IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Saturday, 23 September

05:51

Enterprise cloud adoption and IaaS security Help Net Security

Barracuda Networks and research firm Vanson Bourne polled 300 IT decision makers from organizations across the US on their use of public cloud Infrastructure as a Service (IaaS). Survey results Respondents included IT professionals across small, medium, and large-sized organizations, and their answers paint the following picture: Respondents currently run 44 percent of their infrastructure in the public cloud, but expect this percentage to increase to 75.57% in five years 74 percent of respondents state More

04:22

Is your router sending out spam? Help Net Security

A Linux Trojan that has been infecting IoT devices for half a year and made them run a SOCKS proxy server has now acquired spam-sending capabilities. About Linux.ProxyM Doctor Web virus analysts first documented Linux.ProxyM back in February 2017, and posited that cybercriminals use this Trojan to ensure online anonymity. With the latest upgrade, they can also earn money by sending out spam. Two builds of this Trojan exist for devices possessing the following architectures: More

03:13

Spoofed IRS notice delivers RAT through link updating trick Help Net Security

The malware delivery trick involving updating links in Word documents is apparently gaining some traction: the latest campaign to use it likely takes the form of fake emails from the Internal Revenue Service (IRS). The fake email includes an attachment, supposedly a CP2000 notice, which is sent by the IRS when the income and/or payment information they have on file doesnt match the information the person reported on his or her tax return. This mismatch More

01:50

New infosec products of the week: September 22, 2017 Help Net Security

Cyber-defense for critical infrastructure including factories, plants, utilities & hospitals NTT Security has launched IT/OT Integrated Security Services, delivered via a combination of both Consulting Services (CS) and Managed Security Services (MSS). CS visualize components and potential risks of an industrial control system, and provides effective and efficient security measures. MSS provides proactive defense for industrial control system by continuously monitoring, detecting and blocking a cyberattack. WhiteHat Scout reinvents the way developers create secure software More

01:10

Vintage Voyager: Online Video Resources Centauri Dreams

With Voyager on my mind because of its recent anniversary, I had been exploring the Internet landscape for archival footage. But Ioannis Kokkinidis made my search unnecessary with the following essay, which links to abundant resources. The author of several Centauri Dreams posts including Agriculture on Other Worlds, Ioannis holds a Master of Science in Agricultural Engineering from the Department of Natural Resources Management and Agricultural Engineering of the Agricultural University of Athens. He went on to obtain a Mastre Spcialis Systmes dinformations localises pour lamnagement des territoires (SILAT) from AgroParisTech and AgroMontpellier and a PhD in Geospatial and Environmental Analysis from Virginia Tech. Now a resident of Fresno CA, Ioannis tells us in addition how a lifelong interest in space exploration was fed by the Voyager mission and its continuing data return. 

by Ioannis Kokkinidis

Introduction

Back in the end of August 1989, when I was 9 years old and the whole family was on vacation, the Greek press set aside momentarily its coverage of the continuing shenanigans of Greek politics and the rapidly changing situation to the north of our borders due to the collapse of communism and instead put Voyager 2s encounter with Neptune in its front pages. My late grandfather was an avid reader of newspapers, which I would also read afterwards. I devoured what I could get my hands on, which alas was not much, it was after all August.

The next year my family moved to California for two years, my father was a visiting professor at UCSF, and I read all the books and magazines about space I could find in the public libraries. I even discovered NASAs Spacelink, a NASA public education computer service hosted by the Marshall Space Flight Center in Alabama, containing mostly NASA press releases, and I would dial in with our PC XTs 2400 bps modem. However feeding my space interest was a privilege and my parents made me do a thing I truly dreaded in exchange for dialing the long distance number and indulging myself: play the piano.

After we returned to Greece keeping myself appraised of the latest space developments proved difficult since there is very little popular scientific press in Greece and the mainstream press is not that interested in space. When I got our first internet connection NASAs Spacelink, now a website, was still up, it still had similar content, though more importantly the releases now included in the bottom instructions on how to get on NASAs press listserv. I promptly signed up, and I still am on that listerv, becoming informed...

00:45

CVE-2017-14489: Linux kernel: scsi: nlmsg is not properly parsed in iscsi_if_rx() Open Source Security

Posted by Vladis Dronov on Sep 22

Heololo,

It was found that the iscsi_if_rx() function in 'drivers/scsi/scsi_transport_iscsi.c'
in the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to cause
a denial of service (a system panic) by making a number of certain syscalls by
leveraging incorrect length validation in the kernel code.

Our tests show that indeed an unprivileged local user can easily cause (i.e. run a binary)
a system panic or a compete lock...

00:39

Distrustful U.S. Allies Force Spy Agency to Back Down in Encryption Fight SoylentNews

An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.

In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them.

The NSA has now agreed to drop all but the most powerful versions of the techniques - those least likely to be vulnerable to hacks - to address the concerns.

Have the chickens come home to roost for the NSA, or should we distrust the report that they backed down?


Original Submission

Read more of this story at SoylentNews.

00:30

VPSslim VPS+Dedicated Server offers! Low End Box

Hey LowEndBox community! The guys over at VPSslim sent over an offer today and were pleased to have them back. Theyve been posted quite a few times, going all the way back to 2012, but we havent had anything from them since 2015. Theyve always had good reviews and support, so were happy to have a new offer to share.

VPSslim is a registered company in the Netherlands (52966887), their WHOIS is public, and you can find their ToS/Legal Docs here.  As method of payment, you can use: iDEAL, Creditcard, PayPal, Bitcoin, alt coins (50 different coins), & Wire transfer.

In their own words: 

VPSslim has been active in the hosting business for quite a while now. In that time we have become a major player in the field of virtual private server hosting. VPSslim is a profitable, healthy and independent company. When ordering a VPS, you can count on years of experience, professional and friendly staff and advanced equipment. We put all our knowledge and experience together to bring you the best hosting experience possible. Do you have a question, problem or comment? Our helpdesk can be reached 24 hours a day, 7 days a week via email or social media.

The offers: 

VPS OFFER:

4096MB RAM
 4096MB Swap
2x vCPU
200GB HDD space
5TB transfer
1Gbps uplink
1x IPv4
/64 IPv6
OpenVZ/SolusVM
Coupon: LEBEXCLUSIVE
$5/month
$40/year
[ORDER NOW] 


DEDICATED SERVER OFFER:

16GB RAM
Intel Xeon E3-1230v5 CPU
2x 1TB hard drives
Software RAID
25TB transfer
1Gbps uplink
/32 IPv4
/48 IPv6
IPMI: yes
Coupon: LEBEXCLUSIVE
$49/month
[ORDER NOW]


NETWORK INFO:

Datacenter Serverius Netherlands, Meppel
Test IPv4: 185.109.144.5
Test IPv6: ::1
Test file: 100mb.bin
Looking glass: http://lg.serverius.net...

00:30

Network Analysers: The Electrical Kind Hackaday

Instrumentation has progressed by leaps and bounds in the last few years, however, the fundamental analysis techniques that are the foundation of modern-day equipment remain the same. A network analyzer is an instrument that allows us to characterize RF networks such as filters, mixers, antennas and even new materials for microwave electronics such as ceramic capacitors and resonators in the gigahertz range. In this write-up, I discuss network analyzers in brief and how the DIY movement has helped bring down the cost of such devices. I will also share some existing projects that may help you build your own along with some use cases where a network analyzer may be employed. Lets dive right in.

Network Analysis Fundamentals

As a conceptual model, think of light hitting a lens and most of it going through but part of it getting reflected back.

The same applies to an electrical/RF network where the RF energy that is launched into the device may be attenuated a bit, transmitted to an extent and some of it reflected back. This analysis gives us an attenuation coefficient and a reflection coefficient which explains the behavior of the device under test (DUT).

Of course, this may not be enough and we may al...

00:29

Pitivi 1.0 Release Candidate Arrives Phoronix

The Pitivi open-source non-linear video editor has been in development for thirteen years while its v1.0 release is finally near...

00:09

Satanic Fashion Show Inside a Church at London Fashion Week cryptogon.com

Via: Vigilant Citizen: Turkish designer Dilara Findikoglus presented her Spring/Summer 2018 collection at London Fashion Week and it was nothing less than a satanic Black Mass. Indeed, the event took place at the altar of St Andrew Church in London and incorporated heavy occult and satanic symbolism. In short, the event summed up everything the []

00:08

Security Tools to Check for Viruses and Malware on Linux

Title: 
Security Tools to Check for Viruses and Malware on Linux

00:04

Open-Source OpenCL Adoption Is Sadly An Issue In 2017 Phoronix

While most of the talks that take place at the annual X.Org Developers' Conference are around the exciting progress being made across the Linux graphics landscape, at XDC2017 taking place this week at Google, the open-source GPGPU / compute talk is rather the let down due to the less than desirable state of the open-source OpenCL ecosystem...

00:01

Hundreds of universities have helped DHS create a nation of fear MassPrivateI


Ever wonder who's responsible for our daily dosage of fear, terror and crime?

Look no further than our colleges and universities.

According to DHS, 'Homeland Security Centers of Excellence' (COE) are 'led by a college or university'.

COE's are responsible for blacklists, countering violent extremism and DHS propaganda videos and literature.

Colleges and universities have been working with DHS for fifteen years.

Since 2002, when the Homeland Security Act was passed, numerous colleges and universities have been feeding from the DHS money trough. Each year they line up like good little Bundists, promoting DHS's vision of terror.

Think about that, everything you've been told about terrorism and extremism is coming from colleges!

Schools across America will do anything, even if that means working with DHS, so they can get a piece of the annual $35-$40...

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Friday, 22 September

23:54

Block The Pirate Bay Within 10 Days, Dutch Court Tells ISPs TorrentFreak

Three years ago in 2014, The Court of The Hague handed down its decision in a long-running case which had previously forced two Dutch ISPs, Ziggo and XS4ALL, to block The Pirate Bay.

Ruling against local anti-piracy outfit BREIN, which brought the case, the Court decided that a blockade would be ineffective and also restrict the ISPs entrepreneurial freedoms.

The Pirate Bay was unblocked while BREIN took its case to the Supreme Court, which in turn referred the matter to the EU Court of Justice for clarification. This June, the ECJ ruled that as a platform effectively communicating copyright works to the public, The Pirate Bay can indeed be blocked.

The ruling meant there were no major obstacles preventing the Dutch Supreme Court from ordering a future ISP blockade. Clearly, however, BREIN wanted a blocking decision more quickly. A decision handed down today means the anti-piracy group will achieve that in just a few days time.

The Hague Court of Appeal today ruled (Dutch) that the 2014 decision, which lifted the blockade against The Pirate Bay, is now largely obsolete.

According to the Court of Appeal, the Hague Court did not give sufficient weight to the interests of the beneficiaries represented by BREIN, BREIN said in a statement.

The Court also wrongly looked at whether torrent traffic had been reduced by the blockade. It should have also considered whether visits to the website of The Pirate Bay itself decreased with a blockade, which speaks for itself.

As a result, an IP address and DNS blockade of The Pirate Bay, similar to those already in place in the UK and other EU countries, will soon be put in place. BREIN says that four IP addresses will be affected along with hundreds of domain names through which the torrent platform can be reached.

The ISPs have been given just 10 days to put the blocks in place and if they fail there are fines of 2,000 euros per day, up to a maximum of one million euros.

It is nice that obviously harmful and illegal sites like The Pirate Bay will be blocked again in the Netherlands, says BREIN chief Tim Kuik.

A very bad time for our culture, which was free to access via these sites, is now happily behind us.

Todays interim decision by the Court of Appeal will stand until the Supreme Court hands down its decision in the main case between BREIN and Ziggo / XS4ALL.

Looking forward, it seems extremely unlikely that the Supreme Court will hand down a conflicting decision, so we&#821...

23:53

46,000 new phishing sites are created every day Help Net Security

An average of 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May. The data collected by Webroot shows todays phishing attacks are highly targeted, sophisticated, hard to detect, and difficult for users to avoid. The latest phishing sites employ realistic web pages that are hard to find using web crawlers, and they trick victims into providing personal and business information. Unique phishing URLs per More

23:18

23:12

Listen up: the easiest place to use CRISPR might be in your ear Lifeboat News: The Blog

Scientists are hopeful they can inject the gene-editing technology directly into the ear to stop hereditary deafness.

23:12

VIA Graphics & Other Vintage GPUs Still Interest At Least One Developer In 2017 Phoronix

Kevin Brace, the sole active developer left working on the OpenChrome driver stack for VIA x86 graphics, presented yesterday at XDC2017 about his work on this driver and how in the years to come he still hopes to work on other vintage GPU support...

23:06

Researchers Find Recipe for Forest Restoration SoylentNews

To find out what works best for reestablishing tropical dry forests, the researchers planted seedlings of 32 native tree species in degraded soil or degraded soil amended with sand, rice hulls, rice hull ash or hydrogel (an artificial water-holding material). After two years, they found that tree species known for traits that make them drought tolerant, such as enhanced ability to use water and capture sunlight, survived better than other species. Some of the soil amendments helped get seedlings off to a good start, but by the end of the experiment there was no difference in survival with respect to soil condition.

"This study is important for a number of reasons," Powers said. "First, it demonstrates that it is possible to grow trees on extremely degraded soils, which provides hope that we can indeed restore tropical dry forests. Second, it provides a general approach to screen native tree species for restoration trails based on their functional traits, which can be applied widely across the tropics.

Is 'ecosystem restoration' the job growth area of the future?


Original Submission

Read more of this story at SoylentNews.

22:48

Nestl Makes Billions Bottling Water It Pays Nearly Nothing For cryptogon.com

Via: Bloomberg: The companys operation in Michigan reveals how its dominated the industry by going into economically depressed areas with lax water laws. The Michigan operation is only one small part of Nestl, the worlds largest food and beverage company. But it illuminates how Nestl has come to dominate a controversial industry, spring by []

22:34

CCleaner hackers targeted tech giants with a second-stage malware Security Affairs

The threat actor that recently compromised the supply chain of the CCleaner software targeted at least 20 tech firms with a second-stage malware.

When experts first investigated the incident did not discover a second stage payload, affected users were not infected by other malware due to initial compromise.

The experts at Cisco Talos team that investigated the incident, while analyzing the command-and-control (C2) server used by the threat actor discovered a lightweight backdoor module (GeeSetup_x86.dll) that was delivered to a specific list of machines used by certain organizations.

In analyzing the delivery code from the C2 server, what immediately stands out is a list of organizations, including Cisco, that were specifically targeted through delivery of a second-stage loader. Based on a review of the C2 tracking database, which only covers four days in September, we can confirm that at least 20 victim machines were served specialized secondary payloads. Below is a list of domains the attackers were attempting to target. reads the analysis published by Cisco Talos.

The list of domains targeted by hackers is long and included:

  • Google
  • Microsoft
  • Cisco
  • Intel
  • Samsung
  • Sony
  • HTC
  • Linksys
  • D-Link
  • Akamai
  • VMware

CCleaner tech giants

The C2 MySQL database held two tables: one describing all machines that had reported to the server and one describing all machines th...

22:32

Scaled Composites, LLC Photo Lifeboat News: The Blog

Mojave, CA. The Scaled Composites Facebook Page.

21:32

Automating Steps in the Security Process is Critical to Defeat Todays Relentless and Complex Attack SoylentNews

I often talk about automation in my articles and it's a hot topic in general a quick Google search reveals more than 100 million results for security automation. Given the global shortage of cybersecurity professionals, and the volume and velocity of increasingly sophisticated threats we all have to deal with, humans can't go it alone. Automation helps get more from the people you have handling time-intensive manual tasks so they can focus on high-value, analytical activities. But the catch with automation is that it has to be applied at the right time in the security lifecycle in order to be effective.

You've likely heard the phrase: "dirty data in, dirty data out." Jumping to the end of the security lifecycle and using automation to take action like automating playbooks and automatically sending the latest intelligence to your sensor grid (firewalls, IPS/IDS, routers, web and email security, endpoint, etc.) can backfire. Without first aggregating, scoring and prioritizing intelligence you can actually exacerbate the dirty data problem.

[...] But with the sheer volume of threat data continuing to climb at a staggering rate, we need to start with the threat automating how we gather, score and prioritize threat intelligence. Otherwise we're just amplifying the noise, wasting precious resources and hampering security and that's the dirty secret.

Filter first, not last.


Original Submission

Read more of this story at SoylentNews.

21:30

Reviving a $25 Generator Hackaday

[Jennies Garage] found a used and abused inverter based generator in the clearance section of his local home improvement store. The generator had been returned on a warranty claim and was deemed uneconomical to fix. Originally $799, [Jennies Garage] picked it up for just $25. He documented his quest to get the device running with a trio of videos.

The generator had spark, but didnt want to fire. The only obvious problem was the fact that the machine had been overfilled with oil. There was little or no compression, but that is not uncommon with modern small engines many of them have a compression release mechanism which makes them easier to start.

With all the obvious problems eliminated, the only thing left to do was tear into the engine and figure out what was wrong. Sure enough, it was a compression issue. The overfull oil condition had forced engine oil up around the piston rings, causing them to stick, and snapping one of the rings. The cylinder bore was still in good shape though, so all the engine needed was a new set of rings.

Thats when the problems started. At first, the manufacturer couldnt find the rings in their computer system. Then they found them but the rings would take two weeks to ship. [Jennies Garage] isnt the patient type though. He looked up the piston manufacturer in China. They would be happy to ship him complete pistons but the minimum order quantity was 5000. Then he started cross-referencing pistons from other engines and found a close match from a 1960s era 90cc motorcycle. Ironically, its easier to obtain piston rings for an old motorcycle than it is to find them for a late model generator.

The Honda rings werent perfect the two compression rings needed to be ground down about 1/2 a millimeter. The oil ring was a bit too thick, but thankfully the original oil ring was still in good shape.

Once the frankenpiston was assembled, it was time to put the repair to the test. [Jennies Garage] reassembled the generator, guessing at the torque specs he didnt have. The surgery was a complete success. The generator ran perfectly, and lit up the night at the [Jennies Garage] cabin.

If youre low on gas, no problem. Did you know you can run a generator on soda? Want to keep an eye on your remote generator? Check out this generator monitor project.

...

21:28

Massive Viacom Data Exposed Through Amazon Web Services HackRead

By Waqas

Database on Amazon Web Services Containing Sensitive Data of Viacom

This is a post from HackRead.com Read the original post: Massive Viacom Data Exposed Through Amazon Web Services

21:05

Electric Cars, Open Source Summit, and Linux Server Innovation

Title: 
Electric Cars, Open Source Summit, and Linux Server Innovation

20:54

Heterogeneous Memory Management Made It For Linux 4.14 Phoronix

While busy covering the many new features of Linux 4.14, one important change slipped by that I have long been waiting to see merged: Heterogeneous Memory Management...

20:43

Java JDK 9 Finally Reaches General Availability Phoronix

Java 9 (JDK 9) has finally reached general availability! Following setbacks, Java 9 is officially available as well as Java EE 8...

20:31

A Set Of BFQ Improvements Ready For Testing Phoronix

Recently I wrote about a BFQ regression fix that should take care of a problem spotted in our recent I/O scheduler Linux 4.13 benchmarks while now that work has yielded a set of four patches working to improve this recently-merged scheduler...

20:17

EU Piracy Report Suppression Raises Questions Over Transparency TorrentFreak

Over the years, copyright holders have made hundreds of statements against piracy, mainly that it risks bringing industries to their knees through widespread and uncontrolled downloading from the Internet.

But while TV shows like Game of Thrones have been downloaded millions of times, the big question (one could argue the only really important question) is whether this activity actually affects sales. After all, if piracy has a massive negative effect on industry, something needs to be done. If it does not, why all the panic?

Quite clearly, the EU Commission wanted to find out the answer to this potential multi-billion dollar question when it made the decision to invest a staggering 360,000 euros in a dedicated study back in January 2014.

With a final title of Estimating displacement rates of copyrighted content in the EU, the completed study is an intimidating 307 pages deep. Shockingly, until this week, few people even knew it existed because, for reasons unknown, the EU Commission decided not to release it.

However, thanks to the sheer persistence of Member of the European Parliament Julia Reda, the public now has a copy and it contains quite a few interesting conclusions. But first, some background.

The study uses data from 2014 and covers four broad types of content: music,
audio-visual material, books and videogames. Unlike other reports, the study also considered live attendances of music and cinema visits in the key regions of Germany, UK, Spain, France, Poland and Sweden.

On average, 51% of adults and 72% of minors in the EU were found to have illegally downloaded or streamed any form of creative content, with Poland and Spain coming out as the worst offenders. However, heres the kicker.

In general, the results do not show robust statistical evidence of displacement of sales by online copyright infringements, the study notes.

That does not necessarily mean that piracy has no effect but only that the statistical analysis does not prove with sufficient reliability that there is an effect.

For a study commissioned by the EU with huge sums of public money, this is a potentially damaging conclusion, not least for the countless industry bodies that lobby day in, day out, for tougher copyright law based on the fact that piracy is damaging to sales.

That being said, the study did find that certain sectors can be affected by piracy, notably recent top movies.

The results show a displacement rate of 40 per cent which means that for every ten recent top films watched illegally, four fewer films are consumed legally, the study notes.

...

20:12

Too few antibiotics in pipeline to tackle global drug-resistance crisis, WHO warns Lifeboat News: The Blog

Ed Whiting, director of policy at the Wellcome Trust agreed and said: There is no doubt of the urgency the world is running out of effective antibiotics and drug-resistant infections already kill 700,000 people a year globally. Weve made good progress in getting this on the political agenda. But now, a year on from a major UN agreement, we must see concerted action to reinvigorate the antibiotic pipeline, ensure responsible use of existing antibiotics, and address this threat across human, animal and environmental health.

The reports authors have found 51 new antibiotics and biologicals currently in development that may be able to treat the diseases caused by these resistant bugs. But that will not be anywhere near enough because of the length of time it takes to get drugs approved and onto the market, and because inevitably some of the drugs will not work.

Given the average success rates and development times in the past, the current pipeline of antibiotics and biologicals could lead to around 10 new approvals over the next five years, says the report. However, these new treatments will add little to the already existing arsenal and will not be sufficient to tackle the impending antimicrobial resistance threat.

19:59

No Magic Pill to Cure Alcohol Dependence Yet SoylentNews

A new study published by the scientific journal Addiction has found no reliable evidence for using nalmefene, naltrexone, acamprosate, baclofen or topiramate to control drinking in patients with alcohol dependence or alcohol use disorder. At best, some treatments showed low to medium efficacy in reducing drinking, but those findings were from studies with a high risk of bias. None demonstrated any benefit on health outcomes.

The study pooled the results from 32 double-blind randomised controlled trials representing 6,036 patients, published between 1994 and 2015. The studies compared the effects of oral nalmefene (n=9), naltrexone (n=14), acamprosate (n=1), baclofen (n=4) and topimarate (n=4) against placebo.

Many of the studies provided unreliable results due to risk of bias (potential exaggeration of the effects of the drug). Twenty-six studies (81%) showed an unclear or high risk of incomplete outcome data due to the large number of withdrawals. Seventeen studies (53%) showed an unclear or a high risk of selective outcome reporting, as they did not include a protocol registration number, which would allow another researcher to check whether all outcomes were reported.

Clment Palpacuer, et. al. Pharmacologically controlled drinking in the treatment of alcohol dependence or alcohol use disorders: a systematic review with direct and network meta-analyses on nalmefene, naltrexone, acamprosate, baclofen and topiramate. Addiction, 2017; DOI: 10.1111/add.13974

Back to the drawing board.


Original Submission

Read more of this story at SoylentNews.

19:47

Microservice Architecture Takes a Whole New Approach to Infrastructure

With microservice architecture where it is today, the gap between the good, the bad, and the ugly, is now enormous in terms of being able to deliver high-quality software with speed and efficiency.

19:20

This hotel in Taiwan has put proper gaming machines inside its rooms TechWorm

There is a gaming hotel in Taiwan for game lovers

Missing your gaming PC while on vacation, no problem! This hotel in Taiwan has the perfect room for you to do gaming.

While bed, TV, fridge and Wi-Fi connectivity are the basic common amenities that a hotel offers its customers during their stay, i hotel located in the Taoyuan district, which is about an hours train ride away from Taipei, provides proper gaming rigs in all its rooms for its gamer customers.

The rooms in this hotel come equipped with two gaming PCs with i5-7400 processors and 32-inch screens powered by ASUS. The gaming PCs come with 16GB of RAM and a GTX 1080 Ti GPU. To make your gaming experience a memorable one, two DXRacer gaming chairs are also provided. Once you are done with gaming, you can sit back and watch your favorite channels on a 46 inch TV screen provided in the room.

Each room costs an average of $100 a night. However, for those who are only interested in gaming there, the hotel has hourly rates starting at $12 per hour during weekends, to $75 for 15 hours.

Check out the walkthrough video (in Chinese) below that will give you a sneak peak about the hotel.

Source: Mashable

The post This hotel in Taiwan has put proper gaming machines inside its rooms appeared first on TechWorm.

18:40

Why Should You Speak at Tech Conferences? Or At Least Attend Them Regularly (Part 1)

Now I talk regularly at local meetups and I went as a speaker to few big conferences. Given that I am no expert in public speaking, my heart beat rises and occasionally words scramble as I am on the stage. But still, I will give you some reasons, why you should speak at conferences or at least attend them.

18:35

bento4: stack-based buffer underflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp) Open Source Security

Posted by Agostino Sarubbo on Sep 22

Description:
bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs.

The complete ASan output of the issue:

# mp42aac $FILE out.aac
==4435==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7fe62b800e86 at pc 0x00000057b5a3 bp
0x7ffea98c1b10 sp 0x7ffea98c1b08
WRITE of size 1 at 0x7fe62b800e86 thread T0...

18:32

bento4: stack-based buffer overflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp) Open Source Security

Posted by Agostino Sarubbo on Sep 22

Description:
bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs.

The complete ASan output of the issue:

# mp42aac $FILE out.aac
==9052==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fc5ce900866 at pc 0x00000057b5a3 bp 0x7ffd0f773130
sp 0x7ffd0f773128
WRITE of size 1 at 0x7fc5ce900866 thread T0
#0 0x57b5a2 in AP4_VisualSampleEntry::ReadFields(AP4_ByteStream&)...

18:30

bento4: heap-based buffer overflow in AP4_DataBuffer::SetData (Ap4DataBuffer.cpp) Open Source Security

Posted by Agostino Sarubbo on Sep 22

Description:
bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs.

The complete ASan output of the issue:

# mp42aac $FILE out.aac
==20986==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000000174 at pc 0x0000004ee515 bp 0x7ffd0b8395f0
sp 0x7ffd0b838da0
READ of size 65509 at 0x606000000174 thread T0...

18:30

Arduino and Pi Breathe New Life into Jukebox Hackaday

What do you do when someone gives you a Wurlitzer 3100 jukebox from 1969, but keeps all the records? If you are like [Tijuana Rick], you grab an Arduino and a Rasberry Pi and turn it into a really awesome digital music player.

Well grant you, making a music player out of a Raspberry Pi isnt all that cutting edge, but restoration and integration work is really impressive. The machine had many broken switches that had been hastily repaired, so [Rick] had to learn to create silicone molds and cast resin to create replacements. You can see and hear the end result in the video below.

[Rick] was frustrated with jukebox software he could find, until he found some Python code from [Thomas Sprinkmeier]. [Rick] used that code as a base and customized it for his needs.

Theres not much how to detail about the castings for the switches, but there are lots of photos and the results were great. We wondered if he considered putting fake 45s in the machine so it at least looked like it was playing vinyl.

Of course, you dont need an old piece of hardware to make a jukebox. Or, you can compromise and build out a replica.

 

 


Filed under: Arduino Hacks, Raspberry Pi

18:28

bento4: heap-based buffer overflow in AP4_BytesToUInt32BE (Ap4Utils.h) Open Source Security

Posted by Agostino Sarubbo on Sep 22

Description:
bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs.

The complete ASan output of the issue:

# mp42aac $FILE out.aac
==1966==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x617000000324 at pc 0x000000690d51 bp 0x7ffc25bed310
sp 0x7ffc25bed308
READ of size 1 at 0x617000000324 thread T0...

18:26

bento4: heap-based buffer overflow in AP4_HdlrAtom::AP4_HdlrAtom (Ap4HdlrAtom.cpp) Open Source Security

Posted by Agostino Sarubbo on Sep 22

Description:
bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs.

The complete ASan output of the issue:

# mp42aac $FILE out.aac
==10603==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000af at pc 0x000000622588 bp 0x7ffccfc80f10
sp 0x7ffccfc80f08
WRITE of size 1 at 0x6020000000af thread T0...

18:26

Alphabet Seeking $2.6 Billion in Damages From Uber SoylentNews

Google parent company Alphabet is seeking at least $2.6 billion from Uber for allegedly stealing self-driving car trade secrets from Waymo:

Alphabet thinks Uber should pay $2.6 billion for allegedly stealing a single trade secret.

Alphabet is in court with Uber today to convince a judge to delay the Oct. 10 trial in its self-driving lawsuit against the ride-hail company. But during the hearing, an Uber attorney said that Alphabet is seeking $2.6 billion in damages for just one of the nine trade secrets the company is claiming a former Uber executive stole.

Before today's hearing, the amount of damages Alphabet wanted a court to award them was not public and had been redacted from court filings.

In its opposition to Alphabet's request for a trial delay, Uber claims Alphabet is simply asking for a "do-over" because its allegations that an executive stole files and brought them to Uber has weakened.

Also at Reuters, Ars Technica, Engadget, The Street, MarketWatch, and TechCrunch.


Original Submission

Read more of this story at SoylentNews.

18:25

bento4: NULL pointer dereference in AP4_StdcFileByteStream::ReadPartial (Ap4StdCFileByteStream.cpp) Open Source Security

Posted by Agostino Sarubbo on Sep 22

Description:
bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs.

The complete ASan output of the issue:

# mp42aac $FILE out.aac
ASAN:DEADLYSIGNAL
=================================================================
==18215==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f23fa12110e bp 0x000000000017 sp
0x7fff671b9178 T0)
==18215==The signal is caused by a WRITE memory...

18:23

bento4: NULL pointer dereference in AP4_DataAtom::~AP4_DataAtom (Ap4MetaData.cpp) Open Source Security

Posted by Agostino Sarubbo on Sep 22

Description:
bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs.

The complete ASan output of the issue:

# mp42aac $FILE out.aac
ASAN:DEADLYSIGNAL
=================================================================
==11595==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000005b27fe bp 0x7ffce60a67e0 sp
0x7ffce60a67c0 T0)
==11595==The signal is caused by a READ memory access....

18:22

bento4: NULL pointer dereference in AP4_AtomSampleTable::GetSample (Ap4AtomSampleTable.cpp) Open Source Security

Posted by Agostino Sarubbo on Sep 22

Description:
bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs.

The complete ASan output of the issue:

# mp42aac $FILE out.aac
ASAN:DEADLYSIGNAL
=================================================================
==6365==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000005cf94c bp 0x7fff5857d580 sp
0x7fff5857d4c0 T0)
==6365==The signal is caused by a READ memory access....

18:20

bento4: NULL pointer dereference in AP4_Atom::SetType (Ap4Atom.h) Open Source Security

Posted by Agostino Sarubbo on Sep 22

Description:
bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs.

The complete ASan output of the issue:

# mp42aac $FILE out.aac
ASAN:DEADLYSIGNAL
=================================================================
==23307==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x0000005c9865 bp 0x7fffd01b90d0 sp
0x7fffd01b9020 T0)
==23307==The signal is caused by a WRITE memory...

18:19

bento4: heap-based buffer overflow in AP4_BitStream::ReadBytes (Ap4BitStream.cpp) Open Source Security

Posted by Agostino Sarubbo on Sep 22

Description:
bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs.

The complete ASan output of the issue:

# aac2mp4 $FILE /tmp/out.mp4
AAC frame [000000]: size = -7, 96000 kHz, 0 ch
=================================================================
==8420==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000002100 at pc 0x0000004eed45 bp 0x7ffdd3db9900
sp 0x7ffdd3db90b0
READ of size...

18:08

Ist ja bald Weihnachten: Cherry Klingon Keyboard The Isoblog.

Cherry Klingon Keyboard

This is made by Cherry, it seems. But its not quite authentic without spikes on the keycaps. Because if you dont bleed when typing Klingon poetry, it is just pointless posing.

17:51

Google Pixel 2, Pixel 2 XL images, specs and prices leaked TechWorm

Googles Pixel 2 and Pixel 2 XL prices, release date and color options leaked

While Google is gearing up to launch its next-generation of Pixel devices at an event on October 4, Droid Life, a long-running Android news site, in the meantime, has managed to get hold of some images, storage variants, color options and prices of the upcoming smartphones, Pixel 2 and Pixel 2 XL.

To begin with, the newly leaked renders of Pixel 2 reveal that the HTC-manufactured device will reportedly have a 5-inch screen display and prominent bezels on the sides. The smartphone will be powered by Qualcomms Snapdragon 835 processor and come in 64GB and 128GB storage options, priced at $649 and $749, respectively. The Pixel 2 smartphone is expected to offer a squeezable frame just like the HTC U11. Pixel 2 will be available in Just Black, Clearly White and Kinda Blue color options. Google is reportedly expected to offer financing offers on these devices over the course of two years.

On the other hand, LG made Pixel 2 XL is expected to feature a 6-inch OLED display and Qualcomms Snapdragon 835 processor. It will be available with 64GB and 128GB storage capacities, priced at $849 and $949 respectively. Further, the device will be available in two color variants one with a combination of black and white back cover and another with an all-black cover. Google is offering financing options on 64GB and 128GB Pixel 2 XL devices so that the investment can be spread over a period of 24 months.

Further, both the smartphones are expected to have the same 12MP rear camera as seen in the original Pixel devices and better batteries than its rivals.

We advise you to take the above leaked information with a pinch of salt and wait for the official announcement from Google on October 4. In the meantime, keep watching this space for more updates and leaks on the devices.

The post Google Pixel 2, Pixel 2 XL images, specs and prices leaked appeared first on TechWorm.

17:35

SEC announces it was hacked, information may have been used for insider trading Security Affairs

The top U.S. markets regulator SEC announced a security breach, accessed data might have been used by crooks for insider trading.

The U.S. Securities and Exchange Commission (SEC) announced that cyber criminals had previously breached its database of corporate announcements in 2016 and likely they have used it for insider trading.

On Wednesday, the SEC Chairman Jay Clayton released a statement on cybersecurity that reported a 2016 security breach of its EDGAR system.

The Securities and Exchange Commissions Edgar filing system is a platform which houses detailed financial reports on publicly traded companies, including quarterly earnings and statements on acquisitions.

SEC data breach

A general exterior view of the U.S. Securities and Exchange Commission (SEC) headquarters in Washington, June 24, 2011. REUTERS/Jonathan Ernst

According to Clayton, the security breach was discovered last, it is the result of the presence of  software vulnerability.

In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading.  Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. reads the statement on cybersecurity.

The SEC confirmed it is investigating the security breach but it did not share details about the attack, it only confirmed to have promptly fixed the flaw exploited by hackers.

Exactly as for the Equifax incident, this case is hilarious because the SEC agency is charged with protecting investors and markets.

The SEC believes the intrusion did not expose personally identifiable information.

It is believed the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or resu...

17:30

Why would there be Peruvian DNA in Towns County, Georgia? Terra Forming Terra

Why would there be Peruvian DNA in Towns County, Georgia?









 
 
 
 
 
I look forward to when we simply DNA every child upon birth.   The Mega Stats will be well worth extensive mining in order to pin down origins and likely generational auras in the data.

We already know that movement existed.  After all the waters involved are no move difficult than the Mediterranean with ample large islands along the way that naturally allow mostly short hops.  The largest span which is the Gulf of Mexico can even be skirted if deemed too late in the season.
 
As always defeated communities did take sail to escape their enemies and head out for fertile under populated areas elsewhere known by traders.
 
Add in the mining in Georgia and you even have a natural magnet that surely brought everyone sooner or later....
.
Why would there be Peruvian DNA in Towns County, Georgia?



...

17:30

Trump's Historic Opportunity with the Federal Reserve Terra Forming Terra



 Remarkable that this is so.  Better yet he has been a student of sorts of the Fed most of his adult life as noted in comments from times past. Can this lead to something is another matter altogether.  It is hard to see that it can.

Real change must actually be bottom up.

Time will tell and it is noted that change here has become possible.
.

.

Trump's Historic Opportunity with the Federal Reserve


by Tho Bishop

https://mises.org/library/trumps-historic-opportunity-federal-reserve

And then there were three.


Today Stanley Fischer submitted his letter of resignation from the Federal Reserves Board of Governors, effective next month, the second such resignation of Donald Trumps presidency. While Fischers term as Vice Chairman of the Fed was set to end next year, he had the ability to serve as a governor through 2020. Along with Trumps decision next year on whether to replace Janet Yellen as the Feds chair, this means Trumps will have the opportunity to appoint five of seven governors to Americas central bank.


Given that the position holds a 14-year term, it is unusual for a president to have the opportunity to make so many appointments. As Diane Swonk of DS Economics noted, Its the largest potential regime change in the leadership of the Fed since 1936.



Of course the question is now whether a change in personnel will lead to a change in policy.



Trump has already taken steps to fill one of the vacancies, nominating Randal Quarles earlier this year. Quarles, a former Bush-era Treasury official turned investment banker, will be taking the specific role of Fed vice chair of supervision. As a vocal critic of Dodd-Frank, and the Volker Rule in particular, Quarles may help relieve some of the regulatory burden on financial institutions, but his views on monetary policy are less clear. He h...

17:30

The Stages of Fasting: What Happens to Your Body When You Fast? Terra Forming Terra

 

 This is a useful bit.  we get plenty of how tos but mapping actual changes is usually left out.  My own experience caught me getting dehydrated and that must be avoided.
All good though..
The Stages of Fasting: What Happens to Your Body When You Fast?

While fasting is nothing new, it is experiencing a resurgence in popularity as many discover its health benefits. If you are planning your first fast or looking for ways to improve your next one, there are a few things you should do to prepare. The first step is learning about the different stages of fasting. This knowledge helps you mentally and physically prepare for what happens to your body when you fast.
The stages of fasting outlined below are based off a water fast, a traditional fast in which you abstain from any food and only drink water for 12-48 hours or long...

17:30

graphicsmagick: assertion failure in pixel_cache.c Open Source Security

Posted by Agostino Sarubbo on Sep 22

Description:
graphicsmagick is a collection of tools and libraries for many image formats.

The complete output of the issue:

# gm convert $FILE null
gm: magick/pixel_cache.c:1089: const PixelPacket AcquireImagePixels(const Image , const long, const long, const
unsigned long, const unsigned long, ExceptionInfo ): Assertion `image != (Image ) NULL'
failed.

Affected version:
1.3.25, 1.3.26 and maybe past releases

Fixed version:
N/A...

17:30

Anatomy of terror: What makes normal people become extremists? Terra Forming Terra




















This is not a difficult question.  You start with boredom and perhaps social isolation.  Then you self brainwash yourself to the point in which you finally drink the Koolaid.

The cure is even simpler. A low guilt  threshold for the application of Summary Castration. This makes reading Jihadi propaganda deeply unpopular and stops self brainwashing.

Put all that in place and it is no trick to make it all go away.

None of this ever had anything to do with religion at all, except to provide  useful idiots.  The inclination has been a fringe phenomena for centuries and includes neo Nazis, anarchists and communists as well..

.


Anatomy of terror: What makes normal people become extremists?

16 August 2017

 https://www.newscientist.com/article/mg23531390-700-anatomy-of-terror-what-makes-normal-people-become-extremists/

It takes more than religious fanaticism or hatred to make someone take innocent lives, but recognise the true roots of ISIS-inspired terror and they can be addressed





17:30

Precision Medicine and Aging Have This in Common - Facts So Romantic Nautilus


Precision medicine and aging both drive the complexity of medical care up.Photograph by isak55 / Shutterstock

We are healthier and living longer than we ever have, and advances like personalized medicine seem to promise an ever brighter future. But as the proportion of elderly people increases, so do the complexities of age-related medical care.

Nautilus caught up with Mary Tinetti, a doctor and researcher at the Yale School of Medicine, to talk about her work on improving healthcare for aging patients. Tinetti emphasized the importance of treating people in all their complexity, not just their diseaseparticularly when multiple conditions are present, as often happens with elderly patients.  

What does the increasing specialization of medical research mean for clinicians, scientists, and patients?  

Sometimes we miss the big picture. We can know more and more about a very small area, but we dont know how addressing that area affects everything else thats happening in peoples health, lives, and bodies. At a time when we need to get broader, were getting narrower. When people have multiple issues in their lives that are important, what the clinician or specialist focuses in on may not be whats important to that individual.
Read More

17:28

bladeenc: global buffer overflow in iteration_loop (loop.c) Open Source Security

Posted by Agostino Sarubbo on Sep 21

Description:
bladeenc is an mp3 encoder.

There is a write overflow by default without a crafted file in the bladeenc command-line tool. The upstream website
does not work anymore for me.
The complete ASan output of the issue:

# bladeenc $FILE
==15358==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000141c3b4 at pc 0x00000052afc8 bp
0x7ffcb9e50bb0 sp 0x7ffcb9e50ba8
WRITE of size 4 at 0x00000141c3b4 thread T0
#0 0x52afc7 in...

16:53

Google Acquires HTC's "Pixel" Division, Rather than HTC Itself, for Just $1.1 Billion SoylentNews

Google has acquired HTC's "Pixel" division, which has made premium Android products for Google, for $1.1 billion. Google will get around 2,000 new employees (around a fifth of HTC's total workforce) and a non-exclusive license for HTC's "intellectual property":

Of the three most influential companies in smartphone design, Nokia fragmented into a million pieces after being bought out by Microsoft, Apple is still going strong, and Google just bought the third with its $1.1 billion deal with HTC. The reason why Google acquired what looks to be the majority of HTC's phone design and engineering team is simple, and it's been obvious for over a year: Google is serious about becoming a hardware company.

Early in 2016, Google created a new hardware division and re-hired Motorola chief Rick Osterloh to run that group. A brief few months after that, the company was plastering the streets of Europe and the US with billboards trumpeting the arrival of the first "Made by Google" Pixel devices. Why do we refuse to acknowledge what's right in front of our eyes? Google is going to war against the iPhone.

[...] The Motorola deal was complex, involved a vast and valuable patent portfolio, and required careful balancing to preserve at the least the appearance of Motorola operating independently. With its new staff coming in from HTC, Google is getting a big and highly experienced team close to 2,000 people, according to HTC CFO Peter Shen and it's putting them directly under [former Motorola chief Rick] Osterloh's command. There's no confusion about where orders are coming from, or any external interests that need to be appeased. It's just going to be Google, suddenly powered up with the years of experience that a new hardware vendor usually lacks, with the clear goal of ousting Apple's iPhone from its position as the device most identified with the word "smartphone."

Compare to the $12.5 billion acquisition of Motorola Mobility in 2011.

Also at Google's Blog (written by Google Senior Vice President of Hardware, Rick Osterloh), Business Insider, Reuters, The Register, and T...

16:32

ARCAs revolutionary aerospike engine completed and ready for testing Lifeboat News: The Blog

ARCA Space Corporation has announced its linear aerospike engine is ready to start ground tests as the company moves towards installing the engine in its Demonstrator 3 rocket. Designed to power the worlds first operational Single-Stage-To-Orbit (SSTO) satellite launcher, the engine took only 60 days to complete from when fabrication began.

Over the past 60 years, space launches have become pretty routine. The first stage ignites, the rocket lifts slowly and majestically from the launch pad before picking up speed and vanishing into the blue. Minutes later, the first stage shuts down and separates from the upper stages, which ignite and burn in turn until the payload is delivered into orbit.

This approach was adopted not only because it provides enough fuel to lift the payload while conserving weight, but also because the first-stage engines, which work best at sea level, are very inefficient at higher altitudes or in space, so different engines need to be employed for each stage of flight.

15:30

FPGA Clocks for Software Developers (or Anyone) Hackaday

It used to be that designing hardware required schematics and designing software required code. Sure, a lot of people could jump back and forth, but it was clearly a different discipline. Today, a lot of substantial digital design occurs using a hardware description language (HDL) like Verilog or VHDL. These look like software, but as weve pointed out many times, it isnt really the same. [Zipcpu] has a really clear blog post that explains how it is different and why.

[Zipcpu] notes something weve seen all too often on the web. Some neophytes will write sequential code using Verilog or VHDL as if it was a conventional programming language. Code like that may even simulate. However, the resulting hardware will at best be very inefficient and at worst will not even work.

We did mildly disagree with one statement in the post: no digital logic design can work without a clock. However, [Zipcpu] goes on to elaborate and we agree with the elaboration. However, it is important to note that asynchronous and combinatorial logic dont use a clock in the conventional sense of the word. Combinatorial logic for example, a bunch of AND and OR gates can only handle simple tasks and full-blown asynchronous design is tough and not likely to be something a new FPGA developer will encounter.

The reality is that nearly all significant digital design uses clocks is because it makes the design manageable. Essentially, the clock tells all parts of the circuit to start processing and sets a deadline for the various combinatorial parts to complete. Without the clock, youd have to deal with the issue when, for example, an adder presents a result before the carry from another stage arrives to change that answer. With a clock, as long as the right answer is ready by the clock edge, you dont care about exactly how long it takes.

This is especially important because Verilog and VHDL dont execute line-by-line as a software developer would expect. Instead, HDL constructs become circuits and all the circuits operate at one time. This parallelism can be difficult to manage, but it is what makes FPGAs ideal for high-speed computations and fast response times.

The section of the post about how much logic to put between clocks is what you usually call making timing. The FPGA tools have a scary amount of data about how much time it takes for a signal to travel from one part of the FPGA to another. If the tool detects that the transit time between two clocked elements exceeds the clock period, it will flag that as an error. You can increase the clock speed or shorten the path either physically or logically.

...

15:20

The Ghost in Nintendo's Switch - Game Unlocks on the Date of Satoru Iwata's Death SoylentNews

Kotaku runs a story about the game that "spontaneously" unlocks on the date of the death of Satoru Iwata:

When a Switch owner named Setery told a gaming forum about how NES Golf randomly appeared on her Switch's screen, commenters accused her console of being haunted. Switch hackers' subsequent race to unearth NES Golf now indicates that there's a hidden game on the console and, actually, it appears to be a heartwarming tribute to the deceased Nintendo CEO Satoru Iwata.

[...] Prior to heading Nintendo, Iwata was a programmer... The story goes that, after several developers turned down the task of developing the NES's Golf, Iwata found a way to fit the game's 18-hole course onto a cartridge's modest memory.

On July 11th, 2015, Iwata succumbed to cancer at age 55. As Nintendo CEO, Iwata was known for his "Iwata Asks" column on Nintendo's website and his appearances at major Nintendo events. Thanks to Nintendo Directs, he also became associated with a very specific gesture.

[...] Fast forward to early summer, 2017, when hackers discovered a hidden NES emulator on the Switch referred to as "Flog," Ars Technica reports. "We thought they had included it during manufacturing by mistake," Plutoo, one of the Switch hackers... Last weekend, bored, Plutoo decided to look into it. ... He says he discovered two intriguing details: "The code looked for the date July 11th, and the code right before seemed to enable the 'Joycon sixaxis' motion sensors."

Read more of this story at SoylentNews.

14:12

Scientists spot sleeping jellyfish Lifeboat News: The Blog

Sept. 21 (UPI) Scientists have observed, for the first time, a jellyfish in a sleep-like state. Its the first time an animal without a brain or central nervous system has been observed sleeping.

The findings detailed this week in the journal Current Biology could help scientists finally answer the questions: Do all animals sleep?

All vertebrates studied by scientists sleep, but researchers havent been able to agree whether or not sleep is ubiquitous, or even common, among invertebrates. Studies have suggested fruit flies and roundworms sleep, but what about more primitive organisms like sponges and jellyfish?

13:47

Toshiba Decides to Sell Semiconductor Business to Bain Capital for $18 Billion SoylentNews

Western Digital has apparently been spurned as Toshiba has agreed to sell its semiconductor business to Bain Capital instead for around $18 billion. The deal has not been finalized so more confusion could be over the horizon:

Japan's Toshiba Corp agreed on Wednesday to sell its prized semiconductor business to a group led by U.S. private equity firm Bain Capital LP, a key step in keeping the struggling Japanese conglomerate listed on the Tokyo exchange. In a last-minute twist to a long and highly contentious auction, Toshiba said in a late-night announcement through the exchange it agreed to sign a contract for the deal worth about 2 trillion yen (13.22 billion pounds).

The decision to sell the world's No. 2 producer of NAND memory chips, first reported by Reuters, was made at a board meeting earlier on Wednesday. Late on Tuesday, sources had said Toshiba was leaning towards selling the business to its U.S. joint venture partner Western Digital Corp. It's unclear whether the sale to the Bain Capital-led group will proceed smoothly, as Western Digital has previously initiated legal action against Toshiba, arguing that no deal can be done without its consent due to its position as Toshiba's joint venture chip partner.

Also at NYT, Engadget, Nasdaq, BBC, and Bloomberg (alt opinion).

Previously: Chaos as Toshiba Tries to Sell Memory Business


Original Submission

Read more of this story at SoylentNews.

12:30

The Longest Tech Support Call: Apollo 14 Computer Hack Hackaday

Deep-voiced and aptly named [Scott Manley] posted a video about the computer hack that saved Apollo 14. Unlike some articles about the incident, [Scott] gets into the technical details in an entertaining way. If you dont remember, Apollo 14 had an issue where the abort command button would occasionally signal when it shouldnt.

The common story is that a NASA engineer found a way to reprogram the Apollo guidance computer. However, [Scott] points out that the rope memory in the computer wasnt reprogrammable and there was no remote way to send commands to the computer anyway.

The initial patch had the astronauts use the DSKY to clear a bit that would prevent an abort from occurring. However, there was a chance that some other code would set that bit again as part of normal operations. If the bit was set and the switch malfunctioned, you could get a spurious abort. Engineers sent them another procedure to fool the computer into thinking it was already executing an abort which solved that problem.

However, this required a lot of effort during operations to make everything work. [Scott] shows you the nouns and verbs used and explains them in detail. It is rare to find such a technical treatment of this story and the NASA engineers were certainly doing a hack in the truest sense of the word.

The DSKY is no stranger to the pages of Hackaday. Weve even talked about the odd rope memory before. While Apollo 13 got the big budget movie, the Apollo 14 hack is a great story, too. And without it, wed have never had a golf shot on the moon.


Filed under: classic hacks

12:14

Securities and Exchange Commission Hacked in 2016 SoylentNews

The SEC has disclosed that its corporate filing system "Edgar" (Electronic Data Gathering, Analysis, and Retrieval) was hacked in 2016:

The top securities regulator in the United States said Wednesday night that its computer system had been hacked last year, giving the attackers private information that could have been exploited for trading. The disclosure, coming on the heels of a data breach at Equifax, the major consumer credit reporting firm, is likely to intensify concerns over potential computer vulnerabilities lurking among pillars of the American financial system.

The Securities and Exchange Commission said in a statement that it was still investigating the breach of its corporate filing system. The system, called Edgar, is used by companies to make legally required filings to the agency.

The agency said it learned in August that an incident detected last year "was exploited and resulted in access to nonpublic information." It said the security vulnerability used in the attack had been patched shortly after it was discovered. The hacking, it said, "may have provided the basis for illicit gain through trading."

Direct link to the SEC statement.

Also at Bloomberg.


Original Submission

Read more of this story at SoylentNews.

12:05

Senate Dems call for enhanced transparency for online ads The Hill: Technology Policy

A pair of Democratic senators are reportedly pushing for legislation to force major digital platforms to publicly disclose the groups and individuals they sell ads to for more than $10,000, amid concern over Facebook ads sold to Russians during the...

11:04

Mesa 17.1.10 Is Being Prepped As The Final 17.1 Update Phoronix

J.A. Suarez Romero of Igalia is preparing Mesa 17.1.10 as the final point release for the Mesa 17.1 release stream...

10:41

Jellyfish Found to Sleep Despite Lack of a Brain SoylentNews

A study of jellyfish has challenged the idea that animals need a brain to exhibit sleeping behavior:

We think of sleep as restoring our brains: a time to process memories, cleanse our cells of toxins, and prepare for a new day. But even animals that lack brains need to snooze. Biologists have discovered that, like people, jellyfish hit the hay and have the same trouble we do waking up. Because these creatures are very low on the animal family tree, the work suggests that the ability to sleep evolved quite early.

"Sleep was likely present in the very first animals on this planet," says David Raizen, a neuroscientist and sleep expert at the University of Pennsylvania who was not involved with the work. "The results of this study challenge certain commonly held beliefs," adds William Joiner, a neuroscientist at the University of California, San Diego, who was also not involved with the work. "For example, that sleep requires a centralized nervous system and related neural circuits across evolution." Evidence from one recent study even suggests that skeletal muscles may be involved [open, DOI: 10.7554/eLife.26557] [DX]at least in mice.

Read more of this story at SoylentNews.

10:30

IFA, IoT night, Armenian startups and Startup night - The Berlin week that was Gregarious Mammal

Chris and Cate recount one crazy week in Berlin covering IFA, the France vs Germany IoT battle, Armenian startups and the long night of Startups.

HPR2385: 20170620 Into Action Part 7 Hacker Public Radio

The big driver to changing the healthcare system in the U.S. was the inexorable rise in healthcare costs. These costs kept rising for a number of reasons, which we look at at in this episode. Links: https://en.wikipedia.org/wiki/Baumol%27s_cost_disease https://www.cnet.com/news/robots-for-cancer-diagnosis-biopsy-lack-the-human-touch/?ftag=CAD090e536&bhid=20535501410714773631202074326606 https://en.wikipedia.org/wiki/List_of_countries_by_total_health_expenditure_per_capita http://www.palain.com/?page_id=309

10:25

CVE-2017-14681: P3Scan privilege escalation via PID file manipulation Open Source Security

Posted by Michael Orlitzky on Sep 21

Product: P3Scan (transparent email proxy server)
Versions-affected: 3.0_rc1 and earlier (all versions)
Bug-report: https://sourceforge.net/p/p3scan/bugs/33/
Author: Michael Orlitzky

== Summary ==

The p3scan daemon creates its PID file after dropping privileges to a
non-root user. That may be exploited (through init scripts or other
management tools) by the unprivileged user to kill root processes, since
when the daemon is stopped, root usually...

09:53

In an Effort to Push the Unitary Patent (UPC), EPO and the Liar in Chief Spread the Famous Lie About SMEs Techrights

Rule of thumb: everything that the EPO says nowadays is a deliberate lie.

Ear

Summary: The EPO wants people to hear just a bunch of lies rather than the simple truth, courtesy of the people whom the EPO proclaims it represents

THE EPO offers nepotism and fast lanes to large corporations. It panics when the public finds out about it and constantly lies about the matter, stating that it protects SMEs, small inventors and so on. The European Digital SME Alliance has already refuted some of these lies, but that wasnt enough to make the lies stop.

As a matter of priority, even though its past midnight right now, weve decided to compose a quick rebuttal/response to todays EPO lies (disguised as study, as usual). What a nerve these people have. They are lying so much to the European public, with Battistelli taking the lead, as usual.

hat a nerve these people have. They are lying so much to the European public, with Battistelli taking the lead, as usual.The latest lie was promoted in Twitter in the late afternoon. I responded by stating that the first EPO announcement in more than a month spreads a lie, the famous SME-themed lie [in which the EPO] makes up more SME-themed lies in order to sell the [other] lie that UPC is good for SMEs. See last paragraph.

Yes, I used the word lie quite a lot. Its as simple as this. They lied deliberately.

The official news item (epo.org link), which quotes the king, as usual (self glorification), ends like this:

They also highlight the benefits that SMEs can expect from the planned Unitary Patent. These include savings in time and money, as well as increased legal certainty across the EU market.

Thats a lie. Even insiders know that its a lie and y...

09:40

Mercedes Plots Tesla Attack With $1 Billion U.S. Electric Push cryptogon.com

Via: Bloomberg: Daimler AG plans to spend $1 billion to start production of Mercedes-Benz electric vehicles at its Alabama factory, setting the worlds largest luxury-car maker up to battle with battery-car specialist Tesla Inc. on its home turf. The German automaker will build its fifth battery plant globally and create more than 600 jobs in []

09:30

Spray Paint Goes DIY Virtual with a Vive Tracker Hackaday

Here is a virtual spray painting project with a new and DIY twist to it. [Adam Amaral]s project is an experiment in using the Vive Tracker, which was released earlier this year. [Adam] demonstrates how to interface some simple hardware and 3D printed parts to the Trackers GPIO pins, using it as a custom peripheral that is fully tracked and interactive in the Vives VR environment. He details not only the custom spray can controller, but also how to handle the device on the software side in the Unreal engine. The 3D printed spray can controller even rattles when shaken!

Theres one more trick. Since the Vive Tracker is wireless and completely self-contained, the completed rattlecan operates independently from the VR headset. This means its possible to ditch the goggles and hook up a projector, then use the 3D printed spray can to paint a nearby wall with virtual paint; you can see that part in action in the video embedded below.

Instagram Photo

When the Tracker was announced we felt that the GPIO pins and capabilities could open a lot of doors for experimentation; its nice to see someone document a project using them. After all, VR experimenters come up with some crazy stuff, like stepping back and forth through the real and virtual.


Filed under: how-to, Virtual Reality

09:07

Ford Using Microsoft HoloLens to Help Design Cars SoylentNews

Ford says it is using Microsoft's HoloLens augmented reality headset to help design cars, alongside clay models:

Microsoft's HoloLens headset has been slowly pivoting towards commercial markets over the past year. NASA, Volvo, Lowe's, Audi, and Volkswagen are all testing HoloLens for various reasons, and now Ford is expanding its use of Microsoft's headsets after an initial pilot phase. Ford is using HoloLens to let designers quickly model out changes to cars, trucks, and SUVs. This allows designers to see the changes on top of an existing physical vehicle, instead of the traditional clay model approach to car design.

Ford is still using clay models, but the HoloLens can be used to augment additional 3D models without having to build every single design prototype with clay.

Also at CNBC and Engadget.


Original Submission

Read more of this story at SoylentNews.

09:03

Trump supporters dig up personal information on thousands of Trump opponents The Hill: Technology Policy

Supporters of President Trump have compiled a list containing personal information on thousands of people they believe are either opposed to Trump or associated with left-wing "anti-fascist" or "antifa" groups.The list,...

08:52

Scientists discover master gene crucial for successful pregnancy Lifeboat News: The Blog

S cientists have edited human embryos for the first time in the UK to discover a master gene that underpins successful pregnancies. The game-changing research promises improved IVF outcomes and a breakthrough in understanding why so many pregnancies fail.

The Government-funded investigation, undertaken by the Francis Crick Institute, is the first to prove that gene editing can be used to study the genetic behaviour of human embryos in their first few days of life.

08:51

Links 21/9/2017: Red Hats Open Source Patent Promise; Qt 5.6.3, Kali Linux 2017.2 Release Techrights

GNOME bluefish

Contents

GNU/Linux

  • Server

    • The ISS just got its own Linux supercomputer

      A year-long project to determine how high-performance computers can perform in space has just cleared a major hurdle successfully booting up on the International Space Station (ISS).

      This experiment conducted by Hewlett Packard Enterprise (HPE) and NASA aims to run a commercial off-the-shelf high-performance computer in the harsh conditions of space for one year roughly the amount of time it will take to travel to Mars.

    • Kubernetes Snaps: The Quick Version

      When we built the Canonical Distribution of Kubernetes (CDK), one of our goals was to provide snap packages for the various Kubernetes clients and services: kubectl, kube-apiserver, kubelet, etc.

      While we mainly built the snaps for use in CDK, they are freely available to use for other purposes as well. Lets have a quick look at how to install and configure the Kubernetes snaps directly.

    • Kubernetes is Transforming Operations in the Enterprise

      At many organizations, managing containerized applications at scale is the order of the day (or soon will be). And few open source projects are having the impact in this arena that Kubernetes is.

      Above all, Kubernetes is ushering in operations transformation and helping organizations make the transition to cloud-native computing, says Craig McLuckie co-founder and CEO of Heptio and a co-founder of Kubernetes at Google, in a recent free webinar, Getting to Know Kubernetes. Kubernetes was created at Google, which donated the open source project to the Cloud Native Computing Foundation.

    • Kubernetes gains m...

08:46

Russian broadcaster tried to take over anti-Trump, anti-Clinton Twitter accounts: report The Hill: Technology Policy

RT, the Russian government-backed broadcaster, tried to take over two Twitter handles to help promote its coverage of the 2016 presidential campaign, Foreign Policy reported on Thursday.The media outlet reportedly told Twitter's advertising...

08:36

Overnight Tech: Facebook to hand over Russian political ads to Congress | Zuckerberg vows more transparency on ads | EU wants higher taxes on Silicon Valley | SEC database hacked The Hill: Technology Policy

FACEBOOK TO HAND OVER RUSSIAN-LINKED ADS TO CONGRESS: Facebook has made a deal with Congressional investigators to turn over roughly 3000 advertisements purchased by Kremlin-linked groups during the 2016 presidential campaign.The company...

08:09

Zuckerberg vows to make Facebook political advertising more transparent The Hill: Technology Policy

Facebook CEO Mark Zuckerberg said on Thursday that he plans to make bring the companys advertising tools to a higher standard of transparency.When someone buys political ads on TV or other media, they're required by law to disclose who paid for...

08:00

Fedora 27 Beta Hit By A Second Delay Phoronix

Last week it was decided to delay the Fedora 27 beta due to bugs while this week they've been forced to delay the release a second time...

07:54

07:50

Open Source Summit in Los Angeles: Day 1 in 5 Minutes

Open Source Summit North America in Los Angeles was packed with keynotes, technical sessions, and special presentations, including a conversation with Linux creator Linus Torvalds. In case you couldn't make it, CodePop.com's Gregg Pollack has put together some short videos recapping highlights of the event. 

Here's Day 1 in 5 minutes!

07:33

Equifax Linked to a Fake Breach Info Site for Weeks SoylentNews

Equifax's Twitter account linked to a website created by a software engineer imitating the real breach info site:

People create fake versions of big companies' websites all the time, usually for phishing purposes. But the companies do not usually link to them by mistake.

Equifax, however, did just that after Nick Sweeting, a software engineer, created an imitation of equifaxsecurity2017.com, Equifax's page about the security breach that may have exposed 143 million Americans' personal information. Several posts from the company's Twitter account directed consumers to Mr. Sweeting's version, securityequifax2017.com. They were deleted after the mistake was publicized.

By Wednesday evening, the Chrome, Firefox and Safari browsers had blacklisted Mr. Sweeting's site, and he took it down. By that time, he said, it had received about 200,000 hits.

Fortunately for the people who clicked, Mr. Sweeting's website was upfront about what it was. The layout was the same as the real version, complete with an identical prompt at the top: "To enroll in complimentary identity theft protection and credit file monitoring, click here." But a headline in large text differed: "Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That's So Easily Impersonated By Phishing Sites?"

Also at The Verge.

Previously: Equifax Data Breach Could Affect 143 Million Americans [Updated]
Are You an Equifax Breach Victim? You Could Give Up Right to Sue to Find Out
Outrage Builds after Equifax Executives Banked $2 Million Following Data Breach
Equifax CIO, CSO "Retire" in Wake of Huge Security Breach


Original Submission

Read more of this story at SoylentNews.

07:19

[$] Notes from the LPC tracing microconference LWN.net

The "tracing and BPF" microconference was held on the final day of the 2017 Linux Plumbers Conference; it covered a number of topics relevant to heavy users of kernel and user-space tracing. Read on for a summary of a number of those discussions on topics like BPF introspection, stack traces, kprobes, uprobes, and the Common Trace Format.

07:16

ISPs in at least two countries were involved in delivering surveillance FinFisher Spyware Security Affairs

Security researchers at ESET have uncovered a surveillance campaign using a new variant of FinFisher spyware, also known as FinSpy.

Finfisher infected victims in seven countries and experts believe that in two of them the major internet providers have been involved.

New surveillance campaigns utilizing FinFisher, infamous spyware known also as FinSpy and sold to governments and their agencies worldwide, are in the wild. Besides featuring technical improvements, some of these variants have been using a cunning, previously-unseen infection vector with strong indicators of major internet service provider (ISP) involvement. reads the post published by ESET.

The FinFisher spyware is for law enforcement and government use, but it seems to be preferred by regimes that desire to monitor representatives of the opposition. FinFisher is a powerful cyber espionage malware developed by Gamma Group that is able to secretly spy on victims computers intercepting communications, recording every keystroke as well as live surveillance through webcams and microphones.

ESET did not reveal which countries have been involved to avoid putting anyone in danger.

FinFisher is marketed as a law enforcement tool but has a history of turning up in deployments in countries with a poor reputation for human rights. The software offers covert surveillance through keylogging, and exfiltration of files, as well as live surveillance through webcams and microphones.

...

07:02

Senate Dem calls on businesses, feds to 'step up' on cybersecurity The Hill: Technology Policy

A top Senate Democrat on Thursday said the private and public sector needs to boost its cybersecurity after the Securities and Exchange Commission (SEC) revealed that hackers might have profited off of insider information stolen from the agencys...

06:39

Intel's Linux Driver & Mesa Have Hit Amazing Milestones This Year Phoronix

Kaveh Nasri, the manager of Intel's Mesa driver team within the Open-Source Technology Center since 2011, spoke this morning at XDC2017 about the accomplishments of his team and more broadly the Mesa community. Particularly over the past year there has been amazing milestones accomplished for this open-source driver stack...

06:30

Another Day, Another Air Gap Breached Hackaday

What high-tech, ultra-secure data center would be complete without dozens of video cameras directed both inward and outward? After all, the best informatic security means nothing without physical security. But those eyes in the sky can actually serve as a vector for attack, if this air-gap bridging exploit using networked security cameras is any indication.

It seems like the Cyber Security Lab at Ben-Gurion University is the place where air gaps go to die. Theyve knocked off an impressive array of air gap bridging hacks, like modulating power supply fans and hard drive activity indicators. The current work centers on the IR LED arrays commonly seen encircling the lenses of security cameras for night vision illumination. When a networked camera is compromised with their aIR-Jumper malware package, data can be exfiltrated from an otherwise secure facility. Using the cameras API, aIR-Jumper modulates the IR array for low bit-rate data transfer. The receiver can be as simple as a smartphone, which can see the IR light that remains invisible to the naked eye. A compromised camera can even be used to infiltrate data into an air-gapped network, using cameras to watch for modulated signals. They also demonstrated how arrays of cameras can be federated to provide higher data rates and multiple covert channels with ranges of up to several kilometers.

True, the exploit requires physical access to the cameras to install the malware, but given the abysmal state of web camera security, a little social engineering may be the only thing standing between a secure system and a compromised one.

[via Ars Technica]


Filed under: s...

06:00

Using VR to Diagnose Concussions IEEE Spectrum Recent Content full text

The new approach to concussion screening is spreading to colleges nationwide Photo: SyncThink

Jamshid Ghajar once asked a NFL football spottera person who watches games for possible brain injurieshow he recognized a player with a concussion. The spotter replied, Well, if he kneels down and shakes his head, he may have a concussion.

As a neurosurgeon and director of the Stanford Concussion and Brain Performance Center, Ghajar was more than a little dismayed with that answer. Spotting and other sideline assessments for concussionssuch as having players memorize and recall words, or track a moving finger with their eyesare just okay, Ghajar described on Tuesday to a small crowd at the MIT Media Lab in Cambridge, Massachusetts, during a technology conference hosted by ApplySci. Such techniques are not really picking up a biological signal of concussion, he added.

In search of a more accurate, yet speedy way to diagnose concussions, Ghajar and a team at SyncThink, a Palo Alto, California-based company, have developed a mobile eye tracking technology to diagnose concussions based on clinical research. Their goal is to transform concussion diagnoses from guesswork into an objective test.

The EYE-SYNC technologya VR headset platform that tracks eye movements and reports signs of impairment within 60 secondswas approved by the FDA last year and is now being rolled out to Pac-12 football schools and hospitals around the nation. Another eye-tracking tool to diagnose concussions,  EyeBOX from Oculogica, tracks 67 -domains of eye movements as participants watch videos, according to the company website . The technology has not yet been cleared by the FDA.

Tools such as this could help reduce the risk of brain damage in athletes, which can occur even before the age of 12, according to a study published this week in the journal Translational Psychiatry. In it, researchers at Boston University found that participation in youth football before age...

05:57

Snowflake Macro Photography SoylentNews

Spotted at HackerNews is a link to Alexey Kljatov's blog on snowflake macro photography.

The HN thread links to this 2013 posting on the equipment used in the setup:

Some people think that snowflake photography is a complex matter, and requires expensive equipment, but in fact it can be inexpensive, very interesting and quite easy, after some practice.

Currently, i use low cost variation of well-known lens reversal macro technique: compact camera Canon Powershot A650is at maximum optical zoom (6x) shoots through lens Helios 44M-5 (taken from old film camera Zenit, made in USSR), reversely mounted in front of built-in camera optics. Compared to Canon A650 standard macro mode, this simple setup achieves much better magnification and details, lesser chromatic aberrations and blurring at image corners, but also very shallow depth of field.

I capture every snowflake as short series of identical photos (usually 8-10, for most interesting and beautiful crystals - 16 shots and more), and average it (after aligning, for every resulting pixel take arithmetical mean of corresponding pixels from all shots of series) at very first stage of processing workflow. Averaging technique dramatically reduces noise and reveals thin and subtle details and color transitions, which almost unseen in every single shot from series, because they masked by noise.

The Original HN Thread is here and also contains a link to Alexey's Flickr page with more of the results.


Original Submission

Read more of this story at SoylentNews.

05:53

Senate Dems ask FCC to delay net neutrality repeal The Hill: Technology Policy

A group of Senate Democrats is asking the Federal Communications Commission (FCC) to delay its effort to repeal the Obama-era net neutrality regulations in order to review a trove of recently-released documents related to the proceeding.The...

05:43

Facebook to turn over Russian 2016 election ads to Congress The Hill: Technology Policy

Facebook has decided to turn over to congressional investigators copies of roughly 3,000 advertisements purchased by Russian-linked groups during the 2016 presidential campaign.The company confirmed Thursday afternoon that it would release details...

05:32

05:30

Make the Web Better for Everyone IEEE Spectrum Recent Content full text

Corporations and governments must partner to fix a broken medium Illustration: Edmon de Haro

img Illustration: Edmon de Haro

The Web has serious problems: peddler of unreliable information, haven for criminals, spawning ground for irrational conspiracy fears, and tool for destructive people to broadcast their violence in real time and with posted recordings.

No doubt your list of Web pathologies is different from mine. But surely you agree that the Web disappoints as much as it delights.

Now the hard partwhat to do about it?

Starting over is impossible. The Web is the ground of our global civilization, a pillar of contemporary existence. Even as we complain about the excesses and shortcomings of the Web, we cant survive without it.

For engineers and technovisionaries, the solution flows from an admirable U.S. tradition: building a better mousetrap.

For redesigners of the broken Web, the popular impulse is to expand digital freedom by creating a Web so decentralized that governments cant censor it and big corporations cant dominate.

However noble, the freedom advocates fail to account for a major class of vexations arising from anonymity, which allows, say, Russian hackers to pose as legitimate tweeters and terrorist groups to recruit through Facebook pages.

To be sure, escape from government surveillance through digital masks has benefits, yet the path to improved governance across the world doesnt chiefly lie with finding more clever ways to hide from official oppression. More freedom, ultimately, will only spawn more irresponsible, harmful behavior.

If more freedom and greater privacy wont cure what ails the Web, might we consider older forms of control and the cooperation of essential public services?

In the 19th century, railroads gained such power over the lives of cities and towns across the United States that norms, rules, and laws emerged to impose a modicum of fairness on routes, fares, and services. Similarly, in the 20th century, the Bell telephone network, having gained a natural monopoly, came under the supervision of the U.S. government. So did the countrys leading computer company, IBM.

Because of government limits, Bell stayed out of the computer businessand licensed its revolutionary transistor to others. IBMs management, meanwhile, felt pressured by the government to unbundle software that came free with its computers, which in...

05:20

Are Cryptocurrency Miners The Future for Pirate Sites? TorrentFreak

Last weekend The Pirate Bay surprised friend and foe by adding a Javascript-based cryptocurrency miner to its website.

The miner utilizes CPU power from visitors to generate Monero coins for the site, providing an extra revenue source.

Initially, this caused the CPUs of visitors to max out due to a configuration error, but it was later adjusted to be less demanding. Still, there was plenty of discussion on the move, with greatly varying opinions.

Some criticized the site for hijacking their computer resources for personal profit, without prior warning. However, there are also people who are happy to give something back to TPB, especially if it can help the site to remain online.

Aside from the configuration error, there was another major mistake everyone agreed on. The Pirate Bay team should have alerted its visitors to this change beforehand, and not after the fact, as they did last weekend.

Despite the sensitivities, The Pirate Bays move has inspired others to follow suit. Steaming link site Alluc.ee, often used by pirates, is one of the first. While they use the same mining service, their implementation is more elegant.

Alluc shows how many hashes are mined and the site allows users to increase or decrease the CPU load, or turn the miner off completely.

Its a fun way users can get rid of ads (which are disabled after the counter hits 600k) which we are happy to try since just like users we hate ads. In the current implementation, the user actually starts browsing ad-free permanently after a certain amount of hashes have been generated, Alluc told us.

When being transparent about it, providing an opt-out option and rewarding the user if he chooses to let the miner run it may have the potential of making a great widget for webmasters and users alike.

Alluc.ee miner

Putting all the controversy aside for a minute, the idea to let visitors mine coins is a pretty ingenious idea. The Pirate Bay said it was testing the feature to see if its possible as a replacement for ads, which might be much needed in the future.

In recent years many pirate sites have struggled to make a decent income. Not only are more people using ad-blockers now, the ad-quality is also dropping as copyright holders actively go after this revenue source, trying to dry up the funds of pirate sites. And with...

05:19

05:14

Unreal Engine 4.18 Preview 1 Is Ready For Game Developers Phoronix

Besides the CryENGINE 5.4 release happening today, Epic Games has made public their first preview release of the upcoming Unreal Engine 4.18...

05:07

The State Of The VC4 Driver Stack, Early Work On VC5 Phoronix

Eric Anholt of Broadcom just finished presenting at XDC2017 Mountain View on the state of the VC4 driver stack most notably used by the Raspberry Pi devices. Additionally, he also shared about his early work on the VC5 driver for next-generation Broadcom graphics...

05:00

Hackaday Prize Entry: Post Stroke Spasticity Rehab Helper Hackaday

A stroke is caused when poor blood flow to the brain causes cell damage, causing that part of the brain to stop functioning. Common causes are either blood vessel blockage or internal bleeding, and effects depend on the part of the brain that is affected. In most cases, spasticity (muscle contraction), poor motor control and the inability to move and feel are common after effects. Recovery is often a long, slow process and involves re-learning the affected lost skills. This is where physical therapy using assistive technologies becomes important. Rehabilitation must start as early as possible since the first few weeks are critical for good recovery. [Sergei V. Bogdanov] is building a cheap and simple Post-Stroke Spasticity Rehab Helper to address this problem.

Hes using ten hobby micro servos connected to an Arduino Nano, all mounted on a kitchen chopping board, with a few other bits thrown in to round out the build. Theres one pair of servos for each finger. A five bar linkage converts the servo rotations to two-dimensional motion. The end of the linkage has a swiveling metallic disk. Patient fingers are attached to these discs via magnetic metal pads that are attached to the end of the fingers using adhesive plaster tape. Two push buttons cycle through a large number of exercise modes and two potentio...

04:38

Re: CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Open Source Security

Posted by Thomas Jarosch on Sep 21

the issue has been assigned CVE-2017-14650.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14650

Best regards,
Thomas Jarosch / Intra2net AG

04:35

Top 3 alternatives to the popular movie streaming website, Putlocker TechWorm

Check out the best three alternatives to Putlocker

Putlocker is one of the most visited video streaming sites for allegedly pirated movies and television shows. However, Putlocker was shut down in 2016 after it was reported as a major piracy threat by the Motion Picture Association of America (MPAA).

Throughout its history, Putlockers domain address has changed multiple times with the most recent domain seizure being the URL putlockers.ch, which was suspended and transferred ownership under EuroDNS, by order of a Luxembourg court.

Ever since Putlocker.ch was shut down many similar websites like Putlockers.is, Putlockerstv.is, Putlocker.today have cropped up. However, most of these clones remain unverified and can infect your computer with malware or lead you to a phishing campaign.

In the absence of Putlocker.ch, we have made a list of the top rated free movie streaming websites like Putlocker for our readers for an uninterrupted online movie watching experience.

Here are top 3 Putlocker like movie streaming websites:

1. Solar Movie

Solar Movie website is the best alternative to Putlocker, as it boasts a high-quality search engine for movies online much like Putlocker. The Solar Movie home page displays the list of most popular movies, which are typically the latest ones. Details and user rating of each movie are added, which helps one choose the most proper one to watch. Currently, the SolarMovie website is being operated from Solarmoviez.to; however, this can quickly change as anti-piracy groups are always on the lookout to stop such streaming websites.

2. Fmovies

Fmovies is another popular movie streaming service where you can watch movies online in high quality for free without advertisements. You can also download movie, subtitles to your PC to watch movies offline. It has a range of movies from the oldest to the newest for their viewers.

3. GoMovies                                                                                                                                                                              
Another alternative to Putlocker is GoMovies, a new website with amazing features that allows you to watch and download movies and TV series online for free. To do so, you need to login and create a playlist of TV shows and movies of your choice. The TV series and movies are beautifully arranged in different categories, such as action, romance, thriller, etc., which makes it easier for one to search their choice of movies.

Currently, the ab...

04:35

Equifax directed consumers to fake phishing site for weeks Help Net Security

You can now add another blunder to the already long list of Equifaxs missteps in the wake of the massive breach it announced earlier this month: the company has been pointing affected customers to a fake phishing site. In a series of tweets pushed out over the last two weeks, the company sent them to securityequifax2017.com instead of equifaxsecurity2017.com, the address of the dedicated Web site the company set up to inform users of the More

04:16

Electric Bus Sets Record With 1,101-Mile Trip on a Single Charge SoylentNews

Submitted via IRC for Fnord666_

Think it was impressive when a Tesla club drove a Model S nearly 670 miles? It has nothing on what Proterra just managed. The startup just drove a Catalyst E2 Max electric bus a whopping 1,101.2 miles on a single charge. That's the furthest any EV has managed before recharging, and well past the 1,013.8 miles driven by the previous record-holder, a one-seat experimental car nicknamed "Boozer." It's not hard to see how Proterra managed the feat when you know about the technology, but this still bodes well for eco-friendly public transportation.

Source: https://www.engadget.com/2017/09/19/electric-bus-travels-record-1101-miles-on-one-charge/


Original Submission

Read more of this story at SoylentNews.

04:15

Hackers behind CCleaner compromise were after Intel, Microsoft, Cisco Help Net Security

There is a new twist in the CCleaner hack saga: the attackers apparently didnt set out to compromise as many machines as possible. A covert, highly targeted attack According to Cisco, their actual targets were computers at a number of huge tech companies like Intel, Microsoft, Linksys, Dlink, Google, Samsung and Cisco, telecoms such as O2 and Vodafone, and (the odd man out) Gauselmann, a manufacturer of gaming machines. Cisco researchers came at this conclusion More

03:40

Kali Linux 2017.2 Security OS Released With New Hacking Tools Download Now!!! TechWorm

Kali Linux 2017.2 Security OS Released With nearly 20 New Hacking Tools Download the ISO or Torrent Right Now!!!

If you are a hacker, pentester, or a security researcher, this news should interest you. The best Linux OS, Kali Linux 2017.2  was released yesterday. The hacking distro was under top-secret development according to the developers and features new tools as well as many bug fixes.

Few need an introduction to Kali Linux but for those who dont know, Kali Linux is one of the best Linux distros for hackers, pen-tester, and security researchers because of the fact that most of the hacking tools that are available online are built-in this Linux Distro.

A to Z Kali Linux Commands

Whats new with Kali Linux 2017.2?

Top 10 best tutorials to start learning hacking with Kali Linux

Kali Linux 2017.2 Hacking Tools

  • hurl  a useful little hexadecimal and URL encoder/decoder
  • phishery  phishery lets you inject SSL-enabled basic auth phishing URLs into a .docx Word document
  • ssh-audit  an SSH server auditor that checks for encryption types, banners, compression, and more
  • apt2  an Automated Penetration Testing Toolkit that runs its own scans or imports results from various scanners, and takes action on them
  • bloodhound  uses graph theory to reveal the hidden or unintended relationships within Active Directory
  • ...

03:32

Four Ways We Can Swallow the Doctor Lifeboat News: The Blog

Summary: Nanodocs? #Swallow #the #doctor? The authors of a recent research study, says soon we will be able to swallow the surgeon. Using medical #nanobots to diagnose and treat disease from inside the body. Study authors documented recent advances in nanotechnology tools, such as nanodrillers, microgrippers, and microbullets and show how #nanodocs have tremendous potential in the areas of precision surgery, detection, detoxification and targeted drug delivery.


Summary: Nanodocs? Swallow the doctor? The authors of a recent research study, say the concept of swallow the surgeon or using medical nanobots to diagnose and treat disease from inside the body may be closer than we think. Study authors document recent advances in nanotechnology tools, such as nanodrillers, microgrippers, and microbullets and show how nanodocs have tremendous potential in the areas of precision surgery, detection, detoxification and targeted drug delivery. Cover photo: The old way to swallow the surgeon. Credit: R. Collin Johnson / Attributed to Stanford University.

Imagine that you need to repair a defective heart valve, a major surgery. Instead of ripping your chest cut open, a doctor merely injects you with a syringe full of medical nanorobots, called nanodocs for short. You emerge from the surgery unscathed, and your only external wound is the puncture hole from the injection.

According to a recent study published by nanorobotic engineers at the University of California San Diego (UCSD), the concept of swallow the doctor may be closer to reality than we think.

03:31

Linux Fu: X Command Hackaday

Text-based Linux and Unix systems are easy to manipulate. The way the Unix I/O system works you can always fake keyboard input to another program and intercept its output. The whole system is made to work that way. Graphical X11 programs are another matter, though. Is there a way to control X11 programs like you control text programs? The answer to that question depends on exactly what you want to do, but the general answer is yes.

As usual for Linux and Unix, though, there are many ways to get to that answer. If you really want fine-grained control over programs, some programs offer control via a special mechanism known as D-Bus. This allows programs to expose data and methods that other programs can use. In a perfect world your target program will use D-Bus but that is now always the case. So today well look more for control of arbitrary programs.

There are several programs that can control X windows in some way or another. Theres a tool called xdo that you dont hear much about. More common is xdotool and Ill show you an example of that. Also, wmctrl can perform some similar functions. Theres also autokey which is a subset of the popular Windows program AutoHotKey.

About xdotool

The xdotool is probably the most useful of the commands when you need to take over GUI programs. It is sort of a Swiss Army knife of X manipulation. However, the command line syntax is a bit difficult and thats likely because the tool can do lots of different things. Most of the time I interested in its ability to move and resize windows. But it can also send fake keyboard and mouse input, and it can bind actions to things like mouse motion and window events.

Although you can make the tool read from a file, you most often see the arguments right on the command line. The idea is to find a window and then apply things to it. You can find windows by name or use other means such as letting the user click on the desired window.

For example, consider this:

echo Pick Window; xdotool selectwindow type "Hackaday"

If you enter this at a shell prompt, you can click on a window and see the given string appear as if it were typed there by the user. The tools is also capable of sending mouse events and performing a multitude of window operations like changing window focus, changing which desktop is shown, etc.

By the way, some of xdotools features require the XTest extension to your X server. Ive always found this turned on, but if things arent working, youd want to check your X server log to see if that extension is loaded.

What About wmctrl?

The wmctrl program has a lot of similar functions but mostly interacts with your window manager. The only problem is, it uses a standard interface to your window manager and not all window managers support all features. This is one of those things that...

03:29

Locky ransomware campaign launched 20M attacks in a single day HackRead

By Uzair Amir

Another Aggressive Locky ransomware campaign launched with 20 million attacks

This is a post from HackRead.com Read the original post: Locky ransomware campaign launched 20M attacks in a single day

03:28

McAfee joins the anti-Kaspersky witch hunt in shitty attempt to sell a few boxes Graham Cluley

A witch hunt against a long-established major player in the infosecurity space should be something that brings the industry together. It's ghastly to see how McAfee is behaving.

03:14

Re: CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Open Source Security

Posted by Thomas Jarosch on Sep 21

just saw that CVE ids can no longer be requested via oss security.
I'll request a CVE id and will post a follow up.

Best regards,
Thomas Jarosch / Intra2net AG

03:12

The Immune System Is Critical to Tissue Regeneration Lifeboat News: The Blog

One of the most intriguing questions in biology is how can some animals regenerate their major body parts like hearts and limbs and others cannot?

A new study led by Dr. James Godwin from the MDI Biological Laboratory suggests that the innate immune system could be the answer.

03:11

Zuckerberg: 2016 primary fight turning point for Facebook The Hill: Technology Policy

Facebook CEO Mark Zuckerberg said Thursday that the 2016 primary elections were a tipping point for his motivation to become more involved in political issues.Zuckerberg told Bloomberg Businessweek that just over a year ago...

02:47

Dip update 88/n wherestheflux

[Orig: Sept 21, 2017]
Hi everyone,
The winds were too high at TFN during the first half of the night (when our star is visible), so only OGG to report.  See graph below.   
On a side note: I realize that I am not terribly chatty this week, and I think it is because we are talking about climate change in my class and this is affecting my mood... This wont last - starting next week I will turn the focus to the Moon and Mars - in particular, the past and future of human spaceflight to these alien worlds!       
Best,
~Tabby and team
PS: These observations are happening because of the wonderful backers of our 2016 Kickstarter project. The Kickstarter campaign has ended, but we are still accepting donations to purchase additional observing time on the LCO 0.4m network. Thanks in advance for your support!      

02:45

NVIDIA 384.90 Linux Driver Brings Fixes, Quadro P5200 Support Phoronix

One day after releasing updated GeForce Linux legacy drivers, NVIDIA is now out with an update to their long-lived 384 branch...

02:38

Experts spotted a login page flaw in Joomla that exposes admin credentials Security Affairs

Researchers at RIPS Technologies discovered a login page vulnerability affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials.

Experts at RIPS Technologies discovered a login page flaw affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials.

The flaw affects Joomla installs when using Lightweight Directory Access Protocol (LDAP) authentication. Joomla implements LDAP access via TCP/IP through a native authentication plugin that can be enabled from the Plugin Manager.

The researchers discovered that when the LDAP authentication plugin is enabled an attacker can try to determine the username and password by guessing the credentials character by character from the login page.

Curiously, the RIPS researchers classified the flaw as critical, meanwhile Joomlas advisory lists report it as a medium-severity issue.

RIPS researchers discovered that the login page vulnerability, tracked as CVE-2017-14596, is caused by to the lack of input sanitization,

By exploiting a vulnerability in the login page, an unprivileged remote attacker can efficiently extract all authentication credentials of the LDAP server that is used by the Joomla! installation. These include the username and password of the super user, the Joomla! Administrator, reads the analysis published by RIPS researchers.

An attacker can then use the hijacked information to login to the administrator control panel and to take over the Joomla! installation, as well as potentially the web server, by uploading custom Joomla! extensions for remote code execution, 

joomla

RIPS has published a proof-of-concept (PoC) code and a video PoC, however, the exploit also requires a filter bypass, that the company hasnt disclosed.

The lack of input sanitization of the username credential used in the LDAP query allows an adversary to modify the result set of the LDAP search. By using wildcard characters and by observing different authentication error messages, the attacker can literally search for login credentials pro...

02:34

Puerto Rico "Destroyed" by Hurricane Maria SoylentNews

At 9PM ET September 20, ABC News reported

The island of Puerto Rico has been "destroyed" after Hurricane Maria made landfall there as a Category 4 storm Wednesday morning, according to emergency officials.

Puerto Rico's office of emergency management confirmed that 100 percent of the U.S. territory had lost power, noting that anyone with electricity was using a generator.

Multiple transmission lines sustained damage from the storm, said Ricardo Ramos, director of the Puerto Rico Electric Power Authority. Ramos said he hopes to begin launching helicopters by this weekends to begin inspecting the transmission lines.

Telecommunications throughout the island have "collapsed", Abner Gomez Cortes, executive director of Puerto Rico's office of emergency management and disaster administration agency, told ABC News.

[...] Cortes described Maria as an unprecedented storm, adding that the island had not seen a storm of that strength since 1928.

[...] Puerto Rico was still experiencing tropical-storm force winds Wednesday afternoon, forcing emergency services and search and rescue teams to wait before heading out to assess the damage, Cortes said.

More than 12,000 people are currently in shelters, and hospitals are now running on generators, Cortes said. Two hospitals--one in Caguas and one in Bayamon--have been damaged.

No deaths have been reported so far, but catastrophic flooding is currently taking place on the island. Multiple rain gauges have reported between 18 and 24 inches of rain, with some approaching the 30-inch mark over the last 24 hours.

Flooding is the danger "that will take lives", Cortes said, advising residents not to venture out of their homes until Thursday because "it is not safe to go out and observe".

[...] As of 8 p.m. ET, Maria had weakened to a Category 2 hurricane with maximum sustained wind of 110 mph, according to the National Hurricane Center.

[...] Some strengthening is possible now that the storm is back over the ocean, so Maria has potential to become a Category 3 hurricane again.

National Hurricane Center graphics for Maria.
Map of Caribbean Islands.

At 15:20 UTC, Mashable reported

Clips shot in the [cities] of Farjado, San Juan, and Guyama show buildings experiencing extreme structural damage. Doors are being ripped rig...

02:32

German Party for Health Research: Together Against Age-related Diseases Lifeboat News: The Blog

German Party for Health Research is calling for more funding for studies on aging and age-related diseases! Nice initiative! Good luck!


It seems the only reason why the situation with state funding for medical research has not improved over time in a given country is the lack of well-organized public initiatives to support the necessary changes.

People are rarely offered a clear program of action that could promote the development of therapies that might bring aging under medical control and address age-related diseases.

German Party for Health Research is offering such a program, and so far its activities are quire fruitful. We wish them good luck!

02:32

Three things to know about the dark web Help Net Security

One of the more curious aspects about the dark web is that it didnt start out as such a dark place: it began with bulletin boards in the 80s and 90s the markets of that day and continued in the early 2000s, when Freenet launched as a private peer-to-peer network for sharing content. At about the same time, the United States Naval Research Laboratory came up with what would be called The Onion More

02:25

How to find disk I/O latency with ioping monitoring tool on Linux nixCraft

How do I monitor disk I/O latency in real time on Linux, FreeBSD, OpenBSD, and MacOS operating system?

02:05

Security updates for Thursday LWN.net

Security updates have been issued by Arch Linux (tomcat7), Debian (kernel and perl), Fedora (libwmf and mpg123), Mageia (bluez, ffmpeg, gstreamer0.10-plugins-good, gstreamer1.0-plugins-good, libwmf, tomcat, and tor), openSUSE (emacs, fossil, freexl, php5, and xen), Red Hat (augeas, rh-mysql56-mysql, samba, and samba4), Scientific Linux (augeas, samba, and samba4), Slackware (samba), SUSE (emacs and kernel), and Ubuntu (qemu).

02:00

Load Cells Tell You to Lay Off the Donuts Hackaday

Our old algebra teacher used to say, You have to take what you know and use it to get what you dont know. That saying always reminds of us sensors that convert physical quantities into things our microcontrollers can measure. Sometimes the key to a project is knowing what kind of sensor will read the physical properties of the system you are interested in. If that physical property is weight, you can use what is known as a load cell. [DegrawSt] uses four 50 kg load cells to create a bathroom scale using an Arduino.

Load cells typically contain strain gauges that change resistance when deformed. This actually measures force, but if you mount them so they measure the force exerted by you standing on a platform, you get a scale. A load cell usually has four strain gauges in a bridge configuration. This causes a voltage across the bridge, although the output can be noisy and on the order of millivolts.

There are other types of load cells that use a piezoelectric material, hydraulics, pneumatics, or other technologies. However, the strain gauge cell is the most common. If you want more information about load cells, check out [Rick Sellens] lecture on the topic, below.

To provide excitation to the load cells and measure the voltage output, you usually want to use an amplifier to condition the circuit. [DegrawSt] uses an HX711 chip on a breakout board to manage the cells. Theres a library for the Arduino already available and even some example code.

The four load cells allow the 50 kg sensors to read a persons weight, up to 200 kg, anyway. The load cells themselves are in a bridge configuration which adds the weight on each cell together.

If you want to peek inside a commercial scale, weve seen that before. If you dont care about watching your figure, perhaps youd rather tension your bandsaw.


Filed under: Android Hacks ...

01:52

Mum begged doc to chip daughter in case radical dad takes her to Syria Lifeboat News: The Blog

Transhumanism discussion of using implants in children is in The Sun today, one of UKs largest sites/papers.


A DOCTOR known as a human cyborg has revealed parents are bombarding him with requests to implant chips into their children.

Dr Patrick Kramer, who work under the job title of chief cyborg officer, receives harrowing messages from parents desperate for him to implant tracking chips under their childrens skin.

01:47

CryENGINE 5.4 Now Available With Vulkan Beta Support Phoronix

Crytek today has shipped the exciting CryENGINE 5.4 game engine update...

01:43

CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Open Source Security

Posted by Thomas Jarosch on Sep 21

Hello oss security,

Intra2net AG found a code execution vulnerability in the "Horde_Image" library
of the Horde framework (https://www.horde.org/). The "_raw()" function of the
ImageMagick "im" backend passes the "$index" parameter unsanitized to the
shell. This parameter is f.e. exposed by the getImageAtIndex($index) function.

No core horde application exposes the $index parameter directly
to the net,...

01:41

New Horizons After 2014 MU69 Centauri Dreams

If New Horizons can make its flyby of Kuiper Belt Object MU69 at a scant 3500 kilometers, our imagery and other data should be much enhanced over the alternative 10,000 kilometer distance, one being kept in reserve in case pre-encounter observations indicate a substantial debris field or other problems close to the object. But both trajectories, according to principal investigator Alan Stern, have been moved closer following a ten-week study period, and both are closer than the 12,500 kilometers the spacecraft maintained in its flyby of Pluto.

Image: Artists concept of Kuiper Belt object 2014 MU69, which is the next flyby target for NASAs New Horizons mission. Scientists speculate that the Kuiper Belt object could be a single body (above) with a large chunk taken out of it, or two bodies that are close together or even touching. Credit: NASA/Johns Hopkins University Applied Physics Laboratory/Southwest Research Institute/Alex Parker.

Stern made the statement in early September at a meeting of the Outer Planets Assessment Group (OPAG), in which he also pointed out that flyby observations of the distant KBO will commence in August of next year in preparation for the early January arrival in 2019. The process of returning acquired data to Earth is estimated to take up to 20 months.

We also get this heartening news: Stern considers the Kuiper Extended Mission of New Horizons to be multi-pronged, with the January 1 flyby of MU69 perhaps the prelude to further operations. New Horizons has sufficient fuel and power to operate until roughly 2035, and the downlink of MU69 data will end in September of 2020. The current extended mission was approved for the period 2016-2021. Will there be another?

According to Sterns presentation at OPAG, the current extension involves not just the flyby of MU69, along with heliospheric plasma, dust, and neutral gas observations in the Kuiper Belt, but also distant observations of up to 30 other KBOs and numerous Centaurs. These studies involve searches for satellites, rings and dust along with examination of KBO light curves and shapes, with numerous papers on these results said to be in early stages of preparation.

With enough power and fuel to make it well into the 2030s, New Horizons, which is after all the only spacecraft with the opportunity to make these observations, could continue its active work for many years. An extended mission from 2021 to 2024 would allow add...

01:36

Experian Site Can Give Anyone Your Credit Freeze PIN Krebs on Security

An alert reader recently pointed my attention to a free online service offered by big-three credit bureau Experian that allows anyone to request the personal identification number (PIN) needed to unlock a consumer credit file that was previously frozen at Experian.

Experian's page for retrieving someone's credit freeze PIN requires little more information than has already been leaked by big-three bureau Equifax and a myriad other breaches.

Experians page for retrieving someones credit freeze PIN requires little more information than has already been leaked by big-three bureau Equifax and a myriad other breaches.

The first hurdle for instantly revealing anyones freeze PIN is to provide the persons name, address, date of birth and Social Security number (all data that has been jeopardized in breaches 100 times over including in the recent Equifax breach and that is broadly for sale in the cybercrime underground).

After that, one just needs to input an email address to receive the PIN and swear that the information is true and belongs to the submitter. Im certain this warning would deter all but the bravest of identity thieves!

The final authorization check is that Experian asks you to answer four so-called knowledge-based authentication or KBA questions. As I have noted in countless stories published here previously, the problem with relying on KBA questions to authenticate consumers online is that so much of the information needed to successfully guess the answers to those multiple-choice questions is now indexed or exposed by search engines, social networks and third-party services online both criminal and commercial.

Whats more, many of the companies that provide and resell these types of KBA challenge/response questions have been hacked in the past by criminals that run their own identity theft services.

Whenever Im faced with KBA-type questions I find that database tools like Sp...

01:26

Legacy networks holding back cloud and digital transformation Help Net Security

A new global survey by Riverbed Technology, which includes responses from 1,000 IT decision makers across nine countries, revealed an incredible level of agreement that legacy infrastructures are holding back their cloud and digital strategies. Nearly all respondents (97%) agree that legacy network infrastructure will have difficulty keeping pace with the changing demands of the cloud and hybrid networks. Conversely, 91% of respondents say their organizations cloud strategy will only reach its full potential with More

01:25

SEC reveals hackers might have used stolen data for insider trading Graham Cluley

The U.S. Securities and Exchange Commission (SEC) has revealed that attackers might have used data they stole in a security breach for illicit insider trading.

David Bisson reports.

01:18

Noctua NH-U9 TR4-SP3: Keeping Threadripper Running Happy With Air Cooling Phoronix

We recently looked at several Noctua cooler options for Intel's Core X-Series while today the tables have turned and we tried out Noctua's TR4-SP3 heatsink that is capable of cooling the high-Wattage Threadripper and EPYC processors with air cooling.

00:57

Saudi Arabia to Lift Ban on Online VoIP and Video Calling Services SoylentNews

Saudia Arabia will lift a 2013 ban on Internet calling services:

Saudi Arabia will lift a ban on internet phone calls, a government spokesman said, part of efforts to attract more business to the country. All online voice and video call services such as Microsoft's Skype and Facebook's WhatsApp that satisfy regulatory requirements will become accessible at midnight (2100 GMT), Adel Abu Hameed, spokesman for the telecoms regulator CITC said on Twitter on Wednesday.

The policy reversal represents part of the Saudi government's broad reforms to diversify the economy partly in response to low oil prices, which have hit the country's finances. "Digital transformation is one of the key kick-starters for the Saudi economy, as it will incentivise the growth of internet-based businesses, especially in the media and entertainment industries," a statement from the information ministry said. "Access to VoIP (voice over internet protocol) will reduce operational costs and spur digital entrepreneurship that's why it is such an important step in the Kingdom's internet regulation," it said.

Perhaps they found the backdoors.

Also at TechCrunch.


Original Submission

Read more of this story at SoylentNews.

00:44

EU outlines push for higher taxes on tech companies The Hill: Technology Policy

The European Union is preparing to propose stiffer taxes on digital companies if the rest of the developed world doesnt overhaul the international tax system.The European Commission, the EUs executive wing, released a report on Thursday outlining...

00:42

Open Source Networking Days

Open Source Networking Days (OSN Days) are a series of regional events that are hosted and organized by local Open Source Networking user groups and members, with support from open source networking projects within the Linux Foundation: DPDK, FD.io, ONAP, OpenDaylight, OPNFV, PNDA, and others.

Paris

Milan

Event Title: 
Open Source Networking Days

00:31

Inventing The Induction Motor Hackaday

When you think of who invented the induction motor, Nikola Tesla and Galileo Ferraris should come to mind. Though that could be a case of the squeaky wheel being the one that gets the grease. Those two were the ones who fought it out just when the infrastructure for these motors was being developed. Then again, Tesla played a huge part in inventing much of the technology behind that infrastructure.

Although they claimed to have invented it independently, nothings ever invented in a vacuum, and there was an interesting progression of both little guys and giants that came before them; Charles Babbage was surprisingly one of those giants. So lets start at the beginning, and work our way to Tesla and Ferraris.

Aragos rotations (1824-1831)

The induction motors invention began in 1824 in Paris with the publication of a very simple series of observations by Franois Arago. He suspended a magnetic compass needle laying horizontally in the middle of rings of different materials. He then rotated the needle 45 and let go of it. The needle proceeded to swing back and forth, with the maximum angle of its swing gradually decreasing. Arago counted the number of swings before the angle decreased to 10. With a wooden ring, it took 145 swings, with a thin copper ring it took 66, and in a stout copper ring it took only 33 swings. The presence of the copper somehow dampened the oscillations of the needle.

...

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Thursday, 21 September

23:54

PostgreSQL 10 Release Candidate 1 Arrives Phoronix

The first release candidate of PostgreSQL 10.0 is now available for testing...

23:30

Kubernetes is Transforming Operations in the Enterprise

At many organizations, managing containerized applications at scale is the order of the day (or soon will be). And few open source projects are having the impact in this arena that Kubernetes is.

23:30

Re: CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Open Source Security

Posted by Solar Designer on Sep 21

Hi,

This was sent to the list with only "CVE-2017-14160" as the Subject.
That's against oss-security list content guidelines:

http://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines

"When applicable, the message Subject must include the name and
version(s) of affected software, and vulnerability type. For example, a
Subject saying only "CVE-2099-99999" is not appropriate, whereas...

23:30

Smartphone Heart Monitor Beats Doctors at Diagnosing Atrial Fibrillation IEEE Spectrum Recent Content full text

The Kardia heart monitor from AliveCor did almost 4 times better than doctors providing standard care Photo: AliveCor

Doc, hows my ticker? In olden days (like 5 years ago), patients went to their general practitioners with such anxious inquiries, looking for cardiac checkups and reassurances. These days, consumers can buy a heart monitor thats about the size of a piece of gum and stick it on the back of their smartphone, then check their heart rate as often as they like. 

But how good are the results from such a consumer gadget? A new study that tested the Kardia Mobile heart monitor, made by AliveCor, found that the device detected more cases of the dangerous heart condition atrial fibrillation than general practitioners offering routine care. 

For the study, published in the journal Circulation, researchers in Wales enrolled 1000 patients aged 65 and above. Half of the patients received routine medical care from general practitioners, the other half were instructed to use the Kardia monitor twice a week to take 30-second recordings of their heart rate. During the 1-year study, the Kardia diagnosed 19 patients while the doctors diagnosed 5.

To use the Kardia device, the user presses two fingers of each hand against an electrode pad. The device records an electrocardiogram (ECG or EKG) by detecting the subtle electrical changes in the skin that reflect the heart muscles electrical pattern. The display shows users their heart rate, and the device can also upload the results to the cloud for a doctors review. AliveCor CEO Vic Gundotra notes that the Kardia is FDA cleared: This is not a Fitbit, this is a clinical grade device, so you can be confident in its results, he says.

Close-up of two hands holding a smartphone. On its display is a graph showing the user's heart rate. Photo: AliveCor With the Kardia Mobile, users can take 30-second electrocardiograms to determine whether their heart rate is normal and healthy.

Atrial fibrillation (AFib) is a condition where the heartbeat becomes erratic and the upper chambers of the heart quiver and shake. If theres a lurking blood clot, this shaking can b...

Super-Accurate GPS Chips Coming to Smartphones in 2018 IEEE Spectrum Recent Content full text

Broadcom has released the first mass-market GPS chips that use newer satellite signals to boost accuracy to 30-centimeters Illustration: Miguel Navarro/Getty Images

Weve all been there. Youre driving down the highway, just as Google Maps instructed, when Siri tells you to Proceed east for one-half mile, then merge onto the highway. But youre already on the highway. After a moment of confusion and perhaps some rude words about Siri and her extended AI family, you realize the problem: Your GPS isnt accurate enough for your navigation app to tell if youre on the highway or on the road beside it.

Those days are nearly at an end. At the ION GNSS+ conference in Portland, Ore., today Broadcom announced that it is sampling the first mass-market chip that can take advantage of a new breed of global navigation satellite signals and will give the next generation of smartphones 30-centimeter accuracy instead of todays 5-meters. Even better, the chip works in a citys concrete canyons, and it consumes half the power of todays generation of chips. The chip, the BCM47755, has been included in the design of some smartphones slated for release in 2018, but Broadcom would not reveal which.

GPS and other global navigation satellite services (GNSSs) such as Europes Galileo, Japans QZSS, and Russias Glonass allow a receiver to determine its position by calculating its distance from three or more satellites. All GNSS satelliteseven the oldest generation still in usebroadcast a message called the L1 signal that includes the satellites location, the time, and an identifying signature pattern. A newer generation broadcasts a more complex signal called L5 at a different frequency in addition to the legacy L1 signal. The receiver essentially uses these signals to fix its distance from each satellite based on how long it took the signal to go from satellite to receiver.

Broadcoms receiver first locks on to the satellite with the L1 signal and then refines its calculated position with L5. The latter is superior, especially in cities, because it is much less prone to distortions from multipath reflections than L1.

A chart shows three horizontal red lines. The top line has a broad green triangle. The center line has three overlapping broad trianglesgreen, blue, and purple. The bottom line has three narrow trianglesgreen, blue, and purplewhich do not overlap. IIlustration: Broadcom

In a city,...

23:22

Death Becomes AR: How The Military Is Using Augmented Reality SoylentNews

Arthur T Knackerbracket has found the following story:

Depending on where you rest your hat, the words "AR battle" could mean some very different things. You might still be hankering to have your Pikachu rain down lightning on a friends' Squirtle in Pokemon Go, or, if you're recovering from the iPhone X launch, be wondering when you'll be able to send your mini troops into a tabletop augmented reality warzone in Directive Games' The Machines.

But if you're among the thousands in attendance at the Defence and Security Equipment International 2017 (DSEI) conference at London's Excel Centre, those battles and warzones in question become altogether more real. As, while the consumer world waits patiently for the giants of Cupertino to lift the covers off the rumored Apple AR glasses, the military has been dabbling in augmented reality interfaces for years.

The transparent nature of AR glasses lets the wearer maintain situational and environmental awareness.

What was once the reserve of fighter pilots, the advances of Moore's Law means that impressive heads-up display units will soon be standard issue for regular ground troops. Through the use of wearable glasses and headsets, key data points will be overlaid onto a battlefield everything from mapping information to mission parameters to markers defining the movements of allied troops and enemy forces.

Topographical data can be relayed to a troop along with video feeds from remote overhead drones or fellow forces elsewhere on the field. All the while, the transparent nature of AR glasses (as opposed to the all-encompassing view of a virtual reality headset) lets the wearer maintain situational and environmental awareness. The potential chaos of what's going on around a soldier can still be seen and actioned upon.

Read more of this story at SoylentNews.

23:20

Advanced lm-sensors Tips and Tricks on Linux

Title: 
Advanced lm-sensors Tips and Tricks on Linux

23:15

Pam Keefe, Co-Organizer of RAADfest Bangkok, joins our Life Extension Board. Lifeboat News

Pam Keefe, Co-Organizer of RAADfest Bangkok, joins our Life Extension Board.

23:00

Maintaining Windows 10 security tops list of enterprise challenges Help Net Security

Companies are experiencing significant challenges in their attempts to keep their endpoints secure. Maintaining Windows 10 security topped the list of challenges with over half of respondents to an Adaptiva survey indicating it can take a month or more for IT teams to execute Windows OS updates, which ultimately leaves systems vulnerable. The survey revealed that most companies are unable to maintain endpoint security with consistency for a number of reasons, such as: The pace More

22:59

CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Open Source Security

Posted by on Sep 21

Hi,

Im a security researcher of Qihoo 360 GearTeam.
My partner Zhibin Hu and I found a vulnerability of libvorbis-1.3.5.
And we have applied for CVE-2017-14160 of this vulnerability.
================== test command ====================

ffmpeg Ci poc.mp4 Cy 1.mkv
// libvorbis-1.3.5 has been compiled into ffmpeg static.


I compile it as...

22:45

Twitter officials to testify amid Russia probe The Hill: Technology Policy

Representatives from Twitter will meet with staff from the Senate Intelligence Committee next week in connection with the panel's investigation of Russian interference in the 2016 presidential election.The social media company says that it...

22:44

Shocker: U.S. Allies Dont Trust NSA cryptogon.com

Via: Reuters: An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies. In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel []

22:24

How SS7 Flaw Can Be Used to Hack Gmail ID and Bitcoin Wallet HackRead

By Waqas

An old vulnerability in the Signalling System No. 7 (SS7)

This is a post from HackRead.com Read the original post: How SS7 Flaw Can Be Used to Hack Gmail ID and Bitcoin Wallet

21:50

Google Signs Agreement to Tackle YouTube Piracy TorrentFreak

Once upon a time, people complaining about piracy would point to the hundreds of piracy sites around the Internet. These days, criticism is just as likely to be leveled at Google-owned services.

YouTube, in particular, has come in for intense criticism, with the music industry complaining of exploitation of the DMCA in order to obtain unfair streaming rates from record labels. Along with streaming-ripping, this so-called Value Gap is one of the industrys hottest topics.

With rightsholders seemingly at war with Google to varying degrees, news from France suggests that progress can be made if people sit down and negotiate.

According to local reports, Google and local anti-piracy outfit ALPA (lAssociation de Lutte Contre la Piraterie Audiovisuelle) under the auspices of the CNC have signed an agreement to grant rightsholders direct access to content takedown mechanisms on YouTube.

YouTube has granted access to its Content ID systems to companies elsewhere for years but the new deal will see the system utilized by French content owners for the first time. Its hoped that the access will result in infringing content being taken down or monetized more quickly than before.

We do not want fraudsters to use our platforms to the detriment of creators, said Carlo DAsaro Biondo, Googles President of Strategic Relationships in Europe, the Middle East and Africa.

The agreement, overseen by the Ministry of Culture, will see Google provide ALPA with financial support and rightsholders with essential training.

ALPA president Nicolas Seydoux welcomed the deal, noting that it symbolizes the collapse of the wall of incomprehension that previously existed between Frances rightsholders and the Internet search giant.

The deal forms part of the French governments Plan of Action Against Piracy, in which it hopes to crack down on infringement in various ways, including tackling the threat of pirate sites, better promotion of services offering legitimate content, and educating children from an early age on the need to respect copyright.

The fight against piracy is the great challenge of the new century in the cultural sphere, said Frances Minister of Culture, Franoise Nyssen.

I hope this is just the beginning of a process. It will require other agreements with rights holders and other platforms, as well as at the European level.

According to...

21:47

Apache Bug Leaks Contents of Server Memory for All to SeePatch Now SoylentNews

Submitted via IRC for SoyCow1937

There's a bug in the widely used Apache Web Server that causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets, a freelance journalist has disclosed.

The vulnerability can be triggered by querying a server with what's known as an OPTIONS request. Like the better-known GET and POST requests, OPTIONS is a type of HTTP method that allows users to determine which HTTP requests are supported by the server. Normally, a server will respond with GET, POST, OPTIONS, and any other supported methods. Under certain conditions, however, responses from Apache Web Server include the data stored in computer memory. Patches are available here and here.

[...] Optionsbleed, by contrast [to Heartbleed], doesn't pose as big a threat, but its effects can still be damaging. The risk is highest for server hosts that allow more than one customer to share a single machine. That's because Optionsbleed allows customers to exploit the flaw in a way that exposes secret data from other customers' hosts on the same system. On the Internet at large, the threat is less serious.

[...] Interestingly, the bug was first identified in 2014. Why it's only now being patched is unclear.

Source: https://arstechnica.com/information-technology/2017/09/apache-bug-leaks-contents-of-server-memory-for-all-to-see-patch-now/

[Note: I checked with TheMightyBuzzard, and was informed that, though SoylentNews does run Apache, our systems are configured in such a way as to not expose OPTIONS. In other words, it is believed that we are not susceptible. --martyb]


Original Submission

Read more of this story at SoylentNews.

21:30

See This Mesmerizing 3D Printed Water Droplet Automaton Hackaday

Water Experiment No. 33 by [Dean OCallaghan]Most modern automata are hand-cranked kinetic sculptures typically made from wood, and [videohead118] was inspired by a video of one simulating a wave pattern from a drop of liquid. As a result, they made a 3D printed version of their own and shared the files on Thingiverse.

In this piece, a hand crank turns a bunch of cams that raise and lower a series of rings in a simulated wave pattern, apparently in response to the motion of a sphere on a central shaft. The original (shown in the animation to the right) was made from wood by a fellow named [Dean OCallaghan], and a video of it in its entirety is embedded below the break.

If this sort of thing piques your interest, you can see examples of some modern takes on the art or marvel at the 240 year old clockwork masterpiece known as the Boy Writer.


Filed under: 3d Printer hacks ...

21:29

NVIDIA Continues Prepping The Linux Desktop Stack For HDR Display Support Phoronix

Besides working on the new Unix device memory allocator project, they have also been engaged with upstream open-source Linux developers over preparing the Linux desktop for HDR display support...

21:13

SEC Discloses Hackers Broke Into Edgar Corporate Filing System Last Year The Hacker News

This month has been full of breaches. Now, the Securities and Exchange Commission (SEC), the top U.S. markets regulator, has disclosed that hackers managed to hack into its financial document filing system and may have illegally profited from the stolen information. On Wednesday, the SEC announced that its officials learnt last month that a previously detected 2016 cyber attack, which

21:07

Beignet OpenCL Now Supports LLVM 5.0 Phoronix

For those making use of Beignet for Intel graphics OpenCL acceleration on Linux, it finally has added support for LLVM 5.0...

20:53

H1 2017 Twitter suspended a total of 935,897 accounts for the promotion of terrorism Security Affairs

Twitter published its Transparency Report related to H1 2017, the company suspended 935,897 accounts for the promotion of terrorism.

Twitter suspends 299,000 accounts linked to terrorism in the first six months of 2017, the company revealed that 75 percent of the infringing accounts were suspended before their first tweet confirming the huge efforts in fighting online propaganda and other activities linked to this threat.

According to data provided in the transparency report, Twitter confirmed that 95 percent of the suspended accounts for the promotion of terrorism were identified by using internal tools designed to identify and block spam, government requests accounted for less than 1% of account suspensions.

One-quarter of those infringing accounts were suspended before the accounts posted their first tweet.

It is interesting to note that according to the report published by the social media giant, fewer than 2 percent of accounts that were suspended were reported by governments worldwide.

Governments submitted 716 separate reports that triggered the suspension of 5,929 accounts.

The second largest volume, a little more than 2% of global reports, fell within the promotion of terrorism category. Under this category of reports, we are referring to accounts that actively incite or promote violence associated with internationally recognized terrorist organizations, promote internationally recognized terrorist organizations, and accounts attempting to evade prior enforcement. states a blog post published by Twitter.

Twitters continued commitment to eliminate such activity from our platform has resulted in an 80% reduction in accounts reported by governments compared to the previous reporting period of July 1, 2016 through December 31, 2016. Notably, government requests accounted for less than 1% of account suspensions for the promotion of terrorism during the first half of this year.

Almost every government is stressing technology company to adopt measures to fight online terrorism, UK and France proposed fines for those companies that dont collaborate or fail to curb terrorist activities online.

Tech giants Facebook, Microsoft, Twitter, and YouTube pledged to improve the information sharing by building a database of digital fingerprints of terrorism-related content removed from their services.

Twitter received 6,448 demands for data from governments in the...

20:49

Intel Preps Their First Batch Of Graphics Changes For Linux 4.15 Phoronix

The first batch of drm-intel-next changes are ready to be queued in DRM-Next as feature work for eventually merging to mainline come the Linux 4.15 merge window...

20:47

The Eye-Opening Power of Cultural Difference

Inclusivity is the quality of an open organization that allows and encourages people to join the organization and feel a connection to it. Practices aimed at enhancing inclusivity are typically those that welcome new participants to the organization and create an environment that makes them want to stay.

20:37

The Four Layers of Programming Skills

When learning how to code for the first time, there's a common misconception that learning how to code is primarily about learning the syntax of a programming language. That is, learning how the special symbols, keywords, and characters must be written in the right order for the language to run without errors.

20:34

Valve Is Collaborating On GPUVis For Tuning Radeon Linux VR Performance Phoronix

One of the many interesting talks at yesterday's XDC2017 conference was Valve's Pierre-Loup Griffais talking about GPUVis...

20:30

Intel Unleashes Clear Containers 3.0, Written In Go Phoronix

Intel's Clear Linux team has rolled out their Clear Containers 3.0 technology...

20:12

I was just doing my job: Soviet officer who averted nuclear war dies at age 77 Lifeboat News: The Blog

A Soviet officer who prevented a nuclear crisis between the US and the USSR and possible World War III in the 1980s has quietly passed away. He was 77. In 2010 RT spoke to Stanislav Petrov, who never considered himself a hero. We look at the life of the man who saved the world.

A decision that Soviet lieutenant colonel Stanislav Petrov once took went down in history as one that stopped the Cold War from turning into nuclear Armageddon, largely thanks to Karl Schumacher, a political activist from Germany who helped the news of his heroism first reach a western audience nearly two decades ago.

On September 7, Schumacher, who kept in touch with Petrov in the intervening years, phoned him to wish him a happy birthday, but instead learned from Petrovs son, Dmitry, that the retired officer had died on May 19 in his home in a small town near Moscow.

20:12

Furiosity takes hike after information leak on live show Hacker News Bulletin | Find the Latest Hackers News

Ferocity and bad attitudes over malfunctions on shows has become widespread nowadays but a latest video leak of behind the scenes of a show has taken it to another level. An eight minute video released shows cuts of clips of Donnell getting extremely angry and fumed up over earpiece malfunctioning. In the video, Lawrence ODonnell

The post Furiosity takes hike after information leak on live show appeared first on Hacker News Bulletin | Find the Latest Hackers News.

20:11

Similar to robots.txt, security.txt Standard Proposed SoylentNews

Submitted via IRC for SoyCow5743

Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF Internet Engineering Task Force seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site's security policies.

The file is akin to robots.txt, a standard used by websites to communicate and define policies for web and search engine crawlers.

The distinction between security.txt and robots.txt is that security.txt will be used to communicate a company's security practices only, and is likely to be read by humans, rather than automated scanners.

For example, if a security researcher finds a security vulnerability on a website, he can access the site's security.txt file for information on how to contact the company and securely report the issue.

"When x0rz [well-known security researcher] tweeted about my proposal I realized that this was something people really wanted and that it was time to start writing up an RFC draft," Foudil said.

[...] Right now, security.txt is at the status of Internet Draft, which is the first IETF regulatory step in a three-stage process that also includes RFC (Request For Comment) and official Internet Standards.

"Once security.txt becomes an RFC the focus will shift to spreading the word and encouraging companies to setup a security.txt file," Foudil told Bleeping Computer.

"Several bug bounty platforms have already offered to help out with this step and hopefully if some of the big companies have a security.txt this will set a good example that could convince others to follow suit."

Source: https://www.bleepingcomputer.com/news/security/security-txt-standard-proposed-similar-to-robots-txt/


Original Submission

Read more of this story at SoylentNews.

19:57

Kubernetes Gains Momentum as Big-Name Vendors Flock to Cloud Native Computing Foundation

Like a train gaining speed as it leaves the station, the Cloud Native Computing Foundation is quickly gathering momentum, attracting some of the biggest names in tech.

19:30

The Cloud-Native Architecture: One Stack, Many Options

As the chief technology officer of a company specialized in cloud native storage, I have a first hand view of the massive transformation happening right now in enterprise IT. In short, two things are happening in parallel right now that make it radically simpler to build, deploy and run sophisticated applications.

The first is the move to the cloud. This topic has been discussed so much that I wont try to add anything new. We all know its happening, and we all know that its impact is huge.

19:25

Scientists Edit Embryos Genes to Study Early Human Development cryptogon.com

Via: Reuters: British scientists have used a genome editing tool known as CRISPR/Cas9 to knock out a gene in embryos just a few days old, testing the techniques ability to decipher key gene functions in early human development. The researchers said their experiments, using a technology that is the subject of fierce international debate because []

19:12

East Asias Patent Peril and the Curse of Patent Trolls Techrights

From manufacturing to merely taxing manufacturers?

A factory

Summary: The high cost of Chinas new obsession with patents and the never-ending saga of Samsung (Korea), which gets dragged into courts not only in the US but also in China

THE unit once owned by Google (now Lenovo) namely Motorolas mobile business is in the news again. IAM says that the judge who oversaw Microsofts patent war on Linux (Android/Motorola) is upset that Britain now enables patent trolls to operate in London (we wrote a lot about this decision at the time). Huawei, a Chinese giant and leading Android OEM, was attacked by Ericssons patent troll. As IAM puts it:

US district court judge James Robart has taken aim at the decision handed down by Justice Colin Birss in the high profile London High Court SEP/FRAND case of Unwired Planet v Huawei, decided earlier this year. Speaking at the annual IPO meeting in San Francisco yesterday, Robart who handed down the famous Microsoft v Motorola decision in 2013 and sits in the Western District of Washington said that Birss was wrong to offer specific royalty rates for the technology in question, rather than offering a range, and stated that he did not expect the judgment to be particularly influential in US courthouses.

[...]

Robarts claim that the Unwired decision wouldnt have much influence over US courts has previously been made by former Chief Judge for the Federal Circuit Paul Michel who told this blog after the London ruling was handed down that the US legal system was traditionally inward looking and so rarely paid much heed to overseas cases. Of course, judges around the world often disagree on key areas of patent law the Supreme Courts rulings in several patent eligibility cases has meant that the US is out-of-step with many jurisdictions in sectors like medical diagnostics but Robarts comments highlight the degree to which the law in FRAND licensing remains unsettled.

This decision ought to have been a wake-up call for Huawei, Lenovo (now holding Motorolas assets), and China in general. Patent maximalism harms them everywhere. IAM also wrote about t...

19:12

Nanotechnology to treat cancer? Lifeboat News: The Blog

The therapy has been approved by the FDA for phase one clinical trials at three U.S. institutions: the Greenebaum Cancer Center of the University of Maryland, the Medical University of South Carolina and the University of Virginia Cancer Center.

19:06

Why you should care about the meat industry Terra Forming Terra


What is so wrong about the meat industry is the attempt to subject it to mass production.  So far the results have been unsatisfactory in a number of ways. This is a pretty good list.

I do think that we have to abandon the whole protocol generally and focus on establishing land and human friendly herds.  That does mean small pastured cattle herds which the land can bear.  It means free range chicken growing that also specializes in soil turning as well; as egg production.  Both methods sharply lowers the use of grains except to late fatten for slaughter.

We already know how to do this using modern  power equipment as well to assist.

The whole butchering enterprise needs to also be sharply scaled back to a size where an operator can avoid throughput thinking...

...

WHY YOU SHOULD CARE ABOUT THE MEAT INDUSTRY


September 6, 2017


Wes Annac, Contributor

http://www.wakingtimes.com/2017/09/06/care-meat-industry/


You dont have to be a vegetarian or animal activist to be angry with whats happening in the meat industry. Corruption and abuse litter an industry that provides food in inhumane ways for the sake of profit.


In this article, well be discussing things I wish werent happening and am therefore doing my part to help stop. Some parts of this article might be tough to read, but by sharing this difficult information with you, I hope to help you see why you should care.


Vegetarians and meat eaters can work together to effect much-needed change in the industry if we can learn the facts and commit to this common goal. The cause is important for those who want to protect animals and those who want to ensure meat is produced ethically (and is thus safer for consumption).


The first reason you should be concerned is that despite recent changes in regulation, the industry remains the same.


Recent Regulation Changes Have Not Solved the Industrys Biggest Problems


Henry Imhoff Helena wrote...

18:52

Discovery helps engineer more accurate Cas9s for CRISPR editing Lifeboat News: The Blog

Detailed study of how Cas9 protein domains move when they bind DNA leads to re-engineered Cas9 with fewer off-target effects.

18:33

Instead of Protecting the Earth, EPA Agents Now Forced to Serve as Pruitt Bodyguards SoylentNews

Common Dreams reports

Thanks to a hiring freeze, budget cuts, and the exorbitant travel needs of Trump's cabinet, Environmental Protection Agency (EPA) agents are being forced to ditch climate crime investigations in order to serve as personal bodyguards for EPA administrator Scott Pruitt, resulting in what one critic called an "evaporation of criminal enforcement".

"The EPA head has traditionally had one of the smallest security details among cabinet members," the Washington Post reported [September 19]. But Pruitt's expansive security team--which cost taxpayers over $830,000 in his first three months as EPA chief--has shattered all precedent.

"This never happened with prior administrators", Michael Hubbard, former head of the EPA Criminal Investigation Division's Boston office.

Pruitt's 24/7, 18-member security detail "demands triple the manpower of his predecessors" and is forcing "officials to rotate in special agents from around the country who otherwise would be investigating environmental crimes", the Post's Juliet Eilperin and Brady Dennis noted.

These officials "signed on to work on complex environmental cases, not to be an executive protection detail", Hubbard observed. "It's not only not what they want to do, it's not what they were trained and paid to do."

The impact of this transfer of resources can already be seen in the rapidly falling number of new cases opened by the EPA's Criminal Investigation Division. Eilperin and Dennis note that the "current fiscal year is on pace to open just 120 new cases...down sharply from the 170 initiated last year".


Original Submission

Read more of this story at SoylentNews.

18:30

Pneumatic Origami Hackaday

Odds are that if youve been to the beach or gone camping or somewhere in between, you are familiar with inflatable products like air mattresses. Its nothing spectacular to see a rectangle inflate into a thicker, more comfortable rectangle, but what if your air mattress inflated into the shape of a crane?

Weve seen similar ideas in quadcopters and robots using more mechanical means, but this is method uses air instead. To make this possible, the [Tangible Media Group] out of [MITs Media Lab] have developed aeroMorph a program that allows the user to design inflatable constructs from paper, plastic or fabric with careful placement of a few folding joints.

These designs are exported and imprinted onto the medium by a cartesian coordinate robot using a heat-sealing attachment. Different channels allow the medium to fold in multiple directions depending on where the air is flowing, so this is a bit more complicated than, say, a bouncy castle. That, and its not often you see paper folding itself. Check it out!

...

18:29

USPTO Starts Discriminating Against Poor People, and Does So Even When They Rightly Point Out Errors Techrights

Forget these photo-ops, he doesnt work for the children (patent indoctrination starts early)

USPTO's Leadership
Source: USPTOs Leadership blog

Summary: Even though the burden of proof ought to be on one who grants a monopoly, the legal costs are being offloaded onto those who challenge an erroneously-granted monopoly (even if the court sides with the challenger)

YESTERDAY we wrote about a bogus Google patent making its way through the system. The Polish challenger could not afford legal advice and therefore it seems likely that Google will get its way. Such is the nature of the system today and it seems to have just gotten worse. As one firm put it a few days ago (emphasis below is ours):

The US Patent and Trademark Office (USPTO) recently began making applicants who challenge agency rulings on trademarks and patents in district court pay the attorney fees and expenses of the agency, regardless of the cases outcome. This was supported by the Fourth Circuit Court of Appeals for trademarks in 2015, and more recently by a panel of the Court of Appeals for the Federal Circuit for patents in Nantkwest, Inc v Matal (June 23 2017). However, the Federal Circuit appears to be having second thoughts, as in August 2017 it vacated the Nantkwest panel decision of its own accord and ordered a rehearing by the full court.

This is really bad. So its going to get a lot harder for anyone other than large corporations to point out errors in examination. In addition to this, theres now a big lobby (led by trolls and parasites) against PTAB, which has made challenges more affordable.

Whose system is this and what is it for? It was supposed to correctly issue patents and revoke/reject applications where triviality/prior art, for instance, could be demonstrated/shown.

The USPTO grants patents which certainly look like parody sometimes. Consider this example of a patent, spotted by Dennis Crouch the other day. Notice the length:

...

17:56

Ambrose Chan Enters Document Security Systems (DSS), a Partly Patent Troll Entity Techrights

De-storying the destructive strategy of destroying ones competitors (by litigation).

Summary: The Board of Directors of DSS enlists a man from Singapore, whose lack of technical background suggests that the company is still more of a bully than an innovator

Serial litigator DSS is at it again, hiring non-technical people as its real business collapses. For background, read this 2012 article about DSS (comparing it to Vringo, a patent troll).

According to this press release and form (8-K), DSS turns to Singapore, which harbours some patent trolls (not just tax evaders, having become one of the top 5 places for people to pursue tax havens in), and hires this man:

While Chan does not appear to have much of a background in technology or intellectual property, his comments when appointed as a board member suggest that his focus is on the operating part of DSSs business.

[...]

Todays incarnation of DSS is the product of the first known merger between an NPE (Lexington Technology Group) and an operating business. Ronaldi, who led the previous standalone patent licensing business, took over as chief of the merged entity in 2013.

Its true that DSS may still have some products, but those are gradually going away as the company turns to serial litigation (NPE is a euphemism for patent troll). Earlier this year it filed lawsuits in the Eastern District of Texas.

Meanwhile, over at IP Kat theres...

17:43

Night Vision Enabled Security Cameras Secretly Transfer Your Data HackRead

By Waqas

A team of researchers from the Ben-Gurion University of the

This is a post from HackRead.com Read the original post: Night Vision Enabled Security Cameras Secretly Transfer Your Data

17:30

Dear Texas, how many times do we have to rebuild the same house? (You're next Florida) Terra Forming Terra




















How Precient as Irma barrels in to possibly take out Miami while i write this.

Look ladies, in terms of geologic time and not human time, coastal builds are destroyed consistently and should not be entertained unless necessary and then be built to withstand  a major tsunami at least.  Recall that the entire East Coast was depopulated 1500 years ago deep inland through what appears to be the effect of an asteroid impact in the Atlantic.


We need to anticipate a water line similar to what Houston just experienced and deep set backs from the coast itself preferably filled with healthy woodland several miles deep to break up a storm tide.

Then all builds need to insist on concrete to the top of that water line.  I am getting tired of seeing wet dry wall and moldy studs.

At the same time all subsidy needs to be dropped and a premium insurance scheme for anything built there.

I would also go as far as insisting that beach residences be simply movable as well.  Who needs piles of debris?  Of course pretty soon we can build gravity platforms and then perhaps we can elevate buildings :-).  Or perhaps we simply insist on jack up buildings on piles that climb twenty feet when needed.  Great for a beach and may well become popular..



Dear Texas, how many times do we have to rebuild the same house? (You're next Florida)

Written by Jim Bovard Date: 09-01-2017 

https://www.freedomsphoenix.com/Article/224737-2017-09-01-dear-texas-how-many-times-do-we-have-to-rebuild.htm

...

17:30

Obama's heartfelt post on DACA Terra Forming Terra

  



As it should of course.  However, it is also rather clear that this is a hard ball tactic aimed at getting congress to generate a proper immigration act.  The problem is that it is even necessary at all.  

More obviously the original resolution was by executive order and that is also deemed unconstitutional no less by observers.  Thus the situation added to the behavior in simply applying the law by the administration is a tell that we have a war going on that has eliminated rational resolution without serious duress applied.

What Trump has done is put himself in position to blame his opponents for their real failures, rather than wearing it all himself.  This may work to focus their attention as well instead of dreaming up bombs to throw at Trump.

.

Obama's heartfelt post on DACA is going viral.

'Its up to Members of Congress to protect these young people and our future. Im heartened by those whove suggested that they should.'




by Parker Molloy 

http://www.upworthy.com/obamas-heartfelt-post-on-daca-is-going-viral?c=upw1

On Tuesday morning, Attorney General Jeff Sessions announced plans to wind down former President Obama's Deferred Action for Childhood Arrivals (DACA) program.

Announced in June 2012, DACA was implemented to give undocumented immigrants who were brought here as children some peace of...

17:30

Bionic lens can make vision three times better than 20-20 Terra Forming Terra







This is the beginning that essentially eliminates all forms of corrective lenses.  Add in the three fold improvement over normal vision and this becomes a profitable trade off.

Now if we can add in a few extras such an ability to sense a wide range of ultraviolet light as well it would soon be unstoppable.

It should not be too difficult to integrate this with computer tech as well to allow data gathering that is noninterfering.
.
Bionic lens can make vision three times better than 20-20


brian wang | September 5, 2017 |


https://www.nextbigfuture.com/2017/09/bionic-lens-can-make-vision-three-times-better-than-20-20.html

The Bionic Lens is a dynamic lens that replaces the natural lens inside the eye via one of the most common and successful procedures in medicine cataract surgery. Once there, the lens restores clear vision at all distances without any visual quality problems. It can auto-regulate within the eye by connecting to the muscles that change the curvature of our natural lenses, which allows it to focus at different ranges potentially much wider ranges than our natural sight is capable of. In addition, because the Bionic Lens responds with less than 1/100 the amount of energy of the natural lens, you can also focus on something all day without any strain on the eyes.

The Bionic Lens could improve on the 20/20 vision threefold. Imagine that you can see a clocks dial 10 feet away. With the lens you would be able to see the dial in the same detail when it is 30 feet away.



Future Bionic lens could also include projection systems that will give the user capabilities of projecting their phone screen, or integrating NASA technologies to allow for better focusing resolution than anything seen before, or even installing a system that allows for slow drug delivery inside the eye.

Initially the system will cost $3200 per lens without including the cost of the surgery.
...

17:30

Loyalty Nearly Killed My Beehive - Issue 52: The Hive Nautilus


Some time ago I read a short story by Roald Dahl called Royal Jelly. Its the tale of a father desperately searching for ways to save his malnourished infant daughter who refuses her mothers milk. This man is an apiarist, and while looking for answers, he picks up the latest article on royal jellythe microbial mix that honeybees feed to their larva when they want to raise a new queen. Royal jelly must be a substance of tremendous nourishing power, he eventually tells his wife when she discovers that he has been secretly feeding it to their child, for on this diet alone, the honey-bee larva increases in weight 1500 times in five days! Soon his daughter is rapidly gaining weight and ravenous for her milk.

I became fascinated with bees after reading this story. I bought guidebooks, joined beekeeping meet-ups, watched documentaries, and, last year, finally sent away for a nuc of 20,000 bees. I asked a friend if she thought this was a good idea, and after a telling pause, she said, Well, youll have to be okay with being that guy. Undeterred, I installed the bees on the roof of my Brooklyn apartment and began the
Read More

Manhattans God of Insects - Issue 52: The Hive Nautilus


The corpse-colored door hides in plain sight among SoHos posh boutiques. I pass by it at first, missing the 107 Spring address plaque in tarnished brass. Peering at the buzzer to verify the tenants, I spot the name Stevens. Written below in all caps and in Baskerville font, I spot the word entomology.

Through the safety glass, a dark lanky figure appears at the top of a steep staircase. As he comes closer, I can see hes wearing camouflage cargo shorts, an octopus-emblazoned T-shirt, and strappy hiking sandals. This is Lawrence Forcella, or Lorenzo, who has invited me to this sequestered spot in Lower Manhattan. His stylishly bald head, beard, fat silver earrings, and charisma evoke a modern-day geniean apropos reference given his daily feats. I say this because after he greets me, we go upstairs to the 400-square-foot room where Lorenzo and a handful of artisans breathe life into dead bugs.

moth mosaic: Lawrence Forcella considers this 40 X 40 display one of his finest works.Courtesy of Lawrence Forcella

We process thousands of insects a year, he says as we walk past giant shadowboxes  filled with alive-ish specimens in the former apartment. This shrine to biodiversity has an inherent
Read More

The Perils of Letting Machines into the Hive Mind - Issue 52: The Hive Nautilus


In the preface to Saint Joan, his play about Joan of Arc, the teenager whose visions of saints and archangels stirred soldiers into battle early in the 15th century, George Bernard Shaw makes a surprisingly compelling argument that following Joan of Arcs mystical visions was at least as rational as following a modern-day general into todays battlefield full of highly technological and incomprehensible weapons of war. His argument is that the warrior of the 20th century was driven as much by faith as the warrior of the 15th century:

In the Middle Ages people believed that the earth was flat, for which they had at least the evidence of their senses: We believe it to be round, not because as many as one percent of us could give the physical reasons for so quaint a belief, but because modern science has convinced us that nothing that is obvious is true, and that everything that is magical, improbable, extraordinary, gigantic, microscopic, heartless, or outrageous is scientific.

Hyperbole, for sure, but it is remarkable how much we depend on what were told to get by in the modern world. So little of what happens to us is understood through direct sensory
Read More

Modern Media Is a DoS Attack on Your Free Will - Issue 52: The Hive Nautilus


Its not that James Williams, a doctoral candidate at the Oxford Internet Institutes Digital Ethics Lab (motto: Every Bit as Good), had a God, what I have I done? moment during his time at Google. But it did occur to him that something had gone awry.

Williams joined Googles Seattle office when it opened in 2006 and went on to win the companys highest honor, the Founders Award, for his work developing advertising products and tools. Then, in 2012, he realized that these tools were actually making things harder for him. Modern technology platforms, he explained to me, were reimposing these pre-Internet notions of advertising, where its all about getting as much of peoples time and attention as you can.

By 2011, he had followed his literary and politico-philosophical bent (he is a fan of George Orwells 1984 and Aldous Huxleys Brave New World) to Oxford, while still working at Googles London office. In 2014, he co-founded Time Well Spent, a movement to stop technology platforms from hijacking our minds, according to its website. Partnering with Moment, an app that tracks how much time you spend in other apps, Time Well Spent asked 200,000 people to rate the apps they used the mostafter seeing the
Read More

17:13

How to find and replace text/IP address with Ansible nixCraft

I need to find an IP address in the sshd_config file and replace with a fresh one for over 100+ VMs. How do I use Ansible to do so? Is it possible to search replace single string or IP address? Yes, you can use the following Ansible modules: replace This module will replace all Continue reading "How to find and replace text/IP address with Ansible"

17:08

UPC Threatens to Weaponise Software Patents in Countries That Forbade These Techrights

Cannon

Summary: The reality of software patents in Europe and what a Unified Patent Court (UPC) would mean for these if it ever became a reality

Having to inspect the patent database before writing a single line of code, thats not what I call Happy Programmers Day, Benjamin Henrion wrote the other day, adding that it does not change much to the fact that the EPO and al [sic] still forces you to read their invention garbage.

The EU rejects software patents, but the EPO flagrantly disobeys the rules, instructions, common sense etc.

Henrion took note of this new article from an EPO-friendly site, relaying the words of Francisco Mingorance [who is] executive secretary of IP Europe, a lobby group representing European technology companies and research institutes.

Open standards and Francisco Mingorance do not go well in the same sentence, Henrion wrote. We now await a communication from the European Commission on FRAND licensing this autumn, he added. FRAND is a euphemism for patent traps inside standards.

To say the least, Mingorance is an enemy of programming. He used to work for the Business Software Alliance (BSA), a pro-FRAND, anti-FOSS, pro-software patents lobby (and the whole bundle of Microsoft lobbying).

At the moment, the main concern we have is that Unitary Patent lobbying threatens to bring software patents to more countries, even countries which explicitly disallow software patents. We wrote many articles about that before.

Theres one particular comment in IP Kat which reinforces our views about the UPC. The comment is very long so its author was prevented from posting it (or rather having it published) to the point of...

16:55

Iranian cyber spies APT33 target aerospace and energy organizations Security Affairs

The Iran-linked APT33 group has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea.

According to security firm FireEye, a cyber espionage group linked to the Iranian Government, dubbed APT33, has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea.

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production.

From mid-2016 through early 2017, APT33 compromised a U.S. organization in the aerospace sector and targeted a business conglomerate located in Saudi Arabia with aviation holdings. reads a blog post published by FireEye.

During the same time period, APT33 also targeted a South Korean company involved in oil refining and petrochemicals. More recently, in May 2017, APT33 appeared to target a Saudi organization and a South Korean business conglomerate using a malicious file that attempted to entice victims with job vacancies for a Saudi Arabian petrochemical company.

According to the experts, the APT33 group is gathering information on Saudi Arabias military aviation capabilities to gain insight into rivals in the MiddleEast.

We assess the targeting of multiple companies with aviation-related partnerships to Saudi Arabia indicates that APT33 may possibly be looking to gain insights on Saudi Arabias military aviation capabilities to enhance Irans domestic aviation capabilities or to support Irans military and strategic decision making vis a vis Saudi Arabia, continues FireEye.

We believe the targeting of the Saudi organization may have been an attempt to gain insight into regional rivals, while the targeting of South Korean companies may be due to South Koreas recent partnerships with Irans petrochemical industry as well as South Koreas relationships with Saudi petrochemical companies, 

The cyberspies leverage spear phishing emails sent to employees whose jobs related to the aviation industry.

...

16:54

Study Says Apple Data-Mining Safeguards Don't Protect Privacy Enough SoylentNews

Submitted via IRC for SoyCow5743

During last year's WWDC in June 2016, Apple noted it would be adopting some degree of differential privacy methods to ensure privacy while the company mined user data on iOS and Mac OS. In short, the technique adds noise to data that scrambles it enough to prevent it from becoming identifiable -- though the company made clear at the time that its data collection process was opt-in. Over a year later, a study claims that Apple's methods fall short of the digital privacy community's expectations for how much a user's data is kept private.

As they reveal in their study (PDF), researchers from the University of Southern California, Indiana University and China's Tsinghua University evaluated how Apple injects static into users' identifiable info, from messages to your internet history, to baffle anyone looking at the data, from the government to Apple's own staff. The metric for measuring a setup's differential privacy effectiveness is called a "privacy loss parameter" or, as a variable, "epsilon." In this case, the researchers discovered that Apple's epsilon on MacOS allowed a lot more personal data to be identifiable than digital privacy theorists are comfortable with, and iOS 10 permits even more.

Apple has refuted the study's findings, especially on its alleged ability to link data to particular users.

Source: https://www.engadget.com/2017/09/15/study-says-apple-data-mining-safeguards-dont-protect-privacy-en/


Original Submission

Read more of this story at SoylentNews.

16:24

The Latest Lies About the Unitary Patent (UPC) and CIPOs Participation in Those Techrights

They got CETA, but they wont get UPC

UPC truth

Summary: Team UPC continues to overplay its chances, conveniently ignoring simple facts as well as the Rule of Law

THE EPO is quiet. So is SUEPO, the staff union of the EPO, whose Web site has not been updated for a while. On the UPC front, however, spin continues. Left unchallenged, some people out there might even believe it. Team UPC extravagantly lies, exaggerates, and places too much emphasis on perceived positives. Everything else is discarded, ignored, or ridiculed.

As we noted earlier this week, theres UPC propaganda coming to Canada pretty soon. We cant help but wonder, why would anyone actually pay to be lied to by Team Battistelli about the UPC in Montreal (Canada)? Maybe to make contacts/connections? A few days ago CIPO wrote: Only 2 days left to register to the #Montreal roadshow with @EPOorg on Unitary #Patent & Unified Patent Court!

Thats just basically Battistellis right-hand liar. Shell be spreading the usual lies there. They will have the audience believe that the UPC is coming very soon. Bristows is doing the same thing this week, with staff pretty much repeating themselves regarding Scotland (never mind the reality of Brexit).

IAMs chief editor also did his thing earlier this week. The UK-based IAM is perfectly happy that the EPOs declining patent quality (which IAM helps Battistelli deny) brings its beloved patent trolls to Europe. Joff Wild speaks of the UPC again, joined by the term BigTech with the usual whipping boy being Google. Here are some portions:

And that brings me to patents. As everyone in the IP market knows, over recent year Europe has emerged as a much more important part of the equation for patent owners seeking to assert their rights. For multiple reasons including the perceived quality of EPO-granted assets, speed to get a decision, the relatively low cost of litigating, the expertise of courts and...

15:59

FedEx announces $300m in lost business and response costs after NotPetya attack Security Affairs

FedEx is the last firm in order of time that disclosed the cost caused by the massive NotPetya, roughly $300m in lost business and response costs.

The malware compromised systems worldwide, most of them in Ukraine, the list of victims is long and includes the US pharmaceutical company Merck, the shipping giant Maersk, the Ukraines central bank, Russian oil giant Rosneft, advertising group WPP, TNT Express and the law firm DLA Piper.

According to the second quarter earnings report published by Maersk, there were expecting losses between $200 million and $300 million due to significant business interruption because the company was forced to temporarily halt critical systems infected with the ransomware.

The situation announced by FedEx is also disconcerting, its systems will only be fully restored only at the end of September, three months after the incident.

The worldwide operations of TNT Express were significantly affected during the first quarter by the June 27 NotPetya cyberattack. Most TNT Express services resumed during the quarter and substantially all TNT Express critical operational systems have been restored. However, TNT Express volume, revenue and profit still remain below previous levels, the company said on Tuesday.

Operating results declined due to an estimated $300 million impact from the cyberattack, which was partially offset by the benefits from revenue growth, lower incentive compensation accruals and ongoing cost management initiatives,

NotPetya

 

During a conference call with financial analysts on Tuesday, FedEx chief information officer Rob Cart...

15:30

An Unconference Badge Thats Never Gonna Give You Up Hackaday

When your publication is about to hold a major event on your side of the world, and there will be a bring-a-hack, you abruptly realise that you have to do just that. Bring a hack. With the Hackaday London Unconference in the works this was the problem I faced, and Id run out of time to put together an amazing PCB with beautiful artwork and software-driven functionality to amuse and delight other attendees. It was time to come up with something that would gain me a few Brownie points while remaining within the time I had at my disposal alongside my Hackaday work.

The badge internals.The badge internals.

I evaluated a few options, and ended up with a Raspberry Pi Zero as an MP3 player through its PW...

15:10

The Patents Policy of Facebook is Causing an Exodus Techrights

They trust me. Dumb fucks

Mark Zuckerberg, President and Founder of Facebook (source)

Summary: Yet another major player walks away from Facebooks code because of software patents

THE history of Facebook when it comes to patents is anything but relieving.

Facebooks dirty patent games have in fact just driven away another company. We didnt write much about this controversy until recently (relegated to our daily links), but now that the cautionary tale grows wings we decided its worth a mention. Last night there was another new example of this, with Gitlab being the latest to walk away. As The Register put it:

Using GraphQL, an increasingly popular query language for grabbing data, may someday infringe upon pending Facebook patents, making the technology inherently problematic for corporate usage.

In an analysis posted to Medium and in a related discussion in the GraphQL repo on GitHub, attorney and developer Dennis Walsh observed that Facebooks GraphQL specification doesnt include a patent license. In other words: using GraphQL in your software may lead to your code infringing a Facebook-held patent on the technology in future.

The patents (as of a few weeks ago) were granted but not issued, said Walsh in an email to The Register today. Damages can start before issuance but litigation cannot. But post-issuance, the threat is very real. My reading of two GraphQL granted applications and the GraphQL spec is that any properly implemented GraphQL server infringes.

Whats pleasing to see here is that fairly large companies, not just individual developers, are willing to throw away code because of patent clauses. Spectators should take that for a sign that software patents have no room in software development. Theres a price to be paid for clinging onto them.

15:05

"Researcher" Says This Saturday Will be the End of the World SoylentNews

If you had big plans this weekend, David Meade regrets to inform you that the world will be ending Saturday.

Meade, a Christian numerologist and self-described "researcher," says Sept. 23 is foretold in the Bible's Book of Revelation as the day a series of catastrophic events will begin, and as a result, "a major part of the world will not be the same," the Washington Post reports.

The Bible prophecies a woman "clothed with the sun" and a "crown of 12 stars" giving birth to a boy who will "rule all the nations" while she fights off a seven-headed dragon. The woman, Meade says, is the constellation Virgo, which on Saturday will be positioned under nine stars and three planets, per Popular Mechanics.

The baby boy will be the planet Jupiter, which will be moving out of Virgo on that night.

According to Meade, who says he studied astronomy at an unspecified university in Kentucky, the great change in our world will be the result of the arrival of Nibiru, a planet famous in conspiracy circles but which astronomers say doesn't exist.

http://wnep.com/2017/09/20/researcher-says-this-saturday-will-be-the-end-of-the-world/
https://www.washingtonpost.com/news/acts-of-faith/wp/2017/09/17/the-world-as-we-know-it-is-about-to-end-again-if-you-believe-this-biblical-doomsday-claim/ (soft paywalled)


Original Submission

Read more of this story at SoylentNews.

14:31

Links 20/9/2017: Wine Staging 2.17, Randa 2017, Redox OS 0.3.3 Techrights

GNOME bluefish

Contents

GNU/Linux

  • 5 fundamental differences between Windows 10 and Linux

    This comparison really only scratches the surface. And dont get me wrong, there are areas where Windows 10 bests Linux (few, but they do exist). In the end, however, the choice is yours. Chances are youll be making the choice based on which platform will allow you get more work done and do so with a certain level of efficiency and reliability. I would highly recommend, to anyone, if Linux can enable you to get your work donegive it a go and see if you dont find it more dependable and predictable.

  • Desktop

    • Manchester police still relies on Windows XP

      Englands second biggest police force has revealed that more than one in five of its computers were still running Windows XP as of July.
      Greater Manchester Police told the BBC that 1,518 of its PCs ran the ageing operating system, representing 20.3% of all the office computers it used.
      Microsoft ended nearly all support for the operating system in 2014. Experts say its use could pose a hacking risk.
      The figure was disclosed as part of a wider Freedom of Information request.
      Even if security vulnerabilities are identified in XP, Microsoft wont distribute patches in the same way it does for later releases of Windows, said Dr Steven Murdoch, a cyber-security expert at University College London.

    • Pixelbook leak: Googles new high-end Chromebook expected October 4

      The Chomebook Pixel was the Rolls-Royce of Chromebooks. It was faster, more powerful, and came with a better display than any other laptop in its day. Google, however, decided that, while the company would still release ne...

14:06

NEW 'Off The Hook' ONLINE 2600 - 2600: The Hacker Quarterly

NEW 'Off The Hook' ONLINE

Posted 21 Sep, 2017 3:36:22 UTC

The new edition of Off The Hook from 20/09/2017 has been archived and is now available online.

14:05

Equifax Breach: Setting the Record Straight Krebs on Security

Bloomberg published a story this week citing three unnamed sources who told the publication that Equifax experienced a breach earlier this year which predated the intrusion that the big-three credit bureau announced on Sept. 7. To be clear, this earlier breach at Equifax is not a new finding and has been a matter of public record for months. Furthermore, it was first reported on this Web site in May 2017.

equihaxIn my initial Sept. 7 story about the Equifax breach affecting more than 140 million Americans, I noted that this was hardly the first time Equifax or another major credit bureau has experienced a breach impacting a significant number of Americans.

On May 17, KrebsOnSecurity reported that fraudsters exploited lax security at Equifaxs TALX payroll division, which provides online payroll, HR and tax services.

That story was about how Equifaxs TALX division let customers who use the firms payroll management services authenticate to the service with little more than a 4-digit personal identification number (PIN).

Identity thieves who specialize in perpetrating tax refund fraud figured out that they could reset the PINs of payroll managers at various companies just by answering some multiple-guess questions known as knowledge-based authentication or KBA questions such as previous addresses and dates that past home or car loans were granted.

On Tuesday, Sept. 18, Bloomberg ran a piece with reporting from no fewer than five journalists there who relied on information provided by three anonymous sources. Those sources reportedly spoke in broad terms about an earlier breach at Equifax, and told the publication that these two incidents were thought to have been perpetrated by the same group of hackers.

The Bloomberg story did not name TALX. Only post-publication did Bloomberg reporters update the piece to include a statement from Equifax saying the breach was unrelated to the hack announced on Sept. 7, and that it had to do with a security incident involving a payroll-related service during the 2016 tax year.

I have thus far seen zero evidence that these two incidents are related. Equifax has said the unauthorized access to customers employee tax records (well call this the March breach from here on) happened between April 17, 2016 and March 29, 2017.

The criminals respo...

13:26

SEC says hackers may have profited from stolen insider information The Hill: Technology Policy

The Securities and Exchange Commission said Wednesday that hackers infiltrated its corporate filing system in 2016 and may have profited from stolen insider information.The SEC announced that hackers exploited security flaws in the agencys Edgar...

13:26

Google to Buy HTC Phone Business SoylentNews

Android Central and many others are reporting that HTC has issued a Trading Halt pending a Major Announcement order to the markets.

The reason:

Google is expected to buy HTC's smartphone business altogether, taking on its research and development, manufacturing, distribution and supplier ties. HTC will continue to operate its other business units, but it isn't yet clear what would come of its HTC-branded phones.

It has been rumored that HTC was in the "final stage of negotiation with Google" for selling off its smartphone business, and it looks like things are coming to a head.

Google needs handsets to support its Pixel line of phones for Project Fi demands and has only been partly successful in filling these needs by contracting with manufacturers for the custom phones needed to support the multi-carrier Fi phones. HTC is currently manufacturing the Pixel line of phones for Google.

HTC has made outstanding phones that suffered from poor marketing, and has never garnered a significant market share.

See also https://www.bloomberg.com/news/articles/2017-09-20/google-is-said-close-to-buying-htc-assets-to-bolster-hardware (Warning Auto-play Video) where Bloomberg's analysts points out:

A more Apple-like approach to smartphone production would also allow Google to steer Android in its preferred direction. The tech giant has struggled to get handset makers and carriers to ship Android devices with new, secure software. The Pixel was designed, in part, to prompt other Android phone makers to follow on the latest Google bells and whistles. Still, some Android partners are moving ahead with competing software efforts -- Huawei Technologies Co. linked up with Amazon's assistant, and Samsung Electronics Co. is building its own.


Original Submission

Read more of this story at SoylentNews.

13:10

SEC says hackers may have profited from stolen insider information The Hill: Technology Policy

The Securities and Exchange Commission (SEC) revealed Wednesday that hackers breached its system for public-company filings and may have profited from stolen insider information.SEC Chairman Jay Clayton said in a statement that...

12:30

Fun-Size Geiger Counter Sits atop a 9-Volt Battery Hackaday

Want a little heads-up before walking into a potentially dangerous radioactive area? Sure, we all do. But the typical surplus Civil Defense Geiger counter is just too bulky to fit into the sleek, modern every-day carry of the smartphone age. So why not slim down your first line of defense against achieving mutant status with this tiny Geiger counter (Facebook)?

We jest about the use cases for a personal-sized Geiger counter, as [Ian King]s inspiration for this miniaturized build was based more on a fascination with quantifying the unseen world around us. Details are thin in his post, but [Ian] kindly shared the backstory for this build with us. Working on a budget and mostly with spare parts, the big outlay in the BOM was $20 for a Soviet-era SBM-10 tube, itself a marvel of miniaturization. While waiting the two months needed for the tube to arrive, [Ian] whipped up a perf board circuit with a simple oscillator and a CFL transformer to provide the 400 volts needed for the tube. The whole circuit, complete with tiny speaker and an LED to indicate pulses, sits neatly on top of a 9-volt battery. The video below shows it in action with a test source.

Geiger counters are not exactly rare projects on Hackaday, and with good reason. Take a look at this no-solder scrap bin counter or this traveling GPS Geiger counter built dead-bug style.

Thanks to [Cyphixia] for spotting this one for us.


Filed under: misc hacks

12:19

Distribution Release: Kali Linux 2017.2 DistroWatch.com: News

Kali Linux is a Debian-based distribution with a collection of security and forensics tools. The project's latest version, Kali Linux 2017.2, introduces a number of new security and penetration tools, as well as package updates from Debian's Testing branch. "In addition to all of the standard security and....

12:17

11:37

Apple Watch Series 3 Ships with LTE Bug SoylentNews

The major feature of the third iteration of the Apple Watch, LTE cellular connectivity, can fail due to a bug involving Wi-Fi. This problem has been reflected in reviews of the device:

The new Apple Watch is mostly an iterative update over its predecessor, but for one major feature: LTE. The addition of cellular connectivity has been touted as everything from "nice" to "game changing," but reviewers appear to have early issues in testing. I didn't run into any in my own testing, but the Verge reported some big hiccups connecting to the cellular network on the device.

An Apple spokeswoman confirmed the problem with TechCrunch, stating, "We have discovered that when Apple Watch Series 3 joins unauthenticated Wi-Fi networks without connectivity, it may at times prevent the watch from using cellular. We are investigating a fix for a future software release."

The LTE also does not work if you take the device to another country.

Also at The Verge, Fox Business (WSJ/Dow Jones reprint), and Fortune.


Original Submission

Read more of this story at SoylentNews.

Apple Watch Series 3 Ships with LTE Bug SoylentNews

The major feature of the third iteration of the Apple Watch, LTE cellular connectivity, can fail due to a bug involving Wi-Fi. This problem has been reflected in reviews of the device:

The new Apple Watch is mostly an iterative update over its predecessor, but for one major feature: LTE. The addition of cellular connectivity has been touted as everything from "nice" to "game changing," but reviewers appear to have early issues in testing. I didn't run into any in my own testing, but the Verge reported some big hiccups connecting to the cellular network on the device.

An Apple spokeswoman confirmed the problem with TechCrunch, stating, "We have discovered that when Apple Watch Series 3 joins unauthenticated Wi-Fi networks without connectivity, it may at times prevent the watch from using cellular. We are investigating a fix for a future software release."

The LTE also does not work if you take the device to another country.

Also at The Verge, Fox Business (WSJ/Dow Jones reprint), and Fortune.


Original Submission

Read more of this story at SoylentNews.

Apple Watch Series 3 Ships with LTE Bug SoylentNews

The major feature of the third iteration of the Apple Watch, LTE cellular connectivity, can fail due to a bug involving Wi-Fi. This problem has been reflected in reviews of the device:

The new Apple Watch is mostly an iterative update over its predecessor, but for one major feature: LTE. The addition of cellular connectivity has been touted as everything from "nice" to "game changing," but reviewers appear to have early issues in testing. I didn't run into any in my own testing, but the Verge reported some big hiccups connecting to the cellular network on the device.

An Apple spokeswoman confirmed the problem with TechCrunch, stating, "We have discovered that when Apple Watch Series 3 joins unauthenticated Wi-Fi networks without connectivity, it may at times prevent the watch from using cellular. We are investigating a fix for a future software release."

The LTE also does not work if you take the device to another country.

Also at The Verge, Fox Business (WSJ/Dow Jones reprint), and Fortune.


Original Submission

Read more of this story at SoylentNews.

11:32

Fathers pass on four times as many new genetic mutations as mothers study Lifeboat News: The Blog

Researchers studied 14,000 Icelanders and found that men passed on one new mutation for every eight months of age, compared with women who passed on a new mutation for every three years of age.

The figures mean that a child born to 30-year-old parents would, on average, inherit 11 new mutations from the mother, but 45 from the father.

11:10

CVE-2017-14609 Kannel privilege escalation via PID file manipulation Open Source Security

Posted by Michael Orlitzky on Sep 20

Product: Kannel (open source WAP and SMS gateway)
Versions-affected: all
Bug-report: https://redmine.kannel.org/issues/771
Author: Michael Orlitzky

(This hasn't been fixed upstream but I don't expect a response, so I'd
rather not make people wait for the workaround.)

== Summary ==

The Kannel daemons create their PID files after dropping privileges to
a non-root user. That may be exploited (through init scripts or other...

10:55

[$] LWN.net Weekly Edition for September 21, 2017 LWN.net

The LWN.net Weekly Edition for September 21, 2017 is available.

10:30

Amazons Alexa wants to rule your world Gregarious Mammal

Upon visiting Berlins IFA2107   Germanys answer to CES recently,  there was one word I kept hearing: Alexa. In the consumer hardware space, its a great time to be Amazon, if the sheer number of hardware companies jumping on the Alexa bandwagon are anything to go by.

HPR2384: Slackware in Scotland Hacker Public Radio

Beni aka @Navigium visited Andrew aka @mcnalu in Scotland as part of a cycling tour and they decided to record a follow up to their previous HPR show on Slackware to mark the release of Slackware 14.2, or rather the first anniversary of its release. Some points and links mentioned are: Arch is for fruitflies, Slackware for elephants? Destroying a hard drive hammer or drill? Grub vs Lilo? Changes in Slackware - no changes an end user would notice! Pulseaudio now included as needed for bluetooth support. In Andrew's experience of 14.1 and before, only one package needed Pulseaudio, namely the game VVVVVV and even then it just wanted to see it installed, didn't need it for sound to work! You can get gnome for slackware with dropline GNOME. Digression: Trains in Switzerland vs Scotland Beni and Andrew generally build our packages using the slackbuilds.org. There can be dependency issues but it's rare. Worst case is Pandoc with its Haskell deps but sbopkg queue files are a great help there. Beni recommends sbotools as an alternative that deals with this and feels like portsnap on FreeBSD. Digression: Recommend this HPR show on open-sourcing of Colossal Cave Adventure by ClaudioM. Managing WiFi networks: wicd vs NetworkManager vs rc.inet1 (slackware network config script). When camping and cycling, power is precious. Beni explains how to pack a bicycle for air travel. Expect Slackware in Switzerland! The hosts wish to clarify that no Italian Arch linux users nor fruitflies were harmed during the recording of this show.

10:24

Distribution Release: Endian Firewall 3.2.4 DistroWatch.com: News

Endian has announced the release of Endian Firewall 3.2.4, an updated build in the 3.2 series of the project's CentOS-based Linux distribution for firewall and routers: "The Endian team is proud to announce an updated image for the 3.2 release. Check out the new release today by downloading....

10:03

Mesa Sees An Initial Meson Build System Port Phoronix

A few months ago was a vibrant discussion about a Meson proposal for libdrm/Mesa while today the initial patches were posted in bringing a possible Meson build system port for Mesa...

09:52

Stanislav Petrov, Credited for Averting Nuclear War, Dies at Age 77 SoylentNews

'I Was Just Doing My Job': Soviet Officer Who Averted Nuclear War Dies at Age 77

A Soviet officer who prevented a nuclear crisis between the US and the USSR and possible World War III in the 1980s has quietly passed away. He was 77. In 2010 RT spoke to Stanislav Petrov, who never considered himself a hero. We look at the life of the man who saved the world.

A decision that Soviet lieutenant colonel Stanislav Petrov once took went down in history as one that stopped the Cold War from turning into nuclear Armageddon, largely thanks to Karl Schumacher, a political activist from Germany who helped the news of his heroism first reach a western audience nearly two decades ago.

On September 7, Schumacher, who kept in touch with Petrov in the intervening years, phoned him to wish him a happy birthday, but instead learned from Petrov's son, Dmitry, that the retired officer had died on May 19 in his home in a small town near Moscow.

On September 26, 1983, Stanislav Petrov was on duty in charge of an early warning radar system in a bunker near Moscow, when just past midnight he saw the radar screen showing a single missile inbound from the United States and headed toward the Soviet Union.

"When I first saw the alert message, I got up from my chair. All my subordinates were confused, so I started shouting orders at them to avoid panic. I knew my decision would have a lot of consequences," Petrov recalled of that fateful night in an interview with RT in 2010.
...
It was later revealed that what the Soviet satellites took for missiles launch was sunlight reflected from clouds.

Many of us feel that one person can't make a real difference in the world. Stanislov Petrov did.

R.I.P. Stanislav Petrov, the man who saved the world

The Guardian and other news sources report, that Soviet Colonel Stanislav Petrov has died, age 77.

Petrov has become (not very) famous, because in 1983 his quick decision making averted a possible nuclear war.

I think that we, humans, are bad at recognizing significant events that led to everything continuing as normal..


Original Submission #1 Original Submission #2

Read more of this story at SoylentNews.

09:50

Smashing Security podcast #043: Backups - a necessary evil? Graham Cluley

Smashing Security podcast #043: Backups - a necessary evil?

When did you last backup your data? How and what should you backup? And where should you store them?

All is revealed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Vamarzis.

09:30

The Illuminated Waterways of the United States Hackaday

A recent convert to the ways of the laser cutter, redditor [i-made-a-thing] was in want of a project and stumbling on some waterways maps on Etsy launched into fabricating an illuminated map of all the waterways in the United States.

The map itself was laser-cut out of 1/4 inch plywood at his local makerspace. Thing is, smaller rivers and tributaries were too narrow at the scale [i-made-a-thing] wanted, so he ended up spending several hours in Photoshop preparing the image so larger rivers would be laser-cut and not break off while the rest would be etched onto the surface. After testing the process by making a few coasters, he was ready to get started on the real deal.

...

08:45

Overnight Tech: Senate Intel wants Facebook to testify | Apple's Tim Cook calls DACA 'biggest issue of our time' | Amazon algorithm suggested bomb-making items | Dems want new rules for online political ads The Hill: Technology Policy

BURR EXPECTS FACEBOOK TO TESTIFY: The Senate Intelligence Committee is expecting Facebook executives to testify at a public hearing as part of the panel's investigation into Russia's efforts to meddle in the 2016 presidential election.Sen....

08:23

US Navy to Use Xbox 360 Controllers for Submarine Periscopes SoylentNews

Submitted via IRC for Fnord666_

Each one of the US Navy's Virginia-class submarines costs about $2.6 billion. So, it should come as no surprise that it contains a lot of custom, high-end electronics and military hardware. The Navy is looking to save a little money on future submarines, and make them a bit easier to operate, by ditching some of that fancy custom technology in favor of a game console controller. According to Lockheed-Martin, the US government is in the process of outfitting Virginia-class submarines with Xbox 360 controllers to control the periscope.

[...] The idea to switch to gaming peripherals comes from Lockheed-Martin's classified research lab in Manassas, Virginia, which is lovingly referred to as "Area 51." Engineers and officers work together at this facility to find new uses for commercial hardware in the military. That could include hardware like the 360 controllers, Kinect, or a touch-screen tablet, but also consumer software like Google Earth.

[...] The Navy currently has 13 Virginia-class nuclear submarines to outfit with gamepads. Six new subs are already in various stages of production, and as many as 29 more might be built before a new vessel is ready for production in about 20 years.

Source: https://www.extremetech.com/extreme/256049-us-navy-use-xbox-360-controllers-submarine-periscopes


Original Submission

Read more of this story at SoylentNews.

08:03

Free Software Directory meeting recap for September 15th, 2017 FSF blogs

Every week free software activists from around the world come together in #fsf on irc.freenode.org to help improve the Free Software Directory. This recaps the work we accomplished at the Friday, September 15th, 2017 meeting.

Last week's theme was again adding new entries. This time we ended up filing a lot of bugs with packages, rather than getting to add a lot of packages. That's still a very useful part of the work that we do on the Directory. The Directory helps users to find free software, and making sure that there isn't a freedom issue with a particular package ensures that there's more free software out there for them to find. Often the issue is something simple, like a missing license file. But sometimes it can get a bit tricky to sort out, when there are multiple conflicting licenses. So there's work to be done that can be accomplished by volunteers of any skill level, from just starting out to license-hacking gurus. Hope to see you all there again at the next meeting.

If you would like to help update the directory, meet with us every Friday in #fsf on irc.freenode.org from 12 p.m. to 3 p.m. EDT (16:00 to 19:00 UTC).

07:32

The Way We Get Power Is About to Change Forever Lifeboat News: The Blog

Solar and wind power are all about the batteries.


The age of batteries is just getting started. In the latest episode of our animated series, Sooner Than You Think, Bloombergs Tom Randall does the math on when solar plus batteries might start wiping fossil fuels off the grid.

07:15

Facebook COO 'disgusted' by ad targeting tools, will add more human oversight The Hill: Technology Policy

Facebook chief operating officer Sheryl Sandberg announced new steps her company is taking in response to the discovery that advertisers could target individuals who expressed interest in racist and bigoted categories.Previously, advertisers could...

07:14

Mail Call - Voice Mail from 1967 Techmoan

The Mail Call from 1967 predicted the future of communication would be Voice Mailbut just not as we know it.
 
 

 

 

07:12

Dems ask FEC to create new rules in response to Russian Facebook ads The Hill: Technology Policy

Democratic lawmakers on Wednesday asked the Federal Election Commission (FEC) to establish new guidelines for online advertising platforms that would prevent foreign spending to influence U.S. elections.The move comes after Facebook provided...

07:12

Bacon Express Review Techmoan

Rubbish video - rubbish product, lets move on.
   

06:55

Critics of Sinclair merger urge Dems to block FCC chair's reconfirmation The Hill: Technology Policy

Opponents of Sinclair Broadcast Groups proposed acquisition of Tribune Media are calling on Senate Democrats to put a hold on the reconfirmation of Federal Communications Commission (FCC) Chairman Ajit Pai.A coalition of groups consisting of Allied...

06:51

Infrared Signals in Surveillance Cameras Let Malware Jump Network Air Gaps SoylentNews

Submitted via IRC for SoyCow1937

Researchers have devised malware that can jump airgaps by using the infrared capabilities of an infected network's surveillance cameras to transmit data to and from attackers.

The malware prototype could be a crucial ingredient for attacks that target some of the world's most sensitive networks. Militaries, energy producers, and other critical infrastructure providers frequently disconnect such networks from the Internet as a precaution. In the event malware is installed, there is no way for it to make contact with attacker-controlled servers that receive stolen data or issue new commands. Such airgaps are one of the most basic measures for securing highly sensitive information and networks.

The proof-of-concept malware uses connected surveillance cameras to bridge such airgaps. Instead of trying to use the Internet to reach attacker-controlled servers, the malware weaves passwords, cryptographic keys, and other types of data into infrared signals and uses a camera's built-in infrared lights to transmit them. A nearby attacker then records the signals with a video camera and later decodes embedded secrets. The same nearby attackers can embed data into infrared signals and beam them to an infected camera, where they're intercepted and decoded by the network malware. The covert channel works best when attackers have a direct line of sight to the video camera, but non-line-of-sight communication is also possible in some cases.

Researchers at Israel's Ben-Gurion University of the Negev and Shamoon College of Engineering said the malware establishes a two-way channel that attackers can use to communicate with compromised networks even when they're air-gapped. The covert channel can transmit data from a video camera to an attacker at 20 bits per second and from an attacker transmitter to a video camera at 100 bits per second. When more than a camera is used in the attacks the bit-rate may be increased further.

Source: https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/


Original Submission

Read more of this story at SoylentNews.

06:46

Optionsbleed bug makes Apache HTTP Server leak data from memory Help Net Security

On Monday, security researcher Hanno Bck detailed a memory-leaking vulnerability in Apache HTTP Server thats similar to the infamous OpenSSL Heartbleed bug uncovered in April 2014. Unlike Heartbleed, Optionsbleed (as Bck dubbed it) affects a relatively limited number of servers. About Optionsbleed (CVE-2017-9798) The bug affects Apache HTTP Server 2.2.x through 2.2.34 and 2.4.x through 2.4.27, and only those that sport a certain configuration in the .htaccess file. The vulnerability is actually a use after More

06:45

NVIDIA Offers Update On Their Proposed Unix Device Memory Allocation Library Phoronix

James Jones of NVIDIA presented this morning at XDC2017 with their annual update on a new Unix device memory allocation library. As a reminder, this library originated from NVIDIA's concerns over the Generic Buffer Manager (GBM) currently used by Wayland compositors not being suitable for use with their driver's architecture and then the other driver developers not being interested in switching to EGLStreams, NVIDIA's original push for supporting Wayland...

06:30

Salvaging Your Way to a Working Tesla Model S for $6500 Hackaday

If you possess modest technical abilities and the patience of a few dozen monks, with some skillful haggling you can land yourself some terrific bargains by salvaging and repairing. This is already a well-known ideology when it comes to sourcing things like electronic test gear, where for example a non working unit might be purchased from eBay and fixed for the price of a few passive components.

[Rich] from Car Guru has taken this to a whole new level by successfully salvaging a roadworthy Tesla Model S for $6500!

Sourcing and rebuilding a car is always a daunting project, in this case made even more challenging because the vehicle in subject is fairly recent, state of the art electric vehicle. The journey began by purchasing a black Tesla Model S, that [Rich] affectionately refers to as Delorean. This car had severe water damage rendering most of its electronics and mechanical fasteners unreliable, so [Richs] plan was to strip this car of all such parts, and sell what he could to recover the cost of his initial purchase. After selling the working modules of the otherwise drenched battery, motor and a few other bells and whistles his initial monetary investment was reduced to the mere investment of time.

With an essentially free but empty Tesla shell in his p...

05:33

More than three dozen schools call off classes after 'cyber terrorist' threat Graham Cluley

More than three dozen public schools and other educational institutions canceled classes after receiving threats from a "cyber terrorist."

David Bisson reports.

05:30

The Language of the Dark Web IEEE Spectrum Recent Content full text

The Internet we browse is just the tip of the iceberg Illustration: Dan Page

opening illustration for Technically Speaking Illustration: Dan Page Every aspect of human technology has a dark side, including the bow and arrow. Margaret Atwood

Part of the mythology of the early Internet was that it was going to make the world a better place by giving voice to the masses and leveling playing fields. Lightwas the metaphor of choice. For example, Apple cofounder Steve Wozniak once said that when the Internet rst came, I thought it was just the beacon of freedom.

You can easily make a case for how much brighter the world is now, thanks to ubiquitous connectivity shining a light on misbehavior and malfeasance, but the Internet has a dark side as well.

For example, when you enter a search term into Google and it spits out the results, you might think that the search engine spent those few milliseconds querying the entire Web. Nope, not even close. What Google indexes is a fraction of all the available Web, perhaps just 4 percent of the total, by some estimates. That indexed soupon is called the surface Web , or sometimes the visible Web . What about the other 96 percent? That nonsearchable content is called the deep Web, dark Web , or sometimes the invisible Web . A related idea is dark social , those online social interactions that are not...

Friday Hack Chat: All About Drones Hackaday

In the future, drones will fill the skies. The world is abuzz (ha!) with news of innovative uses of unmanned aerial vehicles. Soon, our flying robotic overlords will be used for rescue operations, surveillance, counter-insurgency missions, terrorism, agriculture, and delivering frozen dog treats directly from the local Amazon aerodrome to your backyard. The future is nuts.

For this weeks Hack Chat, were going to be talking all about unmanned aerial vehicles. This is a huge subject, ranging from aeronautical design, the legal implications of autonomous flying machines, the true efficiency of delivering packages via drones, and the moral ambiguity of covering a city with thousands of mobile, robotic observation posts. In short, the future will be brought to us thanks to powerful brushless motors and lithium batteries.

Our guest for this weeks Hack Chat will be [Piotr Esden-Tempski], developer of UAV autopilot hardware for Paparazzi UAV. Paparazzi can be used for autonomous flight and control of multiple aircraft, and well be talking about the types of embedded systems that can be used for these applica...

05:23

APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware The Hacker News

Security researchers have recently uncovered a cyber espionage group targeting aerospace, defence and energy organisations in the United States, Saudi Arabia and South Korea. According to the latest research published Wednesday by US security firm FireEye, an Iranian hacking group that it calls Advanced Persistent Threat 33 (or APT33) has been targeting critical infrastructure, energy and

05:20

Inception Drive: A Compact, Infinitely Variable Transmission for Robotics IEEE Spectrum Recent Content full text

A novel nested pulley configuration forms the heart of a transmission that could make robots safer and more energy efficient Photo: SRI A novel nested pulley configuration forms the heart of a transmission that could make robots safer and more energy efficient.

Last year, SRIs Alexander Kernbaum introduced us to Abacus Drive, a new kind of rotary transmission based on pure rolling motion that promises to be much cheaper and much more energy efficient than harmonic gears, which are the current (quite expensive) standard. Now Kernbaum is back with another ingeniousand cleverly namedtransmission design. Its called Inception Drive, and he describes it as an ultra-compact infinitely variable transmission based on a novel nested pulley configuration thats designed to make robots, and all kinds of other things, safer, more affordable, and vastly more efficient.

In an infinitely variable transmission (IVT), which is a specific kind of continuously variable transmission, the transmission ratio includes a zero point that can be approached from either a positive side or a negative side. In other words, a constant input, like an electric motor turning the same direction at the same speed, can be converted to an output thats turning faster, turning slower, turning the opposite direction, or not turning at all (in this geared neutral mode, youd need infinite input revolutions to cause one output revolution, hence the name infinitely variable transmission).

SRIs ultra-compact Inception Drive transmission is small enough to replace fixed-ratio transmissions in robots, where it could potentially cut energy consumption in half

IVTs do already exist: The concept is not brand new. What is brand new from SRI is the clever engineering that makes Inception Drive an order of magnitude smaller and lighter than existing IVTs. This is a big deal, because it means that IVTs can be integrated into robotic applications in a way that was physically impossible before.

The reason why a transmission like this is important for robotics is primarily because of the efficiency that it enables, as Kernbaum  explains in a p...

05:17

Scientists Want to Explore Asteroids With a Fleet of Nanoprobes SoylentNews

Submitted via IRC for SoyCow1937

Researchers at the Finnish Meteorological Institute (FMI) presented a mission plan today at the European Planetary Science Congress that would allow scientists to observe hundreds of asteroids over the course of just a few years. Their plan is to send 50 nanoprobes -- small space instruments -- into the asteroid belt that lies between Mars and Jupiter to take images and chemical measurements of around 300 large asteroids. "Asteroids are very diverse and, to date, we've only seen a small number at close range. To understand them better, we need to study a large number in situ. The only way to do this affordably is by using small spacecraft," FMI's Pekka Janhunen told Popular Mechanics.

The five kilogram probes would be affixed with a tiny telescope and a spectrometer that would analyze chemical samples from the asteroids. The nanoprobes would be propelled through space with electric solar wind sails, or E-sails. The E-sail would be composed of the main spacecraft, a smaller remote unit and a 20-kilometer-long tether that connects the two. That tether would be kept at a positive charge so that when positive ions emitted by the sun and traveling through space come in contact with it, they'll repel each other, giving the probe a nice boost.

[...] You can read the conference paper here.

Source: https://www.engadget.com/2017/09/19/scientists-explore-asteroids-fleet-nanoprobes/


Original Submission

Read more of this story at SoylentNews.

05:01

Viacom cloud config goof exposed Paramount Pictures, Comedy Central, MTV, and more Graham Cluley

Carelessness is believed to have exposed access credentials and other critical information assets owned by media giant Viacom Inc, leaving them viewable by anyone with an internet connection.

David Bisson reports.

04:47

A New DRM Driver Is Coming For Linux 4.15 Phoronix

TVE200 is a new Direct Rendering Manager driver being queued for Linux 4.15...

04:30

Tiny Laser Device Predicts Cardiac Arrests IEEE Spectrum Recent Content full text

A laser-based device can predict when a heart will stop beating based on insufficient oxygen delivery Photo: Abigail Moore/Boston Children's Hospital Probe assesses mitochondrial redox state in real-time by shining a laser light on a tissue to obtain vital information about cell health.

A laser-based device has shown it can predict cardiac arrests in rats during open-heart surgeryand it could someday raise the standard of medical care by doing the same for human patients. The amazing predictive quality comes from determining whether or not living cells are receiving enough oxygen to remain healthy and function properly.

No one had previously achieved the tricky task of monitoring oxygen delivery within the living tissue of blood-filled organs, let alone providing predictions about whether a heart might stop beating in the next 10 minutes because the organs cells have been starved of oxygen. Lack of oxygen matters because living cells contain mitochondriathe biological equivalent of tiny power plantsthat require oxygen to make energy for the cells. Individual cells can suffer damage or death without enough oxygen, which in turn can lead to the failure of living tissue structures such as organs.

From a medical standpoint, any application in which we want to know whether a tissue is receiving adequate oxygen will benefit from this technology, says John Kheir, co-director of the Heart Center Translational Research Lab at Boston Childrens Hospital and assistant professor at Harvard Medical School. [In medicine] w ere often targeting the surrogate measure of a surrogate measure of a surrogate measure, such as blood pressure, when we really want to know whether were delivering enough oxygen to living tissue.

With Kheir providing clinical guidance, his colleagues at a company called Pendar Technologies, LLC successfully developed and tested an instrument capable of assessing oxygen delivery within living heart tissue and predicting cardiac arrest. They also developed software algorithms to filter out background noise and home in on the specific oxygen-related signal they were looking for. But the required breakthrough still required a year and a half of painstaking cooperation between clinicians, scientists, and engineers based in Boston and Philadelphia before achieving the results detailed in the 20 September 2017 issue of the journal Science Translational Medicine .

The instruments laser probe works by shining a spot of light with the intensity of a laser pointer and the width of a spaghetti noodle directly upon the surface of a heart. The cus...

Hackaday Prize Entry: MOLBED Braille Display Hackaday

Electromechanical braille displays, where little pins pop up or drop down to represent various characters, can cost upwards of a thousand dollars. Thats where the Modular Low-cost Braille Electro Display, aka MOLBED, steps up. The projects creator, [Madaeon] aims to create a DIY-friendly, 3D-printable,  and simple braille system. Hes working on a single characters display, with the idea it could be expanded to cover a whole row or even offer multiple rows.

[Madeon]s design involves using Flexinol actuator wire to control whether a pin sticks or not. He designed a rocker system consisting of a series of 6 pins that form the Braille display. Each pin is actuated by two Flexinol wires, one with current applied to it and one without, popping the pin up about a millimeter. Swap polarity and the pin pops down to be flush with the surface.

This project is actually [Madeon]s second revision of the MOLBED system. The first version, an entry to the Hackaday Prize last year, used very small solenoids with two very small magnets at either end of the pole to hold the pin in place. The new system, while slightly more complex mechanically, should be easier to produce in a low-cost version, and has a much higher chance of bringing this technology to people who need it. Its a great project, and a great entry to the Hackaday Prize.

The HackadayPrize2017 is Sponsored by:
Digi-Key
Supplyframe
Microchip

04:29

XDC2017 Kicks Off With X.Org, Wayland & Graphics Talks Phoronix

The X.Org Developers Conference kicked off a short time ago at the Googleplex in Mountain View, CA. But even if you are not at the event, there is a livestream...

04:29

White House offered Peter Thiel intel adviser post: report The Hill: Technology Policy

Peter Thiel, a Silicon Valley venture capitalist and close ally of President Trump, has had talks to be a top intelligence adviser to the White House, according to a Vanity Fair report on Wednesday.The magazine cited three unnamed White House...

04:24

Windstream Gives Up Preemptive Fight Over ISPs Piracy Liability TorrentFreak

Can an Internet provider be held liable for subscribers who share pirated files? Yes, a Virginia federal jury ruled two years ago.

This verdict caused great uncertainty in the ISP industry, as several companies suddenly realized that they could become the next target.

Internet provider Windstream is among the companies that are worried about the fallout. With 1.1 million subscribers nationwide, it is one of the larger Internet providers in the United States. As such, it receives takedown notices on a regular basis.

Many of these notices come from music rights group BMG, which accused Windstream and its subscribers of various copyright infringements. These notices are issued by the monitoring outfit Rightscorp and often come with a settlement demand for the account holders.

When Windstream refused to forward these notices, as its not required to do so by law, BMG and Rightscorp increased the pressure. They threatened that the ISP could be liable for millions of dollars in piracy damages for failing to disconnect repeat infringers.

Faced with this threat, Windstream filed a request for declaratory judgment at a New York District Court last year, requesting a legal ruling on the matter. This preemptive lawsuit didnt turn out as planned for the ISP.

In April the court ruled that there is no actual controversy and that it cant issue a hypothetical and advisory opinion without concrete facts. As such, the case was dismissed for lack of jurisdiction.

Windstream didnt throw in the towel right away though and appealed the verdict. The ISP argued that the $150,000 in damages per infringement BMG claimed caused a real controversy.

BMGs accusations were not idle threats in light of the undisputed fact that BMG had recently obtained a $25,000,000 recovery against another conduit ISP based on similar claims, the ISP wrote in a brief last month.

Thus, the undisputed facts conclusively establish that an actual controversy exists to support Windstreams request for a declaration that it is not liable for any alleged infringement of BMGs copyrights.

Despite Windstreams initial persistence, something changed in recent weeks. Without any prior signs in the court docket, the company has now asked the Judge to dismiss the case entirely, with both parties paying their own costs.

Windstream respectfully requests that this Court dismiss in full Windstreams present...

04:04

When Google Used Alex Converse to Raid the Public Domain With Software Patents Techrights

Alex Converse

Summary: In its overzealous pursuit of software patents, Google is now turning public domain methods into private property (in defiance of critics)

Google lost its way; it lost its way on patents too. Google is not only pursuing software patents but it is also trying to privatise the public domain. As we had covered this twice already [1, 2] we decided to explore where things stand.

It turns out that the person who first brought up the subject is currently pursuing ways to find legal help for defending ANS coding, according to him.

Google is not only pursuing software patents but it is also trying to privatise the public domain.I have seen your Techrights article mentioning my ANS Goolge patent situation, he told us. There is also another ongoing patent attempt which is nearly granted by USPTO (second Notice of Allowance), also for basic obvious possibility.

This defense requires a serious legal help, I have no chance to afford. I have tried asking EFF and EFFE, but there was nearly no response (I wouldnt be surprised if they were supported by Google, like in the Barry Lynn sandal).

We have decided that the least we can do is raise this subject again (mention it publicly) and name the culprit/s in hope that bad PR alone would discourage him/them from proceeding. Failing that, we shall escalate with patent offices or whatnot.

We have decided that the least we can do is raise this subject again (mention it publicly) and name the culprit/s in hope that bad PR alone would discourage him/them from proceeding.It was all over the media in Poland, we have been told, but as usual, Google does not comment.

I have this experience too.

As it turned out, the so-called inventor has fled Google. His name is Alex Converse and people have already noticed that he left. From a comment:

According to his LinkedIn profile he is no longer with Google https://www.linkedin.com/in/al [linkedin.com]

And another right after that:

...

04:00

Zizmos Continues Its Quest to Create an IoT Earthquake-Warning Network IEEE Spectrum Recent Content full text

Earthquake-warning startup Zizmos has been surviving on contest prizes and reality TV opportunities. Next up, Kickstarter Photo: Zizmos

Update 20 September 2017:

A few smartphone users in the Mexico City area were running the Zizmos app, described below, when this weeks magnitude-7.1 earthquake struck, Zizmos founder Battalgazi Yildirim reports, but not enough to issue a warning, although Zizmos did register the shaking.

Yildirim says hed like to be able to get 50 fixed sensors installed in Mexico Cityenough to reliably give warnings of aftershocks. The design, however, is still at the prototype stage, so each costs about $500 to build. He only has 10 on hand to donate, and would need funding to produce 40 more and local volunteers to install them.

Meanwhile, since the Mexico City earthquake, he says, another 5,000 smartphone users around the world have started running the app.

I first met Battalgazi Yildirim two years ago. He had posted a request in my local online community: His startup, Zizmos, wanted volunteers willing to mount a sensor package inside their homes, preferably on a bearing wall, to test whether a network of cheap packages of electronics, based on the Android phone design and his algorithms, could give early warnings of earthquakes. He wasnt looking to do long-term prediction, just 15 or 30 secondsenough to allow people to grab their kids and move to the safest spot in their house.

Yildirim funded that first trialwhich eventually involved 100 sensorswith an NSF research grant of $150,000. Like many first design attempts, it didnt work out so well. It turned out, Yildirim told me last week, that the Android platform had a fatal flawit couldnt pull in data from an external sensor and simultaneously recharge. The alpha testers might have been willing to deal with keeping the gadgets charged, but this approach wasnt going to appeal to the masses. And Yildirims idea is going to need mass adoption to work; it relies on large numbers of low-cost sensors that report possible earthquake vibrations to the cloud, then eliminates false alarms by comparing the data with neighboring sensors.

The good news, however, Yildirim said, was that the internal sensors on phones were getting better and bettermaybe, he thought, he and cofounder Greg Stillman could just design an app instead of dedicated hardware. He entered the Verizon Powerful Answers competition and his proposal won a grand prize--$1 million. The award also came with a lot of help, formal a...

03:56

Russian groups organized pro-Trump rallies on Facebook: report The Hill: Technology Policy

Russia-linked groups attempted to organize over a dozen pro-Trump rallies around Florida during the 2016 elections, The Daily Beast reported on Wednesday.The rallies, which dozens attended, are the first known instance of Russian actors...

03:43

Amazon is Working on Smart Glasses to House Alexa AI, Says FT SoylentNews

Submitted via IRC for Fnord666_

Amazon is working on building a pair of smart glasses to house its Alexa voice assistant, and a home security camera that could be linked to its existing Echo connected devices to further expand their capabilities, according to a report in the FT citing people familiar with the company's plans.

The newspaper says one or both of these products could be launched before the end of the year, alongside updates to existing Echo devices.

An Amazon spokesperson declined to comment, saying company policy is not to comment on rumors or speculation.

According to the FT, the smart glasses are intended to be purely an earbuds-free housing for Amazon's Alexa AI with a bone-conduction audio system that would enable the wearer to hear Alexa without the need to be wired in.

With no mobile platform of its own to build on, Amazon has a strategic disadvantage vs Google and Apple because it cannot bake its voice AI into smartphone hardware where millions of engaged users could easily summon it hence the company working on a plethora of alternative connected devices to try to put Alexa within earshot anyway.

The idea for the glasses, which would be its first wearable, would be to do just that: Enable Alexa to be summoned from anywhere, vs the current situation where users are barking commands at static in-home speakers.

The FT reports the glasses would wirelessly tether to a user's smartphone for connectivity. They are also apparently being designed to look like a regular pair of spectacles, so they could be worn comfortably and unobtrusively.

Source: https://techcrunch.com/2017/09/20/amazon-is-working-on-smart-glasses-to-house-alexa-ai-says-ft/

Also at Reuters and USA Today.


Original Submission

Read more of this story at SoylentNews.

03:38

Errant Equifax tweet sends breach victims to site flagged for phishing The Hill: Technology Policy

Beleaguered credit agency Equifax tweeted a link to a would-be phishing site to a victim of its massive breach rather than the breach information site it intended.The exchange happened Monday evening when a current customer of Equifax's credit...

03:38

Hacker Can Steal Data from Air-Gapped Computers Using IR CCTV Cameras The Hacker News

Air-gapped computers that are isolated from the Internet and physically separated from local networks are believed to be the most secure computers which are difficult to infiltrate. However, these networks have been a regular target in recent years for researchers, who have been trying to demonstrate every possible attack scenarios that could compromise the security of such isolated networks.

03:31

Spy Tech: Nonlinear Junction Detectors Hackaday

If you ever watch a spy movie, youve doubtlessly seen some nameless tech character sweep a room for bugs using some kind of detector and either declare it clean or find the hidden microphone in the lamp. Of course, as a hacker, you have to start thinking about how that would work. If you had a bug that transmits all the time, thats easy. The lamp probably shouldnt be emitting RF energy all the time, so thats easy to detect and a dead give away. But what if the bug were more sophisticated? Maybe it wakes up every hour and beams its data home. Or perhaps it records to memory and doesnt transmit anything. What then?

High-end bug detectors have another technique they use that claims to be able to find active device junctions. These are called Nonlinear Junction Detectors (NLJD). Spy agencies in the United States, Russian and China have been known to use them and prisons employ them to find cell phones. Their claim to fame is the device doesnt have to be turned on for detection to occur. You can see a video of a commercial NLJD, below

Theory

The idea behind an NLJD is to flood a volume with an RF signal at a particular frequency. Normal insulators and conductors in the area wont alter the signal. However, anything that has a nonlinear response like a diode junction will emit harmonics. They might be at a low level, but if you can detect the harmonics, you can identify these junctions.

Sounds simple, but the RF has to be powerful enough to get there and produce a harmonic you can detect. It also shouldnt be so powerful that you cant localize the volume or extremely that it would damage circuits. The other problem is that any dissimilar metal junction will exhibit nonlinear behavior. So in addition to bugs and cell phones, youll detect rusty nails and similar items.

You can get an overview of how a pro uses an NLJD. It is a little more involved than in the movies. In broad terms, the operator gets an idea of any radio sources in the area first, to try to avoid false positives. Apparently, by looking at the ratio of the second and third harmonics, an experienced operator (or a smart computer) can differentiate between a rusty nail and a real piece of electronic equipment.

Off the Shelf

You can buy NLJDs off the shelf. They arent cheap though. Even on the usual Chinese import sites, the good-looking models run about $10,000. The more mainstream versions all want you to ask for the price and we...

03:16

Mark Kokes, the Man Behind BlackBerrys Patent Aggression, Leaves the Company Techrights

Hell be biking his scooter somewhere else

Mark Kokes

Summary: The man behind the patent troll-like behaviour of BlackBerry is leaving

DURING the weekend we wrote about BlackBerry becoming more like a patent troll. It was far from the first time we dabbled in this subject; we had been covering that for years.

BlackBerrys patent deal was still in the news on Monday, e.g. [1, 2, 3, 4, 5, 6]. This non-story (press release) simply refused to die.

But then, the following day, IAM said that the man behind this strategy was leaving. To quote:

Mark Kokes has left BlackBerry and is no longer its senior vice president of intellectual property, licensing & standards, IAM has learned. In a sudden move, Kokes departed in mid-August and is not thought to have taken another position. For its part, BlackBerry does not seem to have appointed a direct replacement. In a recent press release announcing that Timex had entered into a patent-based agreement with the company, reaction from BlackBerry came from senior director of intellectual property licensing, Jerald Gnuschke.

Kokes is the third big name corporate IP departure in the space of just a month, following Allen Los move from Google to Faceboo...

02:57

WordPress Demonstrates That Facebooks Patent Strategy is Deterring/Alienating Developers Techrights

Yeah, Im going to fuck them in the ear

Mark Zuckerberg, President and Founder of Facebook (source)

Summary: React is being dumped following Facebooks attempt to restrict distribution/derivatives using software patents

HAVING spent years covering Facebooks patent strategy, we recently came to see its troubling licensing issue resurfacing again in the media (its actually fairly old news, but Apaches intervention brought that back from the dead). Theres a lot more about it in our daily links; we considered that mostly a software issue rather than a patents issue.

This week, however, things got a little hotter for Facebook because one of the main project that disseminated React said that it would cease doing that. In a sense, Facebook is killing its own projects/products with software patents. The subject was covered not only by WordPress and its founder but also by technical media yesterday and the day before that.

As US media put it:

Facebook is in the middle of a fraught battle. No, its not over the pernicious tide of fake news surging onto our newsfeeds, nor is it about privacy issues on the platform. Rather, it pertains to how the social media giant deals with the open source community, the code it releases to the world, and one cool piece of software called React.

Put simply, React is a JavaScript library that makes it easier for developers to write sophisticated front-ends. It was built by an engineer at Facebook, and in 2013, Facebook released it to the developer community under an open-source license. This isnt unusual; tech companies release open source software all the time.

Facebook used a license derived from the popular BSD license, which is used by other popular open source projects. But heres the problem: Facebook also threw in a few other clauses, which many developers and companies are finding to be problematic.

British media put it like this:

...

02:52

China Upgrading Milky Way 2 Supercomputer to 95 Petaflops Lifeboat News: The Blog

We have some breaking news from the IHPC Forum in Guangzhou today. Researchers in China are busy upgrading the MilkyWay 2 (Tianhe-2) system to nearly 95 Petaflops (peak). This should nearly double the performance of the system, which is currently ranked at #2 on TOP500 with 33.86 Petaflops on the Linpack benchmark. The upgraded system, dubbed Tianhe 2A, should be completed in the coming months.

Details about the system upgrade were presented at the conference opening session. While the current system derives much of its performance from Intel Knights Corner co-processors, the new system swaps these PCI devices out for custom-made 4-way MATRIX-200o boards, with each chip providing 2.46 Teraflops of peak performance.

02:49

[$] Linking commits to reviews LWN.net

In a talk in the refereed track of the 2017 Linux Plumbers Conference, Alexandre Courouble presented the email2git tool that links kernel commits to their review discussion on the mailing lists. Email2git is a plugin for cregit, which implements token-level history for a Git repository; we covered a talk on cregit just over one year ago. Email2git combines cregit with Patchwork to link the commit to a patch and its discussion threads from any of the mailing lists that are scanned by patchwork.kernel.org. The result is a way to easily find the discussion that led to a piece of codeor even just a tokenchanging in the kernel source tree.

02:38

Apple CEO: DACA is 'the biggest issue of our time' The Hill: Technology Policy

Apple CEO Tim Cook on Wednesday urged for government action to protect undocumented immigrants brought to the U.S. as children, calling their plight the biggest issue of our time.These people, if you havent met them at Apple we have...

02:36

Transfer Photos to Your New iPhone? Quickly Make a Backup Without iCloud TechWorm

Want to back up your iPhone images/videos and files without Apple iCloud/iTunes account, here is a quick way to do it!

Apple has finally announced its new iPhones. As always, many people will upgrade their old iPhone to new iPhone 8 or iPhone X, or buy an iPhone 7 at a favorable price. Some Android users possibly grab a new iPhone to try out a different mobile OS as well. After getting a new phone, the first thing should be transferring files from the old one to it. Besides contacts, photos are believed to be what we need most. Well, how can we transfer photos to our new iPhone?

iCloud is a feasible way. Turn on My Photo Stream, sign in the same Apple ID on both old and new iPhones, and then you should get access to photos of old iPhone on your new iPhone. However, 5GB free storage isnt enough for almost all users to backup all old iPhone photos. Besides, this method isnt suited for those switching from non-Apple users. Luckily, theres another option WinX MediaTrans which can transfer selective or all photos to new iPhone from old iPhone and Android devices without Apple ID.

Want to back up your iPhone images/videos and files without Apple iCloud/iTunes account, here is a quick way to do it!

6 Reasons to Choose WinX MediaTrans to Transfer Photos to New iPhone

WinX MediaTrans is a well-received iTunes alternative for Windows, capable of managing and transferring photos, videos, music, e-books, voice memos, ringtones, podcasts, and more files, and unlocking iTunes purchases. It is available to transfer photos from (old) iPhone to PC and copy pictures from PC to (new) iPhone, in a simple and fast way. Below are a few reasons for why choose WinX MediaTrans as your preferred photo transfer option.

...

02:31

Huge Names Confirm Their Supercon Appearances Hackaday

Were excited to announce the next batch of speakers for the 2017 Hackaday Superconference.

We are especially pleased to welcome Michael Ossmann as a speaker. He presented an RF design workshop at the 2014 Superconference which was sold out, standing room only, and still turned away dozens of people before becoming a hit on the Internet. This year he takes the stage with colleague Dominic Spill as they focus on infrared communications and the uses and abuses of such.

Dr. Christal Gordon threw down an incredible talk on biologically inspired sensors last year and we suspect she will outdo herself this year. Her talk will cover the fanciest of cutting-edge sensors and the trade-offs of selecting the new hotness for your designs. Coming out of this you will know when to go with a suite of tried and true components and when to make the leap to new tech.

Several of this years Hackaday Prize Judges will be on hand and presenting talks. In addition to Christal Gordon and Danielle Applestone (announced as a speaker last week), were thrilled to have Anouk Wipprecht internationally known for her work in fashion and engineering, pushing the boundaries of how technology can interface with humans as a speaker. Nadya Peek from the Center for Bits and Atoms wh...

02:19

A Fleet of Sail-driven Asteroid Probes Centauri Dreams

One of the great values of the Kepler mission has been its ability to produce a statistical sample that we can use to analyze the distribution of planets. The population of asteroids in our own Solar System doubtless deserves the same treatment, given its importance in future asteroid mining as well as planetary protection. But when it comes to main belt asteroids, were able to look up close, even though the number of actual missions thus far has been small.

Thus its heartening to see Pekka Janhunen (Finnish Meteorological Institute), long a champion of intriguing electric sail concepts, looking into how we might produce just such an asteroid sampling through a fleet of small spacecraft.

Asteroids are very diverse and, to date, weve only seen a small number at close range. To understand them better, we need to study a large number in situ. The only way to do this affordably is by using small spacecraft, says Janhunen.

The concept weds electric sails riding the solar wind with a fleet of 50 small spacecraft, the intent being that each should visit six or seven asteroids, collecting spectroscopic data on their composition and taking images. Dr. Janhunen presented the idea at the European Planetary Science Congress (EPSC) 2017 in Riga on Tuesday September 19.

Image: The single-tether E-sail spacecraft. Credit: Janhunen et al.

Electric sails ride the solar wind, that stream of charged particles that flows constantly out of the Sun. While solar sails take advantage of the momentum imparted by photons on the sail, and beamed energy sails are driven by microwave or laser emissions, electric sails use the solar winds charged particles to generate all the propulsion they need without propellant. What Janhunen envisions is a tether attached to one end of a spacecraft, to which is attached an electron emitter and a high-voltage source, all connected to a remote unit at the other end.

The tether makes a complete rotation every 50 minutes, creating a shallow cone around a center of mass close to the primary spacecraft. Each small craft can change its orientation to the solar wind, and thereby alter its thrust and direction. Janhunens presentation at the EPSC made the case that a 5 kg spacecraft with a 20 kilometer tether could accelerate at 1 millimeter per second squared at the Earths distance from the Sun. Coupled with the boost provided by the launch itself, this is enough to complete a tour through the asteroid belt and return with...

02:12

How AI can Help Reduce the Cost of Drug Discovery Lifeboat News: The Blog

The cost of drug discovery and subsequent development is a massive challenge in the pharmaceutical industry. A typical drug can cost upwards of $2.5 billion and a decade or more to identify and test a new drug candidate[1].

These costs have been increasing steadily over the years, and pharmaceutical manufacturers are constantly seeking ways to improve efficiency to save time and money and speed up research progress.

Automation in the lab is one example; tasks that were traditionally carried out by technicians can now be done by machines. Increasingly sophisticated assays to detect new drug candidates have also helped to slash development time. Now a new ally has arrived to aid drug development artificial intelligence and a powerful ally it is.

02:10

GNOME Foundation partners with Purism to support its efforts to build the Librem 5 smartphone LWN.net

Last week KDE announced that they were working with Purism on the Librem 5 smartphone. The GNOME Foundation has also provided its endorsement and support of Purisms efforts to build the Librem 5. "As part of the collaboration, if the campaign is successful the GNOME Foundation plans to enhance GNOME shell and general performance of the system with Purism to enable features on the Librem 5. Various GNOME technologies are used extensively in embedded devices today, and GNOME developers have experienced some of the challenges that face mobile computing specifically with the Nokia 770, N800 and N900, the One Laptop Per Child projects XO laptop and FICs Neo1973 mobile phone."

02:09

Uber: We Don't Have to Pay Drivers Based on Rider Fares SoylentNews

Submitted via IRC for SoyCow1937

Uber is fighting a proposed class-action lawsuit that says it secretly over charges riders and under pays drivers. In its defense, the ride-hailing service claims that nobody is being defrauded in its "upfront" rider fare pricing model.

The fares charged to riders don't have to match up with the fares paid to drivers, Uber said, because that's what a driver's "agreement" allows.

"Plaintiff's allegations are premised on the notion that, once Uber implemented Upfront Pricing for riders, it was required under the terms of the Agreement to change how the Fare was calculated for Drivers," Uber said (PDF) in a recent court filing seeking to have the class-action tossed. "This conclusion rests on a misinterpretation of the Agreement."

The suit claims that, when a rider uses Uber's app to hail a ride, the fare the app immediately shows the passenger is based on a slower and longer route compared to the one displayed to the driver. The rider pays the higher fee, and the driver's commission is paid from the cheaper, faster route, according to the lawsuit.

Uber claims the disparity between rider and driver fares "was hardly a secret."

"Drivers," Uber told a federal judge, "could have simply asked a User how much he or she paid for the trip to learn of any discrepancy."

Source: https://arstechnica.com/tech-policy/2017/09/uber-driver-pay-plan-puts-a-significant-risk-on-ride-hailing-service/


Original Submission

Read more of this story at SoylentNews.

01:56

Trump Facebook ads reassure supporters he will build border wall The Hill: Technology Policy

President Trump is using targeted Facebook ads to assure supporters he will build a wall on the U.S. border with Mexico, reports BuzzFeed News."There's been a lot of noise and a lot of rumors," reads the ad from Trump's personal Facebook...

01:55

Wine Staging 2.17 Released With More Direct3D 11 Functionality Phoronix

Wine Staging 2.17 is now available as the latest experimental/testing build of Wine with various patches added in...

01:47

An intro to machine learning (Opensource.com) LWN.net

Ulrich Drepper, once again an engineer at Red Hat, writes about machine learning on opensource.com. "Machine learning and artificial intelligence (ML/AI) mean different things to different people, but the newest approaches have one thing in common: They are based on the idea that a program's output should be created mostly automatically from a high-dimensional and possibly huge dataset, with minimal or no intervention or guidance from a human. Open source tools are used in a variety of machine learning and artificial intelligence projects. In this article, I'll provide an overview of the state of machine learning today."

01:43

Security updates for Wednesday LWN.net

Security updates have been issued by CentOS (emacs), Debian (apache2, gdk-pixbuf, and pyjwt), Fedora (autotrace, converseen, dmtx-utils, drawtiming, emacs, gtatool, imageinfo, ImageMagick, inkscape, jasper, k3d, kxstitch, libwpd, mingw-libzip, perl-Image-SubImageFind, pfstools, php-pecl-imagick, psiconv, q, rawtherapee, ripright, rss-glx, rubygem-rmagick, synfig, synfigstudio, techne, vdr-scraper2vdr, vips, and WindowMaker), Oracle (emacs and kernel), Red Hat (emacs and kernel), Scientific Linux (emacs), SUSE (emacs), and Ubuntu (apache2).

01:35

Comparing Employee Advocacy Apps: Smarp vs. Dynamic Signal TechWorm

Smarp vs. Dynamic Signal: Here is a comparison between the two Employee Advocacy Apps

Do you want to improve your company culture while also getting help from employees to share your content? Choose the best employee advocacy tool for your companys needs, and youll unlock better engagement, both within your office and with the general public.

Work occupies a major chunk of your employees lives. They spend about a third of their days working, and the vast majority are likely satisfied with their jobs. As it is a major part of their lives, theyre bound to chat about work both online and offline. Some 50% of employees already share content about their employers online. People will always be on the lookout for quality content to share.

Therefore, it is important for companies to equip employees with the right information and resources. Employees can share information while having offline conversations and on social media.

An informed employee will share the latest and best information about your company. This helps to create a positive brand reputation and drive traffic to your website, as employees can increase reach tenfold.

The best way to keep employees informed and spreading the good word is with an employee advocacy platform. Choosing the right platform can be hard, though, as there are so many options available. Two of the options you cant go wrong with are Smarp and Dynamic Signal. Both have their strengths and weaknesses. I have compared them side by side in this article to help you select the right one for your companys situation.

The Pros and Cons of Using Smarp

Smarp is a well-rounded employee advocacy tool. It has all the features you need to encourage employees to share content on social media, to measure impact and to collaborate and inform one another regarding projects.

The Pros and Cons of Using SmarpOne of the biggest advantages of using Smarp is that it is so easy to post content. You c...

01:31

AT&T CEO: Failure to pass tax reform would be 'bad indictment' for GOP The Hill: Technology Policy

AT&T CEO Randall Stephenson said Wednesday it would be a "bad indictment" of Republicans' effectiveness if they cant enact tax reform while controlling both chambers of Congress and the White House I absolutely believe, and I...

01:31

Seriously, Is It That Easy To Skim Cards? Hackaday

Weve all heard of card skimmers, nefarious devices that steal the identity of credit and debit cards, attached to ATMs and other machines in which unsuspecting consumers use them. Often they have relied on physical extraction of data from the card itself, such as by inserting a magnetic stripe reader in a fake ATM fascia, or by using a hidden camera to catch a picture of both card and user PIN entry.

The folks at Sparkfun write about an approach they received from a law enforcement agency bearing a selection of card skimmer devices that had been installed in gasoline pumps. These didnt rely on interception of the card itself, instead they sat as a man-in-the-middle attack in the serial line between the card reader unit and the pump electronics. Let that sink in for a minute: a serial line that is readily accessible to anyone with the pump manufacturers standard key, carries card data in an unencrypted form. The owner of the skimming device is the criminal, but the company leaving such a wide-open vulnerability should really be joining them in having to answer to authorities.

...

01:30

Can you please help someone in dire straights? Antarctica Starts Here.

Reece Markowsky is a friend and colleague of mine from work who lives and works in British Columbia.  Late last week he received word that his brother passed away after a protracted period of hospitalization.  As one might imagine he's devastated by this.  Unfortunately his sister-in-law Shari is now a single mother of two young boys who is now on a single income, trying to pay for the funeral, and trying to get by until she can find a job.  Reece has started a crowdfunding campaign on her behalf.

If you can spare it, would you please donate to their Gofundme campaign to help the family get back on their feet?  If not, could you please spread the word?

Thank you in advance.

A Bittersweet Milestone for the Worlds Safest Nuclear Reactors IEEE Spectrum Recent Content full text

Westinghouse is poised to start up its first AP1000 nuclear reactors in China, fighting on in a troubled market Photo: Imaginechina/AP

/image/Mjk1MzI3Ng.jpeg
Photo: Imaginechina/AP False Start: Installation of the containment dome at Chinas Haiyang nuclear plant in August 2015 was the end of the beginning of this AP1000 facilitys problems.

By late this year or early in 2018, two nuclear reactorscould start operating in Chinaan event that might be a lifesaver for the units crippled builder and designer, Westinghouse Electric Co., and for the technology they represent. Both Westinghouse and its prized AP1000 reactor design have suffered a series of humbling setbacks this year.

The AP1000 is arguably the worlds most advanced commercial reactor. It is designed to passively cool itself during an accidental shutdown, theoretically avoiding accidents like those at Ukraines Chernobyl power plant and Japans Fukushima Daiichi. And for over a decade, it has been the presumed successor to Chinas mainstay reactors, which employ a 1970s-era French design.

Yet after more than three decades of engineering, regulatory reviews, salesmanship, and construction, the AP1000 has yielded zero electricity and plenty of trouble. Delays and cost overruns at the four reactors under construction in China and another four in the United States drove Westinghouse into bankruptcy this March. And in July, South Carolina utilities abandoned their pair of partially built AP1000son which they and Westinghouse have spent US $9 billion.

But the Chinese reactors, at the Haiyang Nuclear Power Plant in Shandong and at the Sanmen plant in Zhejiang, could press the reset button for the AP1000 and Westinghouse. And China is where success really matters most because it is the only country building reactors by the dozen.

The question, say experts, is what share the AP1000 can capture of a Chinese reactor market that has taken a downturn since the Fukushima accident and may slow even further. Government plans to tie nuclear power rates to wholesale prices for coal-fired power will definitely mean a slowdown of nuclear power construction down the road, says Henry Chan, an Asian geopolitics expert at the National University of Singapore who tracks Chinas nuclear energy sector.

The AP1000s a...

01:24

Redox OS 0.3.3 Released, Lowers RAM Usage Phoronix

The Rust-written Redox operating system is out with a new feature release...

01:14

Stable kernels 4.13.3, 4.12.14, and 4.9.51 LWN.net

The 4.13.3, 4.12.14, and 4.9.51 stable kernels have been released; each contains another set of important fixes. Note that this is the final update for the 4.12.x series.

01:10

GNOME Joins The Librem 5 Party, Still Needs To Raise One Million More Dollars Phoronix

One week after announcing KDE cooperation on the proposed Librem 5 smartphone with plans to get Plasma Mobile on the device if successful, the GNOME Foundation has sent out their official endorsement of Purism's smartphone dream...

00:55

Dip update 87/n wherestheflux

[Orig: Sept 20, 2017]
Hi everyone,
Below are the latest TFN and OGG measurements from LCO.  
Have a great day!
~Tabby and team
PS: These observations are happening because of the wonderful backers of our 2016 Kickstarter project. The Kickstarter campaign has ended, but we are still accepting donations to purchase additional observing time on the LCO 0.4m network. Thanks in advance for your support!      

00:52

How do you grow bone in a lab? Good vibrations Lifeboat News: The Blog

A team from the Universities of Glasgow, Strathclyde, the West of Scotland and Galway have created a device that sends nano vibrations across mesenchymal stem cells suspended in a collagen gel.

The authors of the paper, published in the Nature Biomedical Engineering journal, found that these tiny vibrations turn the cells into a 3D model of mineralised bone putty. This putty isnt quite as hard as bone at this stage. Thats where the body comes in.

We add the bone putty to an anatomically correct, rigid living scaffold, that we made by 3D printing collagen, says Matthew Dalby, professor of cell engineering at the University of Glasgow, and one of the lead authors of the paper. We put lots of cells in the body so it has a chance to integrate this new bone. We tell the cells what to do in the lab, then the body can act as a bioreactor to do the rest.


Scientists have grown living bone in the lab by sending vibrations through stem cells. It could help amputees and people with osteoporosis.

00:52

Are We Killing Ourselves With Antioxidants? Lifeboat News: The Blog

Summary: The mitochondrial free radical theory of aging says that if we consume antioxidant supplements, we can repair the damage caused by free radicals. However, this recommendation is contradicted by a large body of evidence which shows that antioxidant supplements are often harmful. Researchers are discovering more effective ways to improve health by clearing our mitochondrial damage caused by free radicals.

Are you killing yourself in a bid to live a longer healthier life?

A growing body of evidence shows that if you take antioxidant supplements, and you are otherwise healthy, then you are wasting your money, and damaging your liver and nervous system.

00:38

Amazon 'reviewing' its site after report found suggestions of bomb ingredients The Hill: Technology Policy

Amazon said it will review its website after a British news report found that the companys algorithms have been recommending combinations of items that can be used to make bombs.An investigation by the United Kingdom's Channel 4 News found that the...

00:36

Washington DC Braces for Net Neutrality Protests Later This Month SoylentNews

Submitted via IRC for SoyCow1937

Net neutrality advocates are planning two days of protest in Washington DC this month as they fight off plans to defang regulations meant to protect an open internet.

A coalition of activists, consumer groups and writers are calling on supporters to attend the next meeting of the Federal Communications Commission on 26 September in DC. The next day, the protest will move to Capitol Hill, where people will meet legislators to express their concerns about an FCC proposal to rewrite the rules governing the internet.

The FCC has received 22 million comments on "Restoring Internet Freedom", the regulator's proposal to dismantle net neutrality rules put in place in 2015. Opponents argue the rule changes, proposed by the FCC's Republican chairman Ajit Pai, will pave the way for a tiered internet where internet service providers (ISPs) will be free to pick and choose winners online by giving higher speeds to those they favor, or those willing or able to pay more.

The regulator has yet to process the comments, and is reviewing its proposals before a vote expected later this year.

Source: https://www.theguardian.com/technology/2017/sep/15/washington-dc-net-neutrality-protests-restoring-internet-freedom


Original Submission

Read more of this story at SoylentNews.

00:32

Insanely Concentrated Wealth Is Strangling Our Prosperity Lifeboat News: The Blog

Just like the game of Monopoly, which was created to illustrate the operation of laissez faire capitalism, there is always one big winner at the end of the game.

Wealth concentration drives a vicious, downward cycle, throttling the very engine of wealth creation itself.

Because: people with lots of money dont spend it. They just sit on it, like Smaug in his cave. The more money you have, the less of it you spend every year. If you have $10,000, you might spend it this year. If you have $10 million, youre not gonna. If you have $1,000, youre at least somewhat likely to spend it this month.


These people could spend $20 million every year and theyd still just keep getting richer, forever, even if they did absolutely nothing except choose some index funds, watch their balances grow, and shop for a new yacht for their eight-year-old.

If youre thinking that they deserve all that wealth, and all that income just for owning stuff, because theyre makers, think again: between 50% and 70% of U.S. household wealth is earned the old-fashioned way (cue John Houseman voice): its inherited.

The bottom 90% of Americans arent even visible on this chart and its a very tall chart. The scale of wealth inequality in America today makes our crazy levels of income inequality (which have also expanded vastly) look like a Marxist utopia.

00:31

The Narrowing Gap Between Amateur and Professional Fabrication Hackaday

The other day I saw a plastic part that was so beautiful that I had to look twice to realize it hadnt been cast and no, it didnt come out of a Stratysys or anything, just a 3D printer that probably cost $1,500. It struck me that someone who had paid an artisan to make a mold and cast that part might end up spending the same amount as that 3D printer. It also struck me that the little guys are starting to catch up with the big guys.

Haz Bridgeport, Will Mill

Sometimes its just a matter of getting a hold of the equipment. If you need a Bridgeport mill for your project, and you dont have one, you have to pay for someone else to make the thing no matter how simple. Youre paying for the operators education and expertise, as well as helping pay for the maintenance and support of the hardware and the shop its housed in.

I once worked in a packaging shop, and around 2004 we got in a prototype to use in developing the product box. This prototype was 3D printed and I was told it cost $12,000 to make. For the era it was mind blowing. The part itself was simplistic and few folks on Thingiverse circa 2017 would be impressed; the print quality was roughly on par with a Makerbot Cupcake. But because the company didnt have a 3D printer, they had to pay someone who owned one a ton of cash to make the thing they wanted.

Unparalleled Access to Formerly Professional-Only Tools

But access to high end tools has never been easier. Hackerspaces and tool libraries alone have revolutionized what it means to have access to those machines. There are four or five Bridgeports (or similar vertical mills) at my hackerspace and I believe they were all donated. For the cost of membership, plus the time to get trained in and checked out, you can mill that part for cheap. Repeat with above-average 3D printers, CNC mills, vinyl cutters, lasers. The spaces South Bend lathe (pictured) is another example of the stuff most people dont have in their basement shops. This group ownership model may not necessarily grant you the same gear as the pros, but sometimes its pretty close.

Being too afraid to use an expensive and unfamiliar tool is a stumbling block for a lot of people. But I dont need to tell you that hackerspaces are a motherlode of knowledge. Find those subject matter experts the machine shop ninja, the person with the cleanest welds, the dude whose PLA prints always look great. When that falls short, we have a resource our ancestors did not: the Internet. YouTube alone has revolutionized getting trained in on tools. People go to trade school to learn how to operate big expensive machines, but you can learn what to do for free.

Just Send it Out

...

00:30

Orcabox LEB Execlusive Offer: 1GB KVM VPS from $3/month! Low End Box

Hello all! We have a couple of interesting offers from a new-to-LowEndBox provider, Orcabox a brand from Aracanum Services LLC. Theyre a registered company in the USA (L16000098249 FEI/EIN Number 81-2741033 State: FL), their WHOIS is public, and you can find their ToS/Legal docs here. They accept PayPal, Bitcoin, and XMR as methods of payment.

A note from the company: 

We are specialists in vps hosting, our company aims to provide highly reliable services at affordable rates. We have been offering VPS/Dedicated hosting since 2016 and Orcabox is our new brand for KVM Services and we would like to offer a special exclusive for LEB Readers. 

The offers: 

Super
2 Xeon 1270v6 vCPU
1 GB RAM
20 GB SSD (RAID1)
2 TB Bandwidth
1 IPv4
20Gbps in-house DDoS Protection
KVM/Virtualizor
24/7 Online Support
Coupon: LEB50
Price after applying coupon: $3/month

Predator
3 Xeon 1270v6 vCPU
3 GB RAM
50 GB SSD (RAID1)
5 TB Bandwidth
1 IPv4
20Gbps in-house DDoS Protection
KVM/Virtualizor
24/7 Online Support
Coupon: LEB50
Price after coupon: $7.5/month

NETWORK INFO:

Datacenter Name Location: Clouvider London, UK
Test IPv4: 185.198.190.33
Test file: https://lg.orcabox.com/static/100MB.test
Looking glass: https://lg.orcabox.com/
-
Node Specifications.
Intel Xeon E3-1270v6 CPU
64GB RAM
MIN of 2x 512GB SSDs
Software RAID1
1Gbps uplink

00:29

Encrypted Fitbit data can be intercepted and manipulated, claim researchers TechWorm

Fitbit fitness trackers vulnerable to data theft

All those health freaks wearing Fitbit fitness bands BEWARE, as vulnerabilities in your device that track heart rate, steps taken and calories burned could enable a hacker to steal your personal information and data.

To prove this point, a team at the University of Edinburgh carried out a detailed security investigation of two popular models of wearable fitness trackers, Fitbit One and Fitbit Flex, made by Fitbit.

Fitbit secures its devices with end-to-end encryption. However, when Fitbit One and Fitbit Flex were modified to bypass encryption system, the researchers were able to gain access to stored information proving that these devices provided no protection against the hack. In other words, such an access could allow illegal sharing of personal data with third parties such as marketing agencies and online retailers. Also, it will allow fraudsters to create fake activity records by manipulating the data in order to obtain cheaper insurance policies with lower premiums.

Researchers notified Fitbit, who has since updated its software to fix the vulnerabilities to improve the privacy and security of its devices.

We are always looking for ways to strengthen the security of our devices, and in the upcoming days will start rolling out updates that improve device security, including ensuring encrypted communications for trackers launched prior to Surge [summer 2016], the company said in a statement.

The trust of our customers is paramount and we carefully design security measures for new products, continuously monitor for new threats, and diligently respond to identified issues.

Dr Paul Patras, of the University of Edinburghs School of Informatics, who took part in the study, said: Our work demonstrates that security and privacy measures implemented in popular wearable devices continue to lag behind the pace of new technology development. We welcome Fitbits receptiveness to our findings, their professional attitude towards understanding the vulnerabilities we identified and the timely manner in which they have improved the affected services.

The findings will be presented at the International Symposium on Research in Attacks (RAID) on 18-20 September. The research was carried out in collaboration with Technische Universitat Darmstadt, Germany, and the University of Padua, Italy. The Edinburgh researchers were part-funded by the Scottish Informatics and Computer Science Alliance.

Source: EurekAlert

The post Encrypted Fitbit data can be intercepted and manipulated, claim researchers appeared first on...

00:00

Linux Weather Forecast

Welcome to the Linux Weather Forecast

This page is an attempt to track ongoing developments in the Linux development community that have a good chance of appearing in a mainline kernel and/or major distributions sometime in the near future. Your "chief meteorologist" is Jonathan Corbet, Executive Editor at LWN.net. If you have suggestions on improving the forecast (and particularly if you have a project or patchset that you think should be tracked), please add your comments below. 

Wednesday, 20 September

23:54

Hurricane Maria: Direct Hit Puerto Rico cryptogon.com

Via: Weather.com: Metal roofs were flying off buildings and windows were breaking in San Juan, Puerto Rico even before Hurricane Maria made landfall as a Category 4 storm on the islands southeastern coast early Wednesday morning. According to the Associated Press, nearly 900,000 people were already without power as the storm approached.

23:35

Optionsbleed vulnerability can cause Apache servers to leak memory data Security Affairs

The vulnerability Optionsbleed in Apache HTTP Server that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests.

The freelance journalist and security researcher Hanno Bck discovered a vulnerability, dubbed Optionsbleed. in Apache HTTP Server (httpd) that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests.

Bck was analyzing HTTP methods when he noticed that requests with the OPTIONS method, which is normally used by a client to ask a server which HTTP methods it supports, were returning apparently corrupted data via the Allow header instead of the list of supported HTTP methods (e.g. Allow: GET, POST, OPTIONS, HEAD). However, some of the responses to the researchers requests looked like this:

Below an example of the response obtained by Bck:

Allow: POST,OPTIONS,,HEAD,:09:44 GMT
Allow: GET,HEAD,OPTIONS,,HEAD,,HEAD,,HEAD,, HEAD,,HEAD,,HEAD,,HEAD,POST,,HEAD,, HEAD,!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
Allow: GET,HEAD,OPTIONS,=write HTTP/1.0,HEAD,,HEAD,POST,,HEAD,TRACE

Apache leaked server memory due to a use-after-free bug tracked as CVE-2017-9798.

optionsbleed

Respect other flaws bleeding memory contents like Heartbleed, the Optionsbleed vulnerability is less severe because in order to be exploited the targeted system needs to be configured in a certain way, and anyway the response doesnt always contain other data.

Security firm Sophos published a detailed analysis of the vulnerability.

The expert tested the Optionsbleed flaw in the Alexa Top 1 Million websites and received corrupted Allow headers from only 466 of them.

With the support of the Apache developer Jacob Champion, Bck verified that the Optionsbleed vulnerability only affects specific configurations. Bck has released a proof-of-concept (PoC) script for Optionsbleed.

...

23:30

uniprof: Transparent Unikernel for Performance Profiling and Debugging

Title: 
uniprof: Transparent Unikernel for Performance Profiling and Debugging

23:30

AI to Help Power Grids Resist Disruptions IEEE Spectrum Recent Content full text

A new project explores how artificial intelligence could help power grids anticipate and recover from natural disasters Photo-illustration: John Lund/Getty Images

<>

The U.S. Department of Energy will explore whether artificial intelligence could help electric grids handle power fluctuations, avoid failures, resist damage, and recover faster from major storms, cyberattacks, solar flares and other disruptions.

A new project, called GRIP, for Grid Resilience and Intelligence Project, was awarded up to $6 million over three years on September 12 by the U.S. Department of Energy. GRIP is the first project to use artificial intelligence (AI) to help power grids deal with disturbances, says Sila Kiliccote, GRIP's principal investigator and director of the Grid Integration, Systems and Mobility lab at the SLAC National Accelerator Laboratory in Menlo Park, Calif.

GRIP will develop algorithms to learn how power grids work by analyzing smart meter data, utility-scale SCADA (supervisory control and data acquisition) data, electric vehicle charging data, and even satellite and street-view imagery.

"By looking at satellite and street-view imagery, we can see where vegetation is growing with respect to power lines, how long it takes to grow, and anticipate what the effects of high winds might have on that vegetation, such as pulling trees onto power lines during storms," Kiliccote says.

The aim with GRIP is to address three different kinds of problems. "First we need to anticipate and get in front of grid events," Kiliccote says. "Next we'd like to minimize the effects of grid events when they do happen. Finally, after the event ends, we'd want to bring systems back as quickly as possible."

GRIP's first year is devo...

23:26

Jumping Airgaps The Isoblog.

So this paper operates on the premise that there is a high security installation. Because of that it has an isolated network, and also physical protection, in the form of common cameras with the ubiquitous IR lighting.

Turns out, so the developers of aIR-Jumper, you can code data into flashes of IR camera lights, and you can read input using the security cameras. So after the initial infection (which would have to take an different route) you can talk to your implant using the security features of the isolated network.

23:25

NVIDIA Legacy Linux Drivers Updated With Newer Kernel Support Phoronix

NVIDIA has issued new releases of its two legacy drivers for Linux...

22:57

Call to Action: Write to the European Parliaments Legal Affairs Committee on Upcoming Copyright Law SoylentNews

Rick Falkvinge writes that on October 10th a committee within the European Parliament will vote on future copyright law in Europe. Former MEP (2009-2014), Christian Engstrm, provided a description of how to provide feedback to the European Parliament. Polite, clear, to the point feedback from EU citizens and residents would be most useful.

In particular, there are two really bad proposals and three really good proposals that warrant special attention, mixed in and buried in all the words. The good propoals are the mandatory freedom of panorama, the freedom to remix, and the freedom for anybody to datamine. The two bad proposals, quite dreadful actually, are to require sites to carry out mandatory upload filtering and a link tax which makes it impossible to link to articles in the legacy media.


Original Submission

Read more of this story at SoylentNews.

22:30

Watch the Keynote Videos from Open Source Summit in Los Angeles

If you werent able to attend Open Source Summit North America 2017 in Los Angeles, dont worry! Weve rounded up the following keynote presentations so you can hear from the experts about the growing impact of open source software.

20:37

The Ten Essentials for Good API Documentation

API documentation is the number one reference for anyone implementing your API, and it can profoundly influence the developer experience. Because it describes what services an application programming interface offers and how to use those services, your documentation will inevitably create an impression about your productfor better or for worse.

20:30

Local Development Environment for Kubernetes using Minikube

Kubernetes can be an ultimate local development environment particularly if you are wrangling with a large number of microservices. In this post, we will cover how you can create a local development workflow using Minikube and tools such as Make to iterate fast without the wait imposed by your continuous integration pipeline. With this workflow, you can code and test changes immediately.

19:50

Architecting the Future with Abstractions and Metadata

Abstractions and metadata are the future of architecture in systems engineering, as they were before in software engineering. In many languages, there are abstractions and metadata; however, systems engineering has never adopted this view. Systems were always thought of as too unique for any standard abstractions. Now that weve standardized the lower-level abstractions, were ready to build new system-level abstractions.

19:37

Fast Track Apache Spark

My upcoming Strata Data NYC 2017 talk about big data analysis of futures trades is based on research done under the limited funding conditions of academia. This meant that I did not have an infrastructure team, therefore I had to set up a Spark environment myself. I was analyzing futures order books from the Chicago Mercantile Exchange (CME) spanning May 2, 2016, to November 18, 2016.

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog