SoylentNews

DannyB writes:

Data Shows IOT Security is Moving Backward

The security of IoT devices has been a running joke for many years, so much so that some researchers have given up trying to point out the weaknesses and get vendors to address the problems. Some vendors have pledged to do better and improve their development practices, but a year-long analysis of the security features in the firmware of 22 IoT device manufacturers found that not only are the vendors not making progress on security, they're actually going backward.

[...] The team wanted to see how IoT vendors were faring in adding standard hardening features to their firmware binaries, so it developed a special methodology that began with downloading available firmware updates from vendor websites, extracting Linux filesystems from the firmware, and then running each binary through the CITL's custom analytic tools. The dataset comprises more than 3.3 million individual binaries from nearly 5,000 firmware updates from 22 vendors, including ASUS, D-Link, Belkin, QNAP, and Mikrotik, and goes back as far as 2003.

What the team found is dispiriting, if not surprising: IoT firmware hardening is getting worse rather than better. Firmware updates are more likely to remove binary hardening features than to add them, and overall there hasn't been any trend in a positive direction for security in the 15 years covered by the CITL dataset.

[...] The CITL study looked for the presence of a number of possible hardening techniques, such as ASLR, non-executable stacks, and stack guards. These technologies are used to mitigate the effects of certain vulnerabilities and have been in wide use in the desktop and server worlds for many years. They have begun to make their way into IoT device firmware in the last few years, but the CITL data shows that updates often remove one or more of the hardening flags and some updates significantly reduce the overall security of the firmware. For example, one update shipped in 2017 by Ubiquiti for its UAP-HD line of wireless access points removed ASLR altogether and the presence of stack guards went from about 70 percent of binaries to virtually none.

[...] Although IoT devices often are associated with consumer applications, a tremendous amount of IoT gear finds its way into enterprise environments, as well, whether it's through official purchases or shadow installations by employees. Many of the firmware images the CITL study looked at are from networking devices, which are vital to enterprises and therefore quite valuable for attackers.

"We found major regressions in access points you would ship to enterprises by the crate. When you take these things in aggregate, that's a very soft target. It's a very low cost to find an exploit in those," Thompson said.

Original Submission

takyon writes:

BBC to launch digital voice assistant

The BBC is planning to launch a digital voice assistant next year, the corporation has announced. It will not be a hardware device in its own right but is being designed to work on all smart speakers, TVs and mobiles.

The plan is to activate it with the wake-word Beeb, although this is "a working title", a spokesman said. BBC staff around the UK are being invited to record their voices to help train the programme to recognise different accents.

[...] [The BBC] said that that having its own assistant would enable it to "experiment with new programmes, features and experiences without someone else's permission to build it in a certain way". "Much like we did with BBC iPlayer, we want to make sure everyone can benefit from this new technology, and bring people exciting new content, programmes and services - in a trusted, easy-to-use way," said a spokesman. "This marks another step in ensuring public service values can be protected in a voice-enabled future."

Do Brits understand Brits?

Also at TechCrunch, The Verge, 9to5Google, Engadget.

Original Submission

upstart writes:

Submitted via IRC for SoyCow1984

Identical photons generated 150 million kilometers apart

Up until the mid-20th century, light was pretty ordinary. Yes, it was both a particle and a wave, but it didn't do anything very weird. Then scientists, under-employed after the end of World War II, started paying more attention to the properties of light. This was, in part, driven by the availability of surplus searchlights, which could be turned into cheap arrays of light detectors to measure the properties of stars.

That began the photon gold rush, with scientists identifying all sorts of interesting potential behaviors. But actually observing them would require having rather special light sources, which didn't exist. Now, scientists have shown that our own Sun can be turned into one of these light sources.

When two photons are indistinguishable, they can be made to play some unexpected tricks. The diagram below shows an example: two identical photons hit a partially reflective mirror at the same time. We cannot predict where they will go, but wherever it is, they go together. If the world was classical, we would expect that each behaves independently, and half the time, they would choose different directions. But we're in a quantum world, so this doesn't happen.

This type of interference can only work with identical photons, which is where the special light sources come in. Photons can be distinguished by their color (wavelength), how pure that color is (or more technically, coherence), the orientation of their oscillating electric field (known as polarization), their spatial shape, and their arrival time. Indeed, creating identical photons has, historically, been so difficult that entire lab setups and graduate students were sacrificed to their creation.

But these were single devices that, by their construction, could do nothing other than generate pairs of identical photons. Could two independent devices emit single photons that are identical to each other?

The development of quantum dots made that possible. Quantum dots are what the label on the box says: tiny dots of material that produce quantum behavior by confining a single electron. The confinement restricts the electrons to specific energies; when the electron gets rid of energy, it does so by emitting a photon.

Arthur T Knackerbracket has found the following story:

Eggs removed from the last two female northern white rhinos have been fertilized with sperm from the now-dead last male, but it will be about 10 days before it's known whether the eggs have become embryos, an Italian assisted-breeding company said Monday.

"We expect some of them will develop into an embryo," Cesare Galli, a founder of Avantea and an expert in animal cloning, said.

Avantea said that only seven of 10 eggs extracted last week from the females in Kenya could be used in the fertilization attempts Sunday using frozen sperm that had been taken from the male, which died in March 2018.

Wildlife experts and veterinarians are hoping that the species can reproduce via a surrogate mother rhino.

Original Submission

coolgopher writes:

Over at www.semiaccurate.com they are discussing - in unfavourable terms - the launch by Intel of the 'Comet Lake' series of CPUs:

Intel LogoLast week Intel launched their '10th Gen' CPUs, a self-inflicted wound that shouldn't have been released. If you think SemiAccurate is being a bit harsh here, ask yourself why Intel birthed this debacle in the first place.

[...]

But performance is why we are mocking Intel over this ‘family’. The company split out the Ice and Comet briefings so as to minimize comparisons and uncomfortable questions between the two. As we pointed out in our earlier article on Ice there were vague comparisons between the two ranges but no actual data. Intel even unethically hid the SKUs they were testing.

This time was more of the same, absolutely zero charts comparing this ‘generation’ to the last, or even to itself. All we got was a slide saying, “up to 16% better overall performance vs. previous gen”. That may sound great but, err, 6 cores vs 4 should get one a 50% higher performance or at least something closer to 50% than 0%, right? Don’t forget the faster memory on the new Comet devices which should get you a big chunk of that 16% alone. That level of sleaze is expected but we didn’t expect Intel to be outright unethical. Again. Actually we kinda did but we honestly hoped they wouldn’t do it again.

Yup that 16% max increase when going from a 6C i7-10710U to a 4C i7-8565U was bad. The fact that they compared a 25W 10710U to a 15W 8565U and buried that fact in the fine print is unacceptable. We once again call for the idiots responsible to be fired, not that Intel will do anything, it seems this sort of behavior has become acceptable at big blue. It still isn’t right.

Read the story and see if you agree.

Original Submission

Arthur T Knackerbracket has found the following story:

Ankara has gone ahead with its purchase of the Russian defence system despite threats of US sanctions.

Ankara received its first supply of S-400 missiles in July, despite a warning by the United States about possible sanctions. The acquisition of the highly-advanced air defence system has led to a standoff between Turkey and its NATO allies, especially the US.

[...] The modular S-400 is seen as one of the most advanced missile systems in the world, capable of tracking several targets simultaneously and ready to be fired within minutes. 

The US has repeatedly said that the Russian system is incompatible with NATO systems and is a threat to the hi-tech F-35 fighter jets, which Turkey is also planning to buy.

Washington has said Turkey will not be allowed to participate in the F-35 programme because of the Turkey-Russia deal.

The US has strongly urged Turkey to pull back from the deal - the first such move between a NATO member and Russia - warning Ankara that it will face economic sanctions under the Countering America's Adversaries Through Sanctions Act if it goes ahead with the purchase, reportedly costing more than $2bn.

So far, however, Ankara has refused to give in to US pressure, insisting that choosing which defence equipment to buy is a matter of national sovereignty.

Previously: US Warns Turkey Not To Buy Russian S-400 Missile System

Original Submission

upstart writes for SoyCow1984:

Researchers propose a new approach for dismantling online hate networks

How do you get rid of hate speech on social platforms? Until now, companies have generally tried two approaches. One is to ban individual users who are caught posting abuse; the other is to ban the large pages and groups where people who practice hate speech organize and promote their noxious views.

But what if this approach is counterproductive? That's the argument in an intriguing new paper out today in Nature from Neil Johnson, a professor of physics at George Washington University, and researchers at GW and the University of Miami. The paper, "Hidden resilience and adaptive dynamics of the global online hate ecology," explores how hate groups organize on Facebook and Russian social network VKontakte — and how they resurrect themselves after platforms ban them.

As Noemi Derzsy writes in her summary in Nature:

Johnson et al. show that online hate groups are organized in highly resilient clusters. The users in these clusters are not geographically localized, but are globally interconnected by 'highways' that facilitate the spread of online hate across different countries, continents and languages. When these clusters are attacked — for example, when hate groups are removed by social-media platform administrators (Fig. 1) — the clusters rapidly rewire and repair themselves, and strong bonds are made between clusters, formed by users shared between them, analogous to covalent chemical bonds. In some cases, two or more small clusters can even merge to form a large cluster, in a process the authors liken to the fusion of two atomic nuclei. Using their mathematical model, the authors demonstrated that banning hate content on a single platform aggravates online hate ecosystems and promotes the creation of clusters that are not detectable by platform policing (which the authors call 'dark pools'), where hate content can thrive unchecked.

[...] The researchers advocate a four-step approach to reduce the influence of hate networks.

1. Identify smaller, more isolated clusters of hate speech and ban those users instead.
2. Instead of wiping out entire small clusters, ban small samples from each cluster at random. This would theoretically weaken the cluster over time without inflaming the entire hive.
3. Recruit users opposed to hate speech to engage with members of the larger hate clusters directly. (The authors explain: "In our data, some white supremacists call for a unified Europe under a Hitler-like regime, and others oppose a united Europe. Similar in-fighting exists between hate-clusters of the KKK movement. Adding a third population in a pre-engineered format then allows the hate-cluster extinction time to be manipulated globally.)
4. Identify hate groups with competing views and pit them against one another, in an effort to sow doubt in the minds of participants.

Hidden resilience and adaptive dynamics of the global online hate ecology^[$], Nature (DOI: 10.1038/s41586-019-1494-7)

Original Submission

An Anonymous Coward writes:

UPI reports ( https://www.upi.com/Top_News/US/2019/08/23/5291566589999/ ) that Google has published and communicated to employees on Thursday new guidelines regarding communication by employees. The new policy, oddly available to the public at https://about.google/community-guidelines/ , is described as official and applying to employees while in the workplace.

Prominently mentioned are political discussions:

While sharing information and ideas with colleagues helps build community, disrupting the workday to have a raging debate over politics or the latest news story does not. Our primary responsibility is to do the work we've each been hired to do, not to spend working time on debates about non-work topics. Avoid conversations that are disruptive to the workplace or otherwise violate Google's workplace policies. Managers are expected to address discussions that violate those rules.

As well as internal matters:

Do not access, disclose, or disseminate Need-to-Know or Confidential information in violation of our Data Security Policy. You are responsible for adhering to these guidelines, our Code of Conduct, and other workplace policies. If discussions or behavior don't align with this policy, managers and discussion owners/moderators are expected to intervene. If necessary we will remove particular discussion forums, revoke commenting, viewing, or posting privileges, or take disciplinary action.

Is the party dying down a bit?

Original Submission

upstart writes:

Submitted via IRC for SoyCow3196

Milspec Teardown: ID-2124 Howitzer Data Display

It’s time once again for another installment in “Milspec Teardown”, where we get to see what Uncle Sam spends all those defense dollars on. Battle hardened pieces of kit are always a fascinating look at what can be accomplished if money is truly no object. When engineers are given a list of requirements and effectively a blank check, you know the results are going to be worth taking a closer look.

Today, we have quite a treat indeed. Not only is this ID-2124 Howitzer Deflection-Elevation Data Display unit relatively modern (this particular specimen appears to have been pulled from service in June of 1989), but unlike other military devices we’ve looked at in the past, there’s actually a fair bit of information about it available to us lowly civilians. In a first for this ongoing series of themed teardowns, we’ll be able to compare the genuine article with the extensive documentation afforded by the ever fastidious United States Armed Forces.

For example, rather than speculate wildly as to the purpose of said device, we can read the description directly from Field Manual 6-50 “TACTICS, TECHNIQUES, AND PROCEDURES FOR THE FIELD ARTILLERY CANNON BATTERY”:

The gun assembly provides instant identification of required deflection to the gunner or elevation to the assistant gunner. The display window shows quadrant elevation or deflection information. The tenths digit shows on the QE display only when the special instruction of GUNNER'S QUADRANT is received.

From this description we can surmise that the ID-2124 is used to display critical data to be used during the aiming and firing of the weapon. Further, the small size of the device and the use of binding posts seem to indicate that it would be used remotely or temporarily. Perhaps so the crew can put some distance between themselves and the artillery piece they’re controlling.

Now that we have an idea of what the ID-2124 is and how it would be used, let’s take a closer look at what’s going on inside that olive drab aluminum enclosure.

Original Submission

Arthur T Knackerbracket has found the following story:

Dramatic developments in genetics research and the availability of commercial genetics tests have put us in a very modern predicament—we can now find out (quickly, easily and cheaply) whether we personally hold genetic risk factors that put us at a substantially increased risk of Alzheimer's disease. In addition, we have recently shown that brain changes can be identified in people holding these genetic risk variants as early as 20 years old.

Should we be testing ourselves? Should we worry? No. Here's why:

Genetic research has revealed that some individuals carry variants of specific genes that confer an increased risk of developing Alzheimer's disease in later life. For example, carriers of the ε4 variant of the APOE gene are approximately three to eight times more likely to be diagnosed with Alzheimer's disease after age 60 than individuals without this variant. The more variants, the greater the risk—with a maximum of one inherited from each parent.

[...] The next step for our research is to find out what leads some people at "higher-risk" to go on to develop these early brain changes, but not others. Do these people exercise or sleep less, maintain a poorer diet, or have poorer social relationships? Many possible answers involve lifestyle factors that could potentially be altered to "buffer" individuals against their genetic risk.

The only way to properly understand which lifestyle factors may have such a protective effect, is to study large numbers of people with varying degrees of genetic risk over several decades.

Original Submission

upstart writes:

Submitted via IRC for SoyCow3196

Folded paper creates portable lab for field laboratory tests

Monitoring and tracking biological threats or epidemics require the ability to carry out medical and laboratory tests in the field during a disaster or other austere situations. Expensive laboratory equipment is often unavailable in these settings, so inexpensive point-of-care technology is needed.

Ordinary paper is often used in these situations, since it's cheap, portable and widely available. However, paper poses some problems that hinder its usefulness. In this week's issue of Biointerphases investigators from the University of Maine report a technique that greatly improves the performance of paper-based point-of-care technologies.

"Paper is a biodegradable resource that can help us address more future challenges than we think," co-author Caitlin Howell said.

In their research, the authors coated low-cost paper with a thin silicone polymer layer infused with a nontoxic silicone liquid and then folded the coated paper into precise geometries, creating vastly improved in-the-field devices for concentrating and testing biological samples. Although folded paper has been used in the past to create low-cost, portable field-testing equipment, it almost always relies on surface tension to move liquid through paper fibers.

Because these fibers vary widely in diameter and length, delivery of inconsistent volumes of fluid to the detector can occur, and losses of up to 50% of the fluid sample into the paper's pores are common. Also, paper pores are small, preventing the flow of large particles, such as blood cells and microbes, which significantly affects the accuracy of tests.

To address these issues, the coated paper creates a slippery overlayer that prevents biological materials, such as bacteria, from permanently sticking to the paper and allows droplets to slide off without leaving traces of fluid behind. It can be folded to create small cups to hold liquid samples.

Original Submission

upstart writes:

Submitted via IRC for SoyCow3196

A single change at telomeres controls the ability of cells to generate a complete organism

Pluripotent cells can give rise to all cells of the body, a power that researchers are eager to control because it opens the door to regenerative medicine and organ culture for transplants. But pluripotency is still a black box for science, controlled by unknown genetic (expression of genes) and epigenetic signals (biochemical marks that control gene expression like on/off switches). The Telomeres and Telomerase Group, led by Maria Blasco at the Spanish National Cancer Research Centre (CNIO), now uncovers one of those epigenetic signals, after a detective quest that started almost a decade ago.

It is a piece of the puzzle that explains the observed powerful connection between the phenomenon of pluripotency and telomeres—protective structures at the ends of chromosomes—a kind of butterfly effect in which a protein that is only present in telomeres shows a global action on the genome. This butterfly effect is essential to initiate and maintain pluripotency.

The DNA of telomeres directs the production of long RNA molecules called TERRAs. What the CNIO researchers found is that TERRAs act on key genes for pluripotency through the Polycomb proteins, which control the programs that determine the fate of cells in the early embryo by depositing a biochemical mark on the genes. The on/off switch that regulates TERRAs, in turn, is a protein that is only present in telomeres; this protein is TRF1, one of the components of the telomere-protecting complex called shelterin. The new result is published this week in the journal eLife.

Rosa María Marión et al. TERRA regulate the transcriptional landscape of pluripotent cells through TRF1-dependent recruitment of PRC2, eLife (2019). DOI: 10.7554/eLife.44656

Original Submission

Arthur T Knackerbracket has found the following story:

Spies and soldiers might soon be able to go behind enemy lines using a parachute or glider made from a polymer that vanishes on exposure to sunlight.

“This started off with building small sensors for the government — microphones, cameras, things that detect metal,” says Paul Kohl at the Georgia Institute of Technology, who presented the work at a meeting of the American Chemical Society in California this week.

The idea was that these sensors could be spread across a battlefield, say, and used to collect information for the army. “But you don’t want anyone to discover it and take it apart and see how it works,” says Kohl.

[...] They based their polymer on a chemical called an aldehyde and mixed in other chemical additives that can either make it rigid for use in a glider or sensor, or flexible to make a fabric for a parachute.

Sunlight or artificial light can trigger the material to go poof. Or, in true spy style, a small light emitting diode can be placed inside a device to trigger the self-destruct process on demand. All that’s left behind is a residue and a faint smell, which Kohl says are from the additives that control the rigidity of the material.

Kohl says he and his team have already made a glider with a six-foot wingspan from the material. It can only carry objects weighing about 1 kilogram, so it could only be used to covertly transport objects, not people, for the moment. The glider would have to travel under cover of darkness to avoid disintegrating in flight.

Original Submission

Freeman writes:

"Some fabrics, like leather and denim, might cause permanent discoloration that will not wash off," Apple warns card owners.

[...] The BBC rounded up a number of Tweets from early adopters confirming that the physical card might look nice when you get it, but probably not for long after. "I can say from two months of having the card in my leather wallet, it no longer looks pretty," one owner wrote.

The damage is cosmetic only; the card will still work at a point of sale if you dare to keep it in your wallet. If you would like to keep it looking new, however, Apple recommends wiping it gently with isopropyl (rubbing) alcohol using a soft microfiber cloth.

https://arstechnica.com/gadgets/2019/08/maybe-dont-keep-your-apple-card-in-a-leather-wallet-apple-warns/

Original Submission

takyon writes:

Dell Latitude Brings Chromebooks to the Enterprise

Dell today announced the aptly named Dell Latitude Chromebook Enterprise line, featuring a laptop and a 2-in-1 device. The PC vendor has partnered with Google to accompany the new Chromebook Enterprise program, which is meant to bring Chrome OS to business customers.

Chromebooks historically appealed primarily to the low end of the market. There are some exceptions--most of which came from Google itself--but the category has mostly been positioned as a way to handle basic tasks without breaking the bank. The products have also been popular with the education market, so it makes sense for Google to go after enterprise customers next, many of which are looking for the same cheap-but-capable devices.

[...] On to the devices themselves. They don't technically have the same name: the notebook is the Dell Latitude 5400 Chromebook Enterprise; the 2-in-1 is the Dell Latitude 5300 2-in-1 Chromebook Enterprise, (which just rolls off the tongue, right?). A Dell representative told us that these models were chosen as they make the most sense in terms of building popularity for Latitude Chromebooks, and future models could be added. Aside from the obvious difference in form factor, the devices are largely similar, with the option of 8th Gen Intel Core i3, i5, i7 or Celeron processors, up to 1TB of onboard storage and up to 32GB memory.

Also at Google.

See also: Google and Dell team up to take on Microsoft with Chromebook Enterprise laptops

Previously: Google Announces Chrome Enterprise Subscription Service

Original Submission

takyon writes:

GlobalFoundries Files Patent Claims Against TSMC, Seeks to Ban Imports of Nvidia, Apple Chips

GlobalFoundries (GF) today announced that it filed lawsuits against Taiwan Semiconductor Manufacturing Company (TSMC) in the U.S. and Germany over the alleged infringement of 16 patents. The company said that it's looking to halt the import of processors made with the technologies and is seeking "significant damages from TSMC based on TSMC's unlawful use of GF's proprietary technology in its tens of billions of dollars of sales." Impacted companies include Nvidia and Apple.

Note that GlobalFoundries said it wants to stop the import of processors made with the technologies it believes are covered by its patents. The company recognized that TSMC doesn't usually import those processors into the U.S. or Germany; TSMC's customers do. That means the lawsuits could affect much of the tech industry: TSMC said that in 2018 it was "manufacturing 10,436 different products using 261 distinct technologies for 481 different customers."

The list of companies supplied by TSMC includes AMD, Nvidia, Apple, Mediatek and many others, which means that GlobalFoundries could bring the tech industry to a halt if it's allowed to stop imports to the U.S. and Germany.

If you can't beat 'em, sue 'em.

Also at Wccftech.

Related: GlobalFoundries Abandons "7nm LP" Node, TSMC and Samsung to Pick Up the Slack
GlobalFoundries Spins Off ASIC Solutions Division, Creating a New Subsidiary: Avera Semiconductor

Original Submission