SoylentNews

tonyPick writes:

IEEE Spectrum has an article on the Google Ara project, due for a "market pilot" release in 2015. Project Ara is the basis for a modular mobile phone ecosystem, where the end user can dynamically swap hardware modules to upgrade or alter the configuration of the smartphone:

you’ll plug everything into an “endoskeleton” that has built-in electronics to manage the flow of data and distribute power among modules. This supporting framework will also contain a tiny backup battery, which can keep the phone alive while you swap a dead battery module for a charged one. While Google will build the endoskeleton, the module design will be left to independent developers. Members of the design team expect that a basic Ara phone could be built from materials and components that cost between US $50 and $100. The retail cost of the phone could, of course, be more, depending on the specific modules the customer chooses.

The Ara Homepage has some additional details, and information on the Module Developer Kits, and although they're not formally linked there's some overlap with the Phonebloks project which has similar goals and contains news and information links.

janrinok writes:

A researcher has found a way to upload potentially malicious code to Facebook's servers by hiding it inside a harmless-looking Microsoft Word document file.

In July, Egypt-based security researcher Mohamed Ramadan discovered what he called a blind XML External Entity (XXE) out-of-band (OOB) vulnerability on Facebook's facebook.com/careers website.

On this site, users who want to apply for a job with Facebook can upload their résumé in .pdf or .docx format. This normally prevents the uploading of malicious files. However, .docx (Office Open XML) is a zipped, XML-based file format, which allowed the researcher to extract its contents using a file archiving application.

By altering the extracted files and placing them inside a .docx file, the expert managed to upload arbitrary code to Facebook's server. The test code developed by the researcher was simply designed to contact an HTTP server running on his computer. It took roughly 15 minutes for the file uploaded to Facebook to contact Ramadan's server, but the attack method had worked.

According to the researcher, the security hole could have been leveraged for a wide range of malicious tasks, including denial-of-service (DoS) attacks, TCP scans, and access to XML files. In certain circumstances, an attacker could have also gained access to sensitive information and launch DDoS attacks, the expert believes.

Facebook initially failed to reproduce the attack, but after further investigations the social media giant admitted it was a security issue and fixed it. In August, the company rewarded Ramadan with $6,300 for his findings.

AnonTechie writes:

After the baffling disappearance in March of Flight MH370, critics accused the aviation industry of "dithering" over equipping jets with real-time tracking systems. Now, with another passenger plane lost, the call for action is becoming more insistent.

Tracking aircraft by satellite and live-streaming of black box data were cited as top priorities by industry insiders after the disappearance of Malaysia Airlines Flight 370 with 239 people on board. Its fate remains a mystery despite a long underwater search west of Australia. Members of the International Civil Aviation Organization (ICAO)—the UN's aviation body—agreed in the aftermath of the incident to mandate real-time tracking.

But they did not set a timeline as airlines mulled the additional costs involved. Many carriers have been losing money for years. Now, with the apparent loss of AirAsia Flight QZ8501 on Sunday off Indonesia, the calls for immediate changes have returned with vehemence.

http://phys.org/news/2014-12-airasia-fuels-real-time-tracking.html

[Related]: http://www.airtrafficmanagement.net/2014/12/iata-no-silver-bullet-solution-on-tracking-in-wake-of-mh370/

AnonTechie writes with article from El Reg:

Microsoft is working on a new scheme to strip away some of the legacy bloat that has burdened its Internet Explorer web browser, sources claim.

According to the prolific Redmond rumormongers at Neowin, the software giant has forked ( http://www.neowin.net/news/internet-explorer-12-big-changes-are-coming-to-trident ) the code for IE's Trident rendering engine into a new, leaner version that should consume fewer resources – and Windows 10 will ship with both versions.

Microsoft has been crowing about the web standards compliance of IE11 for some time now. The problem is, enterprises have been coding their bespoke web applications around IE's non-standard quirks and idiosyncrasies for so long that they break when accessed using a modern version. Even some of Microsoft's own products have fallen into this snare.

It's a big part of the reason why truly awful browsers like IE6 have lingered around for so long, even though everyone knows they're buggy, render standards-compliant pages poorly, and are rife with security holes.

[Related]: http://www.zdnet.com/article/microsoft-is-building-a-new-browser-as-part-of-its-windows-10-push/

The Mighty Buzzard writes:

The full site update and post is coming up this weekend (barring unforeseen complications) but this is deserving of its own news update being as we had so many weigh in on it alone. While most of you really dug or were neutral on the idea, there were a few criticisms and most of them had some degree of validity. Most specifically the one that said you can see cause and effect more clearly if you change less at once. We absolutely cannot argue with that, so there's been a change to the Experiment.

The Spam moderation and abuse checking mechanism thereof are still going in. The Disagree moderation is still going in and Overrated is still going away. Moderation and posting in the same discussion in any order is still going in. What's not going in is moving all the current downmods to +0 mods. We're going to hold off testing that until we see if this solves most of the problems or not.

Because of another criticism, we'll also be changing how mod points are given out for the duration of the experiment. You may or may not have noticed but we already tested that over Christmas day and the day after by giving everyone who'd been registered a month or more and had "willing to moderate" checked mod points. The dataset is pretty small to infer much from but for the most part the people who said "give us more points and we can self correct" were correct within that two-day span. Not all the bad downmods were corrected by any means but quite a lot of them were. If we can keep this level or better of self-correction-of-jackassery going, I don't see much need for more drastic changes to the moderation system or even for meta-moderation really.

On a personal side note, I dig the fact that basically every comment out of the 150 that the Experiment post got was positive, constructive, or some combination of the two. Calling us bloody idiots is all good from a free speech angle but pretty much every one of our naysayers stepped up and added useful criticism as well. This makes me proud as hell to work for a project with a community that much better than the other site. Hats off to you guys.

AnonTechie writes with an article from Phys.org:

German cities emit several times less light per capita than comparably sized American cities, according to a recent publication in the journal Remote Sensing. The size of the gap grew with city size, as light per capita increased with city size in the USA but decreased with city size in Germany. The study also examined regional differences, and surprisingly found that light emission per capita was higher in cities in the former East Germany than from those in the former West.

The lead author, Dr. Christopher Kyba, studies visible light at night as a member of the Remote Sensing section of the German Research Center for Geosciences (GFZ) ( http://www.helmholtz.de/en/ ). "The size of the difference in light emission is surprisingly large. This work will allow us to identify comparable cities in order to uncover the reasons behind the differences." These could include differences in the type of lamps, but also architectural factors like the width of the streets and the amount of trees. The LED lamps currently being installed in many cities are expected to greatly change the nighttime environment, for example by reducing the amount of light that shines upwards.

[Abstract]: http://www.mdpi.com/2072-4292/7/1/1

[Paper]: http://www.mdpi.com/2072-4292/7/1/1/pdf

janrinok writes:

Ian Morris, over at Forbes.com, argues that Sony could have made far more than they did from the release of 'The Interview'

The numbers are in — you can read Paul Tassi’s piece on this for more — and Sony’s controversial film “The Interview” made a reasonably modest $15 million via its digital release. That’s after the movie cost $44 million, something we know because the Sony hack contained detailed information on the budget.

From a technological point of view, Sony’s big mistake here was one so common in Hollywood — ignoring the rest of the world. Of course there are some contractual reasons that make it hard to globally release a film. As a rule, Sony might be in charge when it comes to the US and Canada, but other companies may be involved when it comes to the global release. In this case though, Sony or Columbia do have the rights in a large number of countries.

But even so, the lesson is that preventing users from legally downloading drives at least some of them to torrent sites. So while Sony made $15 million on the movie, by my calculation that means only 2.5 million people paid to see it. According to various sites, BitTorrent downloads on public trackers were at nearly 1 million viewers after 24 hours. Those numbers exclude private trackers and places like newsgroups, IRC and “locker” based copies (those hosted on Dropbox or similar sites). Factor all those in, and it’s plausible that more people pirated the movie than paid.

Of course, you’ll never stop piracy, but blocking the film from being watched in other English-speaking countries is just foolish. Sony could, perhaps, have doubled its money if it had allowed non-US residents to watch the film. And even if this had penalties with distributors, it feels like this might be the ideal time to try the model out anyway.

frojack writes:

Spiegel Online has a story on just how much of our supposedly secure protocols are routinely cracked by the NSA. The page is worth bookmarking, if for no other reason than the tremendous amount of links to actual NSA documents it contains.

The main points are not new to those of use who have been following this issue for some time. Your VPN is NOT private, your SSL was easily cracked as far back as 2012, and even your SSH sessions are often vulnerable. Skype is a joke, you might as well mail the NSA a transcript.

Some things are still very difficult for them to crack, PGP with good (2048 or 4096) byte keys, OTR settings on chat sessions (XMPP, Jabber, even Google Talk with someone else's client), and TrueCrypt for your disk drives all present significant problems.

TOR presents problems, but so many of the TOR Exit Nodes are NSA controlled that anonymity of at least one end can't be guaranteed, although a personal encryption layer on top of TOR may provide privacy of content.

Your SSL sessions should not be allowed to sit idle. Tear them down (close the browser) and start a new session. Most of the SSL connections decrypted are resumed sessions. According to one NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012.

AnonTechie writes with a study from PNAS:

The existence of life in extreme conditions, in particular in extraterrestrial environments, is certainly one of the most intriguing scientific questions of our time. In this report, we demonstrate the use of an innovative nanoscale motion sensor in life-searching experiments in Earth-bound and interplanetary missions. This technique exploits the sensitivity of nanomechanical oscillators to transduce the small fluctuations that characterize living systems. The intensity of such movements is an indication of the viability of living specimens and conveys information related to their metabolic activity. Here, we show that the nanomotion detector can assess the viability of a vast range of biological specimens and that it could be the perfect complement to conventional chemical life-detection assays. Indeed, by combining chemical and dynamical measurements, we could achieve an unprecedented depth in the characterization of life in extreme and extraterrestrial environments.

[Related]: Detecting extraterrestrial life using mechanical nanosensors: http://phys.org/news/2014-12-extraterrestrial-life-mechanical-nanosensors.html

janrinok writes:

In a singularityhub.com piece, Peter Diamandis asks "Besides your passport, what really defines your nationality these days?"

Is it where you were live? Where you work? The language you speak? The currency you use?

If it is, then we may see the idea of “nationality” quickly dissolve in the decades ahead. Language, currency and residency are rapidly being disrupted and de-materialized by technology.

Increasingly, technological developments will allow us to live and work almost anywhere on the planet… (and even beyond).

It isn't a long piece, but it does provoke thought. So what do fellow Soylentils think the future will bring that will either strengthen our national ties or result in increased 'nationality mobility' in the near future?

My own bet is that we will always be tied most strongly to the country to which we are obliged to pay our taxes — and I hope that loss of national identity will not result in having to pay taxes to several countries at once!

AnonTechie writes with an article from Gizmodo:

The world's eighth oldest bank is joining the modern age. From 2015, it will monitor social networks and mine them for information and early signs of economic ups and downs.

The Bank [of England] is setting up a new taskforce that will investigate how it can use all kinds of new data — because it believes it will be more timely than current, official streams of information. In particular, it's mentioned that it will measure the frequency of job searches to understand potential unemployment rates and monitor online shopping prices to assess inflation.

The special team, set up by the Bank's chief economist, Andy Haldane, has been charged with exploring how new unconventional sources of data could improve its picture of Britain's recovery.

[Source]: http://news.sky.com/story/1397985/bank-of-england-to-monitor-social-networks

janrinok writes:

Gene Marks, over at Forbes.com believes that Google is a great innovator, but keeps making the same mistake. He believes that both Google Glass and driverless cars are solutions looking for customers.

Google has brought us innovations — from search and maps to Gmail and collaboration services, that have literally changed our world. And great ideas keep coming from Google. Yet the company continues to make the same mistake. Over and over. I don’t mean the ones that result in product failures (and there have been quite a few over the years). I mean something a little more fundamental.

Take Google Glass. For those that haven’t seen it, it’s a pair of glasses that understands your verbal commands so that it can instantly perform tasks for you, like snapping a photo, taking a video, providing driving directions or searching a database. Glass is a great idea with great technology. It demonstrates the future power of the Internet of Things. There’s just one problem: no one is buying it.

The mistake [with driverless cars] is the same as with Glass: it’s a product without customers. It’s Google assuming that someday someone will actually buy a driverless car. Not a hobbyist or an eccentric millionaire. But a customer who actually needs or desires a driverless car. Someone who, given the choice of spending $30K on a car that they fully control and can go anywhere they want at any speed they want — or another, likely more expensive buggy that will only travel on certain routes at slower speeds and with less options. Hmm, which car would you buy?

However, despite the lack of immediate buyers, Marks believes that Google is well aware of the risks. It is the fact that it has huge financial resources which will allow it to continue until the markets change or are developed. Google is not looking at the next few years ahead, but rather at decades ahead when, it hopes, all the investment will prove to have been worthwhile.

tonyPick writes:

Spotted on The Verge is a demonstration video of Quake running on an Oscilloscope.

This is a demonstration by Pekka Väänänen, and he provides additional details on how this done (TLDR; Scope XY mode, with a modified Quake engine renderer to generate line segments). The source engine port used is DarkPlaces, and the scope in question is an elderly Hitachi V-422 (Dual channel, 40MHz B/W).

Direct YouTube link, and the same story on Kotaku

Anonoob writes:

Long time reader, first time submitter here. Noticed this article today about a father and son effort to create a small scale (10-50kg payload) re-entry vehicle, progressing further on the concept and funding stages. Thought it might be of some interest to SN readership, as a worthy project for those still enamoured by crowd funding, or merely to generate another discussion on citizens entering the space race. The Project Thunderstruck website has this to say about their goals :

There is a commercial opportunity to design and create a winged re-entry vehicle specifically for delicate payloads and experiments that last for more than 4 minutes in a weightless environment (tourist sounding flights to space). These are experiments and payloads that would find a parachute landing too harsh. There is a final output of the work and that is a spacecraft for experiments or even a payload taxi service back to earth. The most important aspect of this work is determining the smallest size of a winged spacecraft that can remain stable during re-entry. There are three stages of the physical testing:

1. Transonic – Project ThunderStruck in 6 months time (April 2015)
2. Re-entry from space (delivered on a sounding rocket – no orbit); 2-3 years away.
3. Re-entry from orbit; 6 years away

There are two science components to the upcoming testing over the next 6 months:

1. Stability of a small aircraft at mach 1.5 / 1,800kph / 1,120mph and lower speeds for landing,
2. Testing a new type of surface for high-speed flight. (not a heat shield).

Not very new news, given the project was launched back in October, and apparently fell short in earlier funding round. However just before Christmas they announced that the Australian Government, through the Defence Scientific and Technology Organisation (DSTO) has become a sponsor, by providing equipment, test facilities and advice.

AnonTechie writes:

Right now in Hamburg, Germany, the largest European hacker association, the Chaos Computer Club (CCC), is holding its 31st annual congress that's a four-day fest of all things hacking. Other than having a pretty rad name, CCC is well-known for detailing all the crazy (and sometimes scary) shit they can do. They've just added another one to the list.

On Saturday, security researcher and biometrics expert Jan Krissler, known as Starbug, detailed in an hour-long presentation (German) ( https://www.youtube.com/watch?v=pIY6k4gvQsY ) how he recreated German Defense Minister Ursula von der Leyen's fingerprints using only a "standard photo camera" and publicly available software called VeriFinger ( http://www.neurotechnology.com/verifinger.html ).

http://gizmodo.com/chaos-computer-club-says-they-can-hack-your-fingerprint-1675845311