time is it in Phoenix? Well, Boston is in the Eastern time zone, theres the Central time zone, and Phoenix is in the Mountain time zone; noon, eleven, ten. If its noon in Boston, its ten oclock AM in Phoenix. Heres a slightly harder question: if its noon in Boston, what time is it in Phoenix during Daylight Savings Time? Most of Arizona doesnt observe Daylight Savings Time, so if its noon in Boston, its 9 AM in Phoenix. What about the Navajo Nation in the northwestern part of Arizona? Here, Daylight Savings Time is observed. You cant even make a rule that all of Arizona is always on Mountain Standard Time.

Indiana is another example of bizarre time zones. For most of the 20th century, Indiana was firmly in the Central time zone. Starting in the 1960s, the line between Eastern and Central time slowly moved west from the Ohio border. Some countries opted not to observe Daylight Savings Time. In 2006, the entire state started to observe DST, but the northwest and southwest corners of the state remained firmly in the Central time zone. The odd geographic boundaries of time zones arent limited to the United States, either; Broken Hill, New South Wales, Australia is thirty minutes behind the rest of New South Wales.

Working out reliable answers to all of these questions is the domain of the Time Zone Database, a catalog of every time zone, time zone change, and every strange time-related political argument. It records Alaskas transition from the Julian to the Gregorian calendar. It describes an argument in a small Michigan town in 1900. Its used in Java, nearly every kind of Linux, hundreds of software packages, and at least a dozen of the servers and routers youre using to read this right now.

The idea of daylight savings time was first suggested by Benjamin Franklin in a 1784 essay to the Journal de Paris. An Economical Project for Diminishing the Cost of Light suggested that by simply moving the clocks forward and backward in accordance with sun time, fewer candles would be burnt at night. Over the course of a year, this would save the city of Paris sixty-four million pounds of candles. Franklin also suggested posting guards in the shops of candle makers so no family would be permitted more than one pound of candles per week. It was also suggested that all church bells ring at the crack of dawn, and cannons be fired in every street, to wake the sluggards and sq...


LiFT Scholarship Recipients Advance Open Source Around the World

LiFT Scholarship Recipients Advance Open Source Around the World


Mesa 17.3-RC5 Released, Official Mesa 3D Update Expected By Next Week Phoronix

The Mesa 17.3 release game is in overtime but it should be wrapping up in the days ahead...


Experts observed a new wave of wp-vcd malware attacks targeting WordPress sites Security Affairs

Experts from the firm Sucuri observed a new wave of wp-vcd malware attacks that is targeting WordPress sites leveraging flaws in outdated plugins and themes

A new malware campaign is threatening WordPress installs, the malicious code tracked as wp-vcd hides in legitimate WordPress files and is used by attackers to add a secret admin user and gain full control over infected websites.

The malware was first spotted in July by the Italian security expert Manuel DOrso who noticed that the malicious code was loaded via an include call for the wp-vcd.php file and injected malicious code into WordPress core files such as functions.php and class.wp.php.

The wp-vcd malware attacks continued, evolving across the months. Recently researchers from Sucuri firm discovered a new strain of this malware that injected malicious code in the legitimate files of the two the default themes twentyfifteen and twentysixteenincluded in the WordPress CMS in 2015 and 2016.

This is an old tactics that leverage themes files (active or not) files to hide malicious code, in the specific case the malware creates a new 100010010 admin user with the intent to establish a backdoor into the target installation.

wp-vcd malware

Hackers triggered vulnerabilities in outdated plugins and themes to upload the wp-cvd malware.

The injection, on most of the cases we found, was related to outdated software (plugins or themes). Which a simple update or using a WAF would prevent. reads the blog post published by Sucuri.

Code is pretty straightforward and doesnt hide its malicious intentions by encoding or obfuscation of functions

Outdated and vulnerable plugins represents a privileged entry point for hackers, last week the researcher Jouko Pynnnen from Finland-based company Klikki Oy discovered several vulnerabilities in the Formidable Forms plugin the exposes websites to attacks....


Kids' smartwatches banned in Germany over spying concerns Graham Cluley

Kids' smartwatches banned in Germany over spying concerns

German parents are being told to destroy smartwatches they have bought for their children after the country's telecoms regulator put a blanket ban in place to prevent sale of the devices, amid growing privacy concerns.

Read more in my article on the We Live Security blog.


Fund Targets Victims Scammed Via Western Union Krebs on Security

If you, a friend or loved one lost money in a scam involving Western Union, some or all of those funds may be recoverable thanks to a more than half-billion dollar program set up by the U.S. Federal Trade Commission.

In January 2017, Englewood, Colo.-based Western Union settled a case with the FTC and the Department of Justice wherein it admitted to multiple criminal violations, including willfully failing to maintain an effective anti-money laundering program and aiding and abetting wire fraud. As part of the settlement, the global money transfer business agreed to forfeit $586 million.

Last week, the FTC announced that individuals who lost money to scammers who told them to pay via Western Unions money transfer system between January 1, 2004 and January 19, 2017 can now file a claim to get their money back by going to before February 12, 2018.

Scammers tend to rely on money transfer businesses like Western Union and MoneyGram because once the money is sent and picked up by the recipient the transaction is generally irreversible. Such scams include transfers made for fraudulent lottery and prizesfamily emergenciesadvance-fee loans, and online dating, among others.

Affected consumers can visit to file claims, learn more, or get updates on the claims process, which could take up to a year. The graphic below seeks to aid victims in filing claims.

The FTC says some people who have already reported their losses to Western Union, the FTC, or another government agency will receive a form in the mail from the claims administrator, Gilardi & Co., which has been hired by the DOJ to return victims money as part of the settlement. The form will have a Claim ID and a PIN number to use when filing a claim online via

The agency emphasized that filing a claim is free, so consumers should not pay an...


The New Madrid Fault may take out 150 miles of the Midwest Lifeboat News: The Blog

Way back in 1811 and 1812, a series of over 1,000 earthquakes rocked the Mississippi River between St. Louis and Memphis. One was so powerful that it caused the river to run backwards for a few hours. The infamous New Madrid earthquakes of 18111812 rang church bells in Boston, which is 1,200 miles from St. Louis. Today, scientists say that the 150-mile-long New Madrid Seismic Zone has a terrifying 40% chance to blast in the next few decades, impacting 7 states Illinois, Indiana, Missouri, Arkansas, Kentucky, Tennessee and Mississippi with 715,000 buildings damaged and 2.6m people left without power.

Unlike California, which has been super-prepared since the last major earthquake hit hard enough to delay the World Series, the New Madrid fault area has been sitting blissfully by. In case the 40 percent statistic didnt bother you, this should: The New Madrid fault has an impact zone ten times as big as its more famous San Andreas cousin.

As described by USGS: In 1811, the extent of the area that experienced damaging earth motion, which produced Modified Mercalli Intensity greater than or equal to VII, is estimated to be 600,000 square kilometers. However, shaking strong enough to alarm the general population (intensity greater than or equal to V) occurred over an area of 2.5 million square kilometers.


NY State Supreme Court: Stingrays Act as "an Instrument of Eavesdropping" SoylentNews

A New York state judge has concluded that a powerful police surveillance tool known as a stingray, a device that spoofs legitimate mobile phone towers, performs a "search" and therefore requires a warrant under most circumstances.

As a New York State Supreme Court judge in Brooklyn ruled earlier this month in an attempted murder case, New York Police Department officers should have sought a standard, probable cause-driven warrant before using the invasive device.

The Empire State court joins others nationwide in reaching this conclusion. In September, the District of Columbia Court of Appeals also found that stingrays normally require a warrant, as did a federal judge in Oakland, California, back in August.

According to The New York Times, which first reported the case on Wednesday, People v. Gordon is believed to be the first stingray-related case connected to the country's largest city police force.


Original Submission

Read more of this story at SoylentNews.


Microsofts Surface Book 2 scores surprisingly low in iFixit teardown TechWorm

Surface Book 2 teardown: Its quite a nightmare to repair, says iFixit

Last month, Microsoft announced its most powerful laptop and Apple MacBook Pros latest competitor, Surface Book 2. The new Surface Book 2 started arriving in the markets on November 16, after it was made available for pre-order on November 9.

iFixit, a company known for teardowns of consumer electronic devices, decided to do a teardown of Surface Book 2 to check the internal components and performed several tests to calculate the repairability score.

In the teardown video(below) of Surface Book 2 released by iFixit, the company has awarded the Surface Book 2 a score of 1/10 for repairability based on the difficulty of dismantling it, which is not bad in comparison to its predecessor, Surface Laptop which had scored 0/10. If by chance, someone gets lucky in opening the unit, the engineer can only replace the SSD (solid-state drive).

iFixit explains that everything is strongly joined with lots of glue, including the batteries and the display. The components are soldered and screwed. Not only this, the processor and RAM have been soldered to the motherboard that makes it difficult for a normal user to upgrade the RAM.

In addition, some connections are not immediately obvious, as they are hidden by other components or are accessible only from the opposite rear side. This does not provide easy access to the components and leads to a rating of only 1/10 for repairs.

This is the Microsoft Surface Book 2, and just like every Surface device weve done a teardown on this year, it scored horribly on our repairability scale. How bad did it do? We gave it a 1 out of 10, which to be honest is at least a little better than the Surface laptop which got a zero but still, the company explains.

The new Surface Book 2 comes in 13.5-inch and 15-inch models and is now available for order worldwide. For those interested, can order it here from Microsoft Store.

Source: iFixit

The post Microsofts Surface Book 2 scores surprisingly low in iFixit teardown appeared first on TechWorm.


Dark Star and Staring into the Cosmic Abyss Centauri Dreams

Most of us fortunate enough to see 2001: A Space Odyssey in a theater when it was released never dreamed it would spawn a strange twin. But as Larry Klaes explains in the essay that follows, Dark Star was to emerge as a telling satire on the themes of the Kubrick film. Originating in the ideas of USC film students John Carpenter and Dan OBannon, Dark Star likewise plays into the screenplay for 1979s Alien in ways that have to be seen to be believed. Larry is quite a fan of the film, and explains how and why socially relevant screenplays like these would soon be swamped by blockbuster hits crammed with special effects (think Star Wars). But that orange beach ball still has a place in film history. Read on.

By Larry Klaes

Science fiction has certainly played an important role in inspiring and influencing humanitys future directions. The father of American rocketry, Robert H. Goddard, was moved to imagine sending a vessel to the planet Mars as a young man in 1899 after reading The War of the Worlds by H. G. Wells published just a few years earlier. From that spark developed a life-long dedicated pursuit of space exploration by Goddard, whose work in turn influenced others which eventually led to real rockets carrying real spaceships to the Red Planet and far beyond.

Conversely, science fiction also reflects the era it is created in. This can be seen in the changing depictions of the future during the Twentieth Century. While there are always exceptions, up into the 1960s the future was most often shown as a wonderful utopia, extrapolating from the real scientific and technological progress made in the preceding decades and centuries. Destination Moon (1950) had a contemporary near-future with a nuclear-powered rocket taking the first men to Earths natural satellite. Six years later, Forbidden Planet assumed the 23rd Century will have humanity working together to explore and colonize other worlds across the galaxy in faster-than-light (FTL) starships.

On television, Walt Disney presented an amazing future in full animated color with series such as Man in Space (1955-1959) and Magic Highway, USA (1958). The Jetsons (1962-1963) gently spoofed many future tropes such as flying cars, robot maids, pushbutton conveniences, and vacations on the Moon while simultaneously reinforcing the preconceived notions of its contemporary audiences that its depictions of society in the year 2062 were going to become an overall accurate one by then.

The belief in a shiny, happy future, thanks to science and technology, was also heavily supported by Worlds Fairs, especially the ones held in New York City in 1939 and 1964-1965 and Seattle in 1962. There visitors not only got to see the wonders of tomorrow but also interact with them, cementing their realities. That each fair had a time capsule meant for some distant epo...


EU Cybersecurity Package: New Potential for EU to Cooperate with NATO Lifeboat News: The Blog

The European Unions new ambitious approach to cyber challenges could be a game-changer for its cyber posture as well as for the transatlantic and neighbourhood relations, concludes this analysis by Tom Minrik and Siim Alatalu of the NATO Cooperative Cyber Defence Centre of Excellence, the NATO-affiliated cyber defence think-tank. Nevertheless, the EU could make better use of existing expertise in NATO and individual Member States.

The following analysis does not represent the official views of NATO.

On 13 September 2017, the European Commission and the High Representative issued a Joint Communication to the European Parliament and the Council [JOIN(2017) 450 final], bearing the title Resilience, Deterrence and Defence: Building strong cybersecurity for the EU. It introduces an ambitious and comprehensive plan to improve cybersecurity throughout the EU. The Commission and the High Representative (HR) proposed a broad range of measures, divided into three areas resilience, deterrence and defence:


Original Torrentz Domain Names Listed For Sale TechWorm

Has Torrentz owner moved on for good?

The year 2016 was a bad year for torrent websites and the torrents community as a whole, since it lost two of its most popular torrent websites, KickassTorrents and

For those unaware, KickassTorrents was shut down by the U.S. government with its alleged owner Artem Vaulin being arrested in Poland following a criminal investigation by the FBI. On the other hand, although was never a torrent website, it was a very popular mega torrent search engine, who too decided to mysteriously and abruptly shut shop after KickassTorrents.

While Torrentz sites operator kept the website online, but when the users tried to run a search, or looked to click any link on the site, it displayed the message: Torrentz will always love you. Farewell.

Even a year later, not much has changed, as the search engine Torrentz is still online but not operational. An unrelated site carrying the name Torrentz2 popped up as an alternative, which has millions of daily visitors itself now.

But, things may change in the near future, as the original Torrentz domain names, including, and, are for listed sale, according to a message posted on the original Torrentz site.

This is likely going to create interest in some online entrepreneurs looking to purchase these domains, due to the fact that it still has quite a bit of traffic.

However, the sale could either be used for a new torrent related venture, or someone could use it to simply seal it with ads, or even worse.

Although, the site hasnt carried any links to infringing content for over a year, it is still blocked in several countries, including the UK, which should be taken note of by any potential buyers interesting in purchasing the site.

TorrentFreak contacted the owner of Torrentz to know why sites domain names were listed for sale. He is yet to comment on the issue.

Source: TorrentFreak

The post Original Torrentz Domain Names Listed For Sale appeared first on TechWorm.


Global Cyber Alliance launched the Quad9 DNS service to secure your online experience Security Affairs

Global Cyber Alliance launched the Quad9 DNS service, the free DNS service to secure your online experience and protect your privacy.

The Global Cyber Alliance (GCA) has launched the Quad9 DNS service (, a new free Domain Name Service resolver that will check users requests against the IBM X-Forces threat intelligence database.

The Quad9 DNS service non only offer common resolution services implemented by DNSs but it will also add the security checks to avoid you will visit one of the the 40 billion malicious websites and images X-Force marked as dangerous.

The Global Cyber Alliance (GCA) was co-founded by a partnership of law enforcement and research organizations (City of London Police, the District Attorney of New York County and the Center for Internet Security) focused on combating systemic cyber risk in real, measurable ways.

GCA also coordinated the threat intelligence community to incorporate feeds from 18 other partners, including, the Anti-Phishing Working Group, Bambenek Consulting, F-Secure, mnemonic, 360Netlab, Hybrid Analysis GmbH, Proofpoint, RiskIQ, and ThreatSTOP.

Back in 1988 some large /8 blocks of IPv4 addresses were assigned in whole to single organizations or related groups of organizations, either by the Internet Corporation for Assigned Names and Numbers (ICANN), through the Internet Assigned Numbers Authority (IANA), or a regional Internet registry.

Each /8 block contains 224 = 16,777,216 addresses, and IBM secured the block which let the company dedicate to the project.

IBM SecurityPacket Clearing House (PCH) and The Global Cyber Alliance (GCA) today launched a free service that gives consumers and businesses added privacy and security as they access the internet. The new Quad9 Domain Name System (DNS) service protects users from accessing millions of malicious internet sites known to steal personal information, infect users with ransomware and malware, or conduct fraudulent activity. reads the announcement published by the GCA.

According to the GCA, Quad9 has no impact on the speed of the connections, it is leveraging the Packet Clearing House global assets around the world with 70 points of presence in 40 countries.

The alliance believes that Quad9 points of presence will double over the next 18 months, further improving the speed, performance, privacy and security for users globally.



Ryzen/Threadripper Prices Have Been Dropping Ahead Of The Holidays Phoronix

If you have been wanting to build a new system before the end of the year, AMD Ryzen CPU prices -- including the high-end Threadripper -- have been dropping in recent days in at least the US and EU...


KRUSTY: First of a New Breed of Reactors, Kilopower Part II Lifeboat News: The Blog

Hello, and welcome back to the Beyond NERVA blog, and the second installment in our series on NASAs current plans for in-space nuclear reactors. Last time, we looked at the experiments leading up to the development of NASA and the Department of Energys newest reactor. Today, were looking at the reactor that will be tested by the end of this year (2017), and the reactors that will follow that test. We have two more installments after this, on larger power systems that NASA has planned and done non-nuclear testing on, but cant continue due to the testing and regulatory limitations it operates under. These are the Fission Surface Power program and Project Prometheus.

Now, the results of this experiment are being used to finalize the design and move forward with a new reactor, the Kilowatt Reactor Utilizing Stirling TechnologY, or KRUSTY. This is an incredibly simple small nuclear reactor being developed by Los Alamos National Laboratory (LANL) for the DOE, and Glenn Research Center (GRC) and Marshall Spaceflight Center (MSFC) for NASA.

Monday, 20 November


Introducing container-diff, a Tool for Quickly Comparing Container Images

The Google Container Tools team originally built container-diff, a new project to help uncover differences between container images, to aid our own development with containers. We think it can be useful for anyone building containerized software, so were excited to release it as open source to the development community.


Sustainable Open Source Is About Evolution As a Group

In the early days of open source, one of the primary goals of the open source community was educating people about the benefits of open source and why they should use it. Today, open source is ubiquitous. Almost everyone is using it. That has created a unique challenge around educating new users about the open source development model and ensuring that open source projects are sustainable.


Discovery of a critical password stealing banking Trojan Hacker News Bulletin | Find the Latest Hackers News

Security researchers at Bitdefender have discovered a critical password stealing banking Trojan. This banking Trojan is believed to be based on the famous Trojan Zeus. The discovered Trojan has been termed as Terdot by the researchers. This Trojan has the ability to use visited web pages data with HTML code to carry out MitM (man-in-the-middle)

The post Discovery of a critical password stealing banking Trojan appeared first on Hacker News Bulletin | Find the Latest Hackers News.


Simple Jig Gives Plastic Homes to Orphaned Projects Hackaday

Look around your bench and chances are pretty good that theres a PCB or scrap of perfboard or even a breadboard sitting there, wires and LEDs sprouting off it, doing something useful and interesting. Taking it to the next level with a snazzy enclosure just seems too hard sometimes, especially if you dont have access to a 3D printer or laser cutter. But whipping up plastic enclosures can be quick and easy with this simple acrylic bending outfit.

At its heart [Derek]s bending rig is not much different from any of the many hot-wire foam cutters weve featured. A nichrome wire with a tensioning spring is stretched across a slot in a flat work surface. The slot contains an aluminum channel to reflect the heat from the wire upward and to protect the MDF bed; we wonder if perhaps an angle section set in a V-groove might not be more effective, and whether more vertical adjustment range would provide the wider heating area needed for wider radius bends. It works great as is, though, and [Derek] took the time to build a simple timer to control the heating element, for which of course he promptly built a nice looking enclosure.

We can imagine the possibilities here are endless, especially if you use colored acrylic or Lexan and add in some solvent welding. Weve covered acrylic enclosure techniques before; heres a post that covers the basics.

Filed under: misc hacks, tool hacks


Argentine Navy Diesel Sub Disappears; NASA Plane Joins in Search SoylentNews

The US Navy and NASA have joined the search for an Argentine Armada (navy) diesel-electric attack submarinethe ARA San Juan (S-42)and its crew of 44 sailors missing in the Southern Argentine Sea. The last contact with the TR-1700 class sub, built in 1983 by the German shipbuilder Thyssen Nordseewerke, was on November 15.

NASA has dispatched a modified P-3 Orion patrol planepreviously used by the Navy for submarine huntingto aid in the search. The P-3 is equipped with a magnetic anomaly detector (or magnetometer), a gravimeter for detecting small fluctuations in the Earth's gravity, infrared cameras, and other sensors for measuring ice thickness. With that array, the P-3 may be able to detect the submerged submarine.

[...] The NASA P-3 joins three Argentine Armada ships in the searchthe destroyer ARA Sarand (D-13) and two corvettes, ARA Rosales (P-42) and ARA Drummond (P-31). Reuters reports that Argentine naval spokesman Enrique Balbi told reporters today, "We are investigating the reasons for the lack of communication [with the submarine]. If there was a communication problem, the boat would have to come to the surface." The submarine was traveling from Ushuaia to Mar del Plata, and it was expected to stay on course regardless of communications. The lack of any sighting or contact led to a request for assistance from NASA.


The search has been hampered by bad weather and 20-foot waves.

Original Submission

Read more of this story at SoylentNews.


Peter Sripols Home Built Electric Plane

I have a young son whos interested in aviation, so I knew about Peter Sripol from his FliteTest days. Peters segments were always our favorites on FliteTest because his builds were completely over the top. When I saw that Peter was building a real electric plane with R/C grade motors, 3D printed parts and stuff []


GCC 8 Feature Development Is Over Phoronix

Feature development on the GCC 8 compiler is over with it now entering stage three of its development process...


We are happy to announce Dr. Michele Calos as a speaker for the 2018 Undoing Aging Conference Lifeboat News: The Blog

Dr. Caloss work has inspired us for over a decade: she has pioneered a radically novel approach to gene therapy that has the potential to overcome all the key obstacles that have held that field back for so long. We are delighted to welcome her to Berlin to discuss the latest advances in this technology.


Kodi-Addon Developer Launches Fundraiser to Fight Copyright Bullies TorrentFreak

Earlier this year, American satellite and broadcast provider Dish Network targeted two well-known players in the third-party Kodi add-on ecosystem.

In a complaint filed in a federal court in Texas, add-on ZemTV and the TVAddons library were accused of copyright infringement. As a result, both are facing up to $150,000 for each offense.

While the case was filed in Texas, neither of the defendants live there, or even in the United States. The owner and operator of TVAddons is Adam Lackman, who resides in Montreal, Canada. ZemTVs developer Shahjahan Durrani is even further away in London, UK.

Over the past few months, Lackman has spoken out in public on several occasions, but little was known about the man behind ZemTV. Today, however, he also decided to open up, asking for support in his legal battle against the Dish Network.

Shahjahan Durrani, Shani for short, doesnt hide the fact that he was the driving force behind the Kodi-addons ZemTV, LiveStreamsPro, and F4MProxy. While the developer has never set foot in Texas, he is willing to defend himself. Problem is, he lacks the funds to do so.

Ive never been to Texas in my life, Im from London, England, Shani explains. Somehow a normal chap like me is expected to defend himself against a billion dollar media giant. I dont have the money to fight this on my own, and hope my friends will help support my fight against the expansion of copyright liability.

Shanis fundraiser went live a few hours ago and the first donations are now starting to come in. He has set a target of $8,500 set for his defense fund so there is still a long way to go.

Speaking with TorrentFreak, Shani explains that he got into Kodi addon development to broaden his coding skills and learn Python. ZemTV was a tool to watch recorded shows from, which he always assumed were perfectly legal, on his Apple TV. Then, he decided to help others to do the same.

The reason why I published the addon was that I saw it as a community helping each other out, and this was my way to give back. I never received any money from anybody and I wanted to keep it pure and free, Shani tells us.

ZemTV was a passive service, simply scraping content from a third party source, he explains. The addon provided an interface but did not host or control any allegedly infringing content directly.

I had no involvement nor control over any of the websites or cont...


LWJGL 3.1.4 Adds Zstd & LZ4 Bindings Phoronix

A new release is available of the Lightweight Java Game Library 3 (LWJGL) that is popular among game developers using the Java programming language...


US Inventor is a Bucket of Deplorables Not Worthy of Media Coverage Techrights

Paul Morinville sickened

Summary: Jan Wolfe of Reuters treats a fringe group called US Inventor as though its a conservative voice rather than a bunch of patent extremists pretending to be inventors

A VERY short while ago Jan Wolfe, who had been covering PTAB for a while, published this article about so-called conservatives attacking PTAB. We wrote about it yesterday. These are not quite the classical Conservatives but anti-government groups that are also misogynist and racist the uglier face of US politics that aligns with the anti-scientific party (GOP). "US Inventor" (covered here before) is mentioned by Wolfe, who is perhaps easily misled by the name of the group. These are the people who bully Michelle Lee and resort to terms like drain the swamp. They could only get less than a dozen people to gather for an illegal protest on USPTO premises, so why even pay attention to them?

From the article:

Its time for us to make patents great again, Michael Caputo, an advisor to Donald Trumps presidential campaign, told those gathered. US Inventor, the group behind the protest Caputo now represents as a spokesman, is calling for the abolition of the U.S. Patent Trial and Appeal Board, an administrative tribunal run by the patent office that reviews the validity of patents.

The rallying cry marks an about-face for some conservatives, who broadly supported the boards creation in 2011 as a way to rein in trial lawyers and patent trolls, who hold patents for the sole purpose of suing big companies for licensing fees.

Things have really flipped when it comes to the conservative perspective on patents, said Charles Duan, a lawyer with left-leaning consumer group Public Knowledge.

Much of the credit goes to activists who have convinced many conservatives that the real problem is not out-of-control litigation but how the tribunal designed to speed up resolving patent disputes favors big business over smaller rivals.



Fifth site in online tools network: good coders code, great reuse

At Browserling we're building a network of online tools websites. Each site in the network focuses on one and only one tool category. Each tool does one and only one thing. The first four websites in the network are Online CSV Tools, which is all about working with Comma Separated Values data, Online JSON Tools, which is all about working with JSON data, Online XML Tools, which is all about working with XML documents, Online STRING Tools, which is all about working with strings.

Now we're releasing the fifth site.

The fifth site in our network is Online Random Tools. Online Random Tools is a collection of simple, free and easy to use randomization utilities. There are no ads, popups or other garbage. Just randomization utilities that work in your browser. Press button and instantly get random data.

Here's a list of all randomization tools so far:


A bug in the Android MediaProjection service lets hackers to record audio and screen activity on 77% of all devices Security Affairs

A flaw in the Android MediaProjection service could be exploited by an attacker to record audio and screen activity on around 77.5% of all Android devices.

A vulnerability affecting Android smartphones running Lolipop, Marshmallow, and Nougat (Around 77.5% of all Android devices)  could be exploited by an attacker to record audio and screen activity.

The vulnerability resides in the Android MediaProjection service that has the access to both screen contents and record system audio.

Starting with the release of Android Lolipop (5.0), the MediaProjection service is not restricted to users with root access.

To use the MediaProjection service, an application would simply have to request access to this system Service via an Intent. Access to this system Service is granted by displaying a SystemUI pop-up that warns the user that the requesting application would like to capture the users screen. the MWR team wrote in a report.

The researchers explained that an attacker could overlay this SystemUI pop-up which warns the user that the contents of the screen and system audio would be captured, with an arbitrary message to trick the user into granting a malicious application the ability to capture the users screen.

The lack of specific android permissions to use this API makes it difficult check if an application uses the MediaProjection service to record video and audio. The unique access control mechanism available to prevent the abuse of the MediaProjection service s the SystemUI pop-up that could be easily bypassed.

The root cause of this vulnerability is due to the fact that vulnerable Android versions dont implement mechanisms to detect partially obscured SystemUI pop-ups.

An attacker can craft an application to draw an overlay over the SystemUI pop-up which would lead to the elevation of the applications privileges.

Furthermore, the SystemUI pop-up is the only access control mechanism available that prevents the abuse of the MediaProjection service. An attacker could trivially bypass this mechanism by tap-jacking this pop-up using publicly known methods to grant their applications the ability to capture the users screen. added MWR.

This vulnerability would allow an attacker to capture the users screen should the user tap of the SystemUI popup that has been overlayed by the attacker with an arbitrary message. 

Google patched the vulnerability only in Android Oreo Android Oreo (8.0), older versions are still affected by the bug.

Researchers highlighted that the attack exploiting this flaw is not entirely undetectable. When an application gains a...


Top 10 Most Pirated Movies of The Week on BitTorrent 11/20/17 TorrentFreak

This week we have three newcomers in our chart.

Valerian and the City of a Thousand Planets is the most downloaded movie again.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the weekly movie download chart.

This weeks most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 (1) Valerian and the City of a Thousand Planets 6.7 / trailer
2 () Logan Lucky 7.2 / trailer
3 () Wind River 7.8 / trailer
4 (2) The Hitmans Bodyguard 7.0 / trailer
5 (4) Thor Ragnarok (HDTS/Cam) 8.2 / trailer
6 (9) Atomic Blonde 7.0 / trailer
7 (5) Spider-Man: Homecoming 7.8 / trailer


SuperTuxKart 0.9.3 Officially Out With New Screen Recorder, In-Game Improvements Phoronix

There was the release candidate back for Halloween while now officially available is SuperTuxKart 0.9.3, the latest installment of the Tux-themed racing game...


The Policy Prognosis for AI: Winner of the SSUNS 2017 Essay Contest Lifeboat News: The Blog

Furthermore, with advancements in quantum computing and machine learning, many notable public figures, including Stephen Hawking and Elon Musk, have indicated a growing concern with the imminent threat of AI surpassing human intelligence (Gosset, 2017). For instance, Darrell M. West, a political scientist, has proposed a protectionist framework that appeals to transhumanism, in which he restructures socioeconomic policy to account for changes in technology-induced unemployment. In particular, he posits that Separating the dispersion of health care, disability, and pension benefits outside of employment offers workers with limited skills social benefits on a universal basis (West, 2015). Expounding upon this equivocation, a more viable solution to potential unemployment is the realization of a multi-faceted policy which advocates the improvement of STEM-related education on a broad economic base, with habituation programs for the unskilled workforce. That is, with the implementation of appropriate and reformatory policies concerning the future development of AI technologies, this sector provides an economic incentive for new job creation, compatible with industrial development.

Prompt: What are the political implications of artificial intelligence technology and how should policy makers ensure this technology will benefit diverse sectors of society?

In recent years, the rapid development and mass proliferation of artificial intelligence have had various sociopolitical implications. It is a commonly held belief that the emergence of this technology will have an unprecedented impact on policies and political agendas. However, such discourse often lacks a geopolitical and social dimension, which limits the breadth of analysis. Further, little consideration has been given to potential employment and public policy reform. Growing concerns have been raised regarding the potential risk inherent in the evolution of strong AI, which provides the basis for transhumanism, whereby it is conjectured that AI will eventually be able to surpass human intelligence. As such, it is incumbent upon the upcoming generation of policymakers to implement and adopt necessary measures, which will provide a careful, multilateral framework, ultimately achieving market-oriented technological advancement with respect to employment and public policy.

Machine learning, the interplay of computer science and neuroscience, is a rapidly developing field that has been a source of much political controversy in recent years. While emerging technologies have significantly improved production quality and efficiency across industries, they have also raise...


31 (8000?) Sealed Indictments In D.C? Terra Forming Terra

What we have here is speculation at the moment that arose a week ago while Trump was Overseas.  Other reports flushed out another 290 sealed indictments which may all be completely unrelated.  we simply do not know.

On the other hand the narrative does make excellent sense and  superior to what we actually have or have not been told.  Add in the statement made by a former insider that the NSA data has been processed by the DOJ for the past decade and we have ample likely cause for 290 sealed indictments.

Recall that data includes every phone call and email ever made.  Thus it has become possible to construct all the networks of folks who are self serving in a criminal manner.  This is no small matter when you consider that in the past such  investigations always needed a tip off for questions to be asked.

My central point here is that a massive housecleaning is completely plausible and definitely possible.  Add in Muellar and Trump carefully playing the media while this is going on and this is truly huge and likely about to happen.  It certainly kept the perps asleep with false hope until their interviews.  It will be the biggest sting in history.

So far Trump has consistently done better than i was able to imagine and executed better.  We are now waiting for the real boot to drop on those declared internal enemies of the State.  It is not his style to let things ride.

Hammer Of Justice Falls On Clinton Crime Family 31 Sealed Indictments In D.C. 

Baxter Dmitry 



The Fixers Using Recycled Laptop Batteries to Power Their Homes

Thanks for everything you do, Jehu. Jehu Garcia YouTube Via: Vice:


Team Battistellis Attacks on the EPO Boards of Appeal Predate the Illegal Sanctions Against a Judge Techrights

A shocked Battistelli

Summary: A walk back along memory lane reveals that Battistelli has, all along, suppressed and marginalised DG3 members, in order to cement total control over the entire Organisation, not just the Office

LAST night we wrote about the EPOs latest attack on the boards, which have already been relegated to the suburbs of Munich (Haar). Its like Battistelli does not want these boards to exist, or wishes to overburden them to the point where they become useless for assurance of patent quality (prior art search and the like). He cannot legally knock them out of existence because of the EPC, but the EPC does not say anything about punishing them relentlessly, so Battistelli will probably get away with it. Now that his departure is almost imminent its ever more unlikely that hell lose his immunity and himself be subjected to disciplinary actions. 6 weeks from now he and Bergot will officially put the axe to long-term contracts. In other words, 6 months before hes gone hes totally destroying any prospects of the EPO ever recovering or salvaging the talent it once had.

Disturbing. To say the least.

We very much doubt the press will cover our findings regarding the Haar party, which is a sad display of irony if not black comedy. The press repeatedly ignores important stories and developments, as recently as weeks ago. Even comments on the matter might not get through. Heres yesterdays report of censorship in IP Kat (or maybe slow moderation by Bristows, or perhaps approval only after a complaint about it). Censorship is never good, the comment said. And yes, its about the boards. It often seems as though these matters cannot be brought up at IP Kat anymore, as peoples names cannot safely be mentioned (this limits useful debate). Truths are now personal attacks. To quote the comment at hand:

Why has my comment relating to recent case re entitlement of priority at the EPO not been accepted?

Is it because I mentioned the plea of a well known specialist about the fact that the EPO should only looking whether there is identity of invention?

I considered my comment as showing t...


Every Day is a Nibiru Doomsday SoylentNews

Have you seen headlines that look like the following?

Nibiru BLACKOUT: Fears Planet X could knock out power worldwide
Nibiru PROOF: Footage sparks claims Planet X spotted over UK
Governments 'ALREADY preparing for Planet X apocalypse'
Could the end of the world come TODAY? Mysterious planet Nibiru 'set to wipe out all life with apocalyptic earthquakes'
Nibiru Apocalypse Upon Us AgainHere's How Yellowstone, Nuclear War and Asteroids Could Actually End the World

NASA scientist David Morrison has taken the time to debunk Nibiru... repeatedly (archive):

"I assumed that Nibiru was the sort of Internet rumor that would quickly pass," Morrison wrote in 2008, after his "Ask an Astrobiologist" website had become inundated with predictions that Nibiru was going to cross paths with Earth in 2012. "I now receive at least one question per day, ranging from anguished ('I can't sleep; I am really scared; I don't want to die') to the abusive ('Why are you lying; you are putting my family at risk; if NASA denies it then it must be true.')" he wrote.

Morrison laid out a detailed explanation, which he would repeat in years to come: There is no evidence that Nibiru exists; if it did exist, it would have screwed up the outer planets' orbits long ago; and people have predicted its arrival before and been wrong.

But to no avail:

Read more of this story at SoylentNews.


ipcpipeline: Splitting a GStreamer Pipeline into Multiple Processes

Pending moderation
ipcpipeline: Splitting a GStreamer Pipeline into Multiple Processes


Kube-Node: Let Your Kubernetes Cluster Auto-Manage Its Nodes

This contributed article is part of a series, from members of the Cloud Native Computing Foundation (CNCF), about the upcoming CNCFs Kubecon/CloudNativeCon, taking place in Austin, Dec. 6 8.  


Lockheed Martin Orion Lifeboat News: The Blog

Do you want to change our world by sending humans to another one?

Now is the time.

At Lockheed Martin Space, weve been robotically exploring the solar system for decades. Weve been on Mars for over 40 years starting with Viking, and were the only company in the world that has helped NASA visit as many planets, moon, and asteroids.


FatPiBoy: Respin Game Boy with a Pop-Out Controller Hackaday

Have you ever found yourself wishing you had a clone of the Game Boy, except it was actually twice as wide, and instead of holding it in your hands you pop a tiny separate controller out of the middle and play it that way? No? Well, neither have we. But that didnt stop [Christian Reinbacher] from designing and building exactly that, and by the looks of the finished product, we have to say he might be onto something.

To be fair, the charmingly-named FatPiBoy is not really meant to be played like the GameBoy of yesteryear. Its more like a game console with built in display; you prop the console up on something, and then remove the controller from the system and play that way.

The controller itself is a commercial product, the 8bitdo Zero, but [Christian] based the rest of the system on parts intended for the Adafruit PiGRRL. For the battery, [Christian] used a 4,500 mAh pack that was originally from his Nexus 7 tablet; a tip to keep in mind next time youre looking for a big and cheap lithium-ion battery.

[Christian] notes that the case design isnt perfect. Theres currently no external access to the Pis USB ports, and the recess for the 8bitdo Zero could be a few millimeters deeper. Still,...


Take Linux and Run With It

"How do you run an operating system?" may seem like a simple question, since most of us are accustomed to turning on our computers and seeing our system spin up. However, this common model is only one way of running an operating system. As one of Linux's greatest strengths is versatility, Linux offers the most methods and environments for running it.


What is a Socket?

Recently, while reviewing the FAQ, I came across the question Whats a Socket? For those who are not familiar, I shall explain.

In brief, a Unix Socket (technically, the correct name is Unix domain socket, UDS) allows communication between two different processes on either the same machine or different machines in client-server application frameworks. To be more precise, its a way of communicating among computers using a standard Unix descriptors file.


8 minutes that will make you leave Islam Terra Forming Terra

8 minutes that will make you leave Islam YouTube

This resolves a serious question i had with the historic slave trade.  That must be defined best as  asking where are  the descendants of the fourteen centuries of African slaving?  This video resolves that issue.

It turns out that all men were castrated outright.  Worse, the dominant gender for the Arab trade were women who were all sold as concubines.    All pregnancies were ended by killing the new born.

It is thought that 11 million made it to the Americas to form their current populations.  At least twice as many were shipped into the Muslim world and no significant extent population exists.  In the same way, few white populations exist in the Arab world as well although white slaving was endemic until the eighteenth century.


Rise and fall of American civilizations linked to hurricane frequency Terra Forming Terra

Rise and fall of American civilizations linked to hurricane frequency
 This is important.  The Mayan collapse has begged explanation for decades.  As well we also have significant coastal abandonment at other locales to explain.  Hurricanes solve the whole problem nicely.

After all since our recent bombardment, coastal construction is looking far too fool hardy.  Now imagine the frequency jumping to decadal rather than every century.  That is what happened and recovery became impossible as would happen with us as well.

We are also seeing how a poorly organized society gets on as well in Puerto Rico.  They are not too far from all been refugees..

Rise and fall of American civilizations linked to hurricane frequency

Titanium-Gold Alloy: Physicists Combine Gold with Titanium And Quadruple Its Strength Terra Forming Terra

Sometimes nature simply surprises you.  This produces a super hard metal that can go into the body. 

Titanium does pretty well but this is much better.

All good to have.

Titanium-Gold Alloy: Physicists Combine Gold with Titanium And Quadruple Its Strength

IN BRIEFScientists from Rice University have discovered a titanium alloy that's better than titanium at being a medical implant, and it is four times harder than titanium and a vast majority of steels.


When it comes to bone replacements, the go-to material is still titanium. Hard, wear-resistant, and compatible to the body, titanium looks like the best alternative to actual bone, maybe even better. Who knew that you could improve the gold standard by just adding actual gold?

Rice University physicists have discovered that an alloy of titanium and gold is three to four times harder than steel, and may actually be better as a material for replacement body parts. The study, published in Science Advances, described the properties of an alloy of the two metals, a 3-to-1 mixture of titanium and gold, called Titanium-3. They found the alloy to be four times harder than titanium.

When they checked the biocompatibility and wear rate of the alloy, the researchers knew that it would rank high, since its parent metals are already biocompatible and used in medical implants. Surprisingly, Titanium-3 performed well over their expectations, actually being more biocompatible and wear resistant than pure titanium.




The Zoroastrian Texts of Ancient Persia & What They Reveal About Advanced Ancient Civilizations with graham hancock Terra Forming Terra

This information confirms reasons for the building of underground refugia throughout Anatolia and by extension, surely throughout Europe as well.  That they were forced to reside there for 150 years is shocking.  What is not explained is how folks were fed.

However, we also know that we are dealing with modernism in terms of their technology.  We have lighting panels mentioned and we must presume a food production infrastructure which was compact.  All this would have been extracted upon the abandonment of the refuge.

Longer life spans are also implied as well.

This report conforms with that of Noah and the Kolbrin bible as well.  Thus we have an organized society aware of the pending impact who goes underground in order to survive.  The tunnel work is not rough either and surely done using heat devices.  We would be hard put to do as well...

The Zoroastrian Texts of Ancient Persia & What They Reveal About Advanced Ancient Civilizations



Yes, It Matters What You Wear to an Exam - Facts So Romantic Nautilus

The formality of clothing might not only influence the way others perceive a person, and how people perceive themselves, but could influence decision making in important ways through its influence on cognitive processing style.Photograph by John Chillingworth / Getty Images

In May 2015, an official vote was held by the Oxford University Student Union about clothing policy. It was over whether to keep subfusc, a traditional uniform dating back to the mid-seventeenth centurycomprised of a dark suit or skirt, black shoes, white shirt, and a white or black bow tie or ribbonmandatory for exams. The vote was overwhelming: Over seventy-five percent of Oxford students wanted to maintain it.

The argument over subfusc centered on the drawbacks of perceived elitism versus wholesome tradition. Some of the dissenters lambasted the outfit as snobbish, yet no one at the student union on voting day mentioned a recent scientific finding that could have completely changed the terms of the conversation: Different styles of dress may influence your test-taking skills. Wearing more formal clothing than your peers, according to a study published last year in Social Psychological & Personality Science, tends to make you think more abstractly, holistically, and creatively.

Abraham M. Rutchick, a
Read More


Data Science for Software Engineering It Will Never Work in Theory

We have just posted a short article at DataCamp (where I now work) titled "Using Data Science to Explore Software Development". We'd be grateful for feedback, and doubly grateful if you could help get it some attention: the more people who look and comment, the sooner we can move ahead with building some online courses to teach people how to get, clean, analyze, and make sense of software engineering data.

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog