SoylentNews

martyb writes:

Our recent story, More Than 800 Languages in a Single Typeface: Noto got me to thinking about the fonts that I currently use. And where, and why. And to wondering what fonts my fellow Soylentils use. I've explored different options over the years and this seems to be as good a time as any to revisit my choices. Why not learn from the collected experience of the community?

For my PC, I've got a 1920x1200 monitor plugged into a laptop. Some font choices I've made are simply from inertia having just defaulted to whatever was available "way back when" and a lack of desire to change. Like in a CMD.EXE window, my default choice is an "8x12 Raster Font" (on a 192x66 character window). When writing code in Emacs, I use "Lucida Console". There are two other applications where I seem to spend the most of my time on my home system. First, my browser (Pale Moon 26.5.0 x86) where I have selected "Serif", "Times New Roman", "Arial Unicode MS", and "Courier New". My other highly-used program is HexChat where I've loaded "Unifont Upper CSUR" (Available at unifoundry.com). I tested the implementation of Unicode support on SoylentNews and needed access to a font with more complete code coverage. It is especially convenient as it provides relatively complete coverage in a single font file.

I have an older Android phone and use the default fonts in Chrome when browsing. The rest of the phone UI, is whatever default it came with, too. I do tend to select the smallest font size available so I can maximize the amount of information displayed on the screen at one time.

<rant>One pet peeve of mine is how often a font makes it hard to distinguish between "tom" and "torn" where the letter spacing between "r" and "n" is so small that it is nearly indistinguishable from "m".</rant>

So, my case is not terribly exciting — I'm more of a pragmatist who looks for whatever provides the largest amount of legible text on my display. I make the best choice I can from the available options at the time — and if what I find is "good enough", then I tend to run with that until I learn of something better becoming available.

So, given the arrival of the Noto fonts, I've gotten the thought it may be time for me to reappraise my font choices. What fonts do you use? What do you most like about them? Dislike? (If you got the font from the web, please provide a URL so others may download and try them, too.)

Original Submission

Crypto Needs More Transparency, Researchers Warn

Arthur T Knackerbracket has found the following story:

Researchers with at the French Institute for Research in Computer Science and Automation (INRIA) and the University of Pennsylvania have called for security standards-setters to publish the seeds for the prime numbers on which their standards rely.

The boffins also demonstrated again that 1,024-bit primes can no longer be considered secure, by publishing an attack using "special number field sieve" (SNFS) mathematics to show that an attacker could create a prime that looks secure, but isn't.

Since the research is bound to get conspiracists over-excited, it's worth noting: their paper doesn't claim that any of the cryptographic primes it mentions have been back-doored, only that they can no longer be considered secure.

"There are opaque, standardised 1024-bit and 2048-bit primes in wide use today that cannot be properly verified", the paper states.

Joshua Fried and Nadia Heninger (University of Pennsylvania) worked with Pierrick Gaudry and Emmanuel Thomé (INRIA at the University of Lorraine) on the paper, here.

They call for 2,048-bit keys to be based on "standardised primes" using published seeds, because too many crypto schemes don't provide any way to verify that the seeds aren't somehow back-doored.

NSA Could Put Undetectable "Trapdoors" in Millions of Crypto Keys

Phoenix666 writes:

Researchers have devised a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and Internet servers. The feat allows hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners.

The technique is notable because it puts a backdoor—or in the parlance of cryptographers, a "trapdoor"—in 1,024-bit keys used in the Diffie-Hellman key exchange. Diffie-Hellman significantly raises the burden on eavesdroppers because it regularly changes the encryption key protecting an ongoing communication. Attackers who are aware of the trapdoor have everything they need to decrypt Diffie-Hellman-protected communications over extended periods of time, often measured in years. Knowledgeable attackers can also forge cryptographic signatures that are based on the widely used digital signature algorithm.

As with all public key encryption, the security of the Diffie-Hellman protocol is based on number-theoretic computations involving prime numbers so large that the problems are prohibitively hard for attackers to solve. The parties are able to conceal secrets within the results of these computations. A special prime devised by the researchers, however, contains certain invisible properties that make the secret parameters unusually susceptible to discovery. The researchers were able to break one of these weakened 1,024-bit primes in slightly more than two months using an academic computing cluster of 2,000 to 3,000 CPUs.

Original Submission #1  Original Submission #2 

Phoenix666 writes:

The pre-industrial atmosphere contained more particles, and so brighter clouds, than we previously thought. This is the latest finding of the CLOUD experiment, a collaboration between around 80 scientists at the CERN particle physics lab near Geneva. It changes our understanding of what was in the atmosphere before humans began adding pollution – and what it might be like again in the future.

Most cloud droplets need tiny airborne particles to act as "seeds" for their formation and growth. If a cloud has more of these seeds, and therefore more droplets, it will appear brighter and reflect away more sunlight from the Earth's surface. This in turn can cool the climate. Therefore understanding the number and size of particles in the atmosphere is vital to predicting not only how bright and reflective the planet's clouds are, but what global temperatures will be.
...
The CLOUD experiment at CERN also recently discovered that gases emitted by trees can stick together to make new seeds for clouds in the atmosphere – without needing any help from other pollutants as was previously thought. Scientists had thought that the cloud seeds needed sulphuric acid (often mixed with other compounds) or iodine molecules to stick together to initiate the process.

In our new follow-up study, published in PNAS, we worked with other CLOUD scientists to simulate this process in the atmosphere. Our work suggests that even today trees produce a large fraction of cloud seeds over the cleanest forested parts of the world.

More trees means more clouds, which means cooler Earth.

Original Submission

"exec" writes:

The fun starts on the 16th and will climax as Schiaparelli lander touches down next Wednesday

http://www.theregister.co.uk/2016/10/11/exomars_arrival/

Grab some popcorn, space enthusiasts, because this coming weekend the joint European Space Agency/Roscosmos "ExoMars" mission will arrive at Mars.

ExoMars broke the surly bonds of Earth last March and has since proven itself capable of taking photos and sending them home on a 2 Mbit/s link.

Now for the hard part.

The mission comprises two sub-missions. The first, the Schiaparelli lander, will separate from ExoMars on Sunday, October 16th. It will then spend three days circling Mars before making a six-minute descent to its surface. Schiaparelli is billed as a "landing demonstrator" that will "will test a range of technologies to enable a controlled descent and landing on Mars in preparation for future missions, including a heatshield, a parachute, a propulsion system and a crushable structure."

The heatshield is designed to help the survive its passage through the Martian atmosphere at an expected initial speed of 21,000km/hr. A pair of parachutes will then slow things further, before the propulsion system – rockets – lower it to just a couple of meters above Mars' surface. At that point the rockets will cut off and the "crushable structure" should absorb the impact.

The Entry and Descent Module Descent Camera (DECA) should shoot the whole thing.

The lander bears what the ESA calls a "small science package" that can measure "wind speed, humidity, pressure and temperature at its landing site, as well ... measurements of electric fields on the surface of Mars that may provide insight into how dust storms are triggered."

-- submitted from IRC

Original Submission

Arthur T Knackerbracket has found the following story:

More than 25 previously unpublished "Dead Sea Scroll" fragments, dating back 2,000 years and holding text from the Hebrew Bible, have been brought to light, their contents detailed in two new books.

The various scroll fragments record parts of the books of Genesis, Exodus, Leviticus, Deuteronomy, Samuel, Ruth, Kings, Micah, Nehemiah, Jeremiah, Joel, Joshua, Judges, Proverbs, Numbers, Psalms, Ezekiel and Jonah. The Qumran caves ― where the Dead Sea Scrolls were first discovered ― had yet to yield any fragments from the Book of Nehemiah; if this newly revealed fragment is authenticated it would be the first.

Scholars have expressed concerns that some of the fragments are forgeries. [See Photos of the Dead Sea Scrolls Fragments]

These 25 newly published fragments are just the tip of the iceberg. A scholar told Live Science that around 70 newly discovered fragments have appeared on the antiquities market since 2002. Additionally, the cabinet minister in charge of the Israel Antiquities Authority (IAA), along with a number of scholars, believes that there are undiscovered scrolls that are being found by looters in caves in the Judean Desert. The IAA is sponsoring a new series of scientific surveys and excavations to find these scrolls before looters do.

Original Submission

butthurt writes:

The FreeBSD project has announced a new stable version of the FreeBSD operating system. The announcement says that initial builds were "withdrawn" due to "several last-minute issues" and that

Among the changes are a new version of OpenSSH which no longer supports version 1 of the SSH protocol, support for 802.11n Wi-Fi, a port to 64-bit ARM processors, and graphics support in the bhyve hypervisor.

further reading:
errata
release notes
fossbytes

Original Submission

Arthur T Knackerbracket has found the following story:

An immunotherapy drug has been described as a potential "game-changer" in promising results presented at the European Cancer Congress.

In a study of head and neck cancer, more patients taking nivolumab survived for longer compared with those who were treated with chemotherapy. In another study, combining nivolumab with another drug shrank tumours in advanced kidney cancer patients.

Immunotherapy works by harnessing the immune system to destroy cancer cells.

Advanced head and neck cancer has very poor survival rates.

In a trial of more than 350 patients, published in the New England Journal of Medicine, 36% treated with the immunotherapy drug nivolumab were alive after one year compared with 17% who received chemotherapy. Patients also experienced fewer side effects from immunotherapy.

The benefits were more pronounced in patients whose tumours had tested positive for HPV (human papillomavirus). These patients survived an average of 9.1 months with nivolumab and 4.4 months with chemotherapy.

Normally, this group of patients, with advanced or treatment-resistant tumours, are expected to live less than six months.

Early data from a study of 94 patients with advanced kidney cancer showed that the double hit of nivolumab and ipilimumab resulted in a significant reduction in the size of tumours in 40% of patients. Of these patients, one in 10 had no sign of cancer remaining. This compares with 5% of patients showing tumour reduction after standard therapy.

[...] As yet, nivolumab has only been approved for treating skin cancer and in June it became one of the fastest medicines ever approved for NHS use, in combination with ipilimumab, for the same cancer. Nivolumab and ipilimumab both work by interrupting the chemical signals that cancers use to convince the immune system they are healthy tissue.

Original Submission

"exec" writes:

Depending on who you ask, right now JavaScript is either turning into a modern, reliable language, or a bloated, overly complex dependency hell. Or maybe both?

What's more, there's just so many options: Do you use React or Angular 2? Do you really need Webpack? And what's this month's recommended way of dealing with CSS?

Like you, I spent far too many hours reading about all this, and at the end I still wasn't sure. So I decided to create a survey to see what everybody else thought. It seems like I must've hit a nerve, because I got over 9000 answers in just over two weeks!

Further down in the article, the survey results are listed, though not in an easily scrape-able format. Oddly enough, the site degrades gracefully, and does not require Javascript to be enabled.

http://stateofjs.com/2016/introduction/

-- submitted from IRC

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Twitter shareholder Doris Shenwick has filed a lawsuit against the social media company. The suit claims that Twitter made misleading statements about its expected growth in order to artificially inflate the value of its stock. The suit is seeking approval for class-action status, which would allow anyone who purchased Twitter stock between February 6, 2015 and July 28, 2015 to join the lawsuit.

In November of 2014, the company stated that the number of monthly active users (MUA [sic]) was expected to grow to 500 million in the intermediate term and to over 1 billion in the long term. In February of 2015, a shareholder report for Q4 of 2014 showed lower growth than expected, which the company attributed to quarter specific factors. However, the report still had a high expectations for future growth and announced several new initiatives to increase its users and their engagement. As a result of this report, Twitter stock rose 17% within 24 hours.

However, in April and July of 2015, Twitter released two disappointment quarterly reports in a row, showing that user growth was basically flat, and expectations for future growth had been significantly lowered. As a result, Twitter stock plummeted.

However, the lawsuit doesn't consider Twitter to be merely mistaken or overoptimistic in its earlier predictions. Instead, the company is accused of making misleading statements to defraud investors. The suit claims that new products and initiatives mentioned in the February report were having no significant effect on user growth, and Twitter executives knew this when they made the report.

Source: https://techraptor.net/content/twitter-sued-by-shareholder-over-growth-predictions

Original Submission

Arthur T Knackerbracket has found the following story:

Despite reporting a worldwide profit of $6.19bn (£4.97bn), accounts for the social network's British holding company show that it ended the year with a £11.3m tax credit, compared to a charge of £4,327 in the prior year.

Although Facebook UK did pay £4.17m in corporation tax for the year to December, accounts just filed at Companies House show that it ended 2015 in credit thanks to accounting rule changes.

The disclosures are likely to reignite the row over the amount of tax paid by large US multi-nationals in the UK, following recent comments on the subject by the Prime Minister.

The credit is the result of Facebook being able to offset some £15.5m of payments linked to its bonus scheme, meaning it ended the year with an £11.3m tax credit.

Although that does not mean HMRC (Her Majesty's Revenue and Customs) owes that amount to Facebook, the San-Francisco technology company will be able to use that credit to offset against tax due on future profits.

The entirely legal deferrals link to changes in HMRC's own accounting rules which Facebook adopted for the first time in the 2015 financial year.

This compared to £28.48m on sales of £104.9m in the prior year. For that year, Facebook paid £4,327 of corporation tax.

Losses after tax stood at £41.17m in 2015 from £28.5m in the prior year.

That loss came in part because Facebook paid £71m towards a share-based bonus scheme, the equivalent of £104,105 for every member of its UK workforce. The bonus payment equated to £35m in the prior year.

Last week, Theresa May used her speech at Conservative Party conference to highlight the issue.

In what was seen as a thinly veiled attack on Facebook and Apple, she said she was putting people in positions of power on notice that a "change must come."

"It doesn't matter to me who you are. If you're a tax-dodger, we're coming after you," she promised.  "An economy that works for everyone is one where everyone plays by the same rules.

Original Submission

Arthur T Knackerbracket has found the following story:

Nauto currently produces a $400 aftermarket camera- and sensor-equipped device that attaches to a car's windshield to analyze driver behavior. According to Reuters, the device is part-dash cam—snapping footage and tagging "events" like accidents—and part-driver monitor—detecting possible driver distraction in the car like drinking or texting. Nauto then collects and anonymizes this information to draw conclusions about driver habits, intersections, and congestion in certain areas.

The company, which was founded just last year, has so far geared its product toward managers of commercial and passenger fleets who want more information about their drivers and the routes they take.

But the partnership with Allianz Ventures is particularly interesting because better and cheaper tech, as well as autonomy in vehicles, both have the potential to change the insurance industry. As dash cams and driver monitoring systems like Nauto's become less expensive, insurance companies can use that footage to assess driver behavior and tailor their rates accordingly. But with the advent of the fully self-driving car, who pays for insurance becomes a different question.

Original Submission

Arthur T Knackerbracket has found the following story:

After being pinged by Mozilla for issuing backdated SHA-1 certificates, Chinese certificate authority WoSign's owner has put the cleaners through the management of WoSign and StartCom.

Mozilla put WoSign and StartCom on notice at the end of September.

As part of its response, the company has posted around 200,000 certificates with the Google transparency log server as well as on its own CT log server, covering everything issued in 2015 and 2016, with a promise to expand that to "all certificates past and present".

In this discussion thread, Bugzilla lead developer Gervase Markham explains that people from WoSign's majority shareholder Qihoo 360 and StartCom met with Mozilla representatives last Tuesday in London.

WoSign's full response is here (PDF). In it, as summarised in the mailing list discussion by StartCom founder Eddy Nigg, the company promises to:

Qihoo 360 is taking the issue of backdated SHA-1 certs, in January 2016, as the most serious violation, and the reason for the executive re-organisation.

The incident report states: "Wosign is in process of making legal and personnel changes in both WoSign and StartCom to ensure that both WoSign and StartCom have leadership that understand and follow the standards of running a CA".

The incident report lists more than 60 backdated certificates, including the one issued to Australian-headquartered payments processor Tyro (The Register has previously contacted Tyro for comment, but received no response).

Original Submission

An Anonymous Coward writes:

A typeface five years in the making, Google Noto spans more than 100 writing systems, 800 languages, and hundreds of thousands of characters. A collaborative effort between Google and Monotype, the Noto typeface is a truly universal method of communication for billions of people around the world accessing digital content.

http://www.monotype.com/resources/case-studies/more-than-800-languages-in-a-single-typeface-creating-noto-for-google/

Google set Monotype a straightforward brief: "no more tofu" – tofu being the nickname for the blank boxes that are shown when a computer or site lacks font support for a particular character. To meet Google's requirement, Monotype needed to develop one typographic family that could cover the more than 800 languages included in the Unicode Consortium standard.

This mammoth effort required harmonious design and development of an unprecedented number of scripts, including several rare writing systems that had never been digitized before. "It was this really phenomenal, daunting project," says Google internationalization expert Bob Jung. "Looking back at it, I'm even surprised myself how ambitious we were."

"Our goal for Noto has been to create fonts for our devices, but we're also very interested in keeping information alive," he adds. "When it comes to some of the lesser-used languages, or even the purely academic or dead languages, we think it's really important to preserve them."

takyon: Ars Technica article and download page at Google.

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Saudi military base also targeted by missile fired deep inside the kingdom near holy city of Mecca.

Source: http://www.aljazeera.com/news/2016/10/navy-ship-targeted-missile-attack-yemen-161010034052132.html

A US Navy destroyer has been targeted in a failed missile attack from territory in Yemen controlled by Houthi rebels, a US military spokesman says.

In another attack, a ballistic missile launched from Yemen targeted a Saudi airbase near the Muslim holy city of Mecca, Saudi and rebel media reported Monday, the deepest strike yet into the kingdom by the rebels and their allies.

Two missiles failed to hit the US Navy ship after being launched on Sunday, Pentagon spokesman Captain Jeff Davis told Reuters news agency.

"USS Mason detected two inbound missiles over a 60-minute period while in the Red Sea off the coast of Yemen. Both missiles impacted the water before reaching the ship," he said. "There were no injuries to our sailors and no damage to the ship."

Lieutenant Ian McConnaughey, a Navy spokesman, said on Monday that it was unclear if the Mason was specifically targeted, though the missiles were fired in its direction.

The destroyer at the time of the missile fire was north of the Bab al-Mandeb Strait, which serves as a gateway for oil tankers headed to Europe through the Suez Canal, a defence official said.

[...] On Monday, Saudi state television broadcast a brief clip of what appeared to be a projectile landing in Taif and the flash of an explosion, followed by images of emergency vehicles.

Taif is home to Saudi Arabia's King Fahad Air Base, which hosts US military personnel training the kingdom's armed forces.

The Saudi military said the missile fired late on Saturday caused no damage. The US military's Central Command, which oversees troops in the Middle East, did not immediately respond to a request for comment.

Al-Masirah, a satellite news channel run by the Houthis, identified the missile as a local variant of a Soviet-era Scud missile. It said the Volcano-1 missile targeted the airbase.

Original Submission

Arthur T Knackerbracket has found the following story:

Microsoft's PowerShell feature "Just Enough Administration" (JEA) is, apparently, "way too much administration" according to researcher Matt Weeks.

In this write-up of JEA, root9B and Metasploit module developer Weeks says JEA profiles aren't much of a barrier, since people with JEA profiles can escalate themselves to sysadmin status. Cutting to the conclusion:

"Every JEA profile I had found Microsoft has published can be bypassed to obtain complete system administrative rights, most of them immediately, reliably, and without requiring any special configuration."

The idea with JEA is to provide granular administrative profile management – a good thing, if only it worked out that way.

By way of demonstration, Weeks provides a variety of examples in which capabilities in JEA are exploitable.

The Add-Computer "cmdlet", used to add a computer to a domain or change its domain, and which Weeks says is "a reliable vector to break the JEA security barrier, and escalate privileges to complete unrestricted system control".

His attack doesn't use any hacks-or-cracks stuff: it ends with the new computer pulling group policy from an attacker-controlled Domain Controller providing group policy settings.

Result? Success: the victim machine "will pull group policy settings from your new server, enabling you via a group policy configuration to change any setting, drop the firewall, execute any command as system via startup scripts or scheduled tasks, or directly log in as the domain admin. You have broken the 'security barrier' and have full unrestricted administrative control over the system."

Original Submission