IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Saturday, 20 January


What has the Necurs botnet been up to? Help Net Security

The Necurs botnet has been slowly growing since late 2012 and still tops the list of largest spam botnets in the world. Since then, the botnet has occasionally stopped or temporarily minimized the sending out of spam but has returned in full force. How big is the Necurs botnet? Its difficult to say precisely, but the latest information provided by the Cisco Talos team can give a general idea. The researchers analyzed 32 distinct spam More


Researchers uncover mobile, PC surveillance platform tied to different nation-state actors Help Net Security

The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign that has targeted activists, journalists, lawyers, military personnel, and enterprises in more than 20 countries in North America, Europe, the Middle East, and Asia. They have dubbed the threat Dark Caracal, and have traced its activities to as far back as 2012. The malware used by Dark Caracal The attackers went after information stored on targets Android devices More


Infosec expert viewpoint: Google Play malware Help Net Security

Researchers routinely discover a variety of malicious apps on Google Play, some of which have been downloaded and installed on millions of devices worldwide. Heres what infosec experts think about the security of Google Play, what they think Google should do better, and what users can do in order to protect themselves from malicious apps on the official Android app store. Chris Boyd, Lead Malware Intelligence Analyst, Malwarebytes Google Play continues to have issues where More


New infosec products of the week: January 19, 2018 Help Net Security

Continuous vulnerability management for ICS cybersecurity PAS Cyber Integrity 6.0 now includes continuous vulnerability management providing visibility into vulnerability risk within industrial process control networks. Cyber Integrity moves beyond traditional IT vulnerability management by also addressing the proprietary industrial control systems that comprise 80 percent of a facility environment. BlackBerry releases cloud-based static binary code scanning solution BlackBerry Jarvis is a cloud-based static binary code scanning solution that identifies vulnerabilities in software used in automobiles. More


chaiOS Bug can crash iMessage App on any iPhone and macOS with a simple link Security Affairs

The software developer Abraham Masri has discovered a new bug, dubbed chaiOS that could be exploited to crash a targets iMessage application.

The researcher and software developer Abraham Masri has discovered a new bug, dubbed chaiOS  Text Bomb that could be exploited to crash recipients iMessage application in a continuous loop.

The flaw exploited by the chaiOS  Text Bomb affects both iOS and macOS, according to researchers at Yalu Jailbreak, the bug is currently compatible up till iOS 11.1.2 firmware, this means that it affects iMessage apps on macOS High Sierra, iOS 10 to 10.3.3, and iOS 11 to 11.2.1.

The exploitation of the issue is very simple, an attacker just needs to send a link to a web page hosting a JavaScript code that attempts to send an SMS message. The iMessage application fails to properly handle the code triggering the crash of the app. In some cases, it has been observed that the iMessage app enters a continuous reboot loop.

A proof-of-concept page has been put together by Masri and shared on Twitter yesterday, but the page has been removed from GitHub due to potential abuses, anyway, a new mirror has been already added.

chaiOS is a malicious iOS bug that can cause the target device to freeze, respring, drain the battery, and possibly kernel panic. It is developed by the eminent jailbreak developer, Abraham Masri.

Here are the known after-effects once someone opens the malicious link.

  • The stock Messages app goes completely blank.
  • Messages app crashes instantly after openi...


IT infrastructure spending for cloud environments to reach $46.5 billion in 2017 Help Net Security

Total spending on IT infrastructure products (server, enterprise storage, and Ethernet switches) for deployment in cloud environments is expected to total $46.5 billion in 2017 with year-over-year growth of 20.9%, according to a new forecast from IDC. Public cloud datacenters will account for the majority of this spending, 65.3%, growing at the fastest annual rate of 26.2%. Off-premises private cloud environments will represent 13% of cloud IT infrastructure spending, growing at 12.7% year over year. More

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Friday, 19 January


Experimental KPTI Support For x86 32-bit Linux Phoronix

For the Kernel Page Table Isolation (KPTI) support currently within the Linux kernel for addressing the Meltdown CPU vulnerability it's currently limited to 64-bit on the x86 side, but for the unfortunate souls still running x86 32-bit operating systems, SUSE is working on such support...


Long-Range RFID Leaflets Hackaday

Pick a card, any card. [Andrew Quitmeyer] and [Madeline Schwartzman] make sure that any card you pick will match their NYC art installation. Replantment is an interactive art installation which invites guests to view full-size leaf molds from around the world.

A receipt file with leaf images is kept out of range in this art installation. When a viewer selects one, and carries it to the viewing area, an RFID reader tells an Arduino which tag has been detected. Solid-state relays control two recycled clothing conveyors draped with clear curtains. The simple units used to be back-and-forth control but through dead-reckoning, they can present any leaf mold front-and-center.

Clothing conveyors from the last century werent this smart before, and it begs the question about inventory automation in small businesses or businesses with limited space.

We havent seen much long-range RFID, probably because of cost. Ordinary tags have been read at a distance with this portable reader though, and NFC has been transmitted across a room, sort of.


CVE-2017-15105 Unbound: NSEC processing vulnerability (DNSSEC) Open Source Security

Posted by Ralph Dolmans on Jan 19


Below is a copy of Unbound's CVE description that can be found at



The CVE number for this vulnerability is CVE-2017-15105.

== Summary
We discovered a vulnerability in the processing of wildcard synthesized
NSEC records. While synthesis of NSEC records is allowed by RFC4592,
these synthesized owner names should not be used in the NSEC processing.
This does, however,...


Re: How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Nicholas Luedtke on Jan 19

In my extremely humble opinion, a patched "semi-public" issue is better
than a unpatched private issue that is known to unknown number of people
with unknown intentions.


Apologies for sending this off list Alexander.


AMDGPU Firmware Blobs Updated For Video Encode/Decode Phoronix

There are updated AMDGPU microcode/firmware files now available for recent Radeon GPUs...


AI is continuing its assault on radiologists Lifeboat News: The Blog

A new model can detect abnormalities in x-rays better than radiologistsin some parts of the body, anyway.

The results: Stanford researchers trained a convolutional neural network on a data set of 40,895 images from 14,982 studies. The paper documents how the algorithm detected abnormalities (like fractures, or bone degeneration) better than radiologists in finger and wrist radiographs. However, radiologists were still better at spotting issues in elbows, forearms, hands, upper arms, and shoulders.

The background: Radiologists keep getting put up against AI, and they usually dont fare even as well as this. Geoffrey Hinton, a prominent AI researcher, told the New Yorker that advances in AI mean that medical schools should stop training radiologists now.


Is aging natural or a pathological disease that we can treat? Lifeboat News: The Blog

Treating the diseases of ageing requires rethinking of our approach to treating disease. Rather than a whack-a-mole strategy going after individual conditions, a concerted medical effort against ageing as a whole is in order.

Aging is something that we all share, rich or poor; it is something that happens to us all, and we are taught from a young age that it is inevitable. However, some scientists believe that aging is amenable to medical intervention and that such interventions could be the solution to preventing or reversing age-related diseases.

Academics are currently debating whether aging is natural or a pathological disease that we can treat.

In fact, there is now pressure from many academics to classify aging itself as a disease; indeed, doing so could potentially improve funding for aging research and help to speed up progress in finding solutions to age-related diseases.[1] The debate continues, but does it really matter if aging is classified as a disease, or is it largely a matter of semantics?


Health South East RHF data breach exposed health records for half of Norways Population Security Affairs

On January 8, the Health South East RHF, that is the healthcare organization that manages hospitals in Norways southeast region disclosed a major security breach.

On January 8, the Health South East RHF, that is the healthcare organization that manages hospitals in Norways southeast region (countries of stfold, Akershus, Oslo, Hedmark, Oppland, Buskerud, Vestfold, Telemark, Aust-Agder and Vest-Agder), disclosed a security breach that may have exposed sensitive data belonging to more than half of the population.

The incident was announced by the national healthcare security centre HelseCERT that detected an abnormal activity against computer systems in the region. HelseCERT notified the incident to local authorities as well as NorCERT.

We are in a phase where we try to get an overview. Its far too early to say how big the attack is. We are working to acquire knowledge of all aspects, Kjetil Nilsen, director of NorCERT, the National Security Authority (NSM) told Norwegian media outlet VG.

Everything indicates that it is an advanced player who has the tools and ability to perform such an attack. It can be advanced criminals. There is a wide range of possibilities,

According to the HelseCert, the security breach is the result of an attack conducted by advanced and professional hackers.

Authorities announced important measures to limit the damage caused by the security breach.

A number of measures have been implemented to remove the threat, and further measures will be implemented in the future, announced Norways Ministry of Health and Care in a statement.

This is a serious situation and measures have been taken to limit the damage caused by the incident, reads a joint statement published by Health South East RHF and Sykehuspartner HF

The hospitals in the region currently serve 2.9 million inhabitants, that correspond to 56 percent of the overall population composed of 5.2 million citizens.



American Pay May be Low Because There Are Too Few Employers SoylentNews

Found this interesting, you may too.

A new research paper that may help unlock the mystery of why Americans can't seem to get a decent raise. Economists have struggled over that question for years now, as wage growth has stagnated and more of the nation's income has shifted from the pockets of workers into the bank accounts of business owners. Since 1979, inflation-adjusted hourly pay is up just 3.41 percent for the middle 20 percent of Americans while labor's overall share of national income has declined sharply since the early 2000s. There are lots of possible explanations for why this is, from long-term factors like the rise of automation and decline of organized labor, to short-term ones, such as the lingering weakness in the job market left over from the great recession. But a recent study by a group of labor economists introduces an interesting theory into the mix: Workers' pay may be lagging because the U.S. is suffering from a shortage of employers.

[...] argues that, across different cities and different fields, hiring is concentrated among a relatively small number of businesses, which may have given managers the ability to keep wages lower than if there were more companies vying for talent. This is not the same as saying there are simply too many job hunters chasing too few openingsthe paper, which is still in an early draft form, is designed to rule out that possibility. Instead, its authors argue that the labor market may be plagued by what economists call a monopsony problem, where a lack of competition among employers gives businesses outsize power over workers, including the ability to tamp down on pay. If the researchers are right, it could have important implications for how we think about antitrust, unions, and the minimum wage.

Read more of this story at SoylentNews.


Theres a new sex robot in town: Say hello to Solana Lifeboat News: The Blog

Still looks kind of cartoony. But, i would really like to see a head like this put on the body of the ATLAS robot, just to see where we are at with the best android we could possibly make right now. Oh, and put clothes on it, have it walk down the street. The next Turing test will be can it dupe people into thinking it is a person, in person.


This USB Drive Will Self-Destruct After Ruining Your Computer Hackaday

Who would have thought that you could light up pyrotechnics on USB power? This USB keystroke injector that blows up after its used proves the concept.

Fully aware that this is one of those just because you can doesnt mean you should projects, [MG] takes pains to point out that his danger dongle is just for dramatic effect, like a prop for a movie or the stage. In fact, he purposely withholds details on the pyrotechnics and concentrates on the keystroke injection aspect, potentially nasty enough by itself, as well as the dongles universal payload launching features. Were a little bummed, because the confetti explosion (spoiler!) was pretty neat.

The device is just an ATtiny85 and a few passives stuffed into an old USB drive shell, along with a MOSFET to trigger the payload. If you eschew the explosives, the payload could be anything that will fit in the case. [MG] suggests that if you want to prank someone, an obnoxious siren might be a better way to teach your mark a lesson about plugging in strange USB drives.

While this isnt the most dangerous thing you can do with a USB port, it could be right up there with that rash of USB killer dongles from a year or so ago. All of these devices are fun what ifs, but using them on anything but your own computers is not cool and possibly dangerous. Watching the smoke pour out of a USB socket definitely drives home the point that you shouldnt plug in that thumbdrive that you found in the bathroom at work, though.

[Yuu], thanks for the tip.


Wealthy Exodus to Escape New Tax Rules Worries California Democrats

Via: Sacramento Bee: The states wealthiest 1 percent, for instance, pay 48 percent of its income tax, and the departure of just a few families could lead to a noticeable hit to state general fund revenue. It is a genuine concern and thats why the legislatures in high-tax states are swinging into action immediately, said []


Why Some African Americans Are Moving to Africa

Via: Al Jazeera: You might not have electricity, but you wont get killed by the police either. I think more will come when they begin to see it as a viable alternative. But its not easy and its not cheap. I cant say whats happening in America today is any worse than whats been []


openSUSE Tumbleweed Rolls To Mesa 17.3, Linux 4.14.13 Phoronix

OpenSUSE has continued rolling in the new year with several key package updates in January...


AMDGPU DC Gets More Raven Ridge Improvements, Audio Fixes Phoronix

Harry Wentland of AMD has sent out the latest batch of patches for the AMDGPU DC display code stack. Fortunately it lightens up the DRM driver by about six thousand lines thanks to removing some unused code...


Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012 The Hacker News

A global mobile espionage campaign collecting a trove of sensitive personal information from victims since at least 2012 has accidentally revealed itselfthanks to an exposed server on the open internet. It's one of the first known examples of a successful large-scale hacking operation of mobile phones rather than computers. The advanced persistent threat (APT) group, dubbed Dark Caracal,


R600g "Soft" FP64 Shows Signs Of Life, Enabling Older GPUs To Have OpenGL 4 In 2018 Phoronix

Most pre-GCN AMD graphics cards are still limited to OpenGL 3.3 support at this time due to not supporting FP64. Only the HD 5800/6900 series on R600g currently have real double-precision floating-point support working right now so at present they are on OpenGL 4.3 rather than 3.3, but those other generations may be catching up soon thanks to the "soft" FP64 code...


Volumetric Photogrammetry Big Words, Bigger Impact on VR SoylentNews

Although VR is still in its infancy, "traditional" methods of capturing and transforming footage have emerged. Typically, to shoot 360-degree VR content, a cameraperson employs several cameras rigged in a spherical formation to capture the scene. According to Alicia Millane's blog entry on The Primacy, "Each camera is mounted at a specific angle so the camera's field of view will overlap portions of the surrounding cameras' field of view." With the overlap, editors should be able to get more seamless footage, without any gaps.

[...] Enter volumetric photogrammetry. A mouthful, for sure, but this method of creating virtual environments could possibly hold the key to the future of VR. Unlike the method mentioned above, there are no takes or shots in volumetric VR that are later edited in post-production. This allows for a much more fluid experience, as the consumer frames the scene and chooses his or her own perspective. Using the volumetric capture method, footage of a real person is recorded from various viewpoints, after which software analyzes, compresses and recreates all the viewpoints of a fully volumetric 3D human.

With volumetric VR explained, photogrammetry's defining characteristic is the principle of triangulation. As explained in a blog post on Viar360, triangulation involves taking photographs from at least two locations to form lines of sight. "These lines of sight are then mathematically intersected to produce the 3-dimensional coordinates of the points of interest."

[...] Immersive experiences utilizing volumetric photogrammetry may convey a much more authentic and realistic environment to the end user. Per VRt Ventures founder, Jacob Koo, "If virtual reality has the chance to reach its full potential, then consumers must feel like they are actually somewhere they cannot be physically. That perception takes VR technology out of the novelty category and makes it something actually useful."

Source: TechCrunch

Original Submission

Read more of this story at SoylentNews.


CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS Open Source Security

Posted by P J P on Jan 19


Quick Emulator(Qemu) built with a macro ROUND_UP(n, d), used to promote number
'n' to the nearest multiple of 'd', is vulnerable to an integer overflow
issue. It could occur if 'd' is unsigned and smaller in type from 'n'.

A user could use this flaw to crash the Qemu process resulting in DoS.

Upstream patch:


Mesa 17.3.3 Released With RADV & ANV Vulkan Driver Fixes Phoronix

Mesa 17.3.3 is now available as the latest point release for the Mesa 17.3 stable series...


Dark Caracal APT Lebanese intelligence is spying on targets for years Security Affairs

A new long-running player emerged in the cyber arena, it is the Dark Caracal APT, a hacking crew associated with to the Lebanese General Directorate of General Security that already conducted many stealth hacking campaigns.

Cyber spies belonging to Lebanese General Directorate of General Security are behind a number of stealth hacking campaigns that in the last six years, aimed to steal text messages, call logs, and files from journalists, military staff, corporations, and other targets in 21 countries worldwide.

New nation-state actors continue to improve offensive cyber capabilities and almost any state-sponsored group is able to conduct widespread multi-platform cyber-espionage campaigns.

This discovery confirms that the barrier to entry in the cyber-warfare arena has continued to
decrease and new players are becoming even more dangerous.

The news was reported in a detailed joint report published by security firm Lookout and digital civil rights group the Electronic Frontier Foundation.

The APT group was tracked as Dark Caracal by the researchers, its campaigns leverage a custom Android malware included in fake versions of secure messaging apps like Signal and WhatsApp.
Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal2, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut. At present, we have knowledge of hundreds of gigabytes of exfiltrated data, in 21+ countries, across thousands of victims. Stolen
data includes enterprise intellectual property and personally identifiable information. states the report.

The attack chain implemented by Dark Caracal relies primarily on social engineering, the hackers used messages sent to the victims via Facebook group and WhatsApp messages. At a high-level, the hackers have designed three different kinds of phishing messages to trick victims into visiting a compromised website, a typical watering hole attack.



[SECURITY] [DSA 4092-1] awstats security update Bugtraq

Posted by Sebastien Delafond on Jan 19

Debian Security Advisory DSA-4092-1 security () debian org Sebastien Delafond
January 19, 2018

Package : awstats
CVE ID : CVE-2017-1000501
Debian Bug :...


Links 19/1/2018: Linux Journalism Fund, Grsecurity is SLAPPing Again Techrights

GNOME bluefish



  • $25k Linux Journalism Fund

    Linux Journals new parent, Private Internet Access, has established a $25k fund to jump-start the next generation of Linux journalismand to spend it here, where Linux journalism started in 1994.

    This isnt a contest, and there are no rules other than the ones that worked for journalism before it starting drowning in a sea of content.

  • Private Internet Access and Linux Journal set up $25,000 fund to reward experienced and aspiring writers
  • NHS used Linux project to negotiate with Microsoft: claim

    Britains National Health Service appears to have used a project set up to create a Linux alternative for its employees smartcards and later, hopefully, a desktop alternative to Windows to bargain with Microsoft and obtain an enterprise-wide desktop deal.

  • Desktop

    • Introducing my new friend: a Slimbook

      I have been following Slimbook for some time now. As you probably know, they ship a KDE laptop that is very cool, with KDE Neon pre-installed. They have attended to a couple of events I have attended to so I have been able to test their laptops, get feedback from buyers and ask them questions directly. The fact that they are a Spanish company was a beautiful surprise, We do not have that many hardware integrators and vendors in Spain.

      But what definitely caught my attention was the fact that they pay a lot of attention to the software. They ship the laptops with Linux pre-installed. Ok, that is not new any more. But they do pre-install several different distros. Now, thats uncommon. But news do not...


Chinas ambitions in space are growing Lifeboat News: The Blog

That failure, and another one last year involving another type of Long March rocket, slowed Chinas space efforts. Officials had hoped to launch around 30 rockets of one type or another in 2017 but only managed 18 (there were 29 launches in America and another 20 of Russian onessee chart). But they promise to bounce back in 2018, with 40-or-so lift-offs planned this year. These will probably include a third outing for the Long March 5assuming its flaws can be fixed in timeand missions that will greatly expand the number of satellites serving BeiDou, Chinas home-grown satellite navigation system.

NATTY yellow carts whizz tourists around Wenchang space port, a sprawling launch site on the tropical island of Hainan. The brisk tour passes beneath an enormous poster of Xi Jinping, Chinas president, then disgorges passengers for photographs not far from a skeletal launch tower. Back at the visitor centre there is a small exhibition featuring space suits, a model moon-rover and the charred husk of a re-entry capsule that brought Chinese astronauts back from orbit. A gift shop at the exit sells plastic rockets, branded bottle openers and cuddly alien mascots.

The base in a township of Wenchang city is the newest of Chinas four space-launch facilities. It is also by far the easiest to visitthanks in part to the enthusiasm of officials in Hainan, a haven for tourists and rich retirees. Wenchangs local government has adopted a logo for the city reminiscent of Starfleet badges in Star Trek. It is building a space-themed tourist village near the launch site, with attractions that include a field of vegetables grown from seeds that have been carried in spaceships.

Upgrade your inbox.


How to install Spotify application on Linux nixCraft

How do I install Spotify app on Ubuntu Linux desktop to stream music? Spotify is a digital music stream service that provides you access to tons of songs. You can stream for free or buy a subscription. Creating a playlist is possible. A subscriber can listen music ad-free. You get better sound quality. This page Continue reading "How to install Spotify application on Linux"

The post How to install Spotify application on Linux appeared first on nixCraft.


DIY Spray Booth is Both Light and Lit Hackaday

Industrial designer [Eric Strebel] has access to big, walk-in spray booths, but bigger isnt always better. For small jobs, its overkill, and he wanted his own spray booth anyway. If youre ready to upgrade from that ratty old cardboard box in the garage, look no further than [Eric]s spray booth how-to after the break.

If you dont already know, [Eric] is something of a foam core legend. He has several videos about model building techniques that produce really slick results, so its no surprise to see these skills transfer to a larger build. The booth is built from a single 40 x 60 sheet of 1/2 foam core board, a furnace filter, and a vent fan modified to fit his shops system. The whole thing cost less than $200, most of which goes toward the fan.

[Eric] modified an existing spray booth plan to fit his needs and added some really nice touches along the way. All the edges are beveled and the unfinished faces are taped, so at first glance it looks like its made out of painted wood or melamine board. The furnace filter slides out one side for easy replacement and is braced with foam scraps so it wont fall forward. The best part of this booth is the LED stripsthey make for way better working conditions than the dim recesses of a cardboard box.

If youd rather build a walk-in spray booth, why not make your own sliding barn doors, too?

FTC Investigating Broadcom for Antitrust Practices SoylentNews

The Federal Trade Commission (FTC) is investigating whether chipmaker Broadcom Ltd engaged in anticompetitive tactics in negotiations with customers, the company said on Wednesday.

The investigation comes as Broadcom pursues a hostile takeover of Qualcomm in a $103 billion deal. Since the FTC would likely review any merger for anticompetitive practices, the current probe could make regulatory approval more challenging.

Broadcom was recently issued subpoenas that seek an extensive amount of information, according to The Wall Street Journal, which was the first to report the probe on Wednesday.

The focus of the concern has been that Broadcom has changed some contracts to require customers to buy a percentage of its production of items rather than a certain number, the paper reported.

"This FTC review is immaterial to our business, does not relate to wireless and has no impact on our proposal to acquire Qualcomm," Broadcom said in a statement.

Source: Reuters

Original Submission

Read more of this story at SoylentNews.


MPAA Wins $19.8 Million From Pirate Site Pubfilm TorrentFreak

In recent years the MPAA has pursued legal action against several pirate sites and the streaming service Pubfilm is one of their latest targets.

Hollywoods industry group initially kept the lawsuit secret. This was done to prevent Pubfilms operator from moving to a new domain preemptively. While this strategy worked, Pubfilm didnt throw in the towel.

Soon after the domain name was suspended, the site moved to And that wasnt all. Pubfilm also started to actively advertise its new domain through Google Adsense to regain its lost traffic.

Today, close to a year has passed and Pubfilm is still around. The site moved from domain to domain and currently resides at and a few other domains that are advertised on the site.

All this time the company failed to responded in court, so the case saw little movement. This week, however, the MPAA made its demands clear and soon after the court issued a default against the site and its unknown operators.

Defendants are Internet pirates who own, operate, and promote a ring of interconnected websites under the name PubFilm and variants thereof whose purpose is to profit from the infringement of copyrighted works, the group wrote in its request.

Because of this continued infringement, the MPAA demanded the maximum amount of statutory copyright infringement damages. With 132 titles listed in the complaint, this totals nearly $20 million.

Given the egregious circumstances of this case, Plaintiffs should be awarded the full amount of statutory damages of $150,000 for each of the 132 Works identified in the Complaint, for a total of $19,800,000, the MPAA writes in its memorandum.

In addition, the Hollywood studios requested a permanent injunction that will require domain registries to put associated domain names on hold and sign them over to the MPAA.

Both requests were granted by the court on Thursday.

Pubfilm domain hopping

Previously, several domain names were aready seized through a preliminary injunction that resulted in Pubfilm moving from domain to domain in recent months. While these seizures can be effective, not all domain registries will comply with a US court order.

One of Pubfilms main domai...


First full-colour motion video from satellites Lifeboat News: The Blog

Earth-i, a mapping service based in England, has launched a prototype of the worlds first full-colour, full-motion video satellite constellation.

worlds first colour video from satellites

British company Earth-i has successfully launched a prototype of its upcoming satellite constellation into orbit. The new network known as Vivid-i will be the first of its kind to provide full-colour motion video and the first European-owned constellation able to provide both video and still images.


Detexian Reviewed

I am an early adopter of Detexian, a service which I increasingly rely on for security. My wife and I run a small media entity which attracts about 5 million hits a week. The sites are and One of the sites is modest and non-confrontational, whereas the other one (the latter) is more controversial because it is critical of activities such as bribery, illegal surveillance, and all sorts of corruption. There are certainly people and organisations that are willing to spy on and undermine the site. Some of those who get criticised are large technology companies and institutions they work with.

We cannot keep up with logs because we are a small team and we cannot properly analyse these for security threats. It is just infeasible. For analysis of logs we also require a service which is isolated from surveillance-intensive hosts such as Amazon. We moreover operate on a very small budget as the sites are public services rather than for-profit.

We now rely on Detexian to inspect the traffic and generate concise reports. Detexian helps to avert disaster or alert about troubling patterns in activity before disaster strikes or flaws are found/exploited. and are not young sites. They have been around for nearly a decade and a half; over the years we have suffered more DDOS attacks than we can remember and there were also intrusion attempts (none were successful). Some attacks managed to cause damage, but it was always repairable. Recently, Detexian alerted us about SQL injection attempts and made recommendations.

We shall continue to rely on Detexian in the foreseeable future and are happy to pay for the service knowing that someone has got our back and is providing informed advice on how to guard the sites.


Warren Buffett Won a Decade-Old $1M Bet Terra Forming Terra

The truth this underlies has always been there.  It is that money management is hopelessly over priced and that it needs to extract human input generally.   In fact an AI will easily beat them all  sooner or later.

Recall that all markets are made by the shifting back and forth of investors. Thus the proper object of analysis is actually the human distribution of those investors and their inherent financial capability.  The actual company involved if it is a stock needs only operate to ensure investor confidence .  

In short, investigating their accountancy is mostly a complete waste of effort.

In the event Buffet understood that what was claimed by all hedge funds was not realistic..

Warren Buffett Won a Decade-Old $1M Bet

Friday, January 05, 2018

Now, the ten-year betting period is officially over.



Strange Anomalies on Sunshine Coast Terra Forming Terra

What makes this unusual is that they are effectively spaced apart and not a group but obviously still are.

It could be a section of soldiers wearing  gravity belts and camouflaged to look like a bit of cloud.  It is an obvious application once you have the gravity belts.  It certainly is no natural phenomena and the cotton like camouflage  is about right for this as human operated platform.

This naturally extends our expectations regarding the USSS and its operational capabilities.

Recall that this entire program is dependent on one discovery and that is gravity manipulation.  Original lab work around 1955 and we also confirmed it all in our own lab work.  In short I know it exists and why from a theoretical viewpoint.  When we discovered it, it was obviously too easy and I checked the literature to locate 1955.

Strange Anomalies on Sunshine Coast

I recently received the following account:

I'm sorry but I will have to guess the year as around 2010. I had been living in Australia since 2007 and had moved back to the Sunshine Coast after a year in Northern Queensland.

My mother had come out to visit from the U.K and the weather had not been good so when we had a clearer day (it was a Wednesday, I'm sure about that). I decided to take her to one of the nicest spots, just to sit on the beach and relax. Mums not young anymore and she likes to just sit and re...


Five Russian Cryptocurrency Projects You Should Know About Terra Forming Terra

This item gives us a glimpse of the future coming at us.  It even reflect my earlier thoughts regarding the natural community in those farm based applications.  It is already infecting the natural community and blossoming.
This is actually huge of course and informs us the the bitcoin market will provide a true global currency outside the control of all national governments. 

Yet it will be subsumed by the natural community is both its virtual manifestation and its physical form however rare.
Five Russian Cryptocurrency Projects You Should Know About

Russia is a massive presence in the cryptocurrency phenomenon.

Nina Lyon

Sat, Dec 23, 2017

Russia has produced lots of prominent figures in the crypto industry, including Vitalik Buterin and Igor Barinov. These days, its almost impossible to come across some ICO landing page without seeing at least one Russian name on the team.

While projects like Ethereum and Blocknotary went global and are hardly related to Russia itself, the country seems to have more prominent projects and people it could contribute to the expanding blockchain universe. Even though the regulatory environment in Russia remains ambiguous with controversial statements issued by government officials almost every week, these projects managed to not only to emerge but to truly flourish.


Waves, a Moscow-based project led by Sasha Ivanov, hit the headlines back in 2016 with their platform that offered nothing other than killing Kickstarter. Since then, it has become a global public blockchain platform providing shared infrastructure with highly functional and intuitive tools. The company has held one of the most succes...


Eyewitness Reports of Apparent Living Pterosaurs in the US Terra Forming Terra

The problem is that no one even knows this phenomena exists and then have no place to go with their data.  The map pretty well confirms a real lack of resolution.  We really need to get those hundreds of missing reports.

I do think that this creature spends plenty of time underwater fishing at night.  Thus it should by active around wetlands, lakes and swamps or where fish are readily availablie.

In the event, the phenomena now has ample confirmation sightings to fully establish its presence.


 Eyewitness Reports of Apparent Living Pterosaurs in the US

Monday, January 08, 2018

Eyewitness Reports of Apparent Living Pterosaurs in the US

Statistical analysis on the number of reported sightings of flying creatures resembling living pterosaurs, by human populations in American states

Jonathan David Whitcomb - Dec 28, 2017, 4:00 a.m., MT. MURRAY, Utah, Dec 28, 2017/LUAPT -- A nonfiction-cryptozoology author has analyzed reports of non-extinct pterosaurs, commonly called pterodactyls or flying dinosaurs, and found how sightings relate to thirty-three states (and Washington D.C.) of the United States. Jonathan Whitcomb, of Murray, Utah, has been receiving emails, and an occasional phone call, over a period of 13 years, from eyewitnesses from five continents, and most reported sightings are in North America.

