SoylentNews

takyon writes:

Google has published some of the National Security Letters (NSLs) it has received from the FBI:

Google is providing for the first time a look into the world of national security letters -- demands from the Federal Bureau of Investigation to hand over details about account holders and keep quiet about it.

The letters are a part of business for Google and other major internet companies, but traditionally they have been barred from acknowledging the letters' existence. That changed in 2013 when, in light of revelations about Internet surveillance by U.S. intelligence agencies, Google and others started fighting to disclose more about the demands.

That led to the creation of Google's "transparency report," which revealed the company receives thousands of requests for user data each month from law enforcement agencies around the globe. The national security letters remained secret, but on Tuesday, Google published a handful that are no longer covered by nondisclosure rules.

Google has redacted the email addresses of the users targeted as well as the names of the FBI employees who made the requests, so don't expect anything exciting in the letters.

Original Submission

hubie writes:

The 114th Congress is wrapping up and though it will not be recognized as particularly productive. However, despite outward appearances, there were some truly bipartisan bills moving around. One of those was a bill to give the first meaningful overhaul of the National Oceanic and Atmospheric Administration (NOAA) in decades. It was to significantly bolster the ability to make medium-range forecasts (2 weeks to 2 years out) and it also addressed a number of issues that NOAA suffers from, such as an improvement in its hurricane and tornado research, it directed them to put sensors on subsea telecommunication cables to improve tsunami warnings, it expanded its efforts in uncovering prehistoric tsunamis, it ordered an evaluation of how well the public understands and responds to its cryptic system of "watch" and "warning" weather alerts, and it directed them to utilize weather data from outside their satellite system. The bill sailed through the Senate on 1 December and it was looking to do the same in the House until it became a victim of a regional water spat between Georgia, Florida and Alabama:

For decades, the states have battled over the Apalachicola River and its two tributaries, the Chattahoochee and Flint. In the 1950s, Georgia dammed the Chattahoochee to create Lake Lanier, which has fueled Atlanta's rapid growth. In Florida's view, this has reduced the freshwater reaching the Gulf of Mexico, causing brackish water and threatening oysters. The conflict has reached the highest levels, with the Supreme Court expected to rule next year on a lawsuit Florida has brought against Georgia.

When the bill was sent back to the House, a section was added by Senator Bill Nelson (D–FL) calling for a three-year study of the water management of the Apalachicola and on ways to improve the system with special emphasis on environmental protection. That addition drew the ire from the Georgia representatives, who viewed it as another attempt by Florida and Alabama to interfere in the dispute through congressional action and the bill was not brought up for a vote before the House adjourned for the remainder of the year. Because of the broad support for the bill, this is optimistically seen as a minor setback for science; however, since the bill did not make it to a vote by the end of the congressional session, it will have to start the whole legislative process over from scratch with the 115th Congress in January.

Original Submission

Fnord666 writes:

According to an article in BankInfo Security, Visa and Mastercard have given fuel pump terminal vendors an additional 3 years to add support for EMV.

Visa and MasterCard announced this week that they are pushing back their liability shift dates for counterfeit card fraud that results at non-EMV chip-compliant U.S. pay-at-the-pump gas terminals to October 2020 from October 2017.

That news is an early Christmas gift for convenience-store operators and the petrol industry, even though if it leaves issuers on the hook three years longer for counterfeit fraud that might result from a hack or skimming attack at self-serve gas pumps.

But I wonder how much fuss issuers will make about the extension. Counterfeit card fraud at gas pumps pales relative to retail point-of-sale and ecommerce fraud. And despite what we heard five years ago about pay-at-the-pump skimming reaching nearly "epidemic" proportions, we hear much less about it today. That's not to say it's gone away, by any means; but it no longer appears to be a looming epidemic

Visa and MasterCard made the right decision to give gas pumps a break on EMV. The question now is, will the three year extension be enough?

Original Submission

takyon writes:

AMD has released more details about its upcoming desktop CPUs:

For starters, it's no longer referred to by the architectural code-name "Zen," or by the desktop-specific implementation "Summit Ridge." Instead, you'll see those first CPUs show up on store shelves under the "Ryzen" brand. (As in, the company's CPU portfolio is reborn, or risen. Think of that what you will. [However, it is pronounced "Rye-zen".]) For now, it's distinct from the FX moniker, which just doesn't have the enthusiast cachet it did 13 years ago.

New features include:

• "Pure Power", which monitors temperature, speed, voltage, and power consumption in real time
• Clock speeds that can be adjusted by 25 MHz steps, rather than the typical 100 MHz increments of previous chips
• "Extended Frequency Range", an automated system for overclocking when cooling is sufficient
• A "true artificial network" for preloading instructions and prefetching data

AMD's Ryzen desktop chips are said to be on par with Intel's extreme/enthusiast chips such as the i7-6900K, for around half the price. The release date is still Q1 2017.

Previously: AMD Stock Jumps Ahead of Zen Preview and Licensing Rumors

Original Submission

takyon writes:

Apple is paying a $2 million pittance after losing a class action case brought by former Apple Store employees:

A California court has ruled in favor of Apple Store workers who accused the iPhone giant of trampling over their employment rights. It is a bittersweet victory. The trial jury yesterday awarded store staff $2m after Apple was found to have illegally denied them meal and rest breaks, and was late giving departing workers their final paychecks.

The class-action complaint was first filed in 2011 in the California State Court in San Diego by four former employees. It was later expanded to a class of more than 21,000 current and former workers who held jobs at the Apple Store as far back as 2007. Apple had been accused of a half-dozen violations of state labor laws, including California laws forbidding the failure to provide meal and rest breaks, full pay upon termination, and unfair business practices.

Lawsuit (PDF).

Original Submission

Arthur T Knackerbracket has found the following story:

Dell has admitted it violated United States sanctions against Iran.

The company has filed an IRANNOTICE and explained the violation in its latest Form 10Q.

The violation is not serious because the United States' sanctions are very broad, covering "goods, services, technology, information, or support" that could in any way help the nation to develop its petroleum resources. Forget doing anything that could help Iran go nuclear, too.

[...] Dell's violations occurred outside Iran: the 10Q reports that in the first half of 2016 the company sold "desktop computers, computer stands, and a server, and associated warranty support" to the Iranian embassies in Germany and France. The transactions secured "net revenue of approximately 4,998 Euros and realized net profits of approximately 1,231 Euros from the three sales."

[...] Dell's since dissolved those deals and won't provide further support.

Original Submission

takyon writes:

Executives for the online classified advertising website Backpage have seen the charges against them dismissed:

Last month, a California judge tentatively ruled that he would dismiss charges lodged by California's attorney general against Backpage.com's chief executive and two of its former owners. The tables seemed to turn after a November 16 hearing in which Sacramento County Superior Court Judge Michael Bowman decided against following his tentative ruling. But on Friday, the judge issued a final order that virtually mirrored the earlier one: charges dismissed.

[...] Judge Bowman agreed with the defendants, including former owners Michael Lacey and James Larkin, that they were protected, among other things, by the Communications Decency Act, and hence they were not liable for third-party ads posted by others.

"Congress struck a balance in favor of free speech in that Congress did not wish to hold liable online publishers for the action of publishing third-party speech and thus provided for both a foreclosure from prosecution and an affirmative defense at trial. Congress has spoken on this matter and it is for Congress, not this Court, to revisit," the judge initially ruled. Judge Bowman issued nearly the same language (PDF) in his latest ruling: "By enacting the CDA, Congress struck a balance in favor of free speech by providing for both a foreclosure from prosecution and an affirmative defense at trial for those who are deemed an internet service provider."

Previously: Backpage's Dallas Offices Raided, CEO Charged With "Pimping"

Original Submission

Fnord666 writes:

According to an article on DarkReading.com, ransomware will remain king in 2017.

2016 was the year of ransomware, with hackers focusing their attentions on exploiting Internet users and businesses around the world for profit. According to the FBI, cyber-extortion losses have skyrocketed, and ransomware was on track to become a $1 billion a year crime in 2016.

Our research shows no sign of this security nightmare slowing down in 2017. Hackers are becoming more advanced, and ransomware remains an incredibly easy, lucrative way for them to make money. Unfortunately, the security community has only started to develop defenses that can protect Internet users from ransomware.

With the new year around the corner, security researchers at Malwarebytes Labs have compiled a list of predictions for new ransomware threats, developments, and opportunities that they expect consumers and businesses will face in 2017.

Original Submission

requerdanos writes:

Phoronix announced yesterday, 11 December 2016, and Linus confirms, the release of Linux Kernel version 4.9 at Kernel.org.

Highlights listed by Phoronix include:

- Memory Protection Keys (MPK) are now mainlined.

- Support for vmapped kernel stacks, one of Torvalds' favorite features for Linux 4.9.

- Experimental AMDGPU Southern Islands support / GCN 1.0 for AMDGPU, but keep in mind it's disabled by default and needs to be set at kernel build-time, similar to the experimental GCN 1.1 / CIK support for AMDGPU DRM.

- Improved P-State performance for some Intel Atom CPUs.

- AMDGPU virtual display support.

- Support for 29 more ARM machines by the mainline Linux kernel.

- The introduction of a new subsystem, Greybus.

- Various file-system improvements.

Your humble submitter is posting the story from his system running a freshly-compiled 4.9 kernel, so it's guaranteed to be a real thing.

Original Submission

takyon writes:

Google's self-driving car project will become an independent company within Alphabet Inc. called "Waymo".

From the announcement post on Medium:

Today, we're taking our next big step by becoming Waymo, a new Alphabet business. Waymo stands for a new way forward in mobility. We're a self-driving technology company with a mission to make it safe and easy for people and things to move around.

[...] Waymo may be a new company, but we're building on advanced self-driving technology developed over many years at Google. On October 20, 2015, we completed the world's first fully-self driven car ride. Steve Mahan rode alone in one of our prototype vehicles, cruising through Austin's suburbs. Steve is legally blind, so our sensors and software were his chauffeur. His route reflected the way millions of people could use a self-driving car in everyday life: riding from a park to a doctor's office and through typical neighborhoods. This ride was possible because our cars can now handle the most difficult driving tasks, such as detecting and responding to emergency vehicles, mastering multi-lane four-way stops, and anticipating what unpredictable humans will do on the road. We've honed these skills over 2 million miles of real-world driving, and in the last year alone we've completed one billion miles of testing in simulation.

Original Submission

CoolHand writes:

https://www.fastcodesign.com/3066516/the-fundamentals-of-computer-science-explained-through-scattered-sand

Scattering grains of sand across a stone is one of the oldest and most primitive computing methods there is. Called geomancy, it is a divination technique that has been used for over a 1,000 years to try to predict the future by running simple algorithms on the accidental patterns the stones formed.

[...] Each grain represents a single bit of binary data—a one, not a zero—-and the machine's goal is to position as many grains of sand into its platter of memory as possible. It does so with a tiny suction cup positioned on the end of a robot arm, which moves according to a ruleset varient of Langton's ant, a simple two-dimensional Turing Machine that proves many of computer science's general laws.

The end goal of the Random Access Memory machine is to fit as many grains of sand onto its rotating platter as possible. That would seemingly be easy, but the machine needs to explore its function by its own internal ruleset, only placing a sand down if other pre-existing conditions are true: another grain of sand, for example, not being positioned directly to the left of it. And because its "data" is physical grains of sand, the machine is prone to errors, like "bits" bouncing, or being accidentally shifted. That means that the Random Access Memory machine could well keep working forever, without solving its problem.

Videos from linked article:
https://vimeo.com/194330889
https://vimeo.com/194136714

Original Submission

tonyPick writes:

A fascinating article on how to compromise a Linux desktop using Super Nintendo Entertainment System (SNES) processor opcodes:

TL;DR: full reliable 0day drive-by exploit against Fedora 25 + Google Chrome, by breaking out of Super Nintendo Entertainment System emulation via cascading side effects from a subtle and interesting emulation error.

The fault is built around the fact that the Linux gstreamer media playback framework supports playback of SNES music files by.... emulating the SNES CPU and audio processor, and the processor emulation has some exploitable vulnerabilities. The author (Chris Evans) then describes the process of working out how to escalate this into a full exploit in complete (and fascinating) detail.

Also, to quote from the article:

As always, the general lack of sandboxing here contributes to the severity. I think we inhabit a world where media parsing sandboxes should be mandatory these days. There's hope: some of my other recent disclosures appear to have motivated a sandbox for Gnome's tracker.

The processor in question is The Ricoh 5A22, a derivative of the 6502 processor, built specifically for the SNES the Sony SPC700 audio processor, not the Ricoh 5A22. [Ed: thanks KritonK for the update]

Original Submission

Phoenix666 writes:

Having an extra chromosome may suppress cancer, as long as things don't get stressful, a new study suggests. The finding may help scientists unravel a paradox: Cells with extra chromosomes grow slower than cells with the usual two copies of each chromosome, but cancer cells, which grow quickly, often have additional chromosomes. Researchers have thought that perhaps extra chromosomes and cancer-causing mutations team up to produce tumors.

Jason Sheltzer, a cell biologist at Cold Spring Harbor Laboratory in New York, and colleagues examined the effect of having an extra chromosome in mouse cells that also have cancer-promoting mutations. Cells with an extra copy of a chromosome — known as trisomic cells — grew slower in lab dishes and formed smaller tumors in mice than cells with cancer mutations but no extra chromosomes. Even when trisomic cells carry cancer-associated genes on the extra chromosome, the cells make less than usual of the cancer-driving proteins produced from those genes, Sheltzer reported December 5 at the annual meeting of the American Society for Cell Biology.

Original Submission

Phoenix666 writes:

The MacBook Pro introduction in October caused unusually negative reactions among professional users due to the realization that Apple no longer caters equally to casual and professional customers as it had in the past [YouTube video]. Instead, the company appears to be following an iOS-focused, margin-driven strategy that essentially relegates professionals to a fringe group.

This has well-known developers such as Salvatore Sanfilippo (of the Redis project) consider a move back to Linux. Perhaps that's a good moment to look at the current state of Mac hardware support in the kernel. While Macs are x86 systems, they possess various custom chips and undocumented quirks that the community needs to painstakingly reverse-engineer.

Original Submission

Snow writes:

The BBC Reports:

In a surprise announcement, [President Nicolas] Maduro said on Sunday that the 100-bolivar note, worth about 2 US cents (£0.015) on the black market, would be taken out of circulation on Wednesday.

The president said the aim was to tackle transnational gangs which hoard the Venezuelan notes abroad, a move he has in the past described as part of the "economic war" being waged against his government. [...] He said part of the plan was to block any of the 100-bolivar notes from being taken back into the country so the gangs would be unable to exchange their hoarded bills, making them worthless.

"I have given the orders to close all land, maritime and air possibilities so those bills taken out can't be returned and they're stuck with their fraud abroad," he said speaking on television.

Venezuela's currency has fallen dramatically amid skyrocketing inflation.

[...] Analysts say the move is likely to worsen the cash crunch in Venezuela, where people have already been limited in the amount of cash they can take out at automated teller machines. Venezuelans have only been given 10 days to exchange their 100-bolivar notes for new coins and bills ranging from 500 to 20,000 bolivars due to be introduced from 15 December.

Original Submission