IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Wednesday, 14 November


Mechanisms: Lead Screws and Ball Screws Hackaday

Translating rotary motion to linear motion is a basic part of mechatronic design. Take a look at the nearest 3D-printer or CNC router at least the Cartesian variety and youll see some mechanism that converts the rotation of the the motor shafts into the smooth linear motion needed for each axis.

Hobby-grade machines are as likely as not to use pulleys and timing belts to achieve this translation, and that generally meets the needs of the machine. But in some machines, the stretchiness of a belt wont cut it, and the designer may turn to some variety of screw drive to do the job.

Lead Screws

We have all seen CNC projects where the builder has built a linear actuator from a length of hardware store threaded rod. Chopped to size with a hacksaw, held in place with a couple of bearings, and attached to a stepper with a coupling of some type, these screw drives do a decent job of producing linear motion. But its far from a perfect solution, mechanically speaking.

The main problem with this arrangement is the thread profile. As we mentioned in our post on screw threads, the V-thread profile on threaded fasteners is optimized for providing a high axial clamping force and a non-overhauling property, or the tendency for the fastener to self-lock. This requires a high friction arrangement, which is not optimal for a screw drive.



Intense Tests Reveal Elusive, Complex Form of Nitrogen SoylentNews

Submitted via IRC for Bytram

Get your nitrogen crystals here!

Intense tests reveal elusive, complex form of nitrogen

The study shows for the first time that simple molecular elements can have complex structures at high pressures. It could inform similar studies in other elements, researchers say.

An international team of scientists led by the University of Edinburgh used a high-pressure diamond-tipped anvil to squeeze tiny amounts of nitrogen at pressures half a million times that of Earth's atmosphere, while heating it to about 500 Celsius.

[...] Their findings resolve speculation over the structure of this form of nitrogen, known as -N2. It was discovered 15 years ago but its structure was unknown until now.

Unusually complex phase of dense nitrogen at extreme conditions (open, DOI: 10.1038/s41467-018-07074-4) (DX)

Original Submission

Read more of this story at SoylentNews.


SpaceX to Launch CubeSat Containing Soul of First African-American Astronaut IEEE Spectrum Recent Content full text

The mysterious satellite is a collaboration between artist Tavares Strachan and Los Angeles County Museum of Art

A Falcon 9 rocket due to take off from Vandenberg Air Force Base in California next week will launch a unique cargo into orbit alongside the usual communications and observation satellitesthe soul of Robert Henry Lawrence Jr., the first African-American astronaut.

The launch manifest for the SSO-A SmallSat Express mission, organized by Seattle-based Spaceflight Industries, lists a spacecraft called Enoch, owned by LACMAthe Los Angeles County Museum of Art. And for months, that was all that was publicly known about the satellite.

Now, IEEE Spectrum has learned that Enoch contains a 24-karat gold canopic jar with a bust of Lawrence. Canopic jars were used by ancient Egyptians to house the organs of the deceased for use in the afterlife. This jar was blessed at a Shinto shrine in Japan and recognized as a container for Lawrences soul, according to the Museum.

[Lawrence is] someone who has a mostly untold story, who I look at as a hero, but who wasnt necessarily considered one when I was a child in school, says Tavares Strachan, the artist behind Enoch, in an interview with IEEE Spectrum.

Although Guion Bluford Jr. was the first African-American to reach space, on a Space Shuttle in 1983, Lawrence was the first black astronaut, selected for training in 1967. Just six months later, Lawrence died in the crash of an F-104 Starfighter jet while teaching a junior pilot Shuttle landing techniques.

A black guy doing space exploration with the U.S. government wasnt a normal situation in 1960s America. He was traversing a very difficult time, says Strachan. Strachan first learned about Lawrence while researching an earlier project on cultural invisibilitythe tendency for minority figures to get written out of history.

A gold jar with a bust etched into the top, displayed on a black stand. Photo: Tavares Strachan/LACMA Enoch holds this canopic jar sculpture with a bust of astronaut Robert Henry Lawrence Jr.

The Enoch project began back in 2014, when Strachan was selected as o...


A Look At The GCC 9 Performance On Intel Skylake Against GCC 8, LLVM Clang 7/8 Phoronix

With GCC 9 embarking upon its third stage of development where the focus ships to working on bug/regression fixes in preparation for releasing the GCC 9.1 stable compiler likely around the end of Q1'2019, here is a fresh look at the GCC 9 performance with its latest development code as of this week compared to GCC 8.2.0 stable while using an Intel Core i9 7980XE test system running Ubuntu Linux. For good measure are also fresh results from LLVM Clang 7.0 stable as well as LLVM Clang 8.0 SVN for the latest development state of that competing C/C++ open-source compiler.


National facial recognition database to use loyalty rewards to identify American shoppers MassPrivateI

image credit: Zenus Biometrics

For years, I have been warning people about facial recognition in retail stores, but this story might convince you to avoid retail stores altogether.

A recent article in Biometric Update. com (BU) reveals that retail stores have a master plan to convince Americans to accept facial biometrics.

BU interviewed four facial biometric company CEO's and what they revealed is frightening.

The article starts off innocuously enough by telling us that U.S. retail biometrics is used primarily in loss-prevention but things quickly take a turn for the worse.

BU's interview with FaceFirst CEO Peter Tripp is especially disconcerting, as he reveals how retailers plan to use a "facial recognition opt-in environment."

There is another step though that exists which has more to do with consumer loyalty, and consumer experience, that is not quite as expensive an endeavor, and I think there are lots of folks looking at ways of doing that in a friendly opt-in environment, where privacy is not the cornerstone issue, Tripp said."

If any of this sounds familiar its because they are doing the exact same thing with digital drivers licenses.

Biometric companies are trying to convince Americans to accept digital drivers license by tying them to loyalty rewards programs.  Last year the Lincoln Motor Company installed...


Facebook Messenger to offer Unsend feature to delete sent messages HackRead

By Waqas

Facebook has made many efforts so far to refine its Messenger app. This year in May, Facebook CEO Mark Zuckerberg along with other executives of the social network admitted that the Facebook Messenger has to be refined since the current app contained many useless features while lacked critically important ones. Such as, its UI could []

This is a post from Read the original post: Facebook Messenger to offer Unsend feature to delete sent messages


That Domain You Forgot to Renew? Yeah, its Now Stealing Credit Cards Krebs on Security

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers.

For nearly 10 years, Portland, Ore. resident Julie Randall posted pictures for her photography business at julierandallphotos-dot-com, and used an email address at that domain to communicate with clients. The domain was on auto-renew for most of that time, but a change in her credit card details required her to update her records at the domain registrar a task Randall says she now regrets putting off.

Julierandallphoto-dot-com is now one of hundreds of fake ecommerce sites set up to steal credit card details.

Thats because in June of this year the domain expired, and control over her site went to someone who purchased it soon after. Randall said she didnt notice at the time because she was in the middle of switching careers, didnt have any active photography clients, and had gotten out of the habit of checking that email account.

Randall said she only realized shed lost her domain after failing repeatedly to log in to her Instagram account, which was registered to an email address at julierandallphoto-dot-com.

When I tried to reset the account password through Instagrams procedure, I could see that the email address on the account had been changed to a .ru email, Randall told KrebsOnSecurity. I still dont have access to it because I dont have access to the email account tied to my old domain. It feels a little bit like the last ten years of my life have kind of been taken away.

Visit today and youll see a Spanish language site selling Reebok shoes (screenshot above). The site certainly looks like a real e-commerce shop; it has plenty of product pages and images, and of course a shopping cart. But the site is noticeably devoid of any SSL certificate (the entire site is http://, not https://), and the products for sale are all advertised for roughly half their normal cost.

A review of the neighboring domains that reside at Internet addresses adjacent to julierandallphoto-dot-com (196.196.152/153.x, etc.) shows hundreds of other domains that were apparently registered upon expiration over the past few months and which now feature similar http-only online shops...


Researchers Find New Pathway to Regulate Immune Response, Control Diseases SoylentNews

Submitted via IRC for Bytram

Researchers find new pathway to regulate immune response, control diseases

Researchers at The University of Texas at Arlington have found a potential new pathway to regulate immune response and potentially control inflammatory diseases of the central nervous system such as meningitis and sepsis. "We need to know what turns on inflammatory response to bacterial infection to be able to modulate the process," said Subhrangsu Mandal, the UTA associate professor of chemistry who led the research. "If we can do so, we can control inflammatory diseases of the central nervous system that have been hard to treat up to now, such as sepsis and meningitis, as well as cancer and muscular dystrophy, which can also be seen a kind of inflammation," he added.

[...] The researchers have found that the long non-coding RNA molecule HOTAIR present in white blood cells has the capacity to signal these cells to activate immune response in the presence of bacteria. RNA, or ribonucleic acid, is present in all living cells. Its primary role is to carry instructions from DNA. "Knowing that HOTAIR has a role in the signaling pathway also means that we can use it as a biomarker for bacterial infection," he added. "Simple blood tests could indicate infection much more quickly, enabling better treatment for patients of rapidly-moving diseases such as septic shock and meningitis, which have been hard to treat up to now."

The researchers used the resources of UTA's North Texas Genome Center to demonstrate that noncoding RNA expression -- including HOTAIR -- is induced in white blood cells treated with lipopolysaccharide, which are molecules found on the outer membrane of bacterial cells. The research showed that HOTAIR gene was expressed alongside cytokines, which are excreted by cells as part of immune response, and inflammatory response genes such as iNOS. As a result, it is possible to conclude that HOTAIR is a key regulator for pathogen-induced cytokine expression, immune response and inflammation.

LncRNA HOTAIR regulates lipopolysaccharide-induced cytokine expression and inflammatory response in macrophages (open, DOI: 10.1038/s41598-018-33722-2) (DX)

Original Submission

Read more of this story at SoylentNews.


Beyond Finding Stuff

Beyond Finding Stuff



Security updates for Tuesday

Security updates have been issued by Debian (firmware-nonfree and imagemagick), Fedora (cabextract, icecast, and libmspack), openSUSE (icecast), Red Hat (httpd24), Slackware (libtiff), SUSE (apache-pdfbox, firefox, ImageMagick, and kernel), and Ubuntu (clamav, spamassassin, and systemd).



Introducing Jake Glass, FSF campaigns and licensing intern FSF blogs

Hello software freedom supporters! I am Jake Glass, and I will be interning for both the campaigns and the licensing teams this fall/winter. I am a recent graduate of the University of Michigan, where I earned an engineering degree in computer science, and I am currently in the process of applying to law school.

During my summers as an undergraduate, I worked in software development, where I began to consider the ethical ramifications of computing. I realized that my peers and I were often unintentionally building tools to exert social and political control. As the Snowden leaks were emerging around this time, it became clear to me that the pervasiveness of these tools is an imminent threat to freedom worldwide. This was my original motivation in supporting the free software movement: how can we be sure the programs running on our own machines are not spying on us without having access to the source, as required by the Four Freedoms? My interest in these issues concerning copyrights, patents, and civil rights on the Internet has convinced me to attend law school, where I can engage in formal study of these topics.

The FSF's campaigns target important opportunities for free software adoption and development, empower people against specific threats to their freedom, and build communities around free software. My work with the campaigns team will focus on preparing written material for the Libreplanet 2019 conference and the 2019 fundraising season. On the licensing side, I will be assisting in the FSF Licensing & Compliance Lab, the preeminent resource of free licensing for free software developers for over 20 years. Specifically, I will be helping free software developers with their questions sent to, along with creating some new licensing educational material for and I like to quickly describe my internship as copywriting and copyrights! Im excited to explore the legal and ethical questions concerning computing while building my writing and analytical skills through a organization contributing to global good.

Outside of internet and software freedom, my technology interests include machine learning, data science, and distributed systems. When I'm not working with tech, I enjoy cooking, hockey, biking, and card games.


Facebook is the least-trusted major tech company- study TechWorm

Facebook Is the Least Trusted Major Tech Company Among Americans For Protecting Personal Data, Suggests Polls

Facebook, the social networking giant, has been voted as the least trustworthy tech company, according to a recent survey conducted by Fortune. Thanks to Facebooks increasing scrutiny for its handling of data privacy, ad targeting, and propaganda that has made its users trust the company the least.

According to the survey, only 22 percent of Americans trust Facebook with their personal information out of all major tech companies. On the other hand, Amazon with 49 percent ranks the highest in terms of trust, followed by Google (41 percent), Microsoft (40 percent), and Apple (39 percent).

Facebook is in the bottom in terms of trust in housing your personal data, said Harris Poll CEO John Gerzema. Facebooks crises continue rolling in the news cycle. The poll was carried out by Harris Poll on behalf of Fortune in mid-October that surveyed over 2,000 U.S. adults.

This obvious lack of trust is bad news for Facebook, which is mainly due to factors such as leadership, ethics, trust, and image. Also, the Cambridge Analytica scandal earlier this year where up to 87 million Facebook users data was shared without their permission, along with the September data breach in which roughly 50 million of its users data was exposed through an attack on its network, has only attributed to Facebooks low rankings.

Additionally, 48 percent of those who took the survey admitted to viewing Facebook more negatively than six months ago.

According to the survey, only 59 percent of respondents said they were at least somewhat confident in Zuckerbergs leadership in the ethical use of data and privacy information. With 77 percent, Amazon CEO Jeff Bezos came in first, followed by Apples CEO Tim Cook at 72 percent, Microsofts CEO Satya Nadella at 71 percent, and Googles CEO Sundar Pichai at 68 percent.

That would be a C or D in grade school, Gerzema said about Zuckerberg.

Facebook declined to comment on the poll. The company instead pointed to recent remarks made by Zuckerberg where he said that Facebook continues to invest in security and that its defenses are improving.

Not only the Facebook users, but some of the companys major investors too are disappointed by Zuckerberg. Last month, several major public investment funds had proposed removing Zuckerberg as the companys chairman of the board.

Source: PYMTS

The post Facebook is the least-trusted major tech company- study appeared first on...


Ubuntu 19.04 Development Starts Off With Python 3.7, Merged Usr Directories Phoronix

Ubuntu 19.04 "Disco Dingo" development is now officially underway...


OPNFV Gambia Doing What We Do Best While Advancing Cloud Native

Today, the OPNFV community is pleased to announce the availability of Gambia, our seventh platform release! I am extremely proud of the way the community rallied together to make this happen and provide the industry with another integrated reference platform for accelerating their NFV deployments.


Amazon officially picks New York, Northern Virginia for new offices The Hill: Technology Policy

Amazon on Tuesday officially announced that it would split its "second headquarters" between New York City and Arlington, Va., confirming reports that emerged in recent months.The announcement comes after dozens of cities tried to woo...


New additions to RSA Conference Advisory Board bring wealth of industry knowledge Help Net Security

RSA Conference, the worlds leading information security conferences and expositions, today announced the addition of nine new members to its Advisory Board for a total of 16 members across a wide array of positions in the industry. This expansion falls under the governance pillar of the new diversity and inclusion initiative that was also announced today. We are beyond excited to welcome these nine industry titans to our Advisory Board, said Sandra Toms, Vice President More

The post New additions to RSA Conference Advisory Board bring wealth of industry knowledge appeared first on Help Net Security.


10 Best Free Sports Streaming Sites TechWorm

A majority of people still rely on either cable or satellite-based television services for watching live sports or for streaming.

Surprisingly there are many other reliable services that can be used for free live sports streaming. So these are some of the best free sports streaming sites that are worth checking out.

Top 10 Best Free Sports Streaming Sites

ALSO READ: Watch TV Shows Online For Free | Sites For Streaming Full Episodes


The first and one of the most popular free live sports streaming site on the list is ESPN. You can easily stream many major sports on ESPN and a majority of content is available in HD. ESPN allows users to watch both live sports streams and replays. Moreover, ESPN also offers detailed updates about ongoing sports events.

As for downsides, ESPN is only available for US residents. Furthermore, some games require a valid cable or satellite subscription.



The next most reliable website for free sports streaming is HotStar. This free sports streaming site has gained immense popularity due to its many nifty features. Well, theres no need of signing up for the service and you can straightway watch live streams and replays of your favorite sports. HotStar is very prominent in the Indian region.

Different sports like football, cricket, table tennis, hockey, and many others have dedicated sections on Hotstar. As for downsides, the free account on HotStar delays the live stream by a few minutes. Overall, HotStar is a perfect sports streaming site that offers HD content.

VISIT Hotstar


Laola1 is a popular live sports streaming website that is based in Austria. You can watch Football, Ice Hockey, Motorsports, Table Tennis, Handball, and many other sports using this free sports streaming website. Laola1 has a clean UI and the vide...


Alice Evans: Brucellosis, or Why We Pasteurize Milk Hackaday

Its easy to forget how much illness and death was caused by our food and drink just one hundred years ago. Our modern food systems, backed by sound research and decent regulation, have elevated food safety to the point where outbreaks of illness are big news. If you get sick from a burger, or a nice tall glass of milk, its no longer a mystery what happened. Instead we ask why, and who screwed up?

In the early 20th century though, many food-borne illnesses were still a mystery, and microbiology was a scientific endeavor that was just getting started. Alice Catherine Evans was an unlikely figure to make a dent in this world at the time, but through her research at the United States Department of Agricultures (USDA), and later at the Hygienic Laboratory (now the National Institute of Health) she had a huge impact on the field of bacteriology, the dairy industry, and consumer safety.

Childhood and Education

In her memoirs, Alice describes her childhood and continuing education as a straight path with limited options:

Until my academic education was completed I seemed never to have an opportunity to make a choice in matters concerning my future. I always stepped into the only suitable opening I could see on my horizon.

Growing up on a farm in rural Pennsylvania, her primary education took place in the local one-room schoolhouse with good teachers most of the time. With no high school available in her district, she traveled to a nearby town for her secondary eduction.

Without the financial means to attend college, she pursued the only professional career available to women at the time: teaching. She taught grades 14 for four years, but despite finding the children interesting, she quickly grew bored with teaching the same curriculum over and over again. I was glad when I found a way to escape, she said of that time.

Her escape was facilitated by another opportunity that presented itself: the College of Agriculture at Cornell University started offering a tuition-free two-year course for rural teachers intended to help them foster a love of nature in their students. Using savings from her time spent teaching, she attended this Nature Study course, and studied botany, zoology, entomology, ornithology, geology, and meteorology. By the time she was done with her studies, she was hooked:

I was no longer interested in obtaining the certificate to which I was eligible. My interest in science had been whetted by the basic courses I had taken, and I wanted to continue the study of science any branch of biologic science would satisfy me.

Luckily, at this time the college was accepting out-of-state students, tuition-free, to its regular courses. Wit...


Intel Core i9 9980XE Released As A Skylake-X Refresh Phoronix

This morning Intel officially announced the Core i9 9980XE as the refreshed Skylake-X part succeeding the Core i9 7980XE...


Ocasio-Cortez blasts tax breaks for Amazon, says HQ2 will displace the working class The Hill: Technology Policy

Rep.-elect Alexandria Ocasio-Cortez (D-N.Y.) criticized Amazon on Monday over the news that it has picked Long Island City in Queens as the site of a new headquarters, arguing it will hurt the local community in the New York City borough."Weve been...


Target and other high profile Twitter accounts exploited for cryptocurrency scams Graham Cluley

The latest high profile account to be abused by scammers to promote a cryptocurrency giveaway? US retail giant Target.


The USPTO and EPO Pretend to Care About Patent Quality by Mingling With the Terms Patent and Quality Techrights

A working coup: The EPOs Working Party on Quality is Battistellis Own Ministry of Truth

Short: EPOs Working Party for Quality is to Quality What the Democratic Peoples Republic of Korea is to Democracy

Ministries of Nineteen Eighty-Four
Reference: Ministries of Nineteen Eighty-Four

Summary: The whole patent quality propaganda from EPO and USPTO management continues unabated; they strive to maintain the fiction that quality rather than money is their prime motivator

AS we noted in our previous post, the European Patent Office (EPO) keeps promoting software patents in Europe (even in those words, not CII); the U.S. Patent and Trademark Office (USPTO) is meanwhile moving in the exact opposite direction (in practice at least). It has gotten a lot harder to receive US software patents and then successfully enforce these.

It has gotten a lot harder to receive US software patents and then successfully enforce these.Janal Kalis wrote: The USPTO Reported 28 New PTAB Decisions Regarding 101 Eligibility. All of the Decisions Affirmed the Examiners Rejections.

Kalis alludes to the Patent Trial and Appeal Board (PTAB) and to 35 U.S.C. 101, which helps eliminate most if not all software patents in the US. Programmers in the US are happy and programmers in Europe should be paying closer attention to what the EPO is up to; Ideas are cheap, as one European opponent of software patents put it yesterday, execution difficult (patents dont cover execution/impleme...


Operation Shaheen Pakistan Air Force members targeted by nation-state attackers Security Affairs

Security firm Cylance has uncovered a sophisticated state-sponsored campaign, tracked as Operation Shaheen, against the Pakistan Air Force.

According to the experts the campaign was carried out by a nation-state actor tracked as the White Company with access to zero-day exploits and exploit developers.

The preliminary findings detail one of the groups recent campaigns, a year-long espionage effort directed at the Pakistani Air Force. Cylance calls the campaign Operation Shaheen and the organization The White Companyin acknowledgement of the many elaborate measures the organization takes to whitewash all signs of its activity and evade attribution. reads the press release published by Cylance.

The Pakistani Air Force is not just an integral part of the countrys national security establishmentincluding its nuclear weapons programbut it is also the newly announced home of the countrys National Centre for Cyber Security. A successful espionage operation against such a target could yield significant tactical and strategic insight to a range of foreign powers.

As part of Operation Shaheen, White Company hackers targeted members of the Pakistan Air Force with spear-phishing messages that weaponized lure files with names referenced events, government documents, or news articles of interest for the targets (i.e. the Pakistani Air Force, the Pakistani government, and Chinese Military and advisers in Pakistan).

Attackers initially used phishing messages with links to compromised websites, then they switched to emails using infected Word documents as attachments.

In both cases, the researchers found, the emails were specifically crafted to reference topics that would be relevant to appeal to the targets: the Pakistani Air Force, the Pakistani government, and Chinese Military and advisers in Pakistan.

We cannot say with precision where those documents went, or which were successful. However, we can say that the Pakistan Air Force was a primary target. This is evident by the overriding themes expressed in document filenames, the contents of the decoy documents, and the specificity employed in the military-themed lures. continues the report published by Cylance.

In addition, as explained below, the malware delivered by these lures was delivered from domains not just of legitimate, compromised Pakistani organizations a common tactic attackers use to make any traffic the tar...


Amazon Reportedly Picks New York, Northern Virginia for HQ2 SoylentNews

Amazon Reportedly Picks New York, Northern Virginia for HQ2 :

Decision to be formally announced as soon as Tuesday, The Wall Street Journal reports.

[...] It appears Amazon couldn't settle on a single site for its second corporate headquarters and has decided to divide the duties between a second and third headquarters.

The online retailing giant is expected to announce as soon as Tuesday it's chosen New York City and northern Virginia's Crystal City for its planned second headquarters  -- dubbed HQ2, The Wall Street Journal reported Monday night, citing people familiar with the matter. Other cities may get other responsibilities, the newspaper added.

Amazon's HQ2 gained attention as one of the biggest corporate projects in the US, with the e-retailer planning to hire 50,000 workers and spend $5 billion. The company fueled excitement about its plans by inviting cities to pitch themselves as sites for the development.

It was reported earlier this month that Amazon was examining the option of creating two separate 25,000-person campuses, in part due to the need to hire enough tech talent and partly to ease housing and traffic concerns. Two HQ2 projects would also ensure that Seattle remains Amazon's definitive headquarters.

I don't suppose Amazon would settle for one 30,000 person campus and one 20,000 person campus, should they be able to cut a better deal with one city over the other?

Original Submission

Read more of this story at SoylentNews.


Read issue #194 of Lifeboat News! Lifeboat News

Read issue #194 of Lifeboat News!



[security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information Bugtraq

Posted by cyber-psrt on Nov 13


Document ID: KM03286178
Version: 1

MFSBGN03831 rev. - Service Management Automation, remote disclosure of

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-11-12
Last Updated:...


[security bulletin] MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information Bugtraq

Posted by cyber-psrt on Nov 13


Document ID: KM03286177
Version: 1

MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-11-12
Last Updated:...


[security bulletin] MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of data Bugtraq

Posted by cyber-psrt on Nov 13


Document ID: KM03286176
Version: 1

MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-11-12
Last Updated:...


[slackware-security] libtiff (SSA:2018-316-01) Bugtraq

Posted by Slackware Security Team on Nov 13

[slackware-security] libtiff (SSA:2018-316-01)

New libtiff packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/libtiff-4.0.10-i586-1_slack14.2.txz: Upgraded.
This update fixes some denial of service security issues.
For more information, see:


The Ceph Storage Project Gets a Dedicated Open-Source Foundation

Ceph is an open source technology for distributed storage that gets very little public attention but that provides the underlying storage services for many of the worlds largest container and OpenStack deployments. Its used by financial institutions like Bloomberg and Fidelity, cloud service providers like Rackspace and Linode, telcos like Deutsche Telekom, car manufacturers like BMW and software firms like SAP and Salesforce.


Yannis Skulikaris Promotes Software Patents at EPOPIC, Defending the Questionable Practice Under Antnio Campinos Techrights

Summary: The reckless advocacy for abstract patents on mere algorithms from a new and less familiar face; the EPO is definitely eager to grant software patents and it explains to stakeholders how to do it

THEREs no excuse for what Antnio Campinos does at the European Patent Office (EPO). Its not good at all, but media turns a blind eye to it, as we shall explain in our next post. Nothing has changed for the better and quite a few things actually got worse.

Nothing has changed for the better and quite a few things actually got worse.EPOPIC started yesterday. It was opened/commenced by Campinos. He did not say anything important, at least based on the corresponding EPO tweets (e.g. [1, 2, 3]). Hes the quiet president, an EPO President who tries not to rattle any golden cages. So we shall focus on more vocal people those who shamelessly promote software patents in Europe.

Corrupt EPO officials have long been promoting software patents like never before; its not entirely new a thing, but before Battistelli it was somewhat contained. Under Battistelli it became very much evident and under Campinos this promotion of software patents is done about three times a day; theyve become a rogue institution begging to be reprimanded. But who can ever reprimand them? Theyre positioned above the law, unlike the U.S. Patent and Trademark Office (USPTO), which habitually gets sued.

Corrupt EPO officials have long been promoting software patents like never before; its not entirely new a thing, but before Battistelli it was somewhat contained.WTF, Benjamin Henrion wrote yesterday, quoting the EPO: 2018 may well be the turning point for the EPO and patent information, with the disruptive emergence of AI, B...


Push Technology releases Diffusion Intelligent Data Platform 6.2 Help Net Security

Push Technology released new functionality in their Diffusion Intelligent Data Platform to increase security authentication and authorization handling, facilitate transitioning from REST-based applications to streaming data applications, simplify development of multi-user and collaborative applications, and enhance data compression for large payload distribution applications. The Diffusion Intelligent Data Platform synchronizes, manages, and distributes data among applications, devices, and systems via web, mobile, and satellite networks. Security New security functionality for Authentication and Authorization handling provides More

The post Push Technology releases Diffusion Intelligent Data Platform 6.2 appeared first on Help Net Security.


Cathay Pacific waited six months before disclosing the security breach Security Affairs

Cathay Pacific has admitted that it was under attack for three months and it took six months to disclose the data breach.

At the end of October, Cathay Pacific Airways Limited, the flag carrier of Hong Kong, announced that had suffered a major data breach affecting up to 9.4 million passengers.

Exposed data includes passport numbers, identity card numbers, email addresses, and credit card details were accessed, information exposed varies for each affected passenger.

The IT staff at Cathay discovered an unauthorized access of systems containing the passenger data of up 9.4 million people. Hackers also accessed 403 expired credit card numbers and twenty-seven credit card numbers with no CVV were accessed.

Cathay Pacific notified the incident to local police and legislators, it also set up a website for customers want to know if their personal data may have been exposed.

Now Cathay Pacific has admitted that it was under attack for three months and it took six months to disclose the data breach.

In the official statement released by the airline, the company declared it had detected suspicious activity earlier March 2018.

A written submission by Cathay Pacific Airways Limited to Hong Kongs Legco reveals the company confirmed to be aware that in March it was under a full-scale attack on its servers. The attacks continued during the investigation, for three months the company was under siege.

During this phase of the investigation, Cathay was subject to further attacks which were at their most intense in March, April and May but continued thereafter. These ongoing attacks meant that internal and external IT security resources had to remain focused on containment and prevention. reads the written submission.

Remediation activities began as part of this effort and continued throughout. Even as the number of successful attacks diminished, we remained concerned that new attacks could be mounted. 


Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Tuesday, 13 November


Snow launches SaaS usage visibility to help businesses optimize cloud investments Help Net Security

Snow Software (Snow) introduced Snow for SaaS to give organizations visibility to their growing portfolio of SaaS applications in use within their enterprises. Businesses can use that insight to optimize investments, drive operational efficiency, manage risk and compliance and improve their products and services. Business users are deploying SaaS applications to move faster and react to ever-changing business needs. Gartner expects SaaS to reach 45 percent of total application software spending by 2021. Organizations benefit More

The post Snow launches SaaS usage visibility to help businesses optimize cloud investments appeared first on Help Net Security.


Amazon Web Services launches second GovCloud Region in the United States Help Net Security

Amazon Web Services (AWS) launched the AWS GovCloud (US-East) Region, its second GovCloud infrastructure region in the United States. With the launch of the AWS GovCloud (US-East) Region, AWS now provides 57 Availability Zones across 19 geographic regions globally with another 12 Availability Zones and four regions coming online in Bahrain, Hong Kong SAR, South Africa, and Sweden between the end of 2018 and the first half of 2020. The AWS GovCloud Regions meet the More

The post Amazon Web Services launches second GovCloud Region in the United States appeared first on Help Net Security.


Another Nail in The Coffin for Free Speech in EU SoylentNews

As the days go by our hard won freedoms and liberty are slowly being eroded. In Europe a crushing blow has been made to freedom of speech with a European Court of Human Rights upholding a conviction for saying that the person known as Muhammad ten centuries ago was technically a paedophile based on information in historical texts. The statement was made in reference to Muhammad's marriage to a six year old child name called Aisha. The court found that Presenting objects of religious worship in a provocative way capable of hurting the feelings of the followers of that religion could be conceived as a malicious violation of the spirit of tolerance, which was one of the bases of a democratic society.. In giving its ruling that "Muhammad was not a worthy subject of worship" the court has additionally demonstrated a complete misunderstanding as to the religion involved which worships "Allah", a word meaning 'God', not 'Muhammad' who claimed to be a prophet of this god. Freedom of speech is dying.

Original Submission

Read more of this story at SoylentNews.


1 in 5 merchants compromised by Magecart get reinfected Help Net Security

The Magecart threat looms large for online retailers and their customers, as the criminal groups that have been assigned this collective name are constantly trying out new tricks for stealthily compromising the shops and achieving persistence. According to security researcher Willem de Groot, the Magecart attackers have become so adept at the latter that many online merchants end up having to clean their shops many times. In the last quarter, 1 out of 5 breached More

The post 1 in 5 merchants compromised by Magecart get reinfected appeared first on Help Net Security.


Cynet Review: Simplify Security with a True Security Platform The Hacker News

In 1999, Bruce Schneier wrote, "Complexity is the worst enemy of security." That was 19 years ago (!) and since then, cyber security has only become more complex. Today, controls dramatically outnumber staff available to support them. The Bank of America has a $400-million cyber budget to hire security staff and implement a broad array of products. But what if your budget and


Microsoft's New Open-Source Project Is "Shader Conductor" For Cross-Compiling HLSL Phoronix

The latest open-source project out of Microsoft under an MIT license is Shader Conductor, which allows for cross-compiling HLSL to other languages -- including GLSL for OpenGL/Vulkan usage...


NGO Teaching Migrants to Lie to Border Guards

Via: Russia Today: A group that helped over 15,000 refugees and migrants to get into Europe has been caught on tape admitting to systematically training asylum seekers to exploit screening interviews by feigning trauma and persecution. Ariel Ricker, the executive director of Advocates Abroad, a major non-profit NGO which provides legal aid to migrants, has []


Unique Flat-Screen Display Put to Use in CRT Game Boy Hackaday

The cathode-ray tube ruled the display world from the earliest days of TV until only comparatively recently, when flat-screen technology began to take over. CRTs just kept getting bigger over that time until they reached a limit beyond which the tubes got just too bulky to be practical.

But there was action at the low end of the CRT market, too. Tiny CRTs popped up in all sorts of products, from camcorders to the famous Sony Watchman. One nifty CRT from this group, a flat(tish) tube from a video intercom system, ended up in [bitluni]s lab, where hes in the process of turning it into a retro Game Boy clone with a CRT display. The display, which once showed the video from a door-mounted camera, was a gift from a viewer. Date codes on the display show its a surprisingly recent device; were monochrome TFT displays that hard to come by in 2007? Regardless, its a neat design, with the electron gun shooting upward toward a curved phosphor screen. With a little Google-assisted reverse engineering, [Bitluni] was able to track done the video connections needed to use his retro game console, which uses an ESP32 that outputs composite video. He harvested the intercom speaker for game audio, added a temporary Nintendo gamepad, and soon he was playing Tetris in glorious monochrome on the flat screen.

The video below is only the first in a series where the prototype will be stuffed into one nice tidy package. It certainly still needs some tweaking, but its off to a great start. We cant wait to see the finished product.

[baldpower] tipped us off to this one. Thanks again!

The Shiny New Features Of Mesa 18.3 For Open-Source Intel / Radeon Graphics Drivers Phoronix

Being well into the Mesa 18.3 feature freeze and that quarterly update to these open-source OpenGL/Vulkan drivers due out in about two weeks, here is a look at all of the new features and changes you can expect to find with this big update...


The U.S. Chamber of Commerce is Working for Patent Trolls and Patent Maximalists Techrights

The US Chamber of Commerce International IP Index

Summary: The patent trolls propagandists are joining forces and pushing for a patent system that is hostile to science, technology, and innovation in general (so as to enable a bunch of aggressive law firms to tax everybody)

TECHRIGHTS has habitually noted that the U.S. Chamber of Commerce meddles in the affairs of the U.S. Patent and Trademark Office (USPTO), as well as other patent offices affairs. It is an international harasser like USTR. Among the recent articles we wrote on the subject (in no particular order):

Thanks to Patent Docs, we now see that the villainous Chamber of Commerce (CoC) is working closely with the patent trolls lobby, IAM. IAM staff has long cited CoCs propaganda and and here they are together at last: (maybe in the past too)

The U.S. Chamber of Commerce Global Innovation Policy Center (GIPC), together with IAM.

This is scheduled for later today. CoC typically re...


FIDO2: The Passwordless web is coming, says OneSpan Graham Cluley

FIDO2: The Passwordless web is coming, says OneSpan

Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support!

More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.

Often, the first hurdle in customer engagement is the login password. Not only is creating and managing passwords a major annoyance, the login password is also notoriously vulnerable to data breaches.

FIDO authentication solves this problem by replacing the traditional password with strong authentication options ranging from biometrics to software and hardware tokens.

In essence, FIDO authentication offers an interoperable and standardized ecosystem of authenticators for use with mobile and online applications. It enables organizations to deploy strong authentication for login and transaction validation, without the incremental cost of in-house development.

Recently, the FIDO Alliance (Fast Identity Online) announced the availability of its FIDO2 protocol. Read more on the OneSpan blog and discover:

  • What FIDO2 is
  • How it impacts the traditional login and password
  • Why financial institutions (FIs) should pay attention

To learn more, make sure to check out the full article on the OneSpan blog.

If youre interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.


Supercomputer on ISS will soon be Available for Science Experiments SoylentNews

Submitted via IRC for AndyTheAbsurd

Astronauts will soon be able to use a supercomputer to help run science experiments on the International Space Station. The Spaceborne Computer, a joint project between NASA and Hewlett Packard Enterprise, launched to the ISS in 2017. Its been limited to running diagnostic tests, figuring out how well a computer built for Earth could survive in space.

Now it will be available to process data for space-based experiments, which should save researchers on the ground valuable time. It will also save precious bandwidth in the tightly-controlled stream of data that NASA manages between the ISS and the ground. The exact experiments that the supercomputer will run in the next few months have not yet been disclosed.

Source: A supercomputer on the ISS will soon be open for science experiments

Original Submission

Read more of this story at SoylentNews.


Advocates draw battle lines over national privacy law The Hill: Technology Policy

Internet privacy advocates are drawing a line in the sand for lawmakers as Congress begins considering a federal data privacy bill.A coalition of 34 public interest groups on Tuesday released a set of privacy principles that they want codified in...


Mesa Gets Testing Patches For New Zen Optimization Around Thread Pinning Phoronix

It was just yesterday that the AMD Zen L3 thread pinning was dropped from Mesa due to that optimization not panning out as intended for benefiting the new AMD processors with the open-source Linux graphics driver stack. Lead Mesa hacker Marek Olk is already out with a new Zen tuning implementation that may deliver on the original optimization goal...


Systemd-Free, XBPS-Powered Void Linux Releases New Images Phoronix

If you are looking for a new Linux distribution to experiment with, Void Linux is one of the interesting ones that is an original creation and community driven that often doesn't receive the attention it deserves. Void Linux is built off its BSD-licensed XBPS packaging system, is a rolling-release platform, uses runit as the init system instead of systemd, opts for LibreSSL in place of OpenSSL, optional musl libc usage, and has a wealth of other changes...


SETTV IPTV Service Ordered to Pay DISH $90,000,000 in Piracy Damages TorrentFreak

Back in April, the Alliance for Creativity and Entertainment, the global anti-piracy alliance featuring several Hollywood studios, Amazon, Netflix, and dozens of other entertainment companies, sued Florida-based SET Broadcast, LLC.

The popular unauthorized IPTV was accused of being a piracy tool offering copyright-infringing streams to a large number of subscribers. Early June, SETTV went offline after a second lawsuit was filed against the company.

In a Florida court, DISH Network and encryption partner NagraStar sued several individuals, companies and trusts collectively doing business as SETTV via the domain The plaintiffs stated that the complex business structure was designed to frustrate enforcement efforts and hide profits made by SET Broadcast and various individuals.

Defendants created a pirate streaming television service they have branded SET TV, the complaint reads, citing offenses under the Federal Communications Act (FCA).

Defendants sell subscriptions and devices for the SET TV pirate streaming service, which includes numerous television channels that were received without authorization from DISHs satellite service and were subsequently retransmitted without authorization on the SET TV pirate streaming service.

DISH and NagraStar alleged that for only $20 per month, SET TV gave users access to more than 500 live channels, including on-demand content and PPV broadcasts. The company also sold pre-configured hardware devices that came pre-loaded with the SET TV application. As a result, the plaintiffs demanded a permanent injunction plus huge damages.

In an agreed judgment handed down by a Florida court (the merits of the case were not considered), the demands of DISH and NagraStar have now been met.

DISH is awarded statutory damages of $90,199,000 under the FCA. The statutory damages are calculated at the parties agreed upon $500 for each of the 180,398 subscribers that were acquired directly by Defendants and provided with unauthorized access to DISHs television programming using Defendants SetTV streaming service. Defendants are jointly and severally liable for all damages awarded herein, the judgment reads.

The defendants in the case (and anyone acting in concert with them) are also permanently enjoined from receiving, retransmitting, or copying, or assisting others in receiving, retransmitting, or copying, any of DISHs satellite or over-the-top Internet transmissions of television programming or any conten...


Latest Top500 List: Upgraded US Supercomputers Claim Top Two Spots; China has Most Systems SoylentNews

Upgraded US Supercomputers Claim top two Spots on Top500 List:

China has more of the 500 fastest machines on the planet than ever, and the US hits an all-time low.

The US now can claim the top two machines on a list of the 500 fastest supercomputers, as Sierra, an IBM machine for nuclear weapons research at Lawrence Livermore National Laboratory, edged out a Chinese system that last year was the very fastest.

The Top500 list ranks supercomputers based on how quickly they perform a mathematical calculation test called Linpack. The top machine, IBM's Summit at Oak Ridge National Laboratory, had claimed the No. 1 spot in June with a speed of 122.3 quintillion mathematical operations per second, or 122.3 petaflops.

But an upgrade gave it a score of 143.5 petaflops on the newest list. To match that speed, each person on the planet would have to perform 19 million calculations per second. Sierra got an upgrade, too, boosting its performance from 71.6 petaflops to 94.6 petaflops and lifting it from third place to second.

The top machine on the first TOP500 list in June of 1993 was a Thinking Machines Corporation CM-5/1024 with 1,024 cores and was rated at Rpeak of 131.0 GFlop/s and Rmax of 59.7 GFlop/s. The least performant system is listed at the bottom of Page 5 of he list was a C3840 Made by Sharp of Japan which had 4 cores and had RPeak and RMax scores of 0.5 and 0.4 GFlop/s respectively. The fasted Cray Research machine in 1993 rated 9th place at 15.2/13.7 GFlop/s for RPeak and RMax.

Where on that first list would today's smartphones land?

More at Top500 and The Register.

Original Submission

Read more of this story at SoylentNews.


When Silicon Valley gets religion and vice versa Lifeboat News: The Blog

Some of the tech worlds brightest luminaries hope to postpone the unpleasantness of death, or avoid it entirely. Calico, a secretive company founded by Google, is looking for ways to lengthen human lifespans. Billionaires Larry Ellison, Peter Thiel, and Jeff Bezos have all contributed huge sums for research into anti-aging treatments. Ray Kurzweil, one of the tech industrys leading futurists, has described three scientific and technological bridges that might lead to radically longer life.


Low-energy ESP8266-based Board Sleeps Like a Log Until Triggered Hackaday

Given the popularity of hacking and repurposing Amazon Dash buttons, there appears to be a real need amongst tinkerers for a simple do something interesting on the internet when a button is pressed device. If you have this need but dont feel like fighting to bend a Dash device to your will, take a look at [Kevin Darrah]s trigBoard instead.

The trigBoard is a battery-powered, ESP8266-based board that includes some clever circuitry to help it barely sip power (less than one microamp!) while waiting to be triggered by a digital input. This input could be a magnetic reed switch, push button, or similar, and you can configure the board for either normally open or normally closed switches.

The clever hardware bits that allow for such low power consumption are explained in [Kevin]s YouTube video, which weve also embedded after the break. To summarize: the EPS8266 spends most of its time completely unpowered. A Texas Instruments TPL5111 power timer chip burns 35 nanoamps and wakes the ESP8266 up every hour to check on the battery. This chip also has a manual wake pin, and its this pin along with more power-saving circuitry thats used to trigger actions based on the external input.

Apparently the microcontroller can somehow distinguish between being woken up for a battery check versus a button press, so you neednt worry about accidentally sending yourself an alert every hour. The default firmware is set up to use Pushbullet to send notifications, but of course you could do anything an EPS8266 is capable of. The code is available on the projects wiki page.

The board also includes a standard micro-JST connector for a LiPo battery, and can charge said battery through a micro-USB port. The trigBoards full schematic is on the wiki, and pre-built devices are available on Tindie.

[Kevin]s hardware walkthrough video is embedded after the break.



Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria Security Affairs

Google services were partially inaccessible on Monday due to a BGP leak that caused traffic redirection through Russia, China, and Nigeria.

A BGP leak caused unavailability of Google service on Monday, the traffic was redirected through Russia, China, and Nigeria.

At the time it is not clear if the incident was the result of an error or a cyber attack on the BGP protocol.

Its unclear if the incident was caused by a configuration issue or if it was the result of a malicious attack.

Route hijacking, also known as BGP hijacking, occurs when the routing tables for groups of IP addresses are intentionally or accidentally corrupted.

Recently security researchers Chris C. Demchak and Yuval Shavitt revealed that over the past years, China Telecom has been misdirecting Internet traffic through China.

China Telecom is currently present in North American networks with 10 points-of-presence (PoPs) (eight in the United States and two in Canada), spanning major exchange points.

The two researchers pointed out that the telco company leverages the PoPs to hijack traffic through China, it has happened several times over the past years,

Within the BGP forwarding tables, administrators of each AS announce to their AS neighbors the IP address blocks that their AS owns, whether to be used as a destination or a convenient transit node. states the paper.

Errors can occur given the complexity of configuring BGP, and these possible errors offer covert actors a number of hijack opportunities. If network AS1 mistakenly announces through its BGP that it owns an IP block that actually is owned by network AS2, traffic from a portion of the Internet destined for AS2 will actually be routed to and through AS1. If the erroneous announcement was maliciously arranged, then a BGP hijack has occurred.

The latest BGP leaks were first reported by the network monitoring firm ThousandEyes, the traffic to Google services, including Search, G Suite, and various Google Cloud services, was directed through TransTelecom in Russia, Nigerian ISP MainOne, and China Telecom.



Origami Terra Forming Terra

This has been evolving through my own lifetime and the concepts extend into chemistry to produce proteins.  It has a clear game like aspect that has given it life.  Now we have 30,000 + shapes and a number of evolved memes that are allowing us to potentially model the behavior of proteins.

It will become a natural extension of organic chemistry and it will become possible to engineer behavior.  It will lend itself to AI assistence.

No one could ever have imagined this from folding a paper airplane.


November 02, 2018

Playing with paper

With the ancient art of origami, a sheet of paper can become almost anything. But in the modern age, the practice has moved beyond decorative planes and cranes. By fusing paper folding and technology, scientists and engineers are using the art form to help shape the future. 
Origami ...


Alarm Over Talks to Implant UK Employees With Microchips SoylentNews

From The Guardian:

Britain's biggest employer organisation and main trade union body have sounded the alarm over the prospect of British companies implanting staff with microchips to improve security.

UK firm BioTeq, which offers the implants to businesses and individuals, has already fitted 150 implants in the UK.

The tiny chips, implanted in the flesh between the thumb and forefinger, are similar to those for pets. They enable people to open their front door, access their office or start their car with a wave of their hand, and can also store medical data.

[...] Steven Northam, the founder and owner of Hampshire-based BioTeq, told the Guardian that most of its 150 implants have been for individuals, while some financial and engineering firms have also had the chips implanted in their staff.

BioTeq has also implanted them in employees of a bank testing the technology, and has shipped them to Spain, France, Germany, Japan and China.

We recently covered similar technology being used in Sweden but the idea of implanting a tracking chip in a human for identification is nothing new.

Original Submission

Read more of this story at SoylentNews.


More Accurate World Map Wins Prestigious Design Award Terra Forming Terra

AuthaGraph Map

Of course it distorts the oceans rather badly, but it does conserve land area.  All map work should work against alternate projections and this one is particularly valuable.  At least Europe compares nicely to India and the Indonesian archipelago compares to the USA as does Brazil and China.

The sub sea should also be mapped in in order to allow for lining up edges in the Atlantic and to check voids in the Pacific.  The perimeter has been left out here.

That is picky though for an excellent piece of work..


More Accurate World Map Wins Prestigious Design Award

Published November 3, 2016
Updated August 23, 2018
The AuthaGraph map is the most accurate map you'll ever see. You probably won't like it.

AuthaGraph Map


The Human Brain Can Create Structures in Up to 11 Dimensions Terra Forming Terra

main article image

The word dimension is distracting but perhaps properly is an indication of uniqueness and allows the usage of the mathematics in order to generate inferences.  Cliques exist and these are a powerful indication of meaning in space and surely in time as well..
At this instance it is a new beginning.
All good.

The Human Brain Can Create Structures in Up to 11 Dimensions

Conceptual illustration of brain networks (l) and topology (r), courtesy of Blue Brain Project
21 APR 2018

Last year, neuroscientists used a classic branch of maths in a totally new way to peer into the structure of our brains.

What they discovered is that the brain is full of multi-dimensional geometrical structures operating in as many as 11 dimensions.

We're used to thinking of the world from a 3-D perspective, so this may sound a bit tricky, but the results of this study could be the next major step in understanding the fabric of the human brain - the most complex structure we know of.

This brain model was produced by a team of researchers from the Blue Brain Project, a Swiss research initiative devoted to building a supercomputer-powered reconstruction of the human brain.

The team used algebraic topology, a branch of mathematics used to describe the properties of objects and spaces regardless of how they change shape.

They found that groups of neurons connect into 'cliques', and that the number of neurons in a clique would lead to its size as a high-dimensional geometric object (a mathematical dimensional concept, not a space-time one).

"We found a world that...


Ratcliffe, Gowdy join list of potential attorney general picks Terra Forming Terra

Unsurprising to see Gowdy's name here as he is now obviously available.   Yet he joins a short list of key individuals clearly read in including Sessions to the PLAN.  Good men are been recruited and pre positioned.  

What that does do is pretty well render the public narrative as suspect.  The core objective is literally draining the swamp.  Mil Intel has been involved for decades and all are willing participants.  Watch the show.

It is now clear that the voter fraud system operated by the Democrats is been outed and expect this to fill the media for weeks and months to come.  We are seeing them been caught in action with a  full spotlight on them.  This was totally planned.

The DEMs will literally need to reconstitute them self.  It is that bad and it will be that public..

Ratcliffe, Gowdy join list of potential attorney general picks

Congressmen, confidantes and TV commentators are among those being considered by the White House.

Rep. John Ratcliffe speaks to media on Capitol Hill in October.Carolyn Kaster / AP

Nov. 10, 2018 / 10:27 AM PST

By Leigh Ann Caldwell and Julia Ainsley

WASHINGTON Two members of congress, a cabinet official, a presidential confidant and a frequent guest on Fox News are among those being considered by President Donald Trump to be the next attorney general, multiple sources tell NBC News.

One of those, former New Jersey Governor Chris Christie, was a close adviser to the president in his 2016 presidential campaign. He has been largely sidelined by the administration since then but resurfaced at the White House on Thursday for what White House officials said was for a previously scheduled meeting on prison reform.

Rep. John Ratcliffe, R-Texas, and retiring Rep. Trey Gowdy of South Carolina, have also joined the list of those in the running, the sources say.

Ratcliffe, a former political appointee of President George W. Bush who was later appointed to be U.S. Attorney of the Eas...


Expert found a way to bypass Windows UAC by mocking trusted Directory Security Affairs

David Wells, a security expert from Tenable, devised a method to bypass Windows User Account Control (UAC) by spoofing the execution path of a file in a trusted directory. 

A security researcher from Tenable has discovered that is possible to bypass Windows User Account Control (UAC) by spoofing the execution path of a file in a trusted directory.

User Account Control (UAC) is a technology and security mechanism that aims to limit application software to standard user privileges until an administrator authorizes an increase or elevation.

Some programs can auto-elevate privileges bypassing UAC, to prevent abuses Windows implements a series of additional security checks to allow that only a specific group of trusted executables can auto-elevate.

Executables that can auto-elevate have specific configuration, need to be properly signed, and to run from a Trusted Directory (i.e. C:\Windows\System32).

David Wells researcher discovered the Appinfo.dll (AIS) will use RtlPrefixUnicodeString API to see if the target executable path begins with C:\Windows\System32\ for one of the trusted directory checks.

Then the researcher created a directory called C:\Windows \ (with a space after the word Windows) by using the CreateDirectory API and prepending a \\?\ to the directory name and then created a System32 directory in it.

So for bypassing this check, I construct a directory called C:\Windows \ (notice trailing space after Windows). This wont pass the RtlPrefixUnicodeString check of course, and Ill also mention that this is somewhat invalid (or in the very least unfriendly) directory name, as Windows does not allow trailing spaces when you create a directory (try it). wrote the expert.

Using the CreateDirectory API however, and prepending a \\?\ to the directory name I want to create, we can bypass some of these naming filter rules and send the directory creation request directly to file system.

Then the expert copied a signed, auto elevating executable from C:\Windows\System32, and discovered that upon its execution no UAC prompt is triggered.

When this awkward path is sent to AIS for an elevation request, the path is passed to GetLongPathNameW, which converts it back to C:\Windows\System32\winSAT.exe (space removed). Perfect! This is now the string that trusted directory checks are performed against (using RtlPrefixUnicodeString) for the rest of the routine. explained the expert.

The beauty is that after the trusted directory check is done with this converted path string, it is then freed, and rest of checks (and final elevated execution request) are done with the original executable path name (with...


HITB Security Conference to feature CTF, free to the public hacking games and challenges Help Net Security

In two weeks, one of the most gruelling security challenges returns to the Middle East! As part of Hack in the Boxs (HITB) return to Dubai after an 8-year gap, the HITB Security Conference will be bringing back a wide range of free to the public hacking games and challenges, including its ever-popular HITB Capture The Flag (CTF) competition. HITBs CTF competition will see over 20 international teams battle it out in Dubai on 27 More

The post HITB Security Conference to feature CTF, free to the public hacking games and challenges appeared first on Help Net Security.


eBook: The DevOps Roadmap for Security Help Net Security

DevOps is concerned with uniting two particular tribes: development and operations. These tribes have seemingly competing priorities: developers value features while operations value stability. These contradictions are largely mitigated by DevOps. A strong argument could be made that the values of the security tribe defensibility could just as easily be brought into the fold, forming a triumvirate under the DevSecOps umbrella. The security tribes way forward is to find ways to unify with More

The post eBook: The DevOps Roadmap for Security appeared first on Help Net Security.


How Much Hotter Is Your Hometown Than When You Were Born? Lifeboat News: The Blog

What you do on the Internet is nobodys business but yours. At, we stand between your web use and anyone who tries to sneak a peek at it. Instead of connecting directly to a website, let us connect to the website and send it back to you, and no one will know where youve been. Big Brother (or other, less ominous snoops) wont be able to look over your shoulder and spy on you to see what youre reading, watching or saying.


Arm Leads Project to Develop an Armpit-Sniffing Plastic AI Chip IEEE Spectrum Recent Content full text

In a quest for penny-priced plastic sensors, Arm and its partners are demonstrating a stripped-down form of machine learning

Body odor is a stubborn problem. Not just for people, but also for sensors. Sensors and the computing attached to them struggle to perceive armpit odors in the way humans do, because B.O. is really a complex mix of dozens of gaseous chemicals. The UKs PlasticArmPit project is designing the first machine learningenabled flexible plastic sensor chip. Its target audience: those who think they might stink. The prototype chip will be manufactured and tested in 2019.

The project is part of a broader effort Arm has been involved in to drive the cost of plastic IoT devices down below US $0.01 so that they can be embedded in all sorts of consumer goods, including disposable ones.

The plastic chip will consist of sensor arrays, a bespoke machine learning processor, and their interface. All of these will be built on a thin plastic film, although the sensor array is currently made on a separate piece of plastic. A battery and display may be integrated into the device later. The team consists of: Arm, which designed the machine learning circuitry and developed tools that will make it easy for others to produce such designs; PragmatIC, which makes amorphous-oxide-based flexible electronics, NFC, and RFID chips and the systems to build them; the University of Manchester, which developed the plastic gas-sensing technology and a model of human smell perception; and Unilever, which lent its consumer-products expertise and its UK odor-testing lab.

The sensor arrays are a collection of field-effect transistors made from organic semiconductors that have been chemically modified. We tune the materials within the device to be responsive to different gaseous analytes, explains Krishna Persaud, who developed them at the University of Manchester along with his colleague Michael Turner. As gases bind to the transistors semiconductor channels, they alter the characteristics of the devices performance.

ARM sensor Image: Arm A sliver of flexible plastic could contain sensor arrays and the machine learning circuits to interpret their output.

Each device has eight different types of sensors. But theyre not specific t...


What mid-market security budgets will look like in 2019 Help Net Security

As 2018 draws to a close, IT and security pros around the country will greet the arrival of budget season with a collective sigh. Negotiating for IT budgets at small or mid-market companies is always a challenge and can be especially difficult if youre asking for increased security spending from an executive who doesnt understand the risks of being unprepared for a data breach. However, security budgets are changing rapidly as awareness of security issues More

The post What mid-market security budgets will look like in 2019 appeared first on Help Net Security.


M&A transactions may be stalling due to GDPR compliance concerns Help Net Security

An increasing number of M&A transactions may be stalling because of concerns over GDPR compliance, according to a survey of EMEA M&A professionals conducted by Merrill Corporation. Overall, the survey highlights the significant role due diligence plays in determining M&A success, while providing insight into the challenges faced by M&A professionals today. The implementation of the GDPR stood out as a major hurdle for mergers and acquisitions, with more than half of respondents (55 percent) More

The post M&A transactions may be stalling due to GDPR compliance concerns appeared first on Help Net Security.


Cyber attacks ranked as top risk in Europe, North America, East Asia and the Pacific Help Net Security

There are significant differences in risk perceptions across the eight regions covered in the World Economic Forums Regional Risks for Doing Business report. Over 12,000 executives highlighted concerns ranging from economic to political, societal and technological. Unemployment, failure of national governance and energy price shocks were among the top worries of executives across various regions. Cyber attacks are the number one risk in Europe, East Asia and the Pacific and North America. This points to More

The post Cyber attacks ranked as top risk in Europe, North America, East Asia and the Pacific appeared first on Help Net Security.


Humans Are About to Touch the Deepest Corners of the Ocean for the First Time SoylentNews

Business Insider:

[...] In December, explorer and investor Victor Vescovo, along with scientist Alan Jamieson from Newcastle University, are embarking on a groundbreaking mission more than 6.5 miles under the waves. The two are heading out in a new $48 million dollar submarine system to better map the bottom of the world's five oceans.

They're calling the mission, which will be the first time people travel to the bottom of each of the world's seas, "Five Deeps."

"Our depth of ignorance about the oceans is quite dramatic," Vescovo said as he introduced the mission to an audience in New York. "Four of the oceans have never even had a human being go to their bottom. In fact, we don't even know with great certainty where the bottom of the four are."

First up on the five-dive trip will be the Puerto Rico Trench, the deepest point in the Atlantic Ocean. It's a spot no human has ever explored, and it's so deep that any communications from the submarine will take seven seconds to travel back up.

The team believes it's possible to find a location deeper than the Challenger Deep.

Original Submission

Read more of this story at SoylentNews.


Narrow gap between CEO, CIO and CISO roles means companies are struggling to secure digital assets Help Net Security

Responsibility for information security is not falling to any one senior executive function, according to the 2018 Risk:Value report from NTT Security, which surveyed 1,800 senior decision makers from non-IT functions in global organisations. Responsibility for day-to-day security At a global level, 22 per cent of respondents believe the CIO is ultimately responsible for managing security, compared to one in five (20 per cent) for the CEO and 19 per cent for the CISO. In More

The post Narrow gap between CEO, CIO and CISO roles means companies are struggling to secure digital assets appeared first on Help Net Security.


Advent Calendar Tracks The Days Until Christmas Hackaday

Internet-connected Advent calendarWhats a hacker to do when Halloweens over and a new source of ideas is needed for more hacks? Make something for Christmas of course. Thats what [Dario Breitenstein] did when he made his Advent calendar both as a decoration and to help instill some Christmas spirit.

Designed in SketchUp, its a WS2812 LED strip mounted in a clean looking walnut enclosure. The light diffuses through 3D-printed PETG lids with vinyl over them to outline the days. Naturally, it had to be Internet-connected and so an ESP8266 based WEMOS D1 mini board fetches the date and time from an NTP server. Sundays light up in red and Christmas Eve in purple.

This appears to be just the thing hackers like [vk2zay] could use for inspiration during their sort-of-annual Advent Calendar of Circuits wherein a different circuit is made each day leading up to Christmas.


Scientists predict a dark matter hurricane will collide with the Earth Lifeboat News: The Blog

Yes, heres the story of the dark matter hurricane a cosmic event that may provide our first glimpse of the mysterious, invisible particle.

  • by
  • Jackson Ryan


We Just Got Closer Than Ever to Unlocking Graphenes Superconducting Powers Lifeboat News: The Blog

Scientists are now closer than ever to being able to use graphene as a superconductor to conduct electricity with zero resistance making it useful for developing energy efficient gadgets, improving medical research, upgrading power grids, and much more besides.

The key to the new approach is heating a silicon carbide (SiC) crystal, itself a superconductor, until the silicon atoms have all evaporated. This leaves two graphene layers on top of each other in a way that, in certain conditions, offers no resistance to electrical current.

A similar dual-layer approach was also successfully used to turn graphene into a superconductor earlier this year. The difference here is the layers dont have to be carefully angled on top of each other, which should make it easier to reproduce at scale.


Xfce Support For "Primary Display" Output Handling Finally Being Squared Away Phoronix

The latest feature on deck for the long overdue Xfce 4.14 desktop update is support for the RandR primary display/output functionality...


After Conquering the World, Smartphone Faces Uncertain Future

The last phone I bought was a heavily discounted Samsung Galaxy Note 4. Its fine. I have no plans to upgrade. Id consider buying a modern flagship-grade phone if it included a 3.5mm headphone jack and an easily removable back and battery. There are no high end phones with easily removable batteries and the 3.5mm []


BGP Hack Steals Google (at Least for an Hour or so) SoylentNews

The Register reports a hack, speculated to be intentional instead of the usual finger fumble, whereby all of Google's traffic was routed for just over an hour to servers in Russia and China.

The Register story:

It quotes this update from Google:

Excerpt from the update:

The issue with Google Cloud IP addresses being erroneously advertised by internet service providers other than Google has been resolved for all affected users as of 14:35 US/Pacific. Throughout the duration of this issue Google services were operating as expected and we believe the root cause of the issue was external to Google. We will conduct an internal investigation of this issue and make appropriate improvements to our systems to help prevent or minimize future recurrence.

As BGP is "broken by design", i.e. assumes trust where there is no longer any, what is perhaps surprising is that it took so long to happen. Does not augur well.

So much for "the internet always routes around damage". Maybe "always" takes time to happen...

Exercise for the reader: is it possible to circumvent this effectively, and if so, how? Has my paranoia-meter misfired, and there's really nothing to worry about?

Original Submission

Read more of this story at SoylentNews.


Amazon may announce Tuesday new headquarters in NYC, DC The Hill: Technology Policy Inc. is reportedly planning to announce on Tuesday its decision to split its second headquarters between two cities, The Wall Street Journal reported Monday.  The company reportedly made the surprise decision to pick two sites New...


Robots Are Coming for Europes Jobs

Via: Bloomberg: Robots are coming for peoples jobs in Europe, and the countries in the ex-communist east are particularly vulnerable. With the use of industrial robots rising globally, the average worker in Slovakia the worlds top car producer per capita faces a 62 percent median probability that his or her job will be []


Quantum leap for mass as science redefines the kilogramme Lifeboat News: The Blog

Sealed in a vault beneath a dukes former pleasure palace among the sycamore-streaked forests west of Paris sits an object the size of an apple that determines the weight of the world.

Forged against a backdrop of scientific and political upheaval following the French Revolution, a single, small cylinder of platinum-iridium alloy has laid largely undisturbed for nearly 130 years as the worlds benchmark for what, precisely, is a kilogramme.

The international prototype of the kilogramme, or Le Grand K as it is tenderly known, is one of sciences most hallowed relics, an analogue against which all other weights are compared and a totem of the metric system that accompanied the epoch of liberty, equality and fraternity.


The Next Version of HTTP Wont be Using TCP SoylentNews

In its continued efforts to make Web networking faster, Google has been working on an experimental network protocol named QUIC: "Quick UDP Internet Connections." QUIC abandons TCP, instead using its sibling protocol UDP (User Datagram Protocol). UDP is the "opposite" of TCP; it's unreliable (data that is sent from one end may never be received by the other end, and the other end has no way of knowing that something has gone missing), and it is unordered (data sent later can overtake data sent earlier, arriving jumbled up). UDP is, however, very simple, and new protocols are often built on top of UDP.

QUIC reinstates the reliability and ordering that TCP has but without introducing the same number of round trips and latency. For example, if a client is reconnecting to a server, the client can send important encryption data with the very first packet, enabling the server to resurrect the old connection, using the same encryption as previously negotiated, without requiring any additional round trips.

Original Submission

Read more of this story at SoylentNews.


NFPHosting VPS Reseller Pools 2 VPS @ $19/yr, 4 VPS @ $29/yr & more in LA, NY, and CHI! Low End Box

Nathan from over @ NFP Hosting has just sent in a new offer for us! They are proud to present us with more VPS Reseller plans located in Los Angeles, New York and Chicago! You can find their ToS/Legal Docs here. They accept PayPal, Credit Cards, Alipay, Ethereum and Bitcoin.

More about the company: was founded in 2006 as an e-commerce hosting provider after seeing the lack of hosts who can deliver quality. Throughout the years of learning the ins and outs of running a hosting company, and seeing the opportunities to expand in the marketplace, NFP Hosting throughout the years added additional services to serve a wider variety of markets. NFP Hosting today offers everything the basic consumer looking to start a website may need, all the way up to the advanced (technical) user looking to set up a cluster of servers. At NFP Hosting, there is no waiting around. Services are instantly provisioned, and 24/7 customer support comes standard with our plans. No compromises. No excuses. Its really as simple as that.

We are the provider for the people. Our motto is: Premium Solutions. Friendly People. Service Delivered. This means always going above and beyond, and going the extra mile. Hence why customers love NFP Hosting. Real results, real performance!


Divide up your resources across multiple VMs, or use it all, its your choice. Deploy in 3 locations on-demand. Screenshots of our Virtualizor reseller panel: here

VPS Reseller #1

  • Create Up To 2 VPS!
  • 2 CPU Cores
  • 60GB Disk Space
  • 2048MB (2GB) RAM
  • 4096MB (4GB) vSwap
  • 3TB Monthly Bandwidth
  • 1000Mbps Network Port
  • 2 IPv4 Addresses
  • Chicago, Los Angeles and NY
  • Virtualizor Reseller Panel
  • $19/year
  • [ORDER]

VPS Reseller #2

  • Create Up To 4 VPS!
  • 4 CPU Cores
  • 120GB Disk Space
  • 4096MB (4GB) RAM
  • 8192MB (8GB) vSwap
  • 5TB Monthly Bandwidth
  • 1000Mbps Network Port
  • 4 IPv4 Addresses
  • Chicago, Los Angeles and NY
  • Virtualizor Reseller Panel
  • $29/year
  • [ORDER]


Hacked Heating Instruments for the DIY Biology Lab Hackaday

[Justin] from The Thought Emporium takes on a common molecular biology problem with these homebrew heating instruments for the DIY biology lab.

The action at the molecular biology bench boils down to a few simple tasks: suck stuff, spit stuff, cool stuff, and heat stuff. Pipettes take care of the sucking and spitting, while ice buckets and refrigerators do the cooling. The heating, however, can be problematic; vessels of various sizes need to be accommodated at different, carefully controlled temperatures. Its not uncommon to see dozens of different incubators, heat blocks, heat plates, and even walk-in environmental chambers in the typical lab, all acquired and maintained at great cost. Its enough to discourage any would-be biohacker from starting a lab.

[Justin] knew It doesnt need to be that way, though. So he tackled two common devices:  the incubator and the heating block. The build used as many off-the-shelf components as possible, keeping costs down. The incubator is dead simple: an insulated plastic picnic cooler with a thermostatically controlled reptile heating pad. That proves to be more than serviceable up to 40, at the high end of what most yeast and bacterial cultures require.

The heat block, used to heat small plastic reaction vessels called Eppendorf tubes, was a little more complicated to construct. Scrap heat sinks yielded aluminum stock, which despite going through a bit of a machinists nightmare on the drill press came out surprisingly nice. Heat for the block is provided by a commercial Peltier module and controller; it looks good up to 42, a common temperature for heat-shocking yeast and tricking them into taking up foreign DNA.

Were impressed with how cheaply [Justin] was able to throw together these instruments, and were looking forward to seeing how he utilizes them. Hes already biohacked himself, so seeing what happens to yeast and bacteria in his DIY lab should be interesting.


U.S. Army Personnel to Compete in eSports to Boost Recruitment

In other news: Too Fat to Fight: Military Threatened by Childhood Obesity. Via: Stars and Stripes: The Army is putting together a team of video gamers from within its ranks to try to reach young Americans in the digital worlds where they spend much of their time. More than 15 years after launching Americas Army, []


Florida Airport Shut Down Over Suspicious Package That Ended Up Being Provisional Ballots?

Via: TownHall: Late Sunday evening the Ft. Lauderdale Airport was shut down due to a suspicious package left outside of one of the terminals. Reports are coming in that an Avis rental car employee discovered provisional ballot boxes left in the back of a rental car that had just been returned by a Broward County []


Librem 5 Development Kits: We are Getting There SoylentNews

A few weeks ago we published an update about the forthcoming [release] of our Librem 5 development kits when we ran into some issues which caused delays. Today were bringing you another update on the hardware fabrication process, as well as some pictures and a video. At the same time as the last update got posted, I was on my way to California, where we are fabricating our development kit and base boards (we are bringing everything to life there, and shipping from that same facility).

The story of fabricating the entire devkit hardware from the ground-up included crossing paths with a couple of storms:

- Hurricane Florence caused some shipping delays for component parts, and one of our packages also got lost in Memphismaybe it enjoyed the music and drinks a bit too much? We dont know because we never heard back from it again. So we had to procure additional parts.

- The typhoon in south east China caused a week of factory shutdowns, which included our PCB design prototypes!

- Almost right after that was a Chinese holiday, the Golden Week, which is in practice a two week holiday. Luckily we could expedite the PCBs at a fab in Los Angeles and courier ship to us!

All in all, we had a setback of about three weeks before we were able to make the first prototypes of the boards.


All parts for the final production of the dev kits are procured and still waiting in the magazines on the machines to be placed on the final boards. The kernel team is making amazing progress on mainline Linux 4.18+, we are in intense communication with other Linux i.MX 8M mainlining partners. The kernel, the GPU drivers and MESA will see quite some i.MX 8M patches from usand yes, upstream first was and is our motto, everything we do is and will be pushed upstream!

After all this, I am reluctant to give a new timeline for shipping the dev kits

Original Submission

Read more of this story at SoylentNews.


Team UPC, Fronting for Patent Trolls From the US, is Calling Facts Resistance Techrights

Tilman Mller-Stoy
Image source

Summary: The tactics of Team UPC have gotten so tastelessly bad and its motivation so shallow (extortion in Europe) that one begins to wonder why these people are willing to tarnish everything thats left of their reputation

THE European Patent Office (EPO) is granting patents of laughable quality; in order for these patents to be worth a euro (or a cent) it will need equally laughable courts, headed by someone corrupt like Battistelli. Will that ever materialise? No. Its unlikely. But Team UPC never gives up.

Team UPC/Bird & Birds Sally Shorthose has just published two articles [1, 2] about Brexit. Both mention the UPC, as one might expect (the usual spiel). Honest? No. Polite? Yes.

More radical or outspoken elements of Team UPC have been smearing people who speak for Europes interests rather than the lawyers interests. Team UPC nowadays attacks the Max Planck Institute anonymously and also attacks the complainant anonymously. Team UPC then wonders why the complaint was filed anonymously? The study from the Max Planck Institute did not resort to name-calling, but Team UPCs language upsets even a pro-UPC person, who wrote: Prof. Tilmann has published a rebuttal to Lamping/Ullrich (The Impact of Brexit on Unitary Patent Protection and its Court), see GRUR Int. 2018, 1094. Irre...


WordPress GDPR Compliance plugin hacked to spread backdoor HackRead

By Waqas

Update your GDPR Compliance plugin right now. Security researchers have identified a critical vulnerability in the popular WP GDPR Compliance plugin assisting over 100,000 website owners around the world to comply with European privacy regulations known as GDPR that was announced by European Union on May 25th, 2018. The vulnerability was discovered by researchers at Wordfence which allows hackers to []

This is a post from Read the original post: WordPress GDPR Compliance plugin hacked to spread backdoor


Hillicon Valley: Social media struggles with new forms of misinformation | US, Russia decline to join pledge on fighting cybercrimes | Trump hits Comcast after antitrust complaint | Zuckerberg pressed to testify before global panel The Hill: Technology Policy

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen...


Arduino Provides Hands-Free Focus for Digital Inspection Scope Hackaday

With surface-mount technology pushing the size of components ever smaller, even the most eagle-eyed among us needs some kind of optical assistance to do PCB work. Lots of microscopes have digital cameras too, which can be a big help unless the camera fights you.

Faced with a camera whose idea of autofocus targets on didnt quite coincide with his, [Scott M. Baker] took matters into his own hands foot, actually by replacing mouse inputs to the camera with an outboard controller. His particular cameras autofocus can be turned off, but only via mouse clicks on the cameras GUI. Thats disruptive while soldering, so [Scott] used an Arduino Pro Micro and a small keypad to mimic the mouse movements needed to control the camera.

At the press of a key, the Arduino forces the mouse cursor up to the top left corner of the screen, pulls down the camera menu, and steps down the proper distance to toggle autofocus. The controller can also run the manual focus in and out or to take a screenshot. Theres even a footswitch that forces the camera to refocus if the field of view changes. It looks really handy, and as usual [Scott] provides a great walkthrough in the video below.

Like it or not, if shrinking technology doesnt force you into the microscope market, entropy will. If youre looking for a buyers guide to microscopes, you could do worse than [Shahriar]s roundup of digital USB scopes. Or perhaps youd prefer to dumpster dive for yours.


HPR2682: (NOT) All About Blender Hacker Public Radio

The first part of what began a serious attempt to sit down and discuss Blender, a free and open-source piece of awesome, that slowly (rapidly) devolved into a meandering discussion. Mostly about video games. BloodPong



Excessive Posting of Selfies is Associated with Increase in Narcissism SoylentNews

Science Daily:

A new study has established that excessive use of social media, in particular the posting of images and selfies, is associated with a subsequent increase in narcissism.
They also assessed the participants' usage of social media -- including Twitter, Facebook, Instagram and Snapchat -- during that same period.

Narcissism is a personality characteristic that can involve grandiose exhibitionism, beliefs relating to entitlement, and exploiting others.

Those who used social media excessively, through visual postings, displayed an average 25% increase in such narcissistic traits over the four months of the study.

This increase took many of these participants above the clinical cut-off for Narcissistic Personality Disorder, according to the measurement scale used.

TLDR: Social media encourages narcissism.

Original Submission

Read more of this story at SoylentNews.


The Federal Circuit Bar Association (FCBA) Will Spread the Berkheimer Lie While Legal Certainty Associated With Patents Remains Low and Few Lawsuits Filed Techrights

Recent: Number of US Patent Lawsuits Was More Than 50% Higher Half a Decade Ago

Summary: New figures regarding patent litigation in the United States (number of lawsuits) show a decrease by about a tenth in just one year; theres still no sign of software patents making any kind of return/rebound in the United States, contrary to lies told by the litigation industry (those who profit from frivolous lawsuits/threats)

THE U.S. Patent and Trademark Office (USPTO) can grant all the patents it wants; that still does not mean that such patents are necessarily enforceable.

Meanwhile, the European Patent Office (EPO) keeps promoting software patents in Europe a matter that escalated under Antnio Campinos and a subject we shall cover tomorrow.

Things will only exacerbate if Iancu (of the litigation industry) further reduces the standards of examination and squashes Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs) little by little.The more these patent offices diverge/deviate from courts, the worse the presumption of validity will get. They voluntarily reduce the legal certainty associated with their patents (US patents and European Patents).

Earlier today Patent Docs published this ad for FCBA (intentionally misleading name), which is pushing the Berkheimer lie. This was then boosted by Janal Kalis and said:

The Federal Circuit Bar Association (FCBA) Patent Litigation Committee will be offering a webcast entitled Litigating 101 Issues After Berkheimer on November 14, 2018 from 3:00 pm to 4:30 pm...


[$] C library system-call wrappers, or the lack thereof

User-space developers may be accustomed to thinking of system calls as direct calls into the kernel. Indeed, the first edition of The C Programming Language described read() and write() as "a direct entry into the operating system". In truth, user-level "system calls" are just functions in the C library like any other. But what happens when the developers of the C library refuse to provide access to system calls they don't like? The result is an ongoing conflict that has recently flared up again; it shows some of the difficulties that can arise when the system as a whole has no ultimate designer and the developers are not talking to each other.


Russia Suspected of Jamming GPS Signal in Finland SoylentNews


Finnish Prime Minister Juha Sipila has said the GPS signal in his country's northern airspace was disrupted during recent Nato war games in Scandinavia.

He said he believed the signal had been jammed deliberately and that it was possible Russia was to blame because it had the means to do so.

Finland is not a Nato member but joined the war games which began last month.

Norway also reported GPS problems during the exercises near Russia's north-western borders.
The Finnish region of Lapland and northern parts of Norway close to the Russian border were affected, with the Norwegian regional airline Widere confirming its pilots had experienced GPS disruption, Germany's DW news site reports.

However, the airline pointed out that pilots aboard civilian aircraft had other options when a GPS signal failed.

Finland has called "shenanigans" on Russia.

Original Submission

Read more of this story at SoylentNews.


November DSLWP-B images of the Moon and Earth Daniel Estvez

In previous posts, I have already spoken about the chance of DSLWP-B taking images of the Moon and Earth during the beginning of November. The window to take these images was between November 6 and 9. This window included the possibility of taking an Earthrise image, with the Earth appearing from behind the Moon.

The planning for the activations of the Amateur payload made by Wei Mingchuan BG2BHC was as follows.

7 Nov 2018 08:13 to 7 Nov 2018 10:13
8 Nov 2018 09:40 to 8 Nov 2018 11:40
9 Nov 2018 12:00 to 9 Nov 2018 14:00
10 Nov 2018 14:00 to 10 Nov 2018 16:00
11 Nov 2018 13:30 to 11 Nov 2018 15:30

On November 7, from 8:13 to 9:33 UTC, a total of 9 images with 10 minutes of spacing between each would be taken. These images would be downloaded during the activations on the next days. As usual, an image would also be taken when the Amateur payload powered up on November 8 to 11, but the main focus was on downloading the sequence of images taken on November 7. This is a complete report of the images taken and downloaded.

According to the telemetry, the SSDV ID of the images taken on November 7 was 133 to 141. This corresponds to IDs 5 to 13 in the camera buffer of 16 images (actually, the ID in the camera buffer can be obtained by reducing the SSDV ID modulo 16).

The stations and people collaborating in these activities have been the Dwingeloo radiotelescope PI9CAM, in charge of receiving the SSDV images on the 70cm Amateur band; Reinhard Khn DKL5A, who has been providing telecommand using his large 2m Moonbounce station; Wei Mingchuan, who planned and coordinated the activities; and myself, coordinating the activities over the weekend, when Wei was not available. The people in charge of operating the radiotelescope have been Tammo Jan Dijkema, Cees Bassa, Paul Boven PE1NUT, and Auke Klazema (I hope not to forget anyone).

On November 7, after the series of 9 images was taken, the last of them was downloaded. The exposition in this image was very good. As usual, some small chunks were lost, probably due to jumps in the onboard TCXO on DSLWP-B.

SSDV image 141. Taken on 2018-11-07 9:33. Downloaded partially on 2018-11-07 9:45 to 10:13.

On November 8, the first three images of the series were do...


Mesa Drops Support For AMD Zen L3 Thread Pinning, Will Develop New Approach Phoronix

It was just a few months back that the Mesa/RadeonSI open-source AMD Linux driver stack received Zen tuning for that CPU microarchitecture's characteristics. But now AMD's Marek Olk is going back to the drawing board to work on a new approach for Zen tuning...


Hacking the hackers IOT botnet author adds his own backdoor on top of a ZTE router backdoor Security Affairs

The author of an IoT botnet is distributing a backdoor script for ZTE routers that also includes his own backdoor to hack script kiddies

A weaponized IoT exploit script is being used by script kiddies, making use of a vendor backdoor account to hack the ZTE routers. Ironically, this is not the only backdoor in the script. Scarface, the propagator of this code has also deployed his custom backdoor to hack any script kiddie who will be using the script.

With top names in IOT (Paras/Nexus/Wicked) being inactive, Scarface/Faraday is presently a go to name for script kiddies for buying IoT botnet code as well as weaponized exploits. While Scarface mostly has a good credibility, we observed that he has released a weaponized ZTE ZXV10 H108L Router known vulnerability with a backdoor which compromises the system of the script kiddie when they run it.

The vulnerability is a known one and involves the usage of a backdoor account in ZTE Router for login followed a command injection in manager_dev_ping_t.gch. The code by Scarface targets devices on a different port, 8083 though( justifying why our NewSky honeypots are seeing a surge of this vulnerability usage on port 8083 instead of the standard 80/8080 ports). It is, however, not the only difference.

IoT botnet

In the leaked code snippet, we see login_payload for the backdoor usage and command_payload for the command injection. However, there is one more variable, auth_payload, which contains Scarfaces backdoor, encoded in base64.

This backdoor code is executed sneakily via exec, separately from the three steps of the actual vulnerability (using the vendor backdoor, command injection and log out) which are shown in the image below:



Fail of the Week: Leaf Blowers Cant Fly Hackaday

Leaf blowers, the main instrument of the suburban Saturday symphony, are one of the most useful nuisances. It doesnt take much work with a rake to convince even the most noise-averse homeowner to head to the Big Box Store to pick one up to speed lawn chores. Once you do buy one, and feel the thrust produced by these handheld banshees, you might wonder, If I let go of this thing, would it fly? 

What can we learn from all this? Not much other than it would take a lot of effort to make a leaf blower fly. We appreciate all of [Peter]s hard work here, but we think hes better off concentrating on his beautiful homebrew ultralight instead.

[baldpower] tipped us off to this one.


Nintendo Wins $12 Million From Pirate ROM Site Operators TorrentFreak

This summer, Nintendo made it totally clear that websites offering access to its retro-games and ROMs will not be tolerated.

The Japanese game developer filed a complaint at a federal court in Arizona, accusing and of massive copyright and trademark infringement.

Faced with millions of dollars in potential damages, the operator of the sites, Jacob Mathias, swiftly took the platforms offline. The legal action also led to the shutdown several other ROM sites, who feared they could be next.

It quickly became clear that the Mathias and his wife, who was later added to the complaint, were not looking forward to a drawn-out legal battle. Instead, they engaged in settlement discussions with Nintendo, hoping to resolve the matter without too much bloodshed.

Today we can report that both sides have indeed reached a deal. They agreed to a consent judgment and a permanent injunction that will resolve all outstanding disputes.

Paperwork obtained by TorrentFreak shows that Mathias and his wife admit that their involvement with the websites constituted direct and indirect copyright and trademark infringement, which caused Nintendo irreparable injury.

However, on paper, the married couple wont be getting off cheaply. On the contrary, they actually agreed to a judgment that exceeds $12 million.

Plaintiff is hereby awarded judgment against all Defendants, jointly and severally, in the amount of $12,230,000, the proposed language reads.

Unsigned final judgment

It seems unlikely that the couple has this kind of money in the bank, or that a jury would have reached a similar figure. So why the high amount?

We can only speculate but its possible that Nintendo negotiated such a high number, on paper, to act as a deterrent for other site operators. In practice, the defendants could end up paying much less.

It wouldnt be the first time that a judgment in court is more than what the parties agreed to privately. This happened before in the MPAAs lawsuit against Hotfile, where a $80 million judgment in court translated to $4 million behind the scenes settlement.

In addition to the monetary judgment, both parties also agreed on a permanent injunction. This will prevent the couple from infringing Nintendos copyrights going forward.

They further have to hand over all Ni...


ARMv8.5 Support Lands In GCC Compiler With Latest Spectre Protection Phoronix

Landing just in time with the GCC 9 branching being imminent is ARMv8.5-A support in the GNU Compiler Collection's ARM64/AArch64 back-end...


Legendary Marvel Comics Writer-Editor Stan Lee Has Died at Age 95 SoylentNews

Reports are coming in from all across the web that Marvel Comics icon Stan Lee has died:

Stan Leethe Marvel Comics legend responsible for cultural icons from Spider-Man and Iron Man to X-Men and Black Pantherhas died according to multiple reports from places like TMZ and The Hollywood Reporter [(THR)].

THR spoke with a source that said Lee died early Monday morning at Cedars-Sinai Medical Center in Los Angeles. TMZ spoke to Lee's daughter, J.C., who said an ambulance rushed to Lee's Hollywood Hills home early Monday morning to take him to Cedars-Sinai. That outlet noted Lee had suffered several illnesses over the last year or so, including dealing with pneumonia. Lee was 95 years old.

[...] Indisputably, Lee's decades-spanning career has spawned some of the most beloved pop culture characters and franchises of all time. He began working on comics as an assistant at Timely Comics in 1939; that entity would eventually morph into Marvel Comics in the 1960s. Alongside other eventual giants of the industry like Jack Kirby and Steve Ditko, Lee helped create seemingly every adored comic hero this side of Batman, Superman, and Wonder Woman: in addition to the credits above, Lee had a hand in the Hulk, Doctor Strange, the Fantastic Four, Daredevil, and characters like Ant-Man and Thor.

Also at: Hollywood Reporter, The Daily Beast, c|net,, and NPR.

Original Submission   Alternate Submission

Read more of this story at SoylentNews.


Lego Tardis Spins Through the Void Hackaday

Using LEGO Technic gears and rods seems like a great way of bringing animation to your regular LEGO creation. Using gears and crank shafts you can animate models from your favorite TV show or movie like LEGO kinetic sculpture maker, [Josh DaVid] has done when he created a spinning TARDIS.  Crank the handle and the sculpture spins through space and time.

The large gear stays in place. The hidden gears, turned by the crank, rotate a shaft from below that goes through the large gear making the TARDIS rotate around the main axis. Connected to the TARDIS model is a smaller gear, at an angle, that meshes with the larger, stationary, gear. This smaller gear is what causes the TARDIS to rotate around its own axis while the whole thing rotates around the main axis. If your hand gets too tired, you can substitute a LEGO motor.

Its a neat effect, and you can get the plans [Josh]s Etsy page. The best part, however, is that you can get a set with all the parts as well! The TARDIS is a popular item here and weve had plenty of projects with it as the focus: Everything from a tree topper to sub-woofers. The only question we have, of course, is, Is it bigger on the inside?



Undoing Aging 2019 will be held March 28-30 in Berlin, Germany. Lifeboat News

Undoing Aging 2019 will be held March 28-30 in Berlin, Germany. Our Judith Campisi, Aubrey de Grey, and Michael Greve will be speaking/participating. Undoing Aging 2019 is not only open to the scientific community but also welcomes all interested members of the broader rejuvenation movement. The conference will feature a student poster session showing the work of innovative undergraduate and graduate students in the field of damage repair. Learn more!


Six Things IEEE Members Should Know About Group Term Life Insurance IEEE Spectrum Recent Content full text

Term life affordably protects your loved ones, especially during your high earning years and the high spending inherent in raising a family

As a technology professional, youre astute and pay close attention to detail. Chances are that this attention to detail has extended to taking steps to ensure that your loved ones are financially prepared should the unimaginable happen. Often, you are provided with life insurance as a part of your employment package. However, term life affordably protects your loved ones, especially during your high earning years and the high spending inherent in raising a family. Here are six things you should know about term life insurance, including how it now may be faster and easier to access.

Group Term Life Insurance What It Is

Group term life insurance guarantees the payment of the amount of coverage upon the death of the insured, during a specified term. When the term expires, the policy can be renewed until age 99, or allowed to expire. Typically, term life insurance is purchased to cover major expenses immediately and provide high coverage while being affordable enough to budget easily.


Figure 1: A family of four in the Silicon Valley area of California would require a minimum of approximately $130K annually just to meet basic needs.

The Staggering Realities Why Term Life is Important

Term life insurance helps to protect your growing family when it would be very difficult for all of the expenses to be covered by your spouse without causing major upheaval. According to the Economic Policy Institute, as of March 2018, a two-parent, two-child family in the San Jose/Sunnyvale/Santa Clara metro area costs $10,758 per month ($129,092 per year) to secure a modest yet adequate standard of living. This does not include higher education, family vacations and much in the way of entertainment.

Given the higher incomes earned by many IEEE members, the $130,000 estimate is very modest.

How Term Life Fits

Term life insurance helps provide a safety net that can be used for many reasons beyond your childrens education. It pays off your mortgage so that your family can remain in the same house and neighborhood. It provides an emergency fund, giving your spouse time to adjust and to continue on with his or her career. It also provides for the long-term future of your spouse, providing retirement funds that would be less, given that you would no longer be there to contribute. It may also be used to pay for a daughters wedding, credit card debt, student loans and more.

Im Too Busy for a Medical Exam

Too busy? Then you may be in lu...


UK companies microchip employees, sparking fears from unions Lifeboat News: The Blog

Microchips could be implanted into employees of UK firms to track worker efficiencies.



Physicists wrangled electrons into a quantum fractal Lifeboat News: The Blog

The tiny, repeating structure could reveal weird behavior of electrons in fractional dimensions.


You are not alone; social media giant Facebook is down HackRead

By Carolina

You are not alone; the social media giant Facebook is down in many countries around the world for almost a half an hour starting from 6 pm (UK time). In some cases, Facebooks site and application both are suffering an outage. The reason for this outage is currently unknown and there has been no statement []

This is a post from Read the original post: You are not alone; social media giant Facebook is down


Trump turns attention to Comcast over alleged antitrust violations The Hill: Technology Policy

President Trump on Monday lashed out at Comcast after a group representing small cable providers asked the Department of Justice to investigate the company over antitrust concerns. "American Cable Association has big problems with Comcast. They...


Impact of the Midterm Elections May be Felt at NASA SoylentNews

The outcomes of several races in the 2018 midterm elections may have an impact on the Europa Clipper mission, as well as other NASA priorities:

Perhaps the most significant loss occurred in Texas's Seventh Congressional District, home to thousands of the employees at the Johnson Space Center in Houston. A political newcomer, Lizzie Pannill Fletcher, defeated the incumbent John Culberson, who has served in the House since 2001. Culberson, an attorney, doesn't have a science background. But he grew up in the 1960s building telescopes, toying with model rockets, and reading popular science magazines. For the past four years, Culberson has pushed his colleagues in the House and the Senate to steadily grow nasa's budget, for projects including its climate-science programswhich may come as a surprise, given the congressman's party line on climate change.

Culberson has fiercely supported one mission in particular: a journey to one of Jupiter's moons, the icy Europa. As chair of the House Subcommittee on Commerce, Justice, and Science, Culberson more than doubled the amount of money the space agency requested from Congress for an orbiter around Europa, from $265 million to $545 million. He also threw in $195 million to support a lander to the moon, which nasa hadn't even planned for, but would of course accept. Scientists suspect that Europa's frozen crust covers a liquid ocean that may sustain microbial life. Culberson was intent on sending something there to find it. "This will be tremendously expensive, but worth every penny," he said last year, during a visit to nasa's Jet Propulsion Laboratory to check its progress.

With Culberson out of the House, the funding portfolio for the Europa mission could change. "I don't see any obvious members of Congress, Republican or Democratic, who'd be taking up that mantle of leading the Europa efforts, so I imagine that those are likely to start to wane," said Casey Dreier, a senior space-policy adviser at the Planetary Society, a nonprofit space-advocacy group.

Dreier said the development of the Europa orbiter, known as Clipper, will certainly continue. Since nasa formally approved the mission in 2015, engineers and scientists have made...


Facebook goes down for some users The Hill: Technology Policy

Some Facebook users on Monday have been unable to access the site.Users who cannot logon are receiving the following error message: "Sorry, something went wrong. We're working on it and we'll get it fixed as soon as we can."Downdetector, a site that...


Startup Lanetix Pays US $775,000 to Software Engineers Fired for Union Organizing IEEE Spectrum Recent Content full text

Will this unionization effort remain a one-off? Or stir up a movement among software engineers?

Quick, by show of virtual handshow many engineers reading this belong to a union?

If that question got many yes answers, Id be surprised (if you put your hand up, please comment below). And if many of those positive responses were software engineers, Id be stunned. Unionizing efforts among engineers are the real unicornsfar rarer than the kinds of unicorns the tech industry likes to promote.

But back in January, an effort to unionize software engineers made the news when Lanetix, a company that creates cloud-based tools for the shipping and transportation industry, fired 14 engineers shortly after they petitioned to be represented by the Communications Workers of America (CWA). The CWA then filed charges with the U.S. National Labor Relations Board (NLRB), indicating that the firing of the 14and one earlier terminationwas clearly in retaliation for union organizing activity (Lanetix had stated that it was a layoff due to the companys poor fourth quarter and said the jobs were going to be outsourced). The firings reportedly were the culmination of months of effort by the company to disrupt the union organizing effort.

In late August, the agency took up the case, filing a complaint [PDF] against Lanetix and asking for a court to require that the fired engineers be reinstated with back pay. According to the NLRB complaint, threats against the engineers started last November, when company officials told employees that they were aware that employees were participating in an external Slack organization, discussing wages, hours, and working conditions and threatened reprisals if the discussions continued. The complaint also indicated that, after the January firings, remaining employees were told that the terminations were due to union activity.

Last week, with hearings on the case about to begin in Washington, D.C., Lanetix settled, agreeing to paid the 15 former workers a total of US $775,000. Thats not an insignificant amount of money for the startup; according to Crunchbase, Lanetixs funding to date totals $9.2 million.

In a statement, former Lanetix developer Sahil Talwar called the set...


Sprite_TMs Magic Paintbrush Hackaday

When it comes to hackers we love, theres no better example than Jeroen Domburg, a.k.a. Sprite_TM. Sprites now working for Espressif, makers of the fantastic ESP8266 and ESP32, where he created a miniature Game Boy and turned this PocketSprite into a real product. Hes installed Linux on a hard drive, and created a Matrix of virtualized Tamagotchis. In short, if youre looking for someone whos building the coolest, most technical thing of sometimes questionable utility, you need look no further than Sprite_tm.

Sprite was back at this years Superconference, and again hes bringing out the big guns with awesome hardware hacks. This time, though, Sprite is tapping into his artistic side. Sprite is very accomplished in making PCB art and DaveCAD drawings, but actual art is something thats been out of reach. No problem, because you can just buy an inkjet printer and make your own art. Sprites doing something different, and hes turning his inkjet into a Magic Paintbrush.



Feral Announces Linux System Requirements For Vulkan-Powered Total War: WARHAMMER II Phoronix

With Feral Interactive preparing to release Total War: WARHAMMER II for Linux and macOS later this month, today they announced the system requirements for this latest native game port...


Huge Rockets Require Huge Lifts Lifeboat News: The Blog

To get to the Moon, Mars and beyond: were going to need a bigger boat. NASAs Space Launch System, or SLS, will be the largest rocket ever assembled. So how do you build a rocket of unprecedented size? Find out:


Lawmakers from five countries pressure Zuckerberg to testify in front of global panel The Hill: Technology Policy

Members of parliament in five different countries are pressuring Facebook CEO Mark Zuckerberg to testify in an international grand committee after he previously snubbed Canadian and British lawmaker requests to testify. We were very disappointed...


China is About to Make Humankind's First Visit to the Far Side of the Moon SoylentNews

Submitted via IRC for Bytram

China is about to make humankind's first visit to the farside of the moon

China is about to make space history. In December, the country will launch the first spacecraft ever to land on the farside of the moon. Another craft, slated for takeoff in 2019, will be the first to bring lunar rocks back to Earth since 1976.

These two missions the latest in Chinas lunar exploration series named after the Chinese moon goddess, Change are at the forefront of renewed interest in exploring our nearest celestial body. Indias space agency as well as private companies based in Israel and Germany are also hoping for robotic lunar missions in 2019. And the United States aims to have astronauts orbiting the moon starting in 2023 and to land astronauts on the lunar surface in the late 2020s.

The time is ripe for new lunar exploration. Despite decades of study, Earths only natural satellite still contains mysteries about its formation as well as clues to the history of the solar system (SN: 4/15/17, p. 18). There are too many things we dont know, says planetary scientist Long Xiao of China University of Geosciences in Wuhan. He is a coauthor of two studies published in June and July in the Journal of Geophysical Research: Planets describing the landing sites of the new Chinese missions, Change-4 and -5.

Read more of this story at SoylentNews.


What if the Placebo Effect Isnt a Trick? Lifeboat News: The Blog


New research is zeroing in on a biochemical basis for the placebo effect possibly opening a Pandoras box for Western medicine.

Credit Credit Photo illustration by Paul Sahre.


An Apollo Guidance Computer Laid Bare Hackaday

An Apollo Guidance Computer probably isnt a machine thats likely to come the way of most Hackaday readers. The device that played such a vital role in taking astronauts to the Moon and bringing them home again is hardly a common find, even if it is one of the most iconic machines of its type and era.

[Carl Claunch] was approached to assist in the restoration of an AGC, and while he cant reveal any information about its owner he is at liberty to document his progress. The result is a fascinating in-depth technical examination of the device over multiple blog posts, and is well worth a read for anyone with an interest in the Apollo program. Its an ongoing progression of blog posts that are probably too numerous to list individually, but include the construction of a substitute for the DSKY control panel as well as looking at the devices memory and construction. [Carl] then embarks on a series of posts looking at the restoration itself. This is where we see the computer in greatest detail, and learn the most about it.


Security updates for Monday

Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, systemd, and thunderbird), Debian (ansible, ghostscript, qemu, thunderbird, and xen), Fedora (community-mysql, gettext, links, mysql-connector-java, xen, and zchunk), Gentoo (icecast, libde265, okular, pango, and PHProjekt), Mageia (ansible, audiofile, iniparser, libtiff, mercurial, opencc, and python-dulwich), openSUSE (accountsservice, apache2, audiofile, curl, libarchive, ntfs-3g_ntfsprogs, opensc, python, python-base, qemu, soundtouch, and systemd), Oracle (git, java-1.7.0-openjdk, java-11-openjdk, kernel, python-paramiko, thunderbird, and xorg-x11-server), Red Hat (rh-git29-git), Scientific Linux (thunderbird), SUSE (kernel), and Ubuntu (gettext and libmspack).


Unable to remember his password, man sent letter bomb to Bitcoin exchange Graham Cluley

A man has been jailed for six and a half years after sending a letter bomb to Bitcoin exchange Cryptopay. Why would anyone do such a horrendous thing? Police believe it was because he couldnt remember his password.



By Waqas

Download the app and toggle on it to generate a VPN profile that will automatically reroute the DNS traffic using the DNS servers. On April 1, 2018, Cloudflare and APNIC launched the public DNS service to speed up the searching process for web addresses faster and more secure. It is basically a DNS []


The Linux Foundation launches Ceph Foundation to advance open source storage Help Net Security

The Linux Foundation and over 30 global technology leaders are forming a new foundation to support the Ceph open source project community. The Ceph project develops a unified distributed storage system providing applications with object, block, and file system interfaces. Founding Premier members of Ceph Foundation include Amihan, Canonical, China Mobile, DigitalOcean, Intel, OVH, ProphetStor Data Services, Red Hat, SoftIron, SUSE, Western Digital, XSKY Data Technology, and ZTE. The Ceph Foundation will organize and distribute More

The post The Linux Foundation launches Ceph Foundation to advance open source storage appeared first on Help Net Security.


This Is How The Genius Elon Musk Will Give Free WiFi To The Entire Planet Lifeboat News: The Blog

The very same guy, who invented PayPal, created the Tesla Cars, plans to create SolarCities and developed cars that will make money for you when you dont use them, has ANOTHER brilliant idea. Elon Musk plans to launch 4,000 low-orbit satellites in order to give free internet access worldwide, two of them has already been launched a month ago.

The billionaires company, SpaceX, revealed the initial framework of the plan in January, with the official request being submitted to the Federal Communications Commission.


16-Way AMD EPYC Cloud Benchmark Comparison: Amazon EC2 vs. SkySilk vs. Packet Phoronix

With last week Amazon Web Services rolling out AMD EPYC cloud instances to EC2, I figured it would be an interesting time for a fresh benchmark look at how the AMD Linux cloud performance compares from some of the popular cloud providers. For this article are sixteen different instances benchmarked while looking at the raw performance as well as the value on each instance type relative to the benchmark performance and time consumed for the on-demand spot instancing. EPYC instances were tested from Amazon EC2,, and SkySilk.


How to create your own WhatsApp stickers on Android smartphones TechWorm

Create your own custom stickers for WhatsApp, heres how

WhatsApp, the Facebook-owned instant messaging platform, had last week rolled out a new feature of Stickers in the chats for both iOS and Android platform. The Stickers feature allows users to send different stickers while chatting just like its competitors such as Hike Messenger, Telegram, WeChat and more.

Whether with a smiling teacup or a crying broken heart, stickers help you share your feelings in a way that you cant always express with words. To start, were launching sticker packs created by our designers at WhatsApp and a selection of stickers from other artists, WhatsApp had said in a blog post.

Additionally, it has also added support for third-party sticker packs to allow users to create their own personal stickers for WhatsApp.

If you want to make things more interesting, you can create your own sticker packs, and then load them onto WhatsApp by following the step-by-step guide below. These stickers can be published on Google Play Store from where they can be downloaded by multiple users.

  1. Go to Google Play Store for Android and search for an app called Sticker maker for WhatsApp by the developer Viko & Co.
  2. Download and install the app on your Android device. Please note that is a third-party app.
  3. Once installed, launch the app, you will see an option called Create a new sticker pack. It will ask to input details like Stickerpack name and Sticker pack author. You can choose to fill the requested details or totally skip this step. Once you are done, tap the option Create.
  4. Once done, open the folder/pack you have just created. You will see a tray icon (an empty sticker tray) with a capacity of up to 30 stickers. (Note, you will need to add all 30 stickers at once as the pack cannot be edited once published on WhatsApp. Further, you can publish your stickers pack with fewer stickers, but cannot add more to the pack upon publishing.)
  5. Click on the place tray icon. You will have an option to add a file from your phone storage or click a new one for the sticker pack.
  6. After getting the image, you will have to outline the part of the picture you want in the sticker. Click on the Yes, Save Sticker option. Note, you need to add at least three stickers to publish your sticker pack.
  7. Once...


A Free Guide for Setting Your Open Source Strategy

A Free Guide for Setting Your Open Source Strategy


Solar Power: Largest Study to Date Discovers 25 Percent Power Loss Across UK SoylentNews

Submitted via IRC for Bytram

Solar power: largest study to date discovers 25 percent power loss across UK

Researchers at the University of Huddersfield have undertaken the largest study to date into the effectiveness of solar panels across the UK and discovered that parts of the country are suffering an overall power loss of up to 25% because of the issue of regional 'hot spots'. Hot spots were also found to be more prevalent in the North of England than in the south.

Dr Mahmoud Dhimish, a lecturer in Electronics and Control Engineering and co-director of the Photovoltaics Laboratory at the University, analysed 2,580 polycrystalline silicon photovoltaic (PV) panels distributed across the UK. The UK has been fossil-free for two years and demand is constantly increasing for renewable energy.

After quantifying the data, Dr Dhimish discovered that the panels found to have hot spots generated a power output notably less than those that didn't. He also discovered that location was a primary contributor in the distribution of hot spots.

Photovoltaics hot spots are areas of elevated temperature which can affect only part of the solar panel. They are a result of a localised decrease in efficiency and the main cause of accelerated PV ageing, often causing permanent damage to the solar panel's lifetime performance.

According to Dr Dhimish, this is the first time an investigation into how hot spots impact the performance of PV panels has been conducted from such a large scale dataset and says the project uncovered results which demonstrate the preferred location of UK hot spots.

"This research showed the unprecedented density of hot spots in the North of England," said Dr Dhimish. "Over 90% of the hot spots are located in the north and most of these are inland, with considerably less seen on the coast."

Original Submission

Read more of this story at SoylentNews.


Hello, And Please Dont Hang Up: The Scourge of Robocalls Hackaday

Over the last few months, Ive noticed extra calls coming in from local numbers, and if you live in the US, I suspect maybe you have too. These calls are either just dead air, or recordings that start with Please dont hang up. Out of curiosity, Ive called back on the number the call claims to be from. Each time, the message is that this number has been disconnected and is no longer in service. This sounds like the plot of a budget horror movie, how am I being called from a disconnected number? Rather than a phantom in the wires, this is robocalling, combined with caller ID spoofing.

Automated phone switching is an impressive beast. The story often told is that Kansas City had two undertakers in the late 1800s. The towns telephone operator was married to one of the undertakers, and she would routinely send business to her husband. The other undertaker was [Almon Brown Strowger], and once he caught on to what was going on, he started working on a way to route phone calls without going through an operator. His invention eventually became the rotary dial phone and switching system. There is some irony that the automatically switched telephone network was invented to defeat fraud, and today its also used to commit fraud.

Number Spoofing is a Side Effect of the Ma Bell Breakup

At Hope XII, [TProphet] gave a talk about robocalling and the history of the phone system. He talked about the breakup of AT&T and the associated government regulation, and how those two events have had unintended consequences today, like enabling caller ID spoofing and robocalling. Part of the agreement between the U.S. Government and AT&T is that all calls would be accepted, even calls from competing providers. The downside is that this regulation then legally prevented AT&T from blocking phone calls even when those calls are known to be spoofed or spam.

Signalling System 7 (SS7) was designed in the 1970s, and has become the international standard for routing phone calls. This standard was written in a time when network security was an afterthought: SS7 has no authentication built in, simply accepting all traffic on the secure phone network. Regulated network interconnection was baked into the SS7 protocol, and a side effect is that the source phone number is trusted by design. Caller ID spoofing is the result of this protocol and the regulatory requirement that telephone companies (telcos) complete all calls from competitors.

[TProphet] didnt mention the legitimate reason for caller ID Spoofing. Your humble author spoofs the caller ID of his office phone. Why? An Asterisked phone system (running off a Raspberry Pi) connects to both a Plain Old Telephone System (POTS) line as well as a VoIP trunk. Incoming...


Reading the Android Ecosystem Security Transparency Report Security Affairs

According to Android Ecosystem Security Transparency Report the number of potentially harmful applications has fallen from 0.66% in Lollipop to 0.06% in Pie

Google published the first Android Ecosystem Security Transparency Report that revealed that the number of potentially harmful applications (PHAs) discovered on Android 9 Pie devices has been reduced by half compared to the previous versions.

According to the Android Ecosystem Security Transparency Report, the number of potentially harmful applications (PHAs) has fallen from 0.66 percent in Lollipop to 0.06 percent in Pie.

Android Ecosystem Security Transparency Report 2

The number obtained from the analysis of malware detected by Google Play Protect scans that was launched in May 2017 to protect the devices running its Android OS.

The system is integrated into the Google Play Store app, this means that its usage is transparent to the end user that doesnt need to install or enable it on his device. It analyzes malicious applications distributed through the Play Store and third-party app stores.

Google Play Protect continuously works to keep your device, data and apps safe. It actively scans your device and is constantly improving to make sure you have the latest in mobile security. Your device is automatically scanned around the clock, so you can rest easy. reads the description published by Google.

Google Play Protect implements the following features:

  • App scanning
  • Anti-Theft Measures
  • Browser Protection




YouTube CEO Says That Videos May Be Blocked Due to EU Copyright Law TorrentFreak

Two years ago the European Commission announced plans to modernize EU copyright law.

Some of the proposals were hugely controversial. Article 13, for example, would see the liability for infringing content switched from users of sites like YouTube to the platform itself.

But, despite warnings, in September the European Parliament voted in favor of proposals put forward by Axel Voss EPP group.

While we support the goals of article 13, the European Parliaments current proposal will create unintended consequences that will have a profound impact on the livelihoods of hundreds of thousands of people, Wojcicki writes.

The parliaments approach is unrealistic in many cases because copyright owners often disagree over who owns what rights. If the owners cannot agree, it is impossible to expect the open platforms that host this content to make the correct rights decisions.

Using the hit Despacito as an example, Wojcicki says that the track contains multiple copyrights including sound recording and publishing rights. YouTube has agreements with several parties to license the video but other rightsholders remain unknown. This could present a situation so complex that YouTube might have to stop hosting the video altogether.

That uncertainty means we might have to block videos like this to avoid liability under article 13. Multiply that risk with the scale of YouTube, where more than 400 hours of video are uploaded every minute, and the potential liabilities could be so large that no company could take on such a financial risk, she adds.

While the rest of the world appears to be safe from such blocking, YouTubes CEO warns that it is EU residents that will be affected. During the last month alone, videos were viewed by citizens more than 90 billion times.

Wojcicki says her company wants to work with policymakers and the industry to develop Article 13 in a way that protects rightsholders but without stifling the creative economy. That might including broader licensing agreements, improved collaboration with rightsholders, and technical solutions, similar to Content ID...


Star Trek-like Tech Seals Wounds with a Laser IEEE Spectrum Recent Content full text

In early tests, this laser-activated silk and gold material held wounds together better than stitches or glue

On Star Trek: The Next Generation, Commander Riker had an impressive ability to receive head wounds. Luckily for him, Dr. Crusher could whip out the dermal regenerator, a handheld sci-fi tool that healed skin wounds with a colorful laser.

Luckily for us, Kaushal Rege and colleagues at Arizona State University are developing essentially the same thing. Well, close enough. In a new paper out from the journal Advanced Functional Materials, the engineers successfully repaired animal wounds with a silk and gold nanomaterial activated by a laser.

In this proof-of-concept study, the technology quickly sealed soft-tissue wounds in pig intestines and on mice skin. In the pig intestines, for example, the seal proved to be roughly seven times stronger than traditional sutures.

When sealing wounds, sutures, staples, or glue can often cause problems such as leakages at the repair site and slow recovery of the tissue. Were trying to seal incisions faster and heal them at an earlier point of time, says Deepanjan Ghosh, a PhD student in Reges lab and co-author on the paper.

Comparison of three methods of wound repair, on days 0 and 2. Photos: Russell Urie/Advanced Functional Materials This comparison shows the effects on a wound of conventional suturing, skin glue, and laser sealing at 0 and 2 days after injury.

To use a laser to seal skin, one must focus the heat of the light using some sort of photoconverter. Reges lab opted for gold nanorods and embedded them in a silk protein matrix purified from silkworm cocoons. A silk protein called fibroin binds to collagen, the structural protein that holds together human skin cells. When near-infrared light hits the gold nanorods, they produce heat and activate the silk and skin to create bonds, forming a sturdy seal.

The near-infrared laser operates at a wavelength of about 800 nanometers, which is powerful enough to heat the gold without damaging the skin.

The engineers created two disc-shaped sealants: one for wet environments that does not dissolve in water and one for dry environments that does. The first was used to repair samples of pig intestine. When the t...


Vulkan 1.1.92 Released, Finally Allows For Chunked HTML Documentation Phoronix

Vulkan 1.1.92 is out today to mark the newest specification update to this high-performance graphics/compute API...


Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies SoylentNews

Submitted via IRC for Bytram

Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies

Equifax, Experian and Oracle are among a slate of companies whose business is consumer information, that could soon face billions of dollars in fines for improper data handling.

Privacy International has filed complaints against seven corporations, consisting of data brokers (Acxiom and Oracle), companies that provide consumer profiling and targeting data for advertising purposes (Criteo, Tapad and Quantcast), and two credit-referencing agencies that collect sensitive financial data on roughly everyone in the U.S. as well as many in Europe and elsewhere (Equifax and Experian). The complaints have been lodged with data protection authorities in France, Ireland and the U.K. The group is asking for an investigation into their data-handling practices under the auspices of Europe's strict General Data Protection Regulation (GDPR).

The GDPR, which went into effect in May, gives regulators real teeth when it comes to enforcing privacy mandates, including issuing fines of up to 4 percent of an offending company's annual turnover. That would equal billions of dollars for Fortune 500 companies such as Equifax, which consumers know from the massive data breach last year.

Aside from the credit-reporting giants, the complaints target companies that, despite collecting and using or selling the data of millions of people, are not household names.

Read more of this story at SoylentNews.


France seeks Global Talks on Cyberspace security and a code of good conduct Security Affairs

The French government announced a Paris Call for global talks about cyberspace security aimed at laying out a shared framework of rules.

The French government is promoting a series of Global Talks on cyberspace security, it urges for a code of good conduct for states in the cyberspace.

Events such as the interference in the 2016 Presidential election or massive attacks like WannaCry and NotPetya increase the sense of urgency among states.

The risk of escalation and retaliation in cyberspace, the increasing number of cyber attacks and cyber threats even more sophisticated could have a destabilizing effect on international peace and security. The risk of conflict between states caused so cyber incidents encourages all States to engage in law-abiding, norm-respecting and confidence-building behavior in their use of ICT.

Im one of the authors of the G7 DECLARATION ON RESPONSIBLE STATES BEHAVIOR IN CYBERSPACE that were signed in 2017 during the Italy G7 meeting.

I had the honor to be a member of the group that worked on the proposal for voluntary, non-binding norms of State behavior during peacetime. We presented 12 points aimed to propose stability and security in the cyberspace. The declaration invites all the States to collaborate with the intent to reduce risks to international peace, security, and stability.

The decision of the French government aims to relaunch the discussion of the adoption of a framework for norms of state behavior in the cyberspace, a sort of prosecution of the work started last year during the G7 meeting.

Officials said the text, to be presented by President Emmanuel Macron as he opens UNESCOs Internet Governance Forum in Paris on Monday, has been signed by most European countries. reads the press release published by AFP.

During the G7 meeting emerged the need to open the discussion to other states, including China, Russia, and India.

Now China, Russia, and the United States have not yet joined to the initiative, even if major firms and organizations like Microsoft and the NGO Internet Society believe that a supplementary effort is essential to define the framework.

The identity and number of signatories are to be released later Monday, following a lunch hosted at the Elysee Palace by Macron for dozens of technology executives and officials. continues the AFP.

To respect peoples rights and protect them online...


The Risk That Ebola Will Spread to Uganda Is Now Very High Lifeboat News: The Blog

With the Ebola outbreak in the Democratic Republic of Congo continuing to spread, neighboring Uganda deploys its health care defenses.


Linux Getting Two-Line Patch To Finally Deal With The Quirky Microsoft OEM Mouse Phoronix

While Microsoft is self-proclaimed to love Linux, their common and very basic Microsoft OEM Mouse has not loved the Linux kernel or vice-versa... The Linux kernel HID code is finally getting a quirk fix to deal with the Microsoft OEM mouse as it would disconnect every minute when running at run-levels one or three...


New TOP500 List Led by DOE Supercomputers

The latest TOP500 list of the worlds fastest supercomputers is out, a remarkable ranking that shows five Department of Energy supercomputers in the top 10, with the first two captured by Summit at Oak Ridge and Sierra at Livermore.


Top 5 Factors That Increase Cyber Security Salary The Most The Hacker News

Our partner Springboard, which provides online courses to help you advance your cybersecurity career with personalized mentorship from industry experts, recently researched current cybersecurity salaries and future earning potential in order to trace a path to how much money you can make. Here's what they found were the most important factors for making sure you earn as much as possible: 1


Dutch man, 69, starts legal fight to identify as 20 years younger Lifeboat News: The Blog

Motivational speaker Emile Ratelband compares bid to alter age to gender change.

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Monday, 12 November


The Radeon GCN Backend Is Still Being Worked On For GCC, GCC 9 Deadline Looms Phoronix

Back in September Code Sourcery / Mentor Graphics posted their new Radeon GCN port for the GNU Compiler Collection (GCC). Two months later this port is still being worked on but not yet ready for mainline...


Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Open Source Security

Posted by Marc Deslauriers on Nov 12

Thank you very much for the info!



Cross Shard Transactions at 10 Million Requests Per Second SoylentNews

Submitted via IRC for Bytram

Cross shard transactions at 10 million requests per second

Dropbox stores petabytes of metadata to support user-facing features and to power our production infrastructure. The primary system we use to store this metadata is named Edgestore and is described in a previous blog post, (Re)Introducing Edgestore. In simple terms, Edgestore is a service and abstraction over thousands of MySQL nodes that provides users with strongly consistent, transactional reads and writes at low latency.

Edgestore hides details of physical sharding from the application layer to allow developers to scale out their metadata storage needs without thinking about complexities of data placement and distribution. Central to building a distributed database on top of individual MySQL shards in Edgestore is the ability to collocate related data items together on the same shard. Developers express logical collocation of data via the concept of a colo, indicating that two pieces of data are typically accessed together. In turn, Edgestore provides low-latency, transactional guarantees for reads and writes within a given colo (by placing them on the same physical MySQL shard), but only best-effort support across colos.

While the product use-cases at Dropbox are usually a good fit for collocation, over time we found that certain ones just arent easily partitionable. As a simple example, an association between a user and the content they share with another user is unlikely to be collocated, since the users likely live on different shards. Even if we were to attempt to reorganize physical storage such that related colos land on the same physical shards, we would never get a perfect cut of data.

Read more of this story at SoylentNews.


Apple Announces Repair Program For Faulty iPhone X and 13-Inch MacBook Pro Units TechWorm

Apple offers free repairs to fix quality problems in some faulty iPhone X units and 13-inch MacBook Pro models

Apple has launched a free replacement programme around the world for the affected iPhone X owners who are experiencing touchscreen issues.

Apparently, Apple found out that screens of some iPhone X models either arent responsive to touch or responds intermittently to touch. In some cases, it noted that iPhone screen reacts even though it was not touched.

Apple has determined that some iPhone X displays may experience touch issues due to a component that might fail on the display module. Apple or an Apple Authorized Service Provider will replace the display module on eligible devices, free of charge. the company said on the official support page.

According to Apple, the touch issues may be due to a component failure on the iPhone Xs display module, adding it would fix the screen on faulty devices for free. The company said the problem only affects the original iPhone X, and not the recently launched the iPhone XS, XS Max and XR.

Apple has noted that if the iPhone X owner has already replaced the screen prior to the replacement programme, he/she is eligible to get a refund. They are advised to contact Apple support for more information.

However, Apple warns iPhone X owners that If your iPhone X has any damage which impairs the ability to complete the repair, such as a cracked screen, that issue will need to be resolved prior to the service. In some cases, there may be a cost associated with the additional repair.

Meanwhile, Apple has also confirmed that a limited number of 13-inch MacBook Pro units were facing a hard drive problem, that could result in data loss and failure of the storage drive.

In a note to customers, the company says, Apple has determined that a limited number of 128GB and 256GB solid-state drives (SSD) used in 13-inch MacBook Pro (non-TouchBar) units have an issue that may result in data loss and failure of the drive. The company suggests affected users to have their laptops serviced as soon as possible.

Users can put in their serial number on a page on the Apple Support website to confirm if they have an affected MacBook Pro. The affected model in question is the MacBook Pro (13-inch, 2017, Two Thunderbolt 3 ports). No other macOS notebooks are experiencing hard drive issues.

The post Apple Announces Repair Program For Faulty iPhone X and 13-Inch MacBook Pro Units appeared first on...


New Part Day: A $6 Linux Computer You Might Be Able To Write Code For Hackaday

The latest news from the world of cheap electronics is a single board computer running Linux. It costs six dollars, and you can buy it right now. You might even be able to compile code for it, too.

The C-Sky Linux development board is listed on Taobao as an OrangePi NanoPi Raspberry Pi Linux Development Board and despite some flagrant misappropriation of trademarks, this is indeed a computer running Linux, available for seven American dollars.

This board is based on a NationalChip GX6605S SoC, a unique chip with an ISA that isnt ARM, x86, RISC-V, MIPS, or anything else that would be considered normal. The chip itself was designed for set-top boxes, but there are a surprising number of build tools that include buildroot, GCC and support for qemu. The company behind this chip is maintaining a kernel, and support for this chip has been added to the mainline kernel. Yes, unlike many other single board computers out there, you might actually be able to compile something for this chip.

The features for this board include 64 MB of DDR2 RAM, HDMI out (with a 1280 x 720 framebuffer, upscaled to 1080p, most likely), and a CPU running at just about 600 MHz. There are a few buttons connected to the GPIO pins, two USB host ports, a USB-TTL port for a serial console, and a few more pins for additional GPIOs. There does not appear to be any networking, and we have no idea what the onboard storage is.

If you want a challenge to get something compiled, this is the chip for you.


Kernel Developers Debate Having An Official Linux System Wrapper Library Phoronix

As new system calls get added to the Linux kernel, these syscalls generally get added to Glibc (and other libc libraries) for developers to make easy use of them from their applications. But as Glibc doesn't provide 1:1 coverage of system calls, sometimes is delayed in their support for new calls, and other factors, there is a discussion about providing an official Linux system wrapper library that could potentially live as part of the kernel source tree...


Import your Files from Closed or Obsolete Applications

One of the biggest risks with using proprietary applications is losing access to your digital content if the software disappears or ends support for old file formats. Moving your content to an open format is the best way to protect yourself from being locked out due to vendor lock-in and for that, the Document Liberation Project (DLP) has your back.


Linux IoT Landscape: Distributions

Linux is an Operating System: the program at the heart of controlling a computer. It decides how to partition the available resources (CPU, memory, disk, network) between all of the other programs vying for it. The operating system, while very important, isnt useful on its own. Its purpose is to manage the  compute  resources for other programs. Without these other programs, the Operating System doesnt serve much of a purpose.


[SECURITY] [CVE-2018-17187] Apache Qpid Proton-J transport TLS wrapper hostname verification mode not implemented Open Source Security

Posted by Robbie Gemmell on Nov 12

CVE-2018-17187: Apache Qpid Proton-J transport TLS wrapper hostname
verification mode not implemented

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Versions 0.3 to 0.29.0

The Proton-J transport includes an optional wrapper layer to perform TLS,
enabled by use of the 'transport.ssl(...)' methods. Unless a verification
mode was explicitly configured, client and server modes previously...


Links 12/11/2018: Linux 4.20 RC2, Denuvo DRM Defeated Again Techrights

GNOME bluefish



  • Behind the scenes with Linux containers

    Can you have Linux containers without Docker? Without OpenShift? Without Kubernetes?

    Yes, you can. Years before Docker made containers a household term (if you live in a data center, that is), the LXC project developed the concept of running a kind of virtual operating system, sharing the same kernel, but contained within defined groups of processes.

    Docker built on LXC, and today there are plenty of platforms that leverage the work of LXC both directly and indirectly. Most of these platforms make creating and maintaining containers sublimely simple, and for large deployments, it makes sense to use such specialized services. However, not everyones managing a large deployment or has access to big services to learn about containerization. The good news is that you can create, use, and learn containers with nothing more than a PC running Linux and this article. This article will help you understand containers by looking at LXC, how it works, why it works, and how to troubleshoot when something goes wrong.

  • Desktop

    • Samsungs Linux on DeX app enters private beta

      In context: Almost exactly one year ago, Samsung announced it was working on an app called Linux on DeX (DeX is that gimmicky app/dock combo that got mediocre reviews). This was supposed to allow users to run Linux distros on their phone, which would seem to create a more PC-like experience at least in theory.

      It looks as if Linux on DeX is almost ready. On Friday Samsung launched the private beta for the app. If you signed up for alerts when it was announced last year, you should have already received an email to allow you to register for the beta.

  • Server


'Wallace & Gromit' Producer Aardman Animations Transfers Ownership to Employees SoylentNews

Submitted via IRC for Bytram

'Wallace & Gromit' Producer Aardman Animations Transfers Ownership to Employees

In an era of entertainment industry mergers and acquisitions, the founders of British animation powerhouse Aardman the much-loved Oscar-winning studio behind Wallace & Gromit and Shaun the Sheep have moved to ensure their companys continued independence by transferring it into employee ownership.

The decision, made by Peter Lord and David Sproxton, who first set up Aardman in 1972, will see the majority of company shares transferred into a trust, which will then hold them on behalf of the workforce.

Speaking to The Hollywood Reporter, both Lord and Sproxton explained that the move was about seven years in the making, and while it wasnt an indicator of their imminent departure, meant that Aardman was in the best possible shape for when that moment came and would help secure its creative legacy and culture.

Weve spent so much time building this company up and being so profoundly attached to it. Its not a business to us, its everything, its our statement to the world, said Lord. Having done that for so many years, the last thing we wanted to do was to just flog it off to someone.

Read more of this story at SoylentNews.


AMDVLK Vulkan Driver Sees Its First Tagged Release Phoronix

In the nearly one year that the AMDVLK official Vulkan driver has been open-source there hasn't been any "releases" but rather new code drops on a weekly basis that is pushed out of their internal development repositories. But surprisingly this morning is now a v2018.4.1 release tag for this open-source AMD Vulkan Linux driver...


Linux Poised To Remove Decade-Old EXOFS File-System Phoronix

The Linux kernel will likely be doing away with EXOFS, a file-system that had been around since the Linux 2.6.30 days...


A critical flaw in GDPR compliance plugin for WordPress exploited in the wild Security Affairs

A critical security vulnerability affects a GDPR compliance plugin for WordPress has been already exploited in the wild to take control of vulnerable websites.

Users warn of cyber attacks exploiting a critical security vulnerability in the WordPress GDPR Compliance plugin for WordPress to take over of websites using it.

The WordPress GDPR Compliance plugin was used by more than 100,000 websites to be compliant with the EUs General Data Protection Regulation (GDPR). WP GDPR Compliance currently supports Contact Form 7 (>= 4.6), Gravity Forms (>= 1.9), WooCommerce (>= 2.5.0) and WordPress Comments. Additional plugin support will follow soon.

GDPR Compliance Plugin

Researchers from the Wordfence reported that WordPress GDPR Compliance plugin is affected by vulnerabilities can be exploited by unauthenticated attackers to add new admin accounts.

The reported vulnerabilities allow unauthenticated attackers to achieve privilege escalation, allowing them to further infect vulnerable sites. Any sites making use of this plugin should make it an immediate priority to update to the latest version, or deactivate and remove it if updates are not possible. reads the analysis published by Wordfence.

Weve already begun seeing cases of live sites infected through this attack vector. In these cases, the ability to update arbitrary options values is being used to install new administrator accounts onto the impacted sites.

Researchers from...


Got a Screwdriver? GalliumOS Can Turn Chromebooks Into Linux Boxes

GalliumOS is a Chromebook-specific Linux variant. It lets you put a real Linux distro on a Chromebook.

My recent review of a new Chromebook feature -- the ability to run Linux apps on some Chromebook models -- sparked my interest in other technologies that run complete Linux distros on some Chromebooks without using ChromeOS.


Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Open Source Security

Posted by Billy Brumley on Nov 12

Some more technical advice below. Hope it helps!


# 1.0.1

That is EOL. Try your luck with porting the 1.0.2 solution.

Shameless self plug: read Section 2

for a related discussion about EOL issues and security in the context
of OpenSSL.

# 1.0.2

Wait until this gets merged into OpenSSL_1_0_2-stable :

# 1.1.0 up to and including 1.1.0h

So I went through the...


How Bill Gates Aims to Save $233 Billion by Reinventing the Toilet Lifeboat News: The Blog

Bill Gates thinks toilets are a serious business, and hes betting big that a reinvention of this most essential of conveniences can save a half million lives and deliver $200 billion-plus in savings.

The billionaire philanthropist, whose Bill & Melinda Gates Foundation spent $200 million over seven years funding sanitation research, showcased some 20 novel toilet and sludge-processing designs that eliminate harmful pathogens and convert bodily waste into clean water and fertilizer.

The technologies youll see here are the most significant advances in sanitation in nearly 200 years, Gates, 63, told the Reinvented Toilet Expo in Beijing on Tuesday.


Vitamin D And Fish Oil Supplements Disappoint In Long-Awaited Study Results SoylentNews

Submitted via IRC for Bytram

Vitamin D And Fish Oil Supplements Disappoint In Long-Awaited Study Results

Many people routinely take nutritional supplements such as vitamin D and fish oil in the hopes of staving off major killers like cancer and heart disease.

But the evidence about the possible benefits of the supplements has been mixed.

Now, long-awaited government-funded research has produced some of the clearest evidence yet about the usefulness of taking the supplements. And the results published in two papers are disappointing.

"Both trials were negative," says Dr. Lawrence Fine, chief of the clinical application and prevention branch of the National Heart, Lung, and Blood Institute, a part of the National Institutes of Health, which funded the studies.

"Overall, they showed that neither fish oil nor vitamin D actually lowered the incidence of heart disease or cancer," Fine says.

The results were presented at the American Heart Association Scientific Sessions in Chicago and released online Saturday by the New England Journal of Medicine. One paper focused on vitamin D supplementation and the other focused on fish oil.

The trials involved nearly 26,000 healthy adults age 50 and older with no history of cancer or heart disease who took part in the VITAL research project. Twenty percent of the participants were African-American.

Some of the participants took either 1 gram of fish oil which contains omega-3 fatty acids plus 2,000 international units of vitamin D daily. Others consumed the same dose of vitamin D plus a placebo, while others ingested the same dose of fish oil plus a placebo. The last group took two placebos. After more than five years, researchers were unable to find any overall benefit.

While the overall results were disappointing, there appeared to be a beneficial effect when it came to one aspect of heart disease and fish oil: heart attacks.

Original Submission

Read more of this story at SoylentNews.


How To Evolve A Radio Hackaday

Evolutionary algorithms are an interesting topic of study. Rather then relying on human ingenuity and investigation to create new designs, instead, an algorithm is given a target to achieve, and creates offspring, iterating in an evolutionary manner to create offspring that get closer to the target with each generation.

This method can be applied to the design of electronic circuits, and is sometimes referred to as hardware evolution. A team from Duke University attempted exactly this, aiming to produce an oscillator using evolutionary techniques.

The team used a platform called the evolvable motherboard, or EM. The EM is a platform controlled by an attached computer, consisting of reconfigurable solid state switches that allow attached circuit components to be interconnected in every combination possible. These components may be virtually any electronic component; in this experiment, 10 bipolar transistors were used.

The evolutionary algorithm was given a fitness function that rewarded output amplitude and frequency, aiming to create an oscillator operating at 25KHz. However, the team noticed some interesting emergent behavior. The algorithm tended to reward amplification behavior from the circuit, leading to many configurations that oscillated poorly, but amplified ambient noise. In the end, the algorithm developed circuit configurations that acted as a radio, picking up and amplifying signals from the surrounding environment, rather than oscillating on their own. The evolutionary algorithm took advantage of the interaction between not only the circuit elements, but effects such as the parasitic capacitance introduced by the switching matrix and appeared to use the PCB circuit traces as an antenna.

The team conclude that evolutionary algorithms used in circuit design ignore human preconceptions about how circuits work, and will take advantage of sometimes unpredictable and unexpected effects to achieve their targets. This is a blessing and a curse, bringing unconventional designs to the fore, but also creating circuits that may not work well in a generalized environment. If your oscillator relies on a nearby noise source to operate, it may operate unpredictably in the field, for example.

Weve seen evolutionary algorithms used before, such as being applied to robotic design.


Hitman 2s Denuvo Protection Cracked Three Days Before Launch TorrentFreak

Protecting video games from piracy has become big business over the years. The latest games consoles from Sony and Microsoft appear relatively secure but the same cannot be said about PC titles.

Due to the fact that PC games are loaded onto a platform that is instantly accessible to hackers, its almost inevitable that any games worth having will have their piracy protections removed at some point and leak online for all to download.

The company on the anti-piracy frontlines is Denuvo. Its anti-tamper technology is fiendishly difficult to crack and as such it regularly finds its way on to many of the gaming worlds most cherished titles. However, Denuvo is not infallible so regularly finds itself targeted by crackers.

This weekend, the technology suffered yet another disappointing blow. The long-awaiting stealth game Hitman 2 which comes protected by the latest variant of Denuvo (v5.3) leaked online. Aside from having its protection circumvented, this happened three days before the titles official launch on November 13.

Firstly, the game leaked online three days early, rendering the protection when the game finally comes out much less useful. Secondly, presuming the original copy of the game was obtained on Friday when the pre-order copy was delivered, it took just a single day for the group to crack Denuvos latest protection.

Considering an announcement made by Denuvo just last week, this is a pretty embarrassing turn of events. Denuvos aim is to protect games in their initial release window and according to the company, having no protection can result in millions of dollars in potential lost revenue in just a couple of weeks.

To be on the safe side, however, the company also highlighted the importance of protecting games for just four days (notably a couple of Denuvo-protected titles recently withstood attack for the same number period). Winding back further still, the company said that even providing protection for an hour is worthwhile. Clearly, minus three days didnt figure into Denuvos plans.

While several groups have been chipping away at Denuvo for some time, FCKDRM is a new entrant (at least by branding) to the cracking scene. Notably, FCKDRM isnt a Scene group but one that works in P2P circles. At leas...


Elon Musk BITCOIN Twitter scam, a simple and profitable fraud for crooks Security Affairs

Crooks are exploiting the popularity of Elon Musk and a series of hacked verified Twitter accounts to implement a new fraud scheme.

Crooks are exploiting the popularity of Elon Musk and a series of hacked verified Twitter accounts (i.e. UK retailer Matalan, US publisher Pantheon Books, and official government Twitter accounts such as the Ministry of Transportation of Colombia and the National Disaster Management Authority of India.) in a simple as effective scam scheme.

The accounts were hacked to impersonate Elon Musk, once hijacked, scammers changed the accounts names and profile pictures to those of the popular entrepreneur and started using them to share tweet calling for people to send him cryptocurrency.

The accounts were informing Twitter users of a new alleged Musks initiative of creating the biggest crypto-giveaway of 10,000 bitcoins.

Im giving 10 000 Bitcoin (BTC) to all community! I left the post of director of Tesla, thank you all for your support, states the hacked account of Pantheon Books.



Top 10 Most Pirated Movies of The Week on BitTorrent 11/12/18 TorrentFreak

This week we have three newcomers in our chart.

Mission: Impossible Fallout is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the articles of the recent weekly movie download charts.

This weeks most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 () Mission: Impossible Fallout 8.0 / trailer
2 (1) The Equalizer 2 6.9 / trailer
3 (2) The Meg 5.9 / trailer
4 (3) Incredibles 2 8.0 / trailer
5 (5) Mile 22 6.1 / trailer
6 () Outlaw king 7.1 / trailer
7 (6) Alpha 6.9 / trailer


Winged Humanoid Observed in Fayette County, WV Terra Forming Terra


This puts the time frames back a lot.  Makes the argument of a potential human system completely out of reach.  

There is nothing in the archeological record to support this life form so it is perhaps reasonable to wonder if this could be alien in origin. It still has antecedents in the gargoyle.

Otherwise it is an excellent look at this creature and it determines that it is large enough to depend largely on gliding.   Many other glimpses had left this aspect uncertain.


Winged Humanoid Observed in Fayette County, WV
Wednesday, October 24, 2018

I received the following account after posting Black Winged Humanoid Encounter Near Rockford, Illinois:

Hi Lon, hope things are going well. I read about the winged humanoid in your latest newsletter. I've been following these stories in your newsletter pretty closely. The newsletter that was in my inbox today really struck me, because I have seen something similar - the 'Jeepers Creepers' description was dead on.

Long story short, I don't remember the exact year, but this would've been the mid-80's. My best guess is 1985 or 1986. It was a summer evening in Oak Hill, West Virginia (Oak Hill is a small town in the south-central part of the state, about 15...


The Pentagon's Plan to Dominate the Economy Terra Forming Terra

As i have stated many times, government prints money, then spends money and then taxes it back or relies on the credit system to  actually draw it down through interest charges which is offset with a moderate inflation.

Spending that mass of money to best effect has mostly been done through the military in which maximum productivity is possible except for that small fraction actually spent on war.  After that entitlements matter and then you struggle to get effective civilian programs.  My point though is that military spending has dominated our economy for a long time and employs the best and the brightest. 

There are still plenty of management difficulties particularly due to secrecy.

This is no plan and has been accepted for a long time.


Tomgram: William Hartung, The Pentagon's Plan to Dominate the Economy

Back in the mid-1990s, I wrote the following in my book The End of Victory Culture, with memories of the American world of my 1940s and 1950s childhood in mind:
The worlds of the warrior and of abundance were, to my gaze, no more antithetical than they were to the corporate executives, university research scientists, and military officers who were using a rising military budget and the fear of communism to create a new national security economy.  An alliance between big industry, big science, and the military had been forged during World War II.  This alliance had blurred the boundaries between the military and the civilian by fusing a double set of desires: for technological breakthroughs leading to ever more instant weapons of destruction and to ever easier living.  The arms race and the race for the good life were now...


JFK jr as NEW AG? Terra Forming Terra

A lot has happened and is now happening, that it is difficult to know how to provide a coherent report.  Worse than that, not knowing the background makes it easy for a new reader to be dismissive.  In fact that is healthy. Otherwise i have nothing to say.

I have posted that a massive operation is presently underway that truly began decades ago and which includes Mil Intel in particular.  I do not use the phrase 'white hats' except to say men are doing their duty in face of a concerted long standing operation against the regime that is itself far older.  I myself perceived the existence of this threat many years ago as it slowly emerged.  To the point of wondering if Mil Intel was asleep which i considered unlikely.

The true enemy has operated secretly and has secured control over large swaths of the governing apparatus both in the USA and abroad.  They have done this with access to unlimited financial resources which includes willing ( or otherwise ) control of the central banking system.  The apparatus itself was surely produced by either or both of COMITERM and the NAZIS.  The intellectual infection was also introduced into the universities under various names, but all revering authoritarian socialism.  This infection has spread downward into the general education system itself where resistance is much weaker.

The counter attack is now in full tide and is about to erupt into our general consciousness. You must understand that very detailed planning is  been implemented and the enemy is resisting.

It may help to understand that Trump's Career was plausibly sponsored by the Kennedy fortune.  Put another way, certain things happened that can best be explained by a true silent partner.  It proves possible that JFK jr staged his death in an airplane crash in 9...


New evidence of how the Norse became long-distance mariners Terra Forming Terra


I do not think that any of this was sudden but it does tell of the methodology that must trace back to before the Bronze Age.  Proofing a ship against worms and fouling has been a constant to today.

The viking Age was a natural response to opportunity created by the Roman Collapse itself in the West.  Recall this was also preceded by Celtic shipping superior to Roman shipping.  Thus we have around 500 AD the first real break in serious Sea protection in Western Europe.

The recipe sounds pretty obvious and also basic.  Adding seal oil to pine pitch may well make wood highly resistant to worms and fouling and experiments indicate as much..

New evidence of how the Norse became long-distance mariners

They made tar in industrial quantities, to coat ships hulls and sails

Nov 1st 2018

 ACCORDING TO THE Saga of Erik the Red, shipworm will not bore into the wood which has been smeared with the seal-tar. Viking scholars debate the precise meaning of seal in seal-tar. One interpretation is that the Scandinavian conquerors mixed tar, or pitch, with animal fat and some experiments suggest this may indeed keep shipworm at bay. What is clear is that tar was an important marine technology, and new finds suggest that a vast industry making it emerged at the beginning of the Viking era, helping enable their conquests.

The oldest tar pits in Sweden date from around 100AD to 400AD. The first were discovered in the early 2000s, and are found close to old settlements, suggesting that the tar was for coating houses and household items. It was made by stacking pine wood into conical pits a metre or two across, setting the wood on fire and covering it with turf and charcoal to encourage a slow combustion. In this way, the woods resin would turn to tar and drip out of the cones bottom into a buried container.

However, as Andreas Hennius, an archaeologist at Uppsala University, reports in this months Antiquity, around the eighth century something shifted. The pits got much biggerreaching eight to ten metres in diameterand moved far into the forest. These pits could have made between 200 and 300 litres of tar in a single production cycle.

Mr Hennius argues that the builders needed all this tar for ships. The eighth century was when sails arrived in Scandinavia. That, in his view, is no coincidence. Tar has been found on hulls, rigging and small fragments of sails from Viking vessels. It was used to waterproof the hulls...


Cropping Images in Emacs Random Thoughts

I woke up in the middle of the night and started thinking about cropping images in Emacs, as one does. I started wondering how Emacs processed mouse events, and that turns out to be very easy: You just use `read-event inside a `track-mouse form, and you get all the events and coordinates, offset from the window or the image under point, which is just perfect for my use case here.


So after work today, I started typing, and there it is.

Now, cropping an image in Emacs is one thing, but the other is what do you do with the result? I mean, just displaying the cropped image is nice, but pretty useless. I mean, you can save it, I guess, and that would make sense from an `image-mode context. But more generally useful would be from a document composition mode, so I just stuck it into the package for editing WordPress posts.


I think it may make sense to factor this out into its own little package so that it can be used elsewhere, but I dont really have the time at the moment, so I guess itll have to wait

The code is up on Microsoft Github as usual.


Smartwatches Know You're Getting a Cold Days Before You Feel Ill SoylentNews

Submitted via IRC for Bytram

Smartwatches know you're getting a cold days before you feel ill

Once we had palm-reading, now we have smartwatches. Wearable tech can now detect when youre about to fall ill, simply by tracking your vital signs.

Michael Snyder at Stanford University in California experienced this first-hand last year. For over a year he had been wearing seven sensors to test their reliability, when suddenly they began to show abnormal readings. Even though he felt fine, the sensors showed that his heart was beating faster than normal, his skin temperature had risen, and the level of oxygen in his blood had dropped.

Thats what first alerted me that something wasnt quite right, says Snyder. He wondered whether he might have caught Lyme disease from a tick during a recent trip to rural Massachusetts.

A mild fever soon followed, and Snyder asked a doctor for the antibiotic doxycycline, which can be used to treat Lyme disease. His symptoms cleared within a day. Subsequent tests confirmed his self-diagnosis.

Original Submission

Read more of this story at SoylentNews.


Rocket Lab Completes First Commercial Launch of Its Electron Rocket Lifeboat News: The Blog

U.S.-based aerospace manufacturer Rocket Lab completed its first successful commercial launch on Saturday, sending seven spacecraft including six tiny satellites and a drag sail demonstrator into orbit aboard a relatively small Electron rocket designed primarily for smallsats and cubesats, Spaceflight Now reported.


NASA has plans to probe Uranus in search of gas Lifeboat News: The Blog

That title though

A group at NASA has taken aim at Uranus and Neptune in search of gas, heavy metals, and to understand more about the planets atmospheres.


Consumers would stop engaging with a brand online following a breach Help Net Security

Ping Identity surveyed more than 3,000 people across the United States, United Kingdom, France and Germany to find out what they expect from brands when it comes to the safekeeping of personal information. The survey reveals many consumers are making drastic changes to the ways they interact with companies and secure their own personal data following a breach: 78 percent of respondents would stop engaging with a brand online and more than one third (36 More

The post Consumers would stop engaging with a brand online following a breach appeared first on Help Net Security.


Implications of the NIS Directive for the industrial sector Help Net Security

On July 6, 2018 the NIS (Network and Information System) Directive was enacted as the first EU-wide legislation that provides measures to boost security across the region. Under the law, operators of essential services and digital service providers are required to abide by the requirements of the new regulations. These are intended to provide a framework for countries and operators to strengthen the security of critical infrastructures and allied information systems. Any operator with 50 More

The post Implications of the NIS Directive for the industrial sector appeared first on Help Net Security.


[SECURITY] [DSA 4338-1] qemu security update Bugtraq

Posted by Moritz Muehlenhoff on Nov 11

Debian Security Advisory DSA-4338-1 security () debian org Moritz Muehlenhoff
November 11, 2018

Package : qemu
CVE ID : CVE-2018-10839 CVE-2018-17962...


[SECURITY] [DSA 4337-1] thunderbird security update Bugtraq

Posted by Moritz Muehlenhoff on Nov 11

Debian Security Advisory DSA-4337-1 security () debian org Moritz Muehlenhoff
November 10, 2018

Package : thunderbird
CVE ID : CVE-2018-12389 CVE-2018-12390...


Reported breaches in the first 9 months of 2018 exposed 3.6 billion records Help Net Security

There have been 3,676 publicly disclosed data compromise events through September 30. Breach activity continues at a consistent pace for 2018, which although significant in level, will likely not reach the numbers we saw in 2017, according to the 2018 Q3 Data Breach QuickView report by Risk Based Security. Incidents by data type exposed The number of reported breaches shows some improvement compared to 2017 and the number of records exposed has dropped dramatically, said More

The post Reported breaches in the first 9 months of 2018 exposed 3.6 billion records appeared first on Help Net Security.


[SECURITY] [DSA 4336-1] ghostscript security update Bugtraq

Posted by Salvatore Bonaccorso on Nov 11

Debian Security Advisory DSA-4336-1 security () debian org Salvatore Bonaccorso
November 10, 2018

Package : ghostscript
CVE ID : CVE-2018-11645 CVE-2018-17961...


PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members Bugtraq

Posted by Socket_0x03 on Nov 11

PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Members"


PeepSo v1.11.2 - Time-Based SQL Injection Bugtraq

Posted by Socket_0x03 on Nov 11

PeepSo v1.11.2 (WordPress Plugin) - Time-Based SQL Injection


NEW VMSA-2018-0027 VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage Bugtraq

Posted by VMware Security Response Center on Nov 11


VMware Security Advisory

Advisory ID: VMSA-2018-0027
Severity: Critical
Synopsis: VMware ESXi, Workstation, and Fusion updates address
uninitialized stack memory usage
Issue date: 2018-11-09
Updated on: 2018-11-09 (Initial Advisory)
CVE number: CVE-2018-6981, CVE-2018-6982

1. Summary

VMware ESXi, Workstation, and...


WP User Manager v2.0.8 - Time-Based SQL Injection Bugtraq

Posted by Socket_0x03 on Nov 11

WP User Manager v2.0.8 (WordPress Plugin) - Time-Based SQL Injection


Closing the security gap will drive $125 billion critical infrastructure security spending Help Net Security

Critical infrastructures are radically transforming on an unprecedented scale, boosted by a rapid adoption of smart operational technologies. Cybersecurity is a growing part of that evolution. ABI Research forecasts security spending for the protection of critical infrastructures will hit US$125 billion globally by 2023. Currently, defense contractors (Lockheed Martin, BAE Systems, Harris, Northrop Grumman), industrial OEMs (Honeywell, Siemens, Airbus, Rockwell, Boeing), tech leaders (IBM, Amazon, Microsoft, Verizon), and energy companies (Shell, Total, Exxon) are the More

The post Closing the security gap will drive $125 billion critical infrastructure security spending appeared first on Help Net Security.


Cloudflare Releases DNS App for Mobile Users SoylentNews

Cloudflare rolls out its privacy service to iOS, Android

Months after announcing its privacy-focused DNS service, Cloudflare is bringing to mobile users.

Granted, nothing ever stopped anyone from using on their phones or tablets already. But now the app, now available for iPhones, iPads and Android devices, aims to make it easier for anyone to use its free consumer DNS service.

The app is a one-button push to switch on and off again. That's it.

Cloudflare rolled out earlier this year on April Fools' Day, no less, but privacy is no joke to the San Francisco-based networking giant. In using the service, you let Cloudflare handle all of your DNS information, like when an app on your phone tries to connect to the internet, or you type in the web address of any site. By funneling that DNS data through, it can make it more difficult for your internet provider to know which sites you're visiting, and also ensure that you can get to the site you want without having your connection censored or hijacked.

Apple and Google Play.

Also at Android Police and Fast Company.

Previously: Cloudflare Launches Consumer DNS Service
Cloudflare's New DNS Attracting 'Gigabits Per Second' Of Rubbish

Original Submission

Read more of this story at SoylentNews.


[SECURITY] [DSA 4335-1] nginx security update Bugtraq

Posted by Moritz Muehlenhoff on Nov 11

Debian Security Advisory DSA-4335-1 security () debian org Moritz Muehlenhoff
November 08, 2018

Package : nginx
CVE ID : CVE-2018-16843 CVE-2018-16844...


A Daylight-Readable Bar Graph Display in the 70s Wasnt Cheap Hackaday

The driver board with display attached; the row of lamps is visible on the right hand side.

LEDs werent always an easy solution to displays and indicators. The fine folks at [Industrial Alchemy] shared pictures of a device that shows what kind of effort and cost went into making a high brightness bar graph display in the 70s, back when LEDs were both expensive and not particularly bright. There are no strange materials or methods involved in making the display daylight-readable, but its a peek at how solving problems we take for granted today sometimes took a lot of expense and effort.

The display is a row of 28 small incandescent bulbs, mounted in a PCB and housed in a machined aluminum frame. Holes through which to view the bulbs are on both the top and front of the metal housing, which allows the unit to be mounted in different orientations. It was made as a swappable module, its 56 machined gold pins mate to sockets on the driver board. The driver board itself consists of 14 LM119 dual comparators, each of which controls two bulbs on the display.



Rocket Lab's Modest Launch is Giant Leap for Small Rocket Business SoylentNews

Rocket Lab's Modest Launch Is Giant Leap for Small Rocket Business:

The company's Electron rocket carried a batch of small commercial satellites from a launchpad in New Zealand, a harbinger of a major transformation to the space business.

A small rocket from a little-known company lifted off Sunday from the east coast of New Zealand, carrying a clutch of tiny satellites. That modest event the first commercial launch by a U.S.-New Zealand company known as Rocket Lab could mark the beginning of a new era in the space business, where countless small rockets pop off from spaceports around the world. This miniaturization of rockets and spacecraft places outer space within reach of a broader swath of the economy.

The rocket, called the Electron, is a mere sliver compared to the giant rockets that Elon Musk, of SpaceX, and Jeffrey P. Bezos, of Blue Origin, envisage using to send people into the solar system. It is just 56 feet tall and can carry only 500 pounds into space.

But Rocket Lab is aiming for markets closer to home. "We're FedEx," said Peter Beck, the New Zealand-born founder and chief executive of Rocket Lab. "We're a little man that delivers a parcel to your door."

Read more of this story at SoylentNews.


Forget your car, this is awesome Lifeboat News: The Blog

Forget your car, this is awesome, via Jet Capsule.


Alarm Over Talks to Implant UK Employees with Microchips

Via: Guardian: Britains biggest employer organisation and main trade union body have sounded the alarm over the prospect of British companies implanting staff with microchips to improve security. UK firm BioTeq, which offers the implants to businesses and individuals, has already fitted 150 implants in the UK. The tiny chips, implanted in the flesh between []


First Perihelion: Into the Unknown with Parker Solar Probe Lifeboat News: The Blog

Good thing there are no traffic cameras in space! The #ParkerSolarProbe spacecraft reached a top speed of 213,200 miles per hour relative to the Sun during its first close approach to our closest star, setting a new record for spacecraft speed.Learn more from NASA Sun Science about this mission of solar discovery:


The Naughty AIs That Gamed The System Hackaday

Artificial intelligence (AI) is undergoing somewhat of a renaissance in the last few years. Theres been plenty of research into neural networks and other technologies, often based around teaching an AI system to achieve certain goals or targets. However, this method of training is fraught with danger, because just like in the movies the computer doesnt always play fair.

Its often very much a case of the AI doing exactly what its told, rather than exactly what you intended. Like a devious child who will gladly go to bed in the literal sense, but will not actually sleep, this can cause unexpected, and often quite hilarious results. [Victoria] has created a master list of scholarly references regarding exactly this.

The list spans a wide range of cases. Theres the amusing evolutionary algorithm designed to create creatures capable of high-speed movement, which merely spawned very tall creatures that generated these speeds by falling over. More worryingly, theres the AI trained to identify toxic and edible mushrooms, which simply picked up on the fact that it was presented with the two types in alternating order. This ended up being an unreliable model in the real world. Similarly, the model designed to assess malignancy of skin cancers determined that lesions photographed with rulers for scale were more likely to be cancerous.

[Victoria] refers to this as specification gaming. One can draw parallels to classic sci-fi stories around the Laws of Robotics, where robots take such laws to their literal extremes, often causing great harm in the process. Its an interesting discussion of the difficulty in training artificially intelligent systems to achieve their set goals without undesirable side effects.

Weve seen plenty of work in this area before like this use of evolutionary algorithms in circuit design.


NASA asteroid WARNING: Three giant asteroids to pass Earth THIS SATURDAY Lifeboat News: The Blog

THREE giant asteroids will barrel past the planet this weekend on a so-called Close Earth Approach, NASA has warned.


Astronomers Just Discovered Two Rogue Planets in Our Galaxy Lifeboat News: The Blog

Polish astronomers just discovered two new planets in our galaxy. Thats cool news on its own, but these planets are different from most. Unlike almost all known planets, New Scientist reports, these two planets dont orbit a star.

Instead, they drift aimlessly through the cold, dead void of space and presumably spend their time writing angsty poetry.


Our seedlings are sprouting on the International Space Station Lifeboat News: The Blog

Astronaut Serena Aun-Chancellor planted Red Russian kale and Dragoon lettuce in a special garden last month and if all goes well, they will be ready to enjoy for Thanksgiving! Dig in:


Apple's T2 Security Chip Prevents Linux From Installing on New Macs SoylentNews

Apple's MacBook Pro laptops have become increasingly unfriendly with Linux in recent years [...] But now with the latest Mac Mini systems employing Apple's T2 security chip, they too are likely to crush any Linux dreams.

At least until further notice, these new Apple systems sporting the T2 chip will not be able to boot Linux operating systems.

[...] By default, Microsoft Windows isn't even bootable on the new Apple systems until enabling support for Windows via the Boot Camp Assistant macOS software.

From Phoronix.

Original Submission

Read more of this story at SoylentNews.


Comcast Heads to Trial With Washington State Over Consumer Protection Dispute SoylentNews

Submitted via IRC for chromas

Comcast heads to trial with Washington state over consumer protection dispute

Lawyers from Comcast and the State of Washington met in King County Superior Court Friday debating evidence in a rare consumer protection lawsuit headed for trial.

The case involves a Comcast product called the Service Protection Plan (SPP), a monthly paid service that covers maintenance of in-home wiring for Xfinity TV, internet and voice, and troubleshooting for customer-owned equipment. Washington claims Comcast repeatedly violated the state's Consumer Protection Act (CPA) by signing customers up for the SPP without their consent, misleading them to believe the service was free, and misrepresenting what the service guaranteed.

"Consumers who get signed up for a service over the phone without being told about it are potentially deceived as to whether or not they have that service, even if they get disclosures later," Assistant Attorney General Seann Colgan said during the hearing Friday. "That's really where this comes down under the law."

Colgan also noted that the SPP is a lucrative product for Comcast, claiming sales of the product accounted for $85 million in revenue for the company between 2011 and 2016.

Comcast's attorneys claim that the cases cited by the Attorney General's office were in the extreme minority and the result of a few bad apples who were fired or seriously disciplined.

"When you're dealing with millions of interactions, there will be mistakes," said Comcast attorney Howard Shapiro. "There will be misconduct. Comcast, like any other large entity, is not full of perfect humans who every time, do everything right. But that is not a CPA violation."

Comcast revised its SPP policies in 2017 to be more transparent.

Original Submission

Read more of this story at SoylentNews.


DistroWatch Weekly, Issue 789 News

This week in DistroWatch Weekly: Review: Fedora 29 WorkstationNews: Fedora turns 15, Haiku experiences server outage, Debian releases updated media, FreeBSD 10.4 reaches its end of lifeTechnology review: Fedora 29 SilverblueReleased last week: Neptune 5.6, ReactOS 0.4.10, Oracle Linux 7.6Torrent corner: Antergos, Archman, AUSTRUMI, CAINE, Debian, HardenedBSD, Kodachi,....


Kernel prepatch 4.20-rc2

The 4.20-rc2 kernel prepatch is out for testing. "Fairly normal week, aside from me traveling".


Hackaday Links: The Eleventh Day Of The Eleventh Month, 2018 Hackaday

For the better part of the last five years, the Great War Channel on YouTube has been covering the events of the Great War, week by week, exactly 100 years later. Its hundreds of episodes designed for history buffs, and quite literally one of the most educational channels on YouTube. Its the eleventh day of the eleventh month of the eighteenth year, which means the folks behind the Great War Channel are probably taking a well-deserved vacation. If you havent heard of this channel, it might be a good time to check it out.

Ikea is now selling NFC locks. [Mike] wrote in to tell us he found the new ROTHULT drawer deadbolts for $18 at Ikea. No, these arent meant for your front door, theyre meant for file cabinets. Thats a different threat model, and no lock is ever completely secure. However, there are some interesting electronics. You get a lock powered by three AAA batteries and two NFC cards for $18. Cant wait for the teardown.

The biggest news from the United States this week is big. People gathered in the streets. Millions made sure their voices were heard. Journalists were cut down for asking questions. This is a week that will go down in history. The McRib is back for a limited time. Its just a reconstituted pork patty, pickles, onions, and sauce on a hoagie roll, but theres more to the McRib than you would think. McDonalds only releases the McRib when the price of pork is low, and in late October, pork belly futures hit their lowest price since the last time the McRib came to town. This has led some to claim the McRib is just a second lever for McDonalds in an arbitrage play on the price of pork. McDonalds is always buying pork futures, the theory goes, and when it looks like theyre going to lose money, McDonalds simply turns on the McRib production line, pushing pork consumption up, and netting McDonalds a tidy profit. With the volume youre looking at, McDonalds will never lose money by betting on pork.

You can turn anything into a quadcopter. A dead cat? Yes, its been done. How about a quartet of box fans? Thats what the folks at Flite Test did, and while the completed article was wobbly and didnt survive its first crash, it was a quadcopter made out of box fans.


Linux 4.20-rc2 Released With EXT4 Bug Fixes, New NVIDIA Turing USB-C Driver Phoronix

Linus Torvalds put out the second weekly test release of the Linux 4.20 kernel and all-around it's been a normal week past the merge window...


Automation of Searches Will Not Solve the Legitimacy Problem Caused by Patents Lust Techrights

Related: Michael Frakes and Melissa Wasserman Complain About Low Patent Quality While Watchtroll Lobbies to Lower It Further

Trump and Iancu

Summary: The false belief that better searches and so-called AI can miraculously assess patents will simply drive/motivate bad decisions and already steers bad management towards patent maximalism (presumption of examination/validation where none actually exists)

THE emergence of SCOTUSs decision on Alice and todays 35 U.S.C. 101 was quite revolutionary. We have no issue with USPTO-granted patents on physical things (an example from several hours ago can be seen here) but on algorithms something which the European Patent Office (EPO) too has been guilty of lately.

Examiners need to better understand and respect patent scope, irrespective of what was done in the past (prior art).Recently there were those who framed prior art [1, 2] not patent scope as a core issue. Not even Watchtroll was happy about it (labeling it An Overstated Solution to Patent Examination). Examiners need to better understand and respect patent scope, irrespective of what was done in the past (prior art). Compare this to prior Watchtroll rants/coverage about prior art (like this from 2 days earlier).

We dont mean to say that prior art never matters; alluding to...


Synchronized telescopes put limits on mystery bursts Lifeboat News: The Blog

A technological tango between 2 telescopes in the Australian outback has added an important piece to the puzzle of fast radio bursts.


What makes us? Nature or nurture? The DNA debate comes back to life Lifeboat News: The Blog

An extraordinary new film about identical triplets throws doubt on the dominance of DNA.


Samsung will soon test TVs that can be controlled with your brain Lifeboat News: The Blog

Samsung TVs are already some of the most popular options for high-end home theater systems, and the company is now using its television-making prowess to help people with disabilities live more normal lives. A new project by a Samsung team in Switzerland could yield the first smart TV that can be controlled with thoughts.

As CNET reports, Samsung has partnered with Swiss scientists to bring the system to life. Called Project Pontis, the ultimate goal is to build a brain/software interface that will allow individuals with movement disabilities to control television features like channel switching and volume control with their brains rather than their bodies.


The US Military Just Publicly Dumped Russian Government Malware Online SoylentNews

Submitted via IRC for chromas

The US Military Just Publicly Dumped Russian Government Malware Online

Usually it's the Russians that dump its enemies' files. This week, US Cyber Command (CYBERCOM), a part of the military tasked with hacking and cybersecurity focused missions, started publicly releasing unclassified samples of adversaries' malware it has discovered.

CYBERCOM says the move is to improve information sharing among the cybersecurity community, but in some ways it could be seen as a signal to those who hack US systems: we may release your tools to the wider world.

"This is intended to be an enduring and ongoing information sharing effort, and it is not focused on any particular adversary," Joseph R. Holstead, acting director of public affairs at CYBERCOM told Motherboard in an email.

On Friday, CYBERCOM uploaded multiple files to VirusTotal, a Google-owned search engine and repository for malware. Once uploaded, VirusTotal users can download the malware, see which anti-virus or cybersecurity products likely detect it, and see links to other pieces of malicious code.

Original Submission

Read more of this story at SoylentNews.


Ex-Facebook exec ousted from company sparked controversy with pro-Trump views: report The Hill: Technology Policy

A former top executive at Facebook who was ousted from the company may have been fired over his support for Donald Trump during the 2016 campaign, according to The Wall Street Journal.The Journal reported Sunday that Palmer Luckey has...


The Federal Circuit and PTAB Are Not Slowing Down; Patent Maximalists Claim Its Harassment to Question a Patents Validity Techrights

The duo that strikes out a lot of questionable patents is still besieged or at least berated by the litigation industry


Summary: Theres no sign of stopping when it comes to harassment of judges and courts; those who make a living from patent threats and litigation do anything conceivable to stop the bloodbath of US patents which were never supposed to have been granted in the first place

AS we noted in the previous post, theres a coordinated effort to squash reviews of patents wrongly granted by the USPTO. Battistelli did something similar at the European Patent Office (EPO) when he relentlessly attacked judges and their collective independence.

The USPTO, unlike the EPO, cannot quite influence the courts (its definitely trying to, as we warned earlier this month), so if patents are granted in error they will be invalidated/rejected by the courts; Iancu and his new sidekick (patent trolls' apologists) can just stare and glare. They cant quite touch the judges. They make a bit of a turmoil at the Patent Trial and Appeal Board (PTAB) though, mirroring Battistellis assault on the appeal boards.

Recent Law360 coverage spoke about fake patents (that are, as usual, software patents) being thrown out by the excellent Federal Circuit, which has changed a lot under its current chief judge. There is virtually nothing Iancu can do to the Federal Circuit and ignoring its outcomes/caselaw he can only ever do at his own peril. Suzanne Monyaks report says that [t]he Federal Circuit on Wednesday refused to revive technology company PurePredictive Inc.s claims that an open-source software company ripped off its predictive analytics patent...


The Performance Impact Of Spectre Mitigation On POWER9 Phoronix

Over the past year we have looked extensively at the performance impact of Spectre mitigations on x86_64 CPUs but now with having the Raptor Talos II in our labs, here are some benchmarks to see the performance impact of IBM's varying levels of Spectre mitigation for POWER9.


New Music Random Thoughts

Music Ive bought this month.

jukebox.php?image=micro.png&group=BEAK%3E&album=%3E%3E%3E jukebox.php?image=micro.png&group=Bert+Jansch&album=A+Man+I'd+Rather+Be+(4)%3A+Bert+and+John jukebox.php?image=micro.png&group=Susumu+Yokota&album=Acid+Mt.+Fuji ...


Patent Maximalists Will Latch Onto Return Mail v US Postal Service in an Effort to Weaken or Limit Post-Grant Reviews of US Patents Techrights

Summary: An upcoming case, dealing with what governments can and cannot do with/to patents (specifically the US government and US patents), interests the litigation industry because it loathes reviews of low-quality and/or controversial patents (these reviews discourage litigation or stop lawsuits early on in the cycle)

THE DEPARTURE of the U.S. Patent and Trademark Office (USPTO) from science and technology was noted here earlier today; it not only abandons actual innovation but also justice itself. Its rather troubling. It all happened quite fast under Donald Trump and corrupt Wilbur Ross (new Director and deputy appointed); at the same time two right-wing activists were also appointed as Justices.

Looking back at the past fortnights news we take note of Watchtrolls article from two weeks ago about Bayh-Dole, wherein Joseph Allen defends public work (government/universities) being handed over for trolls to attack the public with. Remember that USPTO chiefs are rather sympathetic towards trolls. This cannot be ignored.

One other topic covered here two weekends ago was that chasm separating individuals and non-human entities, i.e. person versus government/corporation (similar to corporations as people or corporate bribery as free speech). Watchtroll explained it as follows on the last day of last month: Return Mail also cites to the Supreme Courts 1991 decision in International Primate Protection League v. Ad...


Pro-Copyright Bias is Alive, Well, and Still Hiding the Full Story TorrentFreak

In 2007, the movie The Man From Earth leaked on file-sharing networks, with unexpected results. Instead of proving nothing but damaging, the title gained almost universal praise, rocketing the sci-fi flick to stardom via word-of-mouth advertising.

Director Richard Schenkman and producer Eric Wilkinson embraced the development and enthused over the attention their work was receiving online. Given the positive experience, during January 2018 the team deliberately leaked the sequel The Man from Earth: Holocene on The Pirate Bay.

Given that filmmakers tend to view piracy as the enemy, TorrentFreak enthusiastically reported both events. Sadly, we had less positive news to convey this week when, out of the blue, Schenkman published an article on the site of pro-industry, anti-piracy alliance CreativeFuture, in which he heavily criticized piracy.

There can be little doubt that the piece was a gift to CreativeFuture and everyone who viewed Schenkman and Wilkinsons place in the piracy debate as something positive for unauthorized sharing. The movies story had become a ray of light and here it was being shredded, a disastrous episode from which nothing good had come.

At TorrentFreak, however, we had our doubts about the tone of the piece. Never before had we seen such a turnaround, particularly when reviewing all previous correspondence with Schenkman. Something didnt add up.

Mainly due to timezone differences, Schenkman responded to our questions after our article was published. However, his responses only served to increase our suspicions that what had been published on CreativeFuture wasnt representative of his overall position on piracy.

First of all, Schenkman was rightfully furious about his movie being distributed in Russia after being professionally dubbed, with his donation requests removed from the resulting copy. That, most people will agree, is a flat-out insult to someone who has bent over backward to accommodate piracy.

He had every right to be annoyed but its worth noting that his anger was directed at one site, not necessarily pirates in general. In fact, Schenkman told us that plenty of positives have come out of the releases of both movies.

The only reason that people all over the world knew and loved the original Man from Earth was because of piracy, so while Im disappointed that weve (still) made so little money from the first film, Im deeply grateful that so many people have been able to se...


Belt Up With A Redundant Car Part Hackaday

The toothed belt that turns the camshaft in synchronization with the crankshaft on many motor vehicle engines is something of an under-appreciated component. Unless you are unlucky enough to ave had one fail and destroy your engine, its probably something youve never given a second thought to outside of periodic service intervals.

For something to perform such a task over so many thousands of miles of motoring it must be made of pretty strong stuff. Even when a belt is life-expired it is still in good physical shape, and [Crispyjones] saw the potential in a used Subaru belt to make a different type of belt. After keeping his engine in sync for so long it would serve no less vital a purpose, and keep his pants from falling down.

You can of course buy the hardware for a belt from a decent crafting store, but he chose to recycle a buckle from a worn-out leather belt. Cleaning the timing belt and cutting it carefully so that the Subaru logo would be on show to the outside world in the finished article, he secured it round the buckle with some epoxy glue and a bit of stitching. The original leather retaining loop is not really appropriate, so one is fashioned from wire. Finally we see the process for measuring where the holes should be placed, followed by their creation with a hole punch.

Hackaday isnt a crafting site, so we dont often feature projects like this one. But the humble timing belt is a component that weve probably all replaced and thrown away more than once without really thinking what the properties of the thing were throwing away are. So we like this relatively simple project for its re-use of something few of us would otherwise keep, as well as for its delivering rather a cool belt. Weve featured plenty of cambelts here doing their traditional job, but this is the first time weve had one as an item of clothing. Well leave you with a glimpse of a future without cambelts at all.


Guest Post: EPO Spins Censorship of Staff Representation Techrights

Summary: Another concrete example of Campinos cynical story-telling

THE FOLLOWING is composed/presented as two parts. The first is a readers response to the second, which is spin from Antnio Campinos, published after censoring SUEPO's E-mails.

The situation prior to Battistelli

Under all EPO presidents, CSC/LSC as well as SUEPO could send the messages they wanted with no limitation (obviously they never spammed EPO staff with silly contents, much less aggressive messages since it is not EPOs culture and it would have fired back).

There was no problem.

The situation under Battistelli

Battistelli rapidly feared that staff reps/SUEPO could issue to staff reasoned and substantiated critiques exposing his wrongdoing. He then decided to ban mass emails of both CSC/LSC and SUEPO, based on fake motives: Elodie Bergot (HR) falsely accused staff reps/SUEPO of sending defamatory contents or aggressive emails, but surprisingly no one was ever disciplined for an aggressive/defamatory message sent to staff via mass emails (and you best believe that if staff reps/SUEPO officials had sent something truly defamatory or insulting, Bergot would have disciplined them ASAP as sanctioning staff is her hobby).

The situation under Campinos

Campinos now wants EPO staff and the public to believe he re-establishes communication channels only without doing it.

Interesting aspects of his communiqu:

1 it is limited to CSC/LSC = it thus excludes SUEPO (the union representing half of EPO staff) which emails remains banned within the EPO.

2 it is limited to TWO (2) messages/year (dont laugh) and only to call for general assemblies (something which occurs about twice a year).

The communication ban remains intact and impedes not only the communication but de facto the daily work of staff reps/SUEPO as they cannot properly inform staff on the very issues which concern them e.g. top managerial decisions, planned reforms etc.

3 this change is on trial for one year (again dont laugh). So the ban is not only not lifted but the tiny improvement can even be reversed.

4 Campinos suggests that receiving mass email from CSC/LSC (who are elected by staff) would be an intrusion amounting to spam: how nice of him!




Will good prevail over bad as bots battle for the internet? HackRead

By Ian Trump

This is the third in a series of blog posts on all things Bot The first two posts are available here and here. From bad to good and looking towards the future, Bots remain an information security issue which has the potential to impact all commercial and recreational online activity. This series will explore []

This is a post from Read the original post: Will good prevail over bad as bots battle for the internet?


Iconic Westworld Set Burns Down in California Wildfire SoylentNews

Submitted via IRC for Bytram

Iconic Westworld set burns down in California wildfire

Old West-style buildings used in the production of HBO's Westworld, as well as in other shows and movies, have been destroyed by the fast-moving Woolsey Fire now sweeping through Southern California.

The fire ruined buildings at Paramount Ranch, one of the locations used during seasons 1 and 2 of Westworld.

"Westworld is not currently in production, and as the area has been evacuated, we do not yet know the extent of the damage to any structures remaining there," HBO said in a statement. "Most importantly, our thoughts go out to all those affected by these horrible fires."

The official Twitter account of the Santa Monica Mountains National Recreation Area shared a photo of the structures as they looked before the fire, with the message, "We are sorry to share the news that the #WoolseyFire has burned Western Town at #ParamountRanch in Agoura."

Westworld was far from the only production to take advantage of the Old West-style buildings and setting for filming. Dr Quinn, Medicine Woman, the 1990s Western drama starring Jane Seymour filmed there, as well as 1968's Herbie The Love Bug, the acclaimed HBO series Carnivale and more were all filmed there.

Original Submission

Read more of this story at SoylentNews.


MPAA: Switzerland Remains Extremely Attractive For Pirate Sites TorrentFreak

While the European Union has worked hard to strengthen its copyright laws in recent years, one country in the heart of the continent chooses its own path.

Switzerland is not part of the EU, which means that its policies deviate quite a bit from its neighbors. According to Hollywood, thats not helping creators.

Responding to recent submission to the United States Trade Representative (USTR), the MPAA has identified several foreign trade barriers around the world. In Hollywoods case, many of these are related to piracy.

One of the countries thats highlighted, in rather harsh terms, is Switzerland. According to the MPAA, the countrys copyright law is wholly inadequate which, among other things, makes it extremely attractive to host illegal sites.

Switzerlands copyright law is wholly inadequate, lacking crucial mechanisms needed for enforcement in the digital era, MPAA writes.

Switzerland lacks meaningful remedies and effective enforcement against online copyright infringement. Switzerlands inadequate legal framework and robust technical infrastructure make it an extremely attractive host for illegal sites.

One of the concerns is that the Swiss currently have no requirement for Internet services to remove infringing content. In addition, services cant be held liable for infringements of customers.

The Hollywood group says this should change, adding that it also wants ISPs to aid their piracy battle, and to make sure that copying from unauthorized sources is outlawed. The MPAA proposes several changes the Swiss should implement, which include:

1) Ensuring liability under Swiss law for parties who facilitate, encourage, and profit from widespread infringement
2) Engaging ISPs in the fight against online piracy
3) Affirming that current law does not permit copying from unauthorized sources
4) Implementing adequate civil and criminal enforcement tools

While this sounds like a rather pressing matter, these recommendations and the associated problems are far from new. The MPAAs submission does at times read like a broken record, using the exact same language as four years ago, as seen below.

From the MPAAs 2014 report

These copied sections appear throughout the report, also affecting other countries. For example, Hollywood still wants tougher penalties for Australian camcording pirates,...


Quantum compass promises navigation without using GPS Lifeboat News: The Blog

The technology could reduce the damage done by GPS satellite failures or jamming efforts.


Week in review: VirtualBox 0day, GPU side channel attacks, vulnerable self-encrypting SSDs Help Net Security

Heres an overview of some of last weeks most interesting news and articles: Five key considerations when developing a Security Operations Center Organizations should start with the following five key considerations if they are to get the most out of their SOC. How financial institutions can change the economics of fraud The volume of data breaches has bolstered fraudsters ability to waltz through the front doors of businesses using synthetic identities. VirtualBox Guest-to-Host escape 0day More

The post Week in review: VirtualBox 0day, GPU side channel attacks, vulnerable self-encrypting SSDs appeared first on Help Net Security.


WhatsApp iOS beta open for public; How to download it now TechWorm

WhatsApp officially launches an iOS public beta, here is how you can download and register

WhatsApp Beta programme that was limited to a few iOS users has now officially been made publicly available to all iOS users, according to a WABetaInfo report who first published this news. In other words, anyone now can register and become a beta tester for WhatsApp on iOS.

How to Install WhatsApp Beta for iOS

WhatsApp Beta application for iOS receives updates every two days. This will allow beta users to access upcoming features even before they are rolled out to the public. Also, WhatsApp iOS beta testers can report bugs and issues experienced on the beta build along with a description and screenshot through Contact Us page in WhatsApp Settings to notify the company about the bug.

The post WhatsApp iOS beta open for public; How to download it now appeared first on TechWorm.


3D-Printer Extrudes Paper Pulp Instead of Plastic Hackaday

Weve seen all sorts of 3D-printers on these pages before. From the small to the large, Cartesians and deltas, and printers that can squeeze out plastic, metal, and even concrete. But this appears to be the first time weve ever featured a paper-pulp extruding 3D-printer.

Its fair to ask why the world would need such a thing, and its creator, [Beer Holthuis], has an obvious answer: the world has a lot of waste paper. Like 80 kg per person per year. Thankfully at least some of that is recycled, but that still leaves a lot of raw material that [Beer] wanted to put to work. Build details on the printer are sparse, but from the photos and the video below it seems clear how it all went together. A simple X-Y-Z gantry moves a nozzle over the build platform. The nozzle, an order of magnitude or two larger than the nozzles most of us are used to, is connected to an extruder by a plastic hose. The extruder appears to be tube with a stepper-driven screw that lowers a ram down onto the pulp, squeezing it into the hose. [Beer] notes that the pulp is mixed with a bit of natural binder to allow the extruded pulp to keep its shape. We found the extrusion process to be just a wee bit repulsive to watch, but fascinating nonetheless, and the items hes creating are certainly striking in appearance.

This may be the first pulp printer to grace our pages, but its not the first pulp hack weve featured. Pulp turns out to be a great material to keep your neighbors happy and even makes a dandy fuel.

Thanks to [baldpower] for the tip.


11nov2018 Trivium


Re: null-pointer dereference in poppler library Open Source Security

Posted by Dhiraj Mishra on Nov 11

Later CVE-2018-19149 was assigned to this, because that fuzzing result
show's a very important vulnerability in a package currently shipped by a
major Linux distribution is still of interest, even if that Linux
distribution does not package the latest released upstream version.

For example, an out-of-bounds write finding is still very useful in that
case, but not out-of-bounds read, NULL pointer dereference,
divide-by-zero, etc.



Dry Conditions May Have Helped a New Type of Plant Gain a Foothold on Earth SoylentNews

Submitted via IRC for Bytram

Dry conditions may have helped a new type of plant gain a foothold on Earth

Researchers have long believed that falling carbon dioxide levels drove the origin of plants with this innovation, but a new study in the Proceedings of the National Academy of Sciences, based on biochemical modeling by a group led by University of Pennsylvania biologists and paleoclimate modeling by a group at Purdue University, indicates that water availability may have been the critical factor behind the emergence of C4 plants.

"The initial origin of C4, which happened when atmospheric carbon dioxide was still very high, seems driven by water limitation," says Haoran Zhou, a graduate student in the School of Arts and Sciences' Biology Department and first author on the paper. "Then later, about 5 to 8 million years ago, there's a large expansion of C4 grasslands. That's because carbon dioxide was getting lower and lower. Carbon dioxide and light intensity were actually the limiting factors favoring C4 at that time."

"What we show," says Erol Akay, an assistant professor of biology at Penn, "is that the increased water efficiency of the C4 pathway is enough to give it an initial ecological advantage in relatively arid environments. That's the benefit of doing this type of physiological modeling. If you were only looking at temperature and carbon dioxide, you might miss this role of water and light."

The researchers' work also suggest that C4 plants may have had a competitive advantage over C3 plants even when carbon dioxide levels in the atmosphere were still relatively high, in the late Oligocene.

"The inference is that C4 could have evolved quite a bit earlier than we previously thought," says Penn's Brent Helliker, an associate professor of biology who, along with Akay, serves as Zhou's advisor. "This supports some molecular clock estimates for when C4 evolved as well."

Original Submission

Read more of this story at SoylentNews.


SteamOS/Linux Requirements For Valve's Artifact Is Just A Vulkan Intel/AMD/NVIDIA GPU Phoronix

With just two weeks to go until Valve unleashes their latest original game, Artifact, it's now up for pre-order and there are also the system requirements published...


Greek ISPs Ordered To Block The Pirate Bay, 1337x, YTS And Other Domains TechWorm

Court Orders Greek ISPs To Block 38 Domains, Including The Pirate Bay, YTS and 1337x

Greek ISPs (Internet Service Providers) have been ordered by a special Government-affiliated commission to block 38 domains, including The Pirate Bay (TPB), 1337x, and YTS, following a request from a local anti-piracy group, reports TorrentFreak.

The local anti-piracy group, Society for the Protection of Audiovisual Works (EPOE), which represents the interests of major Greek copyright holders, had filed a blocking request in spring.

Also Read The Pirate Bay is Down- 10 Best Torrent Sites To Download Free Movie

The group filed an application with the IPPC, a special commission that falls under the Greek Ministry of Culture and Sports, which decided that ISPs must block a total of 38 domain names.

The targeted sites include The Pirate Bay, 1337x, YTS, as well as several popular local sites, such as Xrysoi, Gamatotv, and Tainiomania. With,, and others, subtitle sites are included in the list of blocked domains as well.

The blocking request was finally approved, as the Government-affiliated commission felt that all the targeted sites are involved in large-scale copyright infringement.

ALSO READ: How To Unblock Torrent Sites

The commission has set a tight deadline of 48 hours for Greek ISPs to comply with the order. In the event of non-compliance, Greek ISPs will face a fine of 850 euros per day, reports Lawspot. The order stands for three years and it explicitly excludes offenses committed by end users.

Below is the complete list of the domain names that are to be blocked by the Greek decision:

    7. https: //
    13. https: // oipeirates .online
    18. ht...


Potent, Cocaine-Like Motivational Drug Unveiled at Neuroscience Conference Lifeboat News: The Blog

Motivation is such an intangible aspect of the human spirit that we often forget it has very real, neurochemical origins. We admire it in others and strive for it in ourselves (see: every Nike ad ever made), and now we are getting closer to potentially inducing that motivational feeling with drugs.

John Salamone, Ph.D., a professor at the University of Connecticut with a background in neural and behavioral pharmacology, has been working with the drug company Chronos Therapeutics to develop a drug that can restore motivation in people who have lost it whether thats due to the symptoms of depression, struggle with disease, or otherwise. He unveiled his early results on rats this week in a presentation at the Society For Neurosciences conference in San Diego, where he tells Inverse his board was bustling with activity:

Basically we stood there for four hours and were busy the entire time, says Salamone. The reception was overwhelmingly positive, he adds. We didnt have anyone say This is crazy! This will never work!.

Sunday, 11 November


Hosting73 SSD-powered Shared, Reseller Hosting & VPS Accounts starting from $1/year in Atlanta, GA and Buffalo, NY! Low End Box

Jared from over at Hosting73 has sent in their first ever offer and we decided to check them out. They are offering SSD powered, Shared, Reseller and VPS hosting based out of Atlanta, GA and Buffalo, NY!

Their WHOIS is public and you can find their ToS/Legal Docs here. They accept PayPal, Credit Cards, Bitcoin, Litecoin and Ethereum as payment methods.

Heres what they had to say: 

Our purpose is straight forward and simple. Since our inception, our mission has and continues to be aiming to disrupt the hosting space by leading by good example. We do this by providing good service, reliable servers, high uptime, fast speeds, and personalized (and fast) support. By choosing to work with us, not only will you experience the best, but you are also supporting us in our purpose to better hosting services for everyone. And best of all, everything we provide is SSD powered, so you are being serviced with the most up to date technology. Welcome to Hosting73, and we look forward to working with all of you!

Heres the offers: 

** LEB ONLY BONUS: Open a ticket after your order and request double bandwidth on any plan, at no additional charge! All packages below are eligible **

Shared #1

  • 5GB SSD Storage
  • 1 Domain
  • 300GB Bandwidth
  • Softaculous/Free SSL
  • cPanel/DDoS Protection
  • New York Datacenter
  • Free Migration
  • $1/yr
  • [ORDER]

Shared #2

  • 30GB SSD Storage
  • Unlimited Domains
  • 2500GB Bandwidth
  • Softaculous/Free SSL
  • cPanel/DDoS Protection
  • New York Datacenter
  • Free Migration
  • $5/yr
  • [ORDER]

Shared #3

  • 100GB SSD Storage
  • Unlimited Domains
  • 3000GB Bandwidth
  • Softaculous/Free SSL
  • cPanel/DDoS Protection
  • New York Datacenter
  • Free Migration
  • $8/yr
  • [ORDER]

Reseller #1

  • 20GB SSD St...

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog