IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Saturday, 03 February


Scammers steal nearly $1 million from Bee Token ICO would-be investors Help Net Security

Another day, another ICO-related scam. In an attack similar to that which fooled investors into the Enigma cryptocurrency investment platform, users who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) were tricked into sending the money to scammers instead. What is the Bee Token? Beenest is a home-sharing network built on top of a set of Bee Protocols (Ethereum smart contracts) running on the Ethereum network. The More


How to Manage PGP and SSH Keys with Seahorse

How to Manage PGP and SSH Keys with Seahorse


Big Brother wants to force police to submit fingerprints to prove they showed up for work MassPrivateI

In what can best be described as ironic, Big Brother is finally turning their sights on law enforcement.

After years of abuse, the city of Baltimore wants to install fingerprint scanners in their police departments to stop overtime abuses.

An article in the Baltimore Sun reveals, the Baltimore Police Department  (BPD) is struggling to control overtime abuses, spending nearly a million dollars a week.

Lets not sugar-coat this: Criminals found a gap in the system and took full advantage of it, T.J. Smith, a department spokesman, said.

Finally, police admit that corrupt police officers are criminals!

To stop these 'criminals' from abusing the system, Baltimore wants to install fingerprint scanners in all their police stations.

Police would be required to scan their fingerprints

The hope and it is a slim hope at best, the BPD would require police officers to scan their fingerprints to prove they worked the hours they claimed.

"The Baltimore Police Department plans to require officers to scan their fingerprints at the start and end of shifts to prove theyve worked the hours claimed on their payslips..."

An anonymous police commander claims police officers need to have their fingerprints scanned...

Unless you have a way to track where people are when they say theyre working, particularly overtime, then there is always going to be abuse, he said.

While the BPD should be applauded for trying to stop overtime abuse, it is doubtful the Baltimore Fraternal Order of Police Lodge 3 would ever agree to...


WannaMine: Cryptocurrency Mining Malware That Uses An NSA Exploit TechWorm

WannaMine Malware That Uses NSA Exploit To Mine Cryptocurrencies Is On The Rise

The recent months have seen an increase in cyberattacks using cryptocurrency-mining tools, which has now become one of the main security threats.

In April last year, the EternalBlue exploit, formerly owned by the US National Security Agency (NSA), was leaked to the public by hacking group Shadow Brokers. This exploit was then used as a base in the WannaCry virus that infected more than 230,000 computers running the Microsoft Windows operating system in 150 countries in May 2017.

Now, researchers at CrowdStrike, a cybersecurity company, have discovered a new strain of malware that uses the EternalBlue exploit, to hijack victims computers and CPU processing power to secretly mine cryptocurrency in a new attack dubbed WannaMine.

CrowdStrike has observed more sophisticated capabilities built into a cryptomining worm dubbed WannaMine. This tool leverages persistence mechanisms and propagation techniques similar to those used by nation-state actors, the researchers said in a blog post published on January 25.

WannaMine employs living off the land techniques such as Windows Management Instrumentation (WMI) permanent event subscriptions as a persistence mechanism. It also propagates via the EternalBlue exploit popularized by WannaCry.

This WannaMine malware is quite similar to the one detected by Panda Security in October last year, which was also based on EternalBlue exploit and used by the infected computer to undermine Monero, in that case.

According to the new report, WannaMine can infect a computer in several ways, such as clicking a malicious link in an email or website, or through remote access attack on the victim. In most cases, the victim will not notice anything, except that the computer runs slower.

This malware is complex to attack for companies, as it does not need to download any type of file to infect the computer. Since WannaMine is a fileless operation and uses legitimate system software system software such as WMI and PowerShell to run, it makes it nearly impossible for organizations to detect and block it without some form of next-generation antivirus. However, WannaMine doesnt immediately look to force the EternalBlue exploit.

It first uses a tool called MimiKatz to recover logins and passwords from system memory and try to infiltrate the system once. If that fails, WannaMine turns to the EternalBlue exploit to complete the task and break in.

Once the attack is successful, WannaMine quietly uses the CPU processing power to generate Monero coins in the background. The WannaMine worm uses advanced techniques to maintain persistence within an infected network and...


What Are Those Hieroglyphics on Your Laptop Charger? Hackaday

Look on the back of your laptop charger and youll find a mess of symbols and numbers. Wed bet youve looked at them before and gleaned little or no understanding from what theyre telling you.

These symbols are as complicated as the label on the tag of your shirt that have never taught you anything about doing laundry. Theyre the marks of standardization and bureaucracy, and dozens of countries basking in the glow of money made from issuing certificates.

The switching power supply is the foundation of many household electronics obviously not just laptops and thus theyre a necessity worldwide. If you can make a power supply thats certified in most countries, your market is enormous and you only have to make a single device, possibly with an interchangeable AC cord for different plug types. And of course, symbols that have meaning in just about any jurisdiction.

In short, these symbols tell you everything important about your power supply. Here...


Hundreds of ICS products affected by a critical flaw in CODESYS WebVisu Security Affairs

Researcher discovered a critical vulnerability in the web server component of 3S-Smart Software Solutions CODESYS WebVisu product currently used in 116 PLCs and HMIs from many vendors,

Security researcher Zhu WenZhe from Istury IOT discovered a critical stack-based buffer overflow vulnerability in the web server component of 3S-Smart Software Solutions CODESYS WebVisu product that allows users to view human-machine interfaces (HMIs) for programmable logic controllers (PLCs) in a web browser.

The vulnerability is tracked as CVE-2018-5440 and it has been assigned a CVSS score of 9.8, and the worst news is that it is quite easy to exploit.

The WebVisu product is currently used in 116 PLCs and HMIs from many vendors, including Schneider Electric, Hitachi, Advantech, Berghof Automation, Hans Turck, and NEXCOM.

An attacker can remotely trigger the flaw to cause a denial-of-service (DoS) condition and under some conditions execute arbitrary code on the web server.

A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server. reads the security advisory issued by CODESYS.

According to CODESYS, there is no evidence that the flaw has been exploited in the wild.

The company has released the CODESYS web server V. for CODESYS V2.3 to
address the flaw. This is also part of the CODESYS setup V2.3.9.56.

The vendor also recommends organizations to restrict access to controllers, use firewalls to control the accesses and VPNs.

A PLC flaw can be a serious threat to production and critical infrastructure

Back to the present, querying the Shodan search engine for port 2455 used by CODESYS protocol we can find more than 5,600 systems are exposed online, most of them in the United States, Germany, Turkey, and China.



In Super Bowl of Startups, NFL Looks to Tackle Football Safety IEEE Spectrum Recent Content full text

The National Football Leagues pitch competition features new technologies to promote athlete safety and performance Photo: Tim Bradbury/Getty Images

In the world of tech startups, some say its best to fail fast, fail oftenand its a mantra that WWE founder Vince McMahon might have had on his mind when he announced last week that he was bringing back the XFL. The gimmicky football league failed spectacularly when it first launched, flaming out in 2001 after only one season, and many are already predicting that McMahons 2020 reboot will fail again.

There are, however, nine other innovate startups on display this week, any number of which could have far more lasting impacts on the game of football. And in Minneapolis tomorrow, the day before the New England Patriots and Philadelphia Eagles square off in Super Bowl LII, these nine companies will compete across three categories in the National Football Leagues third annual 1st & Future pitch competition, an event designed to spur new technologies that promote athlete safety and performance on the gridiron.

One winner from each category will receive a US $50,000 check from the league, two tickets to Sundays big game, and bragging rights for taking home what could be thought of as the Heisman of Health-Tech.

Theres lots of amazing technology out there, says Jennifer Wethe, lead neuropsychologist for the Mayo Clinic Arizona Concussion Program and one of the competition judges. But not everything is necessary impactful, novel, practical, and carries the science to back it upall things Wethe will be looking for at Saturdays startup showdown. Hopefully, some of best ideas and research projects will come to the top, she says.

The Mayo Clinic, with its flagship Minnesota hospital located fewer than 100 miles from the site of Sundays action, is co-sponsoring the event alongside the NFL and Comcast-NBCUniversal.

Wethe declined to pick a side in Sundays contest, but one startup whose founders will undoubtedly be cheering for the Pats is Exero Labs, an Ohio-based com...


Have Self-Driving Cars Stopped Getting Better IEEE Spectrum Recent Content full text

New reports from California suggest limits to autonomous vehicle performance Photo-illustration: iStockphoto

Every January, the California Department of Motor Vehicles (DMV) releases data from companies that operated highly automated vehicles on the states public roads the previous year. By law, each company must report how many times a safety driver took control from an autonomous vehicle, either because the system had failed or because the human was worried it had.

Companies get to decide how to record these so-called disengagements. In 2017, for instance, relative newcomer Nvidia logged every single time a human touched the steering wheel of its test vehicle, even at the planned end of a test. Waymo, on the other hand, ran complex computer simulations after each disengagement, and only reported to the DMV those where it believed the driver was correct to take charge, rather than being overly-cautious. GM chose not to report at least one instance where an autonomous car was about to block an intersection.

Such variety in reporting makes for widely disparate data. Nvidia told the DMV that its test runs were typically less than five miles in length, and thus it is not surprising that its car traveled an average of just 4.6 miles between disengagements. Waymo said its 75 test vehicles, in comparison, suffered disengagements only about once every 5,600 miles.


Attackers Exploiting Unpatched Flaw in Flash Krebs on Security

Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses.

Adobe said a critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player and earlier versions. Successful exploitation could allow an attacker to take control of the affected system.

The software company warns that an exploit for the flaw is being used in the wild, and that so far the attacks leverage Microsoft Office documents with embedded malicious Flash content. Adobe said it plans to address this vulnerability in a release planned for the week of February 5.

According to Adobes advisory, beginning with Flash Player 27, administrators have the ability to change Flash Players behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing Flash content. A guide on how to do that is here (PDF). Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode.

For readers still unwilling to cut the Flash cord, there are half-me...


Groundhog Day: Third-party cyber risk edition Help Net Security

Over the past four years, Ive had countless conversations with hundreds of companies around third-party cyber risk issues. Its been my personal Groundhog Day, so to speak. Regardless of sector or size of company, the conversations are almost identical as most everyone faces a similar challenge: How can I truly manage risk from third parties where I have little or no control over their information security practices? I know I have massive risk from third More


RadeonSI NIR Gets Compute Shader Support Phoronix

Timothy Arceri of Valve's Linux GPU driver team continues getting the RadeonSI NIR support up to scratch...


Barrow Redefines Spine Surgery With New Surgical Robot Lifeboat News: The Blog

The Globus Medical ExcelsiusGPS, a spine surgery robot developed at Barrow, provides patients with less-invasive and more precise surgery. Learn More.


New infosec products of the week: February 2, 2018 Help Net Security

Stop threats in enterprise container runtime environments StackRox announced StackRox Detect and Respond 2.0, enhancing its robust threat detection capabilities across five phases of container attacks defined by the new StackRox AIM. With expanded depth and breadth of threat detection, auto-tuned machine learning, and application auto-grouping, StackRox Detection and Response 2.0 enables customers to get ahead of threats aimed at their Docker containers running in production with efficiency. Kenna Security announces vulnerability exploit prediction capability More


First IllustrisTNG Universe Simulation Results Published SoylentNews

How black holes shape the cosmos

Astrophysicists from Heidelberg, Garching, and the USA gained new insights into the formation and evolution of galaxies. They calculated how black holes influence the distribution of dark matter, how heavy elements are produced and distributed throughout the cosmos, and where magnetic fields originate. This was possible by developing and programming a new simulation model for the universe, which created the most extensive simulations of this kind to date. First results of the "IllustrisTNG" project have now been published in three articles in the journal Monthly Notices of the Royal Astronomical Society. These findings should help to answer fundamental questions in cosmology.

Every galaxy harbours a supermassive black hole at its center. A new computer model now shows how these gravity monsters influence the large-scale structure of our universe. The research team includes scientists from the Heidelberg Institute for Theoretical Studies (HITS), Heidelberg University, the Max-Planck-Institutes for Astronomy (MPIA, Heidelberg) and for Astrophysics (MPA, Garching), US universities Harvard and the Massachusetts Institute of Technology (MIT), as well as the Center for Computational Astrophysics in New York. The project, "IllustrisThe Next Generation" (IllustrisTNG) is the most complete simulation of its kind to date. Based on the basic laws of physics, the simulation shows how our cosmos evolved since the Big Bang. Adding to the predecessor Illustris project, IllustrisTNG includes some of the physical processes which play a crucial role in this evolution for the very first time in such an extensive simulation.

TNG Project's web site:

Pictures and videos:

First results from the IllustrisTNG simulations: matter and galaxy clustering (DOI: 10.1093/mnras/stx3304) (DX)

First results from the IllustrisTNG simulations: the galaxy colour bimodality (DOI: 10.1093/mnras/stx3040) (DX)

First results from the IllustrisTNG simulations: the stellar mass content of groups and clusters of galaxies (DOI: 10.1093/mnras/stx3112) (DX)

Original Submission



Bomgar acquires Lieberman Software Help Net Security

Bomgar has acquired Lieberman Software, a provider of privileged identity and credential management software. Terms of the transaction were not disclosed. Remote access is the most common attack pathway for hackers, and the majority of todays data breaches involve a stolen privileged credential. Bomgar gives organizations the ability to proactively address these threats by providing an approach to securing access to critical systems and ensuring that the credentials to those critical systems are actively managed More


The future of smartphone security: Hardware isolation Help Net Security

Mobile spyware has become increasingly more ubiquitous in corporate networks and devices. In a 2017 study, Check Point has found that out of the 850 organizations that they queried, 100% had experienced a mobile malware attack at least once in the past. To date, most cybersecurity companies have focused either on software-only or built-in hardware solutions as a way of fighting back against these threats. While some of these solutions have proven to be effective, More

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Friday, 02 February


Secunia Research: Linux Kernel USB over IP Multiple Denial of Service Vulnerabilities Open Source Security

Posted by Secunia Research on Feb 02


Secunia Research 2017/12/11

Linux Kernel USB over IP Multiple Denial of Service Vulnerabilities


Table of Contents

Affected Software....................................................1
Description of...


Secunia Research: Linux Kernel USB over IP Information Disclosure Vulnerability Open Source Security

Posted by Secunia Research on Feb 02


Secunia Research 2017/12/11

Linux Kernel USB over IP Information Disclosure Vulnerability


Table of Contents

Affected Software....................................................1
Description of...


Analysis of my Hermes-Lite 2 bandscope recording Daniel Estvez

A few weeks ago I posted how I make wideband recordings of bandscope data with my Hermes-Lite 2. In that post, I sort of promised to do a small analysis of the waterfall I showed. After being busy with other things (PicSat's launch among them), I've finally had time to write something up.

The original waterfall can be seen below. It contains 5 days of data from 0 to 38.4MHz.

Hermes-Lite 2 bandscope data for 5 days

Most of the patterns repeat every day in the same way, as ionospheric propagation is affected by the daylight cycle. I have extracted a complete day, starting around local sunrise. I have labelled the frequency and time axes for easy reference. I have also cropped the frequency to between 0 and 22MHz, since not much happens above 22MHz.

24 hours of bandscope recording

The most noticeable daytime/nighttime pattern happens in the MF broadcast band (between 500 and 1600kHz approximately). At daytime, a few local AM stations can be heard via groundwave. At nighttime, many distant AM stations can be heard via skywave. The effect is very noticeable between 1000 and 1600kHz, since the highest local station is at 999kHz. At this time of the year, days are quite short, lasting a bit more than 8 hours. The keen ey...


Google and 3M Join the Universal Stylus Initiative SoylentNews

Google and 3M are helping to produce an open specification for styluses that can be used across different touchscreen devices:

The humble pen isn't dead or at least the stylus isn't. Because styluses remain a big piece of the mobile accessories market, Google and 3M have joined the Universal Stylus Initiative (USI), a collective that aims to create an open, non-proprietary active stylus specification. The standard will be designed for manufacturers to create and promote styluses that are compatible with various touchscreen devices, including phones and tablets.

To accomplish this, the standard uses two-way communication instead of just one. Ink color and stroke preferences are stored in the stylus, which can be taken across different devices, while up to six styluses can operate simultaneously on a single device. The USI standard supports 4,096 levels of pressure sensitivity (the same pressure level as Samsung's S Pen and Microsoft's Surface Pen) and 9-axis inertial measurement to follow and track complex movements precisely.

Also at Ars Technica.

Original Submission

Read more of this story at SoylentNews.


A faster way to fusion Lifeboat News: The Blog

The benefits of fusion power are globally recognised. But the process of creating and commercialising fusion energy is a considerable scientific and engineering challenge.

This challenge is the sole focus of our work at Tokamak Energy. We believe we have a unique solution that will enable fusion to be implemented efficiently and quickly.

We are pioneering the compact spherical tokamak route to fusion power exploring and developing our own compact spherical tokamaks (the device in which controlled fusion can take place) that will use high temperature superconductors to create strong magnetic fields to contain the hot plasma.


Ubuntu 18.04 LTS Might Ship With OpenJDK 10, Transition To OpenJDK 11 Phoronix

Canonical's Tiago Daitx has laid out a proposal today for having an OpenJDK stable release update exception for the upcoming Ubuntu 18.04 LTS "Bionic Beaver" to reduce their long-term maintenance burden...


Flexiphone Rises from the Ashes of Broken Instruments Hackaday

The mechanics of an old Rhodes Piano, and a set of chromatic saucer bells rescued from a reed organ. What do these two things have to do with each other? If youre [Measured Workshop], they are the makings of a new instrument. The Flexiphone is a transposable instrument with a piano keyboard and interchangeable sound source.

The Rhodes is a great stage instrument. Unlike a piano with strings, it uses tines mounted above the key mechanism. It is also relatively compact for an analog instrument. This made it perfect as a donor for the Flexiphones keyboard. [Measured Workshop] cut they mechanism down to 30 keys, just under 2 octaves. The key mechanism was also cleaned up and restored with new felt.

The sounding portion of the Flexiphone is a set of chromatic saucer bells. The bells are mounted on a felt covered threaded rod, which itself sits in a wood frame. The bell frame sits on top of the base in one of three slots. Each slot is a halftone transposed from the last. Simply moving the bells allows the player to transpose the entire instrument. The bells and their rod frame can also be completely removed and replaced with any other sound source.

The Flexiphone sounds great sometimes. As [Measured Workshop] says, bells contain many harmonics. playing single or double notes sounds rather sweet, but chords can sometimes become a shrill assault on the ears. Still, its an awesome hack with plenty of potential for future mods.

If you liked this hack, check out a toy piano modified into a synth, or this instrument made from wind chimes and dry ice.


DDG, the second largest mining botnet targets Redis and OrientDB servers Security Affairs

Researchers at Qihoo 360s Netlab analyzed a new campaign powered by the DDG botnet, the second largest mining botnet of ever, that targets Redis and OrientDB servers.

A new Monero-mining botnet dubbed DDG was spotted in the wild, the malware targets Redis and OrientDB servers.

According to the researchers at Qihoo 360s Netlab, the DDG botnet was first detected in 2016 and is continuously updated throughout 2017.

Starting 2017-10-25, we noticed there was a large scale ongoing scan targeting the OrientDB databases. Further analysis found that this is a long-running botnet whose main goal is to mine Monero CryptoCurrency. We name it DDG.Mining.Botnet after its core function module name DDG. reads the analysis published by Netlab.

The miner has already infected nearly 4,400 servers and has mined over $925,000 worth of Monero since March 2017, DDG is among the largest mining botnets.

Yesterday I wrote about the greatest mining botnet called Smominru that has infected over 526,000 Windows machines, its operators had already mined approximately 8,900 Monero ($2,346,271 at the current rate).

The malware exploits the remote code execution vulnerability CVE-2017-11467 to compromise OrientDB databases and targets Redis servers via a brute-force attack.

Crooks are focusing their efforts on attacks against servers that usually have significant computing capabilities.

The attack chain described by the researchers from Qihoo 360s Netlab is composed of the following steps:

  • Initial Scanning: The attacker (ss2480.2) exploits the known RCE vulnerability of the OrientDB database and drops the attack payload
  • Stage 1: Attackers modify local Crontab scheduled tasks, download and execute (hxxp: // on the primary server and keep it synchronized every 5 minutes
  • Stage 2: DDG traverses the built-in file hub_iplist.txt, check the connectivity of every single entry and try to download the corresponding Miner program wnTKYg from the one can be successfully connected (wnTKYg.noaes if the native CPU does not support AES-NI)
  • Mining Stage: The Miner program begins to use the computing resources of the compromised host to begin mining for the attackers wallet.

The following image shows the DDG Mining Botnet attack process:



These Are The Bonkers Jobs Of The Future, According To Davos Lifeboat News: The Blog

After listening to the speakers and panelists, a team of creatives illustrated their visions of the future.


The Big DRM Update Lands In Linux 4.16: DC Multi-Display Sync, More Cannonlake Phoronix

Adding to the list of big feature additions for Linux 4.16 is the Direct Rendering Manager (DRM) pull request that has already been honored by Linus Torvalds...


Debating Slaughterbots and the Future of Autonomous Weapons Lifeboat News: The Blog

People can look at the same technology and disagree about how it will shape the future, explains Paul Scharre as he shares a final perspective on the Slaughterbots debate.


Anti-Missile Missile Misses Again, US Military Keeping Quiet Regarding Test SoylentNews

Demonstrating again that anti-missile missiles work best under carefully controlled circumstances, a test of such a weapon fired from Hawaii has missed its target.

The US$30 million test was fired from the Kauai Aegis Ashore site in Hawaii. It was supposed to see a SM-3 Block IIA anti-missile missile intercept a target representing an incoming missile that was launched from an aircraft.

The US Pacific Command, contacted by CNN, confirmed that a test took place but not the outcome, saying only that the test took place on Wednesday morning.

The Raytheon SM-3 Block IIA is a joint US-Japan development built to provide a defence against medium-range and intermediate-range ballistic missiles.

Defense News noted that without further information from the Missile Defense Agency (MDA) it's impossible to know whether the problem was in the interceptor, the targeting radar, or the Raytheon-developed Aegis weapons system used by the US Navy was at fault.

Additional Coverage at DefenseNews and USNI News.

The Raytheon SM-3 Block IIA Interceptor.

Original Submission

Read more of this story at SoylentNews.


Several New ARM Devices Supported By The Linux 4.16 Kernel Phoronix

Arnd Bergmann sent in his several pull requests on Thursday providing new ARM SoC platform support, driver updates, and DeviceTree bits for bringing up some new ARM hardware support within the mainline Linux kernel...


GNOME 3.28 Beta Is Next Week Marking The Feature/UI Freeze Phoronix

The GNOME 3.28 beta (v3.27.90) is due to happen next week that also marks a number of freezes for the desktop components ahead of the official release next month...


FOSDEM 2018 Is This Weekend In Brussels Phoronix

It's a bit late to make arrangements if you already weren't planning on it, but this weekend is FOSDEM in Brussels. FOSDEM remains one of the best open-source/Linux events in the world...


Physicists Just Found a New Way to Bend a Fundamental Rule of Light Waves Lifeboat News: The Blog

One of the more well-known rules in physics is that light can only ever go one speed, so long as nothing stands in its way.

But new research has found there could be an interesting exception to this rule, where the mixing of light waves could bring them to a complete standstill.

The discovery hints at new ways of wrangling not just photons but nearly any kind of wave, which could be useful in technology that relies on information sent and stored using light.


Researchers discovered several zero-day flaws in ManageEngine products Security Affairs

Security experts at Digital Defense have discovered several vulnerabilities in the products of the Zoho-owned ManageEngine.

The list of vulnerabilities discovered includes a flaw that could be exploited by an attacker to take complete control over the vulnerable application.

The flaws affect ServiceDesk Plus, Service Plus MSP, OpManager, Firewall Analyzer, Network Configuration Manager, OpUtils and NetFlow Analyzer.

ManageEngine has more than 40,000 customers worldwide and provides complete solutions for IT management.

manageengine products

One of the vulnerabilities affects the ManageEngine ServiceDesk Plus help desk software, the experts discovered an unauthenticated file upload flaw that could be exploited by an attacker to upload a JavaScript web shell and use it to execute arbitrary commands with SYSTEM privileges.

Researchers also discovered several blind SQL injection vulnerabilities that could be triggered by an unauthenticated attacker to take complete control of an application.

These ManageEngine products are also affected by an enumeration flaw that can be exploited to access user personal data, including usernames, phone numbers, and email addresses.

[Digital Defense] announced that its Vulnerability Research Team (VRT) uncovered multiple, previously undisclosed vulnerabilities within several ManageEngine products, allowing unauthenticated file upload, blind SQL injection, authenticated remote code execution and user enumeration, potentially revealing sensitive information or full compromise of the application. reads the press release issued by the company.

Application layer vulnerabilities continue to be a key area of focus for software vendors, said Mike Cotton, vice president of engineering at Digital Defense. We are pleased to work collaboratively with affected vendors to facilitate prompt resolution, ensuring our clients and enterprises are protected from any potential exploitation of these vulnerabilities.

ManageEngine promptly released security updates to address the vulnerabilities discovered by researchers at D...


A revolution in health care is coming Lifeboat News: The Blog

Will the benefits of making data more widely available outweigh such risks? The signs are that they will. Plenty of countries are now opening up their medical records, but few have gone as far as Sweden. It aims to give all its citizens electronic access to their medical records by 2020; over a third of Swedes have already set up accounts. Studies show that patients with such access have a better understanding of their illnesses, and that their treatment is more successful. Trials in America and Canada have produced not just happier patients but lower costs, as clinicians fielded fewer inquiries. That should be no surprise. No one has a greater interest in your health than you do. Trust in Doctor You.

NO WONDER they are called patients. When people enter the health-care systems of rich countries today, they know what they will get: prodding doctors, endless tests, baffling jargon, rising costs and, above all, long waits. Some stoicism will always be needed, because health care is complex and diligence matters. But frustration is boiling over. This week three of the biggest names in American businessAmazon, Berkshire Hathaway and JPMorgan Chaseannounced a new venture to provide better, cheaper health care for their employees. A fundamental problem with todays system is that patients lack knowledge and control. Access to data can bestow both.

The internet already enables patients to seek online consultations when and where it suits them. You can take over-the-counter tests to analyse your blood, sequence your genome and check on the bacteria in your gut. Yet radical change demands a shift in emphasis, from providers to patients and from doctors to data. That shift is happening. Technologies such as the smartphone allow people to monitor their own health. The possibilities multiply when you add the crucial missing ingredientsaccess to your own medical records and the ability easily to share information with those you trust. That allows you to reduce inefficiencies in your own treatment and also to provide data to help train medical algorithms. You can enhance your own care and everyone elses, too.

Upgrade your inbox.


Reducing Year 2038 Problems in curl SoylentNews

curl is a text-based utility and library for transferring data identified by their URLs. It is now year-2038 safe even on 32-bit systems. Daniel Stenberg, the orginal hacker of curl, has overseen a year-2038 fix for 32-bit systems. Without specific modifications, 32-bit systems cannot handle dates beyond 03:14:07 UTC on 19 January 2038. After that date, the time counter flips over and starts over again at zero, which would be the beginning of the UNIX epoch known as 00:00:00 UTC on 1 January 1970. Given the pervasiveness of 32-bit embedded systems and their long service lives, this is a serious problem and good (essential) to have fixed decades in advance. The OpenBSD project was the first major software project to take steps to avoid potential disaster from 32-bit time and awareness has since started to spread to other key software project such as curl.

Original Submission

Read more of this story at SoylentNews.


Keeping Magnetized Marbles from Stopping the Music Hackaday

Take a couple of thousand steel balls, add a large wooden gear with neodymium magnets embedded in it, and what do you get? Either the beginnings of a wonderful kinetic music machine, or a mess of balls all stuck together and clogging up the works.

The latter was the case for [Martin], and he needed to find a way to demagnetize steel balls in a continuous process if his Marble Machine X were to see the light of day. You may recall [Martin] as a member of the band Wintergatan and the inventor of the original Marble Machine, a remarkable one-man band that makes music by dropping steel balls on various instruments. As fabulous a contraption as the original Marble Machine was, it was strictly a studio instrument, too fragile for touring.

Marble Machine X is a complete reimagining of the original, intended to be robust enough to go on a world tour. [Martin] completely redesigned the lift mechanism, using magnets to grip the balls from the return bin and feed them up to a complicated divider. But during the lift, the balls became magnetized enough to stick together and no longer roll into the divider. The video below shows [Martin]s solution: a degausser using magnets of alternating polarity spinning slowly under the sticky marbles. As a side note, its interesting and entertaining to watch a musician procrastinate while debugging a mechanical problem.

We cant wait to see Marble Machine X in action, but until its done well just settle for [Martin]s other musical hacks, like his paper-tape programmed music box or this mashup of a synthesizer and a violin.


Watch out, cyber criminals are using fake FBI emails to infect your computer Security Affairs

The FBI Internet Crime Complaint Center (IC3) is warning of a new malware campaign aimed at infecting victims with weaponized attachments.

The Feds Internet Crime Complaint Center (IC3) is warning of a new spam campaign aimed at infecting victims with a ransomware. According to an alert issued on Wednesday by the IC3, numerous citizens filled complaints after received emails purporting to be from IC3. The message pretends to be the compensation from a cyber attack and asks the victims to fill the attached document, but the file is laced with malware.

The story is interesting, the email reports that a Nigerian cyber criminal had been arrested and feds have found the recipients email address of the alleged scammers PC. The email asks victims to return the document with recipient info and wait for the refund to arrive. Once the victim has opened the document, the infection process will start.


The FBI has identified at least three other versions of the IC3 impersonation scam:

  • The first involved a fake IC3 social media page, which advertised itself as the FBI Cyber Crime Department (IC3) and requested recipients provide personal information in order to report an internet crime. states the alert issued by the FBI.
  • The second involved an email which stated the recipient was treated unfairly by various banks and courier companies. The email claimed the recipients name was found in a financial companys database and that they will be compensated for this unfair treatment.
  • The third example involved an email from the Internet Crime Investigation Center/Cyber Division and provided an address in Minneapolis, Minnesota. The email also included a case reference number in the subject line. The email informed the recipient that their IP address was referred to the IC3 as a possible victim of a federal cyber-crime. The email then requests the recipient to contact the sender via telephone.

FBI is currently investigating the cases, victims of an online scam can file a complaint with the IC3 at


Judge Pushes Pirate Set-Top Box Cases Back, Demands Quality Evidence TorrentFreak

After cutting their teeth on blocking injunctions against torrent and regular streaming sites, last November it was revealed that Australian movie outfit Village Roadshow and a coalition of movie studios (Disney, Universal, Warner Bros, Twentieth Century Fox, and Paramount) had switched to a new threat.

Their action targeted HDSubs+, a fairly well-known IPTV service that provides hundreds of otherwise premium live channels, movies, and sports for a relatively small monthly fee.

The application for injunction was filed October 2017 and in common with earlier requests, it targets Australias largest ISPs. Telstra, Optus, TPG, and Vocus, plus their subsidiaries, were asked to prevent the pirate service being accessed by their customers.

In December, a parallel action was revealed, this time by Hong Kong-based broadcaster Television Broadcasts Limited (TVB). The company is also demanding that local ISPs block Android-based pirate IPTV services, named in court as the A1, BlueTV, EVPAD, FunTV, MoonBox, Unblock, and hTV5.

During a case management hearing in Federal Court today, Justice Nicholas told Roadshow Films that its application would be pushed back from March to mid-April so that it can be hard alongside the application made by TVB. The relative complexity of the cases appears to have played a role.

While blocking demands for these kinds of services may seem similar to those targeted at torrent sites, the situation is more complex, and the Judge clearly wants to have a good grip on the matter.

I will need to be satisfied by evidence so that I have a good understanding of how it works, I know what the precise relationship is between this box, the apps, and the site from which [content is] downloaded, the Judge told lawyers appearing for Roadshow and TVB.

One of the issues revolves around the structure of these IPTV services. A number of URLs are required to maintain them, each with a specific role.

A total of 21 URLs were listed in the TVB case and at least another ten for the single service listed in the Roadshow application. The URLs are used for various aspects of the service including the provision of an EPG (electronic program guide), the software itself (such as an Android app), subsequent updates, and sundry other services.

The Judge warned the companies that he will need to be able to understand them all and if he does not, then blocking injunctions may not even be granted.

I dont want th...


Deep Brain Stimulation Could Treat Alzheimer's Disease SoylentNews

Deep brain stimulation (DBS) using wires implanted under the skull may overcome the effects of Alzheimer's disease:

LaVonne Moore has Alzheimer's disease, but her doctors hope her dementia symptoms could possibly be kept in check by a new type of treatment. Electric wires implanted deep in her brain stimulate areas involved with decision-making and problem-solving. Unlike many long-term dementia patients, LaVonne, 85, can cook meals, dress herself and organise outings. But it remains unclear whether her deep brain stimulation (DBS) therapy is responsible for her independence.

DBS is already helping hundreds of thousands of patients with Parkinson's disease to overcome symptoms of tremor, but its use in Alzheimer's is still very experimental. Only a small number of DBS studies have been done for Alzheimer's and they have focused on stimulating brain regions governing memory, rather than judgement. But Dr Douglas Scharre and colleagues at the Ohio State University Wexner Medical Center believe their approach, which targets the decision-making frontal lobe of the brain, might help patients keep their independence for longer.

Original Submission

Read more of this story at SoylentNews.


Amazingly, SpaceX Fails To Expend Its Rocket SoylentNews

On Wednesday evening, a couple of hours after the Falcon 9 rocket had successfully deployed a satellite into geostationary transfer orbit, SpaceX founder Elon Musk shared a rather amazing photo on Twitter. "This rocket was meant to test very high retrothrust landing in water so it didn't hurt the droneship, but amazingly it has survived," he wrote. "We will try to tow it back to shore." In other words, a rocket that SpaceX had thought would be lost after it made an experimental, high-thrust landing somehow survived after hitting the ocean.

This was amazing for a couple of reasons. First of all, when the first stage of a rocket hits water after a launch, it typically explodes. (This can be seen in some of the early water landing attempts shown in a blooper reel released by the company). A rocket should not survive impact because it will rupture the relatively thin aluminum-lithium alloy tanks that separate fuel and oxidizer. These tanks are built to withstand the axial force of a vertical launch, but not a crash into the ocean.

[...] It is not clear how SpaceX will attempt to tow the rocket to shore. The company's Atlantic Ocean-based drone ship, "Of Course I Still Love You," will be in service during the next week to catch the central core of the Falcon Heavy launch, tentatively scheduled for Tuesday, February 6. Perhaps the company will take a page from the playbook of NASA, which recovered the space shuttle's larger solid-rocket boosters, with tugboats.

Original Submission

Read more of this story at SoylentNews.


(Unpatched) Adobe Flash Player Zero-Day Exploit Spotted in the Wild The Hacker News

Another reason to uninstall Adobe Flash Playera new zero-day Flash Player exploit has reportedly been spotted in the wild by North Korean hackers. South Korea's Computer Emergency Response Team (KR-CERT) issued an alert Wednesday for a new Flash Player zero-day vulnerability that's being actively exploited in the wild by North Korean hackers to target Windows users in South Korea. <!--


A Grandfather Clock BarBot Hackaday

As the saying goes, its five oclock somewhere; when the clock finally strikes the hour, that same clock can pour you a drink thanks to redditor [Diggedypomme].

This bar-clock can dispense beverages with up to four different spirits and four mixers, and takes orders over voice, keyboard, or web-controls. A belt-driven drink loading platform pushes out through a spring-loaded door and once the vessel is in place and the order received, peristaltic pumps dispense the spirits while servos open taps for the mixers a far easier method to administer the often carbonated liquids. A Raspberry Pi acts as this old-timers brain, an Arduino controls the lights, and a HAT to controls the servos. Heres a more in-depth tour of whats going on behind the bar, but check out the video after the break for a full run through of a few drink orders!

In a future version, [Diggedypomme] wants music to play and the lights to flash different patterns depending on the drink being poured, as well as the option to serve multiple drinks in sequence. Some splashing when pouring the drinks might also be remedied by adjusting the height of the tap or a fitting a nozzle.

As cool as this old-timer beverage bot is, barbots arent limited to alcohol tea is a viable option. However, if you prefer your drink dispensers a little more stripped-down, you might be surprised what two motors can accomplish.



JEDEC Publishes UFS 3.0 SoylentNews

JEDEC has published UFS 3.0, which will double the bandwidth available to smartphones and other devices, and specifies temperature event notifications intended for automotive storage applications:

Smartphones already have storage speeds that rival PCs and they're going to take another big leap soon. Standards group JEDEC has unveiled UFS 3.0, a new flash storage standard for mobile devices, Chromebooks, VR headsets and automotive devices that doubles the bandwidth of UFS 2.1 to a stellar 2.9 GB/s. That's only a theoretical maximum that real-world devices won't likely reach, however, and requires that the host device has the hardware to support it.

UFS 3.0 also lowers flash power consumption and increases reliability in a [wider range] of temperature conditions, a bonus for vehicle applications. It does all this thanks to lower voltage requirements that support the latest types of NAND, a refresh function that increases reliability, and double the speeds per lane (from 5.8 to 11.6 Gbps with a maximum of two lanes).

Also at AnandTech.

Original Submission

Read more of this story at SoylentNews.


Amazon Patents A Wristband That Can Track Workers' Movement SoylentNews

[Amazon] has patented designs for a wristband that would track where its workers put their hands in relation to inventory bins and give "haptic feedback" to signal if they have the right bin to retrieve an item or not. The patent documents were first spotted by GeekWire.

The "ultrasonic bracelet", supposed to be a time- and labour-saving device, would work by periodically emitting ultrasonic sound pulses to a receiver, tracking which bin a worker is reaching for and monitoring how efficiently they fulfill orders. The wristband would also send and receive radio transmissions, pinning a worker's location and giving a burst of "haptic feedback", a vibration similar to those found in phones or game controllers, which would tell the employee if they're reaching for the right bin or not.

The approach would eliminate the need for extra time-consuming acts, "such as pushing a button associated with the inventory bin or scanning a barcode associated with the inventory bin," one patent's description reads.

Original Submission

Read more of this story at SoylentNews.


[security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection Bugtraq

Posted by cyber-psrt on Feb 01


Document ID: KM03083653
Version: 1

MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus
Fortify Software Security Center (SSC), XML External Entity Injection

NOTICE: The information in this Security Bulletin should be acted upon as...


Three Wires = One Motor Hackaday

Heres a quick build to show off fundamentals of electric current to new makers or a cool party trick that might earn you a buck. [Jay] from the [Plasma Channel] shows off how you can make a simple motor with only three pieces of enameled wire in under five minutes.

Start with a roll of 26-guage or thicker magnet wire, and a pair of scissors or knife. For the base, wrap fifteen to twenty turns of wire around any spherical object about one and a half inches in diameter, leaving a few inches extra on both ends. Wrap those ends around your coil a few tines to secure it and straighten out the excess length one will act as a support and the other will connect to your power source. Another piece of wire similarly wrapped around the base coil acts as the other support and the other terminal. Scrape off the wire coating from one side on both support wires and curl them into small loops. Halfway done!

The spinning coil is made using the same method as the base, coiling it around a cylinder about a half an inch in diameter scraping half the coating off each side once again and inserted between the supports. Once a battery connects the two terminal ends, the electromagnetic fields of the two coils repel each other. As the spinning coil rotates, the wire coating breaks the circuit long enough to complete a revolution before beginning again. Cue applause from your rapt audience.

Again, this is a simple crash course, but the principles can be used to optimize any brushless motors  or revive an ailing quadcopter.


5 Reasons Why Humans Cant Do Without Sports - Facts So Romantic Nautilus

The importance of being playful is evident in how ancient the behavior is.Photograph by U.S. Air Force / Staff Sgt. Jannelle McRae

Last year, more than 111 million peopleabout a third of the U.S. populationwatched the Super Bowl. The numbers will likely be similar on Sunday: Devout football fans, and those watching their first N.F.L. game all year, will feel the thrill and pull of watching the two playoff finalists, the New England Patriots and Philadelphia Eagles, face off.  

Among the two-thirds of Americans who wont be watching, some will be no doubt be wondering what anyone gets out of the spectacle. Its true, in an evolutionarily sense, it may not be obvious what the attraction is: Sports cost time and energy with no clear or direct survival payoff for the playersditto for the spectators. So whats the point? Well, its also true, in an evolutionary sense, that sports showcase human nature. Here are five reasons why we watch and play sports.

1. Playing sports prepares us for dealing physically with the world

The importance of being playful is evident in how ancient the behavior is. Humans are not the only animals who play. Birds and other mammals play, and safely learning how
Read More


From Stanford University President to Chairman of Alphabet/Google IEEE Spectrum Recent Content full text

RISC pioneer John Hennessys side hustle gets serious Photo: Gabriela Hasbun

When John Hennessy announced in 2015 that he was stepping down as president of Stanford University the following year, he said, "The time has come to return to what brought me to Stanfordteaching and research."

Turns out, you cant keep a guy like Hennessy down on The Farm, at least in that small of a corral. Hennessy this week was named the new chairman of Alphabet, the parent company of Google. Eric Schmidt, who joined Google as CEO in 2001 to provide adult supervision, announced in December that he was stepping down.

Hennessy, meanwhile, has been on the Google/Alphabet board since 2004. He also serves as a director at Cisco Systems, the Daniel Pearl Foundation, and the Gordon and Betty Moore Foundation. But his main gig over the decades has been as a professorand then dean of engineering, provost, and president before going back to professorat Stanford University.

Ive spoken to Hennessy a number of times over the years as his career evolvedalways a great interview, for Hennessy is known for his sense of humor, and his willingness to be blunt on occasion. A pioneer in reduced-instruction-set computing (RISC), Hennessy told me in 2002 that his career parallels the coming of age of computer science.

Hennessy built his first computer, a machine that played tic-tac-toe, back in the 1960s, when he was 16. As a Stanford professor in the early 1980s, Hennessy worked with Forest Baskett and Jim Clark on the chip that became the Geometry Engine and launched Silicon Graphics. He then designed a VLSI chip that proved the concept of the RISC architecture and helped launch MIPS Computer Systems to commercialize the technology.  He also helped start Atheros Communications, now part of Qualcomm, and wrote several books.

In the current vernacular, this is a guy who has...



New Monero mining malware infected 500K PCs by using 2 NSA exploits HackRead

By Waqas

Another day, another Monero mining malware This one uses two

This is a post from Read the original post: New Monero mining malware infected 500K PCs by using 2 NSA exploits


How I coined the term 'open source' (

Over at, Christine Peterson has published her account of coining the term "open source". Originally written in 2006, her story on the origin of the term has now been published for the first time. The 20 year anniversary of the adoption of "open source" is being celebrated this year by the Open Source Initiative at various conferences (recently at, at FOSDEM on February 3, and others). "Between meetings that week, I was still focused on the need for a better name and came up with the term "open source software." While not ideal, it struck me as good enough. I ran it by at least four others: Eric Drexler, Mark Miller, and Todd Anderson liked it, while a friend in marketing and public relations felt the term "open" had been overused and abused and believed we could do better. He was right in theory; however, I didn't have a better idea, so I thought I would try to go ahead and introduce it. In hindsight, I should have simply proposed it to Eric Raymond, but I didn't know him well at the time, so I took an indirect strategy instead. Todd had agreed strongly about the need for a new term and offered to assist in getting the term introduced. This was helpful because, as a non-programmer, my influence within the free software community was weak. My work in nanotechnology education at Foresight was a plus, but not enough for me to be taken very seriously on free software questions. As a Linux programmer, Todd would be listened to more closely."


Not Just Zika: Other Mosquito-Borne Viruses May Cause Birth Defects SoylentNews

Not just Zika: Other mosquito-borne viruses may cause birth defects, study suggests

When scientists discovered that the Zika virus was causing birth defects, it seemed to catch the world off guard. The mosquito-borne virus could slip from mother to fetus and damage the developing brain, leaving newborns with a range of serious complications.

But what if other viruses spread by insects also pose a threat to fetuses?

On Wednesday, scientists reported that two viruses, West Nile and Powassan, attacked mouse fetuses when pregnant mice were infected, killing about half of them. The viruses also successfully infected human placental tissue in lab experiments, an indication that the viruses may be able to breach the placental barrier that keeps many maternal infections from reaching the fetus.

Just because a virus proves fatal to a mouse fetus or replicates in human tissue in the lab does not mean that it causes pregnancy complications or birth defects in people, the scientists were quick to say. But Dr. Jonathan Miner, the senior author of the study [DOI: 10.1126/scitranslmed.aao7090] [DX], which was published in the journal Science Translational Medicine, said the results called for further research into these and other emerging viruses, and for experts to keep an eye out for possible complications when pregnant women acquire these infections.

Original Submission

Read more of this story at SoylentNews.


CBS, Viacom form panels to explore potential merger The Hill: Technology Policy

CBS Corp. and Viacom announced Thursday that the two companies are discussing a potential merger, a move that would reunite the two companies that were split by founder Sumner Redstone more than a decade ago.The two companies released...


Permission given to create Britains first three-person babies Lifeboat News: The Blog

Two women with gene mutation that causes degenerative disorder will undergo therapy.

Science editor.


Links 1/2/2018: Linux Journal 2.0, Microsofts $6.3B Loss, AtCore 1.0.0 Techrights

GNOME bluefish



  • Linux Journal 2.0 FAQ

    A. Digital privacy/digital responsibility. Weve wiped all advertising off the Linux Journal site and from the magazine and are starting with a clean slate. When we go back to running ads, they wont be of the spying kind you find on most sites, generally called adtech. The one form of advertising we are willing to bring back is sponsorship. Thats where advertisers support Linux Journal because they like what we do and want to reach our readers in general. At their best, ads in a publication and on a site like Linux Journal provide useful information as well as financial support. There is symbiosis there. Email publisher if youre interested in talking about Linux Journal sponsorship.

  • The Refactor Factor

    Then, Linux Journal announced that it wasnt dead after all! Since that announcement, everyone has been working both publicly and behind the scenes to figure out exactly what a refactored Linux Journal 2.0 looks like. Refactoring a magazine raises a lot of questions. Would there still be magazine subscriptions? If so, how often? What about the website? What writers are coming back?

  • Desktop

    • Exclusive: U.S. sanctions curb Microsoft sales to hundreds of Russian firms

      Two of Microsofts official distributors in Russia have imposed restrictions on sales of Microsoft software to more than 200 Russian companies following new U.S. sanctions, according to notifications circulated by the distributors.

      While much of the focus around U.S. sanctions has been on ways they are being skirted, the moves by the Russian distributors show how tougher restrictions that came into force on Nov. 28 are starting to bite.

      The new measures...


Steam On Linux Starts 2018 With A Slight Increase In Gamers Phoronix

At least on a percentage basis, the Steam Linux marketshare grew slightly for January 2018...


Overnight Tech: Senators want probe of company selling fake Twitter followers | Google parent made over $100B in 2017 | House chair threatens to subpoena DHS over Kaspersky The Hill: Technology Policy

SENATORS WANT FTC PROBE INTO FAKE TWITTER FOLLOWER SALES: Two senators are asking the Federal Trade Commission (FTC) to investigate a company that sells fake Twitter followers in the wake of a New York Times report that revealed that dozens of...


HandHolo: A Homebrew ARG Hackaday

Taking a dive into VR or augmented reality once, dreamed-of science fiction is not only possible for the average consumer, but crafting those experiences is as well! user [kvtoet]s HandHolo is a homebrew method to cut your teeth on peeking into a virtual world.

This project requires a smartphone running Android Oreo as its backbone, a Bluetooth mouse, a piece of cardboard and a small mirror or highly reflective surface. The phone is slotted into the cardboard housing prototype with what you have! above the mouse, and the mirror angled opposite the screen reflects the image back to the user as they explore the virtual scene.

Within Unity, [kvtoet]s used a few scripts that access phone functions namely the gyroscope, which is synchronised to the mouses movements. That movement is translated into exploration of the virtual space built in Unity and projected onto the portal-like mirror. Check it out!

Its a straightforward setup process if you want to give it a whirl, and an excellent project to flex those aspirational game dev skills or dabble in augmented reality something that is more and more popular these days.


HPR2480: What's In My Podcatcher 1 Hacker Public Radio

I listen to many podcasts as my primary form of audio entertainment, and because Hacker Public Radio listeners also tend to be podcast listeners (pretty much by definition) I am sharing my finds with the community. Besides, Ken made me do it. Links:


eBay Drops PayPal As First Choice For Payments SoylentNews

Arthur T Knackerbracket has found the following story:

People buying items on eBay will be able to pay without leaving its website, and sellers will have lower processing costs, the online giant said in a blog post.

EBay has signed an agreement with Dutch firm Adyen to process payments, but buyers will still be able to use PayPal on the site until at least 2020.

PayPal was spun off from eBay in 2015.

Original Submission

Read more of this story at SoylentNews.




Silicon Valley group considering BuzzFeed News investment: report The Hill: Technology Policy

Laurene Powell Jobss Emerson Collective is reportedly in talks to purchase a stake in BuzzFeed News,  which would increase her holdings in the media industry, reports the Financial Times.Jobs, the widow of former Apple Inc. chairman and CEO...


[$] Mixed-criticality support in seL4

Linux tries to be useful for a wide variety of use cases, but there are some situations where it may not be appropriate; safety-critical deployments with tight timing constraints would be near the top of the list for many people. On the other hand, systems that can run safety-critical code in a provably correct manner tend to be restricted in functionality and often have to be dedicated to a single task. In a 2018 talk, Gernot Heiser presented work that is being done with the seL4 microkernel system to safely support complex systems in a provably safe manner.


Oracle DAX Driver Landing In Linux 4.16 For SPARC Co-Processor Phoronix

After sending in the many networking subsystem updates yesterday, veteran kernel developer David Miller today sent in the SPARC architecture updates for Linux 4.16 that includes a new Oracle DAX driver...


Bill Gates Donates $40 Million for Genetic Research on Cows SoylentNews

Bill Gates has donated $40 million to Scottish researchers trying to create a cow that can thrive in hotter conditions, such as those in Africa:

Tweaking genes could be one way of increasing the hardiness of some livestock breeds. By isolating desirable genetics traits from European and African cow breeds, geneticists hope to design a cow that produces high quantities of milk and is also able to withstand exceptionally high temperatures.

An Edinburgh-based nonprofit, GALVmed (Global Alliance for Livestock Veterinary Medicines) just received $40 million from Bill Gates to conduct genetic research with this aim in mind. "You can have a cow that is four times as productive with the same survivability," Gates told the Times.

The philanthropist told the BBC that he was investing in the nonprofit's research because "there is great [...] understanding here of both animal diseases and how we can treat it, and how we enhance the genetics so that you can get, say the same type of milk or egg productivity that we have in the U.K."

Related: Bill Gates Commits $100 Million to Alzheimer's Research
Bill Gates Invests $80 Million in Arizona "Smart City"
Bill Gates Looks to Immunotherapy to Help Control All Infectious Diseases

Original Submission

Read more of this story at SoylentNews.


Missouri governor fighting lawsuit over disappearing messages app The Hill: Technology Policy

Missouri Governor Eric Greitens is defending his and his staff's use of Confide, a messaging app that automatically deletes text messages after they're viewed by the recipient.The governor says that preventing him from using the app...


Too Much to Cover Up at the EPO, the UN, and UN Agencies Techrights

Cash cows to their host countries, so infringements of human rights are brushed aside

US Constitution

Summary: The post-Constitution, post-financial transparency, post-human rights phase thats sweeping across the EPO (and the UN) gives room for concern

THE EPO and USPTO coverage from Managing IP has always been biased. Probably intentionally and by design. They know what their target audience wishes to believe and that belief itself can lead to certain outcomes.

The week in IP by Guest author was published earlier today and spoke of German organisations support for dismissing a UPC complaint, basically alluding to the patent microcosm. At Managing IP, as usual, the vast majority of the text is behind a paywall, so only the patent microcosm can see it and likely wont scrutinise it (preaching to the choir again). Whatever

Meanwhile, theres this couple of new pages [1, 2] about a former judge at the German Federal Constitutional Court (FCC). He doesnt think the UPC should even get off the ground and as someone put it earlier today or last night at IP Kat comments:

A speech and an article by Prof. Dr. Siegfried Bro, former judge at the German Federal Constitutional Court of Karlsruhe.

Both documents also deal with the employment situation of staff members of international organisations. They are a available in English and in German.

The speech: European Patent Convention, Unified Patent Court and the German Basic Law

The article: The modern constitutional state becomes a farce



South Korea Warns of Flash Zero-Day flaw exploited by North Korea in surgical attacks Security Affairs

South Koreas Internet & Security Agency (KISA) is warning of a Flash zero-day vulnerability that has reportedly been exploited in attacks by North Koreas hackers.

The zero-day vulnerability could be exploited by an attack by tricking victims into opening a document, web page or email containing a specially crafted Flash file.

A zero-day vulnerability has been found in Adobe Flash Player. An attacker may be able to convince a user to open a Microsoft Office document, web page, or spam mail containing a Flash file, reads the advisory published by the Korean CERT.

According to the researcher Simon Choi the Flash Player zero-day has been exploited by North Korea since mid-November 2017. The attackers exploited the zero-day vulnerability in attacks aimed at South Korean individuals involved in research activity on North Korea.

Hackers exploited the vulnerability to deliver a malware, in the image shared by Choi on Twitter shows that the exploit has been delivered via malicious Microsoft Excel files.

According to Adobe, the flaw is a critical use-after-free that allows remote code execution that received the code CVE-2018-4878.

The zero-day has been exploited in limited, surgical attacks against Windows users, Adobe plans to release a security update for the next week.

A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system. reads the security advisory published by Adobe.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed...


Synchronized Galactic Orbit Challenges Our Best Theory of How the Universe Works Lifeboat News: The Blog

Scientists thought the Milky Way and Andromeda galaxies were unique: Theyve got rings of smaller dwarf galaxies orbiting in what seems to be a synchronized fashion. But when a team of scientists recently looked at another galaxy, they realized it also seemed to shepherd a flock of dwarfs in a strange, synchronized dance. Thats not supposed to happen.

An international team of four researchers noticed the behavior in the elliptical Centaurus A galaxy, 30 million light years away from our own Milky Way. Dwarf galaxies should travel randomly around their parent, based on the standard theory of how galaxies form. Seeing yet another galaxy with this strange behavior is highly unlikely, and calls into question the very model that scientists use to understand structure in our universe.

Sure, you would expect to find one galaxy with this behavior, study author Oliver Mller from the University of Basel in Switzerland told Gizmodo. But two or three is startling.


3D printing of living cells Lifeboat News: The Blog

Using a new technique they call in-air microfluidics, University of Twente scientists succeed in printing 3D structures with living cells. This special technique enable the fast and on-the-fly production of micro building blocks that are viable and can be used for repairing damaged tissue, for example. The work is presented in Science Advances.

Microfluidics is all about manipulating tiny drops of with sizes between a micrometer and a millimeter. Most often, chips with tiny fluidic channels, reactors and other components are used for this: lab-on-a-chip systems. Although these chips offer a broad range of possibilities, in producing emulsions for exampledroplets carrying another substance the speed at which droplets leave the chip is typically in the microliter per minute range. For clinical and industrial applications, this is not fast enough: filling a volume of a cubic centimeter would take about 1000 minutes or 17 hours. The technique that is presented now, does this in a couple of minutes.


Cancer vaccine eradicates tumors in mice, holds promise in humans Lifeboat News: The Blog

Summary: Activating T cells in tumors destroyed most traces of cancer in mice, and had amazing, bodywide effects, Stanford University researchers reported. The researchers are recruiting lymphoma patients to test the approach in a clinical trial. [This article first appeared on the website Author: Brady Hartman. ]

Researchers at the Stanford University School of Medicine used two novel agents to activate immune system T cells in tumors. The immune-boosting treatment destroyed most traces of cancer in mice the researchers reported in a study published on Jan. 31 in the journal Science Translational Medicine.

Injecting tiny amounts of two immune-stimulating agents directly into solid tumors in mice can eradicate all traces of cancer in the rodents, including distant metastases, the researchers found. The novel approach works for many different types of cancers, including tumors that arise spontaneously, the new study found.


DigitalOcean Droplets starting @ $5/mo + $15 free credit! Low End Box

Our good friend Jarland over at DigitalOcean shot us an email with an offer for the community that has been lurking around for a bit but we figured wouldnt hurt to post it up and include their latest plan for $5/mo! They were last featured in 2012 and are back with some goodies for our readers here!

In their own words:
Weve recently expanded our offerings and changed up some of our price to resource model. Weve always had a lot of customers coming in from LowEndBox and we love you guys! Thanks for growing with us and being great friends along the way!

They offer PayPal and Credit Cards as payment methods. Please see the ToS and Privacy Policy for further information before ordering.

***Promo code lowendbox for $15 credit (cannot be stacked with other promo codes, be aware that referral link adds a $10 promo code)***

1GB Plan
  • 1GB RAM
  • 1 vCPU
  • 25GB SSD Space
  • 1TB Bandwidth
  • 1 x IPv4 (Also offer IPv6)
  • KVM
  • $5/m or $0.007/hr
  • Order here
2GB Plan
  • 2GB RAM
  • 1 vCPU
  • 50GB SSD
  • 2TB Bandwidth
  • 1 x IPv4 (Also offer IPv6)
  • KVM
  • $10/m or $0.015/hr
  • Order here

They have stated that all of their host nodes are powered by enterprise grade hardware including Intel CPUs and blazing fast SSDs!

Locations & Test Information

New York City Speedtest
San Francisco Speedtest
Toronto Speedtest
Amsterdam Speedtest
Singapore Speedtest
London Speedtest
France Speedtest
Bangalore Speedtest

Please let us know if you guys have any q...


Google parent company brought in $100 billion in 2017 The Hill: Technology Policy

Google parent Alphabet had a record year in 2017, raking in more than $100 billion for the first time.Alphabet brought in $32.3 billion in revenue in the last three months of 2017, pushing its total for the year to $110 billion. Google accounted for...


Patent Sharks Hope to Regain Control of the US Patent System With Iancu Appointment Likely Just 4 Days Away Techrights

Big shark

Summary: The campaign to dethrone Michelle Lee and replace her with someone like Andrei Iancu is almost complete; the objective is to turn the USPTO (US patent office) into a trolls-friendly and PTAB-hostile place

THE USPTO has been headless since Michelle Lee got bullied out (like Ms. Brimelow at the EPO). Her colleague was thereafter the PTO Director (in the interim). He too got mobbed/bullied at times, but not to the same degree. The patent microcosm was eager to replace him with one of its own.

The patent microcosm was eager to replace him with one of its own.Here is a reminder of why the PTO does not need a person like Andrei Iancu but a technical person. Will they get that? How about Drew Hirshfeld? Do not listen to Koch-funded scholars like Adam Mossoff, who are still pushing for maximalism this week (Heres just one of many examples of how small biz & individuals need stable & effective #IP protections, contrary to the rhetoric that IP hurts new creators, startups & small biz.) because their aim is to prop up the litigation business and patent trolls. And speaking of which, Watchtroll followed IBMs patent chief Manny Schecter (close to Watchtroll) in noting, based on this publication, that Senate Schedules Andrei Iancu Confirmation Vote for February 5; Schecter tweeted: Says here that the full Senate will take up confirmation of Andrei Iancu as US Patent & Trademark Office Director on Monday, February 5 (EXECUTIVE CALENDAR).

These people would love to see a patent microcosm person like Iancu in charge of the PTO. They lobbied towards that.

And lobbying being noted, watch what...


Debating Slaughterbots and the Future of Autonomous Weapons IEEE Spectrum Recent Content full text

People can look at the same technology and disagree about how it will shape the future, explains Paul Scharre as he shares a final perspective on the Slaughterbots debate Image: Slaughterbots/YouTube In "Slaughterbots," a video produced by the Future of Life Institute, AI-powered micro-drones are built en masse and used to kill thousands of people around the world.

Stuart Russell, Anthony Aguirre, Ariel Conn, and Max Tegmark recently wrote a response to my critique of their Slaughterbots video on autonomous weapons. I am grateful for their thoughtful article. I think this kind of dialogue can be incredibly helpful in illuminating points of disagreement on various issues, and I welcome the exchange. I think it is particularly important to have a cross-disciplinary dialogue on autonomous weapons that includes roboticists, AI scientists, engineers, ethicists, lawyers, human rights advocates, military professionals, political scientists, and other perspectives because this issue touches so many disciplines.

I appreciate their thorough, point-by-point reply. My intent in this response is not to argue with them, but rather to illuminate for readers points of disagreement. I think it is important and meaningful that different people who look at the same technology and agree on what is technologically feasible will still have major disagreements about how that technology is likely to play out. These disagreements have as much to do with sociology, politics, and how human institutions react to technology as they do science and engineering.

I see the central point of disagreement as an issue of scale. There is no question that autonomy allows an increase in scale of attacks. In just the past few weeks, we have seen multiple non-state actors launch saturation attacks with drones. These include 13 homemade aerial drones launched against a Russian air base in Syria and three remote-controlled boats used to attack...


Red Hat Tries CoreOS On For Size And Buys SoylentNews

Enterprise Linux biz Red Hat on Tuesday said it has reached an agreement to acquire CoreOS, a maker of open source container software, for $250 million.

Kubernetes, for those who have managed to avoid it, is a Google-spawned open source project that has become more or less the standard for orchestrating the deployment and oversight of large numbers of software-based containers.

The elder open source software biz sees the younger firm's technology helping it automate and simplify its OpenShift container app platform, as well as improving its security and application portability in hybrid cloud environments.

Red Hat says it will provide more details about how CoreOS products will be handled in the months ahead. It characterizes them as complementary to its own wares, althugh its plans may involve "integrating products and migrating customers to any combined offerings" at some later date.

[...] Forrester analyst Dave Bartoletti told The Register that he thinks the deal is great news for CoreOS and for the Kubernetes market in general.

"I don't think the industry needed another Kubernetes-based container automation platform," he said, in reference to Tectonic. "Now that every major cloud development platform provider offers managed Kubernetes, how was CoreOS going to monetize its own?"

Bartoletti said Red Hat has already demonstrated that it can make money off open source and made the shift to Kubernetes three years ago.

"I expect Polvi and team will mainly continue to do what they already do well: contribute to and set the direction of the major open source technologies that will power the next generation of container-based apps a market that's set to double in the next 18 months," he said.

Original Submission

Read more of this story at SoylentNews.


Repairs You Can Print: Fixing a Chewed Up Remote Hackaday

What is it about remote controls? Theyre like some vortex of household chaos, burrowing into couch cushions while accusations fly about who used it last. Or they land in just the right spot on the floor to be stepped on during a trip to the bathroom. And dont get us started about the fragility of their battery case covers; its a rare remote in a house with kids whose batteries arent held in by strips of packing tape.

But [Alex Rich]s Bose radio remote discovered another failure mode: imitating a dog chew toy. Rather than fork out $90 for a replacement, [Alex] undertook a 3D-printed case to repair the chewed remote. He put an impressive amount of reverse engineering into the replacement case, probably expending much more than $90 worth of effort. But its the principle of the thing, plus he wanted to support some special modifications to the stock remote. One was a hardware power switch to disconnect the batteries entirely, hidden in the bottom shell of the case. The second was the addition of a link to his thermostat to adjust the volume automatically when the AC comes on. That required a Trinket inside the remote and a few mods to make room for it.

Yes, this project dates from a few years back, but [Alex] only just brought it to our attention for the Repairs You Can Print contest. Got some special unobtanium part that you were able to print to get out of a jam? Enter and win prizes to add to the glory of fixing something yourself.


Healthcare IT Systems: Tempting Targets for Ransomware IEEE Spectrum Recent Content full text

Allscripts and Indiana hospitals were the most recent targets Photo: iStockphoto

Well, theres no use in waiting, I suppose. Two Thursdays ago, Chicago-based electronic health records provider Allscripts Healthcare Solutions suffered a ransomware attack that paralyzed some of its services. This past Friday, the company announced it had completely recovered from the cyberattack. But not before a class action lawsuit [pdf] was filed against it by an orthopedic non-surgery practice for failing to secure its systems and data from a well-known cybersecurity threat, i.e., a strain of SamSam.

The ransomware attack impaired Allscripts data centers in Raleigh and Charlotte, North Carolina, affecting a number of applications, such as its Professional EHR and Electronic Prescriptions for Controlled Substances (EPCS) hosted services, which were mostly restored within five days, according to the company. Other services, like clinical decision support, analytics, data extraction, and regulatory reporting, took the longest to make operational again.

Allscripts tried to play down the impact of the loss of services, saying that only about 1,500 out of the 45,000 physician practices it serves were impacted; none were hospitals or large independent physician practices; and no patient data was taken.

How Not to Keep Clients

Needless to say, Allscripts statement, as well as a lack of immediately available information angered those small physician practices that were greatly disrupted by the attack. From their perspective, it seemed as though Allscripts didnt think their problems were very important. Many physician practices...


Appeals Court Throws Out $25 Million Piracy Verdict Against Cox, Doesnt Reinstate Safe Harbor TorrentFreak

December 2015, a Virginia federal jury ruled that Internet provider Cox Communications was responsible for the copyright infringements of its subscribers.

The ISP was found guilty of willful contributory copyright infringement and ordered to pay music publisher BMG Rights Management $25 million in damages.

Cox swiftly filed its appeal arguing that the District Court made several errors in the jury instructions. In addition, it asked for a clarification of the term repeat infringer in its favor.

Today the Court of Appeals for the Fourth Circuit ruled on the matter in a mixed decision which could have great consequences.

The Court ruled that the District Court indeed made a mistake in its jury instruction. Specifically, it said that the ISP could be found liable for contributory infringement if it knew or should have known of such infringing activity. The Court of Appeals agrees that based on the law, the should have known standard is too low.

When this is the case the appeals court can call for a new trial, and that is exactly what it did. This means that the $25 million verdict is off the table, and the same is true for the millions in attorneys fees and costs BMG was previously granted.

Its not all good news for Cox though. The most crucial matter in the case is whether Cox has safe harbor protection under the DMCA. In order to qualify, the company is required to terminate accounts of repeat infringers, when appropriate.

Cox argued that subscribers can only be seen as repeat infringers if theyve been previously adjudicated in court, not if they merely received several takedown notices. This was still an open question, as the term repeat infringer is not clearly defined in the DMCA.

Today, however, the appeals court is pretty clear on the matter. According to Judge Motzs opinion, shared by HWR, the language of the DMCA suggests that the term infringer is not limited to adjudicated infringers.

This is supported by legislative history as the House Commerce and Senate Judiciary Committee Reports both explained that those who repeatedly or flagrantly abuse their access to the Internet through disrespect for the intellectual property rights of others should know that there is a realistic threat of losing that access.

The passage does not suggest that they should risk losing Internet access only once they ha...


Researchers showcase automated cyber threat anticipation system Help Net Security

A group of researchers is trying to develop an automatic early warning system that should help defenders take preventative action before specific cyber attacks start unfolding. How does their system work? Their approach leverages the fact that preparation of cyber attacks often occurs in plain sight, discussed on online platforms and publicly accessible discussion forums. The system monitors social media feeds of a number of prominent security researchers, analysts, and white-hat hackers, scanning for posts More


EFF Has Just Warned That Depending on Outcomes of US Supreme Court Cases, US Could Have Most Notorious Patents in the World Techrights

The US Supreme Court has been pushing back against patent maximalism, but will it carry on?

US in the world

Summary: While patent extremists and patent maximalists salivate over the growth in number of US patents, it is becoming clear that many are farcical at best and we already know why that might be

THE SHEER NUMBER of USPTO-granted patents is insane (compare it to Europe for instance). Many patent maximalists have been raving in recent days that there will soon be 9-digit long patent numbers (over 10 million in total). We dont want to entertain this senseless pseudo-jingoism with links; they obviously think its some sort of score or a numbers game. We dont. Patents are monopolies and granting them must therefore be a process requiring great care.

Earlier today the EFF published Januarys Stupid Patent of the Month. Vera Ranieri argued it could effectively become stupid patents for the entire world. (the EFF ought to petition PTAB against such patents)

From the post:

For more than three years now, weve been highlighting weak patents in our Stupid Patent of the Month series. Often we highlight stupid patents that have recently been asserted, or ones that show how the U.S. patent system is broken. This month, were using a pretty silly patent in the U.S. to highlight that stupid U.S. patents may soondepending on the outcome of a current Supreme Court caseeffectively become stupid patents for the entire world.

Lenovo was granted U.S. Patent No. 9,875,007 [PDF] this week. The patent, entitled Devices and Methods to Receive Input at a First Device and Present Output in Response on a Second Device Different from the First Device, relates to presenting materials on different screens.

We have been writing about some other awful patents. Many were equally bad. The Supreme Court, we still hope, will tackle design patents [1,...


Flex & Bison Are Now Needed To Build The Linux Kernel; Linux 4.16 Can Also Be Snap'ed Phoronix

Building the kernel beginning with Linux 4.16 now requires two more dependencies: Bison and Flex...


GNU Spotlight with Brandon Invergo: 18 new GNU releases! FSF blogs

For announcements of most new GNU releases, subscribe to the info-gnu mailing list:

To download: nearly all GNU software is available from, or preferably one of its mirrors from You can use the URL to be automatically redirected to a (hopefully) nearby and up-to-date mirror.

A number of GNU packages, as well as the GNU operating system as a whole, are looking for maintainers and other assistance: please see if you'd like to help. The general page on how to help GNU is at

If you have a working or partly working program that you'd like to offer to the GNU project as a GNU package, see

As always, please feel free to write to us at with any GNUish questions or suggestions for future installments.


Huang: Spectre/Meltdown Pits Transparency Against Liability

Here's a blog post from "bunnie" Huang on the tension between transparency and product liability around hardware flaws. "The open source community could use the Spectre/Meltdown crisis as an opportunity to reform the status quo. Instead of suing Intel for money, what if we sue Intel for documentation? If documentation and transparency have real value, then this is a chance to finally put that value in economic terms that Intel shareholders can understand. I propose a bargain somewhere along these lines: if Intel releases comprehensive microarchitectural hardware design specifications, microcode, firmware, and all software source code (e.g. for AMT/ME) so that the community can band together to hammer out any other security bugs hiding in their hardware, then Intel is absolved of any payouts related to the Spectre/Meltdown exploits."



Getting Ahead with Compact Models IEEE Spectrum Recent Content full text

Discover how to use Compact Models in the Transmission-Line Matrix (TLM) solver to speed up the electromagnetic simulation of models with small features like slots, seams and vents while maintaining the accuracy of the result, a capability particularly useful for EMC simulation

This eSeminar will explore how to use Compact Models in the CST STUDIO SUITE Transmission-Line Matrix (TLM) solver to speed up the simulation of models with small features like slots, seams and vents, and composite materials like layered carbon fiber. These small features play a crucial role, especially in electromagnetic compatibility (EMC) simulation. Compact Models allow the simulation to run faster while maintaining the accuracy of the result, which provides an immense advantage over a fully detailed 3D model.



Travel in Style on an Electric Air Sled Hackaday

What do you do during the winter months in Ohio? Sledding of course! Sledding normally takes place on hills, but [Peter Sripol] is no slave to the terrain. Hes built an air sled to conquer the barren wastelands of unplowed parking lots. Air sleds arent as outlandish as you might think the Soviet Union had decades of success with them.

The project starts with toboggan style plastic sled. [Peter] built a frame into the plastic using an aluminum square. The frame is used to support a motor pod at the back of the sled. The motor, of course, comes from his DIY electric plane project. Dont worry [Peter] didnt cannibalize his plane. The planes motors are being upgraded, and this is one of the originals.

The motor itself is quite a beast. Its a 150cc equivalent brushless outrunner motor from HobbyKing. Its not cheap either at around $450 USD.  The motor is controlled by an equally beefy brushless controller wired into a standard R/C car receiver. A pistol grip transmitter makes a great wireless throttle for the system.

Steering is a much more mechanical affair. The sleds rudder is controlled much like that of an airplane. A steel cable pull-pull system is connected to a stick mounted in front of the pilot. The unreinforced styrofoam rudder turned out to be a weak point in the build check out the video after the break to see the full story.


Christine Peterson: How I Coined the Term 'Open Source' SoylentNews

Submitted via IRC for TheMightyBuzzard

Christine Peterson finally publishes her account of the day that the term "open source software" was coined, 20 years ago.

In a few days, on February 3, the 20th anniversary of the introduction of the term "open source software" is upon us. As open source software grows in popularity and powers some of the most robust and important innovations of our time, we reflect on its rise to prominence.

I am the originator of the term "open source software" and came up with it while executive director at Foresight Institute. Not a software developer like the rest, I thank Linux programmer Todd Anderson for supporting the term and proposing it to the group.

This is my account of how I came up with it, how it was proposed, and the subsequent reactions. Of course, there are a number of accounts of the coining of the term, for example by Eric Raymond and Richard Stallman, yet this is mine, written on January 2, 2006.

The article is not going to change the world, but it is an interesting piece of history that many in our community will find interesting.


Original Submission

Read more of this story at SoylentNews.


Google booted 100,000 malicious developers from Google Play Help Net Security

New malware and unwanted apps are discovered on Google Play nearly every day or so it seems. According to Googles statistics, in 2017 the company has taken down more than 700,000 apps that violated the Google Play policies: copycat apps, apps showing inappropriate content, and outright malware (apps that conduct SMS fraud, act as trojans, or phishing users information). The number might seem small to some and significant to others, but it is definitely More


Cloudflare is Liable For Pirate Sites & Has No Safe Harbor, Publisher Says TorrentFreak

As one of the leading CDN and DDoS protection services, Cloudflare is used by millions of websites across the globe.

This includes thousands of pirate sites, including the likes of The Pirate Bay, which rely on the U.S.-based company to keep server loads down.

Many rightsholders have complained about Cloudflares involvement with these sites and last year adult entertainment publisher ALS Scan took it a step further by dragging the company to court.

ALS accused the CDN service of various types of copyright and trademark infringement, noting that several customers used the Cloudflares servers to distribute pirated content. While Cloudflare managed to have several counts dismissed, the accusation of contributory copyright infringement remains.

An upcoming trial could determine whether Cloudflare is liable or not, but ALS believes that this isnt needed. This week, the publisher filed a request for partial summary judgment, asking the court to rule over the matter in advance of a trial.

The evidence is undisputed, ALS writes. Cloudflare materially assists website operators in reproduction, distribution and display of copyrighted works, including infringing copies of ALS works. Cloudflare also masks information about pirate sites and their hosts.

ALS anticipates that Cloudflare may argue that the company or its clients are protected by the DMCAs safe harbor provision, but contests this claim. The publisher notes that none of the customers registered the required paperwork at the US Copyright Office.

Cloudflare may say that the Cloudflare Customer Sites are themselves service providers entitled to DMCA protections, however, none have qualified for safe harbors by submitting the required notices to the US Copyright Office.

Cloudflare itself has no safe harbor protection either, they argue, because it operates differently than a service provider as defined in the DMCA. Its a smart system which also modifies content, instead of a dumb pipe, they claim.

In addition, the CDN provider is accused of failing to implement a reasonable policy that will terminate repeat offenders.

Cloudflare has no available safe harbors. Even if any safe harbors apply, Cloudflare has lost such safe harbors for failure to adopt and reasonably implement a policy including termination of repeat infringers, ALS writes.

Previously, the court clarified that under U.S. law the company can be held liable for caching content of copyright infringing websites. Cloudflares infrastructure-level caching cannot be seen as fair use, it rul...


What If GPS Stood for Galactic Positioning System? IEEE Spectrum Recent Content full text

NASA scientists demonstrate how to navigate in space using signals from distant pulsars Illustration: NASA

At the American Astronomical Societys 231st meeting, in Washington, D.C. earlier this month, Keith Gendreau, principal investigator for NASAs Neutron-star Interior Composition Explorer (NICER) mission described something remarkable: the first successful demonstration of a system to use pulsars for navigation in space.

The basic idea is similar to what is done with the Global Positioning System (GPS) or other global satellite navigation systems. When you use GPS to find your way to Starbucks, you are depending on transmissions from an array of satellites whose positions are precisely known. The timing of the signals you measure can thus be used to deduce the position of the receiver. That works only if the receiver is on Earth or near Earth, however. If you wanted to visit a Starbucks in deep space, you have to find it by some other means.

Right now, deep-space navigation mostly depends on using radio signals sent from Earth to the distant space probesignals that must be sent with giant antennas. The probe responds by sending a signal back. So its not hard to figure out rangeoverall distancewith good precision from how long a signal traveling at the speed of light takes to get to the probe and back. But angles are tougher to nail down. As a result, such position fixes degrade as you move away from Earth. Indeed, for critical operations, like insertion into orbit at the distances beyond Jupiter, space navigation done this way is especially challenging.

How then can spacecraft traveling far from Earth navigate precisely through the heavens? One possibility is to use pulsars as natural GPS beacons of a sort. To understand how that would work, though, you first need to know a little something about puslars.

The first pulsar was discovered in 1967, when radio astronomers Jocelyn Bell Burnell and Antony Hewish, using a radio telescope that they had cobbled together at the University of Cambridge, detected oddly regular pulses coming from a distant celestial object. Initially, they dubbed the signal LGM-1, an acronym that stood for Little Green Men. While they didnt seriously believe they had uncovered signals from intelligent extraterrestrials, they were at a loss to otherwise explain the phenomenon.

Soon afterward, other pulsar signals were found, and a model emerged for how these pulsating radio signals might arise naturally.

Pulsars appear to be neutron stars with s...


Working, Beating Hearts Will Soon Be 3D-Printed From Patients Own Cells Lifeboat News: The Blog

Heart cells grown in a lab and assembled in the shape of the organ will eventually start beating in unisonand create a heart for a patient that has a higher chance of success in a transplant than one from another human.


Google parent company in talks to build tech hub in Saudi Arabia: report The Hill: Technology Policy

Google parent company Alphabet is in talks with Aramco, the Saudi-owned oil company, to build a tech hub in Saudi Arabia, The Wall Street Journal reported on Thursday.The two companies are exploring building data centers around the kingdom,...


WannaMine, the sophisticated crypto miner that spreads via NSA EternalBlue exploit Security Affairs

Researchers from security firm CrowdStrike spotted a new Monero crypto-mining worm dubbed WannaMine that spreads leveraging the NSA-linked EternalBlue exploit.

This morning I wrote about the Smominru botnet that used NSA exploit to infect more than 526,000 systems, and I explained that other threat actors are using similar techniques to mine cryptocurrency.

This is the case of a strain of the Monero crypto-mining worm dubbed WannaMine that spreads leveraging the EternalBlue exploit.

ETERNALBLUE is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack, it targets the SMBv1 protocol and has become widely adopted in the community of malware developers.

In June, following the WannaCry attacks experts discovered that there were at least other 3 different groups have been leveraging the NSA EternalBlue exploit,

Back to the present, WannaMine was developed to mine the Monero cryptocurrency abusing victims resources. According to security researchers at CrowdStrike, the malicious code is very sophisticated, it implements a spreading mechanism and persistence model similar to those used by state-sponsored APT groups.

CrowdStrike has recently seen several cases where mining has impacted business operations, rendering some companies unable to operate for days and weeks at a time. The tools have caused systems and applications to crash due to such high CPU utilization speeds. reads the analysis published by CrowdStrike. 

CrowdStrike has observed more sophisticated capabilities built into a cryptomining worm dubbed WannaMine. This tool leverages persistence mechanisms and propagation techniques similar to those used by nation-state actors, demonstrating a trend highlighted in the recent CrowdStrike Cyber Intrusion Services Casebook 2017, which states that contemporary attacks continue to blur the lines between nation-state and eCrime tactics.

WannaMine is a fileless that was first reported by researchers at...


A Thrift Store Sold Australia's Classified Documents. SoylentNews

Filing cabinets containing thousands of classified documents from the Australian government ended up being sold at a secondhand shop, prompting government officials Wednesday to launch an investigation into how the highly sensitive documents were disposed of.

The cache of documents was obtained by the Australian Broadcasting Corporation, which reported the two cabinets were sold by a Canberra furniture shop at a discount price because they were locked and no one could find keys."

Nearly all the files are classified, some as "top secret" or "AUSTEO", which means they are to be seen by Australian eyes only.

But the ex-government furniture sale was not limited to Australians anyone could make a purchase. And had they been inclined, there was nothing stopping them handing the contents to a foreign agent or government.

Original Submission

Read more of this story at SoylentNews.


How to install Skype application on Linux nixCraft

How do I install Skype app on Linux to make telephone calls or stay in touch with friends and family? Skype application make telephone calls over the Internet. It works on Windows, Linux, macOS and mobile phone operating systems. Calls are cheaper due to use of VoIP (voice over IP). Every Skype user has a Continue reading "How to install Skype application on Linux"

The post How to install Skype application on Linux appeared first on nixCraft.


Mechanisms: The Screw Thread Hackaday

They hold together everything from the most delicate watch to the largest bridge. The world is literally kept from coming apart by screws and bolts, and yet we dont often give a thought to these mechanisms. Part of that is probably because weve gotten so good at making them that theyre seen as cheap commodities, but the physics and engineering behind the screw thread is interesting stuff.

We all likely remember an early science lesson wherein the basic building blocks of all mechanisms laid out. The simple machines are mechanisms that use an applied force to do work, such as the inclined plane, the lever, and the pulley. For instance, an inclined plane, in the form of a splitting wedge, directs the force of blows against its flat face into a chunk of wood, forcing the wood apart.

Screw threads are another simple machine, and can be thought of as a long, gently sloped inclined plane wrapped around a cylinder. Cut a long right triangle out of paper, wrap it around a pencil starting at the big end, and the hypotenuse forms a helical ramp that looks just like a thread. Of course, for a screw thread to do any work, it has to project out more than the thickness of a piece of paper, and the shape of the projection determines the mechanical properties of the screw.

Thread Profiles



Linux 4.16 Is Off To A Busy Start With Big New Features Phoronix

We are less than half-way into the Linux 4.16 kernel merge window and it's already proven to be a very busy cycle with significant additions to the Linux code-base...


AutoSploit: Automated mass exploitation of remote hosts using Shodan and Metasploit Help Net Security

A cyber security enthusiast that goes by VectorSEC on Twitter has published AutoSploit, a Python-based tool that takes advantage of Shodan and Metasploit modules to automate mass exploitation of remote hosts. Targets are collected automatically as well by employing the API. The program allows the user to enter their platform specific search query such as; Apache,IIS, etc, upon which a list of candidates will be retrieved, the tools creator explained. After this operation has More


Friday Free Software Directory IRC meetup: February 2nd starting at 12:00 p.m. EST/17:00 UTC FSF blogs

Help improve the Free Software Directory by adding new entries and updating existing ones. Every Friday we meet on IRC in the #fsf channel on

When a user comes to the Directory, they know that everything in it is free software, has only free dependencies, and runs on a free OS. With over 16,000 entries, it is a massive repository of information about free software.

While the Directory has been and continues to be a great resource to the world for many years now, it has the potential to be a resource of even greater value. But it needs your help! And since it's a MediaWiki instance, it's easy for anyone to edit and contribute to the Directory.

This week we're back to growing the Directory even larger with new entries. There's still so much free software out there that isn't listed that even with the 16,000 entries we already have, there's a long ways to go. We'll also be scouting for a team captain to take the lead on the Directory import project, which, once completed, will really boost the total number of listed packages.

If you are eager to help, and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today! There are also weekly Directory Meeting pages that everyone is welcome to contribute to before, during, and after each meeting.


Samsung is working on producing cryptocurrency mining chips HackRead

By Uzair Amir

Samsung cryptocurrency mining chips called application-specific integrated circuits (ASICs) will

This is a post from Read the original post: Samsung is working on producing cryptocurrency mining chips


Muon g-2 Anomaly Gone? Not Even Wrong

I just learned some interesting news from Tommaso Dorigos blog. Go there for more details, but the news is the claim in these three papers that, accounting for GR effects on the precision measurement of the muon anomalous magnetic moment, the three sigma difference between experiment and theory goes away.

This sort of calculation needs to be checked by other experts in the field, and provides an excellent example of where you want good peer review. Presumably well hear fairly soon whether the result holds up (the papers are not long or complicated). If this is right, its a fantastic example of our understanding of fundamental physics at work, with the muon g-2 experiments measuring something they werent even looking for, a subtle effect of general relativity.

Also interesting will be the implications for the ongoing experiment at Fermilab trying to achieve an even more precise g-2 measurement. Im wondering whether there is any way for them to isolate the GR effect on their measurement.

The significance of this is that (setting aside questions about the neutrino sector), the muon g-2 measurement is the most prominent one Im aware of where there has been a serious (three sigma) difference between experiment and Standard Model theory. This has often been interpreted as evidence for SUSY extensions of the SM. Projects producing fits that predict SUSY particles with masses somewhat too high to have been seen yet at the LHC use the g-2 anomaly as input. Tommaso ends by asking what happens to these fits if the g-2 anomaly goes away.

Update: For some recent things to read about the g-2 anomaly, before this latest news, see here and here.

Update: Rumor about a problem with this calculation here.


Men and Women Have Very Different Opinions on Automated Cars SoylentNews

A very small survey of people of different ages suggests that there are age and gender differences in the acceptance of riding in auotmated cars. In summary, 2,600 people in the US replied and of them 38% of the men and just 16% of women would be happy to ride in an automated vehicle. About a quarter of respondents said they would feel safe in a driverless car while around two thirds said they would not travel unless there was a driver. No mention was made about their opinions of sharing the road with these massive projectiles when driving themselves in traditional cars.

Source : Driverless cars: Men and women have very different opinions on letting go of the wheel

Original Submission

Read more of this story at SoylentNews.


Twitter Celebration of Scientist Hacks For Lab And Field Hackaday

If you like reading about scientists creatively using household objects for their work, you will enjoy browsing Twitter hashtag #reviewforscience where scientists are sharing stories of repurposing everyday things for their lab and field.

Research papers focus on the scientific hypothesis and the results of testing it. It is very common for such papers to leave out details of tools and techniques as irrelevant. (A solid scientific conclusion should be reproducible no matter what tools and techniques are used.) This sadly meant much of scientists ingenuity never see light.

We can thank Amazon user [John Birch] for this event. His son wished to study how ants from different colonies interact. In order to observe how these groups of ants react to each other while still keeping the populations separate, he wanted to keep one group of ants inside a tea strainer. He posted this technique as a review on the tea strainers Amazon product page, where it caught the attention of @RobynJWomack and started spreading, taking off when @DaniRabaiotti suggested the tag #reviewforscience.

Sadly, it appears our original scientist (who posted under his dads Amazon account) did not succeed with the tea strainer technique. But he has succeeded in drawing attention to creativity in science worldwide, as well as making his dad internet famous.

We love lab hacks here. For scientists who wish there was a place to document their creative lab hacks, might we suggest

[via Washington Post]


Spectre & Meltdown Defined January 2018 Phoronix

A majority of last month was spent looking at and testing/benchmarking the Linux code to mitigate the much talked about Spectre and Meltdown CPU vulnerabilities...


3 of 5 Fortune 500 companies vulnerable due to ManageEngine flaws HackRead

By Waqas

Hackers can exploit security flaws in ManageEngine software to gain administrator type control

This is a post from Read the original post: 3 of 5 Fortune 500 companies vulnerable due to ManageEngine flaws


Altered Carbon Premiere Viewing Party/Meet Aubrey De Grey Lifeboat News: The Blog

We are pleased to announce a special event in San Francisco on Friday, February 2, 2018, 7:00 PM 11:00 PM PST the opportunity to meet Dr. Aubrey de Grey from the SENS Foundation who will also be attending. This is a special screening of Altered Carbon, a new science fiction series coming to Netflix and based on the superb book by Richard Morgan.


Security updates for Thursday

Security updates have been issued by Debian (chromium-browser, krb5, and smarty3), Fedora (firefox, GraphicsMagick, and moodle), Mageia (rsync), openSUSE (bind, chromium, freeimage, gd, GraphicsMagick, libtasn1, libvirt, nodejs6, php7, systemd, and webkit2gtk3), Red Hat (chromium-browser, systemd, and thunderbird), Scientific Linux (systemd), and Ubuntu (curl, firefox, and ruby2.3).


Senators call for FTC investigation into company selling fake Twitter followers The Hill: Technology Policy

Two senators are asking the Federal Trade Commission (FTC) to investigate a company that sells fake Twitter followers in the wake of a New York Times report that revealed that dozens of public figures purchased social media followings to...


Linux Foundation Training Surpasses One Million Served

Linux Foundation Training Surpasses One Million Served


WhatsApp Desktop app comes to the Microsoft Store TechWorm

WhatsApp Desktop now available for download as an app from the Microsoft Store

WhatsApp Messenger, currently one of the most popular messaging services for instant messaging, voice, and video calling, is used by over a billion users around the world.

The app includes features such as sharing files of various types, editing profile information, sending GIFs and Emojis, and viewing Status Updates. In addition, the app also supports push notifications so that you do not miss a message. However, the desktop app is missing a lot of features, such as video calls, which is available on the mobile app.

Currently, only people who have been selected for beta testing will be able to successfully access the account using their Facebook credentials. If you are not on the selected beta testers list, you will receive the 403: Forbidden error while attempting to login. In that case, you would need to wait for the application to be made publicly available in your country.

The post WhatsApp Desktop app comes to the Microsoft Store appeared first on TechWorm.


Stephen Walli, Principal Program Manager at Microsoft - Ask Him Anything - Linux - News

Have you ever wanted to ask someone who deeply understands and has participated in open source for a long time, has sold a company to Microsoft and is now a Principal Program Manager there, a frank question about related topics and get a straightforward answer? This is your chance.

This opportunity came about as a result of the latest episode of Bad Voltage. I suggest listening to the segment before asking, as your question may have already been answered.

Steph was one of the founders of Softway Systems, which was acquired by Microsoft in 1999. Their product was merged into Services for UNIX, and Steph spent the next five and a half years at Microsoft as a Product Unit Manager and then Business Development Manager. After a variety of roles elsewhere (Optaros, Outercurve, HP, Docker, and more), hes now back at Microsoft as a Principal Program Manager, working in the Azure team on various open source related initiatives. After co-presenting in episode 2x25 Steph has kindly agreed to do an AMA-style discussion here. With the current transition ongoing and a changing attitude toward open source at Microsoft, Im sure there are many questions. Please be civil.

Thanks, Steph!



Smominru! Half a million PCs hit by cryptomining botnet Graham Cluley

Smominru! Half a million PCs hit by cryptomining botnet

Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves?

Read more in my article on the Tripwire State of Security blog.


Purism Hopes To Default To GNOME On The Librem 5 Phone, But Still Supporting KDE Phoronix

Purism has been supporting both the GNOME and KDE projects with their mobile ambitions and looking to have both desktop environments feature their wares on the in-development Librem 5 smartphone. But as far as the default user experience/interface goes on the Librem 5, they are leaning towards GNOME...


The Hard-Learned Lessons of the Columbia Disaster Hackaday

On February 1st, 2003 at eighteen seconds past 9:00 AM Eastern Standard Time, the Space Shuttle Columbia broke up during atmospheric entry over Texas. Still traveling at approximately Mach 18.3, the disintegration of Columbia was complete and nearly instantaneous. According to the official accident investigation, the crew had at most one minute from realizing they were in a desperate situation to complete destruction of the spacecraft. Due to the design of the Space Shuttle, no contingency plan or emergency procedure could have saved the crew at this point in the mission: all seven crew members were lost in this tragedy.

While the Space Shuttle, officially known as the Space Transportation System (STS) would fly again after the Columbia disaster, even the programs most ardent supporters had to admit fundamental design of the Shuttle was flawed. Steps needed to be taken to ensure no future astronauts would be lost, and ultimately, the decision was made to retire the Shuttle fleet after primary construction of the International Space Station (ISS) was complete. There was simply too much invested in the ISS at this point to cancel the only spacecraft capable of helping to assemble it, so the STS had to continue despite the crushing loss of human life it had already incurred.



Using AI to Make Inferences From Our Digital Footprints SoylentNews

This psychologist's "gaydar" research makes us uncomfortable. That's the point.
Michal Kosinski used artificial intelligence to detect sexual orientation. Let him explain why.
By Brian Jan 29, 2018, 12:00pm EST

In September, Stanford researcher Michal Kosinski published a preprint of a paper that made an outlandish claim: The profile pictures we upload to social media and dating websites can be used to predict our sexual orientation.

Kosinski, a Polish psychologist who studies human behavior from the footprints we leave online, has a track record of eyebrow-raising results. In 2013, he co-authored a paper that found that people's Facebook "likes" could be used to predict personal characteristics like personality traits (a finding that reportedly inspired the conservative data firm Cambridge Analytica).

For the new paper, Kosinski built a program with his co-author Yilun Wang using a common artificial intelligence program to scan more than 30,000 photos uploaded to an unnamed dating site. The software's job? To figure out a pattern about what could distinguish a gay person's face from a straight person's.

I hate the terms "Must see TV" and "must read" and similar terms. But, this article comes pretty close to "must read" for those who wish to understand where computer are going to take us. Especially read the conversation between Resnick and Kosinski - the research is not really about homosexuality, but about analyzing people in general.

Michal Kosinski


It proves to be uncomfortably accurate at making predictions.

We know that companies are already collecting this data and using such black boxes to predict future behavior. Google, Facebook, and Netflix are doing this.

Basically, most of the modern platforms are just virtually based on recording digital footprints and predicting future behavior.

Psychologists would say, "Oh, yes, that's true, but not personality. This is just pseudoscience." I'm like, wait. You can accept that you can predict 57 things, but if I say, "What about 58?" you say, "This is absolutely theoretically impossible. This is pseudoscience. How can you even say that?"

Science or pseudoscience, we can bet that corporate America and the government are going to be using this.

A smart person with a computer and access to the internet can judge sexual orientation of anyone in the world, or millions of people simultaneously with very little effort, which makes lives of homophobes and...


How to Run Your Own Public Time Server on Linux

How to Run Your Own Public Time Server on Linux


Measuring Free Will of Bungee Jumpers IEEE Spectrum Recent Content full text

The brain activity required to bungee jump may yield clues to improve brain-computer interfaces Image: Surjo Soekadar

The 19-year-old stood on the lip of Austrias Europa Bridge, 192 meters in the air, with a bungee cord strapped to his ankles, and, after overcoming his fear, dived head first off the platform. 

It was the ultimate act of free will. The bungee jumper had to internally command himself to jump despite his bodys strong instinct to back away from the ledge. Yet before that momentas much as one whole second prior to becoming aware of his intention to jumphis brain had already given the command.

That command comes in the form of a distinct rising of electrical potential in the brains supplementary motor area. And understanding more about how it is associated with the minds intentions may help engineers improve mind-controlled devices. 

To that end, researchers in Germany and Austria this week described a set of experiments in which they measured the brain activity associated with bungee jumpers free will. 

The researchers, led by neuroscientist Surjo Soekadar at the University Hospital of Tbingen, say they hope the measurements will help them build better hand exoskeletons and other robotic devices that can be controlled solely by the users thoughts. 

Such mind-controlled devices, also known as brain-computer interface (BCI) technologies, translate the brains electrical activity into actions. This typically involves recording the users brain activity with electroencephalography (EEG) and analyzing the patterns using algorithms. A computer then translates the brain activity into control signals, such as a command to move a robotic hand exoskeleton. 

The challenge is to train the algorithms to correctly interpret the users intentions, and without a delay. So far, BCI systems have fallen short of that lofty goal. Such systems are often based on translating brain activity that is modulated during sensorimotor activities, such as when the user consciously imagines or executes a movement, says Soekadar....


Cuba protests US internet task force: report The Hill: Technology Policy

Cuba is pushing back against an internet task force organized by the United States that will probe the nations flow of information.Cuba on Wednesday provided the top U.S. diplomat in country with a note of disapproval, Reuters reported...


Some Early Bits Of The "Soft FP64" Infrastructure Will Be Mainlined Soon In Mesa Phoronix

David Airlie has announced his plans to begin mainlining some early infrastructure work on the "soft" FP64 code into Mesa Git. This doesn't yet allow for soft FP64 on older GPUs lacking the hardware capability to do this otherwise, but will help in another area and can make for easier mainlining of the actual soft FP64 support in the future...


Bug in iOS 11.3 beta 1 refuses to connect to secure Wi-Fi network TechWorm

Wi-Fi bug in iOS 11.3 beta 1 compelling users to downgrade

For instance, the Skype application crashes every time it is launched making it difficult for users who heavily depend on it. Secondly, while some users complained about the inability of iOS 11.3 beta 1 to connect to secured Wi-Fi networks, however, they were not facing any problems while connecting to open/unsecured Wi-Fi networks.

my iPad Mini 2 with 11.3 Public Beta can connect with my wifi network now. But, I must to turn off my wifi password first on router settings

Same issue here. I have an iPad Air, and after updating the software it would no longer log in to any of my wi-fi networks or iCloud account.

First any WiFi with encryption password does not work (WEP, WPA2). Open WiFi works (with or without captive portal)

Other users who managed to connect to open Wi-Fi network reported Apple ID related problems:

I am having the same issue, although I created a unsecure Wifi network (locked down to MAC address) and it connects. Another problem I have come across since the 11.3 (15E5167f) update, it wont accept my apple ID password verification failed so other issue there. Awaiting fix!

I was able to by pass the wifi by going to public wifi without any password.the problem with 11.3 beta is the apple ID verification failed even after reset all settings.

According to reports, at least one user has been contacted by Apple for more information about the bug. However, that person had already downgraded to iOS 11.2.5 to fix the problem.

If you too are facing this connectivity problem after installing iOS 11.3 beta 1, you will need to downgrade to the latest stable version (iOS 11.2.5), or wait for the beta 2 release.

Source: piunikaweb

The post Bug in iOS 11.3 beta 1 refuses to connect to secure Wi-Fi network appeared first on TechWorm.


Logan Paul on YouTube suicide forest video: It was 'a horrible lapse of judgment The Hill: Technology Policy

YouTube personality Logan Paul on Thursday said the backlash he faced for posting a video of a dead body has been the hardest time of my life and said hes learned from the experience. Dude, this has been, to be honest with you, the hardest...


Multiverse Thought Experiment Suggests Life Could Still Exist Under Different Laws of Physics Lifeboat News: The Blog

Image: istolethetv/Flickr Perhaps were not alone but instead reside in a multiverse stocked with all sorts of fantastical realms. These other universes are somewhatbut not exactlylike our own. Maybe gravity acts differently, or particles come in different shapes and sizes. Could life still exist in any of these bubbles? A team of researchers at the University of Michigan asked these questions but took things a step further. They removed one of the four fundamental forces of nature, the weak nuclear force, from their hypothetical universes. And according to their calculations, these alter


Fedora 28 Will Hopefully Enable Intel PSR To Further Conserve Laptop Power Phoronix

Red Hat developer Hans de Goede has recently been on a mission to improve Linux battery life on Fedora. Now that SATA link power management is better handled and other tweaks, his latest target is on getting Intel's Panel Self Refresh (PSR) support enabled...


Call for Proposals Now Open - Speak at Open Source Summit Japan, North America, Europe

Call for Proposals Now Open - Speak at Open Source Summit Japan, North America, Europe


Smashing Security #063: Carole's back! Graham Cluley

Ss episode 63 thumb

Fitness trackers breaching your privacy, how anyone can create convincing celebrity porn, and how ransomware authors are getting ripped off by scammers.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.


Siemens fixed three flaws in plant management product Siemens TeleControl Basic system Security Affairs

Siemens has patched three security vulnerabilities in its Plant Management Product, the Siemens TeleControl Basic system.

The system is used in water treatment facilities, traffic monitoring systems, and energy distribution plants. The TeleControl Basic control center runs the TeleControl Server Basic software. The Siemens TeleControl Basic system allows organizations to monitor and control processes in industrial environment and operation of municipal facilities.

Siemens TeleControl Basic

The TeleControl Server Basic system is affected by three vulnerabilities that could be exploited by an attacker to conduct different types of attacks, including privilege escalation, bypass authentication, and denial-of-service (DoS) attacks.

The latest update for TeleControl Server Basic resolves three vulnerabilities. One of these vulnerabilities could allow an authenticated attacker with network access to escalate his privileges and perform administrative actions. reads the security advisory published by Siemens.

Siemens recommends updating to the new version.

This is the first time that Siemens publishes a security advisory released by Siemens and ICS-CERT for a vulnerability that affects TeleControl products

The flaws affect TeleControl Server Basic versions prior to V3.1, the most severe one is tracked as CVE-2018-4836 and rated high severity.

Below the list of the vulnerabilities and related descriptions:

  • Vulnerability (CVE-2018-4835) [CVSS v3.0 Base Score 5.3] It could be exploited by an attacker with network access to the TeleControl Server Basics port 8000/tcp to bypass the authentication mechanism and access limited information.
  • Vulnerability (CVE-2018-4836) [CVSS v3.0 Base Score 8.8]   It could be exploited by an authenticated attacker with a low-privileged account to the TeleControl Server Basics port 8000/tcp to escalate privileges and perform administrative operations.
  • Vulnerability (CVE-2018-4837) [CVSS v3.0 Base Score 5.3]  It could be exploited by an attacker with ac...


BEC scams surge, cybercriminals target nearly all organizations Help Net Security

96 percent of organizations have received business email compromise (BEC) emails during the second half of 2017, according to Agari. BEC is a particularly effective attack vector because its lack of payload makes it nearly impossible for conventional email security solutions to detect and prevent, said Markus Jakobsson, chief scientist, Agari. At its core, business email compromise is a social engineering attack that leverages familiarity, authority and trust, which can result in billions of dollars More


[H]ardOCP: Blockchain Startup Takes $11, Leaves Penis SoylentNews

Submitted via IRC for TheMightyBuzzard

In a report yesterday, blockchain start up "The Prodeum Project," whose goal was to "revolutionize the fruit and vegetable industry" with Ethereum has apparently absconded with millions of investor dollars. Upon exiting with the investors money, the website went offline, and was replaced with one word: "Penis." The companies press release detailing the project is still online.

I really need to come up with some half-baked idea and slap "blockchain" in it so investors give me millions. This article also states that other digital fingerprints of the crypto-team's former existence are being scrubbed from the web. Webpages from TokennDesk, a Linkedin profile, twitter handle, and even a blog post on Medium have all been deleted. One could say a lot of people got the...shaft.


Also at Wired and Business Insider.

[Ed. Note - Although the quote mentions millions of investor dollars, as far as I can tell they made off with just $11 US.]

Original Submission

Read more of this story at SoylentNews.


Intel's Mesa Driver Is OpenGL 4.6 Compliant, But Won't Be Mainline For A While Phoronix

As noted when covering the news yesterday of Khronos launching the OpenGL 4.6 Adopters Program, the NVIDIA proprietary driver and Intel's open-source Linux driver are the first OpenGL drivers considered 4.6 compliant. But on the Intel Linux side, the OpenGL 4.6 work has yet to be all upstreamed into Mesa...


Linux 4.16 Gets Three New Driver Subsystems Plus VirtualBox Guest Driver Phoronix

Greg Kroah-Hartman's pull request of the char/misc driver work usually isn't too exciting each kernel cycle, but for Linux 4.16 it's definitely on the heavier side with introducing three new subsystems for different hardware busses...


Innovative organizations build security into their cloud strategy Help Net Security

Businesses are increasingly evolving their security strategy to advance their cloud strategy. Based on research and interviews with industry practitioners, Hurwitz & Associates sees clear evidence that balancing velocity and security in the cloud starts with adopting new approaches to security. When evaluating an ideal cloud solution, what is your most important priority? Customers are increasingly depending on cloud computing to support the need for business agility and speed of transformation. However, to be successful More

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Thursday, 01 February


Time to stop watching Porn on Smartphones as they are Vulnerable to Hacking and Ransomware Hacker News Bulletin | Find the Latest Hackers News

Android smartphones are used all around the world and are become popular by the day. If you are an owner of an Android smartphone and use to watch porn on it, its time you should start avoiding that. Android smartphones have been found to be vulnerable to hacking and ransomware in the recent times. According

The post Time to stop watching Porn on Smartphones as they are Vulnerable to Hacking and Ransomware appeared first on Hacker News Bulletin | Find the Latest Hackers News.


MythTV 29.1 Released Phoronix

Last July marked the release of MythTV 29 as the latest release of this once super popular Linux DVR/PVR software. Today marks the availability of MythTV 29.1...


Meltdown/Specter-based Malware Coming Soon to Devices Near You, Are You Ready? The Hacker News

It has been few weeks since the details of the Spectre, and Meltdown processor vulnerabilities came out in public and researchers have discovered more than 130 malware samples trying to exploit these chip flaws. Spectre and Meltdown are security vulnerabilities disclosed by security researchers earlier this month in many processors from Intel, ARM and AMD used in modern PCs, servers and


How do your IT complexity challenges compare to those of other CIOs? Help Net Security

A global survey of 800 CIOs conducted by Vanson Bourne reveals that 76% of organizations think IT complexity could soon make it impossible to manage digital performance efficiently. IT complexity is growing The study further highlights that IT complexity is growing exponentially; a single web or mobile transaction now crosses an average of 35 different technology systems or components, compared to 22 just five years ago. This growth has been driven by the rapid adoption More


Oscilloscope Art From Your Browser Hackaday

Oscilloscope art is a fascinating pursuit in which waveforms are generated for the X an Y channels of an oscilloscope to draw pictures on its screen. Its somewhat distinct from vector computer graphics of the type you might see in older arcade machines or the Vectrex console, in that while it uses a similar approach to creating a display it has a very different purpose. Sometimes these works can be breathtakingly beautiful animations, and other times maybe not so much.

If youd like to explore the topic as a mild diversion, then maybe this Javascript oscilloscope art generator from [Neil Fraser] might be of interest. In around a hundred lines of code hes created an in-browser scratchpad upon which a waveform can be drawn which will then be created as an audio signal on your computers soundcard. Hook up left and right to X and Y of your oscilloscope, and what you scribbled on the pad should pop up on the screen.

Draw it, see it on screen. Magic!Draw it, see it on screen. Magic!

Its an impressive piece of work that you can see in the video below or try for yourself, and your scribes Rigol was pressed into service to give it a go. After a bit of tweaking to find the right voltages and select...


Google and Facebook Make a Move Towards Local News SoylentNews

Google is testing a service called Bulletin that would focus on local news published by the masses:

Google is testing a tool called Bulletin that would allow anyone to publish local news stories and events, according to a report from Slate, which Google later confirmed. The company described Bulletin as a way for others to communicate information of local interest, like bookstore readings, high school sporting events, or information about street closures, for example.

Slate found a website for creating Bulletin posts was already up-and-running, but was still in "early access mode." The service is currently being piloted in Nashville and in Oakland, Calif., the webpage states.

On the site, Google explains that Bulletin is a lightweight app for telling stories, capturing photos and videoclips from your phone, and then publishing them straight to the web without having to create a blog or build a website yourself.

Meanwhile, Facebook says it will prioritize local news:

In a newsroom post on Monday, Facebook's Alex Hariman, head of news product and Campbell Brown, heads of news partnerships, announced the social platform would begin to prioritize local news outlets in the feeds of its users, emphasizing that local communities benefit and trust the outlets closest to them.

Original Submission



Mining Smominru botnet used NSA exploit to infect more than 526,000 systems Security Affairs

Researchers from Proofpoint discovered a huge botnet dubbed Smominru that is using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities.

The number of cyber attacks against the cryptocurrency sector continues, vxers are focusing their efforts on the development of cryptocurrency/miner malware.

Recently security experts observed cryptocurrency miners leveraging the NSA EternalBlue SMB exploit (CVE-2017-0144) as spreading mechanism.

On August 2017, a new fileless miner dubbed CoinMiner appeared in the wild, it uses NSA EternalBlue exploit and WMI tool to spread.

Now researchers Researchers from Proofpoint discovered a huge botnet dubbed Smominru (aka Ismo) that is using the EternalBlue exploit (CVE-2017-0144) to infect Windows computers and recruit them in Monero cryptocurrency mining activities.

 Because obtaining these cryptocurrencies through legitimate mining mechanisms is quite resource-intensive, cybercriminals are stealing them, demanding ransomware payments  in them, and harnessing other computers to mine them for free. Recently, Proofpoint researchers have been tracking the massive Smominru botnet, the combined computing power of which had earned millions of dollars for its operators. states the analysis published by Proofpoint

With the help of Abuse.CH and the ShadowServer Foundation, Proofpoint conducted a sinkholing operation that allowed to profile the botnet.

The command and control infrastructure of the Smominru botnet is hosted on DDoS protection service SharkTech, Proofpoint promptly notified the abuse to the service provider without receiving any response.

According to the researchers, the Smominru botnet has been active at least since May 2017 and has already infected more than 526,000 Windows computers.

Most of the infected systems are servers distribu...


How Programmers Learn to Code

HackerRank recently published the results of its 2018 Developer Skills Report, in which it asked programmers when they started coding.

39,441 professional and student developers completed the online survey from 16 October to 1 November 2016, with over 25% of the developers surveyed writing their first piece of code before they were 16 years old.

How programmers learn

In terms of how programmers learnt to code, self-teaching is the norm for developers of all ages, stated the report.


Staging Updates Submitted For Linux 4.16 Phoronix

Greg Kroah-Hartman sent in pull requests this morning for the various subsystems he oversees for the mainline Linux kernel, including the staging area...


Reckoning the Spectre and Meltdown Performance Hit for HPC

While no one has yet created an exploit to take advantage of the Spectre and Meltdown speculative execution vulnerabilities that were exposed by Google six months ago and that were revealed in early January, it is only a matter of time. The patching frenzy has not settled down yet, and a big concern is not just whether these patches fill the security gaps, but at what cost they do so in terms of application performance.


Open-Source Adreno A6xx GPU Support Posted Phoronix

Recently I wrote about Qualcomm's Code Aurora working on Adreno A6xx GPU support and sure enough that has panned out with the initial patch series being posted for this latest-generation Qualcomm GPU architecture...


SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range Bugtraq

Posted by SEC Consult Vulnerability Lab on Feb 01

We have published an accompanying blog post to this technical advisory with
further information:

SEC Consult Vulnerability Lab Security Advisory < 20180201-0 >
title: Multiple critical vulnerabilities
product: Whole...


How to reload .vimrc file without restarting vim on Linux/Unix nixCraft

I am a new vim text editor user. I usually load ~/.vimrc using :vs ~/.vimrc for configuration. Once edited my .vimrc file I need to reload it without having to quit Vim session. How do I edit my .vimrc file and reload it without having to restart Vim on Linux or Unix-like system? Vim is Continue reading "How to reload .vimrc file without restarting vim on Linux/Unix"

The post How to reload .vimrc file without restarting vim on Linux/Unix appeared first on nixCraft.


Is Amazon Planning a Disruptive AWS-Like Move Into Health Care? SoylentNews

Amazon Health-Care Move May Be Next 'Home Run' Like Cloud Services Inc.'s foray into health care won't be the first time it has disrupted an entire industry by starting with an effort inside the company.

Amazon Chief Executive Officer Jeff Bezos is teaming up with fellow billionaires Warren Buffett and Jamie Dimon to revamp health care for the 2.4 million workers and dependents of the companies they run. The move fostered widespread speculation the trio will eventually make their approach to medical care available to companies far and wide.

Bezos has a long, increasingly successful, record of starting new businesses on a small scale, often for the benefit of his company, then spreading them to the masses -- creating a world of pain for incumbents. Consider the ways Amazon is changing industries as varied as product fulfillment, cloud computing and even the sale of cereals, fruits and vegetables.

This is just a cheap excuse to follow up on the machinations of the world's richest human:

Amazon, Berkshire Hathaway, and JPMorgan Chase to Offer Their Own Health Care to U.S. Employees

Original Submission

Read more of this story at SoylentNews.


Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit The Hacker News

2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals. Several cybersecurity firms are reporting of new cryptocurrency mining viruses that are being spread using EternalBluethe


Anti-Aging Pioneer Aubrey de Grey: People in Middle Age Now Have a Fair Chance Lifeboat News: The Blog

Aging is not a mystery, says famed researcher Dr. Aubrey de Grey, perhaps the worlds foremost advocate of the provocative view that medical technology will one day allow humans to control the aging process and live healthily into our hundredsor even thousands.

The cultural attitudes toward all of this are going to be completely turned upside down by sufficiently promising results in the lab, in mice.

He likens aging to a car wearing down over time; as the body operates normally, it accumulates damage which can be tolerated for a while, but eventually sends us into steep decline. The most promising way to escape this biological reality, he says, is to repair the damage as needed with precise scientific tools.


A Fast-Evolving New Botnet Could Take Gadgets in Your Home to the Dark Side

Satori is built to turn routers, thermostats, and other household devices into zombies.


How to build Perl module rpm file with cpanspec on RHEL/CentOS Linux nixCraft

I am using CentOS/RHEL 7.x heavily, and many needed CPAN modules missing. I want to distribute Perl modules from CPAN to 100s of VMs and bare metal servers. Unfortunately running cpanm Module::Name OR perl -MCPAN -e 'install Module::Name' is not an option. Is there any way to build RPM packages with rpmbuild for specific Perl module on a CentOS/RHEL 7.x server? What's the easiest way to install a missing Perl module using the yum command?

The post How to build Perl module rpm file with cpanspec on RHEL/CentOS Linux appeared first on nixCraft.


Amazon, Berkshire Hathaway, and JPMorgan Chase to partner on US employee health care Lifeboat News: The Blog

Amazon, Berkshire Hathaway, and JPMorgan Chase on Tuesday announced a partnership to cut health-care costs and improve services for their U.S. employees. The announcement slammed the shares of multiple companies in the health-care sector.

Amazon, Berkshire Hathaway and JPMorgan announce plans to partner on ways to cut health care costs and improve services for U.S. employees.


Despite Protests, ISP Ordered To Hand Over Pirates Details to Police TorrentFreak

As large ISPs become more closely aligned with the entertainment industries, the days of providers strongly standing up to blocking and disclosure requests appear to be on the decline. For Swedish ISP Bahnhof, however, customer privacy has become a business model.

In recent years the company has been a major opponent of data retention requirement, launched a free VPN to protect its users privacy, and put on a determined front against the threat of copyright trolls.

Back in May 2016, Bahnhof reiterated its stance that it doesnt hand over the personal details of alleged pirates to anyone, not even the police. This, despite the fact that the greatest number of disclosure requests from the authorities relate to copyright infringement.

Bahnhof insisted that European privacy regulations mean that it only has to hand over information to the police if the complaint relates to a serious crime. But that went against a recommendation from the Swedish Post and Telecom Authority (PTS).

Now, however, the battle to protect customer privacy has received a significant setback after the Administrative Court in Stockholm found that Swedish provisions on disclosure of subscription data to law enforcement agencies do not contravene EU law.

PTS asked Bahnhof to provide information on subscribers to law enforcement agencies. Bahnhof appealed against the order, claiming that the Swedish rules on disclosure of subscription information are incompatible with EU law, the Court said in a statement.

In support of its view, Bahnhof referred to two rulings of the European Court of Justice. The Administrative Court has held that it is not possible to state that the Swedish rules on law enforcement agencies access to subscription data are incompatible with EU law.

The Court also looked at whether Swedish rules on disclosure of subscriber data meet the requirement of proportionality under EU law. In common with many other copyright-related cases, the Court found that law enforcements need to access subscriber data was more important than the individuals right to privacy.

In light of this, the Administrative Court has made the assessment that PTSs decision to impose on B...


Altered Carbon Trailer Lifeboat News: The Blog

For those of life extensionists who are in San Francisco or not far from it!

Tomorrow, February 2, 7:00 PM 11:00 PM PST, 54 Washburn St, San Francisco there will be the *Premiere Viewing Party*!

In the beginning of the party longevity researcher & TED Fellow *Aubrey de Grey* will be making some remarks on the current state of longevity research here in the real world before we partake of the fictional one.


Sculptural Grade M&M Sorter Hackaday

Sorting M&Ms is really only a major concern if you happen to be working on a Van Halen tour, but its a fun exercise nonetheless. Its for this reason we see plenty of sorting projects come our way, varying from the breadboard and cardboard variety, all the way up to final university projects. Today, [Karl] has blessed us with their sculptural-grade offering, and the attention to detail is stunning.

The project has been in gestation in [Karl]s mind, on and off, for 10 years or so. The big problem centered around reliably separating out one M&M at a time from a hopper of many. From time to time, [Karl] would speak with other builders using similar techniques to his failed experiments, who often reported that the secret to their machines reliability was careful video editing. It was only when a parts sorter flashed across the Hackaday feed that [Karl] found the mechanism that would work to make his project a reality.

Now that the individual candies could readily be separated and fed through a machine, the rest of the project came together quickly. A color sensor was combined with servos and a stepper motor to duct M&Ms into separate flasks.

The real value of this build, however, is in the overall attention paid to the aesthetics of the final product. The device was built to be a kinetic sculpture, able to run reliably with the minimum of attention at the behest of even an untrained user. By carefully optimising the mechanisms inside and building an attractive enclosure, [Karl] has developed something wed be proud to show off in a living room.



Donald Trump Signs Executive Order to Keep Guantnamo Bay Open SoylentNews

Donald Trump has signed an executive order to keep the Guantnamo Bay prison camp open, reversing the policy of the Obama administration.

In his State of the Union address on Tuesday night, Trump said he had directed the defence secretary, James Mattis, "to re-examine our military detention policy and to keep open the detention facilities at Guantnamo Bay". He added that he expected that "in many cases" captured terrorists would be sent to the camp.

The Trump executive order instructs Mattis, in consultation with the secretary of state and other officials, to deliver a new policy on battlefield detentions, "including policies governing transfer of individuals to US Naval Station Guantnamo Bay" within 90 days.

Original Submission

Read more of this story at SoylentNews.


Re: report a vulnerability in sfcb software. Open Source Security

Posted by Adam Maris on Feb 01

You can request CVE via

Best Regards,


TSMC Holds Groundbreaking Ceremony for "5nm" Fab, Production to Begin in 2020 SoylentNews

Taiwan Semiconductor Manufacturing Company (TSMC) plans to make so-called "5nm" chips starting in early 2020:

TSMC last week held a groundbreaking ceremony for its Fab 18 phase 1 production facility. The fab will produce chips using TSMC's 5 nm process starting from early 2020. When all three phases of the manufacturing facility are completed, its wafer starts capacity will exceed one million 300-mm wafers per year, comparable with other three GigaFabs operated by TSMC.

TSMC's Fab 18 will be located in Tainan (in the Southern Taiwan Science Park), and will be built in three phases. The construction of the first phase or segment of the building will be completed in about a year from now, after which TSMC will move in equipment sometime in early 2019. In about two years from now, the company expects to start volume production of chips using its 5 nm process technology at the Fab 18/phase 1. Construction of the second and the third phases will commence in Q3 2018 and Q3 2019. The two phases will start volume production in 2020 and 2021, respectively.

Extreme ultraviolet (EUV) lithography could be used to make "7nm" chips, but not "5nm" yet.

Related: Samsung's 10nm Chips in Mass Production, "6nm" on the Roadmap
Moore's Law: Not Dead? Intel Says its 10nm Chips Will Beat Samsung's
Samsung Plans a "4nm" Process
GlobalFoundries to Spend $10-12 Billion on a 7nm Fab, Possibly $14-18 Billion for 5nm

Original Submission

Read more of this story at SoylentNews.


Drone racing in the UK Lifeboat News: The Blog

Drone racing brings us one step closer to pod racing.


Solar Powered Plane Lifeboat News: The Blog

This plane will go to space and back in 5 hours.


[SECURITY] [DSA 4103-1] chromium-browser security update Bugtraq

Posted by Michael Gilbert on Jan 31

Debian Security Advisory DSA-4103-1 security () debian org Michael Gilbert
January 31, 2018

Package : chromium-browser
CVE ID : CVE-2017-15420...


Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 Bugtraq

Posted by Atlassian on Jan 31

This email refers to the advisory found at


* CVE-2017-14592
* CVE-2017-14593
* CVE-2017-17458
* CVE-2017-17831

Product: Sourcetree

Affected Sourcetree product versions:

Fixed Sourcetree product versions:

* Versions of SourceTree for macOS, equal to and above 2.7.0 contain a fix for...


Scientists Just Identified The Physical Source of Anxiety in The Brain Lifeboat News: The Blog

Were not wired to feel safe all the time, but maybe one day we could be.

A new study investigating the neurological basis of anxiety in the brain has identified anxiety cells located in the hippocampus which not only regulate anxious behaviour but can be controlled by a beam of light.

The findings, so far demonstrated in experiments with lab mice, could offer a ray of hope for the millions of people worldwide who experience anxiety disorders (including almost one in five adults in the US), by leading to new drugs that silence these anxiety-controlling neurons.


What is The Theory Of Everything? Lifeboat News: The Blog

What will we gain if we discover the Theory of Everything?

Find out from Dr. Michio Kaku!


NASA Tests Tiny Fission Reactor That Could Power Homes On Mars Lifeboat News: The Blog

NASA has tested a tiny reactor that could power homes on Mars.


This gel is stronger than steel Lifeboat News: The Blog

This gel is as flexible as jello and stronger than steel.


Robots and AI Will Take Over These 3 Medical Niches First Lifeboat News: The Blog

Were no stranger to robotics in the medical field. Robot-assisted surgery is becoming more and more common. Many training programs are starting to include robotic and virtual reality scenarios to provide hands-on training for students without putting patients at risk.

With all of these advances in medical robotics, three niches stand out above the rest: surgery, medical imaging, and drug discovery. How have robotics already begun to exert their influence on these practices, and how will they change them for good?


Technology to watch in 2018 Lifeboat News: The Blog

Thought leaders reveal the technologies and topics likely to transform life-science research in the year ahead.


Waymo Gets Ready to Deploy Thousands of Self-Driving Minivans Lifeboat News: The Blog

The Alphabet spinoff is in a rush, so its buying thousands more driverless cars from Fiat-Chrysler.


Tornadoes Of Sound Can Levitate Physical Objects Lifeboat News: The Blog

This tractor beam breakthrough means humans are one step closer to levitation. (via Seeker)


Microsofts New AI Creates Fake Photos From Your Words Lifeboat News: The Blog

The groundbreaking software takes AI one step closer to achieving humanlike intelligence, according to its creator.


Malware exploiting Spectre and Meltdown flaws are currently based on available PoC Security Affairs

Malware Exploiting Spectre, Meltdown Flaws Emerges

Researchers at the antivirus testing firm AV-TEST have discovered more than 130 samples of malware that were specifically developed to exploit the Spectre and Meltdown CPU vulnerabilities.

The good news is that these samples appear to be the result of testing activities, but experts fear that we could soon start observing attacks in the wild.

Most of the codes obtained by AV-TEST are just recompiled versions of the Proof of Concept code available online. Experts at AV-TEST also found the first JavaScript PoC codes for web browsers like IE, Chrome or Firefox in our database now.

We also found the first JavaScript PoC codes for web browsers like IE, Chrome or Firefox in our database now.Andreas Marx, CEO of AV-TEST, told SecurityWeek.

The Meltdown attack could allow attackers to read the entire physical memory of the target machines stealing credentials, personal information, and more.

The Meltdown exploits the speculative execution to breach the isolation between user applications and the operating system, in this way any application can access all system memory.

The Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also be exploited to extract information from its own process via code, for example, a malicious JavaScript can be used to extract login cookies for other sites from the browsers memory.

The Spectre attack breaks the isolation between different applications, allowing to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.

On January 17, experts at AV-TEST reported that they had detected 77 malware samples apparently related to the Intel vulnerabilities.


Putting the Pi In Piano Hackaday

Working on a PhD in composition, [Stephen Coyle] spends a fair bit of time at his electric keyboard. Setting himself up to work can be a bit of a task, so he felt he could improve the process and make it easy as Pi.

Finding it an odious task indeed to use notation software, connecting his laptop to his keyboard is a must avoiding a warren of wires in the move is a similar priority. And, what if he could take advantage of the iPads unique offerings too? Well, a Raspberry Pi Zero W running Ravelox an RTP MIDI protocol makes  his music available on his network to record on whichever device he pleases.

He also took the time to upgrade his keyboards archaic PSU to a more powerful option, also allowing him to siphon off some juice to the Pi with a voltage regulator booting it whenever he turns on his keyboard. A channel hidden underneath his keyboard made the perfect cache for the Pi, voltage regulator and cables, with help from a little hot glue. All thats left now, is to play on!

When [Coyle] isnt at his keyboard, hes at his other keyboard making an absolutely essential smart button.

[Thanks for the tip, Dave!]


Xerox Is No More SoylentNews

The once mighty Xerox corporation, inventor of the photocopier, the graphical user interface, ethernet and the workstation is no more. Today it has been announced that Xerox is to be acquired by Fujifilm, with whom it had the joint venture FujiXerox, for $6.1 bilion.

In recent years, much of Xerox's previous, and quite recent, acquisitions have been sold off including Tektronix in Willsonville, Oregon (acquired for its solid ink technology) and Affiliated Computer Services.

Back in 2011, Xerox entered into a partnership with Indian outsourcing firm HCL, transferring thousands of engineering staff, including most in the UK and mainland Europe.

Original Submission

Read more of this story at SoylentNews.


Researchers Discover Anxiety Cells In The Brain Lifeboat News: The Blog

Scientists who identified specific brain cells in mice that control anxiety say the discovery could provide insights that might eventually help people with panic disorder and social phobia.


NEW 'Off The Hook' ONLINE 2600 - 2600: The Hacker Quarterly

NEW 'Off The Hook' ONLINE

Posted 01 Feb, 2018 4:39:04 UTC

The new edition of Off The Hook from 31/01/2018 has been archived and is now available online.


Amateur Finds Lost NASA Satellite SoylentNews

Amateur satellite enthusiast Scott Tilley was searching the sky for spy satellites to track when he discovered an unknown object. That object identified itself as the NASA IMAGE satellite, thought to have become non-operational in 2005. NASA has since confirmed that the satellite is indeed IMAGE, and is now planning on using it to observe the magnetosphere near the northern magnetic pole.

Another enthusiast, Cees Bassa, added his own detailed analysis of the error and how it recovered.

Original Submission

Read more of this story at SoylentNews.


KonaKart Path Traversal Vulnerability Bugtraq

Posted by ajcraggs on Jan 31

Product overview:

"KonaKart is a java based eCommerce software platform trusted by top brands throughout the world to give them a stable,
performance online store".

Vulnerability overview:

KonaKart eCommerce Platform prior to verion 8.8 is vulnerable to a directory traversal flaw in the admin console that
would allow an attacker to download sensitive application or system files, or upload malicious files and take control


Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key Bugtraq

Posted by cfpmontreal2018 on Jan 31


0xE - CFP - Training Registration - Conference - Submit! - PGP key



Router Rebooter Eliminates Hassles Hackaday

Some low-end or older routers might get you a decent WiFi network in your house or apartment, but often these cheaply made devices are plagued with subtle software problems that cause the router itself to become unresponsive after a few days of operating. One solution is to just power cycle the router by hand whenever the Internet disappears, but a better solution is to build something that does that for you.

[Charlie] had this problem as the de facto IT person in his family, and didnt want to keep getting bothered for such a simple problem. His solution involves a relay, an ESP8266, and a Wemos D1 mini. The device connects to the Internet through the router and occasionally sends out pings to another address. If it cant ping the address successfully after a certain time period, the device power cycles the router by activating the relay.

Since this isnt the newest idea out there, there are many ways to solve this problem if you are constantly annoyed by router issues, whether from your own router or from friends and family who treat you as their personal IT department. One solution doesnt involve any extra hardware at all as long as you have a computer near your router/modem already, and others solve this problem when it happens to the modem rather than the router.


Life on Mars, from Viking to Curiosity - Issue 57: Communities Nautilus

After midnight in a sweltering room in Pasadena in July 1976, Viking Mars team members sat hunched around a bulky monotone computer monitor, tensely awaiting the first data from the worlds first successful Mars probe lander, the only Mars lander ever specifically designed to detect life. Over the next weeks each of Vikings first life-detection experiments came back with a striking signature. As the data trickled back into the Space Operations Facility, it became clear that carbon dioxide was released when organic compounds were added to Martian soil, though not when the mixture was superheated. This was a life signature, and exactly what had happened with the experiment on Earth. When water was added to the soil, oxygen was released, just as on Earth. The remote probe, panning for life, had found its signature in its first two experiments. The third experiment heated the soil, like warming food in the oven, and those results were mixed.

Arguments intensified, however, as the fourth experiments conflicting data came in. To claim life on Mars would be unprecedented. If they were wrong, no team member would live it down. Anything was better than striking out with a pompous grin on your face. Unbeknownst
Read More

Does Aging Have a Reset Button? - Issue 57: Communities Nautilus

Part of Vittorio Sebastianos job is to babysit a few million stem cells. The research professor of reproductive biology at Stanford University keeps the cells warm and moist deep inside the Lorry I. Lokey Stem Cell Research Building, one of the nations largest stem cell facilities. Hes joined there by an army of researchers, each with their own goals. His own research program is nothing if not ambitious: He wants to reverse aging in humans.

Stem cells are the Gary Oldman of cell types. They can reprogram themselves to carry out the function of virtually any other type of cell, and play a vital role in early development. This functional reprogramming is usually accompanied by an age reset, down to zero. Sebastiano figures that if he can separate these different kinds of reprogramming, he can open up a whole new kind of aging therapy. Nautilus caught up with him last month.

What impact will your work have on aging research?

Im studying whether we can separate the process of functional reprogramming of cells from the process of aging reprogramming of cells. Typically these two processes happen at the same time. My hypothesis is that we can induce cellular rejuvenation without
Read More

Cracking Avatars Language Codes - Issue 57: Communities Nautilus

One hot Thursday in July of 2013, I met a gangly young man at Washington D.C.s Union Station. Energetic and slightly nervous, he politely shook my hand and ushered me to a silver sedan where his girlfriend, Sarah, was at the wheel. Although he introduced himself as Ian Riley, for the next five days I would know him as Ftiafpi. Ftiafpi, meaning for the sake of studying, is his name in Navi, a language specially created for James Camerons 2009 epic 3-D film, Avatar.

Ian and Sarah were taking me to AvatarMeet, an annual gathering of fans and Navi speakers to be held amid the sweeping forests of Shenandoah National Park, Virginia. As we drove towards the gathering, the land became greener, with eagles replacing city pigeons, and road signs pointing to waterfalls and farms instead of expressways. Nearing our destination, Sarahs exasperation with the traffic grew while Riley fidgeted in the front seat with anticipation. Rileys custom white T-shirt read Oeru syaw fko Ftiafpi, Navi for My name is Ftiafpi. This was his first Meet in two years, he said, reaching across to touch Sarahs shoulder. It is Sarahs first time, too, he said, beaming, as Sarah patiently removed
Read More


IOTA Wallets Emptied; $4 Million Stolen SoylentNews

My old physics teacher always said: "It's the dumb criminals who get caught; you never catch the smart ones." He was a really smart guy, and he did live a nice lifestyle, hmmm...

Anyway, so IOTA. As with any digital currency, you need some random information - a passphrase typically - that is used when you create your wallet. In the case of IOTA, which is supposed to be IOT friendly, this means a string of 81 random characters, the generation of which could be pretty easily automated.

That's great, and the OSS world being full of helpful people, someone wrote a handy generator, put the code for all to see on GitHub, and put their generator onto a website where you could easily make use of it. Nice.

Actually, diabolical. The code on the website really was identical to the code on GitHub, except for one tiny, almost insignificant change: at some point, the owner swapped out the random seed to a value that he knew. Not even constant - that would have been too obvious - but known nonetheless.

And for many months, many people used his friendly little service. Until January 19th, when he emptied their IOTA wallets, erased his presence from the Interwebs, and quietly disappeared. $4 million or so richer.

This one won't be caught.

tl;dr for anyone who doesn't get it: The point of having a secret password, secret passphrase, or secret key is that it's secret. Which means that you don't have it generated for you by a public web service.

Original Submission

Read more of this story at SoylentNews.


[$] Weekly Edition for February 1, 2018

The Weekly Edition for February 1, 2018 is available.




Judge Orders Unmasking of Anonymous Peer Reviewers in CrossFit Lawsuit SoylentNews

A judge has ordered that anonymous peer reviewers for an article in a science journal be unmasked on behalf of the exercise regimen company CrossFit, Inc.. The journal is published by a competitor of CrossFit:

In what appears to be a first, a U.S. court is forcing a journal publisher to breach its confidentiality policy and identify an article's anonymous peer reviewers.

The novel order, issued last month by a state judge in California, has alarmed some publishers, who fear it could deter scientists from agreeing to review draft manuscripts. Legal experts say the case, involving two warring fitness enterprises, isn't likely to unleash widespread unmasking. But some scientists are watching closely.

The dispute revolves around a 2013 paper, since retracted, that appeared in The Journal of Strength and Conditioning Research. In the study, researchers at The Ohio State University in Columbus evaluated physical and physiological changes in several dozen volunteers who participated for 10 weeks in a training regimen developed by CrossFit Inc. of Washington, D.C. Among other results, they reported that 16% of participants dropped out because of injury.

In public and in court, CrossFit has alleged that the injury statistic is false. CrossFit also claims that the journal's publisher, the National Strength and Conditioning Association (NSCA) of Colorado Springs, Coloradowhich is a competitor in the fitness businessintentionally skewed the study to damage CrossFit. NSCA in turn has countersued, accusing CrossFit executives of defamation. Amid the legal crossfire, the journal first corrected the paper to reduce the number of injuries associated with CrossFit, then retracted it last year, citing changes to a study protocol that were not first approved by a university review board.

CrossFit suspects the paper's reviewers and editors worked to play up injuries associated with its regimen, and it has asked both federal and state judges to force the publisher to unmask the reviewers. In 2014, a federal judge refused that request. But last month, Judge Joel Wohlfeil of the San Diego Superior Court in California, who is overseeing NSCA's defamation suit against CrossFit, ordered the association to provide the names.

Original Submission

Read more of this story at SoylentNews.


The UPC/SEP/FRAND Lobby Has Resorted to Just Insulting the Opposition Techrights

Related: The SEP/Patent Trolls Lobby Insults the Victims, Calling Them Free Riders

Alex Robinson
He was talking about readers of Kluwer Patent Blog (because they dont agree with him about UPC)

Summary: Team UPC proudly shuts opposing views out of the debate and then brags about it, in order for a legislation that benefits patent trolls to slide through like a Trojan horse, without resistance from the wrong people (like scientists and technologists) or a nuisance like facts, constitutions, laws and so on

THE distinguished lack of manners in EPO management extends to its loud supporters from Team UPC. Theres barely even room for a rational debate anymore. Here we see Team UPC, after it increased censorship (it promotes patent trolls agenda while blocking critics) saying: #NowWithReducedTrolling

Theres barely even room for a rational debate anymore.As if UPC critics are "trolls" and "idiots". This one particular individual is calling people whom he doesnt agree with (because they threaten his financial interests as well as patent trolls) trolls. The irony

A fellow Team UPCer, Brian Cordery from Bristows, wrote this misleading blog post earlier this week while making these extraordinary claims about UPC: UK is expected to be ready in February (see here) and the German parliament has passed a draft law (see here) with promulgation on hold due to the case pending in the German Federal Constitutional Court.

Its worth noting that Team UPC is also pushing SEP/FRAND (theres a correlation there, especially among the motivations of their large clients).Team UPC has basically just lied (yet again) about the situation/process in both Britain and Germany. Cordery makes the UPC sound so inevitable. So he is either deluded or intentionally lying (neither is particularly flattering a possibility). Te...


Patent Justice at the EPO is as Bad as Justice for Workers Techrights

So the UPC is a Dead Man Walking, Surely?

Summary: A look at the sad state of justice for EPO workers and the effect of brain drain combined with work pressure on the quality of work

HAVING published nearly 2,500 posts about the EPO, we have enough evidence to show that the EPO has, especially in recent years, been treating its workforce like dirt. Staff must never be treated like dirt. Many of them feel it. Many are depressed.

The EPOs management, moreover, lies as a matter of routine and always gets away with it. It now lies (by omission) about the latest ILOAT decisions. To quote a new comment:

It should be remembered that the ILO-AT is an adminstarative [sic] tribunal and not a court of justice it checks that the procedural aspects were correct but not that the judgement was just.

One point to note. The EPO publishes internally a summary of the ILO decisions. In the current round, some important decisions were, exceptionally, pronounced early in December while the remainder were pronounced last week. The summary by the EPO mentioned all the cases the management had won but none of the ones they lost. Additionally commentary was given which aimed to deter filings at the ILO by suggesting that it was a waste of time and wasted the tribunals time. That the decisions against management were not worthy of comment says it all since those decisions highlighted the corruption of internal justice where the accuser was also leading the prosecution case and advising those who sat in judgement. One would have thought lessons could be learnt and at least some token gesture would be made to recognise managerial errors and promise to improve. Apparently not.

One last point. The decisions which went against the judge and the union rep included decisions against intermediate steps (asking for but being refused return of confiscated personal property (a USB stick) and refusal to investigate harassment by the internal investigative unit). In both cases the tribunal considered that these were part of a procedure which was ongoing but not concluded (at that time). Interesting precedents which give carte blanche for abuse since if one wins a case, no matter how unlikely, there will be no opportunity to appeal and hence no justice for usually unallowable behaviour.

Theres no justice for EPO workers, neither at the IAC nor ILO. One begins to wonder if theres patent justice at examination, oppositions, the Boards and the envisioned UPC (all of which Battistelli always controls or...


Junk Build Printer Uses Pencil To Print Hackaday

Sometimes, it is interesting to see what you can build from the bits that you have in your junk drawer. [Dr West] decided to build a printer with spare parts including a hard drive, a scanner base and an Arduino. The result is a rather cool printer that prints out the image using a pencil, tapping the image out one dot at a time. The software converts the image into an array, with 0 representing white and 1 representing black. The printer itself works a bit like an old-school CRT TV: the scanner array moves the printer along a horizontal line, then moves it vertically and along another horizontal line. It then triggers the hard drive actuator to create a mark on the paper if there is a 1 in the array at that point.

Weve seen a few drawing printers before, but most use a plotter or CNC approach, where the motors move the pencil on an X-Y . This type of dot matrix printer (sometimes called a dotter) isnt as efficient, but its a lot of fun and shows what can be achieved with  a few bits of junk and a some ingenuity.


HPR2479: Intergraph workstation Hacker Public Radio

Been going through my old work servers. They typically run until I can't update them anymore and then sit not used until I have a bit of free time. So I have an old intergraph box in it that I new pentium 4 motherboard from about 8 years back. I had the receipt taped to the inside of the box. And the Expense statement from work. I had centos 6.0 on it try as it must It got no more updates and repros. It also has a weak PSU as I had to remove the DVD and graphics card to get to work. About intergraph: Intergraph Corporation is an American software development and services company. It provides enterprise engineering and geospatially powered software to businesses, governments, and organizations around the world. Intergraph operates through three divisions: Hexagon PPM, Hexagon Safety &amp; Infrastructure, and Hexagon Geospatial. The company's headquarters is in Huntsville, Alabama, USA. In 2008, Intergraph was one of the 100 largest software companies in the world. In 2010, Intergraph was acquired by Hexagon AB. Intergraph was founded in 1969 as M&amp;S Computing, Inc., by former IBM engineers who had been working with NASA and the U.S. Army in developing systems that would apply digital computing to real-time missile guidance. The company was later renamed to Intergraph Corporation in 1980. In 2000, Intergraph exited the hardware business and became purely a software company. On July 21, 2000, it sold its Intense3D graphics accelerator division to 3Dlabs, and its workstation and server division to Silicon Graphics. The companies incorporated SmartSketch, a drawing program used previously for the PenPoint OS and EO tablet computer. When Pen computing did not take off, SmartSketch was ported to the Windows and Macintosh platforms. The new TD-300 and TD-400 &quot;Personal Workstations&quot; offer 3D graphics capabilities equal to or below the prices of PCs configured as 3D workstations, the company said. The TD-300 and TD-400 Personal Workstations are available immediately, with prices starting at $5,495. So the box now has a Pentium 4 dual core in it which is 64 bit. This chip is 2004-2007. So I have the ubuntu 32 bit work. And Suse Enterprise 12, tumbleweed and leap on hyperV. I had my Transmeta box on Debian I386 32 bit. So I need a redhat flavor. Since its 64 bit I picked CentOS. What is CentOS? CentOS (/snts/, from Community Enterprise Operating System) is a Linux distribution that attempts to provide a free, enterprise-class, community-supported computing platform functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL). In January 2014, CentOS announced the official joining with Red Hat while staying independent from RHEL, under a new CentOS governing board. In July 2010, CentOS overtook Debian to become the...


Bionic device gives you a third thumb Lifeboat News: The Blog

A third thumb may be the beginning of human augmentation.


Even Kluwer Patent Blog Decides to Comment on the EPOs Bizarre Financial Behaviour Techrights

Related: The Financial Handling of the EPO is Incredibly Scandalous

The money-grabbing EPO

Summary: The EPO acting like a high-risk investment bank rather than a patent office has become enough of an issue that even Kluwer Patent Blog writes about it

THE EPOs financial state and utterly gross misuse of funds has long fascinated us. How can Battistelli get away with all this? Another Bygmalion Affair?

Money corrupts. EPO budget corrupts absolutely. It can even buy votes and journalists in order to ensure they play along, in effect siding with the abuser.We have already seen the EPO shelling out stakeholders money for illegal activities like obtrusive surveillance, plenty of bodyguards for Battistelli and his cronies, a secret little pub for Battistelli and his cronies, alleged bribe money for votes, money for lawyers who financially destroy staff (e.g. in ILO), several law firms that legally bullied me on behalf of Team Battistelli, soft bribes to media companies, soft bribes to academia and so much more. The EPO is being treated like a bottomless money pit, mostly by Battistelli. Its a new thing. He also pockets some more money along with his cronies (they give themselves generous bonuses). Stakeholders deserve to know all this. Its their money; theyre being milked.

Well, mentioned by SUEPO earlier today was this new Kluwer Patent Blog post from Samuel Adams. Its about the EPO thinking that it's an investment bank, as...


Choose Omega-3s from Fish Over Flax for Cancer Prevention, Study Finds SoylentNews

Prof. David Ma has discovered that marine-based omega-3s are eight times more effective at inhibiting tumour development and growth.

"This study is the first to compare the cancer-fighting potency of plant- versus marine-derived omega-3s on breast tumour development," said the professor in the Department of Human Health and Nutritional Sciences. "There is evidence that both omega-3s from plants and marine sources are protective against cancer and we wanted to determine which form is more effective."

[...] Published in the Journal of Nutritional Biochemistry, the study involved feeding the different types of omega-3s to mice with a highly aggressive form of human breast cancer called HER-2. HER-2 affects 25per cent of women and has a poor prognosis.

[...] Ma found overall exposure to marine-based omega-3s reduced the size of the tumours by 60 to 70 per cent and the number of tumours by 30 per cent.

However, higher doses of the plant-based fatty acid were required to deliver the same impact as the marine-based omega-3s.


Journal Reference: Jiajie Liu, Salma A. Abdelmagid, Christopher J. Pinelli, Jennifer M. Monk, Danyelle M. Liddle, Lyn M. Hillyer, Barbora Hucik, Anjali Silva, Sanjeena Subedi, Geoffrey A. Wood, Lindsay E. Robinson, William J. Muller, David W.L. Ma. Marine fish oil is more potent than plant based n-3 polyunsaturated fatty acids in the prevention of mammary tumours. The Journal of Nutritional Biochemistry, 2017; DOI: 10.1016/j.jnutbio.2017.12.011

Original Submission

Read more of this story at SoylentNews.


Stravas Just the Start: The US Militarys Losing War Against Data Leakage Lifeboat News: The Blog

The Defense Department cant stop the rising river of of digital metadata or prevent enemies from dipping into it.

The Pentagon has long wrapped Diego Garcia in a veil of secrecy, barring media from the Indian Ocean island even as its base and airfield became a key node in Americas wars in the Middle East. But a hole appeared in the veil last Saturday, when a mobile fitness-tracking app company called Strava posted a heatmap of its subscribers activity including the routes that sailors and airmen take as they jogged.

What you saw from the running patterns is exactly what I experienced when I was deployed there five times between 1985 and 1999, Air Force General Paul Selva, vice chairman of the Joint Chiefs of Staff, recalled in a breakfast with reporters on Tuesday. A heavily secluded jungle trail runs along the islands western edge, Selva said, perfect for an ambush. Ive run it a thousand times. If I had a FitBit, I would have contributed to the map of Diego Garcia.


Trying Out openSUSE Leap 15.0 Beta, Comparison Linux Benchmarks Phoronix

With this morning's debut of the openSUSE Leap 15.0 public beta that is derived from the upcoming SUSE Linux Enterprise Server 15 source code, I was curious to check it out and also run some benchmarks. For seeing how the current beta performance is stacking up I ran some benchmarks against openSUSE Leap 42.3, openSUSE Tumbleweed, Clear Linux, and a daily snapshot of Ubuntu 18.04 LTS.


Overnight Tech: Dems hammer Twitter, Facebook over #Releasethememo campaign | Apple confirms government probe | Twitter says 1.4m users interacted with Russian troll accounts The Hill: Technology Policy

DEMS HAMMER TWITTER, FACEBOOK OVER #RELEASETHEMEMO CAMPAIGNS: Two Democratic lawmakers slammed Twitter and Facebook on Wednesday, saying the social media giants' response to questions about recent alleged Russian manipulation of their platform were...


[$] Too many lords, not enough stewards

For anyone who has followed Daniel Vetter's talks over the last year or two, it is fairly clear that he is not happy with the kernel development process and the role played by kernel maintainers. In a strongly worded talk at (LCA) 2018 in Sydney, he further explored the topic (that he also raised at LCA 2017) in a talk entitled "Burning down the castle". In his view, kernel development is broken and it is unlikely to improve anytime soon.


Zuckerberg: Users spending 50 million fewer hours a day on Facebook The Hill: Technology Policy

Facebook CEO Mark Zuckerberg said the companys shift to showing fewer videos has led to users spending 50 million fewer hours a day on the website. Already last quarter, we made changes to show fewer viral videos to make sure people's time is well...


Mozilla fixes a critical remote code execution vulnerability in Firefox Security Affairs

Mozilla has released security updates for Firefox 58 that addresses a critical remote code vulnerability that allows a remote attacker to run arbitrary code on vulnerable systems.

The vulnerability, tracked as CVE-2018-5124, affects Firefox versions 56 through 58, meanwhile, it doesnt impact Firefox for Android and Firefox 52 ESR.

The development teams behind major Linux distributions have also started rolling out updated packages that fix the flaw.

It was discovered by the Mozilla developer Johann Hofmann.

A vulnerability in Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. states the security advisory.

The vulnerability is due to insufficient sanitization of HTML fragments in chrome-privileged documents by the affected software. An attacker could exploit the vulnerability by persuading a user to access a link or file that submits malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely.

Firefox 58 was released on January 23, it addresses more than 30 vulnerabilities in the popular browser, some of...



Raven Ridge Gets Yet More AMDGPU DC Fixes Phoronix

While the Linux 4.15 kernel introduces AMDGPU DC display code support and is currently enabled just by default for RX Vega GPUs and newer, a lot of work continues going into this new display code stack...



Read issue #185 of Lifeboat News Lifeboat News

Read issue #185 of Lifeboat News!


Woz Likes his Tesla, Doesn't Trust Elon SoylentNews

Steve Wozniak spoke recently at the Nordic Business Forum in Stockholm. A clipping from the end of the short article,

After years of upgrades and new sensors, Woz sees Tesla as a company that has made major promises and delivered well under the bar. "I love that car, but the trouble is Elon Musk is portrayed in a lot of moves with a lack of faith and trust," he said. "What he says, can you really believe in him? Is he just a good salesman, like Jobs, and may not be there [in the end]?"

Wozniak went as far as to suggest that "every other car manufacturer in the world," including Audi and BMW, "are actually ahead of Tesla for self-driving cars." He then praised his Chevy Bolt EV, which he prefers to drive for everyday life.

It doesn't seem that long ago that Woz was calling out Toyota for problems with the cruise control on his Prius, but here's an update from 2010 --

Original Submission

Read more of this story at SoylentNews.


Links 31/1/2018: Red Hat to acquire CoreOS, Hyperledger Releases Sawtooth 1.0 Techrights

GNOME bluefish



  • Desktop

    • Acer Chrome OS Tablet spotted at Bett Education Expo

      Googles offering two open source operating systems, Android and Chrome OS, has drawn some criticism and market confusion. But this didnt stop Chrome OS from carving out a sizeable market chunk for itself, primarily in the education field. With growing Android App support, it now appears to be expanding on to tablets as well. A photo has emerged in a now-deleted tweet that appears to be an Acer tablet running Chrome OS.

      At the recently concluded Bett education and technology show in London, Acer officially unveiled three Chrome OS devices: two Chromebooks and a Chromebox. However, one of the attendee at the event, Alister Payne, managed to get a photo of one more Chrome OS device from Acer. The photo, posted on Twitter by @Alister_Payne, clearly shows what would be the first Chrome OS tablet. Theres a visible Acer logo on the bottom bezel. The tweet has now been deleted, but not before ChromeUnboxed, preserved it.

    • Best Linux Desktops for Business

      When choosing a Linux distro for your business, one of the factors you should consider is which desktop environment works best for your company. This can be made more complex when you consider individual workflows. In this article, Ill share some of the best desktop environments for the enterprise environment while addressing different types of workflows.

  • Audiocasts/Shows

  • Kernel Space


How to Fly a Drone With Your Face IEEE Spectrum Recent Content full text

Send your drone flying by making a ridiculous face at it Image: Simon Fraser University

Its nice that consumer drones are getting easier and easier to use, incorporating more safeguards and autonomy and stuff. Generally, though, piloting them does still require some practice and skill, along with free hands and a controller thats probably more expensive than it should be. This is why weve been seeing more research on getting drones set up so that unaltered, uninstrumented, and almost entirely untrained users can still do useful things with them.

At Simon Fraser University, roboticists are seeing how far they can push this idea, and theyve come up with a system for controlling a drone that doesnt require experience, or a controller. Or even hands. Instead, you use your face, and its totally intuitive and natural. As long as its intuitive and natural for you to make funny faces at drones, anyway.

Here is how to control a drone with your face in Canada:

Pic Image: Simon Fraser University Neutral faces (above) and trigger faces (below).

Ready: The users identity and facial expressions are learned and input is provided through touch-based interaction. Hold the drone at eye level, gaze deeply into its camera, and give it your best neutral look. Hold this neutral look until the drone is satisfied that you are consistently neutral. This should take less than a minute, unless you get the giggles. Next, rotate the drone so that its sideways, and make a trigger face, which is unique from your neutral face. If youre super boring, you can make a trigger face by just covering one eye, but come on, youre better than that.

Aim: The robot starts flying and keeps its user centered in its camera view, while the user lines up the trajectory and chooses its power by drawing back analogous to firing a bow or slingshot. Place the drone on the ground in front of you, and itll take off and over menacingly in front of you. Try and move from side to side to escape, and the drone will remorselessly yaw to keep you in view. Once you have it pointed exactly the wrong way, back away slowly and imagine that theres a rubber band between you and the drone and its getting stretched more and more. 

Fly: The user signals to the robot to begin a preset parameterized trajectory. The robot executes the trajectory with parameters observed at the end of the Aim phase. When the drone is facing in the direction you dont want it to go and you think youre far enough away, make your...


Twitter: 1.4M may have interacted with Russian influence accounts The Hill: Technology Policy

Twitter says the number of users who may have interacted with Russian content intended to influence the election is now 1.4 million.The company provided the updated figure, more than double the 650,000 users the company notified initially, on...


Extended Directors Cut: Ted Nelson on What Modern Programmers Can Learn From the Past IEEE Spectrum Recent Content full text

The inventor of hypertext talks about the birth of personal computing, the web, and how to think beyond the currently possible Kristen Clark

Ted Nelson is one of the original prophets of the information age. In the 1960s he invented the word hypertext, and created project Xanadu, which prefigured many of the elements of the World Wide Web.

Nelson was part of personal computing at a time when it saw itself as an outgrowth of the countercultural movement that flourished in the 1960s. This computing was done either via a terminal to minicomputers, or on microprocessors with transistor counts measuring only in thousands. Back in the summer of 2016, Nelson was a keynote speaker at Vintage Computing Festival East in New Jersey and IEEE Spectrum had the chance to interview him off-stage.

We thought this was a good time to dust off that interview. Were entering a period when the possibilities and dangers of computing are looming large in our minds, thanks to the explosion of machine learning, debates over the governance of the Internet, the impacts of automation, and unexpected weaknesses revealed by the Spectre and Meltdown hardware bugs. Nelson talks about how he and his fellow pioneers thought the future would be a world of citizen programmers, how the Web omits much of the architecture underlying Xanadu, and his advice for breaking through the current limits to new conceptual ground.

Producer: Celia Gorman
Videographer: Kristen Clark


GNU LibreJS: New and improved! FSF blogs

  • Web pages load very quickly, by analyzing each file independently.
  • Enabling and disabling the plugin does not require a browser restart.

As the the Web continues to grow in importance, we must continue to improve user freedom on the Web. The primary aim of the free software movement is to release all code as free software, and that includes all JavaScript.

Nonfree JavaScript denies us control of our computing by denying us the freedom to use it for any purpose, and to modify and share the code that runs locally in our browsers. Sites that don't provide freely licensed JavaScript with human-readable source code don't respect our freedom, and the FSF discourages their use. That's where LibreJS comes into play, as it ensures that that the JavaScript we do use is free software, by checking licenses and blocking nonfree JavaScript.

Nonfree JavaScript is not the only freedom-related issue on the Web. It is part of a broader concern about services that are "SaaSS," or "service as a software substitute", and thus nonfree.

Many others have contributed to LibreJS in the past, including Loic J. Duros, Nik Nyby, and Ethan Dorta, an FSF summer intern. Anyone interested in assisting with the maintenance of the project is welcome to get involved.


Many Networking Changes Queued For Linux 4.16, New "Netdevsim" Driver Phoronix

David Miller has presented the set of networking subsystem changes targeting the Linux 4.16 and once again it's on the heavier side...


Engineers develop flexible lithium battery for wearable electronics Lifeboat News: The Blog

The rapid development of flexible and wearable electronics is giving rise to an exciting range of applications, from smart watches and flexible displayssuch as smart phones, tablets, and TVto smart fabrics, smart glass, transdermal patches, sensors, and more. With this rise, demand has increased for high-performance flexible batteries. Up to now, however, researchers have had difficulty obtaining both good flexibility and high energy density concurrently in lithium-ion batteries.

A team led by Yuan Yang, assistant professor of materials science and engineering in the department of applied physics and mathematics at Columbia Engineering, has developed a prototype that addresses this challenge: a Li-on battery shaped like the human spine that allows remarkable flexibility, high , and stable voltage no matter how it is flexed or twisted. The study is published today in Advanced Materials.

The density of our prototype is one of the highest reported so far, says Yang. Weve developed a simple and scalable approach to fabricate a flexible spine-like that has excellent electrochemical and mechanical properties. Our design is a very promising candidate as the first-generation, flexible, commercial lithium-ion battery. We are now optimizing the design and improving its performance.


Repairs You Can Print: Racing the Clock for a Dishwasher Fix Hackaday

No matter how mad your 3D printing skills may be, there comes a time when it makes more sense to order a replacement part than print it. For [billchurch], that time was the five-hour window he had to order an OEM part online and have it delivered within two days. The race was on would he be able to model and print a replacement latch for his dishwashers detergent dispenser, or would suffer the ignominy of having to plunk down $30 for a tiny but complicated part?

As you can probably guess, [bill] managed to beat the clock. But getting there wasnt easy, at least judging by the full write-up on his blog. The culprit responsible for the detergent problem was a small plastic lever whose pivot had worn out. Using a caliper for accurate measurements, [bill] was able to create a model in Fusion 360 in just about two hours. There was no time to fuss with fillets and chamfers; this was a rush job, after all. Still, even adding in the 20 minutes print time in PETG, there was plenty of time to spare. The new part was a tight fit but it seemed to work well on the bench, and a test load of dishes proved a success. Will it last? Maybe not. But when you can print one again in 20 minutes, does it really matter?

Have you got an epic repair that was made possible by 3D printing? We want to know about it. And if you enter it into our Repairs You Can Print Contest, you can actually win some cool prizes to boot. Weve got multiple categories and not that many entries yet, so your chances are good.


Dems demand answers from fitness app that revealed sensitive military info The Hill: Technology Policy

Democrats on the House Energy and Commerce Committee are demanding answers from Strava, the fitness app that analysts say may have inadvertently revealed the locations of covert military and intelligence bases.The lawmakers, led by Rep. Frank...


Lizard Squad is alive and continuing activities as BigBotPein: Report HackRead

By Waqas

According to researchers, evidence suggests Lizard Squad is alive and

This is a post from Read the original post: Lizard Squad is alive and continuing activities as BigBotPein: Report


Cornucopia Random Thoughts

I ordered a couple of mini-comics from Quimbys Bookstore, and I got an amusingly large stack of stuff.

At least I think all this was from Quimbys; I unpacked a lot of stuff at the same time. I cant think of where else this would come from.



The Ransomware Survival Handbook Help Net Security

When a ransomware infection spreads through your network, its goal is to encrypt any files it can access (even backups) as quickly as possible. That can happen in a matter of minutes or even seconds. And from there, the clock starts ticking. Because everyone is expecting you to get things back up and running. Read The Ransomware Survival Handbook and learn how to recover quickly and effectively (and not get hit again). Written based on More


Walmart to Launch Online Grocery Delivery in Japan in Deal with Rakuten SoylentNews

Apparently E-readers aren't the only thing Walmart is partnering with Rakuten for:

Walmart has struck a partnership with e-commerce firm Rakuten Inc to launch an online grocery delivery service in Japan, its latest effort to forge an alliance with a popular homegrown chain to crack a competitive market.

The world's largest retailer, Wal-Mart Stores Inc, said on Thursday the service will launch in the latter half of 2018.

Walmart's leadership is looking for new ways to grow its international business, which is no longer the growth engine it once was, as it has grappled with economic woes in Brazil and competition from discount retailers in Britain.

In Japan, the new service will replace Walmart's existing online grocery delivery offering and will be called "Rakuten Seiyu Netsuper." Seiyu GK is the name of Walmart's wholly-owned Japanese unit.

It will allow customers to place an order on Rakuten's online marketplace platform, which will then be fulfilled by the Walmart-Rakuten joint venture. Walmart-Rakuten will open a warehouse to service these orders in addition to using Seiyu stores, the companies said.


Original Submission

Read more of this story at SoylentNews.


Attackers disrupt business operations through stealthy crypto mining Help Net Security

WannaMine, a Monero-mining worm discovered last October, is increasingly wreaking havoc on corporate computers. Either by slowing down computers or by crashing systems and applications, the crypto mining worm is, according to CrowdStrike researchers, seriously affecting business operations and rendering some companies unable to operate for days and even weeks. In one case, a client informed CrowdStrike that nearly 100 percent of its environment was rendered unusable due to overutilization of systems CPUs. As time More


XFS In Linux 4.16 Continues With "Great Scads Of New Stuff" Phoronix

Back during the Linux 4.15 kernel merge window XFS file-system maintainer Darrick Wong commented there was great scads of new stuff and now with Linux 4.16 he's repeating that line. XFS for Linux 4.16 brings several significant changes to this mature Linux file-system...


Schaller: An update on Pipewire the multimedia revolution

Christian Schaller provides us with an update on the state of the new PipeWire multimedia system. "So as you probably noticed one thing we didnt mention above is how to deal with PulseAudio applications. Handling this usecase is still on the todo list and the plan is to at least initially just keep PulseAudio running on the system outputting its sound through PipeWire. That said we are a bit unsure how many applications would actually be using this path because as mentioned above all GStreamer applications for instance would be PipeWire native automatically through the PipeWire GStreamer plugins."


A Slide Rule for Real Programmers IEEE Spectrum Recent Content full text

This circular slide rule was used to calculate the most efficient code for the UNIVAC II Photo: NMAH/Smithsonian Institution

Photo of the special-purpose 1950s circular slide rule from Remington Rand. Photo: NMAH/Smithsonian Institution

When does your computer need a slide rule? When it is the UNIVAC II. This special-purpose 1950s circular slide rule from Remington Rand was used by programmers to optimize how the room-size mainframe executed instructions. The computer had a drum memory that was constantly rotating, and the most efficient program would position the drum so that the next instruction would begin executing wherever the current instruction finished. Instructions were thus scattered across the drum and not physically adjacent to each other. To minimize rotational delays, a programmer had to figure out each instructions execution time in order to queue up the next command, an approach called minimum latency programming. The slide rule was intended to help programmers make those calculations.

Computer programming was just one of many uses for the slide rule, which had been invented in the 1620s by William Oughtred as an aid for multiplication and division. Around 1850, Victor Mayer Amde Mannheim added the cursor or indicatorwhich he called a runnerto help users align the slide rules scales and easily read off the result. On all of these instruments, the scales were divided logarithmically.

By the late 1800s, general-purpose slide rules had become a common tool for engineers. The most familiar form is the linear slide rule, but there were also circular ones like the UNIVACs as well as cylindrical slide rules.

In addition to performing basic arithmetic, slide rules were used to find logarithms, square roots, and trigonometric functions, or anything with a regularly repeating ratio. The Ohms Law Calculator, produced by the Perrygraf Corp. for the Ohmite Manufacturing Co. of Chicago, helped electricians calculate volts, amperes, watts, or ohms, depending on what measurements were known. A separate slide indexed to Ohmites parts catalog helped you pick the appropriate stock number.

img ...


The Engineering Analysis Of Plastic-Dissolving Lubricant Hackaday

Over the years, E3D has made a name for themselves as a manufacturer of very high-quality hotends for 3D printers and other printer ephemera. One of their more successful products is the Titan Extruder, a compact extruder for 3D printers that is mostly injection-molded plastic. The front piece of the Titan is a block of molded polycarbonate, a plastic that simply shouldnt fail in its normal application of holding a few gears and bearings together. However, a few months back, reports of cracked polycarbonate started streaming in. This shouldnt have happened, and necessitated a deep dive into the failure analysis of these extruders. Lucky for us, E3D is very good at doing engineering teardowns. The results of the BearingGate investigation are out, and its a lesson we can all learn from.

The first evidence of a problem with the Titan extruders came from users who reported cracking in the polycarbonate case where the bearing sits. The first suspect was incorrectly manufactured polycarbonate, perhaps an extruder that wasnt purged, or an incorrect resin formulation during manufacturing. A few whacks with a hammer of each production run ruled out that possibility, so suspicion turned to the bearing itself.

After a few tests with various bearings, the culprit was found: in some of the bearings, the lubricant mixed with the polycarbonate to create a plastic-degrading toxic mixture. These results were verified by simply putting a piece of polycarbonate and the lubricant in a plastic bag. This test resulted in some seriously messed up plastic. Only some of the bearings E3D used caused this problem, a lesson for everyone to keep track of your supply chain and keep records of what parts went into products when.

The short-term fix for this problem is to replace the bearing in the Titan with IGUS solid polymer bushings. These bushings dont need lubricant, and therefore are incapable of killing the polycarbonate shell. There are downsides to this solution, namely that the bushings need to be manufactured, and cause a slight increase in friction reducing the capability of the pancake steppers E3D is using with this extruder.

The long-term solution for this problem is to move back to proper bearings, but changing the formulation of the polycarbonate part to something more chemical resistant. E3D settled on a polymer called Tritan from Eastman, a plastic with similar mechanical properties, but one that is much more chemically resistant. This does require a bit more up-front work than machining out a few bearings, but once E3D gets their Tritan parts in production, they will be able to move back to proper bearings with the right lubrication.

While this isnt a story of exploding smartphones or other disastrous engineering failu...


Researchers report promising pterostilbene and NR clinical trial results Lifeboat News: The Blog

Results of NR and pterostilbene clinical trial are promising.

A clinical trial of an NR and pterostilbene anti-aging supplement appeared to be safe over the short-term as it increased NAD levels in a sustained way. [This article first appeared on the website Author: Brady Hartman. ]

A clinical trial of NR and pterostilbene sustainably increased NAD levels and appeared to be safe over the short-term. Moreover, the study suggests that it increased the mobility of the aging test subjects.

Our NAD levels decline as we age, and as the theory goes, boosting NAD will also increase our energy and keep our bodies in better condition.


[$] Containers from user space

In a 2018 keynote called "Containers from user space" an explicit reference to the cult film "Plan 9 from Outer Space" Jessie Frazelle took the audience on a fast-moving tour of the past, present, and possible future of container technology. Describing the container craze as "amazing", she covered topics like the definition of a container, security, runtimes, container concepts in programming languages, multi-tenancy, and more.


Could a protein named klotho block aging and dementia? Lifeboat News: The Blog

Could a protein called klotho block aging and dementia?

Summary: More klotho means better cognitive function says a scientist. By injecting the protein Klotho into mice with Alzheimers, a UCSF researcher improved their brain function. The researcher hopes to eventually apply the treatment to humans to treat aging and dementia. [Introduction by Brady Hartman, followed by a link to the full article.]

Neurologist and neuroscientist Dr. Dena Dubal wants to prevent dementia and aging with a protein called Klotho. Dr. Dubal, MD, Ph.D. an associate professor of neurology at UC San Francisco aims to use this novel approach to battle neurodegenerative diseases like Alzheimers disease and dementia.

Rather than battle these diseases head-on, professor Dubal aims to block the aging process itself. Dr. Dubal is testing the proteins potential as a therapeutic. The researcher found that by administering the protein to mice, she gave them a cognitive boost, equivalent to genetically increasing klotho. In fact, after injecting the protein into mice that had a condition similar to Alzheimers, Dr. Dubal remarked.


Revolutionary stealth virus holds promise for cancer therapy Lifeboat News: The Blog

Researchers solved a problem that has been holding back the use of viral vectors for cancer therapy. They re-engineered viruses with a novel stealth technique that enables them to be used to treat cancer.

Up until now, viral vectors couldnt be used widely in cancer therapy. Researchers just announced that they re-engineered an adenovirus with a novel stealth technique that enables it to be used to fight tumors. [This article first appeared on the website Author: Brady Hartman. ]

Viral vectors are well-developed tools used by scientists to deliver genetic material into cells. Unfortunately, they havent worked well to treat cancer until a group of researchers in Switzerland re-engineered them to enable them to be used in cancer therapy.

Researchers from the University of Zurich have re-engineered an adenovirus for use in cancer therapy. To achieve this, scientists developed a new protein shield that hides the virus and protects it from being eliminated by the body. Moreover, adapters on the surface of the virus enable the reconstructed virus to target and infect tumor cells.


Schumer recommends top aide for FTC post: report The Hill: Technology Policy

Senate Minority Leader Charles Schumer (D-N.Y.) has recommended one of his aides for a slot on the Federal Trade Commission (FTC), Reuters reports.Schumer suggested the White House nominate his chief counsel Rebecca Slaughter to fill a...


Orcas Can Imitate Human Speech SoylentNews

Orcas, commonly known as killer whales, have been successfully trained to imitate human speech.

Writing in the journal Proceedings of the Royal Society B: Biological Sciences, researchers from institutions in Germany, UK, Spain and Chile, describe how they carried out the latest research with Wikie, a 14-year-old female orca living in an aquarium in France. She had previously been trained to copy actions performed by another orca when given a human gesture.

After first brushing up Wikie's grasp of the "copy" command, she was trained to parrot three familiar orca sounds made by her three-year old calf Moana.

Wikie was then additionally exposed to five orca sounds she had never heard before, including noises resembling a creaking door and the blowing a raspberry.

Finally, Wikie was exposed to a human making three of the orca sounds, as well as six human sounds, including "hello", "Amy", "ah ha", "one, two" and "bye bye".

The embedded clip of the audio is pretty interesting. We've all heard birds imitating sounds but the article makes a point that only a fraction of animals have the neural and vocal apparatus to do this.

How long until your next call to customer service gets outsourced to these cetaceans?

Original Submission

Read more of this story at SoylentNews.


Is ICEMAN behind the malware-based attack on Crystal Finance Millennium? Security Affairs

Exclusive The Iceman gang taking responsibility for infecting Crystal Finance Millennium, the journalist Marc Miller interviewd one of the members of the crew.

Iceman gang member confirms that they are behind the introduction and spreading of malware that infected the systems at Crystal Finance Millennium.

In Septemeber security experts at TrendMicro reported that the Ukraine based Account Firm, Crystal Finance Millennium (CFM), has been hacked and is found to be distributing malware.

The incident caused the firm to take down its website to stop spreading the threat.

Crystal Finance Millennium ICEMAN

Crystal Finance Millennium attack (Source Trend Micro)

Marc Miller had a chance to speak to one of the gang members on XMMP and he confirmed that the Iceman group is behind this attack. They started with a simple web attack (SQLI which lead to web shell upload, no privilege escalation was needed) in order to gain access to the web servers of the company.

He confirmed that the math was simple, the Ukrainian company had many clients in the financial and medical sector which facilitated the propagation of their malware. From the archived web page, it becomes apparent they provide accounting software, personalization of medical records, blood service and full automation of the doctors office contrary to what their company name suggests, it appears they are (mostly) focused on medical software.

The group sent phishing emails to various targets based in Ukraine and former Soviet countries. The emails contained a ZIP file that, in turn, contained a JavaScript file. When users unzipped the archive and ran the JS file, the script would download a file named load.exe from the CFMR...


Quantum Communications in Your Browser Hackaday

Quantum computing (QC) is a big topic, and last time I was only able to walk you through the construction of a few logic gates, but you have to start somewhere. If you havent read that part, you probably should, because youll need to understand the simulator Im using and some basic concepts.

I like to get right into practice, but with this topic, theres no avoiding some theory. But dont despair. Well have a little science fiction story you can try by the end of this installment, where we manage to pack two bits of information into a single physical qubit. Last time I mentioned that qubits have 1 and 0 states and I hinted that they were really |1> and |0> states. Why create new names for the two normal binary states? Turns out there is more to the story.

Whats the Vector, Victor?

In Dirac notation, |1> is a vector. So is |hackaday> and |123>. You can get into a lot of math with these, but Im going to try to avoid most of that. This is also called ket notation (the last part of the word bracket) so youll hear people say one ket or hackaday ket. Either way, the vector can represent one or more qubits and there are several ways to represent them.

Image via...


Analog Equivalent Rights (13/21): Our digital children are tracked not just in everything they buy, but in what they DONT buy Falkvinge on Liberty


Privacy:Weve seen how our digital childrens privacy is violated in everything they buy with cash or credit, in a way our analog parents would have balked at. But even worse: our digital childrens privacy is also violated by tracking what they dont buy either actively decline or just plain walk away from.

Amazon just opened its first Amazon Go store, where you just pick things into a bag and leave, without ever going through a checkout process. As part of the introduction of this concept, Amazon points out that you can pick something off the shelves, at which point itll register in your purchase and change your mind and put it back, at which point youll be registered and logged as having not purchased the item.

Sure, youre not paying for something you changed your mind about, which is the point of the video presentation. But its not just about the deduction from your total amount to pay: Amazon also knows you considered buying it and eventually didnt, and will be using that data.

Our digital children are tracked this way on a daily basis, if not an hourly basis. Our analog parents never were.

When were shopping for anything online, there are even simple plugins for the most common merchant solutions with the business terms funnel analysis where in the so-called purchase funnel our digital children choose to leave the process of purchasing something or cart abandonment analysis.

We cant even simply walk away from something anymore without it being recorded, logged, and cataloged for later use against us.

But so-called cart abandonment is only one part o...


Distribution Release: Linux Lite 3.8 News

Jerry Bezencon has announced the release of Linux Lite 3.8, an Ubuntu-based distribution featuring the lightweight Xfce desktop. "Linux Lite 3.8 Final is now available for download. There have been a number of changes since the 3.6 release. This is the last release for Series 3.x. Linux Lite....


Developing a Science-based Personal Longevity Strategy Lifeboat News: The Blog

When developing any personal health and longevity strategy it is essential to apply the scientific method.

There is one common public reaction to my talks that bothers me quite a bit. I am worried that after each of my lectures, people will just start taking lots of anti-aging pills without regard for dosage or effectiveness, potentially hurting themselves in the process.

This is because one of the most common reactions to me mentioning any currently available interventions is to search for each and every component and order them all right away. Whatever I say about safety and the need to test before people make any changes in their lifestyles seems ineffective.

So, I want to talk about this problem.


New Wacom, Jabra & ASUS Hardware Supported By Linux 4.16 Phoronix

Jiri Kosina of SUSE has submitted his feature pull requests today for the Linux 4.16 kernel, including the HID subsystem updates...


Dems hammer Twitter, Facebook for responses on alleged memo bot campaign The Hill: Technology Policy

Two Democratic lawmakers slammed Twitter and Facebook on Wednesday, saying the social media giants' response to questions about recent alleged Russian manipulation of their platform were incomplete.Top House Intelligence Committee Democrat...


Processor Bugs Are Everywhere Just Ask Intel And AMD SoylentNews

Arthur T Knackerbracket has found the following story:

In 2015, Microsoft senior engineer Dan Luu forecast a bountiful harvest of chip bugs in the years ahead.

"We've seen at least two serious bugs in Intel CPUs in the last quarter, and it's almost certain there are more bugs lurking," he wrote. "There was a time when a CPU family might only have one bug per year, with serious bugs happening once every few years, or even once a decade, but we've moved past that."

Thanks to growing chip complexity, compounded by hardware virtualization, and reduced design validation efforts, Luu argued, the incidence of hardware problems could be expected to increase.

This month's Meltdown and Spectre security flaws that affect chip designs from AMD, Arm, and Intel to varying degrees support that claim. But there are many other examples.

Original Submission

Read more of this story at SoylentNews.


US Attorney General set up the Joint Criminal Opioid Darknet Enforcement team to fight online opioid trafficking Security Affairs

The US Attorney General announced the creation of the Joint Criminal Opioid Darknet Enforcement team to fight online opioid trafficking.

Tor network is still a privileged ecosystem for cyber criminals and pedos, law enforcement and intelligence agencies worldwide reserve a significative effort in fighting any illegal practice that leverages anonymizing networks.

The US Attorney General has set up a task force, dubbed Joint Criminal Opioid Darknet Enforcement (J-CODE), composed of federal agents and cyber experts to dismantle black marketplaces that offer for sale any kind of drug.

The Joint Criminal Opioid Darknet Enforcement team will be distributed in many cities across the US, the feds are tasked to infiltrate the black markets, identify the operators, and shut down them.

The darknet, and in particular black marketplaces, have a relevant aggregation role for the distribution of illegal opioids. Even if many sellers are overseas,  the Joint Criminal Opioid Darknet Enforcement team will be focused on domestic operators.

During the official announcement of the task force, Attorney General Jeff explained the abuses of anonymizing networks, but he also highlighted that they can be used for good purposes, such as to avoid censorship. Sessions added that the hard work of law enforcement agencies allowed the infiltration of illegal rings.

Criminals think that they are safe on the darknet, but they are in for a rude awakening, Sessions said.

We have already infiltrated their networks, and we are determined to bring them to justice. The J-CODE team will help us continue to shut down the online marketplaces that drug traffickers use and ultimately that will help us reduce addiction and overdoses across the nation. 

Drugs represent a serious threat to the state, it has been estimated that opioids kill more than 90 Americans every day through overdoses, an...


Google smashed over 700,000 bad Android apps last year Graham Cluley

Google smashed over 700,000 bad Android apps last year

Google says that it is getting better than ever at protecting Android users against bad apps and malicious developers.

Read more in my article on the We Live Security blog.


Friday Hack Chat: Circuit Python Hackaday

Back in the olden days, if you wanted to learn how to program a computer, you used the BASIC interpreter stored in ROM. This is how an entire generation of devs learned how to program. Now, home computers do not exist, there is no programming language stored in ROM, and no one should inflict JavaScript on 8-year-olds. What is the default, My First Programming Language today? Python. And now its on microcontrollers.

For this weeks Hack Chat on, were going to be talking all about Circuit Python. Circuit Python is based on the Open Source MicroPython, a Python 3 interpreter that implements a subset of the Python language on microcontrollers and other constrained environments. It is the spiritual successor of BASIC on every computer: MicroPython has an interactive prompt, arbitrary precision integers, closures, lists, and more. All of this fits on a microcontroller with 256 kB of code space and 16 k of RAM.

Our guests for this weeks Hack Chat will be [Scott Shawcroft] and [Dan Halbert] fr...


Some stable kernel updates

The latest stable kernel updates are: 4.14.16, 4.9.79, 4.4.114, and 3.18.93. Each contains a relatively large set of important fixes and updates.


Researchers Cure Lung Fibrosis in Mice With a Single Gene Therapy Lifeboat News: The Blog

Idiopathic pulmonary fibrosis is a disease associated with critically short telomeres, and it currently lacks a reliable and effective treatment. Researchers at the Telomere and Telomerase Group at the Spanish National Cancer Research Centre (CNIO) have cured the disease in mice using telomerase therapy to lengthen short telomeres.

A proof of concept for an effective treatment against pulmonary fibrosis

The authors of this study have stated that this is a proof of concept that telomerase activation represents an effective treatment against pulmonary fibrosis in their publication[1].


[$] The effect of Meltdown and Spectre in our communities

A late-breaking development in the computing world led to a somewhat hastily arranged panel discussion at this year's in Sydney. The embargo for the Meltdown and Spectre vulnerabilities broke on January 4; three weeks later, Jonathan Corbet convened representatives from five separate parts of our community, from cloud to kernel to the BSDs and beyond. As Corbet noted in the opening, the panel itself was organized much like the response to the vulnerabilities themselves, which is why it didn't even make it onto the conference schedule until a few hours earlier.


Linux 4.16 Can Be A Lot Faster For Small I/O Activity Phoronix

The well known FIO benchmark saw a +244% improvement in read bandwidth for one test case as a result of one change to be found in Linux 4.16...


GDB 8.1 released

Version 8.1 of the GDB debugger is out. Changes include better support for the Rust language and various other improvements to make debugging easier; see the announcement and the news file for the full list.


10 Incredible YouTube To Mp3 Converter With Lighting Fast Downloading Speed TechWorm

Gone are the days when you used to watch videos from YouTube websites and wish to save or download them right on your smartphone. Nowadays, there are a plenty of videos to Mp3 converters available in the market, making the downloading task possible for you.

Though YouTube, itself, doesnt allow you to download videos, you can save them offline and watch them later on. But, what if you want them in a Mp3 format to save your devices memory as well as Internet data? Here comes the play of YouTube videos to Mp3 converters that enables you the downloading of Mp4 files to an audio version. This way, you can listen to the music while doing your work or chores.

Many of you must be wondering, is it safe to use such videos to Mp3 converter websites for music download? The answer is Yes. In here, we have listed top 10 YouTube to Mp3 converters for fastest conversion/downloads that are safe and user-friendly.


If you wish to download music in high-quality, go to FvdTube website. This amazing platform will let you choose the format before you download the video file. Also, it enables the downloading from social networking websites like Facebook and Instagram. Thus, giving you the best experience of converting videos to mp3 for free of cost.


One of the most popular tools to download videos as well as audios is Tubemate. Compatible with every operating system, this online website gives you the media file downloads in a blink of the eye. Additionally, you can convert videos to any format of your choice for free. Therefore, you do not have to spend any money on download/convert YouTube videos to Mp3.


People who have used Tubidy website must be aware of its effective search engine that looks a number of websites before presenting you with the best music. Using this...


Court Orders Tickbox to Keep Pirate Streaming Addons Out TorrentFreak

Kodi-powered set-top boxes are a great way to to stream video content to a TV, but sellers who ship these devices with unauthorized add-ons give them a bad reputation.

According to the Alliance for Creativity and Entertainment (ACE), an anti-piracy partnership comprised of Hollywood studios, Netflix, Amazon, and more than two dozen other companies, Tickbox TV is one of these bad actors.

Last year, ACE filed a lawsuit against the Georgia-based company, which sells Kodi-powered set-top boxes that stream a variety of popular media.

According to ACE, these devices are nothing more than pirate tools, allowing buyers to stream copyright-infringing content and being advertised as such. The coalition, therefore, asked the court for an injunction to prevent Tickbox from facilitating copyright infringement by removing all pirate add-ons from previously sold devices.

This week US District Court Judge Michael Fitzgerald issued a preliminary injunction, which largely sides with the movie companies. According to the Judge, there is sufficient reason to believe that Tickbox can be held liable for inducing copyright infringement.

One of the claims is that Tickbox promoted its service for piracy purposes, and according to the Judge the movie companies provided enough evidence to make this likely. This includes various advertising messages the box seller used.

There is ample evidence that, at least prior to Plaintiffscommencement of this action, TickBox explicitly advertised the Device as a means to accessing unauthorized versions of copyrighted audiovisual content, Judge Fitzgerald writes.

In its defense, Tickbox argued that it merely offered a computer which users can then configure to their liking. However, the Judge points out that the company went further, as it actively directed its users to install certain themes (builds) to watch movies, TV and sports.

Thus, the fact that the Device is just a computer that can be used for infringing and noninfringing purposes does not insulate TickBox from liability if [..] the Device is actually used for infringing purposes and TickBox encourages such use.

Taking these and several other factors into account, the Court ruled that a preliminary injunction is warranted at this stage. After the lawsuit was filed, Tickbox already voluntarily removed much of the inducing advertisements and addons, and this will remain so.

The preliminary injunction compels TickBox to the current versi...


Cobalt Could Untangle Chips Wiring Problems IEEE Spectrum Recent Content full text

Intel and GlobalFoundries are replacing some copper connections with the resilient, conductive metal Photo: Intel

Image: Intel Wired Up: This Intel transistor, seen in cross section, uses cobalt for lower-resistance wiring.

Todays computer chips contain tens of kilometers of copper wiring, built up in 15 or so layers. As the semiconductor industry has shrunk the size of transistors, it has also had to make these interconnects thinner. Today, some wiring layers are so fine that electrical current can actually damage them. And chipmakers are running out of new ways to deal with this problem.

Companies are now eyeing other materials, such as cobalt, ruthenium, even graphene, to replace copper for on-chip wiring. In December at the IEEE International Electron Devices Meeting (IEDM), in San Francisco, some seemed ready to anoint cobalt as the chosen metal. Intel described adopting the metal in its 10-nanometer chips finest interconnects; Intel and GlobalFoundries both presented details about the performance of devices that rely on cobalt as a replacement for other electrical contacts currently made of tungsten.

The problem theyre trying to solve stems from basic physics: The narrower a wire (and the longer it is), the higher its electrical resistance. Scaling is always bad for wires, says Daniel Edelstein, a research fellow at the IBM Thomas J. Watson Research Center, in Yorktown Heights, N.Y. One of the chief architects of the technology that allowed IBM to switch from aluminum to copper in 1997, Edelstein knows his interconnects.

Copper boasts lower resistivity than aluminum, tungsten, and even cobalt. However, copper is particularly vulnerable to another problem at small scales called electromigration. As electrons speed through ultrathin wires, they dislodge atoms in the metal, bumping them out of the way like a harried commuter jostling a tourist off the sidewalk.

To protect copper interconnects, the thin wires are lined with other materials, such as tantalum nitride or even cobalt. Copper moves easily, and you need a 1- to 2-nm barrier to contain it, says Kevin Moraes, a product manager at...

Repairs You Can Print: The Zipper Box Hackaday

Picture it: winter, a few years ago. [Ted Yapo]s son is sent to the front lines of a snowball war. He rises to the task, pelting kid after kid with ease and taking down the Johnson twins with a two-fisted trebuchet maneuver. As he hunkers down to form the last snowball needed to claim victory, the unthinkable happens: the zipper box on his coat breaks and falls silently into the snow. Unaware, he leaps to his feet to take his final shot and the whole zipper unfurls, exposing him to both the cold and the enemy. They won the war, but at what cost?

[Ted] figured the coat was done for. He thought about replacing the zipper entirely, but that was going to be a lot of work. He cast a forlorn look around his workshop and his gaze fell upon the 3D printer in the corner. I can rebuild it! He thought. I have the technology! He was off to design a new box in OpenSCAD and had sturdy ABS replacement zipper box in no time. He installed it with dab of Duco cement, and the rest is history. That coat saw two more winters and countless snowball wars before [Private Yapo] presumably grew out of the thing.

Zippers are the unsung heroes of clothing. If you dont know much about zippers, sink your teeth into [Dan Maloney]s recent ode to the quickest fastener weve got.


Critical Oracle Micros POS Flaw Affects Over 300,000 Payment Systems The Hacker News

Oracle has released a security patch update to address a critical remotely exploitable vulnerability that affects its MICROS point-of-sale (POS) business solutions for the hospitality industry. The fix has been released as part of Oracle's January 2018 update that patches a total of 238 security vulnerabilities in its various products. <!-- adsense --> According to public disclosure by


Uber executive to testify before Senate on 2016 data breach The Hill: Technology Policy

A top Uber executive will testify before the Senate next week on the companys 2016 data breach, which exposed the data of 57 million users.John Flynn, Ubers chief information security officer, will appear before a Senate Commerce subcommittee on...


LibreOffice 6.0 released

The LibreOffice 6.0 release is available. Changes include a new help system, a better spelling checker, OpenPGP support, better document interoperability, improvements to LibreOffice Online, and more. "LibreOffice 6.0 represents the bleeding edge in term of features for open source office suites, and as such is targeted at technology enthusiasts, early adopters and power users."


Tide Pod Challenge: Here to Stay? SoylentNews

Teenagers Are Still Eating Tide Pods, But Don't Expect A Product Redesign

If you've never seen it, a Tide Pod looks like a little rounded packet, white with two separate swirls of blue and orange liquid. To be clear, a Tide Pod is laundry detergent heavily concentrated into a single packet, meant to dissolve in water and clean a single load of laundry. But these days, it's a dare an Internet meme, in which teenagers try to eat Tide Pods as a "challenge." The trend picked up in December, but the pace of poisonings is still getting worse. So far in January alone, poison control centers have received 134 reports of "intentional exposures" to laundry packets, Tide or others. That's compared with 53 cases the American Association of Poison Control Centers reported for all of 2017, mostly involving teenagers.

[...] Designs like this are never willy-nilly, says Chris Livaudais, executive director of the Industrial Designers Society of America. The process starts by studying the habits of a potential user to find ways to make their life better in some way. In this case, the condensed formula does away with a heavy jug and the need for measurement.

[...] The colors are already associated with liquid detergent, Livaudais says. And the swirls "might imply how active the ingredients are and how well it would do the washing job."

Jones says the swirls were indeed a design choice indicating that the pod brings together three ingredients (cleaning, stain-fighting and brightening, he says). The pod is transparent because customers have told Tide they like to know what they're putting into the wash with their clothes.

Livaudais says industrial designers spend a lot of time mulling best and worst case scenarios for the use of products. But if someone knowingly chooses to misuse them? "That's completely out of our hands," he says.

National Poison Help hotline: 1-800-222-1222.

Original Submission

Read more of this story at SoylentNews.


Development Release: openSUSE 15.0 Beta (Build 109.3) News

Ludwig Nussel has announced the availability of a new testing snapshot for the Leap branch of the openSUSE distribution. The new snapshot, openSUSE 15.0 (Build 109.3), is part of a rolling release series of development snapshots and considered a beta release. "Leap 15 finally got a fresh look....


Hacker compromised user data & illegally used car sharing service 33 times HackRead

By Waqas

A 37-year old IT security researcher and self-confessed computer hacker

This is a post from Read the original post: Hacker compromised user data & illegally used car sharing service 33 times


Bill Gates joins How Computers Work series by TechWorm

Bill Gates contributes to How Computers Work series on by teaching computing

Bill Gates, the co-founder of Microsoft and Co-Chairman of charitable organization, Bill & Melinda Gates Foundation, will feature in a six-part video series on, where he will be seen teaching computing and explaining the contents of the course. is a non-profit organization dedicated to expanding access to computer science in schools.

The series called How Computers Work will show Gates explaining the role of operating system in computing, inner workings of modern computers and process of the course. The six-part series by Gates is basically targeted at kids to get them interested in the computer field.

Whether you use a PC, a smartphone, a wearable device, a connected home appliance, or a self-driving car, the same principles explain how all these computing devices function, Gates said in a statement announcing the series.

Everywhere you look, computers are changing the world. Whether theyre on our desktops, in our homes, our pockets, or just about anywhere else. But while most of us use this revolutionary daily, we dont often ask: How do computers work?

The different areas of topics in the total of six videos, each 5-6 minutes long are:

  • Introducing How Computers Work
  • What Makes A computer, A Computer?
  • Binary & data
  • Circuits and logic
  • CPU, Memory, Input, & Output
  • Hardware and Software

Whether youre just curious about the devices you use every day or you want to design the innovations of the future, the first step is learning how computers work, Gates says in concluding the introduction. In the 21st century, these computer science ideas are part of digital literacy that every student and adult can benefit from.

The How Computers Work series also features Nat Brown, who currently works with the VR team at Valve and was one of the creators of Microsofts Xbox gaming system, Khan Academys VP May-Li Khoe, and Amazon engineering manager Erica Gomez.

You can watch the full playlist of videos for free here on YouTube.

Source: onmsft,

The post Bill Gates joins How Computers Work series by appeared first on TechWorm.


report a vulnerability in sfcb software. Open Source Security

Posted by XinleiHe on Jan 31

Hi there,

I am XinleiHe. I will report a vulnerability in sfcb software.
SFCB is a CIM server for resource-constrained and embedded environments. It's offical website is

A null pointer vulnerabilty exists in sfcb newest version(1.4.9),a remote attacher can send a crafted packet trigger to
this vulnerabilty , and make sfcbd DOS.
I want to apply a cve id for this vulnerabilty.

You can use...


Global Resistor Shortage, Economics, and Consumer Behavior Hackaday

The passive component industry the manufacturers who make the boring but vital resistors, capacitors, and diodes found in every single electronic device is on the cusp of a shortage. Youll always be able to buy a 220 , 0805 resistor, but instead of buying two for a penny like you can today, you may only get one in the very near future.

Yageo, one of the largest manufacturers of surface mount (SMD) resistors and multilayer ceramic capacitors, announced in December they were not taking new chip resistor orders. Yageo was cutting production of cheap chip resistors to focus on higher-margin niche-market components for automotive, IoT, and other industrial uses, as reported by Digitimes. Earlier this month, Yaego resumed taking orders for chip resistors, but with 15-20% higher quotes (article behind paywall, try clicking through via this Tweet).

As a result, there are rumors of runs on passive components at the Shenzhen electronics market, and several tweets from members of the electronics community have said the price of some components have doubled. Because every electronic device uses these jellybean parts, a decrease in supply or increase in price means some products wont ship on time, margins will be lower, or prices on the newest electronic gadget will increase.

The question remains: are we on the brink of a resistor shortage, and what are the implications of manufacturers that dont have the parts they need?

An Informal Investigation Into Chip Resistor Shortages

With news of a coming shortage, you would expect resellers to bump up prices, buy more stock, or do something to ensure a steady supply of SMD resistors for the coming years. There are two ways to figure out if this is happening. The first is advanced analytics from a company that takes a look at tens of thousands of BOMs and gives engineers the tools to determine the right component for their supply chain. The second method is to look at some old Mouser invoices.

Ive purchased a few reels of Yageo resistors in the past, and looking through my Mouser order history, I havent seen any change in the price between six months ago and today. A reel of five thousand 220 , 0603 resistors from Yageo cost $10 last June, and it costs $10 today. Of course, this is a dataset of one, and to truly understand the stock situation we need better data.



ELC + OpenIoT: From Cloud Computing to Robot Apocalypse

ELC + OpenIoT: From Cloud Computing to Robot Apocalypse


Google officially closes HTC deal of $1.1 billion TechWorm

Google completes HTCs smartphone deal of $1.1 billion

In September 2017, Google had officially closed a $1.1 billion deal with the Taiwanese OEM HTC Corp. to acquire most of HTCs smartphone design division.

Back then, Rick Osterloh, Googles Senior Vice President for Hardware in a blog post had said, Weve signed an agreement with HTC, a leader in consumer electronics that will fuel even more product innovation in the years ahead. With this agreement, a team of HTC talent will join Google as part of the hardware organization. These future fellow Googlers are amazing folks weve already been working with closely on the Pixel smartphone line, and were excited to see what we can do together as one team.

Fast forward to January 2018, Osterloh has officially confirmed the completion of the $1.1 billion deal with HTC in a blog post. Im delighted that weve officially closed our deal with HTC, and are welcoming an incredibly talented team to work on even better and more innovative products in the years to come, he said.

He added, These new colleagues bring decades of experience achieving a series of firsts particularly in the smartphone industryincluding bringing to market the first 3G smartphone in 2005, the first touch-centric phone in 2007, and the first all-metal unibody phone in 2013. This is also the same team weve been working closely with on the development of the Pixel and Pixel 2.

The deal involves Google acquiring more than 2,000 HTC engineers who will be joining the companys Taiwan division, which Osterloh says is the key innovation and engineering hub for Google. The search giant has also acquired non-exclusive licenses to HTCs intellectual property. Also, the expansion will make the Taipei-based unit grow its footprint in the Asia Pacific region.

Further, the deal will help Google stride deeper with its new teammates to improve the experiences for its users around the world by designing its own consumer hardware, artificial intelligence, and software.

Osterloh also hinted that Google will continue to expand its smartphone business following the Pixel series launched last year as made by Google phones.

Were focused on building our core capabilities, while creating a portfolio of products that offers people a unique yet delightful experience only made possible by bringing together the best of Google softwarelike the Google Assistantwith thoughtfully designed hardware, he said.

On the other hand, HTC said that it will continue to produce handsets and concentrate its efforts on its next flagship smartphone. Today marks the beginning of an exciting new chapter at HTC as we continue t...


Intel OpenGL/Vulkan Performance Edging Slightly Higher With Mesa 18.0 Phoronix

Yesterday I posted some initial benchmarks of Mesa 18.0 on RADV/RadeonSI drivers for AMD GPUs now that feature development is over for this next quarterly installment of Mesa 3D. On the Radeon side there were mostly performance improvements to note with the RADV Vulkan driver, but what about on the Intel side? Today are benchmarks of the Intel i965 OpenGL and ANV Vulkan drivers compared to earlier Mesa releases for seeing how the Intel (U)HD Graphics performance has changed on the Linux desktop.


Apple confirms government inquiry over device slowdowns The Hill: Technology Policy

Apple said on Tuesday that it has been contacted by government agencies about the intentional slow down of older devices and that it is in the process of answering their questions. We have received questions from some government agencies and...


Security updates for Wednesday

Security updates have been issued by Arch Linux (dnsmasq, libmupdf, mupdf, mupdf-gl, mupdf-tools, and zathura-pdf-mupdf), CentOS (kernel), Debian (smarty3, thunderbird, and unbound), Fedora (bind, bind-dyndb-ldap, coreutils, curl, dnsmasq, dnsperf, gcab, java-1.8.0-openjdk, libxml2, mongodb, poco, rubygem-rack-protection, transmission, unbound, and wireshark), Red Hat (collectd, erlang, and openstack-nova), SUSE (bind), and Ubuntu (clamav and webkit2gtk).


Here's How Vine Replacement v2 Will Work SoylentNews

Submitted via IRC for AndyTheAbsurd

First, don't call it "Vine Two". Details are starting to emerge about v2, the forthcoming video app built to replace Vine by its former co-founder Dom..

If I'd written this article, it would have consisted of one word: "Poorly".


Original Submission

Read more of this story at SoylentNews.


How to access/view Python help when using vim nixCraft

I am a new Vim text editor user. I am writing Python code. Is there is a way to see Python documentation within vim and without visiting the Internet? Say my cursor is under the print Python keyword, and I press F1. I want to look at the help for the print keyword. How do Continue reading "How to access/view Python help when using vim"

The post How to access/view Python help when using vim appeared first on nixCraft.


Your Instant Kubernetes Cluster

1.0 Pick a host

We will be using Ubuntu 16.04 for this guide so that you can copy/paste all the instructions. Here are several environments where I've tested this guide. Just pick where you want to run your hosts.

Wednesday, 31 January


GDB 8.1 Debugger Brings Better Rust Support, Improved Python Scripting Phoronix

Version 8.1 of the GNU Debugger (GDB) is now available for developers...


Lawmakers worry digital currency helping human traffickers avoid detection The Hill: Technology Policy

Lawmakers at a Tuesday hearing discussed ways to crack down on human traffickers who are using new financial tools to avoid detection.The House Financial Services Subcommittee on Oversight and Investigations heard from witnesses on the...


Ten Tourists Charged in Cambodia for "Dancing Pornographically" in Photos SoylentNews

Cambodia charges foreigners with making pornographic images

Prosecutors in Cambodia have charged 10 foreigners, including five Britons, with producing pornographic images after raiding a villa in Siem Reap. They were arrested on Thursday after images emerged of people apparently imitating sexual positions at a party in the north-western town. If convicted, they face up to a year in prison.

Two Canadians held in Cambodia for 'dancing pornographically'

A police release included photos of multiple clothed men and women straddling one another on the floor, some in sexually suggestive positions. Those photos are said to have been shared on social media prior to the arrests.

[...] [Joshua Kurlantzick, a senior fellow with the U.S.-based Council on Foreign Relations think tank,] said the Cambodian government is grappling with pressure to enforce more conservative values, an agenda that is at odds with the country's party-oriented reputation among young western travellers. Foreigners dressed in skimpy clothing while visiting religious and historical monuments have been one source of tension. "Cambodian officials have been a little frustrated," Kurlantzick said. "Partly through their own fault, they allowed a certain very seedy sex tourism culture to take place in (the capital) Phnom Penh."

He said that while the arrests are "pretty unusual," travellers should be aware that the Cambodian government is increasingly lashing out against all types of foreign influence, including boisterous tourists. "The overall environment in Cambodia has just become much more repressed over the last year," Kurlantzick said. "The country is potentially something of a tinder box because of that."

Original Submission

Read more of this story at SoylentNews.


Containers, the GPL, and Copyleft: No Reason for Concern

Though open source is thoroughly mainstream, new software technologies and old technologies that get newly popularized sometimes inspire hand-wringing about open source licenses. Most often the concern is about the GNU General Public License (GPL), and specifically the scope of its copyleft requirement, which is often described (somewhat misleadingly) as the GPLs derivative work issue.


How to Fix the Docker and UFW Security Flaw

If you use Docker on Linux, chances are your system firewall might be relegated to Uncomplicated Firewall (UFW). If that's the case, you may not know this, but the combination of Docker and UFW poses a bit of a security issue. Why? Because Docker actually bypasses UFW and directly alters iptables, such that a container can bind to a port. This means all those UFW rules you have set won't apply to Docker containers.

Let me demonstrate this.


CoreOS Joins Redhat - Linux - News


CoreOS has agreed to become a part of the Red Hat family.


CoreOS will continue to honor all existing customer engagements.
CoreOS to join Red Hat to deliver automated operations to all

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog