SoylentNews

Arthur T Knackerbracket has found the following story:

What they've found is that there's a companion memory leak (CVE-2015-5333) and buffer overflow (CVE-2015-5334) in the SSL replacement candidate.

The researchers from Qualys (their notice published here) said they were trying to see if a remote code execution attack is feasible against vulnerabilities they've turned up in OpenSMTPD (which earlier this month hit version 5.7.3).

“Because we could not find one in OpenSMTPD itself, we started to review the malloc()s and free()s of its libraries, and eventually found a memory leak in LibreSSL's OBJ_obj2txt() function; we then realized that this function also contains a buffer overflow (an off-by-one, usually stack-based).”

The memory leak provides a path for an attacker to cause a denial-of-service attack, and also permits triggering of the buffer overflow.

The LibreSSL team has released fixes for OpenBSD.

Original Submission

Phoenix666 writes:

In polluted environments, diesel fumes may be reducing the availability of almost half the most common flower odours that bees use to find their food, research has found.

The new findings suggest that toxic nitrous oxide (NOx) in diesel exhausts could be having an even greater effect on bees' ability to smell out flowers than was previously thought.

NOx is a poisonous pollutant produced by diesel engines which is harmful to humans, and has also previously been shown to confuse bees' sense of smell, which they rely on to sniff out their food.

Researchers from the University of Southampton and the University of Reading found that there is now evidence to show that, of the eleven most common single compounds in floral odours, five have can be chemically altered by exposure to NOx gases from exhaust fumes.

Original Submission

AnonTechie writes:

Panspermia hypothesis proposes that life travels between stars and planets, surviving the effects of interstellar journeys and finally settling down on a planetary surface, beginning new evolutionary processes. The microorganisms can be transported to random destinations by asteroids, comets or meteoroids or distributed intentionally by some intelligent alien civilization. But with Earth as the only example of a life-bearing planet, the essential question is: If panspermia really occurs, how could we detect it?

"It is possible for life to be carried by rocks which are ejected from one planet, after an impact by an asteroid, and land on another planet. This can happen by chance if the two planets are in the same planetary system or, with smaller likelihood, if they are in different systems. Although this process is possible, we have no evidence for it," said Abraham Loeb, chair of the Department of Astronomy at the Harvard University, in an interview with Phys.org. Loeb is the co-author of a paper published in Astrophysical Journal Letters suggesting that if life spreads via panspermia, it does it in a characteristic pattern that we could identify.

His research shows that this pattern would be similar to the outbreak of an epidemic. The panspermia theory and the model introduced by Loeb and his colleagues may be the keystone in the search for extraterrestrial life for future generations. Moreover, Loeb believes that we will soon find traces of alien microorganisms.

http://phys.org/news/2015-10-life-universe.html

[Abstract/Paper]: http://arxiv.org/abs/1507.05614

[Also Covered By]: Life Might Spread Across Universe Like an 'Epidemic' in New Math Theory

[Related]: Panspermia and the Origin of Life on Earth

Original Submission

The Mighty Buzzard writes:

Right, so we're pondering on adding new nexuses to the site for the next upgrade (planned for December but could end up being later depending on circumstances). Why bother adding new nexuses? Primarily so you can easily filter them out from your settings page. For example, say we had added a Games nexus. Not interested in gaming? Preferences->Homepage and put a dot in the far left (X) radio button next to Games and you will not see anything from the Games nexus on the main page. Mind you, we don't have nexus functionality built into the rss/atom feeds, yet, so they'll still show up there.

Keep in mind you can also browse nexuses independently, so you catch stories only from that nexus. Independent rss/atom feeds are coming sooner or later as well. Nexuses aren't entirely about what you don't want to see.

As of now we've got Games and Liberty on the table as new nexuses to go with Breaking News and Meta. Including more or less duplicating some Topics, what nexuses would you lot like to see go live? Last note here, any nexus we create will be fair game to sub stories in that category for. Don't suggest sports unless you want to give the green flag to subs on NASCAR.

Original Submission

NotSanguine writes:

The University of New South Wales (Australia) is reporting on research [abstract;full article paywalled] by an international team led by Dr Nicholas Golledge, a senior research fellow at New Zealand's Victoria University's Antarctic Research Centre. According to the article, a jump in global average temperatures of 1.5°C–2°C will see the collapse of Antarctic ice shelves and lead to hundreds and even thousands of years of sea level rise. It goes on to say:

Using state-of-the-art computer modelling, Dr Golledge and his colleagues including researchers from UNSW simulated the ice-sheet's response to a warming climate under a range of greenhouse gas emission scenarios. They found in all but one scenario (that of significantly reduced emissions beyond 2020) large parts of the Antarctic ice-sheet were lost, resulting in a substantial rise in global sea-level. "The long reaction time of the Antarctic ice-sheet – which can take thousands of years to fully manifest its response to changes in environmental conditions – coupled with the fact that CO₂ lingers in the atmosphere for a very long time means that the warming we generate now will affect the ice sheet in ways that will be incredibly hard to undo," Dr Golledge said.

[...] "Around 93% of the heat from anthropogenic global warming has gone into the ocean, and these warming ocean waters are now coming into contact with the floating margins of the Antarctic ice sheet, known as ice shelves. If we lose these ice shelves, the Antarctic contribution to sea-level rise by 2100 will be nearer 40 centimetres." To avoid the loss of the Antarctic ice shelves, and a long-term commitment to many metres of sea-level rise, atmospheric warming needs to be kept below 2°C above present levels. "Missing the 2°C target will result in an Antarctic contribution to sea-level rise that could be up to 10 metres higher than today," Dr Golledge said. "The stakes are obviously very high—10 percent of the world's population lives within 10 metres of present sea level."

[...] "The striking thing about these findings is that we have taken the most conservative estimates possible," said co-author of the paper, Dr Chris Fogwill from UNSW Australia's Climate Change Research Centre. "In all IPCC global warming scenarios, only one (RCP2.6) saw Antarctic ice shelves avoid ongoing collapse. In every other case we saw significant collapse and rising sea levels continue for hundreds to thousands of years. "The results suggest Antarctic ice shelf stability has a tipping point dependent on a critical temperature threshold that can lead to substantial sea level rise even if we reduce emissions after that threshold has been reached." The findings raise an ethical decision for us all, according to Dr Golledge.

So, we have more research detailing the impact of AGW on sea levels. Interestingly, the paper's authors slam the IPCC's estimates of sea level rises due to Antarctic ice sheet melting as too modest.

Original Submission

"gewg_" writes:

With another of his graphs derived from StatCounter data, blogger and Linux advocate Robert Pogson reports

It was only a few years ago that the sycophants of M$ were trumpeting that */Linux was struggling to reach ~1% share of the desktop anywhere. Many of those were in USA.

Well, the chickens have come home to roost in The Year Of The Linux Desktop. */Linux has ~5% share. Are we there yet? Nope. FLOSS is still going places and growing stronger every year. Classical GNU/Linux grew rapidly until mid-year when Android/Unknown and Chrome OS took up slack. It's all good.

I would have said "He who laughs last laughs best" but, hey, it's his blog.
...and remembering how Chromebooks dominated the sales figures last Christmas, I can't wait to see how the SteamBox sales go this Christmas.

Previous: Given the Choice for Christmas 2014, Consumers Chose Linux
Big Jump in Bahrain: Linux Now At 16 Percent

Original Submission

NotSanguine writes:

Science Daily is reporting on research [abstract;full paper pay-walled] by Professors Anton Rebhan and Frederic Brünner from TU Wien (Vienna) in the search for the exotic particle, made up entirely of gluons -- the "sticky" particles that keep nuclear (quarks) particles together.

According to Science Daily:

For decades, scientists have been looking for so-called "glueballs." Now it seems they have been found at last. A glueball is an exotic particle, made up entirely of gluons -- the "sticky" particles that keep nuclear particles together. Glueballs are unstable and can only be detected indirectly, by analysing their decay. This decay process, however, is not yet fully understood.

Professor Anton Rebhan and Frederic Brünner from TU Wien (Vienna) have now employed a new theoretical approach to calculate glueball decay. Their results agree extremely well with data from particle accelerator experiments. This is strong evidence that a resonance called "f0(1710)," which has been found in various experiments, is in fact the long-sought glueball. Further experimental results are to be expected in the next few months.

[...] Gluons can be seen as more complicated versions of the photon. The massless photons are responsible for the forces of electromagnetism, while eight different kinds of gluons play a similar role for the strong nuclear force. However, there is one important difference: gluons themselves are subject to their own force, photons are not. This is why there are no bound states of photons, but a particle that consists only of bound gluons, of pure nuclear force, is in fact possible.

[...] "Our calculations show that it is indeed possible for glueballs to decay predominantly into strange quarks," says Anton Rebhan. Surprisingly, the calculated decay pattern into two lighter particles agrees extremely well with the decay pattern measured for f0(1710). In addition to that, other decays into more than two particles are possible. Their decay rates have been calculated too.

[...] Up until now, these alternative glueball decays have not been measured, but within the next few months, two experiments at the Large Hadron Collider at CERN (TOTEM and LHCb) and one accelerator experiment in Beijing (BESIII) are expected to yield new data.

Original Submission

David Eccles (gringer) writes:

I am part of an international team of researchers who have been exploring the capabilities of the MinION Sequencer, the MinION Analysis and Reference Consortium (MARC). Our first paper on this exploration has just been published in f1000 Research. Five separate labs carried out four sequencing runs each of the same strain of E. coli, and a few more labs helped to analyse the results. If you're interested in seeing what this technology is capable of (or at least, what it was capable of about 6 months ago), check out the paper here, or download the data here.

The Oxford Nanopore MinION is a small DNA sequencer that plugs into the USB port of a laptop and sequences DNA by measuring changes in an electric current as the sequence is passed through one of 4096 pores in the sequencing device. These electrical signals are combined into events that describe the movement of a single base, and the events are then base-called to generate DNA sequences.

The MinION sequencer is almost entirely electronic, stripping away everything that makes existing DNA sequencing technologies big, heavy, slow and expensive. This has meant that the MinION is uniquely able to be used in remote areas where other sequencers just can't reach: sequencing Ebola on-site in Africa, sequencing the DNA of small frogs in the Amazon rainforest, and more recently sequencing DNA in NASA's vomit comet.

Previously: The MinION - Genome Sequencing in a Handheld Device

Original Submission

VanderDecken writes:

The BBC reports that several Target stores in the US have had their public address systems hacked, resulting in explicit pornographic audio being broadcast across the stores, in some cases for more than 15 minutes at a time.

An email obtained by the BBC, sent by company bosses to Target store managers across the US on Friday afternoon, outlines a weakness in the store's PA system being used to carry out the prank.I've removed a key detail for obvious reasons.

"Non-Target team members are attempting to access the intercom system by calling stores and requesting to be connected to line [xxxx]," it reads. "If connected, callers have control of the intercom until they hang up. We are actively working to limit intercom access to the Guest Services phone only. In the meantime, inform all operators to not connect any calls to line [xxxx]."

So in other words, if you ring up Target and ask to be put through to a certain extension, you're suddenly live on the PA system for as long as you like. Hardly the hack of the century, granted, but a reminder that there are people out there that will find even the most obscure vulnerabilities and exploit them.

I don't condone breaching computer systems but I guess that's one way to draw attention to vulnerabilities. Too bad they didn't pick something more kid-friendly. Like broadcasting that for the next 60 minutes there would be an 80% discount on everything in the store.

Original Submission

HughPickens.com writes:

In recent years, members of the 1% have been singled out by protesters seeking to highlight the growing disparity between rich and poor. Now Jana Kasperkevic writes in The Guardian that it can be very stressful to be rich. “It’s really isolating to have a lot of money. It can be scary – people’s reaction to you,” says Barbara Nusbaum, an expert in money psychology. "There is a fair amount of isolation if you are wealthy."

According to Clay Cockrell, who provides therapy for the rich, this means the rich tend to hang out with other rich poeple, not out of snobbery, but in order to be around those who understand them and their problems. One big problem is not knowing if your friends are friends with you or your money. “Someone else who is also a billionaire — they don’t want anything from you! Never being able to trust your friendships with people of different means, I think that is difficult,” says Cockrell. “As the gap has widened, they [the rich] have become more and more isolated.”

Cockrell says that a common mistake that many of the his wealthy clients make is letting their money define them. “I don’t think it’s healthy to discount your problems. If you are part of the 1%, you still have problems and they are legitimate to you. Even when you say: ‘I don’t have to struggle for money’, there are other parts of your life. Money is not the only thing that defines you. Your problems are legitimate.” To avoid problems, some Americans have taken to keeping their wealth secret. “We talk about it as stealth wealth," says Jamie Traeger-Muney. "There are a lot of people that are hiding their wealth because they are concerned about negative judgment."

Original Submission

"gewg_" writes:

from the mission-critical-systems-pwned dept.

El Reg reports

The nuclear industry is ignorant of its cybersecurity shortcomings, claimed a report released [October 5] and, despite understanding the consequences of an interruption to power generation and the related issues, cyber efforts to prevent such incidents are lacking.

The report adds that search engines can "readily identify critical infrastructure components with" VPNs, some of which are power plants. It also adds that facility operators are "sometimes unaware of" them.

Nuclear plants don't understand their cyber vulnerability, stated the Chatham House report, which found industrial, cultural, and technical challenges affecting facilities worldwide. It specifically pointed to a "lack of executive-level awareness".

[...] Among [the 18-month study's] more frightening discoveries is that the notion "nuclear facilities are 'air gapped'" is a "myth", as "the commercial benefits of internet connectivity mean[s] that nuclear facilities" are increasingly networked.

[More after the break.]

"gewg_" writes:

from the economic-realities dept.

Utility Dive reports

Entergy Corp. plans to shutter its 680 MW Pilgrim Nuclear Power Station in Plymouth, Mass. no later than June 1, 2019, the company said this week.

AP reports that financial factors drove Entergy to make the decision, including tough market conditions, reduced revenues, and increased operational costs. Entergy said it did not anticipate the economics of the plant to change in the near future, either through a rebound in power prices or a different market structure.

The exact timing of the closure will be decided next year, but the company has already informed the ISO New England that it intends to stop participating as a capacity resource.

CounterPunch continues

Entergy is also poised to shut the FitzPatrick reactor in New York. It promises an announcement by the end of this month.

Entergy also owns Indian Point 2 and Indian Point 3 some 40 miles north of Manhattan. Unit 2's operating license has long since lapsed. Unit 3's will expire in December.

[...] Meanwhile, like nearly all old American nukes, both Pilgrim and FitzPatrick are losing tons of money. Entergy admits to loss projections of $40 million/year or more at Pilgrim, with parallel numbers expected at FitzPatrick. The company blames falling gas and oil prices for the shortfalls.

[...] the boom in wind [and] solar, increased efficiency, and other Solartopian advances are at the real core of nuke power's escalating economic melt-down.

Original Submission

"gewg_" writes:

Some of you may know Ken Starks as an advocate for those people (especially kids) who can't afford a computer of their own. In the process of placing used computers with those folks, Ken and his organization use Linux to cut costs and to avoid proprietary gotchas. As such, you may also know him as an advocate for FOSS.

I have mentioned previously that earlier this year, in his ongoing bout with cancer, Ken had his larynx removed.

As a kid, Ken had a frightening experience due to a guy using one of those buzzers pressed against his throat to "speak". Ken doesn't want any part of freaking out any kids in that way. He has been looking for an out-of-the-box text-to-speech app that runs under Linux.

What Ken has found is that, while there are several nice text-to-speech apps for Android, the state of text-to-speech for Desktop Linux is very sad. The developers of FOSS TTS apps tend to reach a state of suits-my-needs and leave it there.

Someone who has a bit of experience setting up software, is adept with a search engine, and has patience can install one of the existing FOSS TTS apps and get that working at a useful level. A nice out-of-the-box experience for Joe Average, however, has been lacking up to now. Ken has been trying to find developers who can bring MaryTTS to a state of usefulness and ease that will make it on par with the experience you would expect from a payware app.

Via his column at FOSS Force, Ken now reports:

[More after the break.]

Runaway1956 writes:

Researchers from the University of York have used magnetic energy to suppress humans’ ‘threat-response’ functions and dramatically change people’s attitudes to immigration.

Psychologists used magnetic force to safely shut down the region of the brain associated with “threat-response functions” and conducted a series of tests where volunteers were asked questions about their beliefs.

Scientists found the people were less likely to have negative views when the magnetic force was applied to the posterior medial frontal cortex, positioned a few inches up from the forehead.

In the study, half of participants were given a low-level placebo-like level of magnetic energy that did not affect their brain, while the other half received enough energy to lower activity in the target area.

Volunteers were then asked to think about death, after which they were asked questions about their religious beliefs and attitudes on immigration.

Researchers from the University of York and the University of California, Los Angeles (UCLA), discovered those whose frontal cortex was temporarily shut down reported 32.8 percent less belief in God, angels or heaven.

Volunteers were screened prior to the investigation to ensure they held religious beliefs.

Phoenix666 writes:

On one of those Sim­tel CDs I found Jor­f. (Josephine's Recipe Fil­er). It was a OO lan­guage, with an in­ter­preter for DOS or Win­dows, and it sup­port­ed stuff that was re­al­ly ad­vanced for the time, and it made my cod­ing a lot sim­pler.

Out of nos­tal­gy, I down­load­ed a copy (yes, it is still there), and ran it in Dos­BOX (yes, it still work­s), to check if it was as good as I re­mem­bered.

You know what? It is.

In fac­t, if it had come out 2 or three years lat­er, and as free soft­ware in­stead of share­ware... I think it would have been big.

Here are some high­lights og the lan­guage:

        OOP
        Has in­te­grat­ed win­dow­ing tool­kit (for DOS and Win­dows)
        It had an in­ter­ac­tive hy­per­tex­t/win­dow­ing tu­to­ri­al writ­ten in it­self. In 1993.
        It looks like a cousin of Python. A freaky cous­in, though.
                -Com­­ments start with |
                -Strings lim­it­ed with sin­­gle or dou­ble quotes
                -Au­­to­­mat­ic type con­ver­­sions
                -In­­ten­­ta­­tion con­trols flow :-)
                -No de­­clared da­­ta types
                -In­­te­­grat­ed ed­i­­tor and de­bug­ger

The article author's native language seems to not be English, but it's a fun little piece on a language that might have been.

Original Submission

Hyperturtle writes:

Has phone pairing proven too challenging to do via bluetooth?

Now, there is no reason to fear missing on personalized ads recommended just for you, since sharing the same portable phone number across all devices means that it doesn't matter what logins you use or don't use--you can be conveniently identified via one handy identification number.

http://www.theverge.com/2015/10/14/9529869/att-numbersync-connected-devices-shared-phone-number

Is this a service people believe they have been missing out on?

I personally find that pairing via bluetooth with my car is as simple as turning on bluetooth on my phone and being within 20 feet of my car--but the AT&T executive in question believes most people find this to be challenging to set up. His solution: Give the car your phone number. The same goes for any wearables you have, tablets, and your PC.

Original Submission