Slash Boxes

SoylentNews is people

Log In

Log In

Create Account  |  Retrieve Password

Site News

Join our Folding@Home team:
Main F@H site
Our team page

Funding Goal
For 6-month period:
2020-07-01 to 2020-12-31
(All amounts are estimated)
Base Goal:


Covers transactions:
2020-07-01 00:00:00 ..
2020-09-22 11:53:27 UTC
(SPIDs: [1408..1439])
Last Update:
2020-09-23 12:34:24 UTC --martyb

Support us: Subscribe Here
and buy SoylentNews Swag

We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.

I usually take my coffee:

  • Black
  • With cream (or milk)
  • With sugar (or sweetener)
  • With cream && sugar
  • Heathenisticallly decaf
  • Crushed and snorted
  • I prefer tea, TYVM
  • Other (specify)

[ Results | Polls ]
Comments:126 | Votes:169

posted by chromas on Monday June 10 2019, @10:29PM   Printer-friendly [Skip to comment(s)]
from the will-it-run-linux? dept.

The next-generation Xbox console referred to as "Project Scarlett", scheduled for release in late 2020, will feature a custom AMD "7nm" Zen 2 CPU and Navi GPU. The console will include hardware support for real-time raytracing, and include an SSD for significantly faster loading times. The console will also be able to use the SSD as virtual memory. The console will support up to 8K (7680×4320) resolution and 120 frames per second (presumably not at the same time for most - if any - games, but the console should at least support 8K video streaming). These details are extremely similar to those that were revealed about Sony's next PlayStation console.

Microsoft's xCloud streaming game service will launch in October 2019. It will allow gamers to stream games from Microsoft or those stored locally on their Xbox One consoles.

Also at The Verge.

See also: PlayStation 5's Beefier Hardware Could Help Mitigate Indies' Optimization Troubles, Says Ubisoft Dev

Related: Microsoft, Sony Partner on Streaming Games, Chips and AI

Original Submission

posted by chromas on Monday June 10 2019, @08:57PM   Printer-friendly [Skip to comment(s)]
from the lynx++ dept.

Opera, Brave, Vivaldi to Ignore Chrome's Anti-Ad-Blocker Changes, Despite Shared Codebase

Despite sharing a common Chromium codebase, browser makers like Brave, Opera, and Vivaldi don't have plans on crippling support for ad blocker extensions in their products -- as Google is currently planning on doing within Chrome.

The three browsers makers have confirmed to ZDNet, or in public comments, of not intending to support a change to the extensions system that Google plans to add to Chromium, the open-source browser project on which Chrome, Brave, Opera, and Vivaldi are all based on.

A few hours after reading about Brave, Opera, and Vivaldi breaking with Google blocking ad-blockers, I find this story -
Firefox may introduce a paid version in order to reduce its reliance on Google revenue

Mozilla, the maker of open source browser Firefox, is by no means strapped for cash; although the said browser is offered free of charge, the foundation has a lucrative search deal with Google.

Some of the revenue also comes thanks to its controversially proprietary online bookmarking service Pocket, and some from sponsored content and donations.

But although the Google deal is sweet – Mozilla is very dependent on it and nervous about the prospect, however unlikely, of losing it. Therefore it always seems be on the lookout for new revenue streams.

Mozilla will reportedly launch a paid version of Firefox this fall

In an interview with German media outlet T3N, the company's CEO, Chris Beard, said that it's aiming to launch the new version by October, with features like a VPN and secure cloud storage.

The company's already experimented with a VPN service by partnering up with ProtonVPN and offering a $10 subscription. Now, the company's thinking of offering some amount of free VPN bandwidth to get you started, and then charge a premium for metered access in the form of a monthly subscription.

So - what is the future? Are browsers to be divided between "free" browsers, that play games with Google, and paid browsers, which thumb their noses at Google?

And, how will all of that affect those of us who routinely modify their browsers? Will we have to work harder, for the same effect - or will we just be shot down in flames? Surrender to Google, or pay to browse?

Original Submission #0Original Submission #1Original Submission #2

posted by Fnord666 on Monday June 10 2019, @07:25PM   Printer-friendly [Skip to comment(s)]
from the pie-in-the-face dept.

Ohio bakery awarded $11 million in libel lawsuit against Oberlin College over alleged racial profiling

An Ohio jury has ordered Oberlin College to pay $11 million to a bakery which said it was libeled and wrongfully accused of racially profiling students.

The case stems from the November 2016 arrests of three black Oberlin students at Gibson's Bakery and market near the college's campus in Oberlin, Ohio. One student, Jonathan Aladin, was accused of attempted robbery for allegedly trying to "steal wine or otherwise illegally obtain wine" from the bakery, according to a defamation lawsuit. He would eventually confess in a written statement to buying alcohol illegally. Two other suspects, Cecelia Whettston and Endia J. Lawrence, were arrested and accused of misdemeanor assault, court documents state.

After that, Oberlin staff members tried to discredit the family-owned bakery, the lawsuit says. Oberlin College staff -- including deans and professors -- and students engaged in demonstrations in front of Gibson's Bakery following the arrests of the three students, the lawsuit stated. The suit also said Oberlin Vice President and Dean of Students Meredith Raimondo and other college staff members "handed out hundreds of copies" of a flier to the community and the media stating that Gibson's Bakery and its owners racially profiled and discriminated against the three students.

A mass email sent by Oberlin College's Vice President and General Counsel to school alumni criticized the decision of the jury, despite the trial not being over. The email was sent ahead of a punitive damages hearing, which may triple the amount Oberlin College has to pay.

Also at Inside Higher Ed.

Update: Bakery suing Oberlin College for libel wins $33M in damages
Oberlin College hit with maximum PUNITIVE DAMAGES (capped at $22 million by law) in Gibson's Bakery case

Original Submission

posted by janrinok on Monday June 10 2019, @05:53PM   Printer-friendly [Skip to comment(s)]

On June 5th, YouTube announced in a post on its official blog that it is going to be:

Removing more hateful and supremacist content from YouTube

by specifically prohibiting videos alleging that a group is superior in order to justify discrimination, segregation or exclusion based on qualities like age, gender, race, caste, religion, sexual orientation or veteran status.

Finally, we will remove content denying that well-documented violent events, like the Holocaust or the shooting at Sandy Hook Elementary, took place.

Reducing borderline content and raising up authoritative voices

In January, we piloted an update of our systems in the U.S. to limit recommendations of borderline content and harmful misinformation

We're looking to bring this updated system to more countries by the end of 2019. Thanks to this change, the number of views this type of content gets from recommendations has dropped by over 50% in the U.S. Our systems are also getting smarter about what types of videos should get this treatment, and we'll be able to apply it to even more borderline videos moving forward. As we do this, we'll also start raising up more authoritative content in recommendations

Continuing to reward trusted creators and enforce our monetization policies

we are strengthening enforcement of our existing YouTube Partner Program policies. Channels that repeatedly brush up against our hate speech policies will be suspended from the YouTube Partner program, meaning they can't run ads on their channel or use other monetization features like Super Chat.

In an article discussing this, Silicon Valley reporter Casey Newton of The Verge notes that this "is expected to result in the removal of thousands of channels across YouTube."

The crackdown goes into effect today and will "ramp up" over the next few days.

Aristarchus adds from Time:

The video streaming company says it has already made it more difficult to find and promote such videos, but it's now removing them outright. YouTube will also prohibit videos that deny certain proven events have taken place, such as the Holocaust.

The changes come as YouTube, Facebook, Twitter and other online services face mounting concern that the services allow, and in some cases foster , extremism.

YouTube's new policies will take effect immediately. Specifically, the service is banning videos "alleging that a group is superior in order to justify discrimination, segregation or exclusion." The ban applies to a range of characteristics, including race, sexual orientation and veteran status.

[...] The companies have said they are walking the balance between creating safe spaces while also protecting freedom of expression. With little government oversight on online material, internet companies have become the arbiters for what is and isn't allowed.

Original Submission #1Original Submission #2

posted by janrinok on Monday June 10 2019, @04:31PM   Printer-friendly [Skip to comment(s)]
from the if-it-quarks-like-a-duck... dept.

Submitted via IRC for Bytram

NB: LHCb is the Large Hadron Collider beauty experiment.

CERN's LHCb experiment reports observation of exotic pentaquark particles

"The pentaquark is not just any new particle," said LHCb spokesperson Guy Wilkinson. "It represents a way to aggregate quarks, namely the fundamental constituents of ordinary protons and neutrons, in a pattern that has never been observed before in over fifty years of experimental searches. Studying its properties may allow us to understand better how ordinary matter, the protons and neutrons from which we're all made, is constituted."

Our understanding of the structure of matter was revolutionized in 1964 when American physicist, Murray Gell-Mann, proposed that a category of particles known as baryons, which includes protons and neutrons, are composed of three fractionally charged objects called quarks, and that another category, mesons, are formed of quark-antiquark pairs. Gell-Mann was awarded the Nobel Prize in physics for this work in 1969. This quark model also allows the existence of other quark composite states, such as pentaquarks composed of four quarks and an antiquark. Until now, however, no conclusive evidence for pentaquarks had been seen.

LHCb researchers looked for pentaquark states by examining the decay of a baryon known as Λb (Lambda b) into three other particles, a J/ψ- (J-psi), a proton and a charged kaon. Studying the spectrum of masses of the J/ψ and the proton revealed that intermediate states were sometimes involved in their production. These have been named Pc(4450)+ and Pc(4380)+, the former being clearly visible as a peak in the data, with the latter being required to describe the data fully.

[...] "The quarks could be tightly bound," said LHCb physicist Liming Zhang of Tsinghua University, "or they could be loosely bound in a sort of meson-baryon molecule, in which the meson and baryon feel a residual strong force similar to the one binding protons and neutrons to form nuclei."

More studies will be needed to distinguish between these possibilities, and to see what else pentaquarks can teach us. The new data that LHCb will collect in LHC run 2 will allow progress to be made on these questions.

Original Submission

posted by janrinok on Monday June 10 2019, @03:04PM   Printer-friendly [Skip to comment(s)]
from the stuff-it-under-the-mattress dept.

The following 4 stories were submitted via IRC for SoyCow4463

Hackers hid malware in a fake trading app to steal your cryptocurrency

Security researchers have uncovered a knock-off cryptocurrency trading website designed to steal the funds of unwitting victims.

Cybercriminals have created a website that imitates the Cryptohopper cryptocurrency trading platform to distribute malware that could steal personal information, hijack your clipboard, and crypto-jack your system, Bleeping Computer reports. It appears to have helped hackers amass a trove of over $260,000 in various cryptocurrencies.

When users visit the imitation Cryptohopper website, their system will automatically download and execute a file simply called Setup.exe. While on the surface it might appear legitimate, it's actually a Trojan.

Baltimore didn't pay Bitcoin ransom so hackers leaked sensitive data on Twitter

Officials investigating the Bitcoin-fueled ransomware attack that hit Baltimore City last month believe the hackers have leaked government documents on Twitter.

A Twitter account claiming to be owned by the hackers appears to have been used to leak the sensitive documents, The Baltimore Sun reports. The now-suspended account posted a document detailing a woman's medical history last month, and claimed to have numerous other potentially sensitive documents. According to reports, the account has been taunting the city's mayor, Bernard C. "Jack" Young. No personal data has been stolen in the attack, according to a spokesperson from the mayor's office.

That said, the hackers' Twitter account allegedly messaged a Baltimore Sun reporter claiming to have financial documents and citizens' personal information. The supposed hacker threatened to leak the documents to the dark web.

Bitfinex denies role in spooky transfer of $1.37 million in stolen Bitcoin

Bitcoin BTC stolen from Bitfinex in 2016 is on the move. Earlier today, a combined 172.54 BTC ($1.37 million) was mysteriously sent from the hacker's wallets to an unknown address. Bitfinex' marketing director Anneka Dew however told Hard Fork that today's movements had nothing to do with the company at all. The set of five transfers began at approximately 07:00AM UTC, June 7, and was shared by Twitter-based transaction monitor @whale_alert.

Blockchain startup hacked itself to 'save' $13M of its users' cryptocurrency

A blockchain startup hacked its users' wallets to save $13 million in Bitcoin and other cryptocurrency from being stolen, ZDNet reports. Security researchers advised the Komodo Platform of a 'backdoor' in Agama, one of its older wallet apps, that would have allowed hackers to siphon any and all digital assets held inside. Before that could happen, devs made use of the the flaw themselvesto extract at-risk cryptocurrency to wallets under their control.

In total, Komodo's team says it 'saved' 96 BTC ($742K) and 8 million Komodo ($11.92M) from potential theft. The controlled funds can be viewed here and here.

Bad actors are said to have smuggled the backdoor into Agama by contributing useful code and updating it to include security vulnerabilities at a later date.

Original Submission #1Original Submission #2Original Submission #3Original Submission #4

posted by Fnord666 on Monday June 10 2019, @01:25PM   Printer-friendly [Skip to comment(s)]
from the fine-print dept.

Submitted via IRC for SoyCow4463

Why does macOS Catalina use Zsh instead of Bash? Licensing

Yesterday, at its WWDC developer conference, Apple unveiled the latest version of the MacOS operating system. Codenamed Catalina, it's a fairly significant update for the platform, not least because of the changes that have taken place under the hood. Take, for example, the default shell, which has been migrated from Bash to Zsh.

Bash has been the primary macOS shell since OS X 10.2 Jaguar. For almost sixteen years, MacOS developers have used it to write scripts and issue commands to the underlying operating system. It's deeply ingrained in how developers work. So, why the sudden change?

In a word: licensing.

[...] Newer versions of Bash are licensed under the GNU General Public License version 3 – or GPLv3 for short. This comes with several restrictions which could potentially have caused a few headaches for Apple further down the line.

Firstly, the GPLv3 include language that prohibits vendors from using GPL-licensed code on systems that prevent third parties from installing their own software. This controversial practice has a name: Tivoization, after the popular TiVo DVR boxes which are based on the Linux kernel, but only run software with an approved digital signature.

Secondly, the GPLv3 includes an explicit patent license. This can be hard to wrap your head around, but in a nutshell, it means that anyone who licenses code under the GPLv3 also explicitly grants a license to any of the associated patents. This isn't a comprehensive licensing deal; it only applies to the extent required to actually use the code.

[...] These two clauses are likely the reason why Apple's increasingly vary[sic] of GPL-licensed software, and is desperately trying to remove it from macOS. Between MacOS 10.5 Leopard and MacOS 10.12 Sierra, the number of GPL-licensed packages that came pre-installed decreased by an insane 66 percent – from 47 to just 16.

Original Submission

posted by Fnord666 on Monday June 10 2019, @11:48AM   Printer-friendly [Skip to comment(s)]
from the we'll-see dept.

Submitted via IRC for SoyCow4463

The clever cryptography behind Apple's "Find My" feature

When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company's Worldwide Developer Conference keynote on Monday, it sounded—to the sufficiently paranoid, at least—like both a physical security innovation and a potential privacy disaster. But while security experts immediately wondered whether Find My would also offer a new opportunity to track unwitting users, Apple says it built the feature on a unique encryption system carefully designed to prevent exactly that sort of tracking—even by Apple itself.

In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they're offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it's sleeping in a thief's bag. And it turns out that Apple's elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.

"Now what's amazing is that this whole interaction is end-to-end encrypted and anonymous," Federighi said at the WWDC keynote. "It uses just tiny bits of data that piggyback on existing network traffic so there's no need to worry about your battery life, your data usage, or your privacy."

[...] That system would obviate the threat of marketers or other snoops tracking Apple device Bluetooth signals, allowing them to build their own histories of every user's location. "If Apple did things right, and there are a lot of ifs here, it sounds like this could be done in a private way," says Matthew Green, a cryptographer at Johns Hopkins University. "Even if I tracked you walking around, I wouldn't be able to recognize you were the same person from one hour to the next."

In fact, Find My's cryptography goes one step further than that, denying even Apple itself the ability to learn a user's locations based on their Bluetooth beacons. That would represent a privacy improvement over Apple's older tools like Find My iPhone and Find Friends, which don't offer such safeguards against Apple learning your location.

Original Submission

posted by Fnord666 on Monday June 10 2019, @10:03AM   Printer-friendly [Skip to comment(s)]
from the good-news dept.

Submitted via IRC for SoyCow4463

DRAMeXchange, tech market intelligence firm TrendForce's memeory and storage branch, today added yet another entry to the list of industries expected to be negatively affected by tension between the U.S. and China. The research firm announced that it expects Huawei's blacklisting by the U.S. government to contribute to a DRAM price drop of up to 15% in the third quarter.

"As ripples from the U.S. ban continue to spread, Huawei's shipments of smartphone and server products are feared to face heavy obstacles for the next two to three quarters , impacting peak-season-demand for DRAM products 2H and the time of price precipitation," DRAMeXchange said.

[...] In its report, DRAMeXchange noted its earlier prediction that the likeliness of DRAM prices falling under suppliers' "fully-loaded costs" would be "extremely slim under the premises that the competition only consisted of three giants, and that DRAM production processes were nearing physical limits." The analyst is now changing its stance.

"Yet, a heated U.S.-China trade war may send demand in the second half of this year into quick-freeze, with the increasingly looming uncertainty compelling datacenters to make reductions to capex. Fragile DRAM suppliers may have to admit current inventory casualties on the books by the end of this year, and officially modify their financial statements to report: 'Loss,'" DRAMeXchange said.


Original Submission

posted by Fnord666 on Monday June 10 2019, @08:24AM   Printer-friendly [Skip to comment(s)]
from the risc-y-business dept.

Qualcomm Invests in RISC-V Startup SiFive

Investors are zeroing in on the open standard RISC-V instruction set architecture and the processor intellectual property being developed by a batch of high-flying chip startups.

Last fall, Esperanto Technologies announced a $58 million funding round. The chip IP vendor is incorporating more than 1,000 RISC-V cores onto a single 7-nm chip. Data storage specialist Western Digital is an early investor in Esperanto, Mountain View, Calif.

This week, another RISC-V startup, SiFive, announced a $65.4 million funding round that included new investor Qualcomm Ventures. SiFive, San Mateo, Calif., has so far raised more than $125 million, and is seen as a challenger to chip IP leader Arm.

Observers note that wireless modem leader Qualcomm is among Arm's biggest customers, making its investment in SiFive intriguing. Also participating in the Series D round were existing investors Chengwei Capital of Shanghai along with Sutter Hill Ventures and Spark Capital. Intel Capital and Western Digital also were early investors.

Also at EE Times.

See also: SiFive Acquires USB 2.0 and 3.x IP Portfolio to Strengthen RISC-V SoCs

Previously: RISC-V Projects to Collaborate
SiFive and UltraSoC Partner to Accelerate RISC-V Development Through DesignShare
SiFive Introduces RISC-V Linux-Capable Multicore Processor
SiFive HiFive Unleashed Not as Open as Previously Thought
Linux Foundation and RISC-V Proponents Launch CHIPS Alliance

Separately, a handful of RISC-V proponents launched the CHIPS Alliance, a project of the Linux Foundation to develop a broad set of open-source IP blocks and tools for the instruction set architecture. Initial members include Esperanto, Google, SiFive, and Western Digital. CHIPS stands for Common Hardware for Interfaces, Processors, and Systems.

Esperanto Technologies and SiFive look like the names to watch.

Related: First Open Source RISC-V Implementations Become Available
Western Digital Unveils RISC-V Controller Design
Raspberry Pi Foundation Announces RISC-V Foundation Membership
Western Digital Publishes RISC-V "SweRV" Core Design Under Apache 2.0 License

Original Submission

posted by Fnord666 on Monday June 10 2019, @06:47AM   Printer-friendly [Skip to comment(s)]
from the life-finds-a-way dept.

Submitted via IRC for Bytram

To Evade Pre-Prohibition Drinking Laws, New Yorkers Created the World's Worst Sandwich

To Evade Pre-Prohibition Drinking Laws, New Yorkers Created the World's Worst Sandwich

Near the end of the 19th century, New Yorkers out for a drink partook in one of the more unusual rituals in the annals of hospitality. When they ordered an ale or whisky, the waiter or bartender would bring it out with a sandwich. Generally speaking, the sandwich was not edible. It was “an old desiccated ruin of dust-laden bread and mummified ham or cheese,” wrote the playwright Eugene O’Neill. Other times it was made of rubber. Bar staff would commonly take the sandwich back seconds after it had arrived, pair it with the next beverage order, and whisk it over to another patron’s table. Some sandwiches were kept in circulation for a week or more.

Bar owners insisted on this bizarre charade to avoiding breaking the law—specifically, the excise law of 1896, which restricted how and when drinks could be served in New York State. The so-called Raines Law was a combination of good intentions, unstated prejudices, and unforeseen consequences, among them the comically unsavory Raines sandwich.

[...] The 1896 Raines Law was designed to put dreary watering holes like these out of business. It raised the cost of an annual liquor license to $800, three times what it had cost before and a tenfold increase for beer-only taverns. It stipulated that saloons could not open within 200 feet of a school or church, and raised the drinking age from 16 to 18. In addition, it banned one of the late 19th-century saloon’s most potent enticements: the free lunch. At McSorley’s, for example, cheese, soda bread, and raw onions were on the house. (The 160-year-old bar still sells a tongue-in-cheek version of this today.) Most controversial of all was the law’s renewed assault on Sunday drinking. Its author, Finger Lakes region senator John W. Raines, eliminated the “golden hour” grace period that followed the stroke of midnight on Saturday. His law also forced saloon owners to keep their curtains open on Sunday, making it considerably harder for patrolmen to turn a blind eye.

[...] Intentionally or not, the Raines Law left wiggle room for the rich. But a loophole was a loophole, and Sunday was many a proprietor’s most profitable day of business. By the following weekend, a vanguard of downtown saloon-owners were gleefully testing the law’s limits. A suspicious number of private “clubs” were founded that April, and saloons started handing out membership cards to their regulars. Meanwhile, proprietors converted basements and attic spaces into “rooms,” cut hasty deals with neighboring lodging-houses, and threw tablecloths over pool tables. They also started dishing up the easiest, cheapest, most reusable meal they could get away with: the Raines sandwich.

Law enforcement declared itself satisfied. “I would not say that a cracker is a complete meal in itself, but a sandwich is,” an assistant D.A. in Brooklyn told an assembly of police captains as the first Raines hotels sprouted up. Remarkably, the courts upheld these definitions of “meal” and “guest.” Reformers were understandably flabbergasted. The law itself was sound, Raines complained. It was the police and the courts that had made it laughable. He and his progressive allies had seriously underestimated just how far New Yorkers would go for a drink.

The court decisions were a turning point. With summer approaching, “Raines hotels” sprang up everywhere. By the next year’s election season, there were more than 1,500 of them in New York. Brooklyn, still a separate municipality at this point, went from 13 registered hotels to 800 in six months, and its tally of social clubs grew tenfold.

For the libertines of New York City, Zacks writes, the second half of 1896 was “too good to be true, a drunken daydream.” The hotel carve-out allowed drinks to flow at all hours. There was no obligatory last call, and the city’s liveliest drinking spots now offered cheap beds mere steps away. For Raines and the law’s other architects, this was the most alarming unintended consequence: their efforts to make New Yorkers virtuous had caused a spike in casual sex and prostitution.

Original Submission

posted by Fnord666 on Monday June 10 2019, @05:11AM   Printer-friendly [Skip to comment(s)]
from the no-surprises dept.

Submitted via IRC for AnonymousLuser

New RCE vulnerability impacts nearly half of the internet's email servers

A critical remote command execution (RCE) security flaw impacts over half of the Internet's email servers, security researchers from Qualys have revealed today.

The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients.

According to a June 2019 survey of all mail servers visible on the Internet, 57% (507,389) of all email servers run Exim -- although different reports would put the number of Exim installations at ten times that number, at 5.4 million.

In a security alert shared with ZDNet earlier today, Qualys, a cyber-security firm specialized in cloud security and compliance, said it found a very dangerous vulnerability in Exim installations running versions 4.87 to 4.91.

The vulnerability is described as a remote command execution -- different, but just as dangerous as a remote code execution flaw -- that lets a local or remote attacker run commands on the Exim server as root.

Qualys said the vulnerability can be exploited instantly by a local attacker that has a presence on an email server, even with a low-privileged account.

But the real danger comes from remote hackers exploiting the vulnerability, who can scan the internet for vulnerable servers, and take over systems.

"To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes)," researchers said.

"However, because of the extreme complexity of Exim's code, we cannot guarantee that this exploitation method is unique; faster methods may exist."

Furthermore, the Qualys team says that when Exim is in certain non-default configurations, instant exploitation is also possible in remote scenarios.

Original Submission

posted by Fnord666 on Monday June 10 2019, @03:34AM   Printer-friendly [Skip to comment(s)]
from the poof-and-they're-gone dept.

Submitted via IRC for AnonymousLuser

Cryptocurrency wallet GateHub hacked, nearly $10 million stolen

In a “preliminary statement” published on its blog on Thursday, cryptocurrency wallet service GateHub has warned that over 100 customers have had their ledger wallets hacked and funds stolen.

Dear Valued Customers,

Recently, we have been notified by our customers and community members about funds on their XRP Ledger wallets being stolen and immediately started monitoring network activity and conducted an extensive internal investigation.

Although we have not identified any action or omission by GateHub that may have facilitated or allowed this apparent theft to occur, we apologize deeply to all of our customers for this issue and pledge to get to the bottom of it.

At the moment we estimate that approximately 100 XRP Ledger wallets were compromised. So far it looks like all the victims had their XRP Ledger wallets hosted on GateHub, but we cannot yet rule out that some wallets were not.

GateHub says it has contacted affected users, suggesting that they transfer any existing balances in their Ripple coin (XRP) wallets to a hosted wallet.

Some reports estimate that millions of Ripple coins have been stolen in the heist.

The acknowledgement by GateHub that there appears to have been a serious security breach coincided with the publication of a technical report by GateHub community member Thomas Silkjær.

That report claims 23.2 million Ripple coins (estimated to be worth nearly US $9.7 million) had been stolen from 80-90 GateHub accounts, with just over half of the booty already laundered through exchanges and mixer services.

Original Submission

posted by martyb on Monday June 10 2019, @01:57AM   Printer-friendly [Skip to comment(s)]
from the ohhhhh-nooooo! dept.

A recent article explores Godzilla's physical growth over his big screen career (the longest in world cinema history).

Godzilla was born out of climate change in his native deep sea environment caused by nuclear testing at the Bikini Atoll in the 1950's and quickly rose to prominence on the big screen becoming the lead actor in a series of movies that continues to this day. The supersized saurian was finally granted citizenship in his longtime stomping grounds four years ago and employed as a "tourism ambassador."

Gozilla's rise in film has been accompanied by amazing physical growth at a rate 30 times faster than any creature on Earth.

When the dinosaur-like monster debuted on the silver screen in 1954, he stood a towering 164 feet (50 meters) tall. Now, 35 films later — the latest, "Godzilla: King of the Monsters," came out Friday (May 31) — the behemoth has more than doubled in size, currently reaching 393 feet (120 m) tall.

Researchers explored and dismissed various causes for this growth, including speculation that:

Godzilla is a ceratosaurid, a type of dinosaur that lived during the Jurassic period. But even though these dinosaurs evolved to have huge bodies, Godzilla's growth spurt far outpaces theirs, the researchers said. The monster's growth is also far too rapid to come from genetic drift, that is, when certain gene variants in a small population are randomly lost, diminishing genetic diversity, the researchers said.

Even natural selection, by which organisms with advantageous genes survive and then pass those genes on to their offspring, couldn't explain Godzilla's swift sprouting.

Researchers finally came to the conclusion that the societal fear and angst might be fueling the largish lizard's growth:

a look at Godzilla's history explains his accelerated growth, the researchers said. Godzilla was created, in part, because of nuclear-age fears following the use of the first atomic and hydrogen bombs in the 1940s and 1950s. In Godzilla's case, hydrogen-bomb testing decimated his deep-sea ecosystem in the first movie, and Godzilla exacted his revenge by destroying Tokyo.

To test the idea that anxiety fueled Godzilla's growth, the researchers used U.S. military spending as a proxy for the nation's collective anxiety. They found a strong correlation between this spending and Godzilla's body size from 1954 to 2019, which includes measurements from both Japanese and American movies.

[coefficient of determination (r^2) = 0.74].

Of course the researchers are quick to point out that

correlation doesn't imply causation. And it is possible that another factor, such as people's appetite for big and scary monsters drove movie makers to grow Godzilla, to ensure box office success.

Original Submission

posted by chromas on Monday June 10 2019, @12:20AM   Printer-friendly [Skip to comment(s)]
from the conservative-old-growth dept.

Older forests resist change

Older forests in eastern North America are less vulnerable to climate change than younger forests—particularly for carbon storage, timber production, and biodiversity—new University of Vermont research finds.

The study, to be published in Global Change Biology's June 12 edition, analyzed how climate change is expected to impact forests across the eastern United States and Canada. It found that increased forest age reduces the climate sensitivity of forest carbon, timber, and biodiversity to projected increases in temperature and precipitation. In other words, increased age helps to safeguard forests from climate change.

[...] Analyzing large amounts of field data from 18,500 forest plots—from Minnesota to Maine, and Manitoba to Nova Scotia—the study identifies priority regions for forest climate adaption efforts. Younger forests east and southeast of the Great Lakes were less resilient to climate change, showing projected declines in carbon storage, timber and biodiversity.

[...] While the study found that forests' climate resiliency increased with age, scientists often characterize older forests as over the age of 150 years. Older forests are more structurally complex, with trees growing at multiple heights and larger canopy gaps, which free up growing space and increasing light availability for a mix of species.

I would think that the "old growth" forests would be in the less-accessible, higher elevations (think in the mountains) so that might have something to do with it, too. Right?

The climate sensitivity of carbon, timber, and species richness covaries with forest age in boreal–temperate North America (DOI: 10.1111/gcb.14656)

Original Submission