IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Wednesday, 23 May


New Spectre-like flaw found in CPUs using speculative execution Help Net Security

A new flaw that can allow an attacker to obtain access to sensitive information on affected systems has been discovered in modern CPUs. CVE-2018-3639, discovered by independently by Google Project Zero and Microsoft Security Response Center researchers and dubbed Variant 4, is a Speculative Store Bypass (SSB) vulnerability, and is considered to be a new variant of the previously revealed Spectre Variant 1 vulnerability. Variant 4 is a vulnerability that exploits speculative bypass. When exploited, More

The post New Spectre-like flaw found in CPUs using speculative execution appeared first on Help Net Security.


Americas most cyber insecure cities exposed Help Net Security

Coronet researchers identified Las Vegas, Memphis and Charlotte as Americas most cyber insecure cities. While big companies may have the budgets, personnel and resources to protect their assets reasonably well, mid-market and small businesses are mostly left to fend for themselves. This is both unfortunate and a recipe for disaster, said Guy Moskowitz, CEO, Coronet. Americas most insecure metros 10. Tampa St. Petersburg 9. Orlando Daytona Beach 8. West Palm Beach Ft. More

The post Americas most cyber insecure cities exposed appeared first on Help Net Security.


Blockchain game for 2018 World Cup arrives TechWorm

A blockchain-based betting game is taking the opportune moment to combine the upcoming 2018 FIFA World Cup with the increasingly-popular blockchain industry., designed to revolutionise football predictions and betting, is causing a stir thanks to its superstar team of advisors and timing to coincide with the biggest soccer tournament in the world.

The project asks users to stake their Ether against thousands of other users in the hope of finding the best predictors on the planet. Users can also gain an edge, or earn additional money, by trading their tokens after each game in response to their price.

Costing just 0.045 Eth to enter in the first week, Cryptocup looks set to revolutionise the way we consume professional sporting events and just in time for the 2018 World Cup.

The project has also announced that Greg Colvin, the organizer of the fellowship of Ethereum Magicians and core developer of Ethereum Virtual Machine, has joined Cryptocup as an advisor.

Additionally, Coinfabrik, the developers of Jaxx and RSK wallets, have audited the projects smart contracts and joined it in the capacity of partners to oversee the technical part of Cryptocup.

Tokens on the platform will only stay tradeable for the duration of the tournament, which kicks off next month. As a result, when the tournament concludes on July 23, all remaining tokens will be rewarded with an Eth prize.

The team behind Cryptocup are confident that knowledgeable fans should be able to make money using their platform.

The idea is really fun and adds a little bit of excitement to the worlds of both football and cryptocurrency, said CEO, Federico Golberg.  Win or lose, people are going to love Cryptocup and its next-generation capabilities for sports betting.

At the end of each game, according to a press release, bonuses are paid out directly after each successfully predicted game and ultimate winnings are determined at the end of the tournament.

However, Cryptocups model sees the price of entry rise each week, meaning savvy players will need to be quick if they want to play on the cheap. is taking new registrations today take part in one of the most revolutionary products in sports betting this week to get involved for just 0.045 Eth.

The post Blockchain game for 2018 World Cup arrives appeared first on TechWorm.


Hacking a Cheap Laser Rangefinder Hackaday

When a new piece of technology comes out, the price is generally so high that it keeps away everyone but the die hard early adopters. But with time the prices inch down enough that more people are willing to buy, which then drives the prices down even more, until eventually the economies of scale really kick in and the thing is so cheap that its almost an impulse buy. Linux SBCs, Blu-ray lasers, 3D printers; you name it and the hacker community has probably benefited from the fact that its not just the hacker community thats interested anymore.

Which is exactly whats started to happen with laser rangefinders. Once almost exclusively a military technology, you can now pick a basic laser tape measure for less than $40 USD from the normal overseas suppliers. Unfortunately, as [iliasam] found, they arent particularly well suited other tasks. For one theres no official way of getting the data out of the thing, but the other problem is that the sample rate is less than one per second. Believing the hardware itself was promising enough, he set out to reverse engineer and replace the firmware running on one of these cheap laser rangefinders (Google Translate from Russian).



Quantum dots made from tea leaves lay waste to lung cancer cells Lifeboat News: The Blog

Full of antioxidants and vitamins, tea is pretty good for you, and green tea extracts have even been used as effective carriers for cancer drugs. New research led by Swansea University has found a novel way to wring more health benefits out of the stuff, by making quantum dots from tea leaves and using them to slow the growth of lung cancer cells.

Quantum dots are semiconductor particles so small they exhibit strange electrical and optical properties, such as the ability to fluoresce in different colors, or help with certain chemical reactions. Their glowing properties mean theyre showing up in TVs and solar cells, and in medical applications as biomarkers to help doctors precisely locate tumors. Theyre also being used to treat cancer, fight antibiotic-resistant bacteria and convert CO2 into liquid fuels.

The problem is, manufacturing them can be a costly and complicated process, and the end results can be toxic. So the Swansea team, along with researchers from Bharathiar University and K. S. Rangasamy College of Technology, set about making quantum dots out of humble tea leaves.


Security Flaw Impacts Electron-Based Apps SoylentNews

Submitted via IRC for SoyCow3941

Security researchers have found a security flaw in Electron, a software framework that has been used in the past half-decade for building a wealth of popular desktop applications.

Apps built on top of Electron include Microsoft's Skype and Visual Studio Code, GitHub's Atom code editor, the Brave browser, along with official desktop apps for services like Signal, Twitch, Discord, Basecamp, Slack, Ghost,, and many more.

The framework has become very popular among today's software development community because it allows developers to easily port web-based apps coded in HTML, JS, and CSS to run on the desktop. The software framework is a custom API wrapped around the Node.js server-side JavaScript server.


Original Submission

Read more of this story at SoylentNews.


[$] SMB/CIFS compounding support

In a filesystem-track session at the 2018 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM), Ronnie Sahlberg talked about some changes he has made to add support for compounding to the SMB/CIFS implementation in Linux. Compounding is a way to combine multiple operations into a single request that can help reduce network round-trips.


Certain types of content make for irresistible phishes Help Net Security

A mature anti-phishing program keeps organizations safer, claims Cofense, and offers as proof the decreasing susceptibility of their customers employees to mock phishing emails as well as rising reporting rates of the same. Overall, the resiliency rate of its clients has almost doubled, and its improving throughout major industries, except education. Possible reasons: tighter security budgets compared to other industries, lack of central control and typically open environments that encourage users to bring your own More

The post Certain types of content make for irresistible phishes appeared first on Help Net Security.


Donald Trumps smartphone security: an inconvenient truth Graham Cluley

Trump phone thumb

According to reports, US President Donald Trump hasnt been following the advice of his security team, and is resisting their attempts to regularly check his iPhone to see if it has been hacked.


Security updates for Tuesday

Security updates have been issued by Debian (gitlab and packagekit), Fedora (glibc, postgresql, and webkitgtk4), Oracle (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Red Hat (java-1.7.0-openjdk, kernel-rt, qemu-kvm, and qemu-kvm-rhev), SUSE (openjpeg2, qemu, and squid3), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux, linux-aws, linux-kvm,, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-aws, qemu, and xdg-utils).


Free Resources for Securing Your Open Source Code

Free Resources for Securing Your Open Source Code


Hands-On: Flying Drones with Scratch Hackaday

Ill admit it. I have a lot of drones. Sitting at my desk I can count no fewer than ten in various states of flight readiness. There are probably another half dozen in the garage. Some of them cost almost nothing. Some cost the better part of a thousand bucks. But I recently bought a drone for $100 that is both technically interesting and has great potential for motivating kids to learn about programming. The Tello is a small drone from a company youve never heard of (Ryze Tech), but it has DJI flight technology onboard and you can program it via an API. Whats more exciting for someone learning to program than using it to fly a quadcopter?

For $100, the Tello drone is a great little flyer. Id go as far as saying it is the best $100 drone Ive ever seen. Normally I dont suggest getting a drone with no GPS since the price on those has come down. But the Tello optical sensor does a great job of keeping the craft stable as long as there is enough light for it to see. In addition, the optical sensor works indoors unlike GPS.

But if that was all there was to it, it probably wouldnt warrant a Hackaday post. What piqued my interest was that you can program the thing using a PC. In particular, they use Scratch the language built at MIT for young students. However, the API is usable from other languages with some work.

Information about the programming environment is rather sparse, so I d...

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Tuesday, 22 May


North Korea-linked Sun Team APT group targets deflectors with Android Malware Security Affairs

A North Korea-linked APT group tracked as Sun Team has targeted North Korean deflectors with a malicious app that was published in the official Google Play store.

A North Korea-linked APT group tracked as Sun Team has targeted North Korean deflectors with a malicious app that was published in the official Google Play store.

The campaign, named RedDawn by security experts at McAfee, is the second campaign attributed conducted by the same APT group this year.

Experts noticed that this is the first time the APT abused the legitimate Google Play Store as the distribution channel. In a past campaign spotted in January, a group of North Korean deflectors and journalists was targeted via social networks, email, and chat apps.

Researchers at McAfee discovered that the malware was on Google Play as unreleased versions and it accounts for only around 100 infections, they also notified it to Google that has already removed the threat from the store.

Once installed, the malware starts copying sensitive information from the device, including personal photos, contacts, and SMS messages, and then sends them to the threat actors.

McAfee found that the hackers managed to upload three applications to Google Play based on the email accounts and Android devices used in the previous attack. The apps include Food Ingredients Info, Fast AppLock, and AppLockFree. They stayed in Google Play for about 2 months before being removed.

Our recent discovery of the campaign we have named RedDawn on Google Play just a few weeks after the release of our report proves that targeted attacks on mobile devices are here to stay. reads the post published by the security firm.

We found three apps uploaded by the actor we named Sun Team, based on email accounts and Android devices used in the previous attack.

The experts discovered three apps in the app store, the first one named (Food Ingredients Info), provides information about food, the remaining apps, Fast AppLock and AppLockFree, are security applications.

While the  and Fast AppLock apps are data stealer malware that receives commands and additional executable (.dex) files from a cloud control server, the  AppLockFree is a reconnaissance malware that prepares the installations to further payloads.

The malware spread to friends, asking them to install the malicious apps and offer feedback via a Facebook account with a fake profile promoted .

After infecting a device, the malware uses Dropbox and Yandex to upload data and issue commands, including a...


Ontario Politician Withdraws Candidacy after Data Theft SoylentNews

The National Post reports:

A former employee of Ontario's 407 private freeway quit suddenly Wednesday as a Progressive Conservative candidate in next month's election, barely an hour after the highway confirmed that information on 60,000 customers had been leaked through an "internal theft."

Simmer Sandhu, the candidate for Brampton East, said in an online statement that he had recently been made aware of anonymous allegations against him "pertaining to both my work life and my nomination campaign."

"These allegations are totally baseless. I absolutely deny them," he said on both Twitter and Facebook. "I will vigorously defend myself and reputation and I am confident I will be cleared."

An opinion piece explains the anonymous allegations:

[...] it is alleged that someone stole 60,000 names, addresses and phone numbers from the privately-owned Highway 407 ETR's internal systems and distributed or sold the data to a couple of dozen candidates in GTA nomination races. Those campaigns then sold fake party memberships under the stolen names, mocked up identification that met the party's requirements (which do not include photo ID), and paid international students $200 a pop to vote under these fraudulent identities.

Wikipedia has an article about the Brampton East riding.

Original Submission

Read more of this story at SoylentNews.


Welfare conditionality is ineffective, authors of major study say Lifeboat News: The Blog

Welfare conditionality within the social security system is largely ineffective and in some cases pushes people into poverty and crime, a major study led by the University of York has found.

Welfare conditionality links eligibility for and services to responsibilities or particular patterns of behaviour, under threat of sanction for non-compliance. It has been a key element of welfare state reform in many countries since the mid-1990s.

Supporters say the use of sanctions and support is an effective way of weaning people off benefits and into paid work, or addressing anti-social behaviour.


Dealerships trash talk electric cars: study Lifeboat News: The Blog

Car dealerships in Nordic countries actively discourage consumers from buying electric vehicles, researchers who conducted an undercover investigation said Monday.

Their findings, published in the peer-reviewed Nature Energy, reveal an overlooked barrier to the sale of electric vehicles, which are expected to play a key role in lowering CO2 emissions and curbing global warming.

Posing as prospective buyers, the researchers made 126 enquiries at 82 dealerships in Denmark, Norway, Sweden, Iceland and Finland.


PlayStation VR HMD Working On Linux With SteamVR/Dota 2 Thanks To OpenHMD Phoronix

Thanks to the work done by Christoph Haag on a SteamVR plug-in for OpenHMD, the PlayStation VR (PSVR) head-mounted display is working out for handling Steam VR Linux games like Dota 2...


Fighting ransomware with network segmentation as a path to resiliency Help Net Security

Recent cybersecurity events involving the use of ransomware (WannaCry and similar variants) represent the latest examples highlighting the need for organizations to not only take an initial hit, but survive, adapt, and endure. In other words, be resilient. All too often, our community is a witness to any number of similar events where an initial breach leads to catastrophic effects across the enterprise. We need to do better; the methodologies and tools to do so More

The post Fighting ransomware with network segmentation as a path to resiliency appeared first on Help Net Security.


How long before police "batmobiles" patrol our streets? MassPrivateI

Plasan which bills itself as the leader in 'vehicle protection' unveiled their new 'Yagu' an ultralight armored vehicle at the Expo Seguridad 2018 exhibition in Mexico City. 

While the Yagu is designed primarily for border patrol it can also be equipped with flashing lights for law enforcement. Another selling point for law enforcement, the Yagu can be equipped with a drone launching system, so they can track protesters and activists.

Plasan's sales pitch to law enforcement; our Yagu's are a viable alternative to cumbersome MRAPS.

Plasan claims to have sold more than 32,000 armored vehicles which come with 400 variations to 20 countries. Unfortunately, they don't publish how many of them were sold to law enforcement agencies. 

Plasan's new Stormer EX looks like...


Faster Audio Decoding/Encoding Coming To Ogg & FLAC Phoronix

FLAC and Ogg now have faster audio encoding and decoding capabilities thanks to recent code improvements...


China makes cut to car tariffs as tensions cool The Hill: Technology Policy

China on Tuesday said it will reduce tariffs on auto imports as heated trade tensions with the U.S. seem to cool.The levy on passenger cars will fall from 25 to 15 percent on July 1, China's Finance Ministry said, according to...


Free Ebook Offers Insight on 16 Open Source AI Projects

Open source AI is flourishing, with companies developing and open sourcing new AI and machine learning tools at a rapid pace. To help you keep up with the changes and stay informed about the latest projects, The Linux Foundation has published a free ebook by Ibrahim Haddad examining popular open source AI projects, including Acumos AI, Apache Spark, Caffe, TensorFlow, and others.


Air Force delays launch as it reviews SpaceX rocket The Hill: Technology Policy

The U.S. Air Force has pushed back the launch of a new Global Position System satellite as it reviews the upgraded SpaceX rocket that is supposed to launch it into orbit. Bloomberg News reported on Tuesday that the launch date, which was...


Businesses Join to Create Enterprise Standard for Blockchain Networks SoylentNews

A blockchain standards group made up of hundreds of businesses and tech development members has unveiled its first specification for enabling the development of peer-to-peer, decentralized networks explicitly for automating corporate transactions.

The Enterprise Ethereum Alliance (EEA) last week released the Enterprise Ethereum Client Specification 1.0, an open-source framework to speed business transactions, boost privacy for contracts and create a faster, more efficient business transaction workflow.

The EEA Specification and its architecture stack is based on blockchain components developed by the Ethereum Foundation, the organization behind the world's second most valuable cryptocurrency: Ether.

By using the EEA's new specification, developers can write code that enables interoperability between businesses and their customers, either over a permissioned or public blockchain. The specification sets up a framework for setting up permission to join a blockchain network.

"You think about where Ethereum currently sits. It has great core competencies around value transfer, sending people Ether. It's created the standard for fundraising through token offerings [initial coin offerings]," said Tom Lombardi, EEA's head of market development. "But the goal of the alliance is to build a framework where we can use Ethereum, which has the largest developer based in the world, in a corporate setting.

"These large companies have compliance hurdles, legal hurdles and certain levels of bureaucracy where they have to check all the boxes before they can use a technology like this," Lombardi said.

The blockchain specification and its architectural stack promises greater transactional efficiency because it allows data to be taken "off-chain," or outside the primary blockchain ledger and processed in a separate database behind a firewall. The primary blockchain is then only used to validate completed transactions and can create a separate hash to represent the data offline for privacy and security.

Original Submission

Read more of this story at SoylentNews.


The percentage of open source code in proprietary apps is rising Help Net Security

The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging vulnerabilities in them, a recent report has shown. Compiled after examining the findings from the anonymized data of over 1,100 commercial codebases audited in 2017 by the Black Duck On-Demand audit services group, the report revealed that: 96 percent of the scanned applications contain open source components, with More

The post The percentage of open source code in proprietary apps is rising appeared first on Help Net Security.


To Treat Obesity, a Bioreactor Transforms Bad Fat Into Good Fat IEEE Spectrum Recent Content full text

With an outpatient procedure, doctors could give overweight people a metabolic boost Illustration: iStockphoto

It sounds like a medical magic trick. Obese people could have the source of their problemthe type of fat tissue that stores energy and thickens waistlinestransformed into the cure.

Heres how the wizardry would work. An overweight person would go to a clinic for a simple procedure in which a small scrap of bad white fat tissue would be sucked out of his belly. Doctors would stick that piece of tissue into an automated bioreactor, where it would get a chemical bath for about three weeks.

Within that machine, it would change into the good brown fat tissue that helps the body burn calories to stay warm. Then the patient would return to the clinic, and the scrap of tissue would be reinserted into his body. This transmogrified tissue would raise his metabolism and help him lose weight, even without the hard work of diet and exercise.

This vision comes from the startup Ardent Cell Technologies, the brainchild of Brian Gillette, formerly a bioengineer at Columbia University and now a researcher at NYU Winthrop Hospital.

The business model could resemble that of inkjet printers. It would be a device thats reusable, with single-use cartridges that handle each patients dose. Brian Gillette, Ardent Cell Technologies

His team is developing the bioreactor that performs the legerdemain. At first, Gillette imagines that the patients tissue would be placed in a cartridge and shipped to Ardent headquarters, where the bioreactor would do its work. Later on, he hopes to do away with the shipping and handling. Were trying to develop a device thats automated enough to be used in a clinic setting, Gillette tells IEEE Spectrum.

Gillette says the eventual business model could resemble that of inkjet printers. It would be a device thats reusable, with single-use cartridges that handle each patients dose, he says. You set up the device, then youre just ordering up these consumables for each patient.


A Beginners Guide to Proper Promotion Management TechWorm

Promotions done right can dramatically improve sales since up to half of all consumers make a purchase in response to a promotion. The hard part for e-commerce site managers is deciding what should be marked down and how to manage and advertise discounts. In this article, were going to lay down the basics of proper promotion management to help you make the most out of your promotions.

Define Your Objective

Why exactly are you considering sales promotions? Are you trying to increase sales volume? Are you trying to lure in new customers? Are you trying to grow faster? Do you want to reduce shopping cart abandonment rates and increase conversions?

The overall objective of the promotion will provide both an overview of how to market the promotion and the types of promotions to aim for in the first place. A single promotion may achieve more than one objective at once, but it cant do everything. Understand your main goal so you can target the right audience with the right incentives.

Do Your Research

Dont assume that doing what your rivals are doing will work for your customer base. An across-the-board 10% discount may not make a difference except cutting into your profit margin.

For example, while more than half of businesses polled agreed that flash sales were better received than regular sales by tapping into a sense of urgency, they didnt always work. Data analysis of customers buying history can give your organization insight as to which promotions have worked well in the past if youre targeting your current customer base.

Run the Numbers

Many businesses are afraid to offer discounts because it could destroy profit margins even as it increases sales. You need to make sure your sale doesnt cost you money overall. And you shouldnt mark things down to the point it hurts your brand. If the discounts are too great, customers may suspect goods are poor quality and not buy. Running sales too often can hurt your company if it trains loyal customers to wait until the next sale to buy.

Choose the Right Items to Promote

Promotions done right will boost sales volume. However, you dont have to promote everything. Consider promoting slow-selling and excess inventory. If you are cross-selling, align promotions for products that complement each other.



The operations and economics of organized criminal email groups Help Net Security

Nine of the 10 captured organized criminal email groups operate out of Nigeria, they all leverage a multitude of attack methods, and business email compromise (BEC) is far more lucrative than any other attack, according to Agari. BEC is the most common attack type, indicative of a growing risk since the average age of the accounts was more than four years old, but BEC did not emerge until less than two years ago. While much More

The post The operations and economics of organized criminal email groups appeared first on Help Net Security.


Reuters sources: US, China nearing deal to lift ZTE ban The Hill: Technology Policy

Washington and Beijing are moving toward a deal that would lift a U.S. ban on American companies selling components to Chinese telecommunications giant ZTE, Reuters reported Tuesday.While the deal has not been finalized, one source...


Google Duo finally rolls out the screen sharing feature for your smartphone! TechWorm

Follow the below steps to access the feature:

  1. Start a video call.
  2. Tap on the new screen-sharing icon, which is placed just above the camera-flip.
  3. After that Duo would ask for permission, a prompt will appear on your screen which says Duo will start capturing everything thats displayed on your screen. To continue click on Start now or else Cancel to exit. The prompt window will come up for every screen sharing session unless you specifically deny it by selecting the Dont show again option.
  4. Once you gave permission, a red outline will appear on your home-screen denoting the part of the screen you would be sharing, also a floating button will feature supporting pause/ resume and stop functionality. End screen sharing will take you back to the Duo call. Also, the red outline will turn blue in case your recording is being paused.

Quite simple!

So whats the fissure between the idea and the reality?

Definitely, this is a great tool and has the potential to engage large number of users but Google still has to tinker a lot before launching it widely. The excitement over it is very obvious but youll have to wait until this feature is made thoroughly functional.

The post Google Duo finally rolls out the screen sharing feature for your smartphone! appeared first on TechWorm.


Raspberry Pi Keeps Cool Hackaday

In general, heat is the enemy of electronics. [Christopher Barnatt] is serious about defeating that enemy and did some experiments with different cooling solutions for the Raspberry Pi 3. You can see the results in the video below.

A simple test script generated seven temperature readings for each configuration. [Barnatt] used a bare Pi, a cheap stick-on heatsink, and then two different fans over the heatsink. He also rigged up a large heatsink using a copper spacer and combined it with the larger of the two fans.

We arent sure if we would have used his methodology for these tests. The script executes quickly and it wasnt clear that the temperature rise was leveling off. We werent sure just how much this was loading the CPU either. However, the results matched up with what youd expect, so the script and data generation methods were probably fine.

The really interesting part to this wasnt so much the results. We expected a bigger fan to do better and bigger fan and heat sink to do best of all. However, it was interesting watching the way the different cooling systems were mounted on the Pi and powered. The final solution which was overkill anyway was not mounted in a way that would lend itself to deployment. But the rest of the fan and heatsink combinations could easily be adapted for real projects.

If you really want to get serious, you can always plunge the Pi in oil. Or mount a thermoelectric heat pump and dump the excess heat into a bucket of water. But for most of us, just about any of the fan solutions here will be more than enough.


LXQt 0.13 Released With More Improvements For This Lightweight Qt Desktop Phoronix

The developers working on the combined Razor-qt and LXDE desktop effort, LXQt, have rolled out their newest feature release...


Barcelona Is Leading The Fightback Against Smart City Surveillance SoylentNews

In 2015 Ada Colau, an activist with no experience in government, became mayor of Barcelona. She called for a democratic revolution, and for the last two years city hall, working with civic-minded coders and cryptographers, has been designing the technological tools to make it happen.

Their efforts have centred on two things. The first is opening up governance through participatory processes and greater transparency. And the second is redefining the smart city to ensure that it serves its citizens, rather than the other way around.

The group started by creating a digital participatory platform, Decidim ("We Decide", in Catalan). Now the public can participate directly in government as they would on social media, by suggesting ideas, debating them, and voting with their thumbs. Decidim taps into the potential of social networks: the information spreading on Twitter, or the relationships on Facebook. All of these apply to politics and Decidim seeks to channel them, while guaranteeing personal privacy and public transparency in a way these platforms don't.

"We are experimenting with a hybrid of online and offline participatory democracy," says Francesca Bria, Barcelona's Chief Technology and Digital Innovation Officer. "We used Decidim to create the government agenda over 70 per cent of the proposals come directly from citizens. Over 40,000 citizens proposed these policies. And many more citizens were engaged in offline collective assemblies and consultations."

Original Submission

Read more of this story at SoylentNews.


Qt 5.11 Released With A Big Arsenal Of Updates Phoronix

The Qt Company has managed to release Qt 5.11 one week ahead of schedule compared to its original road-map, which is quite a feat considering some of the past Qt5 release delays. Beyond that, Qt 5.11.0 is offering a big slab of improvements...


Thrones of Britannia Being Released For Linux Next Month Phoronix

Back in February the folks at Feral Interactive announced Thrones of Britannia would be coming to Linux, the latest in the Total War game franchise. They have confirmed today the Linux port will be out in June...


Libinput 1.11 Is Bringing With It Many Linux Input Improvements Phoronix

Within the libinput world, the 1.11 development cycle has been going on long with Libinput 1.10 having debuted in January. But this long development cycle is bringing with it many changes...


Linux 4.17 Lands Initial Spectre V4 "Speculative Store Bypass" For POWER CPUs Phoronix

Following yesterday's public disclosure of Spectre Variant Four, a.k.a. Speculative Store Bypass, the Intel/AMD mitigation work immediately landed while overnight the POWER CPU patch landed...


Purism Publishes Librem 5 Dev Kit Details, Small Batch Order Going In Soon Phoronix

Purism has published their nearly final specifications on their limited-run Librem 5 Dev Kit. The cutoff for ordering a developer kit is next week as they are placing their hardware order and planning on only this single, limited run of the developer kit prior to the phones becoming available next year...


Robots Fight Weeds in Challenge to Agrochemical Giants

Via: Reuters: In a field of sugar beet in Switzerland, a solar-powered robot that looks like a table on wheels scans the rows of crops with its camera, identifies weeds and zaps them with jets of blue liquid from its mechanical tentacles. Undergoing final tests before the liquid is replaced with weedkiller, the Swiss robot []


RADV Gets Fix For DXVK With World of Warcraft & Other Games Phoronix

If you have been experiencing rendering issues with the Vulkan-over-Direct3D "DXVK" layer while playing games on Wine and are using the RADV Vulkan driver, you may want to upgrade to the latest Git...


Despite US Criticism, Ukraine Cybercrime Chief Receives Few Piracy Complaints TorrentFreak

On a large number of occasions over the past decade, Ukraine has played host to some of the worlds largest pirate sites.

At various points over the years, The Pirate Bay, KickassTorrents, ExtraTorrent, Demonoid and raft of streaming portals could be found housed in the countrys data centers, reportedly taking advantage of laws more favorable than those in the US and EU.

As a result, Ukraine has been regularly criticized for not doing enough to combat piracy but when placed under pressure, it does take action. In 2010, for example, the local government expressed concerns about the hosting of KickassTorrents in the country and in August the same year, the site was kicked out by its host. main web server was shut down by the hosting provider after it was contacted by local authorities. One way or another Im afraid we must say goodbye to Ukraine and move the servers to other countries, the sites founder told TF at the time.

In the years since, Ukraine has launched sporadic action against pirate sites and has taken steps to tighten up copyright law. The Law on State Support of Cinematography came into force during April 2017 and gave copyright owners new tools to combat infringement by forcing (in theory, at least) site operators and web hosts to respond to takedown requests.

But according to the United States and Europe, not enough is being done. After the EU Commission warned that Ukraine risked damaging relations with the EU, last September US companies followed up with another scathing attack.

In a recommendation to the U.S. Government, the IIPA, which counts the MPAA, RIAA, and ESA among its members, asked U.S. authorities to suspend or withdraw Ukraines trade benefits until the online piracy situation improves.

Legislation is needed to institute proper notice and takedown provisions, including a requirement that service providers terminate access to individuals (or entities) that have repeatedly engaged in infringement, and the retention of information for law enforcement, as well as to provide clear third party liability regarding ISPs, the IIPA wrote.



France, China, and the EU All Have an AI Strategy. Shouldnt the US? Lifeboat News: The Blog

France isnt alone. Last month, the European Unions executive branch recommended its member states increase their public and private sector investment in AIt also pledged billions in direct research spending. Meanwhile, China laid out its AI plan for global dominance last year, a plan that has also been backed up with massive investment. Chinas goal is to lead the world in AI technology by 2030. Around the world, our global economic competitors are taking action on artificial intelligence.

Opinion: Rep. John K. Delaney argues that if the United States wants a prosperous economy, it needs a national plan for artificial intelligence.


SpaceX to Launch 5 Iridium Next and 2 GRACE Satellites Today: Tuesday May 22 @ 19:47:58 UTC SoylentNews

Spaceflightnow reports on the next launch of the SpaceX Falcon 9 Rocket (11 hours from the time this story posts):

Falcon 9 Iridium Next 51-55 & GRACE Follow-On
Launch time: 1947:58 GMT (3:47:58 p.m. EDT; 12:47:58 p.m. PDT)
Launch site: SLC-4E, Vandenberg Air Force Base, California
A SpaceX Falcon 9 rocket will launch five satellites for the Iridium next mobile communications fleet and two Gravity Recovery and Climate Experiment Follow-On (GRACE Follow-On) satellites for NASA and the German Research Centre for Geosciences (GFZ). The Falcon 9 rocket will launch with a previously-flown first stage.

As it usually does, SpaceX has a live feed page up on YouTube which also notes:

A backup instantaneous launch opportunity is available on Wednesday, May 23 at 12:42 p.m. PDT, or 19:42 UTC.

[...] SpaceX will not attempt to recover Falcon 9's first stage after launch.

Original Submission

Read more of this story at SoylentNews.


New Spectre (Variant 4) CPU Flaw DiscoveredIntel, ARM, AMD Affected The Hacker News

Security researchers from Microsoft and Google have discovered a fourth variant of the data-leaking Meltdown-Spectre security flaws impacting modern CPUs in millions of computers, including those marketed by Apple. Variant 4 comes weeks after German computer magazine Heise reported about a set of eight Spectre-class vulnerabilities in Intel CPUs and a small number of ARM processors, which may


Tech giants are all working on new Spectre and Meltdown attacks, so-called variant 3 and variant 4 Security Affairs

Yesterday AMD, ARM, IBM, Intel, Microsoft and other major tech firms released updates, mitigations and published security advisories for two new variants of Meltdown and Spectre attacks.

Spectre and Meltdown made the headlines again, a few days after the disclosure of a new attack technique that allowed a group of researchers to recover data from the  System Management Mode (SMM) memory, IT giants release security updates and mitigations for two new variants of the speculative execution attack methods.

Lets make a recap of the of the two flaws:

The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data.

The Meltdown attack could allow attackers to read the entire physical memory of the target machines stealing credentials, personal information, and more.

The Meltdown exploits the speculative execution to breach the isolation between user applications and the operating system, in this way any application can access all system memory.

The Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also be exploited to extract information from its own process via code, for example, a malicious JavaScript can be used to extract login cookies for other sites from the browsers memory.

The Spectre attack breaks the isolation between different applications, allowing to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.

Meltdown attacks trigger the CVE-2017-5754 vulnerability, while Spectre attacks the CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). According to the experts, only Meltdown and Spectre Variant 1 can be addressed via software, while Spectre Variant 2 required an update of the microcode for the affected processors. Software mitigations include.

In February white hat hackers at Google Project Zero and Microsoft discovered a new attack dubbed Variant 4 (CVE-2018-3639).

In May, a German website revealed that Intel along other vendors had been working on security updates for a new set of 8 of Spectre vulnerabilities, so-called Spectre-NG.

The new eight Spectre-NG vulnerabilities in Intel CPUs also affect some ARM processors, at the time of writing the researchers only disclosed to the German computer magazine Heise the partial details of the vulnerabili...


Chamber of Commerce Lies About the United States Like It Lies About Other Countries for the Sole Purpose of Patent Maximalism Techrights

The US Chamber of Commerce International IP Index

Summary: When pressure groups that claim to be US actively bash and lie about the US one has to question their motivation; in the case of the Chamber of Commerce, its just trying to perturb the law for the worse

THE Cult of Patents (patent maximalism) has infected the EPO, whereas the USPTO disinfected itself some years ago. But the cult strikes back and we nowadays see front groups such as CIPU amplifying misleading propaganda from think tanks and bullies (like the Chamber of Commerce). They had been doing it to India for a number of years (because software patents are not allowed in India and the same goes for patents on life/nature).

Do not be misled by US in their names; the Chamber of Commerce and USTR do not represent the US; they represent a few people in the US, usually to the detriment of the republic.This morning we saw the article US leads the way in Madrid trade mark filing and another new one titled US Patent System Remains 1st In The World, Despite Errors In Chamber Rankings (by Josh Landau, the Patent Counsel at the CCIA, where he represents and advises the association regarding patent issues, according to his biography).

We already wrote several responses to these Chamber of Commerce lies; others too have complained about these lies. The Chamber basically shames the US in an effort to change patent policy for the worse. Here are parts of Landaus response:



A Parallel Port Synthesiser For Your DOS PC Hackaday

It is a great shame that back in the days when a typical home computer had easy low-level hardware access that is absent from todays machines, the cost of taking advantage of it was so high. Professional PCBs were way out of reach of a home constructor, and many of the integrated circuits that might have been used were expensive and difficult to source in small quantities.

Here in the 21st century we have both cheap PCBs and easy access to a wealth of semiconductors, so enthusiasts for older hardware can set to work on projects that would have been impossible back in the day. Such an offering is [Serdef]s Tiny Parallel Port General MIDI Synthesizer for DOS PCs, a very professionally produced synth that you might have paid a lot of money to own three decades ago.

At its heart is a SAM2695 synthesiser chip, and the board uses the parallel port as an 8-bit I/O port. The software side is handled by a TSR (a Terminate and Stay Resident driver loaded at startup, for those of you who are not DOS aficionados), and there are demonstrations of it running with a few classic games.

If the chip used here interests you, you might like to look at a similar project for an Arduino. The Kickstarter we covered is now long over, but you can also find it on GitHub.


Microsoft, Google: We've Found a Fourth Data-Leaking Meltdown-Spectre CPU Hole SoylentNews

Arthur T Knackerbracket has found the following story:

[...] The fourth variant can be potentially exploited by script files running within a program such as JavaScript on a webpage in a browser tab to lift sensitive information out of other parts of the application such as personal details from another tab.

According to Intel, mitigations already released to the public for variant 1, which is the hardest vulnerability to tackle, should make attacks leveraging variant 4 much more difficult. In other words, web browsers, and similar programs with just-in-time execution of scripts and other languages, patched to thwart variant 1 attacks should also derail variant 4 exploits.

[...] If the processor core, while looking ahead in a program, finds an instruction that loads data from memory, it will predict whether or not this load operation is affected by any of the preceding stores. For example, if a store is writing to memory that a later load fetches back from memory, you'll want the store to complete first. If a load is predicted to be safe to run, the processor executes it speculatively while other parts of the chip are busy with store operations and other code.

That speculative act involves pulling data from memory into the level-one data cache. If it turns out the program should not have run the load before a store, it's too late to unwind the instruction flow and restart it: part of the cache was touched based on the contents of the fetched data, leaving enough evidence for a malicious program to figure out that fetched data. Repeat this over and over, and gradually you can copy data from other parts of the application. It allows, say, JavaScript running in one browser tab to potentially snoop on webpages in other tabs, for instance.

-- submitted from IRC

Original Submission

Read more of this story at SoylentNews.


The Pirate Bay to be blocked by Telenor Sweden TechWorm

ISP Telenor To Block The Pirate Bay Site In Sweden

Telenor, the Norwegian Internet Service Provider (ISP), who for long has refrained from blocking access to the Swedish file-sharing website, The Pirate Bay, despite demands from the music and film industry associations, has now decided to voluntarily block the pirate website, reports TorrentFreak.

The move by Telenor to block The Pirate Bay is not due to the direct court order issued against the company but due to its merger of Bredbandsbolaget, one of Swedens largest ISPs owned by Telenor, who in the past was ordered to block the unpopular torrent site. Bredbandsbolaget was acquired by Telenor in 2005.

For those unaware, back in 2014, record labels such as Universal Music, Sony Music and Warner Music had collaborated with Nordisk Film and the Swedish Film Industry to file a lawsuit against Bredbandsbolaget.

The copyright holders had asked the Stockholm District Court to direct the ISP to block access to The Pirate Bay as well as streaming site Swefilmer, as they believed that the provider knowingly assisted the pirated users in accessing the pirate platforms.

However, the ISP opposed the entertainment companies demand to block content and services and sent a determined response to the Court.

Bredbandsbolagets role is to provide its subscribers with access to the Internet, thereby contributing to the free flow of information and the ability for people to reach each other and communicate, the company said in a statement.

Bredbandsbolaget does not block content or services based on individual organizations requests. There is no legal obligation for operators to block either The Pirate Bay or Swefilmer.

When the copyright holders and Bredbandsbolaget met in court in February 2015, the latter argued in favor of the important principle that ISPs should not be held responsible for content exchanged over the Internet, similarly like the postal service who is not responsible for the contents of an envelope.

Further, in November 2015, the Stockholm District Court decided that the copyright holders could not force Bredbandsbolaget to block the pirate sites, as the ISPs operations did not amount to involvement in the copyright infringement offenses carried out by some of its pirate subscribers.

The case later went to appeal where the arguments were heard by the new Patent and Market Court of Appeal. In February 2017, it overruled the earlier ruling of the District Court and ordered Bredbandsbolaget to implement technical measures to stop its customers from gaining access to the pirate sites through several domain names and URLs.

The decision left Bredbandsbolaget and owner Telenor with no alternative and they had to go for site-blocking.

It is a dangerous path...


The FBI Is in Crisis. It's Worse Than You Think Terra Forming Terra

The sheer amount of damage that the FBI is able to inflict on an American citizen makes it an obvious target for political operatives wanting to protect government racketeering.  Thus the severe manipulation that occured during the past decade in particular.

Recall that until Hoover's death, the FBI was his feifdom and he alone had the goods on every politician. Sccessors were political appointees looking to establish a similar rule. Hardly a healthy situation.

Then it slipped under the Obama Administation and it was game on.  Lifers worked around it all but we see many compromised.

I will add that the other agencies are not so potentially dangerous at all  with perhaps the exception of the IRS and that particularly includes the CIA.   This is going to take a radical rethink in terms of oversight.  Perhaps it will demand an intenal rule of twelve before it becomes safe.

The FBI Is in Crisis. It's Worse Than You Think

May 3, 2018

In normal times, the televisions are humming at the FBIs 56 field offices nationwide, piping in the latest news as agents work their investigations. But these days, some agents say, the TVs ar...


NASA | The Search for Humans Original Home Terra Forming Terra

This is a worthwhile survey of the topic and the likelihood that most of it is true improves each year as we assemble more evidence.

My own work now informs me that life itself self actuated as a self replicating digital complex in so called Dark Matter or second tier matter.  This life form analogous to the Conway's game Life that uses a couple of simple rules to produce replication evolved into what we identify as our spirit bodies and recognize as our sub conscious.  

This life form then proceeded to construct third tier life in prospective environments and advanced their evolution or choices of reproductive variation.  I anticipate that the knowledge was shared throughout the universe and applied uniformly. 

Add in that every planet is hollow ( this may be too much for you - arclein) and a prospective abode and we have multiple lifeforms in our own solar system.  Throw in that every Galaxy is a universe in practical effect and we live in a meta universe of universes we can actually see and share information with.  It my turn out impossible to transit to another galaxy using wormholes.

With ample potential alien DNA to work with, it makes perfect sense to advance...


The Mirror Effect Of An Empath Terra Forming Terra


This is interesting as it takes note of our auto response to different individuals.  Instantly disliking someone is patently stupid.Yet it commonly happens. Thus we need to learn to be on guard.

This happens in other ways as well and we need to be conscious of the effect. 

The best defense is to have another individual also interview person.  Doing that will likely make both of you properly objective.  Intuition is useful but it can also bite.

The Mirror Effect Of An Empath

We have all experienced it, being around someone who has either taken an instant dislike to us, or a bizarre resentment suddenly appears in those we have known for some time.

There may be no clear reason for this change in their behaviour. No matter whether they try to hide their feelings or not, an Empath can sense their loathing and it does not feel good!

Someone taking a dislike to another is a completely normal and acceptable part of life. We are all different and there will always be some people we do not get along with, whether Sensitive or not.

What is often baffling to the Empath is why some people act in an animostic way towards them, when they know they are a likeable and trustworthy person.


This Amazing New Milk Is Going to Change Everything Terra Forming Terra

This is huge of course.  It has already flown past the sniff test and is on the way to acceptance.

What how has to happen is that this market acceptance needs to expand and I certainly am a believer.  After that, we need to see how it responds to the whole range of milk fermentation products as well.  It may also be used to blend with cow's milk as well.

It was used as part of the rotation and consumed as animal feed when I grew up.  In fact, it was the only grain then fed cattle. Pigs ate it as chop and our dog even became a fan.

This Amazing New Milk Is Going to Change Everything 

It doesnt hurt cows, guzzle water, or ruin the soil. 

Cristina Span


In late 2016, the Swedish company Oatly set up pr...


Forget Earth-LikeWell First Find Aliens on Eyeball Planets - Facts So Romantic Nautilus

Artists conception of a hot Eyeball planet. The permanent day side is sun-baked and dry. The permanent night side is covered with ice. In between lies a thin habitat: the ring of life.Illustration by Beau.TheConsortium

Imagine a habitable planet orbiting a distant star. Youre probably picturing a variation of Earth. Maybe its a little cloudier, or covered in oceans. Maybe the mountains are a little higher. Maybe the trees are red instead of green. Maybe there are scantily clad nativesOK, lets stop there.

That image may very well be completely off-base. There is good reason to think that the first potentially life-bearing worlds that are now being detected around other stars (see here for example) probably look very different than Earth. Rather, these planets are more likely to look like giant eyeballs whose gaze is forever fixed on their host stars (which is not something I recommend doing with your own eyeballs). 

Lets take a step back. The easiest planets to find are those that orbit close to their stars. The sweet spot for finding a habitable planetwith the same temperature as Earthis on a much smaller orbit than Earths around a star much fainter than the Sun.
Read More


[SECURITY] [DSA 4206-1] gitlab security update Bugtraq

Posted by Moritz Muehlenhoff on May 21

Debian Security Advisory DSA-4206-1 security () debian org Moritz Muehlenhoff
May 21, 2018

Package : gitlab
CVE ID : CVE-2017-0920 CVE-2018-8971...


TheMoon botnet is now leveraging a zero-day to target GPON routers Security Affairs

Security experts from Qihoo 360 Netlab discovered the operators behind the TheMoon botnet are now leveraging a zero-day exploit to target GPON routers.

Researchers from security firm Qihoo 360 Netlab reported that cybercriminals are continuing to target the Dasan GPON routers, they recently spotted threat actors using another new zero-day flaw affecting the same routers and recruit them in their botnet.

At the time of writing, there arent further details on the vulnerabilities exploited by attackers in the wild, Qihoo 360 Netlab experts only confirmed that the exploit code they tested worked on two models of GPON routers.

The security firm has refused to release further details on this flaw to prevent more attacks but said it was able to reproduce its effects.

Experts discovered the operators behind the TheMoon botnet are now leveraging the zero-day exploit to target GPON routers. The activity of the TheMoon botnet was first spotted in 2014, and since 2017 its operators added to the code of the bot at least 6 IoT device exploits.

A very special thing about this round is the attacking payload. It is different from all previous ones, so it looks like a 0day. reads the analysis published by Netlab.

And we tested this payload on two different versions of GPON home router, all work. All these make TheMoon totally different, and we chose NOT to disclose the attack payload details.

GPON routers

TheMoon isnt only the last botnet targeting Dasan GPON routers, in a previous analysis shared by Netlab, the experts confirmed that Hajime, Mettle, Mirai, Muhstik, and Satori botnets have been exploiting the CVE-2018-10561 and...


Pupils Find Spellchecker 'Cheat' in Literacy Test SoylentNews

Schools are to be given advice on how to disable a glitch that allows pupils sitting online spelling tests to right-click their mouse and find the answer.

[...] A spokesman said the issue was not with the Scottish National Standardised Assessments (SNSA) but with browser or device settings on some machines.

Former head teacher George Gilchrist tweeted about the issue after it emerged primary seven pupils were using the online spellchecker on the test.

He wrote: "SNSA P7 spelling. Pupils asked to correct spelling of words. P7 pupils worked out if you right click on your answer, the computer tells you if it is correct! Brilliant! "

Introduced in 2017, the spelling test asks children to identify misspelt words.

However, on some school computers the words were highlighted with a red line. Pupils who right-clicked on the words were then able to access the correct spelling.

Original Submission

Read more of this story at SoylentNews.


Dual SDR Receives Two Bands at Once Hackaday

There was a time when experimenting with software defined radio (SDR) was exotic. But thanks to cheap USB-based hardware, this technology is now accessible to anyone. While it is fun to play with the little $20 USB sticks, youll eventually want to move up to something better and there are a lot of great options. One of these is SDRPlay, and they recently released a new piece of hardware RSPduo that incorporates dual tuners.

Weve talked about using the SDRPlay before as an upgrade from the cheap dongles. The new device can tune either a single 10 MHz band over the range of 1 kHz to 2 GHz, or you can select two 2 MHz bands. This opens up a lot of applications where you need to pick up signals in different areas of the spectrum (e.g., monitoring both sides of a cross-band repeater).

You may wonder how you can take advantage of the two tuners with software. Theres an online review that covers how the software works with the dual tuners. You can also see a video from [SevenFortyOne] that shows the radio in use.

In addition to dual band receive, a unit like this could be useful in building systems for cognitive radio, diversity reception, reducing noise, and radio location. You can find a spec sheet for the device which shows it has a 14-bit converter and several antenna, filter, and reference clock options.

You might think that for almost $300 you could buy more than one USB dongle and get the same result. There are a number of advantages to using the RSPduo, though. First, the performance of the RSPduo with its expanded converters and built-in filters will be better. It also has a wider frequency range than a cheap dongle. However, for any application where you want to understand the relationship between the two signals, using multiple USB devices will be tricky if not impossible. With the RSPduo, the data is on a single USB interface, so the data are correlated with no additional effort.

Not that it isnt possible to use multiple USB devices, just harder. The RSPduo is very similar to the companys earlier offereings, with the addition of an extra tuner. If you want to see how to use the RSPduos cousin, we did a GNURadio tutorial on the SDRPlay.



30-Year Study Says Childhood Acute Leukaemia 'Partly Caused by Lack of Infection' SoylentNews

This bit of possibly counter-intuitive finding from The Guardian:

Childhood acute leukaemia, says the highly respected Prof Mel Greaves, is nothing to do with power lines or nuclear fuel reprocessing stations. Nor is it to do with hot dogs and hamburgers or the Vatican radio mast, as have also been suggested. After the best part of a century of speculation, some of it with little basis in science, Greaves who recently won the Royal Society's prestigious Royal Medal says the cancer is caused by a combination of genetic mutations and a lack of childhood infection... [P]art of the answer could be to ensure children under the age of one have social contact with others, possibly at daycare centres.

[...] Greaves describes a "triple whammy" that he believes is the cause [of acute lymphoblastic leukaemia]. One in 20 children, he says, are born with a genetic mutation that puts them potentially at risk. But they will be fine if their immune system is properly set up. For that to happen, they must encounter benign bacteria or viruses in their first year of life. Those whose immune systems are not fully functioning because they have not had an early challenge to deal with and who then later encounter an infection such as a cold or flu may develop a second genetic mutation that will make them susceptible to the cancer.

Also at Discovery Medicine as "A Paradox of Progress?" and Science Magazine as "Study May Explain Mysterious Cancer - Day Care Connection".

Original Submission

Read more of this story at SoylentNews.


20 Practical Ruby Loop Command Examples For, Each, While, Until The Geek Stuff

Looping through stuff is an important aspect of any programming language. In several of our previous tutorials, we explained in detail various loops including python for loop, for loops in c programming, loops in awk scripting, loops in bash shell scripting, etc. The focus of this article is on how to loop through stuff in []


Why a Robot Cant Yet Outjump a Flea IEEE Spectrum Recent Content full text

When it comes to things that are ultrafast and lightweight, robots can't hold a candle to the fastest-jumping insects and other small-but-powerful creatures.

A tiny robot designed by Associate Professor Sarah Bergbreiter of the A. James Clark School of Engineering. A tiny robot designed by Associate Professor Sarah Bergbreiter of the A. James Clark School of Engineering.

When it comes to things that are ultrafast and lightweight, robots can't hold a candle to the fastest-jumping insects and other small-but-powerful creatures.

New research published in the journal Science could help explain why nature still beats robotsand describes how machines might take the lead. The multi-institutional team of authors includes Associate Professor Sarah Bergbreiter, who studies microrobotics at the University of Marylands A. James Clark School of Engineering.

Take the smashing mantis shrimp, a small crustacean not much bigger than a thumb. Its hammer-like mouthparts can repeatedly deliver 69-mile-per-hour wallops more than 100 times faster than the blink of an eye to break open hard snail shells.

Or the unassuming trap-jaw ant: in a zero-to-60 matchup, even the fastest dragster would have little chance against its snapping mandibles, which reach speeds of more than 140 miles per hour in less than a millisecond to nab their prey.

One of the fastest accelerations known on Earth is the hydras sting. These soft-bodied aquatic creatures defend themselves with help from capsules along their tentacles that act like pressurized balloons. When triggered, they fire a barrage of microscopic poison spears that briefly accelerate 100 times faster than a bullet.

In Science, the researchers describe a new mathematical model that could help explain how these and other tiny organisms generate their powerful strikes, chomps, jumps, and punches. The model could also suggest ways to design small, nature-inspired robots that come closer to their biological counterparts in terms of power or speed.

The secret to these organisms explosive movements isnt powerful muscles, but rather spring-loaded parts they can cock and release like an archers bow, said Sheila Patek, associate professor of biology at Duke University.

Tough yet flexible tendons, cuticles, and other elastic structures stretch and release like slingshots, powering their jumps and snaps.

However, its not clear how these mechanisms work together to enhance power, said Mark Ilton, a postdoctoral fellow at the University of Massachusetts Amherst.

While traditional mathematical models of performance take into account the inherent physical tr...


SpaceX's "Load-and-Go" Procedure "Viable" SoylentNews

SpaceX's controversial rocket fueling procedure appears 'viable,' says NASA safety advisory panel

A NASA safety advisory group weighed in Thursday on SpaceX's highly scrutinized proposal to load rocket propellants while astronauts are aboard, saying it appears to be a "viable option."

Several members of the Aerospace Safety Advisory Panel said that as long as potential hazards can be controlled, loading crew before fueling is finished could be acceptable.

"My sense is that, assuming there are adequate, verifiable controls identified and implemented for the credible hazard causes, and those which could potentially result in an emergency situation ... it appears load-and-go is a viable option for the program to consider," panel member Capt. Brent Jett Jr. (Ret.) said during Thursday's meeting.

SpaceX and Boeing Co. each have NASA contracts to develop separate crew capsules to transport astronauts to the International Space Station. Both SpaceX and Boeing are scheduled to conduct uncrewed flight tests of their vehicles in August, with crewed flight tests set for several months later.

A Falcon 9 blew up during propellant loading in 2016.

Previously: NASA Advisory Committee Skeptical of SpaceX Manned Refueling Plan

Related: SpaceX Identifies Cause of September Explosion
Problems With SpaceX Falcon 9 Design Could Delay Manned Missions

Original Submission

Read more of this story at SoylentNews.


T Europa Could Host Alien Life Lifeboat News: The Blog

Jupiters moon Europa could host alien life deep within its icy oceans.


This and That Not Even Wrong

Ive been trying to find time to write about some books Ive been reading. Maybe later this week. In the meantime, some things that may be of interest:

  • This week in Norway there will be various events in celebration of the 2018 Abel Prize awarded to Langlands (see here). If you want to find out the latest ideas from Langlands about geometry and the Langlands program, you better be able to read Russian, so you can read this.

    Langlands will give a lecture on Wednesday, on the geometric theory, followed by lectures from Jim Arthur and Edward Frenkel (streamed here). One would think that this would be a good opportunity for non-Russian readers to find out what Langlands is up to, but it wouldnt surprise me if Langlands lectures in Norwegian

    This fall the University of Minnesota will host an Abel conference, dedicated to Langlands and his work.

  • Last week the IHES hosted a conference in honor of Roger Godement. Videos of the talks are now available here. The stories of how his political engagement played out in the context of his professional life were something I had never heard about. For instance, I had missed the Postface (French version, English version) to one of his textbooks on analysis.
  • The Stacks Project has a new website, some discussion of the changes is here.
  • Its the 50th anniversary of the Veneziano model and thus the birth of string theory, so various celebrations are going on this year, including this recent one. From the history as given in the talks there, no one would know that this is an idea that didnt work out (twice, actually).
  • Theres a very interesting interview with John Preskill at ycombinator.
  • A correspondent pointed me to the following, from a review by Alan Lightman of Carlo Rovellis latest, in the New York Times book review. Lightman disagrees with Rovelli on the low entropy problem of cosmology, suggesting instead that the multiverse is the answer:

    One possibility, entertained by a number of leading physicists, is that there are lots of universes, the so-called m...


Online Logic Simulator Is Textual No, Graphical Hackaday

We have a bit of a love/hate relationship with tools in the web browser. For education or just a quick experiment, we love having circuit analysis and FPGA tools at our fingertips with no installation required. However, we get nervous about storing code or schematics we might like to keep private in the cloud. However, looking at [Lode Vandevennes] LogicEmu, we think it is squarely in the educational camp.

You can think of this as sort of Falstad for logic circuits (although dont forget Falstad does logic, too). The interface is sort of graphical, and sort of text-based, too. When you open the site, youll see a welcome document. But it isnt just a document, it has embedded logic circuits in it that work.

The problem is though that they arent conventional symbols. A switch is an s and an LED is an l, for example. An AND gate is an a in a box. An A in a box is a NAND gate (and, yes, an O is a NOR gate). This is a little unsettling, but you get used to it quickly and when you see how to create your own circuits, youll understand why it is like this.

Across the top of the page are some drop down boxes. You can open help documents or example circuits there. You can also navigate through the list with the arrow buttons in that row. Theres an import button and a link to GitHub.

The second row controls the operation of the live circuits. In sequential mode, the clock runs free and the ticks in the middle of the row increase steadily. Combinatorial mode holds the clock until you click on something like a switch and then does one tick. The electron mode is slower and works for certain feedback loops. Finally, the investigate mode runs under your command and does not introduce randomness that electron mode does to disturb flip flop metastability.

The next three buttons are straightforward. They control the clock tick. The boxes after the clock tick count are where you can start seeing why the text-based format is useful. You can change the graphical dropdown to text and see that all the graphics are really just embellishments of ordinary characters. Wires, for example, are dashes, stars, slashes, and other semi-graphical characters. The help explains it all.

If you press edit, youll get a simple text editing box and you can make your changes or do a new circuit. You can also copy and paste from here to save your circuits for a later import. The change drop down lets you modify a game into something else at run time, but you cant alter things like wires.

You can run any of the examples and get a good feel for how i...

12:00 1GB KVM from $1.87/mo and more! Low End Box

Sergey from has sent over their second ever offer to LowEndBox! Theyve been around since 2011 when we posted their first offer and are happy they are back today!

Theyre a registered company in the state of Delaware, USA (#4921432). They accept PayPal, Webmoney, Interkassa (Coins), Robokassa (Cards). You can find their ToS/Legal Documents here.

In their own words: 

VDS6.NET opened its doors in late 2011. We have been around LowEndBox community a long time ago and started with offering NATed and IPv6 only FreeBSD jail servers. Since then we have opened up a few new locations, switched to KVM virtualization and would like to offer some new deals to the low-end community.

Heres the offer: 

  • 1GB RAM
  • 1 x CPU
  • 10GB SSD
  • 0.50TB Transfer
  • 1Gbps Uplink
  • 1 x IPv4
  • IPv6 Available
  • KVM/VMmanager
  • Discount Code: VDS6-2018-NL1
  • $1.87/month
  • [ORDER]
  • 2GB RAM
  • 1 x CPU
  • 20GB SSD
  • 1TB Transfer
  • 1Gbps Uplink
  • 1 x IPv4
  • IPv6 Available
  • KVM/VMmanager
  • Discount Code: VDS6-2018-NL1
  • $3.75/month
  • [ORDER]
  • 3GB RAM
  • 2 x CPU
  • 30GB SSD
  • 1.5TB Transfer
  • 1Gbps Uplink
  • 1 x IPv4
  • IPv6 Available
  • KVM/VMmanager
  • Discount Code: VDS6-2018-NL1
  • $5.62/month
  • [ORDER]
  • 4GB RAM
  • 2 x CPU
  • 40GB SSD
  • 2TB Transfer
  • 1Gbps Uplink
  • 1 x IPv4
  • IPv6 Available
  • KVM/VMmanager
  • Discount Code: VDS6-2018-NL1
  • $7.50/month
  • [ORDER]



Hawaii Lava Approaches Geothermal Power Plant

Via: Reuters: Lava from the erupting Kilauea volcano on Hawaiis Big Island flowed towards a geothermal power plant on Monday as workers scrambled to shut it down to prevent the uncontrollable release of toxic gases. It was the latest danger from Mount Kilaueas eruption, which geologists says is among the worst events in a century []


Theres New Evidence for the Mysterious Planet Nine Lifeboat News: The Blog

The strange orbit of a distant object is likely due to a massive, undiscovered ninth planet traveling deep beyond Neptune, according to new models.


A little-known feature in Google Maps lets you explore our local solar system heres how to visit Mercury, Venus, and other planets and moons in Google Maps Lifeboat News: The Blog

Most people just use Google Maps to get directions from A to B, but its also an incredible educational tool in its own right.

Using Google Maps is a great way to learn more about the various cities and countries around the world. But many people might not know that Google Maps can also be used to explore other worlds besides Earth.

Thats right: If you visit Google Maps and zoom out far enough, youll have the option to explore several planets and moons in our own solar system.


Plants Work Out Which Way is Up SoylentNews

Plants know which direction is up, but it was never entirely clear how they know. A brief blurb in the most recent Science summarizes a paper that shows how plants are able to use built-in tilt meters they have in their cells.

Gravity-sensing cells in plants contain tiny grains of starch called statoliths. The orientation of the statoliths changes with the plant's orientation. The gravity-sensing cells respond to even the slightest tilt off of the established plane. Plant statoliths seem to evade the rules of physics that govern other granular materials. In live-cell imaging of young wheat shoots, Brut et al. observed that statolith piles behave more like slowly creeping liquids than like granular accumulations. The reason is that the individual statoliths are always jiggling around, perhaps because of interactions with the plant cytoskeleton.

Paper reference: 10.1073/pnas.1801895115 (2018)

Original Submission

Read more of this story at SoylentNews.


[$] Using GitHub Issues for Python

In a 2018 Python Language Summit talk that was initially billed as "Mariatta's Topic of Mystery", Mariatta Wijaya described her reasoning for advocating moving Python away from its current bug tracker to GitHub Issues. She wanted to surprise her co-attendees with the talk topic at least partly because it is somewhat controversial. But it would complete Python's journey to GitHub that started a ways back.


Spectre Variants 3A & 4 Exposed As Latest Speculative Execution Vulnerabilities Phoronix

Spectre Variants 3A and 4 are now public as the newest speculative execution vulnerabilities affecting many CPUs and with the mitigations also expected to affect performance. Initial Linux kernel patches are available...


HPR2557: Styx -- The Purely Functional Static Site Generator Hacker Public Radio

I switched phones, and complained about the microphone. It probably made a greater difference that I was recording in 16 kHz Vorbis, because I was on a fresh install of Audio Recorder. Always double-check your settings, and apologies for the quality. I am currently in the process of converting our website from Hugo to Styx. Styx is s static site generator written entirely in the Nix language. It is able to figure out exactly what pages need to be rebuilt depending on what you changed in your page source and data sources, and all intermediate results are stored in the Nix store. The parsing of AsciiDoc and (multi)Markdown is done by external tools, but the templating and layouts is all Nix. I thought I may have dreamed the bit about carnix or buildRustPackage parsing TOML within Nix, because I couldnt find any evidence of them ever having done that. But then I discovered it was in nixpkgs-mozilla I had seen it! Thats Mozillas overlay for nixpkgs, which makes Rust Nightly always available in Nix, so its kind of Nixs rustup equivalent. So yeah, I guess I had dreamed who did it, but not that somebody did it. :-)


Hillicon Valley: Mnuchin urges antitrust review of tech | Progressives want to break up Facebook | Classified election security briefing set for Tuesday | Tech CEOs face pressure to appear before Congress The Hill: Technology Policy

The Cyber and Tech Overnights have joined forces to give you Hillicon Valley, The Hill's new comprehensive newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. Welcome! Follow the cyber...


Treasury Secretary Responds to CBS 60 Minutes Report on Google SoylentNews

Mnuchin on Google and tech monopolies: 'You have to look at the power they have'

Treasury Secretary Steve Mnuchin on Monday joined the growing chorus of government officials concerned about tech monopolies. When asked if Google is a monopoly, Mnuchin said, "These are issues that the Justice Department needs to look at seriously not for any one company but obviously as these technology companies have a greater and greater impact on the economy, I think that you have to look at the power they have," Mnuchin told CNBC's "Squawk Box." Mnuchin acknowledged that antitrust matters don't fall under his jurisdiction, but said someone ought to be looking.

His comments come on the heels of a "60 Minutes" segment on Google's unparalleled market share in online search. The Sunday night spot included an interview with Jeremy Stoppelman, co-founder of Yelp, which he said "would have no shot" if it were being built today.

Also at Bloomberg.

Original Submission

Read more of this story at SoylentNews.


Sweden Distributes Be Prepared for War Leaflet to All 4.8 Million Homes

Via: Guardian: The Swedish government has begun sending all 4.8m of the countrys households a public information leaflet telling the population, for the first time in more than half a century, what to do in the event of a war. Om krisen eller kriget kommer (If crisis or war comes) explains how people can secure []


Fail of the Week: The Semiconductor Lapping Machine That Cant Lap Straight Hackaday

It seemed like a good idea to build a semiconductor lapping machine from an old hard drive. But theres just something a little off about [electronupdate]s build, and we think the Hackaday community might be able to pitch in to help.

For those not into the anatomy and physiology of semiconductors, getting a look at the inside of the chip can reveal valuable information needed to reverse engineer a device, or it can just scratch the itch of curiosity. Lapping (the gentle grinding away of material) is one way to see the layers that make up the silicon die that lies beneath the epoxy. Hard drives designed to spin at 7200 rpm or more hardly seem a suitable spinning surface for a gentle lapping, but [electronupdate] just wanted the platter for its ultra-smooth, ultra-flat surface.

He removed the heads and replaced the original motor with a gear motor and controller to spin the platter at less than 5 rpm. A small holder for the decapped die was fashioned, and pinched between the platter hub and an idler. It gently rotates the die against the abrasive-covered platter as it slowly revolves. But the die wasnt abrading evenly. He tried a number of different fixtures for the die, but never got to the degree of precision needed to see through the die layer by layer. We wonder if the weight of the die fixture is deflecting the platter a bit?

Failure is a great way to learn, if you can actually figure...


RFC: LWN's draft updated privacy policy

It is the season for web sites to be updating their privacy policies and obtaining consent from their users for whatever data they collect. LWN, being short of staff with the time or interest to work in this area, is rather late to this game. The first step is an updated privacy policy, which we're now putting out for review. Little has changed from the current version; we still don't collect much data, share data with others, or attempt to monetize what we have in any way. We would like to ask interested readers to have a look and let us know about any potential problems they see.


Spectre variants 3a and 4

Intel has, finally, disclosed two more Spectre variants, called 3a and 4. The first ("rogue system register read") allows system-configuration registers to be read speculatively, while the second ("speculative store bypass") could enable speculative reads to data after a store operation has been speculatively ignored. Some more information on variant 4 can be found in the Project Zero bug tracker. The fix is to install microcode updates, which are not yet available.


Yubikey/Smartcard Backed TLS/HTTPS Servers SoylentNews

Ben Cartwright-Cox has written a blog post about building Yubikey/Smartcard backed TLS/HTTPS servers. Cryptographic hardware tokens such as the Yubikey can hold and verify keys but are set up not to be able to give the key itself back to the system. Although the hardware token's contents can be overwritten, the original key cannot be extracted even if the system it is on gets cracked. Thus moving the keys to the hardware token would make them more or less unstealable. Ben walks through the steps necessary to retrofit a Yubikey to provide for situations roles where keys would normally be in memory such as for an HTTPS server.

A Yubikey is a USB stick that acts like a two factor token, but can also act as a smart card.

Smart cards are neat, since they allow you to store sensitive cryptographic keys on another removable device, and they come with a guarantee that once they are programmed with a key they will not give it back to a system (they can be overwritten though)

This allows someone to separate a cryptographic key from the system it lives on. This is useful for things like SSH, since it means you can have a key that moves on your person, rather than a per machine key in the case that you use multiple machines to access systems.

Original Submission

Read more of this story at SoylentNews.


Now available online: DesignCon 2018 Keysight Education Forum (KEF) Sessions IEEE Spectrum Recent Content full text

Watch all 8 KEF sessions from the convenience of your desk

Watch all 8 KEF sessions from the convenience of your desk. Get complimentary access to the materials that made KEF a huge success.  See what the industry's leading experts presented and learn about the latest challenges and solutions in high-speed digital technology.


Twitter bots may have affected voters on Brexit, U.S. presidential race: study The Hill: Technology Policy

Twitter bots may have swayed some voters in the Brexit vote and the 2016 U.S. presidential election, according to a new study. Automated Twitter accounts may have slightly swayed the results of the elections for president and over whether...


Physical exercise doesnt slow down dementia once it appears, study shows Lifeboat News: The Blog

Physical exercise is a key piece of the brain health puzzle, but certainly not a magic pill.

___ Exercise doesnt slow progression of dementia (NHS Choices): A trial in which people with dementia took part in a moderately intense exercise programme for 4 months found their mental decline did not slow and may even have worsened faster than in people who did not take part in the programmeWhile the exercise.


Fiber-reinforced hydrogel is 5 times stronger than steel Terra Forming Terra

 Rather nice and a likely artificial ligament.  Not an obvious solution either.  This looks to be a great manufacturing solution as well as we are completely familiar with glass fiber.

Yet many materials can also be manipulated so this may well be not that unique but may still be cheap en0ugh to get market share.

All good.

Fiber-reinforced hydrogel is 5 times stronger than steel

February 26th, 2017

The newly developed fiber-reinforced hydrogel consists of polyampholyte gels and glass fiber fabric(Credit: Hokkaido University) VIEW GALLERY - 2 IMAGES

Hydrogels have shown significant potential in everything from wound dressings...


[$] Network filesystem topics

At the 2018 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM), Steve French led a discussion of various problem areas for network filesystems. Unlike previous sessions (in 2016 and 2017), there was some good news to report because the long-awaited statx() system call was released in Linux 4.11. But there is still plenty of work to be done to better support network filesystems in Linux.


FDA Approves Drug to Prevent Migraines SoylentNews

F.D.A. Approves First Drug Designed to Prevent Migraines

The first medicine designed to prevent migraines was approved by the Food and Drug Administration on Thursday, ushering in what many experts believe will be a new era in treatment for people who suffer the most severe form of these headaches. The drug, Aimovig, made by Amgen and Novartis, is a monthly injection with a device similar to an insulin pen. The list price will be $6,900 a year, and Amgen said the drug will be available to patients within a week.

Aimovig blocks a protein fragment, CGRP, that instigates and perpetuates migraines. Three other companies Lilly, Teva and Alder have similar medicines in the final stages of study or awaiting F.D.A. approval. "The drugs will have a huge impact," said Dr. Amaal Starling, a neurologist and migraine specialist at the Mayo Clinic in Phoenix. "This is really an amazing time for my patient population and for general neurologists treating patients with migraine."

Millions of people experience severe migraines so often that they are disabled and in despair. These drugs do not prevent all migraine attacks, but can make them less severe and can reduce their frequency by 50 percent or more. As a recent editorial in the journal JAMA [DOI: 10.1001/jama.2018.4852] [DX] put it, they are "progress, but not a panacea."

Sticker shock? The price is 30% less than Wall Street expected. Meanwhile, people are self-administering psychedelics such as LSD or psilocybin to treat migraines and cluster headaches.

See also: FDA just approved the first drug to prevent migraines. Here's the story of its discoveryand its limitations

Original Submission

Read more of this story at SoylentNews.



Alexa And Particle Modernize Coffee Machine By One Iota Hackaday

When [Steve Parker]s girlfriend got a tea kettle that takes voice commands, he suddenly saw his fancy bean-to-cup coffee machine as a technological dinosaur. It may make good coffee, but getting the DeLonghi going is inconvenient, because it runs a self-cleaning cycle each time its turned on or off.

Thus began [Steve]s adventure in trying to turn the thing on with Alexa via Particle Photon. Because of the way the machine is designed, simply adding a relay wouldnt dothe machine would just turn off and back on, only to start the self-clean again. Once inside, he found its controlled by a PIC18LF2520. Further research indicated that it is powered by an off-line switcher that combines a power MOSFET with a power supply controller. [Steve] figured out that the buttons are read via square wave and interpreted by a multiplexer.

The project went into the weeds a bit when [Steve] tried to read the signals with a knock-off Saleae. As soon as he plugged it in, the control board fried because the DeLonghi evidently has no reference to Earth ground. While waiting for a replacement board to arrive, he tried replacing the mux and shift register chips, which actually fixed the board. Then it was more or less a matter of using the DeLonghis status LEDs to determine the machines state, and then to interface with the Photon and Alexa. Cycle past the break for a ristretto-sized demonstration.

[Steve] didnt do all this to actually make coffee, just turn the machine on with a voice command. The Photon is totally capable of making coffee, though, as we saw with this closed-loop espresso machine.


All Systems Go! 2018 Conference Announced For The End Of September Phoronix

Lennart Poettering has announced the call for presentations of this year's All Systems Go! conference, what was born out of the earlier systemd.conf conference...


FCC will take public comments on Sinclair-Tribune merger The Hill: Technology Policy

The Federal Communications Commission (FCC) will take new comments from the public on Sinclair Broadcast Groups $3.9 billion bid for Tribune Media.The agency is reopening its review of the merger for public comments after the two companies proposed...


Multilingual malware hits Android devices for phishing & cryptomining HackRead

By Waqas

Roaming Mantis malware also targets iOS devices for phishing attacks.

This is a post from Read the original post: Multilingual malware hits Android devices for phishing & cryptomining


Roaming Mantis gang evolves and broadens its operations Security Affairs

Roaming Mantis malware initially targeting Android devices, now has broadened both its geographic range and its targets.

Security experts from Kaspersky Lab discovered that the operators behind the Roaming Mantis campaign continue to improve their malware broadening their targets, their geographic range and their functional scope.

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Investigation by Kaspersky Lab indicates that the attack was targeting users in Asia with fake websites customized for English, Korean, Simplified Chinese and Japanese. Most impacted users were in Bangladesh, Japan, and South Korea.

Our research revealed that the malware (sic) contains Android application IDs for popular mobile banking and game applications in South Korea. The malware is most prevalent in South Korea, and Korean is the first language targeted in HTML and test.dex. Based on our findings, it appears the malicious app was originally distributed to South Korean targets. Support was then added for Traditional Chinese, English, and Japanese, broadening its target base in the Asian region.

The dreaded DNS hijacking malware was originally designed to steal users login credentials and the secret code for two-factor authentication from Android devices, it has evolved and recently was spotted targeting iOS devices as well as desktop users.

In April 2018, Kaspersky Lab published a blog post titled Roaming Mantis uses DNS hijacking to infect Android smartphones. Roaming Mantis uses Android malware which is designed to spread via DNS hijacking and targets Android devices. reads the analysis published by Kaspersky.

In May, while monitoring Roaming Mantis, aka MoqHao and XLoader, we observed significant changes in their M.O. The groups activity expanded geographically and they broadened their attack/evasion methods. Their landing pages and malicious apk files now support 27 languages covering Europe and the Middle East. In addition, the criminals added a phishing option for iOS devices, and crypto-mining capabilities for the PC.

Operators behind the Roaming Mantis malware recently added the support for 27 languages to broaden their operations.

The versions of the Roaming Mantis malware continue to be spread via DNS hijacking, attackers used rogue websites to serve fake apps infected with banking malware t...


Facebook App For Android Is Asking For Superuser Permission TechWorm

Facebooks Android App users freak out as the app is asking for superuser privileges

Users of the official Facebook Android app are being asked something unusual from May 17th. The app is asking for Superuser permissions to the users phones. In other words, the official Facebook Android app is asking the users to grant the app full access to their devices forever. This pop-up request has created a lot of unrest among the users.

Apparently, for the past couple of days, Facebooks Android app (com.facebook.katana) has been asking for superuser access to users devices. However, if a user tries to deny this request, it still continues asking until the user grants permission. This has led to panic among users who took to various internet forums looking for an explanation for the suspicious pop-ups.

Today I was browsing Facebook when suddenly I got a superuser request popup, one user wrote on XDA developer forums. Could anyone explain why Facebook needs SU permissions?

Another user commented, Same happened to me too. Started yesterday afternoon. Facebook last updated 1 day ago, so it must have to do something with new version.

Also, users from France, Australia, and the UK confirmed in the same thread that they too received the same pop-up from Facebook to grant root access.

Several Android security researchers who spoke with Bleeping Computer believe that the pop-ups are appearing because of a coding error.

Avast mobile security researcher Nikolaos Chrysaidos who took a look at the Facebooks app source code told Bleeping Computer that it could most probably be a coding error. WhiteOps SDK, used for detecting ad fraud, is said to be the reason behind this Superuser permission.

He said, The dialog started popping up on users that are in the beta channel. Along with other various checks. Facebook is probably integrating WhiteOps SDK, and they forgot to re-implement the ROOT checking functionality.

When Facebook was...


HBO Is Shooting Multiple Endings For The Games of Thrones Finale Season 8 TechWorm

Game of Thrones is shooting multiple endings, actor Emilia Clarke says

Game of Thrones, one of the most popular TV show is no stranger to illegal downloads and streams on the Internet. Not only this, the TV show has also been a victim of an array of hacks and early leaks of episodes.

As a result, HBO, the popular entertainment channel that airs Games of Thrones, has worked out a strategy and decided to shoot multiple endings for the Grand Finale Season 8 of the show, mentions a report via UberGizmo. This way they hope to not only confuse hackers and prevent spoilers from leaking online (again) but also keep Game of Thrones fans guessing about what will happen next.

This was disclosed by Emilia Clarke, best known as Daenerys Targaryen on the show, who told The Hollywood Reporter, that even the cast of the show is unaware what the creators have planned. I dont know that I even do now. Im being serious. I think theyre filming a bunch of stuff and theyre not telling us. Im being serious. Im being deadly serious. I think that they dont even trust us, Clarke said.

She also added that multiple endings are being filmed so that even the cast doesnt know which one is the real ending.Theres lots of different endings that could happen; I think were doing all of them and we arent being told which is actually whats going to happen.

HBO has plans to make the Game of Thrones Season 8 finale the most remembered season of the show. And it would not be wrong on their part to adopt such a strategy considering the many plot twists and surprises that the show has, but also the fact that the entire scripts of Game of Thrones have been leaked online many times before.

The eighth and final season of Game of Thrones, will be filmed across many different countries like Northern Ireland, Spain, Croatia, and Iceland. The series will conclude with its eighth season premiering in 2019.

The post HBO Is Shooting Multiple Endings For The Games of Thrones Finale Season 8 appeared first on TechWorm.


Users of Child Surveillance App TeenSafe Suffer Data Breach SoylentNews

ZDNet reports

A server stored teenagers' Apple ID email addresses and plaintext passwords [...] At least one server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of accounts of both parents and children.

[...] the Los Angeles, Calif.-based company left its servers, hosted on Amazon's cloud, unprotected and accessible by anyone without a password.

[...] The database stores the parent's email address associated with TeenSafe, as well as their corresponding child's Apple ID email address. It also includes the child's device name -- which is often just their name -- and their device's unique identifier. The data contains the plaintext passwords for the child's Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child's account to access their personal content data.

"Technology has brought with it a world your child might not be ready for," the company tells us in a video. "Begin a free trial today!"

TeenSafe home page (archives and more archives)

Original Submission

Read more of this story at SoylentNews.


Links 21/5/2018: Linux 4.17 RC6, GIMP 2.10.2 Techrights

GNOME bluefish



  • GNU/Linux vs. Unix: Whats the difference?

    If you are a software developer in your 20s or 30s, youve grown up in a world dominated by Linux. It has been a significant player in the data center for decades, and while its hard to find definitive operating system market share reports, Linuxs share of data center operating systems could be as high as 70%, with Windows variants carrying nearly all the remaining percentage. Developers using any major public cloud can expect the target system will run Linux. Evidence that Linux is everywhere has grown in recent years when you add in Android and Linux-based embedded systems in smartphones, TVs, automobiles, and many other devices.

    Even so, most software developers, even those who have grown up during this venerable Linux revolution have at least heard of Unix. It sounds similar to Linux, and youve probably heard people use these terms interchangeably. Or maybe youve heard Linux called a Unix-like operating system.

    So, what is this Unix? The caricatures speak of wizard-like graybeards sitting behind glowing green screens, writing C code and shell scripts, powered by old-fashioned, drip-brewed coffee. But Unix has a much richer history beyond those bearded C programmers from the 1970s. While articles detailing the history of Unix and Unix vs. Linux comparisons abound, this article will offer a high-level background and a list of major differences between these complementary worlds.

  • Kernel Space


Kodi-Addon Developer Gives Up Piracy Defense Due to Lack of Funds TorrentFreak

Last year, American satellite and broadcast provider Dish Network targeted two well-known players in the third-party Kodi add-on ecosystem.

In a complaint filed in a federal court in Texas, add-on ZemTV and the TVAddons library were accused of copyright infringement, with both facing up to $150,000 for each offense.

While TVAddons operator Adam Lackman responded to the allegations last week, ZemTVs developer Shani decided not to reply.

Shahjahan Durrani, Shani for short, never denied that he was the driving force behind the Kodi-addons ZemTV, LiveStreamsPro, and F4MProxy. While the London-based developer had never set foot in Texas, he initially planned to put up a defense. Financially, however, this was a problem.

ZemTVs developer launched a fundraiser last fall to crowdsource the legal battle. While he was able to raise close to 1,000, the legal costs already exceeded that the case even got fully underway.

Without the ability to pay the legal costs Shani is unable to put up a proper defense. But speaking with TorrentFreak, he explains that after the motion to dismiss was denied, he didnt have much hope for a fair trial anyway.

I was shocked and disappointed, not only by reading that the court dismissed my jurisdiction appeal, they did so with just one sentence. It seems unfair and doesnt give any confidence to me that the court/judge would be fair, Shani tells us.

This left the developer with two options. Find a way to fund the legal battle, money which may never be recovered, or give up the fight and face a default judgment. Shani chose the latter option.

Shani told his attorney Erin Russel to cease all activity on the case and to take no further steps on his behalf.

I dont have enough resources to fight this case completely with four kids that I am raising and anything more I do will be seem to be submitting to the US Courts which I am not going to do unless I have enough money to fight the case, the developer wrote in an email to Russel.

The attorney informed the court of this decision late last week and withdrew from the case.

This means that the lawsuit is steering towards a default judgment, and indeed, Dish has already moved for an entry of default.

To date, Durrani has not filed an answer or other responsive pleading or r...


How to create FreeNAS Jails with iocage nixCraft

How do I install and use a FreeBSD jail manage called iocage on FreeNAS server from the command line? How do I create FreeNAS jail with iocage command?

The post How to create FreeNAS Jails with iocage appeared first on nixCraft.


Parrot 4.0 is out

Parrot 4.0 has been released. Parrot is a security-oriented distribution aimed at penetration tests and digital forensics analysis, with additional tools to preserve privacy. "On Parrot 4.0 we decided to provide netinstall images too as we would like people to use Parrot not only as a pentest distribution, but also as a framework to build their very own working environment with ease." Docker templates are also available.


Fortnite is coming to Android, but malicious fake apps are already there Help Net Security

Android users eager to play the increasingly popular Fortnite survival game on their mobile devices are being targeted left and right with malicious apps masquerading as the game or apps related to it. What is Fortnite? Fortnite is a co-op sandbox survival game published by Epic Games. It was released for Microsoft Windows, macOS, PlayStation 4, and Xbox One in July 2017 and, more recently, for iOS. Its popularity is steadily rising and Epic has More

The post Fortnite is coming to Android, but malicious fake apps are already there appeared first on Help Net Security.


The Why Factor Lifeboat News: The Blog

Im excited to announce my interview on the BBC World Service is airing around the world today multiple times to millions of people. My 4-min section on #transhumanism starts at 10:50.

Why do people chase immortality? We those who believe science is close to beating death.


Theresa May: Use AI to Reduce Deaths From Cancer SoylentNews

UK Prime Minister Theresa May is urging the use of artificial intelligence to help diagnose cancer:

The diagnosis of cancer and other diseases in the UK can be transformed by using artificial intelligence, Theresa May is to say. The NHS and technology companies should use AI as a "new weapon" in research, the PM will urge in a speech later.

Experts say it can be used to help prevent 22,000 cancer deaths a year by 2033 while aiding the fight against heart disease, diabetes and dementia.

High-skilled science jobs will also be created, Mrs May is to pledge. Speaking in Macclesfield, Mrs May will say: "Late diagnosis of otherwise treatable illnesses is one of the biggest causes of avoidable deaths. "And the development of smart technologies to analyse great quantities of data quickly and with a higher degree of accuracy than is possible by human beings opens up a whole new field of medical research."

Also at The Financial Times and The Guardian.

Original Submission

Read more of this story at SoylentNews.


Investigating the Tiny Salvaged UPS from a Lightbulb Hackaday

Recently I had the opportunity to do a teardown of a battery-backed LED bulb, and found some interesting details on how the device operated. Essentially, the bulb contained a low voltage DC uninterruptible power supply that would automatically switch between AC power and internal battery as needed. The implications of this seemed pretty exciting. For around $12 at big box retailers, this little bulb could be a cheap and convenient solution for providing fault tolerant power to microcontrollers and other low-power devices.

The teardown was a runaway success, with quite a bit of discussion of the UPS idea specifically. Some people hated it, others loved it. But as weve come to expect from Hackaday readers, the comments from both sides of the aisle contained keen observations and invaluable real-world experience. From the safety of the device to the accuracy of the manufacturers claims, it seems like every element of the product was addressed.

I had ended the teardown with a promise that Id continue experimenting with the tiny salvaged UPS, but even if I hadnt, with so much feedback it seemed revisiting the subject was all but a necessity. It this little UPS really viable? Is it too dangerous to safely implement in...


[CVE-2018-8012] Apache ZooKeeper Quorum Peer mutual authentication Open Source Security

Posted by Patrick Hunt on May 21

CVE-2018-8012: Apache ZooKeeper Quorum Peer mutual authentication

Severity: Critical

The Apache Software Foundation

Versions Affected:
ZooKeeper prior to 3.4.10
ZooKeeper 3.5.0-alpha through 3.5.3-beta
The unsupported ZooKeeper 1.x through 3.3.x versions may be also affected

No authentication/authorization is enforced when a server attempts to join
a quorum. As a result an arbitrary end point could join the cluster and...


Japan: Directorate for Signals Intelligence

Via: The Intercept: The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly classified that the Japanese government has disclosed little about its work even the location of its headquarters. Most Japanese officials, except for a select few of the []


DragonFlyBSD 5.3 Works Towards Performance Improvements Phoronix

Given that DragonFlyBSD recently landed some SMP performance improvements and other performance optimizations in its kernel for 5.3-DEVELOPMENT but as well finished tidying up its Spectre mitigation, this weekend I spent some time running some benchmarks on DragonFlyBSD 5.2 and 5.3-DEVELOPMENT to see how the performance has shifted for an Intel Xeon system.


Progressive groups launch petition for government to break up Facebook The Hill: Technology Policy

Left-leaning groups on Monday launched a campaign advocating for the government to break up Facebook. The groups, which include the Content Creators Coalition, Demand Progress and the Open Markets Institute, are urging the Federal Trade Commission&...


Microsoft Makes Inroads With U.S. Spy Agencies SoylentNews

Microsoft has secured a potentially lucrative agreement that makes the full suite of the tech giant's cloud-computing platform available to 17 U.S. intelligence agencies, executives said recently, moving agencies' computer systems onto Office 365 applications and adding certain cloud-based applications not previously available to them.

The agreement could strengthen Microsoft's prospects for winning government business at a time when it is locked in competition with some of the world's biggest tech companies for a Pentagon cloud-computing contract that is expected to be worth billions.

For years, Amazon Web Services, a subsidiary of that provides cloud computing for businesses and government agencies, has been the primary provider of cloud services to U.S. intelligence agencies, thanks to a $600 million contract with the CIA. (Amazon founder Jeffrey Bezos also owns The Washington Post.)

That remains the case after the recent agreement. Still, executives from Microsoft framed the contract agreement as an "awakening."

"This is a huge win from a Microsoft perspective," said Dana Barnes, vice president of the company's joint and defense agencies business unit. "It's kind of an awakening as far as the intelligence community is concerned that you can't be a one-cloud community."

Original Submission

Read more of this story at SoylentNews.


Friday Free Software Directory IRC meetup time: May 25th starting at 12:00 p.m. EDT/16:00 UTC FSF blogs

Help improve the Free Software Directory by adding new entries and updating existing ones. Every Friday we meet on IRC in the #fsf channel on

When a user comes to the Directory, they know that everything in it is free software, has only free dependencies, and runs on a free OS. With over 16,000 entries, it is a massive repository of information about free software.

While the Directory has been and continues to be a great resource to the world for many years now, it has the potential to be a resource of even greater value. But it needs your help! And since it's a MediaWiki instance, it's easy for anyone to edit and contribute to the Directory.

40 years ago, American management consultant Marilyn Loden first coined the term "glass ceiling" to describe invisible career barriers for women at a panel discussion. Despite the passing of two generations, Loden notes that the matter is still very alive, which readily displays how insidious a problem we have. To honor Loden's contribution, this week's theme for the Directory meetup is business software.

If you are eager to help, and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today! There are also weekly Directory Meeting pages that everyone is welcome to contribute to before, during, and after each meeting. To see the meeting start time in your time zone, run this in GNU bash: date --date='TZ="America/New_York" 12:00 this Fri'


How NASA Will Unlock the Secrets of Quantum Mechanics Aboard the ISS Lifeboat News: The Blog

An Antares rocket launched from Virginia before sunrise this morning and is on its way to the International Space Station. Its 7,400 pounds of cargo include an experiment that will chill atoms to just about absolute zerocolder than the vacuum of space itself.

The Cold Atom Laboratory (CAL) is set to create Bose-Einstein condensates on board the ISS. But whats a Bose-Einstein condensate? And why make it in space?

Essentially, its going to allow us to do different kinds of things than wed be able to do on Earth, Gretchen Campbell, co-director of the University of Marylands Joint Quantum Institute, told Gizmodo.


Microsoft buys Semantic Machines to make AI sound more human Lifeboat News: The Blog

Microsoft has purchased startup company Semantic Machines in an effort to make artificial intelligence bots sound more human. The Berkeley, California-based business focuses on contextual understanding of conversation.

Previously, the firm has worked with Apple on speech recognition technology for Siri. Semanitc Machines is lead by professor Dan Klein of UC Berkeley and professor Percy Liang of Standford University in addition to Apples former chief speech scientist Larry Gillick.

Microsoft has been working on speech recognition and natural language processing for nearly two decades now. As Cortana has gained a more prominent role in recent years, Redmond is aiming to improve the accuracy and fluency of its assistant.


Looking Ahead To The Linux 4.18 Kernel Phoronix

There still are several weeks to go until the Linux 4.17 kernel will be officially released and for that to initiate the Linux 4.18 merge window, but we already know some of the features coming to this next kernel cycle as well as an idea for some other work that may potentially land...


Chrome to dynamically point out Not secure HTTP sites Help Net Security

Google expects HTTPS to become the default, and is preparing users for it by slowly moving Chrome towards showing only negative security indicators. Googles own numbers showed back in February that 68% of Chrome traffic on both Android and Windows was encrypted, as was 78% of Chrome traffic on both Chrome OS and Mac. By now, these numbers are surely even higher. Users should expect that the web is safe by default, and theyll be More

The post Chrome to dynamically point out Not secure HTTP sites appeared first on Help Net Security.


Wireless Headphone Hack Dangles Batteries Like Earrings Hackaday

Koss Porta Pro headphones are something of a rarity in the world of audio gear: theyre widely regarded as sounding great, but dont cost an exorbitant amount of money. Since the line was introduced in 1984, theyve been the go-to headphones for those who dont subscribe to the idea that you should have to take out a loan from the bank just to enjoy your music.

The Porta Pros are easy to take apart, and removing the old wire was no problem. He then cut the buds on the Bluetooth earbuds he had, with the intention of just striping the wires and soldering it up to the pads on the Porta speakers. But things didnt quite go as expected.

What [Jake] hadnt realized was that the battery for the Bluetooth earbuds wasnt in the main housing, the power comes from a tiny battery inside each bud. That meant he needed to keep the batteries connected even though the Porta Pro obviously doesnt have a spot to mount them. In the f...


Graphene stimulation could selectively kill off cancer cells Lifeboat News: The Blog

A chance lab discovery is opening up the possibility for wide-scale improvements in drug screening, application of selective painkillers, and selectively nuking cancer cells. The mystery material? Graphene, a semi-metal thats composed of a single layer of carbon atoms. Its already being used to make flexible OLED displays and reduce the energy costs of desalination, but its potential benefits for the medical field look promising too.

It began with a theory scientists at the University of California knew graphene could convert light into electricity, and wondered whether that electricity had the capacity to stimulate human cells. Graphene is extremely sensitive to light (1,000 times more than traditional digital cameras and smartphones) and after experimenting with different light intensities, Alex Savchenko and his team discovered that cells could indeed be stimulated via optical graphene stimulation.

I was looking at the microscopes computer screen and Im turning the knob for light intensity and I see the cells start beating faster, he said. I showed that to our grad students and they were yelling and jumping and asking if they could turn the knob. We had never seen this possibility of controlling cell contraction.


Blood from umbilical cord may help fix your brain after a stroke Lifeboat News: The Blog

Ten people have received infusions of umbilical cord blood days after having a stroke, and they seem to have recovered better than would normally be expected.


Mnuchin urges antitrust review of big tech amid Google scrutiny The Hill: Technology Policy

Treasury Secretary Steven Mnuchin on Monday encouraged the Department of Justice to review major technology companies like Google over concerns related to the potential harm they pose to market competition. These issues deserve to be reviewed...


A German Team Is Now Trying to Make the Impossible EmDrive Engine Lifeboat News: The Blog

German physicists launched the SpaceDrive project to explore possible sources of error in EmDrive experiments. Their first experiment identified a possible source of false positives in past successful EmDrive tests.


Distribution Release: Bodhi Linux 5.0.0 Alpha1 News

Jeff Hoogland has announced an early development snapshot of Bodhi Linux 5.0.0. The new alpha release is based on Ubuntu 18.04 LTS and runs the Moksha desktop environment, which is a fork of Enlightenment. "Some highlights about these 5.0.0 ISO images: Ubuntu 18.04 base; Moksha 0.3.0 testing release;....


DNS-Hijacking Malware Targeting iOS, Android and Desktop Users Worldwide The Hacker News

Widespread routers' DNS hijacking malware that recently found targeting Android devices has now been upgraded its capabilities to target iOS devices as well as desktop users. Dubbed Roaming Mantis, the malware was initially found hijacking Internet routers last month to distribute Android banking malware designed to steal users' login credentials and the secret code for two-factor


USB Audio Class 3.0 Improvements Coming To Linux 4.18 Phoronix

With the recently minted Linux 4.17 kernel there was initial USB Audio Class 3.0 support for this audio-over-USB specification while with Linux 4.18 that UA3 support will be further enhanced...


Top 5 Champions for Beginners in League of Legends TechWorm

Do you want to play League of Legends and do not know which Champion is right for you? You have bought a lol account las but do not understand which character you need to deal with? Find out who are the best Champions to learn how to play LoL and find the character that will make you love this game.


Vastayas Monkey King is one of the most interesting Champions youll discover in League of Legends. Do not be fooled by its rugged appearance: Wukong is a ferocious warrior with unexpected talents. Wukong was mentored by Master Champion Yi and uses Wuju fighting art in his bouts. Its passive is Stone Skin, a skill that increases the Armor and Magic Resistance of this warrior. One of his best skills is the Decoy, which makes Wukong invisible for a short time. This ability can help you to escape from enemies or to initiate a surprise attack (especially if combined with the ability of Cloud Flare, a Physical Damage attack of up to 2 nearby enemies).


This is not a girl like the others. Annie is also known as the Dark Child and she has several skills that make her a very difficult enemy to face in battle. Annie is a frightening sorceress, able to make difficult the opponents game with Pyromania (her passive of stunning) or to destroy with fire all the enemies in the area. Magic Damage is with this girl, but its her stunning ability that makes her really popular. And how to forget her lethal skill called Summon: Tibbers? Tibbers is her teddy bear and Annie manages to bring her great friend to life. With this ability, Tibbers attacks and burns everyone who is close to her.


A man of honor and loyalty, Garen, is the right Champion for anyone who has always enjoyed playing as a warrior or soldier. A great choice for tank, Garen has life regeneration as a passive and his Armor and Magical Resistance increase passively with slaughter of his opponents. Judgment is a sinister ability, which causes the warrior to dance mortally with his sword, dealing damage and reducing the armor of enemies. His best skill is Demacian Justice, who can turn the game against the opposing Champion who has made more recent killings. With the power, Garen deals damage based on Life that his target has already lost.


Morgana is master of the black arts and will do anything to stop the advance of enemies. He is a specialist in causing Magical Damage, either by cursing an area with his Dreaded Solo ability or by firing black magic spheres that inflict damage and immobilize an enemy (Dark Link ability). Your Black Shield skill is useful for protecting your team members by placing a barrier that absorbs Magic Damage and prevents disarray. Morgana has Magic Vampirism and her passive reflects that the Champion heals when she deals damage with her abilities. The Fallen Angel shows his sensational ability to d...


Security updates for Monday

Security updates have been issued by Arch Linux (lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), CentOS (firefox), Debian (imagemagick), Fedora (exiv2, LibRaw, and love), Gentoo (chromium), Mageia (kernel, librelp, and miniupnpc), openSUSE (curl, enigmail, ghostscript, libvorbis, lilypond, and thunderbird), Red Hat (Red Hat OpenStack Platform director), and Ubuntu (firefox).


Study: Bitcoin Network Uses at Least 2.55 GW of Electricity SoylentNews

According to a press release carried by Eurekalert

In the first rigorously peer-reviewed article quantifying Bitcoin's energy requirements, a Commentary appearing May 16 in the journal Joule, financial economist and blockchain specialist Alex de Vries uses a new methodology to pinpoint where Bitcoin's electric energy consumption is headed and how soon it might get there.

The abstract of the article says

The Bitcoin network can be estimated to consume at least 2.55 gigawatts of electricity currently, and potentially 7.67 gigawatts in the future, making it comparable with countries such as Ireland (3.1 gigawatts) and Austria (8.2 gigawatts). [...]

The author offers a caveat:

[...] all of the methods discussed assume rational agents. There may be various reasons for an agent to mine even when this isn't profitable, and in some cases costs may not play a role at all when machines and/or electricity are stolen or abused.

[Other] reasons for an agent to mine Bitcoin at a loss might include [...] being able to obtain Bitcoin completely anonymously, libertarian ideology [...] or speculative reasons.

Original Submission

Read more of this story at SoylentNews.


Google awarded a young expert a total of $36,337 for an RCE in the Google App Engine Security Affairs

Google awarded the 18-year-old student Ezequiel Pereira a total of $36,337 for the discovery of a critical remote code execution vulnerability that affected the Google App Engine.

The Google App Engine is a framework that allows Google users to develop and host web applications on a fully managed serverless platform.

In February, Pereira gained access to a non-production Google App Engine development environment, then he discovered that it was possible to use some of Googles internal APIs.

Pereira ethically reported the issue through the Googles Vulnerability Reward Program (VRP). The experts at Google ranked the flaw as a P1 priority, a level that is assigned to vulnerabilities that could have a significant impact on a large number of users and that for this reason must be addressed as soon as possible.

Meantime Pereira continued his test and submitted a second report to Google after discovering further issues, then Google invited Pereira to stop his activities due to the risk to easily break something using these internal APIs.

Google security team discovered that the flaw reported by the youngster could led to remote code execution.

Google App Engine

Pereira published a detailed analysis of its finding after Google has fixed them and awarded him.

In early 2018 I got access to a non-production Google App Engine deployment environment, where I could use internal APIs and it was considered as Remote Code Execution due to the way Google works. Thanks to this I got a reward of $36,337 as part of Google Vulnerability Rewards Program. reads the blog post published by the researcher.

Some time ago, I noticed every Google App Engine (GAE) application replied to every HTTP request with a X-Cloud-Trace-Context header, so I assumed any website returning that header is probably running on GAE.
Thanks to that, I learned itself runs on GAE, but it can perform some actions that cannot be done anywhere else and common user applications cannot perform, so I tr...


Linux Foundation LFCE: Hugues Cloutre

Linux Foundation LFCE: Hugues Cloutre


Newly discovered copper and graphite combo could lead to more efficient lithium-ion batteries Lifeboat News: The Blog

A first-of-its-kind copper and graphite combination discovered in basic energy research at the U.S. Department of Energys Ames Laboratory could have implications for improving the energy efficiency of lithium-ion batteries, which include these components.

Were pretty excited by this, because we didnt expect it, said Pat Thiel, an Ames Laboratory scientist and Distinguished Professor of Chemistry and Materials Science and Engineering at Iowa State University. Copper doesnt seem to interact strongly or favorably with graphitic materials at all, so this was a big surprise. It really challenges us to understand the reasons and mechanisms involved.

The scientists bombarded graphite in an ultra-high vacuum environment with ions to create surface defects. Copper was then deposited on the ion-bombarded graphite while holding it at elevated temperature, at 600800 K. The synthetic route created multilayer copper islands that are completely covered by graphene layer(s).


Advanced biofuels can be produced extremely efficiently Lifeboat News: The Blog

A chance to switch to renewable sources for heating, electricity and fuel, while also providing new opportunities for several industries to produce large numbers of renewable products. This is the verdict of researchers from Chalmers University of Technology, Sweden, who now, after 10 years of energy research into gasification of biomass, see an array of new technological achievements.

How to implement a switch from fossil-fuels to renewables is a tricky issue for many industries. For heavy industries, such as oil refineries, or the paper and pulp industry, it is especially urgent to start moving, because investment cycles are so long. At the same time, it is important to get the investment right because you may be forced to replace boilers or facilities in advance, which means major financial costs. Thanks to long-term strategic efforts, researchers at Swedens Chalmers University of Technology have now paved the way for radical changes, which could be applied to new installations, as well as be implemented at thousands of existing plants around the globe.


See me speak at the Sunny Side Up Security breakfast event in London next month Graham Cluley

If youre going to be in London in June, attending Infosec 2018, you may want to register for the Sunny Side Up Security breakfast at the Hilton Olympia (just next door to the Olympia Center where Infosec is being held).


Loss of marine habitats is threatening the global fishing industry new research Lifeboat News: The Blog

Seafood consumption is both a love and a necessity for hundreds of millions of people worldwide. And its supply is a key part of maintaining food security for the whole planet. But during a time of rapid population growth and increasing demand, stocks of wild fish and invertebrates (such as mussels and prawns) are declining.

The problem is that policies and plans designed to make sure there are enough fish and invertebrates almost exclusively target fishing activity. But we also need to protect the critical habitats that are essential for the sustainability of these stocks and fisheries.

Most species that are fished require more than a single to live and thrive. Atlantic cod (Gadus morhua), for example, spends its adult life shoaling in deep water where it lives, feeds and spawns. But juveniles require more stable habitat such as . So, if we want to manage fish and invertebrate stocks for sustainability reasons, it is essential to protect the supporting habitats of targeted species.


Explaining Efail and Why It Isnt the End of Email Privacy Hackaday

Last week the PGPocalipse was all over the news Except that, well, it wasnt an apocalypse.

A team of researchers published a paper(PDF) where they describe how to decrypt a PGP encrypted email via a targeted attack. The research itself is pretty well documented and, from a security researcher perspective, its a good paper to read, especially the cryptography parts.

But we here at Hackaday were skeptical about media claims that Efail had broken PGP. Some media reports went as far as recommending everyone turn off PGP encryption on all email clients., but they werent able to back this recommendation up with firm reasoning. In fact, Efail isnt an immediate threat for the vast majority of people simply because an attacker must already have access to an encrypted email to use the exploit. Advising everyone to disable encryption all together just makes no sense.

Aside from the massive false alarm, Efail is a very interesting exploit to wrap your head around. Join me after the break as I walk through how it works, and what you can do to avoid it.

Efail Does Not  Directly Exploit PGP

In a nutshe...

Monday, 21 May


Arizona Planning for Exodus of Californians to State in Event of Major Quake

Via: NBC: Government agencies, businesses and other organizations in Arizona plan to participate in an exercise to practice how the state would respond to a migration of 400,000 people following a catastrophic earthquake in Southern California. The Arizona Department of Emergency and Military Affairs says participants in the National Mass Care Exercise in the coming []


Zuckerberg's appearance before EU Parliament will be livestreamed The Hill: Technology Policy

Mark Zuckerbergs meeting with the European Union Parliament will now be livestreamed after some legislators criticized initial plans for the hearing to be held behind closed doors.I have personally discussed with Facebook CEO Mr Zuckerberg...


Qualys Security Advisory - Procps-ng Audit Report Bugtraq

Posted by Qualys Security Advisory on May 21

Qualys Security Advisory

Procps-ng Audit Report


1. FUSE-backed /proc/PID/cmdline
2. Unprivileged process hiding
3. Local Privilege Escalation in top (Low Impact)
4. Denial of Service in ps
5. Local Privilege Escalation in libprocps (High Impact)
5.1. Vulnerability


What does rm -rf command do on a Linux or Unix nixCraft

I am a new Linux sysadmin. What is the purpose of rm -rf command on a Linux? What does rm -rf command do on a Unix-like operating system?

The post What does rm -rf command do on a Linux or Unix appeared first on nixCraft.


Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Open Source Security

Posted by Tomas Hoger on May 21

Thank you for your detailed reply. It addresses my questions.

FWIW, in this case, the change of the ping command handling is what I'd
view as the security fix. The change of the default security policy
would not be sufficient in deployments where custom security policy is
used and that policy is less restrictive than the new default policy
(even though it's maybe more restrictive than the old default).


Copyright May Extend to 144 Years SoylentNews

Almost exactly 20 years ago, Congress passed the Sonny Bono Copyright Term Extension Act, which extended the term of existing copyrights by 20 years. The Act was the 11th extension in the prior 40 years, timed perfectly to assure that certain famous works, including Mickey Mouse, would not pass into the public domain.

[...] Twenty years later, the fight for term extension has begun anew. Buried in an otherwise harmless act, passed by the House and now being considered in the Senate, this new bill purports to create a new digital performance rightbasically the right to control copies of recordings on any digital platform (ever hear of the internet?)for musical recordings made before 1972. These recordings would now have a new right, protected until 2067, which, for some, means a total term of protection of 144 years. The beneficiaries of this monopoly need do nothing to get the benefit of this gift. They dont have to make the work available. Nor do they have to register their claims in advance.

That this statute has nothing to do with the constitutional purpose of promot[ing] Progress is clear from its very title. The Compensating Legacy Artists for their Songs, Service, and Important Contributions to Society Act (or CLASSICS) is as blatant a gift without any public return as is conceivable. And it's not just a gift through cash; it's a gift through a monopoly regulation of speech. Archives with recordings of music from the 1930s or 1940s would now have to clear permission before streaming their musical content even if the underlying work was in the public domain.

Original Submission

Read more of this story at SoylentNews.


New Zealand: Northlanders Living in Cars as Housing Crisis Hits Hard

We had a couple with five children turn up to Playcentre. Theyre living in tents. They fled Wellington with a plan to build some sort of shack on a small piece of land that they bought a couple of valleys over from us. Until that happens: Tents. Both mum and dad had been in the []


Best Security Podcast: Smashing Security up for top award Graham Cluley

Vote thumb

Smashing Security, the weekly cybersecurity podcast I co-host with Carole Theriault, has made the finals of the European Security Blogger Awards. Now all that we need is some people to vote for it.


[SECURITY] CVE-2018-8010: XXE vulnerability due to Apache Solr configset upload Open Source Security

Posted by Uwe Schindler on May 21

CVE-2018-8010: XXE vulnerability due to Apache Solr configset upload

Severity: High

The Apache Software Foundation

Versions Affected:
Solr 6.0.0 to 6.6.3
Solr 7.0.0 to 7.3.0

The details of this vulnerability were reported internally by one of Apache
Solr's committers.
This vulnerability relates to an XML external entity expansion (XXE) in Solr
config files (solrconfig.xml, schema.xml, managed-schema). In addition,...


Kernel prepatch 4.17-rc6

The 4.17-rc6 kernel prepatch is out. "So nothing special to report. Go read the shortlog, pull the changes, build, and test. It should all be good and pretty stable by this point."


Hacked Drupal sites involved in mining campaigns, RATs distributions, scams Security Affairs

Crooks are exploiting known vulnerabilities in the popular Drupal CMS such as Drupalgeddon2 and Drupalgeddon3 to deliver cryptocurrency miners, remote administration tools (RATs) and tech support scams.

Security experts at Malwarebytes reported that compromised Drupal websites are used to deliver cryptocurrency miners, remote administration tools (RATs) and tech support scams.

Crooks are exploiting known vulnerabilities in the popular Drupal CMS such as Drupalgeddon2 and Drupalgeddon3 to deliver cryptocurrency miners, remote administration tools (RATs) and tech support scams.

The two remote code execution security vulnerabilities, tracked as CVE-2018-7600 and CVE-2018-7602 have been already fixed by Drupal developers.

At the end of March, the Drupal Security Team confirmed that a highly critical vulnerability (dubbed Drupalgeddon2), tracked as CVE-2018-7600, was affecting Drupal 7 and 8 core and announced the availability of security updates on March 28th.

The vulnerability was discovered by the Drupal developers Jasper Mattsson.

Both Drupal 8.3.x and 8.4.x are no more supported, but due to the severity of the flaw, the Drupal Security Team decided to address it with specific security updates and experts called it Drupalgeddon2.

The development team released the security update in time to address CVE-2018-7600.

After the publication of a working Proof-Of-Concept for Drupalgeddon2 on GitHub for educational or information purposes, experts started observing bad actors attempting to exploit the flaw.

A week after the release of the security update, the experts at security firm Check Point along with Drupal experts at Dofinity analyzed the CMS to analyzed the Drupalgeddon2 vulnerability and published a technical report on the flaw.

After the publication of the report. the expert Vitalii Rudnykh shared a working  Proof-Of-Concept for Drupalgeddon2 on GitHub for educational or information purposes.

Immediately after the disclosure of the PoC, security experts s...


The ethical and legal dilemmas of threat researchers Help Net Security

Threat intelligence is mainstreaming into a de-facto everyday tool of cyber-defense. But all that intelligence must be collected, analyzed, and prepared by someone. Enter threat researchers, the advanced scouts of cybersecurity. They are becoming more numerous and conspicuous as more intelligence on illicit hacker activity is demanded. Threat researchers trawl through the dark web, pick apart malware, reverse engineer exploits, track outbreaks across the Internet, and set up honeypots to surveil attacker activity. They also More

The post The ethical and legal dilemmas of threat researchers appeared first on Help Net Security.


Are you ready for the GDPR deadline? Help Net Security

The General Data Protection Regulation (GDPR) compliance deadline looms four days away, but only 29 percent of companies will be ready, according to a new global survey by ISACA. Not only are most unprepared for the deadline, but only around half of the companies surveyed (52 percent) expect to be compliant by end-of-year 2018, and 31 percent do not know when they will be fully compliant. Top GDPR challenges According to the research, the top More

The post Are you ready for the GDPR deadline? appeared first on Help Net Security.


Simulating a Medical Device Interaction with a Biological System IEEE Spectrum Recent Content full text

Join this webinar to learn how to model a medical device interacting with physiology

If you are interested in learning how to model a medical device interacting with physiology, then tune into this webinar featuring guest speaker Paul Belk from Abbott Medical.

Modeling physiologic systems uses the same principles applied to other multiphysics applications, but it is often complicated by the challenges in characterizing the properties of the biological tissues and processes involved. These challenges make it even more important to be able to analyze quantitatively through numerical simulation the interactions between the variable biological phenomena and the device.

In this webinar, we will present a model of catheter ablation from a large vessel. We will begin by setting up the coupled physics, including electric currents, laminar flow of blood, and heat transfer by conduction and convection. We will then show how to characterize the properties of the tissues involved and how the COMSOL Multiphysics software can be used to simulate a closed-loop control system to stabilize the energy flow delivered to the surrounding tissues. The simulation results will be used to characterize how intended physiologic results can be affected by uncontrolled physiologic changes and which control systems are most robust.

You can ask questions at the end of the webinar during the Q&A session. 

Localized heating of biological tissue due to catheter ablation

Paul Belk, Abbott Corporation

Paul Belk has a PhD in medical physics and is a principal engineer at Abbott Corporation, where he works on the development of diagnostic and therapeutic medical devices. He has been using simulation of all types for more than 20 years as an integral part of the research and development process. For the past four years, he has been using the COMSOL Multphysics software (whenever he gets a chance) to study the physics of heat transfer and fluid dynamics in tissue.



Dont let attackers worm their way in: Increase password security Help Net Security

Passwords are inherently the weakest form of authentication, yet they remain the most prevalent. Many organizations realize that moving beyond this single point of vulnerability is required but replacing passwords or adding multi-factor authentication (MFA) to all use cases can be daunting if not impossible. As such, it is undoubtedly important to enforce strong password policies to ensure that this first and often times only line of defense can withstand common attacks. In recent years, More

The post Dont let attackers worm their way in: Increase password security appeared first on Help Net Security.


Ditch The Tapes, Put An Android In Your Deck Hackaday

While we here at Hackaday never question why an individual took on a particular project, it surely doesnt stop our beloved readers from grabbing their pitchforks and demanding such answers in the comments. Perhaps no posts generate more of this sort of furore than the ones which feature old audio gear infused with modern hardware. In almost every case the answer is the same: the person liked the look and feel of vintage hardware, but didnt want to be limited to antiquated media.

That sentiment is perhaps perfectly personified by the TapeLess Deck Project, created by [Artur Mynarz]. His creations combine vintage cassette decks with an Android phone small enough to fit behind the tape door. An Android application which mimics the look of a playing tape, complete with hand written track info, completes the illusion.

The output from the phone is tied into the deck where the audio signal from the tape head would have been, so the volume controls and VU meters still work as expected. Watching the meters bounce around while the animated tape plays on the screen really does look incredibly slic...

Ryzen 7 2700 / Ryzen 7 2700X / Core i7 8700K Linux Gaming Performance With RX Vega 64, GTX 1080 Ti Phoronix

With the Linux benchmarks of the Ryzen 7 2700 last week I included a few Linux gaming benchmarks, but for those evaluating CPU options for your next Intel/AMD Linux gaming system upgrade, here is a much more thorough set of benchmarks from a wide variety of OpenGL and Vulkan powered Linux games. The Ryzen 7 2700, Ryzen 7 2700X, and Core i7 8700K processors were tested for this Ubuntu gaming comparison while testing with both a Radeon RX Vega 64 and GeForce GTX 1080 Ti.


Can a Quantum Drum Vibrate and Stand Still at the Same Time? SoylentNews

Submitted via IRC for Fnord666

Researchers have studied how a 'drumstick' made of light could make a microscopic 'drum' vibrate and stand still at the same time.

A team of researchers from the UK and Australia have made a key step towards understanding the boundary between the quantum world and our everyday classical world.

Quantum mechanics is truly weird. Objects can behave like both particles and waves, and can be both here and there at the same time, defying our common sense. Such counterintuitive behaviour is typically confined to the microscopic realm and the question "why don't we see such behaviour in everyday objects?" challenges many scientists today.

Now, a team of researchers have developed a new technique to generate this type of quantum behaviour in the motion of a tiny drum just visible to the naked eye. The details of their research are published today in New Journal of Physics.

Project principal investigator, Dr Michael Vanner from the Quantum Measurement Lab at Imperial College London, said: "Such systems offer significant potential for the development of powerful new quantum-enhanced technologies, such as ultra-precise sensors, and new types of transducers.

[...] In the quantum world, a drum can vibrate and stand still at the same time. However, generating such quantum motion is very challenging. lead author of the project Dr Martin Ringbauer from the University of Queensland node of the Australian Research Council Centre for Engineered Quantum Systems, said: "You need a special kind of drumstick to make such a quantum vibration with our tiny drum."

In recent years, the emerging field of quantum optomechanics has made great progress towards the goal of a quantum drum using laser light as a type of drumstick. However, many challenges remain, so the authors' present study takes an unconventional approach.


Generation of Mechanical Interference Fringes by Multi-Photon Counting by M Ringbauer, T J Weinhold, L A Howard, A G White & M R Vanner is published in New Journal of Physics 20, 053042 (2018)

Original Submission

Read more of this story at SoylentNews.


The Prominent Changes Of Phoronix Test Suite 8.0 Phoronix

With development on Phoronix Test Suite 8.0 wrapping up for release in the coming weeks, here is a recap of some of the prominent changes for this huge update to our open-source, cross-platform benchmarking software...


Hands-On with First Lubuntu 18.10 Build Featuring the LXQt Desktop by Default

The Lubuntu development team promised to finally switch from LXDE (Lightweight X11 Desktop Environment) to the more modern and actively maintained LXQt (Lightweight Qt Desktop Environment), and the switch is now official.


IWOCL OpenCL 2018 Videos Start Appearing Online Phoronix

Taking place last week in Oxford, UK was IWOCL 2018: the International Workshop on OpenCL. For those that couldn't make this compute conference, session videos have begun appearing online...


[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for Bugtraq

Posted by Moritz Muehlenhoff on May 21

Debian Security Advisory DSA-4205-1 security () debian org Moritz Muehlenhoff
May 18, 2018

This is an advance notice that regular security support for Debian


Inside the training camp where Google shares its A.I. secrets with companies Alphabet invested in Lifeboat News: The Blog

The chairs were filled not with Gerards fellow Google employees but, instead, more than 100 engineers from about a dozen big privately held companies that Googles Alphabet had invested in.

As it battles to stand out in late-stage investing, Alphabets CapitalG is throwing a new machine learning marathon for its portfolio companies.


[SECURITY] [DSA 4204-1] imagemagick security update Bugtraq

Posted by Sebastien Delafond on May 21

Debian Security Advisory DSA-4204-1 security () debian org Sebastien Delafond
May 18, 2018

Package : imagemagick
CVE ID : CVE-2017-10995 CVE-2017-11533...


[SYSS-2018-007] ILIAS e-Learning - Reflected Cross-Site-Scripting Bugtraq

Posted by Moritz Bechler on May 21

Advisory ID: SYSS-2018-007
Product: ILIAS
Affected Version(s): 5.3.2, 5.2.14, 5.1.25
Tested Version(s): 5.3.2, 5.2.12
Vulnerability Type: Reflected Cross-Site-Scripting
Risk Level: MEDIUM
Solution Status: Fixed
Manufacturer Notification: 2018-03-29
Solution Date: 2018-04-25
Public Disclosure: 2018-05-18
CVE Reference: CVE-2018-10428
Author of Advisory: Moritz Bechler, SySS GmbH...


Tesla Partially Complies With GPL After Years of Complete Noncompliance SoylentNews

Electrek reports that Tesla is beginning compliance efforts with respect to their GPL redistribution of components such as Linux, Busybox, Buildroot, QT, and other components:

Tesla has been taking some flak for years now in the software community for using open source software without complying with the licenses. In a step toward compliance, Tesla is now releasing some parts of its software, which is going to be useful to Tesla hackers and security researchers.

Some of the copyright holders have been complaining that Tesla hasn't been complying with their licenses. Software Freedom Conservancy, a not-for-profit organization pushing for open source software, has been on Tesla's case for a while over the issue.

We had received multiple reports of a GPL violation regarding Tesla's Model S. Customers who purchased Tesla's Model S received on-board system(s) that contained BusyBox and Linux, but did not receive any source code, nor an offer for the source... We know that Tesla received useful GPL compliance advice from multiple organizations, in addition to us, over these years."

"Currently the material that is there is representative of the 2018.12 release, but it will be updated with new versions corresponding to new releases over time. Work is underway on preparing sources in other areas as well, together with a more coordinated information page. We wanted to let you know about this material as it is available now while work continues on the other parts. For further questions, please contact"

With the brilliance of Mr. Musk and his ample staff, one would think that they would have figured out their license obligations without literally years of outside help--many small all-volunteer projects do it seemingly effortlessly as a matter of course--but in that, one would be wrong.

Also submitted by canopic jug.

Original Submission

Read more of this story at SoylentNews.


Want to Debug Latency?

Measuring latency and being able to react to latency issues are getting equally complex as our systems got more complex. This article will help you how to navigate yourself at a latency problem and what you need to put in place to effectively do so.


So, what is latency? Latency is how long it takes to do something. How long does it take to have a response back? How long does it take to process a message in a queue?


Singapore ISPs Block 53 Pirate Sites Following MPAA Legal Action TorrentFreak

Under increasing pressure from copyright holders, in 2014 Singapore passed amendments to copyright law that allow ISPs to block pirate sites.

The prevalence of online piracy in Singapore turns customers away from legitimate content and adversely affects Singapores creative sector, said then Senior Minister of State for Law Indranee Rajah.

It can also undermine our reputation as a society that respects the protection of intellectual property.

After the amendments took effect in December 2014, there was a considerable pause before any websites were targeted. However, in September 2016, at the request of the MPA(A), became the first website ordered to be blocked under Singapores amended Copyright Act. The High Court subsequently ordering several major ISPs to disable access to the site.

A new wave of blocks announced this morning are the countrys most significant so far, with dozens of pirate sites targeted following a successful application by the MPAA earlier this year.

In total, 53 sites across 154 domains including those operated by The Pirate Bay plus KickassTorrents and Solarmovie variants have been rendered inaccessible by ISPs including Singtel, StarHub, M1, MyRepublic and ViewQwest.

In Singapore, these sites are responsible for a major portion of copyright infringement of films and television shows, an MPAA spokesman told The Straits Times (paywall).

This action by rights owners is necessary to protect the creative industry, enabling creators to create and keep their jobs, protect their works, and ensure the continued provision of high-quality content to audiences.

Before granting a blocking injunction, the High Court must satisfy itself that the proposed online locations meet the threshold of being flagrantly infringing. This means that a site like YouTube, which carries a lot of infringing content but is not dedicated to infringement, would not ordinarily get caught up in the dragnet.

Sites considered for blocking must have a primary purpose to infringe, a threshold that is tipped in copyright holders favor when the sites operators display a lack of respect for copyright law and have already had their domains blocked in other jurisdictions.

The Court also weighs a number of addit...


Almost Half of US Families Can't Afford Basics Like Rent and Food SoylentNews

"Nearly 51 million households don't earn enough to afford a monthly budget that includes housing, food, child care, health care, transportation and a cell phone, according to a study released Thursday by the United Way ALICE Project. That's 43% of households in the United States."

The figure includes the 16.1 million households living in poverty, as well as the 34.7 million families that the United Way has dubbed ALICE -- Asset Limited, Income Constrained, Employed. This group makes less than what's needed "to survive in the modern economy."

"Despite seemingly positive economic signs, the ALICE data shows that financial hardship is still a pervasive problem," said Stephanie Hoopes, the project's director.

California, New Mexico and Hawaii have the largest share of struggling families, at 49% each. North Dakota has the lowest at 32%.

Many of these folks are the nation's child care workers, home health aides, office assistants and store clerks, who work low-paying jobs and have little savings, the study noted. Some 66% of jobs in the US pay less than $20 an hour.

See also:

Original Submission

Read more of this story at SoylentNews.


Orbital ATK's OA-9E Resupply Mission to the ISS Set to Launch SoylentNews

Orbital ATK is launching its OA-9E Commercial Resupply Services mission to the International Space Station:

Early risers on the US East Coast might get a bit of a show tomorrow morning: private space company Orbital ATK will launch its Antares rocket with a Cygnus spacecraft at 4:39 AM EDT [08:39 UTC] from NASA's Wallops Flight Facility in Virginia.

The mission is the company's ninth flight for NASA, and is headed to the International Space Station, where it will drop off a 7,400 pounds of scientific equipment and supplies when it docks on Thursday, May 24th.

Alongside CubeSats, the Cold Atom Laboratory, and other cargo, the rocket will carry seeds for Plant Habitat-01, which will evaluate several types of Arabidopsis:

This time, the astronauts will plant six different types of Arabidopsis, a flowering plant that's closely related to cabbage and mustard. Five of the plant varieties have been genetically altered, either to affect they way the plants capture carbon or affect their ability to produce lignin, a fibrous substance that provides structural support for plants. The same varieties will be grown under Earth-gravity conditions at NASA's Kennedy Space Center in Florida.

After several weeks of growth, the zero-G plants will be harvested and shipped back to Earth for comparison. The plants' proteins will be analyzed at Pacific Northwest National Laboratory to see whether a particular genetic mix is better-suited for cultivation in space.

Live coverage at Spaceflight Now. Update: Launch has been pushed back 5 minutes (to the end of its launch window) at 4:44 AM EDT, 08:44 UTC. Update 2: Payload successfully separated around 08:51 UTC. NASA-TV coverage will include the solar panels being unfurled around 09:45 UTC, and a post-launch press conference.

Original Submission

Read more of this story at SoylentNews.


RoMeLas Sideways Walking Robot Has Evolved More Limbs Hackaday

Despite the success shown in prototypes from groups like Boston Dynamics, bipedal walking is still really hard to implement. When the robot lifts one leg, it has to shift its center of gravity over the other leg to avoid falling sideways.

The Autonomous Legged Personal Helper Robot with Enhanced Dynamics (ALPHRED) is getting around this problem by coming at it from a different angle. ALPHRED walks sideways and throws away the distinction between arms and legs.

The bot is RoMeLa at UCLAs latest evolution in their approach to traditional bipedal roadblocks. Sideways walking is something we covered when we talked about their previous version, NABi, which had only two legs. ALPHRED expands that to four limbs. As the video below shows, all four limbs can be used for walking using either a wide, stable sprawl or the limbs can reorient to a narrower dog or horse-like stance for faster running.

Beyond walking, one or two of the limbs can be put to use as hands to open a door or hand over a package, which is why they refer to them as limbs instead of legs or hands. Only an animation is shown of that configuration but RoMeLa is a robotics lab which we keep an eye on so well let you know if they demonstrate it.

The video goes on to show a neat actuator with active compliance which they call BEAR, Back-drivable Electromagnetic Actuator for Robots. A search turned up no further details but let us know in the comments if you have any. We also liked seeing how they use a speaker to give a rough idea of the amount of current being drawn. While its both practical and a hack, it also adds a nice sci-fi touch.


Internet Systems Consortium rolled out security updates to address 2 flaws in BIND DNS Software Security Affairs

On Friday, the Internet Systems Consortium (ISC) announced security updates for BIND DNS software that address two vulnerabilities rated with a medium severity rating.

Both vulnerabilities could be exploited by attackers to cause a denial-of-service (DoS) condition, the first issue tracked as CVE-2018-5737 can also cause severe operational problems such as degradation of the service.

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off.  Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. reads the security advisory published by the ISC.

Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation either degradation or denial of service. 

The flaw affects BIND 9.12.0 and 9.12.1 which permit recursion to clients and which have the max-stale-ttl parameter set to a non-zero value are at risk.

The Internet Systems Consortium (ISC) has addressed the flaw with the release of BIND 9.12.1-P2. Below the workaround provided by the organization:

  • Setting max-stalettl 0; in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.)
  • Setting stale-answer enable off; is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero.



China takes a critical first step toward landing on the far side of the Moon Lifeboat News: The Blog

Anyone home?

China takes a critical first step toward landing on the far side of the Moon.

The Queqiao spacecraft is now on its way toward L2.


Linux tail Command Tutorial for Beginners (5 Examples)

Sometimes you want to monitor what new information is being written to a file (think of log files), or for whatever reasons, want to access the last few lines of a file. Well, there's a command line utility that lets you do this in Linux, and it's call tail.

In this tutorial, we will discuss the basics of the tail command using some easy to understand examples. But before we do that, it's worth mentioning that all examples included in this article have been tested on Ubuntu 16.04 LTS.


What is CI/CD? Continuous Integration and Continuous Delivery Explained

Continuous integration (CI) and continuous delivery (CD) embody a culture, set of operating principles, and collection of practices that enable application development teams to deliver code changes more frequently and reliably. The implementation is also known as the CI/CD pipeline and is one of the best practices for devops teams to implement.


Top 10 Most Pirated Movies of The Week on BitTorrent 05/21/18 TorrentFreak

Legendary Pictures/Universal Studios

This week we have two newcomers in our chart.

Pacific Rim: Uprising is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the weekly movie download chart.

This weeks most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 () Pacific Rim: Uprising 5.8 / trailer
2 (2) Avengers: Infinity War (HDCam) 9.1 / trailer
3 () Deadpool 2 (HDTS) 8.3 / trailer
4 (1) Black Panther 7.9 / trailer
5 (7) Red Sparrow 6.7 / trailer
6 (3) Game Night 7.3 / trailer
7 (4) ...


Exclusive: Lessons From Airbnbs First Foray Into Urban Renewal Terra Forming Terra

This is a nice start and recognizes that there is something important here that lacks successful monetization.

At its foundation, we have a natural community that has lost its fresh faces to the virtual natural communities in larger centers.  Replenishment becomes impossible.

We need a natural influx of newcomers, internal finance using the rule of twelve and fiat capital.  This would stimulate a recovery to the 150 population and support for sustainable local growing. It can be done but it will take example and education.

Exclusive: Lessons From Airbnbs First Foray Into Urban Renewal


Last year, Airbnb unveiled a community center designed to help revitalize a shrinking town in Japan. A year later, CPO Joe Gebbia shares what the company has learnedand what it has planned next. 

It was almost exactly a year ago that Airbnb started taking reservations on perhaps its strangest listing of all: the Yoshino Cedar House, which the company had built itself in a tiny little logging town in Japan way off the...


Global warming? The latest news tells a different story Terra Forming Terra

Ah yes!  Just where did that global warming go when we needed it.  Yet it all fits within the expected channel for good statistical data.

What this makes clear though is that all the gains in global heat are now been lost quickly while the obvious markers will still be lagging.  It takes time to rebuild sea ice.

Right now I do expect shocks during the coming winter months and think the chance of being disappointed to be low.   The obvious shock will be suddenly frozen rivers comparable to the eighteenth century.

The scientific retreat from flawed climate dogma will be embarrassing and richly deserved.  Yet this climate cycle taught us a lot that was important to discover.  .. 

Global warming? The latest news tells a different story

May 1, 2018

Here are some articles and stories that are minimally reported, if at all, because they do not fit the agenda that humans,...


Whats Worse: Unwanted Mutations or Unwanted Humans? - Facts So Romantic Nautilus

Three of the rare Przewalskis horses that now roam the area near the Chernobyl nuclear plant.Photograph by Sergey Gaschak

After a fatal series of errors and malfunctions in the early morning of April 26, 1986, the core of the Chernobyl nuclear facility melted down and then exploded, killing 31 workers at the plant. The accident spewed massive amounts of radioactive material into the surrounding area, forcing a mass evacuation of the nearby villages. Many wild animals died from the direct toxicity of the radiation and almost 1,000 acres of the Red Forestnamed for the unusual color its trees turned after the disasterdied within months. The most radioactive human settlements were bulldozed and buried. (See the related story about the most radioactive part of the nuclear plant: Chernobyls Hot Mess, the Elephants Foot, Is Still Lethal.)

Checkpoints and fences were quickly put up around the vast contaminated region, stretching between northern Ukraine and southern Belarus. This became the exclusion zone, a region that has remained closed to most human activity for the past 28 years.

Yet the area is far from a barren wasteland. Instead it is a patchwork of hot zones of high radiation next to clean areas. Many
Read More

How a Ghanaian entrepreneur uses recycled plastic to make cheaper roads and building blocks Terra Forming Terra

This is really promising. To start with it works.  That means we can set up a regulatory system in which all plastics made new are charged out a deposit per pound of plastic that it set to underwrite the whole underlying collection process.  We do this with glass bottles and plastic bottles and metal cans already.

Thus the processor uses the revenue from his product sales to support the manufacturing operation and pay for the equipment.

The bricks easily fits into the local building culture anywhere. There is no particular need for great strength either as the market for paving stone is unending.

How a Ghanaian entrepreneur uses recycled plastic to make cheaper roads and building block

Laying the recycled plastic-infused blocks in Ghana (Courtesy/Nelplast) 


April 27, 2018 Quartz Africa

Accra, Ghana



Dolibarr XSS Injection vulnerability Open Source Security

Posted by Sysdream Labs on May 20

# [CVE-2018-10095] Dolibarr XSS Injection vulnerability

## Description

Dolibarr is an "Open Source ERP & CRM for Business" used by many
companies worldwide.

It is available through [GitHub](
or as distribution packages (e.g .deb package).


The application does not handle user input properly, allowing
client-side JavaScript code injection (XSS).


User input should...


[CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability Open Source Security

Posted by Sysdream Labs on May 20

# [CVE-2018-10092] Dolibarr admin panel authenticated Remote Code
Execution (RCE) vulnerability

## Description

Dolibarr is an "Open Source ERP & CRM for Business" used by many
companies worldwide.

It is available through [GitHub](
or as distribution packages (e.g .deb package).


By tricking a logged-in admin into clicking a malicious link, or by
getting admin privileges in some...


[CVE-2018-10094] Dolibarr SQL Injection vulnerability Open Source Security

Posted by Sysdream Labs on May 20

# [CVE-2018-10094] Dolibarr SQL Injection vulnerability

## Description

Dolibarr is an "Open Source ERP & CRM for Business" used by many
companies worldwide.

It is available through [GitHub](
or as distribution packages (e.g .deb package).


The application does not handle user input properly and allows execution
of arbitrary SQL commands on the database.




Judges convict crook of operating Scan4You Counter Antivirus Service Security Affairs

Crook faces up to 35 years in prison for operating the popular Scan4You counter anti-virus (CAV) website that helped malware authors to test the evasion capabilities of their codes.

Scan4You is a familiar service for malware developers that used it as a counter anti-virus (CAV).

Scan4You allowed vxers to check their malware against as many as 40 antivirus solutions.


Scan4You was probably the largest counter anti-virus website, it went offline in May 2017 after authorities arrested two men in Latvia, the Russian national Jurijs Martisevs (36) (aka Garrik) and Ruslans Bondars (37) (aka Borland).

Both suspects were extradited by the FBI to the United States.

Jurijs Martisevs was traveling to Latvia when he was arrested by authorities and in March he pleaded guilty in a Virginia court to charges of conspiracy and aiding and abetting computer intrusion.

On Wednesday, Bondars was found guilty of conspiracy to violate the Computer Fraud and Abuse Act, conspiracy to commit wire fraud, and computer intrusion with intent to cause damage.

Ruslans Bondars helped hackers test and improve the malware they then used to inflict hundreds of millions of dollars in losses on American companies and consumers, said John P. Cronan, Acting Assistant Attorney General of the Justice Departments Criminal Division

Todays verdict should serve as a warning to those who aid and abet criminal hackers: the Criminal Division and our law enforcement partners consider you to be just as culpable as the hackers whose crimes you enableand we will work tirelessly to identify you, prosecute you, and seek stiff sentences that reflect the seriousness of your crimes.

Bondars faces a maximum penalty of 35 years in prison when sentenced on September 21, 2018.

Scan4You was launched in 2009 with the intent to offer a service that helped malware developers to check evasion capabilities of their code.

For a monthly fee, malware authors could upload their samples to the service that test their evasion capabilities against a broad...


Cambridge Analytica (US) Files for Bankruptcy Amidst Siege of Negative Attention SoylentNews

Submitted via IRC for Fnord666

"It has been determined that it is no longer viable to continue operating the business."

Cambridge Analytica LLC, the American arm of the London-based data analytics firm of the same name, filed for bankruptcy in federal court in New York on Friday.

The company submitted a voluntary formal petition for Chapter 7 bankruptcyliquidation. That document reveals the company has between $1 and $10 million in debt with very little assets. On May 2, SCL Elections Ltd. and its other British affiliates filed similar "insolvency" documents with UK authorities.

It was revealed last month that a 2014 survey app created at the behest of Cambridge Analytica required Facebook login credentials and provided the survey creator access to their friends' public profile data. In the end, this system captured data from 87 million Facebook users. This data trove wound up in the hands of Cambridge Analytica, the British data analytics firm, which worked with clients like the Donald Trump presidential campaign.

NBC News reported Friday that the company's May 2 shutdown hit employees abruptly, with many remaining employees filing out of their Fifth Avenue office in Manhattan directly to a nearby Irish pub.

[...] The Friday court document also notes that the attorney preparing the filing was paid for by Emerdata, a new data analytics firm founded by many of the same people who were formerly involved in Cambridge Analytica. Emerdata, like Cambridge Analytica, is largely funded by the Mercer family, who are well-known Republican donors and Trump supporters. Rebekah Mercer was named as a director to Emerdata in March 2018. What exactly Emerdata does or how it will operate going forward remains a bit of a mystery.

Read more of this story at SoylentNews.


Why NAD+ Declines With Age Lifeboat News: The Blog

Nicotinamide adenine dinucleotide (NAD+), a nucleotide, is critical for life to exist. From the most simple bacteria to complex multicellular organisms such as humans, NAD is a vital component of cellular function and thus life.

An increased level of NAD+ appears to convey health and longevity, and a decrease is associated with aging and disease. Today, we are going to look at NAD+, why it declines with age, and what science might do about it.


Slipcasting Resin Prototypes Hackaday

[Eric Strebel] doesnt need an introduction anymore. If there is a picture of an elegantly designed part with a professional finish on our pages, there is a good chance he has a hand in it. This time he is sharing his method of making a part which looks like it is blow-molded but it is not. Blow-molded parts have a distinctive look, especially made with a transparent material and [Erics] method certainly passes for it. This could upgrade your prototyping game if you need a few custom parts that look like solidified soap bubbles.

Mold making is not covered in this video, which can also be seen below the break, but we can help you out with a tip or two. For demonstrations sake, we see the creation of a medical part which has some irregular surfaces. Resin is mixed and degassed then rolled around inside the mold. Then, the big reveal, resin is allowed to drain from the mold. Repeat to achieve the desired thickness.

This is a technique adapted from ceramics called slipcasting. For the curious, an elegant ceramic slipcasting video demonstration can be seen below as well. For an added finishing touch, watch how a laquer logo is applied to the finished part; a touch that will move the look of your build beyond that of a slapdash prototype.

More education from this prolific maker can be seen in his video on painting with a professional-looking finish and his tips for working with foam-core.

Heres a video showing how ceramic slip casting works. After watching [Eric]s video, this should make perfect sense.


NASA's TESS Receives Gravity Assist From the Moon, Snaps Test Image SoylentNews

NASA's new planet hunter snaps initial test image, swings by Moon toward final orbit

NASA's next planet hunter, the Transiting Exoplanet Survey Satellite (TESS), is one step closer to searching for new worlds after successfully completing a lunar flyby on May 17. The spacecraft passed about 5,000 miles from the Moon, which provided a gravity assist that helped TESS sail toward its final working orbit.

As part of camera commissioning, the science team snapped a two-second test exposure using one of the four TESS cameras. The image, centered on the southern constellation Centaurus, reveals more than 200,000 stars. The edge of the Coalsack Nebula is in the right upper corner and the bright star Beta Centauri is visible at the lower left edge. TESS is expected to cover more than 400 times as much sky as shown in this image with its four cameras during its initial two-year search for exoplanets. A science-quality image, also referred to as a "first light" image, is expected to be released in June.

TESS will undergo one final thruster burn on May 30 to enter its science orbit around Earth. This highly elliptical orbit will maximize the amount of sky the spacecraft can image, allowing it to continuously monitor large swaths of the sky. TESS is expected to begin science operations in mid-June after reaching this orbit and completing camera calibrations.

Normal TESS images will have up to 30 minutes of exposure time.

Also at EarthSky and TechCrunch.

Previously: NASA's TESS Mission Set to Launch on Wednesday, April 18

Original Submission

Read more of this story at SoylentNews.


The 20 Best Free Games For Kids 2018 Trusted Hype

Best Free Games for kids 2018 has been an amazing year for video games across all platforms, but with the likes of Destiny 2 and Assassins Creed: Origins being big hits with all the attention, it is sometimes hard to see which games released this year are suitable for children. Top 10 Xbox Games for Kids (Video) Android []

The post The 20 Best Free Games For Kids 2018 appeared first on Trusted Hype.


The Attacks on the Patent Trial and Appeal Board (PTAB) Have Lost Momentum and the Patent Microcosm Begrudgingly Gives Up Techrights

Tank empty

Summary: The Patent Trial and Appeal Board (PTAB), reaffirmed by the Court of Appeals for the Federal Circuit (CAFC) and now the Supreme Court as well, carries on preventing frivolous lawsuits; options for stopping PTAB have nearly been exhausted and it shows

THERES nothing that the patent microcosm has not yet attempted in its war against PTAB. It tried to undermine the legitimacy of PTAB (to no avail), it attempted to slow PTAB down (also without success), and last year it even resorted to scams (misuse of immunity by using shell entities). The USPTO does not mind PTAB because it does not profit from litigation, unlike the patent microcosm. The USPTO just needs to grant good (valid) patents, unlike the EPO under Battistelli.

Weve noticed a considerable decrease in criticisms of PTAB; after Oil States (basically the highest court cementing PTABs role with only two dissenting Justices) it seems like the patent microcosm nearly gave up trying to tear PTAB down. Watchtroll, one of the main anti-PTAB sites, covered Altaire Pharm., Inc. v Paragon Bioteck, Inc. yesterday, but this wasnt even an anti-PTAB article. It feels as though they have learned to accept that PTAB is here to stay. This sites founder, Gene Quinn, even wrote something titled Is the pro-patent community going to continue to lose every battle?

The patent microcosm just cant stop lobbying Iancu after bullying/smearing his predecessor, Michelle Lee, showing that theyre a collective of bullies rather than legal professionals. Watchtroll now calls the patent extremists (like him) the pro-patent community as if patent rationalists are anti-patents (theyre not). Earlier this month Quinn maligned the Supreme Court, basically calling it anti-patent.

As if anyone who isnt as extreme about patents (as Quinn is) must be anti-patent. False dichotomies much? Binar...


Funding for NASA Climate Research Program Likely to be Restored by Congress SoylentNews

That NASA climate science program Trump axed? House lawmakers just moved to restore it

A U.S. House of Representatives spending panel voted today to restore a small NASA climate research program that President Donald Trump's administration had quietly axed. (Click here to read our earlier coverage.)

The House appropriations panel that oversees NASA unanimously approved an amendment to a 2019 spending bill that orders the space agency to set aside $10 million within its Earth science budget for a "climate monitoring system" that studies "biogeochemical processes to better understand the major factors driving short and long term climate change."

That sounds almost identical to the work that NASA's Carbon Monitoring System (CMS) was doing before the Trump administration targeted the program, which was getting about $10 million annually, for elimination this year. Critics of the move said it jeopardized numerous research projects and plans to verify the national emission cuts agreed to in the Paris climate accords.

"Likely" because it is part of a larger spending bill that needs to be voted on by the full House, and reconciled with the Senate's version.

Previously: Trump White House Quietly Cancels NASA Research Verifying Greenhouse Gas Cuts

Original Submission

Read more of this story at SoylentNews.


Software Patenting and Successful Litigation a Very Difficult Task Under 35 U.S.C. 101 Techrights

Better not bother

Solving crossword puzzle

Summary: Using loads of misleading terms or buzzwords such as AI the patent microcosm continues its software patents pursuits; but thats mostly failing, especially when courts come to assess pertinent claims made in the patents

NO MATTER what patent law firms keep claiming, software patents are hard to get at the USPTO. Theyre even harder to sell to judges and juries; expert testimonies can peel off the layers of buzzwords and demonstrate that a lot of software patents (whether theyre called cloud or IoT or whatever) boil down to algorithms or code, i.e. the domain of copyrights.

Were not done writing about software patents. The subject needs to be constantly brought up because rebuttals are necessary. Many public events and news sites are still dominated by patent law firms. They tell audiences what they want them to believe rather than what is true.

Consider this example from 24 hours ago. The patent microcosm is still trying to figure out how to get software patents which courts more so than examiners would likely reject anyway. To quote the outline of this upcoming webinar (lobbying/marketing):

Strafford will be offering a webinar entitled Functional Claiming for Software Patents: Leveraging Recent Court Treatment Surviving 112(f) and Disclosing Functional Basis for Software to Meet Heightened Standard of Review on June 5, 2018 from 1:00 to 2:30 pm (EDT). Cory C. Bell and Doris Johnson Hines of Finnegan Henderson Farabow Garrett & Dunner will guide IP counsel on functional claiming in software patents and USPTO prosecution, examine recent court treatment, and explain how to navigate the issue of functionality given the uncertainties in the prosecution and litigation contexts.

Check out whos on this panel (webinar); basically nobody that has anything to do with software. Its whats commonly known as circle-jerk.

It has become fashionable to dress up software patents as all sorts of things; the EPO likes three-letter acronyms such as ICT, CII, and 4IR. A couple o...


Card Reader Lockout Keeps Unauthorized Tool Users at Bay Hackaday

Its a problem common to every hackerspace, university machine shop, or even the home shops of parents with serious control issues: how do you make sure that only trained personnel are running the machines? There are all kinds of ways to tackle the problem, but why not throw a little tech at it with something like this magnetic card-reader machine lockout?

[OnyxEpoch] does not reveal which of the above categories he falls into, if any, but well go out on a limb and guess that its a hackerspace because it would work really well in such an environment. Built into a sturdy steel enclosure, the guts are pretty simple an Arduino Uno with shields for USB, an SD card, and a data logger, along with an LCD display and various buttons and switches. The heart of the thing is a USB magnetic card reader, mounted to the front of the enclosure.

To unlock the machine, a user swipes his or her card, and if an administrator has previously added them to the list, a relay powers the tool up. Theres a key switch for local override, of course, and an administrative mode for programming at the point of use. Tool use is logged by date, time, and user, which should make it easy to identify mess-makers and other scofflaws.

We find it impressively complete, but imagine having a session timeout in the middle of a machine operation would be annoying at the least, and potentially dangerous at worst. Maybe the solution is a very visible alert as the timeout approaches a cherry top would do the trick!

Theres more reading if youre one seeking good ideas for hackerspace. Weve covered the basics of hackerspace safety before, as well as insurance for hackerspaces.


Antnio Campinos Will Push Toward a France-Based Unified Patent Court (UPC) Techrights

Michel Barnier (centre) lobbied for the UPC for many years (since the days it wasnt even called UPC)

The three Frenchmen

Summary: Frenchmen at the EPO will try hard to bring momentum if not force to the Unified Patent Court; facts, however, arent on their side (unlike Team UPC, which was always on Team Battistellis side)

YESTERDAY we wrote about the TC Heartland determination turning one. Lawyers, especially upon this decisions anniversary, still try to work their way around it. They want to make it possible to drag companies into patent courts/trials far away from where theyre based. In re HTC Corp. was recalled yesterday (Sunday) by Watchtroll. The patent venue statute does not apply to foreign corporations sued for patent infringement, it said. These foreign defendants may be sued in any judicial district where they are subject to personal jurisdiction. This is part of a pattern.

We find this quite relevant to the UPC/Brexit debate. Can British companies be sued over patent infringement in other countries (for their activities inside Britain)? With court proceedings that arent even in English? This question has been brought up in the constitutional complaint in Germany (the language and the UKs status in Europe).

Can British companies be sued over patent infringement in other countries (for their activities inside Britain)?Patent maximalists and Team UPC in their lawyers-centric sites dont seem bothered by such questions. They seem so eager to see a torrent of new patent lawsuits, so earlier this month they were in full fanboi mode for the UPC.

Max Walters, a journalist rather than a lawyer, called it the patent courts Brexit paradox. August Debouzy, boosters of Battistelli agenda,...


In Apple v Samsung Patents That Should Never Have Been Granted May Result in a Billion Dollars in Damages Techrights

Merely damages the credibility of the USPTO if anything

11 Cool, Funny or Just Plain Strange Patents for Back to School
Reference: 11 Cool, Funny or Just Plain Strange Patents for Back to School

Summary: A roundup of news about Apple and its patent cases (especially Apple v Samsung), including Intels role trying to intervene in Qualcomm v Apple

HERE in this Web site we prefer to focus on topics/angles which ought to be covered by mainstream media but never/rarely are. The Apple v Samsung trial is generally being covered quite a lot by big publishers, e.g. Apple v Samsung Poses Threat Beyond Just Tech and other new headlines/reports [1, 2, 3, 4, 5, 6]. It is already being mentioned quite heavily in social control media, probably because Apple is involved. Not many patent cases manage to attract quite as much public interest. We remarked on it a few times earlier this month. As Wall Street media put it last week, Apple Wants $1 Billion From Samsung at Smartphone Retrial (retrial after nearly a decade of fighting).

Apple has taken patent maximalism/lunacy to new heights in California. Its seeking billions in damages over a simple shape of something. To quote one...


Week in review: Office 365 phishing threats, companies ditch data as GDPR approaches Help Net Security

Heres an overview of some of last weeks most interesting news, podcasts and articles: How can Office 365 phishing threats be addressed? The frequency of phishing within Office 365 is estimated to cost the average organization 1.3 compromised accounts each month via unauthorized, third-party login using stolen credentials. Personal encryption usage is increasing According to a Venafi survey of 512 security professionals attending RSA Conference 2018, sixty-four percent of respondents say their personal encryption usage More

The post Week in review: Office 365 phishing threats, companies ditch data as GDPR approaches appeared first on Help Net Security.


"Don't be Evil" Disappearing From Google's Code of Conduct SoylentNews

A number of soylentils have written in to let us know that Google is opening up the possibility of being evil by eliminating it from their code of conduct. You've been warned.

"Don't be Evil" Starting to Disappear From Google's Code of Conduct

Google Removes 'Don't Be Evil' Clause From Its Code of Conduct

Google's unofficial motto has long been the simple phrase "don't be evil." But that's over, according to the code of conduct that Google distributes to its employees. The phrase was removed sometime in late April or early May, archives hosted by the Wayback Machine show.

April 21 vs. May 4.

Related: Google vs Maven
Google Employees on Pentagon AI Algorithms: "Google Should Not be in the Business of War"
Google Duplex: an AI that Can Make Phone Calls on Your Behalf
About a Dozen Google Employees Have Resigned Over Project Maven

Read more of this story at SoylentNews.


DistroWatch Weekly, Issue 764 News

This week in DistroWatch Weekly: Review: DragonFly BSD 5.2.0News: Tails works on persistent packages, Ubuntu Studio plans alternative desktops, Mageia offers massive update, Ubuntu team plans new features, GNOME removes (and restores) launching programs from NautilusTips and tricks: Finding which services were affected by an updateReleased last week:....


HPR2556: Building trust Hacker Public Radio

What is trust? How do you get it? How can you exploit it? How can you keep from being exploited?


You are not alone; The Pirate Bay is down around the world HackRead

By Waqas

Another day, another irritating situation for The Pirate Bay fans.

This is a post from Read the original post: You are not alone; The Pirate Bay is down around the world


Hackaday Links: May 20, 2018 Hackaday

One of the more interesting pieces of tech from Hollywood that never seems to become a reality is a location tracker. Remember the movement tracker in Alien that found the cat in the locker? Yeah, like that. Something that reports the direction and distance to a target, kind of like a PKE Meter from Ghostbusters. I think there was something like this in Predator. On Indiegogo, theres a device that tracks other devices. Its called the Lynq, and its a small, handheld device that tells you the distance and bearing of other paired devices. Hand them out to your friends, and youll be able to find each other at Coachella. While the device and use case is interesting, were wondering how exactly this thing works. Our best guess is that each device has a GPS module inside, and communicates with other paired devices over the 900MHz band. Its a bit pricey at $80 per unit (although you need at least two to be useful), but this is a really interesting project.

The SDRPlay SDR1 and SDR2 are as you would guess software defined radio receivers, that retail for $2-300. Problem: a few of these units were stolen from a warehouse, and are winding up on eBay. Solution: SDRPlay has decided to disable the specific receivers via the serial number. In a move just slightly reminiscent of FTDIgate, a manufacturer has decided to brick products that are stolen or infringe on IP. Its a solution, but I wouldnt want to be on the customer service team at SDRPlay.

A few years ago, [Oscar] created the PiDP-8/I, a computer kit that miniaturized the venerable PDP-8/I into a desktop form factor, complete with blinkenlights and clicky switches. Its a full simulation of a PDP-8 running on a Raspberry Pi, and if you took the PiDP-8/I back to 1975, you could, indeed, connect it to other computers. But the PDP-8/I isnt the most beautiful minicomputer ever created. That honor goes to the PDP-11/70, a beast of a machine wrapped in injection molded plastic and purple toggle switches. Now, after years of work, [Oscar] has miniaturized this beast of a machine. The PiDP-11/70 is a miniature remake of the PDP-11/70, runs a Raspberry Pi, and is everything you could ever want in a minimainframe. The price will be around $250 expensive, but have you ever tried to find a PDP-11 front panel on eBay?

The Nvidia TX2 is a credit card-sized computer with a powerful ARM p...


Someone hacked Californias live congressional debate to run gay porn HackRead

By Carolina

Looks like we got hacked again, well try to fix

This is a post from Read the original post: Someone hacked Californias live congressional debate to run gay porn


Linux 4.17-rc6 Kernel Released As Another "Fairly Calm" Release Phoronix

Linux 4.17 is up to its sixth weekly release candidate ahead of the official release expected by mid-June...


PayPal Acquires iZettle for $2.2 Billion SoylentNews

PayPal to Buy iZettle for $2.2 Billion to Compete With Square

PayPal Holdings Inc. is buying Swedish small-business platform iZettle for $2.2 billion to expand in Europe and Latin America and increase its presence in brick and mortar stores.

"Small businesses increasingly want a full suite of capabilities across channels, a one-stop stop," Dan Schulman, chief executive officer of PayPal, said in an interview. "IZettle was the perfect fit in many ways."

The deal is the biggest ever for San Jose, California-based PayPal and will help it compete with Square Inc., which made a name for itself by helping small businesses and food-truck vendors conduct credit card and mobile transactions. Founded in 2010 by Jacob de Geer and Magnus Nilsson, iZettle also started out with a mobile-phone gadget for accepting credit card payments. It has since expanded into software and financing services to support small businesses.

All-cash deal = money in the (real) bank.

Also at TechCrunch.

Original Submission

Read more of this story at SoylentNews.


Post-Zuckerberg, tech CEOs under pressure to testify The Hill: Technology Policy

Leaders of major technology companies are under increasing pressure to testify before Congress as lawmakers sound the alarm about the industrys data practices and market power.Its been a month since Facebook CEO Mark Zuckerberg appeared in a pair...


masscan, macOS, and firewall Errata Security

One of the more useful features of masscan is the "--banners" check, which connects to the TCP port, sends some request, and gets a basic response back. However, since masscan has it's own TCP stack, it'll interfere with the operating system's TCP stack if they are sharing the same IPv4 address. The operating system will reply with a RST packet before the TCP connection can be established.

The way to fix this is to use the built-in packet-filtering firewall to block those packets in the operating-system TCP/IP stack. The masscan program still sees everything before the packet-filter, but the operating system can't see anything after the packet-filter.

Note that we are talking about the "packet-filter" firewall feature here. Remember that macOS, like most operating systems these days, has two separate firewalls: an application firewall and a packet-filter firewall. The application firewall is the one you see in System Settings labeled "Firewall", and it controls things based upon the application's identity rather than by which ports it uses. This is normally "on" by default. The packet-filter is normally "off" by default and is of little use to normal users.

What we need to filter is the source port of the packets that masscan will send, so that when replies are received, they won't reach the operating-system stack, and just go to masscan instead. To do this, we need find a range of ports that won't conflict with the operating system. Namely, when the operating system creates outgoing connections, it randomly chooses a source port within a certain range. We want to use masscan to use source ports in a different range.

To figure out the range macOS uses, we run the following command:

sysctl net.inet.ip.portrange.first net.inet.ip.portrange.last

On my laptop, which is probably the default for macOS, I get the following range. Sniffing with Wireshark confirms this is the range used for source ports for outgoing connections.

net.inet.ip.portrange.first: 49152


GIMP 2.10.2 Released With HEIF Image Format Support Phoronix

Just shy of one month since the long-awaited debut of GIMP 2.10, the first stable point release is now available...


Inverted Pendulum For The Control Enthusiast Hackaday

Once you step into the world of controls, you quickly realize that controlling even simple systems isnt as easy as applying voltage to a servo. Before you start working on your own bipedal robot or scratch-built drone, though, you might want to get some practice with this intricate field of engineering. A classic problem in this area is the inverted pendulum, and [Philip] has created a great model of this which helps illustrate the basics of controls, with some AI mixed in.

Called the ZIPY, the project is a Cart Pole design that uses a movable cart on a trolley to balance a pendulum above. The pendulum is attached at one point to the cart. By moving the cart back and forth, the pendulum can be kept in a vertical position. The control uses the OpenAI Gym toolkit which is a way to easily use reinforcement learning algorithms in your own projects. With some Python, some 3D printed parts, and the toolkit, [Philip] was able to get his project to successfully balance the pendulum on the cart.

Of course, the OpenAI Gym toolkit is useful for many more projects where you might want some sort of machine learning to help out. If you want to play around with machine learning without having to build anything, though, you can also explore it in your browser.

The HackadayPrize2018 is Sponsored by:


GPU-Equipped Ryzen Pros Give AMD What it Needs to Conquer the Corporate Desktop SoylentNews

Submitted via IRC for SoyCow0245

Last year, AMD introduced Ryzen Pro, a range of processors aimed at corporate desktops rather than consumer systems. Though broadly identical to their consumer counterparts, the Pro chips offer additional guarantees around supply and availability so that corporate fleets can standardize on particular chips without risking a part being discontinued mid-way through their replacement cycle. The Pro chips also carry longer warranties and emphasize certain security and management features that may not be present or enabled in consumer systems.

The first Ryzen Pros had a major omission, however: they didn't include integrated GPUs. Corporate desktops and laptops, typically used for Office, Web browsing, and other low-intensity tasks, overwhelmingly use integrated GPUs rather than discrete ones; they simply don't need anything more powerful. The need for separate GPUs meant that the first-generation Ryzen Pros had only very limited appeal in their target corporate market.

The new processors, however, follow in the footsteps of the Ryzens with integrated Vega graphics launched in February, pairing a single core complex (CCX; a bundle of four cores/eight threads and a shared level 3 cache) with a Vega GPU. This makes them a complete solution for the corporate desktop.

Source: GPU-equipped Ryzen Pros give AMD what it needs to conquer the corporate desktop

Original Submission

Read more of this story at SoylentNews.


Fairplay Canada Discredits Pro-Piracy TorrentFreak News, Then Cites Us TorrentFreak

At TorrentFreak we do our best to keep readers updated on the latest copyright and piracy news, highlighting issues from different points of view.

We report on the opinions and efforts of copyright holders when it comes to online piracy and we also make room for those who oppose them. Thats how balanced reporting works in our view.

There is probably no site on the Internet who reports on the negative consequences of piracy as much as we do, but for some reason, the term pro-piracy is sometimes attached to our reporting. This also happened in the recent reply Fairplay Canada sent to the CRTC.

The coalition of media companies and ISPs is trying to get a pirate site blocking regime implemented in Canada. As part of this effort, its countering numerous responses from the public, including one from law professor Michael Geist.

In his submission, Geist pointed out that the Mexican Supreme Court ruled that site blocking is disproportional, referring to our article on the matter. This article was entirely correct at the time it was written, but it appears that the Court later clarified its stance.

Instead of pointing that out to us, or perhaps Geist, Fairplay frames it in a different light.

Professor Geist dismisses Mexico because, relying on a third party source (the pro-piracy news site TorrentFreak), he believes its Supreme Court has ruled that the regime is disproportionate, it writes.

Fairplay does not dispute that the Supreme Court initially ruled that a site blockade should target specific content. However, it adds that the court later clarified that blockades are also allowed if a substantial majority of content on a site is infringing.

The bottom line is that, later developments aside, our original article was correct. What bothers us, however, is that the Fairplay coalition is branding us as a pro-piracy site. Thats done for a reason, most likely to discredit the accuracy of our reporting.

Pro piracy news site

Luckily we have pretty thick skin, so well get over it. If Fairplay Canada doesnt trust us, then so be it.

Amusingly, however, this was not the only TorrentFreak article the coalition referenced. In fact, our reporting is cited twice more in the same repor...



Via: Bloomberg: Engineer and adventurer Richard Jenkins has made oceangoing robots that could revolutionize fishing, drilling, and environmental science. His aim: a thousand of them.


Mach64 & Rendition Drivers Now Work With X.Org Server 1.20 Phoronix

Anyone happening to have an ATI Mach 64 graphics card from the mid-90's or a 3Dfx-competitor Rendition graphics card also from the 90's can now enjoy the benefits of the recently released X.Org Server 1.20...


The Thing Inside Your Cells That Might Determine How Long You Live Lifeboat News: The Blog

You may have forgotten about the nucleolus since you took biology class, but scientists think this structure inside every cell in your body may play an important role in aging.


Fingerprint Analysis Could Finally Get Scientific, Thanks to a New Tool SoylentNews

Submitted via IRC for Fnord666

[...] A landmark report published in 2009 by the National Academy of Sciences highlighted the lack of scientific foundation for fingerprint evidence, as well as other commonly used metrics in forensic science, like bite marks and bloodstain patterns. This isn't to say that fingerprints aren't useful in the justice system. But they aren't entirely reliable, and in the current practice of print analysis, there's no place to signal that uncertainty to an attorney, judge, or jury.

Using statistics and probabilities to help bolster fingerprint results and signal the weight of the evidence isn't a new idea, but this is the first time a tool has actually been put in the hands of fingerprint examiners. FRStat was developed by Henry Swofford, chief of the latent print branch at the U.S. Army Criminal Investigation Laboratory at the Department of Defense. "We're the first lab in the United States to report fingerprint evidence using a statistical foundation," Swofford said.

[...] Adding a element of quantitative analysis to fingerprint identification is positive progress for forensic science, which struggles, overall, to live up to the "science" side of its name. Implementing the program, though, requires a significant culture change for a field that's remained largely the same for decades, if not a centuryposing additional challenges for people like Swofford who pushing for progress.

Source: Fingerprint Analysis Could Finally Get Scientific, Thanks to a New Tool

Original Submission

Read more of this story at SoylentNews.


Misconfigured CalAmp server allowed hacker to take over a lot of vehicles Security Affairs

Security researchers discovered that a misconfigured server operated by the CalAmp company could allow anyone to access account data and takeover the associated vehicle.

CalAmp is a company that provides backend services for several well-known systems.

Security researchers Vangelis Stykas and George Lavdanis discovered that a  misconfigured server operated by the CalAmp company could allow anyone to access account data and takeover the associated vehicle.

The experts were searching for security vulnerabilities in the Viper SmartStart system, a device that allows users to remotely start, lock, unlock, or locate their vehicles directly using a mobile app on their smartphones.

As with many other mobile applications, it used secure connections with SSL and Certificate Pinning (Hard-code in the client the certificate is known to be used by the server) to automatically reject a connection from sites that offer bogus SSL certificates.

The experts noticed that the app was connecting to domain and also to the third party domain (, it is the Lender Outlook service.

The experts discovered that using the credentials for the user created from the viper app it was possible to login the panel.

This panel seemed to be the frontend for Lender Outlook service. We tried our user created from the viper app, to login and it worked! reads the blog post published by Stykas.

This was a different panel which seemed to be targeted to the companies that have multiple sub-accounts and a lot of vehicles so that they can manage them. 



Stretching The Definitions Of A Custom IC Hackaday

Maker Faire is the nexus for all things new and exciting. At the Bay Area Maker Faire this weekend, zGlue introduced a new platform that stretches the definition of custom ICs. Is this custom silicon? No, not at all. zGlue is a platform allowing anyone to take off-the-shelf ICs and package them into a single module, allowing you to build a smaller PCB with a shorter BOM.

The zGlue module found in the zOrigin

The idea behind zGlue is to take all of the fun chips available today from accelerometers to tiny microcontrollers with integrated wireless and put them on a tiny, tiny board that is then encapsulated. At Maker Faire, the zGlue team was busy demonstrating their cloud-based platform that allows anyone to add off-the-shelf chips to the zGlue stack and assemble it into a custom module.

Of course, every new tech startup needs a demo, so zGlue has come up with zOrigin, a small fitness tracker that features a suite of chips crammed into one encapsulated package. The chips included in the zOrigin ZiP package are a Dialog DA14585 microcontroller with BLE, an Analo...


Terrorists Are Going to Use Artificial Intelligence Lifeboat News: The Blog

Machine-learning technology is growing ever more accessible. Lets not have a 9/11-style failure of imagination about it.

There is a general tendency among counterterrorism analysts to understate rather than hyperbolize terrorists technological adaptations. In 2011 and 2012, most believed that the Arab Spring revolutions would marginalize jihadist movements. But within four years, jihadists had attracted a record number of foreign fighters to the Syrian battlefield, in part by using the same social media mobilization techniques that protesters had employed to challenge dictators like Zine El Abidine Ben Ali, Hosni Mubarak, and Muammar Qaddafi.

Militant groups later combined easy accessibility to operatives via social media with new advances in encryption to create the virtual planner model of terrorism. This model allows online operatives to provide the same offerings that were once the domain of physical networks, including recruitment, coordinating the target and timing of attacks, and even providing technical assistance on topics like bomb-making.


Urban Aero moves forward with innovative VTOL aircraft Lifeboat News: The Blog

The development of Israel-based Urban Aeronautics Cormorant prototype is well underway, with hopes of launching a full-scale development of the aircraft in the near future.


A.I. could be the harbinger of a global socialist revolution Lifeboat News: The Blog

Artificial intelligence and automation stand poised to put millions out of work and make inequality even more pronounced. Is it possible to solve one problem with another?


unable to launch vmplayer 14 Linux World

After installing vmplayer 14 in ubuntu 18.04 player might fail to launch with vmmon modules failing to compile with errors


To get around these errors we will need to modify the code of vmmon as given in and To do the above mentioend changes, you can follow the following steps. Go to the folder

Untar the folder vmmon.tar

This will create a folder vmmon-only which will contain the code for the module vmmon.Now we can follow the changes mentioned in the above two links in the respective files.

After doing the changes recreate the vmmon.tar using the following command

Now we should be able to launch vmplayer and the modules should get compiled successfully.


20may2018 Trivium


Intel to Spend $5 Billion on Fab in Israel, Likely to Produce 10nm Chips SoylentNews

Intel Discloses Plans to Spend $5 Billion on Fab 28 Expansion in Israel

Intel and two Israeli ministries this week announced that the chip giant plans to invest $5 billion in its Kiryat Gat fab complex Fab 28 through 2020. Under the plan, Intel is expected to buy various products from local suppliers and hire additional personnel. In return, Israel will provide the processor maker a tax rebate and a government grant. Furthermore, Intel will receive another grant if it upgrades its manufacturing in Israel further.

Under the terms of the investment plan, Intel will invest $5 billion (NIS 18 billion) in its Kiryat Gat ventures until 2020. The chip giant is expected to buy $838 million (NIS 3 billion) worth of local goods and add 250 people to its workforce, reports The Times of Israel citing the Finance Ministry. If the plan is approved by the Israeli authorities, Intel will get a 5% tax rebate till 2027, as well as a $195.5 million (NIS 700 million) government grant. Additionally, if Intel decides to "significantly upgrade" its fab "technologically", the company will get another $195.5 million grant.

Intel's first "10nm" CPU will be the i3-8121U, a dual-core part which will be featured in the Lenovo Ideapad 330. Due to low yields on the "10nm" process, a few Cannon Lake CPUs will be released in 2018 alongside "14nm" Whiskey Lake. Both microarchitectures are considered to be "8th-generation" (hence the '8' in "i3-8121U").

Also at CTech.

Original Submission

Read more of this story at SoylentNews.


Britain introducing new laws on social media companies to tackle Wild West elements The Hill: Technology Policy

The United Kingdom is planning to propose laws that would curb cyberbullying and impose restrictions on social media companies, Reuters reported Sunday. Matt Hancock, Britains digital minister, said Sunday that the government would publish a...


Internet of Laundry Let the ESP8266 Watch Your Dirty Drawers Get Clean Hackaday

When you think of world-changing devices, you usually dont think of the washing machine. However, making laundry manageable changed not only how we dress but how much time people spent getting their clothes clean. So complaining about how laborious our laundry is today would make someone from the 1800s laugh. Still, we all hate the laundry and [Andrew Dupont], in particular, hates having to check on the machine to see if it is done. So he made Laundry Spy.

How do you sense when the machine either a washer or a dryer is done? [Andrew] thought about sensing current but didnt want to mess with house current. His machines dont have LED indicators, so using a light sensor wasnt going to work either. However, an accelerometer can detect vibrations in the machine and most washers and dryers vibrate plenty while they are running.

The four-part build log shows how he took an ESP8266 and made it sense when the washer and dryer were done so it could text his cell phone. Hed already done a similar project with an Adafruit HUZZAH. But he wanted to build in some new ideas and currently likes working with NodeMCU. While he was at it he upgraded the motion sensor to an LIS3DH which was cheaper than the original sensor.

[Andrew] already runs Node RED on a Raspberry Pi, so incorporating this project with his system...

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog