SoylentNews

CS-batman writes:

Adrian Colyer presents a whitepaper by Wressnegger et al. on bugs caused by 32 to 64 bit transition. The paper deals specifically with going from the ILP32 data model used by Win32 and Linux, to the LLP64 (Win64) and LP64 (Linux) data models.

They did also find genuine vulnerabilities among those issues, in every single area the theory predicted they might exist. These include vulnerabilities in high profile projects such as Google's Chromium, the GNU C Library, the Linux Kernel, and the Boost C++ Libraries. The paper contains case studies in each of these areas.

Lots of people have studied integer-based flaws, but this is the first work to consider those introduced solely from the migration to 64-bit. Another thing to add to the ever-growing worry list!

I think if somebody is being careless this might sound unintuitive. Also it's always nice to see real life results that corroborate theory.

Original Submission

An Anonymous Coward writes:

Tails version 2.7 has been released: https://tails.boum.org/news/version_2.7/index.en.html
- Download: https://tails.boum.org/install/download/openpgp/index.en.html

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:

• use the Internet anonymously and circumvent censorship;
• all connections to the Internet are forced to go through the Tor network;
• leave no trace on the computer you are using unless you ask it explicitly;
• use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

https://tails.boum.org/about/index.en.html

[Editor's Comment: We know that Tails was very popular with our community in the earlier days of the site, however we have no information regarding current usage. Does the community want to know when Tails updates occur? Let us know your views please (post as AC if you wish). If there is a poor response we will stop publicising updates - so let us know!]

Original Submission

aristarchus writes:

The fallout of the American Presidential election of 2016 continues, and many are concerned about what the eventual consequences will be. One potential member of a Trump administration has many more worried than not. Observe:

One wonders about the temperament of the President-Elect, but even more about the basket of, um, unemployed, that swarm around him seeking positions in the new administration. Peter Thiel is well know for having bankrupted Gawker over the Hulk Hogan affair, but for personal reasons.

But Thiel did not bankroll Hogan's lawsuit in a show of fraternity. He had nurtured a grudge since December 2007, when Gawker published an article entitled, "Peter Thiel is totally gay, people." Thiel condemned Gawker for publicly outing him, though the site contended that he had already disclosed his sexuality to those in his social sphere. Although Thiel referred to Gawker as "a singularly terrible bully," he did not pursue legal action. Instead, his rancor smoldered until, nine years later, he landed a belated—but fatal—blow.

What might such vindictiveness accomplish with more than millions of dollars, but the full faith and credit of the United States, if it sought to silence criticism, whistle-blowing, truth-telling and journalism? Should Soylentils be worried?

Original Submission

Phoenix666 writes:

As Rosetta's comet approached its most active period last year, the spacecraft spotted carbon dioxide ice – never before seen on a comet – followed by the emergence of two unusually large patches of water ice.

The carbon dioxide ice layer covered an area comparable to the size of a football pitch, while the two water ice patches were each larger than an Olympic swimming pool and much larger than any signs of water ice previously spotted at the comet.

The three icy layers were all found in the same region, on the comet's southern hemisphere.

Is the Earth picking up CO2 and water vapor from the comet, or is the comet picking up CO2 and water vapor from the Earth?

Original Submission

Phoenix666 writes:

Since social scientists and economists began measuring poverty, the definition has never strayed far from a discussion of income.

New research from Georgia Tech economist Shatakshee Dhongde shows there are multiple components of poverty that more accurately describes a household's economic condition. Dhongde looks at "deprivation" more than simply low income, and her work finds that almost 15 percent of Americans are deprived in multiple dimensions.

"This study approaches poverty in a new way," said Dhongde, who recently published "Multi-Dimensional Deprivation in the U.S." in the journal Social Indicators Research.

"We tried to identify what is missing in the literature on poverty, and measure deprivation in six dimensions: health, education, standard of living, security, social connections, and housing quality. When you look at deprivation in these dimensions, you have a better picture of what is really going on with households, especially in developed countries like the United States."

Original Submission

n1 writes:

TeleSUR reports:

A U.K.-based human rights organization has urged Britons living in the United Arab Emirates to not report incidents of rape or sexual assaults following the case of a British woman who was allegedly gang raped in Dubai and after reporting it was arrested and charged with "extramarital sex" charges.

[...] The organization Detained in Dubai, which provides legal assistance to foreign people arrested in the UAE regardless of their citizenship and financial status, has already launched a petition at Change.org, urging authorities to take action on the matter.

[...] Radha Stirling, a U.S. citizen founder of the charity, said to The Independent that following the recent case – as well as a number of other shocking incidents in recent years where rape victims have been detained in the UAE – she advises British tourists not to report crime.

Human rights organizations have asked the UAE monarchies to match their country's great economic growth and tourism potential with changes to its legal system to improve and develop the legal rights and process.

From guide2dubai.com:

In 2013, the total population of UAE was recorded to be 9.2 million. Out of the 9.2 million, the expatriates contributed to around 7.8 million with the Emirati Nationals holding a population share of 1.4 million. [...] South Asian countries alone contributes to around 58% of the total population of UAE. The western population shares to around 8% of the overall population of the country.

Original Submission

mrpg writes:

The Internet Association, a group of internet-related companies including Amazon, Dropbox, Facebook, Google, Netflix, and many others has released a roadmap of policy areas for the incoming administration and Congress.

The roadmap's opening letter begins by congratulating President-elect Trump and goes on to say:

Our country's foundation of digital entrepreneurship flows from policy decisions the United States government made long ago to encourage continued innovation and a vibrant e-commerce marketplace. These policies have allowed the internet industry to flourish in the U.S. and to export our products and services worldwide.

[...] Included with this letter is a roadmap of key policy areas that have allowed the internet to grow, thrive, and ensure its continued success and ability to create jobs throughout our economy. The internet industry looks forward to engaging in an open and productive dialogue. Thank you for your consideration of the following policy priorities.

Most of the positions discussed in the roadmap are exactly the sort of policies we, as technical people, support. They include:

• Intermediary Liability
• Copyright
• Privacy and Data Security
• Trade and Global Internet Policy
• Surveillance Reform
• Patent Reform
• Enhance U.S. STEM and Computer Science Education

Press release

Original Submission

Phoenix666 writes:

From an article in PC World:

U.S. lawmakers introduced legislation to delay the coming into force on Dec. 1 of a rule change that aims to expand the government's ability to search computers and other digital devices across many jurisdictions with a single warrant.

The Review the Rule Act aims to delay for discussion proposed amendments to rule 41 of the Federal Rules of Criminal Procedure until July 1 next year. The changes to the rule were upheld by the Supreme Court in April, and if Congress doesn't act to the contrary, they will go into effect on Dec. 1.

The modified rule would remove the current prohibition with some exceptions on a federal judge issuing a search warrant outside of the judge's district, so as to enable the remote search by law enforcement of computers whose locations are concealed using technology such as anonymizing techniques. The changes in rule 41 were proposed by the Advisory Committee on the Rules of Criminal Procedure at the request of the Justice Department.

Original Submission

Phoenix666 writes:

A national survey of consumer attitudes towards plug-in electric vehicles suggests that people would prefer control to convenience in many charging scenarios, and also that renewable energy sources are an important component.

The survey, released today by researchers Brandon Schoettle and Michael Sivak of the University of Michigan Transportation Research Institute, includes responses from 542 people. Although a majority of the participants have never owned or ridden in an electric vehicle, 17 percent had some prior experience with the technology.

Among the report's findings:

• To manage the costs and electricity demand at home, 73 percent of people would elect optimized charging vs. on-demand charging. Optimized charging allows the system to manage and plan vehicle charging, for example, charging at off-peak times.
• A majority of 65 percent said they'd prefer to prioritize renewable energy sources rather than settle for standard optimized charging.
• Nearly all—84 percent—would like to be able to "reverse charge," or feed electricity from their vehicle back to the public grid in exchange for reduced rates or other compensation. Reverse charging could also help reduce power plants' load during peak times.

"We noticed that people tend to prefer the things that give them the most control, rather than the most convenience," Schoettle said. "For example, respondents seemed to think that a traditional cable was the best way to recharge, even though inductive wireless charging could enable a self-fueling vehicle. A person wouldn't be required."

Original Submission

-- OriginalOwner_ writes:

The Daily Northwestern reports

The Illinois Senate voted 38-18 on [November 16] to override Gov. Bruce Rauner's veto of an automatic voter registration bill.

The bill [...] would automatically register voters who are seeking a new or updated license, or who are seeking other services from state departments such as Human Services or Healthcare and Family Services.

[...]The only two things a citizen should need to vote is being 18 years old and a citizen.

[...]The bill received bipartisan support when it passed through the House by a vote of 86-30 and the Senate with a vote of 42-16.

[...]To fully override Rauner's veto, the Illinois House will also have to vote to override, but it will not back in session until Nov. 29.

More information on Automatic Voter Registration can be found here.

Original Submission

Phoenix666 writes:

In November, the Paris Climate Agreement goes into effect to reduce global carbon emissions. To achieve the set targets, experts say capturing and storing carbon must be part of the solution. Several projects throughout the world are trying to make that happen. Now, a study on one of those endeavors, reported in the ACS journal Environmental Science & Technology Letters, has found that within two years, carbon dioxide (CO2) injected into basalt transformed into solid rock.

Lab studies on basalt have shown that the rock, which formed from lava millions of years ago and is found throughout the world, can rapidly convert CO2 into stable carbonate minerals. This evidence suggests that if CO2 could be locked into this solid form, it would be stowed away for good, unable to escape into the atmosphere. But what happens in the lab doesn't always reflect what happens in the field. One field project in Iceland injected CO2 pre-dissolved in water into a basalt formation, where it was successfully stored. And starting in 2009, researchers with Pacific Northwest National Laboratory and the Montana-based Big Sky Carbon Sequestration Partnership undertook a pilot project in eastern Washington to inject 1,000 tons of pressurized liquid CO2 into a basalt formation.

After drilling a well in the Columbia River Basalt formation and testing its properties, the team injected CO2 into it in 2013. Core samples were extracted from the well two years later, and Pete McGrail and colleagues confirmed that the CO2 had indeed converted into the carbonate mineral ankerite, as the lab experiments had predicted. And because basalts are widely found in North America and throughout the world, the researchers suggest that the formations could help permanently sequester carbon on a large scale.

Similar results were found in Iceland.

Does injecting CO2 into rock really make more sense than not putting it into the atmosphere in the first place?

Original Submission

Phoenix666 writes:

Most IT people are somewhat familiar with Wireshark. It is a traffic analyzer, that helps you learn how networking works, diagnose problems and much more.

One of the problems with the way Wireshark works is that it can’t easily analyze encrypted traffic, like TLS. It used to be if you had the private key(s) you could feed them into Wireshark and it would decrypt the traffic on the fly, but it only worked when using RSA for the key exchange mechanism. As people have started to embrace forward secrecy this broke, as having the private key is no longer enough derive the actual session key used to decrypt the data. The other problem with this is that a private key should not or can not leave the client, server, or HSM it is in. This lead me to coming up with very contrived ways of man-in-the-middling myself to decrypt the traffic(e.g. sslstrip or mitmproxy).

Session Key Logging to the Rescue!

Well my friends I’m here to tell you that there is an easier way! It turns out that Firefox and Chrome both support logging the symmetric session key used to encrypt TLS traffic to a file. You can then point Wireshark at said file and presto! decrypted TLS traffic.

Original Submission

martyb writes:

Scientists at Penn State are reporting that Cosmic Whistle Packs a Surprisingly Energetic Punch:

Penn State astronomers have discovered that the mysterious "cosmic whistles" known as fast radio bursts can pack a serious punch, in some cases releasing a billion times more energy in gamma-rays than they do in radio waves and rivaling the stellar cataclysms known as supernovae in their explosive power. The finding, published Nov. 11 in Astrophysical Journal Letters, is the first-ever finding of non-radio emission from any fast radio burst. It drastically raises the stakes for models of fast radio bursts and is expected to further energize efforts by astronomers to chase down and identify long-lived counterparts to fast radio bursts using X-ray, optical, and radio telescopes.

[...] "This discovery revolutionizes our picture of FRBs, some of which apparently manifest as both a whistle and a bang," said coauthor Derek Fox, a Penn State professor of astronomy and astrophysics. The radio whistle can be detected by ground-based radio telescopes, while the gamma-ray bang can be picked up by high-energy satellites like NASA's Swift mission. "Rate and distance estimates for FRBs suggest that, whatever they are, they are a relatively common phenomenon, occurring somewhere in the universe more than 2,000 times a day."

[...] Discovery of the gamma-ray "bang" from FRB 131104 was made possible by NASA's Earth-orbiting Swift satellite, which was observing the exact part of the sky where FRB 131104 occurred as the burst was detected by the Parkes Observatory radio telescope in Parkes, Australia.

[...] The bright gamma-ray emission from FRB 131104 suggests that the burst, and others like it, might be accompanied by long-lived X-ray, optical or radio emissions. Such counterparts are dependably seen in the wake of comparably energetic cosmic explosions, including both stellar-scale cataclysms — supernovae, magnetar flares, and gamma-ray bursts — and episodic or continuous accretion activity of the supermassive black holes that commonly lurk in the centers of galaxies.

In fact, Swift X-ray and optical observations were carried out two days after FRB 131104, thanks to prompt analysis by radio astronomers (who were not aware of the gamma-ray counterpart) and a nimble response from the Swift mission operations team, headquartered at Penn State. In spite of this relatively well-coordinated response, no long-lived X-ray, ultraviolet or optical counterpart was seen.

The full article is paywalled (pdf) but an abstract is available: DISCOVERY OF A TRANSIENT GAMMA-RAY COUNTERPART TO FRB 131104. The Astrophysical Journal, 2016; 832 (1): L1 DOI: 10.3847/2041-8205/832/1/L1

Original Submission

GNUbie writes:

Hannes Grassegger contemplates the themes of Big Data and the price of free in this essay (and his book). Probably most of that will be familiar to fellow Soylentils but I think it made a surprisingly refreshing read anyways. Now would be a great time to cut the cord, stop feeding the monsters.

Original Submission

driven writes:

A CBC investigative series is reporting:

Most Canadians feel strongly about their right to privacy online, but a new poll shows the vast majority are willing to grant police new powers to track suspects in the digital realm — so long as the courts oversee the cops.

Nearly half of the respondents to an Abacus Data survey of 2,500 Canadians agreed that citizens should have a right to complete digital privacy. But many appeared to change their mind when asked if an individual suspected of committing a serious crime should have the same right to keep their identity hidden from police.

Respondents were significantly more willing to grant police powers if a court order was required.

Police used to request subscriber information hundreds of thousands of times a year, but that changed in 2014, when the Supreme Court ruled that in the absence of a specific law, police requests to phone and internet companies amount to a search and therefore require a warrant.

Police compare it to looking up licence plate information, which doesn't require permission from a judge.

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

In yet another example that nostalgia is one hell of a drug, the newly released $60 dollar Famicom Classic Mini (the Japanese version of the NES Classic) has managed to sell like hot cakes in Nintendo's native country of Japan.

According to a report by MCV based on sales figures provided by Japanese games website Famitsu, the tiny NES Classic Mini has sold over 263k units in its first 4 days on store shelves. The little machine has a host of classic NES games installed on its hard drive and is sure to be a blast from the past for everyone who grew up in the early-to-mid-90s.

[...] The NES Classic Mini launched in Western territories on November 11 and has since gone on to sell out in many stores thanks to Nintendo's limited supply, which has led to third party sellers increasing the price of the device as the consumer demand for the console remains higher than the current supply.

Source: TechRaptor

Original Submission