IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Monday, 18 September


Cybercriminals deploying assortment of banking Trojans and ransomware "IndyWatch Feed Tech"

Check Point revealed that banking trojans were extensively used by cybercriminals during August, with three variants appearing in the companys latest Global Threat Impact Index. The Zeus, Ramnit and Trickbot banking trojans all appeared in the top ten. These Trojans work by identifying when the victim is visiting a banking website, and then use keylogging or webinjects to harvest basic login credentials or more sensitive information such as PIN numbers. Alternatively, Trojans may also direct More


Immaculate Dadiso Motsi-Omoijiade, author of "Bitcoin Lending and the Multiplier Effect", joins New Money Systems Bd "IndyWatch Feed Tech"

Immaculate Dadiso Motsi-Omoijiade, author of "Bitcoin Lending and the Multiplier Effect", joins our New Money Systems Board.


Hackaday Prize Entry: A PCB To Emulate Coin Cells "IndyWatch Feed Tech"

The Coin Cell Emulator CR2016/CR2032 by [bobricius] homes in on a problem some hardware developers dont realize they have: when working on hardware powered by the near-ubiquitous CR2016 or CR2032 format 3V coin cells, power can be a bit troublesome. Either the device is kept fed with coin cells as needed during development, or the developer installs some breakout wires to provide power from a more convenient source.

[bobricius]s solution to all this is a small PCB designed to be inserted into most coin cell holders just like the cell itself. It integrates a micro USB connector with a 3V regulator for using USB as an external power source. The board also provides points for attaching alligator clips, should one wish to conveniently measure current consumption. Its a tool with a purpose, and cleverly uses the physical shape of the PCB itself as an integral part of the function, much like another of [bobricius]s projects: the Charlieplexed 7-segment LED display.

The HackadayPrize2017 is Sponsored by:
Texas Instruments

Filed under: The Hackaday Prize ...


Facebook's HHVM To Focus More On Hack, No Longer Focusing On PHP7 Compatibility "IndyWatch Feed Tech"

Some interesting remarks today by Facebook's HHVM/Hack language team as they plot their future agenda...


Knife-Throwing as a Sport: Who Would Have Thunk It? "IndyWatch Feed Tech"

As far as recognized champions in the sport, the Hall of Fame holds a three-day national throw every year to establish the best in various categories. Then again, the Hall isn't the only group of throwers; other champions exist, too. Someday perhaps, there will be a grand merger.

As for the typical knife-thrower, he or she is hard to describe, since anyone can throw.

"There's really no aging out," said Rick Lemberg, an organizer of the online Aim Games, in which people compete by posting their scores. Because there is no physical contact, injuries are rare, he added. Commitment trumps physique.

Source: Knife-Throwing as a Sport: Who Would Have Thunk It?

Original Submission

Read more of this story at SoylentNews.


Ukraine Faces Call for US Trade Sanctions over Online Piracy "IndyWatch Feed Tech"

The International Intellectual Property Alliance (IIPA) is recommending that the U.S. Government should suspend Ukraines GSP trade benefits, claiming that the country doesnt do enough to protect the interests of copyright holders.

Last year Ukraine enjoyed $53.7 million in unilateral duty-free benefits in the US, while US companies suffering millions of dollars in losses in Ukraine due to online piracy, they argue.

The IIPA, which includes a wide range of copyright groups including the MPAA, RIAA, BSA and ESA, characterizes the country as a safe harbor for pirate sites. While physical piracy was properly addressed ten years ago after a previous sanction, digital piracy remains rampant.

One of the main problems is that local hosting companies are offering their services to a wide variety of copyright-infringing websites. Without proper enforcement, more and more websites have moved their services there.

By allowing these problems to fester for years, weak digital enforcement has resulted in an exponential increase in the number of illegal peer-to-peer (P2P) hosting and website-based Internet piracy sites, including some of the worlds largest BitTorrent sites located in Ukraine, IIPA writes.

Some Internet pirates have purposefully moved their servers and operations to Ukraine in the past few years to take advantage of the current lawless situation. Many of these illegal services and sites target audiences throughout Europe and the United States.

The copyright holders highlight the defunct ExtraTorrent site as an example but note that there are also many other torrent sites, pirate streaming sites, cyberlockers, and linking sites in Ukraine.

While pirate sites are hosted all over the world, the problem is particularly persistent in Ukraine because many local hosting companies fail to process takedown requests. This, despite repeated calls from copyright holders to work with them.

Many of the websites offering pirated copyright materials are thriving in part because of the support of local ISPs, IIPA writes.

The copyright industries have, for years, sought private agreements with ISPs to establish effective mechanisms to take down illegal websites and slow illegal P2P traffic. In the absence of legislation, however, these voluntary efforts have generally not succeeded, although, some ISPs will delete links upon request.

In order to make real progress, the copyright holders call for new legislation to hold Internet s...


CVE-2017-9803: Security vulnerability in kerberos delegation token functionality "IndyWatch Feed Tech"

Posted by Shalin Shekhar Mangar on Sep 18

CVE-2017-9803: Security vulnerability in kerberos delegation token functionality

Severity: Important

The Apache Software Foundation

Versions Affected:
Apache Solr 6.2.0 to 6.6.0


Solr's Kerberos plugin can be configured to use delegation tokens,
which allows an application to reuse the authentication of an end-user
or another application.
There are two issues with this functionality (when using...


Google Chrome Will Mark FTP Resources As Not Secure "IndyWatch Feed Tech"

By Uzair Amir

It seems like Google is making some serious changes in

This is a post from Read the original post: Google Chrome Will Mark FTP Resources As Not Secure


Azure Confidential Computing Heralds the Next Generation of Encryption in the Cloud "IndyWatch Feed Tech"

For years, EFF has commended companies who make cloud applications that encrypt data in transit. But soon, the new gold standard for cloud application encryption will be the cloud provider never having access to the users datanot even while performing computations on it.

Microsoft has become the first major cloud provider to offer developers the ability to build their applications on top of Intels Software Guard Extensions (SGX) technology, making Azure the first SGX-capable servers in the public cloud. Azure customers in Microsofts Early Access program can now begin to develop applications with the confidential computing technology.

Intel SGX uses protections baked into the hardware to ensure that data remains secure, even from the platform its running on. That means that an application that protects its secrets inside SGX is protecting it not just from other applications running on the system, but from the operating system, the hypervisor, and even Intels Management Engine, an extremely privileged coprocessor that weve previously warned about.

Cryptographic methods of computing on encrypted data are still an active body of research, with most methods still too inefficient or involving too much data leakage to see practical use in industry. Secure enclaves like SGX, also known as Trusted Execution Environments (TEEs), offer an alternative path to applications looking to compute over encrypted data. For example, a messaging service with a server that uses secure enclaves offers similar guarantees to end-to-end encrypted services. But whereas an end-to-encrypted messaging service would have to use client-side search or accept either side channel leakage or inefficiency to implement server-side search, by using an enclave they can provide server-side search functionality with always-encrypted guarantees at little additional computational cost. The same is true for the classic challenge of changing the key that a ciphertext is encrypted without access to the key, known as proxy re-encryption. Many problems that have challenged cryptographers for decades to find efficient, leakage-free solutions are solvable instead by a sufficiently robust secure enclave ecosystem.

While there is great potential here, SGX is still a relatively new technology, meaning that security vulnerabilities are...


SPARC M8 Processors Launched "IndyWatch Feed Tech"

While Oracle recently let go of some of their SPARC team, today marks the launch of the SPARC M8...


[CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow "IndyWatch Feed Tech"

Posted by Luciano Bello on Sep 18

Hi there,
I'm trying to reproduce this, to check the affected versions
I tried in Debian Sid (4.2.6-1) and Debian Stretch (3.4.4-3) and I
was not able to reproduce the issue. Specially for the later, the fact
that tcprewrite exists normally is puzzling. Hosein (the PoC author)
claims to make it work in 3.4.4 (on Ubuntu 16.04).

Can else somebody confirm this issue?

Thanks, luciano


The Science Will Not Defeat Aging in my Lifetime so Why Bother? Argument, and Why We Should be More Optimistic "IndyWatch Feed Tech"

For much of human history, living up to a ripe old age was seen as a gift from the gods, an aberration, or just the product of sheer luck. Given that up to the beginning of the twentieth century many of us succumbed to disease at an early age, being extremely fortunate to live anywhere past the age of forty, it should be no surprise that living a long life is still beatified today as something akin to winning the lottery.

Even when confronted with the galloping pace of scientific advances in human longevity, our historical sensibilities have led us to take a defeatist stance towards the subject: Even if longevity interventions become available during my lifetime, I am already too late to take advantage of them, so why bother?

Indeed, this hesitation to see human life extension as a real possibility in our lifetime, dismissing it as a dream belonging to the realms of science fiction[1] and futuristic utopias[2] is not an uncommon one, and as long as tangible rejuvenation therapies do not become available, we will feel validated in our pragmatism.


AI: This Decades Worst Buzz Word "IndyWatch Feed Tech"

In hacker circles, the Internet of Things is often the object of derision. Do we really need the IoT toaster? But theres one phrase that while not new is really starting to annoy me in its current incarnation: AI or Artificial Intelligence.

The problem isnt the phrase itself. It used to mean a collection of techniques used to make a computer look like it was smart enough to, say, play a game or hold a simulated conversation. Of course, in the movies it means HAL9000. Lately, though, companies have been overselling the concept and otherwise normal people are taking the bait.

The Alexa Effect

Not to pick on Amazon, but all of the home assistants like Alexa and Google Now tout themselves as AI. By the most classic definition, thats true. AI techniques include matching natural language to predefined templates. Thats really all these devices are doing today. Granted the neural nets that allow for great speech recognition and reproduction are impressive. But they arent true intelligence nor are they even necessarily direct analogs of a human brain.

For example, want to make your Harmony remote pause your TV? Say Alexa: Tell Harmony to pause. The Alexa recognizes Tell and Harmony and probably deletes to (a process called noise disposal). Thats it. There are a few tricks so maybe it can figure out that TV belongs to Harmony, but theres no real logic or learning taking place.

In the same way that janitors became sanitation engineers, anything that the computer does is now artificial intelligence. All by itself, thats not a big deal. Just more marketing hyperbole.

The danger is that people are now getting spun up that the robot revolution is right around the corner. [Elon Musk] is one of the prime offenders. Granted, some critics think he is just trying to protect his own AI projects, but on the face of it, at least, he is claiming that AI is going to more or less take over the world. And it isnt just him. Even [Bill Gates] has added a little fear into the equation.

You might argue that robot...


Hackers compromised CCleaner software by installing a hidden backdoor "IndyWatch Feed Tech"

CCleaner contained malicious backdoor that secretly stole information from users computers

Researchers at the security firm, Cisco Talos have reported that CCleaner, a system-optimization tool distributed by anti-virus firm Avast, was hacked to distribute malware directly to its users through a hidden backdoor. The malware allows hackers to potentially get access to the users computer, and other connected systems, to steal personal data or credentials.

CCleaner is a popular utility program  used to clean potentially unwanted files (including temporary internet files, where malicious programs and code tend to reside) and invalid Windows Registry entries from a computer. CCleaner was developed by Piriform and has been recently acquired by Prague-based antivirus maker Avast in July. CCleaner has more than 2 billion downloads worldwide and is downloaded as often as 5 million times per week.

However, the Mac and Android versions of CCleaner do not appear to have been affected.

While Piriform estimated that 2.27 million people used the infected software, and 5,000 installations of CCleaner Cloud had received the malicious update to that software.

We resolved this quickly and believe no harm was done to any of our users, the company said in a statement.

The company also added that the rogue server is down and other potential servers are out of the control of the attacker.

Supply chain attacks are a very effective way to distribute malicious software into target organizations, Ciscos threat intelligence grou...


An open letter to the W3C Director, CEO, team and membership "IndyWatch Feed Tech"

Dear Jeff, Tim, and colleagues,

In 2013, EFF was disappointed to learn that the W3C had taken on the project of standardizing Encrypted Media Extensions, an API whose sole function was to provide a first-class role for DRM within the Web browser ecosystem. By doing so, the organization offered the use of its patent pool, its staff support, and its moral authority to the idea that browsers can and should be designed to cede control over key aspects from users to remote parties.

When it became clear, following our formal objection, that the W3C's largest corporate members and leadership were wedded to this project despite strong discontent from within the W3C membership and staff, their most important partners, and other supporters of the open Web, we proposed a compromise. We agreed to stand down regarding the EME standard, provided that the W3C extend its existing IPR policies to deter members from using DRM laws in connection with the EME (such as Section 1201 of the US Digital Millennium Copyright Act or European national implementations of Article 6 of the EUCD) except in combination with another cause of action.

This covenant would allow the W3C's large corporate members to enforce their copyrights. Indeed, it kept intact every legal right to which entertainment companies, DRM vendors, and their business partners can otherwise lay claim. The compromise merely restricted their ability to use the W3C's DRM to shut down legitimate activities, like research and modifications, that required circumvention of DRM. It would signal to the world that the W3C wanted to make a difference in how DRM was enforced: that it would use its authority to draw a line between the acceptability of DRM as an optional technology, as opposed to an excuse to undermine legitimate research and innovation.

More directly, such a covenant would have helped protect the key stakeholders, present and future, who both depend on the openness of the Web, and who actively work to protect its safety and universality. It would offer some legal clarity for those who bypass DRM to engage in security research to find defects that would endanger billions of web users; or who automate the creation of enhanced, accessible video for people with disabilities; or who archive the Web for posterity. It would help protect new market entrants intent on creating competitive, innovative products, unimagined by the vend...


Google Stops Challenging Most US Warrants for Data on Overseas Servers "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

Google has quietly stopped challenging most search warrants from US judges in which the data requested is stored on overseas servers, according to the Justice Department.

The revelation, contained in a new court filing to the Supreme Court, comes as the administration of President Donald Trump is pressing the justices to declare that US search warrants served on the US tech sector extend to data stored on foreign servers.

Google and other services began challenging US warrants for overseas data after a federal appeals court sided with Microsoft last year in a first-of-its-kind challenge. Microsoft convinced the New York-based 2nd US Circuit Court of Appealswhich has jurisdiction over Connecticut, New York, and Vermontthat US search-and-seizure law does not require compliance with a warrant to turn over e-mail stored on its servers in Ireland. Federal prosecutors were demanding the data as part of a US drug investigation.

In the aftermath, courts outside the 2nd Circuit, which are not bound by the ruling, began rejecting the circuit's decision and dismissing fresh challenges by the ISPs, including those brought by Google, Yahoo, and Microsoft. In one instance, Google was even found in contempt of court (PDF) for refusing to comply with a District of Columbia federal judge's order to hand over data stored overseas.

The Supreme Court has not decided whether to hear the government's challenge to the Microsoft decision, which has huge privacy ramifications for consumers and for the tech sector. The sector is being asked by the US government to comply with court orders that sometimes conflict with the laws of where the data is stored.


Original Submission

Read more of this story at SoylentNews.


HPs new Z8 workstation comes with whopping 56 Core, 38.5MB cache and 1.5TB RAM "IndyWatch Feed Tech"

HPs new Z8 workstation packs two Intel Skylake-SP processors, twinned Xeon Platinum 8180 chips. 28 cores/56 threads and 38.5MB cache each running at 2.5-3.8GHz, along with 1.5TB RAM

No this is not a gaming rig but a workstation. However, with the kind of specs that HP is now coming up in its new Z8 workstation PC, you would surely wish to play hi-definition games on it.  HP is launching this whopping elephantine workstation for those companies who require more power and Z8 delivers pants down on HPs promises.

HPs new Z8 workstation packs in a pair of Intel Skylake-SP processors. Imagine your PC with two Skylake-SP processors and add twinned Xeon Platinum 8180 chips with 28 cores/56 threads and 38.5MB cache each running at 2.5-3.8GHz. Now add 1.5TB RAM to this pack and what you get this ultimate computing machine.

If you are into ultra hi-res graphics, you can add up to three Nvidia Quadro P6000 GPUs or AMD Radeon Pro WX 9100 and imagine the kind of results you will get from Z8. The hefty desktop systems have four internal drive bays, two external (and a third external for an optical drive), and nine PCIe slots.

HP Z8 will come with 4TB of PCIe-mounted SSD, and 48TB HD thus giving you both the SSD power as well as the normal HD power. A range of gigabit and 10 gigabit Ethernet adaptors are available; the machines also support 802.11a/b/g/n/ac Wi-Fi and Bluetooth 4.2. Thunderbolt 3 is available with an add-in card.

According to HP, next year onwards users can add 8180M processors; same core count and speeds, but doubling the total memory capacity to 3TB, The only condition is that you have to use the workstations 24 RAM slots.

HP Z8 will be powered by a 1.7kW PSU which could power a small room without any hitch. This whole setup comes at a big price though. According to HP, the base model will cost $2,439 while the hi-fi model with all the things mentioned above could cost about $10,000-20,000.

With that kind of price, normal users can only dream about owning the Z8. HP is aiming them at markets such as 3D engineering and modeling and 8K video/film production.

The post HPs new Z8 workstation comes with whopping 56 Core, 38.5MB cache and 1.5TB RAM appeared first on TechWorm.


Netdata: Distributed real-time performance and health monitoring "IndyWatch Feed Tech"

Netdata is a system for distributed real-time performance and health monitoring. It provides real-time insight of everything happening on the system it runs (including applications such as web and database servers), using modern interactive web dashboards. Netdata 1.8.0, released yesterday, focuses on metrics streaming improvements and containers monitoring. Streaming improvements Bug fix: streaming slaves consuming 100% CPU The software, as a slave, was not handling all the error cases properly, resulting in 100% cpu utilization More


First 5G smartphones with download speed more than 10Gbps to be available from 2019 "IndyWatch Feed Tech"

First 5G smartphones with download speeds faster than 10 Gbps will be available in US and Asian markets by 2019, says Qualcomm CEO

The year is 2019 and you are able to download the entire Lord of the Rings trilogy movie set in just 10 minutes!!! Sounds too good to be true. But this will be the future according to Steven Mollenkopf. As of now, we are surfing the net at 4G speeds which means that we can theoretically download movies/tv shows/files etc. at 100Mbps speeds where it is available though, in reality only Japanese and South Korean telecom companies give near that of speeds.

Steven Mollenkopf, chief executive of the worlds top maker of smartphone chips, Qualcomm said that the first of 5G smartphones will be available for sale to users in 2019 in several Asian countries and the United States. Like 4G tech, in this case also, the 5G smartphones will first be available in Japan and South Korea before coming to the United States of America. However, what is worth noting is that the year 2019 is a year earlier than 2020 projected earlier for 5G technology launch.

What is 5G?

5G standards are not yet finalized and the most advanced services are still in the pre-commercial phase. They will be significantly ahead of whats currently available with 4G. A minimum expectation for commercial 5G services is for them to be tens of times faster than 4G, which would make even current broadband speeds look like snail pace in comparison.

How fast will be 5G?

The Next Generation Mobile Networks alliance states that for something to be considered 5G it must offer data rates of several tens of megabits per second to tens of thousands of users simultaneously, while a minimum of 1 gigabit per second should be offered to tens of workers on the same office floor.

Network Type Download Speeds
3G Network 384Kbps
4G Network 100Mbps
5G Network More than 10Gbps (theoretical)

Thats all a little vague, but the signs are promising. Some estimates put download speeds at up to 1000 times faster than 4G, potentially exceeding 10Gbps. That would enable you to download an entire HD film in less than a second.

Why 5G tech is coming i...


Fedora Launches The "Red Team" For Dealing With Cybersecurity "IndyWatch Feed Tech"

The Fedora Red Team is a new special interest group (SIG) within the Fedora ecosystem for dealing with cybersecurity...


ZK Time_Web Software 2.0 - Broken Authentication "IndyWatch Feed Tech"

Posted by Arvind Vishwakarma on Sep 18

Vulnerability Type: Broken Authentication
Vendor of Product: ZKTeco
Affected Product Code Base: ZKTime Web -
Affected Component: ZK Time Web Interface Management.
Attack Type: Local - Unauthenticated
Impact: Information Disclosure
Product description:
ZKTime Web 2.0 is a cutting edge Web-based Time Attendance software,
which provided a stable communication for devices through GPRS/WAN,


No, We Cannot Shoot Down North Koreas Missiles "IndyWatch Feed Tech"

Its time national leaders speak realistically about missile defense.

The number one reason we dont shoot down North Koreas missiles is that we cannot.

Officials like to reassure their publics about our defense to these missiles. Japanese Chief Cabinet Secretary Yoshihide Suga told his nation after last weeks test, We didnt intercept it because no damage to Japanese territory was expected.


Googles New Mobile Payment System Sends Money via Sound "IndyWatch Feed Tech"

The new digital payment app, called Tez, allows people in India to use a phone to pay for goods in physical stores and online, or make payments to other bank accounts. Its different to the (already incredibly popular) Indian service PayTM in the respect that it links a phone directly with a bank account, rather than having the user regularly top up a wallet with money.

The Financial Times reports ($) that, unlike many other mobile payment systems which rely on NFC to make payments, Google offers users the ability to make use of a technology called AudioQR to transfer money. The approach allows any two phones with mics and speakers to communicate with each other using ultrasound, above the range of human hearing, to arrange a transaction. That will be particularly useful in a country where not everyone has a high-spec device.

According to TechCrunch, Google has also trademarked the name Tez in other Asian countries, including Indonesia and the Philippines. That suggests that, in the longer term, it has bigger ambitions for the service.


ZKTime_Web Software 2.0 - Cross Site Request Forgery "IndyWatch Feed Tech"

Posted by Arvind Vishwakarma on Sep 18

Vulnerability Type: Cross Site Request Forgery (CSRF)
Vendor of Product: ZKTeco
Affected Product Code Base: ZKTime Web -
Affected Component: ZK Time Web Interface Management.
Attack Type: Local - Authenticated
Impact: Escalation of Privileges
Product description:
ZKTime Web 2.0 is a cutting edge Web-based Time Attendance software,
which provided a stable communication for devices through...


Apples Face ID can be quickly disabled in an emergency "IndyWatch Feed Tech"

A week ago, Apple debuted iPhone X and Face ID, a new biometric security mechanism that replaces Touch ID. Face ID allows users to unlock their iPhone with their face. The same mechanism can also be used to make purchases in various Apple digital media stores, and to authenticate payments via Apple Pay. The mechanism works by projecting over 30,000 infrared dots onto a face and creating a 3D mesh of it, then comparing it More


Security updates for Monday "IndyWatch Feed Tech"

Security updates have been issued by Arch Linux (ffmpeg, lib32-libgcrypt, libgcrypt, linux-zen, and newsbeuter), Debian (emacs25, freexl, and tomcat8), Fedora (cyrus-imapd, FlightGear, freexl, gdm, kernel, LibRaw, ruby, and xen), Gentoo (binutils, chkrootkit, curl, gdk-pixbuf, gimps, git, kpathsea, mod_gnutls, perl, squirrelmail, subversion, supervisor, and webkit-gtk), Mageia (389-ds-base, kernel, kernel-linus, kernel-tmb, and mpg123), openSUSE (ffmpeg, ffmpeg2, qemu, and xen), Slackware (kernel), SUSE (xen), and Ubuntu (gdk-pixbuf).


A Slew Of NYC Meetups With Tindie And Hackaday This Week "IndyWatch Feed Tech"

This is a busy, busy week for Tindie and Hackaday. Were going to New York, and we have a ton of events planned.

First up is the monthly Hackaday meetup. This time, were teaming up with Kickstarter for a pre-Maker Faire Meetup. Well be hosting this at Kickstarters HQ, and already we have an impressive line of speakers set up to talk about Assistive Technology. These speakers include:

  • Anita Perr and R. Luke Dubois from the NYU Ability Project
  • Andrew Chepaitis from ELIA Life Technology

Also on deck for the for the Hackaday x Kickstarter meetup are live demos from WearWorks, who are developing the WAYBAND, a haptic navigation device and from Elia Frames, a tactile reading system.

The Hackaday x Kickstarter meetup will be Thursday, September 21st, starting at 6:30pm. Heres the link to RSVP.

This weekend is also World Maker Faire New York and Tindie will be out...


Warning: CCleaner Hacked to Distribute Malware; Over 2.3 Million Users Infected "IndyWatch Feed Tech"

If you have downloaded or updated CCleaner application on your computer between August 15 and September 12 of this year from its official website, then pay attentionyour computer has been compromised. CCleaner is a popular application with over 2 billion downloads, created by Piriform and recently acquired by Avast, that allows users to clean up their system to optimize and enhance


Stanislav Petrov: Soviet Officer Who Averted Nuclear War Dies at Age 77 "IndyWatch Feed Tech"

Im amazed by how few people are aware of this incident. It makes for great dinner time conversation! Via: Russia Today: A Soviet officer who prevented a nuclear crisis between the US and the USSR and possible World War III in the 1980s has quietly passed away. He was 77. In 2010 RT spoke to []


Is Nxt The Blockchain Company That Could Solve The Democratic Fatigue Syndrome? "IndyWatch Feed Tech"

Is Nxt The Blockchain Company That Could Solve The Democratic Fatigue Syndrome?

The words voting and democracy have become tantamount. History lessons in Western countries have instructed us that the act of voting is the best and most correct way of choosing your representative, and weve grown used to not doubting this or looking for any alternative. The governments own attitude towards the voting system reflects also in the mind of its civilians. This agenda, that often supports current voting systems, has evolved over time because of theoretical blinders that prevent us from looking to the side; that prevent us from looking at any new ideas that could potentially replace the traditional and inefficient voting system.

Nxt, the Blockchain App

In 1948, the Declaration of Human Rights was published, and it stated that The will of the people shall be the basis of the authority of government; and it was widely received at the time. Private elections began, which were universal and equal in their suffrage. But there was another consequence that emerged because of the Declaration of Human Rights: the development of the Democratic Fatigue Syndrome. This phenomenon occurs when people participate in their countrys democratic elections but over time, find themselves despising the same politicians they themselves elected into power. Suddenly, a Catch-22 develops in what was meant to be a fair, equal, democratic election. While the current political voting system was established to bring power back to the masses, many citizens claim issues such as voting fraud and misconduct. Look at the 2016 US Presidential Election, which substantiated the Democratic Fatigue System, and proved how outdated current voting methods are.

Nxt is not trying to heal the Democratic Fatigue Syndrome nor change the way we vote. Nxt hasnt reinvented the wheel with its ambitious blockchain technology; however, the decentralized nature of blockchain provides a potential solution to voting problems such as fraud and voting irregularities, which are unavoidable while the traditional voting system runs.

Usually, the process behind the ballot box goes as follows: When the last vote is cast, polling station volunteers begin to count the votes either by machine or by hand, and the summary count is then sent to another centralized location, such as a courthouse, for tallying. Your vote disappears after the first tally, where the volunteer worker at the poll statio...


Review: If You Read One Sci-Fi Series This Year, It Should Be The Broken Earth "IndyWatch Feed Tech"

Arthur T Knackerbracket has found the following story:

Sometimes a book series is so important that you want people to put everything aside and just read it. I'm not the only one who feels this way about N.K. Jemisin's Broken Earth trilogy. The first and second novels in Jemisin's trilogy, The Fifth Season and The Obelisk Gate won the prestigious Hugo Award for the past two years in a rowthe first time this has happened since Ender's Game and its sequel Speaker for the Dead won sequential Hugos in 1986 and 87. Now the final Broken Earth book, The Stone Sky, is out. You can gobble up the whole series without interruption.

Read more of this story at SoylentNews.


Air Force Planes to Spray Harris County with Dibrom "IndyWatch Feed Tech"

Via: AP: Harris County officials say Air Force Reserve cargo planes will be spraying much the county beginning Thursday to combat the mosquito threat left by Harveys heavy rains and floodwaters. Modified C-130 planes from Kelly Air Force Base in San Antonio are to spray about 600,000 acres in roughly the northern and southern thirds []


U.S. Navy/National Security Agency Submarine Flies Jolly Roger, For Morale "IndyWatch Feed Tech"

Via: Ottawa Citizen: US Navy Commander Corey Barker told the UKs Daily Mail that the flag was flown for morale, and has no further significance. There was no real reason for flying the flag, just a part of morale, he explained. When submarines come into and leave port they are authorized to fly flags as []


18sep2017 "IndyWatch Feed Tech"


Dip update 85/n - Welcome Angkor! "IndyWatch Feed Tech"

[Orig: Sept 18, 2017]
Hi everyone,
It is my pleasure to announce "Angkor" has been chosen as the name of the September 2017 dip!  
This name nomination follows the theme of lost cities (along with Skara Brae).
Below is the latest light curve from LCO.  Reviewing the data taken over the past few days, it looks like Angkor might be having a bit of trouble recovering all the way back to normal brightness (similar behavior to what happened after Celeste). Note that these points are consistent with normal given the size of the error bars, however, the repeated below normal brightness measurements during this time increases the significance of the trend.     
~Tabby and team
PS: These observations are happening because of the wonderful backers of our 2016 Kickstarter project. The Kickstarter campaign has ended, but we are still accepting donations to purchase additional observing time on the LCO 0.4m network. Thanks in advance for your support!      


Most cloud services still not GDPR-ready "IndyWatch Feed Tech"

With the compliance deadline for the GDPR fast approaching in May 2018, a new Netskope report took a close look at GDPR readiness among enterprise cloud services, finding little change in level of preparedness compared with levels previously reported. Nearly three-quarters of cloud services still lack key capabilities to ensure compliance. Data suggests enterprise standardization in cloud adoption Netskope observed a slight dip in the average amount of cloud services in use per enterprise, signaling More


Trump Renews Post-9/11 State of Emergency "IndyWatch Feed Tech"

Via: USA Today: President Trump has become the third president to renew a post-9/11 emergency proclamation, stretching what was supposed to be a temporary state of national emergency after the 2001 terror attacks into its 17th year. But the ongoing effects of that perpetual emergency arent immediately clear, because the executive branch has ignored a []


Irene Poetranto to speak at 6 Degrees Conference "IndyWatch Feed Tech"

Irene Poetranto, Citizen Lab Senior Researcher, will be speaking at the upcoming 6 Degrees Conference in Toronto. Organized by John Ralston Saul and Adrienne Clarkson of the Institute for Canadian Citizenship, the conference explores citizenship and inclusion in a world that demands answers now.

On September 27, Poetranto will speak on a panel entitled Digital Citizenship 101: Walled Gardens and Virtual Bridges that will explore the various power structures that shape the Internet and the ways in which citizens and activists are using digital tools to circumvent repression and censorship. Poetranto will be joined by Ramzi Jaber (Co-Founder and Co-Director of Visualizing Impact), Tara Denham (Director of the Democracy Unit in Global Affairs Canada), and Josephine Goube (Executive Director at Techfugees). The discussion will be moderated by Brett Solomon (Executive Director of Access Now).

For tickets and further information on the 6 Degrees conference, please visit the events website.

The post Irene Poetranto to speak at 6 Degrees Conference appeared first on The Citizen Lab.


Vatican Recalls Washington Diplomat Amid Child Pornography Investigation "IndyWatch Feed Tech"

Via: Reuters: A Vatican diplomat working in Washington has been recalled to the Holy See after the U.S. State Department said the priest may have violated child pornography laws, the Vatican said on Friday. Prosecutors in the Vatican have opened an investigation into the case, which represents a fresh blow to the Roman Catholic Church []


I Tried Direct Neurofeedback and the Results Surprised Me "IndyWatch Feed Tech"

My new story for my #transhumanism column at Psychology Today on Direct Neurofeedback:

Transhumanismthe movement of using science and technology to improve the human beingcovers many different fields of research. There are exoskeleton suits to help the disabled; there are stem cell treatments to cure disease; there are robots and AI to perform human chores. The field is wide open and booming as humanity uses more and more tech in its world.

Its not that often I get to participate directly in these radical technologies, but I did so recently when Grant Rudolph, Clinical Director at Echo Rock Neurotherapy in Mill Valley, California invited me to try his Direct Neurofeedback techniques. Via his computer and EEG wire hookups, Mr. Rudolph echoed my brainwave information back into my head at an imperceptible level. I did two sessions of Direct Neurofeedback.

At first, I was skeptical that Id even feel anything since the EEG information cant be detected by the skin as a sensation, but within five minutes of having the wires stuck onto my forehead, I began feeling different. I can compare it to a light dose of a recreational drug: I felt happy, content, and worry-free. I also felt more introspective than normal. The feedback only took a few seconds, and after about 15 minutes, I seemed to notice the worlds colors were sharper and my hearing was more acute. The heightened awareness and calming effect lasted about 24 hours and then most of it gradually wore off. Some of the clarity must still be working, because getting things done sometimes still seems easier. Im told that continued sessions would make this state of clarity my new norm.

Zoltan Istvan



Kerala, Indian FB user arrested for livestreaming sex on his Facebook page "IndyWatch Feed Tech"

Idukki youth arrested for live-streaming sex on Facebook

While live streaming explicit NSFW acts on Facebook are quite a common occurrence in the United States of America, in deeply conservative India it is frowned upon. However, there have been instances of revenge p@@n when exes leak images of their girlfriend/boyfriend after a breakup.

Linu, a 23-year-old Facebook user from Idukki district in Kerala, India become perhaps the first youth to be arrested for live streaming his erotic act with his girlfriend on Facebook. In the U.S. we have had people live streaming almost everything on Facebook including murder.  Last year, a 28-year-old man was fatally shot while he was in front of a house with two of his three children and some friends, broadcasting live on Facebook in the North Lawndale neighbourhood in Chicago.

Coming back to India, Linu said that he live-streamed the erotic acts on his Facebook page to get more likes. However, later under interrogation, Linu accepted that he live-streamed the carnal act to exact revenge on his lover whose name was not divulged by the authorities as per Indian laws.

Linu is a hotel employee in Idduki district and fell in love with the victim after she was estranged from her husband. The youth had befriended the woman, working in an Adimali textile shop, on Facebook. They met several times at her rented accommodation, where she has been living with her child, at Adimali. Police said the woman was aware of Linu recording their sexual acts on his mobile phone. They met again on September 6 and the man went live on Facebook, while having intimate moments with her.

The erotic video went viral on social media. The victim came to know about the live-streaming and approached the police. The victim alleged that Linu had raped her on false promises of marriage. Her twin sister filed a separate complaint with the police. In this complaint, the twin sister asked the authorities to pressurise Facebook to remove the video as it was affecting her life.

The police arrested Linu while he was trying to escape to Tamil Nadu. According to the authorities, he came to know that the victim had filed a police complaint against him and decided to flee to his home state of Tamil Nadu where the police arrested him on Friday. He has been charged under IPC 376 (punishment for rape) and relevant sections of the IT Act.
The youth said the video was uploaded to get more likes on Face book. But later he said they quarrelled and he live streamed their act to take revenge on her. He was unaware of the consequences of his act, Investigating officer K Babu told the media persons.  Babu also added that they had requested Facebook to remove the damning video based on the victims sisters complaint. Babu said that the police have also found several videos of Linu and th...


CCleaner Software Hacked with Backdoor; 2 Million Users Infected "IndyWatch Feed Tech"

By Waqas

CCleaner, a subsidiary of anti-virus giant Avast and security software

This is a post from Read the original post: CCleaner Software Hacked with Backdoor; 2 Million Users Infected


N.Y. Gov. Cuomo eyes expanding cyber regs to credit reporting agencies "IndyWatch Feed Tech"

New York Gov. Andrew Cuomo (D) announced Monday his intent to expand the state's strict cybersecurity standards for the financial sector to credit reporting bureaus. The announcement comes on the heels of the massive Equifax breach, which could...


The Science Behind Lithium Cell Characteristics and Safety "IndyWatch Feed Tech"

To describe the constraints on developing consumer battery technology as challenging is an enormous understatement. The ideal rechargeable battery has conflicting properties it has to store large amounts of energy, safely release or absorb large amounts of it on demand, and must be unable to release that energy upon failure. It also has to be cheap, nontoxic, lightweight, and scalable.

As a result, consumer battery technologies represent a compromise between competing goals. Modern rechargeable lithium batteries are no exception, although overall they are a marvel of engineering. Mobile technology would not be anywhere near as good as it is today without them. Were not saying you cannot have cellphones based on lead-acid batteries (in fact the Motorola 2600 Bag Phone was one), but you had better have large pockets. Also a stout belt or some type of harness? It turns out lead is heavy.

The Mo...


LetBox Exclusive KVM Offers "IndyWatch Feed Tech"

Hey guys, Mahmous from LetBox just sent in this offer and were happy to be able to feature them again. LetBox has been posted here a few times and have always gotten solid reviews from users. Their WHOIS is public, the accept Credit Card & 2Checkout & PayPal & Payza as payment, and you can find their Legal Docs/ToS here.

In their own words: 

LetBox specializes in bringing secure, reliable, and friendly hosting to a new level. We pursue their high standards each day by working hard to make sure our customers are happy, Our servers are top notch, and our great friendly and smiling staff is working their hardest to satisfy their customers needs.

The offers: 


2048MB Dedicated RAM
2x vCPU @ 3.20+ GHz
400 GB Dedicated HDD space (Raid10 SAS)
10GB x SnapShot Backup
3TB/Month @ 1 Gbps burstable
1x IPv4
Free 5 Minutes Server Monitoring + Blacklist (Email and SMS alert)
Free SMS Unpaid invoice Alert
IPV4 rdns Management
20Gbps DDoS-Shield Mitigation
$65 /Yearly

3072MB Dedicated RAM
2x vCore 3.20+ GHz
30GB HDD space (RAID10 SSD)
10GB x SnapShot Backup
Free 5 Minutes Server Monitoring + Blacklist (Email and SMS alert)
Free SMS Unpaid invoice Alert
2TB/Month @ 1 Gbps burstable
1x IPv4
20Gbps DDoS-Shield Mitigation
$5.50/ Month
$50/ Yearly


1024 MB Dedicated RAM
1x Core @ 3.20+ GHz


Starting a Robotics Company? Sell a Service, Not a Robot "IndyWatch Feed Tech"

Robot company founders and investors make a case for Robots as a Service at HAX demo day Image: Beetl The Beetl robot will start out as an automated poop scooper, but may add lawn mowing to the services it provides.

If you want to start a robot company, plan to kick off by selling a service performed by robots, not the robots themselves.

That was the message of robot startup founders and investors speaking at HAX demo day this week. HAX is a five-year-old hardware accelerator based in Shenzhen, China, and San Francisco.

Im a big fan of going out and doing a service with a robot, competing with other businesses that provide that service, rather than trying to sell a $100,000 robot, said Nathan Harding, co-founder of Ekso Bionics and now co-founder and CEO of Wink Robotics, a still-mostly-stealthy company intending to bring robotics technology into the beauty salon industry.

Panelists discuss the future of robotics startups at the September 2017 Hax demo day Photo: Tekla Perry Speaking at HAX Accelerator's September 2017 demo day about the future of robotics startups are (left to right): Duncan Turner, managing director, HAX Seed; Grant Allen, managing director, ABB; Travis Deyle, co-founder, Cobalt Robotics; and Nathan Harding, founder of Wink Robotics and Ekso Bionics

So, Harding continued, if you design a bricklaying robot, go out and bid on projects that involve laying bricks. Run like hell to be the best bricklaying company in the world, then eventually traditional companies will want to buy your robot or your company.

Duncan Turner, managing director of HAX Seed, an investment fund, agreed. Forget about fantastical robotic technologies, he said. Show what business is there, then talk about the robots afterwards.

We tell startups, dont ever think that the hardware is going to make you money, Turner said. Think about the service.

The priority right now is to deliver a service, said Travis Deyle, co-founder of security robot company Cobalt Robotics. Too many people for too long have focused on building sexy robots.

Harding even admitted to plans to adjust the name of his latest startup in order to emphasize the service provided instead of the technology. Wink Robotics is a good name for pitching investors, he said, but that will change before we go to market. Right now, he later added, companies...

Opteron vs. EPYC Benchmarks & Performance-Per-Watt: How AMD Server Performance Evolved Over 10 Years "IndyWatch Feed Tech"

By now you have likely seen our initial AMD EPYC 7601 Linux benchmarks. If you haven't, check them out, EPYC does really deliver on being competitive with current Intel hardware in the highly threaded space. If you have been curious to see some power numbers on EPYC, here they are from the Tyan Transport SX TN70A-B8026 2U server. Making things more interesting are some comparison benchmarks showing how the AMD EPYC performance compares to AMD Opteron processors from about ten years ago.


WASP-12b: A Low Albedo Planetary Torch "IndyWatch Feed Tech"

Sara Seager often describes the distribution of exoplanets as stochastic, meaning subject to statistical analysis but hard to predict. A good thing, then, that Kepler has given us so much statistical data to work with, allowing us to see the range of possible outcomes when stars coalesce and planetary systems emerge around them. Were not seeing copies of our own Solar System when we explore other stellar systems, but a variegated mix of outcomes.

Thus finding a planet with an albedo as dark as fresh asphalt goes down as yet another curiosity from a universe that yields them in great abundance. The planet is WASP-12b, a hot Jupiter of the most extreme kind. Previous work on this heavily studied world has already shown that due to its proximity to its host star, the planet has been stretched into an egg shape, while its day-side temperatures reach 2540 degrees Celsius, or 2810 Kelvin.

94 percent of incoming visible light here is trapped in an atmosphere so hot that clouds cannot form to reflect it. Hydrogen molecules are broken into atomic hydrogen, while alkali metals are ionized. The atmosphere resembles that of a low mass star instead of a planet, composed of atomic hydrogen and helium. Using Hubbles Space Telescope Imaging Spectrograph, the international team that produced this result, led by Taylor Bell (McGill University), has now measured an albedo of 0.064 at most, two times less reflective than our Moon.

Image: Twice the size of Jupiter, WASP-12b has the unique capability to trap at least 94 percent of the visible starlight falling into its atmosphere. Credit: NASA, ESA, and G. Bacon (STScI).

The planets radius is about twice Jupiters. The average hot Jupiter will reflect about 40 percent of incoming starlight, making WASP-12b a statistical outlier. But bear in mind that this planets proximity to its host star keeps it tidally locked, with one side always facing the star, the other always turned to space. That drops nightside temperatures well over 1000 degrees Celsius cooler, so that molecules can survive, producing possible clouds and hazes in the atmosphere.

Bell notes that the planet, orbiting about 3.2 million kilometers from its star, demonstrates that even among hot Jupiters the range of possibilities is surprisingly large:

This new Hubble research further demonstrates the vast diversity among the strange population of hot Jupiters, Bell said. You can have planets like WASP-12b that are 4,600 degrees Fahrenheit and some that are 2,200 degrees Fahrenhei...


Aubrey de Grey Joins LEAF Scientific Advisory Board "IndyWatch Feed Tech"

We are delighted to announce that Dr. Aubrey de Grey has accepted our offer to join the LEAF scientific advisory board, and he joins the other luminaries whose expertise we already benefit from.

The majority of you already know about Dr. Aubrey de Grey and his work at the SENS Research Foundation, but for those who are not familiar with him, here is a short introduction.


Ten Malicious Libraries Found on PyPI - Python Package Index "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI Python Package Index the official third-party software repository for the Python programming language.

NBU experts say attackers used a technique known as typo-squatting to upload Python libraries with names similar to legitimate packages e.g.: "urlib" instead of "urllib."

The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online.

Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts.

"These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script,, is modified to include a malicious (but relatively benign) code," NBU explained.

[...] Indicators of compromise are available in the NBU security alert.

[...] On a side note, and unrelated to the attack vector, NBU also advises Python developers to avoid using "pip" a Python package installer when downloading Python libraries, as pip does not support cryptographic signatures.


Original Submission

Read more of this story at SoylentNews.


Modeling of Electromechanical Sensors & Systems "IndyWatch Feed Tech"

In this webinar, PZFlex will explore and analyze some of the common pain-points, in complex device design and present pragmatic examples demonstrating how rapid FEA simulation can help engineers overcome challenges while minimizing time, risk and cost.

If you are interested in modeling electromechanical devices, including piezoelectric materials, then tune into this webinar to learn how PZFlex helps Fortune100 companies optimize device designs.

Understanding the complex, highly coupled behavior of electromechanical sensors (e.g. piezoelectric transducer arrays, SAWs, and electrostatic MUTs) and their performance in a system as a whole is critical in the development of innovative technologies (e.g. Ultrasonic Fingerprint Sensors, Medical Imaging, and RF Filters).
Due to the anisotropic materials, complex coupling effects, and multi-physics (piezoelectric, electrostatic, structural, thermal, and acoustic) involved in a single device design numerical simulation using finite element analysis (FEA) is often the only way to fully understand device and system behavior and inform the design process.

Powerful numerical simulation is an innovation enabler that provides engineers a means of predicting and understanding effects of design changes, environmental influences, and manufacturing tolerances on device and system performance. By facilitating rapid design iteration and assessment, effective simulation tools can explore large design spaces that would be impossible to do via physical prototypes.

In this webinar, PZFlex will explore and analyze some of the common pain-points in complex device design and present pragmatic examples demonstrating how rapid FEA simulation can help engineers overcome challenges while minimizing time, risk and cost.


Dr Gerry Harvey, VP of Engineering , PZFlex

Dr Gerry Harvey received a Ph.D. degree from the University Strathclyde, Glasgow, U.K. in 2008 for "An Investigation into the Simulation and Measurement of High Intensity Ultrasonic Systems." He has worked on the development of novel conformable piezoelectric transducers for the NDE industry, in addition to several consultancy programs in transducer design and product realization...


Optionsbleed bug in Apache HTTPD "IndyWatch Feed Tech"

Posted by Hanno Bck on Sep 18

Also at:

If you're using the HTTP protocol in everday Internet use you are
usually only using two of its methods: GET and POST. However HTTP has a
number of other methods, so I wondered what you can do with them and if
there are any vulnerabilities.

One HTTP method is called OPTIONS. It simply allows asking a server
which other HTTP...


The Pirate Bay website quietly runs a cryptocurrency miner on visitors' PCs, gobbling up CPU cycles "IndyWatch Feed Tech"

The Pirate Bay surprised many of its users when it quietly added a JavaScript-based cryptocurrency miner to its website.

David Bisson reports.


Links 18/9/2017: Linux 4.14 RC1, Mesa 17.2.1, and GNOME 3.26 on Ubuntu Artful "IndyWatch Feed Tech"

GNOME bluefish



  • Desktop

    • Linux Foundation head proclaims year of Linux desktop from a Mac

      In what could well take the award for the most hypocritical tech statement of the year, Linux Foundation executive director Jim Zemlin last week announced that 2017 was the year of the Linux desktop while using a macOS machine for his presentation.

      Zemlins statement was made during his keynote at the Open Source Summit 2017 that took place in Los Angeles from 11 to 14 September.

    • Were giving away a Linux-ready laptop from ZaReason

      For the first time ever, is partnering with ZaReason to give away an UltraLap 5330 laptop with Linux pre-installed!

      Since 2007, ZaReason has assembled, shipped, and supported hardware specifically designed for Linux, and the UltraLap 5330 is no exceptionthe 3.6-lb laptop ships with the Linux distribution of your choice and boasts the following hardware specs:

  • Server

    • ...


Future Proof Your SysAdmin Career: Communication and Collaboration "IndyWatch Feed Tech"

Future Proof Your SysAdmin Career: Communication and Collaboration


AI will change the face of security, but is it still the stuff of sci-fi? "IndyWatch Feed Tech"

The technology industry has always had a big problem with hype, with marketing teams, analysts and the media alike tending to fixate on the next big thing that will revolutionise our lives. Artificial intelligence is the latest technology to be seized by hype, due in part to its role as a staple of science fiction for decades something which sets it apart from other much-discussed topics such as big data analytics. This makes the More


The Future of EV "IndyWatch Feed Tech"

Chat so:

Ansonsten bin ich dauerhibbelig, weil ich am liebsten noch heute den Wagen verschrotten wrde, aber es gibt halt immer noch nicht das E-Auto, das ihn ersetzen kann. Immer nur Weirdmobiles und Prototypen fr 2020+.

Also, I am permanently excited, because Idl like to get rid of the current car ASAP, but the EV that can replace it is not available, yet. Only Weirdmobiles and prototypes for 2020.

That person is not alone:

EU motor industry caution go slow from ICE to #electric cars
But if youre not in the future, youre extinct

That model sees the EV transition completed by 2026, with violent change between 2020 and 2025. There is a lot to do right now to prepare build infra fast, convert model palette, and many more things.


Two Open Source Licensing Questions: The AGPL and Facebook "IndyWatch Feed Tech"

In many settings, open source licensing today is considered a solved problem. Not only has the Open Source Initiative (OSI) largely contained the long feared issue of license proliferation, the industry has essentially consolidated around a few reasonably well understood models.


CCleaner supply chain compromised to distribute malware "IndyWatch Feed Tech"

The Floxif malware downloader is used to gathers information (computer name, a list of installed applications, a list of running processes, MAC addresses for the first three network interfaces) about infected systems and to download and run other malicious binaries.

The variant of Floxif malware spread by the crooks only works on 32-bit systems and victims must use an administrator account.

Researchers speculate attackers have compromised the Avasts supply chain to spread the Floxif trojan.

It is possible that attackers compromised the company system, but experts havent excluded that the incident was an insiders job.

Given the presence of this compilation artifact as well as the fact that the binary was digitally signed using a valid certificate issued to the software developer, it is likely that an external attacker compromised a portion of their development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization. It...


Demand for Open Source Skills on the Rise "IndyWatch Feed Tech"

Demand for Open Source Skills on the Rise


Linux Mint Continues Working On HiDPI Improvements "IndyWatch Feed Tech"

The latest Linux Mint monthly news is out that highlights some of the recent development efforts around this Ubuntu-derived Linux distribution. A common theme still are HiDPI improvements and Cinnamon 3.6 finally enabling HiDPI by default...


IBM's Eclipse OpenJ9 Is A Promising Open-Source JVM "IndyWatch Feed Tech"

For those that missed the news over the weekend, IBM has open-sourced its in-house JVM and contributed it to the Eclipse Foundation. Eclipse OpenJ9 is this new, full-featured, enterprise-ready open-source Java Virtual Machine...


Microsoft Pix Uses AI to Make Whiteboard Photos Better "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

Microsoft's Pix sets itself apart from other camera apps by using the power of artificial intelligence to correct your photos, learning new tricks over time. It can do things like add artistic flair to your images, turn photos shot in a row into "Live Images," or just making sure the people in your photos look great. This week, the app got a new update out that adds yet another AI trick to the pile: The ability to capture whiteboards and turn them into useful images.

So, for example, if you're at an important meeting, you can use Pix to take a photo of a diagram on the whiteboard to remember it later. The Pix app will then sharpen the focus, ramp up the color and tone, crop out the background and realign the image appropriately so that the diagram is shown straight-on.

According to Microsoft:

The updated app automatically detects whiteboards, documents and business cards in real time and intelligently adjusts camera settings for these types of photos. Once the shutter clicks, the app uses AI to improve the image, such as cropping edges, boosting color and tone, sharpening focus and tweaking the angle to render the image in a straight-on perspective.


Original Submission

Read more of this story at SoylentNews.


This Week in Numbers: New Monitoring Methods for Kubernetes "IndyWatch Feed Tech"

Our new report, The State of the Kubernetes Ecosystem reports on a survey of 470 container users, 62 percent of which were at least in the initial production phase for the Kubernetes open source container orchestration engine. After further screening, we were able to get detailed information from 208 people about the storage and monitoring technologies they use with Kubernetes.


Chest of Drawers Stores Audio Memories "IndyWatch Feed Tech"

Some people collect stamps, some collect barbed wire, and some people even collect little bits of silicon and plastic. But the charmingly named [videoschmideo] collects memories, mostly of his travels around the world with his wife. Trinkets and treasures are easy to keep track of, but he found that storing the audio clips he collects a bit more challenging. Until he built this audio memory chest, that is.

Granted, you might not be a collector of something as intangible as audio files, and even if you are, it seems like Google Drive or Dropbox might be the more sensible place to store them. But the sensible way isnt always the best way, and we really like this idea. Starting with what looks like an old card catalog file hands up if youve ever greedily eyed a defunct card catalog in a library and wondered if it would fit in your shop for parts storage [videoschmideo] outfitted 16 drawers with sensors to detect when theyre opened. Two of the drawers were replaced by speaker grilles, and an SD card stores all the audio files. When a drawer is opened, a random clip from that memory is played while you look through the seashells, postcards, and what-have-yous. Extra points for using an old-school typewriter for the drawer labels, and for using old card catalog cards for the playlists.

This is a simple idea, but a powerful one, and we really like the execution here. This one manages to simultaneously put us in the mood for some world travel and a trip to a real library.

Filed under: misc hacks


CSE CybSec ZLAB Malware Analysis Report: NotPetya "IndyWatch Feed Tech"

Im proud to share with you the first report produced by Z-Lab, the Malware Lab launched by the company CSE CybSec. Enjoy the Analysis Report NotPetya.

As most of you already know I have officially presented my new Co a couple of months ago, CybSec Enterprise is its name and we already started to work on strategic projects that we will reveal soon meantime I apologize for the website that is still under construction.

We have already launched a malware Lab, lets call it Z-Lab, composed by of group of skilled researchers and lead by Eng. Antonio Pirozzi.

Its a pleasure for me to share with you one of the first analysis that we have recently conducted on the NotPetya Ransomware.

We have dissected the ransomware and discovered interesting details that are included in our report.

Below the abstract, the detailed report is available for free on our website.


Due to the lack of updates performed by users on their machines, many threats spread out exploiting well-known vulnerabilities. This is what happened with the propagation of the NotPetya Ransomware, which infected a lot of users mostly in East Europe. This malware uses a famous exploit developed by NSA, Eternalblue, allowed by a vulnerability (MS17-010; CVE-2017-0143) in the Windows implementation of SMB protocol. The above-mentioned exploit was leaked in April 2017 and was used the first time with another malware, WannaCry, which caused more damage than NotPetya.

NotPetyas could be confused with Petya ransomware (spread out in 2016) because of its behavior after the system reboot, but actually not because NotPetya is much more complex than the other one. In fact...


Amazon is Building a Haunted House to Hype its Spooky 'Lore' Series "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

Amazon's podcast-turned-series Lore is launching on Friday, October 13th, just in time for pre-Halloween fun. But the online shopping has more up its sleeve to get folks in the right spooky holiday spirit. Amazon is opening an immersive haunted house experience in Los Angeles next month that's themed to the show's thesis: "The scariest stories are often true."

That means rooms set up to tell creepy stories about real events that often settled into local legend -- fodder the podcast has covered since creator Aaron Mahnke launched it in 2015. Amazon bought the rights to adapt the audio show into a six-episode series back in April 2016, but creating a local and immersive "experience" to hype viewers up for the show is a newer fad.


Original Submission

Read more of this story at SoylentNews.


RadeonSI OoO Rasterization Lands In Mesa 17.3 For RX Vega & VI GPUs "IndyWatch Feed Tech"

The RadeonSI out-of-order rasterization support for RX Vega "GFX9" and Volcanic Islands GPUs has now landed in Mesa 17.3-devel Git...


Mir Now Has Initial Support For Wayland Clients "IndyWatch Feed Tech"

Quietly being added to the Mir display stack a week ago was initial support for Wayland clients...


The Future of the Diesel is "IndyWatch Feed Tech"

Many Newspapers report (Article in German):

Nach meinen Informationen ist nicht eine einzige Typenzulassung fr Euro-6d-Fahrzeuge beim Kraftfahrtbundesamt beantragt worden, sagte der stellvertretende Vorsitzende der Grnen-Bundestagsfraktion, Oliver Krischer. Die Automanager reden von nichts anderem, als von diesen Euro-6d-Fahrzeugen. Aber man kann sie nicht kaufen, nirgendwo, so Krischer.

Since September, there have been no recorded type registrations of Euro-6d cars. These would be the first Diesel cars that stay within the NOx limits not only in a lab, but also under real conditions. They cannot be bought, anywhere.

Meanwhile, Volkswagen Dealerships are suing Volkswagen:

According to Der Spiegel, the lawsuits are for up to 3k EUR per car, for value loss in the wake of the scandal and the huge amount of time to be put into each car for updates and the legal proceedings against their customers:

Die Hndler fordern Schadensersatz fr den Preisverfall von Dieselfahrzeugen nach Verbandsangaben bis zu 3000 Euro pro Auto sowie fr den hohen Zeitaufwand, den die Hndler mit prozessierenden Kunden haben.

Elsewhere, Diesel-Hate borders on the hysteric. An article in The Guardian reports various Union motions and lawsuits that conflate carbon monoxide, carbon dioxide, NOx and fine particulates. While it is medically undisputed that exposure to exhaust fumes in general is unhealthy, the different causes and their chemistry make the legal situation complicated.


Linux Commands for Managing, Partitioning, Troubleshooting "IndyWatch Feed Tech"

Managing Linux disks and the file systems that reside on them is something of an art from initial setup to monitoring performance.

How much do you need to know about disks to successfully manage a Linux system? What commands do what? How do you make good decisions about partitioning? What kind of troubleshooting tools are available? What kind of problems might you run into? This article covers a lot of territory from looking into the basics of a Linux file systems to sampling some very useful commands.


Week ahead in tech: Debate over online sex trafficking bill heats up "IndyWatch Feed Tech"

The Senate Commerce Committee on Thursday will debte an anti-online sex trafficking bill that has sparked opposition from internet companies who worry it would hold them liable for content published by their users.The panel will hold a hearing...


CCleaner, distributed by anti-virus firm Avast, contained malicious backdoor "IndyWatch Feed Tech"

Trusted by millions, distributed by an anti-virus company, CCleaner compromised the security of users with a malicious backdoor.


Banshee Engine Planning For Linux Support In Q4 "IndyWatch Feed Tech"

Banshee has been a promising C++14-written, multi-threaded open-source game engine featuring Vulkan support. When the Vulkan support was added at the start of the year the plan was to see the Linux support added to the game engine in Q2. Well, it looks like in Q4 we could see the Linux client finally materialize...


Philip K Dicks Electric Dreams, Channel 4 "IndyWatch Feed Tech"

Decades on, his work remains an irresistible trove of ideas for film-makers to plunder. Philip K Dicks Electric Dreams, which begins on Sunday (Channel 4, 9pm), is an ambitious series of 10 one-hour films based on his stories, with different casts and creative teams.

An ambitious series of 10 one-hour films based on the stories of the sci-fi writer.


Equifax CIO, CSO Retire in Wake of Huge Security Breach "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

On Friday, Equifax announced that two top executives would be retiring in the aftermath of the company's massive security breach that affected 143 million Americans.

According to a press release, the company said that its Chief Information Officer, David Webb, and Chief Security Officer, Susan Mauldin, would be leaving the company immediately and were being replaced by internal staff. Mark Rohrwasser, who has lead Equifax's international IT operations, is the company's new interim CIO. Russ Ayres, who had been a vice president for IT at Equifax, has been named as the company's new interim CSO.

The notorious breach was accomplished by exploiting a Web application vulnerability that had been patched in early March 2017.

However, the company's Friday statement also noted for the first time that Equifax did not actually apply the patch to address the Apache Struts vulnerability (CVE-2017-5638) until after the breach was discovered on July 29, 2017.


Also at

Original Submission

Read more of this story at SoylentNews.


Inside the MPAA, Netflix & Amazon Global Anti-Piracy Alliance "IndyWatch Feed Tech"

The idea of collaboration in the anti-piracy arena isnt new but an announcement this summer heralded what is destined to become the largest project the entertainment industry has ever seen.

The Alliance for Creativity and Entertainment (ACE) is a coalition of 30 companies that reads like a whos who of the global entertainment market. In alphabetical order its members are:

Amazon, AMC Networks, BBC Worldwide, Bell Canada and Bell Media, Canal+ Group, CBS Corporation, Constantin Film, Foxtel, Grupo Globo, HBO, Hulu, Lionsgate, Metro-Goldwyn-Mayer (MGM), Millennium Media, NBCUniversal, Netflix, Paramount Pictures, SF Studios, Sky, Sony Pictures Entertainment, Star India, Studio Babelsberg, STX Entertainment, Telemundo, Televisa, Twentieth Century Fox, Univision Communications Inc., Village Roadshow, The Walt Disney Company, and Warner Bros. Entertainment Inc.

The aim of the project is clear. Instead of each company considering its anti-piracy operations as a distinct island, ACE will bring them all together while presenting a united front to decision and lawmakers. At the core of the Alliance will be the MPAA.

ACE, with its broad coalition of creators from around the world, is designed, specifically, to leverage the best possible resources to reduce piracy,
outgoing MPAA chief Chris Dodd said in June.

For decades, the MPAA has been the gold standard for antipiracy enforcement. We are proud to provide the MPAAs worldwide antipiracy resources and the deep expertise of our antipiracy unit to support ACE and all its initiatives.

Since then, ACE and its members have been silent on the project. Today, however, TorrentFreak can pull back the curtain, revealing how the agreement between the companies will play out, who will be in control, and how much the scheme will cost.

Power structure: Founding Members & Executive Committee Members

Netflix, Inc., Amazon Studios LLC, Paramount Pictures Corporation, Sony Pictures Entertainment, Inc., Twentieth Century Fox Film Corporation, Universal City Studios LLC, Warner Bros. Entertainment Inc., and Walt Disney Studios Motion Pictures, are the Founding Members (Governing Board) of ACE.

These companies are granted full voting rights on ACE business, including the approval of initiatives and public policy, anti-piracy strategy, budget-related matters, plus approval of legal action. Not least, theyll have the power to admit or expel ACE members.

All actions taken by th...


CVE-2017-14497: Linux kernel: packet: buffer overflow in tpacket_rcv() "IndyWatch Feed Tech"

Posted by Vladis Dronov on Sep 18


An upstream commit which introduced the flaw is 58d19b19cd (v4.6-rc1),
the flaw was fixed by edbd58be15 (v4.13).

An attacker can exploit the flaw if granted root permissions in
a user+net namespace, i.e. with an ability to open PF_PACKET+SOCK_RAW

[REGULAR USER] <= not vulnerable, expected

$ ./vnethdr
socket(): create raw packet socket failed: Operation not permitted

[ROOT] <= vulnerable, expected

# ./vnethdr...


The hacker KuroiSH defaced the official Google Brazil domain "IndyWatch Feed Tech"

A hacker using the online moniker of KuroiSH defaced the Google Brazil domain on Tuesday afternoon, this isnt the first high-profile target he breached.

A hacker using the online moniker of KuroiSH defaced the official Google Brazil domain on Tuesday afternoon. The defaced page displayed a message greeting his friends for the successful attack on such a high-profile target.

It is a great moment to die. Hacked by KuroiSH! Two Google at once, I dont even care; f**k the jealous hates such as Nofawkx. Two Google at once world record idgaf :D. Greets to my friends Prosox & Shinobi h4xor.

Below the deface page uploaded by the hacker and a video PoC of the hack:

Google Brazil defaced

KuroiSH successfully uploaded a deface page that remained on the domain for more than 30 minutes.

KuroiSH, who proclaims itself as a half gray hat and white hat explained that he was also able to control Google Paraguay but he didnt have time to do it.

I reached KuroiSH to ask why he defaced the Google Brazil domain, he told me that it is a demonstrative hack to demonstrate that everything can be hacked.

He highlighted the importance of cyber security and the risks every company online face if underestimate cyber threats.

Google Brazil has also acknowledged the defacement, the company clarified that its systems were not hacker anyway.

Google has not been hacked. DNS servers may have suffered an attack, redirecting to other sites. states Google Brazil.

Shortly after the attack, some Brazilian media outlets reported that hacker also defaced Google Maps and Google Translate domains, but KuroiSH has denied the involvement...


Open Container Initiative Reaches Great Milestone, Says Red Hat Chief Technologist "IndyWatch Feed Tech"

After two years of work, the Open Container Initiative launched Version 1.0 for container runtime and image specifications in July. OCIs foundation, formed by a number of container industry leaders, was tasked with the mission to create specifications that would support container portability across different operating systems and platforms. Red Hat Inc.s chief technologist likes the specifications that hes seen so far.


Unpatched Windows Kernel Bug Could Help Malware Hinder Detection "IndyWatch Feed Tech"

A 17-year-old programming error has been discovered in Microsoft's Windows kernel that could prevent some security software from detecting malware at runtime when loaded into system memory. The security issue, described by enSilo security researcher Omri Misgav, resides in the kernel routine "PsSetLoadImageNotifyRoutine," which apparently impacts all versions of Windows operating systems


Become A Certified Hacker 5 Online Learning Courses for Beginners "IndyWatch Feed Tech"

Hacking is not a trivial process, but it does not take too long to learn. If you want to learn Ethical Hacking and Penetration testing, you are at right place. We frequently receive emails from our readers on learning how to hack, how to become an ethical hacker, how to break into computers, how to penetrate networks like a professional, how to secure computer systems and networks, and so on.


Top 10 Most Pirated Movies of The Week on BitTorrent 09/18/17 "IndyWatch Feed Tech"

This week we have three newcomers in our chart.

Pirates of the Caribbean: Dead Men Tell No Tales is the most downloaded movie for the second week in a row.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the weekly movie download chart.

This weeks most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 (1) Pirates of the Caribbean: Dead Men Tell No Tales 6.9 / trailer
2 () Transformers: The Last Knight 5.2 / trailer
3 () Baby Driver 8.0 / trailer
4 (3) Wonder Woman


A Jet Engine On A Bike. Whats The Worst That Could Happen? "IndyWatch Feed Tech"

On todays edition of dont try this at home, were transported to Russia to see [Igor Negoda]s working jet bicycle.

This standard mountain bike comes equipped with a jet engine capable of 18kg of thrust, fixed to the frame under the seat with an adjustable bracket to change its angle as needed. A cell phone is zip-tied to the frame and acts as a speedometer if it works, its not stupid and an engine controller displays thrust, rpm and temperature.  A LiPo battery is the engines power source with a separate, smaller battery for the electronics. The bike is virtually overgrown with wires and tubes that feed the engine, including an auxiliary fuel tank where a water bottle normally resides. Wheres the main fuel tank? In [Negoda]s backpack, of course.

It certainly kicks up a mean dust cloud and makes a heck of a racket but the real question is: how fast does it go? From the looks of the smartphone, 72 km/h, 45 mph, or 18 rods to the hogshead.

At maximum thrust, [Negoda] and his bike together weighing about 100kg are able to achieve 72 km/h before the road ran out!

Much like when we featured the renegade backyard inventor Colin Furzes turbo charger jet engine, we must emphasize great caution must be taken around jet engines. Especially those new-fangled 3D printed ones the kids are hacking together these days.

Filed under: transportation hacks


[SECURITY] [DSA 3976-1] freexl security update "IndyWatch Feed Tech"

Posted by Salvatore Bonaccorso on Sep 18

Debian Security Advisory DSA-3976-1 security () debian org Salvatore Bonaccorso
September 17, 2017

Package : freexl
CVE ID : CVE-2017-2923 CVE-2017-2924


[slackware-security] kernel (SSA:2017-258-02) "IndyWatch Feed Tech"

Posted by Slackware Security Team on Sep 18

[slackware-security] kernel (SSA:2017-258-02)

New kernel packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/linux-4.4.88/*: Upgraded.
This update fixes the security vulnerability known as "BlueBorne".
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at
Linux kernel version...


Real-Life Example of Uber's Regulator-Evading Software "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

Portland, Oregon, was one of the cities we mentioned where Uber employed the so-called "Greyball" tool. The city has now released a scathing report detailing that Uber evaded picking up 16 local officials for a ride before April 2015, when the service finally won approval by Portland regulators.

The Greyball software employs a dozen data points on a new user in a given market, including whether a rider's Uber app is opened repeatedly in or around municipal offices, which credit card is linked to the account, and any publicly available information about the new user on social media. If the data suggests the new user is a regulator in a market where Uber is not permitted, the company would present that user with false information about where Uber rides are. This includes showing ghost cars or no cars in the area.

The city concluded that, when Uber started operating in the city in December 2014 without Portland's authorization, the Greyball tool blocked 17 rider accounts. Sixteen of those were government employees. In all, Greyball denied 29 ride requests by city transportation enforcement officers.


Original Submission

Read more of this story at SoylentNews.


Hospital Captures First Commercial Volta GPU Based DGX-1 Systems "IndyWatch Feed Tech"

At well over $150,000 per appliance, the Volta GPU based DGX appliances from Nvidia, which take aim at deep learning with framework integration and 8 Volta-accelerated nodes linked with NVlink, is set to appeal to the most bleeding edge of machine learning shops.

Nvidia has built its own clusters by stringing several of these together, just as researchers at Tokyo Tech have done with the Pascal generation systems. But one of the first commercial customers for the Volta based boxes is the Center for Clinical Data Science, which is part of the first wave of hospitals set to use deep learning for MR and CT image analysis.

The center, which is based in Cambridge, Massachusetts, has secured a whopping four DGX-1 Volta appliances, which sport the latest GPUs with eight per node with the NVlink interconnect. The Next Platform talked with Neil Tenenholtz, senior data scientist at the center, about where deep learning will yield results for hospitals and medical research and about their early experiences with the four machines.


In 2015, the Allen Institute for Artificial Intelligence (AI2) ran its first Allen AI Science Challenge, which tested machines on an ostensibly difficult taskanswering eighth-grade science questions "IndyWatch Feed Tech"

Doing well on such a challenge would appear to require significant advances in AI technology, making it a potentially powerful way to advance the field. In this video, Carissa Schoenick discusses Moving Beyond the Turing Test with the Allen AI Science Challenge, in the September 2017 CACM.


[SECURITY] [DSA 3975-1] emacs25 security update "IndyWatch Feed Tech"

Posted by Moritz Muehlenhoff on Sep 18

Debian Security Advisory DSA-3975-1 security () debian org Moritz Muehlenhoff
September 15, 2017

Package : emacs25
CVE ID : CVE-2017-14482

Charles A. Roelli...


Malware attacks leverage the Hangul Word Processor and PostScript to spread malware "IndyWatch Feed Tech"

Experts at Trend Micro reported malware attacks that leveraged the Hangul Word Processor (HWP) word processing application to target users.

It has happened again, attackers leveraged the Hangul Word Processor (HWP) word processing application to target users in South Korea.

The application is very popular in South Korea and was exploited in several hacking campaigns against entities in the country.

In the recent attacks, hackers use the Hangul Word Processor in association with PostScript. The attackers use emails containing malicious attachments to deliver the malware.

A branch of PostScript called Encapsulated PostScript exists, which adds restrictions to the code that may be run. This is supposed to make opening these documents safer, but unfortunately older HWP versions implement these restrictions improperly. We have started seeing malicious attachments that contain malicious PostScript, which is in turn being used to drop shortcuts (or actual malicious files) onto the affected system. states the analysis published by Trend Micro.

Although the Encapsulated PostScript adds restrictions to secure the system while opening a document, the older HWP versions implement these restrictions improperly. The attackers have started using attachments containing malicious PostScript to drop shortcuts or malicious files onto the affected system.

Experts noticed that some of the subject lines and document names used by attackers include Bitcoin and Financial Security Standardization.

Hangul Word Processor

Researchers highlighted that attackers dont use an actual exploit, but abuse a feature of PostScript to manipulate files.

PostScript doesnt have the ability to execute shell commands, but attackers obtain a similar behavior by dropping files into various startup folders, then these files are executed when the user reboots the machine.

Some of the ways weve seen this seen of this include:

  1. Drops a shortcut in the startup folder, which executes MSHTA.exe to execute a Javascript file....


GOOGLE: Conceived, Funded and Directed By The CIA "IndyWatch Feed Tech"

What we have watched for almost thirty years has been an unprecedented grab for access to public data, excused by so called terrorism as a convenient excuse.  Most real terrorism demands institutional support and has had it as we eventually discover.
The only problem with all that is that we actually cannot locate an enemy in all this data. Public information is banal at best and never really incriminating however stupid real criminals are.  I mean the  first thing about criminal behavior, it presumes that the criminals know they are criminal.  That automatically means common sense kicks in and all conversations are held in the middle of a park.

It has been my contention for years that all this data is useless for the intent implied and incredibly costly to actually shift through.  It is in fact crazy useless.

It is however useful to folks who have access to engage in private enterprise criminality who know a target.

This item shares the deep linkage between Google and the intelligence community.  More to the point they broke off upon the arrival of a working product.  That means Brin took on the public component while the rest went Dark.   That makes good sense along with plausible deniability.

How the CIA made Google

Inside the secret network behind mass surveillance, endless war, and Skynet

By Nafeez Ahmed

INSURGE INTELLIGENCE, a new crowd-funded investigative journalism project, breaks the exclusive story of how the United States intelligence community funded, nurtured and incubated Google as part of a drive to dominate the world through control of information. Seed-funded by the NSA and CIA, Google was merely the first among a plethora of private sector start-ups co-opted...


The Establishment in PANIC; They Ditch Antifa "IndyWatch Feed Tech"

Presuming this is sustained, then perhaps the whole Antifa meme will go away.  Eventually rational people get over their hates and own disturbed thinking and wake up to what they are really doing.  Promoting and supporting a group of anarchists is plausibly the most stupid thing any power source can do.

The reason the Neo Nazis never get off the ground is financial starvation.  Thus they hang around like a homeless person outside a society ball.  Funding anarchists of the left can only blow back.

Now we have a sudden movement to redress this nonsense and it should all die down quickly.

The Establishment in PANIC; They Ditch Antifa; Massive Shift in the Last 48 Hours

The establishment has apparently just gotten word to take down Antifa, a group they were singing the praises of as recently as two weeks ago.

This is big. Only weeks ago after Charlottesville, MSM and aligned cronies were supporting Antifa against Trump's whataboutism in deflecting away from the neo-Nazis.
Even Paul Ryan wouldn't condemn Antifa. From Dailywire:

Seven Things about Linux You May Not Have Known "IndyWatch Feed Tech"

One of the coolest parts about using Linux is the knowledge you gain over time. Each day, youre likely to come across a new utility or maybe just an unfamiliar flag that does something helpful. These bits and pieces arent always life-changing, but they are the building blocks for expertise.

Even experts dont know that all, though. No matter how much experience you might have, there is always more to learn, so weve put together this list of seven things about Linux you may not have known.


Why Google made the NSA "IndyWatch Feed Tech"

This is more on the Google involvement with government agencies and thee focus is the later development of the NSA.
All this has been motivated by desires to control information and that is argued to be a mug's game

The real proof that that is the case came with the astonishing rise of one Donald Trump who accessed social media allowing him to sidestep the whole establishment apparatus. They can still force their agenda, as they have shown but it is not been easy either.

Why Google made the NSA

Inside the secret network behind mass surveillance, endless war, and Skynet

Jan 22, 2015

part 2

by Nafeez Ahmed

INSURGE INTELLIGENCE, a new crowd-funded investigative journalism project, breaks the exclusive story of how the United States intelligence community funded, nurtured and incubated Google as part of a drive to dominate the world through control of information. Seed-funded by the NSA and CIA, Google was merely the first among a plethora of private sector start-ups co-opted by US intelligence to retain information superiority.

The origins of this ingenious strategy trace back to a secret Pentagon-sponsored group, that for the last two decades has functioned as a bridge between the US government and elites across the business, industry, finance, corporate, and media sectors. The group has allowed some of the most powerful special interests in corporate America to systematically circumvent democratic acco...


Male and female brains wired differently, scans reveal "IndyWatch Feed Tech"


That they are clearly and significantly different is important, particularly in this era in which sex related variances are struggling for  recognition on what is a non biological basis.

It is my contention that the maturation of intelligence needs to done differently for boys and girls as well.  This surely supports just that.  Yet we cannot seem to get education right to anyone's satisfaction either.

There is a real science here that will become increasingly important.

Male and female brains wired differently, scans reveal

Maps of neural circuitry show women's brains are suited to social skills and memory, men's perception and co-ordination Neural map of a typical man's brain. Photograph: National Academy of Sciences/PA

Ian Sample, science correspondent

Monday 2 December 2013 20.40

Scientists have drawn on nearly...


This Crystal Mimics Learning and Forgetting - Facts So Romantic "IndyWatch Feed Tech"

You dont need a brain to learn. Slime molds, for example, solve mazes and navigate obstaclesall without a single neuron. Information about their environment is somehow stored across their bodies. (Scientists are still a bit hazy on how this works.)

Plasmodium stage of a slime mold.Photograph by By Dr Morley Read / Flickr

But what about something that isnt even alive? A new paper suggests that samarium nickelate oxide (SNO, for short), a synthetic crystal, can mimic learning.

SNOs ability comes from its environmental sensitivity. When it makes contact with hydrogen gas, it steals electrons from the hydrogen and its electric resistivity increases. It basically changes the electrical resistance of the material by many orders of magnitudeand this happens even at room temperature, said Shriram Ramanathan, a professor of material science at Purdue University and co-author on the study. Its a really remarkable effect.

Successive exposure, however, produces diminishing returnsSNO becomes habituated to the hydrogen and its resistivity increases more slowly. You might take that behavior for granted, Ramanathan said. [But] habituation is considered to be a very fundamental survival skill for organisms. For example, dogs can become habituated to loud car engines. At first, they might be threatening,
Read More


Ford Invests in Michigan's Autonomous Car Testing Grounds "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

Ford might not be the first name that comes to mind when you think of autonomous vehicles (unless you really like Domino's pizza), but that doesn't mean the automaker is sitting by while everyone else is making leaps and bounds in the space. The company just announced that it's making a $5 million investment in the American Center for Mobility. "This is an investment in the safe, rapid testing and deployment of transformative technology that will help improve peoples' lives," Ford's CTO Ken Washington said in a press release (PDF).

The money puts Ford in the same company as AT&T, Toyota Motor North America and Toyota Research Institute as a founder of the 500 acre Willow Run autonomous vehicle testing campus located outside of Detroit in Ypsilanti Township. Willow Run's first phase is scheduled to open this December. Michigan Governor Rick Snyder called the investment a show of faith from Ford to the world's automotive capital. "As the convergence between the technological and manufacturing sectors continues to grow, it is very encouraging to see great Michigan companies like Ford leading the way toward our future," he said in the same release.


Original Submission

Read more of this story at SoylentNews.


Disaster relief hacks dominate the stage at the Disrupt SF 2017 Hackathon "IndyWatch Feed Tech"

At the Disrupt SF 2017 Hackathon, a massive swath of the 102 companies that took the stage on Sunday presented hacks with disaster relief in mind. From ResQme to ResQMi to RescueMe, if you can think of a phrase with the word rescue in it, it probably showed up on stage among the roughly 30 emergency and disaster related hacks.

While some hacks addressed specific disaster scenarios like emergency ridesharing and drone rescue operations, nearly all of the disaster-related apps mentioned failings of modern emergency management, like a lack of communication between victims and rescuers and the absence of a cohesive program tracking realtime rescue and relief efforts.


Better Stepping With 8-Bit Micros "IndyWatch Feed Tech"

The electronics for motion control systems, routers, and 3D printers are split into two camps. The first is 8-bit microcontrollers, usually AVRs, and are regarded as being slower and incapable of cool acceleration features. The second camp consists of 32-bit microcontrollers, and these are able to drive a lot of steppers very quickly and very smoothly. While 32-bit micros are obviously the future, there are a few very clever people squeezing the last drops out of 8-bit platforms. Thats what the Buildbotics team did with their ATxmega chip theyre using a clever application of DMA as counters to drive steppers.

The usual way of driving steppers quickly with an ATMega or other 8-bit microcontroller is abusing the hardware timers. Its quick, but there is a downside. It takes time for these timers to start and stop, and if youre doing it two hundred times per second with four stepper motors, that clock jitter will ruin your CNC machine. The solution is to use a DMA channel to count down, with each count sending out a pulse to a stepper. Its a clever abuse of the hardware, and the only drawback is the micro cant send more than 2 pulses per any 5ms period. Thats not really an issue because that would mean some very, very fast acceleration.

The Buildbotics team currently has a Kickstarter running for their four-axis CNC controller using this technique. Its designed for Taig mills, 6040 routers, K40 lasers, and other various homebrew robots. Its an interesting solution to the apparent end of the of the age of 8-bit microcontrollers in CNC machines and certainly worth checking out.

Filed under: cnc hacks, Microcontrollers


Off-Grid Electrification Financing Is Failing "IndyWatch Feed Tech"

Off-grid systems garner a piddling 1% of electricity investment in the African and Asian countries that need them most Photo: Tahir Ahmed/Barcroft Media/Getty Images Students at Tilotama's solar-powered tuition centre in Pondikote village, Odisha, India

For all of the excitement about using solar power to bring electricity to the more than 1 billion rural poor worldwide living without it, big picture trends provide a sobering reality check. In spite of innovative off-grid technology and business plans and high profile initiatives aiming to power remote villages in subsaharan Africa, for example, electrification there is still falling behind population growth. In 2009 there were 585 million people in sub-Saharan Africa without power, and five years later that figure had risen to 632 million, according to the latest International Energy Agency (IEA) statistics.

A first-of-its-kind deep-dive analysis of the flow of capital, released by the United Nations Sustainable Energy for All (SEforALL) program today, shows that off-grid systems simply are not getting the support they deserve. This research shows that only 1 percent of financing for electrification is going into this very promising and dynamic energy solution, says SEforALL CEO Rachel Kyte, who says the findings are a wake up call for the international community.

The 20 countries targeted in SEforALLs Energizing Finance report account for 80 percent of the estimated 1.06 billion people globally living without electricityas well as 84 percent of the 3.04 billion people who lack access to clean cooking technology. Energizing Finance found that total investment in electricity infrastructurebe it public or private, international or domesticaveraged $19.4 billion a year in 2013 and 2014 (the latest year with full statistics). Of that, a miniscule $200 million per year was dedicated to off-grid systems.

This is alarming the authors write in light of off-grid solars enormous promise to provide basic electricity services quickly and at significantly lower costs. The IEA estimates that 45 percent of rural electrification is best achieved by solar systems.

Kyte says Energizing Finance casts doubt on the international communitys goals of achieving universal access to electricity and to sustainable cooking fuels by 2030. The level of finance that is actually flowing to real, time-tested solutions for energy access is not at the levels nor flowing at the pace which would put us on track to achieve the goals, she says.

SEforALL's report, a collaboration with research gr...


OurMine Hacks Vevo After Employee Was Disrespectful to Hackers on LinkedIn "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

Hacking group OurMine has breached Vevo, a video hosting service, and has leaked files from the company's internal network.

The hacker group, who has a reputation for defacing websites and social media accounts, said it leaked data from Vevo after one of its employees was disrespectful to an OurMine member on LinkedIn.

[...] In an email to Bleeping Computer, a Vevo spokesperson acknowledged the incident.

"We can confirm that Vevo experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure," the company said.

Vevo did not comment if the hacker group made any ransom demands. The mysterious disappearance of most of the leaked files might lead some people to believe Vevo might have caved in and paid, hence the reason why most of the files are gone.

OurMine did not respond to a request for comment.

The hacking crew, believed to be operating out of Saudi Arabia according to a BuzzFeed investigation, rarely hacks and leaks files. OurMine has built quite the reputation in the past years by hacking social media accounts belonging to companies, celebrities, and CEOs.


Original Submission

Read more of this story at SoylentNews.


Building a Working Game of Tetris in Conways Game of Life "IndyWatch Feed Tech"

If you havent been following along with Conways Game of Life, its come a long way from the mathematical puzzle published in Scientific American in 1970. Over the years, mathematicians have discovered a wide array of constructs that operate within Lifes rules, including many that can be leveraged to perform programming functions logic gates, latches, multiplexers, and so on. Some of these creations have gotten rather huge and complicated, at least in terms of Life cells. For instance, the OTCA metapixel is comprised of 64,691 cells and has the ability to mimic any cellular automata found in Life.

A group of hackers has used OTCA metapixels to create a Tetris game out of Life elements. The game features all 7 shapes as well as the the movement, rotation, and drops one would expect. You can even preview the next piece. The game is the creation of many people who worked on individual parts of the larger program. They built a RISC computer out of Game of Life elements, as well as am assembler and compiler for it, with the OTCA metapixels doing the heavy lifting. (The image at the top of the post is the programs data synchronizer.

Check out the projects source code on GitHub, and use this interpreter. Set the RAM to 3-32 and hit run.

For a couple of other examples of Life creations, check out the Game of Life clock and music synthesized from Life automata we published earlier.

Filed under: misc hacks


Screen Brightness on an Asus 1015e (and other Intel-based laptops) "IndyWatch Feed Tech"

When I upgraded my Asus laptop to Stretch, one of the things that stopped working was the screen brightness keys (Fn-F5 and Fn-F6). In Debian Jessie they had always just automagically worked without my needing to do anything, so I'd never actually learned how to set brightness on this laptop. The fix, like so many things, is easy once you know where to look.

It turned out the relevant files are in/sys/class/backlight/intel_backlight. cat /sys/class/backlight/intel_backlight/brightness tells you the current brightness; write a number to /sys/class/backlight/intel_backlight/brightness to change it.

That at least got me going (ow my eyes, full brightness is migraine-inducing in low light) but of course I wanted it back on the handy function keys.

I wrote a script named "dimmer", with a symlink to "brighter", that goes like this:


curbright=$(cat /sys/class/backlight/intel_backlight/brightness)
echo dollar zero $0
if [[ $(basename $0) == 'brighter' ]]; then
  newbright=$((curbright + 200))
  newbright=$((curbright - 200))
echo from $curbright to $newbright

sudo sh -c "echo $newbright > /sys/class/backlight/intel_backlight/brightness"

That let me type "dimmer" or "brighter" to the shell to change the brightness, with no need to remember that /sys/class/whatsit path. I got the names of the two function keys by running xev and typing Fn and F5, then Fn and F6. Then I edited my Openbox ~/.config/openbox/rc.xml, and added:




How Unsupported Runner Joe McConaughy Broke the Appalachian Trail Record "IndyWatch Feed Tech"

Submitted via IRC

As Joe McConaughy set up camp on his second to last day on the Appalachian Trail, he did some quick math. Just 46 hours remained before he would miss the record set by Karl "Speedgoat" Meltzer on his supported hike of the 2,184-mile trail, and 110 miles stood between him and the terminus at the summit of Mount Katahdin. He'd hoped for something more like an 80-mile final push, but after bleeding time through the rugged terrain of the White Mountains and a three-mile off-trail accidental detour that also added 1,500 feet of elevation the week prior, he was behind schedule.

McConaughy set out from Springer Mountain at 6:31 am on July 17 with plans to cover an average of 50 miles each day. If his plan held, he would reach the trail terminus in 43 days, shaving two days off the supported record set by Meltzer last year and more than 10 days off Heather Anderson's self-supported speed record on the AT of 54 days, 7 hours, and 54 minutes, set in 2013. But the trail had other plans for him. Some days, McConaughy missed his target by as much as 20 miles.

[...] Finally, after moving forward for 37 straight hours, at 6:38 pm on August 31, he reached the summit. Seventy mile-per-hour winds, hail, and mist met him as he stumbled out of the fog and into a long hug with his girlfriend. He'd completed the trail in 45 days, 12 hours and 15 minutes, setting a new fastest known time.


Original Submission

Read more of this story at SoylentNews.


Week in review: Dangerous Bluetooth, EU cybersecurity certification, how Equifax hackers got in "IndyWatch Feed Tech"

Heres an overview of some of last weeks most interesting news, articles and podcasts: Equifax breach happened because of a missed patch The attackers who breached Equifax managed to do so by exploiting a vulnerability in its US website, the company has finally confirmed. The vulnerability in question was Apache Struts CVE-2017-5638. Organizations struggle to maximize the value of threat intelligence Amidst growing concerns of large-scale cyber attacks, 84 percent of organizations participating in a More


The Exciting Features Of Linux 4.14: Zstd, Vega Hugepages, AMD SME, New Drivers "IndyWatch Feed Tech"

With Linux 4.14-rc1 having been released one day early, here is our look at the new features of Linux 4.14 with the merge window having been closed. There's a lot to get excited about with Linux 4.14 from graphics driver improvements, new hardware improvements, a new Realtek WiFi driver, a PWM vibrator driver, and Btrfs Zstd compression support..


DistroWatch Weekly, Issue 730 "IndyWatch Feed Tech"

This week in DistroWatch Weekly: Review: Mageia 6News: Manjaro coming pre-installed on laptops, KDE's Plasma on Purism's phone, HAMMER2 coming to DragonFly BSD's installerQuestions and answers: Benefits and drawbacks of using completely free operating systemsReleased last week: CentOS 7-1708, Parrot Security OS 3.8, Univention Corporate Server 4.2-2Torrent corner:....


HPR2381: Benefits of a tabletop "IndyWatch Feed Tech"

Klaatu talks about the benefits of tabletop gaming over computer gaming.


Aubrey de Grey on The State of Anti-Aging & His New Job At AgeX Therapeutics "IndyWatch Feed Tech"

AgeX Therapeutics: A Discussion with Dr. Aubrey de Grey, V.P. New Technology Discovery and Dr. Michael West. Co-CEO of BioTime & CEO of AgeX Therapeutics.

Recorded: July 2017


Ad Industry Deeply Concerned About Safaris New Ad-Tracking Restrictions "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

Apple's limits on tracking will "sabotage the economic model for the Internet."

Apple's latest operating systems for the Mac and iPhone will soon be rolling out, and with that comes new restrictions on ad-tracking in the Safari browser. Adding a 24-hour limit on ad targeting cookies is good for privacy under Apple's new "Intelligent Tracking Prevention" feature. But if you're an advertiser, the macOS High Sierra and iOS 11 Safari browsers spell gloom and doom for the Internet as we know it. The reason is because Safari is making it harder for advertisers to follow users as they surf the Internetand that will dramatically reduce the normal bombardment of ads reflecting the sites Internet surfers have visited earlier. Six major advertising groups have just published an open letter blasting the new tracking restrictions Apple unveiled in June. They say they are "deeply concerned" about them:

The infrastructure of the modern Internet depends on consistent and generally applicable standards for cookies, so digital companies can innovate to build content, services, and advertising that are personalized for users and remember their visits. Apple's Safari move breaks those standards and replaces them with an amorphous set of shifting rules that will hurt the user experience and sabotage the economic model for the Internet.

Apple's unilateral and heavy-handed approach is bad for consumer choice and bad for the ad-supported online content and services consumers love. Blocking cookies in this manner will drive a wedge between brands and their customers, and it will make advertising more generic and less timely and useful.

The letter is signed by the American Association of Advertising Agencies, the American Advertising Federation, the Association of National Advertisers, the Data & Marketing Association, the Interactive Advertising Bureau, and the Network Advertising Initiative.


Original Submission

Read more of this story at SoylentNews.


Mesa 17.2.1 Released With Restored RADV Vulkan RX Vega Support "IndyWatch Feed Tech"

As anticipated, Mesa 17.2.1 is now available for those wanting to use the latest stable point release of Mesa3D for the best, stable open-source 3D graphics user experience on Linux and other operating systems...


Hackaday Links: September 17, 2017 "IndyWatch Feed Tech"


Mergers and acquisitions? Not this time. Lattice Semiconductor would have been bought by Canyon Bridge a private equity firm backed by the Chinese government for $1.3B. This deal was shut down by the US government because of national security concerns.

[Jan] is the Internets expert in doing synths on single chips, and now he has something pretty cool. Its a breadboard synth with MIDI and CV input. Basically, what were looking at is [Jan]s CVS-01 chip for a DCO, DCF, and DCA), a KL5 chip for an LFO, and an envelope chip. Tie everything together with a two-octave captouch keyboard, and you have a complete synthesizer on a breadboard.

As an aside relating to the above, does anyone know what the cool kids are using for a CV/Gate keyboard controller these days? Modular synths are making a comeback, but it looks like everyone is running a MIDI keyboard into a MIDI-CV converter. It seems like there should be a simple, cheap controller with quarter-inch jacks labeled CV and Gate. Any suggestions?

World leaders are tweeting. The Canadian PM is awesome and likes Dark Castle.

Way back in July, Square, the POS terminal on an iPad company posted some data on Twitter. Apparently, fidget spinner sales peaked during the last week of May, and were declining through the first few weeks of summer. Is this proof the fidget spinner fad was dead by August? I have an alternate hypothesis: fidget spinner sales are tied to middle schoolers, and sales started dropping at the beginning of summer vacation. We need more data, so if some of you could retweet this, that would be awesome.

Remember [Peter Sripol], the guy building an ultralight in his basement? This is going to be a five- or six-part video build log, and part three came out this week. This video features the installation of the control surfaces, the application of turnbuckles, and hardware that is far too expensive for what it actually is....


[$] The rest of the 4.14 merge window "IndyWatch Feed Tech"

As is sometimes his way, Linus Torvalds released 4.14-rc1 and closed the merge window one day earlier than some might have expected. By the time, though, 11,556 non-merge changesets had found their way into the mainline repository, so there is no shortage of material for this release. Around 3,500 of those changes were pulled after the previous 4.14 merge-window summary; read on for an overview of what was in that last set.


Bacteriobot Holds A Lot Of Promise To Treat Cancer, Says Doctor "IndyWatch Feed Tech"

The new self-propelled, cancer-seeking bacteriobot swims right into the tumor and zaps it with a deadly payload of cancer drugs.

The recently perfected #bacteriobot holds a lot of promise in treating #cancer says a physician. Cancer patients at a hospital in Montreal may be the first to be treated with these #nanorobots built out of bacteria.

Summary: The recently perfected bacteriobot holds a lot of promise in treating cancer says a physician. Cancer patients at a hospital in Montreal may be the first to be treated with nanorobots built out of bacteria. The new self-propelled, cancer-seeking bacteriobot swims right into the tumor and zaps it with a deadly payload of cancer drugs. [Cover image: Getty Images/iStock.]

Googles Futurist Ray Kurzweil once said that within decades, we will have nanobots, swimming through our veins keeping us healthy. The tiny robots will keep us healthy by correcting DNA errors, removing toxins, extending our memories and zapping cancer. The Futurist said that back in 2007, and his prophecy is becoming a reality, at least in the treatment of cancer.

Years spent developing bacteria-based nanobots are finally bearing fruit, and thanks to progress made by a physician at the Jewish General Hospital (JGH) in Montreal, cancer patients may be the first to be treated with tumor-killing nanorobots. The JGH doctors are using a newly-developed self-propelled, cancer-seeking nanorobot built out of bacteria and referred to as a bacteriobot, an amalgam of the words bacteria and nanorobot.


Distribution Release: ArchLabs 2017.09 "IndyWatch Feed Tech"

ArchLabs is an Arch-based Linux distribution featuring the Openbox window manager. The project's latest snapshot, ArchLabs 2017.09, introduces several new changes, including a welcome script which runs when the user first logs in: "Mnimo has under-gone some fine tuning, mainly with the addition of a brilliant Hello/Welcome script....

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Sunday, 17 September


Patent Trolls Update: Eolas, Conversant (MOSAID), Leigh Rothschild, and Electronic Communication Technologies "IndyWatch Feed Tech"

Boris Teksler keeps hopping from one troll to another

Boris Teksler
Credit: Japanese media

Summary: Patent trolls are still being watched as they ought to be even though some of them shy away, hide from the media, engage in dirty tricks, and file more lawsuits

THIS coming week we intend to start publishing a long series about the EPO. We therefore lack time to thoroughly write about each and every single patent thing in the US. This post is a quick outline of patent trolls of interest, all of which are based in the US.

We start this with McKool Smith, a law firm thats notorious for helping patent trolls. We have mentioned it a lot over the years and this new post says that it got caught in a violation, this time when it represented Eolas (also covered here many times before). To quote:

This one is fun for me, since I teach civil procedure, patents, and ethics, and have written about prosecution bars way too much.

Prosecution bars are used when a court concludes that, although the usual rule is that lawyers will abide by provisions in a protective order that say dont use information disclosed in this suit for any other purpose, theres a risk that a lawyer will, perhaps even inadvertently, misuse the opposing partys information disclosed in discovery because of work the lawyer does for his client. Here, in a case Eolas (represented by McKool) filed for its client against Amazon (and others), it seems that as part of the protective order, McKool agreed that its lawyers were in such a position they were prosecuting patents for Eolas in similar technologies, presumably, to what was involved in the suit and so the protective order provided that no McKool lawyer who received certain categories of confidential information from Amazon would prosecute patents for Eolas in those fields, for a time.

And there is the issue: how long? The protective order stated (in part Id want to see the entire thing to really understand this), that the bar expired one (1) year following the entry of a final non-appealable judgment

Eolas lost at trial, and the Federal Circuit affirmed and entered judgment on July 22, 2013.

If the one year d...


Re: Podbeuter podcast fetcher: remote code execution "IndyWatch Feed Tech"

Posted by Kurt Seifried on Sep 17

I never spoke or advocated about delaying things or timelines and CVEs except in the sense I'd like to make it easier
and get CVEs attached to things fast so that issues can be disclosed ASAP, ideally with a CVE. I want to have my cake,
and eat it, and share it with everyone else.



8,500 Verizon Customers Disconnected Because of Substantial Data Use "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

Roaming data use makes customers unprofitable, so Verizon will cut them off.

Verizon is disconnecting another 8,500 rural customers from its wireless network, saying that roaming charges have made certain customer accounts unprofitable for the carrier.

The 8,500 customers have 19,000 lines and live in 13 states (Alaska, Idaho, Iowa, Indiana, Kentucky, Maine, Michigan, Missouri, Montana, North Carolina, Oklahoma, Utah, and Wisconsin), a Verizon Wireless spokesperson told Ars today. They received notices of disconnection this month and will lose access to Verizon service on October 17.

"These customers live outside of areas where Verizon operates our own network," Verizon said. "Many of the affected consumer lines use a substantial amount of data while roaming on other providers' networks and the roaming costs generated by these lines exceed what these consumers pay us each month."

"We sent these notices in advance so customers have plenty of time to choose another wireless provider," Verizon also said.


Original Submission

Read more of this story at SoylentNews.


Microsoft is Promoting Software Patents in India in Another Effort to Undermine Free/Open Source Software, Microsoft-Connected Trolls Are Still Suing "IndyWatch Feed Tech"

Watch the men behind the curtain

Microsoft and trolls

Summary: The ongoing patent threat to Free/libre Open Source software (FLOSS) and the role played by Microsoft in at least much of this threat

THE company which claims that it loves Linux, Microsoft, unsurprisingly (given its track record on this) attacks GNU/Linux. It is still promoting software patents in India even though the rules are clearly preventing this. It is not allowed.

Microsoft, unsurprisingly (given its track record on this) attacks GNU/Linux.How do we know?

See this report from a few days ago: GNLU Centre for IPR in collaboration with GNLU-Microsoft chair on IPR and policy research, is organising a panel discussion on Protecting softwares through Patents: Current Challenges and Future Solutions on 7th October, 2017 at Gujarat National Law University, Gandhinagar, Gujarat.

Why would Microsoft organise a discussion on Protecting softwares [sic] through Patents in country that does not permit such patents?

Why would Microsoft organise a discussion on Protecting softwares [sic] through Patents in country that does not permit such patents?The matter of fact is, Microsoft is still an enemy of GNU/Linux, yet certain people choose not to see it.

Where is Microsoft when it comes to OIN? Non-aggression is not something Microsoft can commit to. As Simon Phipps keeps stating, he would not believe Microsoft unless or until it decides to join OIN. But that too would not be sufficient because we already know that Microsoft operates through trolls, too.

OIN made the headlines (again) a few days ago. But it required some digging to find (none of the major Linux news sites picked this).

According to the press release, Joins the Open Invention Network (OIN) Community, but OIN is not against software patents and it certainly cannot stop patent trolls, even by its very own admission, making itself susceptible to loopholes. To quote from...


Unmanned ghost ships are coming to our oceans "IndyWatch Feed Tech"

Current international shipping law states that ocean-going vessels must be properly crewed, so fully autonomous, unmanned ships arent allowed in international waters. As such, the Yara Birkeland will have to operate close to the Norweigan coast at all times, carrying out regular short journeys between three ports in the south of the country.

But change is afoot in the maritime sector, and earlier this year the UNs International Maritime Organisation (IMO) began discussions that could allow unmanned ships to operate across oceans. This raises the prospect of crewless ghost ships crisscrossing the ocean, with the potential for cheaper shipping with fewer accidents.

Several Japanese shipping firms, for example, are reportedly investing hundreds of millions of dollars in the technology. And British firm Rolls-Royce demonstrated the worlds first remote-controlled unmanned commercial ship earlier this year.


Patent Trial and Appeal Board (PTAB) Under Attack by IBM and Other Patent Parasites Who Undermine Patent Quality "IndyWatch Feed Tech"

Ginni Rometty

Summary: The PTAB, which has thus far invalidated thousands of abstract/software patents, is under a coordinated attack not by those who produce things but those who produce a lot of lawsuit

HAVING just covered the PTAB-dodging "scam" which the Mohawk tribe participates in, we now turn our attention to PTAB bashing or to shameless lobbying by the patent industry. The EPO has already marginalised its equivalent of PTAB, known as the appeal boards, in order to reduce patent quality, so why not the USPTO too?

Manny Schecter, IBMs patent chief who is friends with Watchtroll, is already lobbying the likely new Director of the USPTO.Watchtroll is attacking PTAB again. It does this almost every other day. It has done this many dozens of times if not over a hundred times. Who or what is Watchtroll? This is basically a bunch of lawyers trying to destroy technology companies. Just look at who writes for them and who the founder is. His sidekick Paul Morinville is one of the radicals who burned stuff in unauthorised protests on USPTO premises and two days ago he too joined his master in attacking PTAB. His headline speaks of a failed PTAB experiment, but actually, it has been exceptionally successful when it comes to squashing bad patents which should never have been granted in the first place. Technology companies certainly support and appreciate PTAB! We wrote a lot about that. There are very few exceptions to this, notably IBM. IBM continues to push for legislation to abolish Alice and restore swpats [software patents] in the US, Benjamin Henrion (FFII) wrote a few days ago. This does not surprise us because IBM is nowadays a lobbyist for software...


M. Fossel How to Reverse Aging "IndyWatch Feed Tech"

Full Interview

Michael B. Fossel, M.D., Ph.D. (born 1950, Greenwich, Connecticut) was a professor of clinical medicine at Michigan State University and is the author of several books on aging, who is best known for his views on telomerase therapy as a possible treatment for cellular senescence. Fossel has appeared on many major news programs to discuss aging and has appeared regularly on National Public Radio (NPR). He is also a respected lecturer, author, and the founder and former editor-in-chief of the Journal of Anti-Aging Medicine (now known as Rejuvenation Research).

Prior to earning his M.D. at Stanford Medical School, Fossel earned a joint B.A. (cum laude) and M.A. in psychology at Wesleyan University and a Ph.D. in neurobiology at Stanford University. He is also a graduate of Phillips Exeter Academy. Prior to graduating from medical school in 1981, he was awarded a National Science Foundation fellowship and taught at Stanford University.

In addition to his position at Michigan State University, Fossel has lectured at the National Institute for Health, the Smithsonian Institution, and at various other universities and institutes in various parts of the world. Fossel served on the board of directors for the American Aging Association and was their executive director.

Fossel has written numerous articles on aging and ethics for the Journal of the American Medical Association and In Vivo, and his first book, entitled Reversing Human Aging was published in 1996. The book garnered favorable reviews from mainstream newspapers as well as Scientific American and was published in six languages. A magisterial academic textbook on by Fossel entitled Cells, Aging, and Human Disease was published in 2004 by Oxford University Press.

Since his days as a teacher at Stanford University, Fossel has studied aging from a medical and scientific perspective with a particular emphasis on premature aging syndromes such as progeria, and since at least 1996 he has been a strong and vocal advocate of [telomerase therapy]] as a potential treatment of age-related diseases, disorders, and syndromes such as progeria, Alzheimers disease, atherosclerosis, osteoporosis, cancer, and other conditions. However, he is careful to qualify his advocacy of telomerase therapy as being a potential treatment for these conditions rather than a cure for old age and a panacea for age-related medical conditions, albeit a potential treatment that could radically extend the maximum human life span and reverse the aging process in most people. Specifically, Fossel sees the potential of telomerase therapy as being the single most effective poi...


Hackaday Prize Entry: You Can Tune A Guitar, But Can You Reference REO Speedwagon? "IndyWatch Feed Tech"

Just for a second, lets perform a little engineering-based thought experiment. Lets design a guitar tuner. First up, youll need a 1/4 input, and some op-amps to get that signal into a microcontroller. In the microcontroller, youre going to be doing some FFT. If youre really fancy, youll have some lookup tables and an interface to switch between A440, maybe A430, and if youre a huge nerd, C256. The interface is simple enough just use a seven-segment display and a few LEDs to tell the user what note theyre on and how on-pitch they are. All in all, the design isnt that hard.

Now lets design a tuner for blind musicians. This makes things a bit more interesting. That LED interface isnt going to work, and youve got to figure out a better way of telling the musician theyre on-pitch. This is the idea of [Pepijn]s Accessible Guitar Tuner. Its a finalist in The Hackaday Prize Assistive Technology round, and a really interesting problem to solve.

Most of [Pepijn]s tuner is what you would expect microcontrollers and FFT. The microcontroller is an ATMega, which is sufficient enough for a simple guitar tuner. The real trick here is the interface. [Pepijn] modulating the input from the guitar against a reference frequency. The difference between the guitar and this reference frequency is then turned into clicks and played through headphones. Fewer clicks mean the guitar is closer to being in tune.

This is one of those projects thats a perfect fit for the Hackaday Prize Assistive Technology round. Its an extremely simple problem to define, somewhat easy to build, and very useful. That doesnt mean [Pepijn] isnt having problems hes having a lot of trouble with the signal levels from a guitar. Hes looking for some help, so if you have some insights in reading signals that range from tiny piezos to active humbuckers, give him a few words of advice.

The HackadayPrize2017 is Sponsored by:


The Pirate Bay Caught Running Cryptocurrency Mining Script "IndyWatch Feed Tech"

By Waqas

In 2015, it was reported that uTorrent was secretly installing

This is a post from Read the original post: The Pirate Bay Caught Running Cryptocurrency Mining Script


Google Will Auto-Delete Android Backups if Phones not Used for Long Periods "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

Google will automatically [begin a delayed - Ed] delete all of a user's Android backup files stored in his Google Drive account if the user does not use his phone for two weeks. After Google detects this period of inactivity, it will start a 60-day counter for old Android backup files. After that counter reaches zero, Google will delete the backup files from the user's Drive account.

The auto-delete function was discovered this week by a Reddit user who used it to create backups for a defective Nexus 6P. The user sent back the phone, and while he waited for a replacement, he saw that his Nexus 6P backup files stored were marked for deletion.

[...] People who rely on Android's built-in Drive-based backup system should keep an eye out on the Backups folder. Storing backups offline or using specialized backup & restore Android apps is an alternative.


Original Submission

Read more of this story at SoylentNews.


Why the Mohawk Tribe Should Fire Its Lawyers and Dump the Patents Which Now Tarnish Its Name "IndyWatch Feed Tech"

The quick buck isnt worth the damage done to the Mohawks reputation


Summary: In order to dodge the Patent Trial and Appeal Board (PTAB) with its Inter Partes Reviews (IPRs), the Mohawk tribe is being exploited very much in direct detriment to its reputation and status

LAST week we wrote about the Mohawk people being used by vicious corporations that only need the Mohawk people because of corporate greed. We were actually very surprised that the Mohawk people had fallen for it (or rather their lawyers had plotted this). We last wrote about that six days ago.

Since then, much has been said about the subject. We certainly hope that the Mohawks will rethink the whole thing. Published by Mike Masnick on Wednesday was this article calling the whole thing a scam (in the headline). The Mohawk tribe ought to take this as a sign and fire the dumb (if not corruptible) lawyer/s. The tribe should then toss out these patents, thereby signaling to anyone else who thinks about such a scam that it will end up badly. To quote Masnick:

Weve written a bunch over the past few years about the so-called Inter Partes Review (IPR) process at the US Patent Office. In short, this is a process that was implemented in the patent reform bill back in 2010 allowing people and companies to ask a special review board the Patent Trial and Appeal Board (PTAB) at the Patent Office to review a patent to determine if it was valid. This was necessary because so many absolutely terrible patents were being granted, and then being used to shake down tons of companies and hold entire industries hostage. So, rather than fix the patent review process, Congress created an interesting work-around: at least make it easier for the Patent Office to go back and check to see if it got it right the first time.

Last year, part of this process was challenged at the Supreme Court and upheld as valid. However, the whole IPR is still very much under attack. Theres anoth...


Can an Army of Bitcoin Bounty Hunters Deter Pirates? "IndyWatch Feed Tech"

When we first heard of the idea to use Bitcoin bounties to track down pirated content online, we scratched our heads.

Snitching on copyright infringers is not a new concept, but the idea of instant cash rewards though cryptocurrency was quite novel.

In theory, its pretty straightforward. Content producers can add a unique identifying watermark into movies, eBooks, or other digital files before theyre circulated. When these somehow leak to the public, the bounty hunters use the watermark to claim their Bitcoin, alerting the owner in the process.

This helps to spot leaks early on, even on networks where automated tools dont have access, and identify the source at the same time.

Two years have passed and it looks like the idea was no fluke. Custos, the South African company that owns the technology, has various copyright holders on board and recently announced a new partnership with book publisher Erudition Digital.

With help from anti-piracy outfit Digimarc, the companies will add identifying watermarks to eBook releases, counting on the bounty hunters to keep an eye out for leaks. These bounty hunters dont have to be anti-piracy experts. On the contrary, pirates are more than welcome to help out.

The Custos approach is revolutionary in that it attacks the economy of piracy by targeting uploaders rather than downloaders, turning downloaders into an early detection network, the companies announced a few days ago.

The result is pirates turn on one another, sowing seeds of distrust amongst their communities. As a result, the Custos system is capable of penetrating hard-to-reach places such as the dark web, peer-to-peer networks, and even email.

Devon Weston, Director of Market Development for Digimarc Guardian, believes that this approach is the next level in anti-piracy efforts. It complements the automated detection tools that have been available in the past by providing access to hard-to-reach places.

Together, this suite of products represents the next generation in technical measures against eBook piracy, Weston commented on the partnership.

TorrentFreak reac...


Charlas en IberRadio "IndyWatch Feed Tech"

English summary: Slides and recordings for the two talks I gave yesterday in IberRadio. One of the is about gr-satellites and the other one is about Linrad. All the material are in Spanish.

Ayer estuve en la feria IberRadio, en vila, dando dos charlas: una sobre gr-satellites y la otra sobre Linrad. Las diapositivas en PDF de las charlas se pueden descargar aqu:

He grabado las charlas usando mi cmara. El enfoque y la exposicin no son muy buenos, pero he editado el vdeo incluyendo encima las imgenes de las diapositivas, lo que facilita seguir el vdeo de la charla. Por contra, las demostraciones en directo en la charla de Linrad se ven un poco mal.

Actualizacin: David EA1FAQ tambin hizo grabaciones de las charlas. En sus grabaciones se ve mejor el proyector, por lo que las demostraciones en directo durante la charla de Linrad se siguen mejor. Incluyo links ms abajo.

Grabaciones con diapositivas por EA4GPZ

Grabaciones por EA1FAQ


Keeping Intel Core X-Series CPUs Cool With Noctua Air Cooling "IndyWatch Feed Tech"

With the ten-core / 20-thread Core i9 7900X CPU having a 140 Watt TDP, it's a lot to keep cool with air cooling. Even more, with the soon-to-launch new Core i9 models, you really need a beefy heatsink fan if wishing to avoid water cooling. In this article are some tests with different Noctua heatsinks. Besides being able to cool these 2017X processors, the other requirement too is that they fit within 4U space requirements. The heatsinks benchmarked today included the Noctua NH-C14S, NH-U9S, Noctua NH-D9L, NF-A9 PWM fan, and NF-A14 PWM fan.


Patrick Tucker joins our blog team "IndyWatch Feed Tech"

Patrick Tucker joins our blog team with the post "Can the US Military Re-Invent the Microchip for the AI Era?"


Amazon and Google Have Both Become Part of the Software Patents Problem "IndyWatch Feed Tech"

Giants benefit from a so-called thicket (patent barrier to entrants) that protects their monopoly/ies

Page Rank
Some truly fundamental software concepts however trivial (simple reference count) are already patented by Google (or Stanford)

Summary: The transition from so-called defensive patents to offensive patents (ones that are used to suppress competition) as seen in Amazon and in Google, which is already suing rivals and is pursuing additional patents by acquisition

AS noted in our previous post, its still possible to get software patents granted, albeit theyre very difficult to successfully enforce in court.

Amazon is said to be one of the most litigated companies out there (if not the most, depending on whats measured). There were articles about it last year. Amazon, as far as were aware, is not a patent bully, at least not yet (growing companies rarely need to resort to aggression). Google, by contrast, started patent aggression earlier this year.

They are loathed partly because software patents are an abomination in general.Generally speaking, software patents especially after Alice/Section 101 are lame ducks, but not if the accused (or defendant, mainly if this reaches the court) cannot afford a legal battle.

Amazon, eBay, Google lead surge in AI patents was the headline of this article from last week. As we noted in the last post, AI is one of those buzzwords that are frequently used to justify software patent grants. The whitepaper, it says, titled Artificial Intelligence in Retail: Patent Analysis, suggests that the publication of patent filings may have peaked in 2015, with 329 publications that year, before drifting down to 296 in 2016. Prior to 2015, there were 128 AI-related patent filings published in 2012, 191 in 2013 and 224 in 2014. There have been only 54 published this year, though Netscribes stressed that there is...


Artificial Intelligence and Magnificent Brain "IndyWatch Feed Tech"

Shai Ben-David, Professor at the University of Waterloo, gave Machine Learning Course composed of 23 Lectures (CS 485/685) at the University of Waterloo on Jan 14, 2015

Machine learning is the science of getting computers to act without being explicitly programmed. In the past decade, machine learning has given us self-driving cars, practical speech recognition, effective web search, and a vastly improved understanding of the human genome. Machine learning is so pervasive today that you probably use it dozens of times a day without knowing it. Many researchers also think it is the best way to make progress towards human-level AI.

Shai Ben-David holds a PhD in mathematics from the Hebrew University is Jerusalem. He has held postdoctoral positions at the University of Toronto in both the Mathematics and CS departments. He was a professor of computer science at the Technion in Haifa, Israel. Ben-David has held visiting positions at the Australian National University and Cornell University, and since 2004 has been a professor of computer science at the University of Waterloo in Canada.


Cyber security skill shortage: real problem or result of bad hiring practices? "IndyWatch Feed Tech"

Whenever you Google "Cyber Security", you can easily find tons of references to a dramatic skill shortage.

Most companies complain they can't fill their information security openings due to lack of qualified candidates.

If this is undoubtedly true and represents a real challenge, these reports don't do a good job explaining how much this situation is the result of lacks in the educational system and how much is due to bad hiring practices.

I'm not an HR and this isn't my field of expertise, but I can't help noticing an underlying contradiction in this situation. Companies bitching about this are unclear in setting their expectations, and their job descriptions should be totally rethought.

It's not uncommon for companies to list 3-5 years experience for entry-level info sec position, or setup a list of requirements that are absolutely unrealistic.

They set the bar too high and aren't willing to pay a candidate what he/she would deserve. 

For example, I often see a job posting like this below (DISCLAIMER: I redacted the company's name here, for privacy reasons, and the below considerations aren't referred to that specific company. I only chose it as a generic example).

If any such candidates would be av...


New Supernova Analysis Reframes Dark Energy Debate "IndyWatch Feed Tech"

Arthur T Knackerbracket has found the following story:

The accelerating expansion of the Universe may not be real, but could just be an apparent effect, according to new research published in the journal Monthly Notices of the Royal Astronomical Society. The new studyby a group at the University of Canterbury in Christchurch, New Zealandfinds the fit of Type Ia supernovae to a model universe with no dark energy to be very slightly better than the fit to the standard dark energy model.

Dark energy is usually assumed to form roughly 70% of the present material content of the Universe. However, this mysterious quantity is essentially a place-holder for unknown physics.

Current models of the Universe require this dark energy term to explain the observed acceleration in the rate at which the Universe is expanding. Scientists base this conclusion on measurements of the distances to supernova explosions in distant galaxies, which appear to be farther away than they should be if the Universe's expansion were not accelerating.

However, just how statistically significant this signature of cosmic acceleration is has been hotly debated in the past year. The previous debate pitted the standard Lambda Cold Dark Matter (CDM) cosmology against an empty universe whose expansion neither accelerates nor decelerates. Both of these models though assume a simplified 100 year old cosmic expansion law -- Friedmann's equation.

Reference: Lawrence H. Dam, Asta Heinesen, David L. Wiltshire. Apparent cosmic acceleration from Type Ia supernovae. Monthly Notices of the Royal Astronomical Society, 2017; 472 (1): 835 DOI: 10.1093/mnras/stx1858

-- submitted from IRC

Original Submission

Read more of this story at SoylentNews.


Can the US Military Re-Invent the Microchip for the AI Era? "IndyWatch Feed Tech"

Trying to outrun the expiration of Moores Law.

As conventional microchip design reaches its limits, DARPA is pouring money into the specialty chips that might power tomorrows autonomous machines.

The coming AI revolution faces a big hurdle: todays microchips.

Its one thing to get a bunch of transistors on an integrated circuit to crunch numbers, even very large ones. But what the brain does is far more difficult. Processing vast amounts of visual data for use by huge, multi-cellular organism is very different from the narrow calculations of conventional math. The algorithms that will drive tomorrows autonomous cars, planes, and programs will be incredibly data-intensive, with needs well beyond what conventional chips were ever designed for. This is one reason for the hype surrounding quantum computing and neurosynaptic chips.


Word Clock Five Minutes At A Time "IndyWatch Feed Tech"

As this clocks creator admits, it took far more than five minutes to put together, but it does display the time in five minute increments.

After acquiring five 4-character, 16 segment display modules that were too good to pass up, they were promptly deposited in the parts pile until [JF] was cajoled into building something by a friend. Given that each displays pins were in parallel, there was a lot of soldering to connect these displays to the clocks ATMega328P brain. On the back of the clocks perfboard skeleton, a DS1307 real-time clock and coin cell keep things ticking along smoothly. The case is laser cut out of acrylic with an added red filter to up the contrast of the display, presenting a crisp, crimson glow.

Troubleshooting as well as procrastination proved to be the major stumbling block here. Each of the displays required extensive troubleshooting because like Christmas lights of yore one bad connection would caus...


Unless Physical, Inventions Are No Longer Patent-Eligible in US Courts, But USPTO Ignores Precedence "IndyWatch Feed Tech"

Unless you can actually see the supposed invention, its likely just code and thus invalid under Section 101/Alice


Summary: Even though the ability to enforce software patents against a rival (or many targets, especially in the case of patent trolls) is vastly diminished, the US patent office continues to grant these

THE US Supreme Court (SCOTUS) ruled against software patents in the summer of 2013. Things have changed profoundly since then. Each year it seems like the system mostly but not limited to the legal system is becoming more hostile towards software patents. Theyre just not worth the time and money anymore.

Were talking about trolls and serial litigators here. They suffer badly and some have gone out of business (good riddance!).Software patents are not officially dead. Moreover, theres a threat of them coming back, for circles that are hostile towards software development try to prop them up again. Every single week we write about several of their concurrent attempts, ranging from legislative/lobbying to subversion/entryism. For them, its likely a fight for their very survival. Were talking about trolls and serial litigators here. They suffer badly and some have gone out of business (good riddance!).

The reality of the matter is, companies like Apple patent all sorts of malicious software thats being celebrated in their fan sites. They dont want the public to think of it as software, but since this particular domain is my professional domain its clear to me that its pure softwar which they patent and the USPTO tolerates this. Here is another new example, this time from Virtual StrongBox, which was mentioned here before (last month). They patent pure software. Its mathematics. They just phr...


CVE-2017-14312: Nagios core root privilege escalation via insecure permissions "IndyWatch Feed Tech"

Posted by Michael Orlitzky on Sep 17

Product: Nagios core
Vendor: Nagios Enterprises, LLC
Versions-affected: all
Author: Michael Orlitzky

(This has yet to be fixed upstream, but the workaround is
straightforward and will suffice for most users.)

== Summary ==

Nagios installs two sets of files with insecure permissions: after
installation, the executables and the configuration files are all owned
by the same...


Re: Podbeuter podcast fetcher: remote code execution "IndyWatch Feed Tech"

Posted by Solar Designer on Sep 17

I think that's not a reason to delay disclosing an issue to everyone
else until there's a CVE ID. If those orgs have such poor, limited, or
maybe cost-saving processes (saving on not needing to bother with issues
lacking CVE IDs, no matter how serious), it's their problem and their
users'. They deliberately put themselves at a competitive disadvantage.
So be it. This only reaffirms me in my suggested approach: public...


Kernel prepatch 4.14-rc1 "IndyWatch Feed Tech"

The 4.14-rc1 kernel prepatch is out, and the merge window is closed for this development cycle. "Yes, I realize this is a day early, and yes, I realize that if I had waited until tomorrow, I would also have hit the 26th anniversary of the Linux-0.01 release, but neither of those undeniable facts made me want to wait with closing the merge window." In the end, 11,556 non-merge changesets were pulled into the mainline for this release.


India to have its own Bitcoin like Cryptocurrency called Lakshmi Coin "IndyWatch Feed Tech"

Indian Government To Consider Introducing Its Own Bitcoin-Like Cryptocurrency Called Lakshmi Coin

The Bitcoin mania has finally caught up with India. The Indian government which had so far confidently shunned Bitcoin, Ethereum, and other cryptocurrencies have now decided to join the cryptocurrency bandwagon by launching its own blockchain based Bitcoin like crypto coin called Lakshmi Coin.

By naming the new cryptocurrency Laxmi the Indian government hopes to make it comfortable for billions of Indians to deal with the new currency. Laxmi is Goddess of Wealth as per Hindu traditions and is prayed by billions during the holy festival of Diwali.

While Bitcoin has been in existence for over a decade, various Indian governments have shunned it for obvious reasons lack of trust. While the neighbouring China has wholeheartedly embraced Bitcoins and other cryptocurrencies by legalising Bitcoin exchanges, Indian government has been thwarting any attempt to open Bitcoin exchange in India. Thus if you want to deal in Bitcoin in India, you have to do it in the grey market or deal with foreign-based exchanges.

While the Indian government does not like Bitcoin but it thinks that the blockchain technology powering the Bitcoins is worthwhile and it is going to give it a spin by introducing an Indian cryptocurrency similar to Bitcoins, as per a Business Standard Report.

As per undisclosed sources, the proposal was put up by a committee of officials consisting of Government officials and Reserve Bank of India. They set up a panel, which has recently given its report. The panel has advised the Indian government to launch its own blockchain based cryptocurrency. It has also suggested the name for the new Indian cryptocurrency Lakshmi Coin.

While recommending the new cryptocurrency Lakshmi Coin is fine, India may actually take at least five to ten years before it has its own cryptocurrency given its cumbersome bureaucracy. If India does decide to accept the panel recommendations, Laxmi, the new cryptocurrency will fall under the purview of Reserve Bank of India. Also, RBI will have to amend the Currency Act to provide for enabling provision for the new cryptocurrency.

Reserve Bank of India has been a vocal critic of Bitcoin and other cryptocurrencies. Earlier this year, it had issued a warning to Indian Bitcoin holders about the risk pertaining to Bitcoin transactions. Later in July, the Indian government was reportedly mulling over the implementation of Know Your Customer (KYC) norms to ensure safe transactions of cryptocurrencies. However, that move was trashed as it would have legitimis...


Re: Podbeuter podcast fetcher: remote code execution "IndyWatch Feed Tech"

Posted by Kurt Seifried on Sep 17

While this should not be the case, it often is. And TBH this is one of the
reasons I'm trying to make CVE easier.

This is also not true, many orgs (probably not open source distros run by
volunteers, but more big corps) literally do have a clock start ticking
when a CVE comes to light, I know for Red Hat it doesn't matter if the
issue has a CVE or not (we obviously prefer to have one as it makes talking
about it and coordinating a...


It Seems China is Shutting Down its Blockchain Economy "IndyWatch Feed Tech"

Submitted via IRC for SoyCow5743

When the Chinese government announced a ban on initial coin offerings last week, it looked like an attempt to rein in the speculative excesses of the cryptocurrency economy. But now it seems like it might have been the start of something more ambitious: a coordinated campaign to shut down use of cryptocurrency in the Middle Kingdom.

The full extent of the Chinese crackdown isn't clear yet, in part because key decisions have only been communicated privately to Chinese Bitcoin exchanges. But a couple of Bitcoin exchanges have now announced that they are shutting down. And leaked documents suggest that the rest will be required to do so before the end of the month. Chinese users will be given a chance to withdraw their funds before the exchanges shut down.

"BTCChina encourages customers to withdraw their funds as quickly as possible," one of the exchanges wrote in a Friday tweet. "Customers can withdraw their funds whenever they want."

Bitcoin has always been something of an awkward fit for China, which strictly regulates financial markets and limits the flow of funds overseas. Chinese officials have apparently concluded that Bitcoin has become too popular as a way to circumvent those regulations.


Original Submission

Read more of this story at SoylentNews.


Re: Podbeuter podcast fetcher: remote code execution "IndyWatch Feed Tech"

Posted by Solar Designer on Sep 17

This might be the case for some issues and some distros, such as when
having a CVE ID is deemed to indicate the issue is serious or has to be
patched for publicity reasons. It may be that it's easier to ignore an
issue that doesn't yet have a CVE ID, publicity-wise.

While CVE IDs are helpful for tracking, they should not be required, so
if a distro technically can't promptly process issues without CVE IDs (I
am unaware of such...


Which is the fastest growing programming language? "IndyWatch Feed Tech"

Java, JavaScript, C# or Python which is the fastest growing programming language

Stack Overflow has released data on the number of visits to pages with respective tags received. If you arent familiar with it, a tag denotes the category under which a question on Stack Overflow is categorized  with some examples being Java, JavaScript, AngularJS and so on. In the month of June, the number of visit to Python tagged pages has edged past pages tagged under Java and JavaScript which have traditionally held the top spot.

Times changing ?

The method followed by the site can be a genuine indicator of the growth of a programming language considering the website receives 40 million visits on a monthly basis.Java and JavaScript have usually held the top spot by getting the highest number of visitors from developed countries such as the US and UK.

We make the case that Python has a solid claim to being the fastest-growing major programming language, said Stack Overflow data scientist David Robinson.

The popularity of a language depends on a wide range of factors, including education and wealth of the nations. Java usually experiences a surge in traffic during spring and a decline in summer since the language is taught in colleges and universities across the globe. The pattern of Python getting so many visits from developed nations might also be attributed to its use in academic and scientific research which generally form a more significant part of a developed nations economy than a developing nations economy. This co-relation is also made to a certain extent to explain the popularity of R.

However, recent trends have shown that Python might be the fastest growing language even in non-wealthy nations now and is growing faster year-on-year than in more developed countries. Among countries that are not considered to be wealthy, Python ranks 8th. The Python Software Foundation believes that Python is popular because of its versatility, which is also why it is used in system operations, scientific modelling, etc.

Robinson feels that the traffic towards Python will eventually increase while that towards Java and JavaScript will remain the same. Python is an unusual case for being both one of the most visited tags on Stack Overflow and one of the fastest-growing ones. Incidentally, it is also accelerating. Its year-over-year growth has become faster each year since 2013, writes Robinson.

Microsofts TypeScript, Apples Swift, Rust, and the Google-developed Go complete the list of other language that are considered to be growing fast, although none of...


US Treasury announced sanctions against seven Iranian nationals and other entities "IndyWatch Feed Tech"

The U.S. Department of the Treasurys Office of Foreign Assets Control (OFAC) sanctioned 11 entities and Iranian nationals for malicious cyber-enabled activity.

The U.S. Department of the Treasurys Office of Foreign Assets Control (OFAC) sanctioned 11 entities and individuals for malicious cyber-enabled activity.

US Dept. of Treasury announced sanctions against 7 Iranian nationals and security firms for malicious cyber-activity against US entities.

The seven Iranians were employed by ITSecTeam (ITSEC) and Mersad Company (MERSAD), both private companies were working for the Iranian government and the Islamic Revolutionary Guard.

The Irans Islamic Revolutionary Guard Corps, a branch of Irans Armed Forces founded after the Iranian Revolution on 5 May 1979.

The Iranian nationals were indicted by the US Department of Justice in early 2016, the US authorities charged seven Iranian hackers for attacking computer systems at banks and a dam in New York.

Now the Treasurys Office of Foreign Assets Control (OFAC) has sanctioned a total of 11 Iranian entities and individuals for alleged support of hacking activities as well as two Iran-based networks that were involved in a massive distributed denial-of-service attacks that targeted the US financial institutions in 2012.

OFAC designated private Iranian computer security company ITSec Team pursuant to E.O. 13694 for causing a significant disruption to the availability of a computer or network of computers.  Between approximately December 2011 and December 2012, ITSec Team planned and executed distributed denial of service (DDoS) attacks against at least nine large U.S. financial institutions, including top U.S. banks and U.S. stock exchanges.  During that time, ITSec Team performed work on behalf of the Iranian Government, including the IRGC. states the press release issued by the US Treasury.

OFAC also designated three Iranian nationals for acting for or on behalf of ITSec Team.  Ahmad Fathi was responsible for supervising and coordinating ITSec Teams DDoS attacks against the U.S. financial sector.  Amin Shokohi, a computer hacker who worked for ITSec Team, helped build the botnet that ITSec Team used in its DDoS attacks against U.S. financial institutions.  Hamid Firoozi, a network manager at ITSec Team, procured co...


3D Prints That Fold Themselves "IndyWatch Feed Tech"

3D printing technologies have come a long way, not only in terms of machine construction and affordability but also in the availability of the diverse range of different printing materials at our disposal. The common consumer might already be familiar with the usual PLA, ABS but there are other more exotic offerings such as PVA based dissolvable filaments and even carbon fiber and wood infused materials. Researchers at MIT allude to yet another possibility in a paper titled 3D-Printed Self-Folding Electronics also dubbed the Peel and Go material.

The crux of the publication is the ability to print structures that are ultimately intended to be intricately folded, in a more convenient planar arrangement. As the material is taken off the build platform it immediately starts to morph into the intended shape. The key to this behavior is the use of a special polymer as a filler for joint-like structures, made out of more traditional but flexible filament. This special polymer, rather atypically, expands after printing serving almost like a muscle to contort the printed joint.

Existing filaments that can achieve similar results, albeit after some manual post-processing such as immersion in water or exposure to heat are not ideal...


Wiping "IndyWatch Feed Tech"

Im making an effort to tidy up the upstairs Storage Locker of Doom.  Its been accruing stuff for a decade and is now officially full.

Amongst the general effluvia is a succession of discarded storage solutions (i.e., external disks and RAID systems), and theres nothing sadder than a 512GB USB2 disk from 2007.  So Im taking them all to the recycling place, but before doing that Im wiping them.

I had forgotten how slow these things are: It takes like five hours to wipe a half-terrorbyte disk.  So I had to start doing it in parallel:



Google Fiber Shut Off Customer's Service Because She Owed 12 Cents "IndyWatch Feed Tech"

Submitted via IRC for SoyCow1937

One day last month, Kansas City resident Victoria Tane's Google Fiber Internet service stopped working.

It turned out that Google Fiber cut off her Internet access because she owed 12 cents after an odd series of events involving an unused e-mail address, automated customer account systems, and a sales tax increase. Google Fiber quickly restored her connection and forgave the 12-cent balance after she called customer service, but the incident highlights a problem that Google Fiber may need to fix in order to prevent other customers from losing service over similarly trivial amounts.

The Kansas City Star of Missouri detailed what happened in a story yesterday. Tane has Google Fiber's basic 5Mbps Internet service which has no monthly payment and required only a $300 construction fee. Google Fiber no longer offers that package to new customers, but those who signed up for it and paid the construction fee can use the service with no further payments for a total of seven years.

Tane "paid the total upfront" a year ago, the Star wrote. "$300 to connect, plus $25.08 for taxes and fees. Transaction done. Free for seven years."


Original Submission

Read more of this story at SoylentNews.


Re: Podbeuter podcast fetcher: remote code execution "IndyWatch Feed Tech"

Posted by Alexander Batischev on Sep 17


This has been assigned CVE-2017-14500:

I was under impression that having a CVE ID speeds up processes in
distros, and fixes are released quicker. That's why for my previous (and
first ever) vulnerability I first got an ID and only then released the
details and the patch. The assignment took just a day.

Was my impression wrong? I just want to do things "right",...


Re: [OSSN-0081] sha512_crypt is insufficient for password hashing "IndyWatch Feed Tech"

Posted by Solar Designer on Sep 17

The move to bcrypt makes sense as a defense against GPU attacks, which
are currently most relevant. I would have recommended it, too.

However, the wording of the advisory and in the discussion at is weird.

I assume that sha512_crypt refers to the algorithm introduced in glibc
2.7 and now used by many Linux distros and more. It is typically called
sha512crypt without the underscore. I also assume...


UK prime minister to raise internets role in terrorism during UN appearance "IndyWatch Feed Tech"

British Prime Minister Theresa May said in an interview that aired Sunday she plans to raise the issue of the internet's role in terrorism this week at the United Nations."One of the issues that we really need to be addressing, and I'll be raising...


Librem 5 Crosses $400k In Funding After Plasma Mobile Announcement "IndyWatch Feed Tech"

Since announcing earlier this week that KDE is working on Plasma Mobile support for the Librem 5, Purism has managed to raise over $100k more towards their goal of building a free software GNU/Linux smartphone, but remain around 1.1 million dollars short of their goal...

Librem 5 Crosses $400k In Funding After Plasma Mobile Announcement "IndyWatch Feed Tech"

Since announcing earlier this week that KDE is working on Plasma Mobile support for the Librem 5, Purism has managed to raise over $100k more towards their goal of building a free software GNU/Linux smartphone, but remain around 1.1 million dollars short of their goal...


Chrome will label Resources delivered via FTP as Not Secure "IndyWatch Feed Tech"

Google continues the ongoing effort to communicate the transport security status of a given page labeling resources delivered via FTP as Not secure in Chrome,

Last week, Google announced that future versions of Chrome will label resources delivered via the File Transfer Protocol (FTP) as Not secure.

Chrome FTP not secure

As part of our ongoing effort to accurately communicate the transport security status of a given page, were planning to label resources delivered over the FTP protocol as Not secure, beginning in Chrome 63 (sometime around December, 2017). said Google software engineer Mike West.

We didnt include FTP in our original plan, but unfortunately its security properties are actually marginally worse than HTTP (delivered in plaintext without the potential of an HSTS-like upgrade), Google software engineer Mike West explained.

According to Google, the FTP usage for top-level navigations was 0.0026% in the last month. Roughly 5% of the downloads were not conducted over HTTP/HTTPS, which could be FTP.

We didnt include FTP in our original plan, but unfortunately its security properties are actually marginally worse than HTTP (delivered in plaintext without the potential of an HSTS-like upg...


Ryzen & RX Vega Totally Dominated This Summer For Linux Users "IndyWatch Feed Tech"

With summer quickly coming to an end next week in the northern hemisphere, here's a look back at the most popular Linux/open-source articles and reviews for summer 2017...

Ryzen & RX Vega Totally Dominated This Summer For Linux Users "IndyWatch Feed Tech"

With summer quickly coming to an end next week in the northern hemisphere, here's a look back at the most popular Linux/open-source articles and reviews for summer 2017...


Citing the European Patent Convention, Spanish Court Tosses Lawsuit With EPO-Granted European Patent "IndyWatch Feed Tech"

Spain flag on palace

Summary: The quality of European Patents (EPs) a subject of growing levels of scrutiny as demonstrated in Barcelona this summer

THE EPO has long been granting software patents in defiance of the European Patent Convention something that would further accelerate if the UPC power-grab ever gained any traction/got a foothold (its very unlikely, hence our choice of tense in would).

Techrights is not an enemy of the EPO. Techrights wants whats good for the EPO. Techrights is viewed as an enemy by top-level EPO management (Team Battistelli), hence it has been blocked by Battistelli. We are pretty certain that EPO examiners already know and can check our history on this subject that we care about quality of patents; its not about patents per se (in general). Our main complaint all through these years was granting of low-quality patents in defiance of the rules.

Spain rejects the UPC for more than one reason (such as language). They specified several other reasons for shunning the terrible, awful UPC.Every now and then we highlight a public display of the problem (symptom), such as the Administrative Council tossing a whole class of patents (biological processes), the appeal boards voiding patents, and sometimes actual courts (where fees are enormous, for both defendant/s and plaintiff) rejecting EPs upon closer scrutiny.

That makes perfect sense. If patents are improperly granted, sooner or later these patents will expire or be voided (one of the two).

Make no mistake about it. Not everyone wants patent quality, which typically translates into a decreased number of lawsuits. Consider for instance IAM Media. A short while ago IAM, a longtime advocate of the UPC (because it advocates for Battistelli and patent trolls), wrote that Spain will not join UPC because Spanish is not one of the official languages. Go figure!

Thats after IAM spread fake news about the UPC in Spain (...


[OSSN-0081] sha512_crypt is insufficient for password hashing "IndyWatch Feed Tech"

Posted by Luke Hinds on Sep 17

sha512_crypt is insufficient for password hashing

### Summary ###

Use of sha512_crypt for password hashing in versions of Keystone prior
to Pike, is insufficient and provides limited protection against
brute-forcing of password hashes.

### Affected Services / Software ###
OpenStack Identity Service (Keystone). OpenStack Releases Ocata, Newton.

### Discussion ###

Keystone uses sha512_crypt for...


Oracle Now Supports Btrfs RAID5/6 On Their Unbreakable Enterprise Kernel "IndyWatch Feed Tech"

Besides incorporating the RHEL 7.4 changes from Red Hat into their recent Oracle Linux update, their Unbreakable Enterprise Kernel (UEK) has received a few updates of its own...

Oracle Now Supports Btrfs RAID5/6 On Their Unbreakable Enterprise Kernel "IndyWatch Feed Tech"

Besides incorporating the RHEL 7.4 changes from Red Hat into their recent Oracle Linux update, their Unbreakable Enterprise Kernel (UEK) has received a few updates of its own...


Take a Time-Lapse or Bake a Cake with this Kitchen Timer Panning Rig "IndyWatch Feed Tech"

Seems like the first thing the new GoPro owner wants to do is a time-lapse sequence. And with good reason time-lapses are cool. But they can be a bit bland without a little camera motion, like that provided by a dirt-cheap all-mechanical panning rig.

Lets hope [JackmanWorks] time-lapse shots are under an hour, since he based his build on a simple wind-up kitchen timer, the likes of which can be had for a buck or two at just about any store. The timers guts were liberated from the case and a simple wooden disc base with a 1/4-20 threaded insert for a tripod screw was added. The knob, wisely left intact so the amount of time left in the shot is evident, has a matching bolt for the cameras tripod socket. Set up the shot, wind up the timer, and let it rip at 1/60 of an RPM. Some sample time-lapse shots are in the video below.

Turning this into a super-simple powered slider for dollying during a time-lapse wouldnt be too tough if youve already got a nice pantograph slide rig built.

[via r/DIY]

Filed under: digital cameras hacks


GCC 5.5 Will Come Before Killing Off GCC5 "IndyWatch Feed Tech"

Red Hat's Jakub Jelinek has announced that GCC 5.5 will be released soon...

GCC 5.5 Will Come Before Killing Off GCC5 "IndyWatch Feed Tech"

Red Hat's Jakub Jelinek has announced that GCC 5.5 will be released soon...


Facebook opens an A.I. research outpost in Canada "IndyWatch Feed Tech"

In addition to opening the lab, Facebook has committed about $5.75 million to support AI research at McGill, the University of Montreal, the Montreal Institute of Learning Algorithms and the Canadian Institute for Advanced Research, the company said in a Facebook blog post on Friday. Alphabet and Microsoft also have invested in AI at McGill and the University of Montreal.

The move comes a week after IBM said it would spend $240 million on a new AI lab in partnership with the Massachusetts Institute of Technology.

Facebook will support Canadian AI research in addition to setting up a lab in Montreal.


Lunar Regolilth "IndyWatch Feed Tech"

The Global Space Organization plans to utilize lunar regolith as a construction material when we build our GSO Lunar Station One, but lunar regolith also contains many elements that can be utilized to sustain life and human habitation on the lunar surface.

Averages of these elements found:
Oxygen % 60.9
Silicon % 16.4
Aluminum % 9.4
Calcium % 5.8
Magnesium % 4.2
Iron % 2.3
Sodium % 0.4
Titanium % 0.3

There are many traces elements found as well that could be used to refine plastics, produce sugars, vitamins and harness gasses such as neon and helium.


Savaged by Systemd "IndyWatch Feed Tech"

The other day, Michael W Lucas, who is normally known for good technical literature, put up a wild experiment of a short story: Savaged by Systemd. It's erotica, sort of. It's computer erotica, to be specific. It's Linux sysadmin erotica, to be more specific. OK, fine, it's systemd erotica. Really. Anyway, despite the subject and the genre, and in spite of the combination of the two, the e-book is trending and rising in quite a few lists.

Hopefully he can still remain focused on Absolute FreeBSD and be able to get that finished by the next BSDCan.

[Ed note: Has anybody actually bought and read this short story? I wasn't going to spend $2.99 to see what the hubub was about. - cmn32480]

Original Submission

Read more of this story at SoylentNews.


Kodi Trademark Troll Has Interesting Views on Co-Opting Other Peoples Work "IndyWatch Feed Tech"

The Kodi team, operating under the XBMC Foundation, announced last week that a third-party had registered the Kodi trademark in Canada and was using it for their own purposes.

That person was Geoff Gavora, who had previously been in communication with the Kodi team, expressing how important the software was to his sales.

We had hoped, given the positive nature of his past emails, that perhaps he was doing this for the benefit of the Foundation. We learned, unfortunately, that this was not the case, XBMC Foundation President Nathan Betzen said.

According to the Kodi team, Gavora began delisting Amazon ads placed by companies selling Kodi-enabled products, based on infringement of Gavoras trademark rights.

[O]nly Gavoras hardware can be sold, unless those companies pay him a fee to stay on the store, Betzen explained.

Predictably, Gavoras move is being viewed as highly controversial, not least since hes effectively claiming licensing rights in Canada over what should be a free and open source piece of software. TF obtained one of the notices Amazon sent to a seller of a Kodi-enabled device in Canada, following a complaint from Gavora.

Take down Kodi from Amazon, or pay Gavora

So who is Geoff Gavora and what makes him tick? Thanks to a 2016 interview with Ali Salman of the Rapid Growth Podcast, we have a lot of information from the horses mouth.

It all began in 2011, when Gavora began jailbreaking Apple TVs, loading them with XBMC, and selling them to friends.

I did it as a joke, for beer money from my friends, Gavora told Salman.

Id do it for $25 to $50 and word of mouth spread that I was doing this so we could load on this media center to watch content and online streams from it.

Intro to the interview with Ali Salman

Soon, however, word of mouth caused the business to grow wings, Gavora claims.

So they started telling people and I start tellin...


Cheap And Easy Motion Tracking "IndyWatch Feed Tech"

[Koppany Horvarth] set out to create a dirt-cheap optical tracking rig for VR that uses only two cameras and a certain amount of math to do its thing. He knew he could do theoretically, and wouldnt cost a lot of money, but still required a lot of work and slightly absurd amount of math.

While playing around with a webcam that hed set up to run an object-tracking Python script and discovered that his setup tended to display a translucent object with a LED inside of it as pure, washed-out white. This gave [Koppany] the idea that he could use such a light as part of his object tracking project. He 3D-printed 50mm hollow spheres out of transparent PLA, illuminated via a LED and powered by a 5V power supply hacked from an old USB cable. After dealing with some lens flares, he sanded down the PLA a little to diffuse the light and it worked like a charm.

To learn more check out his GitHub code repository. You can also take inspiration in some of the other motion tracking posts weve published in the past, like motion tracking on the cheap with a PIC and this OpenCV Airsoft turret.

Filed under: Virtual Reality


400,000 UK consumers at risk after the Equifax data breach "IndyWatch Feed Tech"

About 400,000 Britons may have had their information stolen following the Equifax data breach, the news was reported by the UK division of the company.

More details are emerging from the recent Equifax data breach that impacted approximately 143 million U.S. consumers. The attackers exploited the CVE-2017-5638 Apache Struts vulnerability that was fixed back in March, but the company did not update its systems, a thesis that was also reported by an Apache spokeswoman to the Reuters agency.

Now the UK division of the credit reference agency has revealed that 400,000 UK people were affected due to a process failure, but the systems of the company in the UK were not affected.

The platforms used by Equifax Ltd and TDX Group are entirely separated from those impacted by the Equifax Inc cybersecurity incident.

Equifax data breach

Unfortunately, the investigation revealed that there was unauthorised access to limited personal information for certain UK consumers, but hackers did not access financial data or credentials.

Regrettably, the investigation shows that a file containing UK consumer information may potentially have been accessed. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.The information was restricted to: Name, date of birth, email address and a telephone number, and Equifax can confirm that the data does not include any residential address information, password information or financial data. reads the Equifax UK.

Having concluded the initial assessment, Equifax has established that it is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them.

According to the company, the UK consumer data that may have been stolen does not include any single Equifax business clients or institution.

The Information Commissioners Office (ICO) o...


FTC Slaps Lenovo on the Wrist for Selling Computers With Secret Adware "IndyWatch Feed Tech"

Submitted via IRC for SoyCow1937

The FTC said Tuesday [September 5] that it cannot stop computer makers from selling computers that inject ads into webpages to US consumers. The statement covers Lenovo's practice of having sold computers pre-installed with the so-called VisualDiscovery adware developed by a company called Superfish. This adware, which was installed on computers without consumers' knowledge, hijacked encrypted Web sessions that made users vulnerable to HTTPS man-in-the-middle attacks and shared user browsing data with third parties.

In a Tuesday court settlement with Lenovo, the FTC said the Chinese hardware maker, or any computer company for that matter, was free to sell computers with the adware made from a company called Superfishas long as consumers consented before it was downloaded on the machine.

"As part of the settlement with the FTC, Lenovo is prohibited from misrepresenting any features of software preloaded on laptops that will inject advertising into consumers' Internet browsing sessions or transmit sensitive consumer information to third parties. The company must also get consumers' affirmative consent before pre-installing this type of software," the FTC announced.

According to a Reuters article Lenovo paid a fine of $3.5million dollars as part of the settlement.


Original Submission

Read more of this story at SoylentNews.


MAGENTO 2.0.16 and 2.1.9 security update fixes critical flaw in the platform "IndyWatch Feed Tech"

Magento released updates for Magento Commerce and Open Source 2.1.9 and 2.0.16 that fixed also a critical remote code execution vulnerability.

Magento released updates for Magento Commerce and Open Source 2.1.9 and 2.0.16 that fixed numerous flaws, including a critical remote code execution vulnerability.

The remote code execution flaw impacts content management system (CMS) and layouts, it could be exploited by an administrator with limited privileges to add malicious code when creating a new CMS page.

A Magento administrator with limited privileges can introduce malicious code when creating a new CMS Page, which could result in arbitrary remote code execution. states the security advisory.

The vulnerability affects Magento Open Source prior to, Magento Commerce prior to, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9 and has been addressed in Magento Open Source, Magento Commerce, SUPEE-10266, Magento 2.0.16, and Magento 2.1.9.

The company also addresses three High severity vulnerabilities affecting Magento 2.0 prior to 2.0.16 and Magento 2.1 prior to 2.1.9.

The list of the flaws includes a cross-site request forgery (CSRF) issue, an unauthorized data leak, and authenticated Admin user remote code execution vulnerability.

Magento Commerce and Open Source 2.1.9 and 2.0.16 contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. These releases also include support for the changes to the USPS shipping rates that the USPS introduced on September 1, 2017. states the advisory.

The update also addresses a total of 28 Medium risk vulnerabilities, including abuse of functionality, information leak, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS, stored), unvalidated redirection, remote code execution, insufficient session expiration, Denial of Service (DoS), and Insecure Direct Object Reference (IDOR).

The exploitation of the flaws opens the door to various attacks, including Man-in-the-middle attacks, redirection of the users to an external site, or re-usage of cookies.

Other vulnerabilities can be exploited by local admins to the sitemap generation t...


Dangerous Things "IndyWatch Feed Tech"

We believe our bodies are our own, to do with what we want. Biohacking is leading the next phase of human evolution, and were excited to be a part of it.


America's Luckiest Lottery Players "IndyWatch Feed Tech"

Spotted at HackerNews is a link to a multipart series from Pennsylvania's PennLive and several collaborating outlets on the wins of improbably lucky lottery players.

On, Dec. 29, 2016, Clarance Jones did something that most Americans could scarcely imagine: He cashed-in 20 winning scratch-off tickets, collectively worth $21,000, one after the other.

For the average lottery player, that would be the ultimate payday. For Jones, it was practically routine.

In the past six years, the 79-year-old from Lynn, Mass., has won more than 7,300 lottery tickets, totaling $10.8 million. That establishes him, by far, as the luckiest lottery player in America.

But that luck, experts say, is unlikely to be what it seems. And Jones is not alone in raising eyebrows

The three part series goes on to look at the patterns of frequent winners, and the attitudes of lottery retailers to these apparent runs of incredible good fortune.

In Pennsylvania alone, more than 200 players have won at least 50 prizes of $600 or more in the past 16 years.

Statisticians approached by PennLive say many of those wins are difficult to explain by luck. In other states, investigations into frequent winners have sometimes found their wins are rooted in theft and cheating, or schemes relating to tax evasion and money laundering.

"From a statistical point of view it stinks to high heaven," said Ronald Wasserstein, executive director of the American Statistical Association.

The Pennsylvania Lottery, however, has a different view: Its most frequent winners are simply frequent players.

The Original HackerNews Thread and reporting from the Columbia Journal on the FOIA requests which underly the reporting. There are associated articles in The Boston Globe, New York Daily News, Hartford Courant, and...


A Lightsaber, With Rave Mode "IndyWatch Feed Tech"

How often after being exposed to Star Wars did you dream of having your own working lightsaber? These days well, we dont quite have the technology to build crystal-based weapons, but tailor-made lightsabers like redditor [interweber]s are very much real.

Piggybacking off the Korbanth Graflex 2.0 kit a sort of bare-bones lightsaber ready to personalize [interweber] is using a Teensy 3.5 to handle things under the hilt. Instead of taking the easy route and cramming everything into said handle, a 3D printed a cradle for the electronics and speaker keep things secure. The blade is made up of two meters of APA102 LEDs.

As well as all the sound effects appropriate to an elegant weapon for a more civilized age, a cluster of buttons handle the various functions; , playing and cycling through music(more on that in a second), changing the color of the lightsaber Jedi today, Sith tomorrow enabling a flickering effect that mimics Kylo Rens lightsaber, color cycling, and a. rave mode?

Altogether, this is probably one of the safer lightsabers you could bring to a party, since some of the more functional versions weve featured may not go over so well with your fellow revelers.

[via /r/electronics]

Filed under: led hacks, weapons hacks


Energy Dept Spends $33M to Harden Grid Against Network, Kinetic Attack "IndyWatch Feed Tech"

The grants focus on improving grid resiliency during a cyberattack and speeding recovery.

The Energy Department announced a roughly $33 million investment Tuesday in seven projects aimed at securing the electric grid against cyberattacks, physical attacks and weather disasters.

The projects are designed both to make grid systems more secure against cyberattacks and to improve their ability to withstand a cyberattack, according to a department fact sheet.


X11 has Turned 30 Years Old "IndyWatch Feed Tech"

September 15th was the 30th anniversary of the anniversary of X11

The X11 window system turns 30 years old today! X11 which still lives on through today via the X.Org Server on Linux, BSD, Solaris, and other operating systems is now three decades old.

[As a point of reference, Intel introduced the 80386 in 1985 and the 80386SX variant in 1988. --Ed.]

Original Submission

Read more of this story at SoylentNews.


2017 Baillie Gifford Longlist Announced "IndyWatch Feed Tech"

More great news with the book Mark OConnells To Be a Machine, whose closing chapter is on The Immortality Bus journey and my presidential run. It was nominated on the longlist of UKs Baillie Gifford award for nonfiction. This is one of the most prestigious nonfiction prizes in the UK: #transhumanism



Table-Top Self Driving With The Pi Zero "IndyWatch Feed Tech"

Self-driving technologies are a hot button topic right now, as major companies scramble to be the first to market with more capable autonomous vehicles. Theres a high barrier to entry at the top of the game, but that doesnt mean you cant tinker at home. [Richard Crowder] has been building a self-driving car at home with the Raspberry Pi Zero.

The self-driving model is trained by first learning from the human driver.

[Richard]s project is based on the EOgma Neo machine learning library. Using a type of machine learning known as Sparse Predictive Hierarchies, or SPH, the algorithm is first trained with user input. [Richard] trained the model by driving it around a small track. The algorithm takes into account the steering and throttle inputs from the human driver and also monitors the feed from the Raspberry Pi camera. After training the model for a few laps, the car is then ready to drive itself.

Fundamentally, this is working on a much simpler level than a full-sized self-driving car. As the video indicates, the...


Development Release: FreeBSD 10.4-RC1 "IndyWatch Feed Tech"

Marius Strobl has announced the availability of the first release candidate for FreeBSD 10.4, an upcoming new stable release in the project's legacy 10.x branch: "The first RC build of the 10.4-RELEASE release cycle is now available. Noteworthy changes since 10.4-BETA4: an upstream fix for zlib compression has....


Video Game Players Get Varsity Treatment at More US Colleges "IndyWatch Feed Tech"

Varsity esports teams are becoming increasingly common on college campuses as more schools tap into the rising popularity of competitive gaming.

Experts say 50 U.S. colleges have formed varsity gaming teams that offer at least partial scholarships over the past three years, and many have hired coaches and analysts like other sports teams.

Michael Brooks is executive director of the National Association of Collegiate eSports. He says it has grown "dramatically" and caught organizers off guard.

The success of professional esports has spurred many smaller schools to start varsity teams as a way to boost enrollment numbers.

Among those with new teams is the College of St. Joseph, a school of 260 students in Vermont. The school's athletic director says "nearly every kid on campus wants to be a part of this."

"Dear Admissions Committee, I should get a full sports scholarship because I'm, like, really good at Pong and stuff."

Original Submission

Read more of this story at SoylentNews.


Linux 4.14-rc1 Released A Day Early "IndyWatch Feed Tech"

Linus Torvalds has tagged the first release candidate of Linux 4.14 one day early and thereby marking the end of the new feature merge window for this kernel series...

Linux 4.14-rc1 Released A Day Early "IndyWatch Feed Tech"

Linus Torvalds has tagged the first release candidate of Linux 4.14 one day early and thereby marking the end of the new feature merge window for this kernel series...


Watch "NanoMind: AI-Powered Nano Design". "IndyWatch Feed Tech"

Watch NanoMind: AI-Powered Nano Design.

Watch "Effective Altruism: How to Evaluate Hard-To-Measure Approaches". "IndyWatch Feed Tech"

Watch Effective Altruism: How to Evaluate Hard-To-Measure Approaches.


A Battery-Tab Welder with Real Control Issues "IndyWatch Feed Tech"

Spot welding should easier than it looks. After all, its just a lot of current in a short time through a small space. But its the control that can make the difference between consistently high-quality welds and poor performance, or maybe even a fire.

Control is where [WeAreTheWatt]s next-level battery tab spot welder shines. The fact that theres not a microwave oven transformer to be seen is a benefit to anyone sheepish about the usual mains-powered spot welders we usually see, even those designed with safety in mind. [WeAreTheWatt] chose to power his spot welder from a high-capacity RC battery pack, but wed bet just about any high-current source would do. The controller itself is a very sturdy looking PCB with wide traces and nicely machined brass buss bars backing up an array of MOSFETs. A microcontroller performs quite a few functions; aside from timing the pulse, it can control the energy delivered, read the resistance of the 8AWG leads for calibration purposes, and even detect bad welds. The welder normally runs off a foot switch, but it can also detect when the leads are shorted and automatically apply a pulse perfect for high-volume production. See it in action below.

There may be bigger welders, and ones with a little more fit and finish, but this one looks like a nicely engineered solution.

Thanks to [mick hanks] for the tip.

Filed under: tool hacks


Equifax confirms up to 400,000 UK consumers at risk after data breach "IndyWatch Feed Tech"

Credit reporting agency Equifax has revealed more details of just how many people are affected in the UK, as consumers are warned of the risk of phishing attacks.

Read more in my article on the We Live Security blog.


Why Are There Still Nazis? These Eight Questions Can Help Explain. "IndyWatch Feed Tech"

It's 2017. Why are there still Nazis?

It's a question many observers are asking after hundreds of white supremacists, many displaying swastikas and Confederate battle flags and shouting racist, anti-Semitic, and anti-communist slogans, took to the streets of Charlottesville, Va., this weekend, provoking violence that claimed the life of one counter-protester and resulted in multiple injuries.

The continued existence of people who hold openly white supremacist ideologies more than seven decades after the fall of the Third Reich can be explained, in part, through a social theory developed in the early 1990s. Social dominance theory seeks to explain how hierarchy-enhancing ideologies do not just drive social inequality, but are also a result of it. It suggests that a single personality trait, called social dominance orientation (SDO), strongly predicts a person's political and social views, from foreign policy and criminal justice to civil rights and the environment. What's more, it offers insight into how ideologies such as racism, sexism, and xenophobia tend to arise from the unequal distribution of a society's resources.

"Social dominance theory provides a yardstick for measuring social and political ideologies," says Felicia Pratto, who developed the theory with fellow psychologist Jim Sidanius. "SDO is one way not the only one to try to figure out what those ideologies are 'about.'"

You too can take the Social Dominance Orientation quiz to determine your nazi quotient.

Original Submission

Read more of this story at SoylentNews.


About critical damping "IndyWatch Feed Tech"

Having to deal with DSP texts written by engineers, I have sometimes to work a bit to get a good grasp the concepts, which many times are not explained clearly from their mathematical bases. Often, a formula is just used without much motivation. Lately, I've been trying to understand critically damped systems, in the context of PLL loop filters.

The issue is as follows. In a second order filter there is a damping parameter \zeta > 0 . The impulse response of the filter is an exponentially decaying sinusoid if \zeta < 1 (underdamped system), a decaying exponential if \zeta > 1 (overdamped system) and something of the form C t e^{-\lambda t} if \zeta = 1 (critically damped system). Critical damping is desirable in many cases because it maximizes the exponential decay rate of the impulse response. However, many engineering texts just go and choose \zeta = \sqrt{2}/2 without any justification and even call this critical damping. Here I give some motivation starting with the basics and explain what is special about \zeta = \sqrt{2}/2 and why one may want to choose this value in applications.

We st...

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Saturday, 16 September


Links 16/9/2017: More of Public Money, Public Code, Equifax Failed to Patch for Months "IndyWatch Feed Tech"

GNOME bluefish



  • Kernel Space

    • Kernel Sources for Motorola Devices Appear to Differ from Binaries on Live Devices

      Androids foundations are born in open source, releasing as an open source operating system and growing to be the largest operating system in the world. Without licenses like the General Public License (GPL), open source could not have been enforced


      The GPL has protected so much of the growing Android community over the years. It allows developers from anywhere in the world to take a device and use the kernel source code to make something great out of it. Its a recipe for brilliance in some cases, with some amazing feats of intuition and development shown daily by our amazing developer community. To build an AOSP-based ROM for any device, for instance, its imperative that we have access to the kernel source code to ensure that the ROM can boot properly.

    • Videos: A Conversation with Linux and Git Creator Linus Torvalds
    • CPU frequency governors and remote callbacks

      The kernels CPU-frequency (cpufre...


Alaska Voter Database Exposed Online "IndyWatch Feed Tech"

By Waqas

IT security researchers at Kromtech Security Center discovered an unprotected database

This is a post from Read the original post: Alaska Voter Database Exposed Online


Guess what happened after VEVO told its hackers to 'f**k off'... "IndyWatch Feed Tech"

VEVO hackers briefly posted 3.12 TB of music service's internal data online

A hacking gang posted 3.12 terabytes of VEVO's internal files online, after it discovered the company was being reckless with its security.

David Bisson reports.


Facebook under fire over Russian ads in election "IndyWatch Feed Tech"

Facebook is under fire after revealing that a Russian group tied to the Kremlin bought political ads on its platform during the 2016 elections.Lawmakers are demanding answers, and liberal groups, who say the company failed to crack down on fake news...


Linux 4.14 Gets A Driver For PWM-Controlled Vibrators "IndyWatch Feed Tech"

Dmitry Torokhov has sent in a second helping of input updates for the Linux 4.14 merge window that is closing this weekend...


Linux RAID Performance On NVMe M.2 SSDs "IndyWatch Feed Tech"

For boosting the I/O performance of the AMD EPYC 7601 Tyan server I decided to play around with a Linux RAID setup this weekend using two NVMe M.2 SSDs. This is our first time running some Linux RAID benchmarks of NVMe M.2 SSDs and for this comparison were tests of EXT4 and F2FS with MDADM soft RAID as well as with Btrfs using its built-in native RAID capabilities for some interesting weekend benchmarks.


Experimental Nouveau Reclocking Patches Updated, Including For Maxwell GPUs "IndyWatch Feed Tech"

Karol Herbst has sent out 29 updated patches on Friday for a major rework to the Nouveau clock related code for re-clocking and related functionality. This includes a "hacky workaround" for getting re-clocking to function on GeForce GTX 900 "Maxwell 2" GPUs...


MIPS Changes Submitted For Linux 4.14: NI 169445, Omega2+, MT7628A Support "IndyWatch Feed Tech"

There are many MIPS updates to find with the in-development Linux 4.14 kernel...


The Graphics Talks Of The 2017 Open-Source Summit NA "IndyWatch Feed Tech"

This week the Linux Foundation hosted their annual Open-Source Summit 2017 North America. There were two graphics talks this year led by Collabora developers...


The DRM Changes For The Linux 4.14 Kernel "IndyWatch Feed Tech"

With the Linux 4.14 merge window period combined with the fact of the DRM pull request having been submitted early this cycle, I didn't have a chance to provide a recap of the Direct Rendering Manager changes for 4.14. Here's that overview for those not in tune with the many individual articles that had been written about the different Linux 4.14 graphics driver changes...


Linux 4.14 Dropping In-Tree Firmware "IndyWatch Feed Tech"

Linux 4.14 is getting rid of its in-kernel firmware/ tree...


NVIDIA 381.26.17 Adds Vulkan 1.0.61 Support "IndyWatch Feed Tech"

For those wanting the bleeding-edge NVIDIA Vulkan driver support, a new beta was pushed out today providing same-day support for the Vulkan 1.0.61 update...

Friday, 15 September


Radeon RX Vega OpenGL Linux Performance For September 2017 "IndyWatch Feed Tech"

It's been a couple weeks since running any Mesa Git benchmarks to show the latest state of the open-source Radeon Linux graphics stack, so here are some fresh numbers with the RX Vega 56 and RX Vega 64 along with other Radeon GPUs compared to the NVIDIA Linux performance.


Wine 2.17 Brings DirectWrite & Virtual Memory Improvements, OpenGL 4.6 "IndyWatch Feed Tech"

Wine 2.17 is now available as the latest bi-weekly development snapshot for running Windows games and applications on Linux and other operating systems...


Today Marks 30 Years Since The Release Of X11 "IndyWatch Feed Tech"

The X11 window system turns 30 years old today! X11 which still lives on through today via the X.Org Server on Linux, BSD, Solaris, and other operating systems is now three decades old...


Mesa 17.2.1 Being Prepped For Release Next Week "IndyWatch Feed Tech"

For those that have been waiting for the first point release of Mesa 17.2 before upgrading, the release candidate is out while the official build is slated for next week...


In A Win For Privacy, Uber Restores User Control Over Location-Sharing "IndyWatch Feed Tech"

After making an unfortunate change to its privacy settings last year, we are glad to see that Uber has reverted back to settings that empower its users to make choices about sharing their location information.

Last December, an Uber update restricted users' location-sharing choices to "Always" or "Never," removing the more fine-grained "While Using" setting. This meant that, if someone wanted to use Uber, they had to agree to share their location information with the app at all times or surrender usability. In particular, this meant that riders would be tracked for five minutes after being dropped off.

Now, the "While Using" setting is backand Uber says the post-ride tracking will end even for users who choose the "Always" setting. We are glad to see Uber reverting back to giving users more control over their location privacy, and hope it will stick this time. EFF recommends that all users manually check that their Uber location privacy setting is on "While Using"after they receive the update.

1.     Open the Uber app, and press the three horizontal lines on the top left to open the sidebar.

2.     Once the sidebar is open, press Settings.

3.     Scroll to the bottom of the settings page to select Privacy Settings.

4.     In your privacy settings, select Location.

5.     In Location, check to see if it says Always.  If it does, click to change it.

6.     Here, change your location setting to "While Using" or "Never...


GCC Finishing Up C++17 Adjustments, Preparing For C++2A "IndyWatch Feed Tech"

While C++17 was just formally approved days ago and is now waiting for ISO publication, GCC (and Clang) developers have largely finished up their C++17 (formerly known as "C++1z") support for some time. There are just a few lingering patches for GCC and already are beginning to lay the ground work for C++2a...


Vulkan 1.0.61 Introduces Four New Extensions "IndyWatch Feed Tech"

Vulkan 1.0.61 is now available and besides documentation fixes/updates, it also rolls out four new extensions...


Clear Linux & Their Love For FMV + dl_platform/dl_hwcap In The Name Of Performance "IndyWatch Feed Tech"

For those mesmerized by the numbers whenever posting a cross-distribution comparison like the recent Core i9 7900X vs. Threadripper 1950X On Ubuntu 17.10, Antergos, Clear Linux with showing Intel's performance optimizations done on Clear Linux, Intel engineer Victor Rodriguez presented this week at the 2017 Open-Source Summit North America about some of their Linux performance boosting work...

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog