SoylentNews

darkfeline writes:

http://arstechnica.com/security/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/

Ars Technica reports on a vulnerability where unencrypted Network Time Protocol (NTP) traffic can be exploited by man-in-the-middle attacks to arbitrarily set the times of computers to cause general chaos and/or carry out other attacks, such as exploiting expired HTTPS certificates.

While NTP clients have features to prevent drastic time changes, such as setting the date to ten years in the past, the paper on the attacks presents various methods for bypassing these protections.

There is a pdf of the report available.

Original Submission

AnonTechie writes:

Astronomers at the Ruhr-Universität Bochum have compiled the largest astronomical image to date. The picture of the Milky Way contains 46 billion pixels. In order to view it, researchers headed by Prof Dr Rolf Chini from the Chair of Astrophysics have provided an online tool ( http://gds.astro.rub.de/ ). The image contains data gathered in astronomical observations over a period of five years.

Using the online tool, any interested person can view the complete ribbon of the Milky Way at a glance, or zoom in and inspect specific areas. An input window, which provides the position of the displayed image section, can be used to search for specific objects. If the user types in "Eta Carinae", for example, the tool moves to the respective star; the search term "M8" leads to the lagoon nebula.

http://phys.org/news/2015-10-milky-photo-billion-pixels-largest.html

[Abstract]: http://onlinelibrary.wiley.com/doi/10.1002/asna.201211717/abstract

[Source]: http://rubin.rub.de/en/largest-astronomical-image-all-time

Original Submission

Yog-Yogguth writes:

Most of Edward Snowden's previous job as an analyst just got automated along with a lot of the work done by related jobs.

From the paper "Deep Feature Synthesis: Towards Automating Data Science Endeavors" (PDF 4.3 MB):

Developed by James Max Kanter and Kalyan Veeramachaneni at the "Computer Science and Artificial Intelligence Laboratory" (CSAIL) of the Massachusetts Institute of Technology (MIT) the "Data Science Machine (DSM)" enables much faster and more efficient automated analysis of data related to human behavior, decisions, and activities. Previously, analysis of such data relied greatly upon the human intuition of the data scientists trying to analyze it. The DSM and its Deep Feature Synthesis (DFS) are generalized approaches that do not require modification to run with new data sets.

The DSM did better than the majority of trained human data scientists (it beat 615 out of 904 teams) in two large competitions and in a third competition it beat 85.6% of the teams and achieved 95.7% of the top score (i.e. the best team). The paper goes into much more detail about the tests and everything else.

This is very big news considering the amount of human behavioural data which is being collected and stored by companies and governments or agencies. Most of that data is only analyzed —if at all— for a few key features like <sarcasm>"sales & terrorism"</sarcasm> due to the time involved and the lack of data scientists or analysts, data engineers, and machine learning researchers filling the roles of a data scientist (see Fig. 1 in the paper for an example of the typical workflow). The IEEE Spectrum article "Artificial Intelligence Outperforms Human Data Scientists" touches upon some of this and how the job of data scientists is seen as guaranteed employment for good pay.

With the DSM things will change, since it automates huge amounts of hard work (and out-competes nearly all human intuition) there's little or no reason not to automatically analyze much more or all of the data and in addition get the results much faster: the proverbial haystacks are going to disappear and be replaced with needles sorted according to any chosen metric.

The DSM uses MySQL with InnoDB and logic written in Python. The DFS uses Gaussian copula for tuning its machine learning process.

Original Submission

Phoenix666 writes:

Apple and Dropbox said Tuesday that they oppose a controversial cybersecurity bill that, according to critics, would give the government sweeping new powers to spy on Americans in the name of protecting them from hackers.

The announcement by the two companies comes days before the Senate expects to vote on the legislation, known as the Cybersecurity Information Sharing Act, or CISA.

"We don't support the current CISA proposal," Apple said in a statement. "The trust of our customers means everything to us and we don't believe security should come at the expense of their privacy."

Dropbox said that the bill needed more privacy protections in order to win its support.

Original Submission

tonyPick writes:

There's an article up on Hackaday on a proposed wireless power transmission system by tech company uBeam.

uBeam transmits power via sound, specifically high intensity ultrasound. uBeam has never demonstrated a prototype, has never released any technical specs, and even some high-profile investors that include [Mark Cuban] have not seen the uBeam working.
...
In what is perhaps the greatest breakdown ever posted on the EEVForums, [georgesmith] goes over what uBeam is, how the technology doesn't make sense, and how far you can take a business before engineers start to say, 'put up or shut up.' [georgesmith]'s research goes over just some of what makes uBeam impractical, but digging even further reveals how insane uBeam actually is.

The article is based on a forum posting by georgesmith titled "The uBeam FAQ" on the EEVBlog which is skeptical of the practicality of the approach, and critical of the reaction of the tech press.

Thousands of startups have technical problems. Why uBeam? Why make this FAQ?

Investors have given uBeam over $23 million. But that's not a big problem. It's their money, they can spend it how they want, and they can afford to lose it.

It's likely that uBeam's product will fail, if it ever launches. But that's not a problem either. Plenty of other companies take unlikely chances, and on the whole, we're better off for it. We can't succeed without failures along the way.

The problem is that uBeam's CEO, Meredith Perry, has turned the wireless power industry into a vehicle for her own self-promotion. uBeam, which has never demoed a prototype, lead Forbes to proclaim "Is this woman the next Elon Musk?"

The homepage of uBeam is also available for the curious.

Original Submission

Phoenix666 writes:

Small signals of appreciation have a decisive influence on the output and quality of the work of employees. A field experiment of KIT (Karlsruhe Institute of Technology) economist Petra Nieken and two colleagues revealed that a combination of performance-oriented piece wage and motivating words increases the performance by 20% and reduces the error rate by 40%.

"Our results are relevant to entrepreneurial practice," Nieken emphasizes. She holds the Chair for Human Resources Management of KIT's Institute of Management. How can staff members be motivated? Theory lists two instruments: Financial incentives, such as bonuses or piece wages, and the capability of executives to motivate their staff members. The question whether and how these two instruments complement, strengthen or weaken each other, however, is not clearly answered by theory. That is why this question was in the focus of the study performed at Bonn University.

Original Submission

NotSanguine writes:

Science Daily is reporting on new research [abstract;full paper paywalled] by researchers at the University of Illinois at Urbana-Champaign. [Ed's Comment: A link to the Arxiv version of the paper.]

The researchers, Swanlund Professor of Physics Nigel Goldenfeld, graduate student Farshid Jafarpour, and postdoctoral researcher Tommaso Biancalani have made a breakthrough in one of the most central chemical quirks of life as we know it: homochirality, the uniform "handedness" of biological molecules.

From the artcle:

Life is quirky. Although the molecules that make up all living things obey physical and chemical laws, they do so with a puzzling twist. How did the distinctive molecular features of life emerge, and what can they tell us about life on Earth and elsewhere in the universe?

...

Many chemicals, organic or otherwise, are chiral; that is, if the structure of each was reflected in a mirror, its "looking-glass" copy could not be turned or flipped to match the original. Like a pair of gloves, the left-handed and right-handed versions of a chiral molecule are functionally equivalent, but their fundamental asymmetry makes them distinct.

Inorganic reactions produce and consume both versions of chiral molecules at equal rates. This is what makes the chirality of biological molecules, such as sugars produced by microbes and plants or the amino acids that make up proteins, so shocking. In every living thing on Earth, all amino acids are left-handed, and all sugars are right-handed. Goldenfeld highlighted the central mystery of this phenomenon.

frojack writes:

Adverse effects on coral started on with concentrations as low as 62 parts per trillion. Yet measurements of oxybenzone in seawater within coral reefs in Hawaii and the U.S. Virgin Islands found concentrations ranging from 800 parts per trillion to 1.4 parts per million. That's 12 times the concentrations needed to harm coral.

Oxybenzone is used in more than 3,500 sunscreen products worldwide. Common brands including Coppertone, Baby Blanket Faces, L'Oreal Paris, Hawaiian Tropic and Banana Boat all use the Oxy.

There are alternative sunscreens with no oxybenzone. The trouble is that nobody really knows about this threat to the reefs, and they take a fair bit of convincing.

This story appeared in the Portland Press Herald

Original Submission

takyon writes:

The New York Times has announced a collaboration with Google to deliver over 1 million Cardboard virtual reality viewers to NYT home delivery subscribers with their newspapers over the weekend of November 7 and 8. Online subscribers will receive a promo code by email that will allow them to claim a free Cardboard viewer. NYT will also create free VR content:

The paper worked closely with IM360 to create the NYT VR application. The app will be available for free for both iOS 8+ and Android 4.3+. It can be used with the Google Cardboard viewer, but a pair of VR googles is not required to view the video. NYTimes.com will host 2D versions of the videos, and 360-degree YouTube versions will be found on the company's YouTube channel.

The first video being released through NYT VR is a collaboration between The New York Times Magazine and Chris Milk at Vrse. Together, they created a film called The Displaced, which covers the story of three young children -- one from South Sudan, one from eastern Ukraine, and one from Syria -- who have been uprooted from their homes due to war in their regions. The story is captured with 360-degree cameras and taken from the perspective of these young children, depicting what they go through in their daily lives.

[...] "The power of VR is that it gives the viewer a unique sense of empathic connection to people and events," said Jake Silverstein, Editor in Chief, The New York Times Magazine. "In the context of international reporting and conflict reporting, where our readers rely on us to bring them news and stories from remote and inaccessible places, this has huge potential. Through this immersive video experience, we can put our readers at the center of the most important story of our time."

NYT VR's second planned film is a behind-the-scenes look at the making of The New York Times Magazine's Walking New York cover image. There will be a third video released on NYT VR in December and more in 2016, but we don't have any details about what those videos will be.

The app will be available on November 5th.

Original Submission

Phoenix666 writes:

Python is, of course, a dynamic interpreted language rather than a static compiled language such as the one used by TouchDevelop. Furthermore, a version of Python that compiled to the TouchDevelop AST would be a completely new language - a Pythonic shim to make TouchDevelop feel like Python. Finally, TouchDevelop itself is written in TypeScript, an interesting Microsoft-developed language that compiles to JavaScript. None of us evaluating TouchDevelop knew TypeScript and the thought of creating a new compiler for a sort-of-Python, frankly, gave us the collywobbles.

Ultimately, designing and creating something Python-ish to work on TouchDevelop appeared to be impossibly difficult (or difficultly impossible, depending on how you looked at it) for a handful of volunteers working in their spare time in an unfamiliar language.

It was at this time that something amazing happened.

I was at a partner's meeting at the BBC and, quite by accident, struck up a tea-break conversation with "Jonny from ARM, pleased to meet you". It turned out that Jonny is a fellow geek, but one that inhabits a different layer of the computing stack (I generally work in high level languages like Python or JavaScript, Jonny feels more at home close to the bare metal hacking hardware).

After we'd figured out the above, Jonny asked, "have you ever heard of MicroPython?" (MicroPython is a full re-implementation of Python 3 for microcontrollers used in small devices such as the micro:bit).

Original Submission

darkfeline writes:

Ars Technica UK has an informative article about how zero-day vulnerabilities are actually used in practice, who buys them, and the state of the zero-day market cum regulations.

How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.

Everything about the zero-day market, from research and discovery through disclosure and active exploitation, is predicated upon this fear of the unknown—a fear that has been amplified and distorted by the media. Is the world really at threat of destabilisation due to lone-wolf hackers digging up vulnerabilities in popular software packages and selling them to whichever repressive government offers the most money? Or is it just a classic case of the media and megacorp lobbyists focusing on the sexy, scary, offensive side of things, and glossing over the less alluring aspects?

And then what about legislation and regulation of zero-days? In most countries, there are scant legal mechanisms for discouraging or punishing the discovery of new zero-days. There are even fewer laws and directives dictating how zero-days should be responsibly disclosed. It isn't that lawmakers aren't aware of these problems, it's just that there isn't an easy solution. How do you craft a law that allows some research groups to keep on digging for vulnerabilities while at the same time blocking the black hats? What if the government's idea of "responsible disclosure" means disclosing all vulnerabilities to GCHQ or the NSA?

Recently, Europe began discussing how best to interpret the Wassenaar Arrangement—an agreement between 41 countries that was originally designed to limit the proliferation of physical, military weapons to non-desirables—when it applies to the proliferation of surveillance software, intrusion tools, and zero-day software vulnerabilities. In the US, the Senate is set to vote on the Cybersecurity Information Sharing Act as soon as today [20 Oct]. The legislation would expand the Computer Fraud and Abuse Act to include security research. The US is trying to decide how to interpret Wassenaar when it comes to the exporting of intrusion software and zero-days too.

Original Submission

Phoenix666 writes:

Do you trust online reviews? Now that Amazon is suing more than 1,000 people who allegedly offered to write glowing product reviews for cash, you might reasonably be concerned.

Turns out, deceptive reviews are commonplace online—and so are doubts about them. The research organization Mintel found that 57 percent of surveyed consumers are suspicious of companies or products that only have positive online reviews. And 49 percent believe companies probably give incentives for online reviews.

Fortunately, there are a few good techniques that can help you tell truth from fiction.

The article lists several ways to tell the difference. What are yours?

Original Submission

Phoenix666 writes:

A new energy-efficient organic LED (OLED) that glows a deep blue is finally close to meeting the most stringent U.S. video display brightness requirements, researchers say.

OLEDs have enabled a new generation of bright, high-quality, low-cost, power-efficient, flexible, lightweight flat panel displays. Each pixel in an OLED display typically consists of red, green, and blue OLEDs that shine with different brightnesses to produce any desired color.

Phosphorescent OLEDs (PHOLEDs) use only one quarter the energy of conventional OLEDs. Green and red PHOLEDs are already used in smartphones and TVs, leading to longer battery lives and lower electricity bills, but developing the kind of bright deep blue PHOLEDs needed for video displays has proven challenging.

Now scientists have developed what they say are the brightest deep blue PHOLEDs reported so far, work sponsored by Universal Display Corporation and the U.S. Air Force. The researchers added their new lights nearly meet the most stringent requirements of the National Television Systems Committee (NTSC), the video standards used across most of the Americas.

Original Submission

Phoenix666 writes:

History and science collided at the University of Virginia on Friday, when the school announced the discovery of a hidden chemistry lab amid ongoing renovations of its historic Rotunda building.

The room offers a glimpse into the way science was taught in the mid-19th century, as well as to the role of Thomas Jefferson – who founded the university in 1819 – in facilitating the shift from religion to science as a central principle of higher education in the United States.

"It really is the beginning of the teaching of science" as fundamental, said Jody Lahendro, a supervisory historic preservation architect for UVA. "The Enlightenment, changing the viewpoint of the world."

[...] "This may be the oldest intact example of early chemical education in this country," said Brian Hogg, senior historic preservation planner in the Office of the Architect for the University.

Original Submission

darkfeline writes in with this story from Ars Technica:

Four years ago, about a dozen credit cards equipped with chip-and-PIN technology were stolen in France. In May 2011, a banking group noticed that those stolen cards were being used in Belgium, something that should have been impossible without the card holders inputting their PINs. That's when the police got involved. The police obtained the international mobile subscriber identity (IMSI) numbers present at the locations where the cards were used and at the times they were used, and then they correlated those IMSI numbers to SIM cards.

Using that information, the police were able to arrest a 25-year-old woman carrying a large number of cigarette packs and scratchers, which were apparently intended for resale on the black market. After her arrest, four more members of the fraud ring were identified and arrested. That number included the engineer who was able to put together the chip card hacking scheme that a group of French researchers call "the most sophisticated smart card fraud encountered to date."

25 stolen cards, specialized equipment, and €5,000 (approximately $5,660) in cash was seized. Ultimately police said about €600,000 (or $680,000) was stolen as a result of the card fraud scheme, spanning 7,000 transactions using 40 cards.

Phoenix666 writes:

MOOCs — massive open online courses — grant huge numbers of people access to world-class educational resources, but they also suffer high rates of attrition.

To some degree, that's inevitable: Many people who enroll in MOOCs may have no interest in doing homework, but simply plan to listen to video lectures in their spare time.

Others, however, may begin courses with the firm intention of completing them but get derailed by life's other demands. Identifying those people before they drop out and providing them with extra help could make their MOOC participation much more productive.

[...] Last week, at the International Conference on Artificial Intelligence in Education, MIT researchers showed that a dropout-prediction model trained on data from one offering of a course can help predict which students will stop out of the next offering. The prediction remains fairly accurate even if the organization of the course changes, so that the data collected during one offering doesn't exactly match the data collected during the next.

Any MOOC alumni care to comment?

Original Submission