With the Australian Labor Party caving in on the proposed encryption law that will allow Australian police and agencies to access private data directly from vendors, the new proposed laws are now agreed in principle to introduce government level snooping of user messages and encrypted files. Agencies like ASIO or the Australian Federal Police will have the ability to request that telecommunications and tech companies help them with their investigations and compel companies to build ways to allow targeted access to encrypted communications data.
Previously: Australian Government Pursues "Golden Key" for Encryption
Five Eyes Governments Get Even Tougher on Encryption
Apple Speaks Out Against Australian Anti-Encryption Law; Police Advised Not to Trigger Face ID
Australia follows New Zealand to demand passwords
New Australian Push For Encryption Backdoor in Wake of Alleged Terrorist Plot
In a surprise move at the Build 2018 conference, Microsoft have announced that three key components of the Windows user interface are now open-sourced. Kevin Gallo, MS VP for the Windows Developer Platform sums it up in a blog entry.
The newly opened-up components are critical for writing desktop applications and have so far been Windows-only. Based on C# and the .NET framework, especially WPF is generally considered to be reasonably good. Interest from beyond the Windows ecosystem might appear: when will we see ports to the Linux and Mac platforms, and what would it mean to their platform-specific toolkits GTK and Cocoa?
The third annual Qualcomm Tech Summit has just started, and the first announcements from Day One have been made. To start this event, Qualcomm President Cristano Amon is sharing the company's vision for 2019, primarily around 5G networks and 5G enabled devices. The Tech Summit has a few surprises in store over the next couple of days, including the upcoming announcement of the company's first 5G mobile platform, Snapdragon 855.
[...] The 855-MP consists of two chips, the Snapdragon 855 chipset paired with the X50 modem capable of 5G connections. Qualcomm states that this will be the first mobile platform to support multi-gigabit 5G, along with all the potential that 5G entails.
Also disclosed were some of the chipset targets: the S855, according to Qualcomm, will have industry leading AI inside the chip as well as hardware to accelerate 'extended reality', such as virtual reality and augmented reality. Inside the S855 is Qualcomm's 5th generation multi-core AI-engine, which Qualcomm states will offer up to 3 times the AI performance of the S845 model. Also quoted was that the new S855 includes a separate Computer Vision (CV) image signaling processor, which the company states is an industry first, and will help to enhance computational photography and video capture features. Qualcomm also mentioned gaming, promising next-level gaming experiences to the next generation of premium flagship devices.
From the pictures, it seems obvious that the Snapdragon 855 chipset by itself supports 4G wireless connectivity, and 5G is enabled through the use of the X50 modem as a separate addition. This will add PCB space in mobile devices that previously only used internal modems, reducing volume for other components (such as battery). One would suspect that OEMs intend to offer 5G on only premium devices to begin with, which are often on the larger side of the mobile ecosystem to begin with[sic].
Also at The Verge.
Related: Intel Speeds Up Rollout of 5G Modems
Monday's SpaceX launch was a success with both the landing and with the booster recovery. Unfortunately, the second launch mentioned in that story had to be delayed:
SpaceX has postponed its cargo launch to the International Space Station until Wednesday after mold was found on food bars for a mouse experiment bound for the orbiting outpost, NASA said.
[...] Some 40 mice are part of the experiment aimed at studying the effects of microgravity in the immune system.
The launch will be the 16th for SpaceX, as part of an ongoing contract with NASA to send supplies to the astronauts living at the space station.
Some 5,600 pounds (2,500 kilograms) of food, experiments and other gear is packed onto the unmanned Dragon cargo ship, which will blast off on a Falcon 9 rocket from Cape Canaveral, Florida.
Launch is scheduled for 1 hour after this story goes live.
The launch will be live-streamed on YouTube starting approximately 15 minutes before launch time.
Western Digital today finally flashed the results of its vow to move a billion controller cores to RISC-V designs. WD said last year it needed an open and extensible CPU architecture for its purpose-built drive controllers and other devices. As we explained then, no one knew for sure what processors WD has used for its disk and SSD controllers, though they was likely Arm-compatible chips – such as Arm9 and Cortex-M3 parts. It is known that the firm uses Intel CPUs with its ActiveScale archive systems and Tegile all-flash and hybrid arrays.
Last year, the disk and solid-state drive manufacturer vowed that RISC-V was its future, and today it announced the SweRV core, a networked cache coherency scheme, and a SweRV instruction set simulator.
[...] The SweRV core has a two-way superscalar design and is a 32-bit, nine-stage pipeline core, meaning several instructions can be loaded at once and execute simultaneously to save time. It is also an in-order core, whose relative single core performance (a simulated 4.9 CoreMark/Mhz) is expected to exceed that of many out-of-order cores, such as the Arm Cortex A15 (actual 4.72CoreMark/Mhz). Clock speeds go up to 1.8Ghz and it will be built on a
28mm[28nm] CMOS process technology.
WD said it hopes open-sourcing the core will drive development of data-centric applications such as Internet of Things (IoT), secure processing, industrial controls and more. We understand WD's ambitions for using RISC-V CPUs go beyond disk and flash drive controllers.
U.S. House and Senate legislators have reached an agreement on the Farm Bill, which includes a provision that would legalize hemp cultivation nationwide, with caveats (e.g. nobody with a drug-related conviction can participate):
Not only have cannabis derivatives like hemp been effectively banned in the US since the Marihuana Tax Act of 1937, other legislation has categorized marijuana products as dangerous Schedule I substances like LSD and ecstasy. Then in 2014, Congress passed legislation that approved small pilot programs for growing hemp, though to do so, farmers still needed approval from the Drug Enforcement Administration. (This 2014 provision was part of the Farm Bill, a massive piece of legislation that sets policy around food and agriculture. The Farm Bill needs to be renewed every few years, so the new decision to legalize hemp is part of the proposed 2018 Farm Bill.)
Despite this, there was some debate over whether derivatives of the hemp plant, like CBD, were really excluded from the Controlled Substances Act, according to Shawn Hauser, a senior associate at cannabis law firm Vicente Sederberg, hence the legal gray area. "The 2018 bill actually goes in and amends the Controlled Substances Act to make very clear that CBD derived from hemp would not be considered a controlled substance," she says.
This is "a pretty important step forward in terms of federal government's recognition of what CBD is and what its lack of potential harm or risk is," says John Hudak, a senior fellow at Brookings Institution and author of Marijuana: A Short History. There are likely to be more CBD products now, but that still doesn't mean that everyone can just grow hemp in their backyard. Farmers will no longer need DEA approval, but there will still be significant federal and state restrictions on hemp products and growers will need to be licensed and fulfill other requirements developed by the US Department of Agriculture. "It's not going to be this free-for-all that some people imagine," Hudak says.
[...] The House and the Senate both need to officially vote on the new legislation, which is expected before the end of the year. As Hauser says: "We're still in infancy at the precipice of a new business which other industrialized countries have had for decades."
A federal appeals court in New York will hear oral argument on Tuesday in the ACLU's lawsuit fighting for the public's right to know the legal justifications for government spying.
The Freedom of Information Act suit seeks the release of secret memos written by government lawyers that provided the foundation for the warrantless surveillance of Americans' international communications. In essence, these memos serve as the law that governs the executive branch. By withholding them, the government is flouting a core principle of democratic society: The law must be public.
The memos cover the government's legal interpretations of Executive Order 12333 [(EO 12333)], which was issued by President Ronald Reagan in 1981. It's the primary authority under which the NSA [(National Security Agency)] conducts surveillance, and it encompasses an array of warrantless, high-tech spying programs. While much of this spying occurs outside the United States and is ostensibly directed at foreigners, it nonetheless vacuums up vast quantities of Americans' communications. That's because in today's interconnected world, communications are frequently sent, routed, or stored abroad — where they may be collected, often in bulk, in the course of the NSA's spying activities.
For example, the NSA has relied on EO 12333 to collect nearly 5 billion records per day on the locations of cell phones, as well as hundreds of millions of contact lists and address books from email and messaging accounts. It also intercepted private data from Google and Yahoo user accounts as that information traveled between those companies' data centers located abroad.
First major security flaw in popular cloud container orchestrator Kubernetes discovered – and it may be impossible to tell if you have been compromised
As outlined on Redhat’s website, the security hole or “privilege escalation flaw” is a nasty piece of work. In a nutshell, it makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes cluster.
[...] The vulnerability itself is located in the Kubernetes API server. Using a specially crafted connection request, the hacker can connect through the Kubernetes API server direct to the backend. Once in the network, they can then send arbitrary requests over the same connection to the backend server.
Perhaps most alarmingly, the Kubernetes API server connections to the backend are all authenticated with Kubernetes Transport Layer Security (TLS) credentials – meaning all the nefarious connections appear above board and applications functioning as normal.
[...] “There is no simple way to detect whether this vulnerability has been used. Because the unauthorized requests are made over an established connection, they do not appear in the Kubernetes API server audit logs or server log. The requests do appear in the kubelet or aggregated API server logs, but are indistinguishable from correctly authorized and proxied requests via the Kubernetes API server,” reads the post.
It doesn’t take a whole lot of hacking-nous or access privileges to take advantage of the flaw, either: “In default configurations, all users (authenticated and unauthenticated) are allowed to perform discovery API calls that allow this escalation,” continues the post.
[...] It remains to be seen whether the security flaw has been used to attack any Kubernetes user.
The House GOP campaign arm suffered a major hack during the 2018 election, exposing thousands of sensitive emails to an outside intruder, according to three senior party officials.
The email accounts of four senior aides at the National Republican Congressional Committee were surveilled for several months, the party officials said. The intrusion was detected in April by an NRCC vendor, who alerted the committee and its cybersecurity contractor. An internal investigation was initiated and the FBI was alerted to the attack, said the officials, who requested anonymity to discuss the incident.
[...] The hack became a major source of consternation within the committee as the midterm election unfolded. The NRCC brought on the prominent Washington law firm Covington and Burling as well as Mercury Public Affairs to oversee the response to the hack. The NRCC paid the two firms hundreds of thousands of dollars to help respond to the intrusion. The committee’s chief legal counsel, Chris Winkelman, devoted hours of his time to dealing with matter.
[...] “The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity. The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter,” said Ian Prior, a vice president at Mercury.
[...] Yet the fact that the NRCC was hacked and withheld that information is likely to prove embarrassing at a time when Republicans are grappling with an election in which they lost 40 seats and control of the House. President Donald Trump has also claimed that Republicans are better than Democrats at cybersecurity, explaining why one party was hacked in 2016 but the other was not.
“The DNC should be ashamed of themselves for allowing themselves to be hacked. They had bad defenses, and they were able to be hacked,” Trump told CBS News in July. “I heard they were trying to hack the Republicans, too. But, and this may be wrong, but they had much stronger defenses.”
On Thursday, it will become "legal" for Michigan adults aged 21 and up to carry up to 2.5 ounces of cannabis, keep up to 10 ounces at home, and grow up to 12 plants at home (assuming they do not have a landlord that prohibits it). However, there will be no businesses licensed to sell cannabis to non-medical customers on Dec. 6:
For years, a student at Michigan State University with a medical marijuana license has picked up a few extra pot products when he goes to his local dispensary and resold them to friends for just above retail price. "It's allowing me to have free access to medication and also helping out friends so they have something to enjoy themselves," he told Bridge Magazine.
Since Michigan approved recreational marijuana in November, a few more friends have asked whether he could pick up cannabis products for them, and he's happy to deliver. Under the new law, which goes into effect Thursday, Dec. 6 and is officially known as the Michigan Regulation and Taxation of Marijuana Act (MRTMA), it will no longer be illegal for his friends to use those products. It will, however, still be illegal for him to act the middleman, but he's not worried. "I feel that they're not going to crack down on that because it's going to be difficult to monitor," he said. And if he is arrested, "I don't know if those charges will be as severe as they are now, considering it'll be like reselling cigarettes."
Law enforcement is scrambling to determine the parameters of the new law and how they will allocate resources to enforce it. The student's friends have their fair share of questions, too: What's okay? Where can they light up? And is it okay for them to carry pot around? It will likely be another year before the state begins licensing businesses that can legally sell recreational marijuana. In the meantime, Michiganders can legally use pot products, but can't legally buy them, leaving a trail of questions.
Michigan Senate Majority Leader Arlan Meekhof has introduced legislation that would prohibit citizens from growing cannabis plants at home, along with other changes that would weaken the law approved by voters.
Also at ABC.
See also: FAQ: Recreational marijuana in Michigan
The New Horizons team is preparing for their spacecraft to fly by 2014 MU69 (nicknamed Ultima Thule) on Jan. 1, 2019. At the current planned flyby distance, the spacecraft's instruments will take higher resolution imagery of the object(s) than what was seen at Pluto:
Because Ultima is small — probably just 25 km (16 miles) or so in diameter — it will remain just a point of light to New Horizons until about 2 days before the close flyby. However, in the final hours around closest approach, New Horizons will be able to map Ultima at higher resolutions than we achieved at Pluto, because we will fly by Ultima at a much closer range than we did at Pluto
We will obtain geologic mapping resolutions as high as 35 meters (110 feet) per pixel using LORRI. By comparison, our highest resolution Pluto mapping was about 80 meters (260 feet) per pixel.
With the Ralph imager, we also plan to acquire color images of Ultima with resolutions as high as 330 meters (0.2 miles) per pixel, and composition mapping at a resolution of 1.8 km (1.1 miles) per pixel. Stereo imaging made on approach will map the surface topography of Ultima at about 80 meters (260 feet) per pixel.The first detailed imagery of Ultima will be downlinked to Earth once the spacecraft has completed its main flyby objectives late on January 1st, and will be released to the public after processing and image analysis on January 2nd. More images, as well as spectra and other data sets, will be downlinked on January 2nd, 3rd, and 4th — so get ready to learn a lot about Ultima in the first week of the new year! Then the spacecraft will slip behind the Sun as seen from Earth and image transmissions will cease for 5 days until the spacecraft reappears and can resume data transmissions.
The total data volume collected on the Ultima flyby will be close to 50 gigabits. Because New Horizons is so far from Earth, about 6 billion km (4 billion miles), its data transmission speed is now only about 1,000 bits per second. This limitation, and the fact that we share NASA's Deep Space Network of tracking and communication antennas with over a dozen other NASA missions, means that it will take 20 months or more, until late in 2020, to send all of the data about Ultima and its environment back to Earth.
The team has until Dec. 16 to determine if there are any hazards (such as dust or satellites) that will necessitate changing the closest approach distance from 3,500 km to 10,000 km.
[According to the Deep Space Networkpage, at the time of this writing, the New Horizons probe is at a distance of 6.56 billion km with a round-trip light time of 12.16 hours. We're gonna need some faster light! --Ed.]
Situated on top of regular DRM, Denuvo has made its way to the top of the pile as one of the most effective and hated (by pirates at least) anti-tamper technologies. This reputation has in part been earned through its ability to prevent low-level crackers from defeating its locks but also due to a perception that it can be anti-consumer.
With this reputation, Denuvo is consistently targeted by crackers, who are getting more and more successful in defeating the technology. A few days’ protection now seems to be the most the product can offer, with the company itself now openly suggesting that a couple of weeks’ protection is a reasonable aim and valuable in itself.
Given Denuvo’s profile, it was interesting to see an apparently new technology being touted by its makers a few months ago. Dubbed ‘Valeroa‘, this new kid on the anti-tamper block seems to have Denuvo in its sights, with interesting marketing which presents the tech as a more consumer-friendly tool to achieve the same aims.
“Valeroa anti-tamper does [not] require you to have an internet connection. Not even when you launch your game for the first time or after you upgraded your hardware. Some games require you to be online, but this is not a Valeroa requirement,” the company claims.
“The protected game behaves as if there is no protection applied at all. Gamers don’t need to re-validate hardware or need an internet connection. They also don’t need to install additional software or drivers. They can play the game as it was intended by the game developer.”
[...] In common with Denuvo, however, the company behind Valeroa states that its tech is “extremely difficult to crack before and closely after the game release date.”
[...] On November 29, Valeroa made its debut on the game City Patrol: Police, a racing/action game that doesn’t appear to be particularly popular with early adopters. Doubling up on the disappointment, the Valeroa technology didn’t stand up as promised either.
On Saturday December 1, two days after launch, the game appeared online with its protection cracked. A user known online as ‘Steam006’ (who claims to be from Turkey) was reportedly responsible and if his report is to be believed, Valeroa didn’t put up much of a fight.
“It took about 20 minutes to make the crack,” he announced.
Wearable watchers, CCS Insight, had good news and bad news for the virtual and augmented reality industry today. Sales are tanking but look! New hardware!
The report underlines just how much the industry has been driven by users of smartphone-based VR, which peaked at 8 million units in 2017 before plummeting to just 3 million in 2018. The net result is the total VR shipments in 2018 will actually end up less than 2017.
[...] But all is not doom and gloom. Stand-alone VR is tipped to hit the big time in 2019, with 29 million of the wireless beauties expected to ship in 2022.
VR vendors, not least the Facebook-backed Oculus, hope so. The Oculus Quest is due to ship in 2019, free of the pesky wires and PC gear needed with the Rift. A cheaper tetherless variant, the Go, has already shipped.
Meanwhile, virtual reality cafes are empty.
Just before 9.30am on Sunday 11 November, a series of unusual seismic pulses rippled around the world almost undetected.
The waves rang for over 20 minutes, emanating about 15 miles off the shores of Mayotte - a tiny island in the Indian Ocean between Madagascar and Africa.
From here, they reverberated across Africa, setting off geological sensors in Zambia, Kenya, and Ethiopia.
They crossed the Atlantic, and were picked up in Chile, New Zealand, Canada, and even Hawaii nearly 11,000 miles away, the National Geographic reports.
Despite their huge range, the waves were apparently not felt by anybody. However, one person monitoring the US Geological Survey's live stream of seismogram displays did notice the unusual waveform and posted it to Twitter, sparking the interest of other geologists and earthquake enthusiasts.
[...] The bizarre waveform is what scientists call "monochromatic". Earthquakes normally produce waves of so many different frequencies, the wave readings appear more jumbled.
But the mystery waveform from Mayotte was a crisp zigzag, which repeated after steady 17-second intervals.
"They're too nice. They're too perfect to be nature," joked the University of Glasgow's Helen Robinson, who is study[ing] for a PhD in applied volcanology.
Scientists have discovered the first synthetic material that becomes thicker—at the molecular level—as it is stretched.
Researchers led by Dr. Devesh Mistry from the University of Leeds discovered a new non-porous material that has unique and inherent "auxetic" stretching properties. Their findings are published today in Nature Communications.
There are materials in nature that exhibit auxetic capabilities, such as cat skin, the protective layer in mussel shells and tendons in the human body. Experts have been actively researching synthetic auxetic materials for more than 30 years, but until now have only been able to create them by structuring conventional materials using complex engineering processes, including 3-D printing. These processes are time consuming, costly, and can lead to weaker, porous products.
[...] "Auxetics are also great at energy absorption and resisting fracture. There may be many potential applications for materials with these properties including body armour, architecture and medical equipment. We have already submitted a patent and are talking to industry about the next steps."
More information:D. Mistry et al, Coincident molecular auxeticity and negative order parameter in a liquid crystal elastomer, Nature Communications (2018). DOI: 10.1038/s41467-018-07587-y
"Auxetic" is your word for the day.