2019-07-01 00:00:00 ..
2019-11-22 10:17:47 UTC
2019-11-28 16:35:54 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
[HBM is High Bandwidth Memory. -Ed.]
SK Hynix this morning has thrown their hat into the ring as the second company to announce memory based on the HBM2E standard. While the company isn't using any kind of flash name for the memory (ala Samsung's Flashbolt), the idea is the same: releasing faster and higher density HBM2 memory for the next generation of high-end processors. Hynix's HBM2E memory will reach up to 3.6 Gbps, which as things currently stand, will make it the fastest HBM2E memory on the market when it ships in 2020.
As a quick refresher, HBM2E is a small update to the HBM2 standard to improve its performance, serving as a mid-generational kicker of sorts to allow for higher clockspeeds, higher densities (up to 24GB with 12 layers), and the underlying changes that are required to make those happen. Samsung was the first memory vendor to announce HBM2E memory earlier this year, with their 16GB/stack Flashbolt memory, which runs at up to 3.2 Gbps. At the time, Samsung did not announce a release date, and to the best of our knowledge, mass production still hasn't begun.
[...] [SK Hynix's] capacity is doubling, from 8 Gb/layer to 16 Gb/layer, allowing a full 8-Hi stack to reach a total of 16GB. It's worth noting that the revised HBM2 standard actually allows for 12-Hi stacks, for a total of 24GB/stack, however we've yet to see anyone announce memory quite that dense.
See also: HBM2E: The E Stands For Evolutionary
An international team of researchers has revealed how aggressive pancreatic cancer cells change their environment to enable easy passage to other parts of the body (or metastasis) -- the main cause of pancreatic cancer related death.
The researchers discovered that some pancreatic tumours produce more of a molecule called 'perlecan' to remodel the environment around them, which helps cancer cells spread more easily to other parts of the body, and also protects them against chemotherapy. In a mouse model, the researchers showed that lowering the levels of perlecan revealed a reduction in the spread of pancreatic cancer and improved response to chemotherapy.
[...] The Garvan-led team investigated why some pancreatic cancers spread, while others appear to stay in one place. In their study, the researchers took an unconventional path -- they compared the tissue around tumour cells in both metastatic (spreading) and non-metastatic (non-spreading) pancreatic cancers. This tissue -- known as the 'matrix' -- acts like a glue that holds different cells in an organ or in a tumour together.
Using mouse models, the team extracted fibroblasts -- cells that produce most of the matrix -- from spreading and non-spreading pancreatic tumours. By mixing these different fibroblasts with cancer cells, the researchers found that remarkably, cancer cells from a non-spreading tumour began to spread when mixed with fibroblasts from a spreading tumour.
"Our results suggest that some pancreatic cancer cells can 'educate' the fibroblasts in and around the tumour. This lets the fibroblasts remodel the matrix and interact with other, less aggressive cancer cells in a way that supports the cancer cells' ability to spread," says first author Dr Claire Vennin.
CAF hierarchy driven by pancreatic cancer cell p53-status creates a pro-metastatic and chemoresistant environment via perlecan, Nature (DOI: 10.1038/s41467-019-10968-6)
Galois's prototype voting machine wasn't available for hackers to test.
For the majority of Defcon, hackers couldn't crack the $10 million secure voting machine prototypes that DARPA had set up at the Voting Village. But it wasn't because of the machine's security features that the team had been working on for four months. The reason: technical difficulties during the machines' setup.
Eager hackers couldn't find vulnerabilities in the DARPA-funded project during the security conference in Las Vegas because a bug in the machines didn't allow hackers to access their systems over the first two days. (DARPA is the Defense Advanced Research Projects Agency.) Galois brought five machines, and each one had difficulties during the setup, said Joe Kiniry, a principal research scientist at the government contractor.
"They seemed to have had a myriad of different kinds of problems," the Voting Village's co-founder Harri Hursti said. "Unfortunately, when you're pushing the envelope on technology, these kinds of things happen."
It wasn't until the Voting Village opened on Sunday morning that hackers could finally get a chance to look for vulnerabilities on the machine. Kiniry said his team was able to solve the problem on three of them and was working to fix the last two before Defcon ended.
The Voting Village was started in 2017 for hackers to find vulnerabilities on machines that are used in current elections. At the last two Defcons, hackers found vulnerabilities within minutes because the machines were often outdated. The Village shines a necessary light on security flaws for voters as lawmakers seek to pass an election security bill in time for the 2020 presidential election.
Many modern gadgets can be hacked to produce deafening and disorienting sounds, research has revealed.
Security researcher Matt Wixey found a range of devices had little protection to stop themselves being turned into "offensive" low-grade, cyber-weapons.
Mr Wixey tested laptops, mobile phones, headphones, a PA system and several types of speakers.
The weaknesses could cause physical harm, harass individuals or disrupt larger organisations, he said.
Mr Wixey, who is a head of research at PWC's cyber-security practice, said he conducted the experiments as part of PhD work into the ways that malware can directly cause physical harm.
He sought to find out if the volume and speaker controls of the devices could be manipulated to make them produce harmful high and low frequency sounds.
Custom-made viruses, known vulnerabilities and other exploits were used to subvert the devices and make them emit the dangerous sounds for long periods of time.
"Some attacks leveraged known vulnerabilities in a particular device, which could be done locally or remotely in some cases," he told the BBC. "Other attacks would either require proximity to the device, or physical access to it."
Here's the abstract:
The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversial programs launched by the U.S. Intelligence Community (IC) in the wake of the 9/11 attacks. Under the program major U.S. carriers were ordered to provide NSA with daily Call Detail Records (CDRs) for all communications to, from, or within the United States. The Snowden disclosures and the public controversy that followed led Congress in 2015 to end bulk collection and amend the CDR authorities with the adoption of the USA FREEDOM Act (UFA).
For a time, the new program seemed to be functioning well. Nonetheless, three issues emerged around the program. The first concern was over high numbers: in both 2016 and 2017, the Foreign Intelligence Surveillance Court issued 40 orders for collection, but the NSA collected hundreds of millions of CDRs, and the agency provided little clarification for the high numbers. The second emerged in June 2018 when the NSA announced the purging of three years' worth of CDR records for "technical irregularities." Finally, in March 2019 it was reported that the NSA had decided to completely abandon the program and not seek its renewal as it is due to sunset in late 2019.
This paper sheds significant light on all three of these concerns. First, we carefully analyze the numbers, showing how forty orders might lead to the collection of several million CDRs, thus offering a model to assist in understanding Intelligence Community transparency reporting across its surveillance programs. Second, we show how the architecture of modern telephone communications might cause collection errors that fit the reported reasons for the 2018 purge. Finally, we show how changes in the terrorist threat environment as well as in the technology and communication methods they employ — in particular the deployment of asynchronous encrypted IP-based communications — has made the telephony metadata program far less beneficial over time. We further provide policy recommendations for Congress to increase effective intelligence oversight.
Free registration should give access to the entire article.
The US Navy will replace the touchscreen throttle and helm controls currently installed in its destroyers with mechanical ones starting in 2020, says USNI News. The move comes after the National Transportation Safety Board released an accident report from a 2017 collision, which cites the design of the ship’s controls as a factor in the accident.
On August 21st, 2017, the USS John S. McCain collided with the Alnic MC, a Liberian oil tanker, off the coast of Singapore. The report provides a detailed overview of the actions that led to the collision: when crew members tried to split throttle and steering control between consoles, they lost control of the ship, putting it into the path of the tanker. The crash killed 10 sailors and injured 48 aboard the McCain.
The report says that while fatigue and lack of training played a role in the accident, the design of the ship’s control console were also contributing factors. Located in the middle of the McCain’s bridge, the Ship’s Control Console (SCC) features a pair of touch-screens on both the Helm and Lee Helm stations, through which the crew could steer and propel the ship. Investigators found that the crew had placed it in “backup manual mode,” which removed computer-assisted help, because it allowed for “more direct form of communication between steering and the SSC.” That setting meant that any crew member at another station could take over steering operations, and when the crew tried to regain control of the ship from multiple stations, control “shifted from the lee helm, to aft steering, to the helm, and back to aft steering.”
The NTSB report calls out the configuration of the bridge’s systems, pointing out that the decision to transfer controls while in the strait helped lead to the accident, and that the procedures for transferring the controls from one station to another were complicated, further contributing to the confusion. Specifically, the board points to the touchscreens on the bridge, noting that mechanical throttles are generally preferred because “they provide both immediate and tactile feedback to the operator.” The report notes that had mechanical controls been present, the helmsmen would have likely been alerted that there was an issue early on, and recommends that the Navy better adhere to better design standards.
[...] Touchscreens weren’t the only issue in the collision: the report calls out that several crew members on the bridge at the time weren’t familiar with the systems that they were overseeing and were inexperienced in their roles, and that many were fatigued, with an average of 4.9 hours of sleep between the 14 crew members present. The report recommended that the Navy conduct better training for the bridge systems, update the controls and associated documentation, and ensure that Navy personnel aren’t tired when they’re on the job.
Samsung has a long and illustrious history of trolling Apple in its smartphone commercials. But now the South Korean firm is cloning one of the iPhone features it once mocked, and it has quietly deleted records of the ads.
Samsung unveiled its Note 10 on Wednesday and, as has been widely observed, the phone falls in line with other new devices on the market in that it does not come with a 3.5 mm headphone jack.
[...] Samsung released a memorable advertisement in November 2017 titled "Growing Up." It features an iPhone user through the ages becoming increasingly frustrated with the limitations of his phone. In the end, he caves and buys a Samsung Galaxy. In one section, he ruefully inspects an adapter cable, which enables iPhone users to turn their charging portal into a 3.5 mm headphone jack.
Fast forward to 2019 and Note 10 customers may need a similar bit of kit to use wired headphones with their device. And as for that "Growing Up" ad, it has disappeared from some of Samsung's major YouTube channels.
Submitted via IRC for AnonymousCoward
At the DEF CON hacking conference in Las Vegas on Saturday, infosec gurus from Check Point are scheduled to describe a technique for exploiting SQLite, a database used in applications across every major desktop and mobile operating system, to gain arbitrary code execution.
In a technical summary provided to The Register ahead of their presentation, Check Point's Omer Gull sets out how he and his colleague Omri Herscovici developed techniques referred to as Query Hijacking and Query Oriented Programming, in order to execute malicious code on a system. Query Oriented Programming is similar in a way to return oriented programming in that it relies on assembling malicious code from blocks of CPU instructions in a program's RAM. The difference is that QOP is done with SQL queries.
[...] It must be stressed, though, that to pull off Check Point's techniques to hack a given application via SQLite, you need file-system access permissions to alter that app's SQLite database file, and that isn't always possible. If you can change a program's database file, you can probably get, or already have achieved, code execution on the system by some other means anyway.
Nonetheless, it's a fascinating look into modern methods of code exploitation, and a neat set of discoveries.
Arthur T Knackerbracket has found the following story:
We credit Socrates with the insight that 'the unexamined life is not worth living' and that to 'know thyself' is the path to true wisdom. But is there a right and a wrong way to go about such self-reflection?
Simple rumination – the process of churning your concerns around in your head – isn't the answer. It's likely to cause you to become stuck in the rut of your own thoughts and immersed in the emotions that might be leading you astray. Certainly, research has shown that people who are prone to rumination also often suffer from impaired decision making under pressure, and are at a substantially increased risk of depression.
Instead, the scientific research suggests that you should adopt an ancient rhetorical method favoured by the likes of Julius Caesar and known as 'illeism' – or speaking about yourself in the third person (the term was coined in 1809 by the poet Samuel Taylor Coleridge from the Latin ille meaning 'he, that'). If I was considering an argument that I'd had with a friend, for instance, I might start by silently thinking to myself: 'David felt frustrated that...' The idea is that this small change in perspective can clear your emotional fog, allowing you to see past your biases.
A bulk of research has already shown that this kind of third-person thinking can temporarily improve decision making. Now a preprint at PsyArxiv finds that it can also bring long-term benefits to thinking and emotional regulation. The researchers said this was 'the first evidence that wisdom-related cognitive and affective processes can be trained in daily life, and of how to do so'.
The findings are the brainchild of the psychologist Igor Grossmann at the University of Waterloo in Canada, whose work on the psychology of wisdom was one of the inspirations for my recent book on intelligence and how we can make wiser decisions.
-- submitted from IRC
Submitted via IRC for SoyCow7671
While there are as many proprietary authentication methods as there are systems that utilize them, they are largely variations of a few major approaches. In this post, I will go over the four most used in the REST APIs and microservices world.
Authentication vs. Authorization
Before I dive into this, let's define what authentication actually is, and more importantly, what it's not. As much as authentication drives the modern internet, the topic is often conflated with a closely related term: authorization.
The two functions are often tied together in single solutions, but the easiest way to divide authorization and authentication is to ask: what do they actually state or prove about me?
Authentication is when an entity proves an identity. In other words, Authentication proves that you are who you say you are. This is like having a driver's license that is given by a trusted authority that the requester, such as a police officer, can use as evidence that suggests you are in fact who you say you are.
Authorization is an entirely different concept and in simple terms, Authorization is when an entity proves a right to access. In other words, Authorization proves you have the right to make a request. Consider the following — You have a working key card that allows you to open only some doors in the work area, but not all of them.
Four Most Used Authentication Methods:
- HTTP Authentication Schemes (Basic and Bearer)
- API Keys
- OAuth (2.0)
- OpenID Connect
Arthur T Knackerbracket has found the following story:
A Hyundai Kona Electric caught fire and exploded while parked inside a residential garage last Friday, dangerously (and cartoonishly) sending a large garage door flying across the street and blowing a hole in the structure's roof.
According to the CBC, it happened in Île-Bizard, an island near Montreal, Quebec. The car's owner Piero Cosentino said he saw dark smoke clouds coming from his garage before the Hyundai inside went up in flames and eventually destroyed a significant part of his house. "As soon as I saw [the clouds], I immediately turned off the breaker," Cosentino said. The Quebec man apparently purchased the Kona EV in March of this year and insists that it was not plugged in or charging at the time of the incident.
Firefighters were able to put the fire out and are currently investigating the cause of the fire. Luckily no injuries or fatalities were reported as a result of the explosion. However, Cosentino recognizes that things could have been very different if somebody had been near his garage at the time of the explosion. "If we were in front of the garage door, we could have been in the hospital," he told the CBC.
-- submitted from IRC
Submitted via IRC for AnonymousCoward
If it feels like certain high-profile YouTubers get way more lenience when it comes to content moderation than everyone else does, that's apparently because they really do, according to a new report.
The Washington Post spoke with almost a dozen former and current YouTube content moderators, who told the paper that the gargantuan video platform "made exceptions" for popular creators who push content boundaries.
"Our responsibility was never to the creators or to the users," one former moderator told the Post. "It was to the advertisers."
The employees told the Post in interviews that YouTube's internal guidelines for how to rate videos are confusing and hard to follow. Workers are also "typically given unrealistic quotas by the outsourcing companies of reviewing 120 videos a day," the Post reports, which makes it difficult to scrutinize longer videos without skipping over content that may turn out to be problematic. (A YouTube spokesperson told the Post it does not give moderators quotas.)
[...] Many employees inside the company were just as unhappy with the situation as outside observers were. The decision not to ban Paul permanently from the platform "felt like a slap in the face," a moderator told the Post. "You're told you have specific policies for monetization that are extremely strict. And then Logan Paul broke one of their biggest policies and it became like it never happened."
YouTube told the Post it does indeed have two sets of content expectations, but the company said that meant higher standards for advertising partners than for the general public. That seems partly due to the fallout of the Paul incidents, which led YouTube to say it would impose stronger vetting on content in its Google Preferred program.
[...] One YouTube moderator told the Post that ultimately the bottom line is, well, the bottom line. "The picture we get from YouTube is that the company has to make money," they said. "So what we think should be crossing a line, to them isn't crossing one."
Despite making over $1.8 billion at the box office, the 2019 Lion King remake was not fully appreciated by all audiences. Many critics took aim at the lack of facial expressions. In response to the criticism artist Nikolay Mochkin and Instagram user @jonty_pressinger worked together to redo parts of the movie with deepfake style technology to give the characters more expressive range.
The result has been hailed by some as a success with people asking the duo to remake the entire movie in this style. Others have claimed the 2019 version was supposed to be live action and more realistic; that this attempt to add expression missed the point.
Yes, the original release of "The Lion King" was 25 years ago.
With the release of Chrome 76, Google fixed a loophole that allowed web sites to detect if a visitor was using Incognito mode. Unfortunately, their fix led to two other methods that can still be used to detect when a visitor is browsing privately.
Some web sites were using Incognito mode detection in order to prevent users from bypassing paywalls or to give private browsing users a different browsing experience.
This was being done by checking for the availability of Chrome's FileSystem API, which was disabled in Incognito mode. If a site could access the FileSystem API then the visitor was in a normal browsing session and if it could not access the API the user was in Incognito mode.
As Google wanted users to be able to browse the web privately and for their browsing mode choices to be private as well, they have closed a loophole by making the API available in both browsing modes. As part of this fix, instead of using disk storage for the FileSystem API, when in Incognito mode they are using a transient memory filesystem that gets cleared when a session is closed.
The use of a memory filesystem, though, create two new loopholes that could be used to detect Incognito mode
[...] In research presented by security research Vikas Mishra, he found that when Chrome allocates storage for the temporary memory filesystem used by Incognito mode, it will have a maximum quota of 120MB.
"Based on the above observations, key differences in TEMPORARY storage quota between incognito and non-incognito mode are that in case of incognito mode, there's a hard limit of 120MB while this is not the case for non-incognito window. And from the above table it's clear that for the temporary storage quota to be less than 120MB in case of non-incognito mode the device storage has to be less than 2.4GB. However for all practical purposes it is safe to assume that the majority of the devices currently in use have more than 2.4GB of storage."
The other method relies on the fact that it takes much longer to access data in storage than in memory. As of this writing no PoC (Proof of Concept) has been released for the latter method, but a PoC has been released for the filesystem size method.
Microsoft Edge developer Eric Lawrence, the New York Times, is testing this method to detect when a visitor in in private mode.
My first thought was to put a cache ahead of all filesystem writes to obviate the write-timing hack (albeit at the risk of a system crash losing cached but as yet unwritten data). For the latter method, allocate the temporary file storage quota to be some significant fraction of free storage, but when a program tries to write more than, say, 120MB (or 256MB, or whatever) then put up a dialog box noting same and asking the user if they want to continue. That was off the top of my head; what did I miss? How would you solve this problem?
Submitted via IRC for AnonymousCoward
A Finnish company named ICEYE that is building a constellation of satellites to create synthetic images of the Earth's surface says it has taken the first sub-1 meter resolution photos of the planet with a small satellite. The images show significant detail of crude oil being loaded onto and off of tankers.
According to ICEYE co-founder and Chief Strategy Officer Pekka Laurila, since its founding in 2015 ICEYE has raised about $65 million, expanded to 120 employees, and most recently has launched three of its mini-refrigerator-sized satellites into low-Earth orbit.
For the first three years ICEYE focused on technology development, and its first payload launch occurred in January 2018 on board India's Polar Satellite Launch Vehicle. Since then ICEYE has launched two more satellites and plans to add another two by the end of this year. "It is fair to say that we are moving into commercial operations, and the scope of those commercial services are rapidly increasing," Laurila said in an interview with Ars.
In contrast to the optical instruments used by most of the existing Earth-focused imaging satellites, ICEYE uses synthetic-aperture radar technology. Its 100kg satellites use the motion of a radar antenna, combined with the time the device travels over a target, to create multi-dimensional images of the surface even through clouds, during day or night. The "synthetic" part of the antenna is due to the fact that a small antenna moving over a large distance can effectively mimic the resolution of a much larger antenna.