IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Wednesday, 15 November

07:00

Medigate announces $5.35M seed round to protect connected medical devices Help Net Security

Israeli startup Medigate today announced $5.35 million in seed funding for its mission to secure the use of the millions of connected medical devices on healthcare provider networks. Backing for the technology platform, which lets CISOs and security teams defend networked medical devices from cyberattacks, comes from YL Ventures, with additional funding from Blumberg Capital. The Medigate team Cybersecurity threats to healthcare providers under attack Healthcare providers today depend on nearly 100 million connected medical More

04:03

Critical flaws open Foscam C1 IP cameras to compromise Help Net Security

Cisco Talos researcher Claudio Bozzato has unearthed a dozen of critical vulnerabilities affecting the Foscam C1 series of indoor HD cameras. The Foscam C1 is one of the most commonly deployed IP cameras. In many cases these devices may be deployed in sensitive locations. They are marketed for use in security monitoring and many use these devices to monitor their homes, children, and pets remotely, the Cisco Talos team has noted. About the vulnerabilities The More

01:43

Mesa 17.3-RC4 Released, Handful Of Blocker Bugs Still Left Phoronix

Emil Velikov of Collabora has just announced the fourth weekly release candidate of the upcoming Mesa 17.3...

01:37

Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Open Source Security

Posted by Brad Spengler on Nov 14

Hi Greg,

We're all aware of your objection, you bring it up every time
anyone mentions Linux kernel security on this list. However,
please remember that all the people contributing on this list are
taking on the responsiblity you and the majority of other upstream
developers have abdicated.

We get it, every time there's some bug mentioned on here that
you've already fixed, you want the entire world to know. Only you...

01:35

New security advisory CVE-2017-12624 released for Apache CXF Open Source Security

Posted by Colm O hEigeartaigh on Nov 14

A new security advisory has been released for Apache CXF, that is fixed in
the recent 3.2.1 and 3.1.14 releases:

CVE-2017-12624: Apache CXF web services that process attachments are
vulnerable to Denial of Service (DoS) attacks

The full text of the advisory is available here:

http://cxf.apache.org/security-advisories.data/CVE-2017-12624.txt.asc

Colm.

01:30

Review: EU GDPR Documentation Toolkit Help Net Security

The General Data Protection Regulation (GDPR) aims to strengthen data protection for all individuals within the EU (citizens and residents). It was adopted in April 2016, and it becomes enforceable from 25 May 2018. With the implementation deadline around the corner, companies all over the world are figuring out how to adapt their systems and processes in order to correctly address compliance requirements. The penalties for non-compliance with the GDPR include fines of up to More

01:22

Making a Moon Base With Artemis Author Andy Weir Lifeboat News: The Blog

The Martian author Andy Weir discussed his newest book, Artemis, with Space.com.

01:22

Someone hacked N. Korean Radio Station to Play The Final Countdown HackRead

By Waqas

Its just another day with just another radio station transmission

This is a post from HackRead.com Read the original post: Someone hacked N. Korean Radio Station to Play The Final Countdown

01:15

Fedora 27 released LWN.net

The Fedora 27 release is now available. "The Workstation edition of Fedora 27 features GNOME 3.26. In the new release, both the Display and Network configuration panels have been updated, along with the overall Settings panel appearance improvement. The system search now shows more results at once, including the system actions. GNOME 3.26 also features color emoji support, folder sharing in Boxes, and numerous improvements in the Builder IDE tool."

01:13

Fedora 27 Debuts With GNOME 3.26 Powered Workstation Spin, Modular Server Coming Phoronix

It's arriving only two weeks late but today marks the official debut of Fedora 27 as the latest major update for this Red Hat sponsored Linux distribution...

01:09

KTechLab Microcontroller/Electronics IDE Ported To KDE4/Qt4 Phoronix

The KTechLab integrated development environment for electronics and microcontrollers no longer depends upon the vintage KDE3 and Qt3 libraries but has been ported to KDE4/Qt4...

01:09

Tips for an Information Security Analyst/Pentester career - An overview of the series The S@vvy_Geek Tips Tech Blog


My good buddy Claus Cramon Houmann with Peerlyst asked me to list all the posts I've published so far in this series.

I've pusblished this post on Peerlyst first and then I thought it would be a good idea  to do the same for my blog, as I republished the same posts on peerlyst.

This way, my readers can, if they like to, follow this series on both platforms.
Of , I'll keep this list and add links to newer posts, as I keep publishing them.
I knew I had a bunch of things to say when I started this series of posts (that's what I decided to start a series, by the way) but I didn't expect I'd be on a roll like that, though my plate is always full (3 months' study for Security+, in addition to my work as a translator and to other side projects)
I want to thank each and every one of you for the invaluable , contribution and recognition I had from the community so far, which allowed me to constantly improve the of these posts.
They wouldn't be any good without this type of I had from you guys, which kept me on my toes and forced me to constantly keep tabs on my work.

01:01

Tips for an Information Security Analyst/Pentester career - Ep. 35 - Metasploit: auxiliary and check The S@vvy_Geek Tips Tech Blog

Auxiliary modules 

Metasploit has auxiliary modules, as well, that contain also network scanners, buzzers and denial of service modules.

Auxiliary modules also provide vulnerability scanning functionalities.


Our Nmap scan showed the FTP server on our Ubuntu target machine allowed anonymous login.

We can check if this vulnerability can be exploited by using an auxiliary module, auxiliary/scanner/ftp/anonymous.


This vulnerability is confirmed by our scan.

Using Metasploit this way gives us a great advantage: instead of having to materially exploit the system, we can check right away if a specific exploit would be successful.

Check functionality

Some exploits provide you with the check functionality, which is alike the auxiliary module we saw before.

Once we setup an exploit as we normally do with Metasploit, we can check if our target is potentially vulnerable to it, without having to materially attack the system.

As an example of an exploit supporting it, I chose a very well-known one, MS-08_067 netapi.

After setting up its options as usual, we can use check to verify if your target is vulnerable.

It turns out our XP machine isn't exploitable.

That's the reason why this exploit didn't work in the previous video.


Sadly, though, this functionality isn't supported by all exploits.

In fact, I tried to use it on a different exploit and it didn't work.

...

00:48

Tips for an Information Security Analyst/Pentester career - Ep. 36: Nikto, PHpMyAdmin and WebDav The S@vvy_Geek Tips Tech Blog

In a previous post, we talked about vulnerability scanning.

This time, we're gonna focus on web applications and we'll see a couple of example of web app exploitation.


Nikto

A handy tool to scan a website for vulnerability is nikto.

Its usage is very simple (nikto -h url_to_scan), as shown below.

In the video, I used it against our vulnerable XP machine.

The tool retrieved several vulnerabilities, related to Xampp, PhpMyAdmin, SMTP and a bunch of other software, you name it.

Xampp


So, I tried to connect to WebDav by using a tool called cadaver and default credentials (username: wampp, password: xampp) and I was successful.

This is a very bad thing, even though I wasn't able to upload a reverse shell.


Zervit

My Windows XP machine contains a vulnerable web server application called Zervit, subject to directory traversal attack and easily crashed even by an Nmap scan, running on TCP port 3232.

Nmap isn't able to correctly detect this service, but, if we connect to it through the web browser, we get a file listing.

00:38

Governments manipulate social media, threaten global Internet freedom Help Net Security

Governments around the world are dramatically increasing their efforts to manipulate information on social media, threatening the notion of the Internet as a liberating technology, according to Freedom on the Net 2017, the latest edition of the annual country-by-country assessment of online freedom, released today by Freedom House. Manipulating elections Online manipulation and disinformation tactics played an important role in elections in at least 18 countries over the past year, including the United States, damaging More

00:33

Gene Therapy for Spinal Muscular Atrophy Type 1 SoylentNews

Gene therapy's new hope: A neuron-targeting virus is saving infant lives

Evelyn's older sister Josephine had spinal muscular atrophy type 1 (SMA1), a genetic disease that gradually paralyzes babies. She died at 15 months. Evelyn was an unexpected pregnancy, but her parents decided to have the baby despite one-in-four odds of a second tragedy.

Soon after Evelyn was born in December 2014, they were devastated to learn from genetic testing that she, too, had SMA1. "We knew what we were dealing with: We'll love her for as long as we can," says her father, Milan Villarreal. But that same night, frantically searching the internet, they learned about a clinical trial in Ohio and sent an email. At 8 weeks old, Evelyn received a gene therapy treatment that gave her body a crucial missing protein.

And now here she is, not so different from any healthy toddler. Although she has weak thighs and can't run normally or jump, she can walk quickly, dance, trace letters, toss foam blocks, carry a small chair, and climb onto her mother Elena's lap. After the heartbreak of losing their first baby, the Villarreals have watched in amazement as Evelyn has crawled, walked, and talked. "It was just a miracle. Every milestone was like a celebration. We opened a bottle of wine for every little thing she did," Milan says.

The results of the trial Evelyn participated in have blown away gene therapy researchers, too, marking one of the once-troubled field's most dramatic successes yet. All 15 babies treated for SMA1, expected to die by age 2, are alive at 20 months or older, and most can sit up, according to a report this week in The New England Journal of Medicine (NEJM). Like Evelyn, one boy is walking. Although a drug recently approved for SMA1 has achieved similar effects, it must be injected into the spine every 4 months. The gene therapy is intended as a one-time treatment, and it is simply infused into a vein. "I've never seen an effect [of gene therapy] that good in a lethal disease," says neurologist Jerry Mendell of Nationwide Children's Hospital in Columbus, who led the recent trial.

Spinal muscular atrophy.

Single-Dose Gene-Replacement Therapy for Spinal Muscular Atrophy (DOI: 10.1056/NEJMoa1706198) (DX)

Related: Antisense rescues babies from killer disease (DOI: 10.1126/science.354.6318.1359) (DX)


...

00:00

An Origin for a Far Traveling Asteroid Centauri Dreams

I used to think the Kuiper Belt object Quaoar was hard to pronounce (Kwawar), and even muffed it despite having plenty of time to practice before the recent Tennessee Valley Interstellar Workshop. Pontus Brandt (JHU/APL) had mentioned Quaoar in his talk in Huntsville as a target that lined up in useful ways with a proposed interstellar precursor mission he was presenting, one designed to examine dust distribution from within the system by looking back at our heliosphere at distances up to 1000 AU, seeing it as we see other stars dust environments.

So I summarized Brandts ideas in my wrap-up talk and couldnt get Quaoar pronounced properly without multiple tries. But even Quaoar pales into the realm of everyday lingo when compared to 1I/Oumuamua. Please tell me how to do this. The word is a Hawaiian term for scout, and the Ulukau: Hawaiian Electronic Librarys online dictionary tells me its pronounced this way: u-mu-a-mu-. I could work with that and maybe get it right in a talk, with extra practice. At least until I look at it all those vowels defeat me.

The object originally tagged A/2017 U1, then, is now tagged as interstellar in the combined 1I/Oumuamua, the 1 indicating it is the first such object to be observed, the I indicating interstellar. It is fitting that 1I/Oumuamua was the name chosen by the Pan-STARRS team in Hawaii that first brought this object to our attention.

Image: The trajectory of 1I/ Oumuamua, which made its closest approach to Earth on October 14, coming within 24,000,000 km, or about 60 times the distance to the moon. Credit: NASA/JPL-Caltech.

As far as the sheer number of objects making long interstellar journeys, consider what New Horizons PI Alan Stern recently told Astronomy Magazine (see The First Known Interstellar Interloper):

According to Stern, Jupiter, Saturn, Uranus, and Neptune combined probably ejected 1013 to 1014 objects larger than 1 km early in our solar systems history, when it was still cluttered with debris left over from the planet-formation process. Multiply that by the 1011 stars in the Milky Way, and one comes up with numbers like 1024 to 1025 objects larger than a kilometer. Smaller objects like 1I/Oumuamua must be orders of magni...

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Tuesday, 14 November

23:56

This years most hackable holiday gifts Help Net Security

McAfee announced its third annual Most Hackable Holiday Gifts list to help consumers identify potential security risks associated with popular gifts this holiday season. In addition, McAfee conducted a survey to identify the habits and behaviors of consumers as they get ready for the holiday shopping season. What consumers think about security Most consumers agree that security is a necessity for laptops, tablets, and smartphones (69%). However, only 22 percent believe connected toys require security, More

23:55

Rise and evolution of ransomware attacks Help Net Security

Ransomware, malware that encrypts systems and then asks for a ransom to decrypt files and systems, has become more prevalent in recent years. In fact, two of 2017s major cyberattacks were malware: WannaCry in May, followed by Petya in July. CryptoLocker and CryptoWall were the most prominent malware for PCs before WannaCry and Petya, and together, they generated around $21 million dollars between 2013 and 2015. While enterprises are just now preparing themselves to fight More

23:36

Freedom of the Net report Manipulating Social Media, hacking election and much more Security Affairs

Freedom of the Net report Online manipulation played a crucial role in elections in at least 18 countries over the past year, including the United States.

While cyber security experts still debate cyber attacks against 2016 Presidential Election, according to the independent watchdog Freedom House at least 18 countries had their elections hacked last year.

The group surveyed 65 nation states comprising 87 percent of internet users and observed that in at least 18 cases, foreign governments or outside bodies had tried to influence an election by restricting or interfering with internet use.

According to the organization, Governments around the world are dramatically increasing their efforts to manipulate information on social media, threatening the notion of the internet as a liberating technology, this is the message emerged from annual Freedom of the Net report.

The use of paid commentators and political bots to spread government propaganda was pioneered by China and Russia but has now gone global, said Michael Abramowitz, president of Freedom House. The effects of these rapidly spreading techniques on democracy and civic activism are potentially devastating.

While in some cases the interference attempts were performed by foreign actors, in the majority of the cases they were carried out either by the local government or opposition. The watchdog reported that 30 countries have now been found to be running armies of trolls to try and influence public sentiments on specific topics.

Venezuela, the Philippines, and Turkey were among 30 countries where governments were found to employ armies of opinion shapers to spread government views, drive particular agendas, and counter government critics on social media. states the report. The number of governments attempting to control online discussions in this manner has risen each year since Freedom House began systematically tracking the phenomenon in 2009.

Chined Government is the most active in this sense, it used a cyber army composed of bloggers and social media users who support its politics and discredit political opponents. Unfortunately, China isnt the only one, in Russia, the Internet Research Agency is the troll farm reportedly financed by a businessman with close ties to President Vladimir Putin.

Unlike other methods of censorship, the online content manipulation is ver...

23:35

Google Begins Removing Play Store Apps Misusing Android Accessibility Services The Hacker News

Due to rise in malware and adware abusing Android accessibility services, Google has finally decided to take strict steps against the apps on its app platform that misuse this feature. Google has emailed Android app developers informing them that within 30 days, they must show how accessibility code used in their apps is helping disabled users or their apps will be removed from its Play Store

23:28

Linux 4.15 Is Off To A Busy Start Phoronix

As expected, the Linux 4.15 merge window is proving to be very action-packed with a lot of new code being queued for this next kernel release and we are less than 48 hours into this two week cycle...

23:23

Hacked North Korean Radio Station Plays The Final Countdown TechWorm

Hacker Takes Over North Korean Radio Station, Broadcasts The Final Countdown

The listeners of the North Korean short-wave radio station, 6400kHz got hacked to play the 1986 hit song The Final Countdown by the 80s Swedish rock band legends Europe on repeat after it was allegedly hijacked by an unknown hacker.

The Jester, a vigilante grey-hat hacker broke the news of the incident on Twitter by posting a link to a recording of the broadcast.

A god among us has hijacked 6400kHz (North Korean station) and is playing the Final Countdown, said The Jester on Twitter on November 9.

The Jester is famous for hacking jihadist websites, and in October 2016 had defaced the website of the Russian Ministry of Foreign Affairs with the message, Stop attacking Americans.

Strategic Sentinel, a Washington-based nonpartisan geostrategic consulting company, noted that the Korean communist regime often broadcasts coded messages on the station before provocations. It had stated on Twitter on 23rd September:

Radio Pyongyang has broadcasted coded messages on 6400kHz. Usually, when they do this it signals an upcoming provocation.

It stated in September, The most likely thought for these messages is an expected missile test on the heels of #DPRK FM #UNGA statements, just after North Korea announced it was considering a hydrogen bomb test in the Pacific Ocean.

...

23:17

IcedID, a new sophisticated banking Trojan doesnt borrow code from other banking malware Security Affairs

Researchers at IBM have spotted a new banking malware dubbed IcedID has capabilities similar to other financial threats like Gozi, Zeus, and Dridex.

Malware researchers at IBM X-Force have spotted a new strain of banking malware dubbed IcedID has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. IcedID does not borrow code from other banking malware, but it implements comparable features.

Overall, this is similar to other banking Trojans, but thats also where I see the problem, says Limor Kessem, executive security advisor for IBM Security.

The banking Trojan was first observed in September in campaigns aimed at banks, payment card providers, mobile service providers, payroll, Webmail, and e-commerce sites in the United States and Canada.

The malware also targeted two major banks in the United Kingdom.

The experts highlighted the distribution technique adopted by IcedID that leverages on the Emotet Trojan. Emotet is delivered via spam emails, usually disguised in productivity files containing malicious macros, and remains stealth to be used by operators to distribute other payloads, such as IcedID.

IcedID implements the ability to propagate over a network, a circumstance that suggests authors developed it to target large businesses.

IcedID can propagate over a network. It monitors the victims online activity by setting up a local proxy for traffic tunneling, which is a concept reminiscent of the GootKit Trojan. Its attack tactics include both webinjection attacks and sophisticated redirection attacks similar to the scheme used by Dridex and TrickBot. reads the analysis published by IBM.

The redirection scheme implemented by IcedID is designed to appear as seamless as possible to the victim. It includes displaying the legitimate banks URL in the address bar and the banks correct SSL certificate by keeping a live connection with the actual banks site.

The malware listens for the target URL and when it encoun...

23:00

80s Smartwatch Finally Plays Tetris Hackaday

While the current generation of smartwatches have only been on the market for a few years, companies have been trying to put a computer on your wrist since as far back as the 80s with varying degrees of success. One such company was Seiko, who in 1984 unveiled the UC-2000: a delightfully antiquated attempt at bridging the gap between wristwatch and personal computer. Featuring a 4-bit CPU, 2 KB of RAM, and 6 KB of ROM, the UC-2000 was closer to a Tamagotchi than its modern day counterparts, but at least it could run BASIC.

Dumping registers

Ever since he saw the UC-2000 mentioned online, [Alexander] wanted to get one and try his hand at developing his own software for it. After securing one on eBay, the first challenge was getting it connected up to a modern computer. (Translated from Russian here.) [Alexander] managed to modernize the UC-2000s novel induction based data transfer mechanism with help from a ATtiny85, which allowed him to get his own code on the watch, all that was left was figuring out how to write it.

With extremely limited published information, and no toolchain, [Alexander] did an incredible job of figuring out...

22:56

ACPI & Power Management Updates For Linux 4.15 Phoronix

Rafael Wysocki of Intel has mailed in the power management updates for the current Linux 4.15 kernel merge window...

22:47

Forget Bottle-Stoppers Wine Condoms Will Save Your Booze SoylentNews

Submitted via IRC for OneLitreIn

Not all conversations with your mom about condoms have to end in mortification. For example: One mother and son turned a quip about rubbers into an industrious new way to save wine.

The Wine Condom, which is literally a condom stretched over the top of a wine bottle, was conceived by Laura Bartlett and her clearly well-adjusted son, Mitch Strahan.

The Dallas duo came up with the idea in 2014 after Bartlett sealed off a bottle of wine with plastic wrap secured with a rubber band. They realized it looked like a condom and their dream was born.

Their original contraption first launched that late spring/early summer. Recently, the two announced a new design for their invention, which works for different sizes of wine bottles. (Expect to see a few floating around at White Elephant Gift Exchange this holiday season.)

The device, made from food-grade silicone and sold online for $10 per six-pack, works much as you'd expect: After opening a bottle of wine, the Wine Condom can be rolled over the opening, creating a seal that prevents air from escaping.

Source: http://nypost.com/2017/11/10/forget-bottle-stoppers-wine-condoms-will-save-your-booze/


Original Submission

Read more of this story at SoylentNews.

22:07

Most UK law firms aren't ready for GDPR, claims report Graham Cluley

Most UK law firms aren't ready for GDPR, claims report

A survey finds that "only 25%" legal sector IT decision-makers say that their firms were GDPR ready.

Only? 25% sounds pretty good to me!

21:42

Moon vs. Mars and asteroids: Watch space advocates debate where we should go Lifeboat News: The Blog

SpaceX founder Elon Musk has famously said hed like to die on Mars just not on impact. But where will humans live in space? That was the focus of a good-natured debate that took place at this weeks New Space Age conference at Seattles Museum of Flight.

Chris Lewicki, president and CEO of Redmond, Wash.-based Planetary Resources, took up the case for going to asteroids and Mars. Seattle-area entrepreneur Naveen Jain, co-founder and chairman of Florida-based Moon Express, spoke for the moon.

21:26

Patents Roundup: Packet Intelligence, B.E. Technology, Violin, and Square Techrights

ViolinSummary: The latest stories and warnings about software patents in the United States

IN another defeat for software patents, Erise has just declared big victory against patent troll and to quote the only report weve found about it (so far): Packet Intelligence owns U.S. Patent No. 6,651,099, which is named Method and Apparatus for Monitoring Traffic on a Network. The company used this patent to prosecute patent applications against 275 issued patents

We have been hearing many stories like this recently. Patent trolls, equipped with software patents, quickly perish in courts. If not the first time, then the second time (higher court). Sometimes the patents get invalided before they even reach any court at all. The patent trolls lobby, which includes Watchtroll, has just been moaning about software patents being rightly invalidated by PTAB. Here we have Watchtroll defending a troll. saying that the Memphis, TN-based B.E. Technology, L.L.C., filed a suit alleging claims of patent infringement against Google in the Western District of Tennessee, asserting claims from two patents owned by the company.

Guess what happened. PTAB trashed it all. Good riddance, no matter who initiated the case and how wealthy the defendant is (Watchtroll obsesses over the wealth amassed by Google in order to create sympathy for the troll). The last paragraph has nothing to do with the story at all. Thats just Watchtroll trying to influence a SCOTUS case and solicit lobbying. To quote: All of this may soon change after the U.S. Supreme Court hears oral arguments in Oil States Energy Services, LLC v. Greenes Energy Group, LLC on November 27th. The case will decide whether the PTAB acts in violation of the U.S. Constitution by extinguishing private property rights in a non-Article III forum without a jury. Whether the Supreme Court decides that the PTAB acts in violation of the Constitution, many patent owners hope the Supreme Court will at a minimum acknowledge that the PTAB works consistently to the detriment of patent owners in favor of efficient infringers.

Anyone who has watched this long enough (the subject of this case and SCOTUS) can easily tell that Justices will defend PTAB, maybe even unanimousl...

21:04

Android at 10: How Google Won the Smartphone Wars SoylentNews

Android is 10 years old this week. In part one of a larger story, The Register looks at the beginnings of Android, including some early competition, and a brief comparison to Microsoft.

Google was in the game, at a time when others didn't realize what the game was. Or did, and couldn't turn the ship around fast enough. Android succeeded because it was just about good enough, and its parent was prepared to cross subsidize it hugely. Android wasn't brilliant, but it was better than Bada, and uglier than WebOS. Symbian simply wasn't competitive. If you were a Samsung or Sony or HTC, then Android gave you what you needed, it gave users a better experience. Developers were happy writing for a Java OS, it was a doddle after writing for WM and Symbian.

[...] Motorola also had a significant part to play in Android's success . . . as did Verizon. Carriers like Verizon had been snubbed by Apple's carrier exclusive strategy, and Verizon was badly burned by the BlackBerry Storm. It went all in.

[...] Android is far bigger and far more invasive than a PC could ever be. Google's dominance over our personal lives is far greater than Microsoft's ever was. The clunky laptop in the corner did not track your every movement or read your emails.


Original Submission

Read more of this story at SoylentNews.

20:42

Moon, Mars, Asteroid and orbital colonzation and cities Lifeboat News: The Blog

He looked at the science and economics of a lunar colony.

Eighty-five percent of the rocks on the surface of the lunar highlands are anorthite, which contains aluminum as well as a massive supply of oxygen. Smelting aluminum in the quantities necessary to construct and maintain Artemis would produce so much excess oxygeneight atoms for every two of aluminumthat they would be constantly venting it.

For every kilogram of payload, you need an additional 3.73 kilos of fuel. So a one-way ticket to the moon is calculated to eventually cost about $33,000.

20:36

Decline of Skills Level of Staff Like Examiners and Impartiality (Independence) of Judges at the EPO Should Cause Concern, Alarm Techrights

EPO insiders say that hiring standards have sunk (more on that soon) and new examiners now rely on algorithms rather than in-depth knowledge

GrandcomputerSummary: Access to justice is severely compromised at the EPO as staff is led to rely on deficient tools for determining novelty while judges are kept out of the way or ill-chosen for an agenda other than justice

THERE are no software patents in Europe. In theory at least. The EPO does not obey the rules and grants software patents anyway something which the USPTO (birthplace of software patents) is gradually stopping.

What can stop the EPO issuing software patents? Most likely the appeal boards, but they have come under attack from Battistelli and years ago they lost their impartiality. 3 years ago Battistelli went as far as making false claims about one of the judges (painting him as some sort of an armed Nazi) and nothing has been the same since. The appeal boards are still there in spirit (in Haar) and routinely they complain that they are unable to operate as envisioned by the EPC.

IAMs editor, as one might expect, continues his veiled lobbying for software patents and patent trolls. He has already done that twice in the past week (using the typical euphemisms, FRAND/SEP) and yesterday he carried on by copy-pasting Johann Pitz a partner of Vossius & Partner in Munich which speaks of future EU unitary patent even though there is no such thing! Its a fantasy and one of the reasons for that is lack of impariality of judges, including their selection process and renewal of contract. We covered that before. Its an abomination that would rattle the people behind the EPC (the few who might still be alive).

Also yesterday. IAM wrote this blog post about KIPO (the patent office in Korea) going corporate, appointing a judge with an obvious conflict of interest (far too many connections to industry). To quote:

The IPTAB is gaining no...

20:35

The Pirate Bay & 1337x Must Be Blocked, Austrian Supreme Court Rules TorrentFreak

Following a long-running case, in 2015 Austrian ISPs were ordered by the Commercial Court to block The Pirate Bay and other structurally-infringing sites including 1337x.to, isohunt.to, and h33t.to.

The decision was welcomed by the music industry, which looked forward to having more sites blocked in due course.

Soon after, local music rights group LSG sent its lawyers after several other large ISPs urging them to follow suit, or else. However, the ISPs dug in and a year later, in May 2016, things began to unravel. The Vienna Higher Regional Court overruled the earlier decision of the Commercial Court, meaning that local ISPs were free to unblock the previously blocked sites.

The Court concluded that ISP blocks are only warranted if copyright holders have exhausted all their options to take action against those actually carrying out the infringement. This decision was welcomed by the Internet Service Providers Austria (ISPA), which described the decision as an important milestone.

The ISPs argued that only torrent files, not the content itself, was available on the portals. They also had a problem with the restriction of access to legitimate content.

A problem in this context is that the offending pages also have legal content and it is no longer possible to access that if barriers are put in place, said ISPA Secretary General Maximilian Schubert.

Taking the case to its ultimate conclusion, the music companies appealed to the Supreme Court. Another year on and its decision has just been published and for the rightsholders, who represent 3,000 artists including The Beatles, Justin Bieber, Eric Clapton, Coldplay, David Guetta, Iggy Azalea, Michael Jackson, Lady Gaga, Metallica, George Michael, One Direction, Katy Perry, and Queen, to name a few, it was worth the effort.

The Court looked at whether the provision and operation of a BitTorrent platform with the purpose of online file sharing [of non-public domain works] represents a communication to the public under the EU Copyright Directive. Citing the now-familiar BREIN v Filmspeler and BREIN v Ziggo and XS4All cases that both received European Court of Justice rulings earlier this year, the Supreme Court concluded it was.

Citing another Dutch case, in which Playboy publisher Sanoma took on the blog GeenStijl.nl, the Co...

20:27

FFmpeg Expands Its NVDEC CUDA-Accelerated Video Decoding Phoronix

A few days back I wrote about FFmpeg picking up NVDEC-accelerated H.264 video decoding and since then more FFmpeg improvements have landed...

20:14

OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader The Hacker News

Another terrible news for OnePlus users. Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets. A Twitter user, who goes by the name "Elliot Anderson" (named after Mr. Robot's main character), discovered a backdoor (an exploit) in all OnePlus

20:00

Face ID Defeated With 3D Printed Mask (Maybe) Hackaday

Information about this one is still tricking in, so take it with a grain of salt, but security company [Bkav] is claiming they have defeated the Face ID system featured in Apples iPhone X. By combining 2D images and 3D scans of the owners face, [Bkav] has come up with a rather nightmarish creation that apparently fools the iPhone into believing its the actual owner. Few details have been released so far, but a YouTube video recently uploaded by the company does look fairly convincing.

For those who may not be keeping up with this sort of thing, Face ID is advertised as an improvement over previous face-matching identification systems (like the one baked into Android) by using two cameras and a projected IR pattern to perform a fast 3D scan of the face looking at the screen. Incidentally, this is very similar to how Microsofts Kinect works. While a 2D system can be fooled by a high quality photograph, a 3D based system would reject it as the face would have no depth.

[Bkav] is certainly not the first group to try and con Apples latest fondle-slab into letting them in. Wired went through a Herculean amount of effort in their attempt earlier in the month, only to get no farther than if they had just put a printed out picture of the victim in front of the camera. Details on how [Bkav] managed to succeed are fairly light, essentially boiling down to their claim that they are simply more knowledgeable about the finer points of face recognition than their competitors. Until more details are released, skepticism is probably warranted.

Still, even if their method is shown to be real and effective in the wild, it does have the rather large downside of requiring a 3D scan of the victims face. Were not sure how an attacker is going to get a clean scan of someone without their consent or knowledge, but with the amount of information being collected and stored about the average consumer anymore, its perhaps not outside the realm of possibility in the coming years.

Since the dystopian future of face-stealing technology seems to be upon us, you might as well bone up on the subject so you dont get left behind.

Thanks to [Bubsey Ubsey] for the tip.

...

19:22

Canadian Scalper's Multimillion-Dollar StubHub Scheme Exposed in Paradise Papers SoylentNews

Submitted via IRC for SoyCow1984

When Adele fans went online to buy tickets to the pop superstar's world tour last year, they had no idea what exactly they were up against.

An army of tech-savvy resellers that included a little-known Canadian superscalper named Julien Lavalle managed to vacuum up thousands of tickets in a matter of minutes in one of the quickest tour sellouts in history.

The many fans who were shut out would have to pay scalpers like Lavalle a steep premium if they still wanted to see their favourite singer.

An investigation by CBC/Radio-Canada and the Toronto Star, based in part on documents found in the Paradise Papers, rips the lid off Lavalle's multimillion-dollar operation based out of Quebec and reveals how ticket website StubHub not only enables but rewards industrial-scale scalpers who gouge fans around the world.

CBC News obtained sales records from three U.K. shows that provide unprecedented insight into the speed and scale of Lavalle's ticket scam.

Despite a four-ticket-per-customer limit, his business snatched up 310 seats in 25 minutes, charged to 15 different names in 12 different locations.

The grand total? Nearly $52,000 worth of tickets at face value.

Source: http://www.cbc.ca/news/business/paradise-papers-stubhub-1.4395361


Original Submission

Read more of this story at SoylentNews.

19:00

The Prison Guard with a Gift for Cracking Gang Codes - Facts So Romantic Nautilus


Former correction officer Gary Klivans doesnt want to be photographed more clearly for fear of gang retaliation.Gary Klivans

As a corrections officer at a Westchester County, N.Y., prison in the 1990s, Gary Klivans was a one-man gang unit. Members of The Latin Kings and the Bloods made up a sizable part of the prison population. Klivans learned quickly that to handle them, he needed to understand them, and that meant understanding the code they used to communicate. Klivans taught himself to decipher their messages. He became one of the most sought-after code-breakers in the country. (Also see the related Facts So Romantic post, View From the Inside: How Gang Members Use Secret Codes.)

Even in retirement, his skills are in demand: Klivans sifts through encoded messages sent to him by law enforcement offers from around the country. I have a knack for this. I see the patterns, he told me. Even as Im printing the paper out, the words are jumping off the page at me.A lot of people cant see what I see.

Nautilus caught up with Klivans to chat about his talent.

What is a gang code?

Codes are substitutes for the letters in our English alphabet. They could be anythingin addition to
Read More

18:45

Official Statement Regarding Counterfeit Benchoff Bucks Hackaday

It was reported, and Hackaday has now confirmed, that counterfeit Benchoff Bucks were being circulated at this weekends Hackaday Superconference.

The fake bills were distinguishable by their poor printing quality and vastly smaller size than official Bucks. Their appearance should help to relieve the skyrocketing value of the Benchoff Buck, whose dominance as the preferred paper currency at hardware conferences has caused deflationary forces to take hold as Bucks holders hoard them.

Benchoff Nickel (contains no crypto)

Hackadays resident economists hope that the appearance of the counterfeits will begin to devalue the currency. Diminishing the strength of Benchoff Bucks has long been the goal for the portion of the Hackaday community who believe we need to move off of fiat Benchoff currency in favor of Benchoff-based cryptocurrency.

We anticipate seeing the long-rumored ICO early in 2018, likely in conjunction with other live Hackaday events. No word yet on the name of the new cryptocoins, but it is worth mentioning that the Benchoff Nickel has already been taken.

After an exhaustive investigation, the forger has been identified. They were given a pat on the back, a firm handshake, and charged with the responsibility of documenting the forgery effort as a Hackaday.io project. You know who you are and we have our eye on you.

Stay tuned for reports on other shenanigans that...

18:38

Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Open Source Security

Posted by Greg KH on Nov 13

But really, this isn't even a "good start", it's identifying a bug fixed
over a year ago for a kernel that only one company seems to care about
because they are _not_ following the recommended upstream stable kernel
patches because they "know better" :)

That's my objection here.

thanks,

greg k-h

18:35

Intel Batch Buffer Logger Updated For Mesa Phoronix

Intel's Kevin Rogovin has been working on a "BatchBuffer Logger" for the Intel graphics driver that offers some useful possibilities for assisting in debugging/analyzing problems or performance penalties facing game/application developers...

17:41

Large Gas Giant or Small Brown Dwarf Discovered Near the Galactic Bulge Using Microlensing SoylentNews

Scientists have used the Spitzer Space Telescope to find a possible exoplanet or brown dwarf candidate, OGLE-2016-BLG-1190Lb, around 22,000 light years away near the center of the Milky Way galaxy. Spitzer is currently using transit photometry and gravitational microlensing to find exoplanets, a use the telescope wasn't originally designed for. Spitzer recently discovered five of the seven exoplanets around TRAPPIST-1 using the transit photometry method.

OGLE-2016-BLG-1190Lb is likely to be the first exoplanet Spitzer has found in the Milky Way's Galactic bulge using gravitational microlensing. At an estimated 13.4 0.9 Jupiter masses, the object is right near the deuterium burning limit, the boundary dividing large gas giants from brown dwarfs.

The paper explains the significance of the discovery:

The discovery of Spitzer microlensing planet OGLE-2016-BLG-1190Lb is remarkable in five different respects. First, it is the first planet in the Spitzer Galactic-distribution sample that likely lies in the Galactic bulge, which would break the trend from the three previous members of this sample. Second, it is precisely measured to be right at the edge of the brown dwarf desert. Since the existence of the brown dwarf desert is the signature of different formation mechanisms for stars and planets, the extremely close proximity of OGLE-2016-BLG-1190Lb to this desert raises the question of whether it is truly a "planet" (by formation mechanism) and therefore reacts back upon its role tracing the Galactic distribution of planets, just mentioned above. Third, it is the first planet to enter the Spitzer "blind" sample whose existence was recognized prior to its choice as a Spitzer target. This seeming contradiction was clearly anticipated by Yee et al. (2015b) when they established their protocols for the Galactic distribution experiment. The discovery therefore tests the well-defined, but intricate procedures devised by Yee et al. (2015b) to deal with this possibility. Fourth, it is the first planet (and indeed the first microlensing event) for which the well-known microlens-parallax degeneracy has been broken by observations from two satellites. Finally, it is the first microlensing planet for which a complete orbital solution has been attempted. While this attempt is not completely successful in that a one-dimensional degeneracy remains, it is an important benchmark on the road to such solutions.

Also at...

17:23

Experts bypass ultra secure Apple iPhone X Face ID with a 3D-Printed mask Security Affairs

A group of researchers hacked Apple iPhone X Face ID facial recognition technology by using a 3D-Printed Mask that costs less than $150.

On November 3, Apple released its new iPhone X and a few days later a group of researchers from Vietnamese cybersecurity firm Bkav has claimed to have hacked Apples Face ID facial recognition technology by using a 3D-Printed Mask that costs less than $150.

Its not a joke, the ultra-secure Apples Face ID facial recognition technology implemented for the iPhone X is not as secure as the company claimed.

At iPhone X launch event, Apples Senior Vice President Phil Schiller claimed that Face ID can distinguish humans real face from masks thanks to its artificial intelligence (AI). They (Apple engineering teams) have even gone and worked with professional mask makers and makeup artists in Hollywood to protect against these attempts to beat Face ID. These are actual masks used by the engineering team to train the neural network to protect against them in Face ID. Its incredible!, Phil Schiller said (Apples Keynote September 2017, from 1:27:10 to 1:27:26).

The experts at the firm Bkav were able to unlock the iPhone X using a mask that re-creates the owners face through a combination of 3D printed mask, makeup, and 2D images some special processing done on the cheeks and around the face.

The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID. said Mr. Ngo Tuan Anh, Bkavs Vice President of Cyber Security.

FaceID iphone X

The experts also published a proof-of-concept video, demonstrating how to unlock a brand-new iPhone X using the mask.

The mask is composed of silicone for the nose and 3D printing for some areas whi...

17:14

Links 14/11/2017: GNU/Linux at Samsung, Firefox 57 Quantum Techrights

GNOME bluefish

Contents

GNU/Linux

  • Desktop

    • Munich council: To hell with Linux, were going full Windows in 2020

      Hbner said no final decision has yet been made on whether LibreOffice will be swapped out for Microsoft Office. That will be decided at the end of next year when the full cost of such a move will be known.

      Peter Ganten, CEO of Univention in Bremen and a member of the Open Source Business Alliance, told El Reg: The council of the city of Munich has just executed a decision which they have made long before.

      Not all agree that it is a good decision.

      Ganten said of course nobody in the open-source community is happy that this decision has been made and the city will spend decades of man power and millions of euros on migration (as it did with the LiMux project) while client OSes becomes more and more unimportant and other organisations are wisely spending their money for platform neutral applications.

      Matthias Kirschner, president of Free Software Foundation Europe in Berlin, said there were never any studies pinpointing what people were unhappy about. It might have been the LiMux client itself, or perhaps the migration process or lack of support.

      He said he was also not aware of a comparison of the unhappiness of staffers in cities using Windows.

    • Samsung Linux on Galaxy might run full, graphical Linux desktops

      Samsung sometimes tries to be too much like Google and engages in moonshot projects that are often abandoned quickly. So when it launched its new DeX phone as a desktop platform, it was natural for some people to wonder how long it would last. At least, for now, it seems that Samsung is investing a sizeable amount of resources to expand its coverage, like its upcoming Linux on Galaxy feature. Samsung just posted a concept video hinting that it could b...

17:00

Raspberry Pi Learns Slow Morse Code Hackaday

It wasnt long ago that you needed to know Morse code to be a ham radio operator. That requirement has gone in most places, but code is still useful and many hams use it, especially hams that like to hack. Now, hams are using the Raspberry Pi to receive highly readable Morse code using very low power. The software is QrssPiG and it can process audio or use a cheap SDR dongle.

There are a few reasons code performs better than voice and many other modes. First, building transmitters for Morse is very simple. In addition, Morse code is highly readable, even under poor conditions. This is partly because it is extremely narrow bandwidth and partly because your brain is an amazing signal processor.

Like most communication methods, the slower you go the easier it is to get a signal through. In ham radio parlance, QRS means send slower, so QRSS has come to mean mean send very slowly. So hams are using very slow code, and listening for it using computerized methods. Because the data rate is so slow, the computer has time to do extreme methods to recover the signal essentially, it can employ an extremely narrow filter. Having a QRSS signal detected around the world from a transmitter running much less than a watt is quite common. You can see a video introduction to the mode from [K6BFA] and [KI4WKZ], below.

So how slow is slow? The [VA3LK] beacon, for example, sends an element not a word or a character every 90 seconds!  Thats about .013 words per minute and supports a filter bandwidth of about .033 Hz. This is much more narrow than even the sharpest filter youd use for regular Morse code operation.

A common practice is to employ frequency shift keying (FSK) for QRSS. In this scheme, a dot and a dash are the same lengths, but on slightly different frequencies. One would not listen to these signals as they are frustratingly slow. They can be sped up in software (after you receive them, of course), but most people read it visually from the screen or use software to decode it.

Weve looked at QRSS before using PCs. Having a receiver on a headless Raspberry Pi will make it easier to build automated receivers or other non-user applications. Weve also seen Raspberry Pis send QRSS before.


Filed under:...

16:04

RISC-V Hopes To Get In Linux 4.15, OpenRISC Adds SMP Support Phoronix

There's potentially a lot happening within the open-source RISC space for the Linux 4.15 kernel merge window...

16:00

Innovative Motor Designs for Electric Cars Come to Life IEEE Spectrum Recent Content full text

Faraday Future designs motors for electric cars.

The following is an excerpt from Multiphysics Simulation 2017.

By: Gemma Church

The automotive industry is in the midst of a disruption, and the transcendence of electric vehicles from niche to mainstream is a driving force behind this change.

Challenges remain to improve the motor designs used in electric vehicles. One potential solution is the use of power magnetic devices (PMDs), a category of devices that includes motors, generators, transformers, and inductors. In simple terms, these components utilize an electromagnetic field to convert electrical energy to mechanical energy, or vice versa.

In the field of power engineering, and particularly in the design of PMDs, modern advances are targeted at reducing system losses, mass, volume, and cost, while simultaneously increasing power capability, reliability, and large-scale manufacturability.

MODELING, OPTIMIZATION, AND COLLABORATION COME TOGETHER

Achieving these competing objectives in modern applications requires advanced methods to optimize the design of various PMDs such as electric motors. These include computationally efficient device models in conjunction with state-of-the-art optimization techniques. Furthermore, the design constraints pertaining to electric motors represent a complex multiphysics problem from a mechanical, electrical, and thermal perspective.

Faraday Future, a start-up technology company focused on the development of intelligent electric vehicles, is using COMSOL Multiphysics software, a multiphysics finite element analysis program, to produce cutting-edge electric motors with high power density.

The organization is also taking an innovative, modular approach to electric vehicle design. Omar Laldin, lead electromagnetic engineer at Faraday Future, explained: My group develops motor designs for a generic set of vehicles, primarily suited to our variable platform architecture, which allows for modular development of electric vehicle powertrains. We can add or remove motors, adjust battery quantities, and collapse or increase the size of the chassis.

Figure 1. Finite element analysis (FEA) of a nonlinear-surface

Figure 1. Finite element analysis (FEA) of a nonlinear-surface permanent magnet synchronous motor (PMSM).

To be able to do that, we have to design the motor for a...

15:56

Australia Leads Charge to Revive TPP While Canada Abstains SoylentNews

In Da Nang Vietnam, Australia and 10 other countries have tried to revive the TPP without the US.

Even though the analysis of the TPP has shown that the so called 'free trade agreement' has only minimal benefits and many drawbacks for developed nations the Australian Prime Minister is still set on having the agreement ratified. The Australian Prime Minister may be trying to push through the TPP before his government collapses due to the citizenship audit which is rapidly culling members of his party which could result in his party losing power in parliament. With the majority of the Australian public being against the TPP and with Malcolm Turnbull facing an election soon the reasons for this move to try to ratify the TPP is unknown.

If this trade agreement is accepted it will be the last in a series of detrimental trade agreements where Australia is on the wrong end of the stick. With Australia still reeling from the impact of the terrible China-Australia Free Trade Agreement the move to try to bring in another bad trade agreement may spell the end of the liberal government's long run in parliament.


Original Submission

Read more of this story at SoylentNews.

15:26

Symantec Endpoint Protection (SEP) v12.1 Tamper-protection Bypass CVE-2017-6331 (hyp3rlinx) Bugtraq

Posted by apparitionsec on Nov 13

[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOINT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec

Vendor:
=======
www.symantec.com

Product:
===========
Symantec Endpoint Protection
v12.1.6 (12.1 RU6 MP5)
Symantec 12.1.7004.6500

Vulnerability Type:
===================
Tamper-Protection Bypass
Denial...

15:19

[SECURITY] [DSA 4032-1] imagemagick security update Bugtraq

Posted by Moritz Muehlenhoff on Nov 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4032-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 12, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : imagemagick
CVE ID : CVE-2017-12983 CVE-2017-13134...

15:08

[SECURITY] [DSA 4031-1] ruby2.3 security update Bugtraq

Posted by Salvatore Bonaccorso on Nov 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4031-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
November 11, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby2.3
CVE ID : CVE-2017-0898 CVE-2017-0903...

15:01

Bypassable authentication in SingTel / Aztech DSL8900GR(AC) router Bugtraq

Posted by cort on Nov 13

Credit: Cort
Date: 5 Aug 2017
CVE: Not assigned
Vendor: Aztech (https://www.aztech.com) / SingTel (https://www.singtel.com/)
Product: Aztech DSL8900GR(AC) router
Versions Affected: firmware 340.6.1-007 (latest available as of 9 Nov 2017)
CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Fix: Not available.

Introduction
===
The Aztech DSL8900GR(AC) router is distributed by SingTel (largest ISP in Singapore) with their business...

15:00

LFD435 Developing Embedded Linux Device Drivers

This course is designed to show experienced programmers how to develop device drivers for embedded Linux systems, and give them a basic understanding and familiarity with the Linux kernel.

LFD440 Linux Kernel Debugging and Security

Learn the methods and internal infrastructure of the Linux kernel, focussing on the important tools used for debugging and monitoring the kernel, and how security features are implemented and controlled.

LFD420 Linux Kernel Internals and Development

Learn the basic methods and internal infrastructure of the Linux kernel, grasping both the theoretical and practical underpinnings.

LFD430 Developing Linux Device Drivers

Learn how to write Linux device drivers, about the specifics of different types of devices and drivers, and learn the appropriate APIs and methods through which devices interface with the kernel.

LFS311 Advanced Linux System Administration and Networking

The need for sysadmins with advanced administration and networking skills has never been greater, and competition for people with experience is fierce. Whether you're looking for expert test prep for the Linux Foundation Certified Engineer certification, need training to help transition to Linux from other platforms, or you're just brushing up on these vital admin and networking skills, this course will teach you what you need to know.

LFD401 Developing Applications For Linux

Learn how to develop for and bring applications to the Linux environment. Get up to speed quickly with the necessary tools for Linux application development and learn about special features offered by Linux.

LFD460 Embedded Linux Development with Yocto Project

Obtain a solid understanding of embedded development using the Yocto Project, including the Poky Reference Distribution and Bitbake, the use of emulators, building images for multiple architectures and the creation of board support packages (BSP).

LFS452 Essentials of OpenStack Administration

OpenStack is growing at an unprecedented rate, and there is incredible demand for individuals who have experience managing this cloud platform. Youll become adept at managing and using private and public clouds with OpenStack, and youll develop hands-on experience with essential commands, automation, and troubleshooting, under the expert guidance of our instructors who impart state-of-the-market OpenStack experience. And all course materials are vendor neutral, so youll be able to apply these skills regardless of how your OpenStack installation has been constructed.

LFS301 Linux System Administration

This course helps you master the tools used by system administrators in enterprise Linux environments, including maintaining software and hardware, updating, configuring, troubleshooting and securing systems, using a variety of Linux enterprise distributions.

LFS305 Deploying and Managing Linux on Azure

This course is designed to Microsoft Professionals up to speed on deploying Linux on Azure. It contains a thorough introduction to Essential Linux System Administration, as well as discussing containers and virtualization. It goes into depth on administering Linux on Azure and use of the important tools required to maintain deployment.

14:53

[SECURITY] [DSA 4006-2] mupdf security update Bugtraq

Posted by Luciano Bello on Nov 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4006-2 security () debian org
https://www.debian.org/security/
November 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mupdf
CVE ID : CVE-2017-15587
Debian Bug :...

14:47

Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server Bugtraq

Posted by X41 D-Sec GmbH Advisories on Nov 13

X41 D-Sec GmbH Security Advisory: X41-2017-006

Multiple Vulnerabilities in PSFTPd Windows FTP Server
=====================================================

Overview
--------
Confirmed Affected Versions: 10.0.4 Build 729
Confirmed Patched Versions: None
Vendor: Sergei Pleis Softwareentwicklung
Vendor URL: http://www.psftp.de/ftp-server/
Vector: Network
Credit: X41 D-Sec GmbH, Eric Sesterhenn, Markus Vervier
Status: Public
Advisory-URL:...

14:42

Scientists fear deadly Madagascar plague WILL reach US, Europe and UK Lifeboat News: The Blog

The plague death toll shows no sign of slowing as official figures reveal 165 have now lost their lives in Madagascars worst outbreak in 50 years.

Data shows a 15 per cent jump in fatalities over three days, with scientists concerned it has reached crisis point and 10 countries now placed on high alert.

At least 2,034 people have been struck down by a more lethal form of the medieval disease so far in the country off the coast of Africa, according to WHO statistics.

14:39

WebKitGTK+ Security Advisory WSA-2017-0009 Bugtraq

Posted by Carlos Alberto Lopez Perez on Nov 13

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0009
------------------------------------------------------------------------

Date reported : November 10, 2017
Advisory ID : WSA-2017-0009
Advisory URL : https://webkitgtk.org/security/WSA-2017-0009.html
CVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785,...

14:22

Boeing 757 controls remotely HACKED while on the runway Lifeboat News: The Blog

A group of security researchers has remotely hacked a Boeing 757 aircraft without the knowledge of the pilots, a US government official has claimed.

Robert Hickey, a Homeland Security cyber investigator, managed to take over the passenger jet on the runway at Atlantic City airport, New Jersey.

A Boeing official has said the test is unlikely to indicate a major threat to airliners, adding: Im not afraid to fly.

14:22

New Study: US state hit with up to 200 times more Fukushima fallout than expected Lifeboat News: The Blog

Dr. Holger #Strohm #Negative #HealthEffect Of #Radioactive #Heavy #Metal #Plutonium #Poison From #Fukushima; #BioConcentration Into #Humans, Then #Recycling Through #Cremation And Medical #Waste #Incineration Through DNA Of Future #Generations http://www.agreenroadjournal.com/2013/08/dr-holger-strohm-fu12000.html

14:12

How AV Can Open You to Attacks That Otherwise Wouldn't be Possible SoylentNews

Submitted via IRC for SoyCow1984

Antivirus programs, in many cases, make us safer on the Internet. Other times, they open us to attacks that otherwise wouldn't be possible. On Friday, a researcher documented an example of the lattera vulnerability he found in about a dozen name-brand AV programs that allows attackers who already have a toehold on a targeted computer to gain complete system control.

AVGater, as the researcher is calling the vulnerability, works by relocating malware already put into an AV quarantine folder to a location of the attacker's choosing. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory such as C:\Windows or C:\Program Files, which normally would be off-limits to the attacker. Six of the affected AV programs have patched the vulnerability after it was privately reported. The remaining brands have yet to fix it, said Florian Bogner, a Vienna, Austria-based security researcher who gets paid to hack businesses so he can help them identify weaknesses in their networks.

Bogner said he developed a series of AVGater exploits during several assignments that called for him to penetrate deep inside customer networks. Using malicious phishing e-mails, he was able to infect employee PCs, but he still faced a significant challenge. Because company administrators set up the PCs to run with limited system privileges, Bogner's malware was unable to access the password databaseknown as the Security Account Managerthat stored credentials he needed to pivot onto the corporate network.

"With the help of AVGater, I gained local admin privileges," Bogner wrote in an e-mail. With full control over the employee computer his exploit provided, he had no trouble accessing the credential store, which is commonly known as a SAM database. "So AVGater was VERY useful during several of our pentests and red-teaming assignments."

Source: https://arstechnica.com/information-technology/2017/11/how-av-can-open-you-to-attacks-that-otherwise-wouldnt-be-possible/


Original Submission

Read more of this story at SoylentNews.

14:02

Aerial images reveal the closest ever look at Saudi stone structures Lifeboat News: The Blog

The structures were uncovered in the Harrat Khaybar region in Saudi Arabia in the 1920s and were referred to as the Works of the Old Men by the regions Bedouin population.

Most of them were discovered through satellite surveys and no archaeological fieldwork has yet been carried out.

Previous research has found thousands of stone structures that form geometric patterns in the Middle East.

14:02

America troops at risk of LOSING a war to North Korea, commander warns Lifeboat News: The Blog

American troops would find themselves badly outnumbered and at risk of defeat if war suddenly broke out with North Korea.

That is the stark warning issued by Lieutenant General Jan-Marc Jouas, the former deputy commander of U.S. Forces in Korea, in a letter to Democrats this month.

Jouas cautioned that it would take days or months for reinforcements to reach the region, leaving 28,000 American troops and 490,000 South Korean soldiers to fend off 1.2million North Korean fighters.

14:00

The Sounds of Silence? Muzo Fails to Deliver Hackaday

If you fly much or work in a loud office, you know that noise-canceling headphones can be a sanity saver. Wouldnt it be nice if you could just have noise-canceling without the headphones? Apparently, a lot of people think thats a good idea and funded a project called Muzo. [Electroboom] borrowed one and mystified how such a device could work set out to test it. Along the way, in the video below, you can see him do a neat demonstration with two speakers canceling each other in his closet.

Based on [Electrobooms] tests and the tests from other users, it doesnt appear that Muzo does much to reduce noise. It might add some noise of its own, but thats a far cry from what people expected the unit to do.

In theory, the device senses vibrations in a flat surface like a piece of glass or a table top and then vibrates the surface to oppose the noise. At least, thats one of its modes. It is also supposed to be able to mask sound you make, creating a sort of privacy bubble around the device. It can also generate sleep noises, which of course might mask other noise, but wont cancel it.

While it is a great idea, it is hard to imagine how a device like this could arbitrarily cancel complex sounds for all listeners with just a single device located some distance away. With headphones, the sound beams right into your ears and there is a lot of passive noise blocking, as well. There are other special cases where in air noise canceling can work

If you want to stick to headphones, you can get good results passively. Amazon, by the way, has an interesting patent filing related to noise cancellation.


Filed under: Crowd Funding, reviews

13:05

XFS For Linux 4.15 Brings "Great Scads of New Stuff" Phoronix

File-system pull requests today for Linux 4.15 not only included Btrfs compression-related improvements, an overhaul to the AFS driver, and EXT4 corruption fixes but there is also a very significant set of updates to the XFS file-system...

12:42

The New SpotMini Lifeboat News: The Blog

New Boston Dynamics robot, pretty awesome. I hope they roll out an upgraded ATLASoftBank is supposedly doing a big robotics event later this month.


For more information stay tuned.

12:28

Amos Yee to Give Public Talk at Harvard SoylentNews

Amos Yee is set to give his first ever public talk at Harvard.

Yee is a teenager from Singapore who has recently been granted political asylum in the US. He was in trouble with the Singaporean regime for repeatedly criticizing the country's late founder, Lee Kuan Yew. His treatment has been marginally better in the US. Although he was granted asylum by the US back in March, he was held in US jail until late September where he ran in to difficulties for his ongoing criticism of Islam. Currently, he is banned from Facebook for alleged, unspecified "community standards" violations. His videos are available on YouTube.


Original Submission

Read more of this story at SoylentNews.

12:22

An Astonishing Video Shows CRISPR Editing DNA in Real Time Lifeboat News: The Blog

In June, several dozen scientists flew to Big Sky, Montana, to discuss the latest in CRISPR research. They had a lot to talk about, given that CRISPRa tool that allows scientists to cut DNA to disable genes or insert new onesis currently the hottest topic in biology, mentioned in the same breath as pronouncements like changing the world and curing humanity of disease.

On the second day in Big Sky, a Japanese researcher named Osamu Nureki got up to play a short movie clip. I was sitting in the front, and I just heard this gasp from everyone behind me, says Sam Sternberg, who worked in the CRISPR pioneer Jennifer Doudnas lab at the University of California, Berkeley. It was, he says, the biggest reaction to data hes ever seen at a conference.

Nurekis paper was published in Nature Communications Friday, and by early morning, the video that astonished the room in Big Sky was making the rounds on science Twitter, too. I watched it, still bleary-eyed from sleep, and I jolted awake immediately.

12:03

Surveillance Cameras Made by China Are Hanging All Over the U.S. cryptogon.com

Via: Wall Street Journal: The Memphis police use the surveillance cameras to scan the streets for crime. The U.S. Army uses them to monitor a base in Missouri. Consumer models hang in homes and businesses across the country. At one point, the cameras kept watch on the U.S. embassy in Kabul. All the devices were []

12:00

Marek Has Been Taking To AMDGPU LLVM Optimizations Phoronix

Well known AMD open-source driver developer Marek Olk has ruthlessly been optimizing the Radeon Mesa driver stack for years. With RadeonSI getting fine-tuned and already largely outperforming the AMDGPU-PRO OpenGL driver and most of the big ticket improvements complete, it appears his latest focus is on further optimizing the AMDGPU LLVM compiler back-end...

11:50

Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Open Source Security

Posted by David A. Wheeler on Nov 13

"All" would be awesome, though unlikely. But even if that's the eventual goal,
"good starts" are still good starts.

I think a very reasonable (and more practical) alternative is
"enough CVEs to convince you to upgrade your kernel (or whatever) instead".
In particular, if there are several CVEs assigned where the only
reasonable mitigation is "you must upgrade your kernel", then
you don't really...

11:43

Overnight Tech: Dems want FCC chair investigated over Sinclair merger | Google faces state antitrust probe | Qualcomm rejects Broadcom offer | Startups criticize plan to tax employees' stocks The Hill: Technology Policy

MISSOURI AG OPENS GOOGLE INVESTIGATION: Missouri's attorney general launched an investigation into Google's data collection and search practices, saying that the internet giant has so far received a "free pass" by federal regulators.Josh Hawley...

11:00

Lathe Turns the Corner, Makes a Cube Hackaday

[Tim] was tired of using his lathe to turn round things. He decided to make a gaming diesomething thats iconically squareout of cylindrical scrap. As it turns out, this is possible to do on a lathe with a three jaw chuck. [Tim] discovered that the bevel on the jaws will hold a cylindrical puck of scrap sideways while he squares off the round sides into faces.

Turning a cube on a lathe looks pretty fiddly, so we applaud [Tim]s lovely handiwork even more. As youll see in the video down below, things were going gangbusters until he went to make the last facing cut. Maybe the tool wasnt lined up just so, or something was off in the chucking, but the first pass made a bit of a gouge in the stock. Looks like it was easy enough to fix, though. After four 90 turns and facing cuts, he had a nice looking rough cube to work with.

This is a regulation-sized die, so the next step was to trim it down to 16mm. Then it was time to sand, polish, and add the dots. To lay them out, [Tim] sprayed the cube with layout fluid and scribed unique line patterns on each face. Then he drilled the indentations and filled them in with aluminium black.

Most of the dice we see are electronic, like this extremely random pair and these PIC-driven LED dice. Wed like to see [Tim] make a second D6 so he has a pair. And then make a D20. Please?


Filed under: how-to, tool hacks

11:00

HPR2422: Kickstarter Post Mortem Hacker Public Radio

Klaatu tried to fund art for a card game on Kickstarter. Missed the goal by 85% This is a post mortem of how the Kickstarter went and where he may have gone wrong. Possibly you can learn from his mistakes. Possibly he has misdiagnosed his mistakes, and you are being misled. Choose wisely.

10:53

p2k17 Hackathon report: Florian Obser on network stack progress, kernel relinking and more OpenBSD Journal

A new p2k17 hackathon report has arrived, this one from Florian Obser, who writes:

One of these days I should probably just put "lives here" into the file on cvs when it comes to hackathons in Berlin. My very first hackathon was b2k13 and I attended u2k15 as an emergency hackathon, on to number 3!

Read more

10:44

California Governor Plugs E-Cars, Pans Trump Inaction SoylentNews

The BBC and many other sources report:

The US car industry will be wrecked if President Trump relaxes emissions standards, California's governor says.

Jerry Brown said China would dominate car manufacture because it was heavily promoting the electric vehicles that would dominate the future.

He said huge investment was needed on electric vehicles, along with federal rules to encourage their purchase.

He said President Trump and US car-makers were "half asleep" and hadn't understood the scale of the challenge.

He told BBC Radio 4's Costing the Earth: "There will be a serious threat to the US auto industry.

Unlike many in Silicon Valley, Gov. Brown seems to want the USA car industry to survive this Chinese nationally supported onslaught.

While not specifically mentioned in the article, China is working on cars at all price points, not just early adopters that can afford a Tesla or other luxury car. The Chinese stuff may be junk now (think about the batteries in Chinese "hoverboards") but it won't be for long, they learn fast. Here's a little minivan that's headed to production, https://carnewschina.com/2017/09/28/new-photos-sinogold-gm3-electric-mpv-china/


Original Submission

Read more of this story at SoylentNews.

10:27

NSA rocked after The Shadow Brokers Breach HackRead

By Waqas

National Security Agency or the NSA as we know it

This is a post from HackRead.com Read the original post: NSA rocked after The Shadow Brokers Breach

10:15

Intel SGX Driver Updated But Likely Too Late For Linux 4.15 Phoronix

Not to be confused with PowerVR SGX, the Intel SGX driver was revised with new patches published today but it doesn't look like it will land for Linux 4.15...

10:12

Facebook wants 'flexibility' in political advertising regs The Hill: Technology Policy

Facebook says that it supports the governments push to further regulate election ads on digital platforms, but qualifies that it wants flexible rules. The company explained in comments it sent to the Federal Election Commission (FEC) that new...

10:03

Reports from Netconf and Netdev LWN.net

The Netconf 2017, Part 2 and Netdev 2.2 conferences were recently held in Seoul, South Korea. Netconf is an invitation-only gathering of kernel networking developers, while Netdev is an open conference for the Linux networking community. Attendees have put together reports from all five days (two for Netconf and three for Netdev) that LWN is happy to publish for them. So far, we have coverage from both days of Netconf and two days of Netdevstay tuned for the final installment.

09:53

How to hack a gmail account password (with pictures) Thzone.net

You can use this to test your own accounts security. If you have forgotten your password you can e get it back by this tutorial.

Gmail is one of the largest free and paid mail service provider by google. Gmail is one of the most secure mails service. But you know what Nothing is secure. And we are going to prove it today.

We have found and discovered some of the working methods to hack gmail accounts by using some tricks and scripts. Let us not waste our time and get to the tutorial.

Hack gmail password

The only way youll be able to hack into someones account is by stealing their password. If your target has two-factor authentication, youll need their mobile device as well. There is no other way around two-factor authentication.

Outline of the methods that can be used to hack gmail password

  • Hacking a gmail using wireshark and man in the middle attack
  • Hack someones gmail account using keylogger
  • Hack a gmail password using browser password manager
  • Hack gmail by creating a Phishing site

First of all we go with the tutorial of using wireshark

Wireshark and MITM attack to hack anyones gmail account

Wireshark is a network utility used by sysadmins and network manager to analyse the network traffic passing by. Wireshark is mos powerful network analyser tool used for big data networks and more. And this tool is going to help us get into someones Gmail account. Luckily this is free tool and you can install it on windows mac and as well as in linux which is great for windows and mac users but we are going to use it on linux and most famous hacking os Kali Linux. And for MITM attack we are going to use a tool called ettercap which may be you are already familier with, is an important tool for network security

Step 1:

Fire up Kali Linux.

Step 2:

Open Wireshark You can do that either with terminal or direct open it from the menu(its upto you)

and put it to listening mode on wi-fi or ether-net either of which interface you are on.

Step 3:

...

09:52

How to hack wifi password (with pictures) Thzone.net

Well, there was a time when   people with networking skills and an hacker mindset can only hack into wireless networks. But that time is long gone my friend.

Now a days even kids can hack wifi passwords. If you dont believe me read this article A 7-year-old shows how easy it is to break into a public network in less than 11 minutes.  by dailymail.

You might have been searching on google how to hack wifi or How to hack into wifi passwords. And certainly you have gone through a lot of tutorials on the web. You know people are recycling the old content again and again.

May be you have found something new on the sites but that did not help you with your problem that is still junk to you. thats why you are still in search of tutorial that will bring forth such knowledge that make you an hacker

If not an pro ethical hacker but, you will surely became an wifi hacker today.

This article is all about hacking a wifi password and breaching into all type of encyptions related to wireless networks.In this tutorial we will discuss possible ways to hack wifi and all the misconception related to password cracking.

You may not become an expert ethic...

09:50

How to hack a facebook account password (with pictures) Thzone.net

For hacking a facebook account an attackers does not neccesarily target facebook website.  It is illegal to perform hacking activities without their conscent or permission.

Instead of trying to hack a company which spend millions on its security and infrastructure, compromising a victims computer system is a low hanging fruit. Once the attacker setup keylogger and backdoor on victims system, all user activities and accounts including email, social networks, banking, etc can be stolen.

All the hacking groups who hacked twitter and facebook accounts of major companies didnt hack into their networks. They targeted the employees of those companies and got lucky in compromising the right user who had passwords for those social networks stored in their system.

Attacker goes for users as humans are weekest link to security they can be easily compromised unless they know the hacking tactics themselves.

You wont be vulnerable to hacking if you understand how hacking works

Why You should learn to hack

There are tons of reasons that why you should learn to hack. As above quote stated you will not be vulnerable to facebook hacking tactics used by hackers if you know those tactics too.. If you know how a predator prey on his victims then you would probably save yourself.

These are some of the scenarios you could face in the real world

It is really not a hack

  1. You forget to log out of Facebook from a public computer, or you forget to lock the computer screen at work or at home, and someone else besides you, go to that computer and write on your Facebook wall that youve been hacked. This has nothing to do with hacking at all (it is related to red teaming though, except during this type of exercise, getting access to Facebook accounts is not the target and never will be), but it is probably the most commonly seen hack. This poses no threat to you, except embarrassment in some cases.
  2. A friend who knows your password, logs into your account and writes on your Facebook wall that youve been hacked. The password was obtained by asking you for it (beginner level of social engineering, except that this case is not really social engineering if you give up the password when asked for it directly), seeing you type it in (shoulder-surfing), or simply guessing what it is (online brute-forcing). This has very little to do with hacking and poses no threat to you, except embarrassment in some cases. In case this happens, reset/recover your password. This is the most common scenario where Facebook accounts are compromised, but not really compromised.

How facebook account can be compromised

  1. You receive an email from a non-targeted mass-phishing campaign that prompts you to log into Facebook, or reset your password. This at...

09:48

How to hack whatsapp account (with pictures) Thzone.net

Nothing in this world is unhackable, encryption are just mathematical equation that is hard but not impossible to solve without knowing a factor. If you really want to hack or spy on anyones WhatsApp this tutorial is for you.

Some of Possibilities

Since WhatsApp has become one of the popular app to share messages and media instantly, it has also become a favorite place for many to engage in illicit activities. Therefore, in order to investigate the truth people are left with no choice other than to hack WhatsApp account. Most of the smartphone users such as for iPhone, BlackBerry, Android, Windows Phone, and Nokia are fascinated towards WhatsApp messenger as it provides innovative and amazing features.

People have many queries for how to hack whatsapp account, is it possible to hack whatsapp, how to hack whatsapp chat. Well today is your lucky day and you have found the tutorial. This will surely help find your goal and you will be able to hack whatsapp massages.

Mac Spoofing to hack into someones whatsapp account

There is a method to hack WhatsApp known as Mac address spoofing which involves spoofing the Mac address of the target phone on your own phone.

To spoof the Mac of the target phone, follow the below-mentioned steps:

  1. Find out the Mac address of the target phone on which you need to hack WhatsApp account:
  • Android  Settings > About Device > Status> Wi-Fi MAC address
  • iPhone  Settings> General > About > Wi-Fi address
  • Windows Phone : Settings >> About >> More info >> MAC Address.
  • BlackBerry : Options >> Device >> Device and Status Info >> WLAN MAC
  1. Once you have the Mac address of the target Whatsapp phone, you have completed the half way.
  2. Next, install WhatsApp on your phone and enter target phone number and verify it
  3. Now, you have an exact replica of the target WhatsApp account and you should receive all the conversation and updates on your phone as well.

This method of WhatsApp hacking is quite time-consuming and is known to have less success rate.Lets get into the details of the mac spoofing method to hack Whatsapp.

What is a MAC address

A MAC address is a 12-character unique identifier assigned to the network adapter of your WiFi device. A MAC address can be used to uniquely identify the smartphone on the Internet or the local network.

If you want your target to be hacked, you need to f...

09:30

How to hack a instagram account password (with pictures) Thzone.net

Instagram Facebook Twitter Pinterest overall are actually pretty safe however as long as we have passwords there are people out there who try to guess them or use programs to gain access to your account. If they get the password able to get into your account. Take the right measures. Easily hack instagram accounts of anyone without the use of any suspicious software. Everyday thousands of accounts are being hacked this includes Instagram one of the biggest social media websites worldwide with over 100+ million registered users and gaining millions of page views everyday!

This tutorial is only for education purpose and any of us would not be responsible for anything that is done illegal due to this article

Why would you want to hack instagram?

Do you suspect your spouse of cheating, are you being overly paranoid or seeing signs of infidelityThen he sure is cheating. It really can be very useful for so many different types of people. Whilst you might associate this type of service with hackers and people that are up to no good that isnt always the case. In fact, after carrying out extensive research during the stage where we were providing this information to users on request we found that around 75% of contact requests came from users who had either been locked out of their own Instagram accounts by accident or from those who hack already had their Instagram accounts hacked by other people and were simply trying to get them back.

Other reasons why you might want an Instagram password hack include:

  • To gain your own account back after becoming locked out
  • To retrieve an account belonging to you that has been previously hacked in to
  • To play a prank on one of your friends
  • To steal an Instagram account from a competitor
  • To take control of a dormant Instagram account that a significance to you

By hacking into their facebook account

Yeah! you have read it right. You know many of instagram accounts are linked to the facebook accounts and people use facebook to get access to their instagram account. Moreover many of the instagram accounts are created based on facebook api. So it could be the way to get access too instagram account. Now you can ask me that how you will be able to hack into facebook account. Thats simple follow our tutorial of facebook hacking and get your hands on to the instagram account.

Really this could be it for you if you just want access to someones instagram profile or wanna see some private photos of them. But if you want the password of their account or do any kind of prank on your friend by changing their password then thats not your way to go. Their are other methods to for instagram password hacking which you will read later in this tutorial.

How you will get access to instagram via facebook?

Thats...

09:22

Believe synonyms meaning and defination Thzone.net

Synonyms of Believe

acceptstar holdstar understandstar creditstar
admitstar regardstar accreditstar deemstar
concludestar supposestar affirmstar positstar
considerstar thinkstar buystar postulatestar
havestar truststar conceivestar presupposestar
swallowstar be of the opinionstar have no doubtstar reckon onstar
attach weight tostar count onstar keep the faithstar rest assuredstar
be certain ofstar fall forstar lap upstar swear bystar
be convinced ofstar give credence tostar place confidence instar take as gospelstar
be credulousstar have faith instar presume truestar take at ones wordstar
take for grantedstar take itstar

Antonyms for believe

abandon discard disregard ignore
deny dismiss exclude neglect
disbelieve dispute forget refuse
reject distrust

Synonyms and Antonyms of believe

  1. 1to regard as right or trueonly the most naive car buyer would have believed the salesmans claim tha...

09:22

Silicon Valley criticizes GOP proposal to tax employees' stocks The Hill: Technology Policy

Silicon Valley investors and firms are speaking out against a provision in the Senate Republican tax-reform plan that would change how employees are taxed on stock-based compensation.The provision in the Senate plan unveiled last week would tax...

09:13

Understand synonyms meaning and defination Thzone.net

Synonyms for understand

accept find out learn be aware
discern follow master be conscious of
explain get perceive be with it
fathom grass read catch on
figure out interpret realize get the hang of
recognize know sympathize get the idea
see get the picture make out penetrate
sense get the point make sense of possess
tolerate have knowledge of take in register
apprehend identify with take meaning savvy
catch ken conceive seize
deduce distinguish infer note

Antonyms for understand

be ignorant fail miss overlook
disallow ignore misunderstand free
disapprove lose neglect let go
disregard misinterpret not get release
disbelieve mistake

Synonyms and Antonyms of understand

  1. to form an opinion or reach a conclusion through reasoning and informationas I understand it, this is the best plan that we have Synonyms of understand conclude, decide, deduce, derive, extrapolate, gather, judge, make out, reason, infer Words Related to understand assume, suppose

    conjecture, guess, speculate...

09:06

However synonyms meaning and defination Thzone.net

When ever is used for emphasis after how or why, it should be written as a separate word. Thus it is correct to write how ever did you manage? rather than however did you manage? (as distinct from other uses of the adverb however, which is always written as one word). With other words such as what, where, and who, the situation is not clear-cut: both two-word and one-word forms (both what ever and whatever, and so on) are well represented, and neither is regarded as particularly more correct than the other

Effective Usage of however

However can be used in the following ways

as an adverb showing how a sentence is related to what has already been said:
Prices have been rising. It is unlikely, however, that this increase will continue.
as an adverb (before an adjective or adverb):
However hard he tried, he could not control his feelings.
(before much or many):
However much they earn, they will never be satisfied.
(starting a question):
However did you manage to make him change his mind?
as a conjunction (joining two clauses):
You can arrange the furniture however you want.
However you look at it, its an enormous problem.

Definition of however and meaning

in whatever manner or way that will help however I can

archaic :although

Examples of however in a Sentence

Used when you are saying something that seems surprising after your previous statement, or that makes your previous statement seem less true
The president was confident of success. His advisers were not so sure, however.
Diamond mining is a highly profitable industry. There are, however, certain risks involved.
Used when you are changing the subject
Im delighted I could be here today. However, I didnt come here to talk about myself.
Used for saying that it makes no difference how good, bad, difficult etc something is or how much there is of something
however good/well/bad/badly/hard etc: She would still love him however badly he behaved.
If you take money from the fund, however small the amount, you must record it in this book.
however much/many: Were determined to have a wonderful holiday, however much it costs....

09:03

IoT Sex Toy Control App Records Audio Without Couple's Knowledge SoylentNews

Connected sex toys recorded intimate sessions without consent

Days ago, a Redditor discovered that their Lovense remote control app was unknowingly recording audio of a six-minute intimate session between the user and their significant other. It happened while they used the app to control the Lovense vibrator it's paired with, and it saved the recording to a local file buried in the phone's media storage. Another commenter, claiming to be a Lovense representative, said these recordings are the result of a "minor software bug."

Lovense: "Use teledildonics to improve your sex life!"

Previously: Vibrator Maker Pays $3.75 Million Settlement Over Data Collection
Pornhub's Newest Videos Can Reach Out and Touch You
Sex Toys Are Just as Poorly-Secured as the Rest of the Internet of Broken Things


Original Submission

Read more of this story at SoylentNews.

08:24

Re: (linux-)distros list use statistics Open Source Security

Posted by Solar Designer on Nov 13

Oh, I must have guessed wrong. I thought the long embargo periods were
correct and assumed that was because of inclusion of pre-distros time,
but according to what you're saying these are just two errors.

Your statistics appear to suggest that it was public on oss-security
exactly 22 days later, but actually it was public on oss-security at
most a day later with:

http://www.openwall.com/lists/oss-security/2017/10/10/3

I guess you'll...

08:08

Google will remove apps that misuse Android Accessibility Services from Google Play Help Net Security

Android app developers whose offerings implement Accessibility Services for reasons other that helping users with disabilities use their apps have less then 30 days to switch to other methods, or risk their apps being removed from Google Play and their developer account terminated. Google has yet to say explicitly why they are making this move, but its believed that its a measure meant to stymie malware developers. Announced change The Google Play Review Team has More

08:00

Pocket Woodwind MIDI Controller Helps You Carry a Tune Hackaday

Its easy to become obsessed with music, especially once you start playing. You want to make music everywhere you go, which is completely impractical. Dont believe me? See how long you can get away with whistling on the subway or drumming your hands on any number of bus surfaces before your fellow passengers revolt. Theres a better way, and that way is portable USB MIDI controllers.

[Johan] wanted a pocket-sized woodwind MIDI controller, but all the existing ones he found were too big and bulky to carry around. With little more than a Teensy and a pressure sensor, he created TeensieWI.  It uses the built-in cap sense library to read input from the copper tape keys, generate MIDI messages, and send them over USB or DIN. Another pair of conductive pads on the back allow for octave changes. [Johan] later added a PSP joystick to do pitch bends, modulation, and glide. This is a simple build that creates a versatile instrument.

You dont actually blow air into the mouthpiecejust let it escape from the sides of your mouth instead. That might take some getting used to if youve developed an embouchure. The values are determined by a pressure sensor that uses piezoresistivity to figure out how hard youre blowing. Theres a default breath response value that can be configured in the settings.

TeensiWI should be easy to replicate or remix into any suitable chassis, though the UV-reactive acrylic looks pretty awesome. [Johan]s documentation on IO is top-notch and includes a user guide with a fingering chart. For all you take-my-money types out there, [Johan] sells em ready to rock on Tindie. Check out the short demo clips after the break.

We saw a woodwind MIDI controller a few years ago that was eventually outfitted with an on-board synthesizer. Want to build a MIDI controller ? , like this beautiful build that uses hard drive platters as jog wheels.

...

08:00

The Strange Art of Writing App Release Notes IEEE Spectrum Recent Content full text

What makes a great release note, according to the authors Photo: Getty Images; App: Amy Nordrum

If you have an iPhone, go to the App Store and navigate to Updates. Youll see release notes describing changes developers have made to the newest versions of the apps on your phone.

For the most part, theyre pretty boring:

Bug fixes and performance updates.
Bug fixes.
This update contains stability and performance improvements.
Update to optimize alert handling.

But sometimes, a note will stand out. Scrolling through my own recently, I came across this one written for a transportation app called Transit that I often use here in New York City.

A screenshot of an app release note for Transit.

Curious, I tracked down the authorJoe MacNeil, Transits in-house copywriter. I think I mostly got hired to write the release notes, he told me. Its actually his favorite part of his job.  

According to MacNeil, Transit considers release notes to be one of its best opportunities to connect with users. Inside the company, I think release notes are taken as seriously as blog posts, he says. Multiple drafts are shared back and forth. The team is really exacting, he says. If I have a B-rate joke, they don't let it get out.  

Release notes are, at their simplest, a way for developers to tell users whats changed about the apps on their phones. They describe new features and keep users informed about important software changes. And updating apps is good digital hygiene, since new versions fix problems and patch vulnerabilities.

A screenshot of an app release note for Seamless.

Writing release notes can be a pain, though. Theyre often dashed off by someone when a development team is ready to submit new code to an app storeessentially as an afterthought. It used to be the last thing on the list and was not given a lot of attention, says Rob Gill, a former UX manager at Perform Group, a firm that manages a dozen apps on behalf of clients.

As a result, many app release notes are rather humdrum. They repeat a few generic lines, often variations of the phrases bug fixes and performance updates.

But some notesand their authorsshow more personality. MacNeil at Transit is one of them....

07:55

Btrfs Zstd Compression Benchmarks On Linux 4.14 Phoronix

Of the many new features in Linux 4.14, one of the prominent additions is initial support for Zstd compression that is initially wired in for transparent file-system compression with SquashFS and Btrfs. Here are some benchmarks of Zstd Btrfs compression compared to the existing LZO and Zlib compression mount options.

07:27

NASA Saves Big With Commercial Cargo Program SoylentNews

In-depth study: Commercial cargo program a bargain for NASA

It has generally been assumed that NASA will save money by spurring the development of services by US companies to supply the International Space Station, but such conclusions have largely been based on estimates. Now, a rigorous new review authored by a NASA analyst, and published by the American Institute of Aeronautics and Astronautics, offers a clear answer to this question.

According to the new research paper by Edgar Zapata, who works at Kennedy Space Center, the supply services offered by SpaceX and Orbital ATK have cost NASA two to three times less than if the space agency had continued to fly the space shuttle. For his analysis, Zapata attempted to make an "apples to apples" comparison between the commercial vehicles, through June 2017, and the space shuttle.

Specifically, the analysis of development and operational expenses, as well as vehicle failures, found that SpaceX had cost NASA about $89,000 per kg of cargo delivered to the space station. By the same methodology, he found Orbital ATK had cost $135,000 per kg. Had the shuttle continued to fly, and deliver cargo via its Multi-Purpose Logistics Module, it would have cost $272,000 per kg.


Original Submission

Read more of this story at SoylentNews.

07:02

Overwhelming Support for Life Extension Lifeboat News: The Blog

Well, it has been a super busy month due to the popularity of the new Kurzgesagt videos about aging, and we have seen a massive positive response from the audience to the ideas presented there.

At the time of writing, 116,000 people have liked the video so far, and a mere 963 people have disliked it, with almost 2 million total views to date. Once again, as in the previous video, the ratio of support versus opposition is massively in favor of doing something about aging.

This is most welcome, though it is not entirely unexpected. It is no surprise that the majority of people support continued health and the eradication of age-related diseases through the development of advanced medicines. If you have not seen both videos, we recommend that you take a few minutes to enjoy them today.

06:55

Re: (linux-)distros list use statistics Open Source Security

Posted by Kristian Fiskerstrand on Nov 13

Tracked down the -7533 issue as well, it was a fat-finger in the data.
The wiki page is updated with correct info. But the new table is:

Date All
Number of reports 24
Average embargo time (first public) 5.84
Average embargo time (oss-security) 6.95

2017-06 2017-07 2017-08 2017-09 2017-10
1 3 6 9 5
10.84 4.69 6.39 5.83 4.90
14.16 5.03 6.39 5.84 9.31

06:41

Re: (linux-)distros list use statistics Open Source Security

Posted by Kristian Fiskerstrand on Nov 13

Ah, will look into that soon then.

It is calculated from first report on distros list, that said, for
CVE-2017-1000255 there was some missing data for first publication (it
is public through
https://access.redhat.com/security/cve/CVE-2017-1000255 and
http://www.securityfocus.com/bid/101264 since 9th), so the publication
time is 5.97 days (although not for oss-security posting).

That should be the data already used.

06:34

Re: (linux-)distros list use statistics Open Source Security

Posted by Solar Designer on Nov 13

Please feel free to create a page like:

http://oss-security.openwall.org/wiki/mailing-lists/distros/stats

You don't need any special access for that.

Thank you, Kristian!

This lists two very long embargo periods for two Linux kernel issues: 96
days for CVE-2017-7533 and 28 days for CVE-2017-1000255. While this is
useful info, it does not reflect (linux-)distros' lists performance as
it includes embargo periods from prior to...

06:33

Friday Free Software Directory IRC meetup: November 17th starting at 12:00 p.m. EST/17:00 UTC FSF blogs

Participate in supporting the Directory by adding new entries and updating existing ones. We will be on IRC in the #fsf channel on irc.freenode.org.

While the Directory has been and continues to be a great resource to the world for over a decade now, it has the potential to be a resource of even greater value. But it needs your help!

It was 47 years ago on November 17th that Douglas Engelbart received the first patent on the computer mouse. This advent in the realm of human interface devices (HID) would open the world of computers to many new people. To this day though, a battle rages in terms of the mouse's general use: the classic battle of window managers between the mouse-less Awesome and mouse-centric Mutter. This week, the Directory theme for entries is mice as input devices, and we will be discussing HIDs in general.

If you are eager to help, and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today! There are also weekly Directory Meeting pages that everyone is welcome to contribute to before, during, and after each meeting.

06:30

Multi-Physics Simulation; a key component of a superior Digitalization strategy for the Electronics industry IEEE Spectrum Recent Content full text

Learn how high tech companies are leveraging Simulation to reduce product development cycle times, improving the performance of their products and reducing costs associated to warranty repairs, recalls and unnecessary prototypes.

Multi-Physics Simulation; a key component of a superior Digitalization strategy for the Electronics industry

The product mantra in the high tech industry is to be smaller and cheaper with a faster time to market. This applies to any and all electronics industry sectors. This complexity has grown exponentially due to the IOT or internet of things and the growing number of smart, connected products. Shining a spotlight on the new opportunities and unique challenges they present to the electronics industry. Prosperity and survival will depend on a superior digitalization strategy that includes key enablers like Simulation to keep pace in this rapidly evolving landscape.

In this presentation well uncover details and best practices that can shed light on how high tech companies are leveraging Simulation to reduce product development cycle times, improving the performance of their products and reducing costs associated to warranty repairs, recalls and unnecessary prototypes.

  • Well discuss the generation of a system-level Digital Twin across the product lifecycle with accompanied, traceable Digital Threads, as the product configuration evolves

  • Explain why complicated product designs make it necessary to have a Simulation Digital Twin to identify many performance issues upfront and avoid expensive late changes.

  • Well show you how you can implement Simulation process, tools and methods to drive the design by allowing intelligent decision making through Simulation results.

  • Why maintaining the Digital Thread with traceability is critical to understanding design decisions and intent in warranty, regulatory and liability situations by providing cross discipline collaboration, coordination and compliance

  • We will show many industrial case studies where Simulation has played a key role in significant cost savings by reducing the number of prototypes, reducing the hardware testing time along with significant reductions in Product Development Time.

  • We will show how a Simulation Digital Twin is connected with Real life Products in the field to enable Virtual Health Management.

    We believe that Simulation will continue to play a key role in the implementation of a robust Digitalization Strategy.  Please join us while we take a deeper dive into some of the new and fascinating Multi-physics Simulation capabilities that are transforming the electronics industry.

PRESENTER:
...

06:16

Re: (linux-)distros list use statistics Open Source Security

Posted by Kristian Fiskerstrand on Nov 13

Hi,

As far as I'm aware I haven't gotten access to edit the wiki page for
publishing it. But the stats Gentoo has recorded are as follows (graph
attached);

Date All
Number of reports 24
Average embargo time (first public) 10.44
Average embargo time (oss-security) 10.63

This is based on the following monthly data:
2017-06 2017-07 2017-08 2017-09 2017-10
1 3 6...

06:09

Two Different Top500 Supercomputing Benchmarks Show Two Different Top Supercomputers IEEE Spectrum Recent Content full text

In the new TOP500 Supercomputer Rankings, whos number one depends on which benchmark you use Illustration: iStockphoto

The 50th TOP500 semi-annual ranking of the worlds supercomputers was announced earlier today. The topmost positions are largely unchanged from those announced last June, with Chinas Sunway TaihuLight and Tianhe-2 supercomputers still taking the #1 and #2 positions, and the Swiss Piz Daint supercomputer still at #3. The only change since June, really, to the handful of computers at the very top of the list is that the one U.S. computer to make the top-five cut, Oak Ridge National Laboratorys Titan, slipped from #4 to #5, edged out by a Japanese supercomputer called Gyoukou.

The top 10 now look like this:

...
Top500.orgs November 2017 ranking
Position Name Country Teraflops Power (kW)
1 Sunway TaihuLight China 93,015 15,371
2 Tianhe-2 China 33,863 17,808
3 Piz Daint Switzerland 19,590 2,272
4 Gyoukou Japan 19,136 1,350
5 Titan United States 17,590 8,209
6 Sequoia

05:51

GNOME Shell 4 Proposal Published To Be More Wayland-Focused Phoronix

Jonas Adahl of Red Hat has volleyed his initial proposals for how a "future" GNOME Shell could be architected on a page entitled GNOME Shell 4. This GNOME Shell 4 would potentially break compatibility with GNOME Shell 3 extensions while being more designed around Wayland rather than X11...

05:51

America is Running Out of Cassette Tape SoylentNews

Submitted via IRC for TheMightyBuzzard

National Audio Co. is the only company in the U.S. that produces cassette tape. Now, as cassette tapes enjoy a resurgence in popularity, National Audio has less than a year's supply left of the stuff, The Wall Street Journal reports.

For the last 15 years, National Audio's co-owner and president Steve Stepp has been clinging to his company's dwindling supply of music-quality magnetic tape. In 2014, National Audio's South Korean supplier stopped making the material, so Stepp bought out their remaining stock before they shuttered and has been left with a shrinking stockpile ever since.

Although the demand for tape has increased in recent years, the quality and supply has not; National Audio has long relied on outdated gear that Stepp jokes is "the finest equipment the 1960s has to offer." That's why the company which makes cassettes for everyone from indie bands to Metallica is planning to build the U.S.'s first high-grade tape manufacturing line in decades.

Crap! Where am I going to store my TRS-80 programs now?

Source: https://theweek.com/speedreads/735269/america-running-cassette-tape


Original Submission

Read more of this story at SoylentNews.

05:50

Court limits DOJ warrant for Facebook data on Trump protesters The Hill: Technology Policy

A court in Washington, D.C., has moved to limit the scope of search warrants obtained by federal investigators for Facebook data in connection with an ongoing investigation into criminal rioting on Inauguration Day. As a result of the order,...

05:40

Intel Vulkan Driver Preparing For Faster MSAA Performance Phoronix

Jason Ekstrand of Intel who contributes significantly to the development of their open-source "ANV" Vulkan driver has prepped a new patch series...

05:30

USB Type-C Port Manager Promoted Out Of Staging For Linux 4.15 Phoronix

The USB Type-C port manager that originally premiered in Linux 4.12 will be promoted out of staging with the Linux 4.15 kernel...

05:23

Google: Netflix Searches Greater Than Those For Pirate Alternatives TechWorm

Demand for Netflix is more than pirate alternatives, says Google

With over 104 million subscribers around the world, Netflix, an online video streaming company, in the last couple of years has managed to gain a foothold in the video industry by giving tough competition to pirate websites.

A new recent study from Google shows that Netflix has more demand than its pirate alternatives including torrents, streaming, and apps in piracy center Brazil. The data appears in the companys annual survey of movies.

According to data from the search engine Google Trends, the turnaround of Netflix started in November 2016 (as shown in the image below) when consumer searches for Netflix was greater than pirate alternatives and remains the same until today.

However, the stats above dont essentially point that Brazil does not download movies and pirated TV shows. They instead show that Netflixs library and ease of use of instant offer of contents and exclusive ads, is rewarded by extensive awareness among those looking for such content locally.

Were not lowering piracy but this does show how relevant the [Netflix] brand is when it comes to offering content online, Google Brazils market intelligence chief Sergio Tejido told Exame.

The achievement of Netflix is similar to the rise of Spotify, says Debora Bona, a director specializing in media and entertainment at Google Brazil.

The event is interesting, Bona told Exame. Since the launch of streaming solutions such as Netflix and Spotify, they have become alternatives to piracy. Sweden had many problems with music piracy and the arrival of Spotify reversed this curve.

Although Netflix has been available in Brazil since 2011, the streaming platform noticed a significant increase of 284% in online search between 2013 and 2016. The recent surveys indicate a record high 77% of surveyed Brazilians have watched Netflix, which is up from 71% in 2016. Additionally, 90% (or nine out of ten) users in Brazil were either extremely satisfied or very satisfied with the service, up from 79% in the previous year, and 66% of subscribers said that they were not at all likely to cancel.

Source:...

05:22

Check out Chinas remarkable progress Lifeboat News: The Blog

China is showing the world how things should be done.

05:14

House Dems want FCC chairman investigated over Sinclair-Tribune merger The Hill: Technology Policy

Top House Democrats are calling for the chairman of the Federal Communications Commission (FCC) to be investigated over whether he has been improperly clearing regulatory hurdles for the Sinclair Broadcast Groups pending acquisition of Tribune...

05:12

15 Dems urge FEC to adopt new rules for online political ads The Hill: Technology Policy

Fifteen Democratic senators signed comments to the Federal Election Commission in support of new rules for online political advertisements after Russian efforts to interfere in the 2016 presidential election.Russia-linked groups are believed to...

05:10

Apple iPhone X's Face ID Hacked (Unlocked) Using 3D-Printed Mask The Hacker News

Just a week after Apple released its brand new iPhone X on November 3, a team of hackers has claimed to successfully hack Apple's Face ID facial recognition technology with a mask that costs less than $150. Yes, Apple's "ultra-secure" Face ID security for the iPhone X is not as secure as the company claimed during its launch event in September this year. "Apple engineering teams have even

05:10

IcedID: Original new banking Trojan emerges Help Net Security

IcedID, a new banking Trojan that does not seem to have borrowed code from other similar threats, has entered the financial cybercrime arena. It was first spotted in the wild in September 2017, and it currently targets banks, payment card providers, mobile services providers, payroll, webmail, and ecommerce sites in the US, Canada and the UK. IcedID banking Trojan capabilities IcedID has a modular architecture, and its current capabilities are likely just the beginning. To More

05:05

Microsoft Sued Over Baseless Piracy Threats TorrentFreak

For many years, Microsoft and the Business Software Alliance (BSA) have carried out piracy investigations into organizations large and small.

Companies accused of using Microsoft software without permission usually get a letter asking them to pay up, or face legal consequences.

Rhode Island-based company Hanna Instruments is one of the most recent targets. The company stands accused of using Microsoft Office products without a proper license.

However, instead of Microsoft going after Hanna in court for copyright infringement, Hanna has filed a lawsuit against BSA and Microsoft asking for a declaratory judgment that it did nothing wrong.

The lawsuit is the result of a long back-and-forth that started in June. At the time, BSAs lawyers sent Hanna a letter accusing it of using Microsoft products without a proper license, while requesting an audit.

Hannas management wasnt aware of any pirated products but after repeated requests, the company decided to go ahead and conduct a thorough investigation. The results, combined in a detailed spreadsheet, showed that it purchased 126 copies of Microsoft Office software, while only 120 were in use.

Perfectly fine, they assumed, but the BSA was not convinced.

Since Hanna only had Microsoft generated key cards for the most recent purchases, the company used purchase orders, requisitions, and price quotes to prove that it properly licensed earlier copies of Microsoft Office. Not good enough, according to the BSA, which wanted to see money instead.

The BSAs lawyers informed Hanna that the company would face up to $4,950,000 in damages if the case went to court. Instead, however, they offered to settle the matter for $72,074.

From the complaint

Hanna wasnt planning to pay and pointed out that they sent in as much proof as they could find, documenting legal purchases of Microsoft Office licenses for a period covering more than ten years. While the BSA appreciated the effort, it didnt accept this as hard evidence.

the provision of purchase orders, price quotes, purchase requisitions are not acceptable as valid proof of purchase to our client. Reason being, the aforesaid documents do not demonstrate that a purchase has taken place, they merely establish intent to make a purchase of software, the BSA wrote in yer another email.

Interestingly, the BSA itself still failed to provide any solid proof that Hanna was using unlicensed software. The Rhode Island company repeatedly requested this, but the BSA...

05:00

Drone License Plates: An Idea That Wont Stave Off the Inevitable Hackaday

As more and more drones hit the skies, we are beginning to encounter a modest number of problems that promise to balloon if ignored. 825,000 drones above a quarter-kilo in weight were sold in the U.S. in 2016. The question has become, how do we control all these drones?

Right now security and municipal officials are struggling with the question: what to do if theres a drone in the sky thats not supposed to be there? This is not just hypothetical. For instance, in the west, firefighting planes have turned away from a forest fire because some idiot with a DJI taking was Instagram shots of the fire. The reason given is that pilots cannot detect those drones by any other means than through eyesight, and that is not terribly likely given the small size of the drones. A person flying a firefighting plane probably doesnt want to see a propeller deal with a drone, though the actual chance of a drone knocking a real plane out of the sky is quite low.

DJI implemented its GEO geofencing system in 2015, meaning the drones would refuse to fly within military bases, airports, and other sensitive locations. It even updates them on the fly (tee-hee!) with temporary flight restrictions based on local situations. In some types of secured locations, authorized representatives could sign in with their DJI account to bypass the security measures and launch.

Nevertheless, its the sort of corporate responsibility that sounds a lot like selling products and protecting the company from litigation and doesnt really solve any problems.

Most of the time security personnel have no way of even noticing drones, let alone stopping them in some way. You dont have to imagine drone traffic jams, UAV swarms, or quads with cameras stealing Bon Iver shows, because our friendly local science fiction authors have visualized it for you. But the question remains: what is the solution?

Register It

Government lawmaking in general and the Federal Aviation Administration in particular are, shall we say, a good decade behind the technology. One cant really blame them. For years, no one needed any special rules for flying a RC helicopter in their backyard. Welcome to the future!

Then it came to someone: drone license plates. In late 2015 the FAA announced that any drones weighing more than half a kilo (0.55 lbs to be exact) and operating in the U.S. be registered with the FAA and must have a registration number printed on them.

This makes a certain amount of sense. Small airplanes have to have an ID number on them so a person with binoculars can read the number off the aircraft and look it up on a database. So why should a drone be any diffe...

04:42

You can now register as a DMCA agent without using nonfree JavaScript FSF blogs

Users shouldn't be forced to use nonfree software when interacting with their own government. Every user has the right to control their own computing, and the government shouldn't be forcing you to download and install proprietary software just to take advantage of its services. But when it comes to registering as an agent under the Digital Millenium Copyright Act (DMCA) in the United States, that's exactly what the government expects you to do.

Users are likely familiar with the DMCA's more draconian aspects, namely the creation of legal penalties for circumventing Digital Restrictions Management. The Free Software Foundation's Defective by Design campaign is fighting to end that nightmare and repeal that part of the law. But like many laws, it's crammed full of a wide variety of provisions, the anti-circumvention rules being only one of them.

Another piece of the law creates what are known as the safe harbor provisions. These rules set out some steps that maintainers of Web sites can take to avoid liability when a user of their site uploads potentially infringing copyrighted materials. The main provision here is that if a copyright holder finds their work on your site without their permission, they can submit a take down notice to an agent registered for your site. This agent can then remove the work, thus avoiding liability for the potentially infringing distribution. Without this safe harbor, the site maintainer could potentially be sued.

While this safe harbor rule can lead to abuse, with improper take downs, it also allows maintainers of Web sites to permit their users to share works. If the rule wasn't in place, it would be too dangerous to accept such uploads without reviewing each work -- something most Web sites can't afford to do. The Free Software Foundation takes advantage of the safe harbor provisions to ensure that we can continue to share software created and uploaded by free software developers, or to share information like that found in the Free Software Directory, or to help people organize locally via LibrePlanet.org.

As mentioned before, though, taking advantage of the safe harbor provisions requires having an agent to accept the notices. This is where the problem arises. The U.S. Copyright Office is now requiring Web site maintainers to re-register using https://www.copyright.gov/dmca-directory/ by December 31st of 2017. This site, like many others that the Copyright Office requires use of, is lousy with nonfree JavaScript. Unlike t...

04:42

Eben Moglen is no longer a friend of the free software community Matthew Garrett

(Note: While the majority of the events described below occurred while I was a member of the board of directors of the Free Software Foundation, I am no longer. This is my personal position and should not be interpreted as the opinion of any other organisation or company I have been affiliated with in any way)

Eben Moglen has done an amazing amount of work for the free software community, serving on the board of the Free Software Foundation and acting as its general counsel for many years, leading the drafting of GPLv3 and giving many forceful speeches on the importance of free software. However, his recent behaviour demonstrates that he is no longer willing to work with other members of the community, and we should reciprocate that.

In early 2016, the FSF board became aware that Eben was briefing clients on an interpretation of the GPL that was incompatible with that held by the FSF. He later released this position publicly with little coordination with the FSF, which was used by Canonical to justify their shipping ZFS in a GPL-violating way. He had provided similar advice to Debian, who were confused about the apparent conflict between the FSF's position and Eben's.

This situation was obviously problematic - Eben is clearly free to provide whatever legal opinion he holds to his clients, but his very public association with the FSF caused many people to assume that these positions were held by the FSF and the FSF were forced into the position of publicly stating that they disagreed with legal positions held by their general counsel. Attempts to mediate this failed, and Eben refused to commit to working with the FSF on avoiding this sort of situation in future[1].

Around the same time, Eben made legal threats towards another project with ties to FSF. These threats were based on a license interpretation that ran contrary to how free software licenses had been interpreted by the community for decades, and was made without any prior discussion with the FSF. This, in conjunction with his behaviour over the ZFS issue, led to him stepping down as the FSF's general counsel.

Throughout this period, Eben disparaged FSF staff and other free software community members in various semi-public settings. In doing so he harmed the credibility of many people who have devoted significant portions of their lives to aiding the free software community. At Libreplanet earlier this year he made direct threats against an attendee - this was reported as a violation of the conference's anti-harassment policy.

Eben h...

04:39

A Top Secret Desert Assembly Plant Starts Ramping Up to Build Northrops B-21 Bomber cryptogon.com

Via: Los Angeles Times: A once-empty parking lot at Northrop Grumman Corp.s top secret aircraft plant in Palmdale is now jammed with cars that pour in during the predawn hours. More than a thousand new employees are working for the time being in rows of temporary trailers, a dozen tan-colored tents and a vast assembly []

04:36

You can soon securely unlock smartphone with your body sweat HackRead

By Carolina

As incredulous as it sounds, it is indeed true that

This is a post from HackRead.com Read the original post: You can soon securely unlock smartphone with your body sweat

04:19

Microsoft: Sheltering Oneself From Patent Litigation While Passing Patents for Trolls to Attack GNU/Linux Techrights

Not a novel concept [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]

Viking shield

Summary: Another closer look at Provenance Asset Holdings and what exactly it is (connection to AST, part of the cartel Microsoft subsidises to shield itself)

THE latest anti-...

04:17

Uber approves SoftBank multibillion investment offer The Hill: Technology Policy

Uber has approved Japanese technology conglomerate SoftBanks bid to purchase a multibillion dollar stake in the ride-hailing company.The Japanese internet and telecommunications firms investment in Uber is set to be one of the largest-ever deals...

04:15

AFS File-System Driver Overhauled For Linux 4.15 Phoronix

Red Hat developers have been working on an overhaul of the AFS file-system's kernel driver for the just-opened Linux 4.15 kernel merge window...

04:12

SoftBank to Invest Billions in Uber SoylentNews

Uber board strikes agreement to pave way for SoftBank investment

Uber Technologies Inc's warring board members have struck a peace deal that allows a multibillion-dollar investment by SoftBank Group Corp to proceed, and which would resolve a legal battle between former Chief Executive Travis Kalanick and a prominent shareholder.

Venture capital firm Benchmark, an early investor with a board seat in the ride-services company, and Kalanick have reached an agreement over terms of the SoftBank investment, which could be worth up to $10 billion, according to two people familiar with the matter.

The Uber board first agreed more than a month ago to bring in SoftBank as an investor and board member, but negotiations have been slowed by ongoing fighting between Benchmark and Kalanick. The agreement struck on Sunday removed the final obstacle to allowing SoftBank to proceed with an offer to buy to[sic] stock.

Also at TechCrunch.

Related: Softbank to Invest $50 Billion in the US
SoftBank's $80-100 Billion "Vision Fund" Takes Shape
SoftBank May Sell 25% of ARM to Vision Fund; Chairman Meets With Saudi King
SoftBank Acquires Boston Dynamics and Schaft From Google
Travis Kalanick Appoints Two New Uber Board Members in "Power Play"
Saudi Arabia Planning $500 Billion Megacity and Business Zone


Original Submission

Read more of this story at SoylentNews.

03:55

How to Opt Out of Equifax Revealing Your Salary History Krebs on Security

A KrebsOnSecurity series on how easy big-three credit bureau Equifax makes it to get detailed salary history data on tens of millions of Americans apparently inspired a deeper dive on the subject by Fast Company, which examined how this Equifax division has been one of the companys best investments. In this post, Ill show you how to opt out of yet another Equifax service that makes money at the expense of your privacy.

My original report showed how the salary history for tens of millions of employees at some of the worlds largest corporations was available to anyone armed with an employees Social Security number and date of birth information that was stolen on 145.5 million Americans in the recent breach at Equifax.

Equifax took down their salary portal a service from the companys Workforce Solutions division known as The Work Number (formerly TALX) just a few hours after my story went live on Oct. 8. The company explained that the site was being disabled for routine maintenance, but Equifax didnt fully reopen the portal until Nov. 2, following the addition of unspecified security improvements.

Fast Company writer Joel Winstons story examines how some 70,000 companies including Amazon, AT&T, Facebook, Microsoft, Oracle, Twitter and Wal-Mart actually pay Equifax to collect, organize, and re-sell their employees personal income information and work history.

A typical employee at Facebook (which also owns Instagram and WhatsApp) may require verification of his employment through TALX when he leases an apartment, updates his immigration status, applies for a loan or public aid, or applies for a new job, Winston writes. If his new prospective employer is among the 70,000 approved entit...

03:52

The Patent Trolls Lobby is Losing the Battle for Europe Techrights

UPC boat sinks

Summary: The situation in Europe is looking grim for patent trolls, for their policies and the envisioned system (which they lobbied for) isnt coming to fruition and their main casualty is the old (and functioning) EPO

THE European patent framework had worked for decades; it worked a lot better before a disruptive Battistelli came in and decided to break the EPO, violate the EPC, and promote the UPC in Paris. Its almost as though Battistelli was assigned/delegated the task of making Europe more attractive to patent trolls.

IAMs editor, supported by the EPO and funded by patent trolls such as this, gave a helping hand and platform to the patent trolls' lobby (most latterly on SEP policy in Europe). We wrote about this on Friday. He was apparently speaking to the trolls lobby over the weekend; he was looking for information about the outcome and came up with a slanted headline that spins a non-decision. This is what he says happened on Friday:

A meeting held last Friday inside the European Commission between various directorates-general that was supposed to finalise the wording of a keenly-anticipated Communication on the licensing of standard essential patents broke up without resolution, IAM has learned.

[...]

The Communication was due to be made public on 29th November, but this latest development must put that date at risk. Although not a legally-binding document, a paper from the Commission outlining its views on SEP licensing for the age of 5G and the Internet of Things would be extremely influential, not only at the negotiating level, but also in courts hearing SEP-related disputes. This is even more the case given that, up to now, Europe has been seen as taking a much more balanced approach to SEP and FRAND issues than the US and many Asian jurisdictions, where the needs of technology implementers have gained the upper hand over those of the entities that created the technology in the first place.

We...

03:51

Bill Gates invests $100 million in Alzheimer's research The Hill: Technology Policy

Bill Gates will invest $100 million toward fighting Alzheimer's, the billionaire Microsoft co-founder announced Monday.Half of the $100 million, from Gates's personal fund, will go toward the Dementia Discovery Fund and the rest will go toward start...

03:42

What Happens If China Makes First Contact? Lifeboat News: The Blog

As America has turned away from searching for extraterrestrial intelligence, China has built the worlds largest radio dish for precisely that purpose.

Last January, the Chinese Academy of Sciences invited Liu Cixin, Chinas preeminent science-fiction writer, to visit its new state-of-the-art radio dish in the countrys southwest. Almost twice as wide as the dish at Americas Arecibo Observatory, in the Puerto Rican jungle, the new Chinese dish is the largest in the world, if not the universe. Though it is sensitive enough to detect spy satellites even when theyre not broadcasting, its main uses will be scientific, including an unusual one: The dish is Earths first flagship observatory custom-built to listen for a message from an extraterrestrial intelligence. If such a sign comes down from the heavens during the next decade, China may well hear it first.

03:38

Security updates for Monday LWN.net

Security updates have been issued by Debian (graphicsmagick, imagemagick, mupdf, postgresql-common, ruby2.3, and wordpress), Fedora (tomcat), Gentoo (cacti, chromium, eGroupWare, hostapd, imagemagick, libXfont2, lxc, mariadb, vde, wget, and xorg-server), Mageia (flash-player-plugin and libjpeg), openSUSE (ansible, ImageMagick, java-1_8_0-openjdk, krb5, redis, shadow, virtualbox, and webkit2gtk3), Red Hat (rh-eclipse46-jackson-databind and rh-eclipse47-jackson-databind), SUSE (java-1_8_0-openjdk, mysql, openssl, and storm, storm-kit), and Ubuntu (perl).

03:30

Hey! Dont Lock the Door, Im in Here! Hackaday

Those that work in front of a computer for a living spend most of the time making very little sound. Unless youre a member of the clicky mechanical keyboard club, your working time is a low-observables time during which people can forget about you. You can make sure youre not overlooked with this smartphone hotspot presence detector.

[Emilio Ficara]s quiet work habits resulted in his housemates locking him in sometimes, to his inconvenience. PIR or microwave occupancy sensors might have worked to fix the problem, except that a few flexing fingers arent always enough to trigger them. Luckily, [Emilio] is also wisely distrustful of free WiFi, so his phone is always set up as a mobile hotspot, giving him the means to reliably detect his presence. An ATtiny2313 and an ESP-01 do the business of polling for the SSID of his phone and blinking a bright blue LED by his door for his housemates. Its not perfect, of course; it could easily be spoofed by anyone else who knows his SSID. But simple works for now.

With almost everyone carrying one now, smartphone detection is a good proxy for the presence of a person. But it doesnt work in every case, so you may want to familiarize yourself with the aforementioned PIR and microwave methods.


Filed under: home hacks

03:30

Btrfs For Linux 4.15 Picks Up Compression Improvements, Continued Optimizations Phoronix

David Sterba of SUSE has submitted the Btrfs file-system feature changes queued for the Linux 4.15 kernel...

03:27

Porn noises interrupts BBCs live broadcast on Brexit TechWorm

BBC Breakfasts live broadcast about Brexit interrupted by sex noises

What happens when you are attentively watching a political news and suddenly you start listening sex noises in the background. Thats what happened when one of BBC Breakfasts political correspondent who was broadcasting live outside the Houses of Parliament in Westminster, London about Brexit negotiations was interrupted with unusual sound much to the shock of its viewers.

BBCs political correspondent Emma Vardy who was trying to tell viewers about Theresa May found herself in a sticky situation when sex noises could be heard while she was reporting her bulletin live on Brexit. However, Emmy controlled the horribly went wrong situation by ignoring the symphony of porn noises that went on for almost a minute by keeping her cool and continued to report with a straight face.

Even though she ignored it, horrified viewers took to Twitter to comment on the matter.

One said: Erm the background noise during that last interview at the Houses of Parliament! What the heck BBC!

Another wrote: Someone kept playing one of those videos that has sex noises on bbc breakfast while a reporter was doing a piece to camera, good job keeping a straight face, while someone else wrote, Saw it, genius.

Another bemused person wrote: Looooolllllll at someone putting the cheeky porn noise over a newsbroadcast on #bbcbreakfast this morning and fair play to the reporter for not laughing??? hahahaha xxx #funnytimes #happyfriday.

A Twitter poster called DiscoBoy took responsibility for the incident. He wrote:

Porn noises interrupts BBCs live broadcast on Brexit

He later uploaded a video on YouTube that show him getting prepared to play porn sounds via a large loud speaker while sneaking up on the live BBC broadcast.

After the report, BBC Breakfast presenters Naga Munchetty and Charlie Stayt, who were back in the studio didnt mention the strange background noises. However, the shows Twitter account chose to respond to the queries by saying that noises had been played out loud by an opportunist bystander.

They wrote: Someone nearby was playing music whilst we were live! So thats what you could hear.

A BBC spokesman told Mail Online: The interruption was beyond our control and our reporter remained professional throughout.

Source:...

03:22

Homeland Security Hackers Remotely Hack Boeing 757 HackRead

By Waqas

For some time now security researchers have talked about critical

This is a post from HackRead.com Read the original post: Homeland Security Hackers Remotely Hack Boeing 757

03:22

Missouri AG subpoenas Google in antitrust investigation The Hill: Technology Policy

Missouri's attorney general launched an investigation into Googles data collection and search practices, saying that the internet giant has so far received a free pass by federal regulators.Josh Hawley, a Republican, announced the probe on...

03:17

Re: (linux-)distros list use statistics Open Source Security

Posted by Anthony Liguori on Nov 13

Ack.

Regards,

Anthony Liguori

03:03

Teledildonics maker Lovense fixes bug to delete recordings of user sessions from phones Help Net Security

Late last week, a Reddit user took to the popular discussion site to reveal that the app that is used to control remote control sex toys made by Lovense seems to be recording while the vibrator is on. I was going through my phone media to prepare it for a factory reset and came across a .3gp file named tempSoundPlay.3gp in the folder for the App. The file was a FULL audio recording 6 minutes More

02:39

Ask Soylent: Keeping Your Phone-Based Data Secure? SoylentNews

It's time to upgrade my phone. I'm paying $80 a year on Page Plus (Verizon) with a Window 6.x phone (before tiles, has a start menu). I'm trying to find a phone which will keep my data safe and that seems far more difficult and expensive than it should, so I'm asking you, my fellow purple people eaters Soylentils, to aid me in my mundane quest. My primary use will be GPS/navigation, listening to podcasts, and making phone calls. A secondary use is managing email from multiple accounts. I do require the Google Voice app as I have a couple phone numbers from two side businesses. I'd like to be able to toggle between a VPN connection and a normal connection, but that's not a requirement. I prefer longer battery life. My Win phone can go over a week without charging if I all I do on it is make phone calls. I'm going to be living on a college campus so WiFi will normally be available. I don't want to be buying a new phone every couple years. I've had the Win phone for perhaps 6 years.

IPhones have been in the news for being difficult for state-actors to hack into, but app permissions and data can't be faked nor do I know of any OSS movement on the iOS platform. I assume Androids can be instantly cracked by state-actors, but they have some end-user programs to help prevent apps from spying on you. I'd like it if my address book, location, and media was secure from data mining apps. Do I really need to make the choice between data privacy and state privacy? Though since companies have no issue selling data to the state, is my only choice data privacy?

My ideal choice would be a pocket sized piece of hardware that runs Debian, makes phone calls, lets me install standard Linux programs, and doesn't cost more than a laptop. Though if I can connect a screen and keyboard to it and do Python/Java/C++ development then perhaps I'll pay high-end laptop prices. I've seen failed attempts at creating such a device but no successful ones.

Help me dear readers, you're not my only hope.


Original Submission

Read more of this story at SoylentNews.

02:37

The 4.14 Linux kernel has been released LinuxQuestions.org - Linux - News

From LWN
Quote:

The 4.14 kernel has been released after a ten-week development cycle. Some of the most prominent features in this release include the ORC unwinder for more reliable tracebacks and live patching, the long-awaited thread mode for control groups, support for AMD's secure memory encryption, five-level page table support, a new zero-copy networking feature, the heterogeneous memory management subsystem, and more. See the Kernel Newbies 4.14 page for more information. In the end, nearly 13,500 changesets were merged for 4.14, which is slated to be the next long-term-support kernel.

For the maintainers out there, it's worth noting Linus's warning that the 4.15 merge window might be rather shorter than usual due to the US Thanksgiving Holiday.
As always, KernelNewbies has a good summary:

Quote:

Summary: This release includes support for bigger memory limits in x86 hardware (128PiB of virtual address space, 4PiB of physical address space); support for AMD Secure Memory Encryption; a new unwinder that provides better kernel traces and a smaller kernel size; support for the zstd compression algorithm has been added to Btrfs and Squashfs; support for zero-copy of data from user memory to sockets; support for Heterogeneous Memory Management that will be needed in future GPUs; better cpufreq behaviour in some corner cases; Longer-lived TLB entries by using the PCID CPU feature; asynchronous non-blocking buffered reads; and many new drivers and other improvements.
--jeremy

02:16

Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Open Source Security

Posted by Greg KH on Nov 13

Ok, not a problem, thanks for the apology.

So the answer is just "we've decided to", right?

If so, that's fine, you are allowed to do so being a CNA, but what is
keeping you from doing the same for the thousands of other bugs that
have been fixed since this one that is in a specific Red Hat product?

It's the arbitrarily nature here that I am curious about, it feels like
it should be "all or nothing", for CVEs...

02:16

Red Hat Enterprise Linux for ARM Hits General Availability Phoronix

Red Hat now considers their ARM support on Red Hat Enterprise Linux (RHEL7) to be supported under general availability "GA" terms...

02:15

(linux-)distros list use statistics Open Source Security

Posted by Solar Designer on Nov 13

Hi,

I think it's time for Gentoo and/or Amazon to share with all of us the
statistics they should have collected so far as per:

http://oss-security.openwall.org/wiki/mailing-lists/distros#contributing-back

"13. Keep track of per-report and per-issue handling and disclosure
timelines (at least times of notification of the private list and of
actual public disclosure), at regular intervals produce and share
statistics (most notably,...

02:13

AW: Security risk of server side text editing in general and vim.tiny specifically Open Source Security

Posted by Fiedler Roman on Nov 13

Hello Alexander,

Thanks for the reminder. here is the text from the original mail to your
[vs]-list:

PS: POC for Ubuntu Xenial to overwrite /bin/mount with custom content by
creating a x.txt as another user (e.g. www-data) and having root edit it using
vim.tiny. Of course attacker would restore everything to normal afterwards
(omitted). On multicore machines, the race is not always won, for testing
purposes you can strace vim (making it...

02:08

Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Open Source Security

Posted by Vladis Dronov on Nov 13

Hello, Greg, all,

My fault here was indeed not stating that a Red Hat's product is
vulnerable (thus, a CVE was assigned), but stating that only Linux
kernel is vulnerable (while indeed it was fixed a long ago). Please,
accept my apologies.

I'm afraid, you won't like the answer, but in a short word, the Red Hat
is a CNA (CVE Numbering Authority) for Red Hat's products and the Linux
kernel and we've decided to assign this...

02:03

Ksenia Ermoshina Joins as OTF Fellow News The Citizen Lab

The Citizen Lab is excited to announce that Ksenia Ermoshina will be joining as the latest Open Technology Fund research fellow and will bring her expertise in technology, communications, and political sociology to explore information controls in Crimea, Ukraine.

Ksenia is a Russian-born researcher and Internet freedom activist. She holds a PhD in the socio-economy of innovation from Mines Paris Tech engineering school. Her research interests lie at the intersection of science and technology studies, Internet governance studies, usability of encryption, and privacy enhancing technologies. Her thesis focused on the civic tech movement in Russia and France and studied UX/UI design, development, and testing of civic mobile applications (such as apps for election monitoring and electoral fraud mapping, apps for reporting corruption, and apps for reporting police violence).

As an OTF research fellow at the Citizen Lab, Ksenia will investigate information controls in the region of Crimea after its annexation and information operations in the context of Russian-Ukrainian armed conflict. She will combine network measurements and ethnographic methodology (primarily interviews, non-participant observations, and web-ethnography). Her study will be focused on three levels: infrastructure, intermediaries (ISPs, hosting providers), and users (targeted threats to journalists and human rights activists and new tactics of circumvention and self-defence deployed in the region).

The post Ksenia Ermoshina Joins as OTF Fellow appeared first on The Citizen Lab.

02:01

Shockingly, DARPAs Brain Stimulator Might Not be Complete Nonsense Hackaday

Where does your mind jump when you hear the mention of electroshock therapy? The use of electrical current to treat various medical conditions has a long and controversial history. Our fascination with the medical applications of electricity have produced everything from the most alarming of patent medicines to life-saving devices like pacemakers and the Automatic External Defibrillator.

The oldest reference I could find is the use of the torpedo fish to allegedly cure headaches, gout, and so on in 43 CE. Incidentally, Torpedo torpedo is an awesome species name.

Dosage: Apply live fish as needed to face? Source

Much more recently, there has been interest in transcranial direct current stimulation (tDCS). In essence, its a technique by which you pass an electrical current (typically about 2 milliamps) between strategically positioned electrodes on your head. The precise reason to do this is a bit unclear; different journal articles have suggested improvements in cognition, learning, and/or the potential treatment of variou...

01:56

AMD Rolls Out ROCm 1.7 Platform For Supercomputing 17 Phoronix

AMD has unveiled the Radeon Open Compute platform (ROCm) 1.7 release as part of their wares at this week's Supercomputing 17 (SC17) conference in Denver...

01:56

Re: Security risk of server side text editing in general and vim.tiny specifically Open Source Security

Posted by Solar Designer on Nov 13

Please post this PoC in here ASAP. Right now, you're in violation of
distros list policy for having posted the PoC in there yet not made it
public on oss-security within 7 days after posting about the issue
itself in here. Please correct this. (To me this is also an example of
misuse of the distros list, and then of the ability to delay posting the
PoC - creating administrative work for all of us out of thin air.)

The policy:...

01:43

Mono Developing A New .NET Interpreter Phoronix

Miguel de Icaza has announced the latest big project with Mono: a new .NET interpreter...

01:28

The Daily Mail whisks up Kaspersky fears - but where's the meat? Graham Cluley

The Daily Mail aims for Kaspersky and... umm... misses

The Daily Mail has published a story designed to petrify millions of customers of Barclays Bank.

01:20

New Vulnerability Exploits Antivirus Programs to Install Malware HackRead

By Waqas

It is common notion that antivirus software keeps our computers

This is a post from HackRead.com Read the original post: New Vulnerability Exploits Antivirus Programs to Install Malware

01:13

Qualcomm rejects Broadcom's $103 billion bid The Hill: Technology Policy

Qualcomms board of directors on Monday unanimously rejected an offer from rival chip maker Broadcom to buy the company.Last week, Broadcom made the unsolicited $103 billion offer that would have created the largest tech merger in history.But...

01:12

Risk assessment: The first step in improving cyber security Help Net Security

Despite the proliferation of high profile cyber-attacks over the last 18 months, many organisations are still too disorganised in their approach to security. While it is no longer feasible to guarantee 100% protection against a breach, businesses are setting themselves up for a fall by failing to adequately understand and prepare for the risks facing them. PwCs 2018 Information Security Survey, which surveyed more than 9,000 business and technology executives around the world, found that More

01:06

Donald Trump's Mar-a-Lago Estate Gets Permission to Hire 70 Foreign Workers SoylentNews

Claiming a shortage of workers for the hospitality industry, Donald Trump's Mar-a-Lago club has requested and obtained permission to hire 70 foreign workers. The claim of a shortage of available workers is disputed:

'"We currently have 5,136 qualified candidates in Palm Beach County for various hospitality positions listed in the Employ Florida state jobs database," CareerSource spokesman Tom Veenstra said Friday.'

70 is a slight increase over last year, when 64 foreign workers were hired.

"Making America Great Again" by hiring foreigners? Perhaps what is required is higher pay, not foreigners.


Original Submission

Read more of this story at SoylentNews.

00:57

A China-linked cyber espionage group has been using a new strain of malware dubbed Reaver Security Affairs

Experts at Palo Alto Networks have discovered a new malware family named Reaver with ties to hackers who use the SunOrcal malware.

A China-linked cyber espionage group has developed a new strain of malware, dubbed Reaver, that was already observed in highly targeted attacks during 2016.

The malware was analyzed by experts at Palo Alto Networks, who spotted ten different samples belonging to three different versions of the malicious code.

Reaver malware

The Chinese cyberspies deliver the malware Windows Control Panel (CPL) files, a technique not common in the threat landscape, according to Palo Alto Networks only 0.006% of the malware is using this method.

Unit 42 has discovered a new malware family weve named Reaver with ties to attackers who use SunOrcal malware. SunOrcal activity has been documented to at least 2013, and based on metadata surrounding some of the C2s, may have been active as early as 2010. reads the analysis published by Palo Alto Networks.

The new family appears to have been in the wild since late 2016 and to date we have only identified 10 unique samples, indicating it may be sparingly used. Reaver is also somewhat unique in the fact that its final payload is in the form of a Control panel item, or CPL file. To date, only 0.006% of all malware seen by Palo Alto Networks employs this technique, indicating that it is in fact fairly rare.

The analysis of the infrastructure used by the threat actor behind the Reaver malware revealed a link to the SunOrcal malware used by China-linked attackers in campaigns that targeted the January 2016 presidential election in Taiwan.

The experts hav...

00:52

Q&A: The Ethics of Using Brain Implants to Upgrade Yourself IEEE Spectrum Recent Content full text

Anders Sandberg considers the future of brain enhancements Illustration: Alamy

<>

Neurotechnology is one of the hottest areas of engineering, and the technological achievements sound miraculous: Paralyzed people have controlled robotic limbs and computer cursors with their brains, while blind people are receiving eye implants that send signals to their brains visual centers. Researchers are figuring out how to make better implantable devices and scalp electrodes to record brain signals or to send electricity into the brain to change the way it functions.

While many of these systems are intended to help people with serious disabilities or illnesses, theres growing interest in using neurotech to augment the abilities of everyday people. Companies like Facebook and Elon Musks Neuralink are developing consumer devices that may be used for brain-based communication, while some startups are exploring applications in entertainment. But what are the ethical implications of medding with our brains? And how far will we take it?

Anders Sandberg is not technically a philosopher, he tells IEEE Spectrum, although it is his job to think deeply about technological utopias and dystopias, the future of AI, and the possible consequences of human enhancement via genetic tweaks or implanted devices. In fact, he has a PhD in computational neuroscience. So who better to consult regarding the ethics of neurotech and brain enhancement? 

Sandberg works as a senior research fellow at Oxfords...

00:30

Autodesks Shift to Open Source and Inner Source

Autodesk is undergoing a company-wide shift to open source and inner source. And thats on top of the culture change that both development methods require.

Inner source means applying open source development practices and methodologies to internal projects, even if the projects are proprietary. And the culture change required to be successful can be a hard shift from a traditional corporate hierarchy to an open approach. Even though theyre connected, all three changes are distinct heavy lifts.

00:15

Quantum-ized Firefox 57 Ready For Download Phoronix

Firefox 57.0 is being officially released this week and its stable download is now available...

00:00

November Patch Tuesday forecast: .NET, Adobe, Firefox and more Help Net Security

Fall is upon us and the holidays are right around the corner! But before we continue shopping, we need to cover a few security topics for this month. KRACK vulnerability The hot topic right now is the KRACK vulnerability which is named from the Key Reinstallation Attack. This is a vulnerability in the Wi-Fi WPA security protocol which allows a third party to eavesdrop on the information being sent. This can include passwords, credit card More

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Monday, 13 November

23:54

Unitary Patent (UPC) is Dead to the EPO and ANSERA is Not the Answer as Patent Quality Declines and Talented Staff Leaves Techrights

Of questions

Summary: EPOPIC comes to an end and the EPO does not mention the UPC content in it; ANSERA, in the meantime, raises more questions than it answers and IP Kat makes a formal query

THE quality of patents at the EPO and the USPTO goes in opposite directions. Its almost as though the EPO is mimicking the old (and notorious) USPTO, whereas the USPTO mimics the old (and reputable) EPO. Its bizarre, but we have been pointing this out for about four years now.

Has the EPO run out of competent staff? This morning their official news feed linked to http://localhost:8080/ (geeks will understand why its funny and how it reinforces stereotypes about marketing people) although it was supposed to link to this page (warning: epo.org link) about EPOPIC. This focuses a lot on search, e.g.:

Those attending heard how the EPO is increasingly focusing on usability to enable more users to search data efficiently and easily, while ensuring the reliability and correctness of the data.

Its worth noting that even though the UPC was mentioned by the EPO at EPOPIC it was altogether omitted from the summary of it. Curious omission! Perhaps the EPO too knows that unitary/unified/community/EU patent is dead. Were not even too sure what to call it anymore. Too many renames over the years an effort to dodge negative publicity associated with failures. The Unitary Patent aka UP aka UPC (Unified Patent Court) aka UPCA formerly harmonisation or EU patent or Community patent is a great example of names being morphed and new euphemisms being added. That still wasnt enough. Call it whatever, its still a steaming pile of dung and no sane European would want it, except perhaps the few who are patent prosecutors. The dangers associated with the UPC are further increased considering the lousy patents and lousy searches associated with European Patents these days...

23:35

Bug bounty programs and a vulnerability disclosure policy allowed Pentagon fix thousands of flaws Security Affairs

Bug bounty programs allowed the US agency to receive 2,837 valid bug reports from 650 white hat hackers located in 50 countries around the world.

Bug bounty program Hack the Pentagon launched by the Pentagon in 2016 along with the vulnerability disclosure policy announced nearly one year ago allowed the US agency to receive 2,837 valid bug reports from 650 white hat hackers located in 50 countries around the world.

Great news for U.S. citizens! Over 3,000 valid security vulnerabilities have been resolved with the U.S. Department of Defenses Hack the Pentagon hacker-powered security program. reported the platform used by the US Government to manage the initiatives.

Just over a year ago, following the success of the pilot, we announced the U.S. Department of Defense was expanding its Hack the Pentagon, initiatives. To date, HackerOne and DoD have run bug bounty challenges for Hack the PentagonHack the Army and Hack the Air Force.

The success of the bug bounty programs launched by the UG Government has been undeniable.

The hackers have earned over $300,000 in bounties for their contributions, they reported nearly 500 vulnerabilities in nearly 40 DoD components, more than 100 of the flaws have been rated critical or high severity.

Let me also remind you that the DoD vulnerability disclosure program does not offer any monetary rewards, instead it allows hackers to report security holes without the fear of potential legal consequences.

The list of vulnerabilities includes remote code execution, SQL injection, and authentication bypass issues.

...

23:33

Senate Commerce Committee Approves Stop Enabling Sex Trafficking Act (SESTA) [Updated] SoylentNews

Internet Giants Support SESTA

Tech companies are cheering on a bill that guts internet protections

In a unanimous vote, the Senate Commerce Committee approved the Stop Enabling Sex Trafficking Act (or SESTA), clearing the way for a full vote by the House and Senate. As Congress wrestles over tax reform and the debt ceiling, it's still unclear when SESTA will reach a larger vote, and it still faces stern opposition from tech policy organizations and even some anti-trafficking groups. But with more than 30 senators already signed on, the bill seems primed to pass whenever it reaches the floor.

The biggest twist has come from the industry itself. After weeks of debate, a string of tech companies and industry groups have come around to supporting SESTA, leaving critics with few allies and narrowing options. It's an unusual stance for the tech industry to take on a bill that some say would strike at some of the internet's most fundamental protections. But as Google and Facebook face mounting pressure for regulation, SESTA increasingly seems like a workable compromise, giving prosecutors a new tool while fending off more onerous regulation. For anyone dealing with user-generated content, the result could be a dangerous new source of legal risk, one that only the largest companies are fully equipped to handle.

Also at EFF and Marketplace. Wikipedia.

SESTA Could Destroy Wikipedia

Wikipedia Warns That SESTA Could Destroy Wikipedia

For many people supporting SESTA, the discussion seems to start and end with "sex trafficking is bad, this bill says it targets sex trafficking and therefore it's good" (and maybe with a touch of "if it hurts big internet companies, that's fine, they deserve it.") But, the impact of SESTA goes way beyond that (not to mention it doesn't actually do anything to stop sex trafficking and could make the problem worse)....

23:30

Is your CCTV system GDPR compliant? Help Net Security

Organisations are putting themselves at risk of breaching the GDPR because theyre failing to realise that the new regulation covers their CCTV systems and the visual data they collect, according to Andrew Charlesworth, Reader in IT Law at the University of Bristol. CCTV systems and the GDPR Because CCTV systems have been lightly regulated until now, there is a danger that users will not understand their obligations under the new legislation. New IP-based systems can More

23:00

EMEA IT spending to exceed $1 trillion in 2018 Help Net Security

IT spending in EMEA is projected to total $1 trillion in 2018, an increase of 4.9 percent from estimated spending of $974 billion in 2017, according to the latest forecast by Gartner. EMEA IT spending 2018 forecast (millions of U.S. dollars). Source: Gartner In 2017, however, all categories of IT spending in EMEA underperformed global averages. Currency effects played a big part in the weakness in 2017, and will also contribute to the strength forecast More

23:00

Tiny Tensor Brings Machine Deep Learning to Micros Hackaday

Weve talked about TensorFlow before Googles deep learning library. Crunching all that data is the province of big computers, not embedded systems, right? Not so fast. [Neil-Tan] and others have been working on uTensor, an implementation that runs on boards that support Mbed-OS 5.6 or higher.

Mbed of course is the embedded framework for ARM, and uTensor requires at least 256K of RAM on the chip and an SD card less than (thats right; less than) 32 GB. If your board of choice doesnt already have an SD card slot, youll need to add one.

The project is under heavy development right now. Youll need to use the command line tools for Mbed and expect to spend a little time fiddling with things. The examples use a Nucleo F767ZI which requires an SD card breakout, but for about $20 it might be worth starting with the same board the developer appears to be using.

Of course, you can install TensorFlow on a Raspberry Pi, too, but thats not really a proper microcontroller. It is really just a function of what your end goal is. It is easy to imagine a robot using an ARM for everything including high-level tasks like object recognition. Thats assuming it has enough horsepower.

By the way, our pocket-sized signal generator project used a K64F board that has an SD card slot and enough memory. That board might be a good target for uTensor.


Filed under: ARM, software hacks

22:52

ISIS hacking targets are US school websites now Hacker News Bulletin | Find the Latest Hackers News

Hacking has now taken a new turn and as reported earlier in the Bloomfields school website hacking, large scale ISIS hacking of US school websites has commenced. This is a point of great concern for nearly 800 US schools. ISIS hacking of US school websites involved posting of an ISIS sponsored YouTube video for about

The post ISIS hacking targets are US school websites now appeared first on Hacker News Bulletin | Find the Latest Hackers News.

22:30

China Pulls Ahead of U.S. in Latest TOP500 List

The fiftieth TOP500 list of the fastest supercomputers in the world has China overtaking the US in the total number of ranked systems by a margin of 202 to 143. It is the largest number of supercomputers China has ever claimed on the TOP500 ranking, with the US presence shrinking to its lowest level since the lists inception 25 years ago.

22:28

AMD EPYC SEV, Intel UMIP & More AVX-512 Support Heading To Linux 4.15 Phoronix

In the x86 realm for linux 4.15 are many exciting feature improvements for newer/future Intel and AMD CPUs...

22:21

Five popular programming quotes illustrated good coders code, great reuse

I just had this idea to illustrate popular computer quotes for Browserling's nerd comic. I asked my illustrator to do it and here's what we made.

There are two major products that came out of Berkeley: LSD and UNIX.
We do not believe this to be a coincidence.

Quote by J.S.Anderson and S.Aukstakalnis.

BSD Daemon used with permission. (www.mckusick.com/copyright.html)

Always code as if the guy who ends up maintaining your code
will be a violent psychopath who knows where you live.

Quote by John F. Woods.

Computer science is no more about computers than
astronomy is about telescopes.

Quote by Edsger W. Dijkstra.

Lisp isn't a language, it's a building material.

Quote by Alan Kay.

Computers are useless. They can only give you answers.

Quote by Pablo Picasso.

Bonus quote:

Give me the command line and I shall move the world.

Quote by modern day Archimedes.

See you next time!

22:00

Week ahead in tech: FCC takes aim at media ownership rules The Hill: Technology Policy

On Thursday, the Federal Communications Commission will be voting to eliminate a number of restrictions on media ownership.The rules on the chopping block include prohibitions against the common ownership of both a newspaper and...

22:00

Former General Motors Vice Chair Bob Lutz: Kiss the Good Times Goodbye SoylentNews

Bob Lutz, former General Motors Vice Chair, opines:

It saddens me to say it, but we are approaching the end of the automotive era.

The auto industry is on an accelerating change curve. For hundreds of years, the horse was the prime mover of humans and for the past 120 years it has been the automobile.

Now we are approaching the end of the line for the automobile because travel will be in standardized modules.

The end state will be the fully autonomous module with no capability for the driver to exercise command. You will call for it, it will arrive at your location, you'll get in, input your destination and go to the freeway.
...
The vehicles, however, will no longer be driven by humans because in 15 to 20 years at the latest human-driven vehicles will be legislated off the highways.

The tipping point will come when 20 to 30 percent of vehicles are fully autonomous. Countries will look at the accident statistics and figure out that human drivers are causing 99.9 percent of the accidents.

Is he right? Is the age of the automobile coming to an end?


Original Submission

Read more of this story at SoylentNews.

21:55

Top 10 Most Pirated Movies of The Week on BitTorrent 11/13/17 TorrentFreak

This week we have four newcomers in our chart.

Valerian and the City of a Thousand Planets is the most downloaded movie again.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the weekly movie download chart.

This weeks most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 (1) Valerian and the City of a Thousand Planets 6.7 / trailer
2 () The Hitmans Bodyguard 7.0 / trailer
3 (5) 24 Hours to live 5.7 / trailer
4 (9) Thor Ragnarok (HDTS/Cam) 8.2 / trailer
5 (6) Spider-Man: Homecoming 7.8 / trailer
6 () Jeepers Creepers 3 4.4 / trailer
7 (10) American Made (Subbed HDrip) 7.3 / t...

21:54

We Are Likely To See More Vulkan Driver Fixes From Feral Phoronix

Feral developer Alex Smith is requesting commit rights to the Mesa code-base...

21:38

PHP 7.2 Benchmarks, Performance Of PHP 5.3 To PHP 7.2 On AMD EPYC Phoronix

With PHP 7.2 due for release before month's end and the final release candidate (RC6) already available that in essence is very close to the final build, here are some fresh benchmarks from PHP 5.3 through PHP 7.2 RC6 while using an AMD EPYC Tyan server...

21:28

GNU Linux-libre 4.14-gnu Released, Still A Battle Deblobbing Driver Firmware Phoronix

The Free Software Foundation Latin America team are once again punctual in delivering their updated GNU Linux-libre kernel...

21:24

Bill Gates purchases Arizona land to build future smart city TechWorm

Bill Gates is developing the City of the Future in Arizona

Bill Gates, the co-founder of Microsoft, has chosen Arizona to build his future smart city by purchasing a plot of 25,000 acres of land in the south western region of the United States.

The area, which is a 45-minutes drive from west of Phoenix in an area called the West Valley off I-10 near Tonopah, costs $80 million, said Belmont Partners, a real estate investment group based in Arizona who closed the deal for the plot of land from one of Gates investment firms.

The proposed community, planned to spread across 25,000 acres, will be called Belmont, and the goal is to convert the land into its own smart city, according to Belmont Partners.

Belmont will create a forward-thinking community with a communication and infrastructure spine that embraces cutting-edge technology, designed around high-speed digital networks, data centers, new manufacturing technologies and distribution models, autonomous vehicles and autonomous logistics hubs, the group says in a news release.

Of the 25,000 acres, 3,800 acres will be used for office, retail, and commercial space, while another 470 acres will be used for public schools, which would leave enough space for 80,000 residential units.

Comparable in square miles and projected population to Tempe, Arizona, Belmont will transform a raw, blank slate into a purpose-built edge city built around a flexible infrastructure model, Belmont Properties said.

They even added that the future smart city will enjoy tomorrows technologies such as an autonomous vehicle infrastructure, autonomous logistic hubs, and more upon completion of the project.

Arizona Technology Councils Executive Emeritus Ronald Schott said the land Gates company purchased is in a good spot,which is in part due to the proposed I-11 freeway, which would run right through Belmont and connect to Las Vegas.

Bill Gates is known for innovation and those kind of things, and I think he picked the right place, said Schott, which is in part due to the proposed I-11 freeway.

Hes coming to Arizona. Finally Arizonas being recognized for being a place for innovation, Schott added.

As of now, theres no word on when construction of the project will start. This is a developing story and we will keep you updated.

Check out the video below:

Source:KGW

The post B...

21:15

EXT4 In Linux 4.15 Gets Online Resizing When Using Bigalloc, Corruption Fixes Phoronix

Ted Ts'o was quick to send in the EXT4 file-system and fscrypt file-system encryption framework changes for the just-opened Linux 4.15 merge window...

20:56

The Hilton hotel chain is paying a $700,000 settlement for credit card data breaches Security Affairs

The Hilton hotel chain is paying a $700,000 settlement after being accused of mishandling two separate credit card data breaches.

The Hilton hotel chain is paying a $700,000 settlement to the states of New York and Vermont after being accused of mishandling two separate cyber attacks that exposed financial data of its customers.

The credit card breaches were in 2014 and 2015 and affected more than 363,000 payment cards.

The investigation revealed that crooks installed a PoS malware in Hilton payment systems, potentially exposing customers card details between 18 November and 5 December 2014.

The second incident was spotted in July and dates back April of the same year.

Hilton

Hilton Domestic Operating Company, Inc notified customers about the incident only in November 2015.

The company is accused of poor security of its payment system and is responsible for the delay in informing customers.

Businesses have a duty to notify consumers in the event of a breach and protect their personal information as securely as possible, said Attorney General Eric T. Schneiderman.

Lax security practices like those we uncovered at Hilton put New Yorkers credit card information and other personal data at serious risk. My office will continue to hold businesses accountable for protecting their customers personal information.

As part of the settlement, Hilton will strengthen the security of its payment systems and internal procedures for incident handling.

Hilton is strongly committed to protecting our customers payment card information and maintaining the integrity of our systems, the company said in a statement.

Lets try to imagine the outcome of this incident under the forthcoming EU GDPR regulation. With such regulation in line, it would be $420 million, as the fine...

20:42

Soviet children in 1967 dreamt of space travel, free ice-cream & robots doing homework in 2017 World News Lifeboat News: The Blog

Letters from a time capsule opened in the Russian city of Novorossiysk have revealed that Soviet students in 1967 believed their peers in 50 years time would be living on other planets and eating ice cream for free, while their homework will be done by machines.

Hundreds of time capsules were laid across the USSR in 1967 as the country celebrated half a century since the Russian Revolution, which eventually led to the creation of the Soviet state. Those messages, containing the accounts of Soviet peoples lives and their messages to descendants, are being opened in Russia this year, coinciding with the 100th anniversary of the events of 1917.

READ MORE: Cruiser Aurora fires at Winter Palace 100 years ago, signals peak of Russian Revolution.

20:30

How OpenChain Can Transform the Supply Chain

OpenChain is all about increasing open source compliance in the supply chain. This issue, which many people initially dismiss as a legal concern or a low priority, is actually tied to making sure that open source is as useful and frictionless as possible. In a nutshell, because open source is about the use of third-party code, compliance is the nexus where equality of access, safety of use, and reduction of risk can be found. OpenChain accomplishes this by building trust between organizations.

20:27

FreeGuard: A Faster Secure Heap Allocator SoylentNews

A small team of researchers at the University of Texas at San Antonio has released their source code for a drop-in malloc replacement and published a paper, FreeGuard: A Faster Secure Heap Allocator (warning for PDF), describing it in detail. It utilizes a novel memory layout, reduces a large number of mmap calls, borrows the "freelist" idea from performance-oriented allocators, and introduces a range of additional security capabilities, all with only a very small performance hit. The paper makes frequent comparisons to the Linux and OpenBSD allocators.

In spite of years of improvements to software security, heap-related attacks still remain a severe threat. One reason is that many existing memory allocators fall short in a variety of aspects. For instance, performance-oriented allocators are designed with very limited countermeasures against attacks, but secure allocators generally suffer from significant performance overhead, e.g., running up to 10 slower. This paper, therefore, introduces FreeGuard, a secure memory allocator that prevents or reduces a wide range of heap-related attacks, such as heap overflows, heap over-reads, use-after-frees, as well as double and invalid frees. FreeGuard has similar performance to the default Linux allocator, with less than 2% overhead on average, but provides significant improvement to security guarantees. FreeGuard also addresses multiple implementation issues of existing secure allocators, such as the issue of scalability. Experimental results demonstrate that FreeGuard is very effective in defending against a variety of heap-related attacks.

The code itself is dual licensed GPL and proprietary.


Original Submission

Read more of this story at SoylentNews.

20:18

p2k17 Hackathon Report: Landry Breuil on Mozilla things and much more OpenBSD Journal

Landry Breuil (landry@) sent in our next report from the recent ports hackathon:

So.. p2k17.. and now i realize that my first hackathon was p2k7, 10 years ago, time flies !

Read more

20:00

Monitoring Container Clusters with Prometheus

In native cloud environments, classic monitoring tools reach their limits when monitoring transient objects such as containers. Prometheus closes this gap, which Kubernetes complements, thanks to its conceptual similarity, simple structure, and far-reaching automation.

20:00

Weather Station Needs Almost No Batteries Hackaday

While the ESP8266 has made its way into virtually every situation where a low-cost WiFi solution is needed, its not known as being a low-power solution due to the amount of energy it takes to run WiFi. [Alex] took this design constraint as more of a challenge though, and with the help of an ATtiny microcontroller was able to develop a weather station using an ESP8266 that only needs new batteries every 2-4 years.

While the ESP8266 module consumes a bit of power, the ATtiny excels in low-power mode. To take advantage of this, [Alex] designed the weather station using the ATtiny to gather data every two minutes, store the data in a buffer, and upload all of it in bursts every hour using the ESP8266. This means that the power-hungry WiFi chip can stay off most of the time, drastically limiting the power demands of the station. [Alex] mostly details the setup of the ATtiny and the ESP8266 on his project page, so this could be applied anywhere that low power and network connectivity are required.

As for the weather reporting capabilities, the station is equipped to measure temperature, light, and humidity. Presumably more could be added but this might increase the power demands for the weather station as a whole. Still, changing batteries once a year instead of once every two years might be a worthwhile trade-off for anyone else attempting such an ambitious project. Other additions to the weather station that weve seen before might include a low-power display, too.


Filed under: Microcontrollers

19:42

Seven minutes of terror: AI activists turn concerns about killer robots into a movie Lifeboat News: The Blog

As if the mere phrase killer robots werent scary enough, AI researchers and policy advocates have put together a video that combines present-tense AI and drone technologies with future-tense nightmares.

The disturbing seven-minute movie is being released to coincide with a pitch being made on Monday in Geneva during talks relating to the U.N. Convention on Certain Conventional Weapons, or CCW.

19:38

Hollywood Studios Force ISPs to Block Popcorn Time & Subtitle Sites TorrentFreak

Early 2014, a new craze was sweeping the piracy world. Instead of relatively cumbersome text-heavy torrent sites, people were turning to a brand new application called Popcorn Time.

Dubbed the Netflix for Pirates due to its beautiful interface, Popcorn Time was soon a smash hit all over the planet. But with that fame came trouble, with anti-piracy outfits all over the world seeking to shut it down or at least pour cold water on its popularity.

In the meantime, however, the popularity of Kodi skyrocketed, something which pushed Popcorn Time out of the spotlight for a while. Nevertheless, the application in several different forms never went away and it still enjoys an impressive following today. This means that despite earlier action in several jurisdictions, Hollywood still has it on the radar.

The latest development comes out of Norway, where Disney Entertainment, Paramount Pictures Corporation, Columbia Pictures, Twentieth Century Fox Film Corporation, Universal City Studios and Warner Bros. have just taken 14 local Internet service providers to court.

The studios claimed that the ISPs (including Telenor, Nextgentel, Get, Altibox, Telia, Homenet, Ice Norge, Eidsiva Bredbnd and Lynet Internet) should undertake broad blocking action to ensure that three of the most popular Popcorn Time forks (located at popcorn-time.to, popcorntime.sh and popcorn-time.is) can no longer function in the region.

Since site-blocking necessarily covers the blocking of websites, there appears to have been much discussion over whether a software application can be considered a website. However, the court ultimately found that wasnt really an issue, since each application requires websites to operate.

Each of the three [Popcorn Time variants] must be considered a site, even though users access Popcorn Time in a way that is technically different from the way other pirate sites provide users with access to content, and although different components of the Popcorn Time service are retrieved from different domains, the Oslo District Courts ruling reads.

In respect of all three releases of Popcorn Time, the Court weighed the pros and cons of blocking, including whether blocking was needed at all. However, it ultimately decided that alternative methods for dealing with the sites do not exist since the rightsholders tried and ultimately failed to get cooperation from the sites operators.

All sites have as their main purpose the purpose of facilitating infringement of protected works by giving the public una...

19:30

OCI Update: v1.0.1 Release and New Maintainer

Concurrently, we are gearing up for the next phase in ensuring broad adoption of common container image format and runtime specs as we prepare to launch an OCI certification/conformance program. This program will allow folks to be confident that their OCI solutions meet a high set of criteria that deliver interoperable solutions.

19:16

TSA Plans to Use Face Recognition to Track Americans Through Airports cryptogon.com

Via: EFF: The PreCheck program is billed as a convenient service to allow U.S. travelers to speed through security at airports. However, the latest proposal released by the Transportation Security Administration (TSA) reveals the Department of Homeland Securitys greater underlying plan to collect face images and iris scans on a nationwide scale. DHSs programs will []

19:09

Why Honest Journalism on Patent Matters Barely Exists Techrights

One month ago: Patent Microcosm, Patent Media and Patent Office: Its a Big Club and You Aint in It

George Carlin

Summary: Media coverage in the area of patent law is still appalling as its dominated if not monopolised by those who benefit from patent maximalism

THE NEWS regarding patents remains dominated by a lot of articles that are composed either directly or indirectly by the patent microcosm. People try to sell services or promote their commercial agenda. Its not journalism. See this new example, which looks like a typical puff piece (advertisement), not reporting.

People try to sell services or promote their commercial agenda.Not only corporate media is the issue; some blogs too are in it (sites like IAM or Patently-O, where the author some days ago was an Oracle employee). Even IP Watch, which is typically okay, published a sponsored (fake/advertisement) article which would have us believe that startups need patents (waste of money/time). Its hard to see the reason for publishing this in a readers-supported site. Days ago, behind paywall, it wrote about Googles patent aggression (theres no lack of stories about patent aggression in the news).

It has become hard to find a source for patent news which we can consistently trust. Some sites actively and consciously push patent propaganda (on the payroll of patent trolls), some are literally run and/or funded by rich corporations, and even some antagonists are occasionally selling out to advertisers in pursuit of quick cash....

19:06

DHS Tests demonstrate Boeing 757 airplanes vulnerable to hacking Security Affairs

Researchers and private industry experts, along with DHS officials, remotely hacked a Boeing 757 airplane that was parked at the airport in Atlantic City.

A group of researchers and private industry experts, along with DHS officials, remotely hacked a Boeing 757 airplane owned by the DHS that was parked at the airport in Atlantic City, New Jersey.

The team didnt have physical access to the plan, the experts interacted with systems on the aircraft remotely via radio frequency communications.

The successful experiment took place in September 2016, pilots were not informed of the ongoing cyber attacks. In just two days, the reached their goal, but the details of the hack were not disclosed and will remain classified.

The experiment and its results were disclosed last week during the 2017 CyberSat Summit in Virginia. The test was revealed by Robert Hickey, aviation program manager with the Cyber Security Division of the DHS Science and Technology (S&T) Directorate.

Many aviation experts declared to be aware of the flaw exploited by Hickey and his team, but seven experienced pilots at American Airlines and Delta Air Lines airline companies had no knowledge of the issue when they were briefed in a March 2017 issue.

All seven of them broke their jaw hitting the table when they said, You guys have known about this for years and havent bothered to let us know because we depend on this stuff to be absolutely the bible,' explained Hickey

boeing 757

Even is the Boeing 757 in no more in production since 2004, but its still largely used by many companies, also President Donald Trumps personal airplane is a Boeing 757.

Legacy aircraft, which make up more than 90% of the commercial planes actually in use, dont have security protections differently by newer planes that are built with a security by design approach.

Patch management is a big problem in the avionics industry, the cost to change just one line of code on a piece of avionics equipment could reach $1 million...

19:00

AI-Powered Microscope Counts Malaria Parasites in Blood Samples IEEE Spectrum Recent Content full text

Silicon Valley teams up with a Chinese microscope manufacturer to deploy deep learning to diagnose malaria Photo: Andrew H. Kim/Intellectual Ventures Roxanne Rees-Channer, a research biochemist, inserts a cassette into the EasyScan GO at the Hospital for Tropical Diseases in London, where the AI-powered microscope is being tested.

Today, a Chinese manufacturer and a venture backed by Bill Gates will announce plans to commercialize a microscope that uses deep learning algorithms to automatically identify and count malaria parasites in a blood smear within 20 minutes. AI-powered microscopes could speed up diagnosis and standardize detection of malaria at a time when the mosquito-borne disease kills almost half a million people per year.

That previous research, presented at the International Conference on Computer Vision [pdf] in October, has inspired the Global Good Funda partnership between the company Intellectual Ventures and Bill Gatesand a Chinese microscope manufacturer called Motic to take the next big commercialization step.

Such microscopes could prove especially helpful in tracking the treatment of multidrug-resistant strains of malaria spreading in Southeast Asia. This multidrug resistance monitoring relies on very reliable microscopy to see how quickly the malaria drugs  have reduced the amount of parasites in the blood, says David Bell, director of global health technology at the Global Good Fund. We saw that machine learning could bring more accuracy and standardization in this area and allow countries to implement monitoring more effectively.

The EasyScan GO  microscope under development would combine bright-field microscope technology with a laptop computer running deep learning software that can automatically identify parasites that cause malaria. Human lab workers would...

What Tech Can Learn from the Fruit Flys Search Algorithm - Facts So Romantic Nautilus


Scientists are starting to understand that search powers much of the natural world, too.Image by Intelligent Product Solutions / YouTube

Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you. Verse 7:7 from the Gospel of Matthew is generally considered to be a comment on prayer, but it could just as well be about the power of search. Search has become one of the key technologies of the information age, powering industry behemoths and helping us with our daily chores. But thats not where it ends. Scientists are starting to understand that search powers much of the natural world, too.

Saket Navlakha, of the Salk Institute for Biological Studies, works at the interface of theoretical computer science, machine learning, and systems biology, a field, he told me, that he and his colleagues are calling algorithms in nature. Evolution needs algorithms just as software engineers do, Navlakha says, because it has also had to deal with building efficient, reliable, low-cost systems that help animals and organisms survive. His hope is to find in nature new ideas and new engineering principles that can be exploited by human scientists and engineers.

In a study published on
Read More

18:53

Patent Maximalism Around the World Techrights

It is common to argue that intellectual property in the form of copyright and patent is necessary for the innovation and creation of ideas and inventions such as machines, drugs, computer software, books, music, literature and movies. In fact intellectual property is not like ordinary property at all, but constitutes a government grant of a costly and dangerous private monopoly over ideas. We show through theory and example that intellectual monopoly is not neccesary for innovation and as a practical matter is damaging to growth, prosperity and liberty. Michele Boldrin and David K. Levine

Summary: A roundup of stories or spin observed over the past week, mostly favouring those who profit from patents rather than creation of anything

Patentism can be a lot like theism. It can be the blind faith in the ludicrous idea that patents in their own right not anything else are innovation or something along those lines. In reality, patents may grant incentives for original works to made where investment (time, money, material) is needed for these works. In the case of software, copyrights provide such an incentive. When someone writes code, unless it is marked as Public Domain, that code is attributed to or gets assigned to the author (coder).

India

When someone writes code, unless it is marked as Public Domain, that code is attributed to or gets assigned to the author (coder).Its not hard to see why the patent industry distorts the history and purpose of patents. These people just try to defend their own job, which involves no production or innovation at all. A few days ago, revisiting the debate about abstract patents in India, LexOrbis was once again pushing banned patents (out of scope). Its far from the first time and LexOrbis typically uses IAM as the platform. Its trying to advocate/legitimise patents on financial methods (similar to business methods, which are similar also to software patents) and it doesnt seem to matter to these people that India neither wants nor needs such patents.

China

...

18:06

ALMA Captures Best-Ever Image of Red Giant W Hydrae SoylentNews

ALMA's image of red giant star gives a surprising glimpse of the sun's future

A team of astronomers led by Wouter Vlemmings, Chalmers University of Technology, have used the [Atacama Large Millimeter Array] to make the sharpest observations yet of a star with the same starting mass as the Sun. The new images show for the first time details on the surface of the red giant W Hydrae, 320 light years distant in the constellation of Hydra, the Water Snake. W Hydrae is an example of an AGB (asymptotic giant branch) star. Such stars are cool, bright, old and lose mass via stellar winds. The name derives from their position on the famous Hertzsprung-Russell diagram, which classifies stars according to their brightness and temperature.

[...] Alma's images provide the clearest view yet of the surface of a red giant with a similar mass to the Sun. Earlier sharp images have shown details on much more massive, red supergiant stars like Betelgeuse and Antares. The observations have also surprised the scientists. The presence of an unexpectedly compact and bright spot provides evidence that the star has surprisingly hot gas in a layer above the star's surface: a chromosphere. "Our measurements of the bright spot suggest there are powerful shock waves in the star's atmosphere that reach higher temperatures than are predicted by current theoretical models for AGB stars," says Theo Khouri, astronomer at Chalmers and member of the team. An alternative possibility is at least as surprising: that the star was undergoing a giant flare when the observations were made.

Other best-ever images of stars. W Hydrae is the 7th brightest star in the night sky.

The shock-heated atmosphere of an asymptotic giant branch star resolved by ALMA (DOI: 10.1038/s41550-017-0288-9) (DX)

Previously: Very Large Telescope Interferometer Captures Best Ever Image of Another Star (Antares)


Original Submission

Read more of this story at SoylentNews.

17:23

Links 13/11/2017: Samsungs DeX Revisited, Linux Kernel 4.14 Released Techrights

GNOME bluefish

Contents

GNU/Linux

  • Desktop

    • Samsungs Linux on Galaxy software will bring full-fledged Ubuntu desktop to your phone (with an external display)

      Samsungs DeX dock lets you connect one of the companys recent phones to an external display, mouse, and keyboard to use your phone like a desktop PC assuming youre comfortable with a desktop PC that runs Android.

      But soon you may also be able to use your Android phone as a Linux PC. Samsung recently unveiled plans for Linux on Galaxy, promising that youd be able to run a full-fledged Linux environment on a phone hooked up to a DeX dock.

    • GNU/Linux Is Still Cooking

      ts true that smartphones have taken a huge share of personal computing away from desktops and notebooks but there are still huge limitations around screen-size, computing power, storage etc. where smartphones are not enough. Ive long recommended using smartphones and desktop equipment together. Every time I find my text runs outside a text-box or some page is viewable only in portrait mode in Android/Linux, I long for some way to get to GNU/Linux. Today, I get up off the sofa and walk to my desk. Perhaps some day, Ill dock the smartphone and carry on. Now, I have to reopen work from the desktop PC I call Beast.

    • Samsung teases Linux desktops on Galaxy S8 and Note 8 smartphones, thanks to DeX
  • Audiocasts/Shows

  • Kernel Space

    • Linux 4.14

      No surprises this week, although it i...

17:00

The VAIO WIth A Pi Inside Hackaday

Raspberry Pi laptops are not an uncommon sight, as many hardware enthusiasts have shoehorned the tiny board behind LCD panels into home-made cases.

[Frank Adams] has created one of the best Pi laptops weve ever seen, (for which we suggest you skip straight to the PDF). Hes removed the guts from an aged Sony VAIO laptop and replaced it with the fruity computer, alongside a Teensy to handle VAIO keyboard, buttons, and LED I/O via the Pi USB port. An M.NT68676 video board interfaces the VAIO display to the Pi HDMI, and a USB to SATA cable is connected to a 240Gb solid state hard drive. The laptops Wi-Fi antenna is routed to the Pi via a soldered on co-axial connector, and there is also a real-time clock board. There are a few rough edges such as a USB cable that could be brought inboard, but its otherwise well-integrated into the case. His write-up is a very comprehensive PDF, that should serve as a good primer to anyone else considering such a laptop conversion.

The result is a laptop that looks for all the world like a commercially produced machine, yet that is also a Raspberry Pi. In a strange way, a Sony laptop is an apt homecoming for the board from Cambridge, because other than red soldermask or very early Chinese-made models, all Raspberry Pi boards are made in a Sony factory in Wales. Whatever the donor laptop though, this is definitely a step above the run-of-the-mill Pi laptops. To see its competition, take a look at this very ugly machine with a bare LCD panel, or this laser-cut sandwich laptop.


Filed under: Raspberry Pi

16:41

Facebook Launches Community Boost Program To Teach Digital Job Skills TechWorm

Facebook to teach digital and social media skills to the unemployed in 30 cities

Mark Zuckerberg, CEO of the social media giant Facebook, on Thursday announced a new outreach program called Facebook Community Boost, that aims to help small businesses, entrepreneurs and job seekers in the U.S. by teaching them digital and social media skills they need to compete in the new economy.

Announcing the decision on Facebook, Zuckerberg wrote in the post: Today were announcing a new program called Facebook Community Boost to help small businesses in the US grow, and to help more people get the digital skills those businesses need. Since 2011, Facebook has invested more than $1 billion dollars to support small businesses. This is the next step.

Facebook will be investing tens of millions of dollars into the program that will travel to 30 cities around the U.S. in 2018, including stops in Houston, St. Louis, Albuquerque, Des Moines and Greenville, South Carolina. Through the program, Facebook will be training people with new skills, providing entrepreneurs advice, and helping existing organizations without an online presence to master the Internet.

With regard helping businesses, Facebook said they have trained more than 60,000 small businesses in the US and hundreds of thousands more around the world.

More than 1 million small businesses have already taken advantage of Facebooks free online learning hub to learn how to use our marketing tools.

Zuckerburg said, One of the things Im most proud of is that 70 million small businesses use Facebook to connect with customers. Thats 70 million people who now have access to the same tools the big guys have. Now we need to make it easier for people to start and build new businesses or find jobs and opportunities, and in the process strengthen their communities.

According to a company blog post attributed to Facebook VP of small business Dan Levy, the program will target four different groups of people: established business owners, entrepreneurs, job seekers, and those who are interested in digital literacy and online safety training.

We want to do more to support communities across America particularly for those who are transitioning to careers that require more digital skills, Levy wrote.

The free training on a range of digital skills include coding, building websites and obviously using Facebook for their business. Zuckerberg said he thinks these are some specific things Facebook can do to help boost the economy and small businesses, both because its going to be good for our products and business and because its going to be good for this mission of building a community even beyond our own interests. Facebook...

15:45

Samsung Shows Off Linux Desktops on Galaxy 8 Smartphone SoylentNews

El Reg reports

Ubuntu--all of it--running Eclipse on a phone, and a DeX dock

Video Samsung's shown a little more of its plans to run fully-fledged Linux desktops on its 8-series Galaxy smartmobes.

Samsung teased the idea of Linux on its flagship phones in October 2017, promising that Linux would run in your hand or, if you use its DeX dock, in full desktop mode on a monitor. Now it's released [a video] to show off its idea.

Described as a "Concept Demo", the vid has a couple of interesting moments.

The first comes at the 12 second mark, after the "Linux on Galaxy" app has been run. At this point we see Ubuntu 16 listed, along with a plus sign to add other OSes to the app. This appears to make good on Samsung's promise that you'll be able to have multiple OSes in your Galaxy.

Not long after the app boots, an Ubuntu desktop duly appears and runs Eclipse [the FOSS integrated development environment].

In its original announcement of Linux on Galaxy, Samsung said it was aimed at developers wanting Linux wherever they may roam, on the off-chance they feel like doing a spot of coding on a very small screen. At 1:09 in the video below, the company puts some meat on those bones by suggesting Linux on a smartphone means developers can "use classic IDE desktop IDE for native ARM development."

Which sounds a bit more like it as The Register can imagine developers using a handset to test an app and tweaking it on the run, popping a phone in and out of a dock when a proper look at the code is required

Samsung's still not saying when Linux on Galaxy will debut, but at least now we know it's more than[sic] advanced than mere announcementware. The company's still offering the chance to sign up for more info about the tool, here.

Previous: Samsung to Give Linux Desktop Experience to Smartphone Users


Original Submission

Read more of this story at SoylentNews.

14:22

The Government of Dubai Media Office Lifeboat News: The Blog

The Government of Dubai Media Office via the United Arab Emirates Prime Ministers official YouTube channel has released a 3-minute video of the World Economic Forum Global Future Councils 2017 meeting. My speech on the main stage at the event is covered a number of times in the middle of this video as I discuss #transhumanism and human enhancement. I was honored to have founder and Executive Chairman of the World Economic Forum Klaus Schwab and the Prime Minister of UAE, HH Sheikh Mohammed Bin Rashid Al Maktoum, listen to some of my talk. The Global Futures Council event was a big success and a lot of fun: #gfc17


http://fw.to/ilMs6BD
11 November, 2017 Vice President, Prime Minister of the UAE and Ruler of Dubai His Highness Sheikh Mohammed bin Rashid Al Maktoum has attended part of the 2nd Annual Meeting of the Global Future Councils (AMGFC) organised in partnership between the UAE Government and the World Economic Forum (WEF) Davos. During a meeting with the Founder and Executive Chairman of the World Economic Forum Professor Klaus Schwab, His Highness Sheikh Mohammed asserted that the United Arab Emirates is keen on adopting the future industry by utilising the Fourth Industrial Revolution technologies to benefit societies.

http://fw.to/OxpyTgG
11 , 2017 . .

14:00

Alexa, Hack My TV Hackaday

If you have an Alexa, one of the best things you can buy to go with it is a Harmony Hub remote. Sure, you get a universal remote to control all your home theater equipment, but youll hardly use it because the Alexa can virtually push the Harmony buttons for you. The negative word in this paragraph, though, is buy. The Harmony Hub isnt inexpensive. Fortunately [Michael Higginis] has you covered. He has an ESP8266 universal remote that you can control with Alexa. You can see a video of setting the system up below.

On the one hand, the idea is fairly simple. An ESP8266 has plenty of horsepower to read and recreate IR codes. However, we were very impressed with the web portal used to configure the device and integrating it with Alexa is a neat trick.

Unlike a real Harmony Hub, however, the remote only controls IR devices. However, since the Alexa to device connection is WiFi, you probably wont miss having an RF remote, even if you need to tuck the remote away in an enclosure somewhere.

Besides the cost, the concept that you could hack this to meet your needs is pretty seductive. If you want to be perverse, you could probably marry this with a Zenith Space Command remote. Those remotes, by the way, are mechanical and it is fun to trace the remote from its early origins to telling Alexa to turn on The Orville.

 


Filed under: ARM

13:24

Forest Service Fire Experts Blocked From Attending Conference; Censorship Alleged SoylentNews

According to The Missoulian (archive):

Several of Missoula's top federal fire scientists have been denied permission to attend the International Fire Congress later this month, leading conference organizers to suspect censorship of climate-related research.

"Anyone who has anything related to climate-change research right away was rejected," said Timothy Ingalsbee of the Association for Fire Ecology, a nonprofit group putting on the gathering. Ingalsbee noted that was his personal opinion, and that the AFE [Association for Fire Ecology] is concerned that a federal travel restriction policy may be more to blame.

The Missoulian also said (archive):

The scientists no longer attending include Matt Jolly, who was to present new work on "Climate-induced variations in global severe weather fire conditions," Karin Riley on "Fuel treatment effects at the landscape level: burn probabilities, flame lengths and fire suppression costs," Mike Battaglia on "Adaptive silviculture for climate change: Preparing dry mixed conifer forests for a more frequent fire regime," and Dave Calkin, who was working on ways to manage the human response to wildfire.

takyon: Also at Scientific American (thanks to another Anonymous Coward).


Original Submission

Read more of this story at SoylentNews.

13:04

Week in review: Top GDPR compliance risks, DDE attack mitigations, Node.js security Help Net Security

Heres an overview of some of last weeks most interesting news and articles: Infosec expert viewpoint: Vulnerability patching Vulnerability patching is one of the most useful and cost-effective methods to mitigate a plethora of security threats. Heres what infosec experts think about the challenges related to patching systems, and how they see vulnerability patching evolve in the near future. They also give advice to enterprises looking to deploy a solution that makes vulnerability patching easier. More

12:43

Scientists hatch bold plan to save planet from supervolcano Lifeboat News: The Blog

Wow!!!


Humans have witnessed many cataclysmic volcanic eruptions, but around the world right now there are about 20 so-called supervolcanoes that could outdo them all. One is in Yellowstone National Park.

12:42

Listen: Adam Savage interviews Natasha Vita-More Lifeboat News: The Blog

The SYFY25: Origin Stories Podcast, hosted by Adam Savage (editor-in-chief, tested.com and former co-host of Mythbusters), is a nostalgic celebration of all things science fiction. In this podcast series Adam sits down with creators, thought-leaders, and celebrity fans to discuss the moments, people, and milestones that have changed the genre universe forever. From revealing personal anecdotes to deep philosophical discussions.

Transhumanist philosopher Natasha Vita-More chats with Adam and explains what transhumanism means for us regular humans, how it will impact the evolution of humanity, and close we are to uploading our brains into databases, ensuring our immortality.

Listen on iTunes.

12:42

US Air Force Hires Two Firms to Start Developing Americas Next ICBM Lifeboat News: The Blog

Boeing and Northrop Grumman have each received deals to start developing a replacement for the Minuteman III.

The Trump administration placed orders with two major defense firms on Monday to start working on technology for new intercontinental ballistic missiles to replace the Cold War-era Minuteman III.

The deals come amid nuclear threats against the U.S. by North Korea and increased tension with Russia, which is upgrading its ICBMs.

11:40

AMD Zen Temperature Monitoring Queued For Linux 4.15 Phoronix

We've been expecting it to happen for weeks while indeed the hwmon pull request was indeed sent in today exposing AMD Ryzen / Threadripper / EPYC temperature reporting on Linux...

11:31

US-CERT Warns of Crypto Bugs in IEEE Standard SoylentNews

Submitted via IRC for soycow1984

Recent academic work focused on weak cryptographic protections in the implementation of the IEEE P1735 standard has been escalated to an alert published Friday by the Department of Homeland Security.

DHS' US-CERT warned the IEEE P1735 standard for encrypting electronic-design intellectual property and the management of access rights for such IP is flawed.

"In the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP," US-CERT said in its alert, citing researchers that found the flaw. "Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."

The Institute of Electrical and Electronics Engineers (IEEE) P1735 standard flaw was first reported by a team of University of Florida researchers. In September, the researchers released a paper titled Standardizing Bad Cryptographic Practice (PDF).

In all, seven CVE IDs are assigned to the flaw and document the weakness in the P1735 standard.

Source: https://threatpost.com/us-cert-warns-of-crypto-bugs-in-ieee-standard/128784/


Original Submission

Read more of this story at SoylentNews.

11:12

DistroWatch Weekly, Issue 738 DistroWatch.com: News

This week in DistroWatch Weekly: Review: SparkyLinux 5.1News: Slax developer explores init options, Arch Linux drops 32-bit packages, an overview of LineageOSQuestions and answers: Worried about spywareReleased last week: Redcore Linux 1710, Parrot Security OS 3.9, SharkLinux 4.13.0-17Torrent corner: Antergos, IPFire, KDE neon, Netrunner, PCLinuxOS, Redcore, SharkLinuxUpcoming releases:....

11:00

Hackaday Links: Supercon Sunday Hackaday

This is not your normal Sunday links post. This is Superconference Sunday, and right now there are dozens of awesome projects floating around our conference in Pasadena. This links post will be mostly the projects from Supercon, but before that theres some stuff we need to clear out of the queue:

Concerning other conferences, the Sparklecon site is up. Why go to Sparklecon? Its a blast.

Tindie is worldwide! There were a bunch of Tindie sellers at the Maker Faire Adelaide this weekend. YouTuber MickMake is a friend of Tindie and were teaming up to give away a few prizes from Australian Tindie sellers. You can check out the full details here.

Theres an Internet of Things thing from 4D Systems. Its an ESP8266 and a nice small display.

Well, crap. It might have finally happened. [Maxim Goryachy] and [Mark Ermolov] have obtained fully functional JTAG for Intel CSME via USB DCI. What the hell does that mean? It means you can plug something into the USB port of a computer, and run code on the Intel Management Engine (for certain Intel processors, caveats apply, but still). This is doom. The Intel ME runs below the operating system and has access to everything in your computer. If this is real right now we only have a screenshot computer security is screwed, but as far as anyone can tell, me_cleaner fixes the problemAlso, Intel annoyed [Andy Tanenbaum].

With that out of the way, heres some stuff from this weekends Supercon:

These are normal Supercon happenings.

State of the art in PCB art

A while back, we had a few thousand Tindie blinky badges manufactured, and right now someone is hacking a few of these together into a cybernetic Cerberus at the Hackaday Supercon. I never stopped working on these badges, and now its time to show off the latest development in PCB art. Full color PCBs. This is a full-color PCB, that has gradients and...

11:00

HPR2421: Project Interest Hacker Public Radio

This is just a short &quot;episode&quot; wherein I ponder the nature of showmanship and razzle-dazzle regarding the success or failure of FOSS, and other projects that require collaboration. Your comments and opinions are ACTIVELY encouraged.

10:08

Various Stuff Not Even Wrong

A few links that may be of interest. Mathematics first:

  • A seminar Lectures Grothendieckiennes on the mathematical ideas of Alexander Grothendieck is taking place this year in Paris, and has just recently started up.
  • My ex-Columbia colleague Jeff Achter is one of the authors of an unusual new math paper: Hasse-Witt and Cartier-Manin matrices: A warning and a request. The paper points out that papers of Manin at some points confused an operator and its dual, leading to potential sign errors in later papers that reference Manins results. Im quite sympathetic to the problem, having at various points fallen victim to similar confusions while writing my book (I hope they have all been resolved in the final version, wouldnt bet anything really valuable on it).
  • Nature has an excellent obituary of Vladimir Voevodsky, written by Dan Grayson.

On the physics side:

  • The LHC has now ended data-taking at 13 TeV for the year (a recent summary is here) and will start up again next spring. The machine ended up delivering about 50 inverse fb each to CMS/ATLAS (bettering the goal of 45), of which about 45 was recorded. Results published so far typically use 36 inverse fb from previous years data, so next year we should start seeing results based on a total 13 TeV data set of up to 80 inverse fb.
  • Still no WIMPs. Frank Wilczek surveys searches for his favorite dark matter alternative here.
  • At Big Think, Eric Weinstein has a take on whats gone wrong with theoretical physics over the past 40 years that Im mostly in agreement with.

09:45

Amazon moves to stop S3 buckets leaking business data Graham Cluley

Amazon moves to stop S3 buckets leaking business data

Businesses dont need to be targeted by sophisticated hackers to have private and sensitive data splashed across the newspaper headlines.

Read more in my article on the Bitdefender Business Insights blog.

09:10

Gene Therapy and Skin Grafting for Junctional Epidermolysis Bullosa SoylentNews

'Butterfly child' given life-saving skin

A child has been given a new genetically modified skin that covers 80% of his body, in a series of lifesaving operations. Hassan, who lives in Germany, has a genetic disease - junctional epidermolysis bullosa - that leaves his skin as fragile as a butterfly's wings. A piece of his skin was taken, its DNA was repaired in the laboratory and the modified skin grafted back on. After nearly two years, the new skin appears completely normal.

[...] Normally, the different layers of the skin are held together by "anchoring proteins". But the junctional epidermolysis bullosa means Hassan's DNA lacks the instructions for sticking his epidermis (the surface layer) to the dermis (the next one down). There is no cure, and about four in 10 patients do not even reach adolescence.

[...] [A] team of biologists specialising in gene therapy were brought in from the University of Modena and Reggio Emilia, in Italy - and the parents gave approval for them to try an experimental therapy.

In September 2015, a 4 sq cm (0.6 sq inches) patch of skin was taken from an area where the epidermis was still intact. The biopsy was then infected with a customised virus. Viruses are good at getting inside cells, and this one contained the missing instructions for binding the layers of skin together.

The now genetically modified skin cells were grown to make skin grafts totalling 0.85 sq m (9 sq ft). It took three operations over that winter to cover 80% of the child's body in the new skin. Hassan's father said his son had spent months covered in so many bandages he had looked like a mummy. But 21 months later, the skin is functioning normally with no sign of blistering. You can even pinch the once incredibly fragile skin, with no sign of damage.

[...] An analysis of the structure of Hassan's skin, detailed in the journal Nature [DOI: 10.1038/nature24487] [DX], has discovered a group of long-lived stem cells are that constantly renewing his genetically modified skin.

Also at NYT and The Washington Post (archive).


Original Submission

Read more of this story at SoylentNews.

08:22

12nov2017 Trivium

08:00

Inside an Amateur Bugging Device Hackaday

[Mitch] got interested in the S8 data line locator so he did the work to tear into its hardware and software. If you havent seen these, they appear to be a USB cable. However, inside the USB plug is a small GSM radio that allows you to query the device for its location, listen on a tiny microphone, or even have it call you back when it hears something. The idea is that you plug the cable into your car charger and a thief would never know it was a tracking device. Of course, you can probably think of less savory uses despite the warning on Banggood:

Please strictly abide by the relevant laws of the state, shall not be used for any illegal use of this product, the consequences of the use of self conceit.

We arent sure what the last part means, but we are pretty sure people can and will use these for no good, so it is interesting to see what they contain.

The device is really simple inside, containing just two ICs. One is a CPU and the other a GSM phone. [Mitch] found a simple OS that targeted the CPU and was able to use that to dump the Flash contents. He could not figure out how to write to it however. Glancing through the dumps though, it seems it uses Nucleus as an operating system. He examined it using a variety of interesting techniques and tools, so even if you dont care about this device in particular you still might enjoy the process.

[Mitch] notes some similar hardware in leaked NSA documents. People are worried about the Amazon Echo listening. Maybe it would be a good idea to scan your USB cables. Bugging tech has certainly come a long way.


Filed under: teardown

07:46

YouTube blocks videos of late jihadist cleric: report The Hill: Technology Policy

YouTube has blocked a large number of propaganda videos from late jihadist cleric Anwar al-Awlaki due to mounting pressure from counterterrorism advocates and governments, according to The New York Times. Hundreds of hours of al-Awlaki's...

07:33

MPAA Lobbies US Congress on Streaming Piracy Boxes TorrentFreak

As part of its quest to reduce piracy, the MPAA continues to spend money on its lobbying activities, hoping to sway lawmakers in its direction.

While the lobbying talks take place behind closed doors, quarterly disclosure reports provide some insight into the items under discussion.

The MPAAs most recent lobbying disclosure form features several new topics that werent on the agenda last year.

Among other issues, the Hollywood group lobbied the U.S. Senate and the U.S. House of Representatives on set-top boxes, preloaded streaming piracy devices, and streaming piracy in general.

The details of these discussions remain behind closed doors. The only thing we know for sure is what Hollywood is lobbying on, but it doesnt take much imagination to take an educated guess on the why part.

Just over a year ago streaming piracy boxes were hardly mentioned in anti-piracy circles, but today they are on the top of the enforcement list. The MPAA is reporting these concerns to lawmakers, to see whether they can be of assistance in curbing this growing threat.

Some of the lobbying topics

Its clear that pirate streaming players are a prime concern for Hollywood. MPA boss Stan McCoy recently characterized the use of these devices as Piracy 3.0 and a coalition of industry players sued a US-based seller of streaming boxes earlier this month.

The lobbying efforts themselves are nothing new of course. Every year the MPAA spends around $4 million to influence the decisions of lawmakers, both directly and through external lobbying firms such as Covington & Burling, Capitol Tax Partners, and Sentinel Worldwide.

While piracy streaming boxes are new on the agenda this year, they are not the only topics under discussion. Other items include trade deals such as the TPP, TTIP, and NAFTA, voluntary domain name initiatives, EU digital single market proposals, and cybersecurity.

TorrentFreak reached out to the MPAA for more information on the streaming box lobbying efforts, but we have yet to hear back.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and...

07:11

The 4.14 kernel has been released LWN.net

The 4.14 kernel has been released after a ten-week development cycle. Some of the most prominent features in this release include the ORC unwinder for more reliable tracebacks and live patching, the long-awaited thread mode for control groups, support for AMD's secure memory encryption, five-level page table support, a new zero-copy networking feature, the heterogeneous memory management subsystem, and more. See the Kernel Newbies 4.14 page for more information. In the end, nearly 13,500 changesets were merged for 4.14, which is slated to be the next long-term-support kernel.

For the maintainers out there, it's worth noting Linus's warning that the 4.15 merge window might be rather shorter than usual due to the US Thanksgiving Holiday.

07:08

Linux 4.14 Kernel Officially Released Phoronix

The Linux 4.14 kernel is now official!..

06:49

Alibaba's "Singles' Day" Sales Reach $25 Billion SoylentNews

China shopping festival smashes record with $25 billion haul

Alibaba, the Chinese e-commerce giant, said on Saturday its Singles' Day sales extravaganza hit $25.4 billion, smashing its own record from last year and cementing it as the world's biggest shopping event. Once a celebration for China's lonely hearts, Singles' Day has become an annual 24-hour buying frenzy that exceeds the combined sales for Black Friday and Cyber Monday in the United States, and acts as a barometer for China's consumers.

As tills shut midnight on Saturday, Alibaba's live sales ticker registered 168.3 billion yuan, up 39 percent from 120.7 billion yuan last year. The dollar figure was up more steeply due to the strength of the yuan against the greenback this year.

The event began soon after a star-studded event in Shanghai late on Friday. As midnight hit, a deluge of pre-orders helped drive a billion dollars of sales on Alibaba's platforms in the first two minutes and $10 billion in just over an hour. "In terms of scale it just dwarfs any other event out there," said Ben Cavender, Shanghai-based principal at China Market Research Group.

But what is Singles' Day?

Chinese Singles' Day or Guanggun Jie (Chinese: ; pinyin: Gunggn Ji; WadeGiles: Kuang-kun chieh; literally: "Single Sticks' Holiday") is an entertaining festival widespread among young Mainland Chinese people, to celebrate the fact that they are proud of being single. The date, November 11th (11/11), is chosen because the number "1" resembles an individual that is alone. This festival has become the largest offline and online shopping day in the world,[2] with sales in Alibaba's sites Tmall and Taobao at US$5.8 billion in 2013, US$9.3 billion in 2014, US$14.3 billion in 2015 and over US$17.8 billion in 2016.

Related: Alibaba Revenues Surge 61% On Online Shopping


Original Submission

Read more of this story at SoylentNews.

06:41

All it took for researchers was a mask to bypass iPhone X Face ID HackRead

By Waqas

Apple Inc. introduced Face ID facial recognition system on September

This is a post from HackRead.com Read the original post: All it took for researchers was a mask to bypass iPhone X Face ID

05:58

Watch "Why Existential Risks Matter & Decentralized Mitigation Strategies Allison Duettmann @BIL 2017". Lifeboat News

Watch "Why Existential Risks Matter and Decentralized Mitigation Strategies -- Allison Duettmann @BIL 2017".

05:22

Life without cash Lifeboat News: The Blog

As digital innovations continue to transform the way we live, a lot of things we once took for granted are falling by the wayside. Paper money and coins could soon be among them.

The use of digital payments in all forms is fast becoming commonplace. A cashless society, once considered remote if not unimaginable, is now more imminent, with staggering amounts of transactions being digitally processed daily. In Nordic countries, especially Sweden and Denmark, the majority of all transactions are now made through electronic or digital means.

Governments around the world are working to prepare their citizens to fully benefit from a digital future. India, for example, has hundreds of millions of people in the database of its Aadhaar biometric identity and payment system. But the countrys Supreme Court recently ruled that the system could compromise citizens fundamental right to privacy, underscoring one of the key concerns about the new digital era.

05:22

NASA Believes It Knows How To Make Mars Green Again Lifeboat News: The Blog

Director of NASAs Planetary Science Division, James Green, believes that by introducing an artificial magnetic field in front of Mars, it could regain its atmosphere and even liquid surface water. Consequently, the human race could be colonizing Mars very soon.

05:22

Chimaera to Facilitate the Development of Decentralized Autonomous Universe Lifeboat News: The Blog

During the last few years, gaming technology has improved considerably, yet theres been no actual revolution capable of completely changing and improving the gaming ecosystem. However, the introduction of Chimaera, a platform meant to allow game developers to build massive multiplayer online game worlds on top of the blockchain network, could change this.

Disclosure: This is a Sponsored Article

Chimaeras main purpose is to have millions of players competing against one another in blockchain-based and decentralised virtual realities that run non-stop, and serverless. Apart from this, the platforms second purpose is to allow the creation of blockchain assets and game currencies that players can securely trade for profit.

05:07

Building a feedline HF choke Daniel Estvez

My current HF antenna is a long wire (around 15 or 20m) connected to an MFJ-993BRT outdoor automatic antenna tuner. The tuner is fed with around 25m of M&P Airborne 10 coaxial cable which runs into the shack. When I installed this antenna, I suffered from high RF currents on the outside of the coax shield when transmitting. These currents go into the shack trying to find a path to earth, since this kind of antenna needs good grounding. Also, while receiving, the coax carried lots of interference into the antenna, especially in the lower bands.

I tried to mitigate this problem by installing a ground rod besides the tuner. This is 2m a copper tube with 50cm buried in the ground. The top of the tube is connected to the tuner ground with a short cable. After installing the ground rod, approximately half of the RF current flowed into the ground rod and the remaining half kept flowing into the shack via the coax shield.

To measure RF current, I have been using a clamp on meter. My design is similar to the design by Ian GM3SEK, but I measure voltage across the output capacitor with a multimeter instead of using a resistor and ammeter coil.

Now I have built and installed a feedline choke following the design of the mid-bands choke by GM3SEK. I use 4 turns of M&P Airborne 5 coax through 3 Fair Rite 2643167851 material 43 cores, wound as an 85mm coil. The finished choke can be seen below.

HF feedline choke

I have measured the performance of the choke using my Hermes-Lite2 beta2 in VNA mode, as I already did with my mains choke. The results are shown below.

...

05:00

Modern Technology for an Ancient Contest Hackaday

Certamen is a special class of  high school quiz bowl tournament thats focused solely on the classics. No, not Austen and Dickens, the actual classics. All the questions are about stuff like ancient Greek and Roman civilization and culture, classical mythology, and the finer points of Latin grammar. Like any other quiz bowl, the contestants use buttons to buzz in and answer the questions.

The practice machine consists of 12 arcade-style buttons connected to a control box. An Arduino Mega in the control box records the order of button presses as they arrive and displays a corresponding code on an LCD. A toggle switch selects between Certamen mode, where one button press locks out the rest of the team, and a Quiz mode with no lockout.

Our favorite thing about this build is the way [arpruss] took care of managing long cables, which was one of his main must-haves. The buttons are wired to the control box with Cat6 in three groups of fourone cable per table, one pair per chair. Our other favorite thing is the Easter eggs. Hold down the clear button on the control box when the system is booting and one of two things happens: either the buttons band together and turn into piano keys, or some Latin poetry appears on the screen.

[arpruss]s 3D-printed buzzer bases look pretty slick. If Certamen practice ever starts to get out of hand, he might consider more robust packaging, like these Devo hat buttons.


Filed under: Arduino Hacks, classic hacks

04:42

Privacy fears over artificial intelligence as crimestopper Lifeboat News: The Blog

Washington (AFP) Police in the US state of Delaware are poised to deploy smart cameras in cruisers to help authorities detect a vehicle carrying a fugitive, missing child or straying senior.

The video feeds will be analyzed using artificial intelligence to identify vehicles by license plate or other features and give an extra set of eyes to officers on patrol, says David Hinojosa of Coban Technologies, the company providing the equipment.

We are helping officers keep their focus on their jobs, said Hinojosa, who touts the new technology as a dashcam on steroids.

04:28

Nintendo to More Than Double Production of Switch; Success Rooted in Wii U's Failure SoylentNews

Nintendo takes a gamble with record-setting Switch production plans

The Nintendo Switch has been an unqualified success so far, with Nintendo recently promising increased holiday season production to meet demand and expectations of over 16 million total sales by the end of March 2018. Reporting now suggests the company is expecting that sales pace to increase markedly in the coming year, though, and another associated production increase would come with both a fair amount of potential and risk for the company.

The production news comes from The Wall Street Journal, which cites "people with direct knowledge of the matter" in reporting that Nintendo plans to make 25 to 30 million Switch units in the coming fiscal year (which starts in April 2018). That's a major increase from the 13 million produced for the current fiscal year, which itself was a sizable increase from the company's initial plans to make just 8 million units for the console's first full year on shelves. WSJ's sources say those production numbers could go up even higher if coming holiday season sales are strong.

Nintendo exec: Failed Wii U is responsible for Switch's success

The success of the company's latest gaming console, the Nintendo Switch, is the result of lessons taken from the failed Wii U, according to Reggie Fils-Aim, the president of Nintendo America.

[...] The console also didn't have a consistent flow of new games supporting the system. "We've addressed that with the Nintendo Switch -- having a steady pace of new launches is critical," he said. The Switch includes games like "The Legend of Zelda: Breath of the Wild," "Super Mario Odyssey" and "Mario Kart 8 Deluxe."

Another issue with the Wii U was that it didn't have "strong support" from Nintendo's third-party partners, Fils-Aim said. "Whether it's the big companies like Electronic Arts, or whether it's the smaller independent developer, we need those companies to create content to support us. We have that now with Nintendo Switch," he said.

Previously: Will Th...

04:09

Lifeboat Foundation is now a Partner of the Conrad Challenge. Lifeboat News

Lifeboat Foundation is now a Partner of the Conrad Challenge. The Conrad Challenge brings together a dynamic community of innovators and entrepreneurs driving a collaborative movement to develop extraordinary and viable solutions to benefit our world in one of five areas: Aerospace and Aviation, Cyber-Technology and Security, Energy and Environment, Health and Nutrition, and Smoke-Free World.

03:57

Barcelona Superblocks The Isoblog.


Barcelona Superillas are being built, heres what they look like.


Explaining the Superilla Concept


Superillas in Cities: Skylines

03:29

Microsoft president urges a digital Geneva Convention, we agree Security Affairs

Microsoft president Brad Smith appeared before the UN in Geneva to talk about the urgency of a digital Geneva Convention.

Microsoft president Brad Smith appeared before the UN in Geneva to talk about the role of nation-state actors in the threat landscape. We are assisting a growing number of nation-state cyber attacks, for this reason, cybersecurity experts, and Government officials urge the adoption of norms of states behavior in the cyberspace.

The risk of escalation and retaliation in cyberspace, the increasing number of cyber attacks and cyber threats even more sophisticated could have a destabilizing effect on international peace and security. The risk of conflict between states caused so cyber incidents encourages all States to engage in law-abiding, norm-respecting and confidence-building behavior in their use of ICT.

Smith last month Blamed North Korea for the WannaCry ransomware attack.

During the UN session on current internet governance challenges, Smith urged the need to define a cyber equivalent of the Geneva Convention.

If you can hack your way into a thermostats you can hack your way into the electric grid, Smith said, adding that the tech sector has the first responsibility for improving internet security because after all we built this stuff.

Digital Geneva Convention

Most of you, already know that I was one of the experts of the Cyber G7 group at the Ital...

03:24

Time for the Court of Appeals for the Federal Circuit (CAFC) to Disregard Rulings From the Eastern District of Texas Techrights

Judge Gilstrap alone has become a cautionary tale and there are other culprits

Eastern District of Texas Summary: A look at the latest developments at the Federal Circuit and some bits about Microsofts extortion using software patents (even after Alice)

Writing about Georgetown Rail Equipment Co. v Holland L.P. the other day, this article sheds light on a case we have not covered here before. It is not about software patents, but it ought to give a clue to the Federal Circuit (CAFC). Its a reminder that Texas has serious issues. Maybe they should lower the seriousness (or impact) assigned to just about every decision from the Eastern District of Texas, which is a disgraced court district, sometimes even corrupt.

Maybe they should lower the seriousness (or impact) assigned to just about every decision from the Eastern District of Texas, which is a disgraced court district, sometimes even corrupt.Over the past decade or so we have seen far too many cases in which judges ruled for the financial interests of their towns rather than justice itself. Up until TC Heartland it has gone largely unaddressed.

For CAFC to gain or regain credibility perhaps it should take all this into account. CAFC is currently dealing with MasterMine v Microsoft [1, 2, 3] a case which threatens to revive fears of software patents. Every so often a decision comes out of the Federal Circuit that has immediate value for patent prosecutors, the patent microcosm wrote, and the de...

03:09

KDE Frameworks 5.40 Brings Kirigami Improvements, Wayland Foreign Protocol Phoronix

The KDE camp this weekend has released KDE Frameworks 5.40 as their latest feature update to this collection of add-on libraries complementing Qt5...

02:18

The Latest In Our Massive Linux Benchmarking Setup - November 2017 Phoronix

Two and a half years ago was the start of the continually evolving effort around turning a basement into a big Linux server room and last year having shared a one year redux in the effort but having been late in a second year redux into this effort and how the systems are configured for our Linux/BSD/open-source benchmarking at scale, here is an update.

02:00

Smart DC Tester Better than a Dummy Load Hackaday

Testing DC supplies can be done in many ways, from connecting an actual load like a motor, to using a dummy load in the manner of a big resistor. [Jasper Sikken] is opening up his smart tester for everyone. He is even putting it on Tindie! Normally a supply like a battery or a generator would be given multiple tests with different loads and periodic readings. Believe us, this can be tedious. [Jasper Sikken]s simulated load takes away the tedium and guesswork by allowing the test parameters to be adjusted and recorded over a serial interface. Of course, this can be automated.

In the video after the break, you can see an adjustment in the constant-current mode from 0mA to 1000mA. His supply, meter, and serial data all track to within one significant digit. If you are testing any kind of power generator, super-capacitor, or potato battery and want a data log, this might be your ticket.

We love testers, from a feature-rich LED tester to a lead (Pb) tester for potable water.


Filed under: Microcontrollers, tool hacks

01:47

Coinbase Escalates Showdown on U.S. Tax Probe as Bitcoin Surges SoylentNews

Submitted via IRC for TheMightyBuzzard

The 10,000 bitcoins that seven years ago famously paid for the delivery of two Papa John's pizzas would be worth more than $74 million today.

The exploding value of the cryptocurrency since its first real-world transaction in 2010 is one reason the U.S. Internal Revenue Service is pushing to see records on thousands of users of Coinbase Inc., one of the biggest U.S. online exchanges. The company's digital currency platform allows gains to be converted into old-fashioned dollars in transactions that the IRS alleges are going unreported.

Coinbase and industry trade groups are fighting back in court, claiming the government's concerns about tax fraud are unfounded and that its sweeping demand for information is a threat to privacy.

Source: https://www.bloomberg.com/news/articles/2017-11-09/coinbase-escalates-showdown-on-u-s-tax-probe-as-bitcoin-surges


Original Submission

Read more of this story at SoylentNews.

01:41

Quantum Computers a Threat to Bitcoin Security cryptogon.com

Via: MIT Technology Review: A crucial feature of Bitcoin is its security. Bitcoins have two important security features that prevent them from being stolen or copied. Both are based on cryptographic protocols that are hard to crack. In other words, they exploit mathematical functions, like factorization, that are easy in one direction but hard in []

Sunday, 12 November

11:00

How out of date are android devices? Dan Luu

Its common knowledge that Android device tend to be more out of date than iOS devices, but what does this actually mean? Lets look at android marketshare data to see how old devices in the wild are. The x axis of the plot below is date, and the y axis is Android marketshare. The share of all devices sums to 100% (with some artifacts because the public data Google provides is low precision).

Color indicates age:

  • blue: current (API major version)
  • yellow: 6 months
  • orange: 1 year
  • dark red: 2 years
  • bright red/white: 3 years
  • light grey: 4 years
  • grey: 5 years
  • black: 6 years or more

There are three major ways in which this graph understates the number of outdated devices:

Second, this graph shows marketshare, but the number of Android devices has dramatically increased over time. For example, if we look at the 80%-ile most outdated devices (i.e., draw a line 20% up from the bottom), it the 80%-ile device today is a few months more outdated than it was in 2014. The huge growth of Android means that there are many many more outdated devices now than there were in 2014.

Third, this data comes from scraping Google Play Store marketshare info. That data shows marketshare of devices that have visited in the Play Store in the last 7 days. In general, it seems reasonable to believe that devices that visit the play store are more up to date than devices that dont, so we should expect an unknown amount of bias in this data that causes the graph to show that devices are newer than they actually are.

On the other hand, if were looking at this from a security standpoint, some devices will receive updates without updating their major version, skewing the date to look more outdated than it used it.

One thing we can see from that graph is that, as time goes on, the world accumulates a larger fraction of old devices over time. This makes sense and we could have figured this out w...

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog