SoylentNews

AnonTechie writes:

THE NATIONAL SECURITY Agency knows Edward Snowden disclosed many of its innermost secrets when he revealed how aggressive its surveillance tactics are. What it doesn't know is just how much information the whistle-blower took with him when he left.

For all of its ability to track our telecommunications, the NSA seemingly has little clue exactly what documents, or even how many documents, Snowden gave to the media. Like most large organizations, the NSA had tools in place to track who accessed what data and when. But Snowden, a system administrator, apparently was able to cover his tracks by deleting or modifying the log files that tracked that access.

An Estonian company called Guardtime says it has a solution to that: using the same ideas that underpin the digital currency Bitcoin, the company says it can ensure no one can alter digital files, not even an organization's most senior executives or IT managers. The idea is to stop the next Snowden in his tracks by making it impossible to tamper with data, such as the NSA log files, in secret.

---

Original Submission

takyon writes:

The Office of Personnel Management has confirmed that around 4 million current and past employees have been affected by a data breach, potentially exposing personal data. Unnamed U.S. officials say that the hackers were from China.

Here is the U.S. Office of Personnel Management's statement:

The U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have compromised the personal information of current and former Federal employees.

Within the last year, OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks. As a result, in April 2015, OPM became aware of the incident affecting its information technology (IT) systems and data that predated the adoption of these security controls.

Since the incident was identified, OPM has partnered with the U.S. Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation to determine the impact to Federal personnel. OPM immediately implemented additional security measures to protect the sensitive information it manages.

Beginning June 8 and continuing through June 19, OPM will be sending notifications to approximately 4 million individuals whose Personally Identifiable Information was potentially compromised in this incident. The email will come from opmcio@csid.com and it will contain information regarding credit monitoring and identity theft protection services being provided to those Federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service.

In order to mitigate the risk of fraud and identity theft, OPM is offering affected individuals credit monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution. This comprehensive, 18-month membership includes credit report access, credit monitoring, identity theft insurance, and recovery services and is available immediately at no cost to affected individuals identified by OPM.

Additional information is available beginning at 8 a.m. CST on June 8, 2015 on the company's website, www.csid.com/opm, and by calling toll-free 844-222-2743 (International callers: call collect 512-327-0700).

kaszz writes:

Home and small-office routers is a hot target for security audits. Vulnerabilities and poor security practices is becoming the rule, rather than the exception. Researchers from Universidad Europea de Madrid found 60 distinct flaws in 22 devices. Full details of their research can be read in the Full Disclosure mailing list. Affected brands include D-Link, Belkin, Linksys, Huawei, and others. Among the flaws are at least one backdoor with a hard-coded password. Several routers allow external attackers to delete files on USB storage devices, and others facilitate DDoS attacks. About half of the flaws involve Cross Site Scripting and Cross Site Request Forgery capabilities

Summary: COTS Embedded devices don't have security you can rely on, but why is that so? OpenWRT may be an alternative.

---

Original Submission

AnonTechie writes:

Patients with terminal cancer could "effectively be cured" by the discovery of a pair of drugs which can shrink tumours or bring them under control in nearly 60% of people with advanced melanoma.

In an international trial of 945 patients, treatment with the drugs ipilimumab and nivolumab stopped the cancer advancing for nearly a year in 58% of cases. This was compared with 19% of cases for ipilimumab alone, which resulted in tumours stabilising or shrinking for an average of two and a half months.

The treatment, known as immunotherapy, uses the body's immune system to attack cancerous cells. Researchers say it could replace chemotherapy as the standard treatment for cancer within five years.

[Paper]: http://www.nejm.org/doi/full/10.1056/NEJMoa1504030#t=article

---

Original Submission

takyon writes:

Atlanta-based attorney Scott A. Horstemeyer has sued the Electronic Frontier Foundation (EFF) and "Staff Attorney and Mark Cuban Chair to Eliminate Stupid Patents" Daniel Nazer for libel over an April blog post that bashed patent litigant Eclipse IP LLC for US Patent No. 9,013,334, "Notification systems and methods that permit change of quantity for delivery and/or pickup of goods and/or services." The patent was filed by "prolific inventor" Scott Horstemeyer on March 5, 2014. EFF explains:

We think that all of Eclipse's patents deserve a stupid patent of the month award. But the '334 patent is especially deserving. This is because the Patent Office issued this patent after a federal court invalidated similar claims from other patents in the same family. On September 4, 2014, Judge Wu of the Central District of California issued an order invalidating claims from three of Eclipse's patents. The court explained that these patents claim abstract ideas like checking to see if a task has been completed. Judge Wu applied the Supreme Court's recent decision in Alice v CLS Bank and held the claims invalid under Section 101 of the Patent Act.

All of Eclipse's patents were both "invented" and prosecuted by a patent attorney named Scott Horstemeyer (who just so happens to have prosecuted Arrivalstar's patents too). Patent applicants and their attorneys have an ethical obligation to disclose any information material to patentability. Despite this, from what we can tell from the Patent Office's public access system PAIR, Horstemeyer did not disclose Judge Wu's decision to the examiner during the prosecution of the '334 patent, even though the decision invalidated claims in the patent family. While Horstemeyer has not made any genuine contribution to notification "technology," he has shown advanced skill at gaming the patent system.

EFF has managed to get "stupid" patents invalidated by the U.S. Patent and Trademark Office, such as the one that was used to threaten podcasters. You can follow Horstemeyer's litigation against EFF here.

---

Original Submission

frojack writes:

The Scientist reports on a study of a villages in Argentina, where the people have been drinking poison—arsenic, to be specific—for thousands of years. The levels in the principal water source is up to 80 times the level considered to be safe by the World Health Organization (WHO). Even the best wells exhibit over 20 times the arsenic allowed in the WHO limit.

And it doesn't seem to bother them at all. There is every indication that these Andean communities may have evolved the ability to metabolize arsenic.

Swedish biologist Karin Broberg, of Stockholm’s Karolinska Institute, and colleagues at Uppsala and Lund Universities have been trying to figure out how generations of villagers in the Andean village of San Antonio de los Cobres (SAC), an area of nearly 6,000 residents, have been able to survive this chronic exposure to toxic levels of arsenic.

The researchers knew that a particular allele, AS3MT, located on chromosome 10, was suspected as the main gene involved in arsenic metabolism in humans. But the metabolism rate in these Andean villagers was sky high compared to people elsewhere.

By comparing genetic samples and urine from a wide selection of South American populations in Peru, Argentina, and Columbia, they hoped to determine if the arsenic tolerance was simply due to genetic accident, (population drift) or if it was a byproduct of natural selection. Natural selection tends to exhibit itself via higher levels of homozygosity, where particular alleles come from one lineage. (See here for a primer on Drift vs Selection.

In the area around AS3MT, the SAC population differed dramatically from the comparison populations. Not only did the SAC women have higher levels of protective AS3MT alleles, but these alleles also had longer stretches of homozygosity—a telltale sign of selection.

The extremely strong difference in allele frequency is considered a clear result of selective pressure on a population.

---

Original Submission

AndyTheAbsurd writes:

Article at Ars Technica

Possible plot twist: Is this newfound support for the SSH protocol and the OpenSSH project actually a new "in" for the NSA to sneak a new backdoor into the protocol?

---

Original Submission

AnonTechie writes:

The brain is truly a marvel. A seemingly endless library, whose shelves house our most precious memories as well as our lifetime’s knowledge. But is there a point where it reaches capacity? In other words, can the brain be “full”?

The answer is a resounding no, because, well, brains are more sophisticated than that. A study published in Nature Neuroscience earlier this year shows that instead of just crowding in, old information is sometimes pushed out of the brain for new memories to form.

Previous behavioural studies [PDF] have shown that learning new information can lead to forgetting. But in this study, researchers used new neuroimaging techniques to demonstrate for the first time how this effect occurs in the brain.

http://theconversation.com/health-check-can-your-brain-be-full-40844

---

Original Submission

Moving on from frontend stuff, I'm getting to the point that I want to dig in deep and rewrite most of the database layer of SoylentNews/rehash. For those who are unfamiliar with our codebase, its primarily written in perl, with fairly strict adherence to the MVC model, going as far as installing system modules for code shared between the frontend and backend daemons. Slash was written with database portability in mind, and at least historically, a port to postgreSQL existed in the late 90s/early 2000s, and there was some legacy Oracle code authored by VA Linux as well. This code has bitrotted to the point of unusability, leaving the MySQL backend the only functional mode; I deleted the legacy code about a year ago from our git repo.

However, migrating from MySQL has remaining on my personal TODO list for a long time, due to unreliability, data corruption, and configuration pain. The obvious choice from where I'm sitting is postgreSQL. For those who aren't super familiar with the pro/cons with MySQL, this article by Elnur Abdurrakhimov has a pretty good summary and a list of links explaining in-depth why MySQL is not a good solution for any large site. We've hit a lot of pain in the nearly 1.5 years SN has been up due to limitations in the database layer as well, forcing us to use a clustering solution to provide any sort of real redundancy for our backend. Although I'm familiar with database programming, I'm not a DBA by trade, so I'm hoping to tap into the collective knowledge of the SoylentNews community and work out a reasonable migration plan and design.

[More after the break...]

So as the post-upgrade dust settles, one of the big things still left on our usability TODO list is implementing inline reply and moderation for the site. A quick survey of our developers is that no one here really is super experienced in writing JavaScript code, so I'm putting a call for help to find someone to help implement and write this. For anyone getting interested in SN development, this appears to be a straightforward task. Here's the official requirements for the feature.

• A user should be able to post and moderate comments without a seperate page load
• If JavaScript is disabled for whatever reason, the site must degrade to the current click-to-post functionality. We don't want to force people to enable JS if they don't wish to. Dynamically rewriting the DOM to change links may be necessary, but this can be discussed
• The rehash API must be extended to add this functionality; this should be relatively easy and straight forward; we have parts of the original AJAX code so this functionality may already be in place.

• Contact me, or paulej72 on IRC, or post a comment below if you're interested in helping.

"gewg_" writes:

The San Jose Mercury News reports

A South Bay [Milpitas, California] recycling firm is looking for a woman who, in early April, dropped off boxes of electronics that she had cleaned out from her house after her husband died. About two weeks later, the firm, Clean Bay Area, discovered inside one of the boxes a rare find: a vintage Apple I, one of only about 200 first-generation desktop computers put together by Steve Jobs, Steve Wozniak, and Ron Wayne in 1976.

The recycling firm sold the Apple I this month for $200,000 to a private collection, Vice President Victor Gichun said. And now, because company policy is to split proceeds 50-50 with the donor, he's looking for the mystery woman who refused to get a receipt or leave her name.

---

Original Submission

Hugh Pickens writes:

Claire Nee writes in the NYT that for psychologists it’s best to observe actual behavior. Yet for obvious ethical and safety reasons, it’s almost never possible to observe a crime as it happens. To establish “proof of concept,” researchers had to show that experienced ex-burglars would burgle a simulated house the same way they burgled a real house. So they had them actually burgle a house provided by a local police department in a quiet residential area. At the real house, participants wore head-mounted cameras and were asked to start at the front gate, enter the house and burgle it in their own time by touching the items they would take in a real burglary. Then the psychologists observed the ex-burglars commit a mock burglary in a simulated environment that could be navigated using a mouse or a game controller. Items (of value and otherwise) were placed in identical spots in the real house and in the simulated house, and in the latter could be “stolen” by clicking on them.

From previous interviews and experimental studies, burglars had alluded to what is called “dysfunctional expertise” in the way they approach the environment, select their targets and navigate around the property, and it was fascinating to see this unfold in real time. Can security measures help keep a house safe? Not really, according to Nee. "Good security is a deterrent but householders are notoriously bad at actually using the devices they install, so this is rarely a problem for the burglar," she says. "Most burglars will return to a vulnerable neighborhood or street later when they are ready to do the burglary. So they have a lot of competence at choosing properties to burgle and are rarely caught at the scene. Most burglaries are neither impulsive nor heavily planned."

Experienced burglars spent significantly more time in areas of the house with high-value items and navigated it much more systematically than the control subjects did. They also showed greater discernment, by stealing fewer but more valuable items. Most important, all participants burgled the real and the simulated houses almost identically (PDF). The researchers concluded that using simulations can be a robust way to study crime, and in studying it this way, we will not be limited to just burglary. "A better understanding of criminal behavior will help us reduce opportunities for crime in our neighborhoods," concludes Nee. "By knowing what the burglar is looking for — what signals wealth, occupancy, ease of access and security in properties — we can make adjustments in awareness and protection."

---

Original Submission

Hugh Pickens writes:

Angie Schmitt writes in Streetsblog USA that city streets with the widest lanes — 12 feet or wider — are associated with greater crash rates and higher impact speeds and that there is hard evidence that wider lanes increase risk on city streets. Dewan Masud Karim conducted a wide-ranging review of existing research as well as an examination of crash databases in two cities, taking into consideration 190 randomly selected intersections in Tokyo and 70 in Toronto. Looking at the crash databases, Karim found that collision rates escalate as lane widths exceed about 10.5 feet. According to Karim "human behavior is impacted by the street environment, and narrower lanes in urban areas result in less aggressive driving and more ability to slow or stop a vehicle over a short distance to avoid collision. Designers of streets can utilize the “unused space” to provide an enhanced public realm, including cycling facilities and wider sidewalks, or to save money on the asphalt not used by motorists." Karim concluded that there is a sweet spot for lane widths on city streets, between about 10 and 10.5 feet.

According to Jeff Speck the fundamental error that underlies the practice of traffic engineering is an outright refusal to acknowledge that human behavior is impacted by its environment and it applies to safety planning, as traffic engineers, designing for the drunk who's texting at midnight, widen our city streets so that the things that drivers might hit are further away. "When lanes are built too wide, many bad things happen. In a sentence: pedestrians are forced to walk further across streets on which cars are moving too fast and bikes don't fit," writes Speck adding that a pedestrian hit by a car traveling 30 mph at the time of impact is between seven and nine times as likely to be killed as one hit by a car traveling 20 mph This tremendously sharp upward fatality curve means that, at urban motoring speeds, every single mile per hour counts. "Every urban 12-foot lane that is not narrowed to 10 feet represents a form of criminal negligence; every injury and death, perhaps avoidable, not avoided—by choice."

---

Original Submission

kaszz writes:

Nantero, the company that invented carbon nanotube-based non-volatile memory in 2001 and has been developing it since, has announced that seven chip fabrication plants are now manufacturing its Nano-RAM (NRAM) wafers and test chips in preparation for mass production, which requires the product designs to be completed. The company has announced that aerospace giant Lockheed Martin and Schlumberger Ltd., the world's largest gas and oil exploration and drilling company, will be customers seeking to use its chip technology. The memory, which can withstand 300 °C temperatures for years without losing data, is natively thousands of times faster than NAND flash and has virtually infinite read/write resilience. Nantero plans on licensing its intellectual property to allow others to create gum stick SSDs using DDR4 interfaces. NRAM has the potential to create memory that is vastly more dense that NAND flash, as its transistors can shrink to below 5 nanometers in size, three times more dense than today's densest NAND flash. At the same time, NRAM is up against a robust field of new memory technologies that are expected to challenge NAND flash in speed, endurance and capacity, such as Phase-Change Memory and Ferroelectric RAM (FRAM).

You may want to take a look at Memristors too.

---

Original Submission

Skittles wrote in with a Chicago Tribune article detailing FBI surveillance using a fleet of planes across the US:

The FBI is operating a small air force with scores of low-flying planes across the country carrying video and, at times, using cellphone surveillance technology — all hidden behind fictitious companies that are fronts for the government, per the Associated Press. The planes' surveillance equipment is generally used without a judge's approval.

From the article:

U.S. law enforcement officials confirmed for the first time the wide-scale use of the aircraft, which the AP traced to at least 13 fake companies, such as FVX Research, KQM Aviation, NBR Aviation and PXW Services. Even basic aspects of the program are withheld from the public in censored versions of official reports from the Justice Department's inspector general.