IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Friday, 23 September


We have to start thinking about cybersecurity in space Help Net Security

With all the difficulties we’ve been having with securing computer systems on Earth, the cybersecurity of space-related technology is surely the last thing on security experts’ minds. But it shouldn’t be, say David Livingstone and Patricia Lewis, two fellows of the international security department at UK-based think-tank Chatham House. “Because so much of human activity is now dependent on space-based assets and infrastructure, most countries’ critical infrastructure is potentially vulnerable to cyberattacks in that domain. … More


Making A PCB in Everything: Eagle, Part 1 Hackaday

For the first in a series of posts describing how to make a PCB, we’re going with Eagle. Eagle CAD has been around since the days of DOS, and has received numerous updates over the years. Until KiCad started getting good a few years ago, Eagle CAD was the de facto standard PCB design software for hobbyist projects. Sparkfun uses it, Adafruit uses it, and Dangerous Prototypes uses it. The reason for Eagle’s dominance in a market where people don’t want to pay for software is the free, non-commercial and educational licenses. These free licenses give you the ability to build a board big enough and complex enough for 90% of hobbyist projects.

Of course, it should be mentioned that Eagle was recently acquired by Autodesk. The free licenses will remain, and right now, it seems obvious Eagle will become Autodesk’s pro-level circuit and board design software.

With the introduction out of the way, let’s get down to making a PCB in Eagle.

The Eagle Overview

There are three main parts to Eagle. A board is exactly what you think it is. The board describes the layout of components, holes, pads, connections, traces, and mechanical design of a printed circuit board. In the most general sense, the board is what you send off to a fab house to get your PCBs made.

The schematic is not a board design file and is not sent to the fab house. The schematic is the description of all the components in a circuit, and how they’re connected together.

The libraries in Eagle describe each and every part used in a project. Each part in a library has two components, a package, and a symbol. The package is a one-to-one physical representation of the part used when designing the board. The symbol is an abstraction of the part, used when designing the schematic. The package and symbol are combined into a device.

The reason for combining packages and symbols into a device is yet another abstraction; you can get the same microcontroller cores in different packaging — the ATtiny85 we’re working with in this article comes in both SMD and through-hole packages. Because we can combine different packages and symbols together, we do not need to duplicate work by making the ATtiny85 symbol multiple times. Likewise, if we’re designing a lot of parts that all have an 8-pin DIP package, we can reuse that package multiple times.

Building A Library

Library1The first step for all these tutorials will always be designing a part, in our case, a DIP-8 ATtiny85. To do this, we’re going to open Eagle and create a new library. Save your library, give it a memorable name, and check out a few buttons on the toolbar:

SymbolSmall This is the Symbol button, used to create new symbols


PackageSmall This is the Package button, used to create new packages (...



iPhone 7 Jailbreak Has Already Been Achieved In Just 24 Hours! The Hacker News

It has only been a few days since the launch of Apple's brand new iPhone 7 and iPhone 7 Plus, but it appears that the new iPhone has already been jailbroken. That didn't take long. Right? <!-- adsense --> Security researcher and well-known hacker Luca Tedesco shared an image of his jailbroken smartphone on his Twitter account to show off the world that the new iPhone 7 has been jailbroken.


'Array of Things' collects facial biometrics and license plates images MassPrivateI

image credit: Arrayofthings
Argonne Labs and DHS are installing over 500 spying devices called the 'Array of Things' (AoT) throughout Chicago and plan to install them in cities across the country.  Plans are in the works to replicate the project in the coming years in more than a dozen other cities.

Two cameras mounted in each AoT box will collect data on vehicle and foot traffic, standing water, sky color and cloud cover. They claim the photos taken by the cameras will automatically be deleted within "tens of minutes."

Should we trust them?

The AoT bears a striking similarity to 'Visual Analytics for Command, Control and Interoperability Environments' which turned CCTV cameras into surveillance devices. 
Please, read my four part series where I explain, how the government turned public and private CCTV cameras into a nationwide surveillance system.
Feds admit they'll use the internet of things to spy on everyone
US intelligence chief James Clapper warns...
Back in 2012, former CIA director David Petraeus called the surveillance implications of the internet of things “...


Researchers Testing Cars and Roads that Talk to Each Other SoylentNews

Smart vehicle technology is being used on the streets of Edmonton, making it the first Canadian city to see cars "communicating" with each other and with roadside infrastructure in an effort to improve road safety.

The new technology uses a wireless device that exchanges information between connected vehicles in real time with roadside equipment, such as traffic lights or message signs. It also alerts drivers motorists to hazards, such as whether they're speeding or following too closely. It can also tell drivers if they are going to make it through a green light at an upcoming intersection or if they should prepare to stop.

[...] The technology, being tested under the ACTIVE-AURORA research initiative at the University of Alberta (U of A), was announced at the International Conference on Transportation Innovation in Edmonton Sept. 16.

"ACTIVE-AURORA will be a data-driven test bed for the whole region," said Tony Qiu, a civil engineering professor and director of the U of A's Centre for Smart Transportation. ACTIVE-AURORA is a partnership involving all three levels of government—Transport Canada, Alberta Transportation and the City of Edmonton—as well as the U of A, the University of British Columbia and several industry partners.

Original Submission

Read more of this story at SoylentNews.


Calling all free software supporters: It's time to renew our shop inventory! FSF's blog

The merchandise we sell there helps get the message of software freedom into the world, and the money we raise from sales is indispensable to our operation. Besides all that, the goods are useful, whether generating true random numbers or keeping you warm in cold weather. To help us accomplish these goals, we are asking you, the free software community, for your ideas about what you'd like to see in the shop.

Do you have a neat design idea for a new T-shirt? Think we could sell a bale of GNU-branded socks? Know what we could put on a sticker that would get the software freedom message across? Please add your idea(s) to the LibrePlanet Wiki's Ideas page. If you see that someone has already suggested your idea, feel free to add a "+1". OR: you can email your merchandise idea to the FSF Operations team directly at

Together we can come up with the most practical and stylish ways to get the software freedom message out there. We'll be actively looking at submissions into early October, and hope to have designs done by the middle of that month.

Thanks in advance for your suggestions and thank you for supporting free software!


mupdf: use-after-free in pdf_to_num (pdf-object.c) Open Source Security

Posted by Agostino Sarubbo on Sep 22

If it is suitable for a CVE please assign one.

mupdf is a lightweight PDF viewer and toolkit written in portable C.

A fuzzing through mutool revealed a use-after-free.

The complete ASan output:

# mutool info $FILE
==5430==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300000ea42
at pc 0x7fbc4c3824e5 bp 0x7ffee68ead70 sp 0x7ffee68ead68...


An Early Port Of GCC To AMD's GCN Architecture Phoronix

While still in its early stages, there's a port in the works of the GNU Compiler Collection for AMD's GCN (Graphics Core Next) instruction set architecture...


Yahoo expected to confirm data breach affecting 200 million users: Report TechWorm

Yahoo to go public about massive data breach affecting its 200 million users

Yahoo! Inc., is expected to officially acknowledge the massive data breach that took place last month with more than 200 million of users account exposed to hackers, Recode reports. While there is no confirmed information about the extent of the breach yet, the sources say that it is “widespread and serious” with the possibility of legal action and investigations led by the government.

Back in August, it was reported by Motherboard that a hacker going by the name of ‘Peace’ claimed to have breached Yahoo and put the usernames and passwords for over 200 million accounts up for sale. The same hacker has previously sold large data dumps of breaches related to Myspace and LinkedIn on a dark web marketplace called the Real Deal. The data dump allegedly included usernames, encrypted passwords, birthdays and other email addresses from 2012.

“It’s as bad as that,” one source told Recode. “Worse, really.”

The data was being sold for 3 bitcoins, worth $1,860 at the time. The company never issued password resets, a usual course of action taken by websites that would indicate of a hack. At the time, the company’s response to the hack was only that it was “aware of [the]claim” but did not confirm or deny that Yahoo users were affected.

The company said in a statement at the time, “We are committed to protecting the security of our users’ information and we take any such claim very seriously. Our security team is working to determine the facts.”

This news comes at a time when Yahoo is the middle of a mega-acquisition by Verizon in a $4.8 billion deal, which is yet to be approved by regulators and shareholders. So, it would be interesting to see if the deal would face repercussions due to the breach.

Yahoo is rumoured to make its announcement this week. If Yahoo confirms the news, this would become the biggest hack of its kind in the Yahoo history. If you own a Yahoo account, it would be ideal to change your password as soon as possible. Also, if you’re using the same Yahoo username and password combination elsewhere, it is recommended to change those as well.

The post Yahoo expected to confirm data breach affecting 200 million users: Report appeared first on TechWorm.


FF1988: The Tell-Tale Heart and Other Stories Random Thoughts

The Tell-Tale Heart and Other Stories by Edgar Allen Poe.

From what fetid hell did this magazine arise?

It reprints three Edgar Allen Poe stories (that you’ve probably read before), illustrated in this fashion:

The borders are repeated throughout each story, so this magazine has three borders, one cover and twelve illustrations (by Daryl and Josef Hutchinson).

If this is a way to ask the public “will this do?”, I think the answer is “no”.

This post is part of the Fantagraphics Floppies series.


Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK Bugtraq

Posted by Jamie R on Sep 22

BT Wifi Extenders - 300, 600 and 1200 models - Cross Site Scripting
leading to disclosure of PSK.

A firmware update is required to resolve this issue.

The essential problem is that if you hit the following URL on your
wifi extender, it will pop up a whole load of private data, including
your PSK. Instead of doing a pop up, we could exfiltrate that data to
our server....


Spam is once again on the rise Help Net Security

Spam volume is back to mid-2010 heights, and Cisco Talos researchers say that the Necurs botnet is partly to blame. “Many of the host IPs sending Necurs’ spam have been infected for more than two years. To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions. An infected host might be used for two to three days, and then sometimes not again for two … More


Donald Trump’s Website Caught Leaking Intern Résumé Files HackRead

By Carolina

The American Presidential candidate Donald Trump is known for his

This is a post from Read the original post: Donald Trump’s Website Caught Leaking Intern Résumé Files


Hackers are automatically seeding trackers with malware disguised as most popular downloads Graham Cluley

Cybercriminals are spreading malware via torrent distribution networks, using an automated tool to disguise the downloads as trending audio, video and other digital content...

David Bisson reports.


XDC2017 X.Org/Mesa/Wayland Conference To Be Hosted By Google Phoronix

The X.Org Foundation Board of Directors held their annual in-face meeting today at XDC2016 in Helsinki, Finland. At this meeting they have decided to accept Google's invitation to host XDC2017 at the Googleplex...


(IN)SECURE Magazine issue 51 released Help Net Security

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 51 has been released today. Table of contents Hacking is the new espionage New hyper-evasive threats are killing sandboxing as we know it How to choose a perfect data control solution for your enterprise What can Microsoft Patch Tuesday tell us about security trends in 2016? Security experts are from Mars, business owners are from Venus Report: Black … More


How To Drill A Curved Hole Hackaday

Next time you’re renovating and need to run some cables around corners in you walls, save yourself some frustration by building [izzy swan]’s corner drilling rig. It’s something akin to a custom tunnel boring machine but on a small scale.

drill-a-curved-holeStarting with a piece of steel, [izzy] traced and cut out a 90 degree curve with an attached arm that will allow it to rotate from a central block. He then grabs a random drill bit and attaches it to a flex shaft which is secured to the leading point of the steel curve. To complete the handy setup the entire rig is bolted to a block that will clamp over the corner stock.

As it stands, it takes some elbow grease to get the drill through, but it’s not a purpose built setup. On a second demonstration, the flex shaft breaks, but the idea is there. Now, [izzy] advises that this is most easily accomplished when re-framing walls with no drywall obstructing your drill, but the concept for this rig could nonetheless prove handy for welding, grinding, and so forth along any angled curve.

If instead you want to push your carpentry skills to their limits, build a wooden Vespa.

[Thanks for the tip, Itay Ramot!]

Filed under: hardware, home hacks, tool hacks


Obama Set to Veto 9/11 Victims’ Bid to Sue Saudis

Sure, because if the victims families sue the Saudis, guess who else would have to show up in court? Via: AFP: President Barack Obama is poised to veto legislation exposing Saudi Arabia to court action over the 9/11 attacks, stepping in to defend legal precedent and an awkward ally, but inviting election-time opprobrium. White House […]


Brian Krebs' Blog Hit by 665 Gbps DDoS Attack SoylentNews

An article today on SecurityWeek details what may be the largest DDoS attack ever seen. The target? Brian Krebs' web site of course.

Investigative cybercrime journalist Brian Krebs reported on Tuesday that his website,, was hit by a massive distributed denial-of-service (DDoS) attack that could be the largest in history. According to Krebs, his site was targeted with various types of DDoS attacks, including SYN and HTTP floods. The attack peaked at 665 Gbps and 143 Mpps (million packets per second), but it was successfully mitigated by Akamai, the company that provides DDoS protection services for KrebsOnSecurity.

Akamai told Krebs that this attack was nearly twice the size of the largest attack they had previously encountered. It's worth noting that Arbor Networks reported in January that some of its customers had been hit by attacks that peaked at 500, 450 and 425 Gbps.

Quite the feather in the cap of Akamai to be able to mitigate this level of attack.

Original Submission

Read more of this story at SoylentNews.


CVE Request - Exponent CMS 2.3.9 multi-vulnerabilities in install code Open Source Security

Posted by Carl Peng on Sep 22

Hi , I reported the following vulnerabilities in the install code to the
ExponentCMS team some days ago and fixed now.

1. Arbitrary code execution
lines 56 - 63
if (isset($_REQUEST['sc'])) {
if (file_exists("../framework/conf/config.php")) {
// Update the config
foreach ($_REQUEST['sc'] as $key => $value) {...


Friday "Back to School" Free Software Directory IRC meetup: September 23rd FSF's blog

Join the FSF and friends Friday, September 23rd, from 12pm to 3pm EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.

Participate in supporting the Free Software Directory by adding new entries and updating existing ones. We will be on IRC in the #fsf channel on freenode.

While the Free Software Directory has been and continues to be a great resource to the world over the past decade, it has the potential of being a resource of even greater value. But it needs your help!

This week we're having a special theme focusing on updating entries for educational software. With school starting back up for many students, we want to make sure they have the free software tools they need for their studies are up to date and current in the Directory.

If you are eager to help and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today! There are also weekly FSD Meetings pages that everyone is welcome to contribute to before, during, and after each meeting.


Re: CVE Request: VLC: Potential divide-by-zero issue Open Source Security

Posted by Moritz Muehlenhoff on Sep 22

Crashes without the potential for code injection in enduser applications
usually don't receive CVE ID assignments.


Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Thursday, 22 September


Yahoo is going to confirm the data breach that exposed 200 Million Yahoo accounts Security Affairs

It’s a question of hours, security experts believe Yahoo will confirm the massive data breach that exposed at least 200 Million Yahoo accounts.

Yahoo is ready to confirm a massive data breach that affected its service that has exposed several hundred million user accounts.

“Yahoo is poised to confirm a massive data breach of its service, according to several sources close to the situation, hacking that has exposed several hundred million user accounts.” reported the website

“While sources were unspecific about the extent of the incursion, since there is the likelihood of government investigations and legal action related to the breach, they noted that it is widespread and serious.”

In August, the notorious hacker Peace advertised 200 Million Yahoo accounts on Dark Web, and the company is aware of the sale.

Peace offered for sale the 200 million of Yahoo account credentials (from “2012 most likely,”) on The Real Deal black marketplace. Yahoo was informed of the events and launched an internal investigation avoiding public comment on the case. The hacker was offering the data leak for 3 bitcoins (roughly $1,800 at the time of the disclosure).

200 Million Yahoo accounts Dark Web

While the Yahoo security team was investigating the incident, the company suggested its customers to use strong passwords, one for each web service they use, and enable two-factor authentication when it is available.

Security experts believe its question of hours before the Yahoo will publicly confirm the data breach that caused at least the exposure of 200 million of Yahoo account credentials.

Of course, the news will have a significant impact on the company because the hackers attacked the core service of the IT giant. Analysts speculate a possible interference with the announced $4.8 billion sale of the company to Verizon.

Stay Tuned!

Pierluigi Paganini



Google’s smart search for security Help Net Security

Google made waves this week with the launch of the much-hyped messaging app Allo. The app boasts some impressive features, including embedding Google Assistant into your conversations. “Smart Replies” learn from your behavior over time to offer up the type of replies that you’d typically give. The assistant can even analyze photos and help you make dinner reservations or buy movie tickets based on what’s happening in your conversation, without ever leaving the app. More … More


Intel's FastUIDraw Is Very Promising For Fast, GPU-Accelerated Drawing Phoronix

Intel Open-Source Technology Center developer Kevin Rogovin just finished presenting at this year's XDC2016 conference in Helsinki. Rogovin presented on the promising project FastUIDraw...


openSUSE Leap 42.2 Beta 2 Switches To KDE Plasma 5.8 Beta Phoronix

The second beta of the upcoming openSUSE 42.2 Linux distribution is now available. One notable change is that 42.2 has switched to the KDE Plasma 5.8 LTS beta...


How ransomware is impacting companies in six major industries Help Net Security

BitSight analyzed the security ratings of nearly 20,000 companies to identify common forms of ransomware and to determine which industries (amongst Finance, Healthcare, Education, Energy/Utilities, Retail, and Government) are most likely to experience attacks. Percentage of companies in each industry with ransomware “Ransomware is a legitimate threat, with estimates from the U.S. Justice Department showing that over 4,000 of these attacks have occurred every day since the beginning of 2016,” said Stephen Boyer, co-founder and … More


HP Retrofits Ink Cartridge DRM on Printers FOSS Force

You’ve owned your printer for a year or more, and have happily used off-brand ink cartridges during that time. Suddenly the manufacturer says you can’t do that anymore, and suddenly orders the printer you own to not accept the ink cartridges of your choosing.

Have you tried using you HP printer recently? If not, if you use certain models and keep your expenses down by using third party ink cartridges, you might find you have a “damaged” cartridge that needs replacing before the printer will operate. Open up a new cartridge that you’ve been keeping on hand and if it’s branded Office Max, Office Depot or anything other than “genuine HP,” it’ll be “damaged” too.

HP printer logoAs they used to say on the Outer Limits, there is nothing wrong with your ink cartridges. HP has taken control of your printer and trained it to not accept them anymore.

It seems that HP rolled out a firmware update for certain of it’s printers back in March with a DRM-like time release surprise, so that on September 13 the affected printers would reject any cartridge that doesn’t contain a “genuine HP” chip. HP’s rationale? “We sold you the damn printer at less than cost so we could make money selling you ink, so you’re damn well going to buy the ink from us.”

Those words are mine, of course, but they pretty well sum it up.

As far as FOSS Force has been able to determine, the only printers affected so far are Officejet Pro 6830, 8610, 8615, 8620, 8625, 8630, 8640, 8660, x451dn, x451dw, x476dn, x476dw, x551dw, and x576dw — but that’s subject to change. Right now, if I owned an HP printer not affected — and I do — I wouldn’t buy a case of off-brand cartridges, at least not without the understanding that I might get stuck with them.

This is wrong on so many levels that I don’t have enough fingers and toes to figure it out.

Pre installed DRM (Is that the right term? Is an ink cartridge digital?) on a brand new in-the-box printer you’re carrying out the door at the local Best Buy store is bad enough — but at least you presumably knew at the cash register that saving money by buying Office Depot cartridges is a no-go and that before the printer dies and meets its maker you’re going to get well acquainted with the little blue dot decorated with the letters “HP.”

Even that should be illegal. The machine became your property the minute the cash registrar printed out a receipt, and you should be allowed to void your warranty by doing whatever you want with it.

But what HP did went well beyond that.

Taking away the function after the sale would seem to border on what’s actually criminal instead of just what I believe should be criminal. This would seem to be a case of HP messing with property that’s not theirs to mess with — a real what-gives-them-the-right scenario. It’s vandalism.

There are broader implications. I fear that more of this is what we can expect from the Internet of Things.

The post...


Yahoo set to announce huge breach: report The Hill: Technology Policy

Yahoo is set to report a large scale data breach today in which hundreds of millions of accounts have been compromised, according to a report by Recode.Sources told the tech website that government investigations and legal action were likely, but...


kernel: ACPI table override is allowed when securelevel is enabled Open Source Security

Posted by Vladis Dronov on Sep 22


A vulnerability was found in the RHEL7 kernel. When RHEL7 is booted with UEFI Secure Boot enabled,
securelevel is set. The kernel uses the state of securelevel to prevent userspace from inserting
untrusted privileged code at runtime.

The ACPI tables provided by firmware can be overwritten using the initrd. From the kernel documentation:

If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible to
override nearly any...


Simultaneous Radio Xmit/Receive, on the SAME Frequency SoylentNews

Tech Review reports an "impossible" development,

Because the signal from broadcasting a radio transmission can be 100 billion times louder than the receiving one, it was always assumed that outgoing signals would invariably drown out incoming ones. That's why radios typically send and receive on different frequencies or rapidly alternate between transmitting and receiving. "Even textbooks kind of assumed it was impossible," Bharadia says.

Bharadia developed hardware and software that selectively cancel the far louder outgoing transmission so that a radio can decipher the incoming message. The creation of the first full-duplex radio, which eventually could be incorporated into cell phones, should effectively double available wireless bandwidth by simply using it twice.

Any bets on when this will make it to production, maybe as part of 7G(eneration) wireless? Or will the technology go black, used first by military?

And, does a person's name ever influence their career? "Bharadia" sounds awfully close to "bi-radio"...

Original Submission

Read more of this story at SoylentNews.


Organizations sacrificing security for the speed of business Help Net Security

Organizations know how to improve security. However, due to pressures caused by the rate of business change, including the adoption of new technologies and applications, organizations are sacrificing security for the speed of business, according to the Ponemon Institute. Why organizations are at risk “All enterprise organizations are under pressure to drive business innovation in order to respond to changes in the competitive landscape, and to meet changing customer expectations,” said Dr. Larry Ponemon, chairman … More


Support Is Now the Differentiator in the OpenStack Race

When it comes to OpenStack cloud computing distributions, now offered by a variety of vendors, we are at a tipping point. As businesses and organizations demand flexible solutions for deploying cloud solutions based on OpenStack, competition is fierce.  With so many vendors competing in this arena, market consolidation was bound to arrive, and it is here. What will the key differentiator be going forward? That would be support.

Matthew Garrett Explains How to Increase Security at Boot Time

Security of the boot chain is a vital component of any other security solution, said Matthew Garrett of CoreOS in his presentation at Linux Security Summit. If someone is able to tamper with your boot chain then any other security functionality can be subverted. And, if someone can interfere with your kernel, any amount of self-protection the kernel might have doesn’t really matter.


Surge in polymorphic attacks and malicious Android apps Help Net Security

Users are over 20 percent less likely to encounter malware and other undesirable executable files than in 2015. The data, collected by Webroot, shows that, although the number of overall malware encounters is decreasing, malware attacks are more sophisticated and short-lived than ever before. Malware and PUA families and variants per family Many attacks appear, infect, and disappear within hours—even minutes—having successfully exfiltrated sensitive data, launched ransomware, or found other means to achieve financial gain. … More


North Korea’s List Of Only 28 Websites Accidentally Exposed Hacker News Bulletin | Find the Latest Hackers News

On Monday, the 19th of September 2016, Matt Bryant, who is a security engineer came across a segment of the internet that very few people have encountered. This part of the web has stayed out if the reach of most of the world. It was a list of websites that the people of North Korea

The post North Korea’s List Of Only 28 Websites Accidentally Exposed appeared first on Hacker News Bulletin | Find the Latest Hackers News.


Fresh Bluetooth Developer Toolkit line tackles IoT security, interoperability Help Net Security

The Bluetooth Special Interest Group (SIG) released several updates to its developer toolkit line-up, which enables developers to build smarter when creating things like mobile apps and low-cost beacons, as well as gateways that control IoT sensors. “What developers can do today with Bluetooth far surpasses what they could do just a few years ago,” said Steve Hegenderfer, Director of Developer Programs, Bluetooth SIG. “Whether it’s connecting a Bluetooth device to the web, using beacons … More


CVE Request: VLC: Potential divide-by-zero issue Open Source Security

Posted by ajax secure on Sep 22


Xiangkun Jia has discovered a divide-by-zero in VLC, which makes the application crashed and may be caused by buffer
overflow. The fix is in;a=commit;h=85a64e10d665edf8a29526543b5c6fd4923437fd

Can you assign a CVE for this issue? Thank you.

Xiangkun Jia
Institute of Software, Chinese Academy of Sciences


Links 22/9/2016: Red Hat’s Latest Results, GNOME 3.22 Released Techrights

GNOME bluefish




CVE-2016-6374 – Don’t waste time, patch your CISCO Cloud Services Platform Security Affairs

Cisco has issued a security patch to address a remote hijacking vulnerability, tracked as CVE-2016-6374, in the Cloud Services Platform (CSP).

This patch is very important, CISCO urges all customers who run CSP 2100 software to install the 2.1.0 update that addresses a “high” risk remote code execution flaw.

The CISCO Cloud Services Platform (CSP) is a product designed to manage virtualized network services and components, it runs as a Linux x86 virtual machine built into a Cisco network appliance.


The Cisco Cloud Services Platform 2100 allows to quickly deploy any Cisco or third-party network virtual service through a simple, built-in, native web user interface (WebUI), command-line interface (CLI), or representational state transfer (REST) API.

“A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.” reads the security advisory published by CISCO.

According to CISCO, the exploitation of the CVE-2016-6374 flaw is simple, attackers just need to send malformed HTTP requests to achieve remote code execution. An unauthenticated attacker has to use a malicious DNS-lookup request through the CSP web interface in order to execute commands on the server.

“The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious dnslookuprequest to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user.”

The Cisco Product Security Incident Response Team (PSIRT) confirmed that its experts are not aware of any public announcements or malicious use of the CVE-2016-6374 vulnerability in the wild.

Cisco customers have no choice due to the absence of mitigations for the CVE-2016-6374 flaw, they need urgently to apply the patch.

A few days ago CISCO issued another patch for a high-severity vulnerability in the IOS platform that was discovered while analyzing the exploits included in the Equation Group data leak.

Pierluigi Paganini

(Security Affairs – Cloud Services Platform, CVE-2016-6374)

The post CVE-2016-6374 – Don’t waste time, patch your CISCO Cloud Services Platform appeared first on Security Affairs.


Beware — Someone is dropping Malware-infected USB Sticks into People's Letterbox The Hacker News

Hey! Wait! Wait! Wait! Don't plug in that USB stick into your laptop. It could infect your computer with malware and viruses. Australia's Victoria Police Force has issued a warning regarding unmarked USB flash drives containing harmful malware being dropped inside random people's letterboxes in the Melbourne suburb of Pakenham. It seems to one of the latest tactics of cyber criminals to


Microsoft to "Solve the Problem of Cancer" Within Ten Years - Scientists are Skeptical SoylentNews

Microsoft has vowed to "solve the problem of cancer" within a decade by using ground-breaking computer science to crack the code of diseased cells so they can be reprogrammed back to a healthy state.

[...] The researchers are even working on a computer made from DNA which could live inside cells and look for faults in bodily networks, like cancer. If it spotted cancerous chances it would reboot the system and clear out the diseased cells.

Chris Bishop, laboratory director at Microsoft Research, said: "I think it's a very natural thing for Microsoft to be looking at because we have tremendous expertise in computer science and what is going on in cancer is a computational problem.


Read more of this story at SoylentNews.


The State Of GNU's GDB Debugger In 2016 Phoronix

At the GNU Tools Cauldron that took place earlier this month in Hebden Bridge, UK was the annual status update of the GDB debugger...


Despite Adobe Efforts, Photoshop Still Most Popular Software on Pirate Bay TorrentFreak

Ever since their official release, Adobe software products have been popular with pirates. Editing studio Photoshop has been the most enduring, appearing on pirates’ machines since 1990.

In order to innovate, in 2013 Adobe said it would move away from boxed ‘retail’ products and switch to a cloud-subscription model. This meant that the large initial outlay associated with its products could be exchanged for a more affordable monthly fee.

In July 2014, Adobe said the strategy was working, declaring that piracy had fallen. Just over a year later, Adobe was celebrating again, noting that casual pirates had been converted by the lower price of entry.

This week Adobe had more good news for shareholders. In the third quarter, the company generated more than $1.46 billion in revenue, up from $1.22 billion year-on-year. Creative Cloud, the company’s replacement for the old disc-based Creative Suite, accounted for $803 million in revenue, up 39% year-on-year.

In a Q3 2016 earnings conference call the discussion somewhat inevitably turned to piracy, with Adobe Executive Vice President Mark Garrett noting that mitigation is one of the company’s key aims.

“Our focus with Creative Cloud continues to be in three key areas; growing our core base of users, including migrating the legacy user base of Creative Suite users, addressing piracy and growing our installed base in the education market, driving new customer adoption in adjacent markets,” Garrett said.

Heather Bellini from Goldman Sachs wanted to know whether Adobe sees potential for additional revenue boosts as piracy is further eroded.

“Is there kind of a framework that we could think about in terms of the impact on top line growth that you can get from piracy reduction and are there things that you are doing that you are changing even more than you were kind of a couple of years ago to stay ahead of the pirates?” Bellini asked.

Adobe President and Chief Executive Officer Shantanu Narayen responded, indicating that a large proportion of recent growth can be apportioned to pirates jumping ship to become part of Creative Cloud.

“If you look at the macro level we used to sell approximately three million units of Creative Suite a year and if you look at the numbers right now of where we are with Creative Cloud, it’s clear that we have seen significant acceleration,” Narayen said.

“Without a doubt, a large part of that acceleration is people who want Creative Cloud and are no longer pirating Creative products, but are actually as a result of the low price and the value that we are delivering using the entire subscription-based offerings.”

Additionally, Adobe says it has taken other measures to clamp down on pirates, including action against people attempting to abuse trials and sites offering pirated copies.

“Once the trial expires [we’ve ensured] that they don’t have access to the products. And as you know, we have also shutdown places, online websites where people could buy a repackaged box,” Narayen said.

But while Adobe hasn’t been shy to detail its subscription revenues, the company has again refused to say how many subscriptions it has sold. This makes it difficult to compare, one for one, pirated instances of its software in use versus new subscriptions being taken up. During the call, Narayen offered no additional clarity.

“In terms of the installed base of pirates, I think the numbers for that...


Lenovo N21 Chromebook Now Has Mainline Coreboot Support Phoronix

The Lenovo N21 Chromebook is now supported by mainline Coreboot. But then again that's not a huge surprise considering Google's focus on Chromebook/Chromebox support in Coreboot...


Arduino Sketch: The Next Generation Hackaday

What was your first Arduino program? Probably an LED blinker — that seems to be the “hello world” of microcontrolllers. You probably moved on to things a little more complicated pretty quickly. At some point, things get harder because the Arduino lacks an operating system.

There are operating systems that will run on the Arduino. They aren’t full-featured like Windows or Linux, but they allow you to run multiple tasks that are both isolated from each other (to some degree) and have a way to cooperate (that is, synchronize, share data and resources, and so on). One such operating system is ChibiOS. It will run on AVR- and ARM-based devices. You can find documentation about the entire project on the home page along with other ports.

The problem with adopting a new operating system is always getting started. [ItKindaWorks] has started a video series on using ChibiOS and has posted three installments so far (see below; one is about getting started, the other two cover messaging, mutexes, and priorities).

If you want to follow along with the videos, the code is available on GitHub. We aren’t sure if he’s planning more videos, but these will be more than enough to get you started.

According to the ChibiOS project, they are better than many common similar operating systems because of their static design (you can put the processor to sleep without causing problems). They also support true threads instead of simple tasks, meaning that you can dynamically create and destroy threads and synchronize threads easily.

If you are building sophisticated software that needs multiple things occurring at once, having an operating system can make life a lot easier. We’ve seen examples of using ChibiOS ranging from motor control to MIDI players. There are quite a few choices other than ChibiOS, too, if you look around.

Filed under: Arduino Hacks


SDL2's Mir Backend Sees Some Updates Phoronix

Yesterday saw some infrequent updates to the SDL2 library's Mir back-end for Ubuntu users...


Nouveau Developers Remain Frustrated By NVIDIA's Firmware Practices Phoronix

Nouveau developers Samuel Pitoiset, Karol Herbst, Pierre Moreau, and Martin Peres presented their status update on this open-source, reverse-engineered NVIDIA Linux graphics driver during the second day of the XDC2016 conference. Nouveau developers had a few words for the NVIDIA developers in the room...


Managing Log Files and More With Elastic Stack

Managing log files is becoming increasingly harder with growing amounts of data and differing file formats. Giovanni Bechis, in his upcoming talk at LinuxCon Europe, describes a solution using the ELK stack (ElasticSearch, Logstash, Kibana), which he says let's you easily collect, parse, and manage log files from different sources.


Bank cyber heists are here to stay, says SWIFT security chief Graham Cluley

Bank cyber heists are here to stay, says SWIFT security chief

Hundreds of millions of dollars have already been stolen, and there's every chance that we haven't seen the last of it.

Read more in my article on the Tripwire State of Security blog.


Paramount streams 175 movies online Pipedot

Paramount has added 175 movies to their library for free online streaming. This collection can only be viewed in America. Due to current draconian copyright restrictions movies can be locked out of public consumption for over a century.


ISP Trolls Copyright Troll With A Taste of Its Own Medicine TorrentFreak

bahnhofIn recent years file-sharers around the world have been ordered to pay significant settlement fees, or face legal repercussions.

These so-called “copyright trolling” efforts have been a common occurrence in several countries, with Sweden one of the latest hunting grounds.

One of the organizations leading the way is Spridningskollen (Distribution Check). Using data gathered by German anti-piracy outfit Excipio, they plan to start by targeting around 1,000 alleged pirates, offering them settlements of around $233 (2,000 kronor).

While many Internet providers don’t put up a real fight to protect their subscribers, privacy conscious Bahnhof is. Not only does Bahnhof delete all logs that could link IP-addresses to alleged infringements, the company is also pushing back in other creative ways.

Previously they accused Spridningskollen of trademark infringement and this week they followed up this threat with a more concrete warning.

Giving the “trolls” a taste of their own medicine, Bahnhof sent them an invoice for the exact amount they also ask from accused pirates, to settle the alleged trademark infringement.

“You’re infringing our trademark ‘Spridningskollen.’ Bahnhof filed for the trademark on 2016-08-31, with the launch of the website,” the settlement invoice reads.

The anti-piracy outfit uses for their website and Bahnhof urges the company to pay up and take it down, or else.


“Choose to pay 2,000 kronor and switch off your site as soon as possible, or face legal action when the trademark application has been processed,” they write.

“You can say that this letter is a settlement offer. If the infringer of the trademark does not pay the rightsholder the case can proceed to trial, which is far more costly for all involved.”

It’s unlikely that the anti-piracy coalition is going to comply voluntarily, as the trademark application can be disputed. Nevertheless, Bahnhof’s provocative approach is refreshing to say the least.

When asked, most ISPs will say that they have the best interests of their subscribers at heart, but very few companies are willing to go above and beyond and highlight possible abuse.

And adding some irony in the mix makes it all the better.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.


Internet companies dominate tech lobbying The Hill: Technology Policy

Internet firms have dominated tech lobbying this year, outpacing legacy tech companies like Microsoft and Oracle, according to an analysis of disclosure records by The Hill.Google, now part of holding company Alphabet, was the top spender among tech...


"Damage Suppressor" Gene Found in Tardigrades, Inserted into Human Cells SoylentNews

Scientists have found a damage suppressing gene in tardigrades that they have called "Dsup". It directs the production of a protein that can protect DNA, partially explaining tardigrades' resistance to the effects of radiation. The scientists also inserted the gene into human cells and found that Dsup-treated cells suffered less damage from X-ray exposure.

Extremotolerant tardigrade genome and improved radiotolerance of human cultured cells by tardigrade-unique protein (open, DOI: 10.1038/ncomms12808) (DX)

Original Submission

Read more of this story at SoylentNews.


Black Team’s tool ‘RAUM’ is infecting torrent users with malware HackRead

By Uzair Amir

Cybercrime syndicate Black Team is spreading its new malicious tool

This is a post from Read the original post: Black Team’s tool ‘RAUM’ is infecting torrent users with malware


North Carolina: State of Emergency Declared After Second Night of Riots

Via: BBC: The North Carolina governor has declared a state of emergency in the city of Charlotte, as unrest continues over the police killing of a black man. Violence erupted for a second night after Keith Lamont Scott was shot dead by a black officer on Tuesday. One protester is in a critical condition after […]


Object Storage Leading the Advancement of Software-Defined Storage

Software-defined storage (SDS) is one of those terms that has been readily hijacked by vendors over the past few years. The term developed from the adoption of software-defined networking (SDN), used to define the separation of control and data traffic in the networking world, which provides the abstraction needed to deliver more efficient network management and to virtualise network functionality.


IE11 is not following CORS specification for local files Bugtraq

Posted by Ricardo Iramar dos Santos on Sep 22

IE11 is not following CORS specification for local files like Chrome
and Firefox.
I've contacted Microsoft and they say this is not a security issue so
I'm sharing it.

files as supposed to be.
In order to prove I've created a malicious html file with the content below.

function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {...


[slackware-security] irssi (SSA:2016-265-03) Bugtraq

Posted by Slackware Security Team on Sep 22

[slackware-security] irssi (SSA:2016-265-03)

New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/irssi-0.8.20-i586-1_slack14.2.txz: Upgraded.
This update fixes two remote crash and heap corruption vulnerabilites
in Irssi's format parsing code. Impact: Remote crash...


[security bulletin] HPSBHF03646 rev.1 - HPE Comware 7 (CW7) Network Products running NTP, Multiple Remote Vulnerabilities Bugtraq

Posted by security-alert on Sep 22


Document ID: c05270839
Version: 1

HPSBHF03646 rev.1 - HPE Comware 7 (CW7) Network Products running NTP,
Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-21


Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Bugtraq

Posted by Larry W. Cashdollar on Sep 22

Title: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
Author: Larry W. Cashdollar, @_larry0
Date: 2016-09-15
Download Site:
Vendor:, fixed v1.1.0
Vendor Notified: 2016-09-17
Vendor Contact: info () huge-it com
Description: A video slideshow gallery.
The following code does not prevent an unauthenticated user from injecting SQL into functions located...


Yahoo 'expected to confirm massive data breach', says Recode Graham Cluley

Yahoo 'expected to confirm massive data breach', says Recode

As Yahoo poises to sell up to Verizon, it may have some bad news to share. Recode reports that "several hundred million" account credentials may have been impacted by a data breach.


[security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access Bugtraq

Posted by security-alert on Sep 22


Document ID: c05273584
Version: 2

HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction
Bypass, Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-15...


Digital Photography: The Future of Small-Scale Manufacturing? SoylentNews

What if it were possible to quickly and inexpensively manufacture a part simply by using a series of close-range digital images taken of the object?

Michael Immel, instructor in the Harold and Inge Marcus Department of Industrial and Manufacturing Engineering, originally started thinking about the technique, called photogrammetry, for a different purpose, but quickly realized its application in manufacturing.

In this technique, digital images of an object that have been taken at various angles are used to create a point cloud -- or a large collection of points used to create 3D representation of existing structures -- from which a computer-aided design (CAD) file can be generated.

The resulting CAD file and subsequent 3D model could then be used to rebuild the part, or 3D print it, to its original specifications without using traditional methods, which are both expensive and time-consuming.

Surely you'd need an X-ray of internal structures, too?

Original Submission

Read more of this story at SoylentNews.


[slackware-security] pidgin (SSA:2016-265-01) Bugtraq

Posted by Slackware Security Team on Sep 22

[slackware-security] pidgin (SSA:2016-265-01)

New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/pidgin-2.11.0-i586-1_slack14.2.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
(* Security...


Want To Wake Up In A Ship’s Warp Core? Circadia Sunrise Clock Makes it So Hackaday

Who among you has difficulty rising in the mornings? Sunrise clocks that simulate a — well, sunrise,  are a gentle means of returning to the waking world. [FlorianH], grappling with this very issue, has built his own impressive sunrise clock he has named Circadia. Some sunrise clocks mate an LED with a dev board and call it a day. This work of hardware art will never be confused for something rudimentary.

Standing at 187cm tall, the 8mm thick PCB frame contains three main sections that plug into each other “like Lego”: the top houses a cleverly designed (and virtually silent) propeller clock and a speaker with a 3D-printed, omni-directional reflector. The midsection is reinforced with an MDF column, around which is wrapped 16 strips of 18 RGB LEDs with a heat-molded sheet of acrylic to diffuse the light, while the bottom section has the mid-woofer, the Raspberry Pi 2 brain, most of the electronics, and three switched power supplies.

Built over two years, the primary feature is a variety of themes — with more being added all the time — ranging from rain forest, to arctic, to the warp core of a starship that will rouse you over the course of a half hour. Circadia can also function as a visualizer during a party, or even a Tetris display (a theme that was designed and tested in an afternoon!). Seeing it in action is a treat:

For a different take on a sunrise clock, check out this one that requires you to move the pieces on the clock face to set the time!

[Thanks for the submission, FlorianH!]

Filed under: clock hacks, led hacks, Raspberry Pi


Industrial IoT Group Releases Security Framework

The Industrial Internet Consortium (IIC) , which was founded by AT&TCiscoGEIBM, and Intel, released a common framework for security


[SECURITY] [DSA 3672-1] irssi security update Bugtraq

Posted by Salvatore Bonaccorso on Sep 22

Debian Security Advisory DSA-3672-1 security () debian org Salvatore Bonaccorso
September 21, 2016

Package : irssi
CVE ID : CVE-2016-7044 CVE-2016-7045



Even Worse Than Hillary Clinton’s Emails Terra Forming Terra

What we find described here is the deep rot in the civil service tied to both partisan objectives and real corruption.  Other posts have detailed the revolving door operating throughout the regulatory system as well supporting terrible regulatory commercial monopolies that then work to suppress new research as well as protect doubtful formulations.

The whole process must be rethought and soon. It has become absurd and dangerous.  The only reason we have not had another thalidomide scandal is the the industry games the system to hide problems.  Somewhere i have seen an item that suggests Vioxx killed thirty thousand.  Whether it is true or not it did something and you barely know about it.

The real issue is that with intent, it is possible to operate as a lone wolf while bullying the civil service into submission.  This cannot end well..

Even Worse Than Hillary Clinton’s Emails

The civil service was missing in action. We learned about the emails from a hacker. 



10 Benefits of Time and Attendance Tracking Software TechWorm

Top 10 Benefits Of Having A Time And Attendance Tracking Software For Your Business

Having time and attendance tracking software can be beneficial to your business, especially if you have a large number of employees. Not only can such programs aid your business to track whether your employees are at work, but they also allow you to see how many hours your staff works. The biggest advantage of using this software is that it increases business productivity levels.

Nowadays, a number of programs such as on line timesheet can help your business in the following ways:

Reduce time wastage

Top 10 Benefits Of Having A Time And Attendance Tracking Software For Your Business

They reduce the amount of time that administrators need to collate and manage paper or spreadsheet timesheets provided by employees. This gives administrators more time to focus on expanding the business.

Increase revenue

The time that employees would take to look for paper timesheets can be saved and utilized more effectively. This improves the level of productivity, resulting in higher revenues.

Provide accurate data

Getting rid of paper timesheets eliminates the need for data, which is considered unnecessary. This allows a business to maintain and keep accurate expense and time reporting facilities.

Reduce absenteeism

Employee absence has a huge effect on your business and the best way to control it is by using attendance-tracking software. It allows you to track absenteeism and report the reasons for being absent. Recording absenteeism allows members of the administration and payroll to be notified.

When you track employees with unusually high levels of absenteeism, you can decide on the right disciplinary actions to take.

Cut costs

Time tracking software reduces the cost of labor by putting an end to buddy punching, inaccurate time reporting, overpayment, and tardiness. Manual collection, management, calculation, and processing time of the payroll take a lot of time. However, automated solutions increase the efficiency of a company, saving on money in the long run.

Error reduction

Automated systems reduce human error and ensure an impartial and easy approach to addressing particular needs without confusion. Correcting an error in an automated system is a lot easier than doing the same thing on paper.

Give easy access

Not only is the information provided more accurate, but it also gives the user easier access. Paper timesheets are usually kept in a filing cabinet, making them harder to get to. This is why web-based time tracking software is the best choice.

Increase employee satisfaction



RAUM tool allows to spread malware through torrent files Security Affairs

InfoArmor has discovered the RAUM tool in criminal forums, it is a special tool to distribute malware by packaging it with popular torrent files.

It is not a novelty, torrent files are a privileged channel for malware diffusion, according to a study conducted by researchers at Digital Citizens Alliance and RiskIQ, almost one-third of the 800 torrent sites served malware on the users’ machine between June and August 2015.

Now a new tool appeared on the cyber crime underground allows cyber criminals to distribute malware through torrent files in exchange for a fee.

Experts from InfoArmor discovered the tool, so-called RAUM tool, in invite-only underground forums.

According to InfoArmor, the creators of RAUM tool belong to an Eastern European organized crime group known as Black Team.

It leverages torrent files, especially games, to spread malware. The RAUM tool allows to package torrent files with malware and then uploaded for victims to download.

The experts at InfoArmor pointed out the innovative “Pay-Per-Install” model implemented by the crooks behind the RAUM tool.

“The so-called “RAUM” tool has been actively used on uncovered underground affiliate networks based on a “Pay-Per-Install” model (PPI). This model leverages paying cybercriminals to distribute malware through modified torrent files that are joined with malware. Members of these networks are invited by special invitation only, with strict verification of each new member.” reads the blog post published by InfoArmor.

The RAUM tool allows crooks to monitor the status of their malicious campaigns, through its interface, it is possible to control malware diffusion over popular sites such as The Pirate Bay and ExtraTorrent.

“Threat actors were systematically monitoring the status of the created malicious seeds on famous torrent trackers such as The Pirate Bay, ExtraTorrent and many others. In some cases, they were specifically looking for compromised accounts of other users on these online communities that were extracted from botnet logs in order to use them for new seeds on behalf of the affected victims without their knowledge, thus increasing the reputation of the uploaded files.” continues the post.


“In some cases, the lifespan of these seeded malicious files exceeded 1.5 months and resulted in thousands of successful downloads,” InfoArmor said.

In some cases, the creators of the RAUM tool have attempted to hijack the accounts of known uploaders of torrent files in order to use them to spread trojanized torrent files.

Security experts associated identified RAUM tool instances with popular ransomware such as CryptXXX,...


Leawo iOS Data Recovery Powerfully Brings Deleted Files Back from iPhone/iPad/iPod TechWorm

How to bring your deleted files back from iPhone/iPad/iPod with Leawo iOS Data Recovery tool

I know that many iPhone users have updated their iPhone/iPad/iPod to iOS 10 for a better enjoyment. However, what if you accidentally deleted your text messages, contacts, notes or other important data from your iPhone or iPad during the process of updating? It’s a quite frustrating thing for you to lose the files after updating to iOS 10. Even though you can restore the previous backup from iTunes/iCloud backup, you can’t selectively recover the deleted files from iTunes/iCloud backup. But now, Leawo iOS Data Recovery, a $59.95 program (free feature-limited demo), is proved capable of recovering data from iOS devices, iTunes backup or iCloud backup.

Leawo iOS Data Recovery is desktop software (with separate versions for Windows and Mac) that works with all iOS devices, including iPhone 7. It’s designed to recover and backup deleted data, including text messages, contacts, notes, and more. Additionally, it can quickly scan and extract 14 kinds of files, like photos, videos, contacts, WhatsApp files, calendars, etc. from iTunes and iCloud backups or obtain and backup the 14 kinds of files by directly scanning your iOS devices.

How to bring your deleted files back from iPhone/iPad/iPod with Leawo iOS Data Recovery tool

The iOS data recovery tool can recover data in one of the three ways: direct scan, iTunes backup, and iCloud backup. You can choose anyone of three recovery modes that fits your need, since the application provides a short explanation for each mode. The first method can be used as recovering your recently deleted or lost files that haven’t been backed up to iTunes/iCloud. The latter two methods require you to have previously synced your device with your iTunes/iCloud account. And you can restore the most recent backup from iTunes/iCloud backup. For example, you can use it to recover deleted photos from iPhone with the three recovery modes mentioned above.

How to bring your deleted files back from iPhone/iPad/iPod with Leawo iOS Data Recovery tool

The above recovery methods can be used for iPhone 7/7Plus/6s/6s Plus/6/6 Plus/SE/5s/5C/5, iPhone 4s, iPhone 4, iPhone 3GS, iPad 1, iPod Touch 4, iPad mini 1/2, iPad Air 1/2, iPad with Retina Display, the new iPad, iPad 2, iPod Touch 5 and iPad 1.

Apart from iOS upgrade, the software can recover data from iPhone/iPad/iPod touch easily no matter the data have been lost/damaged/deleted owing to jailbreak, factory settings restoring, wrong deletion, broken or formatted storage device, or many other unexpected causes.

Leawo iOS Data Recovery also features a preview function, allowing you to prev...


The Atlantic Slave Trade in Two Minutes Terra Forming Terra


 I was unable to copy the graphic to my blog.  You will need to copy the link to see it.  What is strongly shown us just how much the traffic centered on the Caribbean and South America making the USA a minority player but still significant.  As interesting is that deaths came in at around fifteen percent which meant that most ships did well enough in keeping losses down.  Recall that losses coming from Europe in steer rage were also awful.

That the ancestry of Afro-Americans represented around 388 000 folks  is surprising and tells us that they sustained an excellent internal growth rate.  We always hear of how awful conditions were but that was obviously true for the odd individual as is true today.  That they sustained themselves using bountiful subsistence methods is forgotten and plantation work would be a form of taxation well understood by everyone including poor whites.

Conditions were still primitive but only in the eyes of  whites who expected more than actually needed.
We all understand slavery as wrong headed  and indefensible.  Forced immigration is quite a different matter and that was the final outcome in the end when slavery ended.  Extensive forced immigration has taken place since then and that includes the massive elimination of Jews from the Arab lands in the past half century...

The Atlantic Slave Trade in Two Minutes 

 315 years. 20,528 voyages. Millions of lives.


Bill Cooper Was Killed Shortly After Predicting 9/11 and Naming Osama bin Laden as Scapegoat Terra Forming Terra

I do not think Osama Bin Laden was a scapegoat so much as an enthusiastic partner.  Yet he was also been played by security agencies as well who could easily have facilitated the whole scenario for aims of their own.  The problem with 9/11 is the apparent depth of planning and its astonishing success inasmuch as so many moving parts had to mesh.  This took serious support staff to get out there and smooth the way.

None of that has ever been apparent with the supposed perps and continues to be undiscovered.  Thus Bill cooper drawing attention to obvious flaws right after the event could cause real problems.  He did not have the sense to shut up for a while.

All three buildings collapsed in a controlled symmetric implosion that needed to be engineered properly.  A large part of the structural steel was vaporized as well suggesting a massive heat burst.  I suspect that the plane lost over Pennsylvania was  intended to hammer the third building.  This scheme was way too complicated and likely accommodated additional objectives..

Bill Cooper was aware something was cooking.  Hell so was I.  Intuition does work and the markets will give you flags.  However no imagination would construct the scope of what was intended.  Thus he was as surprised as anyone and did not understand how serious this was either and now dangerous it could be to him.
Bill Cooper Was Killed Shortly After Predicting 9/11 and Naming Osama bin Laden as Scapegoat

Milton William “Bill” Cooper was an acclaimed conspiracy writer best known for his 1991 book Behold a Pale Horse

Throughout his life, Cooper worked to expose numerous global conspiracies, and one of his latest involved the September 11 attacks. He was fatally shot shortly after, leading many to believe he had actually been right.

During the 1990s, Cooper would broadcast a nightly radio talk called Hour of the Time. As an already established author and former Naval Intelligence veteran, he quickly captivated his audience with various subjects of interest. 


Microdosing Aspects Terra Forming Terra

The peanut sized measure for mushrooms surely is around one gram at least.  In the meantime, this comment is useful as it introduces an effect that i was not aware of.  I find it intriguing because i understand that our whole decision making apparatus is directly linked to emotional loading or attachment.  This strongly suggests that this can be largely unlinked and that it is plausibly detrimental when this happens.

This unlinking can be the underlying cause of a number of aberrant psychological phenomena and must be carefully investigated and properly understood.  That it may well have a physical basis is useful as this allows us to apply micro dosing of various mind altering substances to determine if recovery can be induced.

We already have reports supporting all this for PTSD and alzheimers.  Thus we now understand from this report that a whole range clearly flawed decision making behavior may well be rooted in diagnosed physical trauma.  Remember sociopaths anyone?  What about serial killers and pathological pedophiles?  All these trace back to a seriously miswired decision making process.

And how about homosexuality itself?  Sexuality is fraught with emotional trauma in its early stages and we know that it arises inversely to population crowding.  All of a sudden obsessive human behavior may be manageable and changeable.  What a boon that could be.  It is wonderful to fall in love.  It just may not be appropriate and taking a pill to end it is a boon to all as it is otherwise a nasty burden then...

Hello there. I found your article extremely interesting. I am currently in a depersonalization state, meaning i am disconnected with my environment, people, living beings and.. myself. This can happen if an underlying cause like trauma, anxiety, stress or a bad trip happens and remain unsolved or ignored for too long, resulting in emotional blocks or retention. Such buildup can hinder your mental state by hindering your energy system in various ways. As within so without. When you have outside symptoms be it mental or physical, it is always the result of inner imbalances in your energy field. So i'm quite unable to feel or to access my emotions freely as any normal being should. I'm also very limited in creativity in this state, as well as discipline and organisation. My sleep was especially bad, i was a chronic insomniac for a few years so trying to regain a normal sleep while in this state has been a challenge but i finally succeeded recently and now i'm feeling better although i on Microdosed: An Everyperson’s Guide to Hallucinogenic Therapy



OCI Is Building a Way for Kubernetes to Run Containers Without Docker

In 2015, when the Open Container Initiative (OCI) was launched to create industry standards around containers, it used Docker’s container runtime and image format as the base. These days, the organization is undertaking a project that would break away from Docker in preference of Kubernetes, Google’s open source container orchestration engine.


Diamond Proves Useful Material for Growing Graphene SoylentNews

[G]raphene's unique intrinsic properties -- supreme electrical and thermal conductivities and remarkable electron mobility, to name just a few -- can only be fully realized if it is grown free from defects that disrupt the honeycomb pattern of the bound carbon atoms.

A team led by Materials Scientist Anirudha Sumant with the U.S. Department of Energy’s (DOE) Argonne National Laboratory’s Center for Nanoscale Materials (CNM) and Materials Science Division, along with collaborators at the University of California-Riverside, has developed a method to grow graphene that contains relatively few impurities and costs less to make, in a shorter time and at lower temperatures compared to the processes widely used to make graphene today.

[...] "I'd been dealing with all these different techniques of growing graphene, and you never see such a uniform, smooth surface."

The new technology taps ultrananocrystalline diamond (UNCD), a synthetic type of diamond that Argonne researchers have pioneered through years of research. UNCD serves as a physical substrate, or surface on which the graphene grows, and the source for the carbon atoms that make up a rapidly produced graphene sheet.

The first one to perfect defect-free graphene will be a trillionaire.

Diana Berman, Sanket A. Deshmukh, Badri Narayanan, Subramanian K. R. S. Sankaranarayanan, Zhong Yan, Alexander A. Balandin, Alexander Zinovev, Daniel Rosenmann, Anirudha V. Sumant. Metal-induced rapid transformation of diamond into single and multilayer graphene on wafer scale. Nature Communications, 2016; 7: 12099 DOI: 10.1038/ncomms12099

Original Submission

Read more of this story at SoylentNews.


Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) Open Source Security

Posted by cve-assign on Sep 21

Use CVE-2016-7513.

Use CVE-2016-7514.

Use CVE-2016-7515.

Use CVE-2015-8957.

Use CVE-2015-8958.

Use CVE-2016-7516.

Use CVE-2016-7517.

Use CVE-2016-7518.

Use CVE-2016-7519.

Use CVE-2016-7520.

Use CVE-2016-7521.

Use CVE-2016-7522.

We are not sure that we understand this set of references.
bugs/1537420 does not link to issues/96.

We will assign separate CVE IDs for these pairs of references:

Use CVE-2016-7523.

Use CVE-2016-7524.



To Catch A Mosquito SoylentNews

Aedes albopictus is an early riser. Of the fifty-one mosquito species in New York, albopictus—a close cousin of Aedes aegypti, the species responsible for spreading Zika—prefers to restrict its activity to power breakfasts, in the mornings, and to teatime, in the late afternoons. (The common house mosquito is active in the evenings.)

On a recent afternoon, Mario Merlino, the assistant commissioner for New York City's Bureau of Veterinary and Pest Control Services, and Zahir Shah, the director of the city's Medical Entomology Laboratory, jumped a small fence inside Bellevue South Park, in Kips Bay, and wandered into the shrubbery. Shah pointed to what appeared to be a black collapsible laundry hamper, hidden behind a bush. "There it is," he said. "Our pride and joy."

The new trap is cylindrical and shiny, with sides made of black fabric and a white plastic top. If you were a mosquito, you might find it good-looking—especially compared with regular mosquito traps, which resemble buckets. This is intentional. According to Shah, albopictus prefers "attractive visual cues."

Regular traps release small amounts of carbon dioxide, to mimic humans breathing. The albopictus lure is more sophisticated: it releases a bouquet of substances commonly found on human skin, like ammonia and lactic acid, which are present in sweat and breath. The mosquitoes come to feast, and get sucked in. Shah unscrewed the trap's bluish-white lure and took a whiff. It smelled like a hot subway car during rush hour. "Whoa," he said. "It gets me every time."

[...] Two floors down [in the laboratory], Jie Fu, a research scientist, oversees testing. First, she feeds a tube's worth of mosquitoes into a machine that grinds them into a gelatinous glop. "It's like when you make mashed potatoes," she said. A machine called the BioRobot (imagine a convection oven) separates out the RNA and dollops it onto rectangular plates, which later go into a machine called an amplifier (imagine an office printer). Two hours afterward, the results appear on a small screen. "See?" Fu said, pointing to a bunch of squiggly lines. "No Zika." She added, "Albopictus is slowing down. It doesn't like the cold."

As part of the larger effort to educate New Yorkers about Zika, the health department has been promoting a hot line that people can call to report incidents of standing water: puddles, brimming gutters, birdbaths. The police department was the first to benefit: before the hot line, people used to call 911 to complain about mosquitoes. "They'd say, 'Quick! I have mosquitoes! Do something about it!' " Shah said. "Well, we're doing something about it."

Original Submission

Read more of this story at SoylentNews.


Which company’s job interviews are hardest to crack? Facebook, Google, Apple or Dropbox? TechWorm

Which company’s interviews are more difficult: Facebook, Google, Apple or Dropbox?

So you have passed out of an engineering college or have done a software certification course! Great! Next what? Most of the engineers and programmers will naturally think about taking a job in the top tech companies  while a few of them will be bitten by the entrepreneurial bug.

Out of 100 software engineers who pass out, only 1 percent go on to open a startup, while 99 percent of them go on to join some tech firm. This post is for those 99 percent. After they have decided to take up a job in a tech company like Facebook, Google, Apple or Dropbox, the only obstacle between them and a lucrative career is the interview.

What do the HR guys from these top tech firms ask in an interview? Quora users tried to answer that so it could benefit the future crop of software engineers who try their hand at getting a job at Facebook, Google, Apple or Dropbox. Which interview is the most difficult of them all?

Shankar Joshi a Cloud Engineer at PYPL tries to solve this query. He has been an experienced campaigner so he knows what he is talking about. Here is his answer :

I ll try answering it in a different way. The difficulty is a measure that depends on the experience and expertise of the candidate. So let us focus on the overall experience of the interview sessions.

I have interviewed twice with Dropbox. I wouldn’t say it was difficult. But definitely better than any other interviews so far. Because I was clearly able to solve the questions (though with an added time limit) but you need a little more than good practice to get ideas for such questions. Really interesting if you are big fan of topcoder and the likes. Engineers at DBX are really clear on what they are looking for. You will be able to surely decide if the interview went well or bad even before they get back to you.

Facebook was surprisingly interesting as in the answers to most of the questions were pretty obvious. I personally wasn’t expecting such standards but the onsite totally depends on the team. My experience and few of my friends’ were totally different.

Google. Let’s see. Where do I start ? Do not get surprised if you are going to do great and end up getting no response from them like ever. You can read tons of such bad experiences online. You either end up getting a strange interviewer who doesn’t understand what you say or the other way. I myself encountered three people who had such experiences despite being fantastic coders. All such beautiful things aside, the questions were pretty easy. Onsite and phone.

To sum it up, compared over experiences – Dropbox > Facebook > Google.

Another Quora user, Jessica Shu who is an intern at Google Chrome says that :

I’ve interviewed with all three, and I would agree with most people that for coding question difficulty Dropbox >>> Google > Facebook.

However I did get a Dropbox offer despite missing a concurrency question. They also gave me a really complicated NP problem, which I didn’t realize was NP but managed a working solution while secretly freaking out about why I couldn’t optimize it. Honestly I almost said “fuck it I give up” halfway through that question but I’m glad I didn’t, I think they value persistence and ability to stay cool under pressure.

I also got a Google offer but did not get an offer from Facebook even though I answered the interview questions correctly, so I’m sure there are...


John Weathersby: Selling Open Source to the Federal Government FOSS Force

It’s a no-brainer to us that free and open source should be the default for governments, because governments should be…well, open. With the Open Technology Center, John Weathersby is working to help bring open source to national defense and security.

The Video FOSS Force Interview

John Weathersby founded and ran the Open Source Software Institute to “promote the development and implementation of open source software solutions within U.S. federal, state, and local government agencies.” A worthy goal!

But why stick to nothing but software? In 2014, Weathersby founded The Open Technology Center at Camp Shelby Joint Forces Training Center (in Mississippi), which is a “non-profit research and development entity sponsored by the Mississippi National Guard and U.S. Department of Homeland Security whose mission is to innovate and integrate open source software technologies for use within national defense and security organizations.”

The OTC is doing some neat stuff, ranging from autonomous vehicles to making it easier for local governments to request, receive, and account for disaster recovery funds in the wake of an emergency. It’s all good! And it’s all about open source, which is why it’s worth listening to what Weathersby has to say.

The post John Weathersby: Selling Open Source to the Federal Government appeared first on FOSS Force.


How to Install and Configure Oracle SQL Developer Client The Geek Stuff

If you are working on Oracle database either as developer or DBA, you need a good front-end to manage your database. In the old days, one of the popular option was Toad. But, now, there is even a better and robust option; SQL Developer. SQL Developer is an oracle product. It is free. It is […]


CVE Request: XSS Vulnerability in Exponent CMS 2.3.9 Open Source Security

Posted by 王畅 on Sep 21

Hi, I reported a Cross Site Scripting vulnerability to the
ExponentCMS team on a few days ago:


line 85-86:

$funcNum = $_GET['CKEditorFuncNum'] ;
echo "<script type='text/javascript'>".$funcNum.",
'".$url."', '".$message."');</script>";



New Approach to Dynamically Tune how a Catalyst Operates SoylentNews

The industrial catalysts of the future won't just speed up reactions, they'll control how chemical processes work and determine how much of a particular product is made.

A team of researchers led by Phillip Christopher, assistant professor of chemical and environmental engineering at the University of California, Riverside's Bourns College of Engineering, demonstrated this—as well as how these catalysts look in action—in a paper published Monday, Sept. 19, in the journal Nature Chemistry.

Titled, "Adsorbate-mediated strong metal-support interactions in oxide-supported Rh catalysts," the paper describes a new approach to dynamically tune how a catalyst operates, enabling the researchers to control and optimize the product made in the reaction. The team, which includes scientists from the University of California, Irvine and Columbia University, also used advanced microscopy and spectroscopy approaches to view the catalyst in action on an atomic scale.

Original Submission

Read more of this story at SoylentNews.


Building a Wireless Micromachine SoylentNews

All around us, hiding just outside our range of vision, are miniscule machines. Tiny accelerometers in our cars sense a collision and tell the airbags to inflate. A Nintendo Wii controller's tiny gyroscopes translate your tennis swing into movement on the screen. An iPhone's accelerometer, gyroscope, and proximity sensor sense its location in space.

All these little machines, known collectively as microelectromechanical systems, or MEMS, have something in common: they are attached to, or very close to, a power source. For broader applications, like wireless brain implants, scientists and engineers need power from a distance. But while it's easy to send information through the air—think radio waves—sending power, especially to a miniscule machine, can be a bit trickier.

But now a team of researchers, led by Boston University College of Engineering (ENG) PhD candidate Farrukh Mateen (ENG'18) and Raj Mohanty, a professor of physics at BU's College of Arts & Sciences (CAS), are closing in on a solution. They have built a tiny micromechanical device and turned it on and off with one nanowatt of power—that's a billionth of a watt—from three feet away. The device, described in the August 15, 2016, issue of Nature: Microsystems and Nanoengineering, is a miniature sandwich of gold and aluminum nitride that vibrates, or resonates, at microwave frequencies. The tiny resonator is only 100 micrometers across—a little wider than the width of a human hair.

What if you're wearing braces?

Original Submission

Read more of this story at SoylentNews.


Brushless HDD Motor Driver from 9V and Painter’s Tape Hackaday

Hard drives work by spinning platters full of magnetized data while a read/write head very quickly harvests or changes bits as needed. Older (or perhaps cheaper) drives spin at 5400 RPM, better drives spin at 7200 RPM, and elite drives (that mortals like you never shell out for) spin in the 10k-15k RPM range. This spinning is thanks to a sweet combination of a bearing and a brushless DC motor.

Unfortunately you can’t drive a brushless motor without a brushless motor driver. Well, of course that’s not absolutely true — and [Tommy Callaway] has certainly hacked together a crude exception to the rule. He’s using a 9-volt battery and some blue painters tape to drive a brushless motor.

Brushless motors do their thing by placing permanent magnets on the rotor (the part that spins) and placing multiple stationary coils of wire around it. Brushless motor drivers then energize these coils in a vary carefully timed pattern to continuously push the rotor magnets in the same direction.

[Tommy] wired up his 9V to one of these coils and observed that it holds the rotor in position. He then began playing around with different ways automatically break the circuit to de-energize the coil at just the right time. This means using the spinning center of the hard drive as part of the circuit, with blue painter’s tape in alternating patterns to create the timing. Is this a brushless motor driver, or has he just re-invented the brushed motor?

If this workbench trick leaves you wanting for some hardcore BLCD action, you can’t go wrong with this $20 offering to push motors at very high speeds.

[via /r/ECE]

Filed under: misc hacks


Smart Energy Revolution 'Could Help to Avoid UK Blackouts' SoylentNews

A "smart energy" revolution could help ensure that the UK does not suffer blackouts, according to National Grid's new UK chief.

Nicola Shaw, its executive director, said technological advances will reduce the need to build new conventional power stations in the UK.

An "internet of energy" will allow fridges, washers and dishwashers to help balance energy demand.

Some commentators say the UK needs more gas-fired power to prevent blackouts.

Ms Shaw agreed that more investment in gas-fired power was needed, but argued that between 30% and 50% of fluctuations on the electricity grid could be smoothed by households and businesses adjusting their demand at peak times.

The gas company executive says more gas-fired power is necessary to prevent blackouts in the future. Also, smart appliances could help balance energy demand across a smart grid.

Original Submission

Read more of this story at SoylentNews.


[$] Weekly Edition for September 22, 2016

The Weekly Edition for September 22, 2016 is available.


US increases requests for account info from Twitter The Hill: Technology Policy

The U.S. government increased its requests for information from Twitter in the first half of 2016, according to a report released by the social networking site Wednesday.From Jan. 1 to June 30, the U.S. government made 2,520 requests for...


Lobbying Results in FDA Approval for Controversial Drug SoylentNews

Eteplirsen received approval for use as a Duchenne muscular dystrophy therapy despite the FDA review team concluding that the treatment was unlikely to show any benefit for patients.

Dr. Janet Woodcock's (Director of the Center for Drug Evaluation and Research) decision was heavily influenced by the "parading diseased children in front of the cameras" and was made before the FDA's review team completed their analysis.

Part of Dr. Woodcock's rational for approval included the stock price of Sarepta (the pharmaceutical company responsible for eteplirsen):

She opined that Sarepta in particular "needed to be capitalized." She noted that [Sarepta's] stock went down after the AC meeting and went up after FDA sent the June 3, 2016 letter. Dr. Woodcock cautioned that, if Sarepta did not receive accelerated approval for eteplirsen, it would have insufficient funding to continue to study eteplirsen and the other similar drugs in its pipeline.

FDA Commissioner Dr. Robert Califf, Acting Chief Scientist Dr. Luciana Borio, and Dr. Ellis Unger, the Director of the Office of Drug Evaluation, all opposed the approval but Dr. Califf declined to overrule Dr. Woodcock's decision.

Dr. Unger argued that the approval was unethical and counterproductive:

By allowing the marketing of an ineffective drug, essentially a scientifically elegant placebo, thousands of patients and their families would be given false hope in exchange for hardship and risk.

Dr. Borio argues:

Granting accelerated approval here on the basis of the data submitted could make matters worse for patients with no existing meaningful therapies — both by discouraging others from developing effective therapies for DMD and by encouraging other developers to seek approval for serious conditions before they have invested the time and research necessary to establish whether a product is likely to confer clinical benefit.
[...] [Sarepta] has exhibited serious irresponsibility by playing a role in publishing and promoting selective data during the development of this product. Not only was there a misleading published article with respect to the results of Study 201/202147 –which has never been retracted—but Sarepta also issued a press release relying on the misleading article and its findings.

Dr. Derek Lowe, from In The Pipeline, agrees with Dr. Unger and Dr. Borio that the drug is "unlikely to provide much benefit, and is reasonably likely to provide none at all" and that the drug "may well be [$300,000 per year] worth of placebo".

Note: Bold was added by the submitter.

Original Submission

Read more of this story at SoylentNews.


Who on earth would want to use Google's Allo chat app? Graham Cluley

Who on earth would want to use Google's Allo chat app?

Google makes a u-turn on privacy with its new chat app, Allo.


Copper Thermite Explodes and Smolders Successfully Hackaday

It was quite a surprise to learn that thermite isn’t just rust and aluminum powder, but describes any combination of metal powder, metal oxide, and optionally fuel mixed together in a reactive ratio.  [sciencewithscreens] shows us some of the properties of a copper (II) oxide based thermite.

We can only assume he has a thing for copper as an element. After growing his copper crystal it wasn’t long before he followed a winding road of copper based experiments and found himself with a supply of copper (II) oxide after rendering it from common household chemicals. He had two missions for it. The first was to witness an unfettered copper oxide based thermite reaction. Some had assured him it was practically explosive. The other was to attempt refining pure copper using the reaction. That would be pretty cool considering it all started out as an impure blend of laundry detergents and fertilizer.

The unrestrained reaction was exactly as explodey as he hoped. The thermite dramatically lit when the electric match was powered on and the reaction was almost too fast for the high speed mode of his camera to capture. Emboldened, he moved onto the thermite refining of pure copper.

Unfortunately the second step wasn’t as rewarding. A mix of too much borax and tamping the mixture down produced a slowly smoldering and sputtering reaction instead of the slow but uniformly hot one desired. He did end up with quite a few nodules of what is likely pure copper, so that’s a win in our book. Video after the break.

Filed under: chemistry hacks


Help promote BuzzConf with new Flyers and Posters BuzzConf

You have probably already seen them in the wild, but we need your help spreading our new flyers and posters far and wide!

We want BuzzConf 2016 to be bigger and better than ever, so get in touch to have some posters and flyers sent to you – and help us bring news of the BuzzConf Technology Festival to HackerSpaces, Co-Working Spaces, Offices and Bus Stops all around Australia!

If you would like to help us promote BuzzConf Digitally, then visit our Partner Promotion page for loads of pre-written Social Media updates, videos and images that you can share with a simple cut-and-paste!

See you in the Future!

Rick and Ben.

The post Help promote BuzzConf with new Flyers and Posters appeared first on BuzzConf.


Overnight Tech: Trump slams internet transition plan | Lawmakers taking on robocalls | Zuckerberg goes big on health The Hill: Technology Policy

LEDE: Donald Trump is opposing the White House's plans to relinquish oversight of the internet domain system to an international body."The U.S. should not turn control of the Internet over to the United Nations and the international community...


Danger USB! Oz police warn of malware in the letterbox Graham Cluley

Danger USB! Oz police warn that criminals are more desperate than ever

Residents in a suburb of Melbourne, Australia, have been blighted by a plague of malicious USB sticks.


Microbes Help Plants Survive in Severe Drought SoylentNews

With California in its fifth year of severe drought and many western states experiencing another year of unusually dry conditions, plants are stressed.

Agricultural crops, grasses and garden plants alike can get sick and die when factors such as drought and excess sun force them to work harder to survive.

Now, plants can better tolerate drought and other stressors with the help of natural microbes, University of Washington research has found. Specifically, plants that are given a dose of microbes stay green longer and are able to withstand drought conditions by growing more leaves and roots and using less water.

"Plants are less stressed if they have these natural microbes," said senior author Sharon Doty, a UW professor of environmental and forest sciences. "They will help plants deal with environmental challenges, especially with climate change."

Reference: Zareen Khan, Hyungmin Rho, Andrea Firrincieli, Shang Han Hung, Virginia Luna, Oscar Masciarelli, Soo-Hyung Kim, Sharon L Doty. Growth enhancement and drought tolerance of hybrid poplar upon inoculation with endophyte consortia. Current Plant Biology, 2016; DOI: 10.1016/j.cpb.2016.08.001

It is very brown in California's Central Valley.

Original Submission

Read more of this story at SoylentNews.


Almost any file is up for grabs when this Android banking trojan attacks Graham Cluley

At first glance, Tordow behaves like other mobile banking malware targeting the Android operating system. But then things get somewhat more sophisticated...

David Bisson reports.


FF1987: Jim Random Thoughts

Jim #1-4
Jim vol 2 #1-6
Jim Special: Frank’s Real Pa
Frank #1-4

By Jim Woodring.

Jim (the series, not the author) started off as a collection of material that Jim (the author, not the series) had published in the 1982-86 period. The first four issues are magazine sized… and very strange.

The dedication in the first issue is probably a joke, but it’s rather apt.

Har de har. Anyway, I was 17-ish when I read the first issue of Jim, and I clearly remember how exhilirating and inspiring it all was. You have these gorgeous, yet squicky pages:

But the bulk of the first two issues are pages and pages of stuff like this:

Stories that seem to be written semi-automatically with little regard for consistency, but funny and disturbing at the same time. I remember doing some writing in the same style at the time (fortunately all gone now), and here this stuff was being published in a real magazine.

There are also some more traditional-looking comics pages here, and they are more overtly dream based than the text pages.

And here’s the first of the Jimland Novelties. I assumed at the time that it was all a joke, but reading these pages now, I can see how all these could perhaps be real items. And in later letters pages, Woodring claims that they took a long time to produce when somebody ordered them, so perhaps they were?

The Big Red stories appear occasionally throughout the Jim issues, and are probably the most realistic anthropomorphic cats in comics.

The first two issues were published a few months apart, and then there was a one year pause before the third issue, and then almost a two year hiatus before the fourth and final issue.



Trump slams Obama's internet transition plan The Hill: Technology Policy

Donald Trump on Wednesday came out against a plan for the U.S. to relinquish control of functions central to the internet, backing a group of conservative lawmakers seeking to block it."Donald J. Trump is committed to preserving internet freedom for...


Quantum Teleportation Achieved over Metropolitan Fiber Networks SoylentNews

Two teams have separately achieved quantum teleportation over existing fiber networks:

[...] set-ups described in studies published in Nature Photonics journal could be seen as building blocks for a future "quantum internet". In one of the papers [DOI: 10.1038/nphoton.2016.180] [DX], Dr Wolfgang Tittel and colleagues describe how they teleported the quantum state of a photon, or light particle, over 8.2km in the Canadian city of Calgary.

The process by which information - the quantum state of a photon - is teleported involves creating two photons at the University of Calgary (site B in the aerial photo). One of these photons is sent in a "classical" way along 11.1km of optical fibre to a building near Calgary City Hall (C in the photo), while the other remains behind at the university. Meanwhile, a photon is also sent to the City Hall site from site A (located in the neighbourhood of Manchester). This all results in the quantum state of the photon from site A being transferred to the photon which remained behind at the university (B) through quantum teleportation.

[...] In the other Nature Photonics study [DOI: 10.1038/nphoton.2016.179] [DX], Qiang Zhang and Jian-Wei Pan from the University of Science and Technology of China, Shanghai, used a different set-up to achieve teleportation over a 30km optical fibre network in the Chinese city of Hefei.

In 2012, Anton Zeilinger of the University of Vienna carried out quantum teleportation over 143km of free space between different Canary Islands. But Dr Tittel says his study uses a configuration that could serve as the benchmark for useful city-based quantum networks. Both studies demonstrate that teleportation works over several kilometres of the optical fibre used in metropolitan areas.

Original Submission

Read more of this story at SoylentNews.


Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Open Source Security

Posted by Larry W. Cashdollar on Sep 21

Title: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
Author: Larry W. Cashdollar, @_larry0
Date: 2016-09-15
Download Site:
Vendor:, fixed v1.1.0
Vendor Notified: 2016-09-17
Vendor Contact: info () huge-it com
Description: A video slideshow gallery.
The following code does not prevent an unauthenticated user from injecting SQL into functions located...


Anger Release Machine Is Built To Break Hackaday

Is your temper hard but brittle? Meet the Anger Release Machine: a ware-dropping spiral vending machine stocked with precious porcelain.

There’s a bit more engineering and user experience design behind [Yarisal & Kublitz’s] art installation than meets the eye. The Anger Release Machine drops your purchase from dangerous heights, but like every passive aggressive vending machine, it also does its best to infuriate you using controlled disappointment. Insert a coin, see the steel spirals turn, and just when you’re already dying of the suspense…

Release your anger right below in the comments! We feel with the person in the video.

via [boingboing]

Filed under: misc hacks


US gets federal guidelines for safe deployment of self-driving cars Help Net Security

The Obama Administration has issued a new Federal Automated Vehicles Policy to help facilitate the responsible introduction of self-driving cars. The policy sets a proactive approach to providing safety assurance and facilitating innovation through four key parts. Vehicle performance guidance uses a 15-point Safety Assessment to set clear expectations for manufacturers developing and deploying automated vehicle technologies. Model state policy delineates the Federal and State roles for the regulation of highly automated vehicle technologies as … More


Irssi Security Advisory CVE-2016-7044+CVE-2016-7045 Open Source Security

Posted by A.N. on Sep 21

We are sad to have to announce the following security issue:

Canonical URL

heap corruption and missing boundary checks
CWE Classification: CWE-20, CWE-823, CWE-126, CWE-122

CVE-2016-7044 [1] was assigned to bug 1
CVE-2016-7045 [2] was assigned to bug 2


Gabriel Campana and Adrien Guinet from Quarkslab reported two remote
crash and...


Underemployment Can Lead to Creativity and Organizational Commitment, According to Study SoylentNews

Having underemployed workers can lead to two outcomes that benefit an organization—creativity and commitment to the organization—according to a new study by management experts at Rice University, Chinese University of Hong Kong at Shenzhen and Chinese University of Hong Kong.

Statistics have shown that a significant proportion of workers worldwide are underemployed or working at jobs that are below their capacity. Researchers have estimated that underemployment ranges from 17 percent to two-thirds of the workforce in Asia, Europe and North America, according to the study.

"Our results have important implications for managers," said study co-author Jing Zhou, the Houston Endowment Professor of Management at Rice's Jones Graduate School of Business. "Managers should not assume that employees will always respond negatively to their perception of being underemployed. Our results suggest that managers need to be vigilant in detecting perceptions of underemployment among employees.

"When managers notice that their employees feel underemployed, they should support employees' efforts to proactively change the boundaries or formal descriptions of their work tasks, such as changing the sequencing of the tasks, increasing the number of tasks that they do or enlarging the scope of the tasks," she said. "Because the perception of underemployment may be experienced by many employees, managers should provide support to sustain positive outcomes in these situations."

Not getting enough hours to qualify for benefits is a good thing?

Original Submission

Read more of this story at SoylentNews.


GNOME 3.22 was released today - Linux - News


GNOME 3.22 was released today, marking the culmination of 6 months work by the GNOME community. The new release introduces major new features as well as many smaller enhancements and fixes. Announcing the release, Matthias Clasen said: “This six-month effort wouldn’t have been possible without the whole GNOME community, made of contributors and friends from all around the world: developers, designers, documentation writers, usability and accessibility specialists, translators, maintainers, students, system administrators, companies, artists, testers and last, not least, users. GNOME would not exist without all of you. Thank you to everyone!”.

The latest GNOME release introduces comprehensive Flatpak integration for the first time. Flatpak, the next generation application framework for Linux, provides cross-distribution applications that are more secure than traditional Linux apps. GNOME 3.22 makes it easy to install Flatpak apps using the Software application. GNOME’s developer technologies also make it easy to take full advantage of Flatpak’s security features.

GNOME’s Files application has a wealth of improvements in 3.22. A powerful new feature allows multiple files to be renamed at once and compressed file functionality has also been integrated. There are also numerous other user interface improvements.

Other major new features for GNOME 3.22 include a new Photo sharing feature, redesigned keyboard settings, NickServ integration in Polari (GNOME’s IRC application), enhanced support for the Wayland display server, and a much improved Software application.
Official Announcement...

Are any LQ members using GNOME 3.22 yet? How about Flatpak?



UK online banking customers are back on fraudsters’ radar Help Net Security

Hot on the heels of the Ramnit Trojan delivery campaign targeting customers of six UK banks comes one delivering the Qadars Trojan. The targets, again, are customers of UK banks – 18 of them this time. About Qadars Qadars is not a new threat. It dates back to 2013, but it’s constantly updated and the group behind it has been switching targets pretty regularly, hitting European users first, then Northern American and Australian users next, … More


Google launches ‘Allo’ – the intelligent messaging app TechWorm

Google launches ‘Allo’ messaging app with Google Assistant

Facebook, are you ready for the competition? Technology giant Google has launched Allo, its new intelligent messaging app for the Android and iOS platform, which is expected to give tough competition to WhatsApp and Facebook Messenger. The new app combines the best of Google’s predictive and search superpowers along with an all-new personal assistant feature. Google had announced Duo and Allo at its I/O developer conference in May this year.

Allo has now-standard messaging features like stickers, changing font sizes, emojis, smart reply and marked-up photos. Google has customized Allo for Indian users by enabling smart replies in ‘Hinglish.’ It is also rolling out over 200 stickers relevant to Indian users that have been created by popular independent artists. “Sometimes a “Badhai Ho” or “Party to banti hai” say a lot more,” said the company in a statement.

Amit Fulay, Group Product Manager, Google said on the launch, “Whether it’s planning a night out or just catching up, we rely on messaging to stay in touch with friends and family every day. But too often we have to hit pause on our conversation — whether it’s to check the status of a flight or look up that new restaurant. So we created Allo, a messaging app that helps you keep your conversation going, by providing assistance when you need it.”

The “Smart Reply” feature in the app suggests responses to chats and can be send with just a tap.

“If your friend sends you a photo of their pet, you might see Smart Reply suggestions like ‘aww cute!’,” Fulay wrote.

Before sending the photos, the users can also use stickers and scribble on them.

Allo will also mark the debut of Google Assistant, an intelligent chat AI that brings Google’s services to your conversations in a preview edition.

“Now users no longer need to leave a conversation with friends just to grab an address, or share a YouTube video, or pick a dinner spot. Chat with your Assistant one-on-one in Google Allo to answer questions, or type @google to bring the Assistant into your chats with friends, whenever you need it,” said the statement.

Currently, both Smart Reply and Google Assistant are in English-only, with “more languages coming soon.”

All chats in Google Allo are encrypted using industry standard technologies like Transport Layer Security (TLS), it said. Users can also chat in Incognito mode, which would have end-to-end encryption and have additional privacy features like discreet notifications and message expiration.

You can download Allo from Google Play and Apple’s App Store, though you may have to wait a bit, as this is a gradual rollout. However, “the app will be live worldwide in the next few days,” the company says.

The post Google launches ‘Allo’ – the intelligent messaging app appeared first on TechWorm.


Surprise! Microsoft Isn’t Blocking Linux on Lenovo Laptops FOSS Force

It was easy to place the blame on Microsoft in a knee-jerk reaction — and it didn’t help that a Lenovo representative placed blame firmly in Redmond’s lap. It appears, however, that Microsoft’s not involved, and Lenovo’s not to blame either.

The news of the day, so far, has been the speculation that machines designed to run the Microsoft’s Signature Edition of Windows block GNU/Linux from being installed. The Signature Edition is an edition of preinstalled Windows without any of the third-party junk that typically infests new Windows computers out-of-the-box.

No Linux allowed LenovoThis fear arose, and became a big deal on Reddit, after a Redditor posted, “Warning: Microsoft Signature PC program now requires that you can’t run Linux. Lenovo’s recent Ultrabooks among affected systems.”

The poster had evidently purchased a Yoga 900 ISK2 Ultrabook at Best Buy, and after complaining about the issue on the chain’s online review section received a reply from a Lenovo Product Expert which dropped the problem in Microsoft’s lap: “This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft.”

[A link to this comment on the Best Buy website which worked as I began writing this article, now redirects to the laptop’s product page.]

After this was posted, other reports began to surface indicating that Lenovo’s Yoga 900S and Yoga 710S laptops also fail when Linux installations are attempted. In all cases, the failure is because SSD is locked in a proprietary RAID mode unsupported by Linux.

It was easy to jump on the bandwagon and blame Microsoft for this — which many did — because it seems just exactly like something from Redmond’s bag of tricks. However, it appears not to be Microsoft’s doing at all, and also isn’t the fault of Lenovo.

While covering this story for ZDNet, Adrian Kingsley-Hughes reached out to Lenovo about the issue and received the following reply:

“To improve system performance, Lenovo is leading an industry trend of adopting RAID on the SSDs in certain product configurations. Lenovo does not intentionally block customers using other operating systems on its devices and is fully committed to providing Linux certifications and installation guidance on a wide range of products - Unsupported models will rely on Linux operating system vendors releasing new kernel and drivers to support features such as RAID on SSD.”

In other words, it looks as if the problem is simply that required drivers have not yet made it into Linux. No doubt, now that this brouhaha has erupted, that will be quickly remedied and Linux will soon be installable on the devices aff...


Google weakens privacy feature in Allo chat app The Hill: Technology Policy

Google’s new Allo messaging service is under fire from privacy rights advocates for a decision that will make it easier for law enforcement to retrieve chats. Google announced two new chat apps earlier this year: Duo, dedicated to video...


GNOME 3.22 released

The GNOME Project has announced the release of GNOME 3.22, "Karlsruhe". "This release brings comprehensive Flatpak support. GNOME Software can install and update Flatpaks, GNOME Builder can create them, and the desktop provides portal implementations to enable sandboxed applications. Improvements to core GNOME applications include support for batch renaming in Files, sharing support in GNOME Photos, an updated look for GNOME Software, a redesigned keyboard settings panel, and many more."



XDC2016 Day 1: GLVND, Tizen Wayland/Vulkan, PRIME Sync Phoronix

Covered so far today on Phoronix, the first day of XDC2016 Helsinki, were NVIDIA's work on Linux HDR support, how Google's Android Runtime on Chrome uses Wayland, and the NVIDIA surface allocation API debate continued as a prerequisite to seeing mainline NVIDIA Wayland support in the compositors. There were also other notable presentations today...


OpenGL ES 3.2 Officially Enabled For Intel Mesa Driver, Limited To Skylake+ Phoronix

Intel's Mesa driver has supported all of the extensions required by the OpenGL ES 3.2 specification, but only today is the support being officially advertised...


Potential Schizophrenia 'Switch' Found SoylentNews

Researchers at Vanderbilt University Medical Center have discovered a key mechanism that explains how compounds they're developing can suppress schizophrenia-like symptoms in mice without side effects.

On the basis of this discovery, reported this month in the journal Neuron, "we now have [a] much stronger understanding of the therapeutic potential and mechanism of action of compounds that are advancing to clinical development," said P. Jeffrey Conn, Ph.D., director of the Vanderbilt Center for Neuroscience Drug Discovery.

An estimated 3 million Americans have schizophrenia, which is associated with excessive amounts of the neurotransmitter dopamine in a part of the forebrain called the striatum.

Current medications reduce hallucinations and delusions, the hallmark of schizophrenia, by blocking dopamine receptors. But because they also block dopamine receptors in the cerebral cortex, they can worsen cognitive difficulties.

Daniel J. Foster, Jermaine M. Wilson, Daniel H. Remke, M. Suhaib Mahmood, M. Jashim Uddin, Jürgen Wess, Sachin Patel, Lawrence J. Marnett, Colleen M. Niswender, Carrie K. Jones, Zixiu Xiang, Craig W. Lindsley, Jerri M. Rook, P. Jeffrey Conn. Antipsychotic-like Effects of M4 Positive Allosteric Modulators Are Mediated by CB2 Receptor-Dependent Inhibition of Dopamine Release. Neuron, 2016; DOI: 10.1016/j.neuron.2016.08.017

Good news for sufferers.

Original Submission

Read more of this story at SoylentNews.


The isolated kingdom of North Korea Has Just 28 Websites TechWorm

Shocking, Kim Jong-un’s North Korea just has 28 websites of its own

In a world that is increasingly globally interconnected with websites and domains, we have more than 140 million .com and .net domains to surf. Add to this the millions of websites for each country code top-level domain, or ccTLD, such as .de for Germany, .cn for China, .in for India and so on.

So we should assume that the secluded and godforsaken communist holdout, North Korea may have a decent number of websites operating through its top-level country domain .kp. We were wrong, North Korea has only 28 websites operating using its top-level country domain, .kp.

The usually hidden data came to light when by mistake, North Korea misconfigured its nameserver, leaking the list that holds information on all of the domains that exist for .kp, allowing anyone to query it and get the list. The snafu by North Korea’s system administrators which was first revealed by Motherboard, allowed anyone to ask the country’s nameserver and get information about the web services in the isolated kingdom.

“Now we have a complete list of domain names for the country and it’s surprisingly (or perhaps unsurprisingly) very small,” Matt Bryant, a security engineer who found out about the mistake, told Motherboard in an email.

The information that the reticent country owned only 28 domains became a butt of jokes on various tech forums. “I hope for the head of the NK chief propaganda minister that the grand divine dictator’s internet does not break down with all the traffic from Hacker News,” a user on Hacker News joked.

All the 28 websites using .kp were owned by the Government of North Korea, which is not surprising considering the iron like grip Kim Jong-un and his palsies have over the state. Most of the websites are pretty antique as can be seen from the image of the website state-owned Air Koryo airline, or that of the Kim Il Sung University.

“Kim Jong Un Sends Birthday Spreads to Veteran Scholars,” reads one headline.

Another proclaims: “Narcotic-related Crimes Increase among S. Korean Youngsters.”

One user from Hacker News wrote that seems to be a Facebook clone while other, appears to be a Yahoo clone, and looks like a clone of movie4k, a piracy website.

Seems pretty nutty for the country to have only 28 websites using its top-level domain considering the fact that it has a full-fledged hacking unit called Bureau 121home to the best hackers in North Korea and set up with the only purpose of hacking South Korean and Western targets.

The post The isolated kingdom of North Korea Has Just 28 Websites appeared first on TechWorm.


Malicious torrents management tool uncovered Help Net Security

InfoArmor researchers have uncovered Raum, a tool that is used by Eastern European organized crime group “Black Team” to deliver malware to users through malicious torrents. The group constantly tracks the downloaders’ preferences, and chooses to weaponize the most popular torrent files – usually PC games and activation files for Windows and macOS – with Raum. The malware currently added to the torrent files is usually a piece of ransomware (CryptXXX, CBT-Locker, Cerber), the Dridex … More


High-Tech LuDela Candle Can Be Controlled By Your Smartphone TechWorm

Forget Matchsticks! This World’s First Smart Candle Can Be Lit And Extinguished From Your Smartphone

LuDela has created the world’s smartest and safest real-flame candle that can be lit and extinguished with a smartphone. Thanks to the Bluetooth technology and embedded sensors, which the team calls the “Wi-Fire” technology eliminates the need for matches or other fire starters to lit and extinguish the candle.

“There’s a total of 10 sensors inside of this thing, we’ve kind of over-engineered it in a positive way,” said the 44-year-old founder of LuDela, Jamie Bianchini of Nevada.

Some of the sensors are used for safety purposes, he said. The candle can apparently detect when it’s rolling over and extinguish itself by switching on a tiny fan near the wick. The pillar candle is electric, so there’s no gas involved, Bianchini says. It also uses wax fillers that feed upwards, keeping the flame at the top. There are also multiple moods and settings that you can choose from, for instance, if you want to create a candlelight dinner or romantic bedroom lighting, you can choose accordingly.

Addressing safety and aesthetic concerns that candle burners have faced for centuries, Bianchini said, “There’s nothing quite like the glow, smell, and ambience of candles, but with it comes the fire risk, wax mess, hassles with wicks, and the time it takes to light and extinguish multiple candles. LuDela addresses these issues with a smart candle that delivers the convenience and increased safety benefits of LED candles, but with the magic and fascination of a real flame. Combined with our social mission, LuDela delivers better light and better lives around the world.”

So, how does the smart candle works: Each battery-powered purchase comes with a shell-like wax base and a smaller 30-hour candle that you stick inside. Simply tap your smartphone’s touchscreen to burn or reduce the candle’s flame, and when the wax core finally melts, top-up the base with a fresh one.

The LuDela candle is priced at $99 for pre-orders and after that, it is expected to retail for $149. Shipments are expected to start in 2017. If you’re interested, you can check out LuDela’s website for more details.

The post High-Tech LuDela Candle Can Be Controlled By Your Smartphone appeared first on TechWorm.


Have you ever thought why numbers on calculator are reversed on a phone? TechWorm

Why Are The Numbers On A Calculator And A Phone Reversed?

We have been using both the phone and the calculator since ages but there is one surprising thing that a few of us may have noticed. The numbers on the calculator go straight up as the row progresses while it is in reverse order on a phone. If you haven’t yet noticed it, check it now but do you know the reason?

Who is better to answer this question than someone from the field of telecommunications.  Paul Stockley, who works in telecom sector has the answer that you need. He says that the reverse order of numbers on a telephone has nothing to do with aesthetics or usage but was continued through the years because of the ‘zero.’

He says,

Telephones never had a real ‘zero’.

The ’0′ on the rotary telephone dial wasn’t a zero, it was a ten. And it’s in the ‘ten’ position, following ‘nine’.¹ For phones with keypads, it’s still following the ‘nine’, even today.

Designers of newfangled adding machines (and later calculators) re-thought this; they put the 0 in the natural position for their purposes, too; it’s below ’1′, both numerically and physically.

Phones stuck with what they already had, and they were obliged to do so or abandon alphabet mapping in its then-current form: ‘A’ appeared on ’2′ and ‘Z’ on the ’9′ key. To rearrange the numbers would be to reverse the alphabet—not a brilliant argument, you might say, when calculator designers chose to reverse numerical order.

Let me explain:

In the days of rotary dials the pulse signalling system was known as either ‘loop-disconnect’ or ‘decadic’ signalling. Each digit dialled produced a series of quick disconnections in the ‘loop’, the two-wire electrical telephone circuit connecting your receiver set to the exchange (‘central office’, Americans).

Dialling the 1 produced one 66-millisecond break in the loop; the 3 produced three consecutive 66ms breaks; the 8, eight, and the exchanges detected these breaks and stepped the electro-magnetic mechanical switches respectively. Indeed, the whole switching system, officially known as ‘Strowger’ (after its inventor, the world-famous undertaker ²) was also commonly called ‘step-by-step’ or SxS ³.

The quick ones amongst us will have spotted that there is no practical way to create zero line breaks in this system, so dialling the 0 producedten breaks in the line. And since the number of pulses was created very mechanically, the ten-pulse signal (or ‘zero’ if you wish) necessarilyfollowed the nine-pulse signal on the dial. Technically-speaking, there never was a 0 in telephone-land.

It wasn’t even a design decision, it was dictated by mechanics and later entrenched by the overlay of the alphabet.

And that, grasshopper, is why we still have the telephone ’0′ in the ‘ten’ space.

¹ Yes, I know that New Zealand and Sweden had their rotary telephone dials all wrong. But most people don’t, and I’m trying to write intelligible answers for everyone.

² Wikipedia: Strowger switch; ...


Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability Bugtraq

Posted by Cisco Systems Product Security Incident Response Team on Sep 21

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160921-csp2100-2

Revision 1.0

Published: 2016 September 21 16:00 GMT


A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote
attacker to execute arbitrary code on a...



Microsoft aren't forcing Lenovo to block free operating systems Matthew Garrett

There's a story going round that Lenovo have signed an agreement with Microsoft that prevents installing free operating systems. This is sensationalist, untrue and distracts from a genuine problem.

The background is straightforward. Intel platforms allow the storage to be configured in two different ways - "standard" (normal AHCI on SATA systems, normal NVMe on NVMe systems) or "RAID". "RAID" mode is typically just changing the PCI IDs so that the normal drivers won't bind, ensuring that drivers that support the software RAID mode are used. Intel have not submitted any patches to Linux to support the "RAID" mode.

In this specific case, Lenovo's firmware defaults to "RAID" mode and doesn't allow you to change that. Since Linux has no support for the hardware when configured this way, you can't install Linux (distribution installers will boot, but won't find any storage device to install the OS to).

Why would Lenovo do this? I don't know for sure, but it's potentially related to something I've written about before - recent Intel hardware needs special setup for good power management. The storage driver that Microsoft ship doesn't do that setup. The Intel-provided driver does. "RAID" mode prevents the Microsoft driver from binding and forces the user to use the Intel driver, which means they get the correct power management configuration, battery life is better and the machine doesn't melt.

(Why not offer the option to disable it? A user who does would end up with a machine that doesn't boot, and if they managed to figure that out they'd have worse power management. That increases support costs. For a consumer device, why would you want to? The number of people buying these laptops to run anything other than Windows is miniscule)

Things are somewhat obfuscated due to a statement from a Lenovo rep:This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft. It's unclear what this is meant to mean. Microsoft could be insisting that Signature Edition systems ship in "RAID" mode in order to ensure that users get a good power management experience. Or it could be a misunderstanding regarding UEFI Secure Boot - Microsoft do require that Secure Boot be enabled on all Windows 10 systems, but (a) the user must be able to manage the key database and (b) there are several free operating systems that support UEFI Secure Boot and have appropriate signatures. Neither interpretation indicates that there's a deliberate attempt to prevent users from installing their choice of operating system.

The real problem here is that Intel do very little to ensure that free operating systems work well on their consumer hardware - we still have no information from Intel on how to configure systems to ensure good power management, we have no support for storage devices in "RAID" mode and we have no indication that this is going to get better in future. If Intel had provided that support, this issue would never have occurred. Rather than be angry at Lenovo, let's put pressure on Intel to provide support for their hardware.

comment count unavailable comments


Sharper Solutions Bring Israeli Startups West, Claiming SEO and Marketing Magic TechWorm

Top Israeli startups join hands to enter United States and European markets

Exactive Marketing, Online Performance, and iApps, bring SEO and Marketing to US and Europe, teaming with Sharper Solutions to increase efficiency, and unite services under a common banner

In today’s world, access to information through search engines is almost unlimited, and unless you have been living under a rock, you have probably searched for something on Google or another search engine. Yet most of us pay little or no attention to how the things we search for end up on the front page of a search engine. This is where Search Engine Optimization (SEO) comes into play.

Top Israeli startups join hands to enter United States and European markets

On Yavin – Founder and CEO of Online Performance, Founder and UK CEO of Exactive Marketing

Having your brand featured on the internet for the first time can be exciting, however the attention garnered by featuring at the top of a search engine front page, even on a search unrelated to your brand, is the goal. Properly utilizing an SEO strategy can catapult a company’s online visibility and act as a key differentiator between you and your competitors, in turn leading to increased business and revenue. However, this is not to say that SEO guarantees success. Two other strategies must be implemented in planning: solid product development, and digital media marketing. Ensuring that a working prototype has been produced will greatly help in SEO and marketing, however these two can be powerful on their own. Harnessing all three is a rarity in the business world. Three Israeli startups claim to have accomplished this.

Top Israeli startups join hands to enter United States and European markets

Ori Segal – CEO, iApps Technologies

Exactive Marketing, a digital media and advertising firm, Online Performance (SEO), and iApps Technologies (Mobile development), have partnered with Sharper Solutions, a company that specializes in management of enterprise digital transformation, to bring development, marketing and SEO, to the US and Western European markets. While the companies still operate independent on one another, they bring an well rounded portfolio of clients including Samsung and United Airlines. Sharper Solutions will look to help the three companies expand their clientele while providing a wide array of business tools to the US and Europe.



Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability Bugtraq

Posted by Cisco Systems Product Security Incident Response Team on Sep 21

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability

Advisory ID: cisco-sa-20160921-csp2100-1

Revision 1.0

Published: 2016 September 21 16:00 GMT


A vulnerability in the web-based GUI of the Cisco Cloud Services Platform 2100 could allow an authenticated, remote
attacker to execute arbitrary commands on the...


How to Run a Pagekite Server to Expose Your Raspberry Pi Hackaday

Last time I showed you how to expose a web service on a Raspberry Pi (or, actually, any kind of device) by using a reverse proxy from Pagekite. On your Pi, you just need a simple Python script. However, it also depends on the Pagekite server, which isn’t always convenient. There are limits to the free service, and you don’t control the entire thing. The good news is twofold: the same Python script you use to set up the client-side can also set up a server. The other good news is the entire thing is open source.

In practical terms, then, if you have a computer that is always on and has an IP address that can be found on the public internet, you can run your own Pagekite server (they call it a front end) and service your own backends.

Initial Setup

As I mentioned, you are going to need a computer visible on the Internet. Well, technically a computer that is visible to all the clients you expect to use including the backend. It needs a few tools on it, including Python, but nothing exotic. You’ll also need control of your DNS–exactly how you do that will depend on how your server is set up. In my case, I have a server sitting in a rack in a data center so I have my own DNS server (named) running on it.

The Pagekite website has installation packages for RPM and deb packages. I suggest you start by installing that on your server, using the method that matches your packaging system. This will put a new directory called /etc/pagekite.d and also installs a startup script (/etc/init.d/pagekite).

However, the default setting is to exit and not start anything up. What’s more is that the example files are set up as though the computer wants to talk to the Pagekite frontend provided ( If you want to run your own, you are going to have to make some changes.

Named Party

If you have a server on the Internet, there is some way to get names (like into the DNS system to point to a specific IP address. In my case, I own the domain name so I decided to make be my Pagekite front end. I also wanted to be able to create subdomains like

To do this, I needed a few configuration changes in my DNS:

dyn           IN        A 
*.dyn         IN        A

Obviously, my IP address is the one shown. All the names are relative to, so there’s no need to specify that on those two lines. If your hosting company handles your DNS, you’ll have to determine how to make similar changes. Or you can tell them you need two “A” records put in and they ought to know what that means. The upshot is that your host name ( or goes to your server (the Pagekite server in the diagram below).

Host Setup

The Pagekite package will leave two important files in /etc/pagekite.d: 10_account.rc and 20_frontends.rc. The first file is why the service won’t start. The reality is, for using the script as a frontend, you don’t need this file at all. Just in case, I commented out all the lines, but you could just as well remove it. The line that prevents it from starting is the one that reads:


The other lines set up your connection to the servers. We aren’t going to do that, so you can remove those lines or the whole file.

The 20_frontends.rc file is supposed to connect to the remote frontend. In th...


Re: CVE Request: ipywidgets executes untrusted JavaScript Open Source Security

Posted by Jamie Whitacre on Sep 21

Hi Folks,
Is this done?



GNOME 3.22 Officially Released Phoronix

The highly-anticipated GNOME 3.22 desktop release is now available...


[$] BBR congestion control

Congestion-control algorithms are unglamorous bits of code that allow network protocols (usually TCP) to maximize the throughput of any given connection while simultaneously sharing the available bandwidth equitably with other users. New algorithms tend not to generate a great deal of excitement; the addition of TCP New Vegas during the 4.8 merge window drew little fanfare, for example. The BBR (Bottleneck Bandwidth and RTT) algorithm just released by Google, though, is attracting rather more attention; it moves away from the mechanisms traditionally used by these algorithms in an attempt to get better results in a network characterized by wireless links, meddling middleboxes, and bufferbloat.


US Firefighters: Samsung Galaxy Note 7 Not Guilty of Burning Jeep HackRead

By ghostadmin

Samsung Galaxy Note 7 Burning Spree – Guilty or Not

This is a post from Read the original post: US Firefighters: Samsung Galaxy Note 7 Not Guilty of Burning Jeep


Re: libav: divide-by-zero in sbr_make_f_master (aacsbr.c) Open Source Security

Posted by cve-assign on Sep 21

Use CVE-2016-7499.


Re: CVE request for vulnerability in OpenStack Nova Open Source Security

Posted by cve-assign on Sep 21

Use CVE-2016-7498.


Bad Voltage: Phillips Hue vs LifX, and are smart bulbs a good idea? - Linux - News

On the next episode of Bad Voltage, we discuss whether smart bulbs are a good idea. To get the conversation rolling, I started out with a brief introduction of two systems I use: Hue and LifX. Here's how the segment starts:


The Bad Voltage team thought it would be interesting to have a discussion about smart bulbs: whether they're a good idea or not, what the future holds, etc. Before we do that though, I thought I'd give a brief introduction of the multiple smart bulb solutions I have running in my home.

The first system I have running is Philips Hue. Based on the low-power, wireless mesh network zigbee standard this system requires a hub to operate. The Hue line offers a wide variety of options, including standard lights, accent lights, spot lights, light strips, integrated switches and more. Setup is a breeze and while the stock app could be more intuitive the large number of 3rd party applications and integrations more than make up for that. The bulbs are bright and color saturation is acceptable. One down side to this option is that it's on the pricier end of the spectrum.

The second system I have running is LifX. Based on traditional wifi, no additional hub is needed. The LifX line is limited to standard white and color bulbs. Setup is once again a breeze and the stock app is intuitive and full featured. It includes some nice touches such as cool effects baked into the app that you can only get with Hue by using 3rd party apps. The number of 3rd party integrations isn't as large as Hue, but has been growing steadily recently. The bulbs have the greatest brightness and color saturation of any smart bulb I've seen. The price of LifX bulbs are comparable to Hue.

Depending on your needs and design requirements, I'd recommend both systems. There are less expensive options from GE, Wink, WeMo, Cree and others but I've never used them so cannot comment on how they compare. With that brief intro out of the way let's get to the first question my co-presenters had. Are smart bulbs a good idea? Let me give you a few examples of how I use the bulbs and then we'll get the discussion going from there. First, on the more practical side I have a bunch of automations setup that make my home safer and more convenient. Open the front door when it's dark outside and my living room lights go on. Open the basement door and the basement lights go on (which is especially handy while doing laundry). Next, as I have Redshift adjust the color temperature of my screens at night, the lights in my office also adjust to reduce the amount of blue light as it get later. Lastly, on the less practical side, when my favorite team scores a touchdown various lights in my house flash the team colors. So, fellow presenters, what do you think?
Turn in tomorrow to hear what my fellow presenters think. In the mean time, what is your opinion on smart bulbs?



Breakthrough in Salt-Tolerance in Plant Research SoylentNews

University of Adelaide researchers have made a breakthrough in investigating salt tolerance in plants which could lead to new salt tolerant varieties of crops, and also answer unresolved questions in plant biology.

The researchers, also from the ARC Centre of Excellence in Plant Energy Biology and in collaboration with the University's School of Medicine, have discovered that a protein known to control salt balance in animals works the same way in plants.

The research, published in the journal Plant Cell and Environment, found that in plants, as in animals, a group of proteins, a type of 'aquaporin', can transport salt ions as well as water.
The researchers believe these "double-barrelled" aquaporins may be the elusive proteins that let sodium ions─the toxic component of salt─in and out of plant roots. Since the early 1990s researchers have known that salt enters plant roots in saline conditions via pores in the membrane, but the identity of these pores has remained a mystery. This particular aquaporin is abundant on the surface of roots.

"We discovered that it has characteristics similar to the properties previously identified for the pores responsible for sodium ion transport," says co-lead author Dr Caitlin Byrt, Postdoctoral Fellow in the School of Agriculture, Food and Wine. "This finding opens new possibilities for modifying how plants respond to high salt and low water conditions."

Adjusting a plant species's uptake of salt could expand arable land or make use of salty water.

Original Submission

Read more of this story at SoylentNews.


Stop Piracy? Legal Alternatives Beat Legal Threats, Research Shows TorrentFreak

cassetteYesterday the RIAA announced the biggest growth in recorded music sales since the late 1990s, a healthy 8.1% increase compared to the year before.

The record numbers were achieved despite the widespread availability of pirated music. So what happened here? Did all those pirates suddenly grow a conscience?

The answer to this question is partly given by new research published in the journal Risk Analysis.

Researchers from the University of East Anglia, Lancaster University, and Newcastle University found that perceived risk has very little effect on people’s piracy habits. This means that stricter punishments or tough copyright laws are not the answer.

Instead, unauthorized file-sharing (UFS) is best predicted by the supposed benefits of piracy. As such, the researchers note that better legal alternatives are the best way to stop piracy.

The results are based on a psychological study among hundreds of music and ebook consumers. They were subjected to a set of questions regarding their file-sharing habits, perceived risk, industry trust, and online anonymity.

By analyzing the data the researchers found that the perceived benefit of piracy, such as quality, flexibility of use and cost are the real driver of piracy. An increase in legal risk was not directly associated with any statistically significant decrease in self-reported file-sharing.

“Given that we observe a much more powerful predictor of behavior in perceived benefit, changes to legal frameworks may not be the most effective route to change behaviour,” lead author Dr Steven Watson says.

“Specifically, one strategy to combat unlawful file-sharing would be to provide easy access to information about the benefits of legal purchases or services, in an environment in which the specific benefits UFS offers are met by these legal alternatives.”

Alternatively, there is a more indirect route to influence piracy, by increasing the “trust” people have in regulators. This could increase risk perception and also lower the perceived benefits of piracy. However, the researchers note that this isn’t the most efficient option.

In their paper, the researchers mention subscription services such as Spotify as the most compelling alternatives.

This brings us back to the record revenue the RIAA reported yesterday, which can be attributed to the growth of legal services. The RIAA notes that with the introduction of Tidal and Apple Music, subscription service revenues doubled compared to last year.

So it’s legal options that drive the recent revenue growth, not anti-piracy enforcement.

Of course, the idea that subscription services can compete with piracy isn’t new. When Spotify launched its first beta in the fall of 2008, we billed it as “an alternative to music piracy,” and various reports have shown that pirates gladly switch over to good legal services.

The UK researchers also conclude that legal alternatives are a viable option to decrease piracy, one that’s preferred over legal threats.

“It is perhaps no surprise that legal interventions regarding UFS have a limited and possibly short-term effect, while legal services that compete with UFS have attracted significant numbers of consumers,” says co-author Dr Piers Fleming.

Techdirt’s Mike Masnick, who published a “The carrot or th...


Panel Meter-To-Bluetooth Hack Hijacks The Display Segments Hackaday

There are a proliferation of cheap digital meter modules available online for pocket money prices. Current, voltage, frequency, or combinations thereof can all be yours for just a few dollars and a wait for shipping. Unfortunately though these meters are all self-contained units. They do not have a serial port or other interface through which you can log their readings.

This failing was not an obstacle for [Scott Harden], though. He simply added a Bluetooth interface to his combined voltage and current meter module by using an ATmega328 microcontroller to capture the signals sent to the module’s display LEDs and interpret them into readings for his Bluetooth module. He details the process of reverse engineering the meter, and his build. The result is an intriguing mess of wires with a DIP ATmega hanging on their ends. But it performs the task requested of it admirably and when mounted in a project box you would not know what lurks within.

He has made his code for the project available in his GitHub repository, we can see that this could be a valuable technique for use with other similar displays. In the video below the break he gives us a full run-down, as if his comprehensive write-up was not enough.

[Scott] is a prolific hacker whose work we have featured before quite a few times on these pages. Most recently we had his PC frequency counter, but just a couple of his other projects we’ve seen are his USB interface for an aged counter, and his single chip Hellschreiber transmitter.

Filed under: Tech Hacks, tool hacks

OpenDaylight Rolls Out 'Boron' SDN Platform Release

OpenDaylight's fifth release of its SDN platform puts a focus on the cloud, NFV, performance and tools.

The OpenDaylight Project effort to create a common platform for network virtualization continues to mature with the unveiling of the group's fifth release, dubbed "Boron."


Nest Outdoor Security Camera Phoronix

While I've tested out various indoor WiFi-based security cameras over the past decade on Phoronix, outdoor WiFi cameras have been a different story. Either through my contacts from Phoronix or through my own personal searching, I've never found an outdoor WiFi security camera that I've liked either due to poor build quality, poor video quality / viewing angles, or other issues but most of the time has revolved around not being well-engineered. That has changed with the Nest Cam Outdoor that was announced earlier this year by the Google/Alphabet-owned company while this week it's finally begun shipping to consumers. I certainly like the Nest Cam Outdoor from a hardware perspective, but the software could still use some improvements.


Driverless cars could boost safety recall rates The Hill: Technology Policy

The federal government's power to recall unsafe driverless cars in the same manner it deals with traditional automobiles could help boost safety recall rates.   As autonomous vehicles become more common, companies will be able to...


FF1987: The Wandering Stars Random Thoughts

The Wandering Stars #1 by Stuart Hopen and Sam Kieth.

Another entry in the “Fantagraphics sci-fi cancelled mysteriously” series, this one lasted only one issue and ends with the words “to be continued…”

And it’s a very nice issue indeed. Kieth would later switch to a more decompressed art style, but here he crams a lot in. And not only is it very pretty, but it really works. The aliens fit into the environment as well as the humans do.

I’ve snapped a detail here from a panel. Look how awesome it is in its Bernie Wrightnosequeness, and with all these details you can skip or sit and admire (like that thing slurping the woman’s drink).

Oh, yeah, the story… It seems to have potential to get quite interesting. It’s a melancholy story of a post-faster-than-light society in decline peopled with interesting characters. But even as crammed as the pages are here, the plot moves quite placidly, so it’s difficult to tell where this all would have ended up if the series had continued.

It’s a comic book that you sometimes see on the “hey, whatever happened to…” lists, so it’s something that people seem to remember fondly.

My research team was unable to determine why no further issues were published (low sales? Kieth wanting to write his own stuff? something else?).

Sam Kieth, of course, was to become a very famous artist (and writer) a few years later, starting with The Maxx (from Image).  And I’ll be covering his anthology series I Before E later in this blog series.

Stuart Hopen later published a science fiction novel.

This post is part of the Fantagraphics Floppies series.


Security advisories for Wednesday

Arch Linux has updated curl (code execution), lib32-curl (code execution), and lib32-jansson (denial of service).

Debian has updated wireshark (multiple vulnerabilities).

Debian-LTS has updated unadf (two vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities).

SUSE has updated mysql (SLE11-SP3,4: multiple unspecified vulnerabilities).


Senate panel advances ticket bots crackdown The Hill: Technology Policy

A Senate panel on Wednesday advanced legislation meant to combat ticket bot software that snaps up large swathes of tickets to live events so they can be resold at a higher price.The Senate Commerce Committee signed off by voice vote on the Better...


libav: divide-by-zero in sbr_make_f_master (aacsbr.c) Open Source Security

Posted by Agostino Sarubbo on Sep 21

If it is suitable for a CVE please assign one.

Libav is an open source set of tools for audio and video processing.

A fuzzing with an mp3 file as input discovered a divide-by-zero in

The complete ASan output:
# avconv -i $FILE -f null -
[mpeg @...


5 More SuperCon Speakers You Don’t Want to Miss Hackaday

This morning it is my pleasure to announce five more confirmed speakers for the Hackaday SuperConference. The ultimate hardware conference takes place in just a few weeks: November 5th and 6th in Pasadena, California.

Get your tickets now!

Avidan Ross Sam Bobrowicz Akiba...


CouchDB 2.0 released

The Apache CouchDB database project has announced its 2.0 release. New features include clustering support, a new query language, a new administrative interface, and more. "CouchDB 2.0 is 99% API compatible with the 1.x series and most applications should continue to just work."


The curious case of the switch statement (fuzzy notepad)

The fuzzy notepad blog is carrying a post about the switch statement with just about everything one might want to know about its past, present, and possible future. "As we’ve seen, the switch statement has had basically the same form for 49 years. The special case labels are based on syntax derived directly from fixed-layout FORTRAN on punchcards in 1957, several months before my father was born. I hate it."


Catanzaro: GNOME 3.22 core apps

Michael Catanzaro lays down the rules for which GNOME applications distributions should package if they want to claim to provide a "pure GNOME experience." "Selecting the right set of default applications is critical to achieving a quality user experience. Installing redundant or overly technical applications by default can leave users confused and frustrated with the distribution. Historically, distributions have selected wildly different sets of default applications. There’s nothing inherently wrong with this, but it’s clear that some distributions have done a much better job of this than others."


How ZIP Codes Nearly Masked the Lead Problem in Flint SoylentNews

My job was to examine blood lead data from our local Hurley Children's Hospital in Flint for spatial patterns, or neighborhood-level clusters of elevated levels, so we could quash the doubts of state officials and confirm our concerns. Unbeknownst to me, this research project would ultimately help blow the lid off the water crisis, vindicating months of activism and outcry by dedicated Flint residents.

As I ran the addresses through a precise parcel-level geocoding process and visually inspected individual blood lead levels, I was immediately struck by the disparity in the spatial pattern. It was obvious Flint children had become far more likely than out-county children to experience elevated blood lead when compared to two years prior.

How had the state so blatantly and callously disregarded such information? To me – a geographer trained extensively in geographic information science, or computer mapping – the answer was obvious upon hearing their unit of analysis: the ZIP code.

Their ZIP code data included people who appeared to live in Flint and receive Flint water but actually didn't, making the data much less accurate than it appeared.

ZIP codes – the bane of my existence as a geographer. They confused my childhood friends into believing they lived in an entirely different city. They add cachet to parts of our communities (think 90210) while generating skepticism toward others relegated to less sexy ZIP codes.

A tale to remind the scientists and technologists among us why it's important to do our jobs well.

Original Submission

Read more of this story at SoylentNews.


Top spy suggests Russia trying to sow doubt in US elections The Hill: Technology Policy

The nation’s top intelligence official is suggesting Russia could be tampering with U.S. election systems in order to create public doubt about their reliability.“There’s a tradition in Russia of interfering in elections, their own and others,”...


Hackspace Websites And The Great Software Trap Hackaday

Part of the job of a Hackaday writer involves seeking out new stories to write for your delectation and edification. Our tips line provides a fruitful fount of interesting things to write about, but we’d miss so much if we restricted ourselves to only writing up stories from that source. Each of us writers will therefore have a list of favourite places to keep an eye on and catch new stuff as it appears. News sites, blogs, videos, forums, that kind of thing. In my case I hope I’m not giving away too much to my colleagues when I say I keep an eye on the activities of as many hackspaces as I can.

So aside from picking up the occasional gem for these pages there is something else I gain that is of great personal interest as a director of my local hackspace. I see how a lot of other spaces approach the web, and can couple it to my behind-the-scenes view of doing the same thing here in our space. Along the way due to both experiences I’ve begun to despair slightly at the way our movement approaches the dissemination of information, the web, and software in general. So here follows a highly personal treatise on the subject that probably skirts the edge of outright ranting but within which I hope you’ll see parallels in your own spaces.

Before continuing it’s worth for a moment considering why a hackspace needs a public website. What is its purpose, who are its audience, and what information does it need to have?

Public or Private?

The  first and most important point to understand here is that there is a difference between a public website and an intranet. Both may be websites in literal terms, and both may be accessible from the Internet, but the former is aimed at the general public and the latter is aimed at insiders. So many hackspaces appear to blur this line or miss it completely, and create web presences so confusing and opaque that they might as well not be there.

Your internal project wiki, your membership system, your keyholder rota planning application, tool inventory and whatever other internal stuff you just have to put online are all intranet stuff. It’s not that they aren’t important, just that they aren’t relevant to your public-facing website even if they are public-visible. Do them as a separate project, and get something done!

If you ignore the previous paragraph and try to combine the two facets of hackspace web service there is a significant danger that when sitting down to plan your space’s web presence you will become stuck in a mire of different software services. Somewhere along the way the project will turn from a straightforward web site refresh into an intractable schism between hackspace factions, and nothing will be done. I have a feeling that this will be familiar to many readers of this piece, and that it lies behind the somewhat dire quality of so many offerings in the hackspace sphere.


We should now be in agreement that we are talking about public facing websites. So what does a hackspace need a website for? The answer is simple: to convey information that anyone who is not an insider might need to know. Those outsiders might be prospective members, but they also might include commercial or institutional donors, potential customers for your tools and services, and other revenue opportunities.

So as well as basic info such as contact details, opening hours and location, you need to present a compelling picture of what a prospective donor, member, or visitor could expect. A regularly updated blog featuring the work being done in the space, the events the space attends, or other matters of interest. This does require some commitment to keep updated, but it should not be beyond the ability of most spaces to produce content at least once or twice a month.

The Great Sof...

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Wednesday, 21 September


Warning — You Can't Install Linux On Microsoft Signature Edition PCs from Lenovo The Hacker News

In past few months, Microsoft opened the source code of a lot of its projects, convincing people that the company loves Linux. But a new report shows that Microsoft is not really a big supporter of Linux. Microsoft has banned Linux on some Windows 10 powered Signature Edition PCs, which provides the cleanest Windows experience on the market. <!-- adsense --> Signature Edition PCs are


NVIDIA Presents Over GBM vs. EGLStreams, The Big Wayland Support Debate Continues Phoronix

James Jones of NVIDIA just finished taking the stage at XDC2016 where he was talking about Unix device memory allocation, which comes down to the big EGLStreams vs. GBM debate... A.k.a. NVIDIA pushing a different approach for their Wayland support from the Wayland compositors currently focusing around GBM for buffers. This debate is leading towards the development of a new API...


Brian Krebs site hit with 665 Gbps DDoS attack; Largest Internet has ever seen HackRead

By Waqas

Brian Krebs, a security researcher and a journalist suffered a

This is a post from Read the original post: Brian Krebs site hit with 665 Gbps DDoS attack; Largest Internet has ever seen


China Confirms Its Tiangong Space Station Is Falling Back To Earth TechWorm

China’s out-of-control space station will burn up sometime late next year

In the month of July, it was speculated that China has reportedly lost contact with Tiangong-1 space station, its first ever foray into space, launched in 2011 and is on a trajectory back to Earth.

However, in a press conference held last Wednesday, Chinese officials appear to have confirmed that China is no longer in control of its space station and is expected to die a fiery death in Earth’s atmosphere towards the second half of next year. However, it’s unlikely anyone on the Earth will be injured.

China’s Tiangong-1 space station, which has been orbiting the planet for about 5 years was recently decommissioned and the Chinese astronauts returned to the surface.

“Based on our calculation and analysis, most parts of the space lab will burn up during falling,” according to China’s state-run Xinhua news agency. It appears that China is no longer in control of the space station, since control would require guided re-entry over an empty stretch of ocean at a specified time, all things which China acknowledges are no longer possible. The station stopped sending data back to Earth in March.

Usually, a decommissioned satellite or space station would be retired by forcing it to burn up in the atmosphere. This type of burn is controlled, and most satellite re-entries are scheduled to burn up over the ocean to avoid putting lives of people in danger.

Currently, the 9.4-ton (8.5 metric tons) Tiangong-1 spacecraft is intact and orbiting Earth at an altitude of 230 miles (370 kilometers), according to Wu Ping, deputy director of China’s Manned Space Engineering office.

It seems that China’s space agency is not sure exactly when Tiangong-1 will re-enter the atmosphere except for that it will burn up at some point in late 2017. This means that there is chance debris from the falling spacecraft could strike a populated area.

However, it’s unlikely that anyone on the Earth will be injured due to the burning of the space station, as most of the parts will burn up in the atmosphere. The few that would make it to the ground probably won’t land in any populated areas.

China is monitoring Tiangong-1 (whose name means “Heavenly Palace” in Mandarin) closely and will send out appropriate warnings if the space lab threatens to hit a satellite, Wu added. According to Xinhua, China will release a forecast of Tiangong-1’s fall to Earth “if necessary,” Wu said.

Source: Xinhua News

The post China Confirms Its Tiangong Space Station Is Falling Back To Earth appeared first on TechWorm.


Should you trust your security software? Help Net Security

The complaint that security is broken isn’t new and even industry insiders are joining the chorus. Companies spent an estimated $75 billion last year on security products and yet cyber attacks and data breaches are still a common occurrence. Now, we’re finding that security tools themselves have vulnerabilities that are putting organizations at risk. Given that vulnerabilities in software are the root cause of most attacks and security tools are inherently intrusive in order to … More


Microsoft unveils a new Nokia feature phone that costs just $37 TechWorm

Microsoft Uncovers New Nokia 216 Mobile Phone, possibly the last Microsoft-made Nokia phone

Microsoft has just unveiled a new brand handset, the Nokia 216. The Nokia 216 is an entry level feature phone targeting the low-end segment, which will be available at the price of $37. This new feature phone is made keeping developing markets in mind.

This surprise announcement from Microsoft comes after the software giant in May had agreed to sell its entry-level feature phone assets to FIH Mobile Ltd, which is a subsidiary of Foxconn technology group and HMD Global, Oy for $350 million.

The Nokia 216 is dual SIM mobile phone that comes with a 2.4 inch QVGA display along with a 320 x 240-pixel resolution and offers 16MB of RAM. It also comes with 16MB of in-built storage and supports microSD card for additional storage up to 32GB. The device runs Nokia’s Series 30 software. Other specs include 0.3MP cameras on both the front and the side. The LED flash of the rear camera doubles as a built-in torchlight.

The device also has a removable 1020mAh battery, which Microsoft claims would offer up to 18 hours of talk time, with standby up to 19 days. You also get the Opera Mini Browser and the Opera Mobile Store, which offers to access Facebook along with other apps and mobile games. It also includes FM radio, MP3, video player and Bluetooth audio support for headset. It can store as many as 2000 contacts.

The Nokia 216 comes in black, grey or light blue. Microsoft plans to start selling the device in India starting October 24. The Nokia 216 is unlikely to make it’s way to the U.S., as the company is expected to announce some new high-end Windows hardware later this year.

The post Microsoft unveils a new Nokia feature phone that costs just $37 appeared first on TechWorm.


How to Hack Facebook Hacker News Bulletin | Find the Latest Hackers News

The Ultimate guide How to Hack Facebook Passwords There are many ways you can hack facebook passwords. But, in this article, we will look at four of the most common methods. Hack 1: Reset the Password  This is the easiest way you can hack facebook for free. It is done simply by requesting for a

The post How to Hack Facebook appeared first on Hacker News Bulletin | Find the Latest Hackers News.


Teenager Hacks Hundreds Of U.S. Government FTP Servers TechWorm

Multiple FTP servers owned by U.S. government hacked by teenager

A teen hacker using the alias “Fear” managed to gain access to hundreds of FTP servers owned by the U.S. government. The hacker initially gained access to one server, but then discovered that it listed the access credentials to all FTP servers residing on the .us and .gov domains. The .us servers include public data, private data, program source code, and more sensitive data, while the hacker wouldn’t say what’s loaded on the .gov sites.

The FTP servers are used by various United States government departments to upload and download files from the internet have been apparently attacked by a hacker known as “Fear” and has a Twitter handle, @hackinyolife.

“I gained access to an ftp server, that listed access to all the ftp’s on .us domains, and those .us domains were hosted along with .gov , so I was able to access everything they hosted, such as, public data, private data, source codes etc.,” Fear told in an exclusive interview.

Fear said he took advantage of careless security at the company Neustar to gain access to a large number of FTP servers. However, Neustar has pushed back, claiming the supposed breach does not match files the hacker claims to have taken.

“We can’t state unequivocally that he did not hack something, but only because it’s impossible to prove something didn’t happen,” said Neustar Senior Vice President Rodney Joffee.

“We have been looking for evidence since the story came out, and haven’t found anything. And we’re good at this, because we take security seriously.”

FTP stands for File Transport Protocol, and servers using this protocol are established to host files on local networks or via the internet. Users typically need a login name and password to gain access to content stored on these servers, which can be made public or set as private. Servers for file transport are often used to upload data to a website and run off of the same types of domain names as websites.

Neustar is in charge of the “.us” top-level domain, a substitute to “.com,” “.edu” and “.org.” By hacking Neustar, Fear gained access to the FTP accounts for every site with an address ending .us. The .us servers include public data, private data, program source code, and more sensitive data, while the hacker wouldn’t say what’s loaded on the .gov sites.

“I hacked into the Neustar FTP, and I dumped their files, and in the files, there were a list of each and every FTP server on a .us, and it had their passwords, users, ftp ip, hostname, and domain,” said Fear in an online chat. Giving more insight on the claim, he went on to say that it was an attack known as a SQL injection — a poorly coded web database that leaks out information.

“It was very simple to gain access to the 1st box that listed all the .us domains, and their ftp server logins,” Fear claims. “I went through each and every one, it was legit. I am pretty sure about every person who does security researching can do this, yes, it may have taken me about 3 hours or 4 hours of looking around, but it is still possible.”

Boasting further, Fear claims that “It only takes 13 hours and 23 minutes and 12 seconds for somebody to finish gathering data on every US citizen.”

He said that many states used poor security practices, using not more than five characters as passwords and failing to encrypt sensitive information.

Fear said that the files he has collected include credit card information, bank transactions, prescription information, Social Security data and more. He has pl...


How Google's Android Runtime On Chrome OS Uses Wayland, DRM Phoronix

Google developer David Reveman presented at this morning's XDC2016 conference in Finland about the Android Runtime for Chrome making use of Wayland (ARC++) and how the rest of its graphics stack looks for running Android programs on Chrome OS...


Cloud going mainstream, few are maximizing value Help Net Security

While cloud adoption continues to accelerate, few organizations are maximizing the value that cloud can offer, according to IDC. The increased cloud adoption is being fueled by cloud-native applications, including security and the IoT cloud-based solutions. Unfortunately, 69 percent of organizations do not have mature cloud strategies and only 3 percent have optimized cloud strategies generating superior business outcomes. On average, the most “cloud advanced” organizations see an annual benefit per cloud-based application of $3 … More


Navigating OpenStack: Community, Release Cycles and Events

Hopefully last week we piqued your interest in a career path in OpenStack. Adoption is growing and so is the number of OpenStack jobs. Like any other open source project, if you’re going to use it---professionally or personally—it’s important to understand its community and design/release patterns.

Cloud Foundry Releases Free Online Courses

As an open source Platform as a Service (PaaS) solution, Cloud Foundry makes it extremely easy to focus on delivering services and apps without having to worry about the platform. However, it’s not always so easy for developers and administrators new to Cloud Foundry to quickly get up to speed on the technology.

Beginning Grep for Linux SysAdmins

Beginning Grep for Linux SysAdmins


Titan's Flooded Canyons SoylentNews

The aptly named Titan, Saturn's largest moon, is remarkably Earth-like. Its diameter is only about 40% that of our planet, but Titan's nitrogen-rich, dense atmosphere and the geological activity at the moon's surface make comparisons between the two bodies inevitable.

This image, taken with the radar on the Cassini spacecraft, shows just how similar the features in Titan's surface are to Earth's landforms.

Aside from Earth, Titan is the only other body where we have found evidence of active erosion on a large scale. There are seas, lakes and rivers filled with liquid hydrocarbons – mainly methane and some ethane – that etch the moon's surface, in much the same way water erodes Earth's.

A striking example is Vid Flumina, the Nile-like, branching river system visible on the upper-left quadrant of the image. The river, in the moon's north polar region, flows into Ligeia Mare, a methane-rich sea that appears as a dark patch on the right side of the image.

Researchers in Italy and the US analysed Cassini radar observations from May 2013 and recently revealed that the narrow channels that branch off Vid Flumina are deep, steep-sided canyons filled with flowing hydrocarbons.

Do Titanians worry about too much oxygen in their atmosphere?

Original Submission

Read more of this story at SoylentNews.


Cyber terrorism seen as biggest single future threat Help Net Security

47% of UK IT decision makers (ITDMs) are more worried about cyber terrorism attacks now than they were 12 months ago, according to IP EXPO Europe. This was identified as the biggest cyber security risk in the future (27%), followed by attacks to national infrastructure (13%). In light of this newly perceived risk, more traditional cyber threats such as ransomware and DDoS are rated as a lower risk, with only 11%, 10% and 9% of … More


NVIDIA Is Working Towards HDR Display Support For Linux, But The Desktop Isn't Ready Phoronix

NVIDIA supports HDR displays on Windows and Android, but not currently under Linux for the infrastructure not being in place to support High Dynamic Range displays from the Linux desktop. NVIDIA though is looking at working towards ultimately supporting HDR displays on Linux...


Over 840,000 Cisco systems affected by the Equation Group’s flaw CVE-2016-6415 Security Affairs

The Shadowserver Foundation has conducted a scan of the Internet for CISCO devices running IOS software affected by the CVE-2016-6415 vulnerability.

Recently experts from CISCO discovered a vulnerability, tracked as CVE-2016-6415, in IOS system,while investigating the Equation Group‘s exploits leaked by the Shadow Broker hacker group. In particular, experts from CISCO were evaluating the impact of the BENIGNCERTAIN exploit. The experts also discovered another zero-day exploit dubbed EXTRABACON that could be used to hack CISCO ASA software.

The CVE-2016-6415 resides in the IKEv1 packet processing code. A remote, unauthenticated attacker could exploit it retrieve memory contents.

“The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests,” reads the security advisory published by Cisco.

The flaw affects Cisco IOS XR versions 4.3.x, 5.0.x, 5.1.x and 5.2.x – versions 5.3.0 and later are not impacted. All IOS XE releases and various versions of IOS are affected.

Which is the real impact of the CVE-2016-6415 vulnerability?

The Shadowserver Foundation tried to provide further information to estimate the impact of the vulnerability in the wild, it has conducted an Internet scan for the Internet Security Association and Key Management Protocol (ISAKMP), which is a part of IKE.

“This scan is looking for devices that contain a vulnerability in their IKEv1 packet processing code that could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. More information on this issue can be found on Cisco’s site at:” reads the page related to the Vulnerable ISAKMP Scanning Project.

“The goal of this project is to identify the vulnerable systems and report them back to the network owners for remediation. Information on these vulnerable devices has been incorporated into our reports and is being reported on a daily basis.”

With the support of CISCO experts, the organization queried all computers with routable IPv4 addresses that are exposed on the Internet without firewall protection. They used a specifically crafted 64 byte ISAKMP packet collecting the response from the scanned appliance.

“We normally tune our scans as tightly as possible to limit the impact on the end users as well as trying to be nice to the general network traffic.  In this case we are not as tuned as we would like to be since we are having to do a full IKE negotiation making our packets almost 2600 bytes in size, at least in the first sets of tests.  With a huge amount of assistance from Cisco we were able to r...


CVE request - mujs Heap-Buffer-Overflow write and OOB Read Open Source Security

Posted by Puzzor on Sep 21


Two vulnerabilities were found in mujs latest version, and they have got

1. mujs str Out-of-Bound read 1 byte in function chartorune.

2. mujs "char *s" Heap overflow in Fp_toString at jsfunction.c:72

Please assign CVE-IDs for them.
The vulnerabilities were found by Shi Ji(@Puzzor)

Best regards,
Shi Ji(@Puzzor)


macOS Sierra released, introduces auto unlock with Apple Watch Help Net Security

Apple released macOS Sierra, now available as a free update. The new OS brings Siri to the Mac, along with all-new capabilities designed specifically for use on the desktop. Features like Universal Clipboard, iCloud Desktop and Documents, Auto Unlock and Apple Pay on the web help your Mac work even better with other Apple devices. Siri on the Mac can help send messages and email, find documents, look up information, search a user’s photo library, … More


George H.W. Bush Said That He Will Vote for Hillary Clinton

Via: CNN: Former President George H.W. Bush said Monday that he will vote for Hillary Clinton in November, according to sources close to the 41st President…


Cloud Migration Is Making Performance Monitoring Crucial

Application performance monitoring (APM) and network performance monitoring (NPM) are becoming increasingly important as businesses that have adopt cloud-based services and virtualized infrastructure.


Hey, Poker Face — This Wi-Fi Router Can Read Your Emotions The Hacker News

Are you good at hiding your feelings? No issues, your Wi-Fi router may soon be able to tell how you feel, even if you have a good poker face. A team of researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have developed a device that can measure human inner emotional states using wireless signals. Dubbed EQ-Radio, the new device measures heartbeat, and


Some Fresh Linux 4.8 + Mesa 12.1-dev OpenGL Benchmarks For Radeon GPUs Phoronix

For those craving some fresh Mesa Git benchmarks, here are a few OpenGL tests I carried out with some AMD Radeon GPUs when comparing the out-of-the-box Ubuntu 16.04 LTS performance to what's offered currently by Linux 4.8 and Mesa 12.1-dev Git...


Hackers Hijack Tesla Model S from Afar, While the Cars are Moving SoylentNews

Chinese hackers have attacked Tesla electric cars from afar, using exploits that can activate brakes, unlock doors, and fold mirrors from up to 20 kilometres (12 miles) away while the cars are in motion.

Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks against a Tesla Model S P85 and 75D and say their efforts will work on multiple Tesla models.

The Shanghai, China-based hacking firm has withheld details of the world-first zero day attacks and privately disclosed the flaws to Tesla.

The firm worked on the attack for several months, eventually gaining access to the motor that moves the driver's seat, turning on indicators, opening the car's sunroof and activating window wipers.

The Chinese should not make Iron Man angry...

According to Ars Technica :

Tesla has already issued an over-the-air firmware patch to fix the situation.

Previous hacks of Tesla vehicles have required physical access to the car. The Keen attack exploited a bug in Tesla's Web browser, which required the vehicle to be connected to a malicious Wi-Fi hotspot. This allowed the attackers to stage a "man-in-the-middle" attack, according to researchers. In a statement on the vulnerability, a Tesla spokesman said, "our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly." After Keen brought the vulnerability to Bugcrowd, the company managing Tesla's bug bounty program, it took just 10 days for Tesla to generate a fix.

Original Submission

Read more of this story at SoylentNews.


The Patent Law Firms in the US Relentlessly Lobby for Software Patents Resurgence by Placing Emphasis Only on Rare Outcomes Techrights

The fine art of cherry-picking…

On cherry-picking

Summary: Decisions against software patents continue to be ignored or intentionally overlooked by patent law firms, which instead saturate the media with the few cases where courts unexpectedly rule in favour of software patents

LAST week we said that the patent microcosm would start amplifying (repeatedly mentioning and hyping up) McRO for software patents agenda [1, 2, 3]. We have since then seen several dozens of so-called ‘analyses’ from the patent microcosm (these drown out actual press articles) and just like with Enfish, this can on for weeks (here are some of the latest examples [1, 2, 3]). It’s not hard to see what patent law firms are trying to accomplish; they want more power for themselves at the expense of everybody else.

“It’s not hard to see what patent law firms are trying to accomplish; they want more power for themselves at the expense of everybody else.”The Eastern District of Michigan (not Texas) has just had a court foolishly accept a software patent. To quote the patent lawyers’ media: “Bruce Zak, an individual, sued Facebook, Inc. for patent infringement in the U.S. District Court for the Eastern District of Michigan on two of his software patents — United States Patent Nos. 8,713,134 and 9,141,720. Facebook moved for summary judgment arguing that the subject matter of the two patents is not eligible for patent protection under § 101. The District Court denied Facebook’s motion for summary judgment even though the representative claim was found to be directed to an abstract idea, since the claim was further found to recite enough details to specify how a solution will be implemented that addresses a business challenge particular to the Internet.”

Facebook itself has been stockpiling and suing with software patents as well.

In other news, trolls in the Eastern District of Texas (we...


Microsoft Reportedly Requires "Signature PCs" To Be Locked To Only Running Windows Phoronix

Lately I've heard a few reports of some newer PCs being less than friendly with Linux, namely a number of Lenovo devices who have issues with installing Linux. Based upon new information that's come to light from a Phoronix reader, it appears that PCs receiving Microsoft's "Signature Edition" tag are being locked-out from running non-Windows platforms...


Gaming Laptops Under 300$: 5 Cheap gaming laptops Review | latest tech and hacking tutorials,reviews and articles.

Best Gaming Laptops Under 300$ of 2016

We have put together a list of best gaming laptops under 300 dollars.Laptops come in different weights, specs and prices. The problem is that when you go looking for a good gaming laptop, you are confronted by huge prices, in the thousands of dollars. Of course, it isn’t easy looking for a gaming laptop, no matter your price range.

Name HP Pavilion 15

Acer Aspire NX.MQVAA.001

ASUS 15.6

HP Premium 250

HP ProBook 4530S

Image hp-pavilian-15 acer asus-15-6 ...


Arduino Detects Pants on Fire Hackaday

Hard as it is to imagine, lie detectors have been sold as children’s toys for a number of years. A simple battery-operated device clipped to your fingers and would show the conductivity of your skin. The concept — which is probably not very reliable — observers that lying causes you to imperceptibly sweat which causes a sudden increase in your skin’s conductivity. These cheap toys would have a meter and you’d note the meter deflection to determine if the subject was lying.

You can debate the amusement value of interrogating your friends, perhaps, but they were pretty common and still exist (including some that shock you if they detect you are lying). Seventeen-year-old [BuildIt] has his own modern take on this classic device using — what else? — an Arduino. You can see a video of the device below.

You don’t need a lot of external parts for this project, although the finger clips and the cardboard box will take a little mechanical skill to complete.

We’ve looked at galvanic skin response and other biosignal processing before. You can do a lot more if you build a little more hardware.

Filed under: Arduino Hacks, Medical hacks


Is An Editable Blockchain the Future of Finance?

The consultancy firm Accenture is patenting a system that would allow an administrator to make changes to information stored in a blockchain. In an interview with the Financial Times (paywall), Accenture’s global head of financial services, Richard Lumb, said that the development was about “adapting the blockchain to the corporate world” in order to “make it pragmatic and useful for the financial services sector.”


We must support parental choice for student data The Hill: Technology Policy

Technology utilized by an effective teacher helps every student learn to the best of his or her ability by taking advantage of opportunities not previously available. Ideally, teachers can also use educational resources to tailor lesson plans for...


PoodleCorp DDoS Blizzard Servers Twice in Last 24 Hours HackRead

By Agan Uzunovic

PoodleCorp is back with a bang, this time, Blizzard servers are

This is a post from Read the original post: PoodleCorp DDoS Blizzard Servers Twice in Last 24 Hours


Node.js memory corruption from JavaScript as a feature Guido Vranken

As I was casually browsing the NodeJS 6.6.0 source code I stumbled upon this suspect piece of code.


 816 template <typename T, enum Endianness endianness>
 817 void WriteFloatGeneric(const FunctionCallbackInfo<Value>& args) {
 818   Environment* env = Environment::GetCurrent(args);
 820   bool should_assert = args.Length() < 4;
 822   if (should_assert) {
 823     THROW_AND_RETURN_UNLESS_BUFFER(env, args[0]);
 824   }
 826   Local<Uint8Array> ts_obj = args[0].As<Uint8Array>();
 827   ArrayBuffer::Contents ts_obj_c = ts_obj->Buffer()->GetContents();
 828   const size_t ts_obj_offset = ts_obj->ByteOffset();
 829   const size_t ts_obj_length = ts_obj->ByteLength();
 830   char* const ts_obj_data =
 831       static_cast<char*>(ts_obj_c.Data()) + ts_obj_offset;
 832   if (ts_obj_length > 0)
 833     CHECK_NE(ts_obj_data, nullptr);
 835   T val = args[1]->NumberValue(env->context()).FromMaybe(0);
 836   size_t offset = args[2]->IntegerValue(env->context()).FromMaybe(0);
 838   size_t memcpy_num = sizeof(T);
 840   if (should_assert) {
 841     CHECK_NOT_OOB(offset + memcpy_num >= memcpy_num);
 842     CHECK_NOT_OOB(offset + memcpy_num <= ts_obj_length);
 843   }
 845   if (offset + memcpy_num > ts_obj_length)
 846     memcpy_num = ts_obj_length - offset;
 848   union NoAlias {
 849     T val;
 850     char bytes[sizeof(T)];
 851   };
 853   union NoAlias na = { val };
 854   char* ptr = static_cast<char*>(ts_obj_data) + offset;
 855   if (endianness != GetEndianness())
 856     Swizzle(na.bytes, sizeof(na.bytes));
 857   memcpy(ptr, na.bytes, memcpy_num);
 858 }

As you can see, should_assert is set to false when there is a 4th parameter.

This is what the documentation says about it:

buf.writeFloatBE(value, offset[, noAssert])
buf.writeFloatLE(value, offset[, noAssert])
Added in: v0.11.15

    value <Number> Number to be written to buf
    offset <Integer> Where to start writing. Must satisfy: 0 <= offset <= buf.length - 4
    noAssert <Boolean> Skip value and offset validation? Default: false
    Return: <Integer> offset plus the number of bytes written

Writes value to buf at the specified offset with specified endian format (writeFloatBE() writes big endian, writeFloatLE() writes little endian). value should be a valid 32-bit float. Behavior is undefined when value is anything other than a 32-bit float.

Setting noAssert to true allows the encoded form of value to extend beyond the end of buf, but the result should be considered undefined behavior.

So it’s not a bug but a feature..

Let’s try it on 64 bit:

node-v6.6.0$ ./node -e 'new Buffer(10).writeFloatBE(1, 0xFFFFFFFFFFFFFFFF-3000, 1);'
Segmentation fault


Disclaimer: I never use NodeJS and I know next to nothing about it. Maybe there is a good use for this “feature” (but what?), but other popular high-level languages have a zero-tolerance policy with regards to raw memory corruption from scripts (see Python, Ruby, Perl, PHP vulnerabilities etc in the Internet Bug Bounty program).



It seems that Internet Explorer and Edge users were in danger for so long Security Affairs

Microsoft recently issued the patches to fix set of flaws in Internet Explorer, years after their discovery by black-hats in the hacking underground.

Microsoft finally fixed a set of vulnerabilities in Internet Explorer years after they were discovered by black-hats in the hacking underground. I have contacted a black hat in the underground that who made a catastrophic prediction:

“And millions of people affected by it, but most of them still unaware of that they got hacked nearly a year ago” [4]

On September 13, 2016, Microsoft released two major security updates (MS16-105, MS16-104  for Edge and Internet Explorer browsers. [1][2]

The updates address various vulnerabilities rated with a severity level included from “Critical” to “Moderate.” According to ZDI some of these vulnerabilities have been reported to Microsoft on May 2016. Unfortunately evidence suggests that -hopefully- “some of them” has been known since 2014 and has been used in major attacks in the wild, such as the CVE-2016-3351 (creation date is 2016-03-15).

The CVE-2016-3351 flaw allows malicious script to just step back -or filter out- on configurations that are suspected to be on security analysis by checking various file type integrations such as .pcap files which are used to get network packet dumps by various traffic analysis software.

On December 15, Proofpoint has mentioned this vulnerability in its threat-insight blog mentioning Angler EK. [4]

Internet Explorer edge

The expert that I have been in touch was claiming that both CVE-2016-3351 and CVE-2016-3295 have been discovered long before their recent disclosure by actors in the underground, but only the CVE-2016-3351 was resolved in public. He also added that actively used CVE-2016-3295 exploit was always confused as CVE-2015-0046 and will be understood shortly.  [4]...


JPEG-Turbo Library 1.5.1 Released Phoronix

Version 1.5.1 of the libjpeg-turbo library is now available. For those that have somehow managed to never hear of it, libjpeg-turbo is a BSD-licensed, faster JPEG image codec than libjpeg and has various other feature differences...


Malicious Torrent Network Tool Revealed By Security Company TorrentFreak

danger-p2pMore than 35 years after 15-year-old high school student Rich Skrenta created the first publicly spread virus, millions of pieces of malware are being spread around the world.

Attackers’ motives are varied but these days they’re often working for financial gain. As a result, popular websites and their users are regularly targeted. Security company InfoArmor has just published a report detailing a particularly interesting threat which homes in on torrent site users.

“InfoArmor has identified a special tool used by cybercriminals to distribute malware by packaging it with the most popular torrent files on the Internet,” the company reports.

InfoArmor says the so-called “RAUM” tool is being offered via “underground affiliate networks” with attackers being financially incentivized to spread the malicious software through infected torrent files.

“Members of these networks are invited by special invitation only, with strict verification of each new member,” the company reports.

InfoArmor says that the attackers’ infrastructure has a monitoring system in place which allows them to track the latest trends in downloading, presumably so that attacks can reach the greatest numbers of victims.

“The bad actors have analyzed trends on video, audio, software and other digital content downloads from around the globe and have created seeds on famous torrent trackers using weaponized torrents packaged with malicious code,” they explain.

RAUM instances were associated with a range of malware including CryptXXX, CTB-Locker and Cerber, online-banking Trojan Dridex and password stealing spyware Pony.

“We have identified in excess of 1,639,000 records collected in the past few months from the infected victims with various credentials to online-services, gaming, social media, corporate resources and exfiltrated data from the uncovered network,” InfoArmor reveals.

What is perhaps most interesting about InfoArmor’s research is how it shines light on the operation of RAUM behind the scenes. The company has published a screenshot which claims to show the system’s dashboard, featuring infected torrents on several sites, a ‘fake’ Pirate Bay site in particular.


“Threat actors were systematically monitoring the status of the created malicious seeds on famous torrent trackers such as The Pirate Bay, ExtraTorrent and many others,” the researchers write.

“In some cases, they were specifically looking for compromised accounts of other users on these online communities that were extracted from botnet logs in order to use them for new seeds on behalf of the affected victims without their knowledge, thus increasing the reputation of the uploaded files.”


According to InfoArmor the malware was initially spread using uTorrent, although any client could have done the job. More recently, however, new seeds have been served through online servers and some hacked devices.

In some cases the malicious files continued to be seeded for more than 1.5 months. Tests by TF on the sample provided showed that most of the...


Links 21/9/2016: Lenovo Helps Microsoft Block GNU/Linux Installations Techrights

GNOME bluefish



  • Desktop

    • Beware: Windows 10 Signature Edition Blocks Installing Linux

      Microsoft opening the source code of a lot of its projects in the last months convinced some people that the company – under its new management – is now good, and that it “loves Linux”, however, this assumption came to be wrong today with the latest monopoly try from Microsoft.

      In a TL;DR format: Some new laptops that ship with Windows 10 Signature Edition don’t allow you to install Linux (or any operating system) on it; the BIOS is locked and the hard drives are hidden in a way you can’t install any OS. Those news are not some rumors from the Internet, Lenovo for example confirmed that they have singed an agreement with Microsoft for this.

    • Best Linux Desktop for Customization

      Is customizing your Linux desktop important to you? Run Linux for even a few months, and the ability to customize a desktop environment according to your preferences can become a right.

      Customization options start with the fact that more than one Linux desktop is available, and many of these desktop environments allow some customization of the desktop and panel. However, others include options for almost everything you can see or use.

  • Server

    • How blockchain will grow beyond bitcoin

      Since its advent in 2009, bitcoin’s decentralized, broker-less and secure mechanism to send money across the world has steadily risen in popularity and adoption. Of equal — if not greater — importance is the blockchain, the technology that supports the cryptocurrency, the distributed ledger which enables trustless, peer-to-peer exchange of data.

    • The end of Moore’s Law and the expansion of Linux; what do these mean to IBM?

      As many organizations are finding out, open-source computing is a game-changer. Many businesses now rely on open-source tools to lower costs, increase flexibility and freedom, and enhance security and accountability.

      Stefanie Chiras, VP of IBM Power Systems Offering Management, Systems of Engagement, at IBM, joined Stu Miniman (@stu) and Dave Vellante (@dvellante), cohosts of theCUBE, from the SiliconANGLE Media team, during IBM Edge, held at the MGM Grand in Las Vegas, NV, to discuss the changing landscape around open source, the end of Moore’s Law, and how the cloud drives innovation for clients.

    • Cloud Foundry launches its new Docker-compatible container management system


Why China Is the Next Proving Ground for Open Source Software

Western entrepreneurs still haven't figured out China. For most, the problem is getting China to pay for software. The harder problem, however, is building software that can handle China's tremendous scale.


Giant Algal Bloom Sheds Light on Formation of White Cliffs of Dover SoylentNews

The White Cliffs of Dover span England's southeastern coastline for 16 kilometers (10 miles) and reach as tall as 110 meters (350 feet) high. Facing the narrowest part of the English Channel, the cliffs have come to symbolize England since the time of Julius Caesar, often the first and last view travelers have of the country by sea.

The sheer cliffs are composed of white chalk, or calcite, made by coccolithophores – tiny, single-celled algae at the bottom of the marine food chain. Coccolithophores build hard, saucer-shaped calcite plates around themselves that sink and accumulate on the sea floor when the algae die, compacting and hardening into chalk. The White Cliffs' chalk was laid down in a shallow sea above present-day England almost 100 million years ago and thrust upward by movements of the Earth's crust.

Now, researchers outline in a new study the ocean conditions necessary for coccolithophores to flourish, conditions that likely allowed the White Cliffs to form nearly 100 million years ago. The new information comes from an unlikely source: a great bloom of coccolithophores in the Southern Ocean known as the Great Calcite Belt.
They found coccolithophores depend on concentrations of three key nutrients: nitrate, silicate, and iron. Diatoms need silicate to build glassy shells around themselves, so in areas where silicate was more abundant than nitrate, diatoms outcompeted coccolithophores. Coccolithophores, on the other hand, flourished where nitrate was more abundant than silicate. In these areas there was also enough iron for coccolithophores to thrive, but not enough for diatoms. Coccolithophores also grew better than most diatoms in low-iron regions, according to Balch.

Coccolithophores also flourish where different water masses diverge. At these boundaries, upwelling of deep water brings to the surface trace metals and nutrients coccolithophores need to survive, Balch said.

The upwelling of deep ocean water in the English Channel supplies the necessary nutrients for the lifeforms whose shells compress into chalk over time.

William M. Balch et al. "Factors regulating the Great Calcite Belt in the Southern Ocean and its biogeochemical significance", Global Biogeochemical Cycles (2016). DOI: 10.1002/2016GB005414

Original Submission

Read more of this story at SoylentNews.


Photos On Dark Web Reveal Geo-locations Of 229 Drug Dealers — Here's How The Hacker News

It's a Fact! No matter how smart the criminals are, they always leave some trace behind. Two Harvard students have unmasked around 229 drug and weapon dealers with the help of pictures taken by criminals and used in advertisements placed on dark web markets. Do you know each image contains a range of additional hidden data stored within it that can be a treasure to the investigators fighting


Italian security firm spotted BadEpilogue: The Perfect Evasion Security Affairs

Security firm Certego has been detecting multiple viral spam campaigns leveraging a new malware evasion technique it called BadEpilogue.

Starting from May 2016, Certego Threat Intelligence platform has been detecting multiple viral spam campaigns using a new evasion technique. These attacks are able to hide malicious attachments inside a specific area of the MIME/Multipart structure and to avoid Content Filtering controls.

Certego has verified that some of the most common email clients and web mail services, using a different way of rendering the MIME/Multipart structure, are able to identify and extract the attachment, resulting in a Malware Evasion technique that we called BadEpilogue.

Analysis of the evasion technique

The picture shows a snippet of the source of a malicious email message using BadEpilogue evasion technique.


Rows from 53 to 57 contain the end of the HTML message, while the attachment is located within an area that RFC2046 defines as Epilogue of a MIME/Multipart message, right after the final boundary of the Multipart message located at line 59 ending with the double “-” character.

According to RFC 2046, the message epilogue should not contain any useful text and, in particular, it should be ignored by MIME-compliant software:

“NOTE: These “preamble” and “epilogue” areas are generally not used because of the lack of proper typing of these parts and the lack of clear semantics for handling these areas at gateways, particularly X.400 gateways. However, rather than leaving the preamble area blank, many MIME implementations have found this to be a convenient place to insert an explanatory note for recipients who read the message with pre-MIME software, since such notes will be ignored by MIME-compliant software.

In the attack, right after the closing boundary of the MIME/Multipart message and at the beginning of the Epilogue area, there is a new boundary (see line 61) that starts another Multipart section containing the malicious attachment.”

Certego verified that many libraries used in Antispam and Antivirus systems to extract and analyze email attachments are unable to detect files hidden in the Epilogue area. On the other hand, popular email clients such as Outlook, Thunderbird, Evolution and Web Mail services are able to detect the attachment and to show it to the user resulting in a new malware evasion technique.

Responsible Disclosure Policy

Certego has described this evasion technique to the developers of email clients impacted by BadEpilogue. At the same time, we have informed the vendors of major Antispam systems that some of their Content Filters are ignoring attachments hidden in the Epilogue area.

We reported the technique to Microsoft and Mozilla. Microsoft has just released a patch for their email client in their last Security Bulletin MS16-107 (CVE-2016-3366) fixing the anomaly.

Certego also contacted Google and TrendMicro and both vendors confirmed the problem. TrendMicro has released a hotfix for their products, while Google informed us that a solution will be released shortly.



Newest kid in the Advertising Marketplace? Adblock Plus of Course SoylentNews

A story at The Verge reveals the newest plan for the company behind Adblock Plus, they are entering the ad network business. In exchange for 20% of your revenue, you can get pre-approved ads that will show to users with acceptable ads enabled. While pitched as an easier alternative to the old process of getting ads approved, the ultimate goal is the same. Now, they will get a percentage of all acceptable ads though the program. The article points out that this is one big step closer to racketeering, as they are directly taking a 6% cut. Or, as the old gangsters would say, "would you rather pay me to keep 80% of something or keep 100% of nothing?"

Original Submission

Read more of this story at SoylentNews.


Hillary Clinton - And Then the Wheels Fell Off. Terra Forming Terra

From the beginning we have seen a steady drip of apparent insider reports all impacting on Hilary's health. Her collapse on 9/11 served to make that issue central to the rest of her campaign.  At the same time her bizarre reappearance an hour or so later opened serious questions about the use of a body double. We keep adding more questions and getting no answers.

We have actually seen a cascade of troubling news for her including on the legal front that surely dwarf any issues Donald may face.  All this happening when she should be out shaping her narrative.  Now she is off the formal campaign trail to prepare for the first debate.

The answer to all the health rumors is a convincing performance at this debate.  That is what i have waited for as that is a real stress test.  LOL. 
Hillary Clinton prepares for unpredictable Donald Trump at debate


Here’s the Turbocharged BBQ Grill You’ve Been Waiting For Hackaday

We’re not actually sure that it’s a good idea at all, but it’s got a heck of a lot of style; [Morgan]’s barbecue grill is turbocharged. Literally.

Keeping with the automotive theme, a serve-motor-driven throttle from a Ford Mustang serves as a (naturally-aspirated) air intake, and a Honda Civic manifold delivers it to the grill. But when he really needs to turn up the heat, a 360 watt fan can force-feed the fire.

The reason this is on Hackaday, however, is that the fan and the throttle are all under the control of an ESP8266 buried underneath it all. [Morgan] has even written a web app to control it all from a cell phone, and included presets with absurd automotive names or accelerometer control over the turbo. Check out the functionality in the videos below.

If it were us, we’d take on the problem of automating the grill next, although we’re not sure how we’d keep up the grill’s fantastic automotive aesthetic. But cars are basically robots these days, anyway, right? Why not add some temperature sensors to the “ECU”? After that, it’s a simple matter of engineering to tweak grilling and roasting temperatures to achieve optimal results. It’s what VW would do!

How hot does your grill need to be? Are you also forging steaks? Chime in with your culinary comments!

Filed under: cooking hacks


UFO “Cosmic Revenge” Terra Forming Terra

We often forget that the wheels came of the cult of secrecy in the USSR in 1991.  That has never happened in the USA.  Thus their disclosed research mirrors USA practice at the same time periods..

This disclosure shows us that active communication was underway and information transfer was happening there as well.  We learn that the aliens do not appreciate been shot at either and are quite able to react.

What is  unusual is that the crew gathered together and then and there formed a space time bubble in order to exit and presumably return to base.  Much more interesting but also questionable is the report that the radiation blast transmuted the atomic content of the surrounding observers into limestone.  The reason i question it is that it actually targeted the men as no mention is make of trees been affected.  That is unexpected as it represented a targeted military response.

It also happens to be exactly reminiscent of the biblical pillars of salt. 

We also suspect that specific wavelengths can transmute specific elements but this needs difficult to do confirmation and is presently out of reach.  However that is exactly what is reported here.

For the blind dumb and stupid, any form of military resistance is impossible against this potential suite of weaponry, for the same reason our tech dominates even recent weapon systems.  Toss is drone remote control and it becomes utterly meaningless.

True War has been obsolete for a long time and this merely makes it silly.
UFO “Cosmic Revenge” 

After Mikhail Gorbachev dissolved, in 1991, the KGB top secret intelligence administration, a lot of material from that department found their way abroad, in particular to the CIA. 

As reported by the authoritative magazine Canadian Weekly World News, U.S. intelligence obtained a 250-page file on the attack by a UFO on a military unit in Siberia. The file contains not only many documentary photographs and drawings, but also testimonies by actual participants in the events. 



Cannabis Can Decontaminate the Planet Terra Forming Terra

 We are actually talking about hemp of course but this makes a better headline.  The Russians have used several plants to clean soils around Chernobyl.  Thus we are now getting extensive empirical data developed.

The world is full of damaged sites that need this form of gentle remediation. What we need is a likely profile on the time frames.  This is something governments can target and fund in much the same way that super fund projects have restored long abandoned mining operations in the USA.

Certainly this is a vastly superior scheme to scrapping up the top soil and carting it to a land fill..

In fact we see the shape of a likely general  protocol here.  The first step is to dismantle all structures and ship or sequester safely if necessary.  Then re groom the site itself and prepare a working seed bed.  Plant remedial plants. Do this year after years until the soil can be worked safely and residue levels are safe.

Cannabis Can Decontaminate the Planet
Hemp and the Decontamination of Radioactive Soil

 Saturday, 10 September 2016

Hemp science is now advancing in leaps and bounds compared to the stagnation of the previous few decades. One significant area of research that is currently receiving particular attention is phytoremediation, or decontamination of soil—although the discovery that hemp leaches contaminants from soil has been known for some time.

The Chernobyl phytoremediation project

For over a decade, industrial hemp growing in the environs of the abandoned Chernobyl nuclear power plant in Pripyat, Ukraine has been helping to reduce soil toxicity. Now, the Japanese are considering following the same course in order to rectify the environmental damage caused by...


Humpback Whales Around the Globe Rescuing Animals from Orcas Terra Forming Terra

This is an unusual observation.  I personally think that the whales generally show communal intelligence of a high level and we need to succeed in communicating with them.  They need to become our allies in ocean management and i think that a mutually beneficial system can be devised.

Communication will have to start with mind to mind work as we are discovering with horse whispering in particular and elephants and large cats in isolated examples.  From there it should be possible to understand and work with their language as well.

Actual mind work will require close contact which will be a challenge initially.
Humpback whales around the globe are mysteriously rescuing animals from orcas
Scientists are baffled at this seemingly altruistic behavior, which seems to be a concerted global effort to foil killer whale hunts.

Bryan Nelson

July 30, 2016

Humans might not be the only creatures that care about the welfare of other animals. Scientists are beginning to recognize a pattern in humpback whale behavior around the world, a seemingly intentional effort to rescue animals that are being hunted by killer whales.

Marine ecologist Robert Pitman observed a particularly dramatic example of this behavior back in 2009, while observing a pod of killer whales hunting a Weddell seal trapped on an ice floe off Antarctica. The orcas were able to successfully knock the seal off the ice, and just as they were closing in for the kill, a magnificent humpback whale suddenly rose up out of the water beneath the seal.

This was no mere accident. In order to better protect the seal, the whale placed it safely on its upturned belly to keep it out of the water. As the seal slipped down the whale's side, the humpback appeared to use its flippers to carefully help the seal back aboard. Finally, when the coast was clear, the seal was able to safely swim off to another, more secure ice floe.

Another event, involving a pair of humpback whales attempting to save a gray whale calf from a hunting pod of orcas after it had become separated from its mother, was captured by BBC filmmakers. You can watch the dramatic footage here:

Perhaps the most stunning aspect of this behavior is that it's not just a few isolated incidents. Humpback whale rescue teams have been witnessed foiling killer whale hunts from Antarctica to the North Pacific. It's as if humpback whales everywhere are saying to killer whales: pick on someone your own size! It seems to be a global effort; an inherent feature of humpback whale behavior.

After witnessing one of these events himself back in 2009, Pitman was compelled to investigate further. He began collecting accounts of humpback whales interacting...


The Power of Protocol Analyzers

In the complicated world of networking, problems happen. But determining the exact cause of a novel issue in the heat of the moment gets dicey. In these cases, even otherwise competent engineers may be forced to rely on trial and error once Google-fu gives out.


When Blind People Do Algebra, The Brain's Visual Areas Light Up SoylentNews

People born without sight appear to solve math problems using visual areas of the brain.

A functional MRI study of 17 people blind since birth found that areas of visual cortex became active when the participants were asked to solve algebra problems, a team from Johns Hopkins reports in the Proceedings of the National Academy of Sciences.

"And as the equations get harder and harder, activity in these areas goes up in a blind person," says Marina Bedny, an author of the study and an assistant professor in the department of psychological and brain sciences at Johns Hopkins University.

In 19 sighted people doing the same problems, visual areas of the brain showed no increase in activity.

"That really suggests that yes, blind individuals appear to be doing math with their visual cortex," Bedny says.

Can they reduce math phobia while the subjects are in the MRI machines?

Original Submission

Read more of this story at SoylentNews.


Experts found apps in Google Play serving the Overseer malware to overseas travelers Security Affairs

Google has removed from the Google Play store four apps trojanized with the Overseer malware to target overseas travelers seeking embassy information.

Google has removed from the official Google Play store four trojanized apps that targeted overseas travelers seeking embassy information and news for specific European countries.

Three apps were named “Embassy”, “European News”, “Russian News,” a fourth one was using Cyrillic. I personally consider the threat as severe because who is behind the Overseer malware is targeting foreign travelers, especially enterprise executives that had downloaded the Embassy app during their business travels.


The malicious apps were spotted in late July by security experts from the Lookout’s Security Research and Response Team, which called the threat Overseer. The mobile apps were developed to gather user information from their Android devices, including contacts, email, GPS data, device data (i.e. Model, device ID, device rooted or not).

Lookout malware experts reported the presence of the Overseer malware in the apps of the Google Play on Aug. 4, Bit G promptly removed them from the store.

The Overseer apps were downloaded 10,000 times via Google Play.

“Through close collaboration with an enterprise customer, Lookout identified Overseer, a piece of spyware we found in four apps live on the Google Play store. One of the apps was an Embassy search tool intended to help travelers find embassies abroad. The malware was also injected as a trojan in Russian and European News applications for Android.” reported a blog post published by Lookout.

The threat actors behind the app used command-and-control servers located on Facebook’s Parse Server, hosted on Amazon Web Services. This technical choice allows Vxers to avoid malicious traffic detection.

“By using the Facebook and Amazon services, the spyware makes use of HTTPS and a C&C residing in the United States on a popular cloud service. This allows it to remain hidden because it doesn’t cause Overseer’s network traffic to stand out and could potentially present a challenge for traditional network-based IDS solutions to detect,” continues the post.

Once the Overseer malware has infected the Android mobile device it would contact the C&C server to receive instructions or malicious payloads and exploits to download and execute.

“Devices infected with Overseer periodically beacon to the domain, checking whether there are any outstanding commands the attacker wants to run. Depending on the response, the malware is capable of exfiltrating a significant amount of information from an infected device. These communications are all encrypted over the wire, which hides the traffic from network security solutions.” reads the analysis published by Lookout.

The researchers from Lookout discovered more apps in the Play Store also infected with the Overseer malware, a circumstance that led them to believe that these apps were created for the purpose...


Hackers Pwn A Tesla Model S From 12 Miles Away TechWorm

Tesla Model S Remotely Controlled By Chinese Hackers From 12 Miles Away

Security experts from Chinese security firm Tencent Keen Security Lab announced on Twitter late Monday night that they had “pwned Tesla Model S remotely” by exploiting multiple flaws in the latest models running the most recent software.

Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks against a Tesla Model S P85 and 75D in a YouTube video once the vehicle is connected to malicious Wi-Fi and uses the car’s web browser. They showed how they could remotely take control of a Tesla’s brakes and apply the brakes from 12 miles away by compromising the CAN bus that controls many vehicle systems in the car.

The researchers were able to operate the door, dashboard screen, trunk, sunroof, lights, windshield wipers, wing mirror and chair – the latter being for any nefarious hacker wanting to make a passenger slightly more comfortable, against their will. Keen Security Lab’s attacks also appear to soft-brick the Tesla’s touch screen which controls much of the car’s functions.

“We have discovered multiple security vulnerabilities and successfully implemented remote, aka none physical contact, control on Tesla Model S in both Parking and Driving Mode,” Keen writes in a blog post.

“We used an unmodified car with the latest firmware to demonstrate the attack.

“As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars.

“We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.”

The Shenzhen, China-based hacking firm has withheld details of the world-first zero day attacks and privately disclosed the flaws to Tesla. Tesla said in a statement, “”Within just 10 days of receiving this report, Tesla has already deployed an over-the-air software update (v7.1, 2.36.31) that addresses the potential security issues. The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.”

“We engaged with the security research community to test the security of our products so that we can fix potential vulnerabilities before they result in issues for our customers. We commend the research team behind today’s demonstration and plan to reward them under our bug bounty program, which was set up to encourage this type of research.”

The team has planned to release details of its hacks in coming days, Keen said on Twitter.

This is not the first time that Tesla has proven to be vulnerable to hackers. In July 2015, a video was published by WIRED in which they had shown two hackers toy around with a Jeep Grand Cherokee.

The post Hackers Pwn A Tesla Model S From 12 Miles Away appeared first on TechWorm.



Fujitsu Laboratories and the Fraunhofer Heinrich Hertz Institute HHI today announced the development of a new method to simultaneously convert the wavelengths of wavelength-division-multiplexed signals necessary for optical communication relay nodes in future wavelength-division-multiplexed optical networks, and have successfully tested the method using high-bandwidth signal transmission in the range of 1 Tbps.

The researchers assert the method will boost signal throughput.

Original Submission

Read more of this story at SoylentNews.


These laceless running shoes use BMW car technology TechWorm

BMW designs laceless running shoes that use car technology

Some of the best cars in the industry are manufactured by BMW. This time, Designworks, a BMW group company, has joined forces with Puma to come up with an inventive running shoe called X-Cat DISC.

“The approach was to look at every aspect of making a shoe and try to reimagine it. Freeing yourself of what is here now can be an enjoyable and rewarding exercise, typically it also speeds up change”, says Adrian van Hooydonk, Senior Vice President BMW Group Design.

BMW Group Design had introduced the BMW GINA Light Visionary Model – a concept car with a seamless fabric outer shell in the year 2008, which consisted of a flexible material stretched over a movable substructure where functions were only enabled when actually needed.

Based on the same concept, X-Cat DISC has an exterior made of flexible, ergonomic and lightweight GINA material, which can be comfortably wrapped around the feet. The original automotive material has been re-engineered to ensure that it is breathable and durable to fit the needs of a shoe. These shoes don’t have laces. Instead, it uses rotating discs that pulls internal wires to close and open the shoes. Inspired by interconnecting gears, the sole design provides engineered flexibility and interlinked stability.

X-Cat DISC is available at a price of $135 and is being sold by Puma.

The post These laceless running shoes use BMW car technology appeared first on TechWorm.


Air Force Base Wildfire Postpones Hi-Res Satellite Launch SoylentNews

A wildfire burning at a central California Air Force base on Sunday forced the postponement of a satellite launch, officials said.

An Atlas 5 rocket was to carry a satellite known as WorldView-4 into orbit from Vandenberg Air Force Base. The satellite is designed to produce high-resolution images of Earth from space.

The fire burning in a remote canyon didn't immediately threaten the space launch complex, Col. Paul Nosek said on the base's Facebook page. But he said firefighters needed to be redeployed from stand-by at the launch because of the blaze.

Original Submission

Read more of this story at SoylentNews.


Abigail Cabunoc Mayes: How to Bring Open Source to a Closed Community FOSS Force

One of the things we took away from this talk is that open source can be fun — and that’s a good thing.

The Video Screening Room

Abigail Cabunoc Mayes, who works for the Mozilla Foundation as the lead developer for open source engagement, recently gave a lively talk explaining open source inclusion practices. View this engaging video here.

You’ll learn lots of useful tips, as well as being introduced to a wide array of people working on open source projects. I’m following twenty new people on Twitter as a result of watching this talk — and my head is now spinning — in a very positive way. Love those folks in Detroit working on open source social justice projects.

Pass along word to others you know who would be interested in this.

The post Abigail Cabunoc Mayes: How to Bring Open Source to a Closed Community appeared first on FOSS Force.


Researchers Hack Tesla Model S with Remote Attack

Via: PC World: Tesla Motors is considered one of the most cybersecurity-conscious car manufacturers in the world—among other things, it has a bug bounty program. But that doesn’t mean the software in its cars is free of security flaws. Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them […]


CVE request:Exponent CMS 2.3.9 Unrestricted File Upload RCE and Local File include vulnerability Open Source Security

Posted by DM_ on Sep 20


This is YongXiao Ma of Silence's PKAV Team. I reported some security issues to ExponentCMS some days ago.

# Test environment
exponent version: latest 2.3.9
php: 5.5.x
server: apache 2.2.x

# Details

1. Unrestricted File Upload
there is a unrestricted file upload issue at framework/modules/forms/controllers/formsController.php and the upload
file is located at /tmp/, where php script can be executed.

although we dont know file name,...


California bill will cut greenhouse emissions – from cows Pipedot

California's Gov. Jerry Brown signed legislation Monday to reduce a variety of pollutants, from hydrofluorocarbons (HFCs) used in aerosol and air conditioning refrigerants, black carbon from diesel trucks, to methane from cows. Livestock contribute about 14.5 percent of global greenhouse-gas emissions, methane accounts for about 44 percent of that, of which cows contribute the lion’s share. Cows release most of their methane directly by belching and flatulence, but approximately one third comes from their manure.

In California, dairy farmers will be required to reduce methane emissions from manure to 40 percent below their 2013 levels by 2030. They will receive $50 million from the fees the state collects from polluters through its cap-and-trade program. The funding will go toward buying methane digesters, which generate energy from the methane in manure. The energy will be sold to electrical utilities. The law also allows the Air Resources Board to regulate cow flatulence in the future, if and when a practical technology exists to reduce it. If successful, it could inspire other nations to follow suit. The United States is behind India as the largest dairy producer in the world.


How to Disable Same Origin Policy on Chrome and IE browser The Geek Stuff

For web application security all the modern browsers strictly follows a policy called “same origin policy”. What is “Same Origin Policy”? According to this policy a web page script can access data of another web page or can interact with it only if the origin of both them are same. When we say origin here, […]


Arcade Button Pressing Game Hackaday

When every month brings out a fresh console blockbuster game that breaks new boundaries of cinematic immersion in its gameplay, it’s easy to forget that sometimes the simplest of game interfaces can be rewarding.

Hele Norges Knapp” (“All of Norway’s Button”), is a good example. As you might expect, it’s a button, a large arcade-style one, and the gameplay is simple. Press the button as many times as you can in 30 seconds. It’s a project from Norwegian Creations, and it was produced as a promotion that toured the country for one of Norway’s debit card payment systems.

The blog post and video is frustratingly light on hardware or software details, and their is nothing about it in their GitHub presence. But they tell us that at its heart is a Teensy 3.2 with an audio board, driving the big 7-segment displays for the scoreboard and the WS2801 LED lighting.

The button itself is Adafruit’s 100mm Massive Arcade Button, and given that it was pressed over a million times by eager Norwegians it would seem this project has proved its robustness.

There hasn’t been anything quite like this game here before. We think it would make a great festival installation, like Fire Pong, or the life-size Katamari Damacy ball.

Filed under: hardware


[$] The NTP pool system

NTP, the Network Time Protocol, quietly and without much fuss performs the critical internet function of knowing the correct time. Using it, a computer with imperfect communications links may join a distributed community of servers, each of which is either directly attached to a reliable clock, or is trying to best synchronize its clock to one or more better-synchronized members of the community. The NTP pool system has arisen as a method of providing such a community to the internet; it works well, but is not without its challenges.


LinkNYC discovers the social problems of free Wi-Fi on city streets Pipedot

New York City’s cutting edge public Wi-Fi project, LinkNYC has hit some stumbling blocks. After continued complaints about people viewing pornography and other inappropriate content, on September 14 LinkNYC completely turned off browsing capabilities for the tablets installed in each kiosk. Their main functionality—free public Wi-Fi, phone calls, map functions, and USB charging ports has not changed. LinkNYC notes that “The kiosks were never intended for anyone’s extended, personal use.”

Many people continued to browse the web using their own device, tethered to the kiosks’ free Wi-Fi and charging ports, seemingly allowing continued misuse that LinkNYC is trying to prevent. While the city's desire to provide the city’s under-served with access to an important utility is admirable, they do not want the social problems to be visibly manifesting on street corners. The “home offices” being improvised on street corners with homeless and loiterers camped out on overturned newspaper stands around the city, does not seem to be exactly what the city had it mind when it pledged to help break down the digital divide.


2000-Year-Old Skeleton Found on Antikythera Shipwreck SoylentNews

Researchers have found a skeleton on the Antikythera shipwreck and will attempt to extract DNA from it:

The researchers are on the tiny Greek island of Antikythera, a 10-minute boat ride from the wreckage of a 2,000-year-old merchant ship. Discovered by sponge divers in 1900, the wreck was the first ever investigated by archaeologists. Its most famous bounty to date has been a surprisingly sophisticated clockwork device that modelled the motions of the Sun, Moon and planets in the sky — dubbed the 'Antikythera mechanism'. But on 31 August this year, investigators made another groundbreaking discovery: a human skeleton, buried under around half a metre of pottery sherds and sand. "We're thrilled," says Brendan Foley, an underwater archaeologist at Woods Hole Oceanographic Institution in Massachusetts, and co-director of the excavations team. "We don't know of anything else like it."

[...] The skeleton uncovered in August consists of a partial skull with three teeth, two arm bones, several rib pieces and two femurs, all apparently from the same person. Foley's team plans further excavations to see whether more bones are still under the sand. That so many individuals have been found at Antikythera — when most wrecks yield none — may be partly because few other wrecks have been as exhaustively investigated. But the researchers think it also reveals something about how the ship sank. This was a huge vessel for its time, perhaps more than 40 metres long, says Foley, with multiple decks and many people on board. The wreck is close to shore, at the foot of the island's steep cliffs. He concludes that a storm smashed the ship against the rocks so that it broke up and sank before people had a chance to react. "We think it was such a violent wrecking event, people got trapped below decks."

Original Submission

Read more of this story at SoylentNews.


Create an Open Source AWS S3 server

Create an Open Source AWS S3 server



CVE request:Exponent CMS 2.3.9 Arbitrary File Upload vulnerability in expFile.php Open Source Security

Posted by Carl Peng on Sep 20

Hi, I reported the following Arbitrary File Upload vulnerability to the
ExponentCMS team on Sep 13, 2016:
if (!empty($this->params['folder']) || (defined('QUICK_UPLOAD_FOLDER') &&
// prevent...


CVE request:Exponent CMS 2.3.9 xss vulnerability in worldpay Open Source Security

Posted by Carl Peng on Sep 20

Hi, I reported the following Cross Site Scripting vulnerability to the
ExponentCMS team on Sep 16, 2016:
line 7-11:
<meta http-equiv="refresh" content="2;url=<?php echo URL_FULL;
?>cart/preprocess?transStatus=<?php echo $_POST["transStatus"];
?>&transId=<?php echo $_POST["transId"]; ?>"> //xss


Wayland 1.12 Officially Released Phoronix

While it's coming a few days later than anticipated, Wayland 1.12 along with the adjoining Weston 1.12 compositor update is now officially available...


CVE request for vulnerability in OpenStack Nova Open Source Security

Posted by Tristan Cacqueray on Sep 20

A vulnerability was discovered in OpenStack (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public, although
an advisory was not sent yet.

Title: Nova may fail to delete images in resize state regression
Reporter: Rajesh Tailor (Red Hat)
Products: Nova
Affects: ==13.0.0

Rajesh Tailor from Red Hat reported a vulnerability in Nova. If...


Australian Universities Drop Tech Services to Dodge Metadata Retention Obligation SoylentNews

When Australia's federal government finally revealed who had been given money to help pay for metadata retention efforts The Register was surprised to see eight Universities on the list.

So we've asked around and figured out why.

Universities have a metadata retention obligation thanks to the Section 187B(a) of the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 which explains that service providers other than carriers and ISPs don't have to retain metadata the comms service they provide: (i)  is provided only to a person's immediate circle (within the meaning of section 23 of the Telecommunications Act 1997); or (ii)  is provided only to places that, under section 36 of that Act, are all in the same area; and

"Immediate circle" includes staff and students, so WiFi for students doesn't create a metadata retention obligation for the university, although of course the University's internet service provider does have that obligation.

Anne Kealley, CEO of the Council of Australian University Directors of Information Technology (CAUDIT), told The Register that entities like a campus bookstore or privately-funded research outfit with on-campus offices fall outside the immediate circle. That kind of outfit often resides in university buildings and has little alternative other than to use university-provided telephony services. Contractors and charities are also beyond the immediate circle. And so are services like email accounts provided to alumni.

Hence Universities' metadata retention obligations.

[...] Australia has 43 accredited universities. It is unclear how many had no metadata retention obligations and how many found ways to avoid those obligations.

Original Submission

Read more of this story at SoylentNews.


Classing Up a RetroPie Arcade With a Wine Barrel Hackaday

Arcade cabinets are a lot of fun, and something most of us would probably like in our homes. Unfortunately, space and decor constraints often make them impractical. Or, at least, that’s what our significant others tell us. Surely there must be a workaround, right?

Right! In this case, the workaround [sid981] came up with was to build a RetroPie arcade into a fancy looking wine barrel. The electronics are pretty much what you’d expect for a RetroPie system, and the screen is set into the top of the barrel. Control is handled by a wireless controller that can be tucked away when it’s not in use, and a glass top simultaneously protects the screen and lets guests use the barrel as a bar table.

Overall, it’s a really classy alternative to putting an arcade cabinet in the corner, and has the added benefit of doubling as a handy place to put your drinks. We’ve seen nifty builds in the past that accomplish a similar goal using coffee tables, but we think the aesthetic appeal of the wine barrel makes this a pretty awesome choice too.

[via r/diy]

Filed under: home entertainment hacks


Anonymous Targets Italian Healthcare Sites Against ADHD Treatment HackRead

By Waqas

Anonymous defaced four Italian healthcare websites and also dumped data

This is a post from Read the original post: Anonymous Targets Italian Healthcare Sites Against ADHD Treatment


APPLE-SA-2016-09-20-6 tvOS 10 Bugtraq

Posted by Apple Product Security on Sep 20

APPLE-SA-2016-09-20-6 tvOS 10

The tvOS 10 advisory has been released to describe the entries below:

Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added...


Graphene Nanoribbons Show Promise for Healing Spinal Injuries SoylentNews

The combination of graphene nanoribbons made with a process developed at Rice University and a common polymer could someday be of critical importance to healing damaged spinal cords in people, according to Rice chemist James Tour.

[...] "We've developed a way to add water-solubilizing polymer chains to the edges of our nanoribbons that preserves their conductivity while rendering them soluble, and we're just now starting to see the potential for this in biomedical applications," he said. He added that ribbonized graphene structures allow for much smaller amounts to be used while preserving a conductive pathway that bridges the damaged spinal cords.

Tour said only 1 percent of Texas-PEG consists of nanoribbons, but that's enough to form a conductive scaffold through which the spinal cord can reconnect.

Texas-PEG succeeded in restoring function in a rodent with a severed spinal cord in a procedure performed at Konkuk University in South Korea by co-authors Bae Hwan Lee and C-Yoon Kim. Tour said the material reliably allowed motor and sensory neuronal signals to cross the gap 24 hours after complete transection of the spinal cord and almost perfect motor control recovery after two weeks.

The graphene nano-ribbons provide a conducting scaffold that allow spinal cords to reconnect.

Original Submission

Read more of this story at SoylentNews.


Overnight Tech: GOP says internet fight isn't over | EU chief defends Apple tax ruling | Feds roll out self-driving car guidelines | Netflix's China worries The Hill: Technology Policy

LEDE: We're nine days out from the Obama administration's planned handover for oversight of the internet domain name system to an international body. Or, "that ICANN thing," for short.And jst when it looked like the issue might be put to rest...


APPLE-SA-2016-09-20-5 watchOS 3 Bugtraq

Posted by Apple Product Security on Sep 20

APPLE-SA-2016-09-20-5 watchOS 3

The watchOS 3 advisory has been updated to include additional entries
as noted below.

Available for: All Apple Watch models
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University...


APPLE-SA-2016-09-20-4 macOS Server 5.2 Bugtraq

Posted by Apple Product Security on Sep 20

APPLE-SA-2016-09-20-4 macOS Server 5.2

macOS Server 5.2 is now available and addresses the following:

Available for: macOS 10.12 Sierra
Impact: A remote attacker may be able to proxy traffic through an
arbitrary server
Description: An issue existed in the handling of the HTTP_PROXY
environment variable. This issue was addressed by not setting the
HTTP_PROXY environment variable from CGI.
CVE-2016-4694 : Dominic Scheirlinck and Scott...



APPLE-SA-2016-09-20-3 iOS 10 Bugtraq

Posted by Apple Product Security on Sep 20

APPLE-SA-2016-09-20-3 iOS 10

The iOS 10 advisory has been updated to include additional entries as
noted below.

Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved...


APPLE-SA-2016-09-20-2 Safari 10 Bugtraq

Posted by Apple Product Security on Sep 20

APPLE-SA-2016-09-20-2 Safari 10

Safari 10 is now available and addresses the following:

Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618 : an anonymous researcher...



Date-Rape Drink Spiking 'an Urban Legend' in UK SoylentNews

Submitted via IRC for TheMightyBuzzard


Widespread spiking of drinks with date-rape drugs such as Rohypnol and GHB is an "urban legend" fuelled by young women unwilling to accept they have simply consumed too much alcohol, academics believe. A study of more than 200 students revealed many wrongly blamed the effects of a "bad night out" on date-rape drugs, when they had just drunk excessively.

Many are in "active denial" that drinking large amounts of alcohol can leave them "incoherent and incapacitated", the Kent University researchers concluded. Young women's fears about date-rape drugs are so ingrained that students mistakenly think it is a more important factor in sexual assault than being drunk, taking drugs or walking alone at night.

The study, published in the British Journal of Criminology, found three-quarters of students identified drink spiking as an important risk – more than alcohol or drugs. More than half said they knew someone whose drink had been spiked.

But despite popular beliefs, police have found no evidence that rape victims are commonly drugged with such substances, the researchers said.

Dr Adam Burgess from the university's School of Social Policy, Sociology and Social Research, said: "Young women appear to be displacing their anxieties about the consequences of consuming what is in the bottle on to rumours of what could be put there by someone else.

Original Submission

Read more of this story at SoylentNews.


GOP follows Reddit clues in Clinton search The Hill: Technology Policy

Republicans are seizing on an archived Reddit post to raise new questions about whether Hillary Clinton's emails were destroyed despite being under a congressional subpoena. Two House committees have pulled alleged information uncovered by...


Reid blasts Cruz over internet fight The Hill: Technology Policy

Senate Minority Leader Harry Reid (D-Nev.) blasted Sen. Ted Cruz (R-Texas) for trying to tie a fight over management of the internet to a short-term government funding bill with an Oct. 1 deadline. "It's not [time for] a big debate for talking...


LEGO Looper Makes Modular Music Hackaday

This LEGO synth made by [Rare Beasts] had us grinning from ear to ear.

It combines elements from LEGO Mindstorms with regular blocks in order to make music with color. A different music sample is assigned to each of five colors: red, blue, green, yellow, and white. The blocks are attached to spokes coming off of a wheel made with NXT an EV3. As the wheel turns, the blocks pass in front of a fixed color sensor that reads the color and plays the corresponding sample. The samples are different lengths, so changing the speed of the wheel makes for some interesting musical effects.

As you’ll see in the short video after the break, [Rare Beasts] starts the wheel moving slowly to demonstrate the system. Since the whole thing is made of LEGO, the blocks are totally modular. Removing a few of them here and there inserts rests into the music, which makes the result that much more complex.

LEGO is quite versatile, and that extends beyond playtime. It can be used to automate laboratory tasks, braid rope, or even simulate a nuclear reactor. What amazing creations have you made with it? Let us know in the comments.

Filed under: musical hacks


Florida Man Sues Samsung Over Galaxy Note 7 that Exploded in His Pants SoylentNews

Samsung is facing a lawsuit from a Galaxy Note 7 owner who endured an exploding phone in his pants just hours before Samsung began to cooperate with the US Consumer Product Safety Commission on an official recall:

After news emerged that Samsung had received 92 reports in the US about the battery in its Galaxy Note 7 phone overheating -- including 26 cases involving burns -- it seemed only time before someone would contact a lawyer.

Now, Reuters reports, 28-year-old Jonathan Strobel of Boca Raton, Florida, has filed what may be the first lawsuit in the US involving the Note 7's combustible battery. Strobel's suit, filed Friday, says his Note 7 exploded in his front pants pocket on September 9. This allegedly happened in a Costco in Palm Beach Gardens, where Strobel works. "His right thigh has a deep second-degree burn the size of the phone," Keith Pierro, Strobel's lawyer, told me, adding that Strobel's left hand was also burnt. (He apparently reached for his overheating phone with his opposite hand.)

The Palm Beach Post reported that Palm Beach Gardens Fire Rescue described the phone as having melted inside Strobel's pants.

The complaint says that Strobel suffered "sustained serious and permanent bodily injuries resulting in pain and suffering, permanent impairment, disability, mental anguish, inconvenience, loss of the enjoyment of life, expense of medical care and treatment, expense of hospitalization, lost wages, and ability to earn wages in the past and to be experienced in the future."

Original Submission

Read more of this story at SoylentNews.


Federal Trade Commission members to testify before Senate panel The Hill: Technology Policy

The members of the Federal Trade Commission are heading up to Capitol Hill.The Senate Commerce Committee will host a hearing next week featuring the commission’s chairwoman, Edith Ramirez, as well as Commissioners Maureen Ohlhausen and Terrell...


Re: Possible CVE for TLS protocol issue Open Source Security

Posted by cve-assign on Sep 20

Our initial thought is that the essence of the issue is stated very
near the end of section 5.3 of the
document: "can derive the same master secret MS just by engaging in
the exact same computation." We are not sure whether it makes sense to
assign a CVE ID to a mathematical fact of that form. The vulnerability
seems to be that the TLS protocol definition...



Campos: WebKitGTK+ 2.14

Carlos Garcia Campos takes a look at the latest stable release of WebKitGTK+. "[The threaded compositor] is the most important change introduced in WebKitGTK+ 2.14 and what kept us busy for most of this release cycle. The idea is simple, we still render everything in the web process, but the accelerated compositing (all the OpenGL calls) has been moved to a secondary thread, leaving the main thread free to run all other heavy tasks like layout, JavaScript, etc. The result is a smoother experience in general, since the main thread is no longer busy rendering frames, it can process the JavaScript faster improving the responsiveness significantly." This release is also considered feature complete in Wayland.


Like Big Tobacco Lobbyists, Benoît Battistelli and Team UPC Are Just Chronically Lying and Manipulating Politicians With Their Lies Techrights

Thank you for smoking! It’s good for your health. Honest.

Cigarettes in an ashtray

Summary: Benoît Battistelli and Team UPC continue to meddle in politics and mislead the public (through the press) about patent quality as well the UPC, which is now in effect sunk inside the ashtray of history

PATENT law firms from Europe and abroad are conspiring against democracy using echo chambers that discuss the UPC. They set up private events, they pressure politicians behind closed doors, and they’re stuffing panels so as to ensure no dissent is publicly visible. This mirrors a lot of what we find in CETA, TISA, TTIP, TPP and so on. Watch what EPO and Battistelli have been doing regarding the UPC as of late. It’s the same thing European politicians now do for so-called trade deals. It’s truly appalling and it has got to be stopped. It makes EPO management look as crooked as can be. It harms the image of the Office and tarnishes the reputation it so heavily relies on. Battistelli is truly destructive and delusional (by his own choice); insiders know it and it’s hardly shocking that he has a 0% approval rating among staff.

At the EPO, particularly under Battistelli, open tenders are a joke. We wrote several articles which help illustrate it. According to this tweet (we don’t wish to link directly to the EPO’s Web site as it can facilitate spying/tracking), “[c]ivil maintenance suppliers interested in bidding for tenders on the new EPO building should join us for this event” (as if they will get a fair tender under Battistelli!).

“Battistelli is truly destructive and delusional (by his own choice); insiders know it and it’s hardly shocking that he has a 0% approval rating among staff.”Meanwhile, judging by what we see from Andrew Chung (who offered a platform for the liar last week), Battistelli continues to meddle in everything. He thinks he’s the God of Europe, which helps explain the vanity with which he responds to European politicians who inquire about his abuses. “Q&A: Benoît Battistelli, top European patent official, on patent eligibility and Brexit” is the title of the latest piece from Chung and as one can expect, no fact-checking or plurality of views is permitted. The liar just keeps lying about everything.

Expect the EPO to have already sunk to USPTO levels of patent ‘quality’ (we have new material on the way with which to demonstrate this) and expect Brexit to have already killed UPC. It’s the consensus, unless one asks Team UPC, which is another bunch of chronic liars. They lie for a reason as they still have some hope and projecting this hope, th...


MakerBot Releases Their 6th Generation Of 3D Printers Hackaday

Just in time for the back to school and holiday season, Makerbot has released their latest line of printers. The latest additions to the lineup include the new Makerbot Replicator+ and the Makerbot Replicator Mini+.

The release of these new printers marks MakerBot’s first major product release since the disastrous introduction of the 5th generation of MakerBots in early 2014. The 5th generation of MakerBots included the Replicator Mini, priced at $1300, the Replicator, priced at $2500, and the Replicator Z18, priced at $6500. Comparing the build volume of these printers with the rest of the 3D printer market, these printers were overpriced. The capabilities of these printers didn’t move many units, either (for instance, the printers could only print in PLA). Makerbot was at least wise enough to continue building the 4th generation Replicator 2X, a printer that was capable of dual extrusion and printing more demanding filaments.

The release of the Makerbot Replicator+ and the Makerbot Replicator Mini+ is the sixth generation of MakerBot printers and the first generation of MakerBot’s manufactured overseas. This new generation is a hardware improvement on several fronts and included a complete redesign of the Makerbot Replicator and the Replicator Mini. The Replicator Mini+ features a 28% larger build volume than the original MakerBot Replicator Mini and an easily removable Grip Build Surface that can be flexed to remove a printed part. The Replicator+ features a 22% larger build volume than the MakerBot Replicator and a new Grip Build Surface. The Replicator Mini+ is $1000 ($300 cheaper than its predecessor), and the Replicator+ is $2000 ($500 less expensive). Both new printers, and the old Replicator Z18, now ship with the improved Smart Extruder+.

Earlier this year, we wrote the Makerbot Obituary. From the heady days of The Colbert Report and an era where 3D printing would solve everything, MakerBot has fallen a long way. In the first four months of 2016, MakerBot only sold an average of about fifteen per day, well below the production estimated from the serial numbers of the first and second generation Makerbots, the Cupcake and Thing-O-Matic.

While this latest hardware release is improving the MakerBot brand by making the machines more affordable and giving the software some features which aren’t in the usual Open Source slicers, it remains to be seen if these efforts are enough. Time, or more specifically, the Stratasys financial reports, will tell.

Filed under: 3d Printer hacks, news


Fake FedEx ‘missed delivery’ emails infecting devices with ransomware HackRead

By Agan Uzunovic

FedEx is often used by scammers to send spam emails

This is a post from Read the original post: Fake FedEx ‘missed delivery’ emails infecting devices with ransomware


Town Loses Gigabit Connections after FCC Municipal Broadband Court Loss SoylentNews

TechDirt reports

Wilson, North Carolina's Greenlight [publicly-owned ISP], has had to disconnect one neighboring town or face violating state law. With state leaders tone deaf to the problem of letting incumbent ISPs write such laws, and the FCC flummoxed [by a federal court] in its attempt to help, about 200 home Internet customers in [the town of] Pinetops will thus lose access to gigabit broadband service as of October 28

[...] Greenlight's fiber network provides speeds of 40Mbps to 1Gbps at prices ranging from $40 to $100 a month, service that's unheard of from any of the regional incumbent providers (AT&T, CenturyLink, Time Warner Cable) that lobbied for the protectionist law. Previously, the community of Pinetops only had access to sluggish DSL Service from CenturyLink.

Muni ISP forced to shut off fiber-to-the-home Internet after court ruling (Ars Technica)

Previous: Appeals Court Rules the FCC Cannot Override State Laws Banning Municipal ISPs

Original Submission

Read more of this story at SoylentNews.


The EPO’s ‘Investigative’ Function is Totally Out of Control and Continues to Get Bigger, Whitewashed by So-called ‘Review’ Techrights

Like his political ilk in France, Battistelli is a “big government” proponent who does not mind even torturing people (as if his personal ends justify the means)

Gestapomen following the white buses

Summary: An update on the situation which still causes great unrest at the European Patent Office (EPO), namely abuse of staff by the so-called Investigative Unit (Eponia’s equivalent of unaccountable secret services)

An article about the EPO’s Investigative Unit has been long overdue. It’s like the goons or thugs of the Office, or the militant guards of Team Battistelli, which are complemented by a fleet of bodyguards in spite of low threat levels. Staff is subjected to scans as though it is boarding a plane and sometimes subjected to psychological torture. Almost everyone we hear from says that working for the EPO is a nightmare if not torture; some seriously think about leaving. They can’t take it anymore. It wasn’t always the case; Battistelli made it so. Over the past couple of years the EPO has been acting like a frightened state with secret services and armed bodyguards, not like a public service or institution. We already published a series of articles about it last year [1, 2, 3, 4, 5, 6, 7]. Nothing at all has changed for the better; in fact, things have gotten even worse. Things continue to exacerbate and lying has become so chronic that next month there will be a whole “report” and “conference” to tell the world that EPO staff is happy. Even North Korea has not yet stooped this low…

“External quality review of the EPO investigative function” was not too long ago sought by particular EPO workers. “The administration has started an “external quality review of the EPO investigative function”,” they wrote, and one “can find an in-depth analysis of the investigation guidelines and the functioning of the Unit…”

We have made a local copy of it [PDF]. The document is 14 pages long so we haven’t converted it to HTML. Instead, “short o...


A Look At The Exciting Features/Improvements Of GNOME 3.22 Phoronix

If all goes well, GNOME 3.22 will be officially released tomorrow, 21 September. Here is a recap of some of the new features and improvements made over this past six month development cycle plus some screenshots of the near-final desktop that will power the upcoming Fedora 25 Workstation.


Facebook to partner with network for debate broadcasts The Hill: Technology Policy

Facebook will partner with ABC News for coverage of this fall's presidential debates, expanding the company’s involvement in the upcoming clashes between the Republican and Democratic candidates.ABC News will use Facebook Live, its streaming...


Expose your Raspberry Pi on Any Network Hackaday

Everyone’s talking about the Internet of Things (IoT) these days. If you are a long-time Hackaday reader, I’d imagine you are like me and thinking: “so what?” We’ve been building network-connected embedded systems for years. Back in 2003, I wrote a book called Embedded Internet Design — save your money, it is way out of date now and the hardware it describes is all obsolete. But my point is, the Internet of Things isn’t a child of this decade. Only the name is.

The big news — if you can call it that — is that the network is virtually everywhere. That means you can connect things you never would have before. It also means you get a lot of data you have to find a reason to use. Back in 2003, it wasn’t always easy to get a board on the Internet. The TINI boards I used (later named MxTNI) had an Ethernet port. But your toaster or washing machine probably didn’t have a cable next to it in those days.

Today boards like the Raspberry Pi, the Beagle Bone, and their many imitators make it easy to get a small functioning computer on the network — wired or wireless. And wireless is everywhere. If it isn’t, you can do 3G or 4G. If you are out in the sticks, you can consider satellite. All of these options are cheaper than ever before.

The Problem

There’s still one problem. Sure, the network is everywhere. But that network is decidedly slanted at letting you get to the outside world. Want to read CNN or watch Netflix? Sure. But turning your computer into a server is a little different. Most low-cost network options are asymmetrical. They download faster than they upload. You can’t do much about that except throw more money at your network provider. But also, most inexpensive options expose one IP address to the world and then do Network Address Translation (NAT) to distribute service to local devices like PCs, phones, and tablets. What’s worse is, you share that public address with others, so your IP address is subject to change on a whim.

What do you do if you want to put a Raspberry Pi, for example, on a network and expose it? If you control the whole network, it isn’t that hard. You usually use some kind of dynamic DNS service that lets the Pi (or any computer) tell a well-known server its current IP address (see figure below).


That well-known server answers DNS requests (the thing that converts into a real IP address). Now anyone can find your Pi. If you have a firewall in hardware and/or software (and it is a good bet that you do), you’ll also have to open the firewall port and tell the NAT router that you want to service traffic on the given port.

Alien Networks

That’s fine if you are at home and you control all of your network access and hardware. But suppose you don’t know for sure where your system will deploy. For example, perhaps you will use your box at different traffic intersections over a 3G modem. Or maybe you have built a smart picture frame to put in a hospital or nursing home and you want access over the institution’s WiFi.

Granted, you can handle that as a system design problem. For the hypothetical picture frame, maybe it checks a web server on the public Internet periodically for new content. Sure. You can do that. Until you need to ssh into the box to make some updates. Sometimes you just need to get to the box in question.


There are a few options for cases like this. NeoRouter has software for many platforms that can create a virtual private network (VPN) that appears to be a ne...


21 Open Source Projects for IoT

The Internet of Things market is fragmented, amorphous, and continually changing, and its very nature requires more than the usual attention to interoperability. It’s not surprising then, that open source has done quite well here -- customers are hesitant to bet their IoT future on a proprietary platform that may fade or become difficult to customize and interconnect.


European Commissioner defends Apple decision The Hill: Technology Policy

A member of the European Commission is defending the group’s recent ruling that Apple must pay $14.5 billion in owed taxes, as well as the commission’s antirust investigations of other U.S. multinationals. In an interview with Recode released...


White House rolls out guidelines for self-driving cars The Hill: Technology Policy

The White House has released the first-ever guidelines on self-driving cars, marking a major milestone toward getting autonomous vehicles on U.S. roads.The highly anticipated policy plan unveiled by the Department of Transportation (DOT) on Tuesday...


Netflix chief sees little progress on expanding into China The Hill: Technology Policy

Netflix’s CEO said on Tuesday that the company has not seen any progress toward its goal of expanding into China, according to Reuters.“Same [problem] it has always been — government permissions, we got to get a specific license in China,” Reed...

Tuesday, 20 September


Do software engineers from India’s famed IITs really get 2 crore ($300,000) per year package? TechWorm

Do software engineering students at IITs really get a package of 2 crores ($300,000) from Facebook, Google?

We often read in newspapers that the students from the elite IITs have been offered a job package of Rs.2 crores ($300,000) during campus placement. Is there any truth in that? Through this article, we sift through various sources like Quora, Reddit, etc. to see whether tech behemoths like Facebook, Google, Oracle, etc. really offer such extravagant salary packages to students during campus placement from the elite Indian engineering institutions called IITs.

First of all, not all students are offered such awesome salary package.  Those actually offered such $300,000 per year package are the cream of the crop and are in the top 100 students from IIT from a total 30,000 odd who pass out every year. For the rest of the IIT grads, the average on-campus job placement offer is much less. Neha Singh who has passed out of IIT, Roorkee says on Quora that the median salary offered by the tech companies is anywhere between Rs.10 lakhs ($15,000) to Rs.20 Lakhs ($30,000).

Another student from IIT, Madras says that the whole Rs.2.00 crore news is a myth.  “I am from IIT Madras and even students at IIT’s are amazed after knowing about 2 crore wala viral news because the number may sum up more than half the IITians packages in that placement season,” he says.

Another Quora user gives a perfect answer to the whole Rs.2 crore placement offer for IIT elite students. Rounak Banik says that given the rate of conversation, the Rs.2 crore package is not a big deal because, after the placement, the IIT student is expected to locate to the United States.

Rounak says that the Rs.2 crore job offer is a mediocre one considering how much western counterparts with similar skill sets earn. He says that considering most of the tech firms are situated in areas like San Fransisco, the Rs.2 crore offer seems puny considering the high cost of living.

Here is Rounak’s justification for the $300,000 per year on-campus placement package given to IIT students :

Entry level software engineers to these companies are usually paid around $100,000 dollars an annum (which is 60 lacs). The ‘2 crore package’ news that you see is nothing but a hyperinflation, taking stock bonuses, joining bonus and relocation bonus all into one.

With $100,000 in a place like San Francisco, you’ll struggle to make ends meet if you go in with a mindset of living the extravagant life. Out of the $100k, around $35–40k will go as taxes. That leaves you with around $60k.

SF Bay Area has one of the highest rent rates in the world. Even to rent a hut, you’ll have to shell out at least $20k a year. A decent house with all basic amenities will cost you around $30k. And forget about getting a new house. The minimum salary that can sustain the mortgage payments for the cheapest of houses in SF is $170,000; which is 70% more than what you earn. It’ll take you at least 5 years to command that kind of salary.

So, you’re left with $30k now. Labor is insanely costly in the United States. You’ll be paying people between $10 and $15 an hour for tasks such as plumbing, carpentering, mowing the lawn etc. There is no way you could afford a maid or a domestic worker with that kind of salary so expect to do all the cooking, cleaning and laundry yourself.

Even if you live on a frugal diet and spend very little on third party labor, the maximum you’ll end up saving is $2–3k. And if you’re the kind of person who likes spending the weekends out partying, then you won’t be left with even that. No wonder the Americans have close to zero lifetime savings.

So, if you think getting a job at one of these MNCs will make you rich beyond imagination, think again. It is only the be...


This seven-year-old boy is the world’s youngest computer programmer TechWorm

Seven-year-old British-Pakistani boy becomes the world’s youngest computer programmer

In the world where even the adults struggle with codes, a teen prodigy has broken all records to become the youngest programmer in the world. Imagine a seven-year-old sitting on a computer, sifting through Java and C++, young Shahzad does exactly that.

A British boy of Pakistani origin has become the world’s youngest qualified computer programmer at the age of seven, a media report claimed.

Muhammad Hamza Shahzad, resident of Handsworth area in Birmingham has been trained by his father Asim Shahzad, who works with an American IT firm.

“I want to be Bill Gates,” he told Birmingham Mail.

This is not the first time when Hamza has set a world record. Last year at the age of six, he had become the world’s youngest Microsoft Office Professional (MOP) by passing three latest Microsoft Office exams which include MS Word 2013, MS PowerPoint 2013 and MS Excel 2013, The News reported.

In an exam, where candidates needed 700 points to get the desirable certificate, Hamza has scored 757, a Microsoft spokesperson said. As a result, his recent qualification authorises him to become a qualified programmer to pass MS exam “98-361 Software Development Fundamentals”.

“He can easily create Web App and manages to develop his own basic shopping cart app,” he said.

“He has got his hands dirty in Windows desktop App, console App, windows services, Web services and finds it really fun to develop simple console based game applications.

“He can explain about heap, stack, memory management, data structures perhaps better than many experienced programmers,” the spokesperson added.

Humza’s parents Asim Shahzad and Seemab Asim told The News that computing skills come naturally to their son and they never pressurize him to learn.

Humza’s parents said that they were proud, as their son has made a world record. They said they have worked with him to develop his own interest but he takes his own initiatives and comes up with new ideas in the process.

Humza, who was born in Lahore in 2009 moved to London in 2011 along with his parents after his father got a job in an IT firm.

Speaking about Humza, a Microsoft official said: “He is so skilled at the age of 7 and can easily create all kind of computer applications and manages to develop his own basic shopping cart app. He has got his hands dirty in Windows desktop App, console App, windows services, Web services and finds it really fun to develop simple console based game applications.”

“He can explain about object oriented programming, heap, stack, memory management, data structures perhaps better than many experienced programmers,” the official added.

Talking about his latest achievement, Humza told The News: “I am feeling ecstatic and making fun with my new skills. I want to be the new Bill Gates one day. I like to watch fiction movies at home, I play games on IPad and laptop and play football with Dad.”

Currently, the genius is now working his own computer game. “I want to make a game and that’s what I’m doing at the moment – 30 clicks and you win,” he said.

The post This seven-year-old boy is the world’s youngest computer programmer appeared first on TechWorm.


What It Costs to Run Let's Encrypt Let's Encrypt - Free SSL/TLS Certificates

Today we’d like to explain what it costs to run Let’s Encrypt. We’re doing this because we strive to be a transparent organization, we want people to have some context for their contributions to the project, and because it’s interesting.

Let’s Encrypt will require about $2.9M USD to operate in 2017. We believe this is an incredible value for a secure and reliable service that is capable of issuing certificates globally, to every server on the Web free of charge.

We’re currently working to raise the money we need to operate through the next year. Please consider donating or becoming a sponsor if you’re able to do so! In the event that we end up being able to raise more money than we need to just keep Let’s Encrypt running we can look into adding other services to improve access to a more secure and privacy-respecting Web.

Here’s how our 2017 budget breaks down:

Expense Cost
Staffing $2.06M USD
Hardware/Software $0.20M USD
Hosting/Auditing $0.30M USD
Legal/Administrative $0.35M USD
Total $2.91M USD

Staffing is our dominant cost. We currently have eight full time employees, plus two full time staff that are employed by other entities (Mozilla and EFF). This includes five operations/sysadmin staff, three software developers, one communications and fundraising person, and an executive director. Our 2017 budget covers salary and benefits for ten employees.

Our systems administration staff are at the heart of our day to day operations. They are responsible for building and improving our server, networking, and deployed software infrastructure, as well as monitoring the systems every hour of every day. It’s the critical 24/7 nature of the work that makes this our biggest team. Any issues need to be dealt with immediately, ideally with multiple people on hand.

Our software developers work primarily on boulder, our open source CA software. We needed to write our own software in order to create a secure, reliable, and fully-automated CA that is capable of issuing and managing enough certificates to serve the entire Web. Our software development staff also allow us to support new features much more quickly than we could if we relied on third party software for implementation.

The majority of our administrative support (e.g. HR, payroll, accounting) is provided by the Linux Foundation, so we don’t hire for those roles and...

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog