SoylentNews

martyb writes:

McAfee Joins Sophos, Avira, Avast-The Latest Windows Update Breaks Them all:

The most recent Windows patch, released April 9, seems to have done something (still to be determined) that's causing problems with anti-malware software. Over the last few days, Microsoft has been adding more and more antivirus scanners to its list of known issues. As of publication time, client-side antivirus software from Sophos, Avira, ArcaBit, Avast, and most recently McAfee are all showing problems with the patch.

Affected machines seem to be fine until an attempt is made to log in, at which point the system grinds to a halt. It's not immediately clear if systems are freezing altogether or just going extraordinarily slowly. Some users have reported that they can log in, but the process takes ten or more hours. Logging in to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2 are all affected.

Booting into safe mode is unaffected, and the current advice is to use this method to disable the antivirus applications and allow the machines to boot normally. Sophos additionally reports that adding the antivirus software's own directory to the list of excluded locations also serves as a fix, which is a little strange.

Anti-virus programs keeping Windows from booting — are they trying to tell us something?

Original Submission

canopic jug writes:

Marcus Hutchins, the researcher who stopped the Wannacry Windows ransomware attack, has pleaded guilty to two counts of writing banking malware in 2014.

Hutchins was accused of writing a banking malware called Kronos in 2014, after he finished high school. The researcher was arrested in Las Vegas after attending the hacker conference Def Con in 2017. Days later, he plead not guilty in a Milwaukee courtroom. He was scheduled to be tried this summer.

But on Friday, Hutchins plead guilty to two counts of [cracking]. According to the guilty plea, each of these counts carries a maximum sentence of 5 years, $250,000 in fines and up to 1 year of supervised release.

He has published a brief statement regarding the case on his blog.

Legal Case Update

As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security. I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.

Original Submission

MrPlow writes:

Submitted via IRC for ErkleLives

Phishing — schemes to nab personal data with disguised malicious webpages and emails — constituted more than 70% of all cyber attacks in 2016, according to a Verizon report. In an effort to combat them, Google last year announced it would require users to enable JavaScript during Google Account sign-in so that it could run attack-detecting risk assessments, and today, the company said it'll begin to block all sign-ins from embedded browser frameworks like Chromium Embedded Framework starting in June.

For the uninitiated, embedded browser frameworks enable developers to add basic web browsing functionality to their apps, and to use web languages like HTML, CSS, and JavaScript to create those apps' interface (or portions of it). They're typically cross-platform — Chromium Embedded Framework runs on Linux, Windows, and macOS — and they support a range of language bindings.

"We're constantly working to improve our phishing protections to keep your information secure," account security product manager Jonathan Skelker wrote in a blog post. "This is yet another layer of protection on top of existing safeguards like Safe Browsing warnings, Gmail spam filters, and account sign-in challenges."

[...] As an alternative to embedded browser frameworks, Google is suggesting that developers use browser-based OAuth authentication, which enables users to see the full address of the page where they're entering their credentials. "If you are a developer with an app that requires access to Google Account data, switch to using browser-based OAuth authentication today," Skelker said.

Source: https://venturebeat.com/2019/04/18/google-will-begin-to-block-sign-ins-from-embedded-browser-frameworks-in-june/

Original Submission

upstart writes:

Submitted via IRC for Bytram

Aussies, Yanks may think they're big drinkers – but Brits easily booze them under the table

The top ten per cent of Australia's boozy population downs more than half of the alcohol consumed in the country, according to new research – and the Brits are even worse.

Two researchers from the La Trobe University, Australia, uncovered the eye popping statistic from two surveys: the 2013 International Alcohol Control Study and the 2016 National Drug Strategy Household Survey, as well as more recent research work.

"We found that the heaviest drinking 10 per cent of Australians drink 54.4 per cent of all alcohol consumed in Australia," said Michael Livingston, co-author of the paper published in the Australian and New Zealand Journal of Public Health and an alcohol policy expert at La Trobe University, on Thursday this week.

The paper also highlighted the intoxicating habits of other countries too. The US fares slightly worse. Ten per cent of America's population guzzled about 55 per cent of all the boozy beverages. But it looked even more diabolical for the Brits - just four per cent of its population glugged a whopping 30 per cent of all its alcohol and they easily outpace Aussies and Americans.

Livingston and his colleague Sarah Callinan, also a researcher at La Trobe's Centre for Alcohol Policy Research, found that Australia's top alcoholics were more likely to be middle-aged men living in rural areas.

"We know that rural areas have disproportionately high levels of consumption and alcohol-related harm compared to metropolitan areas. We found that 16 per cent of this heavy-drinking subset live in outer regional and remote areas, compared with 10 per cent of other drinkers."

[...] "Clearly government has a responsibility to address the problem of cheap alcohol by fixing the way alcohol is taxed, introducing floor prices and halting the proliferation of harm-causing packaged alcohol sales," he said./p>

Sponsored: Becoming a Pragmatic Security Leader

Original Submission

martyb writes:

Anti-Vax Parents Lose in NY Court, Face Steep Fines for Not Vaccinating:

A Brooklyn judge on Thursday rejected the petition from five anonymous anti-vaccine mothers who attempted to block the city's recent vaccination mandate amid the largest measles outbreak the city has seen in several decades.

And the city wasted no time enforcing its upheld order. As the judge made his decision Thursday, city health officials doled out the first penalties to violators, according to the New York Times. Officials sent summonses to the parents of three children for failing to vaccinate the children even after city officials determined that they had been exposed to the dangerous viral illness.

Measles is so contagious that up to 90 percent of unvaccinated or otherwise susceptible individuals who are exposed will become ill, according to the Centers for Disease Control and Prevention. Measles' extreme contagiousness is due in part to the fact that once it is launched into the air from a cough or sneeze it can remain airborne and infectious for up to two hours. Any vulnerable passersby who breathe in the virus or touch contaminated surfaces can pick it up.

canopic jug writes:

Famed hardware hacker Bunnie Huang has posted an overview of his notes on designing an open source entropy generator. His summary links to the full notes which include schematics, measurement results, as well as other key details.

The final optimized design takes <1cm² area and draws 520uA at 3.3V when active and 12uA in standby (mostly 1.8V LDO leakage for the output stage, included in the measurement but normally provided by the system), and it passes preliminary functional tests from 2.8-4.4V and 0-80C. The output levels target a 0-1V swing, meant to be sampled using an on-chip ADC from a companion MCU, but one could add a comparator and turn it into a digital-compatible bitstream I suppose. I opted to use an actual diode instead of a NPN B-E junction, because the noise quality is empirically better and anecdotes on the Internet claim the NPN B-E junctions fail over time when operated as noise sources. I'll probably go through another iteration of tweaking before final integration, but afaik this is the smallest, lowest power open-source avalanche noise generator to date (slightly smaller than this one [PDF]).

Original Submission

martyb writes:

Utah Bans Police From Searching Digital Data Without A Warrant, Closes Fourth Amendment Loophole:

In a major win for digital privacy, Utah became the first state in the nation to ban warrantless searches of electronic data. Under the Electronic Information or Data Privacy Act (HB 57), state law enforcement can only access someone's transmitted or stored digital data (including writing, images, and audio) if a court issues a search warrant based on probable cause. Simply put, the act ensures that search engines, email providers, social media, cloud storage, and any other third-party "electronic communications service" or "remote computing service" are fully protected under the Fourth Amendment (and its equivalent in the Utah Constitution).

HB 57 also contains provisions that promote government transparency and accountability. In most cases, once agencies execute a warrant, they must then notify owners within 14 days that their data has been searched. Even more critically, HB 57 will prevent the government from using illegally obtained digital data as evidence in court.

In a concession to law enforcement, the act will let police obtain location-tracking information or subscriber data without a warrant if there's an "imminent risk" of death, serious physical injury, sexual abuse, livestreamed sexual exploitation, kidnapping, or human trafficking.

Backed by the ACLU of Utah and the Libertas Institute, the act went through five different substitute versions before it was finally approved—without a single vote against it—last month. HB 57 is slated to take effect in mid-May.

Third party doctrine, begone?

Original Submission

canopic jug writes:

The Chronicle of Higher Education has an article asking if intranets are making professors stupid. The article starts out focusing on e-mail and quickly drills down to identify all the time-wasters that turn expensive faculty members from productive, professional thinkers to unproductive, amateur administrators.

A subtler factor arose as an unexpected side effect of the introduction of "productivity-enhancing" networked personal computers to professional life. As the economist Peter G. Sassone observed in the early 1990s, personal computers made administrative tasks just easy enough to eliminate the need for dedicated support staff — you could now type your own memos using a word processor or file expenses directly through an intranet portal. In the short term, these changes seemed to save money. But as Sassone documents, shifting administrative tasks to high-skilled employees led to a decrease in their productivity, which reduced revenue — creating losses that often surpassed the amount of money saved by cuts to support staff. He describes this effect as a diminishment of "intellectual specialization," and it's a dynamic that's not spared higher education, where professors spend an increasing amount of time dealing with the administrative substrate of their institutions through electronic interfaces.

We can actually quantify the background hum of busyness that Knuth so assiduously avoids. In 2014, the Boise State anthropologist John Ziker released the results of a faculty time-use study, which found that the average professor spent a little over 60 hours a week working, with 30 percent of that time dedicated to email and meetings. Anecdotal reports hint that this allocation has only gotten worse over the past five years.

Original Submission

MrPlow writes:

Submitted via IRC for ErkleLives

The epic poem Beowulf is the most famous surviving work of Old English literature. For decades, scholars have hotly debated both when the poem was composed and whether it was the work of a single anonymous author ("the Beowulf poet"). Lord of the Rings' scribe J.R.R. Tolkien was among those who famously championed the single-author stance. Now researchers at Harvard University have conducted a statistical analysis and concluded that there was very likely just one author, further bolstering Tolkien's case. They published their findings in a recent paper [DOI: 10.1038/s41562-019-0570-1] [DX] in Nature Human Behavior.

Source: https://arstechnica.com/science/2019/04/tolkien-was-right-scholars-conclude-beowulf-likely-the-work-of-single-author/

Original Submission

martyb writes:

Nicotine Replacement: When Quitting Cigarettes, Consider Using More Nicotine, Not Less:

When delivered through cigarettes, nicotine is considered to be one of the most addictive substances on Earth, so it may seem odd to suggest that people should use more, rather than less, to quit smoking. A recent review of the research, however, has found just that.

Nicotine replacement therapy, known as NRT, has been used to help people safely quit smoking for more than 20 years. It can be prescribed by a doctor but, in many countries, is also available to buy from grocery stores and pharmacies. The Cochrane review (Cochrane assesses evidence on healthcare interventions and summarises the findings) looked at the best ways to use NRT to quit smoking – and found three ways in which using more nicotine might help:

1. Use two forms of NRT rather than one. [...]
2. Start to use NRT before stopping smoking. [...]
3. Higher doses of NRT may help some people.

If you don't get a "happy" jolt from the release of dopamine (because the levels of nicotine never dropped to a stage of craving), the perceived "reward" for smoking is reduced/removed.

Original Submission

takyon writes:

Sony explains its new policy regarding sexual content in games

Sony has a problem with sexual content on the PS4. While that was mere speculation for the last year or so (despite numerous stories saying otherwise), a recent report from the Wall Street Journal has outright confirmed the policy shift from the platform holder. In an interview with the publication, a Sony US official said, "Sony is concerned the company could become a target of legal and social action," hence the shift on sexual content.

As detailed in the report, a lot of this new policy is a reaction to the #MeToo movement. Executives at Sony are worried about the reputation of the platform if it continues to host content that sexually objectifies women. As well as social movements, Sony is concerned over the advent of streaming services allowing region-specific content to be viewed on a global scale. Since some standards only apply to certain countries, Sony doesn't want to be seen hosting a game in the US that's hyper-sexually charged.

This has obviously angered some game developers. As one unnamed [chief executive of a small game developer in Japan] told the Wall Street Journal, "You don't know what they will say until you complete the work and submit it for review. And if they are not happy, even if they allowed the same degree of sexuality a few days before, we need to take it back and ask our staff to make adjustments. That's very costly."

Archived copy of WSJ article.

Also at Kotaku.

Original Submission

martyb writes:

Federal Investigation of Facebook Could Hold Mark Zuckerberg Accountable on Privacy, Sources say:

Federal regulators investigating Facebook for mishandling its users’ personal information have set their sights on the company’s chief executive, Mark Zuckerberg, exploring his past statements on privacy and weighing whether to seek new, heightened oversight of his leadership.

The discussions about how to hold Zuckerberg accountable for Facebook’s data lapses have come in the context of wide-ranging talks between the Federal Trade Commission and Facebook that could settle the government’s more than year-old probe, according to two people familiar with the discussions. Both requested anonymity because the FTC’s inquiry is confidential under law.

Such a move could create new legal, political and public-relations headaches for one of Silicon Valley’s best known — and image conscious — corporate leaders. Zuckerberg is Facebook’s co-founder, chief executive, board chairman and most powerful stock owner, and a sanction from the federal government would be seen as a rare rebuke to him and the tech giant’s historic “move fast and break things” ethos.

Often, the FTC does not target executives in cases where it finds a company’s business practices have violated web users’ privacy. But critics said that targeting Zuckerberg could send a message to other tech giants that the agency is willing to hold top executives directly accountable for their firms’ repeated data misdeeds.

“The days of pretending this is an innocent platform are over, and citing Mark in a large scale enforcement action would drive that home in spades,” said Roger McNamee, an early investor in the company and one of Zuckerberg's foremost critics.

I wonder how many Soylentils (besides me) saw the privacy implications and never set up an account?

Original Submission

An Anonymous Coward writes:

Have you ever wondered what it costs to keep a person alive when they are on the brink of death? Thanks to a post by a suicide survivor who started a rash of posts concerning hospital costs for the mortally challenged we know that the hospital bill for suicide management can be from 10K to 100K. Oliver Jordan clocked up 25,000 likes and hundreds of responses to his post with some people saying it cost them 10K to 20K for a US emergency room visit. Once a patient enters a hospital they can racked many charges often without realising what the end bill will be.

In memory of MDC.

Original Submission

AnonTechie writes:

In science, the success of an experiment is often determined by a measure called "statistical significance." A result is considered to be "significant" if the difference observed in the experiment between groups (of people, plants, animals and so on) would be very unlikely if no difference actually exists. The common cutoff for "very unlikely" is that you'd see a difference as big or bigger only 5 percent of the time if it wasn't really there — a cutoff that might seem, at first blush, very strict.

It sounds esoteric, but statistical significance has been used to draw a bright line between experimental success and failure. Achieving an experimental result with statistical significance often determines if a scientist's paper gets published or if further research gets funded. That makes the measure far too important in deciding research priorities, statisticians say, and so it's time to throw it in the trash.

More than 800 statisticians and scientists are calling for an end to judging studies by statistical significance in a March 20 comment published in Nature. An accompanying March 20 special issue of the American Statistician makes the manifesto crystal clear in its introduction: "'statistically significant' — don't say it and don't use it."

There is good reason to want to scrap statistical significance. But with so much research now built around the concept, it's unclear how — or with what other measures — the scientific community could replace it. The American Statistician offers a full 43 articles exploring what scientific life might look like without this measure in the mix.

Statistical Significance

Is is time for "P is less than or equal to 0.05" to be abandoned or changed ??

Original Submission

takyon writes:

Samsung Completes Development of 5nm EUV Process Technology

Samsung Foundry this week announced that it has completed development of its first-generation 5 nm fabrication process (previously dubbed 5LPE). The manufacturing technology uses extreme ultraviolet lithography (EUVL) and is set to provide significant performance, power, and area advantages when compared to Samsung's 7 nm process (known as 7LPP). Meanwhile, Samsung stresses that IP developed for 7LPP can be also used for chips to be made using 5LPE.

Samsung's 5 nm technology continues to use FinFET transistors, but with a new standard cell architecture as well as a mix of DUV and EUV step-and-scan systems. When compared to 7LPP, Samsung says that their 5LPE fabrication process will enable chip developers to reduce power consumption by 20% or improve performance by 10%. Furthermore, the company promises an increase in logic area efficiency of up to 25%.

One interesting technology that will eventually be on Samsung's roadmap: "gate-all-around" field effect transistors.

Meanwhile, TSMC has announced a new node, "6nm", which will allow for smaller die sizes than "7nm" with no improvements to performance or power consumption. It is also not better than the TSMC "7nm+" node, which will use extreme ultraviolet lithography:

TSMC this week unveiled its new 6 nm (CLN6FF, N6) manufacturing technology, which is set to deliver a considerably higher transistor density when compared to the company's 7 nm (CLN7FF, N7) fabrication process. An evolution of TSMC's 7nm node, N6 will continue to use the same design rules, making it easier for companies to get started on the new process. The technology will be used for risk production of chips starting Q1 2020.

TSMC states that their N6 fabrication technology offers 18% higher logic density when compared to the company's N7 process (1st Gen 7 nm, DUV-only), yet offers the same performance and power consumption. Furthermore, according to TSMC N6 'leverages new capabilities in extreme ultraviolet lithography (EUVL)' gained from N7+, but does not disclose how exactly it uses EUV for the particular technology. Meanwhile, N6 uses the same design rules as N7 and enables developers of chips to re-use the same design ecosystem (e.g., tools, etc.), which will enable them to lower development costs. Essentially, N6 allows to shrink die sizes of designs developed using N7 design rules by around 15% while using the familiar IP for additional cost savings.

See table in article.

Previously: Samsung Discusses Foundry Plans Down to "3nm"
TSMC's "5nm" (CLN5FF) Process On-Track for High-Volume Manufacturing in 2020

Original Submission