Using 161 sighting reports, which Whitcomb chose after eliminating ones that had too much potential for misidentification of a bird, he found that California and Texas had the most, at 27 and 11, but he ascribed that to higher human populations in those two states. (On this list, seventeen U.S. states had no reported sightings.) Other findings surprised Whitcomb.


The EPO Ignores This Weeks Decision Which Demonstrates Patent Scope Gone Awry; Software Patents Brought Up Again Techrights

Its all about money and replacing examiners with machines

Battistelli and money

Summary: The worrisome growth of European Patents (EPs) a 40% jump in one year in spite of decline in the number of patent applications is a symptom of the poor judgment, induced largely by bad policies that impede examiners activities for the sake of so-called production; this weeks decision regarding CRISPR is another wake-up call and software patents too need to be abolished (as a whole), in lieu with the European Patent Convention (EPC)

THE EPO has said absolutely nothing about the Board or about Broad. Odd, isnt it? Not even a tweet. Sometimes they do link to decisions of the Boards of Appeal, but not this time. Instead, theres this junk about a new Benot Battistelli photo op (warning: link). We dont know if theyre intentionally distracting from something, but we can only guess. Got to maintain the perception of top-notch patent quality, right?

Battistelli took a flight on some plane and all he got was a lousy photo op (in which he is barely even visible).As usual, this EPO news is all about Benot Battistelli. Heck, the entire Web site of the EPO is a shrine to Battistelli. How many years will that take to undo?

The worlds news aggregators said nothing about the above meeting, which is pretty insignificant anyway. Battistelli took a flight on some plane and all he got was a lousy photo op (in which he is barely even visible). Blog post imminent? Either way, lets look at the real news.

The EPO went overboard, unhinged from the actual purpose and function of patent offices.Fallout of EPO granting (in error) patents on life is very much visible. Its prominent in the news. We already wrote 3 articles about it earlier this week (on Wednesday and Thursday [1, 2,...


'ChaiOS' Bug Can Cause IMessage to Crash With a Text Message SoylentNews

There's a new bug floating around called "chaiOS" that appears to be a basic GitHub link. However, when you text it to a person via the iMessage app (whether on iOS or MacOS), it will crash the app and possibly cause the device to freeze and restart. In other words: Be aware that this exists, but don't send it to anyone.

It was Twitter user Abraham Masri who first uncovered the bug. The people over at 9to5Mac tested it out, and it certainly messed up their devices. They reported crashes and severe lags as a result of the bugs that persisted until the thread containing the link was deleted from the iMessage app. If you did send or receive it, and your device is a mess, there's also a fix in the replies to Masri's original tweet. We've reached out to Apple to confirm that their team is aware of the bug, and to see if there are any fixes in the works.

Source: EnGadget

Original Submission

Read more of this story at SoylentNews.


WesternGeco v ION Geophysical (at the US Supreme Court) Wont Affect Patent Scope Techrights

The de facto reference for the case

WesternGeco LLC v. ION Geophysical Corp.

Summary: As WesternGeco v ION Geophysical is the main if not sole major patent case that the US Supreme Court will deal with, it seems safe to say that nothing substantial will change for patent scope in the United States this year

THE patent microcosm has begun speaking more and more about WesternGeco v ION Geophysical a case which weve mentioned several times so far this week, usually in the context of Alice being safe from challenge [1, 2].

It has absolutely no impact on patent scope.To avoid misunderstandings, let is be stressed that the decision whichever way it may go wont have any profound effect on anything we cover. Its barely of any relevance to us. An article from Prof. Kumar (last revised days ago) is titled Patent Damages Without Borders [via] and the abstract is a concise summary of the case: The presumption against extraterritoriality is a deceptively straightforward principle: that U.S. law applies only inside the United States. But there is confusion regarding whether the presumption applies when a court calculates patent damages. In WesternGeco L.L.C. v. Ion Geophysical Corp., the Federal Circuit held that patent holders who show infringement under 271(f) of the Patent Act cannot recover foreign lost profits. The court maintained that allowing recovery of such damages would result in the Patent Act applying extraterritorially, which cannot be done without Congresss clear intent. This interpretation severely limits the ability of district courts to make patent infringement victims whole. This Article maintains that the Federal Circuits reliance on the presumption is misplaced. The presumption was established to prevent U.S. law from applying to extraterritorial c...


Reading out an EPROM with DIP switches Hackaday

Were all too spoiled nowadays with our comfortable ways to erase and write data to persistent memory, whether its our microcontrollers internal flash or some external EEPROM. Admittedly, those memory technologies arent exactly new, but they stem from a time when their predecessors had to bathe under ultraviolet light in order to make space for something new. [Taylor Schweizer] recently came across some of these quartz-window decorated chips, and was curious to find out what is stored in them. Inspired by the BIOS reverse engineering scene in Halt and Catch Fire, he ended up building his own simple reader to display the EPROMs content.

The 2732 he uses is a standard EPROM with 32kbit memory. Two pins, Chip Enable and Output Enable, serve as main control interface, while 12 address pins select the data stored in the chips internal 4K x 8 arrangement, to output it on the 8 data output pins. You could of course hook up the EPROM to a microcontroller and send what you read via serial line, but [Taylor] opted for a more hands-on approach that lets him read out the data in a manual way. He simply uses a bank of DIP switches to set the address and control pins, and added a row of LEDs as display.

As you can see from the short demonstration in the video after the break, reading out the entire EPROM would be a rather tedious task this way. If you do have more serious intentions to read out the content, you could have a look at one of those microcontroller based solutions sending data via serial line after all.


Walmart to Hand Out Packets That Turn Leftover Opioids Into Disposable Gel SoylentNews

Walmart offers way to turn leftover opioids into useless gel

Walmart is helping customers get rid of leftover opioids by giving them packets that turn the addictive painkillers into a useless gel. The retail giant announced Wednesday that it will provide the packets free with opioid prescriptions filled at its 4,700 U.S. pharmacies.

The small packets, made by DisposeRX, contain a powder that is poured into prescription bottles. When mixed with warm water, the powder turns the pills into a biodegradable gel that can be thrown in the trash. It works on other prescription drugs and for pills, tablets, capsules, liquids or patches, according to DisposeRx.

[...] Some drugstore chains like CVS and Walgreens also collect unused medications at many of their stores. People can also take leftovers to hospital pharmacies or police stations. Unused prescriptions also can be thrown in the trash. But the Food and Drug Administration recommends mixing them first with something unpalatable like kitty litter or used coffee grounds and sealing the mixture in a plastic bag.

Original Submission

Read more of this story at SoylentNews.


Drone comes to the rescue of two swimmers in Australia Lifeboat News: The Blog

One day, they may yet turn against us, but for now, theyre still our allies: A drone rescued two teenage swimmers in distress off the coast of New South Wales in Australia, according to a new report. The drone spotted two teenagers in trouble around a half-a-mile out from shore, and then dropped a flotation device it carries for the purpose to give them something to hang on to (via Verge).

This drone was actually not supposed to be saving anyone just yet it was engaged in a pilot project to test its viability. But the Sydney Morning Herald reports that when a call came through about the swimmers in trouble, the drone happened to be in the Ari and nearby, positioned well to respond.

The drones pilot, a decorated veteran lifeguard for New South Wales, was able to Gert out to the swimmers position, and drop the pod in a minute or two, which is at least a few minutes less than it wouldve taken to respond directly with actual flesh and blood lifeguards.


Blood test to detect 8 cancers early gives promising results Lifeboat News: The Blog

Associated Press historical news archive articles dating back to 1985.


Scientists Move Closer to a Universal Flu Vaccine Lifeboat News: The Blog

Researchers hope their new approach, which works well in lab animals, may save more lives.


Watch a Thought Race Across the Surface of the Brain SoylentNews

Although neuroscientists have a general idea of what parts of the brain do what, catching them in the act is a difficult proposition. But UC Berkeley researchers have managed to do it, visualizing based on direct measurement the path of a single thought (or at least thread) through the brain.

Normal scalp-based electroencephalography (EEG) is easy to do, but it really can only get a very blurry picture of brain activity near the surface, because it has to detect all that through your hair, skin, skull, etc.

What if you could take all that stuff out of the way and put the electrodes right on the brain? That'd be great, except who would volunteer for such an invasive procedure? Turns out, a handful of folks who were already getting open-brain surgery did.

[...] We are trying to look at that little window of time between when things happen in the environment and us behaving in response to it," explained lead author Avgusta Shestyuk in the Berkeley news release. "This is the first step in looking at how people think and how people come up with different decisions; how people basically behave."

Source: TechCrunch

Original Submission

Read more of this story at SoylentNews.



MicroPython learns a new trick ISP for AVRs Hackaday

One of the reasons why the Arduino became so popular was the ability to program it with ease. It meant the end of big parallel programmers that would cost an arm and a leg. The latest installment of CircuitPython from [Lady Ada] and the team over at Adafruit is a library for programming AVR microcontrollers without a dedicated PC.

For the uninitiated, in-system programming or ISP for AVR controllers employ the SPI bus to write the compiled binary to the flash memory of the controller. The discount on the number of pins used itself is a benefit though getting the timings right was a bit tricky in the good old days. Most dedicated ISPs handle this nicely, though they are normally slaves to a host PC where an upload button initiates the process.

With CircuitPython (a derivative of MicroPython), programming microcontrollers does not require going through the code-compile-flash cycle. It can be run on a number of processors, however, AVRs are not among them so this neat little library offers the next best thing. Wire-up an Atmega328P or ATmega2560 to a board like the ESP8266 that does run CircuitPython, and you can write firmware on the fly.

There is a complete tutorial on the subject thanks to [Phillip Torrone] and [Lady Ada] which includes some demo files for testing out the functionality. This opens up a lot of possibilities where OTA firmware updates for an AVR co-processor. We expect to see some keychain AVR programmers in the near future taking a hint from the ESP8266 based Two-Factor Authentication featured previously.


What Makes the Hardest Equations in Physics So Difficult? - Facts So Romantic Nautilus

Reprinted with permission from Quanta MagazineAbstractions blog.

Familiarity hasnt bred knowledge: Turbulence is one of the least understood parts of the physical world.Photograph by Mike / Flickr

Physics contains equations that describe everything from the stretching of space-time to the flitter of photons. Yet only one set of equations is considered so mathematically challenging that its been chosen as one of seven Millennium Prize Problems endowed by the Clay Mathematics Institute with a $1 million reward: the Navier-Stokes equations, which describe how fluids flow.

Last month I wrote a story about an important new result related to those equations. If anything, the new work suggests that progress on the Millennium Prize will be even harder than expected. Why are these equations, which describe familiar phenomena such as water flowing through a hose, so much harder to understand mathematically than, say, Einsteins field equations, which involve stupefying objects like black holes?

The answer, I discovered, is turbulence. Its something weve all experienced, whether flying through choppy air at 30,000 feet or watching a whirlpool gather in the bathtub drain. Yet familiarity hasnt bred knowledge: Turbulence is one of the least understood parts of the physical world.

Lucy Reading-Ikkanda /
Read More


Apple Plans to Invest $350 Billion (with a "B") in USA Over Next 5 Years SoylentNews

Apple invests $350 billion (with a "B") in USA over next 5 years

Apple today announced a new set of investments to build on its commitment to support the American economy and its workforce, concentrated in three areas where Apple has had the greatest impact on job creation: direct employment by Apple, spending and investment with Apples domestic suppliers and manufacturers, and fueling the fast-growing app economy which Apple created with iPhone and the App Store. Apple is already responsible for creating and supporting over 2 million jobs across the United States and expects to generate even more jobs as a result of the initiatives being announced today.

Combining new investments and Apples current pace of spending with domestic suppliers and manufacturers an estimated $55 billion for 2018 Apples direct contribution to the US economy will be more than $350 billion over the next five years, not including Apples ongoing tax payments, the tax revenues generated from employees wages and the sale of Apple products.

[...] "Apple, already the largest US taxpayer, anticipates repatriation tax payments of approximately $38 billion as required by recent changes to the tax law. A payment of that size would likely be the largest of its kind ever made."

Read more of this story at SoylentNews.


Samsung Announces Mass Production of GDDR6 SDRAM SoylentNews

Samsung has announced the mass production of 16 Gb GDDR6 SDRAM chips with a higher-than-expected pin speed. The chips could see use in upcoming graphics cards that are not equipped with High Bandwidth Memory:

Samsung has beaten SK Hynix and Micron to be the first to mass produce GDDR6 memory chips. Samsung's 16Gb (2GB) chips are fabricated on a 10nm process and run at 1.35V. The new chips have a whopping 18Gb/s pin speed and will be able to reach a transfer rate of 72GB/s. Samsung's current 8Gb (1GB) GDDR5 memory chips, besides having half the density, work at 1.55V with up to 9Gb/s pin speeds. In a pre-CES 2018 press release, Samsung briefly mentioned the impending release of these chips. However, the speed on release is significantly faster than the earlier stated 16Gb/s pin speed and 64GB/s transfer rate.

18 Gbps exceeds what the JEDEC standard calls for.

Also at Engadget and Wccftech.

Related: GDDR5X Standard Finalized by JEDEC
DDR5 Standard to be Finalized by JEDEC in 2018
SK Hynix to Begin Shipping GDDR6 Memory in Early 2018
Samsung's Second Generation 10nm-Class DRAM in Production

Original Submission

Read more of this story at SoylentNews.


Overnight Tech: Senate extends NSA spy program | Apple to allow customers to disable phone slowdowns | Amazon down to 20 HQ2 finalists | Facebook gets first black board member The Hill: Technology Policy

SENATE VOTES TO EXTEND NSA SURVEILLANCE: The Senate on Thursday passed an extension of a government surveillance program, sending the bill to President Trump's desk.Senators voted 65-34 on the bill, which includes a six-year extension with...



Gesture-Control Chip Lifeboat News: The Blog

This chip can control certain devices using *just* gestures.


Singularity Hypotheses Photo Lifeboat News: The Blog

Has AI made significant progress over the years towards artificial general intelligence?

This decades-old debate could end by the new project from the Stanford 100 Year Study on AI, called The AI Index. If their goal is achieved.

Off to a good start, the AI Indexs first report includes many useful visualisations of the data they are collecting, such as the following outline of AI breakthroughs since 1980.


Cardboard wall is surprisingly well built Hackaday

We all built cardboard forts when we were kids. [Paintingcook] has taken it into adulthood with a hand built cardboard wall. He and his wife leased a loft apartment. Lofts are great one giant space to work with. Plans changed a bit when they found out they had a baby on the way. A single living, working, and sleeping space definitely wouldnt be good for a newborn, so the couple set about separating a section of the room with a wall.

Sheetrock and steel or wood lumber would be the normal path here. They instead decided to recycle their cardboard moving boxes into a wall. The boxes were formed into box beams, which created the framework of the wall. The two pillars were boxed in and incorporated into the wall itself. The skin of the wall is a random patchwork of cardboard pieces. Most of the construction is completed with 3/8 screws and masking tape. Tape wont last forever, but this is a temporary wall after all.

You might be wondering about fire hazards sure, cardboard burns more readily than gypsum board, but the apartment is outfitted with sprinklers, which should help on this front. A few commenters on [Paintingcooks] Reddit thread asked about formaldehyde and other gasses emitting from the cardboard. Turns out hes an inorganic chemist by trade. He says any outgassing happens shortly after the cardboard is manufactured. It should be safe for the baby.

Cardboard is a great material to work in. You can build anything from robots to computers to guns with it. So get hop the couch, grab that Amazon box, and get hacking!


HPR2470: Obamacare Update At The End Of 2017 Hacker Public Radio

In 2017 Obamacare was the subject of a great deal of political jockeying, and yet by the end of the year almost nothing changed. So what happened, and why?



Quantum Superposition Experiment Will Test for "Universal Background Noise" SoylentNews

Groundbreaking Experiment Will Test The Limits Of Quantum Theory

[A] consortium has devised an ambitious experiment to test the so-called quantum superposition principle (QSP) the law that allows microscopic systems to appear in two different, perfectly distinguishable, configurations at the same time. [...] Unproven theories advanced since the 1980s suggest the existence of a universal background 'noise' that destroys QSP of larger objects, such as particles that can be seen using an optical microscope.

The 'Project TEQ' consortium, led by the University of Trieste, in Italy, will test the existence of this noise thanks to a 4.4M (3.9M) award from the European Commission.

Its experiment will involve a tiny particle of glass, one-thousandth of the width of a human hair, being levitated by an electric field in a vacuum at a temperature close to absolute zero (-273C). A laser will be shot at the particle, and the scattering of the laser's light measured for signs of movement of the particle.

If there is no movement, it means that quantum mechanics still apply at this scale and there is no universal background noise. However, if movement is detected, it indicates the existence of a noise that prevents QSP applying at this scale. This would represent the first observed failure of quantum theory, setting a limit on the scale at which quantum mechanics apply and having implications for large-scale applications of any physical system based on quantum principles.

Quantum superposition.

Original Submission

Read more of this story at SoylentNews.


Drone saves teen swimmers in world first Lifeboat News: The Blog

Lifeguards in Australia interrupt a drone training session to save two stricken boys.


This 3D-Printed Heart Could Replace Blood Pumps Lifeboat News: The Blog

These 3D-printed, artificial hearts could replace real hearts one day.


Staff Persona Avatars: Social Media, Big Data and Employer Branding Social Network by Laurel Papworth

Would you use big data tools that analyse social media to identify your perfect job and ditch unsuitale jobs? Should organisations use big data tools to analyse social media to identify perfect candidates and ditch less than ideal ones?

Employer Branding and Social Media profiling

I find tools like Key Values lots of fun but also give you insight into how Big Data collection can aid HR & Recruitment. Its not big data [because its declarative not behavoural] but Big Data could be used to profile companies for me and candidates for you. Head further down the post to CrystalKnows for more information.

This would be my requirements. I work for myself so Im not really tempted more than 10x a day to work for someone else

key values social media employer branding

After I had been working in Sydney for about 10 years, knew everyone i...


Re: How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Michael Orlitzky on Jan 18

Pay a homeless guy to file a public bug report?


Git v2.16.0

Git v2.16.0 is now available. "It is comprised of 509 non-merge commits since v2.15.0, contributed by 91 people, 26 of which are new faces." The release notes are included in the link below.


Youtuber "King Of Random" is Charged With Possessing Explosives SoylentNews

Jonathan Grant Thompson, the man behind the popular science-focused YouTube channel King of Random has been charged with two counts of second-degree felony possession of an explosive device.

Thompson, 37, runs the King of Random YouTube channel, boasting about 200 videos and 8.9 million subscribers. His videos are of science experiments and are in the vein of science-based shows on networks such as the Discovery Channel.

Thompson has been making videos and putting them on YouTube since 2010. His videos have garnered more than 1.6 billion combined views.

According to the article the first complaint "resulted from a citizen complaint via Facebook Messenger on June 15 about Thompson exploding a dry ice bomb", and for the second:

Thompson said a friend had left him a bag of powder, which he believed to be from a deconstructed firework.

After lighting a couple of small "control fires" Thompson and Timothy Burgess, 20, of Ontario, Canada, ignited a larger pile which exploded, the police report states. According to the report, firefighters heard the explosion from the nearby fire station.

Google Maps shows there is a South Jordan fire station 0.2 miles from Thompson's home.

The explosion left Burgess with small particles of burned material embedded in his arms, charges say.

Burgess was charged with one count of second-degree felony possession of an explosive device. Court records show prosecutors have asked a judge to issue a $15,000 warrant for his arrest

Originally spotted via AvE's channel.

Original Submission

Read more of this story at SoylentNews.


Re: How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Solar Designer on Jan 18

That's precisely what I wrote above, and I think it's not as bad as the
original situation Florian described. The project gets less time, but
does it need more time when it can't release a fix anyway? The reduced
exposure - even if to people and infrastructure of the project itself -
reduces risk of leaks.

Terms like this will also serve as a reminder to the reporter that
they're indeed being selfish and would have wanted...


Re: How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Luedtke, Nicholas (Cyber Security) on Jan 18

I generally agree with this, but it also creates the risk that reporters
will simply wait till the maximum time frame fits within their desired
reporting time. Which of course delays the reporting of the bug to the
vendor/project. What I have seen in the past is a negotiated partial
disclosure where the patch is released with minimum details with the
line that says "Full details with be released by XXX at YYY conference."


Ex-Uber CEO nets $1.4B as company closes Softbank deal The Hill: Technology Policy

Travis Kalanick, the former Uber CEO who resigned last year, is walking away with $1.4 billion after the company finalized a new deal, CNBC reported Thursday.Japanese company SoftBank reached an arrangement with Uber, according to the...


Re: How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Solar Designer on Jan 18

I think it's best for your project (I guess glibc?) to prominently
publish near the security contact address a maximum embargo time you'd
(be likely to) agree to. That's what security at does
(7 days) and what we do with (linux-)distros (14 days). That way, it's
less important for you to judge whether the reason for embargo is
valid/altruistic or bogus/selfish - a sane maximum embargo time
minimizes the damage to...


Re: How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Rich Felker on Jan 18

Assuming there is no good reason for the embargo (like coordination
with other affected parties), ignore the embargo, fix the bug, and
report the behavior to the conference. Conferences should adopt
policies not to host speakers who request that users be left
unprotected for any extended period for the sake of their own ego



Big Trak Gets a New Brain Hackaday

If you were a kid in the 1980s you might have been lucky enough to score a Big Trak a robotic toy you could program using a membrane keyboard to do 16 different motions. [Howard] has one, but not wanting to live with a 16-step program, he gave it a brain transplant with an Arduino and brought it on [RetroManCaves] video blog and you can see that below.

The CPU isnt the only upgrade, as the updated Big Trak has an OLED display. [Howard] plans to add either WiFi or Bluetooth and wire the keyboard up to the onboard Arduino. [Howard] shows the inside and there is a lot of room by todays standards. Of course, we wanted to see the original PCB, but it was nowhere to be found. Luckily, we found an image of the single-sided PCB on Wikipedia, so if you are like us, you can see it below, under the video.

Theres no wiring diagram that we could see, but from the Arduino code you can back out what the connections are to the sonar, the OLED display, and the new motor drivers for the original motors.

Oddly enough, this isnt the first Big Trak that has made it to the pages of Hackaday. Of course, we have no shortage of hacked toy robots.



WootHosting Chicago Launch & Amazing Deals! Low End Box

Jason from WootHosting is back to promote their expansion to a brand new Chicago location! Jason mentioned he will be around to answer any questions during this sale so please feel free to fire away in the comments and you can check their older posts for reviews and whatnot.

Their WHOIS is public, PayPal, Credit Cards & Bitcoin are all accepted as payment, and you can find their ToS/Legal Docs.

Heres what Jason had to say: 

WootHosting was first established in 2007. WootHosting is overseen by our staff of life-saving technical support engineers, network engineers, and virtualization experts to provide its clients with a truly streamlined hosting experience. Initially, WootHosting was a company that provided basic web hosting packages to small businesses around the globe, in 2010, WootHosting expanded its portfolio and began offering virtual private hosting, along with dedicated servers. In the years since, weve become a trusted partner for providing a wide-array of elegant complex hosting solutions at equally attractive values.

Linux OpenVZ Offers  Available in all 4 locations (Los Angeles, Miami, New York, Chicago):
New Year 2018 VPS Special 512MB:
1 vCPU Core
512MB Dedicated RAM
512MB vSwap
15GB Storage Allocation
1500GB (1.5TB) Monthly Bandwidth
1 IPv4 Address
30 IPv6 Addresses (IPv6 Available in LA and Miami only)
100Mbps Port Speed
Instant Setup
FEATURE: Advanced DDoS Protection Included!
Locations: Los Angeles, Miami, New York, and Chicago
New Year 2018 VPS Special 1024MB:
1 vCPU Core
1024MB (1GB) Dedicated RAM
1024MB (1GB) vSwap
25GB Secured Disk Space
2500GB (2.5TB) Premium Bandwidth
1 IPv4 Address
30 IPv6 Addresses (IPv6 Available in LA and Miami only)
100Mbps Port Speed
Instant Setup
FEATURE: Advanced DDoS Protection Included!
Locations: Los Angeles, Miami, New York, and Chicago



Wine 3.0 released

Version 3.0 of the Wine Windows emulation layer has been released. "This release represents a year of development effort and over 6,000 individual changes." Most of the improvements seem to be around Direct3D graphics, but it also now possible to package up Wine as an Android app; see the release notes for details.


Occipital In-Headset Room Tracking for VR SoylentNews

Don't want to join the growing ranks of virtual reality fatalities? In-headset room tracking may be for you:

Occipital, a company based in Boulder, Colorado, focuses on 3D scanning hardware and depth-sensing cameras: One of its Structure camera sensor arrays works with both an iPhone mixed-reality headset and an upcoming home robot. Occipital's team put an HTC Vive VR headset on me, outfitted with an in-development feature that let me see the room even with my headset on. The technology is called Occipital Tracking. Its aim is to replace external room-sensing hardware completely, like the Oculus Rift's cumbersome stands or the Vive's light-emitting Lighthouse system, in favor of all in-headset tech.

Inside-out tracking, as in-headset room-tracking tech is called, has been in place on Microsoft's VR headsets and upcoming hardware like the Lenovo Mirage Solo with Daydream as well as AR devices like the Microsoft HoloLens, but Occipital Tracking aims to make that tech even better for VR with far more room-aware scanning.

Much as Apple's ARKit or Google's ARCore can scan a room and sense edges and surfaces using a camera and the phone's motion sensor, Occipital's tech pinged my demo space and found glowing points in space that formed a map. The test demo alternated between the real world via pass-through cameras and a fully closed-off VR world with edges of the room overlaid. The VR hardware I tried had stereo cameras, but Occipital says the tracking will work with a single camera, too. It really does seem like ARKit/ARCore for VR.

A game could show a partial overlay only when you are in imminent danger of colliding with something, or even create a virtual environment that incorporates real life obstacles (walls, tables, etc.).

Original Submission

Read more of this story at SoylentNews.



Meltdown and Spectre patches have a variable impact and can cause unwanted reboots, Intel warns Security Affairs

Intel has published the results of the test conducted on the Meltdown and Spectre patches and their impact on performance confirming serious problems.

According to the tech giant systems with several types of processors running Meltdown and Spectre patches may experience more frequent reboots.

A few days ago Intel reported that extensive test conducted on home and business PCs demonstrated a negligible performance impact on these types of systems (from 2 up to 14%).

Now the vendor has conducted some performance tests on data centers and results show that the impact on the performance depends on the system configuration and the workload.

As expected, our testing results to date show performance impact that ranges depending on specific workloads and configurations. Generally speaking, the workloads that incorporate a larger number of user/kernel privilege changes and spend a significant amount of time in privileged mode will be more adversely impacted. reads the analysis conducted by Intel.

Impacts ranging from 0-2% on industry-standard measures of integer and floating point throughput, Linpack, STREAM, server-side Java and energy efficiency benchmarks. The tests are related to benchmarks that cover typical workloads for enterprise and cloud customers.

Intel also evaluated the impact on online transaction processing (OLTP), estimating it at roughly 4%.

Benchmarks for storage demonstrated a strict dependence on the benchmark, test setup, and system configuration.

For FlexibleIO, which simulates various I/O workloads, throughput performance decreased by 18% when the CPU was stressed, but there was no impact when CPU usage was low.

The tests for FlexibleIO were conducted using different benchmark simulating different types of I/O loads, the results depend on many factors, including read/write mix, block size, drives and CPU utilization.

For FlexibleIO, a benchmark simulating different types of I/O loads, results depend on many factors, including read/write mix, block size, drives and CPU utilization. When we conducted testing to stress the CPU (100% write case), we saw an 18% decrease in throughput performance because there was not CPU utilization headroom. continues the analysis. When we used a 70/30 read/write model, we saw a 2% decrease in throughput performance. When CPU utilization was low (100% read case), as is the case with common st...



X.Org Server Finally Adapted To Better Deal With 16:9 & 16:10 Displays Phoronix

In 2018 the X.Org Server will introduce better support for 16:9 and 16:10 ratio monitors!..


Edisons Phonograph IEEE Spectrum Recent Content full text

More than any other fruit of Edisons fertile brain, this one was not merely useful but magical Photo-illustration: Stuart Bradford

illustration Photo-illustration: Stuart Bradford

When Thomas Edison died in 1931, at 84, he held nearly 1,100 patents in the United States and more than 2,300 patents worldwide. By far the most famous one was his patent for the lightbulb, but he came up neither with the idea of an evacuated glass container nor with the use of an incandescing filament. More fundamental was Edisons conception, entirely de novo, of the complete system of electricity generation, transmission, and conversion, which he put into operation first in London and in lower Manhattan in 1882.

But for sheer originality bordering on the magical, nothing compares to Edisons U.S. Patent No. 200,521, issued on 19 February 1878, for the first-ever way to hear recorded sound.

The phonograph was born out of the telegraph and telephone. Edison spent years trying to improve the formermost of his early patents were related to printing telegraphsand he was intrigued by the latter ever since its introduction, in 1876. Edison got his first telephone-related patents in 1878. He noticed that playing a recorded telegraph tape at a high speed produced noises resembling spoken words. What would happen if he recorded a telephone message by attaching a needle to the receivers diaphragm, produced a pricked tape, and then replayed that tape? He designed a small device with a grooved cylinder overlaid with tinfoil that could easily receive and record the motions of the diaphragm. I then shouted, Mary had a little lamb, etc., Edison recalled. I adjusted the reproducer, and the machine reproduced it perfectly. I was never so taken aback in my life. Everybody was astonished. I was always afraid of things that worked the first time.

Soon he took the phonograph on a tour, e...

Server Reboots... and then there was One (for now): hydrogen 2018-01-19 @ 05:00 AM UTC SoylentNews

Continuing Linode's efforts to mitigate the Meltdown/Spectre issues, we have learned that the last of our servers has been scheduled for its first reboot. This time it is hydrogen which, among other things, hosts a copy of our database is one of our web frontends. The reboot is scheduled for tonight, 2018-01-19 @ 05:00 AM UTC (Midnight EST) or approximately 9 hours from the time this story is posted. Our plans are to move hydrogen's workload over to fluorine to cover the load during the hiatus and expect there to be no interruption of service on the site.

Please be aware that Linode considers these reboots to be "Phase 1" of their remediation efforts. We will keep you posted when we learn of other phase(s) being scheduled.

We appreciate your understanding and patience as we deal with this situation.

I recently came upon an article on Ars Technica which revealed that Linode (amongst many, many others) learned of these vulnerabilities at the same time as the rest of us -- when the news hit the press. They had no advance notice with which they could have performed mitigation planning of any kind. That has to count as one of their worst days, ever.

Original Submission

Read more of this story at SoylentNews.


Re: How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Yves-Alexis Perez on Jan 18

I'm also not a huge fan of embargoes for conferences. It did happen for Debian
so we discussed that issues with the security researchers to make the fix
happens rather sooner than later.

One important thing, in my opinion, is that conferences should also encourage
their speakers to actively coordinate with vendors in order for things to be
fixed *before* and published either before or just for the conference. It
might be wishful thinking...


Senate panel approves FCC commissioner for full term The Hill: Technology Policy

The Senate Commerce Committee voted to confirm Commissioner Brendan Carr for a full five-year term at the Federal Communications Commission.The panel advanced the nomination in a 14-13 party-line vote on Thursday. Carr, a Republican, was...


G Suite users get a better view of their enterprise security posture Help Net Security

Google is rolling out a new security tool for G Suite Enterprise users: the Security Center. The tool aims to give administrators a better understanding of their organizations security. The G Suite Security Center Admins get a unified dashboard that shows them important security metrics across services like Gmail, Google Drive, Mobile Management, etc. These metrics show how many messages were encrypted with Transport Layer Security, when were messages marked as malware, how are users More


6 years jail time for one of the largest dark web drug dealer HackRead

By Carolina

The 40-year-old David Ryan Burchard from Merced, a dark web vendor

This is a post from Read the original post: 6 years jail time for one of the largest dark web drug dealer


Re: How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Matthias Fetzer on Jan 18

Hi Gynvael,

Well. The result might be, that they will *not* report the vulnerability
at all, but publish their findings as a 0day at a conference. So the
users security highly benefits, if patches are available right
before/after/during the conference.

This is not the best case, but still better than unpatched, published 0days.

Best regards,


A Quarter of Ethical Hackers Couldn't Report A Cybersecurity Concern SoylentNews

[Update: Corrected title per first comment. Also, should you find any kind of vulnerability with SoylentNews, please send a description to "dev" at "" and we'll address it as soon as possible. --martyb]

Submitted via IRC for AndyTheAbsurd

Almost a quarter of hackers have not reported a vulnerability that they found because the company didn't have a channel to disclose it, according to a survey of the ethical hacking community.

With 1,698 respondents, the 2018 Hacker Report, conducted by the cybersecurity platform HackerOne, is the largest documented survey ever conducted of the ethical hacking community.

In the survey, HackerOne reports that nearly 1 in 4 hackers have not reported a vulnerability because the company in question lacks a vulnerability disclosure policy (VDP) or a formal method for receiving vulnerability submissions from the outside world.

Without a VDP, ethical, white-hat hackers are forced to go through other channels like social media or emailing personnel in the company, but, as the survey states, they are "frequently ignored or misunderstood".

But that means that three-quarters DO, which I guess is good news. Or at least not bad news.


Original Submission

Read more of this story at SoylentNews.


German Scientists Create Ultrafast Robot Arms from DNA IEEE Spectrum Recent Content full text

DNA robotic systems move 100,000 times faster than previous systems Illustration: Technical University of Munich

Researchers at the Technical University of Munich (TUM) in Germany have given a big boost to DNA-based robotic systems by using electric fields to speed up their movements by five orders of magnitude over previous DNA systems.

Prior to this work, which the German scientists descibe in todays issue of the the journal  Science, the main issue preventing previous DNA-based molecular machines from operating faster was that they were dependent on DNAs molecular cues.

For example, most DNA-based molecular machines previously were operated by a variety of DNA molecular manipulations, including DNA hybridization with externally added DNA fuel strands, the action of DNA-cutting enzymes, a change in buffer conditions (such as pH levels), or the use of chemical photoswitches, like azobenzene, that can collect light to trigger reactions.

For various reasons, the resulting machines were very slow, almost all working on the timescale of minutes to hours, according to Friedrich Simmel,  a professor at TUM and co-author of the research.

Compared to other previously demonstrated robotic systems or assembly lines, movement and positioning of components electrically is much faster, said Simmel. We estimate its about 100,000 times faster than typical DNA walkers.

Simmel concedes that the overall speed of an assembler will depend also on the speed of the reactions of the components, and also on the time required to release/move products and localize new reactants.

In order for the DNA in their experiments to reach these new speeds and move away from these DNA-based molecular cues, Simmel and his colleagues started with an established technique for molecular self-assembly: DNA origami. This technique involves the use of DNA strands that have been folded into structures resembling artfully folded paper.

The TUM scientists used the DNA origami technique to create a rigid base...


Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Open Source Security

Posted by Xen . org security team on Jan 18

Xen Security Advisory CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 / XSA-254

Information leak via side effects of speculative execution


Provided summary table for the varous Meltdown options.

Note that in XSA-254 v9's Updates section we said
* Include >32vcpu workaround in shim branch ...
but this workaround is for guests with 32 or *fewer*...



Why Gene Silencing Could Launch a New Class of Blockbuster Drugs Lifeboat News: The Blog

Over 85 percent of proteins in the body cant be targeted with conventional chemical drugs. By working on the RNA responsible for problematic proteins, gene silencing opens up an enormous portion of the genome to intervention. If realized, a new class of drugs based on gene silencing could overhaul modern medicine.


How the Science of Decision-Making Will Help Us Make Better Strategic Choices Lifeboat News: The Blog

Neuroscientist Brie Linkenhoker believes that leaders must be better prepared for future strategic challenges by continually broadening their worldviews.

As the director of Worldview Stanford, Brie and her team produce multimedia content and immersive learning experiences to make academic research and insights accessible and useable by curious leaders. These future-focused topics are designed to help curious leaders understand the forces shaping the future.

Worldview Stanford has tackled such interdisciplinary topics as the power of minds, the science of decision-making, environmental risk and resilience, and trust and power in the age of big data.


This is the darkest material on Earth Lifeboat News: The Blog

And its changing everything from art to space exploration.


This bed is making the lives of carers and patients easier Lifeboat News: The Blog

Click on photo to start video.

This bed has a rolling sheet that helps move disabled patients.


CES 2018 gets serious about health, wellness and medical tech Lifeboat News: The Blog

With the slew of self-care, fitness and sleep devices on show at CES, the health and medical industries are making big rumbles in consumer tech.


Stud finder on steroids Lifeboat News: The Blog

This add-on Android device can help you see into walls.


Food store AI sees what you put in basket Lifeboat News: The Blog

Jump to media player A prototype system spots what shoppers pick up so that they can avoid queuing to pay at the till.


Researchers Have Developed A New Way To Block Pain Lifeboat News: The Blog

For anyone who has accidentally injured themselves, Dr. Zachary Campbell not only sympathizes, hes developing new ways to blunt pain.

If you have ever hit yourself with a hammer, afterward, even a light touch can be painful for days or even weeks, said Campbell, who researches pain on the molecular level at The University of Texas at Dallas. While many of us may not be coordinated enough to avoid an accident, my goal is to disrupt the inception and persistence of pain memories.

Campbell directs the Laboratory of RNA Control and recently published a study in the journal Nature Communications in close collaboration with Dr. Ted Price, an associate professor from the Pain Neurobiology Research Group, and Dr. Michael Burton, a new assistant professor from the School of Behavioral and Brain Sciences who conducted postdoctoral work at UT Dallas.


Researchers Recreate DNA Of Man Who Died In 1827 Despite Having No Body To Work With Lifeboat News: The Blog

An international team of researchers led by a group with deCODE Genetics, a biopharmaceutical company in Iceland, has partly recreated the DNA of a man who died in 1827, despite having no body to take tissue samples from. In their paper published in the journal Nature Genetics, the team describes reconstructing a sizable portion of the original DNA of the man by studying DNA samples from his descendants.

In a unique and interesting project, the team worked with genetic information from people living in Iceland to recreate the DNA of a man well known in that country due to his unique story. He was an escaped black slave who made his way to Icelanda place where there were no other people of African descent. That made his DNA extremely unique. More importantly, the man, Hans Jonatan, was, as the story goes, welcomed with open arms, which meant he was able to marry a local woman and have children. Those children produced children of their own, who inherited part of Jonatans DNAdding to the story, Iceland just happens to have one of the most extensive genealogical databases in the world todayit includes data on over a third of the entire population of the country.

In this new effort, the researchers took advantage of the unique situation to find Jonatans descendants by narrowing an original pool of 788 descendants down to a manageable 182each one of whom held one small piece of the puzzle in their genes. After much work, the team reports that they were able to use the pieces they found to recreate a large part of Jonatans DNA without using any tissue from him at allthe first time such a feat has ever been achieved. They were also able to trace some of Jonatans ancestry starting with his mother, an African slave on a plantation in St. Croix, which at the time of Jonatans birth was a Danish colony. They believe his father was a white European.


Humans Share a Relevant Gene With This Fish That Can Repair Its Spinal Cord Lifeboat News: The Blog

The lamprey looks about as different from a human as you can imagine. This fish has an eel-like, finless body, bulging eyes, and a circle of frankly horrifying teeth in place of a jaw, which some species use to latch onto other animals and suck their blood.

Yet these alien-looking creatures share something fairly extraordinary with humans: we both contain genes that, in the lamprey, allows it to repair broken spinal cords.

The discovery shows promise for medicine: if we could one day activate the same gene in humans, we could reverse spinal cord damage even paralysis.


How to use the new Google app that matches your face with famous paintings Lifeboat News: The Blog

The Google Arts & Culture app went viral over the weekend as people discovered the funny results it can provide. Some are accurate while others arent so much.

Heres how to use it.


HITB Security Conference in Amsterdam to feature innovative research on attack and defense topics Help Net Security

The agenda for Day 1 of the 9th annual HITB Security Conference in The Netherlands has been announced and its packed with cutting edge research on a range of attack and defense topics from crypto currencies to fuzzing and more. Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation) In this presentation, Daniel Bohannon, a Senior Applied Security Researcher with MANDIANTs Advanced Practices group, will dive deep into cmd.exes multi-faceted obfuscation opportunities beginning with More



Senate votes to extend NSA spying program The Hill: Technology Policy

The Senate on Thursday passed an extension of a government surveillance program, sending the bill to President Trump's desk.Senators voted 65-34 on the bill, which includes a six-year extension with minimal changes to the National Security...


Distinct Types of Amyloid-beta Prion Strains in Alzheimers Disease Discovered Lifeboat News: The Blog

Distinct amyloid-beta prion strains discovered in different variants of Alzheimers disease.

In a paper in the Proceedings of the National Academy of Sciences, a research team led by Carlo Condello presented their results from a study of the sliced brain fragments of deceased Alzheimers disease (AD) patients. It appears different amyloid-beta prions are uniquely associated with different AD variants [1].

A primer on Alzheimers disease

AD is a chronic neurodegenerative disease affecting about 5% of the population above 65 years of agethe time when the first symptoms usually manifest. It is estimated to be the cause of up to 70% of all cases of dementia, which according to WHO projections, by 2050 will be around 115 million.


Links 18/1/2018: MenuLibre 2.1.4, Git 2.16 Released Techrights

GNOME bluefish



  • NHS: Thanks for all the free work, Linux nerds, now face our trademark cops [Ed: NHS has long been a Microsoft stronghold]

    Dev team quits, suggests NHS used them to get better deal with Microsoft


    The small team behind an ambitious NHoS Linux project are calling it a day, citing receipt of a trademark infringement warning from the Department of Healths (DoH) brand police as the final straw.

    The initial raison dtre of NHoS was to identify a way to roll out NHSbuntu, a strand of open-source Linux distro Ubuntu designed for the NHS, on three-quarters of a million smartcards. The smartcards are used to verify the healthcare pros that access 80 per cent of applications on millions of NHS PCs.

    The volunteer force behind NHoS wanted NHSbuntu to replace the current smartcard verification system that was running on Windows, and ultimately, have the operating system replace Windows on the desktop as well. Smart card recognition was seen as a mile-high hurdle in this grand plan.


    Baw alleged the pair (unbeknown to us) were also duplicitously negotiating with Microsoft about a new NHS Enterprise Wide Agreement.

  • Barcelona Council abandons Microsoft for open-source software [iophk: again, disinfo about the reason for Munichs change

    The Spanish city of Barcelona has announced it will phase out its use of Microsoft software in favour of open-source alternatives. Over the next few years, the city will transition away from Microsofts services to guarantee its technical sovereignty.

  • Amazing Facts about Linux Operating System You Probably Don...


[$] Shrinking the kernel with link-time optimization

This is the second article of a series discussing various methods of reducing the size of the Linux kernel to make it suitable for small environments. The first article provided a short rationale for this topic, and covered the link-time garbage collection, also called the ld --gc-sections method. We've seen that, though it is pretty straightforward, link-time garbage collection has issues of its own when applied to the kernel, making achieving optimal results more difficult than it is worth. In this article we'll have a look at what the compiler itself can do using link-time optimization.


chaiOS Text Bomb Can Freeze & Crash Your iPhone HackRead

By Uzair Amir

A software developer Abraham Masri has managed to identify a

This is a post from Read the original post: chaiOS Text Bomb Can Freeze & Crash Your iPhone


Silicon Valley Charter Buses Vandalized by Pellet/BB Guns or Rocks SoylentNews

5 shuttle buses chartered by Google, Apple apparently vandalized on I-280, possibly with pellet gun

Shuttle buses carrying Apple and Google employees were apparently vandalized Tuesday while traveling to and from the South Bay, officials said. No injuries were reported.

Five buses driving in the northbound and southbound directions of Interstate 280 between Highway 84 and Highway 85 were damaged during the Tuesday morning and evening commute, said California Highway Patrol Officer Art Montiel. Four buses were chartered by Apple and one by Google, the officer said. The Apple campus is located off I-280 in Cupertino. Google headquarters is in Mountain View off Highway 101.

According to Montiel, several bus windows were damaged and cracked, possibly by pellet guns, BB guns or rocks.

According to an article on TechCrunch

In response, we've learned that Apple has rerouted the bus routes for employees living in San Francisco, adding 30-45 minutes of commute time each way, as the company works with authorities to see what exactly is going on.

Also at The Guardian.

Original Submission

Read more of this story at SoylentNews.


Efficient Control of AC Machines using Model-Based Development IEEE Spectrum Recent Content full text

This webinar is aimed at engineers who want to develop better-performing AC drives, faster thus enabling use of motors that are smaller, lighter, quieter, more powerful, and consume less energy.

Discover a highly efficient approach for the control of industrial-strength electrical drives without needing to perform any manual C programming.

This webinar is aimed at engineers who want to develop better-performing AC drives, faster thus enabling use of motors that are smaller, lighter, quieter, more powerful, and consume less energy. While the Model-Based Development (MBD) approach presented will be generally applicable to any type of AC drive, it will be demonstrated using a specific off-the-shelf AC drive controlled using the Texas Instruments (TI) InstaSPIN sensorless, three-phase motor solution. 

During this webinar, special guest Prof. Duco W. J. Pulle will show how to rapidly develop a fully functional, sophisticated electrical drive through the combined use of InstaSPIN with solidThinking Embed software from Altair which provides:

  • Real-time implementation of the control algorithm
  • Automatic generation of reliable, human-readable code direct from diagrams no manual C programming or code re-writing required
  • Powerful yet easy-to-use debugging capabilities


Judge Tells Movie Company That it Cant Sue Alleged BitTorrent Pirate TorrentFreak

Despite a considerable migration towards streaming piracy in recent years, copyright trolls are still finding plenty of potential targets around the world. Alleged BitTorrent pirates are target number one since their activities are most easily tracked. However, it isnt all plain sailing for the pirate hunters.

Last December we reported on the case of Lingfu Zhang, an Oregan resident accused by the makers of the 2015 drama film Fathers & Daughters (F&D) of downloading and sharing their content without permission. While these kinds of cases often disappear, with targets making confidential settlements to make a legal battle go away, Zhang chose to fight back.

Represented by attorney David Madden, Zhang not only denied downloading the movie in question but argued that the filmmakers had signed away their online distribution rights. He noted that (F&D), via an agent, had sold the online distribution rights to a third party not involved in the case.

So, if F&D no longer held the right to distribute the movie online, suing for an infringement of those rights would be impossible. With this in mind, Zhangs attorney moved for a summary judgment in his clients favor.

ZHANG denies downloading the movie but Defendants current motion for summary judgment challenges a different portion of F&Ds case, Madden wrote.

Defendant argues that F&D has alienated all of the relevant rights necessary to sue for infringement under the Copyright Act.

In response, F&D argued that they still held some rights, including the right to exploit the movie on airlines and oceangoing vessels but since Zhang wasnt accused of being on either form of transport when the alleged offense occurred, the defense argued that point was moot.

Judge Michael H. Simon handed down his decision yesterday and it heralds bad news for F&D and celebration time for Zhang and his attorney. In a 17-page ruling first spotted by Fight Copyright Trolls, the Judge agrees that F&D has no standing to sue.

Citing the Righthaven LLC v. Hoehn case from 2013, the Judge notes that under the Copyright Act, only the legal or beneficial owner of an exclusive right under a copyright has standing to sue for infringement of that right.

Judge Simon notes that while F&D claims it is the legal owner...


House Dems want to give cities the right to build broadband networks The Hill: Technology Policy

A group of House Democrats introduced a bill on Thursday that would give local communities the right to build their own broadband networks and compete with established providers like Comcast and Verizon.The group, led by Rep. Anna Eshoo (D-Calif.),...


Re: How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Ludovic Courts on Jan 18

Florian Weimer <fweimer () redhat com> skribis:

Perhaps you could publicly state upfront that your project will not
accept deadlines put forth by the people who report vulnerabilities
(other than making sure to coordinate with the relevant parties)?



Re: How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Gynvael Coldwind on Jan 18

Hi there,

Speaking for myself from a security researcher's perspective, I would say
it depends on the reason for embargo, and what ends up protecting users

There might be valid reasons for embargoes - one example (but not the only
one) is when a given bug affects multiple similar products, and a
disclosure on the side of one product would 0-day users using other
products. It sounds logical to wait until fixes are available before...


Designing Customizable Self-Folding Swarm Robots IEEE Spectrum Recent Content full text

Researchers at UCSD demonstrate a self-folding robot designed to be customized and deployed in huge swarms Photo: Evan Ackerman/IEEE Spectrum Researchers at UCSD demonstrate a self-folding robot designed to be customized and deployed in huge swarms.

Robot swarms generally come in two flavors. Youve got your homogenous swarms, made up of tens or hundreds or sometimes thousands of identical robots. Youve also got your heterogenous swarms, made up of a handful (or possibly a few tens) of robots that arent all identical, and may in fact be significantly different. Heterogeneity is appealing, because robots are bad multitaskers, and with a heterogenous swarm you can deploy a bunch of specialists instead. Problem is, designing, constructing, and then deploying a bunch of specialists is way harder than when youre only dealing with one type of generalist robot, which is why we dont see large heterogeneous swarms.

Researchers at the University California, San Diego, are taking the first steps towards robotics swarms that can be rapidly customized, self-assembled, and then self-deployed, without needing tedious human intervention at every step of the way. Theyre laser-cut from flat sheets, can fold themselves up, and then skitter away with only a minimum of human finger-lifting.

The heterogeneous swarm idea is not a new one: Insects have been doing it for ages, and its been very effective for them. With ants, for example, youve got little workers and some big soldiers, neither of which are suited for doing each others jobs, but together, they make the overall swarm much more efficient. Sadly, were not as clever as the ants at autonomously generating new swarm members, but Michael Tolleys lab at UCSD has been making progress in the right direction.

Weve covered some of Tolleys work before, in the context of self-folding mobile robots. In a recent paper from IROS, one of his students, William Weston-Dawkes, along with Aaron Ong, Ramzi Majid, and Francis Joseph, presented some new work on making a more reliable type of laser-machined self-folding robot that has the potential to be easily customized for speed, maneuverability, and payload:



Facebook Password Stealing Apps Found on Android Play Store The Hacker News

Even after many efforts made by Google last year, malicious apps always somehow manage to make their ways into Google app store. Security researchers have now discovered a new piece of malware, dubbed GhostTeam, in at least 56 applications on Google Play Store that is designed to steal Facebook login credentials and aggressively display pop-up advertisements to users. Discovered independently


Re: How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Kurt Seifried on Jan 18

We (Red Hat) respect the embargo request (although we will often try
to negotiate something a bit more sensible if they make a really
awkward request), but ultimately we want the researchers to come to
us, if we annoy them to much they might stop coming to us and just
drop their results as a 0day at the conference with no heads up.

I'm not sure this is a sustainable approach as researchers who want to
make a name for themselves are faced...


Norwegian health authority hacked, patient data of nearly 3 million citizens possibly compromised Help Net Security

Hackers have breached the systems of the Southern and Eastern Norway Regional Health Authority (Helse Sr-st RHF), and possibly made off with personal information and health records of some 2.9 million Norwegians. Whats known about the breach The breach was announced on Monday by the authority. The first to notice that something was amiss was HelseCERT, the Norwegian healthcare sectors national information security center, which detects unwanted events and traffic and reports them to affected More


North Korea Group 123 involved in at least 6 different hacking campaigns in 2017 Security Affairs

North Korean hackers belonging to the North Korea Group 123 have conducted at least six different massive malware campaigns during 2017.

North Korean hackers have conducted at least six different massive malware campaigns during 2017, most of them against targets in South Korea. Security researchers from Ciscos Talos group who have monitored the situation for 12 months have identified a North Korean threat actor tracked by the experts as Group 123 that conducted numerous malware attacks against entities in the South.

In three differed phishing campaigns tracked as Golden Time, Evil New Year and North Korean Human Rights South Korean victims were specifically infected with the Remote Access Trojan ROKRAT.

On January 2nd of 2018, the Evil New Year 2018 was started. This campaign copies the approach of the 2017 Evil New Year campaign.

The links between the different campaigns include shared code and compiler artifacts such as PDB (Program DataBase) patterns which were present throughout these campaigns. reads the analysis published by Talos.

Based on our analysis, the Golden Time, both Evil New Year and the North Korean Human Rights campaigns specifically targeted South Korean users.

The ROKRAT RAT was used to target Korean targets using the popular Korean Microsoft Word alternative Hangul Word Processor (HWP). In the past, we saw other attacks against people using the HWP application.


The three campaigns leveraged on a payload in the Hancom Hangul Office Suite, North Korean hackers exploited vulnerabilities such as the CVE-2013-0808 EPS viewer bug to deliver the RAT.

The attackers also used specially crafted files to trigger the arbitrary code execution vulnerability CVE-2017-0199. Group 123 also launched the FreeMilk campaign against financial inst...


YouTube removing videos of people eating Tide Pods The Hill: Technology Policy

YouTube and Facebook are taking down clips of people eating Tide Pods detergent, an attempt to stop a dangerous new internet challenge among teenagers.  The social media platforms announced they will remove clips of users showing...


What Tech Companies Have Been Hiring in Silicon Valley? Here are the Top 20 IEEE Spectrum Recent Content full text

The list starts with A: Apple, Amazon Photo: Justin Sullivan/Getty Images

In Indeed.coms latest study of Silicon Valleys tech job openings, released this week, the job search firm gave a snapshot of which companies are doing the most hiring. And, for the first 11 months of 2017, the older, established companies dominated: Apple, Oracle, Google, and Cisco were among the highest ranked.

While that may be no surprisethese big Silicon Valley companies are always hiringthe top 20 list did have a few unexpected members. Amazon, a company typically considered to be Seattles whale, not Silicon Valleys, came in at number two. And Walmarts eCommerce group jumped in at number 13, which reflects Walmarts recent push into artificial intelligence, according to Indeeds analysis.

Drilling down into the data for specific metro areas, Indeed found that in San Francisco, Salesforce, Square, Amazon, Uber, and Twitter rank on top; for San Jose, Cisco, Paypal, and eBay are the top recruiters; and in Oakland, Pandora and Oracle capture the top spots.

The complete 20 are in the table below.

Silicon Valley tech companies ranked by job postings (January through November, 2017) according to














Could Filtering Our Aged Blood Keep us Young? Lifeboat News: The Blog

An interview with Drs. Irina and Michael Conboy on the topic of young blood and blood filtering for rejuvenation purposes.

Due to a recently published study on the effects of young plasma on aged mice, we got in touch with Dr. Irina Conboy of Berkeley University. Dr. Conboy is an Associate Professor at the Department of Bioengineering and an expert in stem cell niche engineering, tissue repair, stem cell aging and rejuvenation. Before we dive into the main topic, lets familiarize ourselves a little with Dr. Conboy and her work.

Dr. Conboy got her Ph.D. at Stanford University, focusing on autoimmunity. She met her partner in scienceand in lifeDr. Michael Conboy at Harvard and they got married before embarking on graduate studies; they celebrated their Silver Anniversary a few years ago. During her postdoctoral studies, she began focusing on muscle stem cells, trying to figure out what directs them to make new healthy tissue and what causes them to lose their ability to regenerate the tissues they reside in as we age[1].

Together with her husband Michael, she eventually discovered that old stem cells could be reactivated and made to behave like young ones if appropriately stimulated. The Conboys parabiosis experimentswhich consisted in hooking up the circulatory systems of aged and young miceshowed that old age is not set in stone and can be reversed in a matter of weeks[2].



How to deal with reporters who don't want their bugs fixed? Open Source Security

Posted by Florian Weimer on Jan 18

Subject says it all: What do you do if you receive a vulnerability
report, and the reporter requests an embargo at some time in the future
because that's when their paper/conference presentation/patent
submission is scheduled?

The obvious approach is to find a prior public report of essentially the
same bug and fix that (which will work surprisingly often), but let's
assume that this isn't the case.



Lithium Chloride May Help in Fixing Bee Colony Collapse Disorder SoylentNews

As some one who is very interested in the subject of honey bees, and several decades ago had a bee hive, I've been very concerned about colony collapse disorder. Today I came across this article:

Excerpt from the Nature abstract:
"Recent reports of the weakening and periodical high losses of managed honey bee colonies have alarmed beekeeper, farmers and scientists. Infestations with the ectoparasitic mite Varroa destructor in combination with its associated viruses have been identified as a crucial driver of these health problems. Although yearly treatments are required to prevent collapses of honey bee colonies, the number of effective acaricides is small and no new active compounds have been registered in the past 25 years. RNAi-based methods were proposed recently as a promising new tool. However, the application of these methods according to published protocols has led to a surprising discovery. Here, we show that the lithium chloride that was used to precipitate RNA and other lithium compounds is highly effective at killing Varroa mites when fed to host bees at low millimolar concentrations."

I am in no way, shape or form a biologist, but as I read through the article there was mention of gene targeting and so started to get way out of my knowledge area..which is electronics...and quickly lost me.

Is there any truth to this path or is it another way for insecticide makers to push their wares?

Original Submission

Read more of this story at SoylentNews.


Wine 3.0 Released With Initial Direct3D 11 Support, D3D Command Stream Phoronix

The Wine camp has officially released Wine 3.0 as their annual feature update to this program for running Windows games/applications on Linux and other operating systems...


Researcher reports how to hack Facebook account with Oculus Integration HackRead

By Waqas

How to hack Facebook account is something that almost everyone

This is a post from Read the original post: Researcher reports how to hack Facebook account with Oculus Integration


4 Tools for Network Snooping on Linux

4 Tools for Network Snooping on Linux


Less than 10% of Gmail users have enabled two-factor authentication Graham Cluley

Don't make life easy for account hackers. Defend your online accounts with two-step verification.

Read more in my article on the Tripwire State of Security blog.


Security updates for Thursday

Security updates have been issued by CentOS (linux-firmware and microcode_ctl), Fedora (icecat and transmission), Oracle (java-1.8.0-openjdk and microcode_ctl), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk), Slackware (bind), SUSE (kernel), and Ubuntu (eglibc).


The Importance of Reducing Dust Accumulation in Electronics Systems IEEE Spectrum Recent Content full text

Gain a practical understanding of ways to reduce dust accumulation by leveraging a detailed multiphysics simulation approach.

Multiphysics Simulation is an essential part of your businesss digitalization strategy. More so now than ever before, and the need is being driven largely by the IOT. Consumers expect smarter connected products in the home, in the office and in our cities and towns. It follows that its also critical in the factories where products are made. This is driving rapid evolution in the entire product ecosystem.

To keep pace and remain competitive companies need to expand product functionality, increase product performance, and maintain high reliability - all while reducing costs and time to market. Making complex, high quality products in today's and tomorrows rapidly evolving market requires a superior digitalization strategy that leverages the best simulation alongside the best prototyping and testing methods.

One of the 4 most common causes of failure in electronic systems is dust. The most visible effect of dust on electronics systems is the restriction of cooling air flow due to accumulation on inlet air vents, and the restricted air flow results in higher component temperatures.  Higher temperatures have been conclusively shown to dramatically reduce reliability.  But dust can also shorten the life of the bearings in cooling fans, and in rare cases large amounts of dust can provide a pathway for electrical arcing.  A direct way to improve the reliability of an electronics system, therefore, is to minimize the rate of dust build up.

In this session we will provide background information on the physical effects of dust build up in electronics systems.  Various simulation options will be examined along with the advantages and disadvantages of each.  We will provide you with a practical understanding of ways to reduce dust accumulation by leveraging a detailed multiphysics simulation approach.





Unity Game Engine Working On Graphics Rendering Improvements For 2018 Phoronix

The Unity game engine has a New Year's resolution of improving its graphics renderer abilities in 2018...


Amazon narrows list to 20 cities for HQ2 The Hill: Technology Policy

Amazon has narrowed the list of cities it will consider for its mammoth new second headquarters to 20, after nearly 240 communities submitted bids to host the internet giant's new facilities.Among the finalists for the HQ2 project are three...


Bus Pirate Cables which is the best? The Grymoire

One of the more useful tools for reverse engineering hardware is a Bus Pirate.


However, it does not come with any sort of cable or connector. You can use DuPont connectors, if your device has headers soldered to it. However, some people find it easier to get a Bus Pirate Cable, which has several advantages:

  • The wires are color-coded, making it easier to keep track of the wires.
  • Bus Pirate connectors have a plug that fits the Bus Pirate exactly. This makes mistakes less likely.
  • Some cables have labels on the wires.
  • Some cables have test probes attached to the wires, allowing you to connect to devices that dont have headers.
  • If you have more than one cable, you can switch between devices under test easily and quickly.
  • Bus Pirate connectors are compatible with other devices, such as the JTagulator which can support 3 Bus Pirate cables at once. So the cables are multi-purpose.

However, there are some things you should know before you select a cable. They are not all the same.

  • First of all, most cables are for the Bus Pirate Version 3 which is a 25 connector. The Version 4 Bus Pirate has a 26...


The Universal Donor (Open Source Licensing) SoylentNews

Over at the Meshed Insights blog, Simon Phipps writes about why the public domain falls short and more detailed licensing is needed in order to extend rights to a software community.

Yes, public domain may give you the rights you need. But in an open source project, it's not enough for you to determine you personally have the rights you need. In order to function, every user and contributor of the project needs prior confidence they can use, improve and share the code, regardless of their location or the use to which they put it. That confidence also has to extend to their colleagues, customers and community as well.

Source : The Universal Donor

Original Submission

Read more of this story at SoylentNews.


Facebook appoints American Express CEO as first black board member The Hill: Technology Policy

Facebook announced on Thursday that it will bring Kenneth Chenault, the CEO of American Express, onto its board. Chenault will become the first African-American board member at the social media giant.His hiring follows a contentious meeting between...


What is the impact and likelihood of global risks? Help Net Security

The World Economic Forum, a not-for-profit foundation that each year gathers participants from around the world to discuss a wide range of global issues, has published its yearly Global Risks Report. Based on the opinions of almost 1,000 global experts and decision-makers, the top 5 global risks in 2018 in terms of likelihood are extreme weather events, natural disasters, cyber attacks, data fraud or theft, and failure of climate-change mitigation and adaptation. Cyber attacks and More


Tech trade groups push Trump to allow H1B spouses work The Hill: Technology Policy

A coalition of major Washington, D.C., trade associations representing technology and other industries is urging the Department of Homeland Security (DHS) to preserve visas that allow spouses of H1B high-skilled workers to also be employed in...


Is ethical hacking more lucrative than software engineering? Help Net Security

HackerOne published its 2018 Hacker Report, which examines the geography, demographics, experience, tools used and motivations of nearly 2,000 bug bounty hackers across 100 countries. HackerOne found that on average, top earning ethical hackers make up to 2.7 times the median salary of a software engineer in their respective home countries. Also, hackers in India are making as much as 16 times the median. And yet, the new data finds that overall hackers are less More


What Silicon Valley Tech Jobs Pay the Highest Salaries? IEEE Spectrum Recent Content full text

For 2017, product development engineer heads the list of highest paying tech jobs; machine learning engineer salaries are climbing fast Photo: iStockphoto just released its 2017 Silicon Valley salary survey, looking at which tech jobs command the highest average pay over the past year, according to job openings posted on the job search firms web site from November 2016 through October 2017.

Product development engineer claimed the number one spot, with an average salary of US $173,570, and director of product management was just a few dollars behind, with an average salary of $173,556.

Meanwhile, dev ops manager, machine learning engineer, and cloud engineer salaries are climbing fast, the data showed. All three categories hadnt previously made the top 20. This year, dev ops manager ranked fourth, at $166,488; machine learning engineer ranked 13th at $149,519, and cloud engineer ranked 17th at $146,900.

The entire top 20 is in the table below.

Top 20 jobs in Silicon Valley, as ranked by average yearly salary, November 2016 through October 2017, according to



Job Title

Annual Salary


Product development engineer



Director of product management



Data warehouse architect



DevOps manager



Senior architect




[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation Bugtraq

Posted by security-alert on Jan 18


Document ID: hpesbmu03806en_us
Version: 1

HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized
Disclosure of Information, Unauthorized Modificiation

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...


[security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. Bugtraq

Posted by security-alert on Jan 18


Document ID: hpesbhf03805en_us
Version: 5

HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel,
AMD, and ARM, with Speculative Execution, Elevation of Privilege and
Information Disclosure.

NOTICE: The information in this...


Ubuntu Preparing Kernel Updates With IBRS/IBPB For Spectre Mitigation Phoronix

Canonical has rolled out Spectre Variant One and Spectre Variant Two mitigation to their proposed repository with updated kernels for Ubuntu 14.04 LTS / 16.04 LTS / 17.10. These kernels with IBRS and IBPB added in will be sent down as stable release updates next week...


[slackware-security] bind (SSA:2018-017-01) Bugtraq

Posted by Slackware Security Team on Jan 18

[slackware-security] bind (SSA:2018-017-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/bind-9.10.6_P1-i586-1_slack14.2.txz: Upgraded.
This update fixes a high severity security issue:
Improper sequencing during cleanup can lead to a use-after-free error,...


[security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities Bugtraq

Posted by security-alert on Jan 18


Document ID: c03918632
Version: 3

HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall
Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...


Fedora Makes Progress On Their New Modularity Concept Phoronix

After abandoning their Fedora Server 27 Modular Edition work last year, Fedora developers interested in modularizing Fedora packaging have drawn up new plans that are now approved by the Fedora Council...


[SECURITY] [DSA 4090-1] wordpress security update Bugtraq

Posted by Sebastien Delafond on Jan 18

Debian Security Advisory DSA-4090-1 security () debian org Sebastien Delafond
January 17, 2018

Package : wordpress
CVE ID : CVE-2017-9066 CVE-2017-16510...


Apple chaiOS bug can crash your iPhone, iPad or Mac with a single link TechWorm

This chaiOS text bomb can freeze or lock your iOS and macOS devices

A software developer has discovered a security vulnerability in Apples operating systems (iOS and macOS) that is capable of freezing or crashing your iPhone, Mac or iPad.

Chicago-based software developer Abraham Masri, who originally discovered the bug and posted his findings to GitHub on Tuesday afternoon, warned people not to use it for bad stuff. However, the link started being shared quickly on social media.

The malicious link dubbed as chaiOS text bomb is sent through Apples Message app, which once clicked on redirects the Messages app to a page stored on GitHub, a hosting service for computer code, and then tries to open a huge list of text, which ultimately overloads iOS or macOS and crashes the iPhone, Mac or iPad. It makes the Message app unusable and also deletes all the messages on the device.

The users are reporting effects such as freezing, crashes, restarts and resprings, a process which takes about 10 seconds and returns you to the Lock Screen.

Masri told BuzzFeed News that he discovered the bug while fuzzing with the operating system. In other words, he was trying to enter random characters into its internal code of the operating system so that he could break it.

According to BuzzFeed News, Twitter user @aaronp613, who tested the bug, said that after the link is sent, The device will freeze for a few minutes. Then, most of the time, it resprings. After that, the Messages app wont load any messages and will continue to crash. He tested chaiOS on an iPhone X and iPhone 5S, and said the bug affects iOS versions 10.0 through 11.2.5 beta 5.

Masri said he published the bug to alert Apple: My intention is not to do bad things. My main purpose was to reach out to Apple and say, Hey, youve been ignoring my bug reports. I always report the bug before releasing something.

To this, award-winning computer security expert Graham Cluley wrote...


How digital transformation is reshaping the modern enterprise Help Net Security

F5 Networks announced the results of its 2018 State of Application Delivery report, which shows accelerating multi-cloud deployments are enabling organizations to select the cloud platform that best meets the requirements of a specific application. However, this also increases the challenges many companies face in managing operations and security across multiple clouds as they transform their application portfolio to compete in the digital economy. In this years report, respondents made clear they are heavily focused More

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Thursday, 18 January


Ultra-Thin Memory Storage Device Paves Way for More Powerful Computing SoylentNews

Engineers worldwide have been developing alternative ways to provide greater memory storage capacity on even smaller computer chips. Previous research into two-dimensional atomic sheets for memory storage has failed to uncover their potential -- until now.

A team of electrical engineers at The University of Texas at Austin, in collaboration with Peking University scientists, has developed the thinnest memory storage device with dense memory capacity, paving the way for faster, smaller and smarter computer chips for everything from consumer electronics to big data to brain-inspired computing.

"For a long time, the consensus was that it wasn't possible to make memory devices from materials that were only one atomic layer thick," said Deji Akinwande, associate professor in the Cockrell School of Engineering's Department of Electrical and Computer Engineering. "With our new 'atomristors,' we have shown it is indeed possible."

Made from 2-D nanomaterials, the "atomristors" -- a term Akinwande coined -- improve upon memristors, an emerging memory storage technology with lower memory scalability. He and his team published their findings in the January issue of Nano Letters.

"Atomristors will allow for the advancement of Moore's Law at the system level by enabling the 3-D integration of nanoscale memory with nanoscale transistors on the same chip for advanced computing systems," Akinwande said.


Journal Reference:

Ruijing Ge, Xiaohan Wu, Myungsoo Kim, Jianping Shi, Sushant Sonde, Li Tao, Yanfeng Zhang, Jack C. Lee, Deji Akinwande. Atomristor: Nonvolatile Resistance Switching in Atomic Sheets of Transition Metal Dichalcogenides. Nano Letters, 2017; 18 (1): 434 DOI: 10.1021/acs.nanolett.7b04342

Original Submission

Read more of this story at SoylentNews.


MenuLibre 2.1.4 Released For Menu Editing On GNOME/LXDE/Xfce/Unity Phoronix

MenuLibre is an advanced menu editor that supports not just one desktop environment but GNOME, LXDE, Xfce, Cinnamon, and Unity Linux systems...


Microsoft, Masking/Hiding Itself Behind Patent Trolls, is Still Engaging in Patent Extortion Techrights

Sleight of hand, but extortion is still extortion

Venice masks

Summary: A review of Microsofts ugly tactics, which involve coercion and extortion (for businesses to move to Azure and/or for OEMs to preload Microsoft software) while Microsoft-connected patent trolls help hide the enforcement element in this whole racket

THE new Microsoft is no different from the company we wrote about back in the Boycott Novell days; only the marketing/PR has improved. The patent strategy is still similar; we just dont see Ballmers face anymore. He was at least honest about Microsofts views about GNU/Linux. Nadella just shamelessly lies about those things.

The patent strategy is still similar; we just dont see Ballmers face anymore. He was at least honest about Microsofts views about GNU/Linux. Nadella just shamelessly lies about it.Extortion using patents doesnt work as most people assume; people tend to believe that patents are being used only when theres a lawsuit. But no thats not how it usually works. As United for Patent Reform has just put it: A report by @marklemley @kentrichardson @elosf found a silent tax on #innovation: 70% of #patent-related threats didnt result in litigation, meaning the costs of over-broad litigation never go to court.

For those who have patience and time (the Internet discourages reading of long articles), here is the paper from Professor Lemley, who is renowned for his strong views about patent aggression.

Abstract says:

How often do companies and individuals assert patents outside of litigation? No one knows for sure. The problem is that licensing negotiations and license deals that dont result in litigation are almost invariably kept secret. The result is that patent litigation is like the proverbial tip of the iceberg the observable piece sticking out of the water, but probably not all or even most of what there is. Various people have speculated that unlitigated (and therefore unobserved) assertions are a majority and probably as much as 90% of all patent enforcement.

We wanted to know how often companies were approached to take patent licenses without a lawsuit being filed. So we asked them. Using a simple survey, we got data from dozens of companies about how often they were sued, how often they were ap...


The Dirty Secret of the Fish Oil Supplement Industry Lifeboat News: The Blog

A look back at the most popular life extension articles of 2017.

A controversial study funded by the omega-3 fish oil supplement industry caused the AHA to step in and set the record straight.


Capture the Flag Challenge is the Perfect Gift Hackaday

Nothing says friendship like a reverse engineering challenge on unknown terrain as a birthday present. When [Rikaard] turned 25 earlier this year, his friend [Veydh] put together a Capture the Flag challenge on an ESP8266 for him. As a software guy with no electronics background, [Rikaard] had no idea what he was presented with, but was eager to find out and to document his journey.

Left without guidance or instructions, [Rikaard] went on to learn more about the ESP8266, with the goal to dump its flash content, hoping to find some clues in it. Discovering the board is running NodeMCU and contains some compiled Lua files, he stepped foot in yet another unknown territory that led him down the Lua bytecode rabbit hole. After a detour describing his adjustments for the ESPs eLua implementation to the decompiler he uses, his quest to capture the flag began for real.

While this wasnt [Rikaard]s first reverse engineering challenge, it was his first in an completely unknown environment outside his comfort zone the endurance he demonstrated is admirable. There is of course still a long way down the road before one opens up chips or counts transistors in a slightly more complex system.


Skygofree is the most powerful surveillance tool for Android, Kaspersky says TechWorm

Skygofree Android Spyware Can Steal Almost Everything In Your Mobile

Security researchers at Kaspersky Lab have identified a new sophisticated espionage software for Android, which can gain complete control of users phones and steal information.

The software dubbed as Skygofree is one of the most powerful spyware tools ever seen for Android that display capabilities more reminiscent of Hollywood spy movies, says Kaspersky.

This Android software can trace users location, record audio conversations, intercept SMS, calendar entries, monitor popular apps such as Facebook Messenger, Skype, Viber, and WhatsApp, and even read WhatsApp messages through Accessibility Services. It can also connect a device to a Wi-Fi network controlled by hackers, even when the user has disabled Wi-Fi connections or take photos every time the user unlocks his device. The software can also operate in standby mode.

In practice, this means that attackers can start listening in on victims when, say, they enter the office or visit the CEOs home, said Kaspersky Lab. This lets the victims traffic be collected and analysed.

Although the spyware was identified by Kasperskys researchers at the end of 2017, but its existence dates back to 2014. Apparently, Skygofree has already infected several Italian Android users and the software has evolved considerably during the three year period.

The malware is distributed through fake mobile operator websites, where Skygofree is disguised as an update to improve mobile Internet speed. If a user swallows the bait and downloads the Trojan, it displays a notification that setup is supposedly in progress, conceals itself from the user, and requests further instructions from the command server. Depending on the response, it can download a variety of payloads  the attackers have solutions for almost every occasion, says Kaspersky.

In order to safeguard against the software, Kaspersky firstly recommends users to install apps only from official online stores (such as Play Store, App Store) and disable installation of apps from third-party sources. Secondly, pay attention to misspelled app names, small numbers of downloads, or dubious requests for permissions. Lastly, install a reliable security solution that will protect your device from most suspicious websites, dangerous links, and malicious apps and files.

Source: Kaspersky

The post Skygofree is the most powerful surveillance tool for Android, Kaspersky says appeared first on TechWorm.


VMware and Pivotals PKS Distribution Marries Kubernetes with BOSH

In the cloud-native space, broadly speaking, there are two groups of users: platform operators and developers. And rarely does a new product or service meet the needs of both groups equally well.


Patent Prosecution Highway: Low-Quality Patents for High-Frequency Patent Aggressors Techrights

Patent Prosecution Highway
Reference: Patent Prosecution Highway

Summary: The EPOs race to the bottom of patent quality, combined with a need for speed, is a recipe for disaster (except for litigation firms, patent bullies, and patent trolls)

Patent Prosecution Highway (PPH) is not an EPO thing but an international thing (WIPO et al). The USPTO, for example, has that too. Nevertheless, the EPOs blind embrace of PPH more so in the midst of rushed patent examination gives room for concern, especially with UPC being on the agenda. Its like litigation, not justice, is on the priority list. Patent trolls must absolutely love that.

the EPOs blind embrace of PPH more so in the midst of rushed patent examination gives room for concern, especially with UPC being on the agenda.IAM has just published a sponsored piece* for the patent microcosm in Brazil (Battistelli has some cooperative deals with Brazil, e.g. PPH/validation). What good are patents from Brazil? This has become a subject of great concern because Brazil is possibly copying INPI (France/Battistelli but also the Brazilian Patent and Trademark Office) and may soon grant a patent for every single application. Quality control? Naaaaa who needs that? Just call an emergency and grant everything.

Battistellis EPO is becoming more like INPI (France) over time. Yesterday we saw a whole class of patents getting invalidated (again, just like last year) and lack of proper examination will certainly destroy the value of Brazilian patents/European Patents. A few days ago IAM published this so-called report titled Pulling the plug on INPIs patent backlog and to quote:



Google Futurist Ray Kurzweil Hacks His Body With These Lifeboat News: The Blog

A look back at the most popular life extension articles of 2017.

The futurist Ray Kurzweil takes 100 pills a day to live forever. Heres a list of 80 of the vitamins and supplements that he takes.


Serverless Service Mesh With Kubeless And Istio

As a developer, you may know that maintaining services with different versions and authorization policies within a cluster can be difficult and prone to errors. You must carefully manage all possible routes between all of the services.


Hasselblad's New 400-Megapixel Multi-Shot Camera Captures 2.4GB Stills SoylentNews

Hasselblad's Multi-Shot technology is pretty straightforward: it takes four 100-megapixel images, shifting the sensor by one pixel for each capture, and then two more shots that shift the sensor by half a pixel. By combining all six stills, the resulting file is a single 400-megapixel (23200 x 17400 pixel) 16-bit TIFF file that weighs in at 2.4GB. In fact, the images are large enough that the camera needs to be tethered to a computer to capture them.

[...] The camera will go for $47,995 when it launches in March, compared to the H6D-100c's relatively modest $27,000 price tag.

Story at The Verge.

Original Submission

Read more of this story at SoylentNews.


Joe Rogan & Mel Gibson on Stem Cell Therapy Lifeboat News: The Blog

For your scrutiny. This is about the 90+ year old father of Mel Gibson getting stem cell therapy and Joe Rogan talking about Bas Ruten getting the same. According to this doctor these treatments are not available in the U.S.

Joe Rogan, Mel Gibson and Dr. Neil Riordan talk about stem cell therapy and how it saved Mel Gibsons Dad, on The Joe Rogan Experience, JRE 1066. Full podcast

Joe Rogan discusses stem cell treatment with Mel Gibson and Dr. Neil Riordan. Mel Gibson tells Joe Rogan that his dad was 92 and in terrible shape health wise, so they decided to try stem cell treatment for him and it improved all aspects of his health, from his heart and cognition to his eyesight. Joe Rogan talks about stem cells, Mel Gibsons experience with stem cell therapy, stem cell treatment in Panama and other topics with Mel Gibson and Neil Riordan on the Joe Rogan Experience, JRE #1066.


SUSE Dropping Mainline Work On Their In-Kernel Bootsplash System Phoronix

For those that were excited over the months of ongoing work by SUSE to bring up an in-kernel boot splash system that could be better than Plymouth for at least some use-cases and was interesting many readers, unfortunately it's not panning out for mainline...


R600 Gallium3D Gets Some Last Minute Improvements In Mesa 18.0 Phoronix

These days when Dave Airlie isn't busy managing the DRM subsystem or hacking on the RADV Vulkan driver, he's been spending a fair amount of time on some OpenGL improvements to the aging R600 Gallium3D driver. That's happened again and he's landed some more improvements just ahead of the imminent Mesa 18.0 feature freeze...


Press Coverage About the EPO Board Revoking Broads CRISPR Patent Techrights

DNA Fingerprint

Summary: Even though theres some decent coverage about yesterdays decision (e.g. from The Scientist), the patent microcosm googlebombs the news with stuff that serves to distract from or distort the outcome

YESTERDAY was an important day for the EPO for reasons other than EPO scandals. It was all about a case which we covered in the morning and right after the decision (we had complained about that a long while back).

IAM has apparently not found that worth covering. Says a lot about IAMWe always argued that patent offices should reserve patents to things that are actually inventions, not computer code or genetics (code of life). Pretty much every programmer agrees about the former. A lot of civil rights groups agree with us on the latter. These views are not unusual or outlandish. Nor should they be

The EPO has denied the Broad Institute of MIT and Harvards reliance on its US priority provisional application in revoking a CRISPR patent. The institute has already said it will appeal, Michael Loney wrote some hours ago. Its about the EPO saying goodbye to (probably) all CRISPR patents, for the decision can extend to others.

IAM, which blatantly fronts for patent maximalists, ended up posting for a fee CRISPR propaganda on the very same day EPO buried patents on it. IAM has apparently not found that decision worth covering. Says a lot about IAM

Expect some IAM spin shortly, complete with some highly misleading headline (i.e. the usual).

The EPO has denied the Broad Institute of MIT and Harvards reliance on its US priority provisional application in revoking a CRISPR patent.


Open-Source HDCP Support Gets Extended To More Platforms Phoronix

With the Linux 4.17 kernel (not the upcoming 4.16 cycle) there is likely to be added initial HDCP support to Intel's Direct Rendering Manager driver. Ahead of that this High-bandwidth Digital Content Protection support continues getting improved upon...


How Debuggers Really Work

A debugger is one of those pieces of software that most, if not every, developer uses at least once during their software engineering career, but how many of you know how they actually work? During my talk at 2018 in Sydney, I will be talking about writing a debugger from scratch... in Rust!

In this article, the terms debugger/tracer are interchangeably. "Tracee" refers to the process being traced by the tracer.


Small but Fast: A Miniaturized Origami-Inspired Robot Combines Micrometer Precision With High Speed SoylentNews

Because of their high precision and speed, Delta robots are deployed in many industrial processes, including pick-and-place assemblies, machining, welding and food packaging. [...] Over time, roboticists have designed smaller and smaller Delta robots for tasks in limited workspaces, yet shrinking them further to the millimeter scale with conventional manufacturing techniques and components has proven fruitless.

Reported in Science Robotics, a new design, the milliDelta robot, developed by Robert Wood's team at Harvard's Wyss Institute for Biologically Inspired Engineering and John A. Paulson School of Engineering and Applied Sciences (SEAS) overcomes this miniaturization challenge. By integrating their microfabrication technique with high-performance composite materials that can incorporate flexural joints and bending actuators, the milliDelta can operate with high speed, force, and micrometer precision, which make it compatible with a range of micromanipulation tasks in manufacturing and medicine.

In 2011, inspired by pop-up books and origami, Wood's team developed a micro-fabrication approach that enables the assembly of robots from flat sheets of composite materials. Pop-up MEMS (short for "microelectromechanical systems") manufacturing has since been used for the construction of dynamic centimeter-scale machines that can simply walk away, or, as in the case of the RoboBee, can fly. In their new study, the researchers applied their approach to develop a Delta robot measuring a mere 15 mm-by-15 mm-by-20 mm.

Source: Wyss Institute for Biologically Inspired Engineering at Harvard..

Journal Reference:

Hayley Mcclintock, Fatma Zeynep Temel, Neel Doshi, Je-Sung Koh, and Robert J. Wood. The milliDelta: A high-bandwidth, high-precision, millimeter-scale Delta robot. Science Robotics, 2018 DOI: 10.1126/scirobotics.aar3018

Original Submission

Read more of this story at SoylentNews.


Could science destroy the world? These scholars want to save us from a modern-day Frankenstein Lifeboat News: The Blog

The dozen people working at CSER itselflittle more than a large room in an out-of-the-way building near the universitys occupational health serviceorganize talks, convene scientists to discuss future developments, and publish on topics from regulation of synthetic biology to ecological tipping points. A lot of their time is spent pondering end-of-the-world scenarios and potential safeguards.

A small cadre of scientists worries that lab-made viruses, AI, or nanobots could drive humans to extinction.


UK Government Teaches 7-Year-Olds That Piracy is Stealing TorrentFreak

In 2014, Mike Weatherley, the UK Governments top IP advisor at the time, offered a recommendation that copyright education should be added to the school curriculum, starting with the youngest kids in primary school.

In the years that followed new course material was added, published by the UKs Intellectual Property Office (IPO) with support from the local copyright industry. The teaching material is aimed at a variety of ages, including those who have just started primary school.

Part of the education features a fictitious cartoon band called Nancy and the Meerkats. With help from their manager, they learn key copyright insights and this week several new videos were published, BBC points out.

The videos try to explain concepts including copyright, trademarks, and how people can protect the things theyve created. Interestingly, the videos themselves use names of existing musicians, with puns such as Ed Shealing, Justin Beaver, and the evil Kitty Perry. Even Nancy and the Meerkats appears to be a play on the classic 1970s cartoon series Josie and the Pussycats, featuring a pop band of the same name.

The play on Ed Sheerans name is interesting, to say the least. While hes one of the most popular artists today, he also mentioned in the past that file-sharing made his career.

illegal fire sharing was what made me. It was students in England going to university, sharing my songs with each other, Sheeran said in an interview with CBS last year.

But that didnt stop the IPO from using his likeness for their anti-file-sharing campaign. According to Catherine Davies of IPOs education outreach department, knowledge about key intellectual property issues is a life skill nowadays.

In todays digital environment, even very young people are IP consumers, accessing online digital content independently and regularly, she tells the BBC. A basic understanding of IP and a respect for others IP rights is therefore a key life skill.

While we doubt that these concepts will a...


Smashing Security #061: Fallout over Hawaii missile false alarm Graham Cluley

Smashing Security #061: Fallout over Hawaii missile false alarm

User interfaces and poor procedures lead to pandemonium in Hawaii, hackers are attempting to trick victims into opening cryptocurrency-related email attachments, and yet more pox-ridden apps are found in Android's Google Play store.

All this and much much more is discussed in latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.


Threat actors are delivering the Zyklon Malware exploiting three Office vulnerabilities Security Affairs

Security experts from FireEye have spotted a new strain of the Zyklon malware that has been delivered by using new vulnerabilities in Microsoft Office.

Researchers at FireEye reported the malware was used in attacks against organizations in the telecommunications, financial, and insurance sectors.

Zyklon has been spotted for the first time in 2016, it is a publicly available malware that could be used for multiple purposes such as espionage campaigns, DDoS attacks or to mine cryptocurrency.

FireEye researchers recently observed threat actors leveraging relatively new vulnerabilities in Microsoft Office to spread Zyklon HTTP malware. reads the analysis published by FireEye.

Zyklon is a publicly available, full-featured backdoor capable of keylogging, password harvesting, downloading and executing additional plugins, conducting distributed denial-of-service (DDoS) attacks, and self-updating and self-removal.

The malware is modular, it can download several plugins to implement different features, it may communicate with C&C server over The Onion Router (Tor) network.

In this last campaign, the malicious code has been delivered via spam emails using as a ZIP archive that contains a specially crafted Word document.

The document exploits one of three vulnerabilities in Microsoft Office to deliver a PowerShell script that downloads the final Zyklon payload from a remote server.

Zyklon malware

One of the flaws exploited by the attackers is CVE-2017-8759, a flaw that was fixed by Microsoft in September 2017 after it was exploited by threat actors such as the Cobalt group to deliver malware in attacks wild.

A second triggered by the documents used in the campaign spotted by FireEye is...


Speech Recognition for Linux Gets a Little Closer

It has become commonplace to yell out commands to a little box and have it answer you. However, voice input for the desktop has never really gone mainstream. This is particularly slow for Linux users whose options are shockingly limited, although decent speech support is baked into recent versions of Windows and OS X Yosemite and beyond.


Flying the Friendly Skies with A Hall Effect Joystick Hackaday

There are plenty of PC joysticks out there, but that didnt stop [dizekat] from building his own. Most joysticks mechanically potentiometers or encoders to measure position. Only a few high-end models use Hall effect sensors. Thats the route [dizekat] took.

Hall effect sensors are non-contact devices which measure magnetic fields. They can be used to measure the position and orientation of a magnet. Thats exactly how [dizekat] is using a trio of sensors in his design. The core of the joystick is a universal joint from an old R/C car. The center section of the joint (called a spider) has two one millimeter thick disc magnets glued to it. The Hall sensors themselves are mounted in the universal itself. [Dizekat] used a small piece of a chopstick to hold the sensors in position while he found the zero point and glued them in. A third Hall effect sensor is used to measure a throttle stick positioned on the side of the box.

An Arduino micro reads the sensors and converts the analog signal to USB.  The Arduino Joystick Library by [Matthew Heironimus] formats the data into something a PC can understand.

While this is definitely a rough work in progress, were excited by how much [dizekat] has accomplished with simple hand tools and glue. You dont need a 3D printer, laser cutter, and a CNC to pull off an awesome hack!

If you think Hall effect sensors are just for joysticks, youd be wrong they work as cameras for imaging magnetic fields too!


How to Control Systemd Services on Remote Linux Server

Systemd system and services manager can be controlled using the systemctl command line utility. It enables you to manage systemd locally or on a remote Linux machine over the SSH protocol.

In this short article, we will show you how to manage systemd system and service manager on a remote Linux machine over a SSH session.


First ICEYE-X1 Radar Image from Space Published SoylentNews

Submitted via IRC for boru

ICEYE, the leader in synthetic-aperture radar (SAR) technology for microsatellites providing expanded access to reliable and timely earth observation data, today published the first radar image obtained with the ICEYE-X1 SAR satellite. The image depicts Noatak National Preserve, Alaska, on Monday Jan. 15, at 21:47 UTC. ICEYE-X1 is the worlds first SAR satellite under 100 kg, launched less than a week ago on Jan. 12, 2018 on ISROs PSLV-C40 from Satish Dhawan Space Center in India.

A synthetic-aperture radar (SAR) instrument sends its own radio waves to the ground, creating an image from the energy that scatters back to the instrument. Given this, SAR sensors can provide imaging of the Earth during both day and night, regardless of cloud cover and weather condition.

[...] The full image transmitted to the ground from ICEYE-X1 exceeded 1.2GB of raw data and spans an area of roughly 80 x 40 km on the ground. ICEYE-X1 obtained the image in the span of ten seconds, traveling at a speed of more than 7.5 km/s and at an altitude exceeding 500 km. Matching what ICEYE simulated prior to the launch, the final data resolution from the first satellite reaches 10 x 10 meters.

Source: ICEYE press release

Original Submission

Read more of this story at SoylentNews.


How the whalers of Moby-Dick could help put humans on Mars Terra Forming Terra

Not an obvious connection but this culture endured the same expected conditions and solves the problem of having the correct comparables.
Yes it is worthy.  
On the other hand, i do think we already have gravity ships and the ability to generate one g of thrust which means that a long trip is falling in likelihood and interstellar will be by worm hole soon enough as well....

How the whalers of Moby-Dick could help put humans on Mars

Matthew Bruen  is assistant professor of English at Young Harris College in Georgia.

Edited by Corey S Powell

in the 45 years since the Apollo 17 astronauts placed the last boot prints on the Moon, Mars has loomed as the next target for human exploration of the solar system. NASA, SpaceX and other spacefaring enterprises have repeatedly declared their intentions to go there in the coming years and decades. A crewed mission to Mars will demand expertise from a wide range of disciplines, including physics, engineering, psychology and geology. Less obvious, it will also require us to scrutinise any antecedents that could help us to prepare for one of the most difficult undertakings in history.

Perhaps nothing better prefigures this most daunting and ambitious of quests than the whaling industry of the 18th and 19th centuries. The South Seas fishery hit its peak between roughly 1820 and 1860. Powered by an insatiable desire for whale oil and other whale-based commodities such as umbrellas, corsets and perfume, the industry was at the forefront of the American, British and French economies until petroleum was discovered mid-century. Whaling developed its own maritime practices, its own culture, even its own...


How an Illegal Shipping Container Reshaped the World Economy Terra Forming Terra

 This is a salutary article that reminds us that it is difficult to readily change an entrenched industry.  Think today of education in particular and the baleful influence of teacher unions and regulation.  Yet it has been done over and over again  to our huge advantage.

We are also at that point in history in which governance itself must be reformulated.  We have actually discussed that extensively in this blog as it addresses the ending of poverty.

What is certain reform must come from a rich corporation able to see a way through.  Recall that we have plenty of those.


How an Illegal Shipping Container Reshaped the World Economy

The shipping container is the unappreciated contemporary hero.

by Robert Chovanculiak

New internet technologies and companies fight against the public institutions on various fronts. The media headlines are full of it: They want to ban Uber in London and have already done so in Paris.They want to ban Airbnb in Prague and have de facto banned it in Berlin.The opponents of the sharing economy are accusing it of not following the regulations. The advocates for the sharing economy say that these regulations do not apply to it.

Now, it is not important which of these two camps is right. It is important to realize that this is not the first case of regulation and innovation crashing. Practically every era has had its Uber or Airbnb.The problem is that people are dying and laws are changing, so these examples are long forgotten today.

Container Innovation

An example of this innovation is a standardized cargo container. Today, there are more than 20 million of these containers around the globe and we move practically everything in them. This innovation from the late sixties completely changed the world. It transformed the way the ports are structured and operate, where the factories are built, and how international trade and globalization have developed.

Before the arrival of containers, various goods were transported...


The non-binary brain Terra Forming Terra

The surprising insight is that the brain is the one component that is not differentiated by gender at all and by natural extension the entire nervous system.

Curiously, I should have eventually come to this conclusion myself.  It conforms powerfully to the asexuality of the driving spirit body.  And that immediately provides a new paradigm for understanding all sexual variation in itself.  With the spirit body out of the picture, our physical animal self must make learned modifications to how we operate our bodies and the social communication systems.

This powerfully suggests that hypnotic training at an early age could eliminate homosexual tendencies been imprinted by the individuals community.  In fact it suggests that the whole sexual meme is open to successful therapies..

The non-binary brain

Misogynists are fascinate...


The Hanseatic League: An "Empire" of Commerce Terra Forming Terra

This took honor of place from around 1250 through the sixteenth century.  Now add in the additional great circle route between North America, originally out of Bimini and then out of Georgia and anchored in Scotland and the Mediterranean and you have a vast sea operation all operated by independent merchants mostly never disclosed.

As you are aware we have been digging this all up and the scale of the Georgia mining operation both Bronze Age and surely through Contact as well.

 I do think that the Knights Templar operated the Great Atlantic circle Route and transitioning into the Hanse when the Order was attacked makes perfect sense...

The Hanseatic League: An "Empire" of Commerce


Marcia Christoff-Kurapovna

Once upon a time there was a northern, medieval phenomenon as much the subject of universal myth and curiosity as that of the enchantress city-republics flourishing down south: the Hanseatic League of the mid-13th to 16th centuries. The Hansa (old German for associations) or The League, as it was known, began as a treaty between Lbeck and Hamburg to clear the road of pirates and robbers between the Elbe and the Trave [a river in northern Germany with its delta at the Baltic sea]. It gradually increased to add Cologne and Bremen, later expanding to Gdansk, Riga and Novgorod, finally incorporating Bruges, Brunswick, and many satellite-cities throughout Scandinavia. The main goal of this expansion was to keep the herring fisheries of the Baltic in the hands of the merchant-princes of Lbeck and decidedly out of the hands of Frederick II Hohenstaufen, stupor mundi extraordinaire, who, in 1226, decreed that lovely, gothic-gabled town an Imperial City. Then, too, routes to capture the salt trade to Cyprus were critical. Soon, The League was dominating commercial relations with the Levant, Venice, Spain, France and England in timber, fur, grain, honey, Scandinavian copper and iron, in return for spices, medicine, fruit and wine and cotton. Such is how this loose coalition of Flying Dutchman--capitalists emerged as an empire without a State.



European Commission Hides Copyright Evidence Again SoylentNews

Those who start to scratch the surface, such as Julia Reda German Member of the European Parliament for the Greens/EFA Group and Corporate Europe Observatory (CEO), are uncovering how the EC carefully cherry-picked the evidence that supports their ideological policy choices, whilst withholding evidence going against them. The EC officials must have confused policy-based evidence making with evidence-based policy making.

Just before the 2017 Winter break, MEP Reda uncovered another attempt of the EC to swipe evidence under the carpet. Officials from the EC's DirectorateGeneral for Communications Networks, Content and Technology (DG CNECT) where caught in the act, when they 'kindly' reminded a researcher of the EC's Joint Research Centre (JRC) to not publish a study, contradicting the EC's policy choice, on the highly debated press publishers' right (Article 11) at the request of their hierarchy.

Source : European Commission Hides Copyright Evidence Again

Original Submission

Read more of this story at SoylentNews.


Making A Covox Speech Thing Work On A Modern PC Hackaday

Long ago, when mainframes ruled the earth, computers were mute. In this era before MP3s and MMUs, most home computers could only manage a simple beep or two. Unless you had an add-on device like the Covox Speech Thing, that is. This 1986 device plugged into your parallel port and allowed you to play sound. Glorious 8-bit, mono sound. [Yeo Kheng Meng] had heard of this device, and wondered what it would take to get it running again on a modern Linux computer. So he found out in the best possible way: by doing it.

The Covox Speech Thing is a very simple device, a discrete component digital-to-analog converter (DAC) that uses computer parallel port. This offers 8 data pins, and the Covox couples each of these to a resistor of different value. Tie the output of these resistors together, then raise the voltage on different pins and you create an analog voltage level from digital data. Do this repeatedly, and you get an audio waveform. Its a simple device that can create the waveform with a sampling frequency as fast as the parallel port can send data. It isnt as Hi-Fi as modern sound cards, but it was a lot better than a bleep.  If you dont have one lying around, weve covered how to build your own.

The main problem that [Yeo Keng Meng] found with writing a program to drive this device is the sophistication of modern computers. Most of the time, devices like parallel ports are hidden behind drivers and buffers that control the flow of data. That makes things simple for the programmer: they can let the driver take care of the tedious details. This device requires a more direct approach: the data has to be written out to the parallel port at the right frequency to create the waveform. If there is any buffering or other fiddling about, this timing is off and it doesnt work. [Yeos] code gets around this by writing the data (created from an MP3 file) directly to the parallel port address in memory. That only really works in Linux, though: it is much harder to do in OSes like Windows that do their best to keep you away from the hardware. Its arguable if that is a good or a bad thing, but [Yeo] has done a nice job of writing up his work in a way that might intrigue a modern hacker trying to understand how things in the past were both simpler and more complicated at the same time.


KillaMuvz, the creator of the Cryptex tool family pleads guilty to running malware services Security Affairs

The Briton Goncalo Esteves (24), also known as KillaMuvz, has pleaded guilty to charges related to creating and running malware services.


Purdue University to Lead National Center for Brain-Inspired Computing SoylentNews

New C-BRIC Center Will Tackle Brain-Inspired Computing

Purdue University will lead a new national center to develop brain-inspired computing for intelligent autonomous systems such as drones and personal robots capable of operating without human intervention.

The Center for Brain-inspired Computing Enabling Autonomous Intelligence, or C-BRIC, is a five-year project supported by $27 million in funding from the Semiconductor Research Corp (SRC) via their Joint University Microelectronics Program, which provides funding from a consortium of industrial sponsors as well as from the Defense Advanced Research Projects Agency. The SRC operates research programs in the United States and globally that connect industry to university researchers, deliver early results to enable technological advances, and prepare a highly-trained workforce for the semiconductor industry. Additional funds include $3.96 million from Purdue and as well as support from other participating universities. At the state level, the Indiana Economic Development Corporation will be providing funds, pending board approval, to establish an intelligent autonomous systems laboratory at Purdue.

[...] Autonomous intelligent systems will require real-time closed-loop control, leading to new challenges in neural algorithms, software and hardware," said Venkataramanan (Ragu) Balakrishnan, Purdue's Michael and Katherine Birck Head and Professor of Electrical and Computer Engineering. "Purdue's long history of preeminence in related research areas such as neuromorphic computing and energy-efficient electronics positions us well to lead this effort."

It's neuro-inspired.

Original Submission

Read more of this story at SoylentNews.


Pentagon Plans Citywide Drone-Catching Dragnets Lifeboat News: The Blog

It may take a drone to hunt a drone in the system that DARPA could begin testing later this year.


In Wake of Logan Paul Controversy, YouTube Tightens Monetization Thresholds for Smaller Channels SoylentNews

YouTube is shaving off more of the smaller channels from its monetization program:

YouTube is tightening the rules around its partner program and raising the requirements that a channel/creator must meet in order to monetize videos. Effective immediately, to apply for monetization (and have ads attached to videos), creators must have tallied 4,000 hours of overall watch time on their channel within the past 12 months and have at least 1,000 subscribers. YouTube will enforce the new eligibility policy for all existing channels as of February 20th, meaning that channels that fail to meet the threshold will no longer be able to make income from ads.

Previously, the standard for joining YouTube's Partner Program was 10,000 public views without any specific requirement for annual viewing hours. This change will no doubt make it harder for new, smaller channels to reach monetization, but YouTube says it's an important way of buying itself more time to see who's following the company's guidelines and disqualify "bad actors."

[...] The new, stricter policy comes after Logan Paul, one of YouTube's star creators and influencers, published a video that showed a dead body in Japan's Aokigahara forest. Last week, YouTube kicked Paul off its Google Preferred ad program and placed his YouTube Red original programming efforts on hold.

Anyone under 1,000 subscribers and 4,000 total hours watched annually would probably be making a pittance anyway. This change could allow YouTube to put more human eyes on the unruly but popular channels, so it can censor suicide forest vlogs (NSFW) in record time.

Read more of this story at SoylentNews.


NEW 'Off The Hook' ONLINE 2600 - 2600: The Hacker Quarterly

NEW 'Off The Hook' ONLINE

Posted 18 Jan, 2018 3:04:24 UTC

The new edition of Off The Hook from 17/01/2018 has been archived and is now available online.


Philip K. Dick and the Fake Humans Lifeboat News: The Blog

Standard utopias and standard dystopias are each perfect after their own particular fashion. We live somewhere queasiera world in which technology is developing in ways that make it increasingly hard to distinguish human beings from artificial things. The world that the Internet and social media have created is less a system than an ecology, a proliferation of unexpected niches, and entities created and adapted to exploit them in deceptive ways. Vast commercial architectures are being colonized by quasi-autonomous parasites. Scammers have built algorithms to write fake books from scratch to sell on Amazon, compiling and modifying text from other books and online sources such as Wikipedia, to fool buyers or to take advantage of loopholes in Amazons compensation structure. Much of the worlds financial system is made out of botsautomated systems designed to continually probe markets for fleeting arbitrage opportunities. Less sophisticated programs plague online commerce systems such as eBay and Amazon, occasionally with extraordinary consequences, as when two warring bots bid the price of a biology book up to $23,698,655.93 (plus $3.99 shipping).

In other words, we live in Philip K. Dicks future, not George Orwells or Aldous Huxleys. Dick was no better a prophet of technology than any science fiction writer, and was arguably worse than most. His imagined worlds jam together odd bits of fifties and sixties California with rocket ships, drugs, and social speculation. Dick usually wrote in a hurry and for money, and sometimes under the influence of drugs or a recent and urgent personal religious revelation.

Still, what he captured with genius was the ontological unease of a world in which the human and the abhuman, the real and the fake, blur together. As Dick described his work (in the opening essay to his 1985 collection, I Hope I Shall Arrive Soon):


Speech Recognition For Linux Gets A Little Closer Hackaday

It has become commonplace to yell out commands to a little box and have it answer you. However, voice input for the desktop has never really gone mainstream. This is particularly slow for Linux users whose options are shockingly limited, although decent speech support is baked into recent versions of Windows and OS X Yosemite and beyond.

There are four well-known open speech recognition engines: CMU Sphinx, Julius, Kaldi, and the recent release of Mozillas DeepSpeech (part of their Common Voice initiative). The trick for Linux users is successfully setting them up and using them in applications. [Michael Sheldon] aims to fix that at least for DeepSpeech. Hes created an IBus plugin that lets DeepSpeech work with nearly any X application. Hes also provided PPAs that should make it easy to install for Ubuntu or related distributions.

You can see in the video below that it works, although [Michael] admits it is just a starting point. However, the great thing about Open Source is that armed with a working set up, it should be easy for others to contribute and build on the work hes started.

IBus is one of those pieces of Linux that you dont think about very often. It abstracts input devices from programs, mainly to accommodate input methods that dont lend themselves to an alphanumeric keyboard. Usually this is Japanese, Chinese, Korean, and other non-Latin languages. However, theres no reason IBus cant handle voice, too.

Oddly enough, the most common way you will see Linux computers handle speech input is to bundle it up and send it to someone like Google for translation despite there being plenty of horsepower to handle things locally. If you arent too picky about flexibility, even an Arduino can do it. With all the recent tools aimed at neural networks, the speech recognition algorithms arent as big a problem as finding a sufficiently broad training database and then integrating the data with other applications. This IBus plugin takes care of that last problem.


Why Your Biology Runs on Feelings - Issue 56: Perspective Nautilus

I have long been interested in human affectthe world of emotions and feelingsand have spent many years investigating it: why and how we emote, feel, use feelings to construct ourselves; how feelings assist or undermine our best intentions; why and how brains interact with the body to support such functions.

As for the idea, it is very simple: feelings have not been given the credit they deserve as motives, monitors, negotiators of human cultural endeavors. Humans have distinguished themselves from all other beings by creating a spectacular collection of objects, practices, and ideas, collectively known as cultures. The collection includes the arts, philosophical inquiry, moral systems and religious beliefs, justice, governance, economic institutions, and technology and science. Why and how did this process begin?

A frequent answer invokes an important faculty of the human mindverbal languagealong with distinctive features such as intense sociality and superior intellect. For those who are biologically inclined the answer also includes natural selection operating at the level of genes. I have no doubt that intellect, sociality, and language have played key roles in the process, and it goes without saying that the organisms capable of cultural invention, along with the specific faculties used in the
Read More

Antonio Damasio Tells Us Why Pain Is Necessary - Issue 56: Perspective Nautilus

Following Oliver Sacks, Antonio Damasio may be the neuroscientist whose popular books have done the most to inform readers about the biological machinery in our heads, how it generates thoughts and emotions, creates a self to cling to, and a sense of transcendence to escape by. But since he published Descartes Error in 1994, Damasio has been concerned that a central thesis in his books, that brains dont define us, has been muted by research that states how much they do. To Damasios dismay, the view of the human brain as a computer, the command center of the body, has become lodged in popular culture.

In his new book, The Strange Order of Things, Damasio, a professor of neuroscience and the director of the Brain and Creativity Institute at the University of Southern California, mounts his boldest argument yet for the egalitarian role of the brain. In Why Your Biology Runs on Feelings, another article in this chapter of Nautilus, drawn from his new book, Damasio tells us mind and brain influence the body proper just as much as the body proper can influence the brain and the mind. They are merely two aspects of the very same
Read More

What Does Any of This Have To Do with Physics? - Issue 56: Perspective Nautilus

Have you ever been happy?

My girlfriend asked me that question, after work over drinks at some shiny Manhattan bar, after another stressful day on the trading floor.

How to answer that? I knew she was talking about work, but how unhappy did she think I was? I took a sip of single malt scotch and scrolled back through time in my mind until I had it.

It was the spring of 93, 16 years earlier, at the University of Rochester, where I went to graduate school for physics. An afternoon that I can play back like a home movie. Its a bright sunny day in the wake of one of Rochester, New Yorks typically brutal winters. The sky is blue, the clouds are cotton balls, and sunlight shimmers off the deep green leaves of the grass, bushes, and oak trees of campus, all freshly nourished by the recently melted snow. Undergraduates are out in shorts on the quad, some gathered on steps, others tossing Frisbees, all surrounded by ivy-covered halls of red brick and gray stone, including Bausch and Lomb Hall, home of the physics department. Im in the dining room of the universitys Faculty Club, where the daylight
Read More


Ex-CIA Officer Arrested, Suspected of Compromising Chinese Informants SoylentNews

Ex-CIA officer arrested for retaining classified information

A former Central Intelligence Agency officer was arrested at a U.S. airport on Monday night in connection with charges that he illegally retained highly classified information, the U.S. Justice Department said Tuesday.

Jerry Chun Shing Lee, a U.S. citizen who now lives in Hong Kong, used to maintain a top secret clearance and began working for the CIA in 1994.

The Justice Department said that in 2012, FBI agents searched his hotel rooms during trips to Virginia and Hawaii. They discovered he had two small books containing handwritten information on details such as the true names and numbers of spy recruits and covert CIA employees.

Ex-C.I.A. Officer Suspected of Compromising Chinese Informants Is Arrested

A former C.I.A. officer suspected by investigators of helping China dismantle United States spying operations and identify informants has been arrested, the Justice Department said on Tuesday. The collapse of the spy network was one of the American government's worst intelligence failures in recent years.

You may remember this story: CIA Informants Imprisoned and Killed in China From 2010 to 2012

Also at BBC, SCMP, and Washington Post (archive).

Original Submission

Read more of this story at SoylentNews.


Server Reboots (lithium, sodium, boron) Site Down for ~10 Minutes Starting at 2018-01-18 at 0900 UTC SoylentNews

Linode (our server provider) is continuing with their server reboots to mitigate Meltdown/Spectre. This time, three of our servers are scheduled to be rebooted at the same time: lithium, sodium, and boron.

From TMB's update to our earlier story System Reboots: beryllium reboot successful; lithium, sodium, and boron soon to come [updated]:

[TMB Note]: Sodium is our currently-configured load balancer and we weren't given enough notice to switch to Magnesium (DNS propagation can take a while), so expect ten minutes or less of site downtime. Or temporarily add to your hosts file if ten minutes is more than you can wait.

This reboot is scheduled for: 2018-01-18 at 0900 UTC (0400 EST). That is about 7 hours from the time this story goes 'live'. We anticipate no problems... that the site should resume operations on its own.

A workaround is to temporarily update your hosts file to include:

Upcoming: We just learned that hydrogen is scheduled for a reboot on 2018-01-19 at 05:00 AM UTC. Since we can get by just fine for a few hours on one web frontend though, no service interruption is anticipated.

Original Submission

Read more of this story at SoylentNews.


[$] Weekly Edition for January 18, 2018

The Weekly Edition for January 18, 2018 is available.


Arch Linux vs. Antergos vs. Clear Linux vs. Ubuntu Benchmarks Phoronix

Last week when sharing the results of tweaking Ubuntu 17.10 to try to make it run as fast as Clear Linux, it didn't take long for Phoronix readers to share their opinions on Arch Linux and the request for some optimized Arch Linux benchmarks against Clear Linux. Here are some results of that testing so far in carrying out a clean Arch Linux build with some basic optimizations compared to using Antergos Minimal out-of-the-box, Ubuntu Server, and Clear Linux.


The Thunderbird Redesign Survey SoylentNews

Mozilla is asking for feedback about Thunderbird and threatening a redesign. Thunderbird is the most feature-rich of the GUI mail clients, but as a result also has a lot of cruft. The goal of the survey is to learn what Thunderbird users think about the current design, what are the biggest drawbacks, what potential changes should there be, and so on. The claim is that the information will be considered before any actual changes are made to the program itself.

See also Bryan Lunduke's interview with newly fledged Thunderbird developer Ryan Sypes about future directions:

So if you rely on Thunderbird for any part of your work flow, speak up now before it ends up unusable trash like M$ Outlook or Apple Mail.

Original Submission

Read more of this story at SoylentNews.


Beyond Falsifiability Not Even Wrong

Sean Carroll has a new paper out defending the Multiverse and attacking the naive Popperazi, entitled Beyond Falsifiability: Normal Science in a Multiverse. He also has a
Beyond Falsifiability blog post here.

Much of the problem with the paper and blog post is that Carroll is arguing against a straw man, while ignoring the serious arguments about the problems with multiverse research. The only explanation of the views he is arguing against is the following passage:

a number of highly respected scientists have objected strongly to the idea, in large part due to a conviction that what happens outside the universe we can possibly observe simply shouldnt matter [4, 5, 6, 7]. The job of science, in this view, is to account for what we observe, not to speculate about what we dont. There is a real worry that the multiverse represents imagination allowed to roam unfettered from empirical observation, unable to be tested by conventional means. In its strongest from, the objection argues that the very idea of an unobservable multiverse shouldnt count as science at all, often appealing to Karl Poppers dictum that a theory should be falsifiable to be considered scientific.

The problem here is that none of those references contain anything like the naive argument that if we cant observe something, it simply shouldnt matter, or one should not speculate about it, or it shouldnt count as science at all. His reference 7 is to this piece by George Ellis at Inference, which has nothing like such arguments, and no invocation of falsifiability or Popper. Carroll goes on to refer approvingly to a response to Ellis by Daniel Harlow published as a letter to Inference, but ignores Elliss response, which includes:

The process of scienceexploring cosmology options, including the possible existence or not of a multiverseis indeed what should happen. The scientific result is that there is no unique observable output predicted in multiverse proposals. This is because, as is often stated by proponents, anything that can happen does happen in most multiverses. Having reached this point, one has to step back and consider the scientific status of claims for their existence. The process of science must include this evaluation as well.

Ellis here is making the central argument that Carroll refuses to acknowledge: the problem with the multiverse is that its an empty idea, predicting nothing. It is functioning not as what we would like from science, a testable explanation, but as an untestable excuse for not being able to predict anything. In defense of empty m...


Recreating the Radio from Portal Hackaday

If youve played Valves masterpiece Portal, theres probably plenty of details that stick in your mind even a decade after its release. The song at the end, GLaDOS, The cake is a lie, and so on. Part of the reason people are still talking about Portal after all these years is because of the imaginative world building that went into it. One of these little nuggets of creativity has stuck with [Alexander Isakov] long enough that it became his personal mission to bring it into the real world. No, it wasnt the iconic portal gun or even one of the oft-quoted robotic turrets. Its that little clock that plays a jingle when you first start the game.

The model he created of the Portal radio in Fusion 360...


Container and Serverless Predictions for 2018 With Lucas Carlson [Audio] Gregarious Mammal

Check out this interview with Automic's Lucas Carlson about 2018 predictions for the container and serverless space, especially Docker.


New macOS malware hijacks DNS settings and takes screenshots HackRead

By Waqas

The general perception about Apple devices is that they are

This is a post from Read the original post: New macOS malware hijacks DNS settings and takes screenshots


Can We Live to 120 On Metformin? Lifeboat News: The Blog

A look back at the most popular life extension articles of 2017.

Review of metformin and anti-aging medicine. Metformin was shown to be anti-aging in diabetics. The TAME study wants to do same for all of us.


Overnight Tech: Tech giants detail fight against extremist content | Senate Dems look for 51st vote on net neutrality | House to hold hearing on Hawaii missile alert | Twitter to notify users who saw Russian 2016 content The Hill: Technology Policy

TECH GIANTS TESTIFY ON FIGHT AGAINST EXTREMISTS: Representatives from Facebook, YouTube and Twitter testified before lawmakers on Capitol Hill Wednesday about extremist content on their platforms.At a Senate Commerce, Science and Transportation...


U.S. Lawmakers Urge AT&T to Cut Ties With Huawei SoylentNews

Exclusive: U.S. lawmakers urge AT&T to cut commercial ties with Huawei - sources

U.S. lawmakers are urging AT&T Inc, the No. 2 wireless carrier, to cut commercial ties to Chinese phone maker Huawei Technologies Co Ltd and oppose plans by telecom operator China Mobile Ltd to enter the U.S. market because of national security concerns, two congressional aides said.

[...] Earlier this month, AT&T was forced to scrap a plan to offer its customers Huawei handsets after some members of Congress lobbied against the idea with federal regulators, sources told Reuters.

The U.S. government has also blocked a string of Chinese acquisitions over national security concerns, including Ant Financial's proposed purchase of U.S. money transfer company MoneyGram International Inc.

The lawmakers are also advising U.S. firms that if they have ties to Huawei or China Mobile, it could hamper their ability to do business with the U.S. government, one aide said, requesting anonymity because they were not authorized to speak publicly.

Related: NSA Spied on Chinese Government and Huawei
Kaspersky Willing to Hand Source Code Over to U.S. Government
Kaspersky Lab has been Working With Russian Intelligence
FBI Reportedly Advising Companies to Ditch Kaspersky Apps
Federal Government, Concerned About Cyberespionage, Bans Use of Kaspersky Labs Products

Original Submission

Read more of this story at SoylentNews.


Satori variant hacks into mining rigs, steals ETH by replacing wallet address Help Net Security

Qihoo 360 Netlab researchers warn about a new variant of the Satori malware that apparently goes after ether (ETH) mining rigs. The malware The malware, dubbed Satori.Coin.Robber, started to reestablish the Satori botnet sinkholed last December, but also hacks into Windows-based mining hosts running the popular Claymore Miner software. Older versions of the Claymore Miner provide a remote monitoring and management interface on port 3333, which by default allow remote reading for mining status, the More


Flapjack Helps Developers Work On Components Inside Flatpak Phoronix

Endless OS developer Philip Chimento has developed Flapjack as a means of helping developers work on Flatpak...


LLVM 6.0-RC1 Makes Its Belated Debut Phoronix

While LLVM/Clang 6.0 was branched earlier this month and under a feature freeze with master/trunk moving to LLVM 7.0, two weeks later the first release candidate is now available...


Privacy expectations and the connected home Matthew Garrett

Traditionally, devices that were tied to logins tended to indicate that in some way - turn on someone's xbox and it'll show you their account name, run Netflix and it'll ask which profile you want to use. The increasing prevalence of smart devices in the home changes that, in ways that may not be immediately obvious to the majority of people. You can configure a Philips Hue with wall-mounted dimmers, meaning that someone unfamiliar with the system may not recognise that it's a smart lighting system at all. Without any actively malicious intent, you end up with a situation where the account holder is able to infer whether someone is home without that person necessarily having any idea that that's possible. A visitor who uses an Amazon Echo is not necessarily going to know that it's tied to somebody's Amazon account, and even if they do they may not know that the log (and recorded audio!) of all interactions is available to the account holder. And someone grabbing an egg out of your fridge is almost certainly not going to think that your smart egg tray will trigger an immediate notification on the account owner's phone that they need to buy new eggs.

Things get even more complicated when there's multiple account support. Google Home supports multiple users on a single device, using voice recognition to determine which queries should be associated with which account. But the account that was used to initially configure the device remains as the fallback, with unrecognised voices ended up being logged to it. If a voice is misidentified, the query may end up being logged to an unexpected account.

There's some interesting questions about consent and expectations of privacy here. If someone sets up a smart device in their home then at some point they'll agree to the manufacturer's privacy policy. But if someone else makes use of the system (by pressing a lightswitch, making a spoken query or, uh, picking up an egg), have they consented? Who has the social obligation to explain to them that the information they're producing may be stored elsewhere and visible to someone else? If I use an Echo in a hotel room, who has access to the Amazon account it's associated with? How do you explain to a teenager that there's a chance that when they asked their Home for contact details for an abortion clinic, it ended up in their parent's activity log? Who's going to be the first person divorced for claiming that they were vegan but having been the only person home when an egg was taken out of the fridge?

To be clear, I'm not arguing against the design choices involved in the implementation of these devices. In many cases it's hard to see how the desired functionality could be implemented without this sort of issue arising. But we're gradually shifting to a place where the data we generate is not only available to corporations who probably don't care about us as individuals, it's also becoming available to people who own the more priva...


Bipartisan group of senators ask Trump to fund broadband in infrastructure plan The Hill: Technology Policy

A bipartisan group of senators is urging President Trump to include funding for expanding broadband access to rural communities in his infrastructure plan.Sens. Shelley Moore Capito (R-W.Va.), Angus King (I-Maine), Amy Klobuchar (D-Minn.), Heidi...


Friday Free Software Directory IRC meetup: January 19th starting at 12:00 p.m. EST/17:00 UTC FSF blogs

Help improve the Free Software Directory by adding new entries and updating existing ones. Every Friday we meet on IRC in the #fsf channel on

When a user comes to the Directory, they know that everything in it is free software, has only free dependencies, and runs on a free OS. With over 16,000 entries, it is a massive repository of information about free software.

While the Directory has been and continues to be a great resource to the world for many years now, it has the potential to be a resource of even greater value. But it needs your help! And since it's a MediaWiki instance, it's easy for anyone to edit and contribute to the Directory.

This week we're back to adding new packages. While we recently surpassed the 16,000 entry milestone, there's still a long ways to go before the Directory is fully up to speed. In addition to working on adding individual packages, we'll be continuing our search for help with the Directory import project, which could help add thousands of packages in one blow.

If you are eager to help, and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today! There are also weekly Directory Meeting pages that everyone is welcome to contribute to before, during, and after each meeting.


Why Russia is Building Its Own Internet IEEE Spectrum Recent Content full text

The Kremlin has a bold plan to protect itself from possible external influence Photo: Alexander Zemlianichenko/Reuters

Last November, news emerged that Russian president Vladimir Putin had approved a plan to create an independent Internet by 1 August 2018, first reported by the Russian news agency, RT. The alternate Internet would be used by BRICS nationsBrazil, Russia, India, China, and South Africaand shield them from possible external influence, the Kremlins press secretary, Dmitry Peskov, told RT.

We all know who the chief administrator of the global Internet is, Peskov said. And due to its volatility, we have to think about how to ensure our national security.

Putting aside for the moment Peskovs insinuation that the chief administrator of the Internet, the Internet Corporation for Assigned Names and Numbers(ICANN), which abides by Californias state laws, would mess around with Russias access to the network, the question remains: Could Russia create its own alternate Internet?

The answer to your question is yes, says David Conrad, chief technology officer for ICANN. The Internets protocols are openly available and, because its a network of interconnected networks, its entirely possible to recreate a different network of interconnected networks, he says.

Hypothetically, if Russia wanted to do that, it would need to duplicate the hardware and software that currently manages Internet traffic. That would likely involve setting up computer servers, copying existing databases, updating security features, and reconfiguring some existing technologyin essence, theyd need their own Domain Name System (DNS), the essential technology that underlies the existing Internet and, among other things, translates domain names (such as <>) into the computer-readable numbers that make up a domains Internet Protocol (IP) address.

For an independent Internet, Russia would have to establish three main components. Theyd need a name space, which is a structure that organizes...


Laptop and Phone Convergence at CES SoylentNews

New laptops are drawing upon features/attributes associated with smartphones, such as LTE connectivity, ARM processors, (relatively) high battery life, and walled gardens:

This year's crop of CES laptops -- which we'll define broadly to include Windows-based two-in-one hybrids and slates -- even show signs of a sudden evolutionary leap. The long-predicted PC-phone convergence is happening, but rather than phones becoming more like computers, computers are becoming more like phones.

The most obvious way this is happening is the new breed of laptops that ditch the traditional Intel (and sometimes AMD) processors for new Snapdragon processors from Qualcomm. So far, we've seen three of these Snapdragon systems announced: the HP Envy x2, the Asus NoveGo and the Lenovo Miix 630.

[...] There's another take on phone-laptop convergence happening here at CES. Razer, the PC and accessory maker, always brings one or two inventive prototypes to CES, such as last year's triple-screen Project Valerie laptop. The concept piece for CES 2018 is Project Linda, a 13-inch laptop shell, with a large cutout where the touchpad would normally be. You drop a Razer Phone in that slot, press a button, and the two pieces connect, with the laptop body acting as a high-end dock for the phone. The phone acts as a touchpad and also a second screen, and it works with the growing number of Android apps that have been specially formatted for larger laptop screens or computer monitors.

Related: Symetium Launches Crowdfunding Campaign for a "Smartphone...


Improvising An EPROM Eraser Hackaday

Back in the old days, when we were still twiddling bits with magnetized needles, changing the data on an EPROM wasnt as simple as shoving it in a programmer. These memory chips were erased with UV light shining through a quartz window onto a silicon die. At the time, there were neat little blacklights in a box sold to erase these chips. Theres little need for these chip erasers now, so how do you erase and program a chip these days? Build your own chip eraser using components that would have blown minds back in the 70s.

[Charles] got his hands on an old 2764 EPROM for a project, but this chip had a problem there was still data on it. Fortunately, old electronics are highly resistant to abuse, so he pulled out the obvious equipment to erase this chip, a 300 watt tanning lamp. This almost burnt down the house, and after a second round of erasing of six hours under the lamp, there were still unerased bits.

Our ability to generate UV light has improved dramatically over the last fifty years, and [Charles] remembered he had an assortment of LEDs, including a few tiny 5mW UV LEDs. Can five milliwatts do what three hundred watts couldnt? Yes; the LED had the right frequency to flip a bit, and erasing an EPROM is a function of intensity and time. All you really need to do is shine a LED onto a chip for a few hours.

With this vintage chip erased, [Charles] slapped together an EPROM programmer with a programming voltage of 21V out of an ATMega and a bench power supply. It eventually worked, allowing [Charles] project, a vintage liquid crystal display, to have the right data using vintage-correct parts.


One Identity acquires Balabit to bolster PAM solutions Help Net Security

One Identity announced the acquisition of Balabit, terms of the transaction were not disclosed. Balabits PAM solution provides protection from threats posed by high-risk, privileged accounts, while its privileged account analytics solution provides an additional layer of protection by collecting and analyzing data from privileged sessions to help identify anomalous activity. Currently, Balabits session management technology is embedded into the recently announced One Identity Safeguard solution through an OEM partnership. With this acquisition, One Identity More


RubyMiner Monero Cryptominer affected 30% of networks worldwide in just 24h Security Affairs

Security researchers at Check Point have spotted a malware family dubbed RubyMiner that is targeting web servers worldwide in an attempt to exploit their resources to mine Monero cryptocurrency.

RubyMiner, was first spotted last week when a massive campaign targeted web servers worldwide, most of them in the United States, Germany, United Kingdom, Norway, and Sweden.

The experts believe that a single lone attacker is behind the attacks, in just one day he attempted to compromise nearly one-third of networks globally.

In the last 24 hours, 30% of networks worldwide have experienced compromise attempts by a crypto-miner targeting web servers. read the analysis from Check Point.

During that period, the lone attacker attempted to exploit 30% of all networks worldwide to find vulnerable web servers in order to mobilize them to his mining pool. Among the top countries targeted are the United States, Germany, United Kingdom, Norway and Sweden, though no country has gone unscathed.


The malware targets both Windows and Linux servers, attempting to exploit old vulnerabilities in PHP, Microsoft IIS, and Ruby on Rails to deploy the Monero miner.

The Italian security firm Certego noticed the same attacks that began on January 10.

Our threat intelligence platform has been logging a huge spike in ruby http exploiting since yesterday (10 January) at 23:00. states the report published by Certego.

The exploit has been trying to leverage a fairly old CVE (CVE-2013-0156) that allows remote code execution. The following public Emerging Threat signature cover the exploit:

The attack doesnt appear very sophisticated, the hacker did not attempt to conceal his operations, but it was focused on infecting the larger number of servers in the shortest time.

Surprisingly, by using old vulnerabilities published and patched in 201...


Twitter to inform users exposed to content from Russian accounts The Hill: Technology Policy

Twitter said on Wednesday that it would let users know if they had been exposed to Russian accounts attempting to influence the 2016 presidential election.Twitter's director of public policy, Carlos Monje, told Sen. Richard Blumenthal (D-Conn...


US hospital paid $55,000 ransom to hackers despite having backups Help Net Security

A US hospital has decided to pay a ransom of 4 bitcoin to regain access to some 1,400 files locked by attackers. Hancock Health, a regional hospital based in Greenfield, Indiana, said theyd noticed the attack the evening of Thursday, January 11, when employees got locked out of systems and were faced with the ransom note. Through the effective teamwork of the Hancock technology team, an expert technology consulting group, and our clinical team, Hancock More


Congress Questions Chipmakers About Meltdown and Spectre SoylentNews

Vox Media website reports that Rep. Jerry McNerney (D-CA) wants answers about the recent computer chip chaos.

Congress is starting to ask hard questions about the fallout from the Meltdown and Spectre vulnerabilities. Today, Rep. Jerry McNerney (D-CA) sent a letter [(pdf)] requesting a briefing from Intel, AMD, and ARM about the vulnerabilities impact on consumers.

[...] The two vulnerabilities are glaring warning signs that we must take cybersecurity more seriously, McNerney argues in the letter. Should the vulnerabilities be exploited, the effects on consumers privacy and our nations economy and security would be absolutely devastating.

Privately disclosed to chipmakers in June of 2016, the Meltdown and Spectre bugs became public after a haphazard series of leaks earlier this month. In the aftermath, there have been significant patching problems, including an AMD patch that briefly prevented Windows computers from booting up. Intel in particular has come under fire for inconsistent statements about the impact of the bugs, and currently faces a string of proposed class-action lawsuits relating to the bugs.

Meltdown can be fixed through a relatively straightforward operating-system level patch, but Spectre has proven more difficult, and there have been significant patching problems in the aftermath. The most promising news has been Googles Retpoline approach, which the company says can protect against the trickiest Spectre variant with little negative performance impact.

The letter calls on the CEOs of Intel, AMD, and ARM to answer (among other things) when they learned about these problems and what they are doing about it.

Original Submission

Read mo...


Some Basic Rules for Securing Your IoT Stuff Krebs on Security

Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured Internet of Things or IoT devices. Loosely defined as any gadget or gizmo that connects to the Internet but which most consumers probably wouldnt begin to know how to secure, IoT encompasses everything from security cameras, routers and digital video recorders to printers, wearable devices and smart lightbulbs.

Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesnt have to be so bleak. Heres a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

-Rule #1: Avoid connecting your devices directly to the Internet either without a firewall or in front it, by poking holes in your firewall so you can access them remotely. Putting your devices in front of your firewall is generally a bad idea because many IoT products were simply not designed with security in mind and making these things accessible over the public Internet could invite attackers into your network. If you have a router, chances are it also comes with a built-in firewall. Keep your IoT devices behind the firewall as best you can.

-Rule #2: If you can, change the things default credentials to a complex password that only you will know and can remember. And if you do happen to forget the password, its not the end of the world: Most devices have a recessed reset switch that can be used to restore to the thing to its factory-default settings (and credentials). Heres some advice on picking better ones.

I say if you can, at the beginning of Rule #2 because very often IoT devices particularly security cameras and DVRs are so poorly designed from a security perspective that even changing the default password to the things built-in Web interface does nothing to prevent the things from being reachable and vulnerable once connected to the Internet.

Also, many of these devices are found to have hidden, undocumented backdoor accounts that attackers can use to remotely control the devices. Thats why Rule #1 is so important.

-Rule #3: Update the firmware. Hardware vendors sometimes make available security updates...


Facebook, Twitter, YouTube detail fight against extremists at Senate hearing The Hill: Technology Policy

Representatives from Facebook, YouTube and Twitter faced lawmakers on Capitol Hill on Wednesday to give testimony about extremist content on their platforms.At a Senate Commerce, Science and Transportation Committee hearing, the tech giants gave a...


New Android Malware records audio, video & steals WhatsApp messages HackRead

By Uzair Amir

A malware that can extensively spy upon unsuspecting users and

This is a post from Read the original post: New Android Malware records audio, video & steals WhatsApp messages


34C3: Reverse Engineering FPGAs Hackaday

We once knew a guy who used to tell us that the first ten times he flew in an airplane, he jumped out of it. It was his eleventh flight before he walked off the plane. [Mathias Lasser] has a similar story. Despite being one of the pair who decoded the iCE40 bitstream format a few years ago, he admits in his 34C3 talk that he never learned how to use FPGAs. His talk covers how he reverse engineered the iCE40 and the Xilinx 7 series devices. You can see the video, below.

If you are used to FPGAs in terms of Verilog and VHDL, [Mathias] will show you a whole new view of rows, columns, and tiles. Even if you dont ever plan to work at that level, sometimes understanding hardware at the low level will inspire some insights that are harder to get at the abstraction level.

In theory, the reverse engineering ought not be that hard. The device has some amount of resources and the bitstream identifies how those resources connect together and maybe program some lookup tables. In practice, though, it is difficult because there is virtually no documentation, including details about the resources you need to know at that level.

For example, in the video, you can see Lattices diagram for a logic cell. There are several options to do things like bypass the flip flop, set the look-up table, and so on. Theres any number of options available to set that configuration and that doesnt even address how to connect the inputs and outputs to the routing resources.

Of course, you know he managed the iCE40 decoding since he and [Clifford Wolf] did the work behind the open source Lattice toolchain. We even used that toolchain in several of our FPGA tutorials.


Metasploit+Amazon SES, or debugging Sendmails SMTP Authentication The Grymoire

TL;DR: Debugging Sendmails SMTP AUTH option is not well documented. I integrated Metasploit Pro with Amazons SES/Sendmail, and this describes the debug process I used.

We have an Amazon EC2 system using SES (Simple Email Service) running Sendmail.  We use this system for phishing exercises. However, we wanted to make use of  Metasploit Pro which has  phishing features.  To do this, we have to integrate the Metasploit system with the Amazon SES (Simple Email Service), so that the Metasploit system connects to the Amazon system, crafts an email message, and the Amazon system delivers the email to the client.

As our system uses sendmail,  we have to modify it to accept incoming email using SMTP mail authentication. The documentation I found on line was not as helpful as Id like. So I had to debug the connection to see what was happening.

You should be aware that other sites might try to connect to your mail server, and brute force the username and password. Therefore use firewall rules to limit incoming connections. You may also want to use Fail2Ban to detect brute force attempts.

Create a user account

We have to create an account that will be used to send authenticated email on the Amazon server. I executed an account for the user metasploit using:

useradd -d /home/metasploit -m -s /sbin/nologin metasploit

And then I created a password for this account. Lets assume its mySecret

Install saslauthd

I installed saslauthd using

sudo yum install cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl cyrus-sasl-plain cyrus-sasl-devel

Then as root I enabled the saslauth daemon:

service saslauthd start
chkconfig saslauthd on

Adding the SMTP AUTH option to sendmail


As root, I edited /etc/mail/ by uncommenting the following lines (removing the dnl at the begining of the line):


dnl means Discard to the Next Line.  The M4 macro processor supports # comments and dnl. The difference is that the text after dnl is not passed to the next process (sendmail in this case).
Make sure there is only one line that defines the confAUTH_MECHANISMS values. Thats important.

To remake the sendmail configuration file, I typed as root

cd /etc/mail
service sendmail restart

Verify the sendmail supports sasl

Next, verify that sendmail is compiled with the...


The Quantum Spy Not Even Wrong

I dont often read spy thrillers, but just finished one, The Quantum Spy, by David Ignatius. Ignatius is a well-known journalist at the Washington Post, specializing in international affairs and the intelligence community (and known to some as The Mainstream Medias Chief Apologist for CIA Crimes). While the book is fiction, its also clearly closely based on reality. Sometimes writing this sort of fiction allows an author to provide their take on aspects of current events that confidentiality prevents them from writing about as non-fiction. Another example of this kind of writing is that of the now deceased French writer Grard de Villiers,  who wrote a large number of spy novels informed by his connections in the intelligence community. Unlike the often pornographic de Villiers, Ignatius treats the love-making of CIA spies with beautiful Mata-Haris discreetly.

The topic of The Quantum Spy is Chinese spying on American research in quantum computing. This is very much in the news these days: after finishing the book I picked up todays paper to read about the arrest of a Chinese-American ex-CIA agent on charges of being a mole spying for the Chinese (a central theme of the Ignatius novel is the divided loyalties of a Chinese-American CIA agent). In the same issue of the paper is a Tom Friedman opinion piece about quantum computing breakthroughs and how China, the N.S.A., IBM, Intel and Google are now all racing full of sweat to build usable quantum systems that will revolutionize our lives.

I am no expert on quantum computing, but I do have quite a bit of experience with recognizing hype, and the Friedman piece appears to be well-loaded with it. In contrast, at least in describing the the state of technology, the novel does a pretty good job of sticking to reality. Ignatius clearly spent quite a bit of time talking to those very knowledgeable about this. One part of his story is about a company closely based on D-Wave, and he explains that the technology they have is different than the true quantum computer concept that is being pursued by others. Majorana fermions and topologically protected states make an appearance in another part of the story. One characters reading material to orient himself is Scott Aaronsons Quantum Computing Since Democritus.

The novel portrays the US and Chinese governments as highly concerned and competitive about quantum computing technology and its security impli...


Apple plans to generate $350B, create 20K jobs in US next five years The Hill: Technology Policy

Apple on Wednesday announced plans to spend more than $350 billion and add 20,000 jobs over the next five years.In addition to hiring and spending at existing campuses, the California-based company said it plans to build a new facility at a...


Court Software No Better Than Mechanical Turks at Predicting Repeat Crime IEEE Spectrum Recent Content full text

Humans who looked at just two variables performed just as well as commercial software that examined 137 Illustration: Roy Scott/Getty Images


Harvard's milliDelta Robot Is Tiny and Scary Fast IEEE Spectrum Recent Content full text

It may be small, but it's one of the fastest moving robots we've ever seen Image: Harvard Harvard's milliDelta is a millimeter-scale delta robot based on origami-inspired engineering that can reach velocities of 0.45 m/s and accelerations of 215 m/s.

In terms of sheer speed and precision, delta robots are some of the most impressive to watch. Theyre also some of the most useful, for the same reasonsyou can see them doing pick-and-place tasks in factories of all kinds, far faster than humans can. The delta robots that were familiar with are mostly designed as human-replacement devices, but as it turns out, scaling them down makes them even more impressive. In Robert Woods Microrobotics Lab at Harvard, researcher Hayley McClintock has designed one of the tiniest delta robots ever. Called milliDelta, it may be small, but its one of the fastest moving and most precise robots weve ever seen.

Delta robots have two things about them that are particularly clever. The first one is that despite the highly dynamic nature of a delta robot, its motors are stationary. Most robot arms are made up of a series of rigid links and joints with motors in them, which is fine, except that it makes the arm itself very heavy. Moving all the motors to the base of the robot instead means that theres way less mass that you have to move around, which is how delta robots can, in general, accelerate so rapidly and move so precisely. The second clever thing is that the end-effector of a delta robotthe bit where the arms come togethercan stay parallel to the work surface (delta robots are a type of parallel robot). This makes delta robots ideal for pick-and-place operations, since they maintain the orientation of the thing youre picking up.

Harvards delta robot takes all of this cleverness and shrinks it down into a fearsome little package. The 15 mm x 15 mm x 20 mm robot weighs just 430 milligrams, but it has a payload capacity of 1.3 grams. It can move around its 7 cubic millimeter workspace with a precision of about 5 micrometers. Whats really impressive, though, is the speed: It can reach velocities of 0.45 m/s, and accelerations of 215 m/s2, meaning that it can follow repeating patterns at a frequency of up to 75 Hz. Just watch:




Facebook to investigate Russian interference in Brexit campaign The Hill: Technology Policy

Facebook is reopening an investigation into potential foreign interference on its platform in the 2016 United Kingdom "Brexit" referendum on leaving the European Union.In a letter to a member of Parliament on Wednesday, Simon Milner, Facebooks...


The DENON DP 47F Turntable - an Automatic Classic Techmoan

A surprising number of people enquired whether I would be making a video about my new turntable. They'd spotted it in a couple of recent videos and were interested to know why I'd replaced my Sansui. The simple answer is nothing more exciting than I wanted a record player with a hinged lid, but also I'll take any excuse to buy something as smart as this. 
Initially I thought there wouldn't be enough to say about it, beyond the fact it's a record player and it plays records. However as you'll see, this ended up occupying twenty minutes of video. 
So in the video I explain why I chose this particular 'vintage' turntable, I pass on a few tips for anyone thinking of buying a second hand player and explain my laissez-faire attitude when it comes to chasing audio quality.




24-Way NVIDIA/AMD GPU Benchmarks With X-Plane 11 Phoronix

With the next update to X-Plane 11 introducing VR support, I have renewed interest in this realistic, cross-platform flight simulator. It's been a few years since we last delivered any benchmarks with X-Plane, but for your viewing please today is an assortment of 24 graphics cards both old and new, low-end to high-end from NVIDIA and AMD in looking at how this flight simulator is running on Ubuntu Linux.


Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware The Hacker News

Security researchers have spotted a new malware campaign in the wild that spreads an advanced botnet malware by leveraging at least three recently disclosed vulnerabilities in Microsoft Office. Dubbed Zyklon, the fully-featured malware has resurfaced after almost two years and primarily found targeting telecommunications, insurance and financial services. Active since early 2016, Zyklon is


U.S. Naval Commanders Charged With Negligent Homicide for Role in Ship Collisions SoylentNews

Naval Commanders In 2 Deadly Ship Collisions To Be Charged With Negligent Homicide

The U.S. Navy announced Tuesday that the commanding officers of two vessels involved in separate collisions in the Pacific Ocean last year will face court-martial proceedings and possible criminal charges including negligent homicide.

The statement by Navy spokesman Capt. Greg Hicks says the decision to prosecute the commanders, and several lower-ranking officers as well, was made by Adm. Frank Caldwell.

[...] In the case of the USS Fitzgerald, the commander, two lieutenants and one lieutenant junior grade face possible charges of dereliction of duty, hazarding a vessel and negligent homicide.

The commander of the USS John S. McCain will face possible charges of dereliction of duty, hazarding a vessel and negligent homicide. A chief petty officer also faces one possible charge of dereliction of duty.

Previously: U.S. Navy Destroyer Collides With Container Vessel
10 Sailors Still Missing After U.S. Destroyer Collision With Oil Tanker
Chief of Naval Operations Report on This Summer's Destroyer Collisions

Original Submission

Read more of this story at SoylentNews.


[$] Monitoring with Prometheus 2.0

Prometheus is a monitoring tool built from scratch by SoundCloud in 2012. It works by pulling metrics from monitored services and storing them in a time series database (TSDB). It has a powerful query language to inspect that database, create alerts, and plot basic graphs. Those graphs can then be used to detect anomalies or trends for (possibly automated) resource provisioning. Prometheus also has extensive service discovery features and supports high availability configurations. That's what the brochure says, anyway; let's see how it works in the hands of an old grumpy system administrator. I'll be drawing comparisons with Munin and Nagios frequently because those are the tools I have used for over a decade in monitoring Unix clusters.


Analog Equivalent Rights (10/21): Analog journalism was protected; digital journalism isnt Falkvinge on Liberty

Vintage undercover criminal spy stealing files in a filing cabinet late at night, security and data theft concept

Privacy:In the analog world of our parents, leaks to the press were heavily protected in both ends both for the leaker and for the reporter receiving the leak. In the digital world of our children, this has been unceremoniously thrown out the window while discussing something unrelated entirely. Why arent our digital children afforded the same checks and balances?

Another area where privacy rights have not been carried over from the analog to the digital concerns journalism, an umbrella of different activities we consider to be an important set of checks-and-balances on power in society. When somebody handed over physical documents to a reporter, that was an analog action that was protected by federal and state laws, and sometimes even by constitutions. When somebody is handing over digital access to the same information to the same type of reporter, reflecting the way we work today and the way our children will work in the future, that is instead prosecutable at both ends.

Let us illustrate this with an example from the real world.

In the 2006 election in Sweden, there was an outcry of disastrous information hygiene on behalf of the ruling party at the time (yes, the same ruling party that later administered the worst governmental leak ever). A username and password circulated that gave full access to the innermost file servers of the Social Democratic party administration from anywhere. The username belonged to a Stig-Olof Friberg, who was using his nickname sigge as username, and the same sigge as password, and who accessed the innermost files over the Social Democratic offices unencrypted, open, wireless network.

Calling this bad opsec doesnt begin to describe it. Make a careful note to remember that these were, and still are, the institutions and people we rely on to make policy for good safeguarding of sensitive citizen data.

However, in the shadow of this, there was also the more important detail that some political reporters were well aware of the login credentials, such as one of Swedens most (in)famous political reporters...


Zuckerberg urges people to call Congress over DACA The Hill: Technology Policy

Facebook CEO Mark Zuckerberg is asking people to call lawmakers to urge them to preserve the Deferred Action for Childhood Arrivals (DACA) program and protect immigrants who came to the U.S. as children.This is a basic question of...


Links 17/1/2018: HHVM 3.24, WordPress 4.9.2 Techrights

GNOME bluefish



  • Linux Journal 2.0 Progress Report

    Its been a busy two weeks here at Linux Journal 2.0, and weve been simply overwhelmed with all of your feedback and supportwe cant thank you enough for all of it. We have read every single word of every comment on the site and via email, and if we havent responded to you directly, please know you have indeed been heard. (Again, its been overwhelming.)

  • Will 2018 Be the Year of the Linux Desktop

    The Year of the Linux Desktop is a fabled time when Linux finally rises up and becomes the dominant desktop operating system, supplanting Windows.

    Now, that might sound ridiculous, but the notion has been fueled over the years by Linuxs rise to dominance in every other market. The vast majority of servers run Linux. Just about every supercomputer runs on Linux. If you have an Android phone, its running the Linux kernel. Even the Internet of Things and automotive computers are primarily running some variation of Linux.

  • The city of Barcelona is dumping Windows in favor of Linux [iophk: "interjecting Microsoft disinformation about Munich"]

    The plan goes beyond just picking and choosing the best open-source alternatives to Microsoft products out there, as Barcelona will apparently be hiring developers to create bespoke software. The idea is that these projects could potentially be rolled out across other Spanish cities if theyre up to the task.

  • Desktop


Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Open Source Security

Posted by Xen . org security team on Jan 17

Xen Security Advisory CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 / XSA-254

Information leak via side effects of speculative execution


"Stage 1" pagetable isolation (PTI) Meltdown fixes for Xen are

"Comet" updates to shim code (4.10 branch):
* Include >32vcpu workaround in shim branch so that all shim
guests can...


No Patents on Life (CRISPR), Said EPO Boards of Appeal Just a Few Hours Ago Techrights

The Boards nail Broad


Summary: Broad spectacularly loses its key case, which may soon mean that any other patents on CRISPR too will be considered invalid

THE decline of patent quality at the EPO is a real problem. The granting of CRISPR patents is an issue we wrote about this morning, having addressed the subject many times before (heres some background).

Thankfully, the appeal board ended up deciding to toss out these stupid patents (metaphorically speaking, not politely put as courts typically do). This was foreseen by a longtime observer and UPC booster. They benefit from sheer abundance of patents. Here is what he wrote last year:

In Europe, the first patent of UC Berkeley has very recently been granted by the EPO.

As in the US, however, the Broad Institute has been the first one to get a patent issued in Europe, namely EP 2 771 468. Against this patent, 9 oppositions have been filed, most of which appear to be so-called strawman oppositions.

The final decision was covered by Daniel Lim, who describes himself as IP lawyer at Allen & Overy, specialising in life sciences patent litigation. I am particularly interested in CRISPR, I-O and molecular Dx.

These patents should never have been granted in the first place.So hes into patent litigation in CRISPR, hence he relies on CRISPR patents. Earlier today he wrote: BREAKING: #EPOs opposition division has revoked the @broadinstitutes #CRISPR-Cas9 patent EP2771468 in its entirety. Things wrapped up v quickly once priority was lost. BroadR...


Anna Vital, Founder of Adioma, joins our Media & Arts Board. Lifeboat News

Anna Vital, Founder of Adioma, joins our Media and Arts Board.


Four stable kernels

Greg Kroah-Hartman has released stable kernels 4.14.14, 4.9.77, 4.4.112, and 3.18.92. All of them contain important fixes and users should upgrade.


Japanese City Uses Emergency Loudspeakers to Warn of Toxic Blowfish SoylentNews

Deadly fugu fish flub prompts emergency warning in Aichi

The Aichi Prefecture city of Gamagori has activated an emergency warning system to alert residents to avoid eating locally purchased fugu (puffer fish) after a mix-up saw toxic parts of the delicacy go on sale.

A supermarket in the city sold five packages of the fish without removing the livers, which can contain a deadly poison.

Three of the potentially lethal specimens have been located, but the other two remain at large, local official Koji Takayanagi said.

"We are calling for residents to avoid eating fugu, using Gamagori city's emergency wireless system," which broadcasts over loudspeakers located around the city, he said.

Also at Asahi Shimbun, NPR, and Time.

Original Submission

Read more of this story at SoylentNews.


Security updates for Wednesday

Security updates have been issued by Debian (bind9, wordpress, and xbmc), Fedora (awstats, docker, gifsicle, irssi, microcode_ctl, mupdf, nasm, osc, osc-source_validator, and php), Gentoo (newsbeuter, poppler, and rsync), Mageia (gifsicle), Red Hat (linux-firmware and microcode_ctl), Scientific Linux (linux-firmware and microcode_ctl), SUSE (kernel and openssl), and Ubuntu (bind9, eglibc, glibc, and transmission).


Pirate IPTV Mastermind Owns Raided Bulgarian ISP, Sources Say TorrentFreak

Last Tuesday a year-long investigation came to a climax when the Intellectual Property Crime Unit of the Cypriot Police teamed up with the Cybercrime Division of the Greek Police, the Dutch Fiscal Investigative and Intelligence Service (FIOD), the Cybercrime Unit of the Bulgarian Police, Europols Intellectual Property Crime Coordinated Coalition (IPC), and the Audiovisual Anti-Piracy Alliance (AAPA), to raid a pirate TV operation.

Official information didnt become freely available until later in the week but across Cyprus, Bulgaria and Greece there were at least 17 house searches and individuals aged 43, 44, and 53 were arrested in Cyprus and remanded in custody for seven days.

According to Europol, the IPTV operation was considerable, offering 1,200 channels to as many as 500,000 subscribers around the world. Although early financial estimates in cases like these are best taken with a grain of salt, latest claims suggest revenues of five million euros a month, 60 million euros per year.

Part of the IPTV operation (credit:Europol)

As previously reported, so-called front servers (servers designed to hide the main servers true location) were discovered in the Netherlands. Additionally, its now being reported by Cypriot media that nine suspects from an unnamed Internet service provider housing the servers were arrested and taken in for questioning. But the intrigue doesnt stop there.

Well in advance of Europols statement late last week, TorrentFreak was informed by a source that police in Bulgaria had targeted a specific ISP called MegaByte Internet, located in the small town of Petrich. After returning online after a days downtime, the ISP responded to some of our questions, detailed in our earlier interview.

We were informed by the police that some of our clients in Petrich and Sofia were using our service for illegal streaming and actions, a company spokesperson said.

Of course, we were not able to know this because our services are unmanaged and root access [to servers] is given to our clients. For this reason any client and anyone that uses our services are responsible for their own actions.

Other questions went unanswered but yesterday fresh i...


Potentially hazardous asteroid is headed towards Earth Lifeboat News: The Blog

The asteroid is around 0.7 miles (1.1km) wide making it longer than the Burj Khalifa in Dubai, which stands at 0.5 miles high (0.8km).

It is set to pass by our planet on the 4th February at a distance of around 2,615,128 miles (4,208,641km) away which is relatively close in space terms.

For reference, the distance between the Earth and the moon is 238,855 miles (384,400 km).


Major gravity experiment recreated aboard a satellite Lifeboat News: The Blog

A spacecraft was used to drop two objects and test their rate of fall. The new, super-precise findings confirm objects will fall at the same rate (in the absence of air resistance) and that when it comes defining the effects of gravity, Einstein got it right.


Firefox 58 Bringing Faster WebAssembly Compilation With Two-Tiered Compiler Phoronix

With the launch of Mozilla Firefox 58 slated for next week, WebAssembly will become even faster thanks to a new two-tiered compiler...


[$] A survey of some free fuzzing tools

Many techniques in software security are complicated and require a deep understanding of the internal workings of the computer and the software under test. Some techniques, though, are conceptually simple and do not rely on knowledge of the underlying software. Fuzzing is a useful example: running a program with a wide variety of junk input and seeing if it does anything abnormal or interesting, like crashing. Though it might seem unsophisticated, fuzzing is extremely helpful in finding the parsing and input processing problems that are often the beginning of a security vulnerability.


4 Malicious Chrome Extensions Put 500k Users at Risk of Click Fraud HackRead

By Waqas

Presence of spyware and malware in Chrome browser extensions we use

This is a post from Read the original post: 4 Malicious Chrome Extensions Put 500k Users at Risk of Click Fraud


Vulnerability in ISC BIND leads to DoS, patch today! Help Net Security

The Internet Systems Consortium has released security updates for BIND, the most widely used Domain Name System (DNS) software on the Internet, and a patch for ISC DHCP, its open source software that implements the Dynamic Host Configuration Protocol for connection to an IP network. BIND update The BIND update should be implemented as soon as possible: the vulnerability (CVE-2017-3145) can lead to denial-of-service and crash, and instances of that happening have been reported by More


Will U.S. Corporations Ever Take Cybersecurity Seriously? IEEE Spectrum Recent Content full text

Incentives still havent reached a tipping point, but Europe's new data protection regulation might help Illustration: Getty Images

Its another month, and another major IT-related security problem has been uncovered. The latest, the security flaws discovered in Intel, AMD, and AMR chips that can allow the bypassing of operating system security protections are a bit different than most vulnerabilities. They are hardware rather than software-based, and their impacts are exceptionally widespread, impacting nearly every Intel processor made since the mid-1990s. Billions of chips in total could be affected.

Intel, in conjunction with AMD, ARM, operating system vendors, and others, has been working on software and firmware security updates to close the security holes, with mixed success. There were reports that Intels firmware update had a bug that needed fixing itself, and that there were problems with updates on some AMD-based machines. There is also a debate between Intel and Microsoft regarding whether some of the updates would result in a significant slowdown of a patched machine. Intel insists the fixes will likely cause minimal performance impacts for most users, while a Microsoft executive instead seemed to suggest that users might be better off not updating their machines if loss of performance was greater than the security gained.

Intel has not only been downplaying the performance impacts of the fixes, but the financial impacts as well,...


Distribution Release: NuTyX 10.0 News

NuTyX is a French Linux distribution (with multi-language support) built from Linux From Scratch and Beyond Linux From Scratch, with a custom package manager called cards. The project has published a new release, NuTyX 10.0, which is available in 32-bit and 64-bit builds. There are two editions, one....


Democrats Say They Have 50 Votes in Senate to Overrule Net Neutrality Repeal SoylentNews

Senate Democrats have put together 50 votes for a measure meant to block the Federal Communications Commission's December decision to end net neutrality rules put in place by the Obama administration.

Democrats are just one GOP vote shy of the 51-vote threshold for a Senate resolution of disapproval, which would strike down the FCC's December rules change.

"With full caucus support," Senate Minority Leader Charles Schumer (D-N.Y.) said, "it's clear that Democrats are committed to fighting to keep the internet from becoming the Wild West where ISPs are free to offer premium service to only the wealthiest customers while average consumers are left with far inferior options."

The Democrats' effort won the support of its first Republican backer, Sen. Susan Collins (Maine), last Tuesday.

The Hill

Original Submission

Read more of this story at SoylentNews.


Why GDPR will drive a best practice approach Help Net Security

When GDPR was first discussed, many feared that it would force businesses to act more insular and become more defensive about their data. Some even believed there would be a counter-movement against the cloud with organisations taking back data into their internal systems. Thankfully, the reality has been very different. Instead weve seen a new willingness to work together with partners and specialist cloud providers. Now it looks likely that this collaboration will help to More


House panel to hold hearing on false Hawaii missile alert The Hill: Technology Policy

The House Energy and Commerce Committee will hold a hearing with the Federal Communications Commission (FCC) on the false missile alert in Hawaii last week and the state of the countrys public alert systems.The panels leaders announced on Tuesday...


These were the 6 most popular trends I saw at the biggest technology show of 2018 Lifeboat News: The Blog

From adorable robots to modular TVs, these were the biggest trends I saw at this years Consumer Electronics Show.


Google will construct three new undersea cables in 2019 Lifeboat News: The Blog

Cant get enough Google? Youre in luck.

The company, a division of Alphabet Inc., has announced that it will expand its Cloud services to five new regions, and build three new submarine cables to service its capacity needs.

SEE ALSO: Google wants your phone screen to double as a speaker.


Oracle January 2018 Critical Patch Update also addresses Spectre and Meltdown Security Affairs

Oracle rolled out the January 2018 Critical Patch Update that includes 237 security fixes in its products, the majority of which is remotely exploitable without authentication.

The January 2018 Critical Patch Update also includes security updates that address Spectre and Meltdown vulnerabilities.

The January 2018 Critical Patch Update provides fixes for certain Oracle products for the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities. Please refer to this Advisory and the Addendum to the January 2018 Critical Patch Update Advisory for Spectre and Meltdown MOS note (Doc ID 2347948.1). reads the advisory published by Oracle. This Critical Patch Update contains 237 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at January 2018 Critical Patch Update: Executive Summary and Analysis.

The  January 2018 Critical Patch Update contains 13 new security fixes for the Oracle Sun Systems Products Suite that address 7 remotely exploitable issues.

Oracle updates include the fix for the Spectre CVE-2017-5715 vulnerability affecting its Oracle X86 Servers and Oracle VM VirtualBox. The security updates for Oracle X86 Servers include Intel microcode that allows mitigating the issue in OS and VM.

Application of firmware patches to pick up the Intel microcode is required only for Oracle x86 servers using non Oracle OS and Virtualization software. Oracle OS and Oracle VM patches for CVE-2017-5715 will include updated Intel microcode. reads a note included in the advisory Oracle OS and Oracle VM patches for CVE-2017-5715 will include updated Intel microcode,

The advisory includ...


Tattoo using live bacterial ink to monitor health Lifeboat News: The Blog

A bacterial tattoo is better for your health than it sounds.


BMW is bringing its wireless charging pad to the US Lifeboat News: The Blog

Place your BMW plug-in hybrid over the pad and charge it in less than four hours.


12 Everyday Things That Will Soon Disappear Lifeboat News: The Blog

Landlines disappeared, and so did videotapes. With neverending technological advancements, there are a lot of other things that will go out of fashion or become good for nothing in the near future.

Bright Side rounded up a few things that you cant imagine your life without right now, but they might not be familiar to the next generation at all. This list might be surprising to you as it contains some of your favorite things.


How Close Are We to Farming Human Body Parts? Lifeboat News: The Blog

Watch How Close Are We to Farming Human Body Parts?, a Biotech video from Seeker.


2018 May Mark The Start of a Cord-Free Life, For Real Lifeboat News: The Blog

An alignment of technologies and products is helping to pave the way for a life without tangled cables.


AI is coming to TVs heres what that will mean Lifeboat News: The Blog

Pretty soon, a smart assistant inside your TV could take the place of your remote control, and artificial intelligence could make the picture look better.


IBM to Study Human Microbiomes Role In Autoimmune Disorders Lifeboat News: The Blog

A look back at the most popular life extension articles of 2017.

The human microbiome is so important to human health that IBM just announced plans to study the microbiomes role in autoimmune diseases.


New Age-Reversing Senolytics Can Transform Medicine Says Leading Researcher Lifeboat News: The Blog

A look back at the most popular life extension articles of 2017.

Senolytic compounds hold promise to reverse aging in humans. In a review published yesterday, leading researcher James L. Kirkland, M.D., Ph.D., compiles a comprehensive list of the leading senolytic compounds under development for human use, two of which are currently in clinical trials. [This article first appeared on Follow us on Reddit | Google+. Author: Brady Hartman. ]

Imagine if you were able to reverse aging and bring your body back to its original health and vigor.

Researchers have already discovered a group of drugs called senolytics which perform this miraculous transformation in mice and are testing them in humans as we speak.


Custom Alexa Skill in a Few Minutes Using Glitch Hackaday

As hackers, we like to think of ourselves as a logical bunch. But the truth is, we are as subject to fads as the general public. There was a time when the cool projects swapped green LEDs out for blue ones or added WiFi connectivity where nobody else had it. Now all the rage is to connect your project to a personal assistant. The problem is, this requires software. Software that lives on a publicly accessible network somewhere, and who wants to deal with that when youre just playing with custom Alexa skills for the first time?

If you have a computer that faces the Internet, thats fine. If you dont, you can borrow one of Amazons, but then you need to understand their infrastructure which is a job all by itself. However, there is a very simple way to jump start an Alexa skill. I got one up and running in virtually no time using a website called Glitch. Glitch is a little bit of everything. It is a web hosting service, a programming IDE for Node.js, a code repository, and a few other things. The site is from the company that brought us Trello and helped to start Stack Overflow.

Glitch isnt about making Alexa skills. It is about creating web applications and services easily. However, thats about 90% of the work involved in making an Alexa skill. Youll need an account on Glitch and an Amazon developers account. Both are free, at least for what we want to accomplish. Glitch has some templates for Google Home, as well. I have both but decided to focus on Alexa, for no particular reason.



Linux Foundation LFCS and LFCE: Alberto Bullo

Linux Foundation LFCS and LFCE: Alberto Bullo


What is the Right Time to Buy Bitcoin TechWorm

If you read the news, you have probably become aware of the fact that the price of Bitcoin has been consistently going up for quite a while. At a point, you probably realized you didnt want to be the one person to miss out one of the best investing opportunities of the last decade, so you want to get in.

The Hard Part of Investing in Bitcoin

Bitcoin prices may be constantly going up, but they are also very volatile, which can scare away many investors. You will see many news stories covering this from various angles. Some will talk about how quickly Bitcoin has gone up and others will talk about the most recent drastic dip (despite the fact that Bitcoin is still up on the month). The point is volatility creates risk and scares away the investors who arent willing to lose all the money they put into it.

The funny thing about this is that the volatility actually works to create the investment opportunity. If there was a sure-fire way for investors to make 50% returns per annum consistently, then everyone would be throwing their money in as fast as possible. But the volatility means risk, and not everyone is willing to handle that.

So, the hard part of investing in Bitcoin is figuring out what you want your strategy to be. There are a few different ways to approach it, and you will need to tailor your approach to whatever suits you best as well as what you think will yield the highest returns.

Buy-and-Hold (or HODL)

Warren Buffett has popularized the investment approach of just buying a security and holding it forever or until your original thesis about the security changes. This appears one of the most popular approaches investors take with Bitcoin.

When presented with the option to day trade and be smart about their management of Bitcoin, some investors just realized that it wasnt worth it and would be safer to buy Bitcoin for a long time. This is almost a fear-based approach that is optimized to avoid any of the big missteps. The basic idea is you think Bitcoin is a winner, so you hold Bitcoin.

The cryptocurrency jargon HODL came from a famous misspelling where a Bitcoin enthusiast was explaining how he realized he couldnt beat the traders at their game and didnt want to lose money trying to be the smartest guy in the room. Since then, it has caught on as an explanation for someones long-term investment strategy.

Buy the Dip

Not necessarily in direct opposition to HODL, bu...


Forget About The Blood Of Teens Young Poop, Old Poop Is The Latest Thing Lifeboat News: The Blog

A look back at the most popular life extension articles of 2017.

The microbiome is emerging as a new player in human health. Researchers recently extended the lifespan of middle-aged animals by nearly 50% by infusing them with the poop of younger fish. [This article first appeared on the website Author: Brady Hartman. ]

Remember the young blood, old blood experiments in which the young blood of mice rejuvenated old mice?

Well, young poop may be even more rejuvenating.


Geroscientists Aim to Add Years to Our Lives and Life to Our Years Lifeboat News: The Blog

A look back at the most popular life extension articles of 2017.

Summary: A geroscientist is a new breed of a researcher who aims to understand and defeat human aging using a branch of study called geroscience. What these longevity researchers have in the pipeline just may surprise you. [This article first appeared on the website Author: Brady Hartman. ]

A new breed of a researcher called the geroscientist is striving to end aging as we know it.

And the anti-aging drugs they have in the pipeline might just startle you.


RadeonSI NIR Backend Now Supports GLSL 4.50 Phoronix

The experimental RadeonSI NIR back-end is taking a final step forward for Mesa 18.0...


Only Two Weeks on the Job, Judge Patrick Corcoran is Already Being Threatened by EPO Management Techrights

When Exposing A Crime Is Treated As Committing A Crime, You Are Being Ruled By The Criminals Themselves.

Summary: The attack on a technical judge who is accused of relaying information many people had already relayed anyway (it was gossip at the whole Organisation for years) carries on as he is again being pushed around, just as many people predicted

THE EPO scandals keep getting more scandalous. Yes, its possible for them to further escalate, still

As we noted this morning, theres an important decision on the way, soon to be delivered by the appeal boards (formally called the Boards of Appeal). But many rightly doubt or question the independence; or the appeal boards being able to judge and rule in peace. They have already complained publicly even about Battistelli bullying the judge, their colleague, in several jurisdictions (considerably raising the cost of legal defense as even interpreters would likely be needed).

Mr Corcoran is sent to work in the Hague, a source told us today. If he disagree to removing his family to a different country, he can be dismissed.

Mr Corcoran is sent to work in the Hague. If he disagree to removing his family to a different country, he can be dismissed.
Incredible, isnt it? It didnt even take long! Just as many people expected and publicly predicted. He is now under the control of Team Battistelli, so they actually have this kind of leverage over him. They are endlessly pushing the man and his wife around. This is truly appalling and incredibly damaging to the EPOs reputation. To put it bluntly, who would want to even relocate to work there (another country) and then be thrown around from place to place like some gypsy? Corcorans colleagues too have already been pushed out of Munich and into the suburbs (Haar). This is part of a pattern of bullying/punishment by Team Battistelli, making an example to scare others, including C...


Hackers Could Have Exploited Facebook Accounts Via Oculus App TechWorm

Vulnerabilities allowed hacking in Facebook using Oculus integration

Facebooks integration with the Oculus virtual reality headset could have opened doors for malicious attackers to hijack accounts by exploiting the latter had the social networking giant not patched the vulnerabilities.

Oculus, known best for their Oculus Rift virtual reality (VR) headset, was founded in 2012. In March 2014, Facebook announced that they would acquire Oculus VR, which was later completed in July 2014. In August 2014, Facebook included Oculus Rift in its white hat bug bounty program and paid money to researchers for reporting bugs. Since then, several vulnerabilities have been found in Oculus services including a series of flaws that earned a researcher $25,000.

In October 2017, Josip Franjkovic, a web security consultant, decided to examine the Oculus application for Windows, which enables users to connect their Facebook accounts for a more social experience by using both the native Windows Oculus application and browsers.

In his research, Franjkovic demonstrated how an attacker could hijack Facebook accounts by using specially crafted GraphQL queries to connect a victims Facebook account to the attackers Oculus account and obtain the victims access_token, which also has access to Facebooks GraphQL endpoint. Using specially crafted GraphQL queries, the attacker can take control of the victims Facebook account and change the victims accounts phone number and then reset the accounts password.

Franjkovic reported the vulnerability to Facebook on October 24 under the companys bug bounty program for which a temporary fix was done on the same day that involved disabling the facebook_login_sso endpoint. Further, a permanent patch was rolled out by Facebook on October 30.

However, Franjkovic discovered a login CSRF (cross site request forgery) vulnerability a few weeks later that could have been used to exploit bypass Facebooks patch by redirecting the victim to an Oculus URL of the attackers choice.

Franjkovic reported the second flaw to Facebook on November 18 for which a temporary fix was done on the same day by again disabling thefacebook_login_sso endpoint. Three weeks later, a complete patch was rolled out by the company.

The fix was to implement a CSRF check on the /account_receivable/endpoint, AND add an additional click to confirm the link between Facebook and Oculus accounts, Franjkovic wrote. I believe this properly fixes the vulnerability without degrading user experience too much.

While Franjkovic did not disclose how much bounty amount he earned from Facebook for discovering the vulnerabilities, but the social networking giant did reveal last week (via...


Fighting cyber attacks with nuclear weapons Graham Cluley

Fighting cyber attacks with nuclear weapons

The Pentagon's Nuclear Posture Review, which is being considered by the White House, proposes the option of deploying nuclear weapons in the event of an enemy launching a crippling cyber attack against key infrastructure.


Oracle addresses 237 vulnerabilities across multiple products Help Net Security

The January 2018 Oracle Critical Patch Update (CPU) fixes 237 new security vulnerabilities across hundreds of Oracle products, including the companys widely used Oracle Database Server and Java SE. The CPU includes: Fixes for the Java Virtual Machine and four other vulnerable components within the Oracle Database Server, the most severe of which carries a CVSS Base Score of 9.1 out of 10; three of the flaws may be exploited remotely without credentials. New security More


Miami: Dirty Gold, Clean Cash

Im ticking Covert Operations on this one, just in case. Via: Miami Herald: When Juan Granda ventured into Perus Amazon rainforest to score another illicit load of gold, he boasted that he felt like legendary Colombian drug lord Pablo Escobar. Im like Pablo coming to get the coke, he told two co-workers in []


GCC 7.3 Preparing For Release To Ship Spectre Patches Phoronix

GNU developers are preparing to quickly ship GCC 7.3 now in order to get out the Spectre patches, a.k.a. the compiler side bits for Retpoline with -mindirect-branch=thunk and friends...


OPod Tube Housing System

At least the stacks in Ready Player One featured actual trailers, which would be like mansions compared to this OPod thing! Via: Daily Mail: A Hong Kong architect has invented what he believed to be the solution of overcrowded cities by turning concrete water pipes into tiny homes. The OPod Tube Housing system aims to []


Internet Systems Consortium rolled out a patch for a BIND security flaw caused DNS Servers Crash Security Affairs

The Internet Systems Consortium (ISC) has issued security updates for BIND to address a high severity vulnerability that could cause DNS servers crash.

The Internet Systems Consortium (ISC) has rolled out security updates for BIND to address a high severity vulnerability that could be remotely exploited to crash DNS servers.

The flaw discovered by Jayachandran Palanisamy of Cygate AB and tracked as CVE-2017-3145, is caused by a use-after-free bug that can lead to an assertion failure and crash of the BIND name server (named) process.

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. reads the security advisory published by ISC.

According to the ISC there is no evidence that the flaw has been exploited in attacks in the wild, but the ISC states that many crashes caused by the bug have been reported by multiple parties.

The issue impacted systems that operate as DNSSEC validating resolvers, the experts suggest to temporarily disable DNSSEC validation as a workaround.

While this bug has existed in BIND since 9.0.0, there are no known code paths leading to it in ISC releases prior to those containing the fix for CVE-2017-3137.  Thus while all instances of BIND ought to be patched, only ISC versions [9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2, 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1] acting as DNSSEC validating resolvers are currently known to crash due to this bug.  The known crash is an assertion failure in netaddr.c. continues the advisory.

The ISC also disclosed a medium severity DHCP flaw tracked as CVE-2017-3144  that affect versions 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, and 4.3.0 to 4.3.6.

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server.  reads the ISC advisory.



Virtual Reality (VR) Porn App Exposed Personal Data of 20k Users HackRead

By Waqas

Virtual Reality apps can be fun to use but they

This is a post from Read the original post: Virtual Reality (VR) Porn App Exposed Personal Data of 20k Users


Why Your Car Company May Know More About You Than Your Spouse SoylentNews

Now that automobile manufacturers are almost more about software than hardware, your car company may know more about you than your spouse based on all the sensors in your car. The incentive to collect driver and passenger data is great. Every piece of data is used to increase revenue, especially if sold onward to third-parties.

Dunn may consider his everyday driving habits mundane, but auto and privacy experts suspect that big automakers like Honda see them as anything but. By monitoring his everyday movements, an automaker can vacuum up a massive amount of personal information about someone like Dunn, everything from how fast he drives and how hard he brakes to how much fuel his car uses and the entertainment he prefers. The company can determine where he shops, the weather on his street, how often he wears his seat belt, what he was doing moments before a wreck even where he likes to eat and how much he weighs.

Though drivers may not realize it, tens of millions of American cars are being monitored like Dunn's, experts say, and the number increases with nearly every new vehicle that is leased or sold.

The result is that carmakers have turned on a powerful spigot of precious personal data, often without owners' knowledge, transforming the automobile from a machine that helps us travel to a sophisticated computer on wheels that offers even more access to our personal habits and behaviors than smartphones do.

Original Submission

Read more of this story at SoylentNews.


Insights from 700M thwarted cyberattacks show how the fight against cybercrime has intensified Help Net Security

2017 was a record-setting year in the fight against cybercrime. Based on analysis of real world cybercrime attacks, ThreatMetrix confirmed a 100 percent increase in volume of attacks over the last two years. The good news is that record numbers of these attacks are thwarted by organizations investing in innovative, digital-first strategies to protect consumers facing downstream attacks from large-scale data breaches. Fraudsters are no longer looking to make a quick buck from stolen credit More


Global IT spending to reach $3.7 trillion in 2018 Help Net Security

Worldwide IT spending is projected to total $3.7 trillion in 2018, an increase of 4.5 percent from 2017, according to the latest forecast by Gartner. Global IT spending growth began to turn around in 2017, with continued growth expected over the next few years. However, uncertainty looms as organizations consider the potential impacts of Brexit, currency fluctuations, and a possible global recession, said John-David Lovelock, research vice president at Gartner. Despite this uncertainty, businesses will More


Open Source Networking and a Vision of Fully Automated Networks

Ever since the birth of local area networks, open source tools and components have driven faster and more capable network technologies forward. At the recent Open Source Summit event in Europe, Arpit Joshipura, Networking General Manager at The Linux Foundation, discussed his vision of open source networks and how they are being driven by full automation.


MySQL sha256_password authentication plugin DoS issues Open Source Security

Posted by Tomas Hoger on Jan 17


As Oracle does not share any information about the CVEs they assign,
here's info about two CVEs fixed in MySQL 5.6.39 and 5.7.21 and listed
in Oracle CPU Jan 2018. Both flaws affect sha256_password
authentication plugin, which uses SHA256 crypt algorithm to hash
passwords, and was affected by the known algorithm issues.

MySQL did not set any explicit limit on the length of the password that
can be provided during the authentication...


Stackhackr: Free malware simulation tool Help Net Security

Stackhackr lets you create and customize your own mock malware that simulates malicious behavior without actually doing any harm on your machine. Its a quick and safe way to find out whether your companys machines are vulnerable to real attacks. In just two minutes you can build and customize your own mock malware and see how your current security stands up to two of the most common and damaging types of cyber attack More

Wednesday, 17 January


Dead Island Should Now Work With The Gallium3D Drivers Phoronix

The Dead Island open world survival horror action RPG game that's more than six years old should now work with Mesa's Gallium3D drivers...


System Reboots: beryllium reboot successful; lithium, sodium, and boron soon to come [updated] SoylentNews

[Update: Reboot of beryllium was successful and our IRC services were restored without issue. Hat tip to our sysops who made this happen so smoothly! --martyb]

Linode, which hosts our servers, is rolling out fixes for the Meltdown/Spectre bugs. This necessitates a hard reboot of their servers, and that means any guest servers will be down while this happens. beryllium is scheduled for a reboot with a two-hour window starting at 2018-01-17 07:00 AM UTC (02:00 AM EST). The outage should be relatively brief a matter of just a few minutes.

We expect this will cause our IRC (Internet Relay Chat) service to be unavailable. We do not anticipate any problems, but if things go sideways, I'm sure the community will find a way to let us know via the comments.

Planning ahead, we have learned that lithium, sodium, and boron are all scheduled for a reboot at on 2018-01-18 at 09:00 AM UTC.

We appreciate your understanding and patience as we strive to keep the impact to the site to a minimum.

[TMB Note]: Sodium is our currently configured load balancer and we weren't given enough notice to switch to Magnesium (DNS propagation can take a while), so expect ten minutes or less of site downtime. Or temporarily add to your hosts file if ten minutes is more than you can wait.

Previously: Scheduled SN Reboots Due to Meltdown and Spectre; 2-Hour Window Starts: Fri 2018-01-12 @ 10:00:00UTC

Original Submission

Read more of this story at SoylentNews.


Announcing The Node.js Application Showcase

The stats around Node.js are pretty staggering. There were 25 million downloads of Node.js in 2017, with over one million of them happening on a single day. And these stats are just the users. On the community side, the numbers are equally exceptional.


The DRM Graphics Driver Changes Coming For Linux 4.16 Phoronix

With being past the cutoff of new features to be merged to DRM-Next for targeting the upcoming Linux 4.16 kernel merge window, here is a recap of the prominent changes to the Direct Rendering Manager drivers for this next kernel cycle...


Hawaii's missile alert agency keeps its password on a Post-it note Graham Cluley

Last Saturday the people of Hawaii received a terrifying alert about a ballistic missile heading its way. Thankfully, the alert turned out to have been sent in error by the Hawaii Emergency Management Agency.

Now evidence has come to light that some of the organisation's staff might be in the habit of sticking Post-it notes containing passwords onto their computer monitors.

Read more in my article on the Hot for Security blog.


Meteor over Michigan SoylentNews

Just about everybody is coming up with video about the meteor over the Detroit area.

"It looks like from videos and reports we've gotten (that it's a) meteor," said Jordan Dale, meteorologist with the National Weather Service in White Lake. "However, we cannot confirm it's a meteor. At this point, we're just sticking to what we know and it was not thunder or lightning or weather-related."

The weather service by about 9 p.m. had already received dozens of reports, ranging from Flint to Toledo.

Multiple images were posted of night skies being lit up, as social media exploded with people reporting what they saw or heard.

Additional coverage at CBSNews, Click On Detroit, The Detroit News and Fox News.

Original Submission

Read more of this story at SoylentNews.


Human vs. Robot: Ping-pong match against Forpheus Lifeboat News: The Blog

At CES 2018 in Las Vegas, we faced off with Omrons Forpheus, a robot that learns from your every move and expression, and plays harder as you get better.


The Apache Way Open Source Done Well

The Apache Software Foundation has been supporting open source for nearly twenty years. But whats it all about? In this article, Ignasi Barrera goes over the organization and why it has been so successful in creating new technology for the benefit of the whole community.


Four Pi Zeros, Four Cameras, One Really Neat 3D Scanner Hackaday

Sometimes when you walk into a hackerspace you will see somebodys project on the table that stands so far above the norm of a run-of-the-mill open night on a damp winters evening, that you have to know more. If you are a Hackaday scribe you have to know more, and you ask the person behind it if they have something online about it to share with the readership.

[Jolar] was working on his 3D scanner project on just such an evening in Oxford Hackspace. Its a neatly self-contained unit in the form of a triangular frame made of aluminium extrusions, into thich are placed a stack of Raspberry Pi Zeros with attached cameras, and a very small projector which needed an extra lens from a pair of reading glasses to help it project so closely.

The cameras are arranged to have differing views of the object to be scanned, and the projector casts an array of randomly created dots onto it to aid triangulation from the images. A press of a button, and the four images are taken and, uploaded to a cloud drive in this case, and then picked up by his laptop for processing.

A Multi-view Stereo (MVS) algorithm does the processing work, and creates a 3D model. Doing the processing is VisualSFM, and the resulting files can then be viewed in MeshLab or imported into a CAD package. Seeing it in action the whole process is quick and seamless, and could easily b...


10 Lessons from 10 Years of AWS (part 1)

I recently presented a talk at the AWS Community Day in Bangalore. The tweet following the talk became my most popular tweet ever and I received quite a few requests for more details.


KDE's Discover Snap Support Is Maturing Too Phoronix

While KDE Discover's Flatpak support was declared "production ready", that isn't the only app sandboxing tech they are working on: their Ubuntu Snap support is also coming together nicely...


Benchmarking Retpoline Underflow Protection With Intel Skylake/Kabylake Phoronix

Beyond the Retpoline support already found in the mainline Linux kernel, developers are working on Retpoline Underflow support that would be used for Intel Skylake and Kabylake CPUs. RETPOLINE_UNDERFLOW protects against falling back to a potentially poisoned indirect branch predictor when a return buffer underflows and this additional protection is needed for Intel Skylake/Kabylake processors. I ran a couple benchmarks...


RADV Vulkan Driver Now Supports VK_EXT_debug_report Phoronix

With the flurry of Mesa development activity with Mesa 18.0 being branched in a few days, the RADV Radeon Vulkan driver picked up support for another extension...


Has Pop Music Lost Its Fun? SoylentNews

Submitted via IRC for TheMightyBuzzard

It's a commonly held grudge of listeners who are no longer pop's core demographic that the music of the moment is not what it once was [...] But [what] happens when science attempts to prove these claims? Here are some studies that suggest your parents might have been having a lot more pop fun than you are...

[...] This followed a similar study by a team from the Spanish National Research Council, lead by artificial intelligence specialist Joan Serr, who examined nearly half a million pop songs over a similar period (in this case 1955-2010), and looked at their tonal, melodic and lyrical content. They concluded that pop has become melodically less complex, using fewer chord changes, and that pop recordings are mastered to sound consistently louder (and therefore less dynamic) at a rate of around one decibel every eight years.

[...] The Lempel-Ziv algorithm is a lossless way to compress data, by taking out repetitions, and Morris used it as a tool to examine 15,000 songs from the Billboard Hot 100 from 1958 to 2014, reducing their lyrics down to their smallest size without losing any data, and comparing their relative sizes. He found two very interesting things. The first was that in every year of study, the songs that reached the Top 10 were more repetitive than their competition. The second is that pop has become more repetitive over time, as Morris points out: "2014 is the most repetitive year on record. An average song from this year compresses 22% more efficiently than one from 1960."

Of course, none of this means that pop songs are any less fun. They may be slower and sadder than before, but if pop songs are now simpler and louder and more repetitive than they used to be, that might make up for it. In fact, a 2011 report called Music and Emotions in the Brain: Familiarity Matters, compiled by a team led by Carlos Silva Pereira suggests that the human brain enjoys knowing what is coming next in music. Having conducted fMRI scans on people listening to songs, the report concludes that, "Familiarity seems to be a crucial factor in making the listeners emotionally engaged with music."

Source: Has pop music lost its fun?

Original Submission

Read more of this story at SoylentNews.


Kim Dotcom Loses Megaupload Domain Names, Gets Destroyed Gaming Chair Back TorrentFreak

Following the 2012 raid on Megaupload and Kim Dotcom, U.S. and New Zealand authorities seized millions of dollars in cash and other property, located around the world.

Claiming the assets were obtained through copyright and money laundering crimes, the U.S. government launched separate civil cases in which it asked the court to forfeit bank accounts, servers, domain names, and other seized possessions of the Megaupload defendants.

One of these cases was lost after the U.S. branded Dotcom and his colleagues as fugitives.The defense team appealed the ruling, but lost again, and a subsequent petition at the Supreme Court was denied.

Following this lost battle, the U.S. also moved to conclude a separate civil forfeiture case, which was still pending at a federal court in Virginia.

The assets listed in this case are several bank accounts, including several at PayPal, as well as 60 servers Megaupload bought at Leaseweb. What has the most symbolic value, however, are the domain names that were seized, including, and

Megas domains

This week a U.S. federal court decided that all claims of Kim Dotcom, his former colleague Mathias Ortman, and several Megaupload-related companies should be stricken. A default was entered against them on Tuesday.

The same fugitive disentitlement argument was used in this case. This essentially means that someone whos considered to be a fugitive from justice is not allowed to get relief from the judicial system he or she evades.

Claimants Kim Dotcom and Mathias Ortmann have deliberately avoided prosecution by declining to enter or reenter the United States, Judge Liam OGrady writes in his order to strike the claims.

Because Claimant Kim Dotcom, who is himself a fugitive under Section 2466, is the Corporate Claimants controlling shareholder and, in particular, because he signed the claims on behalf of the corporations, a presumption of disentitlement applies to the corporations as well.

As a result, the domain names which once served 50 million users per day, are now lost to the US Government. The court records list 18 domains in total, which were registered through Godaddy, DotRegistrar, and Fabulous.

Given the legal history, the domains...


EPO Board of Appeal Has an Opportunity to Stop Controversial Patents on Life Techrights

Since the birth of the Republic, the U.S. government has been in the business of handing out exclusive rights (a.k.a., monopolies) in order to promote progress or enable new markets of communication. Patents and copyrights accomplish the first goal; giving away slices of the airwaves serves the second. No one doubts that these monopolies are sometimes necessary to stimulate innovation. Hollywood could not survive without a copyright system; privately funded drug development wont happen without patents. But if history has taught us anything, it is that special intereststhe Disneys and Pfizers of the worldhave become very good at clambering for more and more monopoly rights. Copyrights last almost a century now, and patents regulate anything under the sun that is made by man, as the Supreme Court has put it. This is the story of endless bloat, with each round of new monopolies met with a gluttonous demand for more.

Lawrence Lessig in Reboot the FCC

Summary: Patent maximalism at the EPO can be pushed aback slightly if the European appeal board decides to curtail CRISPR patents in a matter of days

PATENT scope at the EPO has long been its clear advantage over, for example, the USPTO. Recently, however, the EPO put an end to this advantage, having allowed patents on things even that USPTO had long denied.

Right now in the US lobbyists and professionals who profit from the practice of patenting life/genetics are putting together events and reports to the effect that they want. They want to stop PTAB (the US appeal board), which uses decisions such as Mayo (at SCOTUS) to put an end to all this lunacy of patents on genetics.

What happens in Europe this week is noteworthy. The only media coverage weve found of it (so far) is this:

Today could play a pivotal role in the CRISPR patent landscape in Europe.

The European Patent Offices (EPO) Opposition Division has begun its ora...


At less than 1% of GDP, Indias spend on R&D continues to be less than other emerging economies Lifeboat News: The Blog

As compared to India, other BRICS nations Brazil, Russia, China and South Africa had spent more of their GDP on research. Most of the developed countries, in fact, spent more than 2 per cent of their GDP on R&D.

Indias gross research spending has consistently been increasing over the years but the countrys total expenditure on R&D continues to be less than 1 per cent of its gross domestic product (GDP) when other emerging economies, including China and Brazil, invest more money on this head.

Representative image Representative image.


Getting Started with Automation: 6 Tips

With forward-looking CIOs and their teams embracing automation instead of treating it like a boogeyman, 2018 appears to be an important year for this trend. Red Hat chief technology strategist E.G.


How China Infiltrated U.S. Classrooms

Via: Politico: Last year, the University of North Carolina at Charlotte made an announcement to great fanfare: The university would soon open a branch of the Confucius Institute, the Chinese government-funded educational institutions that teach Chinese language, culture and history. The Confucius Institute would help students be better equipped to succeed in an increasingly globalized []


How to hack Facebook accounts exploiting CSRF in Oculus app Security Affairs

Facebook has fixed a couple of vulnerabilities that could have been exploited by attackers to hijack accounts by abusing integration with the Oculus virtual reality headset.

In March 2014, Facebook founder Mark Zuckerberg announced the acquisition of Oculus VR and included the handsets produced by the company to its bug bounty program.

White hat hackers discovered several vulnerabilities in Oculus platform since, including the ones addressed now by Facebook.

The flaws were reported in October by the security consultant Josip Franjkovi who analyzed the Oculus application for Windows.

Oculus enables users to connect their Facebook accounts for a more social experience. This can be done using both the native Windows Oculus application and using browsers. wrote Franjkovi. I took a deeper look at the native Windows flow, and found a CSRF vulnerability which allowed me to connect a victims Facebook account to attackers Oculus account. Once connected, the attacker could extract the victims access token, and use Facebooks GraphQL queries to take over the account.

Facebook oculus

One of the features implemented by the Oculus application is the authentication to a Facebook account, Franjkovic discovered that attackers could have exploited specially crafted GraphQL queries to connect any users Facebook account to their Oculus account.

GraphQL is a query language created by Facebook in 2012 for describing the capabilities and requirements of data models for clientserver applications, a GraphQL query is a string that is sent to a server to be interpreted and fulfilled, which then returns JSON back to the client.

Franjkovic discovered that a specially crafted query allowed an attac...


Intel Needs To Go Sit In A Corner And Think About Its Meltdown Fail Hackaday

Big corporations shuffle people around all the time. More often than not, these reorganization efforts end up as a game of musical chairs where all the executives end up with more pay, everybody elses work are disrupted, and nothing substantial actually changes. Intel just moved some high level people around to form a dedicated security group. Lets all hope it will make a difference.

When news of Meltdown and Spectre broke, Intels public relations department applied maximum power to their damage control press release generators. The initial message was one of defiance, downplaying the impact and implying people are over reacting. This did not go over well. Since then, weve started seeing a trickle of information from engineering and even direct microcode updates for people who dare to live on the bleeding edge.

All the technical work to put out the immediate fire is great, but for the sake of Intels future they need to figure out how to avoid future fires. The leadership needs to change the company culture away from an attitude where speed is valued over all else. Will the new security group have the necessary impact? We wont know for quite some time. For now, it is encouraging to see work underway. Fundamental problems in corporate culture require a methodical fix and not a hack.


Google Cloud to Add Five New Regions With Three New Undersea Cables to Support It SoylentNews

Google Cloud will add Montreal, the Netherlands, Los Angeles, Finland, and Hong Kong as new cloud computing regions. Google will also invest in three new undersea cables:

Google is extending its cloud computing infrastructure with the introduction of five new regions and plans to build its own undersea cable.

The advertising-to-cloud-computing giant said its new Netherlands and Montreal cloud computing regions will open in the first quarter of 2018, followed by Los Angeles, Finland, and Hong Kong.

Like other cloud infrastructure companies, Google orders its cloud computing resources into regions which are then subdivided into zones, which include one or more data centers from which customers can run their services. It currently has 15 regions made up of 44 zones.

The new cables will connect Los Angeles to Chile, the U.S. to Denmark and Ireland, and Hong Kong to Guam. The Los Angeles to Chile cable will be Google's first private undersea cable.

Google will be investing in a total of 11 undersea cables, although it would prefer not to be in the cable-building consortium business.

Also at WSJ, Reuters, and CNBC.

Original Submission

Read more of this story at SoylentNews.


9 Lessons for Living Longer From the People Whove Lived the Longest Terra Forming Terra

I have been approaching the problem of longevity like most from the direction of detail with some promise.  This approaches the problem by comparing populations looking for meta statistics to elucidate.

The broad brushstrokes certainly confirm what detail also shows.  I find that the social aspect has been underestimated in the detailed approach and should not be.

I am particularly inspired by the idea of five lifelong friends.  Our society fails miserably to provide emotional support in any form of planned system and this is the first that i have heard in which it is part of the social expectation.

All good.

9 Lessons for Living Longer From the People Whove Lived the Longest

We all inhabit this beautiful blue planet, breathe the same air, eat food grown on our worlds surface and drink fresh water sourced from the Earth, yet some people are a whole lot healthier than others, and in fact, live decades longer.

These are people who live in what has become known as Blue Zones across the globe and we can learn a lot from their way of life.

These zones describe the characteristic lifestyles and the environments of the worlds longest-lived people and, remarkably, the average persons life expectancy could increase by 10-12 years by adopting a Blue Zones lifestyle.

The concept of blue zones grew out of the demographic work of Gianni Pes and Michael Poulain, who identified Sardinias Nuoro province as the region with the highest concentration of male centenarians in the world.

Dan Buettner studied and then expanded on this research, identifying five geographic areas where people live, statistically, the longest. The areas are sprinkled across the planet and include villages in Greece, Costa Rica, Italy, Japan, and California.

Author of The Blue Zones: Lessons for Living Longer From the People Who've Lived the Longest , Dan Buettner offers an explanation, based on empirical data and firsthand observations, as to why...


The Truth Behind Flu Shot Mandates for Healthcare Workers Terra Forming Terra

The Vaccine Scandal keeps building.  The history of science will end up treating this whole antique science meme rather harshly.  Yet it has now been maximized in application long past any sense but only because of the cash flow.

The argument that it is all safe is wishful thinking of the worst kind.

It is even plausible that the early 'successes' are at least questionable and certainly need to be revisited.  Universal sanitation has done wonders in stiffening up our general health along with central heating.  Regardless several key early successes eliminated a few globally distributed diseases.  Applying the same meme to far more obscure diseases is doubtful and will likely produce more grief than success. Yet that is what has recently happened all using additional carriers which are seriously problematic..

The Truth Behind Flu Shot Mandates for Healthcare Workers

by Claire Dwoskin, Founder, Childrens Medical Safety Research Institute

When you are sick, injured or just need a check-up, you trust that your doctor is giving you valid, conflict-free, evidence-based advice on what is best for your health.

The last thing you want to believe is that your doctor is putting a drug companys interests, or their own, over your health.


The Biggest Secret Terra Forming Terra

 It really was.  That technology allowed the NSA to collect all data flow in the USA and elsewhere which was specifically outlawed.

Now we all know and that self same data is now been mined to take down the Deep State.  They all should have known better.

I do expect the whole problem to be revisited during Trump's presidency.  In the end full disclosure is the only correct solution as secrecy has no place in our lives at all.  It will still a long time to convince others of this.  I have been intimately considering this problem for decades and have come to this conclusion reluctantly.  Secrecy always produces a financial premium.

The Biggest Secret

My Life as a New York Times Reporter in the Shadow of the War on Terror

January 3 2018, 2:29 a.m.

I was sitting in the nearly empty restaurant of the Westin Hotel in Alexandria, Virginia, getting ready for a showdown with the federal government that I had been trying to avoid for more than seven years. The Obama a...


How The CIA Used Feminism To Destabilize Society Terra Forming Terra

 The CIA has a lot to answer for.  I personally never guessed that this is part of the CIA Gestalt.  It makes me extremely angry.

Let me tell you why.  Deleterious social changes have been ongoing during my entire lifetime.  I had presumed rather naturally that they were driven by natural causes that simply were not been addressed.   Unfortunate but then we live in an age of rapidly changing data flow and experimentation.

How The CIA Used Feminism To Destabilize Society

"In the 1960s, the elite media invented second-wave feminism as part of the elite agenda to dismantle civilization and create a New World Order."

Since writing these words last week, I have discovered that before she became a feminist leader, Gloria Steinem worked for the CIA spying on Marxist students in Europe and disrupting their meetings.

She became a media darling due to her CIA connections. MS Magazine, which she edited for many years was indirectly funded by the CIA.



Beware! A new bug can crash iOS and macOS with a single text message Graham Cluley

Resist the temptation to send this text bomb to anyone.


Ford to Invest $11 Billion in Electric Vehicles and Produce 40 Hybrid and Electric Models by 2022 SoylentNews

Ford Motor Company plans to substantially increase its investment in electric vehicles:

Ford Motor Co's plan to double its electrified vehicle spending is part of an investment tsunami in batteries and electric cars by global automakers that now totals $90 billion and is still growing, a Reuters analysis shows.

That money is pouring in to a tiny sector that amounts to less than 1 percent of the 90 million vehicles sold each year and where Elon Musk's Tesla Inc, with sales of only three models totaling just over 100,000 vehicles in 2017, was a dominant player.

[...] "We're all in," Ford Motor Executive Chairman Bill Ford Jr said of the company's $11 billion investment, announced on Sunday at the North American International Auto Show in Detroit. "The only question is, will the customers be there with us?"

[...] Investments in electrified vehicles announced to date include at least $19 billion by automakers in the United States, $21 billion in China and $52 billion in Germany.

Also at CNBC.

Related: Ford Pumps Cash Into Company Creating Maps for Self-Driving Cars
Ford Invests in Michigan's Autonomous Car Testing Grounds

Original Submission

Read more of this story at SoylentNews.


[SECURITY] [DSA 4089-1] bind9 security update Bugtraq

Posted by Salvatore Bonaccorso on Jan 16

Debian Security Advisory DSA-4089-1 security () debian org Salvatore Bonaccorso
January 16, 2018

Package : bind9
CVE ID : CVE-2017-3145



ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869 Bugtraq

Posted by tim . kretschmann on Jan 16


LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php

Risk: Medium

Application: LiveZilla
Versions Affected:
Vendor: LiveZilla GmbH
Vendor URL:

Sent to vendor: 04.12.2017
Vendor response: Acknowledge 04.12.2017
Published fixed Release by vendor: 15.12.2017 (
Date of Public Advisory: 16.01.2018

Advisory URL:...


Wrecked Civic Rides Again as Cozy Camp Trailer Hackaday

It may not be the typical fare that we like to feature, but you cant say this one isnt a hack. Its a camp trailer fashioned from the back half of a wrecked Honda Civic, and its a pretty unique project.

We dont know about other parts of the world, but a common rural American engineering project is to turn the bed and rear axle of an old pickup truck into a trailer. [monickingbird]s hacked Civic is similar to these builds, but with much more refinement. Taking advantage of the intact and already appointed passenger compartment of a 1997 Civic that had a really bad day, [monickingbird] started by lopping off as much of the front end as possible. Front fenders, the engine, transmission, and the remains of the front suspension and axle all fell victim to grinder, drill, and air chisel. Once everything in front of the firewall was amputated, the problem of making the trailer safely towable was tackled. Unlike the aforementioned pickup trailers, the Civic lacks a separate frame, so [monickingbird] had to devise a way to persuade the original unibody frame members to accept his custom trailer tongue assembly. Once roadworthy, the aesthetics were tackled replacing the original interior with a sleeping area, installing electrics and sound, and a nice paint job. Other drivers may think the towing vehicle is being seriously tailgated, but it seems like a comfy and classy way to camp.

Now that the trailer is on the road, what to do with all those spare Civic parts? Sure, theres eBay, but how about a nice PC case featuring a dashboard gauge cluster?


Facebook Blocks Users from Sharing World Socialist Web Site Promotional Video SoylentNews

On January 15th, 2018, World Socialist Web Site reported that users are unable to share a promotional video for a January 16th online meeting, "Organizing Resistance to Internet Censorship."

Facebook has blocked users from sharing a social media video promoting the January 16 online meeting "Organizing resistance to Internet censorship," featuring World Socialist Web Site International Editorial Board Chairman David North and Pulitzer Prize-winning journalist Chris Hedges. The initial post of the video, uploaded Friday, cannot be shared by any user. Those who attempt to do so receive an error message that seems to imply a technical failure.

Users reported, however, that upon clicking "If you think you're seeing this message by mistake, please let us know," they were presented with a notice that clearly indicates the content had been blocked in the name of keeping Facebook "safe."

WSWS published an open letter about internet censorship and net neutrality on November 25. The FCC repealed net neutrality rules on December 14, 2017.

In this AC's opinion, Facebook is certainly within their rights to refuse to host any content for any reasons they choose. However, for many people, Facebook is the internet.

Should we worry about entrenched services such as Facebook and Google using their positions to suppress information? Does the presence or absence of net neutrality change one's analysis of the situation?

Original Submission

Read more of this story at SoylentNews.


Dont Let Upload Filters Undermine the Public Domain SoylentNews

[...] A work that might look infringing because it includes public domain material used elsewhere therefore runs the risk of being widely blocked.[...]

Although in theory those using public domain materials might be able to appeal against such an action, it would require them to know how to do that, and to have the time and the inclination to do so. One of biggest strengths of public domain materials is that they can be used without permission by anyone especially by those who know nothing about the finer points of copyright law, and who have limited financial resources. It is precisely these individuals who will be unwilling or unable to challenge erroneous blocking by upload filters. Over time, people may even avoid drawing on public domain materials for fear that their posts will be blocked, and that they may be subject to other punishments by sites hosting their material because of their repeated copyright "offences".

Those pushing for upload filters will doubtless insist this outcome is not their intent, and that may be so. But given the impossibility of incorporating detailed legal knowledge about this famously complex area into online censorship systems, and the vulnerability of the public domain, which is particularly at risk because there is no organisation to defend it, it is inevitable that this rich resource, built up over three hundred years, will be badly affected by automated filters. If it adopts this approach, the EU will end up undermining the basic quid pro quo of copyright that works can be used freely after a temporary monopoly has elapsed and thus the public's acceptance that the current framework is in some sense "fair". Ironically, a draconian upload filter system brought in supposedly to defend copyright could end up leading to it being seriously de-legitimised.

Source : Don't Let Upload Filters Undermine the Public Domain

Original Submission

Read more of this story at SoylentNews.


CVE-2017-16933: Icinga2 root privilege escalation via init script and systemd service Open Source Security

Posted by Michael Orlitzky on Jan 16

Product: Icinga2 open source monitoring system
Versions-affected: 2.8.0 and earlier (all current 2.x versions)
Author: Michael Orlitzky

== Summary ==

The icinga2 init script and systemd service file allow the unprivileged
$ICINGA2_USER to gain root privileges by replacing the target of chown
with a link.

== Details ==

The "chown" command follows both symlinks and hard links...


Overclock Your Raspberry Pi The Right Way Hackaday

The Raspberry Pi came upon us as an educational platform. A credit card sized computer capable of running Linux from a micro SD card, the Raspberry Pi has proven useful for far more than just education. It has made its way into every nook and cranny of the hacker world. There are some cases, however, where it might be a bit slow or seem a bit under powered. One way of speeding the Raspi up is to overclock it.

[Dmitry] has written up an excellent overclocking guide based upon Eltechs write up on the subject. He takes it a bit further and applies the algorithm to both Raspi 2 and Raspi 3. Youll need a beefier power supply, some heat sinks and fans all stuff you probably have lying around on your workbench. Now theres no excuse stopping you from ratcheting up the MHz and pushing your Pi to the limit!

Weve seen several guides to overclocking the Raspi here on Hackaday, including the current record holder. Be sure to check out [dmitrys] IO page for the overclocking details, and let us know of any new uses youve found by overclocking your Raspi in the comment below.


How My Ecstasy Trip Turned Into a Rare Anxiety Disorder - Facts So Romantic Nautilus

A week after the concert, when my trip shouldve already been over, I was still seeing things. When I took my contacts out, the lights blurred into vast orbs, and hung in front of my eyes like Christmas lights.Photograph by Dimas Ardian / Getty Images

When I was at the Firefly Music Festival in Delaware, in the summer of 2014, I took a 200 mg pill of ecstasyRed Riddlersomething I had done before. After the sets were over, the colors of the overhead lamps seemed more saturated against the sky. Each bulbs top-right quadrant had a massive, prismatic aura, like it came off a rainbow.

A week after the concert, when my trip shouldve already been over, I was still seeing things. When I took my contacts out, the lights blurred into vast orbs, and hung in front of my eyes like Christmas lights. Researching, I came across some questionable Yahoo! Answers forums, and read for the first time about HPPDHallucinogen Persisting Perception Disorder, which is exactly what it sounds like. The condition is often disturbing, even frightening. It can compromise vision to the point where youre no longer comfortable driving or even going outside. But I didnt mindit introduced an explosion
Read More


Nitrogen-Fixing Bacteria Can Produce Methane SoylentNews

Nitrogen-fixing bacteria are a source of methane in the atmosphere:

An unexpected source of methane in the environment has been inadvertently discovered.

Nitrogen-fixing bacteria are the chief means by which nitrogen gas in the air is changed into a form that plants and animals can use. Roughly 10 percent of these nitrogen-fixing microorganisms contain the genetic code for manufacturing a back-up enzyme, called iron iron-only nitrogenase, to do their job.

Recent research reveals that this enzyme allows these microorganisms to convert nitrogen gas to ammonia and carbon dioxide into methane at the same time. The ammonia is the main product; the methane is only a sideline.

This enzymatic pathway is a previously unknown route for the natural biological production of methane.

A pathway for biological methane production using bacterial iron-only nitrogenase (DOI: 10.1038/s41564-017-0091-5) (DX)

Original Submission

Read more of this story at SoylentNews.


Democrats search for 51st net neutrality vote The Hill: Technology Policy

Senate Democrats are hunting for one more Republican vote to prevent the Federal Communications Commission (FCC) from repealing net neutrality rules.Senate Minority Leader Charles Schumer (D-N.Y.) announced Tuesday that all 49 Democrats have...


CES 2018: Kodak Soars on KodakCoin and Bitcoin Mining Plans SoylentNews

BBC and many others are reporting this story,

The US firm said it was teaming up with London-based Wenn Media Group to carry out the initial coin offering (ICO).

It is part of a blockchain-based initiative to help photographers control their image rights.

Kodak also detailed plans to install rows of Bitcoin mining rigs at its headquarters in Rochester, New York.

Anyone have further details?

Kodak's Supposed Crytocurrency Entrance Appears To Be Little More Than A Rebranded Paparazzi Copyright Trolling Scheme... With The Blockchain

For a few years now I've debated writing up a post about why a "blockchain-based DRM" is an idea that people frequently talk about, but which is a really dumb idea. Because the key point in the blockchain is that it "solves"...

Submitted via IRC for AndyTheAbsurd

Also at Bloomberg, The Verge, and Futurism.

Original Submission #1   Original Submission #2

Read more of this story at SoylentNews.


NEW 'Off The Wall' ONLINE 2600 - 2600: The Hacker Quarterly

NEW 'Off The Wall' ONLINE

Posted 17 Jan, 2018 0:41:16 UTC

The new edition of Off The Wall from 16/01/2018 has been archived and is now available online.


Overnight Tech: States sue FCC over net neutrality repeal | Senate Dems reach 50 votes on measure to override repeal | Dems press Apple on phone slowdowns, kids' health | New Android malware found The Hill: Technology Policy

STATES SUE FCC OVER NET NEUTRALITY REPEAL: Twenty-two state attorneys general have filed a lawsuit against the Federal Communications Commission (FCC) over the agency's repeal of its net neutrality rules."An open internet -- and the free...


SRF Home Lifeboat News: The Blog

SRF develops and promotes rejuvenation biotechnology true preventative medicine for the diseases of aging: Alzheimers, cancer, heart disease and more.


Dem lawmakers push Apple on public health risks, iPhone slowdowns The Hill: Technology Policy

A group of Democratic lawmakers led by Rep. Robin Kelly (D-Ill.) are pushing Apple to provide more answers on how its products can negatively affect consumers, as well as the company's slowed-down iPhones.Kelly, a member of the House...



Smartphone Controlled Periodic Table of Elements Hackaday

It wouldnt be much of a stretch to say that here at Hackaday, were about as geeky as they come. Having said that, even we were surprised to hear that there are people out there who collect elements. Far be it from us to knock how anyone else wishes to fill their days, but telling somebody at a party that you collect chemical elements is like one step up from saying youve got a mold and fungus collection at home. Even then, at least a completed mold and fungus collection wont be radioactive.

But if youre going to spend your spare time working on a nerdy and potentially deadly collection, you might as well put it into an appropriate display case. You cant just leave your Polonium sitting around on the kitchen counter. Thats the idea behind the interactive periodic table built by [Maclsk], and weve got to admit, if we get to put it in a case this awesome we might have to start our own collection.

A large portion of this project is building the wooden display case itself as, strangely enough, IKEA doesnt currently stock a shelving unit thats in the shape of the periodic table. The individual cells and edge molding are made of pine, the back panel is MDF, and the front of the display is faced off with thin strips of balsa to cover up all the joints. Holes were then drilled into the back of each cell for the LED wiring, and finally t...


HPR2468: THE WELL Hacker Public Radio

I record a video with audio on my fathers well setup in the sticks


Facebook Wants to Shrink SoylentNews

That's enough angry Facebooking for you:

Late on Thursday, Facebook announced a plan to emphasize more "meaningful" interactions on the platform. Posts are considered meaningful when they generate lots of comments, likes, and shares. Facebook's researchers have found that when people are actively commenting on posts, they tend to feel better about using social networks and feel better about themselves in general.

The change may sound relatively small, but it's likely to have significant consequences for the broad subset of Facebook users that aren't individual people: media companies, small businesses, big brands, and everyone else who has come to see Facebook's News Feed as an essential way to reach audiences and customers. In a post yesterday, CEO Mark Zuckerberg said the pages managed by those businesses are likely to reach far fewer people in 2018.

"As we roll this out, you'll see less public content like posts from businesses, brands, and media," he wrote. "And the public content you see more will be held to the same standard -- it should encourage meaningful interactions between people."

He added: "Now, I want to be clear: by making these changes, I expect the time people spend on Facebook and some measures of engagement will go down. But I also expect the time you do spend on Facebook will be more valuable. And if we do the right thing, I believe that will be good for our community and our business over the long term too."

Original Submission

Read more of this story at SoylentNews.


Further Trends in Packaging Random Thoughts

I got a package today that had this mysterious item

Epic unpackaging:



Stanford's AI Predicts Death for Better End-of-Life Care IEEE Spectrum Recent Content full text

Deep learning AI is helping screen for ill patients who could benefit from having end-of-life conversations earlier Illustration: iStockphoto

Using artificial intelligence to predict when patients may die sounds like an episode from the dystopian science fiction TV series Black Mirror. But Stanford University researchers see this use of AI as a benign opportunity to help prompt physicians and patients to have necessary end-of-life conversations earlier.

Many physicians often provide overly rosy estimates about when their patients will die and delay having the difficult conversations about end-of-life options. That understandable human tendency can lead to patients receiving unwanted, expensive and aggressive treatments in a hospital at their time of death instead of being allowed to die more peacefully in relative comfort. The alternative being tested by a Stanford University team would use AI to help physicians screen for newly-admitted patients who could benefit from talking about palliative care choices.

Past studies have shown that about 80 percent of Americans would prefer to spend their last days at home if possible. In reality, up to 60 percent of Americans end up dying in an acute care hospital while receiving aggressive medical treatments, according to research cited by the Stanford groups paper Improving Palliative Care with Deep Learning published on the arXiv preprint server.

Palliative care experts usually wait for the medical team in charge of a given patient to request their services, which typically include providing relief for patients suffering from serious illnesses and possibly recording end-of-life treatment preferences in a living will. But Stephanie Harman, an internal medicine physician and founding medical director of Palliative Care Services for Stanford Health Care, saw an opportunity to flip that routine around by giving palliative care physicians the ability to identify and proactively reach out to patients.

Harman took her idea to  Nigam Shah, associate professor of medicine and biomedical informatics at Stanford University. Shah had been talking about possible collaborations involving AI in healthcare with Andrew Ngan adjunct professor at Stanford University and former head of the Baidu AI Group. They agreed that the palliative care idea seemed like a good project to explore together.

The Stanford teams AI algorithms rely upon...


Dem lawmaker wants briefing on major chip vulnerabilities The Hill: Technology Policy

A Democratic lawmaker on Tuesday asked major microchip manufacturers whose products are affected by the Spectre and Meltdown vulnerabilities to provide a briefing on the newly discovered cybersecurity flaws.I am looking to better...


Abandoned by Microsoft, Equation Editor gets security-adopted by micropatch pros Help Net Security

Last week, Microsoft did away with Equation Editor, a tool that has been part of Microsoft Office for over 17 years. The reason behind the move? A remote code execution vulnerability actively exploited in the wild. About Equation Editor Equation Editor is a (mathematical) formula editor that allows users to construct math and science equations in a WYSIWYG environment. While the software component has not been the default method of creating equations since 2007, it More


Powerful Skygofree spyware was reported in November by Lukas Stefanko and first analyzed by CSE CybSec Security Affairs

The Skygofree spyware analyzed by Kaspersky today was first spotted by the researcher Lukas Stefanko and the first analysis was published last year by the CSE Cybsec ZLab.

Security researchers at Kaspersky Lab have made the headlines because they have spotted a new strain of a powerful Android spyware, dubbed Skygofree, that was used to gain full control of infected devices remotely.

Skygofree is an Android spyware that could be used in targeted attacks and according to the experts it has infected a large number of users for the past four years.

The name Skygofree is not linked to Sky Go, which is the subsidiary of Sky and does not affect its services.

The malware has been in the wild at least since 2014, and it was improved several times over the years.

At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago at the end of 2014. reads the analysis published by Kaspersky.

Since then, the implants functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals.

In this post, Ill show you that the malware was first found by the security researcher at ESET Lukas Stefanko and the first detailed analysis of the spyware (titled Malware Analysis Report: Fake 3MobileUpdater) was published by the experts at the CSE Cybsec ZLab.


Purism Eyeing The i.MX8M For The Librem 5 Smartphone, Issues First Status Update Phoronix

If you have been curious about the state of Purism's Librem 5 smartphone project since its successful crowdfunding last year and expedited plans to begin shipping this Linux smartphone in early 2019, the company has issued their first status update...


New vulnerability in ISC BIND announced (CVE-2017-3145) Open Source Security

Posted by ISC Security Officer on Jan 16

Please be advised that ISC public announced a vulnerability in ISC BIND.

CVE-2017-3145 is a denial-of-service vector which can potentially be
exploited against ISC BIND servers, causing them to crash. The
underlying flaw has existed since BIND 9.0.0 but is not known to be
CVE-2017-3137 [9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to
9.11.2, 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1...

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog