IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Thursday, 13 December

21:08

Nintendo Targets Sellers of Pirated Switch Games in Court "IndyWatch Feed Tech"

At the start of the year the infamous hacking group Team Xecutor announced an unstoppable Nintendo Switch hack.

This made it possible to load pirated games onto the popular console, an opportunity many people have taken advantage of.

Some have taken it a step further by offering Nintendo Switch modifications for sale, specifically mentioning the Team Xecuter hack. This is what California resident Mikel Euskaldunak did, according to Nintendo.

In a complaint filed at a federal court this week, Nintendo of America accuses the man and several unnamed accomplices of various counts of copyright and trademark infringement.

The defendants allegedly offered modification devices and physical chips for the Nintendo Switch which bypass Nintendos anti-piracy protections.

This modification is installed in a users Nintendo Switch in the form of a circumvention tool along with unauthorized custom firmware. This exploit allows the playing of pirated Nintendo Console Games, the company writes.

Euskaldunak sold the mods in public through a profile at OfferUp.com. According to the advert, the Team Xecuter mod would allow buyers to play any Switch games they want.

Just load and play! In connection with the purchase of Nintendo Switch Mod Play Switch Games Team Xecuter, Defendants will give [the buyer] a free game of [his or her] choice, it reads.

In addition, the defendant also offered a 64GB SD card containing pirated games which could be loaded through Team Xecuters dongle.

These SD cards will come with any 4-6 (depending on the game size) released Nintendo Switch games of your choice. That is less than the price of a single Switch game.

The defendants OfferUp offer

Nintendo believes that the defendants modified more than 100 Switch game systems. In addition, they are suspected of having access to a large library of Switch games, including dozens of titles that havent been released in the US yet.

Interestingly, the sellers are aware that pirating games does not come without challenges. They explicitly warn that games downloaded from the Internet might be tracked...

21:00

Latest Talk From IBMs Manny Schecter Shows That IBM Hasnt Changed and After the Red Hat Takeover Itll Continue to Promote Software Patents "IndyWatch Feed Tech"

And dont forget what David Kappos is doing

Manny Schecter
Photo credit: Esteban Minero

Summary: IBMs hardheaded attitude and patent aggression unaffected by its strategic acquisition of a company that at least claimed to oppose software patents (whilst at the same time pursuing them)

THE SO-CALLED champion of the U.S. Patent and Trademark Office (USPTO) was, for a number of decades, IBM, based on the number of granted patents.

As IBM takes over Red Hat (not finalised yet) Red Hat could use a reminder that IBM is hostile to software freedom, free software, sharing etc. because it's a propagandist for software patents and it's aligned with 'IP' extremists' front groups. Its funding them and its leading them.

Less than a day ago this article from a site of patent propagandists (pro-patent trolls, pro-UPC, pro-software patents and so on) was published with this summary: IBMs Manny Schecter believes public awareness of intellectual property has increased but there has not been a corresponding increase in understanding (patents are not property).

He mentioned patents specifically:

On the patent side, people often get confused about various aspects of patents, such as the difference between filing and grant date. All understandable, noted Schecter.

Those who are intimately familiar with IP do not necessarily help the situation: a second area of confusion, according to Schecter, comes from the public debate around IP. We argue vigorously for positions in the intellectual property world, and we have a tendency to use a lot of rhetoric and take a lot of extreme positions in trying to make our point, said Schecter. Sometimes we actually want that extreme position and sometimes we are just trying to get our point across.

Schecter urged the audience to close the gap be...

20:47

Windows 10 Activity History Sent to Microsoft Despite Setting to Turn It Off "IndyWatch Feed Tech"

Submitted via IRC for Bytram

Windows 10 can carry on slurping even when you're sure you yelled STOP!

A feature introduced in the April 2018 Update of Windows 10 may have set off a privacy landmine within the bowels of Redmond as users have discovered that their data was still flowing into the intestines of the Windows giant, even with the thing apparently turned off. In what is likely to be more cock-up than conspiracy, it appears that Microsoft is continuing to collect data on recent user activities even when the user has explicitly said NO, DAMMIT!

First noted in an increasingly shouty thread over on Reddit, the issue is related to Activity History, which is needed to make the much-vaunted and little-used Timeline feature work in Windows 10.

Introduced in what had previously been regarded as one of Microsoft's flakiest updates prior to the glory of the October 2018 Update, of course Timeline allows users to go back through apps as well as websites to get back to what they were doing at a given point. Use a Microsoft account, and a user can view this over multiple PCs and mobile devices (as long you are signed in with that same Microsoft account). The key setting is that "Send my activity history to Microsoft" check box. Uncheck it and you'd be forgiven for thinking your activity would not be sent Redmondwards. Right?

Except, er, the slurping appears to be carrying on unabated. The Redditors reported that if one takes a look at the Activity History in the Privacy Dashboard lurking within their account, apps and sites are still showing up.


Original Submission

Read more of this story at SoylentNews.

20:42

Foldable Drone Changes Its Shape in Mid-Air "IndyWatch Feed Tech"

This quadrotor can alter its shape in flight depending on where it needs to go

Quadrotors are fast, cheap, and capable, and theyre getting smarter all the time. Where they struggle a little bit is with adaptation. Many other kinds of robots can change their structure to better perform different tasks: Humanoids do it all the time, with all those conveniently placed limbs. Hey, wouldnt it be cool if drones had movable limbs too? Yes, it would. Someone should figure out how to do that.

Weve seen some drones in the past that can alter their shape in flight, but this Folding Drone (developed by roboticists from University of Zurich and EPFL) is different in several important ways. Each of its four arms has a servo motor at the base that can rotate one propeller independently, with some height differences between the arms making sure that the Folding Drone doesnt immediately blenderize itself. While there are some arm location combinations that are particularly handy, like completely unfolded (X morphology), completely folded (O), straight line (H), and partly folded (T), the drone isnt limited to those shapes, and it remains fully stable and controllable wherever its arms happen to be, even if the configuration is asymmetric. Its not easy to do thisit requires an adaptive control scheme able to cope in real-time with the dynamic morphology of the vehicle.

We exploit the morphing to adapt the vehicles size to tasks such as traversing gaps, inspecting surfaces, or transporting objects. However, we believe that a morphing quadrotor can tailor its shape to more dynamic tasks, like for example flying at high speed, where it can improve its performance by folding to change its aerodynamic properties. This would allow very fast flight in time-critical scenarios. Davide Scaramuzza, University of Zurich

While the Folding Drone doesnt have quite as many degrees of freedom as that crazy flying dragon robot from ICRA, its much less complex and expensive, and can transform very quickly, as you can see in the video. It may not be able to wrap itself around anyones neck and slowly strangle them, but well let that slide just this once. The (relatively) simple design helps the Folding Drone maintain both efficiency and versatility, allowing it to operate autonomously with onboard sensing and computing. It doesnt sound like the drone can autonomously decide how to reconfigure itself to get past an obstacle yet, but the researchers are definitely working on that.

Theyre also working o...

20:30

The Battle Between Robot Harmonica And Machine Finger Rages On "IndyWatch Feed Tech"

When asking the question Do humans dream of machines?, its natural to think of the feverish excitement ahead of an iPhone or Playstation launch, followed by lines around the block of enthusiastic campers, eager to get their hands on the latest hardware as soon as is humanly possible. However, its also the title of an art piece by [Jonghong Park], and is deserving of further contemplation. (Video after the break.)

The art piece consists of a series of eight tiny harmonicas, which are in turn, played by eight fans, which appear to have been cribbed from a low-power graphics card design. Each harmonica in turn has a microphone fitted, which, when it picks up a loud enough signal, causes an Arduino Nano to actuate a mechanical finger which slows the fan down until the noise stops. Its the mechanical equivalent of a stern look from a parent to a noisy child. Then, the cycle begins again.

The build is very much of the type we see in the art world put together as simply as possible, with eight Arduinos running the eight harmonicas, whereas an engineering approach may focus more on efficiency and cost. Between the squeaks from the toy harmonicas and the noise from the servos entrusted to quiet them, the machine makes quite the mechanical racket. [Jonghong] indicates that the piece speaks to the interaction of machine (robot harmonica) and humanity (the finger which quells the noise).

Its a tidily executed build which would be at home in any modern art gallery. It recalls memories of another such installation, which combines fans and lasers into a musical machine.

 

20:27

Virgin Galactic edges toward space tourism with flight to boundary of space "IndyWatch Feed Tech"

Virgin Galactics tourism space shuttle on Thursday flew over 50 miles above the earths surface, reaching a height considered by the U.S. Air Force and other government agencies to be the boundary of space.The ship reached a height of 51 miles over...

20:02

When we send astronauts to the surface of the Moon in the next decade, it will be in a sustainable fashion, says NASA Administrator Jim Bridenstine "IndyWatch Feed Tech"

When we send astronauts to the surface of the Moon in the next decade, it will be in a sustainable fashion, says NASA Administrator Jim Bridenstinee. Learn how well expand partnerships with industry and other nations to explore the Moon and advance our exploration missions to even farther destinations, such as Mars: https://go.nasa.gov/2GeqhZL

19:58

The European Patent Troll Wants as Much Litigation as Possible "IndyWatch Feed Tech"

And as many granted European Patents as it can get away with

Antnio Campinos FTI

Summary: Patent quality is a concept no longer recognisable at the European Patent Office; all that the management understands is speed and PACE, which it conflates with quality in order to register as much cash as possible before the whole thing comes crashing down (bubbles always implode at the end)

THE European Patent Office (EPO) does not intend to improve patent quality. It does not even acknowledge such an issue. Antnio Campinos is happy enough to personally promote software patents in Europe (even in his blog) and tell concerned stakeholders such as law firms that he just wants to remove the cause/source of criticism rather than properly tackle the issue. Kluwer Patent Blog wrote about it last month and commenters were understandably upset. Who does todays EPO serve? As we put it some weeks ago, "Antnio Campinos is Working for Patent Trolls at the Expense of Science and Technology" (the original purpose of the Office was to advance science).

Just more than a day ago the EPO was retweeting epi as saying: Visit us at the EPO Vienna, 5 Feb 19 for the Opposition & Appeal seminar supported by the EPO. You get an intensive and practical overview of all relevant legal & practical issues concerning opposition and appeal proceedings before the @EPOorg. https://patentepi.com/r/Opposition_Appeal_seminar

As a reminder to our readers, epi very belatedly protested EPO abuses and the same goes for EPLAW [1, 2], whose latest think tank was boosted by IP Kat yesterday. Annsley Mere...

19:55

Privacy Coalition to Congress: Dont Dismantle Stronger State Data Privacy Laws "IndyWatch Feed Tech"

After years of claiming self-regulation would keep them in line, big tech companies spooked by new state data privacy safeguards are now calling for a national privacy lawone that would roll back these vital state protections.

We are one of sixteen consumer privacy and civil rights groups to remind Congress that while we support federal baseline data privacy legislation that provides basic protection for all Americans, such a law must not come at the price of dismantling (or as lawyers say, preempting) the legal rights of people who live in states with stronger data privacy protections.

State governments across the country have stepped up in the fight to strengthen privacy, with laws that grant their citizens important protectionssuch as a right to know what personal information companies collect about them (California), the right to decide whether to share biometric information with companies (Illinois), and protection from fraudulent collection of their data (Vermont).

As our coalition says in our letter:

We urge you to focus intently on the rights and dignity of your constituents by actively opposing any proposals to preempt stronger state laws in federal privacy legislation, so that existing state protectionsboth regulatory standards and liability rulesare maintained and so that states are free to adopt new protections.

While EFF would welcome sensible nationwide legislation that increases everyones protections for data privacy, a uniform federal law is counterproductive if it blocks something stronger. We will oppose any federal legislation that preempts hard-fought state privacy rules that provide stronger protection.

As we said in our ...

19:34

Radeon Software Adrenalin 2019 Rolls Out While Linux Users Should Have AMDGPU-PRO 18.50 "IndyWatch Feed Tech"

AMD today released their Radeon Software Adrenalin 2019 Edition geared for Windows gamers while Linux users should have AMDGPU-PRO 18.50 available shortly for those wanting to use this hybrid Vulkan/OpenGL driver component that does also feature the AMDGPU-Open components too in their stable but dated composition...

19:30

Unlocking Android phones with a 3D-printed head "IndyWatch Feed Tech"

Unlocking Android phones with a 3D-printed head

Forbes journalist Thomas Brewster wanted to find out just how well a variety of Android phones and a top-of-the-range Apple iPhone would fare against a determined attempt to break facial recognition. And he did that by having a 3D-model printed of his head.

Read more in my article on the Tripwire State of Security blog.

19:03

Juno snaps giant Jupiter polar storms "IndyWatch Feed Tech"

NASAs JunoCam has captured photos of huge, endless storms on our Solar Systems largest planet. .

19:03

Antnio Campinos Turns His Boss Into His Lapdog, Just Like Battistelli and Kongstad "IndyWatch Feed Tech"

And the brand new management is still a censorship operation

Battistelli and Kongstad

Summary: The European Patent Organisation expects us to believe that Josef Kratochvl will keep the Office honest while his predecessor, the German who failed to do anything about Battistellis abuses, becomes officially subservient to Antnio Campinos

EARLIER THIS week the European Patent Organisation (EPO) made the decision to choose a particular new Chairman of the Administrative Council, seeing that in a matter of weeks Antnio Campinos turns his 'boss' into his assistant. Its just as ludicrous as that sounds and it says a lot about the lack of oversight at the EPO.

Suffice to say, the European Patent Office wont be bossed by him but will boss him, as usual, as its a rogue institution where Campinos, according to insiders, seeks to have even greater powers than Battistelli.They wrote in Twitter that Josef Kratochv [is] elected Chairman of the Administrative Council of the European Patent Organisation, pointing to a page from the prior day (warning: epo.org link).

Suffice to say, the European Patent Office wont be bossed by him but will boss him, as usual, as its a rogue institution where Campinos, according to insiders, seeks to have even greater powers than Battistelli. Look no further than the fact that his former boss will be bossed by him very shortly; but there are other aspects to this power grab, other than this uttertly gross reversal of roles.

Next month well have a lot to say about the Croat who made corruption at the EPO not only banal; it encouraged the Office to aggressively block and punish anything and anyone who dared bring up the subject.To quote the EPO: The Administrative Council of the European Patent Organisation today elected Josef Kratochvl (CZ) as its Chairman. Mr Kratochvl succeeds Christoph Erns...

19:03

Brightest comet of the year will zoom near Earth next week "IndyWatch Feed Tech"

Itll be 7.2 million miles away, but that still might be close enough to see with the naked eye heres when to catch it.

19:01

Jeremy Hong: Weaponizing the Radio Spectrum "IndyWatch Feed Tech"

Jeremy Hong knows a secret or two about things you shouldnt do with radio frequency (RF), but hes not sharing.

That seems an odd foundation upon which to build ones 2018 Hackaday Superconference talk, but its for good reason. Jeremy knows how to do things like build GPS and radar jammers, which are federal crimes. Even he hasnt put his knowledge to practical use, having built only devices that never actually emitted any RF.

So what does one talk about when circumspection is the order of the day? As it turns out, quite a lot. Jeremy focused on how the military leverages the power of radio frequency jamming to turn the tables on enemies, and how civilian police forces are fielding electronic countermeasures as well. Its interesting stuff, and Jeremy proved to be an engaging guide on a whirlwind tour into the world of electronic warfare.

SDRs Take Wing

Jeremy comes to this field more as an informed enthusiast than as an employee or contractor for one of the many alphabet agencies or defense contractors who jealously guard such secrets. A recent EE grad from Wright State University, where courses on electronic warfare (EW) are offered, Jeremy not only developed an interest in the field but has been able to observe some of the systems in action, thanks to nearby Wright-Patterson Air Force Base.

...

19:00

How HTTPS Everywhere Keeps Protecting Users On An Increasingly Encrypted Web "IndyWatch Feed Tech"

Way back in 2010, we launched our popular browser extension HTTPS Everywhere as part of our effort to encrypt the web. At the time, the need for HTTPS Everywhere to protect browsing sessions was as obvious as the threats were ever-present. The threats may not be as clear now, but HTTPS Everywhere is still as important to users as ever.


The Relevance of HTTPS Everywhere in 2018

...

19:00

Louisiana Adopts Digital Driver's Licenses "IndyWatch Feed Tech"

Could this be the end of underage drinking in New Orleans bars?

This is a scene likely to become more common in Louisiana pubs in the coming months as residents adopt the states new digital drivers license app LA Wallet. Next week, Louisianas Office of Alcohol and Tobacco Control is expected to announce that bars, restaurants, grocery stores and other retailers  are allowed accept LA Wallet as proof of age, according to the apps developer, Envoc

Louisianas Office of Alcohol and Tobacco Control did not immediately respond to Spectrums request for confirmation of the planned announcement. 

The Baton Rouge-based company launched LA Wallet in June, after two years of collaboration with state officials. But so far only law enforcement officers making routine traffic stops are required to accept the digital drivers license. Next weeks announcement would greatly broaden the scope of the apps use.

About 71,000 people have downloaded LA Wallet so far, says Calvin Fabre, founder and president of Envoc. The app costs $5.99 in the Google Play and Apple App stores. 

Users buy it, create an account with some basic information from their physical drivers license, and create a password. Thats it. No biometric securitylike iris scans or facial recognitionrequired. 

The app links back to Louisianas Office of Motor Vehicles database, which completes the digital license with the users photo and additional information. Any changes to the license, like a suspension or renewal, are updated immediately in the app with a wireless network connection.

To present the licensesay, to a cop during a traffic stopthe driver (hoping his phone battery isnt dead) opens the app with a password, shows the cop the digital license image, and authenticates it by pressing and holding the screen to reveal a security seal. The license can be flipped over to show a scannable bar code on the back. 

Theres also a handy security feature that allows anyone with the LA Wallet app to authenticate anothe...

18:44

Speedtest.net Report Concludes That Broadband Speeds in U.S. Are Improving "IndyWatch Feed Tech"

2018 Speedtest U.S. Fixed Broadband Performance Report by Ookla

With gigabit expanding across the nation, fixed broadband speeds in the United States are rapidly increasing. Speedtest data reveals a 35.8% increase in mean download speed during the last year and a 22.0% increase in upload speed. As a result, the U.S. ranks 7th in the world for download speed, between Hungary and Switzerland. The U.S. ranks 27th for upload, between Bulgaria and Canada, during Q2-Q3 2018. Though 5G looms on the mobile horizon, fixed broadband speeds in the U.S. continue to outpace those on mobile showing both faster speeds and greater increases in speed.

During Q2-Q3 2018, the average download speed over fixed broadband in the U.S. was 95.25 Mbps. Average upload speed was 32.88 Mbps. [...] According to Speedtest Intelligence data for Q2-Q3 2018, Comcast was the fastest provider in the U.S. with their XFINITY Internet receiving a Speed Score of 104.67.

Mean download speeds varied widely across the U.S. during Q2-Q3 2018 with the fastest state (New Jersey) coming in 139.8% faster than the slowest (Maine). The East Coast fared well with 5 states (New Jersey, Massachusetts, Maryland, Delaware and Rhode Island) and the District of Columbia ranking in the top ten. [...] Kansas City, Missouri topped the fixed chart as the fastest city in the U.S. during Q2-Q3 2018 with an average download speed of 159.19 Mbps. [...] Memphis, Tennessee came in last with an average download of 44.86 Mbps and Laredo, Texas was second to last at 55.37.

On average, U.S. consumers should have few complaints about recent increases in internet speeds. [...] As ISPs continue to build out their fiber networks and gigabit-level speeds expand we only expect to see internet speeds increase across the U.S. We'll check back in next year to see if all parts of the nation are experiencing the same improvements or if some states fall even farther behind.

Should consumers look forward to hitting their data caps now faster than ever, or are data caps being rolled back on gigabit connections?


Original Submission

Read more of this story at SoylentNews.

18:34

YouTube's 'Rewind 2018' passes Justin Bieber as most disliked video in site's history "IndyWatch Feed Tech"

YouTube's "Rewind 2018" video this week surpassed Justin Bieber's "Baby" to become the most disliked video in the site's history."YouTube Rewind 2018: Everyone Controls Rewind," which was created to showcase the past year on the...

18:30

YouTube removed 58 million videos in latest quarter "IndyWatch Feed Tech"

YouTube removed 58 million videos between July and September this year because they broke community guidelines.More than 7.8 million of those videos were taken down because they violated community guidelines. The other 50.2 million were taken down...

18:23

[$] Linux in mixed-criticality systems "IndyWatch Feed Tech"

The Linux kernel is generally seen as a poor fit for safety-critical systems; it was never designed to provide realtime response guarantees or to be certifiable for such uses. But the systems that can be used in such settings lack the features needed to support complex applications. This problem is often solved by deploying a mix of computers running different operating systems. But what if you want to support a mixture of tasks, some safety-critical and some not, on the same system? At a talk given at LinuxLab 2018, Claudio Scordino described an effort to support this type of mixed-criticality system.

18:19

CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP) "IndyWatch Feed Tech"

Posted by P J P on Dec 13

Hello,

A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files
in usb_mtp_get_object and usb_mtp_get_partial_object and directories in
usb_mtp_object_readdir doesn't consider that the underlying filesystem may
have changed since the time lstat(2) was called in usb_mtp_object_alloc, a
classical TOCTTOU problem. An attacker with write access to the host
filesystem shared with a guest can use this property to...

17:46

Choosing Sensors for Medical Applications "IndyWatch Feed Tech"

Sensor based monitoring is becoming popular among the aging population. Heres how to select a sensor to fit your application and parameters.

With the ever growing and aging population, patient auto-monitoring systems are becoming more and more popular. Their popularity stems from being both consistent and repeatable in addition to being low cost. Sensor-studded monitoring instruments in this category are also versatile because they can be used both in hospitals and at home. Selecting a sensor can be simple if the application and the parameters that need to be monitored are clearly understood. The most complicated sensors are implantables, followed by sensors used in catheters (through incision) and sensors used in body cavities, sensors that are external but come in contact with body fluids and sensors for external applications.

IMPLANTABLE SENSORS

Implantable sensors need to be small, lightweight, and compatible with body mass as well as require very little power to operate. Most importantly, they must not decay over time. Since they are Class III medical devices, they automatically require FDA approval. Implantable sensors typically require two to four years for development and implementation before moving on to production. Generally, they are more expensive and require a specialist to surgically implant them. The power requirement is one of the major challenges for implantable sensors. Sensors that can function with no power are ideal, but these are few and rare in the market. Piezoelectric polymer sensors are well suited for vibration detection since they are small, reliable, durable, and require no power. Such sensors can be used in pacemakers that monitor activities of the patient.

 TE

This Piezo sensor is in the shape of a tiny cantilever beam with weight attached on one end that flops with body movement. Every time the patient moves, the sensor generates a signal. Using a pacemaker as an example, the pacemaker then receives this signal and makes the heart beat at the desired pace. The sensor can differentiate between various activities such as walking, running, or other physical activities. For instance, if the patient is resting, the signal will be zero and the pacemaker will make the heart beat at a minimal rate. In this way, the sensor signal is proportional to the level of activity. A miniature Piezo film vibration sensor is 15/100 of an inch in length including the pacemaker which houses it. Implanted sensors can also be powered by external sources. For example, a Radio Frequency (RF) energy wand when placed near a sensor located inside the body will power the sensor up. The sensor will then record patient measurements, transmit the data ba...

17:30

Tiny Art Etched into Silicon Wafers with Electron Beam Lithography "IndyWatch Feed Tech"

Looks like [Sam Zeloof] got bored on his Thanksgiving break, and things got a little weird in his garage. Of course when your garage contains a scanning electron microscope, the definition of weird can include experimenting with electron-beam lithography, resulting in tiny images etched into silicon.

Youll probably remember [Sam] from his 2018 Hackaday Superconference talk on his DIY semiconductor fab lab, which he used to create a real integrated circuit. That chip, a PMOS dual-channel differential amp, was produced by photolithography using a modified DLP projector. Photolithography imposes limits to how small a feature can be created on silicon, based on the wavelength of light.

[Sam] is now looking into using the electron beam of his SEM as a sort of CNC laser engraver to produce much finer features. The process involves spin-coating silicon wafers with SU-8, an epoxy photoresist normally used with UV light but that also turns out to be sensitive to electron beams. He had to modify his SEM to control the X- and Y-axis deflection with a 12-bit DAC and provide a custom beam blanker. With a coated wafer in the vacuum chamber, standard laser engraving software generates the G-code to trace his test images on the resist. A very quick dip in acetone develops the exposed chip.

[Sam] says these first test images are not too dainty; the bears are about 2.5 mm high, and the line width is about 10 m. His system is currently capable of resolving down to 100 nm, while commercial electron beam lithography can get down to 5 nm or so. He says that adding a Faraday cage to the setup might help him get there. Sounds like a project for Christmas break.

Radeon ROCm 1.9.1 vs. NVIDIA OpenCL Linux Plus RTX 2080 TensorFlow Benchmarks "IndyWatch Feed Tech"

Following the GeForce RTX 2080 Linux gaming benchmarks last week with now having that non-Ti variant, I carried out some fresh GPU compute benchmarks of the higher-end NVIDIA GeForce and AMD Radeon graphics cards. Here's a look at the OpenCL performance between the competing vendors plus some fresh CUDA benchmarks as well as NVIDIA GPU Cloud TensorFlow Docker benchmarks.

17:20

KDE Applications 18.12 Released With File Manager Improvements, Konsole Emoji "IndyWatch Feed Tech"

The KDE community is out with an early holiday presents for its users: KDE Applications 18.12 is shipping today...

17:18

A set of stable kernels "IndyWatch Feed Tech"

Greg Kroah-Hartman has released stable kernels 4.19.9, 4.14.88, 4.9.145, 4.4.167, and 3.18.129. They all contain important fixes and users should upgrade.

17:11

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Hacker Fantastic on Dec 13

Morning coffee not fully consumed, I meant to write NetBSD (stack overflow,
others unsure as no time to test but assumed vulnerable) in the list of
clients. I hope the supplied PoC is useful to others in testing and
removing these flaws. In my past life of having free time I would write an
IAC environment handling stress tester to isolate all occurrences of these
issues. If you think about the growing risk of IoT equipment and the use of
telnet...

17:10

Security updates for Thursday "IndyWatch Feed Tech"

Security updates have been issued by Debian (firefox-esr), Fedora (singularity), openSUSE (compat-openssl098, cups, firefox, mozilla-nss, and xen), and SUSE (cups, exiv2, ghostscript, and git).

17:01

Mesa 18.2.7 Released With Several RADV Driver Fixes, Variety Of Other Updates "IndyWatch Feed Tech"

For those not yet prepared to move over to the Mesa 18.3 series, Mesa 18.2.7 is out today with the latest batch of fixes...

17:00

French foreign ministry announced its Travel Alert Registry Hack "IndyWatch Feed Tech"

The French foreign ministry announced today that its travel alert registry website had been hacked and personal data of citizens could be misused.

The French foreign ministry confirmed tha hackers breached into
the Ariane system, its travel alert registry website, and personal data of citizens could be misused.

The Ariane system provides security alerts to registered users when traveling abroad. At the time there arent technical details about the intrusion or the number of affected people.

Users reported receiving emails notifying them that their names, cellphone numbers and email addresses may have been stolen, but the ministry said none of the data was sensitive or of a financial nature. reported the AFP press.

statement did not indicate who might be behind the attack.

The ministry started notifying the incident to the affected users, it also informed media to have taken necessary measures to avoid similar incidents in the future.

We immediately took the necessary measures to ensure this type of incident would not happen again, it said.

The Ministry confirmed that the site was now secured.

Pierluigi Paganini

(Security Affairs Travel Alert Registry, hacking)

The post French foreign ministry announced its Travel Alert Registry Hack appeared fir...

17:00

The Consumer Electronics Hall of Fame: Bowmar 901B "IndyWatch Feed Tech"

In 1973, Bowmar/ALI was the biggest calculator company in the world. In 1976, it went out of business

photo Photo: Division of Medicine and Science/National Museum of American History/Smithsonian Institution Good-Bye, Slide Rule: The Bowmar 901B (a.k.a. the Brain) calculator is generally regarded as the first calculator to use an LED display and the first to be pocket size.

The creation of the Bowmar Brain was a desperation move. In 1968, Monsanto created the first numeric LED display cheap enough to be used in consumer products. Several other companies followed Monsanto into the market, among them Bowmar/ALI, then a tiny defense-industry subcontractor in Acton, Mass.

At first, all Bowmar/ALI intended to do was make and sell LED displays. They were novel, but at the time they were also small and faint, and there werent many commercial uses for them. One possible application would have been in the compact calculators that had only recently begun to appear, but Bowmar was having trouble cracking that new and growing market.

The very earliest battery-powered calculators, which appeared in Japan around 1970 from Canon, Sharp, and Sanyo, used unwieldy fluorescent or gas-discharge displays, or even tiny thermal-paper printers. Could Bowmar succeed with a handheld calculator that used LED displays? In 1970, the company decided to find out. Thus the 901B was born.

photo Photo: Division of Medicine and Science/National Museum of American History/Smithsonian Institution Handy Guide:...

16:59

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Hacker Fantastic on Dec 13

Hi, I do not believe this is either CVE-2005-0469 or CVE-2005-0468. The
issue is the same problem I described in handling environment variables
originally, the TERM environment being a remotely reachable way of trigger
the issue in inetutils and other clients. The issue appears to behave
differently on netkit-telnet instances, and mirrors that of the Mikrotik
client - causing a ring.cc assertion error to be printed, however the
application still...

16:59

Aides advise Trump to stay out of Chinese tech executive's case: report "IndyWatch Feed Tech"

Aides have advised President Trump to stay out of the case involving a top Chinese technology executive, a source told The Wall Street Journal.Some of Trump's advisers have warned him that it would not be productive for the White House to intervene...

16:53

Delta IV Heavy Countdown Aborted Moments Before Launch "IndyWatch Feed Tech"

Submitted via IRC for SoyCow1984

Delta 4-Heavy countdown aborted moments before launch Spaceflight Now

A dramatic automatic abort 7.5 seconds before the planned liftoff of a United Launch Alliance Delta 4-Heavy rocket Saturday night kept the towering launcher on the pad at Vandenberg Air Force Base, California, with a top secret spy payload for the National Reconnaissance Office.

The 233-foot-tall (71-meter) rocket was counting down to launch at 8:15 p.m. PST Saturday (11:15 p.m. EST; 0415 GMT Sunday), but an automated sequencer detected a technical issue and triggered an abort. "Hold hold hold," a member of the ULA launch team declared on the countdown net.

[...] In the statement, ULA said the abort was "due to an unexpected condition during terminal count at approximately 7.5 seconds before liftoff. "The team is currently reviewing all data and will determine the path forward. A new launch date will be provided when available," ULA said.

takyon: A new date has not been chosen yet.


Original Submission

Read more of this story at SoylentNews.

16:47

Unity 2018.3 With HDR Render Pipeline Preview, Updated PhysX & More "IndyWatch Feed Tech"

Unity Tech is ending out the year with their Unity 2018.3 game engine update that brings a number of new features and improvements to its many supported platforms...

16:41

Hertz's airport facial recognition program uses customer loyalty rewards to change public opinion "IndyWatch Feed Tech"


Americans no longer have to worry about the TSA (DHS) using facial recognition to spy on you and your family. Because private corporations and sports stadiums are doing their dirty work for them.

Two days ago, Hertz Global Holdings Inc., revealed their plans to install facial recognition fast lane car rentals at every airport.

Which really should not surprise anyone, because last month I revealed the key to convincing Americans to accept facial recognition is to offer them consumer loyalty rewards and avoiding long lines.

"SensibleVision CEO George Brostoff sees customer loyalty rewards as a logical next step in the U.S. And Goode Intelligence Founder Alan Goode, sees a huge potential for biometric customer loyalty programs.  Goode also thinks facial recognition should be used for age verification in self-check out systems."

Hertz and CLEAR's slogan "The Exit Gate Without The Wait" follows that blueprint to a T. It is also a near carbon copy of DHS's "platinum spy on your neighbor cam-share club" which attempts to add exclusivity to spying on your neighbors
A look at Hertz's "Fast Lane Hertz Powered by Clear" webpage reveals their main selling points are customer loyalty rewards and speeding through checkout/check-in lines.
...

16:23

Steph Curry says moon landing comments were a joke, but he will take NASA up on its offer of a tour "IndyWatch Feed Tech"

NBA superstar Steph Curry said he was kidding when he said he doesnt believe humans landed on the moon.

Obviously I was joking when I was talking on the podcast, the Golden State Warriors guard told ESPN on Wednesday. I was silently protesting how stupid it was that people actually took that quote and made it law.

While appearing on an episode of the podcast Winging It, which posted Monday, Curry asked fellow NBA players Vince Carter, Kent Bazemore and Andre Iguodala We ever been to the moon?

16:22

Today, Virgin Galactic will fly their first mission for us and join the growing list of commercial vehicles supporting our suborbital research "IndyWatch Feed Tech"

Payloads on the flight will collect valuable data to improve technologies for future exploration missions. This flight will be specifically be used to study how dust disperses in microgravity. Understanding dust dynamics can help abate the damage that is caused by particles contaminating hardware and habitats. Swoop in: https://go.nasa.gov/2Gr79YT

16:22

Aubrey de Grey Clinical Trials in Five Years "IndyWatch Feed Tech"

In November, Dr. Aubrey de Grey, a graduate of the University of Cambridge, was in Spain to attend the Longevity World Forum in the city of Valencia, and he gave a press conference organized by his friend, MIT engineer Jos Luis Cordeiro.

Dr. Aubrey de Grey is the scientific director (CSO) and founder of the SENS Research Foundation. In Madrid and Valencia, Dr. de Grey reaffirmed for Tendencias21 one of his most striking statements of 2018: In the future, there will be many different medicines to reverse aging. In five years, we will have many of them working in early clinical trials.

The Longevity World Forum is a congress on longevity and genomics in Europe. It is heir to the first congress in Spain, the International Longevity and Cryopreservation Summit, which was held at the CSIC headquarters in Madrid in May 2017, and Dr. de Grey also participated in that event. In Valencia, his presentation was recieved with interest, and Dr. de Grey explained to this select audience that aging will be treated as a medical problem in the near future. Rather than treating its symptoms using the infectious disease model, the root causes of aging will themselves be treated.

16:20

10 Best Free Skype Alternatives For Windows/Android/iOS "IndyWatch Feed Tech"

Since its advent in 2003, Skype has become an industry standard when it comes to video calling on Windows PC. In addition to video calls, Skype is also a full-fledged messaging and voice calling application that is available for smartphones as well.

Even after its immense popularity, Skype is still not the most feature-rich and secure video calling application.

So these are some of the best alternatives to Skype that will definitely enhance your video calling experience.

ALSO READ: 10 Best Anime websites of 2018 | Download and Watch Anime Online for Free

Best Free Skype Alternatives


WhatsApp

The first Skype alternative for PC that you are probably already using is WhatsApp. This immensely popular messaging application also doubles up as a reliable video-calling application. WhatsApp is available for both smartphones and computers.

A majority of your friends and family members are already using WhatsApp, which eliminates the need for signing up for new services.

WhatsApp now supports group video calls, using which you can communicate with up to four friends at once. Overall WhatsApp is a reliable Skype alternative.

DOWNLOAD WhatsApp


Google Hangouts

Google Hangouts is another popular video calling service that is mainly used by various organizations to interact with co-workers. Similar to WhatsApp Google Hangouts is also available for smartphones and computers.

Using Google Hangouts you can hold a video call with up to 25 participants. So as to invite and connect with different users you only need their email address or phone number.

During calls, Google Hangouts offers impressive audio and video quality and the connection is secure as well.

...

16:07

Apple picks Texas for $1B site "IndyWatch Feed Tech"

Apple announced Thursday that it will open a new campus in Austin, Texas, where it estimates about 15,000 jobs will be created across a variety of fields including engineering and finance.The tech giant said in a statement that it...

16:02

A Designer Seed Company Is Building a Farming Panopticon "IndyWatch Feed Tech"

Indigo Ag, known for its microbe-coated seeds, is acquiring geospatial data startup TellusLabs to use satellites to learn every last thing about its farmers fields.

16:01

Operation Sharpshooter targets critical infrastructure and global defense "IndyWatch Feed Tech"

McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure.

Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide. The threat actors are using malware associated with Lazarus APT group that carried out Sony Pictures attack back in 2014.

The current campaign os targeting nuclear, defense, energy, and financial companies, experts believe attackers are gather intelligence to prepare future attacks.

In October and November 2018, the Rising Sun implant has appeared in 87 organizations across the globe, predominantly in the United States, based on McAfee telemetry and our analysis. reads the analysis published by McAfee.

Based on other campaigns with similar behavior, most of the targeted organizations are English speaking or have an English-speaking regional office. This actor has used recruiting as a lure to collect information about targeted individuals of interest or organizations that manage data related to the industries of interest.

Operation Sharpshooter

Threat actors are carrying out spear phishing attacks with a link poining to weaponized Word documents purporting to be sent by a job recruiter. The messages are in English and include descriptions for jobs at unknown companies, URLs associated with the documents belongs to a US-based IP address and to the Dropbox service....

16:01

RISC-V Will Stop Hackers Dead From Getting Into Your Computer "IndyWatch Feed Tech"

The greatest hardware hacks of all time were simply the result of finding software keys in memory. The AACS encryption debacle the 09 F9 key that allowed us to decrypt HD DVDs was the result of encryption keys just sitting in main memory, where it could be read by any other program. DeCSS, the hack that gave us all access to DVDs was again the result of encryption keys sitting out in the open.

Because encryption doesnt work if your keys are just sitting out in the open, system designers have come up with ingenious solutions to prevent evil hackers form accessing these keys. One of the best solutions is the hardware enclave, a tiny bit of silicon that protects keys and other bits of information. Apple has an entire line of chips, Intel has hardware extensions, and all of these are black box solutions. They do work, but we have no idea if there are any vulnerabilities. If you cant study it, its just an article of faith that these hardware enclaves will keep working.

Now, there might be another option. RISC-V researchers are busy creating an Open Source hardware enclave. This is an Open Source project to build secure hardware enclaves to store cryptographic keys and other secret information, and theyre doing it in a way that can be accessed and studied. Trust but verify, yes, and thats why this is the most innovative hardware development in the last decade.

What is an enclave?

Although as a somewhat new technology, processor enclaves have been around for ages. The first one to reach the public consciousness would be the Secure Enclave Processor (SEP) found in the iPhone 5S. This generation of iPhone introduced several important technological advancements, including Touch ID, the innovative and revolutionary M7 motion coprocessor, and the SEP security coprocessor itself. The iPhone 5S was a technological milestone, and the new at the time SEP stored fingerprint data and cryptographic keys beyond the reach of the actual SOC found in the iPhone.

The iPhone 5S SEP was designed to perform secure services for the rest of the SOC, primarily relating to the Touch ID functionality. Apples revolutionary use of a secure enclave processor was extended with the 2016 release of the Touch Bar MacBook Pro and the use of the Apple T1 chip. The T1 chip was again used for TouchID functionality, and demonstrates that Apple is the king of vertical integration.

But Apple isnt the only company working on secure enclaves for their computing products. Intel has developed the SGX extension which allows for hardware-assisted security enclaves. These enclaves give developers the ability to hide cryptographic keys and the components for digital rig...

16:00

The Consumer Electronics Hall of Fame: GoPro Hero "IndyWatch Feed Tech"

The original action camera started as a home-sewn strap that secured a disposable camera to the users wrist

GoPro photo Photo: GoPro First Hero: The initial GoPro, introduced in 2004, was a 35-mm film camera manufactured by a Chinese company.

There are entrepreneurs who set out wanting to be entrepreneurs, and they dont really care how they do it. And then there are entrepreneurs driven by a vision so compelling that entrepreneurship becomes a means to an end. Nick Woodman was in that latter category.

After failing with two successive startups, he just wanted to take some time off and travel and surf. While bumming around and riding waves in Indonesia, it occurred to him that it might be cool to take some point-of-view pictures while surfing. Hardly any such photos existed, mainly because, news flash: It is virtually impossible to handle a camera while surfing. Wanting to rectify this situation, Woodman took a busted surfboard leash and a rubber band and jury-rigged a strap that would hold a disposable waterproof film camera from Kodak securely on his wrist.

photo Photo: GoPro Camera, Action: The original Hero had a hook mechanism that held the camera flat on the users wrist when the device wasnt being used to take photos.

Woodman thought other surfers might be interested in documenting their exploits, and he figured he might make a little cash selling straps. He bought some blocks of plastic, found a Dremel tool, borrowed his moms sewing machine, and went to work. He combined some some...

15:50

Iranian hackers targeted personal email accounts of US Treasury officials: report "IndyWatch Feed Tech"

Iranian-backed hackers targeted the personal email accounts of U.S. Treasury officials around the time President Trump reimposed sanctions on the country, according to an Associated Press report.The news outlet on Thursday reported that the...

15:42

Researchers Develop Nanodiscs That Can Wipe Out Tumors "IndyWatch Feed Tech"

Cancer research is an area of medical science that, rightfully, gets considerable attention. There are nearly 14.5 million Americans with a history of cancer and with more than 13 million estimated new cancer cases each year. Its no wonder even artificial intelligence (AI) has gotten into the field. Researchers from the University of Michigan are not getting left behind, with a groundbreaking method that has the potential to eliminate tumors.

This new technology uses nano-sized discs, about 10 nm to be exact, to teach the body to kill cancer cells. We are basically educating the immune system with these nanodiscs so that immune cells can attack cancer cells in a personalized manner, said James Moon from the University of Michigan.

Each of these nanodiscs is full of neoantigens (tumor-specific mutations) that teach the immune systems T-cells to recognize each neoantigen and kill them. These work hand-in-hand with immune checkpoint inhibitors that boost the responses of T-cells forming an anti-cancer system in the body that wipes out tumors and potentially keeps them from reemerging.

15:41

Strategies for Deploying Embedded Software "IndyWatch Feed Tech"

Title: 
Strategies for Deploying Embedded Software

15:16

Harvards $39B Endowment Is Reportedly Buying Up Californias Vineyardsand Their Water Rights "IndyWatch Feed Tech"

Via: Fortune: Harvard Universitys endowment is reportedly buying up vineyards in Californias wine country, along with the water rights belonging to those properties. Instead of making the land purchases in its own name, Harvard is using a wholly owned subsidiarynamed Brodiaea after the scientific name for the cluster lilyto buy vineyards. Harvard created Brodiaea in []

15:13

France in a Nutshell: The Government Stopped Listening to the People 20 Years Ago "IndyWatch Feed Tech"

Via: Of Two Minds: The elites clever exploitation of politically correct cover stories has enthralled the comatose, uncritical Left, but not those who see their living standards in a free-fall.

15:02

Biologists shed new light on the diversity of natural selection "IndyWatch Feed Tech"

Evolutionary genetic theory shows that genetic variation can be maintained when selection favors different versions of the same in males and femalesan inevitable outcome of having separate sexes. That is, for many genes, there may not be a universally best , but rather one is best for males and one is best for females. This is known as sexually antagonistic genetic variation, but it might only be maintained under a narrow set of conditions, limiting its prevalence in nature. However, a new study by Dr. Karl Grieshop and Professor Gran Arnqvist, published in PLoS Biology, may change this view.

15:02

A Self-Aware Fish Raises Doubts About a Cognitive Test "IndyWatch Feed Tech"

New test proposal Do you experience stress, entropy, decoherence? Yes? Ofcourse you do. Well, I declare you self- aware .


A report that a fish can pass the mirror test for self-awareness reignites debates about how to define and measure that elusive quality.

15:01

Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) "IndyWatch Feed Tech"

Posted by Greg KH on Dec 13

Which is better, to be running a system with unkown or known bugs? :)

I'd pick unknown, as you are a _bit_ safer that way.

Who are you relying on for those backports?

And what about all of the backports that do not get made? Just look a
the spectre patches for loads of examples of that.

If you want to rely on RHEL, that's wonderful, but you are tying
yourself to some unknown developers doing some unknown work (figuring
out what...

15:00

The Consumer Electronics Hall of Fame: Epson R-D1 "IndyWatch Feed Tech"

This odd hybrid camera had a mechanical shutter and a 6.1-megapixel image sensor

photo Photo: Epson Surprising Pioneer: The very first digital rangefinder camera came not from Leica, a company long renowned for its rangefinders, but from a collaboration between Epson and camera maker Cosina Voigtlnder.

Starting in the 1940s and for the next 30 years or so, rangefinder cameras were de rigueur for those who wanted professional-looking photographs. But in the 1970s, single-lens reflex cameras were introduced, later followed by digital SLRs, which made it easy for even the most unskilled amateurs to consistently take decent photos. As digital SLRs soared in popularity, rangefinders became curiosmainly suitable, it seemed, for occasional use by professionals and serious hobbyists. Then Epson introduced the R-D1, the first digital rangefinder, which single-handedly returned rangefinders to combined commercial and artistic relevance.

Rangefinder cameras use two optical pathsone through the lens, one through a separate rangefinderto get two slightly different angles on the same view, which are then superimposed. The photographer turns the lens focus ring, and when the two images align, the object is in focus.

SLRs, on the other hand, use mirrors and prisms to project an image coming through the lens onto a viewfinder, thereby allowing the user to focus it. When the shutter-release button is pressed, the main mirror is physically flipped up and out of the pathway between lens and film (or image sensor). Because the images that photographers see in their viewfinders come through the lens, what they see is what they get. For that reason, the arrangement lends itself well to a system in which the lenses can be changed. By the end of the 1970s, SLRs were outselling rangefinders by a big margin.

...

What Are Silicon Valleys Highest-Paying Tech Jobs? "IndyWatch Feed Tech"

Product management, reliability, and security jobs pay the most in Silicon Valley, says job search firm Indeed

Job-search site Indeed crunched its Silicon Valley hiring numbers for 2018, looking at tech job searches, salaries, and employers, and found that engineers who combine tech skills with business skills as directors of product management earn the most, with an average salary of US $186,766. Last year, the gig came in as number two, at $173,556.

Also climbing up the ranks, and now in the number two spot with an average annual salary of $181,100, is senior reliability engineer. Application security engineer is third at $173,903. Neither made the top 20 in 2017.

And while it seems that machine learning engineers have been getting all the love in 2018, those jobs came in eighth place, at $159,230. Thats still a bit of a leap from last year, when the job made its first appearance on Indeeds top 20 highest-paying jobs in the 13th spot at $149,519. This years top 20 is below; last years numbers are here.

Highest-paying tech jobs in Silicon Valley (January through October, 2018):

...

Rank

Job Title

Annual Salary

1

Director of product management

$186,766

2

Senior reliability engineer...

Apple Announces Plan to Build $1 Billion Campus in Texas "IndyWatch Feed Tech"

Submitted via IRC for Bytram

Apple announces plan to build $1 billion campus in Texas

Apple will build a $1 billion campus in Austin, Texas, and establish smaller new locations in Seattle, San Diego and Culver City, California, the company said Thursday. The tech giant based in Cupertino, California, says the new campus in Austin will start with 5,000 employees working in engineering, research and development, operations, finance, sales and customer support. It will be less than a mile from existing Apple facilities.

The other new locations will have more than 1,000 employees each.

Austin already is home to more than 6,000 Apple employees, representing the largest population of the company's workers outside of Apple's Cupertino headquarters, where most of its roughly 37,000 California employees work.

[...] The company also said it plans to expand in Pittsburgh, New York and Colorado over the next three years.

Apple press release. Also at CNET.


Original Submission #1 Original Submission #2

Read more of this story at SoylentNews.

14:49

California Considering Text Messaging Tax "IndyWatch Feed Tech"

Via: CBS: Californians may or may not type OMG at the news, but texting may soon come with an extra fee on their mobile phone bills. State regulators are weighing a tax on text messaging to help fund a program that makes phone service available to low-income residents. A texting surcharge could help sustain the []

14:23

Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) "IndyWatch Feed Tech"

Posted by Salva Peir on Dec 13

I totally agree its a robustness bug, not a vulnerability,
therefore, it is not worth assigning a CVE for this issue,
I did not have enough evidences at the time I requested the CVE.

Thanks,

14:22

Timechain : a Decade of Misunderstanding Blockchain "IndyWatch Feed Tech"

https://paper.li/e-1437691924#/


Abstract: The term blockchain has caused much confusion and damage due to its failure to accurately capture the core characteristics of decentralized byzantine fault tolerant systems. In this article, a restoration of an older term is proposed as replacement.

14:00

The Consumer Electronics Hall of Fame: Sony Walkman "IndyWatch Feed Tech"

The idea for the Walkman came from Sonys opera-loving cofounder

photo Photo: Sony Pacesetter: The original Sony Walkman, model TPS-L2, ran on a pair of AA batteries, had two headphone jacks, and came with a pair of matching lightweight headphones.

Roughly half of all the people alive today were born after the Walkman was introduced. Thanks to Guardians of the Galaxy, though, almost everyone knows what a Walkman is. But if you werent there in 197980, you dont know what a head-spinning revelation the thing was, how radically it changed the way music was played and consumed, or the stunning speed with which it became seemingly ubiquitous.

Back in the 70s there were plenty of cassette tape decks, but the prevailing trend was to make them bigger, not smaller. Bragging rights went to whoever could pump out the most sound. The prestige player was a boom box, and in 1979, the biggest of them were about as big as a Fiat 128 and had more sophisticated lighting. (Okay, that size comparison is pure exaggeration. But on some of them, the lighting really was dazzling.)

Then Sony starts selling this little player, small enough to put in a large pocket, and inexpensive. You could take it anywhere. Today, with smartphones and earbuds nearly as commonplace as socks, young folk will have a hard time understanding how crazily revolutionary this was: You used headphones to listen to your own music privately. Nobody would know you were listening to Captain & Tennille or Air Supply unless you told them.

In fact, the Walkman came about because one guy wanted to listen to opera on airplanes without annoying his fellow passengers. This one guy, Masaru I...

13:42

The end of GEO Satellites as we know today "IndyWatch Feed Tech"

GEO Satellites business globally make roughly 80% of the overall Space market business with $270B revenues claimed in 2017. How a Space Industry of such kind level of business can disappear is not an argument for many years to come but how a transformation of the Satellite configuration can impact the Space Industry this represents a real topic.

I already discussed in my previous article of how the advancement of A.I. bringing to autonomous missions for satellites, 3D printing permitting on-orbit Manufacturing and Robotic Assembly are not far away technologies, with the mature advancements achieved in on-Ground applications, to be applied to Space Satellites. Already today recently born Startups are working on Satellites on-board software/hardware permitting more autonomous tasks with decision making capability without being piloted from remote on-Ground Stations, significantly reducing operative costs.

Arriving to build fully autonomous Satellites is just a matter of time, with remotely controlled operations to be applied only for safety contingencies. The foreseen growth in the number of small satellites by order of magnitudes push the market this way.

13:22

Fireball That Exploded Over Greenland Shook Earth, Triggering Seismic Sensors "IndyWatch Feed Tech"

WASHINGTON When a blazing fireball from space exploded over Earth on July 25, scientists captured the first-ever seismic recordings of a meteor impact on ice in Greenland.

At approximately 8 p.m. local time on that day, residents of the town of Qaanaaq on Greenlands northwestern coast reported seeing a bright light in the sky and feeling the ground shake as a meteor combusted over the nearby Thule Air Base.

But the fleeting event was detected by more than just human observers, according to unpublished research presented Dec. 12 here at the annual conference of the American Geophysical Union (AGU).

13:04

AMD Squeezes In Some Final AMDGPU Changes To DRM-Next For Linux 4.21 "IndyWatch Feed Tech"

Complementing all of the AMDGPU feature work already staged for the upcoming Linux 4.21 kernel, another (small) batch of material was sent out on Wednesday...

13:02

This Ancient Galaxy Was Loaded With Dark Matter "IndyWatch Feed Tech"

Light that reaches Earth from this galaxy is 9 billion years old.


The light they analyzed was 9 billion years old.

13:00

The Consumer Electronics Hall of Fame: Nokia N85 Cellphone "IndyWatch Feed Tech"

The first cellphone with an AMOLED screen fizzled in the marketplace, despite combining several very advanced technologies

photo Photo: Alamy Things to Come: The Nokia N85 was the first smartphone with an active-matrix organic light emitting diode (AMOLED) display. Such displays would become the preferred type on high-end phones in the years to come.

The Nokia N85 isnt on anyones list of best phones of all time. Heck, it didnt even make the list of top five best-selling Nokia phones released in 2008. What makes it special is that it was the first cellular handset to incorporate what would come to be the ne plus ultra of smartphone screens: an active-matrix organic light emitting diode (AMOLED) display.

Today Samsung is associated with AMOLED screens, but Nokia beat it to the punch. The N85 came out in October of 2008, while Samsungs first AMOLED phone, the i7110, arrived in February of 2009.

Most phones in those days incorporated TFT (thin-film transistor) screens, though a few had OLED displays. AMOLEDs provided a much richer color palette and better color contrast than TFTs. Battery capacity has never not been an issue with smartphones, and AMOLEDs drew less power than OLEDs and significantly less power than TFTs. They have a wider viewing angle than TFTs. AMOLEDs are also flexible, a trait of little consequence 10 years ago, but the key enabler of the curved screens that some phone manufacturers are experimenting with today. AMOLED displays did not start out as touch screens; that capability would be created later by putting a touch-sensitive layer on top of the AMOLED screen.

...

[Ben Krasnow] Builds a One-Component Interferometer "IndyWatch Feed Tech"

When we think of physics experiments, we tend to envision cavernous rooms filled with things like optical benches, huge coils in vacuum chambers, and rack after rack of amplifiers and data acquisition hardware. But it doesnt have to be that way you can actually perform laser interferometry with a single component and measure sub-micron displacements and more.

The astute viewer of [Ben Krasnow]s video below will note that in order to use the one component, a laser diode, as an interferometer, he needed a whole bunch of support gear, like power supplies, a signal generator, and a really, really nice mixed-signal oscilloscope. But the principle of the experiment is the important bit, which uses a laser diode with a built-in monitoring photodiode. Brought out to a third lead, older laser diodes often used these photodiodes to control the light emitted by the laser junction. But they also respond to light reflected back into the laser diode, and thanks to constructive and destructive interference, can actually generate a signal that corresponds to very slight displacements of a reflector. [Ben] used it to measure the vibrations of a small speaker, the rotation of a motor shaft, and with a slight change in setup, to measure the range to a fixed target with sub-micron precision. Its fascinating stuff, and the fact you can extract so much information from a single component is pretty cool.

We really like [Ben]s style of presentation, and the interesting little nooks and crannies of physics that he finds a way to explore. He recently looked at how helium can kill a MEMS sensor, an equally fascinating topic.

[baldpower] sent in this tip. Thanks!

12:51

6 Best Practices for Highly Available Kubernetes Clusters "IndyWatch Feed Tech"

Title: 
6 Best Practices for Highly Available Kubernetes Clusters

12:42

New Intel Architectures and Technologies Target Expanded Market Opportunities "IndyWatch Feed Tech"

At Intels recent Architecture Day, Raja Koduri, Intels senior vice president of Core and Visual Computing, outlined a strategic shift for the companys design and engineering model. This shift combines a series of foundational building blocks that leverage a world-class portfolio of technologies and intellectual property (IP) within the company.

Architecture Day Fact Sheet: New Intel Architectures and Technologies Target Expanded Market Opportunities

This approach is designed to allow Intel to drive an accelerated pace of innovation and leadership, and will be anchored across six strategic pillars:

12:34

Worst password offenders of 2018 exposed "IndyWatch Feed Tech"

Kanye West is the worst password offender of 2018, according to Dashlane. When visiting the White House, the famous rapper was sprotted unlocking his iPhone with the passcode 000000. The Pentagon made second place: an audit by the Government Accountability Office revealed easy-to-guess admin passwords and default passwords for multiple weapons systems. Other offenders on the list include: Italian company Ferrero, who offered spectacularly bad password advice to users (they suggested the use of Nutella More

The post Worst password offenders of 2018 exposed appeared first on Help Net Security.

12:04

ID Numbers for 120 Million Brazilians taxpayers exposed online "IndyWatch Feed Tech"

InfoArmor discovered a misconfigured server online that contained taxpayer identification numbers for 120 million Brazilian taxpayers

In March 2018, security experts at InfoArmor discovered a misconfigured server online that contained taxpayer identification numbers, or Cadastro de Pessoas Fsicas (CPFs), for 120 million Brazilian nationals. It is not clear how long data remained exposed online or who accessed them.

Every Brazilian national has assigned a taxpayer identification number that allows him to perform ordinary operations, such as opening a bank account, paying taxes, or getting a loan.

Experts discovered the file index.html_bkp on the Apache server (likely a backup of the index.html), which caused the web server to display the list of the files and folder stored in that folder and download them.

The folder included data archives ranging in size from 27 megabytes to 82 gigabytes.

Experts at InfoArmor discovered that one of the archive contained data related to Cadastro de Pessoas Fsicas (CPFs), personal information, military info, telephone, loans, and addresses. 

CPFsare an identification number issued by the Brazilian Federal Reserve to Brazilian citizens and tax-paying residentaliens, and each exposed CFP linked to an individuals banks, loans, repayments, credit and debit history, voting history, full name, emails, residential addresses, phone numbers, date of birth, family contacts, employment, voting registration numbers, contract numbers, and contract amounts. reads the report published by InfoArmor.

...

12:01

How To Install Linux, Apache, MySQL, PHP (LAMP) stack On RHEL 8 "IndyWatch Feed Tech"

How do I set up a LAMP stack on RHEL 8 cloud server or VPS or bare metal server? How can I install Linux, Apache, MySQL/MariaDB, PHP (LAMP) stack On RHEL (Red Hat Enterprise Linux) 8?

The post How To Install Linux, Apache, MySQL, PHP (LAMP) stack On RHEL 8 appeared first on nixCraft.

12:00

The Year Ahead: Push for privacy bill gains new momentum "IndyWatch Feed Tech"

Congress is seeing a new flurry of activity toward drafting a national privacy law as major breaches mount and the publics anger over companies data policies grows.The calls for a privacy bill have been growing louder in recent months. And for...

11:53

Mesa 19.0 RADV Vulkan Driver Gets New Fixes To Help DXVK Gaming "IndyWatch Feed Tech"

Samuel Pitoiset of Valve's Linux graphics driver team has landed some fresh patches in Mesa 19.0 (and also marked for back-porting to the stable branch) to help out the DXVK gaming experience for Windows games using Direct3D 11 that are re-mapped to run on top of the Vulkan graphics API...

11:51

Sony PlayStation Classic hacked to run games off a USB drive "IndyWatch Feed Tech"

Hackers crack Sonys PlayStation Classic shortly after the release

Last week, Sony released PlayStation Classic with 20 officially preinstalled games, which includes games such as Metal Gear Solid, Final Fantasy VII, Grand Theft Auto, and Resident Evil Directors Cut. The list of games left out many countless classic games from the 90s leaving fans disappointed. Moreover, the gaming console does not have any built-in machine to add more unofficial games.

However, this did not stop the members of the console hacking community to find a way out to unofficially add games to the mini-console. Just one week after its launch, hackers have apparently found a method to run games and software on the PlayStation Classic via a USB flash drive, reports Ars Technica.

Popular console hackers, yifanlu and madmonkey1907 have managed to successfully sideload the PlayStation Classics code via the systems UART serial port. Thanks to the weak cryptography in the PlayStation Classic, which was discovered by these console hackers while dumping the PlayStation Classic system code onto an external machine.

According to the hackers, the most sensitive parts of the PlayStation Classics codes were signed and encrypted using a key that had been mistakenly left behind on the console instead of being held by Sony.

YifanLu took to Twitter and documented the process in real-time of hacking the PlayStation Classics security. He was able to successfully run Crash Bandicoot on the console via a USB thumb drive (see video below).

YifanLu stated, One key is, Hey am I Sony?The other key is saying, Hey I am Sony. They distributed the key that identifies [themselves] uniquely and this key doesnt expire for another 50 years or so.

Basically, consoles have encrypted codes that run in the system to prevent people from making any changes. However, on the PlayStation Classic, the necessary tool to decrypt the systems codes is already available in the consoles system and all a user has to do is copy it to their PC.

In order to hack the mini-console, yifanlu and madmonkey1907 used an open-source tool called BleemSync, which is available on GitHub for PlayStation Classic owners w...

11:50

Rocket Lab Set to Launch its First Payloads for NASA "IndyWatch Feed Tech"

Rocket Lab preparing for NASA mission with Electron launch of ELaNa-XIX

Rocket Lab is set to launch their second mission in just over a month on Thursday (local time), in a window opening at 04:07 UTC and lasting until 08:00. The Electron rocket will carry a host of CubeSats for NASA's Educational Launch of Nanosatellites (ELaNa) program.

The 19th such mission to deploy educational CubeSats into orbit will also be the first mission procured under NASA's Venture Class Launch Services (VCLS) program. Rocket Lab, Virgin Orbit, and Firefly Aerospace were selected to provide dedicated smallsat launch vehicles to support the increasing role of CubeSats in NASA's research.

Thursday's launch was scrubbed and moved to Friday (early hours UTC).

Live stream page.


Original Submission

Read more of this story at SoylentNews.

11:40

Re: libvnc and tightvnc vulnerabilities "IndyWatch Feed Tech"

Posted by Solar Designer on Dec 13

I've just created this issue:

SECURITY: malloc((uint64_t)length + 1) is unsafe, especially on 32-bit systems
https://github.com/LibVNC/libvncserver/issues/273

Alexander

11:39

DoJ Indicts Five Men For Pre-Release Movie & TV Show Piracy "IndyWatch Feed Tech"

Public sharing of movies and TV shows before their commercial release is considered to be one of the most damaging types of piracy.

With no official copies on the market, entertainment companies are unable to compete in what would ordinarily be the most profitable window of opportunity for sales. Thats why, year after year, individuals who leak content early become targets for law enforcement.

Yesterday the Department of Justice revealed that a federal grand jury has indicted five men in four countries on charges that they distributed or offered for sale hundreds of movies and TV shows in advance of their official release. It appears to be one of the most important prosecutions in recent memory.

Malik Luqman Farooq, 30, of the UK, is alleged to have sold access to more than a dozen stolen pre-release or contemporaneous-release films over a period of two years. He is alleged to have used online aliases including dark999, codex, and Lucky.

Aditya Raj, an assumed resident of India, allegedly released pirated movies online and was involved in camming in India.

Sam Nhance, believed to live in Dubai, United Arab Emirates, allegedly maintained a server on which other members of the group stored and manipulated videos for distribution. He used online aliases including SamNhaNc3

Ghobhirajah Selvarajah, who is claimed to live in Malaysia, owned a PayPal account which was used to accept payments from people accessing the movies and to pay server bills. He used aliases including Hunter and Hunter X.

Jitesh Jadhav, another presumed resident of India, was allegedly involved in camcording films in India, including The Amazing Spider-Man 2, X-Men: Days of Future Past, and Dawn of the Planet of the Apes.

Of the five indicted men, only one Malik Luqman Farooq has been physically detained by authorities. He was reportedly arrested by City of London Police and is currently awaiting trial in the UK.

None are in U.S. custody but face a seven-count indictment listing conspiracy to commit computer fraud, unauthorized access to a computer, aggravated identity theft, and copyright infringement.

According to the indictment, the group began offending prior to May 5, 2013 and continued to May 20, 2015.

Its alleged that Farooq, Raj, Nhance, and Selvarajah rented servers from companies including OVH which they used to store pirated copies of movies which had been illegally obtained from servers operated by movie, distribution, and other third-party companies.

Farooq and Jadhav are further accused of obta...

11:30

How Facebook Made a Universal Open Source Language for the Web "IndyWatch Feed Tech"

A more flexible alternative called Graph Query Language, developed by Facebook, is spreading fast and has won over companies ranging from GitHub to Audi.

GraphQL is heavily inspired by another language called Facebook Query Language, which in turn was based on Structured Query Language, the well-established lingua franca of database software supported by Oracle, Microsoft, and other database makers. That makes the structure and syntax of GraphQL familiar to many developers.

11:24

Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) "IndyWatch Feed Tech"

Posted by Solar Designer on Dec 13

Hi,

Thank you for this additional detail.

This tells us that mini_httpd isn't compatible with Apache httpd's
htpasswd. mini_httpd uses system-provided crypt(3), whereas Apache
httpd's htpasswd by default generates its own password hashes that are
generally not supported by system-provided crypt(3).

Exactly. That's an interoperability issue and a robustness bug. But to
call it a vulnerability is a stretch, in my opinion....

10:52

Smashing Security #108: Hoaxes, Huawei and chatbots - with Mikko Hyppnen "IndyWatch Feed Tech"

The curious case of George Duke-Cohan, Huaweis CFO finds herself in hot water, and the crazy world of mobile phone mental health apps.

All this and much more is discussed in the latest edition of the award-winning Smashing Security podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guests Mikko Hyppnen from F-Secure and technology journalist Geoff White.

10:38

Flying Red-Eyed 'Gargoyle' Suddenly Vanishes in Rockford, Illinois "IndyWatch Feed Tech"


Definitely a  large gargoyle.  Much more important it was able to order the observers to both stop seeing it but also to forget the incident.  We have seen this before and now we are alert to the phenomena which makes it easier.

The bottom line is that they can suppress our senses to maintain stealth.  We have already understood that their population is much larger than a single sighting indicates.

We have seen the same phenomena elsewhere with other animals.  

Flying Red-Eyed 'Gargoyle' Suddenly Vanishes in Rockford, Illinois 


 Thursday, November 29, 2018

https://www.phantomsandmonsters.com/2018/11/flying-red-eyed-gargoyle-suddenly.html

I recently received a telephone call from an elderly woman ('SS') in Rockford, Illinois who witnesses a winged humanoid in 1999, along with her husband and a close friend.

The incident occurred during the summer, in the early evening when there was a full moon. The trio was relaxing on the friend...

10:34

CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug "IndyWatch Feed Tech"

Posted by P J P on Dec 13

Hello,

A memory leakage issue was found in the way QEMU initialised its VMWare's
paravirtual RDMA device. In pvrdma_realize() routine, if an error occurred, it
did not release memory resources allocated to various objects.

A guest user/process could use this flaw to leak host memory, resulting in DoS
for host.

Upstream patch:
---------------
-> https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html

This issue was...

10:22

Indian academia is fighting a toxic mix of nationalism and pseudoscience "IndyWatch Feed Tech"

Its a problem that has many academics here worried. As India becomes increasingly polarised, coordinated efforts to popularise pseudoscientific theories, and to aggrandise the nations own scientific past, have begun to gain ground, they say. Its a worrying mash-up of nationalism, religion, and scientific bunkum that appears to be an increasingly easy selland one that leaves the population both misinformed and perennially at odds with itself. That is why our leaders and scientists talk about how evolution is wrong, said Aniket Sule, an astrophysicist and colleague of Karandikar at HBCSE, or how Indians were first to invent plane or atomic theory, or how cow worship is scientific.


A wave of superstitions is being promoted as legitimate science.

10:22

Understanding the Future of Humans, AI and Quantum Computers "IndyWatch Feed Tech"

I believe it is likely that we will have 10,000 qubit quantum computers within 5 to 10 years. There is rapidly advancing work by IonQ with trapped ion quantum computers and a range of superconducting quantum computer systems by Google, IBM, Intel, Rigetti and 20005000 qubit quantum annealing computers by D-Wave Systems.

10,000 qubit quantum computers should have computing capabilities far beyond any conventional computer for certain classes of problems. They will be beyond not just any regular computer today but any non-quantum computer ever for those kinds of problems.

Those quantum computers will help improve artificial intelligence systems. How certain is this development? What will it mean for humans and our world?

10:17

Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) "IndyWatch Feed Tech"

Posted by Salva Peir on Dec 13

Hi there,

Thanks for the pointers for further investigating,

I was also curious about why crypt(3) was returning NULL,
when I looked at the crypt(3) man-page I found that crypt()
returns NULL on error, upon further checking I've observed that
errno is being set to EINVAL (22) after the call to crypt(3).

So here is what I've done so far to reproduce this,
initially, I omitted the steps to generate the htpasswd
as I though they where...

10:17

Cosmonauts Cut Into Soyuz Docked at the ISS During Nearly 8-Hour Spacewalk "IndyWatch Feed Tech"

Two Russian cosmonauts have removed samples from a Soyuz spacecraft docked at the International Space Station during a spacewalk. They used knives and shears to cut around the now-sealed 2mm hole in the Soyuz MS-09:

Expedition 57 flight engineers Oleg Kononenko and Sergey Prokopyev of the Russian federal space agency Roscosmos conducted the 7-hour and 45-minute spacewalk. The two cosmonauts worked on the exterior of the Russian Soyuz MS-09 spacecraft, where the space station's crew had earlier found and repaired the leak from the inside.

[...] Today, Prokopyev joined Kononenko on a spacewalk to inspect the repair area from the outside in an effort to discover what caused the leak and to collect a sample of the epoxy that had extruded through the hole from the inside. To reach the area needed to perform the inspection, Kononenko rode at the end of two Russian Strela booms, translating from the Pirs docking compartment where the spacewalk began to the Zarya functional cargo block (FGB) and then up alongside the Soyuz. Prokopyev controlled the booms' motion from the opposite end, moving Kononenko into place, before shimmying up the second boom himself.

At the worksite, Kononenko and Prokopyev took turns using a knife and a pair of long-arm scissors to stab at and cut away layers of brown, gold and silvery insulation. As they cut into the spacecraft, small fragments of the material floated away and formed a cloud of debris. The two cosmonauts then used the same tools to cut into and peel away a thin metal orbital debris shield to expose the hole in the Soyuz MS-09's orbital compartment. [...] Kononenko used a pair of forceps and a swab to collect samples of the dark epoxy. The residue, stowed inside a bag, was brought back inside the space station and will be returned to Earth for analysis.

Also at BBC.

Previously: Russian Space Chief Vows to Find "Full Name" of Technician Who Caused ISS Leak
NASA and Roscosmos Release Joint Statement on ISS Leak Amid Rumors
Controversy Over ISS Leak Continues, Spacewalk Planned for November


...

10:14

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Hacker Fantastic on Dec 13

Please see the below proof of concept in triggering the heap overflow using
the IAC SB TELQUAL_IS environment option variable assignment. As per my
original advisory, which did not fully indicate the details but gave the
overview of how to trigger the condition.

#!/usr/bin/env python
# Proof-of-concept exploit to settle debate on remote
# exploitability of telnet client overflows identified
# by Hacker House in previous advisory.
#
# Starting...

10:00

iCEBreaker, The Open Source Development Board for FPGAs "IndyWatch Feed Tech"

The Hackaday Superconference is over, which is a shame, but one of the great things about our conference is the people who manage to trek out to Pasadena every year to show us all the cool stuff theyre working on. One of those people was [Piotr Esden-Tempski], founder of 1 Bit Squared, and he brought some goodies that would soon be launched on a few crowdfunding platforms. The coolest of these was the iCEBreaker, an FPGA development kit that makes it easy to learn FPGAs with an Open Source toolchain.

The hardware for the iCEBreaker includes the iCE40UP5K fpga with 5280 logic cells,, 120 kbit of dual-port RAM, 1 Mbit of single-port RAM, and a PLL, two SPIs and two I2Cs. Because the most interesting FPGA applications include sending bits out over pins really, really fast, theres also 16 Megabytes of SPI Flash that allows you to stream video to a LED matrix. There are enough logic cells here to synthesize a CPU, too, and already the iCEBreaker can handle the PicoRV32, and some of the RISC-V cores. Extensibility is through PMOD connectors, and yes, theres also an HDMI output for your vintage computing projects.

If youre looking to get into FPGA development, theres no better time. Joe Fitzs WTFpga workshop from the 2018 Hackaday Superconference has already been converted to this iCEBreaker board, and yes, the seven-segment display and DIP switches are available. Between this and the Open Source iCE toolchain, youve got a complete development system thats ready to go, fun to play with, and extremely capable.

09:00

Qanon - GOOGLE & CHINA "IndyWatch Feed Tech"



From this we can presume that the GOOGLE collaboration with China is continuing under another arrangement.  Inasmuch as we are now seeing Chinese traffic in our search systems, this has to be considered confirmed.

China has been a black hole forever and now information is been actively shared.  It remains a difficult problem and the application of Chinese authority is troublesome.

solving that will take a full press assault including powering up INDIA to act as solution matrix mirroring Chinese assets..


Dec 12 2018

2600 Q !!mG7VJxZNCI ID: c48298 No.4277174 
Dec 12 2018 15:44:12 (EST) NEW


https://saraacarter.com/clinton-whistleblowers-thursdays-public-hearing-to-reveal-explosive-information/

Q 2599 Q !!mG7VJxZNCI ID: fa672f No.4274693 
Dec 12 2018 13:20:44 (EST)


Anonymous ID: 25f5b9 No.4274486 
Dec 12 2018 13:09:16 (EST) ClipboardImage.png 




I SEE a FROG
>>4274486

Confirmed.

PEPE THE BAKER?
Think POTUS Tweet re: PEPE
Trolling the FAKE NEWS media IS SO MUCH FUN!

 
 2598 Q !!mG7VJxZNCI ID: 576371 No.4274405 
...

The Elite Are Creating An Authoritarian Beast System, And Those That Dissent Could Lose EVERYTHING "IndyWatch Feed Tech"


.
They do what they do because they are ultimately stupid.  They think that we the people are not united in distaste and will thus not ever react.  Do they already forget the collapse of communism?

We truly need the rule of twelve.  Leaders must be able to trust their people and not succumb to this type of stupidity.  Civilization only works with the free flow of opinion both right and wrong.  That is how a consensus even arises.  Having a consensus formed only by a few makes them into a prime target from the excluded.  That is why central bankers are now in deep trouble. After all the excluded are developing conspiracy explanations and this destroys trust.  Then the mob forms and the police stand down.

 Understand that seven billion people dissent and they each hold a rock to hand.
.

The Elite Are Creating An Authoritarian Beast System, And Those That Dissent Could Lose EVERYTHING

 http://theeconomiccollaps...

09:00

Qanon Rosenberg out and HUBER up to bat "IndyWatch Feed Tech"





Rosenberg is out.  He was a dead man from day one but was placed there to facilitate distracting the DEEP STATE.  Last guy out the door of the past. Investigations and planning must now be complete and full disclosure is beginning along with the initial arrests surely.

We are seeing a lot of judicial activity with bands of investigators showing up.  This will start becoming more open.


Sadly, Q confirms that JFK jr is not alive, that Julian Assange remains outside the USA and that Snowdon is a traitor now negotiating for return.

We also presage a return to the gold standard.  Except that i do think our reserves do need to be melted down for full confirmation.
 

Dec 12 2018 2619 Q !!mG7VJxZNCI ID: 089200 No.4281049 
Dec 12 2018 19:01:15 (EST)
Anonymous ID: 376ff2 No.4280876 
Dec 12 2018 18:57:57 (EST)
>>4280189
Q: Do we have the gold?

>>4280876
Yes.
Gold shall destroy FED.

Q

2618 Q !!mG7VJxZNCI ID: 089200 No.4280936 
Dec 12 2018 18:59:10 (EST)
 
Anonymous ID: 0c235c No.4280653 
Dec 12 2018 18:53:30 (EST)
>>4280202 (pb)
Will Flotus confirm anything on Hannity tonight?

...

09:00

Does Scrabble Need To Be Fixed? - Issue 67: Reboot "IndyWatch Feed Tech"


You can find Lynda Woods Cleary playing Scrabble every Tuesday at a Panera in Princeton, NJ. Cleary, a 68-year-old retired financial consultant, has been playing every week for 20 years since founding the Princeton Scrabble Club in 1998. When I asked her if shes ever disappointed to draw certain tiles, she looked surprised, even hurt. Oh no, she said with an Alabama twang. I want each and every one.

Its a sweet sentiment, but according to a 2014 statistical program written by Joshua Lewis, then a Ph.D. candidate at the University of California, San Diego, it isnt a sensible one. His study showed that there are lucky tiles in Scrabble: A Q is harder to place on a board than a Z, and yet both are worth 10 points. Therefore, its luckier to draw a Z than a Q. Lewis argued that the traditional values associated with each letter diminish the role of skill in the game, and recommended changing them to make Scrabble scores more indicative of skill.

Pueri / Wikimedia

The suggestion was picked up by the BBC, the Huffington Post, and TIME, among others. As you can imagine, traditionalists like Cleary were dismissive of Lewis suggestion.
Read More

Holding Hands with a Chimp - Issue 67: Reboot "IndyWatch Feed Tech"


Revelation comes in different forms for different people. A biblical verse. A flash of recognition in a lovers eyes. A Nietzschean proverb. A classical sonata. A childs embrace. Any moment of profundity, really, where time stops and the divine reveals itself, if only for an instant, and the world makes sense.

For me, revelation came in the form of ape knuckles.

When I first met her, Noelle was a 6-month-old chimp whod just been surrendered to a sanctuary in south Florida, where she was to be raised by human caregivers along with half a dozen other orphans like her until they were old enough to live in a more natural captive environment. As one of those lucky caregivers, I volunteered at the sanctuary between classes and spent nights there on the weekends.

LizBridgesTravel / Shutterstock

Over the next few years, Noelle and I developed, not exactly a daddy-daughter bond, but I suppose something similar to it. One night, as she lay hiccupping on my chest, a belly full of warm formula and drunk with sleepiness, I took her small hairy hand in mine and studied it in detail ... the crescent-shaped lunulae of her nails, the follicles of coarse black hair
Read More

Your City Has a Gender and Its Male - Issue 67: Reboot "IndyWatch Feed Tech"


I have a secret to tell you about my city, she says. It has to do with what Eve Ensler calls the feminine cell.

It was the autumn of 2016. Id met her in Quito, Ecuador, at the United Nations Habitat III, the biggest global urban development conference in two decades. After a week spent pondering cities, we found ourselves talking to each other like strangers often do in the tired, busy evenings that follow a days hustle.

Whats the feminine cell? I ask.

Its empathy. Its respect for the human experience. Its being aware of the space you take up in the world and how that relates to the commons.1

iofoto / Shutterstock

Outside the colors of Quito were drenched in rain as the bars filled with eager conference attendees and locals alike. In the second year of a post-doc studying energy footprint reduction in cities, I was just about beginning to see the connections between social justice, the urban experience, and what makes a city tick.

My city is always looking for solutions, she continued. There is no place in my city. There are only points and routes that connect those points.

America is having a bit of
Read More

08:44

Deception technology: Authenticity and why it matters "IndyWatch Feed Tech"

This article is the second in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks. The article provides an overview of the central role that authenticity plays in the establishment of deception as a practical defense and cyber risk reduction measure. Requirements for authenticity in deception The over-arching goal for any cyber deception system is to create target computing and networking systems and infrastructure that More

The post Deception technology: Authenticity and why it matters appeared first on Help Net Security.

08:42

Two Contract Employees Die in Antarctica "IndyWatch Feed Tech"

Two fire technicians at the National Science Foundation's McMurdo Station in Antarctica have been pronounced dead following an incident at a generator building that powers a radio transmitter near the station.

The incident, which still is under investigation, occurred on Dec. 12 local time (McMurdo Station keeps New Zealand time).

NSF is not releasing any personal information about the deceased at this time. Their next of kin have been notified.

The workers were performing preventative maintenance on the building's fire suppression system. They were found unconscious on the building's floor by a helicopter pilot, who landed after seeing what appeared to be smoke coming from the structure. They were removed from the building and CPR was administered. One person was pronounced dead at the scene by medical personnel who arrived from the McMurdo clinic. The other was flown to the McMurdo clinic and pronounced dead there a short time later.

Two contract employees die in Antarctica


Original Submission

Read more of this story at SoylentNews.

08:00

Can advancing cybersecurity techniques keep pace with new attack vectors in 2019? "IndyWatch Feed Tech"

A look back through a volatile 2018 has seen the cyber security landscape move towards an even more complex picture. This has been driven by the increased volume and diversity of threats and breaches, tools and network evolution. Security professionals have faced significant challenges in attack detection and mitigation, operating to the necessary policy and legal guidelines and growing teams with suitably-skilled personnel. None of these advances show any signs of slowing in 2019. However, More

The post Can advancing cybersecurity techniques keep pace with new attack vectors in 2019? appeared first on Help Net Security.

07:45

Leveraging AI and automation for successful DevSecOps "IndyWatch Feed Tech"

As engineering teams try to innovate at a faster pace, being able to maintain the quality, performance and security of the applications become much more important. Organizations have found huge success in improving their overall product quality while ensuring security controls and compliance requirements are met. AI-driven automation solutions have aided engineering teams in automating key processes and leverage predictive analytics, to identify issues before they occur and taking corrective actions, improving the overall product More

The post Leveraging AI and automation for successful DevSecOps appeared first on Help Net Security.

07:42

Wayland's Weston Switching Over To The Meson Build System "IndyWatch Feed Tech"

Complementing the Meson build system support for Wayland itself, the Weston reference compositor now has been Meson-ized...

07:30

Guidelines for assessing ISPs security measures in the context of net neutrality "IndyWatch Feed Tech"

According to the EUs net neutrality regulation, called the Open Internet Regulation, which came into force in 2016, internet providers should treat all internet traffic to and from their customers equally. Security measures, like blocking traffic on certain ports, are only allowed under specific circumstances. One of these circumstances refers to the application of security measures that are necessary to protect the integrity or security of networks, services using the networks, or end-user equipment. The More

The post Guidelines for assessing ISPs security measures in the context of net neutrality appeared first on Help Net Security.

07:21

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Tavis Ormandy on Dec 12

Cool, but I think this is a different bug (AFAICT, it's CVE-2005-0469,
it was fixed in netkit, but far fewer distros use inetutils). I agree
this was a real vulnerability, It's a pretty good sign inetutils
should be deprecated imho.

Tavis.

07:15

Hacking democracy efforts continue with upticks in malware deployments "IndyWatch Feed Tech"

Comodo Cybersecurity released its Global Threat Report 2018 Q3, offering insights from Comodo Threat Research Lab experts into key cyberthreat trends and the impact of malware on elections and other geopolitical events. Hacking democracy and malware in conflict zones The Comodo Q3 report also reveals disturbing upticks in malware deployment leading up to major national elections. Comodo Cybersecurity researchers document the impact of malware on elections in Russia, Turkey, Mali, Sierra Leone, Azerbaijan and Columbia. More

The post Hacking democracy efforts continue with upticks in malware deployments appeared first on Help Net Security.

07:11

Shape-Shifting Origami Could Help Antenna Systems Adapt on the Fly "IndyWatch Feed Tech"

Submitted via IRC for SoyCow1984

Researchers at the Georgia Institute of Technology have devised a method for using an origami-based structure to create radio frequency filters that have adjustable dimensions, enabling the devices to change which signals they block throughout a large range of frequencies.

The new approach to creating these tunable filters could have a variety of uses, from antenna systems capable of adapting in real-time to ambient conditions to the next generation of electromagnetic cloaking systems that could be reconfigured on the fly to reflect or absorb different frequencies.

The team focused on one particular pattern of origami, called Miura-Ori, which has the ability to expand and contract like an accordion.

"The Miura-Ori pattern has an infinite number of possible positions along its range of extension from fully compressed to fully expanded," said Glaucio Paulino, the Raymond Allen Jones Chair of Engineering and a professor in the Georgia Tech School of Civil and Environmental Engineering. "A spatial filter made in this fashion can achieve similar versatility, changing which frequency it blocks as the filter is compressed or expanded."

Source: Shape-shifting origami could help antenna systems adapt on the fly

Continuous-range tunable multi-layer frequency selective surfaces using origami and inkjet-printing (DOI: 10.1073/pnas.1812486115) (DX)


Original Submission

Read more of this story at SoylentNews.

07:00

Stovetop Milk Steamer Is Beautiful, Effective "IndyWatch Feed Tech"

The Moka pot is an industrial design classic, hailing from Italy in the early part of the 20th century. To this day, it remains an excellent way to brew top quality coffee at home with affordable equipment. However, if your tastes for coffee lie more towards lattes than espresso, youre out of luck unless youve got one of these.

[Create] started with a classic Moka pot for this project, and set out to build a stovetop milk steamer. The top reservoir is quickly cut away, and a tap fitted atop the lower water reservoir. This allows the flow of steam from the lower reservoir to be controlled. A steel pipe is then fitted to the tap, which is bent, crushed, and soldered to form a nozzle for steaming the milk. Its then finished off with beautiful wooden handles for a nice aesthetic touch.

While were not sure the soldering process or tap used are food grade, there are workarounds for that, and its a project that could easily be pulled off in a weekend. Whats more, you can celebrate your new creation with a delicious hot cappuccino. What could be better? Now all you need is your own special roast. Video after the break.

[Thanks to Baldpower for the tip!]

06:22

Why You Should Make Plans Now To Witness 2019s Super Blood Wolf Moon, Total Solar Eclipse "IndyWatch Feed Tech"

Most people dont see and experience the most exciting astronomical events not because they dont care, but because they dont make a plan. So heres some advance warning. 2019 will start with a rare Super Blood Wolf Moon eclipse, but its only the first of many incredible stargazing events in 2019. From eclipses and comets to supermoons and a Transit of Mercury, heres exactly when, where and why to look up at the night sky during 2019.

1 Super Blood Wolf Moon Eclipse

When: Sunday/Monday, January 20/21, 2019

06:09

AMDGPU DC Gets Polaris Corruption Fix, Some Code Refactoring "IndyWatch Feed Tech"

AMD has published their latest batch of "DC" Display Core patches for the AMDGPU Linux kernel driver...

06:02

TODAY at 3 p.m "IndyWatch Feed Tech"

EST: Parker Solar Probe has already flown closer to the Sun than any other spacecraft! NASA Sun Science researchers share what they expect to see from the first measurements within the Suns dynamic atmosphere, and how that data will redefine our understanding of our star and its effects throughout the solar system. Tune in: https://go.nasa.gov/2GbhxUs #AGU18

05:42

2018 Geminid Meteor Shower Will Be Brilliant "IndyWatch Feed Tech"

Dont miss out on one of the most prolific and reliable meteor showers of the year! The Geminid meteor shower will put on a dazzling display for sky watchers when it peaks on Dec. 13. Youll be able to see up to 100 meteors per hour. Plan ahead: http://go.nasa.gov/geminids2018

05:38

Editing Consciousness: How Bereaved People Control their Thoughts without Knowing it "IndyWatch Feed Tech"

Submitted via IRC for SoyCow1984

People who are grieving a major loss, such as the death of a spouse or a child, use different coping mechanisms to carry on with their lives. Psychologists have been able to track different approaches, which can reflect different clinical outcomes. One approach that is not usually successful is avoidant grief, a state in which people suffering from grief show marked, effortful, repeated, and often unsuccessful attempts to stop themselves from thinking about their loss. While researchers have shown that avoidant grievers consciously monitor their external environment in order to avoid reminders of their loss, no one has yet been able to show whether these grievers also monitor their mental state unconsciously, trying to block any thoughts of loss from rising to their conscious state.

A new collaborative study between Columbia Engineering and Columbia University Irving Medical Center published online December 7 in SCAN: Social Cognitive and Affective Neuroscience demonstrates that avoidant grievers do unconsciously monitor and block the contents of their mind-wandering, a discovery that could lead to more effective psychiatric treatment for bereaved people. The researchers, who studied 29 bereaved subjects, are the first to show how this unconscious thought suppression occurs. They tracked ongoing processes of mental control as loss-related thoughts came in and out of conscious awareness during a 10-minute period of mind-wandering.

Source: Editing consciousness: How bereaved people control their thoughts without knowing it


Original Submission

Read more of this story at SoylentNews.

05:23

Geminid meteor shower to light up Philippine skies tonight "IndyWatch Feed Tech"

Watch out!


Visible from the Philippines, the Geminid meteor shower will be at its brightest tonight. Read about it and other sights this month and in January 2018.

05:22

Fly-Around of Jupiter by NASAs Juno Spacecraft "IndyWatch Feed Tech"

NASAs Juno Mission to Jupiter will zoom past Jupiter at nearly 130,000 mph next week, making its 16th science pass above the planets cloud tops. More science and of course more stunning images from JunoCam on the way: https://go.nasa.gov/2GdYPeC

05:19

[SECURITY] [DSA 4354-1] firefox-esr security update "IndyWatch Feed Tech"

Posted by Moritz Muehlenhoff on Dec 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4354-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 12, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2018-12405 CVE-2018-17466...

05:15

[security bulletin] MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access "IndyWatch Feed Tech"

Posted by security-alert on Dec 12

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03298201

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03298201
Version: 1

MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote
Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-12-12
Last...

05:12

[security bulletin] MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities "IndyWatch Feed Tech"

Posted by security-alert on Dec 12

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03302206

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03302206
Version: 1

MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-12-12
Last Updated: 2018-12-12...

05:00

NVIDIA Now Shipping The Jetson AGX Xavier Module "IndyWatch Feed Tech"

NVIDIA has been shipping the Jetson AGX Xavier Developer Kit the past few months while now they are beginning to ship the AGX Xavier Module intended for use in next-generation autonomous machines...

04:43

NEW 'Off The Hook' ONLINE "IndyWatch Feed Tech"

NEW 'Off The Hook' ONLINE

Posted 13 Dec, 2018 3:43:02 UTC

The new edition of Off The Hook from 12/12/2018 has been archived and is now available online.

04:42

Lunar eclipse 2019: Why a solar eclipse will ALWAYS appear just before a lunar eclipse "IndyWatch Feed Tech"

A LUNAR eclipse will take place on January 21, 2019. But why does a solar eclipse always appear just before and after a lunar eclipse?

04:02

Emotion recognition based on paralinguistic information "IndyWatch Feed Tech"

Researchers at the University of Texas at Arlington have recently explored the use of machine learning for emotion recognition based solely on paralinguistic information. Paralinguistics are aspects of spoken communication that do not involve words, such as pitch, volume, intonation, etc.

Recent advances in have led to the development of tools that can recognize by analyzing images, voice recordings, electroencephalograms or electrocardiograms. These tools could have several interesting applications, for instance, enabling more efficient human-computer interactions in which a computer recognizes and responds to a human users emotions.

In general, one may argue that speech carries two distinct types of : explicit or linguistic information, which concerns articulated patterns by the speaker; and implicit or paralinguistic information, which concerns the variation in pronunciation of the linguistic patterns, the researchers wrote in their paper, published in the Advances in Experimental Medicine and Biology book series. Using either or both types of information, one may attempt to classify an audio segment that consists of speech, based on the emotion(s) it carries. However, from speech appears to be a significantly difficult task even for a human, no matter if he/she is an expert in this field (e.g. a psychologist).

04:02

Factory robot malfunctions and impales worker with 10 foot-long steel spikes "IndyWatch Feed Tech"

A CHINESE factory worker has survived being skewered with ten metal spikes when a machine malfunctioned.

The 49-year-old, named as Mr Zhou, was working on the night shift at a porcelain factory in Hunan Hunan province when he was struck by a falling mechanical arm.

The accident resulted in him being impaled with foot long, half inch thick metal rods, the Peoples Daily reported.

04:02

"Just Cause 4" Cracked a Day After Release - But it Gets Worse "IndyWatch Feed Tech"

Submitted via IRC for SoyCow1984

Just Cause 4 Cracked a Day After Release - But it Gets Worse - TorrentFreak

The much-anticipated action-adventure game Just Cause 4 was released on December 4, protected by Denuvo. On December 5, cracking group CPY posted the game online, Denuvo defeated. While this is yet another hammer blow to the anti-tamper system, the game is currently 'enjoying' a review average of just 5/10 on Steam, which could exacerbate the problems.

[...] This long-anticipated AAA action-adventure title is the follow-up to Just Cause 3, which was also protected by Denuvo. That game was released in December 2015 but wasnt cracked until the end of February 2017.

Compare that with Just Cause 4. The game was released on December 4, 2018 then cracked and leaked online December 5, 2018. Just Cause 3 and Just Cause 4 were both defeated by cracking group CPY, who are clearly getting very familiar with Denuvos technology.

[...] While having the game appear online the day after release is bad enough, another problem is raising its head. According to numerous reviewers on Steam, the game is only worthy of a thumbs down based on complaints about graphics, gameplay, and numerous other issues.

Related: Hitman 2s Denuvo Protection Cracked Three Days Before Launch


Original Submission

Read more of this story at SoylentNews.

04:00

Pivot3 delivers policy-based security for hybrid cloud solutions "IndyWatch Feed Tech"

Pivot3 revealed new policy-based security management capabilities in its Intelligence Engine. These expanded capabilities allow organizations to automate and simplify the process of protecting sensitive data with security for encryption and key management. Pivot3s new platform enhancements also facilitate regulatory compliance as customers acquire and manage data across the edge, core and cloud. With security threats on the rise and regulations around data security increasing, CIOs and CISOs face new challenges as they seek to More

The post Pivot3 delivers policy-based security for hybrid cloud solutions appeared first on Help Net Security.

03:30

Sysdig introduces new capabilities to secure Kubernetes-based applications "IndyWatch Feed Tech"

Sysdig released new features for Sysdig Secure, part of the Sysdig Cloud-Native Intelligence Platform. The Sysdig platform is the unified platform that provides cloud-native security, monitoring, and forensics. These enhancements add Kubernetes auditing and vulnerability management, service-based access control, and security analytics, along with simplified compliance to give users a view of the health and risk profiles of their container environments. With the introduction of Sysdig Secure 2.2, Sysdig continues to provide enterprise customers, like More

The post Sysdig introduces new capabilities to secure Kubernetes-based applications appeared first on Help Net Security.

03:00

CISOs mission resonates with healthcare peers "IndyWatch Feed Tech"

The vision of a standardized method to assess the risk management posture of third party suppliers to healthcare firms envisioned by the recently-formed Provider Third Party Risk Management Council is gaining momentum and support throughout the industry as security leaders from both healthcare providers and their suppliers embrace the unified approach. Led by governing members consisting of Chief Information Security Officers (CISOs) throughout the healthcare sector, the Council and its growing number of participants are More

The post CISOs mission resonates with healthcare peers appeared first on Help Net Security.

02:42

Her, OS Sentience, and the Desire to Love "IndyWatch Feed Tech"

After watching Spike Jonzes epic sci-fi film Her, I felt as if my mind was, metaphorically of course, absolutely blown away. The film far exceeded my expectations of how it would make me feel, let alone make me think! I found myself wanting to tell everyone I knew to stop what they were doing and take the time to really watch it, listen to it, and absorb it. I spoke of other great films that captured both my heart and mind, like Robot and Frank, but no film has ever really achieved what Spike Jonzes Her achieves.


A review of Spike Jonzes 2013 sci-fi film.

02:30

Cyborg, Or Leafy Sensor Array? "IndyWatch Feed Tech"

Some plants react quickly enough for our senses to notice, such as a Venus flytrap or mimosa pudica. Most of the time, we need time-lapse photography at a minimum to notice while more exotic sensors can measure things like microscopic pores opening and closing. As with any sensor reading, those measurements can be turned into action through a little trick we call automation. [Harpreet Sareen] and [Pattie Maes] at MIT brought these two ideas together in a way which we havent seen before where a plant has taken the drivers seat in a project called Elowan. Details are sparse but the concept is easy enough to grasp.

We are not sure if this qualifies as a full-fledged cyborg or if this is a case of a robot using biological sensors. Maybe it all depends on which angle you present this mixture of plant and machine. Perhaps it is truly is the symbiotic relationship that the project claims it to be. The robot would not receive any instructions without the plant and the plant would receive sub-optimal light without the robot. What other ways could plants be integrated into robotics to make it a bona fide cyborg?

Via IEEE Spectrum.

02:25

Cryptography Failure Leads to Easy Hacking for PlayStation Classic "IndyWatch Feed Tech"

Submitted via IRC for SoyCow1984

Cryptography failure leads to easy hacking for PlayStation Classic

Plug-and-play hardware lacks even basic functional security for crucial bootrom.

In the days since the PlayStation Classic's official release, hackers have already made great progress in loading other PlayStation games (and even non-PlayStation software) onto the plug-and-play device. What's more, it seems some sloppy cryptography work on Sony's part is key to unlocking the device for other uses.

Console hackers yifanlu and madmonkey1907 were among those who were able to dump the PlayStation Classic's code via the system's UART serial port in the days after its release. From there, as yifanlu laid out on Twitter, the hackers found that the most sensitive parts of the system are signed and encrypted solely using a key that's embedded on the device itself, rather than with the aid of a private key held exclusively by Sony. In essence, Sony distributed the PlayStation Classic with the key to its own software lock hidden in the device itself.

takyon: PlayStation Classic is an ARM-based video game console that ships with the ability to play 20 preloaded games made for the original PlayStation console (released in 1994). Sony will not add additional games, but since the console uses the free and open source PCSX emulator and can be easily hacked, adding new content shouldn't be a problem.


Original Submission

Read more of this story at SoylentNews.

02:22

Silica paradox: Scientists discover seemingly impossible material "IndyWatch Feed Tech"

An international team of physicists and materials scientists from NUST MISIS, Bayerisches Geoinstitut (Germany), Linkoping University (Sweden), and the California Institute of Technology (U.S.) has discovered an impossible modification of silica-coesite-IV and coasite-V materials, which seems to defy the generally accepted rules for the formation of chemical bonds in inorganic materials formulated by Linus Pauling, who won the 1954 Nobel Prize in Chemistry for that discovery. The research results were published in Nature Communications on November 15th, 2018.

According to Paulings rules, the fragments of the atomic lattice in inorganic materials are connected by vertices, because bonding by faces is the most energy-intensive way to form a chemical connection. Therefore, it does not exist in nature. However, scientists have proved, both experimentally and theoretically, using NUST MISIS supercomputer, that it is possible to form such a connections if the materials are at ultra-high pressure conditions. The obtained results show that fundamentally new classes of materials exist at extreme conditions.

In our work, we have synthesized and described metastable phases of high-pressure silica: coesite-IV and coesite-V. Their crystal structures are drastically different from any of the earlier described models, says Igor Abrikosov, leader of the theoretical research team. Two newly discovered coesites contain octahedrons SiO6, that, contrary to Paulings rule, are connected through common face, which is the most energy-intensive chemical connection. Our results show that the possible silicate magmas in the lower mantle of the Earth can have , which makes these magmas more compressible than predicted before.

02:22

First look at a bulletproof Tesla Model X armored vehicle "IndyWatch Feed Tech"

Electric vehicles, especially Teslas vehicles, are not being left out when it comes to armored vehicles.

After a Model S earlier this year, weve now got a look at what could be the first Tesla Model X armored vehicle.

We heard a rumor that Teslas showroom in Mexico City was displaying a bulletproof Model X.

02:02

Watch Rocket Lab Launch a Cubesat Fleet for NASA Tonight! "IndyWatch Feed Tech"

The California-based startup Rocket Lab will launch 10 tiny satellites into orbit for NASA tonight, and you can watch it all live online.

A Rocket Lab Electron booster is scheduled to launch NASAs ElaNa-19 mission from the companys private Launch Complex 1 on the Mahia Peninsula of New Zealands North Island. Liftoff is scheduled for 11:07 p.m. EST (0407 Dec. 13 GMT) during a 4-hour launch window that closes at 3 a.m. EST (0800 GMT). You can watch live via Rocket Labs website, beginning about 20 minutes before liftoff. You can also watch the launch here on Space.com, courtesy of Rocket Lab. Bad weather may be a concern for the launch, company officials said.

Tonights launch will mark Rocket Labs first flight for NASA and the fourth orbital flight of the companys Electron booster over all. After two test flights (nicknamed This Is A Test and Still Testing), the company successfully launched its first commercial mission (dubbed Its Business Time) last month.

01:50

Under Trump, U.S. Debt Grew by Size of Brazilian Economy in Just Two Years "IndyWatch Feed Tech"

Via: Los Angeles Times: U.S. government debt is on track this year to rise at the fastest pace since 2012, as a stronger economy fails to keep pace with the wave of red ink thats rising under the Trump administration. Total public debt outstanding has jumped by $1.36 trillion, or 6.6%, since the start of []

01:47

Amazon workers in Staten Island launching campaign to unionize "IndyWatch Feed Tech"

A group of Amazon employees at the company's recently opened Staten Island warehouse has launched a unionization effort amid concerns about working conditions, according to multiple reports.Bloomberg reported on Wednesday that a committee at the...

01:42

Adaptable drone folds while flying to get through gaps "IndyWatch Feed Tech"

Although quadcopter drones show promise as a means of exploring hazardous environments such as disaster sites, they do have one drawback theyre wide, limiting their ability to squeeze through tight spaces. An experimental new drone addresses that problem, by folding into different shapes while in flight.

01:42

A radical new neural network design could overcome big challenges in AI "IndyWatch Feed Tech"

Researchers borrowed equations from calculus to redesign the core machinery of deep learning so it can model continuous processes like changes in health.

01:42

[$] LWN.net Weekly Edition for December 13, 2018 "IndyWatch Feed Tech"

The LWN.net Weekly Edition for December 13, 2018 is available.

01:26

Links 12/12/2018: Mesa 18.3.1 Released, CNCF Takes Control of etcd "IndyWatch Feed Tech"

GNOME bluefish

Contents

GNU/Linux

  • Desktop

    • Dells 2018 XPS 13 DEThe best out of the box Linux laptop gets the best OS

      It has been six years since Dell first introduced its XPS Developer Edition moniker, which refers specifically to the companys XPS laptop models that ship with Ubuntu Linux (and not Windows) pre-installed. Ever since, Dell has been producing some of the best Linux ultrabooks in recent memory.

      Ars has already put the Windows-boasting XPS 13 through its paces earlier this year since the device received a serious overhaul in 2018. Dell bumped up the hardware specs, revamped the thermal system, and introduced a new rose and white version, for instance. But how is latest edition of the premier just works Linux laptop doing with the added muscle?

    • Microsoft Keeps Track Of Your Activity Even If You Forbid It

      At first, it was just speculation doing rounds on the Reddit, but when Chris Hoffman from How-To-Geek looked further, it was confirmed that Microsoft does keep Activity History even when we tell it not to.

      Rather than telling you how the story unfolded, I will instead show you because its not just me or Chris, its affecting everyone who has a Windows 10 PC.

      ...

01:00

HPR2704: Intro to Scribus "IndyWatch Feed Tech"

Scribus is a page layout application. If you are familiar with common publishing industry tools, then Scribus will be very familiar to you, but if you're used to word processors or graphic applications, then Scribus will probably confuse you. In this episode, Klaatu talks about the workflow of page layout, and how to do some basic tasks in Scribus. The example files Klaatu produces in Scribus are available at http://slackermedia.info/tank/scribus-by-example.tar.gz Fair warning: this episode is actually "about" steganography. The key you need is OGG.

00:50

A new variant of Shamoon was uploaded to Virus Total while Saipem was under attack "IndyWatch Feed Tech"

A new variant of the Shamoon malware, aka DistTrack, was uploaded to VirusTotal from Italy this week, but experts havent linked it to a specific attack yet.

Shamoon was first observed in 2012 when it infected and wiped more than 30,000 systems at Saudi Aramco and other oil companies in the Middle East.

A second variant of the same threat was discovered by researchers at Palo Alto Networks in January 2017 and it was able to target virtualization products.

DistTrack is able to wipe data from hard drives of the infected systems and render systems unusable. Like other malware, Shamoon leverages Windows Server Message Block (SMB) to spread among systems of the target network.

The code of the original Shamoon includes a list of hard-coded domain credentials used to the target a specific organization and steal credentials, but a variant uploaded to VirusTotal this week doesnt contain these credentials.

Google security firm Chronicle discovered a file containing Shamoon uploaded to its VirusTotal database.

The new Shamoon was set to detonate on Dec. 7, 2017, at 11:51 pm, but only uploaded yesterday. reported  Axios website.

Chronicle notes that attackers may have set the attack date to the past perhaps by changing 2018 to 2017 in order to start an attack immediately. Another possibility, said Brandon Levene, head of applied intelligence at Chronicle, is that the malware was compiled in the past as part of preparations for a later attack.

The new variant presents other anomalies, for example, the list of the command and...

00:27

Hillicon Valley Presented by AT&T Officials warn of threat from Chinese spying | China blamed for Marriott hack | Trump open to intervening in Huawei case | FCC mulls ending merger ban on 'Big Four' networks | California floats tax on texts "IndyWatch Feed Tech"

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen...

00:26

LG's Automated Craft Beer System Could Make Homebrewing Much Easier "IndyWatch Feed Tech"

Submitted via IRC for SoyCow1984

The company is set to debut its HomeBrew system at CES 2019. It's a capsule-based beer-making machine that relies on automation and fermentation algorithms, and is completely self-cleaning, so it's a seriously fuss-free way of brewing your own beer. Depending on the beer type (there are five: American IPA, American Pale Ale, English Stout, Witbier and Czech Pilsner), the system can produce up to five liters of beer in about two weeks -- you can check on its status at any time using the companion app for iOS and Android.

Source: https://www.engadget.com/2018/12/11/lgs-homebrew-craft-beer-system-ces-2019/


Original Submission

Read more of this story at SoylentNews.

00:21

The FCC Has Made the Same Mistake for Text Messaging That It Did for Net Neutrality "IndyWatch Feed Tech"

Almost exactly a year ago, the Federal Communications Commission (FCC) voted to strip net neutrality protections from the Internet and reclassify Internet Service Providers as an information service rather than a common carrier telecommunications one. This year, the FCC has voted to classify text messaging the same way.

This classification is not just a minor legal technicality. It can have real effects on our ability to use text messaging for political speech and supporting charities. This is why EFF joined 19 other groups in signing a letter urging FCC Chairman Ajit Pai to either classify SMS and short codes as a common carrier or, at the least, wait to make a decision until the effects of classifying text messaging as an information service could be studied under todays circumstances.

Currently, short-messaging services (SMS) and short codesthe five- or six-digit numbers you often see attached to charity appeals that allow you to donate by textare not classified under the traditional scheme. Classifying text messages under Title II would require wireless carriers to contribute to the Universal Service Fund, which funds initiatives to, among other things, increase the availability and affordability of phone and Internet services for rural and low-income users.

Title II classification would also prevent wireless companies from interfering with text messaging and operate in a non-discriminatory manner. History shows us that when the wireless carriers exerted discretion over text messaging, it effectively amounted to censorship and hampered the ability of people and groups to organize. In 2007, Verizon blocked text messages from NARAL on the grounds of controversy. In 2010, T-Mobile was accused of blocking texts from a medical marijuana service. That same year, Sprint demanded Catholic Relief Services end a texting-b...

00:13

Washington Post editor hits tech companies for pregnancy ads after losing baby "IndyWatch Feed Tech"

An editor at The Washington Post criticized technology companies over their ad algorithms targeting pregnant women, explaining in an opinion piece published Wednesday that she continued to see advertisements for maternity products...

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Wednesday, 12 December

23:59

Hi Andrew, "IndyWatch Feed Tech"

Hi Andrew,

This is quite an old post now but thanks for finally finding the article and taking the time to make a lot of assumptions/guesses about the inner workings of PayPal business processes.

I find it interesting that the 180 day was suddenly unwritten when this article went viral on Twitter, meaning I got a new gold standard of instant service and my money was returned within hours. Also, PayPal had to suspend account cancellations for 24h, that was nice.

Business wise, things are going great. I moved my projects, two eCommerce clients, and a public SaaS to Stripe. There was no 20% dip, or any dip at all anywhere in fact, and all the businesses have carried on naturally growing - customer feedback has even highlighted how seamless the new SaaS payment-flow is!

Stripe is great, I barely even realise I have it, it just fits in so perfectly in to all scenarios and does what it does. Plus theres new great UI releases, services, and products being released on a fairly consistent basis.

I got my money back from PP and closed my account, havent really thought about PayPal for a long time now. Its been nice to get friends/family to close theirs too, PayPal is becoming like Facebookits still popular, but most people have moved on and its just your parents using it.

23:46

Can artificial intelligence save one of the worlds most beautiful lakes? "IndyWatch Feed Tech"

Toxic algae is overtaking Lake Atitln. Now AI may help the lake recover.

23:43

Antarctic Scientists Are About to Drill Into One of the Most Isolated Lakes on Earth "IndyWatch Feed Tech"

Buried beneath 4,000 feet of Antarctic ice lies Lake Mercer, a subglacial body of water that formed thousands of years ago and has been long separated from the rest of the world. A project to explore this lakeand its mysterious contentsis finally set to begin later this month.

Called Subglacial Antarctic Lakes Scientific Access, or SALSA for short, the project aims to uncover new knowledge about Antarcticas subglacial lakes, of which over 400 are known to exist. Over the next two months, SALSA scientists will explore one of the largest subglacial lakes in West Antarctica, a body of water known as Lake Mercer. The team will bore through some 4,000 feet (1,200 meters) of ice using a 60-centimeter-wide drill capped with hot water. In addition to extracting water and mud samples, the researchers will deploy a remotely operated vehiclea scientific first for a subglacial lake.

23:43

Droplets of primordial soup are cooked up by scientists "IndyWatch Feed Tech"

And all three of these shapes were exactly what the PHENIX scientists observed. Its our first good peek at what the universe began forming in its very earliest moments after the Big Bang.

23:42

First lab-grown steak unveiled as scientists say it will be available to buy within two years "IndyWatch Feed Tech"

The first lab-grown steak will be available to buy in two years after scientists finally produced meat with the correct appearance, shape and texture of a real slice of beef.

Up to now, researchers have produced small amounts of cell-grown meat, which have been mixed together to create hamburger patties and sausages, but making an entire steak has proved elusive.

Now Israeli food technology company Aleph Farms has announced it has succeeded in using natural beef cells to grow the three dimensional structure of a minute steak which mimics the muscle and tissue of real meat.

23:30

Intel Announces Faster Processor Patched for Meltdown and Spectre "IndyWatch Feed Tech"

Intel just announced their new Sunny Cove Architecture that comes with a lot of new bells and whistles. The Intel processor line-up has been based off the Skylake architecture since 2015, so the new architecture is a fresh breath for the worlds largest chip maker. Theyve been in the limelight this year with hardware vulnerabilities exposed, known as Spectre and Meltdown. The new designs have of course been patched against those weaknesses.

The new architecture (said to be part of the Ice Lake-U CPU) comes with a lot of new promises such as faster core, 5 allocation units and upgrades to the L1 and L2 caches. There is also support for the AVX-512 or Advanced Vector Extensions instructions set which will improve performance for neural networks and other vector arithmetic.

Another significant change is the support for 52-bits of physical space  and 57 bits of linear address support. Todays x64 CPUs can only use bit 0 to bit 47 for an address space spanning 256TB. The additional bits mean a bump to a whooping 4 PB of physical memory and 128 PB of virtual address space.

The new offering was demoed under the companys 10nm process which incidentally is the same as the previously launched Cannon Lake. The new processors are due in the second half of 2019 and are being heavily marketed as a boon for the Cryptography and Artificial Intelligence Industries. The claim is that for AI, memory to CPU distance has been reduced for faster access, and that special cryptography-specific instructions have been added.

23:23

Virgin Galactic to attempt flight to space this week "IndyWatch Feed Tech"

Virgin Galactic is headed for the Big Black! https://spacenews.com/virgin-galactic-to-attempt-flight-to-space-this-week/


WASHINGTON Virgin Galactic plans to perform the next test flight of its SpaceShipTwo suborbital spaceplane as soon as Dec. 13, a flight that could be the first by the vehicle to reach at least one definition of space.

In a Dec. 11 statement, the company said the next powered test flight of VSS Unity, the second SpaceShipTwo, is planned for a window that opens Dec. 13 from the Mojave Air and Space Port in California. The flight would be the fourth powered flight for this vehicle and the first since July. The statement came shortly after the publication of airspace restrictions in the vicinity of the airport for rocket launch and recovery for Dec. 13 through 15.

At a basic level, this flight will aim to fly higher and faster, the company said in its statement. We plan to burn the rocket motor for longer than we ever have in flight before, but not to its full duration.

23:23

Change-4 Successfully Enters Lunar Orbit "IndyWatch Feed Tech"

Next stop: the Lunar Farside

Chinas Change-4 lunar mission, the first-ever soft-landing endeavor on the lunar farside, launched successfully on 8 December at 02:23 Beijing time (7 December at 18:23 UTC) via a Long March 3B rocket from Xichang Satellite Launch Center. The launch carried a lander and a rover toward the Moon. On 12 December at 8:45 Beijing time (16:45 UTC), the spacecraft arrived in lunar orbit, preparing for a landing in early January.

Chang'e-4 lander and rover

23:22

How would you like a vaccine against the effects of aging? "IndyWatch Feed Tech"

How would you like to take one injection that has multiple genes that improve cellular repair and regeneration, keeping your cells younger and healthier longer? Today, BioViva and Rutgers University are embarking on an ambitious research project to do just that; we are tackling humanities greatest foe suffering and death due to aging.

Read the press release here:

https://www.eurekalert.org/pub_releases/2018-12/bui-rua121018.php

23:07

New FCC Data Indicates Future Broadband Access for Most Americans Will Be a Monopoly "IndyWatch Feed Tech"

The Federal Communications Commission (FCC) produced its first Communications Marketplace Report, a biannual report recently required by Congress, to comprehensively assess the status of Americas communications and media market. And heres the good news: if what you want is a choice of slow, outdated Internet, then the United States market looks great.

The major takeaway of this report, which provides policymakers in D.C. and the states a wide-ranging view of available data to see trends in the Internet, is that competition for broadband only looks good at slow speeds while a vast majority of Americans (EFF estimates at least 68 million) are facing monopoly or no access to high-speed broadband. In comparison to our international counterparts, the FCC currently ranks the U.S. in fifth place globally (an improvement from our 11th place showing last year) for fixed broadband speeds and 23rd place for mobile broadband speeds (yet curiously found that we have universal access to 4G LTE networks).

In short, we still do not have an accurate picture of how bad the broadband monopoly problem is. The methodology the FCC relies on for collecting information is flawed. Namely, if one household in a census block has broadband, the data reports that an entire census block has access to the same service. The agency acknowledges that this risks overcounting deployment, but does not describe its plan to improve data collection.

The FCC Has Acknowledged That Fiber to the Home Deployments Have Been Slowing Down in the U.S., Resulting in the Monopoly Problem

The faster the speed you want, the fewer choices are available to you until, like a majority of Americans, you effectively return to monopoly options or no options at all. The cause of this is tucked into the report where the FCC noted that new construction plans for fiber networks appears to have slowed recently. We at EFF wholeheartedly agree and submitted comments to the FCC for this report to raise the alarm and push back against AT&Ts and Verizons plan to make a bad situation worse.

This slowdown coincides with the complete deregulation of the ISP industry under the Restoring Internet Freedom Order and a massive tax cut stim...

23:01

AMDGPU For Linux 4.20 Gets The Final Radeon RX 590 Fix, Adds The New Vega PCI IDs "IndyWatch Feed Tech"

With just over one week to go until the expected Linux 4.20 kernel release, Alex Deucher of AMD today sent in the latest batch of fixes to the DRM tree for landing at the end of this cycle...

22:49

Supermicro says independent investigation found no spy chips on its motherboards "IndyWatch Feed Tech"

An independent audit has found no evidence that malicious chips were planted on Supermicros motherboards, debunking Bloomberg claims that servers at Amazon and Apple were being spied upon by China.

22:44

FCC mulls ending merger ban on 'Big Four' broadcast networks "IndyWatch Feed Tech"

The Federal Communications Commission (FCC) voted Wednesday to review media ownership rules and potentially overturn one preventing the four major broadcast networks from merging with each other. The FCC will seek comments on the rule...

22:38

Congressional scorecard finds federal agencies improving on IT "IndyWatch Feed Tech"

A new congressional scorecard released this week found that federal agencies are gradually improving in their use of information technology.The House Oversight and Government Reform committee unveiled its biannual Federal Information...

22:08

GNOME 3.31.3 Released As Another Step Towards GNOME 3.32 "IndyWatch Feed Tech"

GNOME 3.31.3 was released today as the latest development stepping stone towards next March's GNOME 3.32 desktop environment update...

22:05

Taylor Swift used facial recognition software to check crowds for known stalkers "IndyWatch Feed Tech"

Pop star Taylor Swift reportedly used facial recognition software at a Los Angeles concert venue to scan the crowd for any of her known stalkers.A display inside a kiosk at her Rose Bowl Show in May was equipped with a facial-recognition camera...

22:00

Electric Drift Trike Needs Water Cooling "IndyWatch Feed Tech"

Electric vehicles of all types are quickly hitting the market as people realize how inexpensive they can be to operate compared to traditional modes of transportation. From cars and trucks, to smaller vehicles such as bicycles and even electric boats, theres a lot to be said for simplicity, ease of use, and efficiency. But sometimes we need a little bit more out of our electric vehicles than the obvious benefits they come with. Enter the electric drift trike, an electric vehicle built solely for the enjoyment of high torque electric motors.

This tricycle is built with some serious power behind it. [austiwawa] constructed his own 48V 18Ah battery with lithium ion cells and initially put a hub motor on the front wheel of the trike. When commenters complained that he could do better, he scrapped the front hub motor for a 1500W brushless water-cooled DC motor driving the rear wheels. To put that in perspective, electric bikes in Europe are typically capped at 250W and in the US at 750W. With that much power available, this trike can do some serious drifting, and has a top speed of nearly 50 kph. [austiwawa] did blow out a large number of motor controllers, but was finally able to obtain a beefier one which could handle the intense power requirements of this tricycle.

Be sure to check out the video below to see the trike being test driven. The build video is also worth a view for the attention to detail and high quality of this build. If you want to build your own but dont want to build something this menacing, we have also seen electric bikes that are small enough to ride down hallways in various buildings, but still fast enough to retain an appropriate level of danger.

21:52

FSF Licensing and Compliance Lab: 2018 and the future "IndyWatch Feed Tech"

We are currently running a fundraising drive to launch free software to new frontiers. Would you consider supporting the work of the Free Software Foundation (FSF) and Licensing and Compliance team by becoming a member or making a donation today?

I am the current licensing and compliance manager for the FSF, though I've had several roles in my time here. The Lab handles all the free software licensing work for the FSF. Copyleft is the best legal tool we have for protecting the rights of users, and the Lab makes sure that tool is at full power by providing fundamental licensing education. From publishing articles and resources on free software licensing, to doing license compliance work for the GNU Project, to handling our certification programs like Respects Your Freedom, if there is a license involved, the Lab is on the case.

While the GPLv3 celebrated its tenth anniversary last year, there still remains a lot to be done in helping developers understand how to best use it and other GNU licenses. The Licensing and Compliance Lab, along with a team of volunteers, has for many years answered questions from the community. This year, we were delighted for Jake Glass to join the team as an intern, and are grateful for his help in improving licensing materials as well as answering questions from the community. The world of free software has grown so much over the past decade that we want to help make it as easy as possible to use free software and track the licenses in projects. Many organizations are developing tools to help tackle this issue, such as the Software Package Data Exchange (SPDX). But these tools are only useful if they are accurate and support best practices. Looking to improve the situation, we worked together with SPDX to make sure that their identifiers correctly reflected the licensing choices of...

21:32

Blockchain: What's Not To Like? "IndyWatch Feed Tech"

Digital preservationist, David Rosenthal, has a blog post discussing his recent Coalition for Networked Information (CNI) talk about distributed ledger technology. CNI is a joint initiative of the Association of Research Libraries (ARL) and EDUCAUSE to promote the use of digital information technologies to advance scholarship and education. The discrepancy between the available capacity in transactions per second and what is actually needed, plus the excessive power consumption, suggests that many attempted uses for distributed ledgers are inappropriate and counterproductive.

I gave a talk at the Fall CNI meeting entitled Blockchain: What's Not To Like? The abstract was:

We're in a period when blockchain or "Distributed Ledger Technology" is the Solution to Everything, so it is inevitable that it will be proposed as the solution to the problems of academic communication and digital preservation. These proposals typically assume, despite the evidence, that real-world blockchain implementations actually deliver the theoretical attributes of decentralization, immutability, anonymity, security, scalability, sustainability, lack of trust, etc. The proposers appear to believe that Satoshi Nakamoto revealed the infallible Bitcoin protocol to the world on golden tablets; they typically don't appreciate or cite the nearly three decades of research and implementation that led up to it. This talk will discuss the mis-match between theory and practice in blockchain technology, and how it applies to various proposed applications of interest to the CNI audience.

Below the fold, an edited text of the talk with links to the sources, and much additional material. The colored boxes contain quotations that were on the slides but weren't spoken.

Earlier on SN:
BitCoin's Record Drop may have Started Scaring Miners Away
Cryptocurrency Miners Are Building Their Own Electricity Infrastructure


Original Submission

...

21:20

EFF To U.S. Supreme Court: Rule Carefully In Free Speech Case About Private Operators, State Actors, and the First Amendment "IndyWatch Feed Tech"

Social media platforms such as Facebook and Twitter provide an opportunity for everyone to have a voice on the Internet, to communicate with friends, post their views, and comment on movies or the president. However, the fact that they provide a broad, open platform for speech doesnt automatically mean they are public forums in the sense your towns official Facebook page or @realDonaldTrump are. Those are run by the government or its officials, who, when it comes to the First Amendment, are state actors and cant block people from the forum without complying with First Amendment standards. Facebook and Twitter, on the other hand, are platforms created and run by corporations, which are private entities that can curate and edit content.

The distinction between private entities and state actors providing forums for communication is crucial for the free speech rights of Internet users and the platforms they use. In a brief filed yesterday in a case before the U.S. Supreme Court, we explained that private entities do not become state actors simply by providing their own platforms for use by other speakers.

The case before the court, Manhattan Community Access Corp. v. Halleck, doesnt actually involve social media platformsits about whether a public access television station is a state actor that violated the First Amendment rights of two producers by taking down their videos that criticized the station. But the courts decision could have a profound impact on online speech. Heres why: the television station is operated by a privately owned nonprofit. The State of New York has no control over or say in the stations content. It does appoint two of the nonprofits 13-member board of directors. A lower court ruled that the station was an arm of the state actor and couldnt block the videos.

Although EFF does not have a position on whether the public access broadcaster in the case is a public forum, our brief urges the Supreme Court to rule narrowly and take great care in writing its opinion. We want to make sure nothing the court says in this case can be used in unintended ways in the far different context of privately operated Internet platforms. A broadly written opinion, adopting a low threshold for governmental involvement, could threaten the First Amendment rights of platform operators to curate content, and c...

21:19

Scientists Outfit Bees With Wireless Sensors to Create a "Living IoT Platform" "IndyWatch Feed Tech"

A research team tries to turn bees into living drones by gluing wireless sensor platforms to their backs

Drones are growing in popularity for their ability to serve as a kind of eye in the sky. However, they can generally only last up to 30 minutes on a charge because of the limits of current battery technology.

Now, a research team at the University of Washington has found a way to make bumblebees act like tiny drones. The group has developed a platform for sensing, computing, and wireless communication devices thats small enough to piggyback on the insects.

"We wanted to leverage nature's best flying machines," says Shyam Gollakota, a computer scientist at the University of Washington, who led the research. "Insects can feed themselveswe don't need to keep recharging their batteries. Fats and sugars can store much more energy for their weight than batteries."

The scientists experimented with three species of bumblebees and found that healthy worker bees could fly and hover while carrying up to roughly 105 milligrams. Knowing this, the researchers developed an electronic platform that weighs only 102 milligrams and measures just 6.1 by 6.4 millimeters in size. It includes a 70-milligram rechargeable lithium-ion battery that can last up to seven hours, as well as a microcontroller, antenna, and sensors that could analyze humidity, temperature, and light intensity once every four seconds. Then, the research team glued these platforms onto the backs of bees. "All the electronics we used were off-the-shelf components," Gollakota says.

A close-up of tweezers holding a wireless sensor platform. Photo: Mark Stone/University of Washington

To use as little electricity as possible, the design eliminates many conventional radio components. Instead, it communicates by modifying radio signals that scatter off it, wirelessly offloading data at rates of roughly 1,000 bits per second after the bees return to their hives.

The researchers noted they currently have no way of controlling the movements of the bees. Still, they could pinpoint the insects positions. Instead of using a power-hungry GPS device, their design relies on special radio transmitters placed around the area in which the bees are expected to fly. These transmitters serve as beacons, and keep track of the bees locations as long as the bees stay within 80 me......

21:15

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Tavis Ormandy on Dec 12

The energy I spent asking if a security boundary being crossed was
minimal. I think the answer is that you do not know of any cases of
this being a security boundary, but you feel that all bugs are
security bugs whether or not a security boundary is crossed, because
you don't know how someone might be using the software.

It certainly does, thank you. I think we disagree on what qualifies as
a vulnerability, but I'm still very grateful...

21:03

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Tavis Ormandy on Dec 12

That would certainly qualify, but the attack your describing does not
seem relevant to this bug, no?

Tavis.

20:52

Tech Giants Warn US Govt. Against EUs Article 13 Plans "IndyWatch Feed Tech"

Under President Trump, the United States has worked hard to put several new trade deals in place.

The administration is also working on a new trade agreement with the EU for which the US Trade Representative recently asked the public for input.

This week the Computer & Communications Industry Association (CCIA), which includes Amazon, Cloudflare, Facebook, and Google as members, sent in its thoughts.

The submission includes a stark warning against the EUs proposed copyright reform plans, including Article 13, which could open the door to upload filtering.

Its no secret that the proposal is a topic of intense debate within the EU. The tech companies, however, warn the US Government that its effects may hurt the US economy as well.

The CCIA cautions that the proposed changes could increase liability for large Internet services by weakening the safe harbor protections provided by current EU law. At the same time, it will be at odds with the DMCAs safe harbor provisions.

The proposed Copyright Directive disrupts settled law protecting intermediaries by weakening established protections from U.S. Internet services in the 2000 EU E-Commerce Directive, and by imposing an unworkable filtering mandate on hosting providers that would require automated notice-and-stay-down for a wide variety of copyrighted works.

If adopted, the Directive would dramatically weaken these long-standing liability protections, which suggests that most modern service providers may be ineligible for its protections, the CCIA says.

The tech companies note that EU officials have identified US companies as the intended targets of these proposals. They fear that the plans will result in implicit upload filter requirements.

Under Article 13 of the proposal, the Directive now implies that online services must procure or develop and implement content recognition technology. The decision to compel affirmative filtering of all Internet content, including audiovisual works, images, and text, based on that contents copyright status, is alarming and profoundly misguided.

According to the latest proposals, Article 13 would not impose a general monitoring requirement. However, it may require Internet services to ensure that infringing content is not reuploaded, which is hard to achieve without automated filters.

The CCIA points out the lack of speci...

20:49

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Hacker Fantastic on Dec 12

Hi Tavis,

The "little used" package you mentioned is in some distributions a
dependency of "xorg-xinit" (:: removing inetutils breaks dependency
'inetutils' required by xorg-xinit in Arch Linux). The security boundary in
the Mikrotik example is "escape of restricted shells" which is also in the
TLDR; advisory. If you are unhappy with how I described the issue and wish
to spend time and ultimately money...

20:34

Litigation and Other Formal Complaints Concerning Targeted Digital Surveillance and the Digital Surveillance Industry "IndyWatch Feed Tech"

This is a living resource document providing links and descriptions to litigation and other formal complaints concerning targeted digital surveillance and the digital surveillance industry. If you have additional resources to add to this document, please send to Siena Anstis: siena [at] citizen lab [dot] ca. This document was last updated on December 12, 2018.

NSO Group
Gamma Group
Amesys
Qosmos
Other

NSO Group

Company background

NSO Group is an Israeli-based company which develops and sells a spyware called Pegasus. It is majority owned by Francisco Partners, a global private equity firm with offices in San Francisco and London that invests in the technology industry. In the past few years, investigations into NSO Group have revealed some information about the companys operations. A non-exhaustive list of resources follows:

20:31

Dem megadonor Steyer posts job listing for high-level campaign staffers on LinkedIn "IndyWatch Feed Tech"

Billionaire philanthropist Tom Steyer is putting out feelers on the professional networking website LinkedIn for several high-level campaign staffers in three crucial early-voting states.The posting, which seeks applications for state director...

20:31

CCCB: Oliver Twist "IndyWatch Feed Tech"

Its Thursday, so it must be time to bake something and read a book Ive avoided reading for a couple of decades.

Ive done cake and cookies, so why not bread? Nutty bread. Looks like the flour:nut ratio is 25:10, and I have no idea whether thats like totally nuts.

I have baked a couple of loaves of bread before, but theyve never been like actually any good.

...

20:30

Soft Rotating Pneumatic Actuators "IndyWatch Feed Tech"

When we think of pneumatic actuators, we typically consider the standard varieties of pneumatic cylinder, capable of linear motion. These can be referred to as hard actuators, made of rigid components and capable of great accuracy and force delivery. However, soft actuators have their own complementary abilities such as being able to handle more delicate tasks and being less likely to injure human operators when used in collaborative operations. The Whitesides Research Group at Harvard University has undertaken significant research in this field, and released a paper covering a novel type of soft pneumatic actuator.

The actuator consists of a series of soft, flexible sealed chambers which surround a wooden dowel in the center. By applying vacuum to these various chambers, the dowel in the center can be pulled into up to eight different positions. Its a unique concept, and one we can imagine could have applications in various material processing scenarios.

The actuator was built by moulding elastomers around 3D printed components, so this is a build that could theoretically be tackled by the DIYer. The paper goes into great detail to quantify the performance of the actuator, and workshops several potential applications. Testing is done on a fluid delivery and stirring system, and a tethered robotic walker was built. The team uses the term cVAMS cyclical vacuum actuated machine to describe the actuator technology.

The world of soft robotics is a hot bed of development, and we look forward to further work in this field. Its not just Harvard, either weve seen interesting work from Yale and from the Hackaday community too!

 

20:25

Scanning for Flaws, Scoring for Security "IndyWatch Feed Tech"

Is it fair to judge an organizations information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. Whats remarkable is how many organizations dont make an effort to view their public online assets as the rest of the world sees them until its too late.

Image: US Chamber of Commerce.

For years, potential creditors have judged the relative risk of extending credit to consumers based in part on the applicants credit score the most widely used being the score developed by FICO, previously known as Fair Isaac Corporation. Earlier this year, FICO began touting its Cyber Risk Score (PDF), which seeks to measure an organizations chances of experiencing a data breach in the next 12 months, based on a variety of measurements tied to the companys public-facing online assets.

In October, FICO teamed up with the U.S. Chamber of Commerce to evaluate more than 2,500 U.S. companies with the Cyber Risk Score, and then invited these companies to sign up and see how their score compares with that of other organizations in their industry. The stated use cases for the Cyber Risk Score include the potential for cyber insurance pricing and underwriting, and evaluating supply chain risk (i.e., the security posture of vendor partners).

The company-specific scores are supposed to be made available only to vetted people at the organization who go through FICOs signup process. But in a marketing email sent to FICO members on Tuesday advertising its new benchmarking feature, FICO accidentally exposed the FICO Cyber Risk Score of energy giant ExxonMobil.

The marketing email was quickly recalled and reissued in a redacted version, but it seems ExxonMobils score of 587 puts it in the elevated risk category and somewhat below the mean score among large companies in the Energy and Utilities sector, which was 637. The October analysis by the Chamber and FICO gives U.S. businesses an overall score of 687 on a scale of 300-850.

...

20:18

A critical bug in Microsoft left 400M accounts exposed "IndyWatch Feed Tech"

By Waqas

A bug bounty hunter from India, Sahad Nk who works forSafetyDetective, a cybersecurity firm, has received a reward from Microsoft for uncovering and reporting a series of critical vulnerabilities in Microsoft accounts. These vulnerabilities were present on users Microsoft accounts from MS Office files to Outlook emails. This means, all kinds of accounts (over 400 []

This is a post from HackRead.com Read the original post: A critical bug in Microsoft left 400M accounts exposed

20:15

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Bob Friesenhahn on Dec 12

Is a network connection between two machines not a 'privilege
boundary'? If the remote machine has the ability to subvert the
accessing machine (e.g. by transmitting something which causes harm to
the client) then that seems to qualify.

Bob

20:06

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Tavis Ormandy on Dec 12

Yes, the bug exists on NetBSD, but in order for it to be a security
issue, there has to be an example of this bug being used to cross a
privilege boundary. I assume we agree that not every bug is a security
bug, there has to be some sort of supported security boundary that the
bug allows an attacker to violate. The question I'm asking is can you
elaborate on which security boundary is being crossed? I don't dispute
the bug exists and...

20:00

WelcomeHosting KVM VPSs in Los Angeles 6GB KVM VPS for just $9/mo & more! "IndyWatch Feed Tech"

Its been a while since we heard from Brian at WelcomeHosting, however, they recently contacted us with some exclusive offers to share with the community this holiday season. They are offering KVM VPS services out of Los Angeles with some amazing discounts for our community. They are offering various different pricing structure options based on the plan, however, the most savings and value are to be had when choosing to pay using an annual billing cycle. For example, the 6GB KVM VPS is just $69/year when paid annually, instead of $9/mo!

Their WHOIS is public, and you can find their ToS/Legal Docs here. They accept PayPal, VISA, MasterCard, American Express, Discover, Bitcoin, Litecoin and Ethereum as payment methods.

Heres what they had to say: 

Nowadays, it seems like its almost impossible to find a hosting company that understands its customers by their first name not just another number. Whats one aspect about home thats found nowhere else? Feeling comfortable and welcome and thats exactly the type of client experience we aspire to deliver here at WelcomeHosting. We offer plenty of different hosting solutions, and were always available to help you every step of the way. Welcome to a personalized and worry-free hosting experience!

Heres the offers: 

512MB SSD

  • 512MB RAM
  • 1x CPU Core
  • 10GB SSD Storage
  • 1.5TB Bandwidth
  • 1Gbps Uplink
  • 1 x IPv4
  • KVM/SolusVM
  • Docker/Custom ISO
  • $2/mo OR $14/yr
  • [ORDER]

1GB KVM VPS

  • 1024MB RAM
  • 1x CPU Core
  • 25GB RAID-10 Storage
  • 2TB Bandwidth
  • 1Gbps Uplink
  • 1 x...

19:55

Uber Allegedly Ignored Safety Warnings Before Self-Driving Fatality "IndyWatch Feed Tech"

Submitted via IRC for SoyCow1984

Uber allegedly ignored safety warnings before self-driving fatality

Just days after Uber announced its plans to resume testing of its self-driving taxis, new information reveals that a whistleblower had made the company aware of the technology's safety failures before the incident in Arizona last March, which saw a pedestrian struck and killed by one of Uber's vehicles, and which led to the suspension of all testing activity.

According to The Information, Robbie Miller, a manager in the testing-operations group, sent a cautionary email to a number of Uber's executive and lawyers, warning that the vehicles were "routinely in accidents resulting in damage. This is usually the result of poor behavior of the operator or the AV technology."

It appears the email was prompted by an incident in Pittsburgh, where just a few days before Miller sent the message an Uber prototype swerved completely off the road and onto the sidewalk, where it continued to drive. According to Miller's email, the episode was "essentially ignored" for days, until Miller raised it with other managers. He also noted that towards the end of 2017, it took two weeks for engineers to investigate the logs of a separate Arizona incident, in which an Uber vehicle almost collided with another car.


Original Submission

Read more of this story at SoylentNews.

19:23

Linux Is Already In Good Shape For The New Features Of Intel Gen11 Graphics & Icelake "IndyWatch Feed Tech"

Besides seeing Icelake demos at the Intel Architecture Day that were running on Ubuntu, with closely tracking the Linux kernel's development most of the new features presented for Sunny Cove and Gen11 graphics have already been merged or at least available in patch form for some months within the Linux ecosystem. Here's a look at the features talked about yesterday and their state on Linux...

19:17

MiniRHex Makes Wiggly-Legged Unstoppability Tiny and Affordable "IndyWatch Feed Tech"

For about $200, you can build a surprisingly capable six-whegged robot with googly eyes

RHex (pronounced rex) is a unique hexapedal robot that uses hybrid wheel-legs (whegs) to get around. Its surprisingly adaptable, able to adjust its gait to conquer a variety of obstacles and terrains, and it can even do some impressive parkour. RHex has been around for nearly two decades, which is practically forever in robot years, but because of how versatile it is you still see it doing cool new stuff from time to time.

Wow. This is how to make a good robot video, folks.

MiniRHex weighs in at under half a kilogram, but can support a payload of up to 3 kilograms. Six Dynamixel XL320s power the legs, driven by a ROBOTIS main board that talks to your computer via Bluetooth. Most of the structure of the robot is 3D printed, which keeps the cost quite low: If you have access to a 3D printer and a laser cutter, the entire robot will run you just over $200, or around $250 if you also need to buy the Bluetooth module and a charger for the battery. Theres a tiny amount of soldering plus some software setup that doesnt look too difficult, and the instructions seem very easy to follow.

As you can see from the video, MiniRHex can, with a little bit of work, clamber over obstacles at least as high as it is, and it can scamper along at several body lengths per second. These arent optimized gaits eitherwhile MiniRHex can currently take advantage of an alternating tripod gait as well as a pronking gait, theres still plenty of room for optimization. Beyond just tweaking the gait in software, the size and springiness of the legs themselves can be adjusted as well, which is one of the reasons why RHex platforms are so interesting to work with. Heres some preliminary gait testing with MiniRHex on a treadmill; watch until the end for a few outtakes.

...

19:16

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Hacker Fantastic on Dec 12

Hi Tavis, thanks for the input - I referenced Mikrotik as a vendor using a
vulnerable implementation that can be used to escape restricted shells.
This is just one example of a instance where a restricted shell could be
escaped when using inetutils, or when the vulnerable code path reached
unexpected systems (like NetBSD). As Mikrotik case is not an oss security
issue I did not post the advisory here, but as I shared to you already on
social...

19:01

How To Stay Grounded When You Have Zero Potential "IndyWatch Feed Tech"

Ground is an interesting topic when it comes to engineering. Either its the reference level for a digital circuit (not necessarily at zero volts, either), or its the return path for current, or its the metal chassis, which shouldnt be the return path for current or else somethings terribly broken. Erika Earls talk at this years Hackaday Superconference is all about ground.

The first type of ground to talk about is the ground in your outlets and walls. The AC safety ground is the third pin on your plug that should be attached to the chassis of your washer/dryer on one end, and somehow connected to the neutral wire somewhere near your breaker box. The theory of this being if a conductor touches the chassis of a lamp or appliance, all the current will go along that ground bus saving you from electrocution. It should also trip the circuit breaker.

But really were rarely dealing with mains power around here. When it comes to electronic design, were mostly dealing with analog grounds and digital grounds in circuits. Sometimes these are the same, sometimes theyre not, but theyre both usually referenced to 0 Volts, Add in some considerations for EMC, and ground loops, and you have an astonishing amount of knowledge wrapped up in having zero potential.

If you want to know about what ground actually is, this isnt a talk to miss. Erika has tons of experience chasing down grounds as an audio engineer, and her career highlights including the director of hardware engineering at Slate Digital and the Senior Technical Engineer at LAs legendary Village Recording Studios. Theres a lot of experience here, and if you want to where to find your ground, Erika is the person to ask.

18:42

NASA offers advice on how to rescue Tony Stark "IndyWatch Feed Tech"

NASA directed Marvel to listen for a signal from Stark saying Avengers, we have a problem. #INQEntertainment


MANILA, Philippines Tony Stark being stranded in space without food, water or air in the Avengers: Endgame trailer stirred the emotions of many Marvel fans.

18:39

Cyber attack hit the Italian oil and gas services company Saipem "IndyWatch Feed Tech"

Some of the servers of the Italian oil and gas services company Saipem were hit by a cyber attack early this week.

 Saipem has customers in more than 60 countries, including Saudi Arabian oil and gas giant Saudi Aramco. It could be considered a strategic target for a broad range of threat actors.

The attack has been identified out of India on Monday and primarily affected the servers in the Middle East, including Saudi Arabia, the United Arab Emirates, and Kuwait.

Main operating centers in Italy, France and Britain had not been affected.

The attack affected only a limited number of servers in its infrastructure, Saipem said it is working to restore them using backups, a circumstance that could suggest that a ransomware hit the company.

Saipem told Reuters the attack originated in Chennai, India, but the identity of the attackers is unknown.

The servers involved have been shut down for the time being to assess the scale of the attack,Saipems head of digital and innovation, Mauro Piasere, told Reuters. 

There has been no loss of data because all our systems have back-ups, he added.

Saipem

The Italian oil services company Saipem was hit by a cyber attack, it confirmed the event but has shared a few details about the attack.

We have no proof of the origins or reasons for the attack, though this is being investigated, a Saipem spokesperson said via email.

We are collecting all the elements useful for assessing the impact on our infrastructures and the actions to be taken to restore normal activities, the firm said in a statement.

At the time it is impossible to attribute the attack, it is not clear is the company faced a targeted attack or if was hit in a broader camp...

18:17

FCC votes to allow service providers to block texts in effort to fight spam "IndyWatch Feed Tech"

The Federal Communications Commission (FCC) on Wednesday voted to classify text messages as an information service, allowing mobile carriers to block texts in a move that supporters say will help crack down on spam messages. The proposal was...

18:07

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Tavis Ormandy on Dec 12

To be clear, this is a bug in the (little used) GNU inetutils telnet
*client*, not server. It's hard to imagine a real usage of this in a
context that would be exploitable.

If you can set DISPLAY, then you can probably also set LD_PRELOAD, and if
you can interact with the command then you can use shell escapes.

I asked on twitter, and was told that maybe someone is using untrusted
telnet:// URIs with GNU inetutils, but there are no known...

18:02

Pinoy team to compete in global NASA Space Apps Challenge "IndyWatch Feed Tech"

The ISDApp was designed to communicate useful information to fishermen (such as real-time weather updates, sunrise and sunset times, wind speed, and cloud coverage) without the need for an internet connection. #SpaceApps #SpaceAppsPH


For the first time, a Filipino-made app was selected to join the global NASA Space Apps Challenge. Current latest trending Philippine headlines on science, technology breakthroughs, hardware devices, geeks, gaming, web/desktop applications, mobile apps, social media buzz and gadget reviews.

18:02

An Interview with Reason Near-Term Life Extension Therapies "IndyWatch Feed Tech"

Today, we present an interview with Reason, the editor of Fight Aging! and co-founder of Repair Biotechnologies. We asked him about the state of rejuvenative therapies, some of which may be available in the near future.

Fight Aging! was the first blog that tackled the science of aging in a serious fashion. Many people still treat it as the go-to site for high-quality information and opinion on the rapidly growing field of biogerontology.

Reason (he goes by only his first name), the brain behind the Fight Aging! blog, has been involved in one way or another with anti-aging science for almost two decades as a writer, researcher, and investor. His new company, Repair Biotechnologies, is focused mainly on halting thymic atrophy and atherosclerosis, which causes about 20 percent of all human deaths.

17:55

[$] DMA and get_user_pages() "IndyWatch Feed Tech"

In the RDMA microconference of the 2018 Linux Plumbers Conference (LPC), John Hubbard, Dan Williams, and Matthew Wilcox led a discussion on the problems surrounding get_user_pages() (and friends) and the interaction with DMA. It is not the first time the topic has come up, there was also a discussion about it at the Linux Storage, Filesystem, and Memory-Management Summit back in April. In a nutshell, the problem is that multiple parts of the kernel think they have responsibility for the same chunk of memory, but they do not coordinate their activities; as might be guessed, mayhem can sometimes ensue.

17:52

The x32 subarchitecture may be removed "IndyWatch Feed Tech"

The x32 subarchitecture is a software variant of x86-64; it runs the processor in the 64-bit mode, but uses 32-bit pointers and arithmetic. The idea is to get the advantages of x86-64 without the extra memory usage that goes along with it. It seems, though, that x32 is not much appreciated; few distributions support it and the number of users appears to be small. So now Andy Lutomirski is proposing its eventual removal:

I propose that we make CONFIG_X86_X32 depend on BROKEN for a release or two and then remove all the code if no one complains. If anyone wants to re-add it, IMO they're welcome to do so, but they need to do it in a way that is maintainable.

If there are x32 users out there, now would be a good time for them to speak up.

17:42

Will we ever be able to control gravity? "IndyWatch Feed Tech"

Fancy flying? Humans are a far way off manipulating gravity.

17:42

AMDVLK 2018.Q4.4 Driver Update Brings Performance Improvements, New Vulkan Bits "IndyWatch Feed Tech"

AMD developers today outed their latest "AMDVLK" open-source Vulkan driver code drop dubbed AMDVLK 2018.Q4.4...

17:37

Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) "IndyWatch Feed Tech"

Posted by Salvatore Bonaccorso on Dec 12

Hi,

Can you request a CVE directly via https://cveform.mitre.org/ ?

Regards,
Salvatore

17:35

Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) "IndyWatch Feed Tech"

Posted by Solar Designer on Dec 12

The advisory SPADV-2018-01.md is in fact significantly more detailed
than what you posted, so I've attached it to this message for archival.

oss-security is no longer a place to request CVE IDs. See:

https://oss-security.openwall.org/wiki/mailing-lists/oss-security#cve-requests

"Previously, one could request CVE IDs for issues in Open Source
software from oss-security. This is no longer the case. Instead,
please start by posting...

17:30

My Oscilloscope Uses Fire "IndyWatch Feed Tech"

If you want to visualize sound waves, you reach for your oscilloscope, right? That wasnt an option in 1905 so physicist [Heinrich Rubens] came up with another way involving flames. [Luke Guigliano] and [Will Peterson] built one of these tubes known as a Rubens tube and will show you how you can, too. You can see a video of their results, below. Just in case a flame oscilloscope isnt enough to attract your interest, they are driving the thing with a theremin for extra nerd points.

The guys show a short flame run and one with tall flames. The results are surprising, especially with the short flames. Of course, the time base is the length of the tube, so that limits your measurements. The tube has many gas jets along the length and with a sound source, the height of the flames correspond to the air pressure from the sound inside the tube.

According to their plans, the tube is a 2 inch tube, six feet long. They used a #42 drill bit to create the gas jet holes an inch apart although they mention if they did it again theyd go smaller and space them closer. The working gas is propane and if you want to exactly duplicate their build, youll need to weld. They mention, though, that you could probably build it without welding. Total cost? About $350.

You can extend the idea of a Rubens tube to a square we hate to call it a Rubens cube. Or you can shrink it down to a single point. Either way, it is fire, so you want to be careful, but there is a certain appeal to it, too. It always amazes us how resourceful people can be when they have to be. The invention of the Rubens tube is an example of that, although there were many other ways people made up for not having oscilloscopes.

17:11

California considers text messaging tax to fund cell service for low-income residents "IndyWatch Feed Tech"

California may soon charge its residents a fee for text messaging, according to a report released by state regulators Tuesday.The report from the California Public Utilities Commission (CPUC) says the tax on text messaging would likely be a flat fee...

16:56

Google+ Bug Exposes Non-Public Profile Data for 52 Million Users "IndyWatch Feed Tech"

Submitted via IRC for SoyCow1984

Google+ bug exposes non-public profile data for 52 million users

Two months after disclosing an error that exposed the private profile data of almost 500,000 Google+ users, Google on Monday revealed a new leak that affects more than 52 million people. The programming interface bug allowed developers to access names, ages, email addresses, occupations, and a wealth of other personal details even when they were set to be nonpublic.

The bug was introduced in a release that went live at an undisclosed date in November and was fixed a week later, Google officials said in a blog post. During the time the bug was active, developers of apps that requested permission to view profile information that a user had added to their Google+ profile received permission to view profile information about that user even when the details were set to not-public. What's more, apps with access to users' Google+ profile data had permission to access non-public profile data that other Google+ users shared with the consenting user. In all, the post said, 52.5 million users are affected.


Original Submission

Read more of this story at SoylentNews.

16:48

NVIDIA 415.23 Driver Fixes Build Issues Against Linux 4.20 Kernel "IndyWatch Feed Tech"

It was just last week NVIDIA released the 415.22 driver while out today is the 415.23 update...

16:46

Security updates for Wednesday "IndyWatch Feed Tech"

Security updates have been issued by Arch Linux (chromium, firefox, lib32-openssl, lib32-openssl-1.0, openssl, openssl-1.0, texlive-bin, and wireshark-cli), Fedora (perl), openSUSE (pdns), Oracle (kernel), Red Hat (kernel), Slackware (mozilla), SUSE (kernel, postgresql10, qemu, and xen), and Ubuntu (firefox, freerdp, freerdp2, pixman, and poppler).

16:41

CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) "IndyWatch Feed Tech"

Posted by Salva Peir on Dec 12

Hi everyone,

is affected by a response discrepancy information exposure (CWE-204) that
enables an attacker to remotely enumerate valid htpasswd usernames (RFC
7617).

A more detailed advisory can be found at:
https://speirofr.appspot.com/files/advisory/SPADV-2018-01.md
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916190

Is there a CVE for this? If not, could one...

16:39

Aliases: DIY Shell Commands "IndyWatch Feed Tech"

Title: 
Aliases: DIY Shell Commands

16:28

Activists canvas Queens to oppose Amazon move "IndyWatch Feed Tech"

Grass-roots activists in New York have been canvassing Long Island City and other parts of Queens to organize opposition to Amazons upcoming move there, with hundreds joining a meeting Monday night to protest against the company.When our...

16:23

Record for High-Temperature Superconductivity "IndyWatch Feed Tech"

Room temperature superconductors belong in the same basket as fusion power plants artificial general intelligence: They were only a couple of decades away when we read about them in Omni magazine in the 1980s. Via: MIT Technology Review: Chemists found a material that can display superconducting behavior at a temperature warmer than it currently is []

16:22

Happy to announce Dr. Manuel Serrano from the Institute for Research in Biomedicine (IRB) in Barcelona as a speaker for the 2019 Undoing Aging Conference "IndyWatch Feed Tech"

Manuel has been a world-leading researcher in cell senescence for decades, and participated in various of our conferences starting many years ago. His latest breakthrough, which he will discuss in Berlin, is one of those head-slappingly brilliant concepts that I encounter at most once per year, combining a couple of long-established ideas in a completely novel way that potentially delivers far more than the sum of the parts. I wont spoil the surprise here! says Aubrey de Grey.

https://www.undoing-aging.org/news/dr-manuel-serrano-to-speaaging-2019

#undoingaging #sens #foreverhealthy

16:02

What a Newfound Kingdom Means for the Tree of Life "IndyWatch Feed Tech"

The tree of life just got another major branch. Researchers recently found a certain rare and mysterious microbe called a hemimastigote in a clump of Nova Scotian soil. Their subsequent analysis of its DNA revealed that it was neither animal, plant, fungus nor any recognized type of protozoan that it in fact fell far outside any of the known large categories for classifying complex forms of life (eukaryotes). Instead, this flagella-waving oddball stands as the first member of its own supra-kingdom group, which probably peeled away from the other big branches of life at least a billion years ago.

Its the sort of result you hope to see once in a career, said Alastair Simpson, a microbiologist at Dalhousie University who led the study.

Impressive as this finding about hemimastigotes is on its own, what matters more is that its just the latest (and most profound) of a quietly and steadily growing number of major taxonomic additions. Researchers keep uncovering not just new species or classes but entirely new kingdoms of life raising questions about how they have stayed hidden for so long and how close we are to finding them all.

16:01

Warnings On Steroids Static Code Analysis Tools "IndyWatch Feed Tech"

A little while back, we were talking about utilizing compiler warnings as first step to make our C code less error-prone and increase its general stability and quality. We know now that the C compiler itself can help us here, but we also saw that theres a limit to it. While it warns us about the most obvious mistakes and suspicious code constructs, it will leave us hanging when things get a bit more complex.

But once again, that doesnt mean compiler warnings are useless, we simply need to see them for what they are: a first step. So today we are going to take the next step, and have a look at some other common static code analysis tools that can give us more insight about our code.

You may think that voluntarily choosing C as primary language in this day and age might seem nostalgic or anachronistic, but preach and oxidate all you want: C wont be going anywhere. So lets make use of the tools we have available that help us write better code, and to defy the pitfalls C is infamous for. And the general concept of static code analysis is universal. After all, many times a bug or other issue isnt necessarily caused by the language, but rather some general flaw in the codes logic.

Compiler Warnings Recap

But lets first take a step back again to compiler warnings. If we recall the nonnull attribute which indicates that a functions parameter cant and therefore wont be NULL, we saw that the compilers perspective is extremely shortsighted on it:

extern void foo(char *) __attribute__((nonnull));

void bar(void) {
    char *ptr = NULL;

    foo(NULL); // warning
    foo(ptr);  // no warning here
}

The compiler will warn about the foo(NULL) call, as it is an obvious violation of the nonnull declaration, but it wont realize that the second call will eventually also pass NULL as parameter. To be fair though, why should it understand that, its primary job is to generate a machine-readable executable from our source code?

Now, this example is a rather clear case, and while the compiler may not warn about it, it is still easy to spot. If you have decent code review practices in place, it should be straightforward to detect the mishap. But sometimes its just us by ourselves, no other developer to review our code, and due to tiredness or other reasons, it might simply slip by our eyes. Other times, the potential issue hiding underneath is a lot less obvious, and it might take a whole series of unfortunate events for it to become an actual problem. Wed have to go mentally through every possible execution path to be sure its all good....

15:48

Bad news for scammers. Huawei executive Meng Wanzhou has been released on bail "IndyWatch Feed Tech"

Scammers want you to send $2000 to help Huaweis CFO bribe her way out of jail.

15:26

Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) "IndyWatch Feed Tech"

Posted by Solar Designer on Dec 12

(I resisted the urge to comment on this piece in previous postings.)

What should distros/users do, then? Use latest mainline or upstream
stable kernels? That would expose them to the many recent bugs like
this one, but which haven't yet been found (or not yet made public,
which is worse).

As far as I can tell, by far most Linux kernel vulnerabilities (that are
eventually found and made public) are in relatively recent (as of that
time)...

15:14

Google CEO Sundar Pichai Testifies before the U.S. Congress "IndyWatch Feed Tech"

Google's Sundar Pichai was grilled on privacy, data collection, and China during congressional hearing

Google's CEO testified before the House Judiciary Committee on Tuesday where lawmakers grilled him on a wide range of issues, including potential political bias on its platforms, its plans for a censored search app in China and its privacy practices.

This is the first time Pichai has appeared before Congress since Google declined to send him or Alphabet CEO Larry Page to a hearing on foreign election meddling earlier this year. That slight sparked anger among senators who portrayed Google as trying to skirt scrutiny.

[...] Tuesday's hearing was titled "Transparency & Accountability: Examining Google and its Data Collection, Use, and Filtering Practices" and many representatives posed questions on whether or not Google's search results were biased against conservative points of view.

[...] Another topic that came up multiple times was Google's plan to launch a censored search engine in China. The Intercept first reported details of the project over the summer, which would block search results for queries that the Chinese government deemed sensitive, like "human rights" and "student protest" and link users' searches to their personal phone numbers. [...] "Right now, we have no plans to launch search in China," Pichai answered, adding that access to information is "an important human right."

Also at Bloomberg and The Hill.

See also:...

15:02

New method gives microscope a boost in resolution "IndyWatch Feed Tech"

Scientists at the University of Wrzburg have been able to boost current super-resolution microscopy by a novel tweak. They coated the glass cover slip as part of the sample carrier with tailor-made biocompatible nanosheets that create a mirror effect. This method shows that localizing single emitters in front of a metal-dielectric coating leads to higher precision, brightness and contrast in Single Molecule Localization Microscopy (SMLM). The study was published in the Nature journal Light: Science and Applications.

The sharpness of a microscope is limited by structures that are closer together than 0.2 thousandths of a millimeter blur, and can no longer be distinguished from each other. The cause of this blurring is diffraction. Each point-shaped object is therefore not shown as a point, but as a blurry spot.

With , the resolution can still be drastically improved. One method would calculate its exact center from the brightness distribution of the blurry spot. However, it only works if two closely adjacent points of the object are initially not simultaneously but subsequently visible, and are merged later in the . This temporal decoupling prevents superimposition of the blurry spot. For years, researchers in have been using this tricky method for super high-resolution light of cells.

15:02

New X-ray imaging approach could boost nanoscale resolution for advanced photon source upgrade "IndyWatch Feed Tech"

A longstanding problem in optics holds that an improved resolution in imaging is offset by a loss in the depth of focus. Now, scientists are joining computation with X-ray imaging as they develop a new and exciting technique to bypass this limitation.

The upcoming Advanced Photon Source Upgrade (APS-U) project at Argonne will put this problem under one of the brightest spotlights imaginable. The upgrade will make the APS, a Department of Energy Office of Science User Facility, 500 times brighter than it is today, further enhancing the capabilities of its X-rays to study the arrangements of atoms and molecules in a wide range of biological and technological materials.

A whole variety of X-ray imaging experiments ultimately will need something like this as they all push the resolution to finer length scales in the future, said Chris Jacobsen, an Argonne Distinguished Fellow and professor of physics at Northwestern University. With the Upgrade in place, the APSs X-rays could allow scientists to study systems like the brains full network of synaptic connections, or the entire volume of an integrated circuit down to its finest details.

15:02

Algorithms to locate centrioles in the cell "IndyWatch Feed Tech"

Investigators from the Neurodegenerative Diseases Research Group at the University of Extremadura are studying signaling mediated by a pathway known as planar cell polarity (PCP), which regulates the coordinated orientation of cells during organogenesis, the process of organ formation in living organisms. This pathway has been highly conserved on the evolutionary scale, and one of its key functions in vertebrates is the regulation of the coordinated positioning of centrioles/ciliary basal cells inside cells.

This signaling pathway was discovered initially in the fruit fly genus Drosophila, although the majority of the pathway components have been retained in humans. It has likewise been observed that certain pathologies such as hydrocephaly, infertility and some kinds of cancers are associated with defective functioning of this signaling.

Under the auspices of the project EPICENTR within the Spanish national research plan, whose objective is to study the planar polarisation of centrioles in epithelial , the UEx researchers have now published the first results of their investigation in the journal Development. These results are related to the polarised positioning mechanism of centrioles in Drosophila and its correlation with actin.

15:00

Intel Working On Open-Sourcing The FSP - Would Be Huge Win For Coreboot & Security "IndyWatch Feed Tech"

Intel's Architecture Day on Tuesday was delightfully filled with an overwhelming amount of valuable hardware information, but Intel's software efforts were also briefly touched on too. In fact, Raja Koduri reinforced how software is a big part of Intel technology and goes in-hand with their security, interconnect, memory, architecture, and process pillars and that's where their new oneAPI initiative will fit in. But what learning afterwards was most exciting on the software front...

15:00

Intel Developing "oneAPI" For Optimized Code Across CPUs, GPUs, FPGAs & More "IndyWatch Feed Tech"

Intel's 2018 Architecture Day was primarily focused on the company's hardware architecture road-map, but one of the software (pre)announcements was their oneAPI software stack...

15:00

Intel Details Gen11 Graphics & Sunny Cove For Icelake "IndyWatch Feed Tech"

At Intel's architecture day, the company finally detailed their "Gen 11" graphics that we've been seeing open-source Linux graphics driver patches for many months (Intel OTC posted their initial open-source display driver code in early January and has continued the enablement work since) albeit elusive in substantive user details and hardware until Icelake. But today at least we can share more about the significant improvements with Gen11 graphics...

14:38

Singularity: CVE-2018-19295: local root exploit - unprivileged users can join arbitrary mnt, net, pid and ipc namespaces "IndyWatch Feed Tech"

Posted by Matthias Gerstner on Dec 12

Hello,

following is a report about security issues found in Singularity [1].

Introduction
============

Singularity is a Linux namespace based container solution often used
in HPC (high performance computing) environments. In the course of a
SUSE enterprise products I found a couple of security issues.

According to upstream this affects Singularity versions 2.4.0 through...

14:24

RSA Conference announces initial 2019 keynote speakers "IndyWatch Feed Tech"

RSA Conference announced its initial line-up of keynote speakers for the 2019 Conference, which begins Monday, March 4 and runs through Friday, March 8 in San Francisco, CA. The keynote program will culminate with an entertaining close from actress, writer and producer Tina Fey. New this year, RSA Conference will have two keynote stages: West Stage keynotes will continue to feature sponsor keynotes, panels and esteemed guest speakers, and South Stage keynotes will utilize the More

The post RSA Conference announces initial 2019 keynote speakers appeared first on Help Net Security.

14:10

New Ebook Offers Comprehensive Guide to Open Source Compliance "IndyWatch Feed Tech"

The Linux Foundation has released the second edition of Open Source Compliance in the Enterprise by Ibrahim Haddad, which offers organizations a practical guide to using open source code and participating in open source communities while complying with both the spirit and the letter of open source licensing.

13:53

[slackware-security] mozilla-firefox (SSA:2018-345-01) "IndyWatch Feed Tech"

Posted by Slackware Security Team on Dec 12

[slackware-security] mozilla-firefox (SSA:2018-345-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-60.4.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

13:43

December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild "IndyWatch Feed Tech"

Its Patch Tuesday again and, as per usual, both Microsoft and Adobe have pushed out patches for widely-used software packages. The Microsoft patches Microsofts December 2018 Patch Tuesday release is pretty lightweight: the company has plugged 38 CVE-numbered security holes, nine of which are considered to be Critical. Among the most notable bugs in this batch are CVE-2018-8611, an elevation of privilege vulnerability that arises when the Windows kernel fails to properly handle objects in More

The post December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild appeared first on Help Net Security.

13:42

Go inside your brain! "IndyWatch Feed Tech"

The Allen Institute has released an open database of live human brain cells.

13:37

Brexit Status Once Again in Limbo "IndyWatch Feed Tech"

https://www.bbc.com/news/uk-politics-46509288

"Prime Minister Theresa May has called off Tuesday's crucial vote on her Brexit deal so she can go back to Brussels and ask for changes to it.

"As it stands the deal 'would be rejected by a significant margin' if MPs voted on it, she admitted."

The biggest stumbling block appears to be the issue between Ireland and Northern Ireland. In particular, what the borders will look like in terms of what people and goods will need to do or not do in order to cross it.


Original Submission

Read more of this story at SoylentNews.

13:07

Nasty Android malware found stealing its victims PayPal funds "IndyWatch Feed Tech"

By Waqas

Another day, another Android malware This time, according to the latest findings of ESETs IT security researchers, there is a new malware in Google Play Store that hijacks PayPal account to steal money Researchers assessed that the malware is specifically targeting Android users and steals no less than $1,000. The malware was first []

This is a post from HackRead.com Read the original post: Nasty Android malware found stealing its victims PayPal funds

13:00

A Pi Cluster to Hang in Your Stocking with Care "IndyWatch Feed Tech"

Its that time of year again, with the holidays fast approaching friends and family will be hounding you about what trinkets and shiny baubles they can pretend to surprise you with. Unfortunately theres no person harder to shop for than the maker or hacker: if we want it, weve probably already built the thing. Or at least gotten it out of somebody elses trash.

But if they absolutely, positively, simply have to buy you something thats commercially made, then you could do worse than pointing them to this very slick Raspberry Pi cluster backplane from [miniNodes]. With the ability to support up to five of the often overlooked Pi Compute Modules, this little device will let you bring a punchy little ARM cluster online without having to build something from scratch.

The Compute Module is perfectly suited for clustering applications like this due to its much smaller size compared to the full-size Raspberry Pi, but we dont see it get used that often because it needs to be jacked into an appropriate SODIMM connector. This makes it effectively useless for prototyping and quickly thrown together hacks (I.E. everything most people use the Pi for), and really only suitable for finish...

12:37

Add It Up: Enterprise Adoption of Kubernetes Is Growing "IndyWatch Feed Tech"

A recently updated user survey from monitoring software provider Datadog confirms an increase in Kubernetes adoption. We believe this is the result of three factors: 1) more organizations using containers in production; 2) Kubernetes has emerged as the leading orchestration platform; 3) organizations are choosing to adopt Kubernetes earlier in cloud native voyage.

12:00

Supermicro Says That an Audit Found No Evidence to Support Claims of Chinese Backdoors in Products "IndyWatch Feed Tech"

Audit: No Chinese surveillance implants in Supermicro boards found

In a letter to customers issued December 11, Supermicro President and CEO Charles Liang and other top executives announced that an audit conducted by an outside investigating team had found no evidence of any malicious hardware incorporated into motherboards currently or previously manufactured by the company. The letter is the latest rebuttal to Bloomberg reports in October that claimed tiny chips that provided a backdoor for China's intelligence agencies had been integrated into boards provided to major Internet and cloud providersa report also refuted by the companies the report claimed were targeted.

"After a thorough examination and a range of functional tests, the investigative firm found absolutely no evidence of malicious hardware on our motherboards," the letter signed by Liang, Supermicro Senior Vice President and Chief Compliance Officer David Weigland, and Senior VP and Chief Product Officer Raju Penumatcha stated.

Searching for site:soylentnews.org supermicro on Google brought up a Supermicro ad linking the CEO letter, with the link entitled "Supermicro Independent Testing | No Malicious Hardware". Do you believe them?

Previously: Chinese Spy Chips Allegedly Inserted Into Amazon, Apple, etc. Datacenters by Super Micro
Bloomberg Stands by Chinese Chip Story as Apple, Amazon Ratchet up Denials
Bloomberg Claims That a Major U.S. Telecom Operated a Server Backdoored by a Hidden Chip

Related: Apple Deleted Server Supplier After Finding Infected Firmware in Servers
Firmware Vulnerabilities in Supermicro Systems
Supermicro Announces Suspension of Tra...

11:55

New threat actor SandCat exploited recently patched CVE-2018-8611 0day "IndyWatch Feed Tech"

Experts from Kaspersky Lab reported that that the recently patched Windows kernel zero-day vulnerability (CVE-2018-8611) has been exploited by several threat actors.

Microsofts Patch Tuesday updates for December 2018 address nearly 40 flaws, including a zero-day vulnerability affecting the Windows kernel.

The flaw, tracked as CVE-2018-8611, is as a privilege escalation flaw caused by the failure of the Windows kernel to properly handle objects in memory.

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. reads the security advisory published by Microsoft.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.

The vulnerability was reported to Microsoft by researchers at Kaspersky Lab. Kudos to Kaspersky experts that in the last months reported other two Windows zero-days, CVE-2018-8453 and CVE-2018-8589, respectively exploited by FruityArmor and multiple threat actors in attacks mostly aimed at the Middle East.

according to Kaspersky, the CVE-2018-8611 is a race condition that resides in the Kernel Transaction Manager, and most interesting, it could be used to escape the sandbox of the Chrome and Edge web browsers.

CVE-2018-8611 is a race condition that is present in the Kernel Transaction Manager due to improper processing of transacted file operations in kernel mode. reads the...

11:37

EPO Trust, Leadership and Commitment "IndyWatch Feed Tech"

Summary: Trust, leadership and commitment is the latest publication from EPO insiders, who in the absence of free speech and freedom of association for the union/representation are an essential spotlight on EPO abuses

THE FOLLOWING publication was made available yesterday. Here it is in HTML form.


LIFER

11 December 2018

IFLRE

EPOFLIERNo. 45

The EPO-FLIER wants to provide staff with uncensored, independent information at times of social conflict

...

11:35

Adobe's Year-End Update Patches 87 Flaws in Acrobat Software "IndyWatch Feed Tech"

Adobe is closing out this year with its December Patch Tuesday update to address a massive number of security vulnerabilities for just its two PDF appsmore than double the number of what Microsoft patched this month for its several products. Adobe today released patches for 87 vulnerabilities affecting its Acrobat and Reader software products for both macOS and Windows operating systems, of

11:32

Kubernetes etcd Data Project Joins CNCF "IndyWatch Feed Tech"

How do you store data across a Kubernetes container cluster? With etcd. This essential part of Kubernetes has been managed by CoreOS/Red Hat. No longer. Now, the open-source etcd project has been moved from Red Hat to the Cloud Native Computing Foundation (CNCF).

10:32

Future of U.S.-Russian Space Cooperation in Doubt "IndyWatch Feed Tech"

Russia Wants to Extend U.S. Space Partnership. Or It Could Turn to China.

The American incentives for engaging with Russia in space in the 1990s political goals like the employment of idle rocket scientists to prevent missile proliferation have mostly disappeared with the resumption of tensions. The Trump administration has already proposed that by 2025 the United States should stop supporting the International Space Station that is the principal joint project today. A final decision is up to Congress. The American role might be shifted to a commercial footing thereafter.

[...] [It] is unclear how much longer the post-Soviet era of space cooperation between the United States and Russia can last in the more hostile environment now surrounding relations. In the interview, [Dmitri O. Rogozin, the director of Russia's space agency,] said Russia wanted to carry on joint flights with the United States and its allies, despite the tensions over election interference, wars in Syria and Ukraine, and the chemical weapons poisoning of a former double agent in Britain.

[...] Analysts say Moscow has a strong incentive to maintain the joint program: a decided lack of money to pursue a lunar station on its own. Russia's budget for its space program is something less than one-10th what the United States spends on NASA. [...] Russia's preference is to press on with a space program entwined with the United States', on either the lunar program or another venture, Mr. Rogozin said. But if talks fail, Russia can turn to China or India for partnership. There might then be two stations circling the Earth or the moon, one led by the United States the other a Russian-Chinese enterprise. Mr. Rogozin even floated the idea of a "BRIC station," the acronym for the developing economies of Brazil, Russia, India and China.

Mr. Rogozin in November ordered the Russian Academy of Sciences to study the prospects for a solo Russian program to build a habitable base on the surface of the moon. Ivan M. Moiseyev, the director of the Institute of Space Policy in Moscow, said in a telephone interview that any proposal for a lone Russian lunar station was fantastical, given the budget constraints. "The technical capability exists, but the finances don't."

The U.S. and NASA could develop stronger partnerships with the European Space Agency, Japan Aerospace Exploration Agency, and Indian Space Research Organisation instead.

Previously:

...

10:31

Bell & Videotron File Criminal Complaint Against IPTV Provider "IndyWatch Feed Tech"

While regular torrent and streaming sites are still a big hit with online pirates, dedicated IPTV services are becoming increasingly popular with consumers.

These services, which can be difficult to tell apart from official offerings, typically supply access to hundreds of otherwise premium channels at a knockdown price. This disruption is something that broadcasters and rightsholders all over the world are keen to bring to an end.

In particular, there have been many raids around Europe but news is now surfacing of action in Canada, featuring two of the countrys most powerful media companies and what appears to be an unlicensed IPTV provider.

On an unspecified date, Bell and Videotron filed a criminal complaint against IPTV provider Cielo 4K. A website featuring that branding is available here, offering around 250 channels including PPV and adult content while recommending its offer especially for the residents of the province of Quebec-Canada.

On October 11, 2018, the Royal Canadian Mounted Police (RCMP) reportedly conducted a search at the residence of a former employee of a Videotron subcontractor in Boisbriand, Montreal. LaPresse reports that dozens of computers and modems plus Bell, Videotron, Roku and DirecTV receivers were seized, totaling some 150 items of hardware.

According to the news outlet, the four people listed as defendants in court documents are not yet facing criminal charges since the RCMP investigation is still ongoing. However, the quartet is suspected of using three Videotron and Bell accounts to receive, capture, and redistribute channels to the public.

This kind of use makes us believe that the service installed at this residence is used to power an IPTV network broadcasting unauthorized television content, the plaintiffs state in their claim.

Its further alleged that the streams were sent to servers operated by OVH Hosting Services, from where they were distributed to the public.

OVH is also recognized by the telecommunications industry for hosting the majority of IPTV services offering unauthorized television content, the court documents note, citing a Videotron investigation.

When approached for comment, OVH said it does not discuss the activities of its customers, insisting that as a cloud infrastructure provider it does not have access to customers data.

This latest action against Cielo 4K...

10:22

Pew study: Artificial intelligence will mostly make us better off by 2030 but fears remain "IndyWatch Feed Tech"

But many experts, even those mindful of such risks, have a more positive outlook, especially in health-care and possibly in education.


Most experts canvassed by Pew say artificial intelligence will leave most of us better off by 2030. But there are fears about jobs and mayhem.

10:00

Toast Printer Prints Tasty Images And Weather Forecasts "IndyWatch Feed Tech"

Electrical Engineering degrees usually focus on teaching you useful things, like how to make electronic devices that actually work and that wont kill you. But that doesnt mean that you cant have some fun on the way. Which is what Cornell students [Michael Xiao] and [Katie Bradford] decided to do with T.O.A.S.T: The Original Artistic Solution for Toast. In case the name didnt give it away, this is a toast printer. The user supplies an image and a bit of bread, and the T.O.A.S.T prints the image onto the toast. Alternatively, the printer can show you the weather by printing a forecast onto your daily bread.

[Xiao] and [Bradford] programmed a Raspberry Pi W to handle most of the heavy lifting, converting the image or the weather forecast into a 10 by 10 matrix, which is then sent to the PIC32. This drives two motors that move a heat gun. To turn a 1 in this matrix into a toasted spot, the motors pause over one spot of the bread, creating a nice toasty spot. The whole thing is mounted onto a laser-cut frame, with a 3D printed holder for the heat gun. There is, unfortunately, no butter or jam dispenser, but if you were to combine this with the Toast-Bot, you might get the finished product. That might be a postgraduate level build, though.

 

 

 

09:49

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack "IndyWatch Feed Tech"

Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched by the tech giant this month is listed as publicly known at the time of release, and one is a zero-day reported as being

09:49

Git 2.20.0 released "IndyWatch Feed Tech"

Git 2.20.0 is out. Changes include interdiff generation support in git format-patch, an improved ability to cope with corrupted patches in git am, a number of performance and usability improvements, and more.

09:27

Btrfs Restoring Support For Swap Files With Linux 4.21 "IndyWatch Feed Tech"

The Btrfs file-system hasn't supported Swap files on it in early a decade, but that support will be restored again with the upcoming Linux 4.21 kernel...

09:27

Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) "IndyWatch Feed Tech"

Posted by Jann Horn on Dec 12

NOTE: I have requested a CVE identifier, and I'm sending this message,
to make tracking of the fix easier; however, to avoid missing security
fixes without CVE identifiers, you should *NOT* be cherry-picking a
specific patch in response to a notification about a kernel security
bug.

In Linux kernel versions since 4.11, userfaultfd can be used to write
arbitrary data into holes in sparse tmpfs files to which an attacker
has read-only access....

09:03

The Best Albums of 2018 "IndyWatch Feed Tech"

Best album has been decided by Emacs which keeps track of what albums Ive listened to most, so this is a totally objective list that objectively literally lists the best music this year.

Except for the bits where I just edited by hand, because Ive been listening more to old music than new music this year. There hasnt been a single new wow, this is the best album ever in 2018, I think, but just a huge quantity of really kinda good stuff. I think 2018 has been a stronger year than what weve seen recently. Music goes in waves

Anyway, heres the best song of the year, which is John Brown by Marc Ribot (feat. Fay Victor):

And heres the list:

Marc Ribot ...

09:02

Humans may be reversing the climate clock "IndyWatch Feed Tech"

Our future on Earth may also be our past. In a study published Monday (Dec. 10, 2018) in the Proceedings of the National Academy of Sciences, researchers show that humans are reversing a long-term cooling trend tracing back at least 50 million years. And its taken just two centuries.

09:00

Who Lost the World Bush 41 Left Behind? "IndyWatch Feed Tech"

 

What happened was a complete loss of imagination and a DEEP STATE conspiracy ultimately run by stupid people. Let us leave it at that.

Bush 41 was their choice as well, but it can be said that he chose them as well.  The CIA provided the internal glue that preserved the Status quo that then ran its course through 2016.

The talent to create a great country is rare and its is even more rare for the talent to be inherited or chosen by a committee.   Thus we had good leadership in Ike, JFK, LBJ ( sorry folks) Nixon, and Reagan and got spoiled. Since then we have had a leadership gap and that includes both Bushes.  That Gap allowed the opportunity provided by Russia to be thrown away and for CHINA to remain unchecked as well as allowing smaller shows to simply fester.

Now we can expect a return to competent leadership for several terms as the path has been established to make this true.  . 
.

Who Lost the World Bush 41 Left Behind?

Friday - December 7, 2018 at 12:45 am

By Patrick J. Buchanan

https://buchanan.org/blog/who-lost-the-world-bush-41-left-behind-130749


George H.W. Bush was Americas closer.

Called in to pitch the final innings of the Cold War, Bush 41 presided masterfully over the fall of the Berlin Wall, the unification of Germany, the liberation of 100 million Eastern Europeans and the dissolution of the Soviet Union into 15 independent nations.

Historys assignment complete, Bush 41 was retired.

And what happened to the world he left behind?

What became of that world where America was the lone superpower, which 41 believed should lead in creation of the New World Order?

The Russia that back then was led by Boris Yeltsin, a man desperate to be our friend and ally, is now ruled by an autocratic nationalist.

Was not Vladimir Putin an inevitable reaction to our treating Russia like an untrustworthy and dangerous recidivist, by our expansion of NATO into the Balkans, the eastern Baltic and the Black Sea the entire front porch of Mother Russia?
...

09:00

Researchers Develop Cheap, 10-Minute Test That Can Detect Cancer Anywhere in the Body "IndyWatch Feed Tech"






An extraordinary discovery which can be made simple and universal.  Best yet it separates those with a current problem.  No effort need be spent on false leads.   

With that the patient can start anti tumor protocols and also track the bodies response until it all goes away.  with CBD coming into its own this may well be as simple as having a course of CBD oil..

In fact this makes it possible to imagine it been part of an annual checkup and possibly the whole industry literally going away.  Nothing has ever promised this.



Researchers Develop Cheap, 10-Minute Test That Can Detect Cancer Anywhere in the Body

https://www.goodnewsnetwork.org/researchers-develop-10-minute-test-that-detects-cancer-anywhere-in-the-body/

Australian scientists are being hailed for possibly developing a quick and easy test that can detect any kind of cancer in a matter of minutes.

Cancer is an extremely complicated and variable disease and different types of cancer have different signatures. Up until now, the scientists have had trouble finding a simple signature that was distinct from healthy cells and common to all cancers but the team was finally able to identify a unique biomarker that was common...

09:00

Robot Janitors Are Coming to Mop Floors at a Walmart Near You "IndyWatch Feed Tech"

Wal-Mart Stores Inc. signage is displayed outside the company's location in Burbank, California, U.S.

This should be a good start, though all cleaning tasks do demand fine detail work as well that actually takes up a huge amount of time when compared to the basic action.  We already have vacuums and even those must fail when the geometry does not cooperate. 

Fine detail is the important problem.  We need machines able to identify a raspberry and to reach out and pick it.  This same ability is needed to identify untouched that needs cleaning or even additional reps.  After all a clean tile in your bathroom needs to be individually scrubbed to achieve perfection.

And what happens when you drop a quarter on the floor?
.
Robot Janitors Are Coming to Mop Floors at a Walmart Near You

Pavel Alpeyev

Bloomberg Wal-Mart Stores Inc. signage is displayed outside the company's location in Burbank, California, U.S.

https://www.msn.com/en-us/news/other/robot-janitors-are-coming-to-mop-floors-at-a-walmart-near-you/ar-BBQpDb3

Robots are coming to a Walmart Inc. near you, and not just as a gimmick.

The worlds largest retailer is rolling out 360 autonomous floor-scrubbing robots in some of its stores in the U.S. by the end of the January, it said in a joint statement...

Medical Cannabis Superior To Opioids for Chronic Pain, Study Finds "IndyWatch Feed Tech"

 
It is interesting that when used in conjunction with morphine, the morphine dosage is cut by 75%.   This strongly suggests that it will be much easier to avoid addiction and resolve it as well with low maintenance dosages.

All this can stop progressive deterioration in hte addiction profile.

It is certain that CBD is on the way to be the key bridge drug needed for the majority of chronic pain if not all such cases with opiates reserved for surgery and severe short term pain which was the way it was...
.
Medical Cannabis Superior To Opioids for Chronic Pain, Study Finds

08:55

Minnesota's Mall of America Introduces a Virtual Elf "Hologram" "IndyWatch Feed Tech"

Mall of America debuts helpful holographic elf for the holidays

How would you keep a shopping mall lively in an era when more and more people are buying their holiday gifts online? The Mall of America has a one-word answer: holograms. It's partnering with mixed reality firm VNTANA on what's billed as the "first-ever" holographic shopping concierge. Visit the mega-mall's Holiday Cottage throughout the season and you can speak to Ellie the elf (no, really, that's her name) for help tracking down top gifts. Ask about how to find an Xbox One for the kids, for instance, and Ellie will point you to the Microsoft Store.

The hologram isn't mind-blowing by itself (it's more like those Pepper's Ghost musician holograms than a true 3D image), but it's helped by a VNTANA platform that can tie a chatbot to a digital model. And no, you won't have to shout over the mall traffic -- there's a handheld microphone to take your voice requests.


Original Submission

Read more of this story at SoylentNews.

08:35

Novidade, a new Exploit Kit is targeting SOHO Routers "IndyWatch Feed Tech"

Security experts at Trend Micro have discovered a new exploit kit, dubbed Novidade (novelty in Portuguese), that is targeting SOHO routers to compromise the devices connected to the network equipment.

The Novidade exploit kit leverages cross-site request forgery (CSRF) to change the Domain Name System (DNS) settings of SOHO routers and redirect traffic from the connected devices to the IP address under the control of the attackers.

Since its first discovery in August 2017, experts observed three variants of the exploit kit, including one involved in the DNSChanger system of a recent GhostDNS campaign.

Currently, Novidade is used in different campaigns, experts believe it has been sold to multiple threat actors or its source code leaked.

Most of the campaigns discovered by the researchers leverages phishing attacks to retrieve banking credentials in Brazil. Experts also observed campaigns with no specific target geolocation, a circumstance that suggests attackers are expanding their target areas or a larger number of threat actors are using the exploit kit. 

We found Novidade being delivered through a variety of methods that include malvertising, compromised website injection, and via instant messengers. reads the analysis published by Trend Micro.

Novidade eK

Experts noticed that the landing page performs HTTP requests generated by JavaScript Image function to a predefined list of local IP addresses that are used by routers. Once established a connection, the Novidade toolkit queries the IP address to download an exploit payload encoded in base64.

The exploit kit blindly attacks the detected IP address with all its exploits. 

The malicious code also attempts to log into the router with a set of default credentials and t...

08:15

Securing and managing the enterprise Internet of Things "IndyWatch Feed Tech"

A future where the Internet of Things spreads exponentially is almost certain. Seemingly everybody wants these devices: consumers for the helpful features and manufacturers for the ability to collect data about the product and consumers use of it. Paul Calatayud, Palo Alto Networks CSO for the Americas, sees the IoT evolving into a new form of distributed computing powered by 5G and ever-increasing bandwidth speeds. The result will be intelligent, programmable devices that operate without More

The post Securing and managing the enterprise Internet of Things appeared first on Help Net Security.

08:02

Space mining: the new goldrush "IndyWatch Feed Tech"

While space mining is still a decade or so off, next year the industry is ramping up their efforts.

08:00

6.8% of the top 100,000 websites still accept old, insecure SSL versions "IndyWatch Feed Tech"

Mac-based malware has appeared on the list of the top ten most common types of malware for the first time in WatchGuards quarterly Internet security report. The Mac scareware appeared in sixth place in WatchGuards latest Q3 2018 report and is primarily delivered by email to trick victims into installing fake cleaning software. Researchers also found that 6.8 percent of the worlds top 100,000 websites still accept old, insecure versions of the SSL encryption protocol, More

The post 6.8% of the top 100,000 websites still accept old, insecure SSL versions appeared first on Help Net Security.

07:45

Android Trojan steals money from victims PayPal account "IndyWatch Feed Tech"

ESET researchers have unearthed a new Android Trojan that tricks users into logging into PayPal, then takes over and mimics the users clicks to send money to the attackers PayPal address. The heist wont go unnoticed by the victim if they are looking at the phone screen, but they will also be unable to do anything to stop the transaction from being executed as it all happens in a matter of seconds. The only thing More

The post Android Trojan steals money from victims PayPal account appeared first on Help Net Security.

07:30

Will sophisticated attacks dominate in 2019? "IndyWatch Feed Tech"

Trend Micro released its 2019 predictions report, warning that attackers will increase the effectiveness of proven attack methods by adding more sophisticated elements to take advantage of the changing technology landscape. As we head into 2019, organizations must understand the security implications of greater cloud adoption, converging IT and OT, and increasing remote working, said Greg Young, vice president of cybersecurity for Trend Micro. Cybercriminals will continue to follow a winning formula exploiting existing More

The post Will sophisticated attacks dominate in 2019? appeared first on Help Net Security.

07:27

Distribution Release: Univention Corporate Server 4.3-3 "IndyWatch Feed Tech"

Stefan Gohmann has announced the release of Univention Corporate Server (UCS) 4.3-3, the latest update of the project's Debian-based distribution for servers with a web-based administration system: "Third point release for Univention Corporate Server (UCS) 4.3 is now available. It includes a number of important updates and....

07:18

Massachusetts Town Votes Against Comcast Cable Internet Offer, Will Build Municipal Fiber Instead "IndyWatch Feed Tech"

Comcast rejected by small townresidents vote for municipal fiber instead

A small Massachusetts town has rejected an offer from Comcast and instead plans to build a municipal fiber broadband network. Comcast offered to bring cable Internet to up to 96 percent of households in Charlemont in exchange for the town paying $462,123 plus interest toward infrastructure costs over 15 years. But Charlemont residents rejected the Comcast offer in a vote at a special town meeting Thursday.

"The Comcast proposal would have saved the town about $1 million, but it would not be a town-owned broadband network," the Greenfield Recorder reported Friday. "The defeated measure means that Charlemont will likely go forward with a $1.4 million municipal town network, as was approved by annual town meeting voters in 2015." About 160 residents voted, with 56 percent rejecting the Comcast offer, according to news reports.

Charlemont has about 1,300 residents and covers about 26 square miles in northwest Massachusetts. Town officials estimate that building a municipal fiber network reaching 100 percent of homes would cost $1,466,972 plus interest over 20 years. An increase in property taxes would cover the construction cost. But the town would also bring in revenue from selling broadband service and potentially break even, making the project less expensive than Comcast's offer. "With 59 percent of households taking broadband service, the tax hike would be 29 cents [per $1,000 of assessed home value], similar to that for Comcast," a Recorder article last month said. "But if 72 percent or more of households subscribe to the municipal-owned network, there is no tax impact, because subscriber fees would pay for it."


Original Submission

Read more of this story at SoylentNews.

07:15

November 2018: Most wanted malware exposed "IndyWatch Feed Tech"

Check Point has published its latest Global Threat Index for November 2018. The index reveals that the Emotet botnet has entered the Indexs top 10 ranking after researchers saw it spread through several campaigns, including a Thanksgiving-themed campaign. This involved sending malspam emails in the guise of Thanksgiving cards, containing email subjects such as happy Thanksgiving day wishes, Thanksgiving wishes and the Thanksgiving day congratulation! These emails contained malicious attachments, often with file names related More

The post November 2018: Most wanted malware exposed appeared first on Help Net Security.

07:03

LIVE NOW: Do you like penguins? "IndyWatch Feed Tech"

Do you like space? A science team is presenting about their expedition to document a supercolony of penguins in Antarctica which they found by using NASA Earth satellite imagery! Learn all about how to study penguins from space! https://go.nasa.gov/2rsoF4y

07:00

FPGA Hack Becomes An Atari Game Genie "IndyWatch Feed Tech"

The Game Genie is a classic of the early 90s video game scene. Its how you would have beaten the Ninja Turtles game, and its why the connector in your NES doesnt work as it should. They never made a Game Genie for the Atari 2600, though, because by the time the Game Genie was released, the Atari was languishing on the bottom shelves of Toys R Us. Now though, we have FPGAs and development tools. We can build our own. Thats exactly what [Andy] did, and his Game Genie for the 2600 works as well as any commercial product youd find for this beleaguered console.

To understand how to build a Game Genie for an Atari, you first have to understand how a Game Genie works. The hacks for a Game Genie work by replacing a single byte in the ROM of a game. If your lives are stored at memory location 0xDEAD for example, you would just change that byte from 3 (the default) to 255 (because thats infinite, or something). Combine this with 6-letter and 8-letter codes that denote which byte to change and what to change it to, and you have a Game Genie.

This build began by setting up a DE0 Nano FPGA development board to connect to an Atari 2600 cartridge. Yes, there are voltage level differences, but this can be handled with a few pin assignments. Then, its just a matter of writing Verilog to pass all the data from one set of address and data pi...

07:00

Product showcase: iStorage diskAshur PRO SSD "IndyWatch Feed Tech"

The diskAshur PRO SSD is an ultra-secure, PIN authenticated, portable USB 3.1 hard drive with real-time AES-XTS 256-bit hardware encryption. It doesnt require any software the keypad enables you to securely access the drive by entering a PIN code. DiskAshur PRO enforces an excellent PIN policy. The PIN must be at least 7 digits long and the maximum option is 15 digits. It cannot consist of all consecutive numbers (i.e., 1234567) or just one More

The post Product showcase: iStorage diskAshur PRO SSD appeared first on Help Net Security.

06:11

Mesa 18.3.1 Released To Disable Botched Vulkan Extension "IndyWatch Feed Tech"

Mesa 18.3 was released less than a week ago while today Mesa 18.3.1 was issued due to an error in the Vulkan specification...

06:03

Intel's IWD Linux Wireless Daemon 0.13 Adds Opportunistic Wireless Encryption "IndyWatch Feed Tech"

Intel's promising IWD open-source wireless daemon continues picking up additional functionality in its trek towards potentially replacing wpa_supplicant. Out this week is IWD 0.13...

06:00

CECPQ2 "IndyWatch Feed Tech"

CECPQ1 was the experiment in post-quantum confidentiality that my colleague, Matt Braithwaite, and I ran in 2016. It's about time for CECPQ2.

I've previously written about the experiments in Chrome which lead to the conclusion that structured lattices were likely the best area in which to look for a new key-exchange mechanism at the current time. Thanks to the NIST process we now have a great many candidates to choose from in that space. While this is obviously welcome, it also presents a problem: the fitness space of structured lattices looks quite flat so there's no obviously correct choice. Would you like keys to be products (RLWE) or quotients (NTRU; much slower key-gen, but subsequent operations are faster; older, more studied)? Do you want the ring to be NTT-friendly (fast multiplication, but more structure), or to have just a power-of-two modulus (easy reduction), or to have as little structure as possible? What noise profile and failure probability? Smart people can reasonably end up with different preferences.

This begs the question of why do CECPQ2 now at all? In some number of years NIST will eventually whittle down the field and write standards. Adrian Stanger of the NSA said at CRYPTO this year that the NSA is looking to publish post-quantum standards around 2024, based on NIST's output. (And even said that they would be pure-PQ algorithms, not combined with an elliptic-curve operation as a safeguard.) So if we wait five years things are likely to be a lot more settled.

Firstly, you might not be happy with the idea of waiting five years if you believe Michele Mosca's estimate of a one sixth chance of a large quantum computer in ten years. More practically, as we sail past the two year mark of trying to deploy TLS 1.3, another concern is that if we don't exercise this ability now we might find it extremely difficult to deploy any eventual design.

TLS 1.3 should have been straightforward to deploy because the TLS specs make accommodations for future changes. However, in practice, we had to run a series of large-scale experiments to measure what patterns of bytes would actually weave through all the bugs in the TLS ecosystem. TLS 1.3 now has several oddities in the wire-format that exist purely to confuse various network intermediaries into working. Even after that, we're still dealing with issues. Gallingly, because we delayed our server deployment in order to ease the client deployment, we're now having to work around bugs in TLS 1.3 client implementations that wouldn't have been able to get established had we quick...

05:41

Why Smart People Are Vulnerable to Putting Tribe Before Truth "IndyWatch Feed Tech"

From Scientific American

Science literacy is important, but without the parallel trait of "science curiosity," it can lead us astray

What intellectual capacitiesor if one prefers, cognitive virtuesshould the citizens of a modern democratic society possess? For decades, one dominant answer has been the knowledge and reasoning abilities associated with science literacy. Scientific evidence is indispensable for effective policymaking. And for a self-governing society to reap the benefits of policy-relevant science, its citizens must be able to recognize the best available evidence and its implications for collective action.

This account definitely isnt wrong. But the emerging science of science communication, which uses scientific methods to understand how people come to know whats known by science, suggests that it is incomplete.

Indeed, its dangerously incomplete. Unless accompanied by another science-reasoning trait, the capacities associated with science literacy can actually impede public recognition of the best available evidence and deepen pernicious forms of cultural polarization.

The supplemental trait needed to make science literacy supportive rather than corrosive of enlightened self-government is science curiosity.

Read more of this story at SoylentNews.

05:22

Curry signals willingness to meet with NASA over Moon landing doubts "IndyWatch Feed Tech"

NASA offered to give Stephen Curry a tour of its lunar labs in Houston after the NBA superstar expressed doubts on the moon landings.


Three-time NBA champion Stephen Curry on Tuesday signaled that he is willing to take NASA up on its offer to tour its lunar lab in Houston after his pronouncement this week that he does not believe humans ever walked on the Moon.

During the Winging It podcast released on Monday, the Golden State Warriors guard asked fellow players Vince Carter and Kent Bazemore whether they believed humans had ever been to the Moon.

The players said they did not, to which two-time MVP Curry said: Theyre gonna come get us. I dont think so either.

05:03

IonQ Has the Most Powerful Quantum Computers With 79 Trapped Ion Qubits and 160 Stored Qubits "IndyWatch Feed Tech"

IonQ just made a presentation on two new trapped ion quantum computers with 160 stored and 79 processing qubits. This is more qubits than the best noisy superconducting quantum computers which is currently the Google 72 Qubit Bristlecone processor.

* IonQ systems are at room temperature

* IonQ manipulates ions with magnets and lasers and have software control on mostly FPGA chips.

04:59

Notes about hacking with drop tools "IndyWatch Feed Tech"

In this report, Kasperky found Eastern European banks hacked with Raspberry Pis and "Bash Bunnies" (DarkVishnya). I thought I'd write up some more detailed notes on this.

Drop tools

A common hacking/pen-testing technique is to drop a box physically on the local network. On this blog, there are articles going back 10 years discussing this. In the old days, this was done with $200 "netbook" (cheap notebook computers). These days, it can be done with $50 "Raspberry Pi" computers, or even $25 consumer devices reflashed with Linux.

A "Raspberry Pi" is a $35 single board computer, for which you'll need to add about another $15 worth of stuff to get it running (power supply, flash drive, and cables). These are extremely popular hobbyist computers that are used everywhere from home servers, robotics, and hacking. They have spawned a large number of clones, like the ODROID, Orange Pi, NanoPi, and so on. With a quad-core, 1.4 GHz, single-issue processor, 2 gigs of RAM, and typically at least 8 gigs of flash, these are pretty powerful computers.

Typically what you'd do is install Kali Linux. This is a Linux "distro" that contains all the tools hackers want to use.

You then drop this box physically on the victim's network. We often called these "dropboxes" in the past, but now that there's a cloud service called "Dropbox", this becomes confusing, so I guess we can call them "drop tools". The advantage of using something like a Raspberry Pi is that it's cheap: once dropped on a victim's network, you probably won't ever get it back again.

Gaining physical access to even secure banks isn't that hard. Sure, getting to the money is tightly controlled, but other parts of the bank aren't not nearly as secure. One good trick is to pretend to be a banking inspector. At least in the United States, they'll quickly bend over an spread them if they think you are a regulator. Or, you can pretend to be maintenance worker there to fix the plumbing. All it takes is a uniform with a logo and what appears to be a valid work order. If questioned, whip out the clipboard and ask them to sign off on the work. Or, if all else fails, just walk in brazenly as if you belong.

Once inside the physical network, you need to find a place to plug something in. Ethernet and power plugs are often underneath/behind furniture, so that's not hard. You might find access to a wiring closet somewhere, as Aaron Swartz famously did. You'll usually have to connect via Ethernet, as it requires no authentication/authorization. If you could connect via WiFi, you could probably do it outside the building using directional antennas without going thr...

04:30

New Relic introduces Kubernetes cluster explorer "IndyWatch Feed Tech"

New Relic introduced the Kubernetes cluster explorer, a new way for DevOps teams to understand the health and performance of their Kubernetes environments. Kubernetes cluster explorer allows teams to drill down into application and infrastructure metrics side-by-side in a UI that simplifies complex environments. As a result, teams can understand dependencies across their entire environment, make better-informed decisions, and resolve errors. The Kubernetes cluster explorer extends New Relics existing Kubernetes monitoring capabilities by offering a More

The post New Relic introduces Kubernetes cluster explorer appeared first on Help Net Security.

04:04

China Arrests Former Canadian Diplomat; Chinese Companies Ban iPhones, Require Huawei Phones "IndyWatch Feed Tech"

Michael Kovrig, former Canadian diplomat, reportedly arrested in China

A former Canadian diplomat has reportedly been arrested in China. The International Crisis Group said Tuesday it's aware of reports that its North East Asia senior adviser Michael Kovrig has been detained.

The Brussels-based non-governmental organization said in a statement it's doing everything possible to obtain additional information about Kovrig's whereabouts and that it will work to ensure his prompt release.

The Globe and Mail in Toronto and the Canadian Broadcasting Corp. reported the arrest, citing unnamed sources.

Reports of Kovrig's detention come after China warned Canada of consequences for its recent arrest of Huawei executive Meng Wanzhou at Vancouver's airport. It's unclear if there's any link between the cases.

Some Chinese companies ban iPhones, require Huawei after CFO's arrest: report

Some Chinese companies are banning iPhones and requiring that their employees use Huawei products following the arrest of Huawei's chief financial officer, according to a new Yahoo News report. Meng Wanzhou, the CFO of Chinese telecom giant Huawei, was arrested by Canadian authorities last Saturday at the request of the U.S. after allegedly violating trade sanctions against Iran. Chinese officials have strongly protested Meng's detention.

Read more of this story at SoylentNews.

04:00

Improving Depth Of Field With Only 5 Phones "IndyWatch Feed Tech"

The hottest new trend in photography is manipulating Depth of Field, or DOF. Its how you get those wonderful portraits with the subject in focus and the background ever so artfully blurred out. In years past, it was achieved with intelligent use of lenses and settings on an SLR film camera, but now, its all in the software.

The franken-camera rig, consisting of five Pixel 3 smartphones. The cameras are synchronised over WiFi.

For the Pixel 2 smartphone, Google had used some tricky phase-detection autofocus (PDAF) tricks to compute depth data in images, and used this to decide which parts of images to blur. Distant areas would be blurred more, while the subject in the foreground would be left sharp.

This was good, but for the Pixel 3, further development was in order. A 3D-printed phone case was developed to hold five phones in one giant brick. The idea was to take five photos of the same scene at the same time, from slightly different perspectives. This was then used to generate depth data which was fed into a neural network. This neural network was trained on how the individual photos relate to the real-world depth of the scene.

With a trained neural network, this could then be used to generate more realistic depth data from photos taken with a single camera. Now, machine learning is being used to help your phone decide which parts of an image to blur to make your beautiful subjects...

04:00

NetSecOPEN announces cybersecurity founding members and appoints board of directors "IndyWatch Feed Tech"

NetSecOPEN revealed that 11 security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members. The organization also appointed its board of directors, who will guide NetSecOPEN toward its goal: making open network security testing standards a reality. These developments momentum for the organization, which formed in 2017 to close the gap between proprietary performance metrics and the observed real-world performance of security solutions. Certification of security product performance More

The post NetSecOPEN announces cybersecurity founding members and appoints board of directors appeared first on Help Net Security.

03:42

NASA to NBA star Steph Curry: Yes, we went to the moon, and we can prove it "IndyWatch Feed Tech"

NASA has offered to give NBA superstar Steph Curry a tour of one of its lunar labs after the Golden State Warriors guard said on a podcast that he doubts humans landed on the moon.

No, really.

Curry made the head-scratching comment on an episode of the Winging It podcast, which posted Monday. According to Bleacher Report, Curry brought up the subject himself during the more than hour-long podcast with fellow NBA players Vince Carter, Kent Bazemore and Andre Iguodala:

03:40

Police investigating bomb threat against Facebook office in California "IndyWatch Feed Tech"

Police in Menlo Park, Calif., are investigating a bomb threat against the city's Facebook office, according to multiple reports. The Facebook building has been evacuated and law enforcement is on the scene, NBC Bay Area reported. The bomb&...

03:27

Best Bitcoin wallet: Hardware or hosted? "IndyWatch Feed Tech"

The question asked in the title has been edited from what was asked today at Quora, the Q&A forum at which I participate as expert columnist. The original question was a bit more ambiguous: Which is better? a digital bitcoin wallet or a physical one?

I have included the original question, to better distinguish products and terms.

All bitcoin wallets are all digitaleven a paper wallet, whether a character string or a QR code. Conversely, an exchange may use physical wallets to host client assets, individual application wallets, or they may simply keep records of client assets that are stored, collectively, in their own master wallet.

To complicate matters, Bitcoin is never really stored by you or an exchange service. It is stored on a public blockchain, where assets and transaction history can be traced through time by anyone. Therefore, all forms of user access are digital. What the reader really wants to know is Which form of access control is better?  custodial or personal?

Type 1: Custodial Wallets are Managed by a Trusted Party
They hold your assets. You view a statement balancejust like a bank account.

The reader uses the term digital wallet to mean a hosted wallet in which a trusted 3rd party holds the private keys, or aggregates the assets of many customers and tracks their individual ownership in their own accounting system, like a traditional bank or broker. In this case, the 3rd party is trusted to maintain security, privacy, and constant, robust user access.

It is possible that the reader may have used the term digital wallet to additionally refer to PC and smartphone applications, such as Bitcoin Core, Armory or Electrum. But, these are really personal and private wallets because they are created and configured by the owner, and only the owner has the private keys. And so, we classify device wallet applications as personal/private along with hardware or paper wallets.

Type 2: Personal Wallets are Private
but with privacy comes risk!

Wallets are...

03:02

China behind Marriott data breach, investigators conclude "IndyWatch Feed Tech"

Chinese hackers were behind the Marriott security breach that left the personal information of up to 500 million hotel guests exposed, investigators have concluded, The New York Times reported on Tuesday. The hack was part of an...

03:00

Password-less security arrives on macOS with HYPR "IndyWatch Feed Tech"

HYPR released its Employee Access solution for macOS. The addition of macOS marks a milestone in expanding enterprise-wide coverage of HYPRs Decentralized Authentication Platform, enabling businesses to secure password-less access to corporate resources, eliminate credential reuse and stop phishing attacks while improving workforce productivity on a global scale. With existing support for Windows 7, 8 and 10, the launch of MacOS rounds off the HYPR Employee Access offering and accelerates HYPRs continued transformation of enterprise More

The post Password-less security arrives on macOS with HYPR appeared first on Help Net Security.

02:41

NEW 'Off The Wall' ONLINE "IndyWatch Feed Tech"

NEW 'Off The Wall' ONLINE

Posted 12 Dec, 2018 1:41:36 UTC

The new edition of Off The Wall from 11/12/2018 has been archived and is now available online.

02:30

ELASTX deploys Fortanix SDKMS runtime encryption key management to protect customers cloud data "IndyWatch Feed Tech"

Fortanix unveiled that ELASTX has deployed its Self-Defending Key Management Service (SDKMS) to protect customers data as they migrate to the cloud. Now ELASTX customers can utilize its platforms that now offer security of their private data moving to the cloud, powered by Fortanix. Founded in 2012, ELASTX delivers automated cloud services via its platforms Jelastic PaaS (Platform as a Service) and OpenStack IaaS (Infrastructure as a Service). Its CloudOps Engineers help businesses automate the More

The post ELASTX deploys Fortanix SDKMS runtime encryption key management to protect customers cloud data appeared first on Help Net Security.

02:27

Abundance of Life Found Kilometers Beneath the Earth's Surface "IndyWatch Feed Tech"

Scientists Reveal a Massive Biosphere of Life Hidden Under Earth's Surface

Earth is not the home you think it is. Far below the scant surface spaces we inhabit, the planet is teeming with an incredibly vast and deep 'dark biosphere' of subterranean lifeforms that scientists are only just beginning to comprehend.

[...] "Ten years ago, we had sampled only a few sites the kinds of places we'd expect to find life," explains microbiologist Karen Lloyd from the University of Tennessee at Knoxville. "Now, thanks to ultra-deep sampling, we know we can find them pretty much everywhere, albeit the sampling has obviously reached only an infinitesimally tiny part of the deep biosphere."

There's a good reason why the sampling remains in its early stages. In a preview of results from an epic 10-year collaboration by over 1,000 scientists, Lloyd and fellow researchers with the Deep Carbon Observatory (DCO) estimate the deep biosphere the zone of life under Earth's surface occupies a volume of between 2 to 2.3 billion cubic kilometres (0.48 to 0.55 billion cubic miles). That's almost twice the volume of all the world's oceans another enormous natural environment that lies largely unexplored by humans.

And just like the oceans, the deep biosphere is an abundant source of countless lifeforms a population totalling some 15 to 23 billion tonnes of carbon mass (between 245 to 385 times greater than the equivalent mass of all humans on the surface).

The findings, representing numerous studies conducted at hundreds of sites around the world, are based on analyses of microbes extracted from sediment samples sourced 2.5 kilometres (1.6 miles) under the seafloor, and drilled from surface mines and boreholes more than 5 kilometres (3.1 miles) deep.


Original Submission

Read more of this story at SoylentNews.

02:00

Netwrix completes acquisition of Concept Searching "IndyWatch Feed Tech"

Concept Searching has been acquired by Netwrix Corporation. Concept Searching will remain active in the metadata management, classification, and insight engine market, continuing to provide a range of solutions to clients. The terms of the transaction were not disclosed. The relationship between the two companies developed in 2017, with Netwrix integrating a portion of Concept Searchings technology into its Netwrix Auditor product. The technology integration and partnership were successful. As a result, Netwrix acquired Concept More

The post Netwrix completes acquisition of Concept Searching appeared first on Help Net Security.

01:42

Hillicon Valley Presented by AT&T Google CEO gets grilling before Congress | Pressure builds for election security bill | Trump to target China over IP theft | Experts warn cyber criminals growing more brazen "IndyWatch Feed Tech"

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen...

01:30

A10 Networks introduces secure service mesh solution for applications deployed in Kubernetes "IndyWatch Feed Tech"

A10 Networks released the A10 Secure Service Mesh solution for applications deployed in open-source Kubernetes container environments. The solution provides teams deploying microservices applications with a way to integrate enterprise-grade security and load-balancing with application visibility and analytics. A10s Secure Service Mesh solution protects east-west traffic and transparently encrypts traffic between microservices without requiring changes to those applications. The result is a higher level of security and performance for microservices-based applications. With the Secure Service More

The post A10 Networks introduces secure service mesh solution for applications deployed in Kubernetes appeared first on Help Net Security.

01:24

Trump says he's willing to intervene in Huawei case to close China trade deal "IndyWatch Feed Tech"

President Trump said Tuesday he would intervene in the case involving a top Chinese technology executive if it would help close a trade deal with the country.Trump, who made the comments in an interview with Reuters, also said he would consider...

01:04

Firefox 64.0 Released "IndyWatch Feed Tech"

Firefox 64.0 is available today as the last major feature update to Mozilla's web browser for 2018...

01:01

MakerBot Moves Away From Makers with New Printer "IndyWatch Feed Tech"

If youve been following the desktop 3D printing market for the last couple years, youre probably aware of the major players right now. Chinese companies like Creality are dominating the entry level market with machines that are priced low enough to border on impulse buys, Prusa Research is iterating on their i3 design and bringing many exciting new features to the mid-range price point, and Ultimaker remains a solid choice for a high-end workhorse if youve got the cash. But one name that is conspicuously absent from a Whos Who of 3D printing manufacturers is MakerBot; despite effectively creating the desktop 3D printing market, today theyve largely slipped into obscurity.

So when a banner popped up on Thingiverse (MakerBots 3D print repository) advertising the imminent announcement of a new printer, there was a general feeling of surprise in the community. It had been assumed for some time that MakerBot was being maintained as a zombie company after being bought by industrial 3D printer manufacturer Stratasys in 2013; essentially using the name as a cheap way to maintain a foothold in the consumer 3D printer market. The idea that they would actually release a new consumer 3D printer in a market thats already saturated with well-known, agile companies seemed difficult to believe.

But now that MakerBot has officially taken the wraps off a printer model they call Method, it all makes sense. Put simply, this isnt a printer for us. With Method, MakerBot has officially stepped away from the maker community from which it got its name. While it could be argued that their later model Replicator printers were already edging out of the consumer market based on price alone, the Method makes the transition clear not only from its eye watering $6,500 USD price tag, but with its feature set and design.

That said, its still an interesting piece of equipment worth taking a closer look at. It borrows concepts from a number of other companies and printers while introducing a few legitimately compelling features of its own. While the Method might not be on any Hackaday readers holiday wish list, we cant help but be intrigued about the machines future.

A Method to the Madness

Method relies heavily on concepts and technology inherited from parent company Stratasys, and bears little resemblance to previous MakerBots or even contemporary desktop 3D printers. It represents the merging of the desktop and industrial 3D printing markets which many assumed would follow MakerBots acquisition, it just took a lot longer to materialize than anyone expected.

...

01:00

HPR2703: Fog of war in Yesod based game "IndyWatch Feed Tech"

Duality of the universe: there's true state of the universe used in simulation and there's state the the players perceive. These most likely will always be in conflict. One possible solution is to separate these completely. Perform simulation in one system and record what players see in other. For every type of entity in the game, there's two sets of data: real and reported. Reports are tied to time and faction. Examples are given for planets. Thus, we have Planet, PlanetReport and CollatedPlanetReport. First is the real entity, second is report of that entity tied in time and faction. Third one is aggregated information a faction has of given entity. In database two first ones are: Planet json name Text position Int starSystemId StarSystemId ownerId FactionId Maybe gravity Double SystemPosition starSystemId position deriving Show PlanetReport json planetId PlanetId ownerId FactionId Maybe starSystemId StarSystemId name Text Maybe position Int Maybe gravity Double Maybe factionId FactionId date Int deriving Show Third one is defined as a datatype: data CollatedPlanetReport = CollatedPlanetReport { cprPlanetId :: Key Planet , cprSystemId :: Key StarSystem , cprOwnerId :: Maybe (Key Faction) , cprName :: Maybe Text , cprPosition :: Maybe Int , cprGravity :: Maybe Double , cprDate :: Int } deriving Show Data from database need to be transformed before working on it. Usually it's 1:1 mapping, but sometimes it makes sense to enrich it (turning IDs into names for example). For this we use ReportTransform type class: -- | Class to transform a report stored in db to respective collated report class ReportTransform a b where fromReport :: a -> b instance ReportTransform PlanetReport CollatedPlanetReport where fromReport report = CollatedPlanetReport (planetReportPlanetId report) (planetReportStarSystemId report) (planetReportOwnerId report) (planetReportName report) (planetReportPosition report) (planetReportGravity report) (planetReportDate report) To easily combine bunch of collated reports together, we define instances of semigroup and monoid for collated report data. Semigroup defines an associative binary operation (<>) and monoid defines a zero or empty item (mempty). My explanation about Monoid and Semigroup were a bit rambling, so maybe have a look at https://wiki.haskell.org/Monoid which explains it in detail. instance Semigroup CollatedPlanetReport where (<>) a b = CollatedPlanetReport (cprPlanetId a) (cprSystemId a) (cprOwnerId a <|> cprOwnerId b) (cprName a <|> cprName b) (cprPosition a <|> cprPosition b) (cprGravity a <|> cprGravity b) (max (cprDate...

00:54

Valve Rolls Out New Steam Play Proton 3.16 Beta, 29 More Games Supported "IndyWatch Feed Tech"

A new beta relase of Proton 3.16 is now available, the Wine-based software that powers Valve's Steam Play for running many Windows games on Linux...

00:49

John Romero Gifts 'Doom' 18 New Levels For Its 25th Birthday "IndyWatch Feed Tech"

Submitted via IRC for SoyCow1984

Ready to feel ancient? The original Doom is 25 years old -- and co-creator John Romero wants to make sure you know it. He's preparing an add-on for the 1993 game, Sigil, that serves as a "spiritual successor" to the classic shooter's fourth episode ("Thy Flesh Consumed") with nine single-player story levels as well as nine multiplayer deathmatch levels. The expansion will be free if you're just looking for some nostalgia-fueled demon slaying, but you can also spend a lot of money on it if you're determined to flaunt your fandom.

[...] Both the new levels and the physical copies are expected to arrive in mid-February.

Source: https://www.engadget.com/2018/12/10/john-romero-doom-sigil-expansion/

According to Paul Thurrott, there will be 9 new single players levels and 9 new death match levels released for free but you will need the original DOS game in order to play them. It's planned for mid February so comfortably misses the 25 year anniversary.

"SIGIL is the spiritual successor to the fourth episode of DOOM, and picks up where the original left off."


Original Submission #1   Original Submission #2

Read more of this story at SoylentNews.

00:22

Links 11/12/2018: Tails 3.11, New Firefox, FreeBSD 12.0 "IndyWatch Feed Tech"

GNOME bluefish

Contents

GNU/Linux

  • Desktop

    • Best Lightweight Linux Distros for Older Computers

      Dont throw away that old Pentium III tower and CRT monitor just yet! While that old laptop in the closet may not be able to run Windows 10 or macOS Mojave, it doesnt mean its destined for the dump.

      Many Linux distributions are made specifically for utilizing the ancient, underpowered hardware found in older machines. By installing these lightweight distros, you can breathe new life into an old PC thought to be long past its prime. Here are the best lightweight Linux distros that weve picked out from the pile.

    • VirtIO-FS: A Proposed Better Approach For Sharing Folders/Files With Guest VMs

      Red Hat developers have proposed a new VirtIO-FS component to provide better support for shared folders/files between the host and guest virtual machines.

      VirtIO-FS was developed out of the need to share folders/files with guest VMs in a fast, consistent, and secure manner. They designed VirtIO-FS for Kata containers but coud be used with other VMs too. The closest existing project to fulfilling their needs was Virtio-9p, but there were performance issues and other factors l...

00:22

China Launches 1st Mission to Land on the Far Side of the Moon "IndyWatch Feed Tech"

The first-ever surface mission to the far side of the moon is underway.

Chinas robotic Change 4 spacecraft streaked away from Earth today (Dec. 7), launching atop a Long March 3B rocket from the Xichang Satellite Launch Center at about 1:23 p.m. EST (1823 GMT; 2:23 a.m. on Dec. 8 local China time).

If all goes according to plan, Change 4 will make historys first landing on the lunar far side sometime in early January. The mission, which consists of a stationary lander and a rover, will perform a variety of science work and plant a flag for humanity in a region that remains largely unexplored to date. [Chinas Change 4 Moon Far Side Mission in Pictures].

00:15

Huawei executive released on bail in Canada "IndyWatch Feed Tech"

A judge in Canada has granted bail to a top executive of the Chinese technology giant Huawei, according to multiple media reports Tuesday.Meng Wanzhou, the tech firm's chief financial officer (CFO), was arrested earlier this month by Canadian...

Tuesday, 11 December

23:30

HPE Servers Powers ABBs Performance and Reliability "IndyWatch Feed Tech"

ABB extends service life, reduces costs of critical process control solutions.

This case study looks at how industrial control and automations solutions leader ABB is using enterprise-class servers built for the edge from HPE OEM Solutions to offer data-driven, innovative solutions. Find out how your manufacturing solutions business can drive industrial innovation and help customers minimize business disruption and lower costs.

...

23:27

ODROID-XU4: Much Better Performance Than The Raspberry Pi Plus USB3 & Gigabit Ethernet @ $60 "IndyWatch Feed Tech"

Hardkernel recently sent over the ODROUD-XU4 for benchmarking. This ARM SBC that just measures in at about 82 x 58 x 22 mm offers much better performance than many of the sub-$100 ARM SBCs while also featuring dual USB 3.0 ports, Gigabit Ethernet, eMMC storage, and is software compatible with the older XU3 ARM SBCs. Here's a look at the performance of the ODROID-XU4 compared to a variety of other single board computers.

23:22

Time Magazine Person(s) of the Year 2018: The Media "Guardians" "IndyWatch Feed Tech"

TIME Person of the Year 2018: The Guardians

Every detail of Jamal Khashoggi's killing made it a sensation: the time stamp on the surveillance video that captured the Saudi journalist entering his country's Istanbul consulate on Oct. 2; the taxiway images of the private jets bearing his assassins; the bone saw; the reports of his final words, "I can't breathe," recorded on audio as the life was choked from him.

But the crime would not have remained atop the world news for two months if not for the epic themes that Khashoggi himself was ever alert to, and spent his life placing before the public. His death laid bare the true nature of a smiling prince, the utter absence of morality in the Saudi-U.S. alliance andin the cascade of news feeds and alerts, posts and shares and linksthe centrality of the question Khashoggi was killed over: Whom do you trust to tell the story?

[...] In the Philippines, a 55-year-old woman named Maria Ressa steers Rappler, an online news site she helped found, through a superstorm of the two most formidable forces in the information universe: social media and a populist President with authoritarian inclinations. Rappler has chronicled the violent drug war and extrajudicial killings of President Rodrigo Duterte that have left some 12,000 people dead, according to a January estimate from Human Rights Watch. The Duterte government refuses to accredit a Rappler journalist to cover it, and in November charged the site with tax fraud, allegations that could send Ressa to prison for up to 10 years.

In Annapolis, Md., staff of the Capital, a newspaper published by Capital Gazette Communications, which traces its history of telling readers about the events in Maryland to before the American Revolution, press on without the five colleagues gunned down in their newsroom on June 28. Still intact, indeed strengthened after the mass shooting, are the bonds of trust and community that for national news outlets have been eroded on strikingly partisan lines, never more than this year.

Read more of this story at SoylentNews.

23:10

New Music "IndyWatch Feed Tech"

Music Ive bought this month.

jukebox.php?image=micro.png&group=Various&album=%23savefabric+(9) jukebox.php?image=micro.png&group=Laraaji&album=Ambient+3%3A+Day+Of+Radiance jukebox.php?image=micro.png&group=Yoko+Ono&album=Approximately+Infinite+Universe+(1) ...

22:12

Re: Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Alan Coopersmith on Dec 11

GNU inetutils telnet is a fork of the original BSD telnet code, but most of
the BSD's seem to have already switched to snprintf a while ago:

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/telnet/telnet.c.diff?r1=1.3&r2=1.4&f=h
https://github.com/freebsd/freebsd/commit/d2f83e4ec488ec62281318b26dad107e65d96d0c#diff-3503402e6a2ad1eb960a4f475f19fb9f

with NetBSD as the outlier:...

22:05

Patch Tuesday, December 2018 Edition "IndyWatch Feed Tech"

Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsofts December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications. Adobe has issued security fixes for its Acrobat and PDF Reader products, and has a patch for yet another zero-day flaw in Flash Player that is already being exploited in the wild.

At least nine of the bugs in the Microsoft patches address flaws the company deems critical, meaning they can be exploited by malware or neer-do-wells to install malicious software with little or no help from users, save for perhaps browsing to a hacked or booby-trapped site.

Microsoft patched a zero-day flaw that is already being exploited (CVE-2018-8611) and allows an attacker to elevate his privileges on a host system. The weakness, which is present on all supported versions of Windows, is tagged with the less severe important rating by Microsoft mainly because it requires an attacker to be logged on to the system first.

According to security firm Rapid7, other notable vulnerabilities this month are in Internet Explorer (CVE-2018-8631) and Edge (CVE-2018-8624), both of which Microsoft considers most likely to be exploited. Similarly, CVE-2018-8628 is flaw in all supported versions of PowerPoint which is also likely to be used by attackers.

It generally cant hurt for Windows users to wait a day or two after Microsoft releases monthly security updates before installing the fixes; occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out. Also, its a good idea to get in the habit of backing up your data before installing Windows updates.

Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesnt make it easy for Windows 10 users to change this setting,...

22:02

WaitMaybe the Hippies Werent Right "IndyWatch Feed Tech"

Not surprising I suppose, and also goodto have a kind of counter article soon in the same magazine.


A recent proposal about consciousness is fascinatingbut its not science.

22:00

Open Hardware Board For Robust USB Power Monitoring "IndyWatch Feed Tech"

Weve all seen the little USB power meters that have become popular since nearly every portable device has adopted some variation of USB for charging. Placed between the power source and the device under test, they allow you to see voltage and current in real time. Perfect for determining how long youll be able to run a USB powered device on batteries, or finding out if a USB power supply has enough current to do the business.

Essentially the UPM works in much the same way as the simple USB meters: one side of the device goes towards the upstream power source, and the device under test plugs into the other side. Between the two devices is a 16 bit ADC and differential amplifier which measures the voltage and current. Theres a header on the board which connects to the ADC if you wanted to connect the UPM to an external microcontrolle...

22:00

Come to Silicon Valley and Learn to Code for Free "IndyWatch Feed Tech"

Thats the promise of 42, a free school for software engineering

The building in Fremont, Calif., looks like your basic tech companya boxy building surrounded by parking lots, with large expanses of glass breaking up the otherwise unadorned exterior. I was there last month to meet with startup Lali in a corner of the building being leased by incubator Hacking House. But once inside; I got very lost. There were no numbered doors, no office suites, no building directory. In fact, most of the 100,000 square feet was basically open, the top floor filled with rows and rows of computers1024 of them, it turned out. My hosts from Hacking House eventually found me, leading me through the forest of desks, to the corner that is their tiny incubator. But what was the rest of this place?

A coding school, I was told, and an arm wave brought over someone affiliated with the operation to fill me in. Eager to tell me more was Jamie Parenteau, corporate relations manager of 42 Silicon Valley, a sister campus to the original 42 in Paris, a grand experiment in free STEM education. Funded by French tech entrepreneur Xavier Niel, the Paris school opened in 2013; the Silicon Valley branch kicked off in 2016.

(As many science fiction fans know, 42 is the answer to the ultimate question of life, the universe, and everything, at least according to The Hitchhikers Guide to the Galaxy.)

And 42the schoolis really free, Parenteau explained. Even housing is included: Besides the school building, 42 owns a nearby dorm that houses 600; the organization had counted on students from the local community to fill the additional slots. Housing, however, has proved to be a bit of a choke point, she indicated. Theres a long list of accepted students waiting for a spot in the dorm right now.

 

Courseworklearning materials, projects, and testsare online in a gamified format; students are expected to reach out to each other for help when they get stuck. Learning how to ask for help from peersand how to give help themselvesis a big part of the process. There are projects to complete and tests to take at different levels21 in all. It takes about a year to get to Level 7, at which point students can choose to continue in the program at their own pace or start looking for an internship or job....

21:45

FBI Investigating Public Comments on Net Neutrality Repeal "IndyWatch Feed Tech"

Report: FBI opens criminal investigation into net neutrality comment fraud

The Federal Bureau of Investigation is investigating the use of stolen identities in public comments on the government's repeal of net neutrality rules, BuzzFeed News reported Saturday.

The investigation focuses on "whether crimes were committed when potentially millions of people's identities were posted to the FCC's website without their permission, falsely attributing to them opinions about net neutrality rules," the report said.

"Two organizations told BuzzFeed News, each on condition that they not be named, that the FBI delivered subpoenas to them related to the comments," BuzzFeed wrote.

The FBI subpoenas came a few days after similar subpoenas sent by NY AG Barbara Underwood in mid-October. Underwood "subpoenaed more than a dozen telecommunications trade groups, lobbying contractors, and Washington advocacy organizations," The New York Times reported in October.

Previously: John Oliver Leads Net Neutrality Defenders to Crash FCC Website. Again.
Bot Floods the FCC's Website with Anti-Net Neutrality Comments
FCC Officially Publishes Net Neutrality Repeal
U.S. Officially Repeals Net Neutrality Rules; FOIA Request Reveals Details of Bogus DDoS Attack
FCC...

21:43

Former Canadian diplomat held in China "IndyWatch Feed Tech"

A former Canadian diplomat was reportedly detained in China on Tuesday around the same time a Chinese telecom executive appeared in a Vancouver courtroom, but officials said there was no immediate connection between the two cases.The Associated...

21:09

Google chief defends company during Capitol Hill grilling "IndyWatch Feed Tech"

Google CEO Sundar Pichai defended the internet giant's business practices during a contentious hearing on Capitol Hill on Tuesday.The executive was calm and soft-spoken even as he fielded a storm of questions from lawmakers angry over a host of...

21:08

Google CEO responds to Steve King's iPhone concerns: 'Congressman, iPhone is made by a different company' "IndyWatch Feed Tech"

Google CEO Sundar Pichai Tuesday responded to Rep. Steve Kings (R-Iowa) confusion over why he sees unwelcome news on his iPhone, telling King, Congressman, iPhone is made by a different company.After @SteveKingIA raises inscrutable concerns about...

20:49

Firefox 64 released "IndyWatch Feed Tech"

The Mozilla Blog takes a look at the Contextual Feature Recommender (CFR) in Firefox 64. "Aimed at people who are looking to get more out of their online experience or ways to level up. CFR is a system that proactively recommends Firefox features and add-ons based on how you use the web. For example, if you open multiple tabs and repeatedly use these tabs, we may offer a feature called Pinned Tabs and explain how it works. Firefox curates the suggested features and notifies you. With todays release, we will start to rollout with three recommended extensions which include: Facebook Container, Enhancer for YouTube and To Google Translate. This feature is available for US users in regular browsing mode only. They will not appear in Private Browsing mode. Also, Mozilla does NOT receive a copy of your browser history. The entire process happens locally in your copy of Firefox." The release notes contain more details about this release.

20:46

Steve King asks Google CEO for names of employees to see if they're liberals "IndyWatch Feed Tech"

Rep. Steve King (R-Iowa) asked Google CEO Sundar Pichai to disclose the names of more than 1,000 employees who work on the search engines algorithm to examine for a built-in bias.There is a very strong conviction on this side of the aisle that...

20:44

Dem lawmaker asks Google CEO why Trump's photo shows up when she searches for 'idiot' "IndyWatch Feed Tech"

Google CEO Sundar Pichai was asked to explain during a congressional hearing Tuesday why photos of President Trump appear when people type the word idiot into the company's search engine."Right now, if you Google the word 'idiot' under images, a...

20:43

[$] Large files with Git: LFS and git-annex "IndyWatch Feed Tech"

Git does not handle large files very well. While there is work underway to handle large repositories through the commit graph work, Git's internal design has remained surprisingly constant throughout its history, which means that storing large files into Git comes with a significant and, ultimately, prohibitive performance cost. Thankfully, other projects are helping Git address this challenge. This article compares how Git LFS and git-annex address this problem and should help readers pick the right solution for their needs.

20:30

Modified F Clamp is Wheely Good "IndyWatch Feed Tech"

Sometimes, a job is heavy, messy, or unwieldy, and having an extra pair of hands to help out makes the job more than twice as easy. However, help isnt always easy to find. Faced with this problem, [create] came up with an ingenious solution to help move long and heavy objects without outside assistance.

Simple, and effective.

The build starts with a regular F-clamp  a familiar tool to the home woodworker. The clamp is old and worn, making it the perfect candidate for some experimentation. First off, the handle is given a good sanding to avoid the likelihood of painful splinters. Then, the top bar is drilled and tapped, and some threaded rod fitted to act as an axle. A polyurethane wheel from a childrens scooter is then fitted, and held in place with a dome nut.

The final product is a wheel that can be clamped to just about anything, making it easier to move. [create] demonstrates using the wheelclamp to move a long piece of lumber, but we fully expect to see these on the shelf of Home Depot in 12 months for moving furniture around the house. With a few modifications to avoid marring furniture, these clamps could be a removalists dream.

While youre busy hacking your tools,...

20:23

These useless quirks of evolution are actually evidence for the theory "IndyWatch Feed Tech"

I guess I just feel like venting for a moment So here goes


Why are humans the only animals with chins?

20:13

Group-IB identifies leaked credentials of 40,000 users of government websites in 30 countries "IndyWatch Feed Tech"

Group-IB, an international company that specializes in preventing cyberattacks, has detected more than 40 000 compromised user credentials of online government services in 30 countries around the world.

Most of the victims were in Italy (52%), Saudi Arabia (22%) and Portugal (5%). Users data might have been sold on underground hacker forums or used in targeted attacks to steal money or exfiltrate sensitive information. CERT-GIB (Group-IBs Computer Emergency Response Team) upon identification of this information promptly warned CERTs of the affected countries about the threat so that risks could be mitigated.

Group-IB Threat Intelligence has detected government websites user accounts compromised by cyber criminals in 30 countries. Official government portals including Poland (gov.pl), Romania (gov.ro),Switzerland (admin.ch), the websites of Italian Ministry of Defense (difesa.it), Israel Defense Forces(idf.il), the Government of Bulgaria (government.bg), the Ministry of Finance of Georgia (mof.ge),Norwegian Directorate of Immigration (udi.no), the Ministries of Foreign Affairs of Romania and Italyand many other government agencies were affected by the data compromise.

Government employees, military and civilian citizens who had accounts on official government portals of France (gouv.fr), Hungary (gov.hu) and Croatia (gov.hr) became victims of this data compromise. In total Group-IB Threat Intelligence system has detected more than 40 000 comprised user accounts of the largest government websites in 30 countries across the world over the past year and a half Italy (52%), Saudi Arabia (22%) and Portugal (5%) were aff...

20:13

Chinese Gene-Editing Scientist's Project Rejected for WHO Database (Plus: He Jiankui is Missing) "IndyWatch Feed Tech"

China gene-editing scientist's project rejected for WHO database (original)

A Chinese branch of the World Health Organization has withdrawn an application to register He Jiankui's project in its clinical database. The move comes after China's government halted He's work, saying it would take a "zero tolerance attitude in dealing with dishonorable behavior" in research.

He has faced a global backlash after claiming to have produced the world's first gene-edited babies in a bid to make them HIV-resistant. The project drew international criticism for its lack of transparency, with health officials and other scientists concerned that it raises ethical questions that will taint other work in the field.

The application to enter the database of the Chinese Clinical Trial Registry was rejected because "the original applicants cannot provide the individual participants' data for reviewing," according to the registry's website.

[...] He's whereabouts are still unknown. Hong Kong newspaper Apple Daily cited unnamed sources earlier this month that the researcher was put on house arrest by his university, Southern University of Science and Technology in Shenzhen, but representatives of the university and He's lab both declined to comment.

takyon: Several news organizations reported on Dec. 3 that He Jiankui was missing.

Previously: Chinese Scientist Claims to Have Created the First Genome-Edited Babies (Twins)
Furor Over Genome-Edited Babies Claim Continues (Updated)


Original Submission

Read more of this story at SoylentNews.

20:12

New Comodo Cybersecurity services address mounting SMB cyberattacks "IndyWatch Feed Tech"

Comodo Cybersecurity, a global leader in threat intelligence and malware cyberdefense, today introduced new managed security services in response to mounting cyberattacks on small and medium-sized businesses (SMBs) as well as state and local government and education organizations (SLEDs). cWatch MDR SOCaaS is a platform for the future, built the SOC using NIST and CSF with remote access for your security to benefit without the huge costs A staggering 58 percent of all malware attack More

The post New Comodo Cybersecurity services address mounting SMB cyberattacks appeared first on Help Net Security.

20:09

Linux Kernel Developers Discuss Dropping x32 Support "IndyWatch Feed Tech"

It was just several years ago that the open-source ecosystem began supporting the x32 ABI, but already kernel developers are talking of potentially deprecating the support and for it to be ultimately removed...

19:55

Multiple telnet.c overflows "IndyWatch Feed Tech"

Posted by Hacker Fantastic on Dec 11

Original advisory is here -
https://hacker.house/releasez/expl0itz/inetutils-telnet.txt

GNU inetutils <= 1.9.4 telnet.c multiple overflows
==================================================
GNU inetutils is vulnerable to a stack overflow vulnerability in the
client-side environment
variable handling which can be exploited to escape restricted shells
on embedded devices.
Most modern browsers no longer support telnet:// handlers, but in...

19:43

Hardwood Floors, Natural Light and the Right to Choose Your ISP "IndyWatch Feed Tech"

Your landlord is prohibited from making deals that restrict you to a single video provider, and those prohibitions should apply to your broadband service as well. Yet, across the country, tenants remain locked into a single choice. In January of 2017, San Francisco became the first city to take action toward filling in the loopholes that enable anti-competitive practices. Will 2019 see more cities adopting similar protections?

Large Corporate ISPslooking to lock out competitionhave created a market of landlord addiction to practices that take advantage of these loopholes in the FCCs prohibition on exclusive access agreements, by simply denying physical access to any but their preferred ISP. These owners and Real Estate Investment Trusts may charge prohibitive Door Fees, participate in ISP revenue sharing schemes, or enter into exclusive marketing agreements. While ostensibly legal, these practices often result in the same lack of choice, and disincentivization of innovation, the FCC intended to curtail.

Xfinity Revenue Sharing Scheme

Proposed revenue share for building owners. Image Source: Wired



Along with EFF, residents, community groups, and local ISPs are already looking to break this corporate ISP stranglehold in neighboring Oakland. Media Alliance Executive Director, Tracy Rosenberg notes Letting tenants use their choice of providers creates better services for all by forcing the big companies to compete. It prevents them from tying up the market by crafting exclusive deals with big landlords. Rosenberg adds that It can also let you put your values into action by getting Internet services from companies that agree to abide by net neutrality, or have better data privacy practices and don't sell your data or voluntarily respond to government information requests.

Letting tenants use their choice of providers creates better services for...

19:41

Dem knocks GOP colleagues: Blame 'yourself' for unfavorable Google search results "IndyWatch Feed Tech"

Rep. Ted Lieu (D-Calif.) on Tuesday compared positive and negative Google search results for two GOP lawmakers on the House Judiciary Committee to rebut claims that the search engine is biased against conservatives.Lieu compared...

18:51

Apps on smartphones are selling and sharing our location data 24/7 "IndyWatch Feed Tech"

By Waqas

Its no surprise that the apps we download on our smartphones are tracking our movements and also transferring the information to third parties without our consent. Last year it was Google caught collecting location data of Android users even if their devices location service was off then the Gay dating app Grindr, Facebook and the fitness app by []

This is a post from HackRead.com Read the original post: Apps on smartphones are selling and sharing our location data 24/7

15:07

PlayStation Classic hacked to become platform-free console "IndyWatch Feed Tech"

By Uzair Amir

Retro remake consoles are the preferred targets of hackers and their latest victim is Sonys PlayStation Classic. According to reports, the security of PlayStation Classic is substantially affected by weak cryptography and this is why prominent console hackers including madmonkey1907 and yifanlu managed to exploit the UART serial port to get access to the console []

This is a post from HackRead.com Read the original post: PlayStation Classic hacked to become platform-free console

12:33

Phippy + Cloud Native Friends Make CNCF Their Home "IndyWatch Feed Tech"

In 2016, Deis (now part of Microsoft) platform architect Matt Butcher was looking for a way to explain Kubernetes to technical and non-technical people alike. Inspired by his daughters prolific stuffed animal collection, he came up with the idea of The Childrens Illustrated Guide to Kubernetes. Thus Phippy, the yellow giraffe and PHP application, along with her friends, were born.

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog