SoylentNews

takyon writes:

Fast-Acting Depression Drug, Newly Approved, Could Help Millions

Of the 16 million American adults who live with depression, as many as one-quarter gain little or no benefit from available treatments, whether drugs or talk therapy. They represent perhaps the greatest unmet need in psychiatry. On Tuesday, the Food and Drug Administration approved a prescription treatment intended to help them, a fast-acting drug derived from an old and widely used anesthetic, ketamine.

The move heralds a shift from the Prozac era of antidepressant drugs. The newly approved treatment, called esketamine, is a nasal spray developed by Janssen Pharmaceuticals Inc., a branch of Johnson & Johnson, that will be marketed under the name Spravato. It contains an active portion of the ketamine molecule, whose antidepressant properties are not well understood yet. "Thank goodness we now have something with a different mechanism of action than previous antidepressants," said Dr. Erick Turner, a former F.D.A. reviewer and an associate professor of psychiatry at Oregon Health & Science University. "But I'm skeptical of the hype, because in this world it's like Lucy holding the football for Charlie Brown: Each time we get our hopes up, the football gets pulled away."

[...] Esketamine, like ketamine, has the potential for abuse, and both drugs can induce psychotic episodes in people who are at high risk for them. The safety monitoring will require doctors to find space for treated patients, which could present a logistical challenge, some psychiatrists said.

The wholesale cost for a course of treatment will be between $2,360 and $3,540, said Janssen, and experts said it will give the company a foothold in the $12 billion global antidepressant market, where most drugs now are generic.

[...] One question that will need to be answered is how well esketamine performs in comparison to intravenous ketamine.

Also at STAT News, Reuters, and NPR.

Previously: Ketamine Reduces Suicidal Thoughts in Depressed Patients
Studies Identify How Ketamine Can Reverse Symptoms of Depression
Ketamine Shows Promise as a Fast-Acting Treatment for Depression

Related:

*SPOILER* (click to show) *SPOILER* (click to hide)

Psychiatrists Investigate Using Mushrooms to Treat Depression
Research into Psychedelics, Shut Down for Decades, is Now Yielding Exciting Results
Depression Not Caused by Low Serotonin Levels - Most Drugs for Treatment Based on Myth
Psilocybin Successfully Treats Severe Depression in Small Clinical Trial
Research Into Psychedelics Continues
What a Gottlieb-Led FDA Might Mean for the Pharmaceutical Industry
Study Suggests Psilocybin "Resets" the Brains of Depressed People
FDA Designates MDMA as a "Breakthrough Therapy" for PTSD; Approves Phase 3 Trials
Amazonian Psychedelic May Ease Severe Depression, New Study Shows
Study Shows How LSD Alters Directed Connectivity Within Brain Pathways in Humans

Original Submission

Arthur T Knackerbracket has found the following story:

For just the second time since the global epidemic began, a patient appears to have been cured of infection with H.I.V., the virus that causes AIDS.

The news comes nearly 12 years to the day after the first patient known to be cured, a feat that researchers have long tried, and failed, to duplicate. The surprise success now confirms that a cure for H.I.V. infection is possible, if difficult, researchers said.

The investigators are to publish their report on Tuesday in the journal Nature and to present some of the details at the Conference on Retroviruses and Opportunistic Infections in Seattle.

Publicly, the scientists are describing the case as a long-term remission. In interviews, most experts are calling it a cure, with the caveat that it is hard to know how to define the word when there are only two known instances.

Both milestones resulted from bone-marrow transplants given to infected patients. But the transplants were intended to treat cancer in the patients, not H.I.V. Bone-marrow transplantation is unlikely to be a realistic treatment option in the near future. Powerful drugs are now available to control H.I.V. infection, while the transplants are risky, with harsh side effects that can last for years. But rearming the body with immune cells similarly modified to resist H.I.V. might well succeed as a practical treatment, experts said.

HIV-1 remission following CCR5Δ32/Δ32 haematopoietic stem-cell transplantation (DOI: 10.1038/s41586-019-1027-4) (DX)

Original Submission

An Anonymous Coward writes:

Someone shared on Trisquel's forums a direct email communication with Purism revealing the way the company avoids being fully transparent about the fact that their device does not offer better privacy when used *as a phone* — it has privacy advantages only when the phone functionality is completely turned off, in which case the questioner claims it is nothing more than a pocket (or even stationary) PC.

Source:

https://trisquel.info/en/forum/librem5-and-why-i-am-no-longer-interested

Arthur T Knackerbracket has found the following story:

The United States warned Turkey against moving ahead with plans to buy a sophisticated Russian missile defence system that the Pentagon believes would threaten its advanced F-35 fighter aircraft.

The State Department made the remarks on a day when the head of US European Command spoke to politicians on Capitol Hill and said Turkey should reconsider its plan to buy the S-400 from Russia this year.

"We've clearly warned Turkey that its potential acquisition of the S-400 will result in a reassessment of Turkey's participation in the F-35 programme, and risk other potential future arms transfers to Turkey," said deputy spokesman Robert Palladino on Tuesday.

The US agreed to sell 100 of its latest fifth-generation F-35 fighters to Turkey and has so far delivered two of the aircraft. But Congress last year ordered a delay in future deliveries.

[...] The S-400 can track a large number of potential targets, including stealth targets such as the US F-35 fighter jet. Other advantages included its high mobility, meaning it can be set up, fired and moved within minutes.

Original Submission

Apparition writes:

Engadget posted a look at the state of Linux gaming in 2019, and it's not that positive. The writer posits that Valve's Steam is solely keeping Linux gaming alive.

Fast-forward nearly six years. Steam Machines puttered out as an idea, though Valve hasn't dropped its support for Linux. It maintains a Linux Steam client with 5,800 native games, and just last August, Valve unveiled Proton, a compatibility layer designed to make every Steam title run open-source-style. With Proton currently in beta, the number of Steam titles playable on Linux has jumped to 9,500. There are an estimated 30,000 games on Steam overall, so that's roughly one-in-three, and Valve is just getting started.

However, the percentage of PC players that actually use Linux has remained roughly the same since 2013, and it's a tiny fraction of the gaming market -- just about 2 percent. Linux is no closer to claiming the gaming world's crown than it was six years ago, when Newell predicted the open-source, user-generated-content revolution.

[...] The industry's lack of Linux love is just one reason Epic Games felt free to launch its new digital store -- the first true competition to Steam in about a decade -- without support for open-source operating systems. When the company unveiled the Epic Games Store in December, Linux fans immediately had questions: Would the marketplace work on their distros? If not, were there plans to support Linux down the line?

The most concrete answer came from Epic Games director of publishing strategy (and a creator of Steam Spy) Sergey Galyonkin on Twitter in late December: "It really isn't on the roadmap right now. Doesn't mean this won't change in the future, it's just we have so many features to implement." Epic Games didn't provide an update on its plans for this story.

[more...]

upstart writes:

Submitted via IRC for SoyCow1984

Hack Brief: Google Reveals 'BuggyCow,' a Rare MacOS Zero-Day Vulnerability

When Google's team of ninja bug-hunting researchers known as Project Zero finds a hackable flaw in somebody else's code, they give the company responsible 90 days to fix it before going public with their findings—patched or not. So like clockwork, 94 days after Google alerted Apple to a bug in its MacOS operating system that could allow malware to inject data into the most privileged code running on its computers, Mountain View's hackers are revealing that fresh zero-day vulnerability to the world.

On Friday, Google's Project Zero researchers quietly published a forum post outlining a previously unknown vulnerability in MacOS, which they call BuggyCow, in a piece of proof-of-concept demonstration code. The attack takes advantage of an obscure oversight in Apple's protections on its machines' memory to enable so-called privilege escalation, allowing a piece of malware with limited privileges to, in some cases, pierce into deeper, far more trusted parts of a victim's Mac.

[...] BuggyCow continues Project Zero's practice of publicly dropping serious, unpatched security vulnerabilities in the code of major tech firms, from Apple and Facebook to Microsoft, a habit that has earned it occasional criticism from the security industry. But the group's strict 90-day deadline, Google has argued, is intended as a powerful motivator for other companies to patch their flaws quickly—an important factor given that Project Zero isn't always the only group of hackers who discover a vulnerability.

In fact, Project Zero notes that it first warned Apple about its BuggyCow flaw back in November and that the company hadn't acted to patch it ahead of last week's public reveal. Apple didn't respond to a request for comment.

Original Submission

Arthur T Knackerbracket has found the following story:

Researchers at The University of Manchester in the UK, led by Dr Artem Mishchenko, Prof Volodya Fal'ko and Prof Andre Geim, have discovered the quantum Hall effect in bulk graphite -- a layered crystal consisting of stacked graphene layers. This is an unexpected result because the quantum Hall effect is possible only in so-called two-dimensional (2D) systems where electrons' motion is restricted to a plane and must be disallowed in the perpendicular direction. They have also found that the material behaves differently depending on whether it contains odd or even number of graphene layers -- even when the number of layers in the crystal exceeds hundreds. The work is an important step to the understanding of the fundamental properties of graphite, which have often been misunderstood, esepcially in recent years.

In their work, published in Nature Physics, Mishchenko and colleagues studied devices made from cleaved graphite crystals, which essentially contain no defects. The researchers preserved the high quality of the material also by encapsulating it in another high-quality layered material -- hexagonal boron nitride. They shaped their devices in a Hall bar geometry, which allowed them to measure electron transport in the thin graphite.

"The measurements were quite simple." explains Dr Jun Yin, the first author of the paper. "We passed a small current along the Hall bar, applied strong magnetic field perpendicular to the Hall bar plane and then measured voltages generated along and across the device to extract longitudinal resistivity and Hall resistance.

Prof Fal'ko who led the theory exploration said: "We were quite surprised when we saw the quantum Hall effect accompanied by zero longitudinal resistivity in our samples. These are thick enough to behave just as a normal bulk semimetal in which QHE should be strictly forbidden."

[...] "For decades graphite was used by researchers as a kind of 'philosopher's stone' that can deliver all probable and improbable phenomena including room-temperature superconductivity," Geim adds with a smile. "Our work shows what is, in principle, possible in this material, at least when it is in its purest form."

Journal Reference: Jun Yin, Sergey Slizovskiy, Yang Cao, Sheng Hu, Yaping Yang, Inna Lobanova, Benjamin A. Piot, Seok-Kyun Son, Servet Ozdemir, Takashi Taniguchi, Kenji Watanabe, Kostya S. Novoselov, Francisco Guinea, A. K. Geim, Vladimir Fal'ko, Artem Mishchenko. Dimensional reduction, quantum Hall effect and layer parity in graphite films. Nature Physics, 2019; DOI: 10.1038/s41567-019-0427-6

Original Submission

Arthur T Knackerbracket has found the following story:

An analysis published in JNeurosci of brain scans from more than 600 children and adolescents reveals genetically-mediated associations between the size of evolutionarily novel brain regions and intelligence test scores. Genetic influences on the brain follow the patterns of evolutionary expansion of the human brain relative to nonhuman primates.

Cerebral surface area has expanded dramatically over the course of human evolution. Brain regions that have undergone evolutionary expansion tend to follow a similar pattern during individual development. Despite these trends, brain structure can vary greatly between similar people. The relative contribution of genetic and environmental factors to individual differences in cerebral surface area in children has been unclear.

J. Eric Schmitt, Michael C. Neale, Liv S. Clasen, Siyuan Liu, Jakob Seidlitz, Joshua N. Pritikin, Alan Chu, Gregory L. Wallace, Nancy Raitano Lee, Jay N. Giedd, Armin Raznahan. A Comprehensive Quantitative Genetic Analysis of Cerebral Surface Area in Youth. The Journal of Neuroscience, 2019; 2248-18 DOI: 10.1523/JNEUROSCI.2248-18.2019

Original Submission

Arthur T Knackerbracket has found the following story:

Firefox browser-maker Mozilla is considering whether to block cybersecurity company DarkMatter from serving as one of its internet security gatekeepers after a Reuters report linked the United Arab Emirates-based firm to a cyber espionage program.

Reuters reported in January that DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former U.S. intelligence officials who conducted offensive cyber operations for the UAE government.

Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from DarkMatter’s headquarters.

Those operations included hacking into the internet accounts of human rights activists, journalists and officials from rival governments, Reuters found. DarkMatter has denied conducting the operations and says it focuses on protecting computer networks.

[...] DarkMatter has been pushing Mozilla for full authority to grant certifications since 2017, the browser maker told Reuters. That would take it to a new level, making it one of fewer than 60 core gatekeepers for the hundreds of millions of Firefox users around the world.

[Selena] Deckelmann said Mozilla is worried that DarkMatter could use the authority to issue certificates to hackers impersonating real websites, like banks.

As a certification authority, DarkMatter would be partially responsible for encryption between websites they approve and their users.

In the wrong hands, the certification role could allow the interception of encrypted web traffic, security experts say.

In the past Mozilla has relied exclusively on technical issues when deciding whether to trust a company with certification authority.

The Reuters investigation has led it to reconsider its policy for approving applicants. “You look at the facts of the matter, the sources that came out, it’s a compelling case,” said Deckelmann.

Previously: Surveillance Firm Asks Mozilla to be Included in Firefox's Certificate Whitelist

Original Submission

martyb writes:

The US National Security Agency (NSA) announces it has made its GHIDRA Software Reverse Engineering (SRE) framework available as open source. Key features of Ghidra are:

• includes a suite of software analysis tools for analyzing compiled code on a variety of platforms including Windows, Mac OS, and Linux
• capabilities include disassembly, assembly, decompilation, graphing and scripting, and hundreds of other features
• supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes
• users may develop their own Ghidra plug-in components and/or scripts using the exposed API

The framework can be downloaded from https://ghidra-sre.org/. The page has a button labeled "SHA-256" but it seems to require Javascript for it to be displayed. A simple "view source" (you don't think I'm gonna let the NSA have execution permission on my computer!) of the page revealed:

3b65d29024b9decdbb1148b12fe87bcb7f3a6a56ff38475f5dc9dd1cfc7fd6b2 ghidra_9.0_PUBLIC_20190228.zip

Alternatively, it also seems to be available on GitHub.

What I really want to know is how are you supposed to pronounce its name?

Original Submission

exec & upstart write:

Submitted via IRC for Bytram & AzumaHazuki

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

Speculative execution, the practice of allowing processors to perform future work that may or may not be needed while they await the completion of other computations, is what enabled the Spectre vulnerabilities revealed early last year.

In a research paper distributed this month through pre-print service ArXiv, "SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks," computer scientists at Worcester Polytechnic Institute in the US, and the University of Lübeck in Germany, describe a new way to abuse the performance boost.

The researchers [...] have found that "a weakness in the address speculation of Intel's proprietary implementation of the memory subsystem" reveals memory layout data, making other attacks like Rowhammer much easier to carry out.

The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior.

"We have discovered a novel microarchitectural leakage which reveals critical information about physical page mappings to user space processes," the researchers explain.

"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments."

The issue is separate from the Spectre vulnerabilities, and is not addressed by existing mitigations. It can be exploited from user space without elevated privileges.

[...] "The root cause of the issue is that the memory operations execute speculatively and the processor resolves the dependency when the full physical address bits are available," said Moghimi. "Physical address bits are security sensitive information and if they are available to user space, it elevates the user to perform other micro architectural attacks."

[...] SPOILER, the researchers say, will make existing Rowhammer and cache attacks easier, and make JavaScript-enabled attacks more feasible – instead of taking weeks, Rowhammer could take just seconds. Moghimi said the paper describes a JavaScript-based cache prime+probe technique that can be triggered with a click to leak private data and cryptographic keys not protected from cache timing attacks.

Mitigations may prove hard to come by. "There is no software mitigation that can completely erase this problem," the researchers say. Chip architecture fixes may work, they add, but at the cost of performance.

Original Submission #1  Original Submission #2 

martyb writes:

Soon, Hundreds of Tourists Will Go to Space. What Should We Call Them?:

Perhaps within a matter of a months, a handful of customers will board a spacecraft and fly above Earth's atmosphere to float for a few minutes, where they will presumably gawk at our planet's graceful curvature. Shortly after this, dozens, and soon hundreds, will follow. Space enthusiasts have made such promises about space tourism for nearly a decade, but in 2019 it's finally coming true.

In the last three months, Virgin Galactic has completed two crewed test flights above 80km. And with its flight-tested New Shepard launch system, Blue Origin remains on track to blast its own people into space later this year. Both spacecraft can carry up to six passengers. Neither company has begun commercial operations, but these flights appear imminent. Later this year, suborbital space tourism should finally transition from long-promised to something you can do if you're rich enough. Next year, we will likely see dozens of commercial flights.

These welcome successes have raised a question, however: just what do we call these people?

Until now, it has been fairly easy to call men and women who have gone to space astronauts (or cosmonauts in Russia, and taikonauts in China). About 560 humans have gone to space, nearly all of them into orbit, and a lucky two dozen have gone beyond. Twelve have walked on the Moon.

In 2004, the private SpaceShipOne venture clouded the picture a little bit by making a private suborbital flight. The pilots, Mike Melvill and Brian Binnie, had not trained as government astronauts, so the US Federal Aviation Administration created a new designation for them—commercial astronauts. Since then, the five crew members of Virgin Galactic's VSS Unity flights in December and February have also earned that designation. But the FAA will only recognize "crew," not passengers.

For now, there remains no official word on what to call non-crew members. Are they astronauts, too? Space passengers? Astro-nots?

Ignoring the question of whether 80km is really "space" or one needs to reach 100km (the Kármán line), Ars Technica queried Virgin Galactic, Blue Origin, former NASA astronauts and others. Worthy of note is that NASA called self-funded fliers who bought access to the International Space Station — such as Dennis Tito — "spaceflight participants."

What do you think they should be called?

Original Submission

Phoenix666 writes:

Phys.org:

A vehicle traveling at 55 mph covers a distance greater than a football field in five seconds. With the average text taking approximately five seconds to read, that's at least a football field's worth of driver inattention. Texting while driving is dangerous, and possibly even fatal, especially in a highway work zone.

Now, researchers at the University of Missouri say drivers not paying attention—such as answering a phone call, a text message, or being distracted by a passenger—for any length of time are 29 times more likely to be involved in a collision or near collision in a highway work zone.

The results from this study could provide recommendations on "behavioral countermeasures" to state transportation agencies and the Federal Highway Administration, which are implementing countermeasures to decrease injuries and fatalities in a highway work zone. These recommendations include better public education, laws to ban texting and driving, and policies that deter driver distractions. The results could also be used when developing new technology, such as driverless vehicles.

Journal Reference:
Nipjyoti Bharadwaj et al. Risk Factors in Work Zone Safety Events: A Naturalistic Driving Study Analysis, Transportation Research Record: Journal of the Transportation Research Board (2019). DOI: 10.1177/0361198118821630

More data highlight the danger of texting while driving.

Original Submission

DannyB writes:

Why 'ji32k7au4a83' Is a Remarkably Common Password

For too many people, moving the digits around in some variation of Patriots69Lover is their idea of a strong password. So you might expect something complicated like” “ji32k7au4a83” would be a great password. But according to the data breach repository Have I Been Pwned (HIBP), it shows up more often than one might expect.

This interesting bit of trivia comes from self-described hardware/software engineer Robert Ou, who recently asked his Twitter followers if they could explain why this seemingly random string of numbers has been seen by HIBP over a hundred times.

Have I Been Pwned is an aggregator that was started by security expert Troy Hunt to help people find out if their email or personal data has shown up in any prominent data breaches. One service it offers is a password search that allows you to check if your password has shown up in any data breaches that are on the radar of the security community. In this case, “ji32k7au4a83" has been seen by HIBP in 141 breaches.

Several of Ou’s followers quickly figured out the solution to his riddle. The password is coming from the Zhuyin Fuhao system for transliterating Mandarin. The reason it’s showing up fairly often in a data breach repository is because “ji32k7au4a83" translates to English as “my password.”

Related: The password “ji32k7au4a83” has been seen over a hundred times, and the password "ji32k7au4a83" looks like it'd be decently secure, right?

Now if only there were one super secure password everyone could use so we would all be safe.

[There is! But it would require over 55 hours (at 5 characters per second) to type it in. --Ed.]

Original Submission

isj writes:

The Danish Ministry of Education has developed a "digital exam invigilator" to be used by students in the equivalent of high schools ("gymnasiale uddannelser"). The purpose is to be able to detect cheating during written exams. The program:
  - captures all keystrokes (keylogger)
  - captures a screenshot every minute and whenever you switch tasks
  - a list of all open webpages
  - network configuration
  - which programs are running
  - whether it's is running in a VM
  - contents of the clipboard
  and sends this to a central server during the exam. The data is kept for 4 months.

The initiative is getting a lot of criticism.
  - In 2017 there was 229 suspicions of cheating out of more than 200.000 students, so this initiative may be out of proportions.
  - The program is only available for Windows and MacOS. No support for Linux or ChromeOS.
  - It may be possible for a 3rd party to do a MITM-attack and take over the students' PCs.
  - If a student is unable or unwilling to install the program he can perform the exam under "extended surveillance" (good old-fashioned humans watching) at the school's discretion. Some schools deny students this option and instead just fail them.
  - The program will likely collect private information.

The schools do not provide computers for students because they cannot afford it. So its BYOD. On some schools (eg. some vocational schools) Linux is quite common. Some schools have trouble affording the extra human invigilators.

So soylentils: what would you do given the constraints? What do other countries do? Ignore the risk of cheating? Spend money on human invigilators?

All sources are in Danish as this news has not hit the international scene (yet). Sorry.
Danish Ministry of Education page on the program: https://www.stil.dk/uvm-dk/gymnasiale-uddannelser/proever-og-eksamen/netproever/den-digitale-proevevagt
Short analysis by security expert Peter Kruse: https://www.dr.dk/nyheder/indland/den-digitale-proevevagt-overvaagnings-kritiske-elever-faar-ministeriet-til-rette
A Reddit thread on the subject: https://www.reddit.com/r/Denmark/comments/avovqx/staten_har_nu_krav_om_at_vi_installerer_et/
A discussion on version2 (an EE and CS site): https://www.version2.dk/artikel/digitale-proevevagt-totalovervaagning-elevers-computere-midlertidigt-trukket-tilbage-1087609

Original Submission