SoylentNews

MrPlow writes:

Submitted via IRC for SoyCow3941

Avast has found that many low-cost, non-Google-certifed Android phones shipped with a strain of malware built in that could send users to download apps they didn't intend to access. The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps...

[...] The app consists of a dropper and a payload. "The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under 'settings.' We have seen the dropper with two different names, 'CrashService' and 'ImeMess,'" wrote Avast. The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. "The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we've never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK."

[...] Avast can detect and remove the payloads and they recommend following these instructions to disable the dropper. If the dropper spots antivirus software on your phone it will actually stop notifications but it will still recommend downloads as you browse in your default browser, a gateway to grabbing more (and worse) malware. Engadget notes that this vector is similar to the Lenovo “Superfish” exploit that shipped thousands of computers with malware built in.

Source: https://techcrunch.com/2018/05/24/some-low-cost-android-phones-shipped-with-malware-built-in/

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow3941

Academics share machine-learning research freely. Taxpayers should not have to pay twice to read our findings

[...] In my own field of machine learning, itself an academic descendant of Gauss’s pioneering work, modern data are no longer just planetary observations but medical images, spoken language, internet documents and more. The results are medical diagnoses, recommender systems, and whether driverless cars see stop signs or not. Machine learning is the field that underpins the current revolution in artificial intelligence.

Machine learning is a young and technologically astute field. It does not have the historical traditions of other fields and its academics have seen no need for the closed-access publishing model. The community itself created, collated, and reviewed the research it carried out. We used the internet to create new journals that were freely available and made no charge to authors. The era of subscriptions and leatherbound volumes seemed to be behind us.

The public already pays taxes that fund our research. Why should people have to pay again to read the results? Colleagues in less well-funded universities also benefit. Makerere University in Kampala, Uganda, has as much access to the leading machine-learning research as Harvard or MIT. The ability to pay no longer determines the ability to play.

Arthur T Knackerbracket has found the following story:

A group of scientists led by researchers from the RIKEN Center for Sustainable Resource Science (CSRS) have examined the soluble precursor of spider silk and found that a previously undiscovered structural element is key to how the proteins form into the beta-sheet conformation that gives the silk its exceptional strength.

Spider silk is known for its exceptional toughness and flexibility. It is several times stronger than steel, and yet is much more flexible. As a result, efforts are being made by scientists around the world to try to develop analogues that could be used in industrial and medical applications. However, though it is known that the beta-sheets in spider silk are key to its strength, how the sheets are formed is poorly understood, making it difficult to create artificial variants. Part of the reason it is difficult to understand the mechanism is that the silk is initially created as soluble proteins, which very quickly crystalize into a solid form, and it has been very difficult to analyze the soluble form.

To elucidate this, the CSRS researchers generated silk proteins using genetically modified bacteria that can produce silk from a golden orb-web spider (Nephila clavipes), and then performed complex analyses of the soluble proteins. They looked particularly at the repeating elements that are enclosed between two terminal elements that have been well characterized. They found that the repeating domain is composed of two patterns—random coils and a pattern called polyproline type II helix. It turns out that the second type is crucial for the formation of strong silk.

Essentially, their studies demonstrated that the polyproline type II helix can form a rigid structure which can then be transformed into beta-sheets very quickly, allowing the silk to be quickly woven. Intriguingly, it turned out that pH—which is thought to be important for the molecular interactions of the N- and C-terminal domains—does not play an important part of the folding of the repetitive domains, and that it is rather the removal of water and mechanical forces as the precursor moves through the silk gland.

Original Submission

takyon writes:

HP gaming headset cools you down using thermoelectrics

One of the worst things about over-the-ear and on-ear headsets is that they tend to feel hot and uncomfortable after a few hours, especially if you live in a muggy environment. HP has just announced a pair of headphones that can keep you cool even during whole-day gaming sessions -- unlike other similar options, though, they don't use fans or cooling gels. At the HP Gaming Festival in Beijing, the tech giant has launched a number of new devices under its Omen gaming line, including the Mindframe headset that uses a patented thermoelectric cooling technique.

The headphones have a thermoelectric device inside their earcups that conducts heat from the acoustic chamber and directs it outside. Engadget Senior Editor Devindra Hardawar got to hold a sample of the device, and he said it was like having an AC pressed against the palm of his hand.

Soon we can spend 16 straight hours in VR without sweating all over the headset/phones.

Original Submission

canopic jug writes:

Over at Medium which is like having a blog but with an involuntary paywall, Don Hopkins takes on the topic of a 30-year retrospective of pie menus[*]. He discusses the history of what's happened with pie menus over the last 30 plus years and presents both good and bad examples, including ideas half baked, experiments, problems discovered, solutions attempted, alternatives explored, progress made, software freed, products shipped, as well as setbacks and impediments to their widespread adoption.

[*] Succinctly explained at Wikipedia:

In computer interface design, a pie menu (also known as a radial menu) is a circular context menu where selection depends on direction. It is a graphical control element. A pie menu is made of several "pie slices" around an inactive center and works best with stylus input, and well with a mouse. Pie slices are drawn with a hole in the middle for an easy way to exit the menu.

Original Submission

Arthur T Knackerbracket has found the following story:

The shares of some iPhone display suppliers fell in Asia after South Korea’s Electronic Times reported that Apple Inc. has decided to use next-generation screens for all of its new models next year, even though several analysts said such a transition wasn’t likely.

A shift to using only organic light-emitting diode screens for iPhones would be challenging, given the sheer volume that Apple sells: 216 million devices in 2017. Samsung Display Co., part of Samsung Electronics Co., is the sole supplier of OLED screens for high-end Apple phones, but the manufacturer also uses them for its own smartphones, limiting supplies. While Apple has embraced OLED, most analysts said they don’t see the switch happening in 2019.

“It is unlikely that Apple will be releasing three OLED models next year,” said Jeff Pu, an analyst at Taipei-based Yuanta Securities Investment Consulting. The other major OLED supplier, LG Display Co., has struggled to move into mass production and isn’t likely to boost OLED production for Apple in 2019 from 5 million to 10 million units expected this year, he said.

Original Submission

Arthur T Knackerbracket has found the following story:

The European Commission has proposed new rules to ban certain plastic products in order to reduce the waste filling our oceans, it announced Monday.

The EU's measures tackle the top 10 plastic products that wash up on Europe's beaches and fill its seas, including a ban on the private use of single-use plastics like plastic straws, plates and utensils and containers used for fast food or your daily takeaway coffee.

The measures would also have each country in the EU come up with a system that would collect 90 percent of plastic bottles by 2025.

"The proposed ban in the European Union of single use plastics, notably plastic straws and cotton buds, is welcome and very promising news," said Dr. Paul Harvey from Macquarie University in a press release. "Single use plastic pollution is one of the biggest environmental catastrophes of this generation."

You can see why the EU is making the proposal. Single-use plastic objects and fishing gear account for 70 percent of waste in the ocean, according to the EU. In 2017, researchers found 38 million pieces of plastic waste on an uninhabited South Pacific island. Figures from the same year showed that a million plastic bottles are bought around the world every minute, a number predicted to jump 20 percent by 2021.

Fortunately, others are tackling the plastic problem, including scientists and environmentalists who've come up with one solution involving mushrooms that can eat plastic.

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow3941

Users of the NPMJavaScript package manager were greeted by a weird error yesterday evening, as their consoles and applications spewed a message of "ERR! 418 I'm a teapot" whenever they tried to update or install a new JavaScript/Node.js package.

Source: https://www.bleepingcomputer.com/news/technology/npm-fails-worldwide-with-err-418-im-a-teapot-error/

Original Submission

takyon writes:

The space simulation game Star Citizen has found a new way to extract money from the crowd:

Crowdfunded space simulation game Star Citizen has launched its $27,000 (£20,000) Legatus Pack, which includes nearly all its spacecraft plus extras.

Only players who have already spent $1,000 in the game can access the pack.

Cloud Imperium, the creators of Star Citizen, has received more than $200m in crowdfunding since launching a Kickstarter campaign for it in 2012.

According to its website it has more than two million players, although the game itself is still in development.

Previously: Star Citizen Reaches $100 Million in Crowdfunding, Alpha 2.0 Released
Star Citizen Developers Sued by Crytek

Original Submission

Arthur T Knackerbracket has found the following story:

Singaporean broadband users were left vulnerable to attackers after their ISP opened remote access ports on their modems and forgot to close them.

The discovery was made by NewSky Security researcher Ankit Anubhav, who used Shodan to scan for SingTel routers open on port 10,000 – the default Network Data Management Protocol TCP/UDP port.

Anubhav said the scan yielded 975 devices that had port 10,000 open with no protection, as a result of a fault-finding exercise gone wrong (that number is only those found on the scan).

When NewSky alerted Singapore's CERT, and that body took the issue to SingTel, Anubhav said the root cause was that SingTel enabled port 10,000 to troubleshoot a problem with the SingTel-branded routers (the “Wi-Fi Gigabit Router” is supplied by Arcadyan).

Original Submission

Arthur T Knackerbracket has found the following story:

[...] "Driverless and connected cars are increasingly becoming a part of our world, where cybersecurity threats are already a reality," Sandhu said. "It's imperative that we support research that addresses these concerns and presents a strong, innovative solution."

[...] "Connected cars have almost infinite possibilities for creative technological applications," Gupta said. "Companies could even take advantage of the connectivity to implement location-based marketing tactics, providing drivers with nearby sales and offers."

However, the researchers caution that as soon as cars are exposed to internet supported functionality, they are also open to the same cybersecurity threats that loom over other electronic devices, such as computers and cell phones. For this reason, Gupta and Sandhu created an authorization framework for connected cars which provides a conceptual overview of various access control decision and enforcement points needed for dynamic and short-lived interaction in smart cars ecosystem.

"There are vulnerabilities in every machine," said Gupta. "We're working to make sure someone doesn't take advantage of those vulnerabilities and turn them into threats. The questions of 'who do I trust?' and 'how do I trust?' are still to be answered in smart cars."

Original Submission

takyon writes:

Inequality in India can be seen from outer space

Are night lights on earth captured by satellites from outer space a good way to measure inequality? Economists Praveen Chakravarty and Vivek Dehejia certainly believe so. They acquired images grabbed by satellites from the US Air Force Defence Meteorological Satellite Programme. These satellites circle the earth 14 times a day and record lights from the earth's surface at night with sensors. They superimposed a map depicting India's districts on their images, allowing them to develop a unique data set of luminosity values, by district and over time.

Using data generated by the night lights, they studied of 387 of 640 districts in 12 states. These districts account for 85% of India's population and 80% of its GDP. Some 87% of parliamentary seats are in these districts. Using the novel methodology, the economists documented income divergence in India.

[...] Some 380 districts in 12 states were on average just a fifth as bright as the big cities of Mumbai and Bangalore. Also, 90% of all the districts are just a third as bright in the night as the top 10% of all districts. And the ratio has worsened between 1992 - a year after India embraced economic reforms - and 2013.

Original Submission

takyon writes:

Study Puts Puerto Rico Death Toll From Hurricane Maria Near 5,000

Perhaps 5,000 people died in Puerto Rico in 2017 for reasons related to September's Hurricane Maria, according to a study that dismisses the official death toll of 64 as "a substantial underestimate."

A research team led by scientists at the Harvard T.H. Chan School of Public Health didn't simply attempt to count dead bodies in the wake of the powerful storm. Instead, they surveyed randomly chosen households and asked the occupants about their experiences.

From that approach, they concluded that between Sept. 20 and Dec. 31, 2017, there were 4,645 "excess deaths" — that is, deaths that would not have occurred if the island hadn't been plunged into a prolonged disaster following the devastating storm.

But the estimate isn't as precise as the figure implies. The researchers calculate there is a 95 percent likelihood the death toll was somewhere between about 800 and 8,500 people. They say about 5,000 is a likely figure.

Also at NYT and The Hill.

Mortality in Puerto Rico after Hurricane Maria (open, DOI: 10.1056/NEJMsa1803972) (DX)

Original Submission

takyon writes:

Most popular vitamin and mineral supplements provide no health benefit, study finds

The most commonly consumed vitamin and mineral supplements provide no consistent health benefit or harm, suggests a new study led by researchers at St. Michael's Hospital and the University of Toronto.

Published today in the Journal of the American College of Cardiology, the systematic review of existing data and single randomized control trials published in English from January 2012 to October 2017 found that multivitamins, vitamin D, calcium and vitamin C -- the most common supplements -- showed no advantage or added risk in the prevention of cardiovascular disease, heart attack, stroke or premature death. Generally, vitamin and mineral supplements are taken to add to nutrients that are found in food.

"We were surprised to find so few positive effects of the most common supplements that people consume," said Dr. David Jenkins*, the study's lead author. "Our review found that if you want to use multivitamins, vitamin D, calcium or vitamin C, it does no harm -- but there is no apparent advantage either."

The study found folic acid alone and B-vitamins with folic acid may reduce cardiovascular disease and stroke. Meanwhile, niacin and antioxidants showed a very small effect that might signify an increased risk of death from any cause.

What about people who would otherwise eat an incredibly nutrient-deficient diet (e.g. junk food, rice, bread, pasta, french fries, hot dogs, etc.)?

Supplemental Vitamins and Minerals for CVD Prevention and Treatment (DOI: 10.1016/j.jacc.2018.04.020) (DX)

Original Submission

takyon writes:

How we discovered 840 minor planets beyond Neptune – and what they can tell us

The new discoveries were made as part of a five year project called the Outer Solar System Origins Survey (OSSOS). The observations, conducted in 2013-2017, used the imaging camera of one of the world's major telescopes – the Canada-France-Hawaii Telescope on Maunakea in Hawaii. The survey looked for faint, slow-moving points of light within eight big patches of sky near the plane of the planets and away from the dense star fields of the Milky Way.

With 840 discoveries made at distances between six and 83 astronomical units (au) – one such unit is the distance between the sun and the Earth – the survey gives us a very good overview of the many sorts of orbits these "trans-Neptunian objects" have.

[...] We found 313 resonant trans-Neptunian objects, with the survey showing that they exist as far out as an incredible 130au – and are far more abundant than previously thought. Among these discoveries is the dwarf planet 2015 RR245, which is about half the size of Britain. It may have hopped onto its current orbit at 82au after an encounter with Neptune hundreds of millions of years ago. It was once among the 90,000 scattered objects of smaller size that we estimate currently exist.

The survey searched 155.3 square degrees of sky.

OSSOS. VII. 800+ Trans-Neptunian Objects—The Complete Data Release (open, DOI: 10.3847/1538-4365/aab77a) (DX)

The OSSOS discoveries include nine TNOs with q [perihelion] > 30 au and a [semimajor axis] > 150 au, eight of which have q > 38 au. [...] There has been recent interest in the apparent angular clustering of the MPC-listed TNOs with a > 150 au orbits, which some have hypothesized as evidence for a massive distant planet (Trujillo & Sheppard 2014; Batygin & Brown 2016). [...] Formation mechanisms for this distant population are not yet clear, and it remains an area of active investigation (e.g., Lawler et al. 2016; Nesvorny et al. 2017). However, all of the extreme TNO discoveries of OSSOS are consistent with a formation by random diffusion in semimajor axis due to weak kicks at perihelion by Neptune from orbits with semimajor axes in the inner fringe of the Oort cloud, as proposed in Bannister et al. (2017).

Original Submission

mechanicjay writes:

Systemd Introduces "Portable Services" Functionality, Similar To Containers

Lennart is at it again, making complicated things that nobody asked for.

The past several months Lennart Poettering has been working on a "portable services" concept and that big ticket new feature has now landed in Systemd. Portable services are akin to containers but different.

[...] A portable service is ultimately just an OS tree, either inside of a directory tree, or inside a raw disk image containing a Linux file system. This tree is called the "image". It can be "attached" or "detached" from the system. When "attached" specific systemd units from the image are made available on the host system, then behaving pretty much exactly like locally installed system services. When "detached" these units are removed again from the host, leaving no artifacts around (except maybe messages they might have logged).

[...] The primary focus use-case of "portable services" is to extend the host system with encapsulated extensions, but provide almost full integration with the rest of the system, though possibly restricted by effective security knobs. This focus includes system extensions otherwise sometimes called "super-privileged containers".

Original Submission