IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Friday, 15 December

07:43

CLTRe join the race to be crowned as a Tech Trailblazer Help Net Security

CLTRe have been selected as a finalist in the Firestarter Trailblazer category in the Tech Trailblazers Awards. The shortlists have been selected by a panel of leading IT industry experts and are now open to public vote. I am so proud of our team for being nominated as a finalist for this award. As a start-up, we are delighted to be recognised in the Firestarter Trailblazer category. We have a truly dedicated team who are More

04:51

(IN)SECURE Magazine issue 56 released Help Net Security

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 56 has been released today. Table of contents How consumers, enterprises and insurance providers tackle cyber risk Industrial cyber insurance comes of age The modern challenges of cyber liability Rethinking corporate risk practices in the cyber age Cyber insurances inevitable evolution into risk management services As cyber risks enter the top three global business risks, the insurance industry More

04:39

Preventing good containers from going bad Help Net Security

Containers go bad everyday, and often without warning. All it takes is one CVE impacting an image, and now all containers deployed using this image are at an increased level of risk of compromise. As the use of containers becomes a standard practice, existing software development and security methodologies will need to better support developing, running, and managing applications made possible by containerization. The security risks associated with containerized software delivery has become a hot More

02:20

Pentagon to Allow Transgender People to Enlist in Military SoylentNews

Transgender recruits will be allowed to enlist in the military beginning Jan. 1, the Pentagon said Monday, as President Donald Trump's ordered ban suffered more legal setbacks.

The new policy reflects the difficult hurdles the federal government would have to cross to enforce Trump's demand earlier this year to bar transgender individuals from the military.

[...] Potential transgender recruits will have to overcome a lengthy and strict set of physical, medical and mental conditions that make it possible, though difficult, for them to join the armed services.

Maj. David Eastburn, a Pentagon spokesman, says the enlistment of transgender recruits will start Jan. 1 and go on amid the legal battles.

Pentagon to allow transgender people to enlist in military


Original Submission

Read more of this story at SoylentNews.

02:16

How To Start Mobile Penetration for iOS TechWorm

iOS applications like better out-of-the-box security than their Android alternatives due to Apples much more tightly controlled environment. Nevertheless, that advantage does not mean much in case you do not perform a thorough job securing the apps of yours.

That is the reason there has to be somebody who assumes the job of penetration tester on each team. The info below highlights the appropriate topics in Apples iOS Security Guide and OWASPs Mobile Security Testing Guide. It can serve as a very helpful cheatsheet for starting up penetration testing for iOS apps.

Preparing the assessment environment

An important component of dog pen testing an iOS software will be the usage of the appropriate tools and devices. You will find numerous different tools.

App logic

The first and most significant action is usually to completely evaluate the apps flow and entry data points, which includes how and where the information is kept in the unit or perhaps transmitted to APIs.

Applying a testing framework

Before you apply an assessment program, you want an obvious method in place. For a place to start, I suggest creating your technique around the OWASP Mobile Top ten.

OWASP suggests you begin by breaking down the ten vulnerabilities into specific tests which could be categorized into one or even much more of these sections. Additionally, you are able to develop specific tests targeting the range of every section.

Specific iOS security concerns

The iOS platform has very specific security concerns when analyzing the vulnerabilities of apps.

Checking for insecure data storage

Data can be stored in different formats including (but not limited to):

  • The NSUserDefaults class
  • Log files
  • XML and plist
  • SQLite files
  • Keychain data

Capturing the traffic with ZAP or BURP

You are able to make use of BURP of OWASP ZAP as an assault proxy to gain all of the visitors between the app plus its outside connections. This tutorial shows you exactly how to configure OWASP ZAP to intercept all traffic. BURP has specific guidelines to setup the proxy in this situation. Its configuration has an iOS simulator.

When you begin capturing the site traffic, you are able to work with active or passive scanning on each proxies for particular strikes to APIs being called by the app. In case the software is employing SSL certificate pinning, you may wish to try bypassing SSL Pinning by utilizing SSL Kill...

02:09

FreeBSD-Based TrueOS 17.12 Released Phoronix

The FreeBSD-based operating system TrueOS that's formerly known as PC-BSD has put out their last stable update of 2017...

02:01

Truly Terrible Dimensioned Drawings Hackaday

Im in the planning stages of a side project for Hackaday right now. Its nothing too impressive, but this is a project that will involve a lot of electromechanical parts. This project is going to need a lot of panel mount 1/8 jacks and sockets, vertical mount DIN 5 connectors, pots, switches, and other carefully crafted bits of metal. Mouser and Digikey are great for nearly every other type of electrical component, but when it comes to these sorts of electromechanical components, your best move is usually to look at AliExpress or DealExtreme, finding something close to what you need, and buying a few hundred. Is this the best move for a manufacturable product? No, but were only building a few hundred of these things.

I have been browsing my usual Internet haunts in the search for the right bits of stamped brass and injection molded plastic for this project, and have come to a remarkable conclusion. Engineers, apparently, have no idea how to dimension drawings. Drafting has been a core competency for engineers from the dawn of time until AutoCAD was invented, and now were finally reaping the reward: Its now rare to find a usable dimensioned drawing on the Internet.

This post is going to be half rant, half explanation of what is wrong with a few of the dimensioned drawings Ive found recently. Consider this an example of what not to do.  There is no reason for the state of engineering drawing to be this bad.


Example One: It Gets Worse The More You Look At It

...

01:53

Mesa 17.2.7 Released For Those Not Yet On Mesa 17.3 Phoronix

Emil Velikov of Collabora has announced the release today of Mesa 17.2.7 as the latest point release for this older stable branch of Mesa...

01:40

IPv6 Auto-Configuration in Linux

Title: 
IPv6 Auto-Configuration in Linux

01:35

CEEK Launches Token Sale to Connect Artists and Fans In VR TechWorm

Artists and content creators in the entertainment industry are passing up on potential revenue due to their inability to reach a huge part of the global audience. Despite the innovation and extended reach of VR technology, many potential participants are still sidelined from playing a part in the entertainment industry, especially as fans and followers.

VR in the entertainment industry

With concerts repeatedly sold-out and audience demands most often beyond the capacity of available physical arenas, the limitations of the current state of the entertainment industry is further exposed. However, the technology that simulates the actual environment, making viewers from thousand of kilometers and continents away enjoy the aura of a given event has gone a long way in making a global community out of the real world.

The VR technology effectively simulates the communal experience of attending a live concert, a sporting event, educational classroom, e.t.c, from anywhere at anytime.

CEEK Launches Token Sale to Connect Artists and Fans In VRCEEK and the blockchain

CEEK is taking innovation in the entertainment industry a step further by the implementation of blockchain technology and its token sale. This enables artists and celebrities to mint coins that are attached to contents, therefore creating virtual event tickets and merchandise which in turn makes possible an unlimited revenue stream.

Celebrity minted coins and virtual merchandise items take on the traits of cryptocurrency as each are assigned their own Ethereum address, therefore offer fans the ability to cash in by owning rare items that can gain in value very quickly in virtual reality. Artists may sign these items with special cryptographic token signatures that cannot be duplicated and are authenticated on the blockchain as to their rarity and value.

The platform will be powered by tokens using the ERC20 Adapter and will be Bancor Smart Tokens, allowing them to connect to the Bancor network. A Bancor Token Converter can be launched for each smart token with a CEEK reserve using a configurable weight. Once the tokens are minted, the total number of custom tokens may fluctuate and the price will dynamically adjust based on market sentiment and demand.

...

01:30

Deploy Scalable Smart City Architectures Confidently With Network Simulation IEEE Spectrum Recent Content full text

Simulation technologies originating from the network infrastructure sector can be used in place of traditional PoC methods, allowing smart city designers to generate virtual networks of thousands of devices and connections

Smart cities represent one of the highest-volume and highest-value segments of the Internet of Things (IoT) but are among the most difficult to prototype. The potential number and type of devices and networking technologies that make up a smart city deployment quickly scale beyond the cost and time constraints of traditional proof of concept (PoC) prototyping measures. Smart city developers need an alternative approach to testing network viability and IoT platform performance.

Simulation technologies originating from the network infrastructure sector can be used in place of traditional PoC methods, allowing smart city designers to generate virtual networks of thousands of devices and connections.

In this article, smart city stakeholders will learn:

How the scale of smart city deployments quickly outstrips the capabilities of traditional PoCs and prototyping solutions

The advantages of network simulation for evaluating large-scale smart city rollouts

How simulation software can pair with Intel IoT Gateway technology to reduce cost and time to market when measuring platform and network architecture performance

01:29

It's Been Four Years Since SteamOS Began Shipping With Not Much To Show Phoronix

It was four years ago this week that Valve began shipping SteamOS, their Debian-based Linux distribution intended for Steam Machines and those wanting a gaming-oriented Linux distribution. While Valve still technically maintains the SteamOS Linux distribution, the outlook at this point is rather bleak...

01:23

DOJ confirms criminal investigation into Uber The Hill: Technology Policy

The Justice Department is conducting at least one criminal investigation into ride-hailing company Uber, according to a letter made public Wednesday.The Nov. 22 letter from the U.S. attorney's office for the Northern District of California does not...

01:00

Complex regulations and sophisticated cyberattacks inflate non-compliance costs Help Net Security

The cost of non-compliance has significantly increased over the past few years, and the issue could grow more serious. 90 percent of organizations believe that compliance with the GDPR would be difficult to achieve, according to a new study conducted by the Ponemon Institute. GDPR is considered by respondents to be the most challenging among other data compliance regulations such as Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA) and Federal Information Security More

01:00

How to Build a More Resilient Power Grid IEEE Spectrum Recent Content full text

During big storms, falling trees cause more damage to power grids than strong winds Photo: REUTERS/Eduardo Munoz After Superstorm Sandy hit New York City in October 2012, the city's famous skyline was mostly dark.

North Americas electric transmission may be an engineering marvel, but that doesnt make it immune to failure, sometimes in spectacular fashion. For proof, just mention some dates and names to Nicholas Abi-Samra and wait for his reply.

Abi-Samra has more than 35 years of experience in power generation, transmission, distribution, retail, and end-use energy applications. He is president of Electric Power & Energy Consulting and an adjunct professor with UC San Diego. He also is the author of a new book Power Grid Resiliency for Adverse Conditions (Artech House, 2017).

The book is part technical reference guide and part history lesson. In it, Abi-Samra describes the impacts of heat waves, ice storms, and hurricanes on grid operations through case studies from North America, Europe, and Asia.

Start with the 1965 Northeast Blackout. It cascaded from Ontario and upper New York State through Manhattan, leaving millions of New Yorkers in the dark. That incident offered the first large-scale evidence of the vulnerability of North Americas interconnected grid. It also led to the creation of the Electric Power Research Institute (EPRI), Abi-Samra says, and its mission to enhance grid reliability through research and cooperation across the industry.

Mention the 2003 Northeast blackout and Abi-Samra links it to a realization that the grids operating conditions were not visible enough. Remedies included technologies like synchophasors and operational strategies like load shedding. 

Synchophasors measure the instantaneous voltage, current, and frequency at specific locations on the grid, offering operators a near-real-time picture of whats happening on the system, which lets them take action to prevent power outages.

Load shedding involves the short-term interruption of power to one or more end users to allow the grid to rebalance itself. Many industrial-scale power users trade off the occasional loss of power for lower power prices, known as interruptible rates.

The early 2000s were also marked by hurricanes that hit Florida and Louisiana particularly hard. Widespread loss of transmission and distribution poles led to efforts to replace wooden poles with steel and concrete. Further hardening came after Hurricane Katrina devastated substations, leading to investments to e...

00:50

2017 Forrester Wave: DDoS Mitigation Solutions report Help Net Security

In their 36-criteria evaluation of DDoS mitigation providers, Forrester identified 11 of the most significant ones Akamai Technologies, Arbor Networks, Cloudflare, F5 Networks, Fortinet, Huawei Technologies, Imperva, Neustar, Nexusguard, Radware, and Verisign and researched, analyzed, and scored them. The Forrester Wave: DDoS Mitigation Solutions, Q4 2017 report features information designed to help you: Gain critical insights into the growing DDoS mitigation solution market Identify the ideal DDoS mitigation solution for your companys needs More

00:47

Putin Ordered Theft of Clinton's Emails from DNC, Russian Hacker Confesses SoylentNews

A Russian hacker accused of stealing from Russian banks reportedly confessed in court that he hacked the U.S. Democratic National Committee (DNC) and stole Hillary Clinton's emails under the direction of agents from Russia's Federal Security Service (FSB).

According to Russian news site The Bell, Konstantin Kozlovsky, a Russian citizen working for a hacker group called Lurk, confessed to hacking Clinton's emails during a hearing about his arrest in August. An audio recording and minutes from the hearing were posted on Kozlovsky's Facebook page, and their authenticity was reportedly confirmed by The Bell.

In a handwritten letter that also appears in a photo on his Facebook page, Kozlovsky admits to hacking the DNC on the orders of an FSB agent he called "Ilya."

Putin Ordered Theft Of Clinton's Emails From DNC, Russian Hacker Confesses


Original Submission

Read more of this story at SoylentNews.

00:30

Script-based attacks and overall malware on the rise Help Net Security

Research revealed massive increases in scripting attacks and overall malware attempts against midsize companies throughout Q3 2017. In fact, WatchGuard Technologies found that scripting threats accounted for 68 percent of all malware during the period. The findings reinforce expectations of continued growth of new malware and various attack techniques in the coming months, further emphasizing the importance of layered security and advanced threat prevention solutions.   Threat actors are constantly adjusting their techniques, always looking More

00:28

FortiClient improper access control exposes users VPN credentials Security Affairs

FortiClient for Linux, Mac OSX and Windows stores encrypted VPN authentication credentials in improperly secured locations.

Fortinet provided security updates for its next-generation endpoint protection FortiClient product that address a serious information disclosure vulnerability.

The flaw, tracked as CVE-2017-14184, could be exploited by an attacker to obtain VPN authentication credentials.

FortiClient is a powerful product that includes many components and features such as web filtering, application firewall, vulnerability assessment, anti-malware, and SSL and IPsec VPN features.

Experts at SEC Consult discovered security flaws that can be exploited to access VPN authentication credentials associated with the product.

FortiClient for Linux, Mac OSX and Windows stores encrypted VPN authentication credentials in improperly secured locations; regular users may therefore be able to see each others encrypted credentials. This is an issue, because the key used to encrypt the aforementioned credentials may be retrieved from the binary. reads the project description published by SEC Consult.

SEC Consult rated the issue as high severity, while Fortinet has assigned it a 4/5 risk rating.

The first issue is related to the fact that the VPN credentials are stored in a configuration file, on both Linux and macOS systems, and in the registry on Windows. This means that for an attacker the configuration files are easily accessible.

The second issue is related to the fact that decryption key for credentials is hardcoded in the application and its the same for all the Fortinet installs. An attacker can find the key and decrypt the passwords.

FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays the foundation for the credential recovery. continues the analysis published by SEC Consult.

...

00:27

VirtIO DRM Window Server Support: Letting Guest VMs Interface With Host's Compositor Phoronix

Collabora's Tomeu Vizoso is working on a interesting VirtIO DRM patch that lets clients running within a virtual machine communicate with a display compositor of the host system...

00:04

Disney to acquire majority of Fox assets for $52.4B The Hill: Technology Policy

The Walt Disney Co. on Thursday announced plans to acquire most of 21st Century Foxs assets for $52.4 billion, a deal that does not include Fox News, Fox Business Network, Fox Sports 1 or 2, the Big Ten Network or the Fox broadcasting network and...

00:00

Reliability, security and QoS are critical when evaluating networking solutions providers Help Net Security

Reliability, security and quality of service all rank above cost when evaluating networking solutions providers. Spiceworks surveyed U.S.-based IT professionals who have influence on their organizations Ethernet, MPLS and SD-WAN purchase decisions. The survey gathered data around the challenges, benefits and drivers of utilizing these networking technologies. Key findings Nearly half of respondents preferred purchasing networking solutions as part of a bundled offering, as opposed to a single solution. Nearly three out of 10 respondents More

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Thursday, 14 December

23:30

By 2020, artificial intelligence will create more jobs than it eliminates Help Net Security

2020 will be a pivotal year in AI-related employment dynamics, according to Gartner, as artificial intelligence (AI) will become a positive job motivator. The number of jobs affected by AI will vary by industry; through 2019, healthcare, the public sector and education will see continuously growing job demand while manufacturing will be hit the hardest. Starting in 2020, AI-related job creation will cross into positive territory, reaching two million net-new jobs in 2025. Many significant More

23:16

Trump signed a bill prohibiting the use of Kaspersky Lab product and services Security Affairs

The US President Donald Trump signed a bill that bans the use of Kaspersky Lab products and services in federal agencies.

Section 1634 of the bill prohibits the use of security software and services provided by security giant Kaspersky Lab, the ban will start from October 1, 2018.

Below the details of the ban included in the section 1634 of the National Defense Authorization Act for Fiscal Year 2018.

SEC. 1634. Prohibition on use of products and services developed or provided by Kaspersky Lab.

(a) Prohibition.No department, agency, organization, or other element of the Federal Government may use, whether directly or through work with or on behalf of another department, agency, organization, or element of the Federal Government, any hardware, software, or services developed or provided, in whole or in part, by

          (1) Kaspersky Lab (or any successor entity);
          (2) any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or
          (3) any entity of which Kaspersky Lab has majority ownership.

(b) Effective date.The prohibition in subsection (a) shall take effect on October 1, 2018.

Senator Jeanne Shaheen joyed for the news, asserting that the US Government gathered all necessary evidence to motivate such decision.

The case against Kaspersky is well-documented and deeply concerning. This law is long overdue, and I appreciate the urgency of my bipartisan colleagues on the Senate Armed Services Committee to remove this threat from government systems. commented Shaheen.

Sen. Shaheen is the author of a letter recently sent to the Trump administration asking that information on Kaspersky Lab be declassified to raise public awareness regarding the serious threat that the Moscow-based software company poses to the United States national security.

23:00

ADSL Robustness Verified By Running Over Wet String Hackaday

A core part of the hacker mentality is the desire to test limits: trying out ideas to see if something interesting, informative, and/or entertaining comes out of it. Some employees of Andrews & Arnold (a UK network provider) applied this mentality towards connecting their ADSL test equipment to some unlikely materials. The verdict of experiment: yes, ADSL works over wet string.

ADSL itself is something of an ingenious hack, carrying data over decades-old telephone wires designed only for voice. ADSL accomplished this in part through robust error correction measures keeping the bytes flowing through lines that were not originally designed for ADSL frequencies. The flow of bytes may slow over bad lines, but they will keep moving.

How bad? In this case, a pair of strings dampened with salty water. But there are limits: the same type of string dampened with just plain water was not enough to carry ADSL.

The pictures of the test setup also spoke volumes. They ran the wet string across a space that looked much like every hacker workspace, salt water dripping on the industrial carpet. Experimenting and learning right where you are, using what you have on hand, are hallmarks of hacker resourcefulness. Fancy laboratory not required.

Thanks to [chris] and [Spencer] for the tips.


Filed under: Network Hacks

Target Buys Shipt Inc. for $550 Million, Will Offer Same-Day Delivery SoylentNews

Target's latest acquisition is seen as a step towards challenging Amazon.com:

Buying Shipt further beefs up Target's logistics operations after the retailer earlier this year acquired software company Grand Junction, which also manages local and same-day deliveries. Target now offers same-day delivery in New York City and can send orders from 1,400 of its stores. Competition in this space is growing fiercer, though, as rivals Wal-Mart Stores Inc. and Best Buy Co. also offer same-day service, keeping pace with Amazon.

Target's decision to buy Shipt, rather than partner with it, "shows how serious they are," Kantar Retail analyst Robin Sherk said. "One-stop shopping was convenient in the 1990s but for today's families you have to be able to do instant food delivery as well. It's also a realization that Amazon, this big technology disruptor, has entered the consumer landscape."

Four out of five shoppers want same-day shipping, according to a survey by fulfillment software maker Temando, but only half of retailers offer it.

"With Shipt's network of local shoppers and their current market penetration, we will move from days to hours, dramatically accelerating our ability to bring affordable same-day delivery to guests across the country," John Mulligan, Target's chief operating officer, said in a statement.

Target statement. Also at Recode.

Related: Walmart Kills Amazon Prime-like Service, Expands Free Shipping


Original Submission

Read more of this story at SoylentNews.

22:36

The Mirai botnet: three men plead guilty after weaponizing the Internet of Things Graham Cluley

The Mirai botnet launched an attack on the internet, the scale of which had never been seen before.

And now some of its perpetrators have admitted their criminal involvement.

Read more in my article on the Tripwire State of Security blog.

22:32

Experts disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit Security Affairs

Security researchers at Trend Micro have publicly disclosed an unpatched zero-day flaw in the firmware of AT&T DirecTV WVB kit after manufactured failed to patch it

Security researchers at Trend Micro have discovered an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after the manufacturer failed to patch this flaw over the past few months.

The issue affects a core component of the Genie DVR thats shipped free of cost with DirecTV. The flaw can be easily exploited by attackers to gain root access to the device, posing millions DirecTV service users at risk.

The vulnerability resides in WVBR0-25, a Linux-powered wireless video bridge manufactured by Linksys.

DirecTV Wireless Video Bridge WVBR0-25 allows the Genie DVR to communicate over the air with customers Genie client boxes that are plugged into their TVs in the same home.

The Trend Micro expert Ricky Lawshae analyzed the kit and discovered that Linksys WVBR0-25 doesnt implement any authentication to access internal diagnostic information from the devices web server.

The expert discovered that accessing the wireless bridges web server on the device it was possible to see a text streaming.

I started out by trying to browse to the web server on the device. I expected to find a login page of some sort. What I found instead was a wall of text streaming before my eyes. wrote Ricky Lawshae.

DirecTV WVB kit hacking

The output of several diagnostic scripts was containing a lot of information about the DirecTV Wireless Video Bridge, including the WPS pin, running processes, connected clients, and much more.

A deeper analysis of the scripts revealed that the device was accepting commands remotely with a root access, meaning that an attacker could have taken full control over it.

The return value also showed the device h...

22:29

Mir 0.29 Released To Improve Their Wayland Implementation Phoronix

The past few days Canonical's Mir developers have been preparing their next milestone with pushing this display server along with Wayland protocol support and now that new "v0.29" release is available...

22:06

FCC poised to repeal net neutrality protections The Hill: Technology Policy

The Federal Communications Commission (FCC) is poised to repeal net neutrality regulations on Thursday, a move that has provoked a massive uproar both tech giants and internet users.The FCC will likely vote along party lines later today to approve...

22:03

Looking Glass Released For KVM Frame Relay, High Performance Windows VM Gaming Phoronix

Geoffrey McRae has published the code to the "Looking Glass" project he's been working on as a "extremely low-latency" KVM frame relay implementation for guests with VGA PCI pass-through...

22:00

Simplicity Before Generality, Use Before Reuse

A common problem in component frameworks, class libraries, foundation services, and other infrastructure code is that many are designed to be general purpose without reference to concrete applications. This leads to a dizzying array of options and possibilities that are often unused or misusedor just not useful.

21:41

Is Reel to Reel the new Vinyl? Techmoan

The short answer is no, but the long answer is much more complicated and requires a video to explain exactly what is meant by reel to reel, because in some ways its a dead format, yet in others its enjoying a comeback. 

Clearly a short video like this can't hope to cover every possible aspect of the complete history of Reel to Reel from 1928 to 2017...for example it's missing facts like the first stereo tapes were recorded in Germany in the early 1940s, how different thicknesses and formulations of tapes affect sound quality, and why tales-out storage of tapes is recommended.

If you would like more information on the history of reel to reel, the following website is a great place to start: Reel 2 Reel Texas

Other Information/Links:

The Tape Project (Tapes & Useful Information)

The Verge Article from 2015

United Home Audio (High end 15ips machines)

Horch House (Tapes)

Opus 3 Records (Tapes)

Analogy Records (Tapes)

What Hi-Fi? article (Re-mastering)

If you are shopping for a Reel to Reel machine on ebay  - here's my affiliated link.

UPDATE:  Duplication Process

The company I contacted asking for more details regarding their process, have now got back to me. They've confirmed that they borrow the master tape, make a copy (or more likely a number of identical parallel copies on a bank of tape machines)...they then use these copies as their master to run duplicates off that they sell to you. The original master is returned to the studio. 

Demo Tape

If you want to hear the 1957 2 Track Stereo Demo Tape in full - it's here.

21:40

Latest Steam Client Update Rolls Out Shader Pre-Caching For OpenGL/Vulkan Phoronix

The latest Steam client release on Wednesday rolls out OpenGL and Vulkan shader pre-caching by default...

21:30

How to Squeeze the Most out of Linux File Compression

If you have any doubt about the many commands and options available on Linux systems for file compression, you might want to take a look at the output of the apropos compress command. Chances are you'll be surprised by the many commands that you can use for compressing and decompressing files, as well as for comparing compressed files, examining and searching through the content of compressed files, and even changing a compressed file from one format to another (i.e., .z format to .gz format).

21:16

Canadian Government Triggers Major Copyright Review TorrentFreak

The Copyright Act of Canada was first passed in 1921 and in the decades that followed has undergone considerable amendment.

Between 2005 and 2010, several bills failed to gain traction due to opposition but in 2011 the Copyright Modernization Act was tabled. A year later, in the summer of 2012, it was passed into law.

The Act tackles a number of important issues, such as allowing time and format shifting, plus backup copies, as long as DRM isnt circumvented along the way. So-called fair dealing also enjoys expansion while statutory damages for non-commercial scale infringement are capped at CAD$5000 per proceeding. Along with these changes sits the notice-and-notice regime, in which ISPs forward infringement notices to subscribers on behalf of copyright holders.

The Act also mandates a review of copyright law every five years, a period that expired at the end of June 2017. Yesterday a House of Commons motion triggered the required parliamentary review, which will be carried out by the Standing Committee on Industry, Science and Technology. It didnt take long for the music industry to make its position known.

Music Canada, whose key members are Sony Music, Universal Music and Warner Music, enthusiastically welcomed the joint announcement from the Minister of Innovation, Science and Economic Development and the Minister of Canadian Heritage.

I applaud Minister Bains and Minister Joly for initiating this review of the Copyright Act, said Graham Henderson, President and CEO of Music Canada.

Music creators, and all creators who depend on copyright, deserve a Copyright Act that protects their rights when their works are commercialized by others. This is our chance to address the Value Gap threatening the livelihood of Canadian creators and the future of Canadian culture.

That the so-called Value Gap has been immediately thrown on the table comes as no surprise. The term, which loosely refers to the way user-generated platforms like YouTube are able to avoid liability for infringing content while generating revenue from it, is a hot topic around the world at the moment.

In the US and Europe, for example, greater emphasis is being placed on YouTubes position than on piracy itself, with record labels claiming that the platform gains an unfair advantage in licensing negotiations, something which leads to a gap between what is paid for music, and what its actually worth.

But the recording labels are unlikely to get an easy ride. As pointed out in a summary by Canadian law professor Michael Geist, the notice-and-takedown rules that facilitate the Value GapR...

21:15

Three Hackers Plead Guilty to Creating IoT-based Mirai DDoS Botnet The Hacker News

The U.S. federal officials have arrested three hackers who have pleaded guilty to computer-crimes charges for creating and distributing Mirai botnet that crippled some of the world's biggest and most popular websites by launching the massive DDoS attacks last year. According to the federal court documents unsealed Tuesday, Paras Jha (21-year-old from New Jersey), Josiah White (20-year-old

21:10

Possible Photo of Kim Jong-il Inspecting Atomic Bomb Appears on North Korean TV SoylentNews

North Korean TV appears to show early 'A-bomb photo'

North Korean TV footage of an arms and munitions industry conference appears to show the country's former leader Kim Jong-il inspecting one of the country's first ever atomic bombs.

A 30-minute bulletin showing the 12 December conference in the capital Pyongyang has North Korea watchers agog at the picture's appearance in the conference hall.

The photograph, never before seen in the West, is visible for only a few seconds as the camera sets the scene for the industry conference, attended by Supreme Leader Kim Jong-un, the son of the late Kim Jong-il. It hangs among others showing North Korea's "achievements" in arms production, alongside scale models of ballistic missiles.

Because of its fleeting appearance from a distance, experts are holding fire on a positive identification of the device as an atomic weapon. But the photograph has notable similarities to recent photographs of Kim Jong-un inspecting the country's first (claimed) hydrogen bomb.


Original Submission

Read more of this story at SoylentNews.

20:30

CoreOSs Open Cloud Services Could Bring Cloud Portability to Container-Native Apps

With the release of Tectonic 1.8, CoreOS provides a way to easily deploy container-native applications as services, even across multiple service providers and in-house resources.

We take open source APIs, make them super easy to consume, and create a catalog of these things to run on top of Kubernetes so they are portable no matter where you go, said Brandon Philips, CoreOS chief technology officer.

20:20

Zero-Day Remote 'Root' Exploit Disclosed In AT&T DirecTV WVB Devices The Hacker News

Security researchers have publicly disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after trying to get the device manufacturer to patch this easy-to-exploit flaw over the past few months. The problem is with a core component of the Genie DVR system that's shipped free of cost with DirecTV and can be easily exploited by hackers to gain root access and take

20:11

US DoJ charges 3 Men with developing and running the Mirai Botnet Security Affairs

The US DoJ announced plea agreements for Paras Jha, Josiah White, and Dalton Norman, 21 for creating and operating the dreaded Mirai botnet.

US authorities charge three men with developing and running the dreaded Mirai botnet that was involved in several massive DDoS attacks.

According to documents released by the US Department of Justice (DOJ), the three men are Paras Jha, Josiah White, and Dalton Norman.

According to the plea agreements, White developed the Telnet scanner component used by Mirai, Jha created the botnets core infrastructure and the malwares remote control features, while Norman developed new exploits.

Jha, who goes online with the moniker Anna-senpai leaked the source code for the Mirai malware on a criminal forum, allowing other threat actors to use it and making hard the attribution of the attacks.

Jha also pleaded guilty to carrying out multiple DDoS attacks against his alma mater Rutgers University between November 2014 and September 2016, before creating the Mirai botnet.

The Mirai bot was first spotted by the malware researchers MalwareMustDie in August 2016, the malicious code was developed to target IoT devices.

Dyn DNS service mirai-botnet ddos

The IoT malware runs a brute force password attack via telnet using a list of default credentials to gain access to the target device.

...

20:00

Smashing Security podcast #057: Mikko - live from the sauna - talks Bitcoin security Graham Cluley

How to protect yourself from Bitcoin hackers, why you should think twice before giving Amazon the keys to your house, and how a private investigator tried to hack Donald Trump's tax returns.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mikko Hyppnen from F-Secure.

20:00

CNCd MacBook Breathes Easy Hackaday

Sick of his 2011 Macbook kicking its fans into overdrive every time the temperatures started to climb, [Arthur] decided to go with the nuclear option and cut some ventilation holes into the bottom of the machines aluminum case. But it just so happens that he had the patience and proper tools for the job, and the final result looks good enough that you might wonder why Apple didnt do this to begin with.

After disassembling the machine, [Arthur] used double-sided tape and a block of scrap wood to secure the Macbooks case to the CNC, and cut out some very slick looking vents over where the internal CPU cooler sits. With the addition of some fine mesh he found on McMaster-Carr, foreign objects (and fingers) are prevented from getting into the Mac and messing up all that Cupertino engineering.

[Arthur] tells us that the internal temperature of his Macbook would hit as high as 102 C (~215 F) under load before his modification, which certainly doesnt sound like something wed want sitting in our laps. With the addition of his vents however, hes now seeing an idle temperature of 45 C to 60 C, and a max of 82 C.

In the end, [Arthur] is happy with the results of his modification, but hed change a few things if he was to do it again. Hes somewhat concerned about the fact that the mesh he used for the grill isnt non-conductive (...

19:31

Bitcoin is not a Bubble Terra Forming Terra



Bitcoin is not a Bubble

For the past three decades, i struggled to understand how we were going to resolve the looming difficulties brought on by the steady and persistent decline in interest rates.

You must first though understand that the value of all money is based on human demand for two things.  One of those happens to be ease of exchange and simple portability.  Cash does that admirably and back in the day bits of metal as well.  Thus the mythical adoration of gold.  Yet all this is based on human need.  Without it we are economically crippled.

The second need is as a convenient store of value.  It is here that our government issued currencies have become unraveled.  Negative interest rates tend to do that and it is becoming more and more widespread.  The fiat printing machine however disguised has saturated the market with a mountain of cash that now cannot be placed.

Add in that we have started the process of exiting the whole oil industry as well and huge amounts of money will come out of that sector of the economy.  This will take perhaps two decades at most but the trend will be abruptly apparent much sooner.

Then along comes Bitcoin.  Every bitcoin has a finite supply and a profitable cost of production that naturally produces a huge body of individual interest just like coinage.  That body of interest will slowly expand and the only way in which that demand can be satisfied is through either mining or price appreciation.


Thus we see today multiple bitcoin clones all been spun out to meet that demand for a store of value.  There remain any number of issues in terms of security and thieves have done the odd hit and run.  all irrelevant and those holes are been steadily been plugged..  Bitcoin essentially works and is slowly shaking off the obvious frauds as well.

That means that when we have surplus cash, we will dump it into a bitcoin clone or even Bitcoin itself secure that most of the time we will actually earn because of expanding demand.  That is a completely novel idea.
.  

19:30

Electromagnetic Water Cloak Eliminates Drag and Wake SoylentNews

Less Noise, Less Drag:

Researchers have developed a water cloaking concept based on electromagnetic forces that could eliminate an object's wake, greatly reducing its drag while simultaneously helping it avoid detection.

The idea originated at Duke University in 2011 when researchers outlined the general concept. By matching the acceleration of the surrounding water to an object's movement, it would theoretically be possible to greatly increase its propulsion efficiency while leaving the surrounding sea undisturbed. The theory was an extension of the group's pioneering work in metamaterials, where a material's structure, rather than its chemistry, creates desired properties.

Six years later, Yaroslav Urzhumov, adjunct assistant professor of electrical and computer engineering at Duke, has updated the theory by detailing a potential approach. But rather than using a complex system of very small pumps as originally speculated, Urzhumov is turning to electromagnetic fields and the dense concentration of charged particles found in saltwater.

Dean Culver, Yaroslav Urzhumov. Forced underwater laminar flows with active magnetohydrodynamic metamaterials. Physical Review E, 2017; 96 (6) DOI: 10.1103/PhysRevE.96.063107


Original Submission

Read more of this story at SoylentNews.

19:22

Patrick Corcoran is Innocent, Yet Battistelli Will/May Have the Power to Sack Him Next Month (in DG1) Techrights

Its Benot Battistelli who ought to be sacked

When Exposing A Crime Is Treated As Committing A Crime, You Are Being Ruled By The Criminals Themselves.

Summary: The EPOs Administrative Council does not want to even mention Patrick Corcoran, as merely bringing that up might lead to the suggestion that Benot Battistelli should be fired (yes, they can fire him), but to set the record straight, at the EPO truth-tellers are punished and those whom they expose are shielded by the Administrative Council

THIS will be the last article about the EPO (until the weekend when we return home). We wish to clarify something quite important now that false claims are surfacing and weve heard predictions regarding DG1 from several independent sources.

Based on German law, nothing that Judge Corcoran did (or is alleged to have done) is illegal. Its also true that Battistelli did not have the powers to do to Corcoran what he did 3 years ago. The only guilty party here is therefore Battistelli.

Based on German law, nothing that Judge Corcoran did (or is alleged to have done) is illegal.The EPO continues to say absolutely nothing about it, as we noted last night when we wrote about the false claim and the silencing campaign (supported even by Dr. Ernst now, much to our regret but in lieu with our low expectations from him).

EPO-friendly media has just mentioned EPO report on trends in European patents on smart connected objects, but not a word (at all!) has been said about the latest scandals. So much for media and journalism, eh?

Anyway, here is an important new comment that responds to a common misconception:

The I[L]O has singularly failed to say that Mr Corcoran is innocent of the accusations made against him.

There is, however, another independent instance which had the opportunity to review the accusations against Mr. Corcoran. As reported in a post by Kluwer Patent Blog:

Mr. Corcoran has not only won his cases before the ILO, but also before the Regional Court of Munich and t...

19:00

New study: Massive Aluminum levels in Autism brains, is this the smoking gun for vaccines? Terra Forming Terra

















Here it is folks.  we always had the indicative meta statistics that showed a correlation between rising rates of autism and the application of vaccination.  We missed an understanding of the biological pathways.  Science was looking into the obvious though and we have hit pay dirt.  We now know exactly how this all works.


Add in our rising concerns regarding the validity of the whole vaccination meme as applied now for a century and the public health aspect is now a serious concern.  Recall that the alternate explanation for global disease suppression has been the steady rise of successful public sanitation more than anything else.

Then we have the promotion of nasty variants that somehow vaccination can address when that is very unlikely. Add in the plausible probability that the 1918 flue epidemic was caused by an end of war vaccination program used to blow of excess stocks and you really start looking for someone to hang.

 The whole meme is beginning to look like a commercial enterprise based mostly on junk science with scant ambassadress successes that are not seriously controversial...

New study: Massive Aluminum levels in Autism brains, is this the smoking gun for vaccines?

These are some of the highest values for aluminium in human brain tissue yet recorded.Professor Chris Exley of Keele University, discussing new findings of Aluminum levels in the brains of people with autism

BY J.B. HANDLEY November 27, 2017

https://medium.com/@jbhandley/new-study-massive-aluminum-levels-in-autism-brains-is-this-the-smoking-gun-for-vaccines-54ae85ec2a9c


STAFFORDSHIRE, EnglandProfessor Chris Exley is a formidable scientist, which is perhaps more important than you think, because a study he published today with his colleagues in the Journal of Trace Elements in Medicine and Biology may just be the smo...

19:00

The Plague that brought down mighty empires is thousands of years older than thought Terra Forming Terra



That it was pervasive far back in time is a conformation that it needs ample travel opportunities in oreder to launch a pandemic.  Its actual elimination is mostly about sanitation.  That is why it has mostly disappeared.
 
 
Driving it to e...

19:00

New Study Sheds Light On How Earliest Forms Of Life Evolved On Earth Terra Forming Terra



No question that an active volcanic event interacting with the surface provides the massive laboratory for the fabrication of a replicating chemistry able to change the general environment.

I also observe that volcanic  ash is often containing solid crystalline acids which provides an immobile anvil for chemistry as well.  Thus acidic or alkaline pores act as natural test tubes.

Hydrogen peroxide is very small.  Thus it brings maximum mobility and reaction speed.

.
New Study Sheds Light On How Earliest Forms Of Life Evolved On Earth

A new study led by ANU has shed light on how the earliest forms of life evolved on Earth about four billion years ago.

https://2.bp.blogspot.com/-U7nMxInJpoc/Wgx35bPbfLI/AAAAAAACFjo/iWSjTVEK1tcO2SRc_7p3meELWqbQJljjACLcBGAs/s640/earliest-life-forms.jpg

In a major advance on previous work, the study found a compound commonly used in hair bleach, hydrogen peroxide, made the eventual emergence of life possible.

Lead researcher Associate Professor Rowena Ball from ANU said hydrogen peroxide was the vital ingredient in rock pores around underwater heat vents that set in train a sequence of chemical reactions that led to the first forms of life.

"The origin of life is one of the hardest problems in all of science, but it is also one of the most important," said Dr Ball from the Mathematical Sciences Institute and Research School of Chemistry at ANU.

The research team made a model using hydrogen peroxide and porous ro...

18:43

Nasty SMS Spam turn off Facebook Mobile Messages #australia #socialmedia Social Network by Laurel Papworth

How to stop those annoying spammy messages on your mobile cellphone from Facebook Messenger Text service.

Took me a while to figure out what was going on. SMS messages but no telephone number? Just asking me to click on a dodgy link? Every. Single. Day.

Anyway two steps.

I went to https://www.facebook.com/settings?tab=notifications and turned off Text Messages.

It looks like this.

 

Then I hopped over to https://www.facebook.com/settings?tab=mobile and muck around there. I think these settings stop any chance of SMS from randoms oh wait! I cant stop text messaging. I think its a security feature but .. annoying!

...

18:39

Patent Trolls Are Going Bust in the United States (Along With the Protection Racket Conglomerates) Techrights

RPXSummary: RPX continues its gradual collapse and patent trolls fail to find leverage now that software patents are kaput and patent opportunists struggle to access Texan courts

THE demise of patent trolling in the United States is measurable, e.g. based on number of filings/lawsuits. Nobody disputes that patent trolls were on the decline even before TC Heartland, which will further accelerate this demise. Quite a few trolls went bust. We wrote about that.

The collapse of several major trolls means lack of demand for so-called protection (for the rich) from trolls. In fact, by its very nature, RPX requires a climate of fear and litigation in order for it to gain money, so its no surprise that RPX has been dying for a while. Executives were leaving. There was turmoil. Now, based on IAM, RPX is up for sale. Its not good news for RPX; rather its indicative of a failure, shortly after RPX pondered China as a contingency plan. To quote:

Amster was replaced by former General Counsel Marty Roberts amid a spate of senior changes at the company including former executive vice president Mallun Yens elevation to the board.

[...]

In 2016 the companys leadership was thrust into the spotlight when activist investor Mangrove Capital Partners wrote an excoriating letter to RPXs board criticising management and calling for significant cost-cutting measures. Mangroves letter also referred to RPXs 2015 acquisition of discovery management business Inventus Solutions for $232 million as a costly mistake. At the time of RPXs offer, Inventus was the subject of private equity interest and some critics privately contend that the patent business paid too much. That might mean that any successful bidder would look to quickly dispose of the Inventus business to free up some cash to pay down acquisition debt.

The demise of software patents means the end of various patent trolls, many of which rely purely on such patents. RPost is the latest example (a patent troll that had products many moons ago) and...

18:02

MIT scientists borrow from fireflies to make glowing plants Lifeboat News: The Blog

The humble house plant could soon start earning its keep by lighting up a room, if new research from MIT pans out. Engineers have hacked watercress plants to make them glow for a few hours at a time, and while its currently only about as bright as those old stars you might have stuck to your ceiling as a kid, the long-term plan is to develop plants that you could read by to reduce the need for electric lighting.

The idea of a glowing plant is not particularly new. Theyve been promised by Kickstarter campaigns for years, including the likes of Bioglow and Glowing Plants, but those startups have since gone bust. Although were not going to pretend that this new project is immune from meeting the same fate, having the backing of MIT scientists gives us a little more hope that the glowing plants might eventually bear fruit.

The work comes from the same plant nanobionics team that recently designed explosive-detecting spinach and leaf sensors that can alert farmers at the first sign of thirsty crops. In this case, the researchers wanted to tackle lighting, which accounts for about 20 percent of energy consumption worldwide.

17:53

Two Men Plead Guilty to Operating Mirai Botnet SoylentNews

Mirai IoT Botnet Co-Authors Plead Guilty

The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called "Internet of Things" devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

Entering guilty pleas for their roles in developing and using Mirai are 21-year-old Paras Jha from Fanwood, N.J. and Josiah White, 20, from Washington, Pennsylvania. Jha and White were co-founders of Protraf Solutions LLC, a company that specialized in mitigating large-scale DDoS attacks. Like firemen getting paid to put out the fires they started, Jha and White would target organizations with DDoS attacks and then either extort them for money to call off the attacks, or try to sell those companies services they claimed could uniquely help fend off the attacks.

In addition, the Mirai co-creators pleaded guilty to charges of using their botnet to conduct click fraud a form of online advertising fraud that will cost Internet advertisers more than $16 billion this year, according to estimates from ad verification company Adloox. The plea agreements state that Jha, White and another person who also pleaded guilty to click fraud conspiracy charges a 21-year-old from Metairie, Louisiana named Dalton Norman leased access to their botnet for the purposes of earning fraudulent advertising revenue through click fraud activity and renting out their botnet to other cybercriminals.

DoJ press release.

Previously: Mirai IoT Botnet Source Code Released
Who is Anna-Senpai, the Mirai Worm Author?


Original Submission

Read more of this story at SoylentNews.

17:00

Building A Drone That (Almost) Follows You Home Hackaday

Theres a great deal of research happening around the topic of autonomous vehicles of all creeds and colours. [Ryan] decided this was an interesting field, and took on an autonomous drone as his final project at Cornell University.

The main idea was to create a drone that could autonomously follow a target which provided GPS data for the drone to follow. [Ryan] planned to implement this by having a smartphone provide GPS coordinates to the drone over WiFi, allowing the drone to track the user.

As this was  a university project, he had to take a very carefully considered approach to the build. Given likely constraints on both money and time, he identified that the crux of the project was to develop the autonomous part of the drone, not the drone itself. Thus, off-the-shelf parts were selected to swiftly put together a drone platform that would serve as a test bed for his autonomous brain.

The write up is in-depth and shares all the gritty details of getting the various subsystems of the drone talking together. He also shares issues that were faced with altitude control without any sensors to determine altitude, it wasnt possible to keep the drone at a level height. This unfortunately complicated things and meant that he didnt get to complete the drones following algorithm. Such roadblocks are highly common in time-limited university projects, though their educational value cannot be overstated. Overall, while the project may not have met its final goals, it was obviously an excellent learning experience, and one which has taught him plenty about working with drones and the related electronics.

For another take on autonomous flight, check out this high-speed AI racing drone.


Filed under: drone hacks

16:23

Tiny Moon Possibly Orbiting 2014 MU69 SoylentNews

2014 MU69, which is still thought to be a contact binary or binary object, may also have a tiny moon (although additional observations are needed):

The object, known as 2014 MU69, is small, no more than 20 miles wide [30-40 km], but planetary scientists hope that it will turn out to be an ancient and pristine fragment from the earliest days of the solar system.

The moon, if it exists, might be about three miles [~5 km] wide, circling at a distance of about 120 miles [~190 km] from MU69, completing an orbit every two to four weeks, estimated Marc W. Buie, an astronomer at the Southwest Research Institute in Boulder, Colo.

He cautioned that the findings were tentative. "The story could change next week," he said.

Dr. Buie and others working on NASA's New Horizons mission provided an update on Tuesday at a meeting of the American Geophysical Union meeting here.

New Horizons is set to fly closer to 2014 MU69 than it did to Pluto (~3,500 km vs. 12,472 km). Flyby or collision course?

Voting for a possible new name for the object has been closed. Mjlnir (Thor's hammer) got the most votes. That name could fit the shape of 2014 MU69 somewhat.

Also at Sky & Telescope, Science News, and BBC.


Original Submission

Read more of this story at SoylentNews.

16:02

Oracle Pushes Out Unbreakable Enterprise Kernel R4U6 Phoronix

Oracle has announced the release of their Linux Unbreakable Enterprise Kernel Release 4 Update 6...

15:34

NEW 'Off The Hook' ONLINE 2600 - 2600: The Hacker Quarterly

NEW 'Off The Hook' ONLINE

Posted 14 Dec, 2017 4:34:55 UTC

The new edition of Off The Hook from 13/12/2017 has been archived and is now available online.

14:45

3.5 Mbps Broadband Through a "Wet String" SoylentNews

Forget rolling out optic fibres to your home: String is the technology of the future!

Engineers at a small British internet service provider have successfully made a broadband [ADSL] connection work over 2m (6ft 7in) of wet string. The connection reached speeds of 3.5Mbps (megabits per second), according to the Andrews and Arnold engineer who conducted the experiment.

The point of the experiment appears to have been purely to see if it was achievable.

The string used in the experiment was first put in salty water - chosen because salt is a good conductor of electricity.

Prof Jim Al-Khalili from Surrey University's department of physics explained how it worked: "Although wet string is clearly not as good a conductor of electricity as copper wire, it's not really about the flow of current. Here the string is acting as a waveguide to transmit an electromagnetic wave. And because the broadband signal in this case is very high frequency it doesn't matter so much what the material is."


Original Submission

Read more of this story at SoylentNews.

14:22

[SECURITY] [DSA 4064-1] chromium-browser security update Bugtraq

Posted by Michael Gilbert on Dec 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4064-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
December 12, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2017-15407...

14:11

Multiple vulnerabilities in Jenkins Open Source Security

Posted by Daniel Beck on Dec 13

Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software. The following
releases contain fixes for security vulnerabilities:

* Jenkins (weekly) 2.95
* Jenkins (LTS) 2.89.2

Descriptions of the vulnerabilities are below. Some more details,
severity, and attribution can be found here:
https://jenkins.io/security/advisory/2017-12-14/

We provide advance notification...

14:00

Will Hack For Espresso Hackaday

[Avidan Ross] has an unyielding passion for coffee. Brewing a proper espresso is more than measuring fluid ounces, and to that end, his offices current espresso machine was not making the cut. Whats a maker to do but enlist his skills to brew some high-tech coffee.

For a proper espresso, the mass of the grounds and the brewed output need to be precisely measured. So, the office La Marzocco GS3 has been transformed into a closed-loop espresso machine with a Particle Photon and an Acaia Lunar waterproof scale at its heart.

On the software side, to run the smart brew function a make espresso button press is emulated, and the mass of the brewed espresso is constantly measured. Once the arguments target output mass is reached the firmware shuts off the machine. Brew time is then reported, allowing [Ross] or others to adjust the grind of the espresso beans to fine-tune to the recipe.

The next step is to phase out the human element of adjusting the grind luckily there are some...

13:37

18 attorneys general ask FCC to delay net neutrality vote for fake comments investigation The Hill: Technology Policy

Eighteen attorneys general on Wednesday called on the chairman of the Federal Communications Commission (FCC) to hold off on the upcoming net neutrality vote pending an investigation into fake comments.In a letter, the attorneys general asked...

13:22

Zoltan Istvan; Libertarian, Transhumanist, and Governor of California? Lifeboat News: The Blog

A new story on my work out from Bodyhacks. (Please remember I dont write these stories nor pick the photos, but Im honored people I dont know choose to cover my work and #libertairan governor campaign however they wish): http://bodyhacks.com/zoltan-istvan-libertarian-transhumanistalifornia/ #transhumanism


On the 2018 California ballot, the good people of California will have a chance to vote not only for a candidate who stands for a unique political agenda but one who stands for an equally unique non-political ideology. Zoltan Istvan [real name] will run on the Libertarian partys platform, but with a transhumanist agenda.

Hes not the first transhumanist to run. In Australia, Meow Meow Ludo Disco Gamma [also real name] ran for office on a science platform last year, but that was way down under. This is Merica, and its not the first time Istvan has run either. He put his name in the hat with Hilary and Donald in the last presidential election. [Psst, he didnt win.]

Zoltan is not only a transhumanist in philosophy, hes a practicing preacher. He even wrote a best-selling book, The Transhumanist Wager, to back up his beliefs.

Istvan believes humanity stands on the precipice of transhumanism as a normal state of affairs. Technology, he sees as a way to level the playing field of inequality. But, does anyone take him seriously?

13:15

Massive DNA Collection Campaign Continues in Xinjiang, China SoylentNews

Human Rights Watch has issued a report about DNA collection in Xinjiang province in China:

Chinese police have started gathering blood types, DNA samples, fingerprints and iris scans from millions of people in its Muslim-majority Xinjiang province to build a massive citizen database, according to report by activist group Human Rights Watch.

The report, published Wednesday, said officials are collecting the data from citizens between the ages of 12 and 65 years old using a variety of methods. Authorities are gathering DNA and blood types through free medical checkups, and HRW said it was unclear if patients were aware that their biometric data was being collected for the police during these physical exams.

According to the report, citizens authorities have flagged as a potential threat to the regime, and their familiesnamed "focus personnel"are forced to hand over their DNA regardless of age.

So far, 18.8 million citizens have participated in the medical checkups, called "Physicals for All" by the government, according to an article by a state news agency Xinhua on November 1.

Previously: Massive DNA Collection Campaign in Xinjiang, China


Original Submission

Read more of this story at SoylentNews.

13:00

Lifeboat Foundation is pleased to release the 4th and newest edition of our book "The Human Race to the Future". Learn more at https://lifeboat.com/news. Lifeboat News

Lifeboat Foundation is pleased to release the 4th and newest edition of our book "The Human Race to the Future". Learn more at Lifeboat News! As a special promotion our book, packed with over 300 pages of information, will be priced through December at just $1.23 (1-2-3) for the e-book version. We also need more reviews on Amazon and can provide a paperback or e-book to review at no charge if you request one by emailing events@lifeboat.com with the subject 'Lifeboat Foundation free ebook' or subject 'Lifeboat Foundation paperbook'.

12:58

DXVK Is Making Some Steadfast Progress In Running Direct3D 11 Over Vulkan Phoronix

Last month on Phoronix I featured the DXVK project that's working to implement Direct3D 11 over Vulkan (not to be confused with VK9 as the separate effort to get D3D9 over Vulkan). This project is making a surprising amount of progress in its early stages...

12:37

Parents: do you recognize these warning signs? (beta edition) Noise to Signal

(parent to child) We're worried about you, honey. You've fallen in with a bad crowd, you're picking up bad habits, and you're using beta plugins on a production WordPress site.

Is your child more moody than usual especially toward their devices? Are they displaying more impatience, for example by complaining about sluggish performance, buggy interfaces and frequent crashes? Do they respond to civil requests to come down for dinner with Just a {expletive} moment! Everythings {expletive} broken and Im about to lose all my {expletive} work!?

Has Ned learned anything? Not judging from the fact that he recently installed the beta...

12:31

The Intel ME vulnerabilities are a big deal for some people, harmless for most Matthew Garrett

(Note: all discussion here is based on publicly disclosed information, and I am not speaking on behalf of my employers)


Getting this file into flash in the first place is the difficult bit. The ME region shouldn't be writable at OS runtime, so the most practical way for an attacker to achieve this is to physically disassemble the machine and directly reprogram it. The AMT management interface may provide a vector for a remote attacker to achieve this - for this to be possible, AMT must be enabled and provisioned and the attacker must have valid credentials[1]. Most systems don't have provisioned AMT, so most users don't have to worry about this.

Overall, for most end users there's little to worry about here. But the story changes for corporate users or high value targets who rely on TPM-backed disk encryption. The way the TPM protects access to the disk encryption key is to insist that a series of "measurements" are correct before giving the OS access to the disk encryption key. The first of these measurements is obtained through the ME hashing the first chunk of the system firmware and passing that to the TPM, with the firmware then hashing each component in turn and storing those in the TPM as well. If someone compromises a later point of the chain then the previous step will generate a different measurement, preventing the TPM from releasing the secret.

However, if the first step in the chain can be compromised, all these guarantees vanish. And since the first step in the chain relies on the ME to be running uncompromised code, this vulnerability allows that to be circumvented. The attacker's malicious code can be used to pass the "good" hash to the TPM even if the rest of the firmware has been tampered with. This allows a sufficiently skilled attacker to extract the disk encryption key and read the contents of the disk[2].

In addition, TPMs can be used to perform something called "remote attestation". This allows the TPM to provide a signed copy of the recorded measurements...

12:27

[$] LWN.net Weekly Edition for December 14, 2017 LWN.net

The LWN.net Weekly Edition for December 14, 2017 is available.

11:50

Surgeon Branded Initials Into Patients' Livers With Argon Beam SoylentNews

A surgeon has admitted to branding the livers of two patients using a beam of ionized argon gas:

Bramhall previously worked at Birmingham's Queen Elizabeth hospital, where he gained fame for a dramatic liver transplant in 2010. Bramhall transplanted a liver following the fiery crash-landing of the plane that was transporting the donor liver to Birmingham. Though the pilots were injured, the liver was intact and salvaged from the burning wreckage. The transplant spared the life of Dr. Bramhall's desperately ill patient.

But in 2013, colleagues discovered that he had been initialing his patients' organs. Doctors first spotted the letters "SB" on the liver of one of Bramhall's transplant patients during a follow-up surgery. They later learned of initials on another patient. Bramhall was suspended in 2013 and resigned in 2014 amid an internal investigation into the etchings. Earlier this year, the General Medical Council issued Bramhall a formal warning, saying at the time that Bramhall's case "risks bringing the profession into disrepute, and it must not be repeated."

Bramhall etched his initials using an argon beama jet of ionized argon gaswhich surgeons use to control bleeding during procedures. Doctors who are part of the investigation don't think the marks are harmful and expect them to clear up on their own.

Relevant PBF.

Also at BBC and The Guardian.


Original Submission

Read more of this story at SoylentNews.

11:01

FreeNAS 11.1 Rolls Out With Better OpenZFS Performance, Docker Support Phoronix

FreeNAS 11.1 is now available as the latest feature update to this popular FreeBSD-based Network Attached Storage (NAS) operating system...

11:00

Color changing clock uses PCB digits Hackaday

Theres an old saying, that you should do everything at least twice. Once to learn how to do it, and then a second time to do it right. Perhaps [Zweben] would agree, since he wasnt satisfied with his first Neopixel clock and proceeded to build another one. One lesson learned: soldering 180 tiny solder joints isnt much fun. This time, [Zweben] set out to make a printed circuit board and redesign the clock to make it easier to assemble.

The clock uses multiple copies of a single circuit board. The board holds Neopixel strips in a 7-segment arrangement. Each board can also hold all of the electronics needed to drive the clock. Only the first board gets the microcontroller and other circuits.

This allowed [Zweben] to design a single PCB which he did with EasyEDA. The hardware itself was similar enough to his original clock, that the software didnt require changes.

Speaking of hardware, the clock is a pretty standard mashup of an Arduino Pro Mini clone and a DS3231 I2C clock. The Neopixel strips are 60-per-meter WS2812B LEDs with two LEDs per digit segment. Thats a total of 14 on each digit and 58 individually-addressable lights on the entire clock.

This reminded us of a similar clock from [decino] where he also got tired of soldering connections. We also liked the clock that used Neopixel rings instead of strips.


Filed under: clock hacks

11:00

HPR2444: Interface Zero Play-through Part 4 Hacker Public Radio

The investigation continues! Guest voice in this and episode 3 by Gort.

10:52

Overnight Tech: Zero hour nears for net neutrality | GOP applauds repeal plan | Dems make last push to delay vote | White House unveils report on modernizing tech | Dem wants to revisit NBC, Comcast merger The Hill: Technology Policy

ZERO HOUR NEARS FOR NET NEUTRALITY RULES: The Federal Communications Commission (FCC) is moving forward with a plan to scrap net neutrality rules, defying a massive outcry from activists, Democrats and consumers.On Thursday, the FCC is expected...

10:42

IBMs Manny Schecter is Wrong Again and He is Attempting to Justify Patent Trolling Techrights

Published last week: Famed Journalist Dan Gillmor Calls IBM the Inventor of Patent Trolling

Trump alternative facts

Summary: In yet another dodgy effort to undermine the US Supreme Court and bring back software patents, IBMs chief patent counsel (his current job title) expresses views that are bunk or alternative facts

TECHRIGHTS used to be very supportive of IBM. In fact, IBM used to be helpful to Free software, open standards, and GNU/Linux (especially at the back end and high-performance computing). But that was IBM a decade ago, managed by other people and adhering to different principles/strategies.

Do not be misled by what IBM used to be.

In several areas/domains of technology IBM does nothing but patent predation.IBM is attempting to attack/discredit Alice. Its doing it like no other company does. IBMs Manny Schecter, who is in charge of patents, says Alice is bad because if the company fails, the investor must leverage its patent assets to return the investment.

Because if the company fails, it has to be turned into a troll is how the FFIIs President translated/interpreted that. Yes, a troll. Like IBM right now even some veteran technology journalists now call IBM a troll. In several areas/domains of technology IBM does nothing but patent predation.

Manny Schecter is an exceptionally harmful public face. Its no good for IBM. Even if his tweets and talks he is attempting to distance from his employer, his expression of his own views is a projection of IBM policies. Hes not a low-level engineer; hes management. Top-level management.

How low is IBM willing to sink in an effort to shore up software patents?IBM rapidly became a liar of a company. Its so eager to blackmail new/small companies and its Patent Chief (or whatever they call him these days, putting aside fancy job titles) just makes them look vile. We used to support IBM, but now we just hope that IBM goes bust soon. The sooner, the better. Its activities on the patent front are ruinous and they concern a growing number of developers.

Regarding IBMs (or Schecters) position, well first of all, for a massive company to pretend to care for and speak for small companies is laughable or at least dubious. IBM att...

10:10

US Once Again Requires That You Register Your Drone SoylentNews

Submitted via IRC for Fnord666

The US' brief period of registration-free drone flight is over -- President Trump has signed the National Defense Authorization Act for 2018, and it revives the registration requirement for civilian drones. Robotic fliers between 0.5lbs and 55lbs need to be submitted to a database if they're going to remain legal. A Washington, DC appeals court had struck down the FAA's original requirement in May, arguing that it didn't have the authority to regulate model aircraft, but that clearly wasn't a deterrent. The FAA had said said it would rethink its approach to the regulation after its earlier defeat.

Naturally, the FAA is slightly giddy. In a statement to TechCrunch, the agency welcomed the return of registration arguing that it helped "promote safe and responsible drone operation."

Source: https://www.engadget.com/2017/12/12/trump-signs-bill-requiring-drone-registration/


Original Submission

Read more of this story at SoylentNews.

09:46

[$] MAP_FIXED_SAFE LWN.net

The MAP_FIXED option to the mmap() system call allows a process to specify that a mapping should be placed at a given virtual address if at all possible. It turns out, though, that "if at all possible" can involve a bit more collateral damage than some would like, and can even lead to exploitable vulnerabilities. A new, safer option is in the works but, as is often the case, it has run into a bit of non-technical difficulty.

09:44

House Dems make last-ditch push to delay net neutrality vote The Hill: Technology Policy

A high-ranking Democrat on the House Energy and Commerce Committee is leading a final plea to the Federal Communications Commission (FCC) to delay its vote on Wednesday to scrap the net neutrality rules.Rep. Mike Doyle (Pa.), the ranking...

09:42

Enhancing Stem Cells Helps Regenerate Damaged Teeth in Mice Lifeboat News: The Blog

Scientists repurpose an Alzheimers drug to enhance the ability of stem cells to repair dental damage in mice. By Diana Kwon | January 10, 2017.

09:39

EPO Administrative Council Disallows Discussion About Violations of the Law by Benot Battistelli Techrights

EPO says hush

Summary: The EPO crisis is not ending for the Administrative Council does not want to tackle any of the obvious problems; Patrick Corcoran is a taboo subject and Ernst is coming across as another protector of Benot Battistelli, based on todays meeting (the second meeting he chairs)

TEAM Battistelli continues to reinforce negative perceptions about itself. Its not only abusive but also oppressive when it comes to free speech. So far this week the EPO has said absolutely nothing about the meeting of the Administrative Council (perhaps preferring for nobody to pay attention). It obviously said nothing at all about the protest. The latter is at least understandable.

So far this week the EPO has said absolutely nothing about the meeting of the Administrative Council (perhaps preferring for nobody to pay attention).Weve been tracking quite closely how the EPOs media strategy developed/(d)evolved so far this week and how it worked throughout the day. What it did today is noteworthy as the EPO does, in our assessment, at least subconsciously hide the discrimination against SMEs, the declining patent quality, the likely death of the UPC and so on. Earlier today the EPO was pushing its UPC study (that it corrupted academia for) and #IPforSMEs. This is consistent with what has been happening for about a month.

The EPOs day, however, began with the latest distraction from the latest scandal. Its their PR strategy. Theyre on fire and they try to get people to look away from the flames. The EPO retweeted people first thing in the morning [1, 2, 3] to distract from the major scandals. Its just their PR stunt (intended to shift attention). The EPOs PR team added its own to the mix later in the day [1, 2]. Nothing at all about the meeting. So much for news from the EPO

The EPOs day, however, began with...

09:37

Senator calls for Justice Department to investigate Comcast-NBC merger The Hill: Technology Policy

Sen. Richard Blumenthal (D-Conn.) is calling on the Justice Department to investigate whether the 2011 Comcast-NBC merger has hurt market competition.Blumenthal sent a letter to the Trump administration's top antitrust prosecutor, Makan Delrahim, on...

08:32

Geminid Meteors to Peak on December 1314 SoylentNews

Time to get the telescopes out:

If it's clear Wednesday night and Thursday before dawn, keep a lookout high overhead for the "shooting stars" of the Geminid meteor shower. That's the peak night for this annual display.

Sky & Telescope magazine predicts that, if you are viewing under a clear, dark sky, you might see a Geminid meteor every minute or two, on average, from 10 p.m. local time on December 13th until dawn on December 14th.

"The Geminids are usually one of the two best meteor showers of the year," says Alan MacRobert, senior editor at Sky & Telescope. "Sometimes they're more impressive than the better-known Perseids of August."

If it's cloudy on the night of the peak, some Geminid meteors should still be visible for a few nights before and after the peak. If you live under the artificial skyglow of light pollution, you'll see fewer meteors overall, but the brightest ones will shine through. This year there'll be no interference from a thin waning crescent moon, which doesn't rise until after 3 a.m.

takyon: The parent body of the Geminid meteor shower, the 5.1 km asteroid 3200 Phaethon, will make its closest approach to Earth on December 16 at about 0.0689 AU. It won't come closer until the year 2093.

The Mysterious Asteroid Behind the Year's Best Meteor Shower


Original Submission

Read more of this story at SoylentNews.

08:31

ISIS & Al Qaeda: Whats Coming Down the Line for the U.S. in 2018 Security Affairs

ISIS & Al Qaeda: Whats Coming Down the Line for the U.S. in 2018. From drones to chemical attacks, which are the major risks?

Last month, the Department of Homeland Security (DHS) warned that, our enemies remain focused on attacking the United States, and they are constantly adapting. DHS and its partners are stepping up efforts to keep terrorists out of America and to prevent terrorist recruitment and radicalization here at home, and we urge the public to remain vigilant and report suspicious activity.

The DHS also indicated the U.S. is facing a significant, ongoing terror threat and the agencys website displayed an Elevated alert level (second from the most severe), which means a credible threat of terrorism against the U.S. exists.

Guess Whos Back

Al Qaeda never really went away, of course. The 30-year-old terrorist organization had just, for the most part, receded to the background while the Islamic State took center stage. While ISIS has been driven out of Iraq and Syria, they are alive and well in Africa and Europe. ISIS supporters can be found in the U.S. as well, as evidenced by recent activity by the groups devotees.

Al Qaeda has reemerged as stronger now than they were when Bin Laden was killed. While the world was focused on ISIS, al Qaeda was quietly amassing power, planning, strengthening alliances and fundraising.

Earlier in the year, Stratfor reported that some are concerned that al Qaeda and ISIS may reunite:

The idea of the global jihadist movements two major poles joining forces is certainly a troubling one. The combined capabilities of the Islamic State and al Qaeda could pose a significant threat to the rest of the world, making them a much more dangerous enemy together than divided.

Though both groups follow Salafist ideology, it might be difficult to merge the two groups divergent goals. The Islamic State seeks global conquest in the establishment of Caliphate, while Al Qaeda is focused on the demise of the United States. Al Qaeda boasts a sophistication gained from years of experience, selectivity in r...

08:31

SilverStone TS421S 4-Disk SATA/SAS Disk Enclosure Phoronix

While SilverStone is mostly known for their computer cases, power supplies, and other peripherals, with the TS421S they have a compelling four-disk drive enclosure on their hands. The TS421S drive storage device supports up to four SAS/SATA 2.5-inch drives over a single mini-SAS SFF-8088 cable.

08:21

Maplesoft Resource Library IEEE Spectrum Recent Content full text

Maplesoft-Resource-Library

maplesoft logoRead the latest technical whitepapers about mathematics-based software solutions brought to you by Maplesoft. Maplesoft has provided solutions to educators, engineers, and researchers in science, technology, engineering, and mathematics (STEM) for over 25 years. Their flagship product, Maple, combines the worlds most powerful mathematics engine with an interface that makes it easy to analyze, explore, and solve mathematical problems.

This is sponsored content and is brought to you by Maplesoft.

Modeling of Complex Ultrasonic Motors for Controller Design

MB-wp-thumbnail_Glob-Top-Encapsulants_2

Ultrasonic motors present unique modeling challenges. The phenomena created in which ultrasonic waves with high frequencies are produced are difficult to capture in a model. The model must be accurate and execute quickly to be useful for controller design. Using a Reduced Order Model created by Model Order Reduction of a Finite Element Model has shown great benefits. This whitepaper discusses how Maples advanced calculation capabilities supported this process.

Calculation Management Done Right

MB-wp-thumbnail_Glob-Top-Encapsulants_2

Calculation Management is fundamental to managing company assets across an organization to reduce errors and create a streamlined process.

...

08:05

GOP lawmakers urge FCC to repeal net neutrality rules ahead of vote The Hill: Technology Policy

More than a hundred House Republicans sent a letter to the Federal Communications Commission (FCC) on Wednesday applauding the agency's plan to repeal its net neutrality rules."This proposal is a major step forward in the effort...

08:00

Guitar Game Plays with Enhanced Realism Hackaday

Theres a lot more to learning how to play the guitar than just playing the right notes at the right time and in the right order. To produce any sound at all requires learning how to do completely different things with your hands simultaneously, unless maybe youre a direct descendant of Eddie Van Halen and thus born to do hammer ons. Theres a bunch of other stuff that comes with the territory, like stringing the thing, tuning it, and storing it properly, all of which can be frustrating and discouraging to new players. Add in the calluses, and its no wonder people like Guitar Hero so much.

[Jake] and [Jonah] have found a way to bridge the gap between pushing candy colored buttons and developing fireproof calluses and enough grip strength to crush a tin can. For their final project in [Bruce Land]s embedded microcontroller design class, they made a guitar video game and a controller thats much closer to the experience of actually playing a guitar. Whether youre learning to play for real or just want to have fun, the game is a good introduction to the coordination required to make more than just noise.

In an interesting departure from standard stringed instrument construction, plucking is isolated from fretting.  The player fingers notes on four strings but plucks a special, fifth string with a conductive pick that closes the plucking circuit. By contrast, the fretting strings are normally high. When pressed, they contact the foil-covered fingerboard and the circuit goes low. All five strings are made of carbon-impregnated elastic and wrapped with 30AWG copper wire.

All five strings connect to an Arduino UNO and then a laptop. The laptop sends the signal to a Bluefruit friend to change Bluetooth to UART in order to satisfy the PIC32. From there, it goes out via 2-channel DAC to a pair of PC speakers. One channel has the string tones, which are generated by Karplus-Strong. To fill out the sound, the other DAC channel carries undertones for each note, which are produced by sine tables and direct digital synthesis. Theres no cover charge; just click past the break to check it out.

If youd like to get into playing, but dont want to spend a lot of money to get started, dont pass up those $30-$40 acoustics for kids, or even a $25 ukulele from a toy store. You could wind your own pickup and go electric, or add a percussive solenoid to keep the beat.

...

07:48

Links 13/12/2017: GIMP 2.9.8, Fedora 25 End Of Life, AltOS 1.8.3 Techrights

GNOME bluefish

Contents

GNU/Linux

  • Server

    • Kubernetes on AWS Leads CNCF Cloud Native Survey

      A survey conducted by the Cloud Native Computing Foundation indicates that the deployment of Kubernetes on AWS and other public clouds is on the rise.

    • What Is Kubernetes?

      Kubernetes is one of the hottest technologies in the cloud world today, with organizations big and small talking about the open-source platform. But what exactly is Kubernetes?

    • Kubeflow: Bringing together Kubernetes and machine learning

      Introducing Kubeflow, the new project to make machine learning on Kubernetes easy, portable, and scalable. Kubeflow should be able to run in any environment where Kubernetes runs. Instead of recreating other services, Kubeflow distinguishes itself by spinning up the best solutions for Kubernetes users.

    • Many cloud-native hands try to make light work of Kubernetes

      The Cloud Native Computing Foundation, home of the Kubernetes open-source community, grew wildly this year. It welcomed membership from industry giants like Amazon Web Services Inc. and broke attendance records at last weeks KubeCon + CloudNativeCon conference in Austin, Texas. This is all happy news for Kubernetes the favored platform for orchestrating containers (a virtualized method for running distributed applications). The technology needs all the untangling, simplifying fingers it can get.

      This is also why most in the community are happy to tamp down their competitive instincts to chip away at common difficulties. You kind of have to, said Michelle Noorali (pictured), senior software engineer at Microsoft and co-chair of KubeCon + CloudNativeCon North...

07:31

Was a Sonic Weapon Deployed in Cuba IEEE Spectrum Recent Content full text

Two dozen US embassy workers in Cuba suffered headaches, hearing loss, and brain swellingbut no one knows why Photo: Alexandre Meneghini/Reuters

Hearing loss, dizziness, sleep and vision problems, tinnitus, headaches, fatigue and now brain damagethese are the symptoms suffered by two dozen US and Canadian diplomats covertly attacked over the past year while serving in Cuba. US officials initially posited that the diplomats were victims of some sort of sonic weapon, but acoustics experts say thats nearly impossible. 

Details of the attacks have slowly become public over the last few months through a combination of media reports and announcements from US officials. Many details are still unclear. Here, we stitch together the information available, and explain why the diplomats health problems almost certainly couldnt have been caused by an acoustic weapon. 

The attacks began in late 2016 when several people serving at the US Embassy in Havana began suffering unexplained health problems, according to the AP, which first reported the story in August this year. US officials spoke to the AP on the condition of anonymity and attributed the symptoms to a covert sonic weapon. Several Canadian diplomats also experienced symptoms

The US Department of State in September publicly confirmed the attacks, but federal spokespeople avoided speculation about who or what caused them. The diplomats symptoms began while they were in their residences or in hotels, the feds confirmed. Onset of the symptoms in some cases were accompanied by audible, agonizing sounds, and in other cases by no sound, according to media reports. 

Health problems for the victims then ensued, and included hearing loss, dizziness, balance problems, difficulty sleeping, ear-ringing (tinnitus) , headaches, fatigue, and cognitive issues, according to the State Department. The American Foreign Service Association, after meeting with some of the victims, added to that list: cognitive disruption, mild traumatic brain injury, and brain swelling.

US officials have called the attacks ongoing and in October...

07:20

New York AG: As many as 2 million net neutrality comments are fake The Hill: Technology Policy

As many as 2 million net neutrality comments filed to the Federal Communications Commission (FCC) were fake, according to the New York Attorney Generals office.New York Attorney General Eric Schneiderman (D) slammed the FCC on Wednesday...

07:06

Politics: Jones Wins Upset in Alabama Senate Race SoylentNews

Democrat Doug Jones won a remarkable upset victory over controversial rival Roy Moore in the diehard Republican state of Alabama on Tuesday to win election to the US Senate.

By a margin of 49.5 to 48.9 with 91% of precincts reporting, Jones dealt a major blow to Donald Trump and his efforts to pass tax reform on Capitol Hill. Jones was able to become the first Democrat in a decade to win any statewide office in Alabama by beating Moore, who had faced multiple allegations of sexual assault during a campaign which exposed Republican party faultlines.

The Democratic victory will reduce the Republican majority in the Senate to 51-49 once Jones takes his seat on Capitol Hill. This significantly reduces the margin for error as Republicans attempt to push through a major corporate tax cut.

takyon: The final count is:

Doug Jones - 671,151 votes (49.9%)
Roy Moore - 650,436 votes (48.4%)
Write-ins (total) - 22,819 votes (1.7%)

The margin for an automatic recount in Alabama is 0.5%. Roy Moore has yet to concede.


Original Submission

Read more of this story at SoylentNews.

07:00

Patent Power 2017 IEEE Spectrum Recent Content full text

New competitorsand a new industrymix up the scorecards Illustration: iStockphoto

Illustration by iStockphoto Illustration: iStockphoto

Two household namesAmazon and eBayare new additions to this years Patent Power Scorecards. Its not that they hadnt had valuable patent portfolios previously, but they had been omitted because their primary industry was retailing, which fell outside the tech-sector scope of the scorecards. However, as Amazon has branched out into Web services, its patent portfolio has become increasingly dominated by patents related to technologies such as networking infrastructure, Web transactions, and server hardware. The same is true for eBay, making both companies a natural fit for the Communication/Internet Services scorecard. Indeed, Amazon enters the scorecard straight into first place, knocking Google off the top spot. This makes Amazon the first company ever to rank ahead of Google in the Communication/Internet Services scorecard.

The Solid-State Lighting/Displays scorecard is also new this year. Companies in this scorecard focus on lighting and display applications, including computer displays, LEDs, touch screens, and flexible lighting solutions for commercial and domestic environments. Cree and Japan Display have the largest patent portfolios in this technology, with the former taking first place in the scorecard. Other companies with smaller high-impact portfolios include Kopin (displays for portable electronics), Elo Touch (touch screens), and Lighting Science Group (LED lighting systems).

graphic link to the interactive patent scorecard page

Elsewhere, well-known names continue to lead the way...

Interactive: Patent Power 2017 IEEE Spectrum Recent Content full text

The technology worlds most valuable patent portfolios Illustration: iStockphoto

This is an interactive table of 18 industry scorecards with the top 20 companies in each sector. To see an individual industry scorecard, slide the control to select the industry you want.

For an explanation of how the metrics are used to determine how the Pipeline Power score is derivedwhich takes into account the value rather than the raw quantity of patents in a portfolioread the sidebar, "Constructing the Patent Power Scorecard"


Below is...

06:56

Hackers behind Mirai botnet & DYN DDoS attacks plead guilty HackRead

By Waqas

A group of three hackers have pleaded guilty to their role in

This is a post from HackRead.com Read the original post: Hackers behind Mirai botnet & DYN DDoS attacks plead guilty

06:00

How to configure wireless wake-on-lan for Linux WiFi card nixCraft

I have Network Attached Storage (NAS) server that backups all my devices. However, I am having a hard time with my Linux powered laptop. I cannot backup my laptop/computer when it is in suspended or sleep mode. How do I configure my wifi on a laptop to accept a wireless wol when using Intel-based wifi card?

05:58

Google Play Store Rejects App For Using the Word BitTorrent TorrentFreak

Until this day, no fully-featured torrent client has managed to get listed in the store, at least not permanently but Google Play has been more welcoming. The popular app store for Android devices has had a nice collection of BitTorrent apps for years, including several well-known brands.

Last weekend, however, the developers of the relatively new BitTorrent client BiglyBT learned that the term BitTorrent is no longer allowed. When they pushed an update of their app on Google Play they were informed that their description violated the metadata policy.

I reviewed your app and had to reject it because it violates our metadata policy. The apps full description mentions other brands: Bittorrent.

Play Store rejection

Needless to say, the BiglyBT developers were astounded. The app is created by seasoned BitTorrent developers who previously worked on Azureus and Vuze. Since BitTorrent is the name of the transfer protocol their app is using, they expected no issues.

Initially, this wasnt the case. When the app was first submitted, Google didnt flag the description as problematic, but something apparently changed.

Looks like either Google just newly considered Bittorrent a brand, or Bittorrent Inc has decided to enforce their name. I guess its not good enough anymore that bittorrent is also the protocol name, BiglyBT developer TuxPaper informed us.

It could indeed have been possible that BitTorrent Inc, which owns the relevant trademark in the US, had started to enforce it. However, thats not the case. The San Francisco company informs TorrentFreak that they havent asked Google to take any action.

Interestingly, BitTorrent Inc.s own uTorrent app also disappeared from Googles app store for a few days last month, but its unclear to us why this was. The app eventually returned though, and there are also plenty of other apps with BitTorrent mentions on Google Play.

The good news for BiglyBTs developers is that their app was allowed back on Google P...

05:50

White House unveils report on modernizing government IT The Hill: Technology Policy

The White House released a report Wednesday on modernizing the government's information technology, urging agencies to move to cloud storage.The report also outlined general steps the government should take to ramp up its modernization efforts. The...

05:38

Help the FSF share free software licenses with the world FSF blogs

As software permeates more and more aspects of society, the Free Software Foundation (FSF) must expand our work to protect and extend computer user freedom. We launched our annual fundraiser with the goal of welcoming 700 new Associate Members and raising $450,000 before December 31st. Please support the work at the root of the free software movement: make a donation or - better yet - join us and become a member today.

Through it all, the FSF's licensing team was there to help people to understand these changes and how they affect users. From our work answering licensing questions from the public, to managing certification programs like Respects Your Freedom, to handling license compliance for the GNU Project, to providing resources like our list of free software licenses, we were there to lend a guiding hand. But if we want to continue this work, and do an even better job in 2018, we need your help. We want to share a bit about the work that we do on the licensing team, and let you know why it is so vital that this work continues.

Helping users understand licensing

05:33

Android 8.0 Oreo Running on 0.5% of Android Devices SoylentNews

Android Oreo was released on August 21. Adoption is at 0.5% (among devices that accessed the Play Store in early December):

Yesterday, Google released some fresh platform data explaining how many devices are running each version. Android 8.0, as you might expect, is struggling with a measly 0.5 percent share. Google's latest Pixel phones run the software, but otherwise it's hard to come by. There are some outliers, of course the quietly impressive HTC U11, for instance but most are still shipping with a variant of Android Nougat. Which is, well, hardly ideal for Google.

Android 7.0 and 7.1 have a combined share of 23.3 percent. Respectable, but still behind 6.0 Marshmallow (29.7 percent) and Android Lollipop (26.3 percent).

Here's an article about changes in Android 8.1.

Also at 9to5Google and Wccftech.


Original Submission

Read more of this story at SoylentNews.

05:30

2D Material Integrates Digital Logic and Memory Into One Chip IEEE Spectrum Recent Content full text

Researchers use molybdenum disulfide to build a 1-transistor-1-resistor memory cell Image: Stanford University/IEDM The layout of a new 1-transistor-1-resistor (1T1R) 2D memory cell produced by researchers at Stanford University.

Researchers at Stanford University have demonstrated that field-effect transistors made from a single layer of molybdenum disulfide (MoS2) can successfully drive resistive random access memory. The results, which were reported last week at the IEEE International Electron Devices Meeting, represent a key milestone for the blending of memory with logic in a monolithic 3D integrated chip. 

The chip the Stanford researchers developed is known as a 1-transistor-1-resistor memory cell. The architecture of these 1T1R memory cells offers enormous benefits over a memory array composed of memory cells with resistive random access memory (RRAM) and without a transistor.

Without the transistor, all the memory cells in a RRAM device end up being connected to various lines, rendering the memory array essentially a large resistor network. When one attempts to select one memory cell for reading, the read current will not only come from the selected memory cells in the memory array but also have currents in the form of leakage currents from all the unselected cells. Because of this leakage of current from the unselected cells, the voltage across the selected memory cell will be smaller than the applied voltage.

The benefit of having 1T1R memory cell is that the transistor can turn on and off and isolate the targeted memory cell from other memory cells, so that leakage current can be suppressed.

While silicon-based FETs have been used for 1T1R memory cells, the advantage of monolayer MoS2 is that they can be transferred at low temperatures, making it possible to stack the memory layers and logic layers on top of each other in a monolithic 3D configuration, said Rui Yang, a post-doctoral research fellow at Stanford and lead author of the research conducted within H. -S. Philip Wongs Nanoelectronics Lab

Yang added that the MoS2 field-effect transistor channel is atomically thin so that nanoscale interlayer vias, which serve as a kind of tunnel, can connect the...

05:29

Bugs in iscsiuio Open Source Security

Posted by Qualys Security Advisory on Dec 13

Hi all,

We took a quick look at iscsiuio (from the iscsi-initiator-utils),
discovered several bugs, and sent a brief report of our findings to
linux-distros (on Monday, December 11). It was then decided that we
should send this report to oss-security on Wednesday, December 13:
please see below.

Notes: we did not have the time to draft a proper advisory, so this is
rather raw material, but hopefully it will be useful and detailed
enough; also,...

05:25

Citizen Lab at the Internet Governance Forum News The Citizen Lab

Irene Poetranto, Citizen Lab Senior Researcher, will be attending the Internet Governance Forum (IGF) in Geneva, Switzerland, December 18-21. In addition to hosting a booth to provide information on Citizen Labs research, she will also be participating in two panel discussions.

Please note that remote participation will be available for IGF events.

Human Rights-based Cybersecurity Strategy

Poetranto will be moderating this panel which will address the risks and challenges at play when we investigate cybersecurity and human rights. Sunday, December 17, 9:00-14:00.

A Playbook for Gender Equality: How to harness the power of digital media and emerging tech

Poetranto will be a panellist in this discussion and will speak to the effects that cyber policies and regulations have on women and girls. Monday, December 18 at 11:50-13:20

Additional information can be found on the IGF website.

The post Citizen Lab at the Internet Governance Forum appeared first on The Citizen Lab.

05:22

[$] An overview of KubeCon + CloudNativeCon LWN.net

The Cloud Native Computing Foundation (CNCF) held its conference, KubeCon + CloudNativeCon, in December 2017. There were 4000 attendees at this gathering in Austin, Texas, more than all the previous KubeCons before, which shows the rapid growth of the community building around the tool that was announced by Google in 2014. Large corporations are also taking a larger part in the community, with major players in the industry joining the CNCF, which is a project of the Linux Foundation. The CNCF now features three of the largest cloud hosting businesses (Amazon, Google, and Microsoft), but also emerging companies from Asia like Baidu and Alibaba.

04:42

GAPID 1.0 Released As Google's Cross-Platform Vulkan Debugger Phoronix

Back in March we wrote about GAPID as a new Google-developed Vulkan debugger in its early stages. Fast forward to today, GAPID 1.0 has been released for debugging Vulkan apps/games on Linux/Windows/Android as well as OpenGL ES on Android...

04:23

Hallmarks of Aging: Telomere Attrition Lifeboat News: The Blog

This is the third part of our ongoing series of articles that discuss the Hallmarks of Aging. Published in 2013, the paper divides aging into distinct categories (hallmarks) of damage to explain how the aging process works and how it causes age-related diseases[1].

Today, we will be looking at one of the primary hallmarks, telomere attrition.

04:20

Microsoft Launches Quantum Development Kit In Free Preview Version TechWorm

Software giant releases a quantum programming language and simulator

Microsofts Quantum Development Kit was first revealed at the Ignite conference in September. According to the company, the Q# programming language is a high-level programming language that includes a native type system for qubits, operators and abstractions. The local version, released as part of the preview, can simulate up to 32 quantum bits (qubits) using a typical laptop (some 32GB of RAM). Microsoft is also offering an Azure-based simulator that can scale up to 40 logical qubits of computing power.

Quantum computing takes a giant leap forward from todays technologyone that will forever alter our economic, industrial, academic, and societal landscape. With the preview release of the Microsoft Quantum Development Kit, we are one step closer to realizing this vision, the Microsoft Quantum Team, wrote in a post.

While quantum computing is complex, to say the least, Microsoft says its kit is designed to get developers up to speed with programming on quantum computers. According to the company, the kit can be used by all developers, as the kit does not require one to be an expert in quantum physics. Also, since its deeply integrated into Visual Studio (VS), a lot of elements will be familiar to developers who already use VS to develop apps.

What youre going to see as a developer is the opportunity to tie into tools that you already know well, services you already know well, Todd Holmdahl, corporate vice president in charge of the companys quantum effort, said in an announcement. There will be a twist with quantum computing, but its our job to make it as easy as possible for the developers who know and love us to be able to use these new tools that could potentially do some things exponentially faster which means going from a billion years on a classical computer to a couple hours on a quantum computer.

In addition, the dev kit also comes along with a comprehensive suite of documentation, libraries, and sample programs, that would help people get familiar with aspects of quantum computing such as quantum teleportation. Quantum teleportation is a method of securely sharing information across qubits connected by quantum entanglement.

Microsofts plan is to build a full-fledge quantum computing sy...

04:07

NetworkManager Picks Up Support For Intel's IWD WiFi Daemon & Meson Build System Phoronix

NetworkManager now has support for Intel's lean "IWD" WiFi daemon...

03:58

Linaro ERP 17.12 released LWN.net

Linaro has announced the 17.12 release of its "Enterprise Reference Platform" distribution. "The goal of the Linaro Enterprise Reference Platform is to provide a fully tested, end to end, documented, open source implementation for ARM based Enterprise servers. The Reference Platform includes kernel, a community supported userspace and additional relevant open source projects, and is validated against existing firmware releases."

03:56

Netflix Mocks Christmas Film Viewing Habits in "Creepy" Tweet SoylentNews

Netflix tweeted that 53 people had watched its new Christmas film every day for 18 days in a row, highlighting its ability to track the viewing habits of its users:

Netflix has defended a tweet that revealed 53 people had watched its new Christmas film every day for 18 days in a row. "Who hurt you?" read the tweet, addressed to them.

The tweet caused controversy, with some saying it was "creepy" of the platform to keep such close tabs on its audience, and mock their choices. However, others found it entertaining - and unsurprising that Netflix should know what its customers were viewing.

In a statement, Netflix said the privacy of its members was important. "This information represents overall viewing trends, not the personal viewing information of specific, identified individuals," said a representative.


Original Submission

Read more of this story at SoylentNews.

03:35

Tips for an Information Security Analyst/Pentester career - Ep. 46: Post-exploitation (pt. 2) The S@vvy_Geek Tips Tech Blog

In this post, we'll keep analyzing post-exploitation tools and techniques.



a) Recording keystrokes 

We can start a keylogger on the victim machine with keyscan_start.

Anything we type in the victim machine will be logged and we can view it with keyscan_dump.


b) Grabbing SCP credentials:

 Our Windows XP target includes a software called WINSCP, allowing to use Secure Copy (SCP), a UNIX protocol based on SSH, working on TCP port 22, in Windows.

We purposefully saved the password in the program settings (which is not recommended by the software itself) and, thanks to the post/windows/gather/credentials/winscp post-exploitation module, we're able to grab the credentials so we can successfully copy files from XP to Ubuntu.


c) Analyzing bash command history:

In the previous post, we had gotten a reverse shell from Ubuntu by using a public exploit. 

As we're still connected as root, we can analyze the bash command history for user georgia, located under /home/georgia/.bash_history.

We notice a very interesting line; Georgia was so kind to tell us what her password was. 

We could have saved some time in the previous post, but everything you learn isn't wasted time, anyway.

03:23

Mirai IoT Botnet Co-Authors Plead Guilty Krebs on Security

The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called Internet of Things devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

Entering guilty pleas for their roles in developing and using Mirai are 21-year-old Paras Jha from Fanwood, N.J. and Josiah White, 20, from Washington, Pennsylvania.

Jha and White were co-founders of Protraf Solutions LLC, a company that specialized in mitigating large-scale DDoS attacks. Like firemen getting paid to put out the fires they started, Jha and White would target organizations with DDoS attacks and then either extort them for money to call off the attacks, or try to sell those companies services they claimed could uniquely help fend off the attacks.

CLICK FRAUD BOTNET

In addition, the Mirai co-creators pleaded guilty to charges of using their botnet to conduct click fraud a form of online advertising fraud that will cost Internet advertisers more than $16 billion this year, according to estimates from ad verification company Adloox. 

The plea agreements state that Jha, White and another person who also pleaded guilty to click fraud conspiracy charges a 21-year-old from Metairie, Louisiana named Dalton Norman  leased access to their botnet for the purposes of earning fraudulent advertising revenue through click fraud activity and renting out their botnet to other cybercriminals.

As part of this scheme, victim devices were used to transmit high volumes of requests to view web addresses associated with affiliate advertising content. Because the victim activity resembled legitimate views of these websites, the activity generated fraudulent profits through the sites hosting the advertising content, at the expense of online advertising companies.

Jha and his co-conspirators admitted receiving as part of the click fraud scheme approximately two hundred bitcoin, valued on January 29, 2017 at over $180,000.

Prosecutors say Norman personally earned over 30 bitcoin, valued on...

03:19

ROBOT Attack: RSA TLS crypto attack worked against Facebook, PayPal, and tens of 100 top domains Security Affairs

ROBOT ATTACK Security experts have discovered a 19-year-old flaw in the TLS network security protocol that affects many software worldwide.

The security researchers Hanno Bck and Juraj Somorovsky of Ruhr-Universitt Bochum/Hackmanit, and Craig Young of Tripwire VERT, have discovered a 19-year-old vulnerability in the TLS network security protocol in the software several tech giants and open-source projects.

The flaw in RSA PKCS #1 v1.5 encryption affects the servers of 27 of the top 100 web domains, including Facebook and PayPal, it could be exploited by an attacker to decrypt encrypted communications.

The researchers dubbed the flaw ROBOT, which stands for Return Of Bleichenbachers Oracle Threat.

ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server. the researchers explained.

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption.

We discovered that by using some slight variations this vulnerability can still be used against many HTTPS hosts in todays Internet.

Today we are still discussing the ROBOT attack because the mitigations drawn up at the time were not enough and many software vendors did not properly implement these protections.

The real underlying problem here is that the protocol designers decided (in 1999) to make workarounds for using an insecure technology rather than replace it with a secure one as recommended by Bleichenbacher in 1998. said Young. 

ROBOT ATTACK

This ROBOT attack could allow attackers to decrypt RSA ciphertexts without recovering the servers private key as explained in a security advisory published by CISCO....

03:14

Banker jailed for helping criminals who stole millions using Dridex malware HackRead

By Uzair Amir

Cybersecurity specialists often emphasize the dangers of insider threats and

This is a post from HackRead.com Read the original post: Banker jailed for helping criminals who stole millions using Dridex malware

03:09

Security updates for Wednesday LWN.net

Security updates have been issued by Debian (tiff), openSUSE (firefox, fossil, GraphicsMagick, and libheimdal), Red Hat (rh-java-common-lucene and rh-java-common-lucene5), and Ubuntu (libxml2).

03:07

Ubuntu Developers Working Towards The Eventual Demotion Of GTK2 Phoronix

Not only are Ubuntu developers working towards demoting Python 2 on their Linux distribution but they are also working on being able to demote the GTK2 tool-kit from the main archive to universe followed by its eventual removal in the future...

02:30

France to Ban Use of Mobile Phones in Schools from September cryptogon.com

Via: Guardian: The French government is to ban students from using mobile phones in the countrys primary, junior and middle schools. Children will be allowed to bring their phones to school, but not allowed to get them out at any time until they leave, even during breaks. A proposed ban was included in Emmanuel Macrons []

02:24

Uber Customer Accidentally Charged $18,000 For A 21-Minute Ride TechWorm

Uber Accidentally Charges A Customer $18K For A 21-Minute Ride That Was Supposed To Cost Under $20

Never would have an Uber customer thought in his wildest dreams that a 21-minute cab ride would cost him $18,000.

The victim, Hisham Salama grabbed an Uber to visit a friend at St. Josephs hospital in Toronto, Canada on Friday night. He was expecting to pay around $20 for the ride. However, he was shocked to see a significant amount of $18,518.50 pending on his credit card for a five-mile, 21-minute ride that was supposed to cost only $12 to $16, according to Slate.

When he contacted Uber, the company said the fare was accurate and refused to alter the charge. My first reaction was to just laugh, because I thought it was probably just an error but then about 20 minutes (later), when I was with my friend, I thought I should probably check my credit card to make sure everything was OK, said Salama, who had opted for the metered Taxi fare instead of the standard Uber X ride, reported Vice. Thats when he noticed there was a significant amount pending on his credit card.

The news of the incident was first reported by a friend of Salama on Twitter on Saturday disputing the price charged.

02:22

Engineers create plants that glow Lifeboat News: The Blog

Imagine that instead of switching on a lamp when it gets dark, you could read by the light of a glowing plant on your desk.

MIT engineers have taken a critical first step toward making that vision a reality. By embedding specialized nanoparticles into the leaves of a watercress plant, they induced the plants to give off dim for nearly four hours. They believe that, with further optimization, such plants will one day be bright enough to illuminate a workspace.

The vision is to make a plant that will function as a desk lampa lamp that you dont have to plug in. The light is ultimately powered by the energy metabolism of the plant itself, says Michael Strano, the Carbon P. Dubbs Professor of Chemical Engineering at MIT and the senior author of the study.

02:17

Moneytaker hacker group stole millions from U.S. and Russian banks TechWorm

Russian hacking group steals more than $10 million from U.S. banks

A Moscow-based security firm, Group-IB has discovered a new group of Russian-speaking hackers who have stolen millions of dollars since May 2016 through international heists.

In a 36-page report published on Monday, Group-IB, which runs the largest computer forensics laboratory in eastern Europe, provided details of the newly-disclosed hacking group MoneyTaker named after a piece of custom malware it uses. According to the Group-IB, the hacking group has carried out more than 20 successful attacks on financial institutions and legal firms in the U.S., UK and Russia in the last two months alone.

The MoneyTaker group stole funds by targeting electric fund transfer networks like SWIFT (Society for Worldwide Interbank Financial Telecommunication). The MoneyTaker group also targeted law firms and financial software vendors. Group-IB has confirmed that 20 companies were successfully hacked, of which 16 attacks were on U.S. organizations, three on Russian banks, and one against an IT company in the UK.

In the U.S., the group primarily targeted smaller, community banks as victims, and stole money by infiltrating the credit card processor, including the AWS CBR (Russian Interbank System) and SWIFT international bank messaging service (U.S.). This act of theirs went unnoticed for a year and a half.

MoneyTaker uses publicly available tools, which makes the attribution and investigation process a non-trivial exercise, said Dmitry Volkov, Group-IB co-founder and head of intelligence. In addition, incidents occur in different regions worldwide and at least one of the US banks targeted had documents successfully exfiltrated from their networks, twice.

The first attack happened in spring of 2016 when money was stolen from a bank by breaching its STAR network, a bank transfer messaging system that connects 5,000 ATMs in the U.S.

MoneyTaker members also targeted an interbank network known as AWS CBR, which interfaces with Russias central bank. The hackers also stole internal documents related to the SWIFT banking system, although theres no evidence they have successfully carried out attacks over it.

The scheme is extremely simple. After taking control over the banks network, the attackers checked if they could connect to the card processing system. Following this, they legally opened or bought cards of the bank whose IT system they had hacked. Money mules criminals who withdraw money from ATMs with previously activated cards went abroad and waited for the operation to begin, said the Group-IB.

After getting into the card processing system, the attackers removed or increased cash withdrawal limits for the cards held by the mules. They removed overdraft limits, which made it poss...

02:14

Human-Sized Penguins Once Roamed New Zealand SoylentNews

A fossilized partial skeleton of an ancient giant penguin has been described:

The remnants of an ancient penguin that stood as tall as a grown man have been found encased in rock on a beach in New Zealand.

Fossil hunters chanced upon the prehistoric bones in sedimentary rock that formed 55 to 60 million years ago on what is now Hampden beach in Otago on the country's south island.

Measurements of the partial skeleton show that the flightless bird weighed about 100 kilograms and had a body length of 1.77m (5ft 10in), equal to the average height of an American man. Emperor penguins, the tallest penguin species alive today, reach only 1.2m when fully grown.

[...] The pieces of the latest skeleton, including wing, spine, breast and leg bones, were first discovered more than a decade ago, but the rock holding the fossilised bones was so hard that it has taken until now for researchers to prepare and study the remains.

Also at NYT and LA Times.

A Paleocene penguin from New Zealand substantiates multiple origins of gigantism in fossil Sphenisciformes (open, DOI: 10.1038/s41467-017-01959-6) (DX)


Original Submission

Read more of this story at SoylentNews.

02:04

6-year-old YouTube star earns $11 million a year for reviewing toys TechWorm

This 6-year-old boy is making $11 million a year on YouTube reviewing toys

Ryan, an average six-year-old, who likes playing with toy cars, riding tricycles, and going down water slides, became YouTubes biggest star last year when he made $11 million. Thanks to his family-run YouTube channel Ryan ToysReview.

According to Forbes annual list of highest-earning YouTube celebrities, Ryan ToysReview channel fetched the host Ryan about $11 million between June 1, 2016 and June 1, 2017 before management fees and taxes, of course. This earning saw him get the eight position on the Forbes list, which he shares with Anthony Padilla and Ian Hecox, of the popular comedy channel, Smosh.

Ryan was watching a lot of toy review channels some of his favorites are EvanTubeHD and Hulyan Maya because they used to make a lot of videos about Thomas the Tank Engine, and Ryan was super into Thomas, Ryans mother told TubeFilter last year. One day he asked me, How come Im not on YouTube when all the other kids are? So we just decided yeah, we can do that. Then we took him to the store to get his very first toy I think it was a Lego train set and it all started form there.

The familys channel, Ryan ToysReview, was created in March 2015. It initially didnt get many views but started going viral within four months after they released a video in July 2015 titled 100+ cars toys GIANT EGG SURPRISE OPENING Disney Pixar Lightning McQueen kids video Ryan ToysReview. As of December 2017, this video has more than 800 million views. Further, another video that shows Ryan running through an inflatable Cars water slide posted in April 2016 has earned him more than a billion views.

The adorable YouTuber has over 10 million subscribers and his videos have been viewed more than 16 billion times. The videos normally feature him playing games with his family and being surprised with toys. Also, the videos feature sincere and enthusiastic commentary from Ryan with off-camera guidance from his parents. According to The Verge, Ryans channel viewership converts to around $1 million...

02:01

Accident Forgiveness Comes to GPLv2 Hackaday

Years ago, while the GPLv3 was still being drafted, I got a chance to attend a presentation by Richard Stallman. He did his whole routine as St IGNUcius, and then at the end said he would be answering questions in a separate room off to the side. While the more causal nerds shuffled out of the presentation room, I went along with a small group of free software aficionados that followed our patron saint into the inner sanctum.

Yes, he really dresses up like this.

Interestingly, a few years after this a GPLv2 program of mine was picked up by a manufacturer and included in one of their products (never underestimate yourself, fo...

02:00

3 Essential Questions to Ask at Your Next Tech Interview

Title: 
3 Essential Questions to Ask at Your Next Tech Interview

01:34

GOP lawmaker becomes first to call on FCC to delay net neutrality decision The Hill: Technology Policy

Republican Rep. Mike Coffman (Colo.) has become the first GOP lawmaker to call for the Federal Communications Commission (FCC) to delay its vote to repeal net neutrality. Repealing the rules that mandate an open internet "...

01:27

KWin On Wayland Without X11 Support Can Startup So Fast It Causes Problems Phoronix

It turns out that if firing up KDE's KWin Wayland compositor without XWayland support, it can start up so fast that it causes problems...

01:00

Taking the physicians pulse on cybersecurity Help Net Security

More than four in five U.S. physicians (83 percent) have experienced some form of a cybersecurity attack, according to Accenture and the American Medical Association (AMA). This, along with additional findings, signals a call to action for the healthcare sector to increase cybersecurity support for medical practices in their communities. Cybersecurity concerns The findings, which examined the experiences of roughly 1,300 U.S. physicians, underscore the recognition that it is not if but when a cyberattack More

01:00

A Case Against Net Neutrality IEEE Spectrum Recent Content full text

Allowing ISPs to throttle and prioritize network traffic could improve the user experiencebut we need better ways to monitor such behavior Illustration: IEEE Spectrum; Icons: Getty Images

This is a guest post. The views expressed in this article are solely those of the blogger and do not represent positions of IEEE Spectrum or the IEEE.

The U.S. Federal Communications Commissions (FCC) proposal to roll back the previous administrations Open Internet Order has put network neutrality back in the news. The FCCs new order, titled Restoring Internet Freedom, removes the bright-line rules enforced by the previous order. If the FCC passes its new order tomorrow, Internet service providers (ISPs) will no longer be prohibited from blocking, throttling, and prioritizing traffic.

A widely expressed concern about the FCCs new proposal is that permitting ISPs to create fast lanesin other words, letting ISPs charge content providers for delivering their traffic to users at a certain speed or quality will jeopardize long-term innovation. While large content providers such as Google, Facebook, and Netflix can afford to pay ISPs for that service, a new company probably wont be able to. Allowing ISPs to throttle traffic if content providers dont pay up will make it more difficult for startups to compete with large companies.

However, an aspect of network operations that is often ignored in the popular network neutrality debate is this: It is, in fact, desirable that ISPs not always be neutral in handling network traffic.

As an example, consider two users whose Internet traffic goes through the same congested link. If one user is streaming video and another is backing up data to the cloud, a perfectly neutral network would slow down both transfers. Most people would probably agree that, to create the best experience for the most users, it would be best to slightly slow down non-interactive traffic such as data backups, and free up bandwidth for videos and voice-over-IP calls.

Both the Open Internet Order from 2015 as well as the proposed order on Restoring Internet Freedom recognize the need for ISPs to manage their networks. The difference lies in how the two orders account for network management techniques.

The Obama-era FCC administration required that ISPs be prepared to present evidencefor example, in the form of performance measurements of their networksto prove that they are managing their networks in a reasonable way. In contrast, Trumps FCC administration believes that this regulation places an undue burden on ISPs.

It is, in fact, desirable that ISPs not always be neutral in handling network traffic.

Instead, the FCCs new proposal merely requires ISPs to be transparent and...

A Case for Net Neutrality IEEE Spectrum Recent Content full text

Without it, a new era of paid prioritization will hurt the economy and leave the public behind Illustration: IEEE Spectrum; Icons: Getty Images

This is a guest post. The views expressed in this article are solely those of the blogger and do not represent positions of IEEE Spectrum or the IEEE.

In the first decades of the 20th century, telecom regulation arrived late. Facing significant competition from independent telephone companies, AT&T lost 50 percent of its market share once its patents expired. To stifle the competition, AT&T blackmailed its independent rivalsAT&T would never interconnect with them unless they were acquired by AT&T.

As a result, many customers needed two different phonesone for AT&T, and one for their local independent telephone company. AT&Ts market share increased to 89 percent by acquiring its rivals until this absurd situation was solved by imposing mandatory interconnection through regulation in 1935.

Fast forward to 70 years later. Similar to AT&Ts historical long-distance network, the Internet has become todays most important network. But, because the Internet is based on public protocols, its difficult for any one company to control. Since its inception, it has operated under network neutrality, which means the order of arrival of information packets is not disturbed by telecom and cable companies.

The dynamic changed in 2005, when AT&T officially declared its intent to kill network neutrality in order to create a new revenue stream. AT&T wanted to create two lanesa priority lane for which content and applications providers would pay extra, and a slow lane for the rest. Information from companies that did not pay would arrive later to customers. All other Internet service providers (ISPs) said they would do the same.

Under paid prioritization, all residential customers would have their Internet choices determined by the ISPs and not themselves. With no competition-based solution, regulation was the only solution. After 10 long years of proceedings, in 2015, the FCC passed rules formalizing the existing de facto network neutrality. These rules were upheld by the Appeals Court in 2016.

Unfortunately, tomorrow the FCC, heavily influenced by ISP lobbyists, will formally kill network neutrality and usher in the era of paid prioritization. Killing network neutrality is a disaster that will have long and deep negative effects on the U.S. economy, the tech sector, and economic growth.

First, it will hobble innovative small and new technology companies that, unable to pay the fees demanded by ISPs, will be put in the slow lane. These companies are the engine of growth for the economy, and the new difficulties they will face will slow the growth of the tec...

00:45

IoT data exchange: Building trust and value Help Net Security

The results of Ciscos IoT Value/Trust Paradox report show that, while most consumers believe IoT services deliver significant value for them, very few understand or trust how their IoT data is being managed and used. This conclusion has revealed an interesting paradox: despite their lack of trust in IoT data security, consumers on the whole say that they are unwilling to disconnect from IoT services, even temporarily. These findings indicate that we are approaching the More

00:42

People Support Living Longer if it Means Remaining Healthy Lifeboat News: The Blog

A number of studies in different countries show that when people are asked how long would you like to live?, they respond with a figure equal to or slightly higher than the current life expectancy in a given country[14]. So, why does the public often lack enthusiasm for longevity?

These studies have shown that, generally, the public is uninterested in living longer than normal because they believe that these extra years will be spent suffering from the illnesses of old age. This is why the public often reacts to words like longevity this way; to them, ten extra years likely means a decade spent in a wheelchair or some other decrepit state robbed of independence and health.

00:39

Breakthrough Listen to Observe Interstellar Asteroid 'Oumuamua for Radio Emissions SoylentNews

'Oumuamua's interstellar origin and unusually elongated shape has been enough to convince the billionaire-backed Breakthrough Listen to observe it to look for signs of alien technology:

The team's efforts will begin on Wednesday, with astronomers observing the asteroid, which is currently speeding away from our Solar System, across four different radio frequency bands. The first set of observations is due to last for 10 hours.

[...] Mr Milner's Breakthrough Listen programme released a statement which read: "Researchers working on long-distance space transportation have previously suggested that a cigar or needle shape is the most likely architecture for an interstellar spacecraft, since this would minimise friction and damage from interstellar gas and dust."

Andrew Siemion, director of the Berkeley SETI Research Center, who is part of the initiative, said: "'Oumuamua's presence within our Solar System affords Breakthrough Listen an opportunity to reach unprecedented sensitivities to possible artificial transmitters and demonstrate our ability to track nearby, fast-moving objects." He added: "Whether this object turns out to be artificial or natural, it's a great target for Listen."

Previously: Possible Interstellar Asteroid/Comet Enters Solar System
Interstellar Asteroid Named: Oumuamua
ESO Observations Show First Interstellar Asteroid is Like Nothing Seen Before


Original Submission

Read more of this story at SoylentNews.

00:25

Flaw in Office 365 with Azure AD Connect could result in domain compromise Help Net Security

The Preempt research team has uncovered a vulnerability with Microsoft Office 365 when integrated with an on-premises Active Directory Domain Services (AD DS) using Azure AD Connect software that unnecessarily gives users elevated administrator privileges, making them stealthy administrators. Preempt discovered this surprising issue was occurring when customers were installing Microsoft Office 365 with Azure AD Connect software for on-premise AD DS integration (hybrid deployment). Most Active Directory audit systems easily alert on excessive privileges, More

00:22

What Open Means to OpenStack

In his keynote at OpenStack Summit in Australia, Jonathan Bryce (Executive Director of the OpenStack Foundation) stressed on the meaning of both Open and Stack in the name of the project and focused on the importance of collaboration within the OpenStackecosystem.

00:15

Anderson Cooper says Twitter account hacked after tweet calling Trump a 'pathetic loser' The Hill: Technology Policy

CNN host Anderson Cooper is claiming he was hacked after his Twitter account responded to a tweet from President Trump by calling the president a "pathetic loser."Trump on Wednesday morning tweeted that GOP Senate candidate Roy Moore worked...

00:00

Emerging trends companies should prepare for in 2018 Help Net Security

Todays organizations face a cyber security landscape that is more difficult to navigate than ever before. To shed light on what lies ahead and help businesses better prepare for emerging threats, Experian Data Breach Resolution released its fifth annual Data Breach Industry Forecast with five key predictions for 2018. Our threat landscape is constantly evolving, making it increasingly difficult for businesses to mitigate risk, said Michael Bruemmer, vice president at Experian Data Breach Resolution. Its More

00:00

Light Camera Founder Explains Delays, Software Bugs, and Slow Data Transfer IEEE Spectrum Recent Content full text

Light has shipped 2,000 of its multi-lens cameras, and says a deal with a cell phone manufacturer is in the works Photo: Light

Light, the company that aims to revolutionize photography by digitally combining the output of dozens of small, low-cost camera modules with plastic lenses to create professional-quality images, started filling pre-orders last July, after about a year of delays.

Reviews, to date, have been less than enthusiastic, dinging the device on its low light performance, slow transfer rates, focusing issues, and spotty resolution with artifacts. The company promises, however, that these problems are solvableand will be fixed quickly.

I checked in with Light founder and CTO Rajiv Laroia for the details. (For more on the cameras development, read this article that Laroia wrote for IEEE Spectrum in October 2016.)

Light founder Rajiv Laroia Photo: Light Rajiv Laroia is the founder and CTO of Light. 

It is minimally viable, Laroia said of the current version, called the Light L16, and pre-order customers were told that the company had work to do before finalizing their orders. You can take pictures, he said, but it may be frustrating because we are refining the software. We gave the pre-order people an option to get the camera now and help us improve it, or to press a pause button on their purchase until it is good enough for them.

Some 2,000 customers opted to go through with their purchases since the camera started shipping in July, and all have received their cameras. Next year, Laroia predicts, tens of thousands of cameras will ship to customers. And he expects that the 120-person company will soon announce a deal with a manufacturer to integrate the technology into cell phones, which has been Lights goal from the beginning.

The Light camera takes incredible pictures when everything goes right, Laroia says. That happens more and more...

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Wednesday, 13 December

23:43

Bleichenbachers Oracle Attack rediscovered after 19 years Hacker News Bulletin | Find the Latest Hackers News

A famous 19 year old vulnerability known as Bleichenbachers Oracle attack has been rediscovered in RSA encryption system to give man-in-middle access to encrypted messages. The ROBOT attacks rediscovery was analysed and researched by Hanno Bck, Juraj Somorovsky of Ruhr-Universitat Bochum/Hackmanit GmbH, and Craig Young of Tripwire VERT. They have given detailed explanations of this

The post Bleichenbachers Oracle Attack rediscovered after 19 years appeared first on Hacker News Bulletin | Find the Latest Hackers News.

23:30

Whitepaper: Top 20 cyber attacks on ICS Help Net Security

The technique for evaluating the risk of cyber-sabotage of industrial processes are well understood by those skilled in the art. Essentially, such risk assessments evaluate a typically large inventory of possible cyber attacks against the cyber-physical system in question, and render a verdict. Communicating the verdict to business decision-makers who are not familiar with cyber-security minutia is more difficult, especially for the low-frequency, high-impact (LFHI) type of attacks for which there is little statistical data. More

23:03

Ticks May Have Infested Feathered Dinosaurs SoylentNews

Fossil evidence suggests that feathered dinosaurs were infested with ticks:

Feathered dinosaurs were covered in ticks just like modern animals, fossil evidence shows. Parasites similar to modern ticks have been found inside pieces of amber from Myanmar dating back 99 million years. One is entangled with a dinosaur feather, another is swollen with blood, and two were in a dinosaur nest.

Scientists say the discovery, which has echoes of Jurassic Park, is the first direct fossil evidence that ticks fed on the blood of dinosaurs. The research is published in the journal, Nature Communications. "Ticks parasitised feathered dinosaurs; now we have direct evidence of it," co-researcher Dr Ricardo Prez-de la Fuente of the Oxford University Museum of Natural History told BBC News. "This paper represents a very good example of the kind of detailed information that can be extracted from amber fossils."

Prototicks? On my nanoraptors?

Also at Science Magazine, NYT, and NPR.

Parasitised feathered dinosaurs as revealed by Cretaceous amber assemblages (open, DOI: 10.1038/s41467-017-01550-z) (DX)


Original Submission

Read more of this story at SoylentNews.

23:00

Many Cloud-Native Hands Try to Make Light Work of Kubernetes

The Cloud Native Computing Foundation, home of the Kubernetes open-source community, grew wildly this year. It welcomed membership from industry giants like Amazon Web Services Inc. and broke attendance records at last weeks KubeCon + CloudNativeCon conference in Austin, Texas. This is all happy news for Kubernetes the favored platform for orchestrating containers (a virtualized method for running distributed applications).

23:00

Bluetooth Gun Safe Cracked By Researchers Hackaday

Believe it or not, there are quite a few people out there who have purchased gun safes that can be remotely unlocked by Bluetooth. Now we can understand why somebody might think this was a good idea: the convenience of being able to hit a button on your phone and have your weapon available in the heat of the moment is arguably a big selling point for people who are purchasing something like this for home defense. But those with a more technical mind will likely wonder if the inherent risks of having your firearm (or other valuables) protected by a protocol that often relies on security by obscurity outweighs the convenience of not needing to enter in a combination on the keypad.

Well, you can wonder no more, as researchers at [Two Six Labs] have recently published a detailed document on how they managed to remotely unlock the Vaultek VT20i with nothing more exotic than an Ubertooth. In the end, even the Ubertooth wasnt actually required, as this particular device turned out to be riddled with security issues.

[Two Six Labs] has not publicly released the complete source code of the software demonstrated in their YouTube video for very obvious reasons, but the page on their site does go into fantastic detail on how they uncovered the multiple vulnerabilities that allowed them to write it. Even if youre not the kind of person who would ever need a gun safe, the information contained in their documentation about analyzing Bluetooth communications is fascinating reading.

It was discovered that the PIN for the safe was actually being transmitted by the accompanying smartphone application in plain-text, which would be bad enough normally. But after further analysis, it became clear that the safe wasnt even bothering to check the PIN code anyway.

...

22:33

Asynchronous Decision-Making: Helping Remote Teams Succeed

Asynchronous decision-making is a strategy that enables geographically and culturally distributed software teams to make decisions more efficiently. In this article, I'll discuss some of the principles and tools that make this approach possible.

22:28

Radeon Overlay Is Similar To A Feature Mesa Offered For Years Phoronix

With yesterday's release of the Radeon Software Adrenalin driver for Windows, it actually picks up a feature that is roughly similar to something the open-source Radeon driver stack - and all of the Mesa's Gallium3D drivers for that matter - have offered for years...

22:09

Wayland Had An Impressive 2017 With KDE Support Maturing, Mir Switching Focus Phoronix

Wayland had a very eventful year with it conquering more Linux desktops now since the switch to using GNOME Shell on Wayland with Ubuntu 17.10, Ubuntu's Mir compositor still being around but having switched to adding Wayland protocol support, KDE's Wayland support becoming day-to-day usable, and much more...

22:00

Zero hour nears for net neutrality rules The Hill: Technology Policy

The Federal Communications Commission (FCC) is moving forward with a plan to scrap net neutrality rules, defying a massive outcry from activists, Democrats and consumers.On Thursday, the FCC is expected to approve Chairman Ajit Pais proposal to...

21:57

Password Stealing Apps With Over A Million Downloads Found On Google Play Store The Hacker News

Even after so many efforts by Google like launching bug bounty program and preventing apps from using Android accessibility services, malicious applications somehow manage to get into Play Store and infect people with malicious software. The same happened once again when security researchers discovered at least 85 applications in Google Play Store that were designed to steal credentials from

21:52

December Microsoft Patch Tuesday addresses 19 Critical browser issues Security Affairs

Microsoft released Patch Tuesday updates for December 2017 that address more than 30 vulnerabilities, including 19 Critical browser issues.

Microsoft has released its Patch Tuesday updates for December 2017 that address more than 30 vulnerabilities, including 19 critical flaws affecting the Internet Explorer and Edge web browsers.

Microsoft addressed several memory corruption flaws that can be exploited for remote code execution. Most of the vulnerabilities reside in the browsers scripting engine, an attack can trigger them by tricking the victim into visiting a specially crafted website or a site that serves malicious ads.

Microsoft acknowledged researchers from Google, Palo Alto Networks, McAfee and Qihoo 360 for finding the issues.

The list of vulnerabilities fixed this month includes important information disclosure flaw tracked as CVE-2017-11927. The vulnerability affects the Windows its:// protocol handler, where the InfoTech Storage Format (ITS) is the storage format used in CHM files.

An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. read the security advisory published by Microsoft.

To exploit the vulnerability an attacker would have to trick a user into browsing to a malicious website or to an SMB or UNC path destination. An attacker who successfully tricked a user into disclosing the users NTLM hash could attempt a brute-force attack to disclose the corresponding hash password.

Microsoft patch Tuesday

The list of flaws addressed by Microsoft also includes a collection of information disclosure issues in Office, a privilege escalation vulnerability affecting SharePoint, a spoofing issue in Exchange, and a remote code execution vulnerability in Excel.

The good news is that according to Microsoft, none of the vulnerabilities addressed with the December Patch Tuesday has been exploited in att...

21:48

Cryptsetup 2.0 Released With LUKS2 Format Support Phoronix

A new major release is available of Cryptsetup, the user-space utility for dealing with the DMCrypt kernel module for setting up encrypted disk volumes...

21:24

Google and NASA to Reveal Mysterious New Space Find SoylentNews

NASA will be hosting a somewhat unusual press conference on Thursday (NASA will host a media teleconference at 1 p.m. EST Thursday, Dec. 14) to announce the latest find from its planet-hunting Kepler Space Telescope. Kepler has found many hundreds of planets beyond our solar system over the years, but this week's announcement will be different because Google will be sharing in the science spotlight.

"The discovery was made by researchers using machine learning from Google," reads a release from the space agency, adding that the breakthrough "demonstrates new ways of analyzing Kepler data."

Exactly what has been discovered won't be revealed until Thursday, but with Kepler there's always a good chance that some new distant planets will be part of the reveal. Expect to hear something about a new era of planet-hunting assisted by artificial intelligence: That would be my guess for Thursday. We'll just have to wait and see if Google's A.I. is also helping to detect signs of alien life on the numerous worlds beyond our solar system as well.

https://www.cnet.com/news/google-nasa-kepler-artificial-intelligence-machine-learning-planets/


Original Submission

Read more of this story at SoylentNews.

21:22

It Looks Like VLC 3.0 Will Finally Be Released Soon Phoronix

VLC 3.0 is something we've been looking forward to for years and it's looking like that big multimedia player update could be released very soon...

21:22

In-Space Manufacturing Is About to Get a Big Test Lifeboat News: The Blog

A bold plan to rev up off-Earth manufacturing is about to get a big test.

A small, privately built machine designed to make optical fiber is launching toward the International Space Station (ISS) aboard SpaceXs Dragon cargo capsule tomorrow (Dec. 12).

If all goes according to plan, this little factory which is owned by California-based startup Made In Space will churn out stuff thats good enough to sell here on Earth, opening up space to greater commercial use. [3D Printing: 10 Ways It Could Transform Space Travel].

21:15

[SECURITY] CVE-2017-5663: Apache Fineract SQL Injection Vulnerability Open Source Security

Posted by Nazeer Shaik on Dec 13

CVE-2017-5663: Apache Fineract SQL Injection Vulnerability

Severity: Critical

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Fineract 0.6.0-incubating
Apache Fineract 0.5.0-incubating
Apache Fineract 0.4.0-incubating

Description:
Apache Fineract exposes different REST end points to query domain specific
entities with a Query Parameter 'sqlSearch' which
is appended directly with SQL statements. A hacker/user can...

20:42

Indias grasp on IT jobs is loosening up. Is artificial intelligence to blame? Lifeboat News: The Blog

When Kumar lost his job, he became part of a wave of layoffs washing through the Indian IT industrya term that includes, in its vastness, call centers, engineering services, business process outsourcing firms, and infrastructure management and software companies. The recent layoffs are part of the industrys most significant period of churn since it began to boom two decades ago. Companies dont necessarily attribute these layoffs directly to automation, but at the same time, they constantly identify automation as the spark for huge changes in the industry. Bots, machine learning, and algorithms that robotically execute processes are rendering old skills redundant, recasting the idea of work and making a smaller labor force seem likely.


Technology outsourcing has been Indias only reliable job creator in the past 30 years. Now artificial intelligence threatens to wipe out those gains.

20:40

Judge Corcoran Got His User ID/Desk Back (as ILO Asked), But Cannot Perform Actual Work Techrights

A book on a desk

Summary: The latest update regarding Patrick Corcoran, whose 3-year ordeal is far from over in spite of ILOs unambiguous rulings in his favour

THINGS are worse than widely believed. We are a couple of hours away from EPO staff protests and theres no indication that justice will be respected. Well, what we have here is minimal perception of independence and minimal perception of compliance with the ruling.

How can anyone decide to not go to protest today?Corcoran can go into the Haar building, based on a source, but no other building. He has a room, desk, and chair. No phone. No computer. No office equipment. Delegates to Administrative Council have been told anyone in HR who challenges a decision, e.g. at ILO, is disloyal. People with cases at ILO are told by HR that even if they win, EPO will ignore it.

How can anyone decide to not go to protest today?

20:36

BitTorrent Inc. Emerges Victorious Following EU Trademark Dispute TorrentFreak

For anyone familiar with the BitTorrent brand, there can only be one company that springs to mind. BitTorrent Inc., the outfit behind uTorrent that still employs BitTorrent creator Bram Cohen, seems the logical choice, but not everything is straightforward.

Back in June 2003, a company called BitTorrent Marketing GmbH filed an application to register an EU trademark for the term BitTorrent with the European Union Intellectual Property Office (EUIPO). The company hoped to exploit the trademark for a wide range of uses from marketing, advertising, retail, mail order and Internet sales, to film, television and video licensing plus providing of memory space on the internet.

The trademark application was published in Jul 2004 and registered in June 2006. However, in June 2011 BitTorrent Inc. filed an application for its revocation on the grounds that the trademark had not been put to genuine use in the European Union in connection with the services concerned within a continuous period of five years.

A year later, the EUIPO notified BitTorrent Marketing GmbH that it had three months to submit evidence of the trademarks use. After an application from the company, more time was given to present evidence and a deadline was set for November 21, 2011. Things did not go to plan, however.

On the very last day, BitTorrent Marketing GmbH responded to the request by fax, noting that a five-page letter had been sent along with 69 pages of additional evidence. But something went wrong, with the fax machine continually reporting errors. Several days later, the evidence arrived by mail, but that was technically too late.

In September 2013, BitTorrent Inc.s application for the trademark to be revoked was upheld but in November 2013, BitTorrent Marketing GmbH (by now known as Hochmann Marketing GmbH) appealed against the decision to revoke.

Almost two years later in August 2015, an EUIPO appeal held that Hochmann had submitted no relevant proof before the specified deadline that the trademark had been in previous use. On this basis, the evidence could not be taken into account.

[The appeal] therefore concluded that genuine use of the mark at issue had not been proven, and held that the mark must be revoked with effect from 24 June 2011, EUIPO documentation reads.

However, Hochmann Marketing GmbH wasnt about to give up, demanding that the decision be annulled and that EUIPO and BitTorrent Inc. should pay the costs. In response, EUIPO and BitTorrent Inc. demanded the opposite, that Hochmanns action should be dismissed and they should pay the costs instead.

In its decision published yesterday, the EU General Court (Third Chamber) clearly sided with EUIPO and BitTorrent Inc.

The [e...

20:22

Releases free preview of Quantum Development Kit Lifeboat News: The Blog

So you want to learn how to program a quantum computer. Now, theres a toolkit for that.

The Quantum Development Kit, which Microsoft first announced at its Ignite conference in September, is designed for developers who are eager to learn how to program on quantum computers whether or not they are experts in the field of quantum physics.

20:00

Generate Random Numbers The Hard Way Hackaday

Your job is to create a random number generator.

Your device starts with a speaker and a membrane. On this membrane will sit a handful of small, marble-size copper balls. An audio source feeds the speaker and causes the balls to bounce to and fro. If a ball bounces high enough, it will gain the opportunity to travel down one of seven copper tubes. Optical sensors in each of the tubes detect the ball and feed data to an Ardunio Mega. When the ball reaches the end of the tube, a robotic hand will take the ball and put it back on the speaker membrane. The magic happens when we write an algorithm such that the audio output for the speaker is a function of how many balls fall down the pipes.

The above is a rough description of [::vtol::]s art piece: kinetic random number generator. Were pretty sure that there are easier ways to get some non-determinstic bits, but there may be none more fun to watch.

[::vtol::] is a frequent flyer here on Hackaday Airlines. Where else would you showcase your 8-bit Game Boy Photo Gun or your brainwave-activated ferrofluid monster bath? Would it shock you to find out that weve even covered another kinetic random number generator of his?  Fun stuff!


Filed under: Arduino Hacks

19:43

Full Moons Linked to Increased Motorcyclist Deaths SoylentNews

Full moons and particularly "supermoons" have been linked to increased deaths of motorcyclists:

Distracted drivers, like those who text behind the wheel, are a danger to themselves and to others. Even a brief, momentary glance away from the road can result in life-threatening consequences.

Research published Dec. 11 in The BMJ [open, DOI: 10.1136/bmj.j5367] [DX] points toward another potential distraction for motorists: the full moon, gracing the sky with its brightness around 12 times a year, and the dazzling supermoon, which comes into focus around once a year.

The researchers found that on nights illuminated by a full moon, fatal motorcycle accidents increased by 5 percent compared to nights without a full moon. On evenings when the supermoon decorated the sky, this increased to 32 percent. The study included data from the United States, the United Kingdom, Canada and Australia.

While this observational data cannot prove any firm conclusions, the researchers warn drivers of the risks of seemingly minor distractions, urging constant attention while driving at all times.


Original Submission

Read more of this story at SoylentNews.

19:16

Australian airport hack was 'a near miss' says government's cybersecurity expert Graham Cluley

A 31-year-old Vietnamese man has been jailed for a hacking attack that compromised the computer network of Perth International Airport, and reportedly resulted in the theft of building plans and sensitive security protocols.

Read more in my article on the Hot for Security blog.

19:07

Leveraging NFV and SDN for Network Slicing

Network slicing is poised to play a pivotal role in the enablement of 5G. The technology allows operators to run multiple virtual networks on top of a single, physical infrastructure. With 5G commercialization set for 2020, many are wondering to what extend network functions virtualization (NFV) and software-defined networking (SDN) can help move network slicing forward.

Virtualized infrastructure

19:00

Findings From 1960s Study Suggest Sugar Industry Cover Up Terra Forming Terra


Essentially the industry has gotten a pass on sugar for decades.  It is only now with so many researchers in the field that these questions are been retested and those bad results replicated.

In fact a whole string of rackets have been run in the food industry often to dislodge safe well established competitors. Not least is the butter margarine bait and switch. for the past half century.

The science is catching up to all this and unfortunately it is never linked to an aggressive public relations campaign. Thus the actual push back will be slow.  However the increasing power of organic foods will soon reach a tipping point and turn into an avalanche of change.



. 
Findings From 1960s Study Suggest Sugar Industry Cover Up
by Lori Ennis on November 22, 2017
http://www.mothering.com/articles/discoveries-from-1960s-study-suggest-sugar-industry-cover-up/

New information from an old study is coming out, and its exactly what the sugar industry doesnt want you to know about.

We share information from new studies all the time, so its unusual when an old study sheds new light on things. Yet, thats exactly what is happening now with a study from the 1960s that was sponsored by the sugar industry.

The study was never published, and would apparently seem to have disappeared until its resurrection recently. The study suggested a link between a high-sugar diet and cancer and high cholesterol levels, which is not necessarily new news, but shows that the sugar-industry was aware of issues as long as four decades ago.

Stanton Glantz is a professor of medicine at the University of California, and the co-author of a new paper that was published in the PLOS Biology journal recently. He says that the study was canceled, and nothing was ever published on any findings, and its not known whether the primary researcher did try to publish and was blocked, or didnt even bother trying to publish the results at all, as they would not shine the best light on the sugar industry.

According to the papers authors, a group then-called the Sugar Research Foundation might have spun the rese...

19:00

Juniper Moves OpenContrail to the Linux Foundation

Juniper Networks is moving the codebase for its OpenContrail network virtualization platform to the Linux Foundation.

Juniper first released its Contrail products as open source in 2013 and built a community around the project. However, many stakeholders complained that Juniper didnt work very hard to build the community, and some called it faux-pen source.

19:00

Army General Exposes Brutal Truth About What Obama Did For Terrorists Terra Forming Terra




The winning strategy for the military is clear.  Train up local forces to the point that they become highly effective.  Behave as if time does not matter.   That is how the British did it. Afghanistan became the advanced combat school for young officers and soldiers for the British Empire. 

 That meant that no one was terribly inclined to start something anywhere else when anywhere else encompassed  a quarter of the world's surface and perhaps as much of its population..  This is all about establishing your will.

An Empire is sustained through will combined with ample dollops of bullshit.  Loss of will is why it ended.  The American Empire has been slow to learn this and has produced too many fiascos mostly caused by hesitancy.

We now have at least eight years to get it right and Trump is certainly up to it.  The last year has seen the military tighten their grip where needed.  All this encourages our natural allies to up their game...



Army General Exposes Brutal Truth About What Obama Did For Terrorists


...

19:00

Citi's Shocking Admission Terra Forming Terra

 

I am more amazed that they had such an illusion.  What is happening is that the whole world is steadily adjusting to a zero interest monetary situation.  It has never happened before.  If you can borrow all the money you want and pay almost zero interest, you obviously buy hard assets even if they barely earn.  Thus we get the million dollar shack.   


Curiously, in the aftermath of the 2008 silliness the USA lost access to all that cheap money. Housing prices remain low in comparison to Canada.  By that measure the USA has a long way to go in terms of asset appreciation.


The real question is just what does a crash look like in a low interest world?  I do not know.  Lenders have actually lost the incentive to ever sell an asset at a loss when Apache money means they can rotate the asset profitably to another fence post able to accept a loan.. 


Cash flow is also now expanding so demand will easily expand for some time in the USA. 


Citi's Shoc...

19:00

Descoberta brasileira alimenta debate sobre, afinal, quando a Humanidade chegou s Amricas?22 Terra Forming Terra




The translation is not much good, but what is been uncovered is definitive evidence supporting human populations in south america 30,000 yeaers ago. These are likely of african and aboriginal lineage.  this is great news as there has been plenty of other indication and would have long since been accepted except for the erroneous clovis only argument held for years.

Transoceanic travel has always been a problem to overcome but even dug out canoes did populate the Pacific in the tropics.  Add in the forgotten detail that our seal levels were a good hundred meters lower before the Pleistocenr Nonconformity.  This meant that all continental selves were exposed.  Indonesia and the South China Sea were the size of North America.

Many atolls were large islands as well and the equivalent of japan linked south Africa with southern india. In short there was a huge band of land connected from Africa to the south seas.  Still does not make accessing South America easy but certainly   more plausible.

We already have early human stocks along this entire corridor.  Extending to South ameca is a natural step and really only took a flotilla of large dugouts catching the wind in the right direction.  That had to have happened often..

.
Descoberta brasileira alimenta debate sobre, afinal, quando a Humanidade chegou s Amricas?

Evanildo da Silveira - De So Paulo para a BBC Brasil
...

19:00

The Creator of Vsauce Wants Us to Stop Underestimating Peoples Intelligence - Facts So Romantic Nautilus


Michael Stevens videos range from 10 to 30 minutes and blend philosophy, mathematics, and science together: Which way is down? and How to count past infinity are good examples.Vsauce / YouTube Red

What does the science educator of today look like? With the rise of streaming technologies, would-be educators no longer need a network deal to reach an audience. Case in point: Michael Stevens.

Stevens created Vsauce, a YouTube channel originally focusing on games that amassed a large followingover 18 million subscribers and 1.2 billion views after 10 years. Publishing on YouTube gave Stevens the freedom to experiment, so he began to explore his lifelong interest in science, inspired by the science educators of his own childhood, like Mr. Wizard and Beakman.

Today his videos range from 10 to 30 minutes and blend philosophy, mathematics, and science together: Which way is down? and How to count past infinity are good examples. Stevens success spurred the creation of Mind Field, his YouTube Red series that focuses on how we study our psychology. Recently, Stevens has been touring with Mythbuster Adam Savage for Brain Candy Live and preparing for Mind Fields second season, which
Read More

18:59

A banking Trojan targeting the Polish banks was found in Google Play Security Affairs

It has happened again, several banking Trojan samples have been found on Google Play, this time the malicious code targeted a number of Polish banks.

The malware was disguised as seemingly legitimate apps Crypto Monitor, a cryptocurrency price tracking app, and StorySaver, a third-party tool for downloading stories from Instagram.

The malicious code is able to display fake notifications and login forms on the infected device to harvest login credentials used to access legitimate banking applications. The code is also able to intercept SMS messages to bypass two-factor authentication used by the financial institutions.

The same malware was discovered by experts at security firm RiskIQ in November.

According to researchers from ESET, the Crypto Monitor app was uploaded to the Play store on November 25 by the developer walltestudio, while the StorySaver app was uploaded by the developer kirillsamsonov45 on November 29.

Together, the apps had reached between 1000 and 5000 downloads at the time we reported them to Google on December 4. Both apps have since been removed from the store. states the analysis published by ESET.

When the user launches the malicious apps, they compare the apps installed on the infected device against a list of fourteen apps used by Polish banks and once found one of them, the malicious code can display fake login forms imitating those of the targeted legitimate apps.

...
App name Package name
Alior Mobile com.comarch.mobile
BZWBK24 mobile pl.bzwbk.bzwbk24
Getin Mobile com.getingroup.mobilebanking

18:42

About ispace Lifeboat News: The Blog

Ispace is a private lunar robotic exploration company that is developing micro-robotic technology to provide a low-cost and frequent transportation service to and on the Moon, conduct lunar surface exploration to map, process and deliver resources to our customers in cislunar space.

18:30

Language Bugs Infest Downstream Software, Fuzzer Finds

Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use. That's the conclusion of research presented last week at Black Hat Europe by IOActive's Fernando Arnaboldi.

18:21

Adobe Patch Tuesday only addressed a moderate severity regression issue affecting Flash Player Security Affairs

Adobe released the Patch Tuesday, this month it only addressed a moderate severity regression issue affecting Flash Player tracked as CVE-2017-11305.

It was a poor Patch Tuesday this month for Adobe that only addressed a moderate severity regression issue affecting Flash Player tracked as CVE-2017-11305.

The vulnerability was described as a business logic error, that can cause the unintended reset of the global settings preference file.

Adobe has released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a regression that could lead to the unintended reset of the global settings preference file. reads the Adobe Security Bulletin.

Flash Player Patch Tuesday

According to the company, there is no evidence of exploitation in the wild.

In November, Adobe addressed a total of 80 vulnerabilities across 9 products, most of which for Acrobat and Reader, including dozens of RCE issues.

18:03

Devuan ASCII Sprint -- 15-17 Dec. 2017 SoylentNews

[Ed's note: ASCII is the name given to the next release of Devuan]

"Dear D1rs,

there will be a Devuan ASCII sprint on 15-16-17th December 2017 (this coming weekend). The aim is to squash a few outstanding bugs in Devuan ASCII, with the view of preparing a beta release.

Some of the tasks require "hands-on" to the repos and other services, but virtually everybody else can help by testing packages, fixes, upgrade paths, patches, installation material, and so on, so anybody with some time to spare over the next week-end is welcome to join.

A list of currently outstanding bugs relevant for ASCII can be found at:

http://bugs.devuan.org//cgi/pkgreport.cgi?which=tag&data=ascii

If you can provide more info on those bugs, or patches, or anything, be prepared to do so.

There is no fixed schedule so far, but the best way to get in touch and "do things" is probably by hanging around on Friday, Saturday, and Sunday on #devuan-dev. More detailed information will be provided sooner [closer?] to the date.

Come on, let's put ASCII out.

The Dev1Devs "

https://lists.dyne.org/lurker/message/20171211.190051.843303de.en.html


Original Submission

Read more of this story at SoylentNews.

17:00

Its Curtains for Blu Chip Hackaday

In theory, there is no reason you cant automate things all over your house. However unless you live alone you need to consider that most people wont accept your kludgy looking circuits on a breadboard hanging everywhere. Lighting has become easy now that there are a lot of commercial options. However, there are still plenty of things that cry for automation. For [jeevanAnga], the curtains were crying out for remote control.

Since cellphones are ubiquitous, it makes sense to use the phone as a controller and BlueTooth Low Energy (BLE) is perfect for this kind of application. But you cant hang a big ugly mess of wires off the curtain rods. Thats why [jeevanAnga] used a tiny (16.6 x 11.5 mm) BLE board knows as a BluChip.

We didnt verify it, but [jeevanAnga] claims it is the smallest BLE board available, and it is certainly tiny. You can see the result in the video below.

Of course, the BluChip only talks to the phone. A stepper motor does the hard work with the help of a belt, a pulley, and gears. The BluChip also requires a separate programmer and thats not so tiny, but of course, you only need it while you configure the device.

Inside, the BluChip is an ARM processor (Cortex M0 with 256K of flash and 32K of RAM). It works on 1.8 to 3.6 volts and is FCC certified, so you could easily use it in a commercial product. Most of the useful signals are brought out to pins on 0.1 inch centers, which is handy.

You still need a bit of supporting hardware (like a stepper driver) so the challenge is to make the device attractive enough to reside in the living room. The good news is that you can sneak that tiny BLE board almost anywhere.

If you want a primer on BLE, you can read up on the basics. Weve also seen non-BLE boards hacked to work with the protocol.


Filed under: ARM, Cellphone Hacks ...

16:15

Saturn's Rings Have an Effect on the Planet's Atmosphere SoylentNews

Saturn's rings mess with the gas giant's atmosphere

Saturn's mighty rings cast a long shadow on the gas giant and not just in visible light.

Final observations from the Cassini spacecraft show that the rings block the sunlight that charges particles in Saturn's atmosphere. The rings may even be raining charged water particles onto the planet, researchers report online December 11 in Science [DOI: 10.1126/science.aao4134] [DX] and at the fall meeting of the American Geophysical Union.

[...] Jan-Erik Wahlund of the Swedish Institute of Space Physics in Uppsala and Ann Persoon of the University of Iowa in Iowa City and their colleagues examined data from 11 of Cassini's dives through the rings. The researchers found a lower density of charged particles in the regions associated with the ring shadows than elsewhere in the ionosphere. That finding suggests the rings block ultraviolet light, the team concludes.


Original Submission

Read more of this story at SoylentNews.

15:34

Google releases iPhone hacking tool for security researchers TechWorm

Google releases a tool that helps security researchers hack iPhones

For those unaware, Googles Project Zero identifies bugs and exploits in all kinds of software of various companies to make them safer.

According to Beer, the tool released takes advantage of an exploit called tfp0. Beer says the tool was tested on iPhone 6s, iPhone 7 and iPod touch 6G. However, he believes that with some tweaks, the tool should work on all devices.

tfp0 should work for all devices, the PoC local kernel debugger only for those I have to test on (iPhone 7, 6s and iPod Touch 6G) but adding more support should be easy, Beer wrote .

The Google researcher last week teased this release in a tweet that asked the iOS 11 kernel security researchers to keep a research-only device on iOS 11.1.2 or below raising sparks of a fresh exploit of the OS.

If youre interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon, Beer said at the time.

Speaking to Motherboard, Google told that Beers goal is to allow other security researchers to explore and test iOS security layers without the need to develop and find their own exploits. In other words, Google gave other researchers a head start to carry out their own research.

According to Google, their ultimate goal is to help security researchers search and find other potential vulnerabilities and hopefully report them to Apple so that they get fixed and the operating system is made safer.

While it might seem surprising that Google would release a tool to hack a device from a competitor, it actually makes a lot of sense. The iPhone is one of the hardest consumer devices to hack, and researchers who can do that and are able to find bugs in it rarely report the bugs or publish the tools they use because they are so valuable, said Motherboard.

However, the disclosure opens up the possibility for the jailbreaking community to bootstrap an iPhone jailbreak until Apple issues a fix.

Source:...

14:46

Depth of Jupiter's Great Red Spot Studied, and Two New Radiation Zones Found SoylentNews

NASA's Juno Probes the Depths of Jupiter's Great Red Spot

Data collected by NASA's Juno spacecraft during its first pass over Jupiter's Great Red Spot in July 2017 indicate that this iconic feature penetrates well below the clouds. Other revelations from the mission include that Jupiter has two previously uncharted radiation zones. The findings were announced Monday at the annual American Geophysical Union meeting in New Orleans.

"One of the most basic questions about Jupiter's Great Red Spot is: how deep are the roots?" said Scott Bolton, Juno's principal investigator from the Southwest Research Institute in San Antonio. "Juno data indicate that the solar system's most famous storm is almost one-and-a-half Earths wide, and has roots that penetrate about 200 miles (300 kilometers) into the planet's atmosphere."

[...] Juno also has detected a new radiation zone, just above the gas giant's atmosphere, near the equator. The zone includes energetic hydrogen, oxygen and sulfur ions moving at almost light speed. [...] Juno also found signatures of a high-energy heavy ion population within the inner edges of Jupiter's relativistic electron radiation belt -- a region dominated by electrons moving close to the speed of light. The signatures are observed during Juno's high-latitude encounters with the electron belt, in regions never explored by prior spacecraft. The origin and exact species of these particles is not yet understood. Juno's Stellar Reference Unit (SRU-1) star camera detects the signatures of this population as extremely high noise signatures in images collected by the mission's radiation monitoring investigation.


Original Submission

Read more of this story at SoylentNews.

14:00

Connecting Cherry MX Key Switches To LEGO Just Got Easier Hackaday

The Cherry MX Blue keyswitch

Here on Hackaday, we like keyboard hacks. Given how much time we all spend pounding away on them, theyre natural hacks to come up with. If youre pulling the circuitry from an existing keyboard then chances are the keys are pressed either by pushing down on rubber domes (AKA the membrane type), or on mechanical switches. [Jason Allemann] has just made it easier to do keyboard hacks using LEGO by building one for a circuit board with mechanical Cherry MX key switches. That involved designing parts to connect LEGO bricks to the switches.

For those custom parts, he recruited his brother [Roman], whos a mechanical engineer. [Roman] designed keycaps with a Cherry MX stem on one side for snapping onto the key switches, and LEGO studs on the other side for attaching the LEGO bricks. The pieces also have a hole in them for any keys which have LEDs. Of the 100 which [Jason] ordered from Shapeways, around ten were a bit of a loose fit for the LEGO bricks, but only if you were doing extreme button mashing would they come off.

The easy part was the keyboard circuit board itself, which he simply removed from an old Cooler Master Quick Fire Rapid keyboard and inserted into his own LEGO keyboard base.

...

13:45

13:43

Artificially intelligent robots could soon gain consciousness Lifeboat News: The Blog

From babysitting children to beating the world champion at Go, robots are slowly but surely developing more and more advanced capabilities.

And many scientists, including Professor Stephen Hawking, suggest it may only be a matter of time before machines gain consciousness.

In a new article for The Conversation, Professor Subhash Kak, Regents Professor of Electrical and Computer Engineering at Oklahoma State University explains the possible consequences if artificial intelligence gains consciousness.

13:42

AI is now so complex its creators cant trust why it makes decisions Lifeboat News: The Blog

Artificial intelligence is seeping into every nook and cranny of modern life. AI might tag your friends in photos on Facebook or choose what you see on Instagram, but materials scientists and NASA researchers are also beginning to use the technology for scientific discovery and space exploration.

But theres a core problem with this technology, whether its being used in social media or for the Mars rover: The programmers that built it dont know why AI makes one decision over another.

Modern artificial intelligence is still new. Big tech companies have only ramped up investment and research in the last five years, after a decades-old theory was shown to finally work in 2012. Inspired by the human brain, an artificial neural network relied on layers of thousands to millions of tiny connections between neurons or little clusters of mathematic computation, like the connections of neurons in the brain. But that software architecture came with a trade-off: Since the changes throughout those millions of connections were so complex and minute, researchers arent able to exactly determine what is happening. They just get an output that works.

13:42

Former Facebook executive says the site is ripping apart society Lifeboat News: The Blog

A former Facebook executive has spoken out against the social network he helped to create, saying it is ripping society apart.

The comments were made by Chamath Palihapitiya, who joined Facebook in 2007 and became its vice president for user growth.

13:13

Scientists Urge Endangered Species Classification for Cheetahs SoylentNews

Scientists Urge Endangered Listing for Cheetahs

A comprehensive assessment of cheetah populations in southern Africa supported by the National Geographic Society reveals the dire state of one of the planet's most iconic big cats. In a study published today in the open-access journal PeerJ, researchers present evidence that low cheetah population estimates in southern Africa and population decline support a call to list the cheetah as "Endangered" on the International Union for Conservation of Nature (IUCN) Red List.

With partial support from the National Geographic Society's Big Cats Initiative, an international team of 17 researchers, led by Florian Weise of the Claws Conservancy and Varsha Vijay of Duke University, analyzed more than two million collared cheetah observations from a long-term study by the Leibniz Institute for Zoo and Wildlife Research and another 20,000 cheetah observations from the research community and the general public. Their findings show that free-ranging cheetahs were present across approximately 789,700 square kilometers in Namibia, Botswana, South Africa and Zimbabwe between 2010 and 2016.

[...] The study estimates only 3,577 adult cheetahs exist in this extensive area, which is larger than France, and a majority (55 percent) of individuals are found within only two habitats. This estimate is 19 percent lower than the IUCN's current assessment, supporting the call for the uplisting of cheetahs from "Vulnerable" to "Endangered."

The distribution and numbers of cheetah (Acinonyx jubatus) in southern Africa (open, DOI: 10.7717/peerj.4096) (DX)


Original Submission

Read more of this story at SoylentNews.

12:17

NEW 'Off The Wall' ONLINE 2600 - 2600: The Hacker Quarterly

NEW 'Off The Wall' ONLINE

Posted 13 Dec, 2017 1:17:20 UTC

The new edition of Off The Wall from 12/12/2017 has been archived and is now available online.

11:47

The End of Software Patents and PTABs Role in Enforcing That End Techrights

Its finally finished

It's finished

Summary: Software patents are fast becoming a dying breed and the appeal board (PTAB) of the USPTO accelerates this trend, irrespective of patent immunity attempts

A FEW hours ago Patently-O carried on with its Alice-bashing cartoons, showing the sites overt support for software patents and growing fear of Alice. It will soon be 4 years since that decision, which earlier today was recalled within this article about apps. Notice the Alice part:

Utility patents protect inventions for a term of twenty years from filing. The good news is that apps are treated no differently than other types of software inventions, and can thus be protected by utility patents. The bad news, however, is that apps are treated no differently than other types of software, and are thus subject to the same undefined and poorly understood abstract idea exception to patentability created by the Supreme Court in Alice Corporation Pty. Ltd. v. CLS Bank International. Since the 2014 Alice decision, many software patents were invalidated, and many patent applications were rejected, for being directed to abstract ideas. But not all software inventions are abstract ideas, and applications on software continue to be allowed, and patents on software continue to be sustained.

The more time goes on, the stronger Alice will become. It has not been effectively challenged by anything. Earlier today FatPipe again showed off its patents for software-defined networks, perhaps not realising how silly those patents look in light of Alice.

4 years ago we could only dream that software patents would be invalidated at this scale and efficiency.Also revealed earlier today was this PTAB decision citing Ali...

11:40

Google Launches Three Photo/Videography "Appsperiments" SoylentNews

Google has released three experimental apps developed by its researchers:

Each of the world's approximately two billion smartphone owners is carrying a camera capable of capturing photos and video of a tonal richness and quality unimaginable even five years ago. Until recently, those cameras behaved mostly as optical sensors, capturing light and operating on the resulting image's pixels. The next generation of cameras, however, will have the capability to blend hardware and computer vision algorithms that operate as well on an image's semantic content, enabling radically new creative mobile photo and video applications.

Today, we're launching the first installment of a series of photography appsperiments: usable and useful mobile photography experiences built on experimental technology. Our "appsperimental" approach was inspired in part by Motion Stills, an app developed by researchers at Google that converts short videos into cinemagraphs and time lapses using experimental stabilization and rendering technologies. Our appsperiments replicate this approach by building on other technologies in development at Google. They rely on object recognition, person segmentation, stylization algorithms, efficient image encoding and decoding technologies, and perhaps most importantly, fun!

Storyboard turns video into comic book style panels, Selfissimo! allows you to take selfie "photoshoots", and Scrubbies allows you to create video loops.

Also at The Verge.


Original Submission

Read more of this story at SoylentNews.

11:22

[$] Process tagging with ptags LWN.net

For various reasons related to accounting and security, there is recurring interest in having the kernel identify the container that holds any given process. Attempts to implement that functionality tend to run into the same roadblock, though: the kernel has no concept of what a "container" is, and there is seemingly little desire to change that state of affairs. A solution to this problem may exist in the form of a neglected patch called "ptags", which enables the attachment of arbitrary tags to processes.

11:16

No, China Isnt Most Innovative, Its Just Granting a Lot of Low-Quality Patents Techrights

Strategic move from Xi, even if a short-sighted and misguided one (attracts trolls)

China's trolls
From sewed in China to sued in China

Summary: Patent extremists are trying to make China look like a role model or a success story because China grants far too many patents, spurring an explosion in litigation

Patents and innovation are not the same thing. Everybody knows that, especially patent examiners (not officials). At IAM, the patent trolls lobby, facts dont matter. Earlier today it published the headline US innovation rates could quadruple if women, low-earners and minorities effectively targeted, research finds (a questionable headline in its own right). So I opened the source paper and the said study does not correspond/agree with IAMs claims. They should know that patents and innovation are not the same thing and hypothetical assertions arent facts (and the paper mentions patents, which correlate/relate to wealth, not innovation). But leaving that aside for a moment (its a new IAM writer, they lost a lot of staff lately), lets consider the other blog post IAM published today. Composed by a more senior writer who advocates patent chaos in China, the post admits that patent infringement cases in China are skyrocketing, including many from patent trolls (like those IAM cheers for).

Is this actually a good thing? Self harm, destruction, legal battles and tax in the form of legal bills come to mind. Its like the United States a decade ago. Before it sobered up and regained some sanity.

Self harm, destruction, legal battles and tax in the form of legal bills come to mind.Looking at Watchtroll, another patent extremist, earlier today it published a post titled...

11:00

Car Lights for Reflow Heat Source Hackaday

If you only have a car and you need to unsolder some tricky surface mount components: what would you do? If youre Kasyan TV, youd remove your cars halogen lights and get to town. Thats right: car lights for reflow.

When the friend of the host of Kasyan TV needed to remove some roasted toasted FETs from his motherboard but didnt have anything for reflowing, she took some headlights and used them as an infrared source to desolder the FETs. Powered by a lab supply (although car batteries work too), the process works with 60 and 100-watt bulbs.

Now, reflowing with halogen bulbs isnt new, and weve seen it done with the run of the mill 100-watt bulbs and a halogen floodlight. However, what we really like about using car lights is that theyre available everywhere and we already own some that we could (temporarily) repurpose. Now, dont get us wrong if youre going to be reflowing more than just a little, there are plenty of alternative methods that dont involve staring at rather bright lights for extended periods of time.

People round these parts cant seem to get enough of reflow: from open source reflow oven controllers to reflowing with a hair straightener weve seen quite a bit. If youre new to the reflow arena, weve got zero to hero: reflow style just for you. And if DIY at home reflow isnt intense enough for you, weve got next level reflowing as well.

The full video is after the break, complete with Kasyan TVs sponsored segment in the middle..


Filed under: hardware, how-to ...

10:36

Battistelli-Campinos Transition Will Be a Smooth One as the Administrative Council Remains the Same and the Boards Still Besieged Techrights

The loyal 'chinchilla' changed nationality from Danish to German and the President remains French. Maybe Campinos can inherit that infamous pair of presidential bicycles to ride in his massive pub. If he gets drunk and crashes, he can always bring up immunity! [1, 2]

A sign with bicycles

Summary: A rather pessimistic (albeit likely realistic) expectation from tomorrows meeting of the Administrative Council, which continues to show that no lessons were learned and no strategy will be altered to avoid doom (low-quality patents and stocks running out)

TOMORROW will be an interesting day at the EPO perhaps the culmination of many scandals and Battistelli getting reprimanded (if thats not far too optimistic). Nobody expects Battistelli to get fired and perhaps he feels safe knowing that his imminent departure makes him immune to anything even within the Council. Earlier today it was the Campinos-led EU-IPO helping the EPO distract from scandals. EU-IPO said that the EPOs new #patent study confirms growth in Fourth Industrial Revolution technologies

We are still trying to determine whats going on with the media because based on a comment we received a few hours ago, Battistelli had time to prepare his damage control. He knew the outcome in advance or at least intended to disregard the ruling from ILO. This is disturbing (if true).

Something just isnt right. With the media that is

The Boards of Appeal scandals only serve to reinforce and vindicate the complainant for it clearly demonstrates utter dysfuncti...

10:34

SEC head warns investors about cryptocurrency The Hill: Technology Policy

The head of the Securities and Exchange Commission (SEC) is cautioning investors about putting money into cryptocurrencies in one of the SEC's strongest statements to date on the matter.SEC Chairman Jay Clayton warned investors to be wary of...

10:07

VESA Announces DisplayHDR Specification SoylentNews

The core of the DisplayHDR standard is a performance test suite specification and associated performance tiers. The three tiers have performance criteria related to HDR attributes such as luminance, color gamut, bit depth, and rise time, corresponding to new trademarked DisplayHDR logos. Initially aiming at LCD laptop displays and PC desktop monitors, DisplayHDR permits self-certification by VESA members, as well as end-user testing, for which VESA is also developing a publicly available automated test tool.

[...] In terms of the first two luminance tests, the minimum 400, 600, and 1000 nit (cd/m2) requirements give the respective DisplayHDR tiers their namesake. At the base level is DisplayHDR-400, which for AnandTech-level enthusiasts is likely to come off as a bit disappointing/unaggressive. To the credit of the VESA, the standard tightens things up over budget LCD monitors and laptops; in particular it requires much higher luminance levels and true 8bpc color support (6+2 is explicitly disallowed). This is coupled with the previously mandatory support for HDR10, and black-to-white response time requirements. However it does not require any "advanced" features,such as the DCI-P3 color space instead allowing 95% of sRGB and both the max and min brightness requirements are still quite tame for HDR. Based on the VESA's guidance, it sounds like this is primarily aimed at laptops, where displays are historically power-limited and anything better than global dimming is unlikely to be used.

Moving things up a notch are DisplayHDR-600 and 1000. These two standards are quite similar outside of their maximum luminance, and both are much closer to the requirements many would expect for an HDR specification. In particular, these two tiers require 10-bit color (8-bit native + 2-bit dithering permitted), much lower minimum black levels, as well as having color gamut coverage a minimum of 99% Rec. 709 and 90% DCI-P3. Gamut-wise, VESA mentioned that minimum coverage was essentially tolerance metrics by another name. Of particular note here, while the VESA does not require local dimming for any of the DisplayHDR standards, they note that they don...

09:36

Its time to patch your Microsoft and Adobe software again against vulnerabilities Graham Cluley

Its the second Tuesday of the month, and you know what that means Yep, its time for another bundle of essential security updates from Microsoft.

Read more in my article on the We Live Security blog.

09:34

Overnight Tech: Dems make last stand for net neutrality | Lawmakers unveil bill to boost AI technology | Trump signs law forcing drone users to register | SEC warns investors on cryptocurrencies The Hill: Technology Policy

DEMS MAKE LAST-MINUTE APPEAL ON NET NEUTRALITY: Democrats are trying to pressure the Federal Communications Commission (FCC) at the eleventh hour to call off its planned vote to scrap its net neutrality regulations.The vote is planned for...

09:30

'Skywalker' Prosthetic Hand Uses Ultrasound for Finger-Level Control IEEE Spectrum Recent Content full text

With an ultrasound sensor, this new type of prosthetic hand allows precision control over each finger Photo: Georgia Tech

Robotic hands just keep getting better and better. They're strong, fast, nimble, and they've got sensors all over the place. Capable as the hardware is, robotic hands have the same sort of problem as every other robot: it's very tricky to make them do exactly what you want them to do. This is especially relevant for robot hands that are intended to be a replacement for human hands. Operating them effectively becomes the biggest constraint for the user.

Generally, robotic prosthetic hands are controlled in a way that one would never call easy or intuitive. Some of them sense small muscle movements in the upper arm, shoulders, chest, for example. Some of them use toe switches. In either case, it's not like the user can think about wiggling one of their robotic fingers and have that robotic finger wiggle; it requires the challenging step of translating the movement of one muscle into the movement of another. With practice, it works, but it also makes fine motor control more difficult.

At Georgia Tech, Gil Weinberg, Minoru Shinohara, and Mason Bretan have developed a completely new way of controlling prosthetic limbs. Using ultrasound and deep learning, they've been able to make detailed maps of small muscle movements in the forearm. This has enabled intuitive, finger-level control of a robotic hand. It's so much better than any other control system that the researchers are already calling it Luke Skywalkers bionic hand.

Jason, a participant in the prosthetic experiment, lost part of his arm. But he still has the forearm muscles that used to be attached to fingers. They're not attached anymore, but those muscles are still attached to his brain. When his brain wants to move the fingers that he doesn't have, it sends messages that cause his forearm muscles to actuate in specific patterns. These patterns are too complex to discern with electromyogram (EMG) sensors except in the most superficial way. But with ultrasound, it's possible to make a much more detailed and dynamic map. Throw some deep learning in there (like everybody is doing with everything nowadays), and you can correlate the ultrasound patterns with specific movements of specific fingers with much higher fidelity than ever before.

For more details, we spoke with professor Gil Weinberg, who directs Georgia Techs Center for Music T...

09:27

[$] Federation in social networks LWN.net

Social networking is often approached by the free-software community with a certain amount of suspicionrightly so, since commercial social networks almost always generate revenue by exploiting user data in one way or another. While attempts at a free-software approach to social networking have so far not met widespread success, the new ActivityPub federation protocol and its implementation in the free-software microblogging system Mastodon are gaining popularity and already show some of the advantages of a community-driven approach.

09:02

Poll: 83 percent of voters support keeping FCC's net neutrality rules The Hill: Technology Policy

More than 80 percent of voters oppose the Federal Communications Commissions (FCC) plan to repeal its net neutrality rules, according to a new poll from the University of Marylands Program for Public Consultation.The survey presented respondents...

09:00

$17 Billion Modernization Plan for Puerto Rico's Grid Is Released IEEE Spectrum Recent Content full text

The plan adds details and cost estimate to what was outlined earlier to Energywise by a senior official who oversaw the report's development. Photo: New York Power Authority

A $17.6 billion plan to rebuild and modernize Puerto Ricos electric power system was released on 11 December.

Prepared by more than a dozen entities, including the islands electric power authority (PREPA), the 63-page plan calls for a decade-long series of projects and operational improvements. The plan is aimed at building an electric power system capable of surviving an upper Category 4 event (250-kilometer-per-hour winds) and heavy flood waters.

The plan calls for a grid that can withstand 155 mph winds and heavy flooding.

Hurricane Maria largely destroyed the islands electric infrastructure in September. Work continues to restore electric power service knocked out by high winds and flooding.

Key elements of the plan were earlier shared with the Energywise blog in an interview with New York Power Authority President and CEO Gil Quiniones. He was one of seven industry leaders who made up a steering committee to oversee the plans creation.

In broad terms, the plan is modeled on work under way on Long Island, New York, in response to the destruction caused by Hurricane Sandy, Quiniones told IEEE Spectrum. Sandy hit Long Island and the Northeast in 2012, causing widespread damage to the grid.

From Microgrids to Tree Trimming

Among the projects included in the newly released Puerto Rico recovery and enhancement plan are:

1. Reinforcing existing direct-embedded poles with perimeter-injected concrete grout or other soil stabilization

2. Upgrading damaged poles and structures to a higher wind loading standard

3. Strengthening poles with guy wires

4. Installing underground power lines in areas prone to high wind damage

5. Modernizing the T&D system through smart grid investments to make the system less prone to extended outages

6. Installing automated distribution feeder fault sectionalizing switches to enable fault isolation and reduce outage impact

7. Deploying control systems to enable distributed energy resource integration and encourage their development

8. Adopting asset management strategies, such as the targeted inventory of critical spares

9. Instituting consistent vegetation management practices that take into consideration the islands tropical conditions

10. Applyi...

08:56

Fedora 25 End Of Life LWN.net

Fedora 25 has reached its end of life. There will be no more updates. Users are advised to upgrade.

08:40

Senate Dem warns of lack of diversity in AI engineering The Hill: Technology Policy

Sen. Brian Schatz (Hawaii), the top-ranking Democrat on the Internet subcommittee, targeted technology firms lack of diversity and the harms it could pose to minorities during a hearing about artificial intelligence on Tuesday. The Hawaii...

08:34

President Trump Signs Space Policy Directive 1 SoylentNews

No more sending humans to an asteroid. We're going back to the Moon:

The policy calls for the NASA administrator to "lead an innovative and sustainable program of exploration with commercial and international partners to enable human expansion across the solar system and to bring back to Earth new knowledge and opportunities." The effort will more effectively organize government, private industry, and international efforts toward returning humans on the Moon, and will lay the foundation that will eventually enable human exploration of Mars.

"The directive I am signing today will refocus America's space program on human exploration and discovery," said President Trump. "It marks a first step in returning American astronauts to the Moon for the first time since 1972, for long-term exploration and use. This time, we will not only plant our flag and leave our footprints -- we will establish a foundation for an eventual mission to Mars, and perhaps someday, to many worlds beyond."

The policy grew from a unanimous recommendation by the new National Space Council, chaired by Vice President Mike Pence, after its first meeting Oct. 5. In addition to the direction to plan for human return to the Moon, the policy also ends NASA's existing effort to send humans to an asteroid. The president revived the National Space Council in July to advise and help implement his space policy with exploration as a national priority.

President's remarks and White House release.

Presidential Memorandum on Reinvigorating America's Human Space Exploration Program

Also at Reuters and New Scientist.

Previously: Should We Skip Mars for Now and Go to the Moon Again?
How to Get Back to the Moon in 4 Years, Permanently
...

08:26

US man is behind the 2015 Hacking Team hack? Help Net Security

Whos behind the 2015 Hacking Team hack? According to a notice received by Guido Landi, one of the former Hacking Team employees that was under investigation for the hack, a 30-year old Nashville, Tennesee resident might have had something to do with it. Landi received the notice from Italian prosecutor Alessandro Gobbis, which says he has asked the judge to terminate the investigation. The document (obtained by Motherboard) also names one Jon Fariborz Davachi as More

08:22

I interviewed in my home last night for French Public TV, part of a story covering this new documentary Genius Factory and the field of modern day #eugenics / #designerbabies, which came out recently on the Documentary Channel Lifeboat News: The Blog

Im interviewed in the documentary (which I appear in but havent seen yet). Naturally, I support creating super people with science & technology (a main goal of #transhumanism), just not using unethical or exclusionary methods to do so. http://www.wavelength-entertainment.com/genius-factory/ #GeniusFactory

08:20

Free software needs net neutrality! This is our LAST CHANCE to save it FSF blogs

We have two more days to do everything we can to make our voices heard on this monumental issue. Below we have a sample script for calling the United States Congress, ideas for social media posts, and a bit about why free software needs net neutrality. If you want to read even more about why the Free Software Foundation (FSF) loves net neutrality, you can view this post on our blog.

A photo of a protest, with people wearing scarves and hats and signs, including a banner that says

Net Neutrality protest at the Boylston Verizon Store in Boston, MA on December 7th, 2017. Photo by Ruben Rodriguez. Creative Commons Attribution-ShareAlike 4.0

Call, call, call

If you are in the US, call Congress today. Nervous? Try using the following script:

Hello, I live in CITY/STATE. I am calling to urge you to support net neutrality and stop the FCC from removing common carrier status from Internet Service Providers like Comcast and Verizon. This is the only thing we have protecting a free Internet, which everyone needs. Thank you for your time.

Don't know who to call?

  • You can find your Representative and call them.

  • Dial the House of Representatives at (202) 224-3121 and they will connect you.

  • Call your Senator directly. Find their number here.

  • Dial the Senate at (202) 224-3121 and they will connect you.

(Note: The number for the House and the Senate is a switchboard that will direct your call.)

Post and share

No matter where you live, if you use social media, you can join others in making as much noise as you can in support of net neutrality. Share your favorite articles, change your profile photos, tell people you care about a free Web, and that, today, net neutrality is the way to maintain a free Web in the United States.

Need a sample message?

  • I support #netneutrality and #freesoftware!

  • #Freesoftware needs #netneutrality

  • I need #netneutrality because I need a free Web

You can also share...

08:00

Old TV Lends Case to Retro Magic Mirror Hackaday

Remember the days when the television was the most important appliance in the house? On at dawn for the morning news and weather, and off when Johnny Carson said goodnight, it was the indispensable portal to the larger world. Broadcast TV may have relinquished its hold on the public mind in favor of smartphones, but an information portal built into an old TV might take you back to the old days.

It seems like [MisterM] has a little bit of a thing for the retro look. Witness the wallpaper in the video after the break for proof, as well as his Google-ized Radio Shack intercom project from a few months back. His current project should fit right in, based on an 8 black-and-white TV from the 70s as it is. TVs were bulky back then to allow for the long neck of the CRT, so he decided to lop off the majority of the case and use just the bezel for his build. An 8 Pimoroni display sits where the old tube once lived, and replicates the original 4:3 aspect ratio. With Chromium set up in kiosk mode, the family can quickly select from a variety of news and information channels using the original tuning knob, while parts from a salvaged mouse turns the volume control into a scroll wheel.

Its a nice twist on the magic mirror concept, and a little different from the other retro-TV projects weve seen, like a retro gaming console or an old-time case for a smart TV.


Filed under: classic hacks, Raspberry Pi

07:57

Patch Tuesday, December 2017 Edition Krebs on Security

The final Patch Tuesday of the year is upon us, with Adobe and Microsoft each issuing security updates for their software once again. Redmond fixed problems with various flavors of WindowsMicrosoft Edge, Office, Exchange and its Malware Protection Engine. And of course Adobes got another security update available for its Flash Player software.

The December patch batch addresses more than 30 vulnerabilities in Windows and related software. As per usual, a huge chunk of the updates from Microsoft tackle security problems with the Web browsers built into Windows.

Also in the batch today is an out-of-band update that Microsoft first issued last week to fix a critical issue in its Malware Protection Engine, the component that drives the Windows Defender/Microsoft Security Essentials embedded in most modern versions of Windows, as well as Microsoft Endpoint Protection, and the Windows Intune Endpoint Protection anti-malware system.

Microsoft was reportedly made aware of the malware protection engine bug by the U.K.s National Cyber Security Centre (NCSC), a division of the Government Communications Headquarters the United Kingdoms main intelligence and security agency. As spooky as that sounds, Microsoft said it is not aware of active attacks exploiting this flaw.

The Microsoft updates released today are available in one big batch from Windows Update, or automagically via Automatic Updates. If you dont have Automatic Updates enabled, please visit Windows Update sometime soon (click the Start/Windows button, then type Windows Update).

...

07:01

Lyft Courts Drivers With Discount Education Program SoylentNews

Lyft will offer its drivers access to tuition discounts and financial aid, starting with online courses offered by Guild Education:

Lyft is unveiling a new education program for drivers, offering access to discounted GED and college courses online. The move is an interesting experiment in the gig economy, where a growing class of workers receive zero benefits from a boss and yet competition for their time is fierce.

[...] Lyft drivers will receive tuition discounts ranging from 5 percent to 20 percent and, according to the company, the average driver working with Guild to earn a degree can save up to $4,220 per year. Drivers can take English as a second language and GED courses, as well as earn an associates, bachelor's or master's degree online in subjects including IT, nursing, social work, occupational therapy and business.

Lyft would not disclose how much the program will cost the company. According to a Lyft survey of drivers to be published next month, 47 percent do not have a college degree. Gabe Cohen, general manager for Lyft in Denver, says internal surveys show that drivers want to earn degrees. This move serves that goal, as well as the startup's business interests. "It is important that drivers feel loyalty to Lyft," Cohen says.

[...] David Weil, dean at Brandeis University's Heller School of Social Policy and Management, is not impressed. Weil, who was in charge of investigating companies that misclassify workers under the Obama administration, describes the move by Lyft as strategic, but not generous. Lyft and Uber are fighting in courts against claims that drivers are employees entitled to benefits like paid sick leave and health care. "The ride-hailing companies can't erase the fact that their business models are having drivers do all sorts of things an employee would do," Weil says. To offer training is "really nice" but it doesn't mean Lyft should "be rewarded by having the other responsibilities removed," he says.

From Lyft's blog post:

Dallas driver Muhammed Chan learned by speaking with passengers from all walks of life that "there is serious demand for cyber security experts in my city." As part of our pilot program earlier this year, Muhammed received support to access financial aid and scholarships through Guild, and began a cybersecurity program earlier this month.


Original Submission

Read more of this story...

06:33

Sophisticated MoneyTaker group stole millions from Russian & US banks HackRead

By Waqas

The IT security researchers at Moscow based cybercrime prevention firm

This is a post from HackRead.com Read the original post: Sophisticated MoneyTaker group stole millions from Russian & US banks

06:30

AMDGPU-PRO 17.50 vs. RADV/RadeonSI Radeon Linux Gaming Performance Phoronix

With today's AMDGPU-PRO 17.50 Linux driver release alongside the Radeon Software Adrenalin Driver for Windows users, it's significant in a few ways. First and foremost, AMD has stuck to their word of the past two years and is now able to open-source their official Vulkan Linux driver. When it comes to AMDGPU-PRO 17.50 itself you are now able to mix-and-match driver components to choose what pieces you want of AMD's somewhat complicated driver make-up. Additionally, their OpenGL/Vulkan drivers in 17.50 have some new feature capabilities. So with that said here's a fresh look at how the AMDGPU-PRO 17.50 professional driver performance compares to the latest open-source RadeonSI OpenGL and RADV Vulkan drivers.

06:24

Lawmakers introduce bipartisan AI legislation The Hill: Technology Policy

Lawmakers unveiled bipartisan legislation in both the House and Senate on Tuesday aimed at bolstering the development of artificial intelligence (AI).The Fundamentally Understanding the Usability and Realistic Evolution of Artificial Intelligence...

06:10

ROBOT Attack: 19-Year-Old Bleichenbacher Attack On Encrypted Web Reintroduced The Hacker News

A 19-year-old vulnerability has been re-discovered in the RSA implementation from at least 8 different vendorsincluding F5, Citrix, and Ciscothat can give man-in-the-middle attackers access to encrypted messages. Dubbed ROBOT (Return of Bleichenbacher's Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on

05:50

Twitter rolling out 'tweetstorms' as feature The Hill: Technology Policy

Twitter announced Tuesday that it is rolling out a new feature on its platforms allowing users to more easily post several messages at a time, also known as "tweetstorms."The move follows a November test of the feature, which lets users to compose...

05:39

Dems make last-minute appeal to stop net neutrality vote The Hill: Technology Policy

Democrats are trying to pressure the Federal Communications Commission (FCC) at the eleventh hour to call off its planned vote to scrap its net neutrality regulations.The vote is planned for Thursday and the repeal proposal is expected to pass along...

05:27

Apple Executive Details Self-Driving Car Research SoylentNews

Apple Executive Reveals More of Its Self-Driving Technology

Apple received a permit from the California DMV to test self-driving vehicles in April, and CEO Tim Cook confirmed his interest in such technology in June.

The scale and scope of any car project at Apple remains unclear. [Ruslan] Salakhutdinov didn't say how the projects he discussed Friday fit into any wider effort in automated driving, and a company spokesman declined to elaborate.

Salakhutdinov showed data from one project previously disclosed in a research paper posted online last month. It trained software to identify pedestrians and cyclists using 3-D scanners called lidars used on most autonomous vehicles.

Other projects Salakhutdinov discussed don't appear to have been previously disclosed. One created software that identifies cars, pedestrians, and the driveable parts of the road in images from a camera or multiple cameras mounted on a vehicle.

Salakhutdinov showed images demonstrating how the system performed well even when raindrops spattered the lens, and could infer the position of pedestrians on the sidewalk when they were partially screened by parked cars. He cited that last result as an example of recent improvements in machine learning for some tasks. "If you asked me five years ago, I would be very skeptical of saying 'Yes you could do that,'" he said.

Another project Salakhutdinov discussed involved giving software moving through the world a kind of sense of direction, a technique called SLAM, for simultaneous localization and mapping. SLAM is used on robots and autonomous vehicles, and also has applications in map building and augmented reality. A fourth project used data collected by sensor-laden cars to generate rich 3-D maps with features like traffic lights and road markings. Most prototype autonomous vehicles need detailed digital maps in order to operate. Salakhutdinov also mentioned work on making decisions in dynamic situations, a topic illustrated on his slides with a diagram of a car plotting a path around a pedestrian.

Also at The Verge.

Previously: Apple's Tim Cook Confirms Self-Driving Car Plans


Original Submission

Read more of this story at SoylentNews.

05:01

Links 12/12/2017: New BlackArch ISO and Stable Kernels Techrights

GNOME bluefish

Contents

GNU/Linux

  • Dedoimedo interviews: Tuxmachines

    Dedoimedo prowls the many corners of the Web, searching for textogenic faces for a fresh new interview. Truth to be told, finding the candidate for todays slot wasnt too difficult. Roy Schestowitz is a familiar name round the Tux block. Nowadays, you will most likely find him on tuxmachines.org, a community-driven news site.

    News aggregation can be tricky; finding the right balance of quality content isnt easy, but even with the relatively recent change of ownership, tuxmachines marches on with solid consistency, ardently trying to offer its readers the best the open-source world has to report. I have always been a great fan and supporter, and I approached Roy for an interview. He agreed.

  • Desktop

    • System76 Enables HiDPI Support on All of Their Linux Laptops and Desktops

      We reported last week on the upcoming support for HiDPI displays coming to System76s for its Ubuntu-based Pop!_OS Linux distro, and it didnt take long for them to release the new daemon that would enable HiDPI support on all of its laptops and desktops where Ubuntu or Pop!_OS Linux is installed.

      HiDPI support was becoming an urgent necessity for System76 as more and more customers started asking for assistance in setting up their displays. And while the Wayland display server isnt yet mature enough to be adopted by all GPU vendors and completely replace X.Org, there was a need for a compromise.

  • Server

04:57

There was error copying file to media... error splicing file. Linux World

While copying a large file into a pen drive or any other external storage system if you get the error



As shown in the image below.



The error is because FAT filesystem does not seem to support copying files which are too large. So to work around this problem you will have to make the pen drive into a NTFS file system. Which can be done easily using the command mkfs.ntfs

Connect the pendrive and find out the partition number using the command





From the list of partitions, note the partition number of the pen drive that has to be converted to NTFS. Be very careful cause of you use the wrong partition you will loose all the data in it. Let us assume the partition is /dev/sdb1

unmount the partition using umount



Now to convert it to ntfs



Creating NTFS partition might take some time depending on the size of the disk. Once the formatting is done, any file size can be copied into it.

04:53

Apple Is Purposefully Throttling Older iPhones With Degraded Batteries TechWorm

Degraded Batteries Controversy: Is Apple Intentionally Slowing Down Older iPhones?

A Reddit thread over the weekend highlighted some interesting theories as to why some iPhone 6 or iPhone 6s family devices are witnessing slower processing speeds running iOS 11, which led to speculation that Apple is intentionally slowing down older phones to retain a full days charge even if the battery has reached the end of its operational life.

According to TeckFire, the author of the original Reddit post, said that his iPhone 6s felt very slow even after updating the software to iOS 11 multiple times. He then decided to perform a Geekbench test after using brothers iPhone 6 Plus that ran much quicker than his. TeckFire went on to replace the battery on his older iPhone 6s.

I did a Geekbench score, and found I was getting 1466 Single and 2512 Multi. This did not change whether I had low power mode on or off, TeckFire wrote. After changing my battery, I did another test to check if it was just a placebo. Nope. 2526 Single and 4456 Multi. TeckFires battery had a wear level of around 20%.

From what I can tell, Apple slows down phones when their battery gets too low, so you can still have a full days charge. This also means your phone might be very slow for no discernible reason, he added.

Last year, a growing number of iPhone 6s users reported that their device was suffering from unexpected shutdowns. At that time, Apple launched a repair program for affected iPhone 6s owners offering free battery replacements to owners of devices. The company had cited the issue affecting a very small number of iPhone 6s devices.

However, around two months later, Apple released iOS 10.2.1 and said that since more users were affected than it initially thought, the fix was released in the form of a software update. The company said the update had decreased the unexpected shutdowns by 80 percent on iPhone 6s devices and by 70 percent on iPhone 6 devices. At the time, there were speculations that the update made adjustments to the power management system in iOS.

Although, it now seems that the company started underclocking the CPU in iOS 10.2.1, if a battery in poor condition was detected.

The increased power draw of the A8 and A9 chips will make your phone shut down when you dont have enough voltage, says TeckFire. This gets around it, by lowering the clock speed, so you dont have to replace your battery, and can continue using your phone. I just wish Apple would tell us about this.

TechFire says the iPhone 5s isnt affected by this issue. Further, iPhone 7 and newer models arent affected either, as they have low power cores that handle almost everything.

While the Reddit thread hypothe...

04:06

NVIDIA Pushes Out CUDA 9.1 With Compiler Optimizations, Volta Enhancements & More Phoronix

AMD isn't the only one busy with GPU software updates today but NVIDIA has issued CUDA 9.1 as their first feature update to the CUDA 9 compute platform...

04:02

Astronomers to check interstellar body for signs of alien technology Lifeboat News: The Blog

Have we just been buzzed by ET?


Green Bank telescope in West Virginia will listen for radio signals from Oumuamua, an object from another solar system.

03:54

Tasmanian Tigers Were in Poor Genetic Health Prior to Extinction SoylentNews

Tasmanian tigers were suffering from poor genetic diversity prior to being hunted to extinction by humans:

Australian scientists sequenced the genome of the native marsupial, also known as the thylacine. It showed the species, alive until 1936, would have struggled to survive even without human contact. The research also provides further insights into the marsupial's unique appearance.

"Even if we hadn't hunted it to extinction, our analysis showed that the thylacine was in very poor [genetic] health," said lead researcher Dr Andrew Pask, from the University of Melbourne. "The population today would be very susceptible to diseases, and would not be very healthy."

He said problems with genetic diversity could be traced back as far as 70,000 years ago, when the population is thought to have suffered due to a climatic event.

The researchers sequenced the genome from a 106-year-old specimen held by Museums Victoria. They said their study, published in the journal Nature Ecology and Evolution, is one of the most complete genetic blueprints of an extinct species.

Genome of the Tasmanian tiger provides insights into the evolution and demography of an extinct marsupial carnivore (open, DOI: 10.1038/s41559-017-0417-y) (DX)

Related: Huge Population and Lack of Genetic Diversity Killed Off the Passenger Pigeon


Original Submission

Read more of this story at SoylentNews.

03:51

Bitfinex cryptocurrency exchange hit by massive DDoS attacks HackRead

By Waqas

Bitfinex, known as one of the world largest cryptocurrency exchange was

This is a post from HackRead.com Read the original post: Bitfinex cryptocurrency exchange hit by massive DDoS attacks

03:42

How The US Pushed Sweden to Take Down The Pirate Bay TorrentFreak

Its well known that the US Government is actively involved in copyright enforcement efforts around the globe.

In some countries theyve actively helped write copyright law. Elsewhere, U.S. authorities provide concrete suggestions for improvement, including in Sweden.

After The Pirate Bay was raided for the first time, more than ten years ago, the media highlighted that the U.S. Government and Hollywood pulled strings behind the scenes. However, little was known about what this actually entailed.

Today we can provide more context, thanks to a Freedom of Information request that was sent to the U.S. Department of State. While the events happened a decade ago, they show how action against The Pirate Bay was discussed at the highest political level.

The trail starts with a cable sent from the US Embassy in Sweden to Washington in November 2005. This is roughly six months before the Pirate Bay raid, which eventually resulted in criminal convictions for four men connected to the site.

The Embassy writes that Hollywoods MPAA and the local Anti-Piracy Bureau (APB) met with US Ambassador Bivins and, separately, with Swedish State Secretary of Justice at the time, Dan Eliasson. The Pirate Bay issue was at the top of the agenda during these meetings.

The MPA is particularly concerned about PirateBay, the worlds largest Torrent file-sharing tracker. According to the MPA and based on Embassys follow-up discussions, the Justice Ministry is very interested in a constructive dialogue with the US. on these concerns, the cable reads.

Embassy understands that State and Commerce officials have also met with Swedish officials in Washington on the same concern, it adds, with the Embassy requesting further guidance from Washington.

The document adds that there has been some movement on the piracy enforcement front in Sweden, with two legal cases pending. However, those were not the targets Hollywood was looking for.

We have yet to see a big fish tried something the MPA badly wants to see, particularly in light of the fact that Sweden hosts the largest Bit Torrent file-sharing tracker in the world, Pirate-Bay, which openly flaunts IPR, the cable writer comments.

Interesting...

03:31

German Media Helps Cover Up Not Cover the Latest EPO Scandal Techrights

Handelsblatt

THE EPO is in one of its worst situations ever. Its in crisis if not a total disaster and its only a day away from the delegates visit and meeting. Some EPO folks believe this is going to get terse or nasty later this week. One reader expects (or hopes) that Battistelli et al will end up in prison. To quote one message that we received today:

Corsican memorabilia

Let me share some thoughts on the famous Corcoran case. If I am right all actions started by Team Battistelli against the judge were decided on the basis of:
a) a letter that Mr. Cororan sent by postal mail the the deputy Mayor in Saint Germain an Laye, and
b) one e-mail internally sent from a public computer in the EPO premises and that was rather funny that defaming, and
c) nothing else!!!
Now my question is the following: How can the EPO justify that it was spying on THAT computer if the e-mail sent by Mr. Corcoran was his first e-mail? How can they justify the keyloggers?

The answer seems very simple to me: because the EPO was already spying on a public computer mainly used by patent attorneys using a keylogger and Mr. Corcoran was incidentally caught sending a private mail that didnt please Monsieur le prsident.

I may be a dreamer by I expect the immunity of the Team Battistelli to be lifted and the whole Team to finish up in jail, that is the place where criminals belong.

As SUEPO points out today, German politicians are starting to get involved. Peter Meyer and Gabi Schmidt, who has long attempted to help EPO staff, published this statement in German. Things are certainly heating up in Bavaria/...

03:16

Fedora 27 Modular Server Gets Canned; Fedora 27 Server Classic Released Phoronix

The Fedora Project's plans on delivering an initial "Fedora 27 Modular Server" build constructed under their new packaging principles has been thwarted...

03:10

Re: Linux kernel: multiple vulnerabilities in the USB subsystem Open Source Security

Posted by Andrey Konovalov on Dec 12

Another one.

This one looks more interesting. It's a serious memory corruption, and
since it's in the USB core subsystem, it can't be mitigated by turning
off particular USB drivers.

A malicious USB device can potentially exploit this by controlling the
next heap object after the one where usb_host_config is allocated and
gaining an arbitrary decrement primitive, since kref_put() will be
called with an attacker controlled...

03:02

Security updates for Tuesday LWN.net

Security updates have been issued by Debian (chromium-browser, evince, pdns-recursor, and simplesamlphp), Fedora (ceph, dhcp, erlang, exim, fedora-arm-installer, firefox, libvirt, openssh, pdns-recursor, rubygem-yard, thunderbird, wordpress, and xen), Red Hat (rh-mysql57-mysql), SUSE (kernel), and Ubuntu (openssl).

02:50

Breaking: Gas Pipe Explosion in Austria SoylentNews

Explosion in Baumgarten (Austria) gas transit plant, russian gas delivery halted for Austria, Slovakia, Hungary, Slovenia, and Croatia. Italy declares energy crisis. Gas price in Europe jumps ~20%. Crude oil futures rise too.

* https://www.youtube.com/watch?v=IMyiQtm56co (far away video)
* http://www.telegraph.co.uk/news/2017/12/12/least-one-killed-18-injured-explosion-austrian-gas-plant/
* https://www.express.co.uk/news/world/891284/Austria-gas-plant-blast-Europe-energy-crisis-fuel-shortages-Italy-state-emergency
* https://www.bloomberg.com/news/articles/2017-12-12/u-k-gas-surges-after-explosion-in-austria-tightens-supply

UPDATE from: http://www.bbc.com/news/world-europe-42321217

Police have cordoned off the area. Some victims suffering burns have been airlifted out by helicopter, Austrian ORF news reports.

One unconfirmed report spoke of 60 hurt.

"I heard a huge explosion and thought at first it was a plane crash," photographer Thomas Hulik, who lives in a nearby village in Slovakia, told AFP news agency. "Then I saw an immense ball of flame."

Gas Connect said the incident should have no effect on gas deliveries to Austria but those to Italy and Croatia might be reduced.

Meanwhile, Russia's Gazprom Export said it was working to redirect gas flows.

It said it was "doing everything possible to secure uninterrupted gas supplies" to customers in the region.

Spot prices rose sharply across Europe after the incident.


Original Submission

Read more of this story at SoylentNews.

02:26

The Feature Differences Now Between AMD's Two OpenGL & Two Vulkan Linux Drivers Phoronix

For modern AMD graphics cards there are two OpenGL drivers and two Vulkan drivers available to Linux users/gamers that support the same modern AMD GPUs, not counting the older AMD Linux drivers, etc. Here's a rundown now on how those drivers compare...

02:21

Microsoft Launches Preview Version of Q# Quantum Programming Language SoylentNews

Microsoft's Q# quantum programming language out now in preview

Microsoft today launched a preview version of a new programming language for quantum computing called Q#. The industry giant also launched a quantum simulator that developers can use to test and debug their quantum algorithms.

The language and simulator were announced in September. The then-unnamed language was intended to bring traditional programming conceptsfunctions, variables, and branches, along with a syntax-highlighted development environment complete with quantum debuggerto quantum computing, a field that has hitherto built algorithms from wiring up logic gates. Microsoft's hope is that this selection of tools, along with the training material and documentation, will open up quantum computing to more than just physicists.

I'll hold out for QuBasic.

Previously: Microsoft is Developing a Quantum Computing Programming Language


Original Submission

Read more of this story at SoylentNews.

02:20

ROBOT attack (WolfSSL, Bouncy Castle, Erlang) Open Source Security

Posted by Hanno Bck on Dec 12

Hi,

I published details about the ROBOT attack today, it's a couple of
minor variations of the old Bleichenbacher attack.
(Return Of Bleichenbacher's Oracle Threat)

https://robotattack.org/

It is mostly about proprietary appliances, but also affects three FOSS
TLS stacks.

The attack is based on the fact that an attacker can distinguish valid
and invalid RSA PKCS #1 v1.5 paddings based on different server
responses.

Erlang...

02:13

Dem FCC commissioner offers 'alternative' net neutrality proposal The Hill: Technology Policy

Mignon Clyburn, a Democratic commissioner on the Federal Communications Commission, on Tuesday offered edits to a proposal from the FCC's Republican chairman to repeal net neutrality rules.The mock proposal distributed by ...

00:45

The Hidden Link Between Morality and Language - Facts So Romantic Nautilus


Tragedy can strike us any time, but that doesnt mean we cant make the best of it. When Franks dog was struck and killed by a car in front of his house, he grew curious what Fido might taste like. So he cooked him up and ate him for dinner. It was a harmless decision, but, nonetheless, some people would consider it immoral. Or take incest. A brother, whos using a condom, and his sister, whos on birth control, decide to have sex. They enjoy it but keep it a secret and dont do it again. Is their action morally wrong? If theyre both consenting adults and not hurting anyone, can one legitimately criticize their moral judgment?

Janet Geipel of the University of Trento in Italy posed fictional scenarios like these to German-, Italian-, and English-speaking college students in each students native language and in a second language that they spoke almost fluently. What Geipel found in her 2015 study is that the use of a foreign language, as opposed to a native language, elicited less harsh moral judgments. She concluded that a distance is created between emotional and moral topics when speaking in a second language.

If the serpent
Read More

Tuesday, 12 December

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog