SoylentNews

upstart writes:

Submitted via IRC for Bytram

No 'Silver Bullet' Fix for Alexa, Google Smart Speaker Hacks

Karsten Nohl, who was behind this week’s research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.

Researchers this week disclosed new ways that attackers can exploit Alexa and Google Home smart speakers to spy on users. The hacks, which rely on the abuse of “skills,” or apps for voice assistants, allow bad actors to eavesdrop on users and trick them into telling them their passwords over the smart assistant devices.

Unfortunately, when it comes to smart speakers, “there’s no silver bullet” for protecting the privacy and security of data, said Karsten Nohl, managing director at Security Research Labs. Nohl, a cryptography expert and hacker, has been behind several high-profile research projects, including the 2014 BadUSB hack.

“I think it’s important to flag this technology as a convenience-enhancing technology,” Nohl told Threatpost. “So if you wanted to read the Daily News or weather or even horoscope, I think that’s fine, but be aware that this is a technology that should not be trusted with credit card numbers, medical information, or any other information that goes beyond convenience and actually intrudes your privacy. That of course, also applies to the placement of these devices, they probably shouldn’t be sitting in boardrooms or hospitals, on trading floors of large companies. They are a convenience enhancing technology that is probably better placed in more leisure environments right.”

Listen to Threatpost’s full interview with Nohl, below, or download direct here.

Original Submission

"exec" writes:

Arthur T Knackerbracket has found the following story:

"I feel like we're protecting the last tree, in a way." That's what Flagstaff, Arizona, city council member Austin Aslan said at a recent meeting. The subject of that earnest statement might surprise you: it was streetlights. To be more specific, he was talking about a careful effort to prevent streetlights from washing out the stars in the night sky.

Flagstaff became the first city to earn a designation from the International Dark Sky Association in 2001. That came as a result of its long history of hosting astronomy research at local Lowell Observatory, as well as facilities operated by the US Navy. The city has an official ordinance governing the use of outdoor lighting—public and private.

A few years ago, though, a problem arose. The type of dark-sky-friendly streetlight that the city had been using was going extinct, largely as a casualty of low demand. In fact, as of this summer, there are none left to buy. Meanwhile, the age of the LED streetlight has arrived with a catch: limited night-sky-friendly LED options.

"exec" writes:

Arthur T Knackerbracket has found the following story:

After Mats Järlström lost an initial legal challenge in 2014, a federal judge in January this year ruled Oregon's rules prohibiting people from representing themselves as engineers without a professional license from the state are unconstitutional.

And now Järlström's calculations and advocacy have led the Institute of Transportation Engineers (ITE) to revisit its guidelines [PDF] for the timing of traffic signals. As a result, yellow lights around the globe could burn for longer – ITE is an international advisory group with members in 90 countries.

Järlström discovered a problem with the timing of traffic lights in Beaverton, Oregon, after his wife Laurie received a $260 ticket for a red light violation from an automated traffic light camera in 2013.

Järlström, who studied electrical engineering in Sweden, challenged the ticket, arguing the timing interval for yellow lights fails to account for scenarios like a driver entering an intersection and slowing to make a turn. A slightly longer interval, he argued, would allow drivers making turns on a yellow light to exit intersections before the light turned red. Even a small timing increase would help – the automatically generated ticket in this case was issued 0.12 seconds after the light turned red.

When Järlström brought the issue to the Oregon State Board of Examiners for Engineering and Land Surveying, the state board opened an investigation in 2015 and fined him $500 the following year for practicing engineering without a professional license.

Thanks to the assistance of the Institute for Justice, a legal advocacy organization focused on limiting the scope of government, Järlström has won not only the right to refer to himself as an engineer, a refund of the surveying board fine (though not the ticket penalty), and the removal of the moving violation from his car insurance premium, but also the opportunity to fix a formula that has governed traffic light timing since 1960.

Since the injunction prohibiting Oregon from enforcing its unconstitutional speech restriction, Järlström has been working with other engineers and advocates to change the way traffic lights work. Over the summer, an ITE panel met to hear arguments along those lines and last month it agreed light timing should be reconsidered.

Have any of the soylentils here noticed shorter yellow lights at intersections after red light cameras have been installed?

-- submitted from IRC

Original Submission

upstart writes:

Submitted via IRC for Bytram

Google unplugs AMP, hooks it into OpenJS Foundation after critics turn up the volume

AMP – which originally stood for Accelerated Mobile Pages though not any more – was launched in 2015, ostensibly to speed up page loading on smartphones. The technology includes AMP HTML, which is a set of performance-optimized web components, and the AMP Cache, which serves validated AMP pages. Most AMP pages are served by Google's AMP Cache.

AMP looks somewhat like a Google land grab and has been controversial. While better performance is welcome, having to support AMP HTML is also a burden on publishers and a constraint on web design, especially since Google's guidelines state that "users must be able to experience the same content and complete the same actions on AMP pages as on the corresponding canonical pages, where possible." Supporting AMP is optional, though if Google search prioritizes AMP pages, publishers have little choice.

In September 2018, the AMP project announced an "open governance model" where decisions are made by a steering committee and a "wider variety of voices" have a say in the project's direction. The announcement included "exploring moving AMP to a foundation."

That move will now take place. Google principal engineer Malte Ubl, a co-founder of the AMP project, announced last week that "AMP is joining the OpenJS Foundation incubation program." This means that the project will join the foundation once a number of onboarding tasks have been completed. Ubl adds that Google will continue to finance the project, via the foundation, and that "the team of Google employees contributing full time to the AMP open source project will also continue to do so."

In the FAQ here the move is stated to be a response to "communities concerns around [the project's] ties to Google as well as concerns around scaling the project."

Original Submission

upstart writes:

Submitted via IRC for Bytram

Grind Your Welds With Pride, If That's The Way You Do It

To grind or not to grind? What a question! It all depends on what you’re really trying to show, and in the case of welded joints, I often want to prove the integrity of the weld.

Recently, I wrote a piece in which I talked about my cheap inverter welder and others like it. As part of it I did a lower-current weld on a piece of thin tube and before snapping a picture of the weld I ground it back flat. It turns out that some people prefer to see a picture of the weld bead instead — the neatness of the external appearance of the weld — to allow judgment on its quality. Oddly I believe the exact opposite, that the quality of my weld can only be judged by a closer look inside it, and it’s this point I’d like to explore.

So dear soylentils, do you even weld and if you do, do you grind your welds?

Original Submission

martyb writes:

Gimme Six! Researchers Discover Aye-Aye's Extra Finger:

The world's weirdest little primate has gotten even weirder, thanks to the discovery of a tiny extra digit. A study led by researchers from North Carolina State University has found that aye-ayes possess small "pseudothumbs" – complete with their own fingerprints – that may help them grip objects and branches as they move through trees. This is the first accessory digit ever found in a primate.

Aye-ayes are unusual animals from the get-go: these extremely rare lemurs are known for their constantly growing incisors, large ears, and strange hands – particularly for the slender, elongated middle fingers that they use for locating and spearing grubs inside trees.

"The aye-aye has the craziest hand of any primate," says Adam Hartstone-Rose, associate professor of biological sciences at NC State and lead author of a paper describing the work. "Their fingers have evolved to be extremely specialized – so specialized, in fact, that they aren't much help when it comes to moving through trees. When you watch them move, it looks like a strange lemur walking on spiders."

Hartstone-Rose and NC State post-doctoral researcher Edwin Dickinson were studying the tendons that lead to the aye-aye's unusual hands when they noticed that one of the tendons branched off toward a small structure on the wrist. Using traditional dissection digital imaging techniques on six aye-ayes, the researchers found that the structure in question is composed of both bone and cartilage, and has musculature that allows it to move in three directions – much the same way that human thumbs move.

[...] "Other species, like the panda bear, have developed the same extra digit to aid in gripping because the standard bear paw is too generalized to allow the dexterity necessary for grasping," Hartstone-Rose says. "And moles and some extinct swimming reptiles have added extra digits to widen the hand for more efficient digging or swimming. In this case, the aye-aye's hand is so specialized for foraging an extra digit for mobility became necessary.

Journal Reference:
Adam Hartstone‐Rose, Edwin Dickinson, Marissa L. Boettcher, Anthony Herrel. A primate with a Panda's thumb: The anatomy of the pseudothumb of Daubentonia madagascariensis. American Journal of Physical Anthropology, 2019; DOI: 10.1002/ajpa.23936

See a video explaining the discovery on YouTube.

For more background on the lemur see the Wikipedia entry on the aye-aye.

Original Submission

An Anonymous Coward writes:

https://www.bigmessowires.com/2016/06/04/db-19-resurrecting-an-obsolete-connector/

This is a happy story about the power of global communication and manufacturing resources in today's world. If you've been reading this blog for any length of time, then you've certainly heard me whine and moan about how impossible it is to find the obscure DB-19 disk connector used on vintage Macintosh and Apple II computers (and some NeXT and Atari computers too). Nobody has made these connectors for decades.

I've got a disk emulator product called Floppy Emu that attaches to an Apple DB-19 port, so I need a steady supply of these connectors to build my hardware, and that's a problem. Over the past couple of years, I've scrounged what seems like every warehouse and basement on the planet, and bought up nearly the entire world's remaining supply of new-old-stock DB-19 connectors. My last few product batches included DB-19s from some very obscure international sources. It was clear I'd reached the end of the road.

This wasn't a surprise. The DB-19 shortage first became obvious to me about a year and a half ago, when a manufacturing error forced me to replace all the DB-19 connectors in a batch of boards, and replacements couldn't be readily found. Since then I've written a dozen times about the impending DB-19 doomsday. I also made severalattempts to design a DB-19 substitute using a small PCB and suitably-arranged header pins, but while they more-or-less worked, I wasn't satisfied with the result.

[...] But just as I was getting discouraged, good luck arrived in the form of several other people who were also interested in DB-19 connectors! The NeXT and Atari communities were also suffering from a DB-19 shortage, as well as others in the vintage Apple community, and at least one electronics parts supplier too. After more than a year of struggling to make manufacturing work economically, I was able to arrange a "group buy" in less than a week. Now let's do this thing!

[...] Two months passed, and a round of prototyping. Progress was slow but steady, and I received updates from the manufacturer every few days. I kept waiting, eagerly anticipating this DB-19 bounty. At the end of May the product finally shipped, only to disappear into a US Customs black hole somewhere for a couple of days. Then at long last, after what felt like an infinite wait, I came home to find 10000 of these beauties stacked on my doorstep[!]

Original Submission

takyon writes:

Jeff Bezos announces Blue Origin will form new industry team to return to the Moon

At the International Astronautical Congress in Washington, D.C. today, Blue Origin founder Jeff Bezos announced a new "national team" that will join forces in order to help return humans to the Moon via NASA's Artemis program. They'll focus on developing the Human Landing System that will be used to achieve this goal.

Blue Origin will serve as lead contractor for this new industry collaboration, which will also include Lockheed Martin, Northrop Grumman and Draper. The partnership will serve to pursue NASA's stated mission of getting the first American woman and next American man to the surface of the Moon by 2024.

Each partner in this new alliance will take on specific roles pertaining to helping NASA achieve its goal. Blue Origin is going to be acting as the primary contractor and lead the program management of the partner involvement, as well as take on systems engineering, and responsibilities for safety and mission assurance. They'll also provide the descent element of the overall the human landing system, which will consist of the Blue Moon lander and the BE-7 engine that will provide its propulsion.

Meanwhile, Lockheed Martin will be developing the 'Ascent Element' vehicle and Northrop Grumman is building the 'Transfer Element' to get the whole landing element Blue Origin is providing in place towards the Moon. Longtime space industry non-profit Draper will lead the descent guidance efforts and produce flight avionics.

Also at Ars Technica and CNBC.

Related: Jeff Bezos Details Moon Settlement Ambitions in Interview
NASA Announces 19 Space Act Agreements, with a Focus on Returning to the Moon

Original Submission

takyon writes:

Scientists Create New, More Powerful Technique To Edit Genes

Scientists have created a new way to edit DNA that appears to make it even easier to precisely and safely re-write genes. The new technique, called prime editing, is designed to overcome some of the limitations of CRISPR. That technique, often described as a kind of molecular scissors for genes, has been revolutionizing scientific research by letting scientists alter DNA.

"It's proven difficult to use these molecular scissors to make precise DNA changes in most cell types," says David Liu, a biologist at Harvard, MIT and the Broad Institute in Cambridge, Mass. Liu heads the lab where the new prime editing technique was created in research led by Andrew Anzalone. The advance is described in the journal Nature^[$] [DOI: 10.1038/s41586-019-1711-4] [DX], in an article published Monday.

One advantage of the new editing technique is that, unlike CRISPR, prime editing doesn't rely on the ability of a cell to divide to help make the desired changes in DNA. That means it could be used to correct genetic mutations in cells that often don't divide, such as cells in the nervous system. Many diseases are caused by mutations in genes in those cells, such as Parkinson's and Huntington's diseases. In addition, the new method doesn't cut both strands of the DNA double helix, minimizing the chances of making unintended changes that could be dangerous, Liu says.

Also at CNN.

See also: Gene editing like Crispr is too important to be left to scientists alone

Original Submission

"exec" writes:

Arthur T Knackerbracket has found the following story:

The esoteric world of quantum computing is all aquiver following a robust blog post from IBM essentially rubbishing claims from Google that it has achieved "quantum supremacy".

The post notes that quantum computing is approaching the limits of classical simulation and there are big questions as to how to evaluate and benchmark system performance. Quantum supremacy is the moment quantum machines begin to do things classical computers cannot.

But Big Blue dismissed Google's most recent claims for its 53-qubit processor revealed in a leaked document last month.

IBM notes: "In the preprint, it is argued that their device reached 'quantum supremacy' and that 'a state-of-the-art supercomputer would require approximately 10,000 years to perform the equivalent task'. "We argue that an ideal simulation of the same task can be performed on a classical system in 2.5 days and with far greater fidelity. This is in fact a conservative, worst-case estimate, and we expect that with additional refinements, the classical cost of the simulation can be further reduced."

IBM blog post.

Previously:

IBM and Google’s Race for Quantum Computing Takes a Mysterious Turn
Google Quantum Processor Reportedly Achieves Quantum Supremacy

-- submitted from IRC

Original Submission

martyb writes:

Replacing Coal with Gas or Renewables Saves Billions of Gallons of Water:

"While most attention has been focused on the climate and air quality benefits of switching from coal, this new study shows that the transition to natural gas—and even more so, to renewable energy sources—has resulted in saving billions of gallons of water," said Avner Vengosh, professor of geochemistry and water quality at Duke's Nicholas School of the Environment.

[...] "For every megawatt of electricity produced using natural gas instead of coal, the amount of water withdrawn from local rivers and groundwater is reduced by 10,500 gallons, the equivalent of a 100-day water supply for a typical American household," said Andrew Kondash, a postdoctoral researcher at Duke, who led the study as part of his doctoral dissertation under Vengosh.

[...] If all coal-fired power plants are converted to natural gas, the annual water savings will reach 12,250 billion gallons—that's 260% of current annual U.S. industrial water use.

Although the magnitude of water use for coal mining and fracking is similar, cooling systems in natural gas power plants use much less water in general than those in coal plants. That can quickly add up to substantial savings, since 40% of all water use in the United States currently goes to cooling thermoelectric plants, Vengosh noted.

[...] Even further savings could be realized by switching to solar or wind energy. The new study shows that the water intensity of these renewable energy sources, as measured by water use per kilowatt of electricity, is only 1% to 2% of coal or natural gas's water intensity.

"Switching to solar or wind energy would eliminate much of the water withdrawals and water consumption for electricity generation in the U.S.," Vengosh said.

Quantification of the water-use reduction associated with the transition from coal to natural gas in the U.S. electricity sector, Environmental Research Letters (DOI: 10.1088/1748-9326/ab4d71)

Original Submission

An Anonymous Coward writes:

https://edition.cnn.com/2019/10/22/asia/china-jails-men-outsource-murder-plot-intl-hnk/index.html

A Chinese court has sentenced six men over their part in a botched attempt to "outsource" a contract killing through an elaborate chain of intermediaries.

The men were charged with intentional homicide and received prison sentences of up to five years in Guangxi province on October 17, according to a verdict posted by the court online.

The murky case, which some in China have viewed as something of a parable of modern life and the dangers of corruption, began when real estate developer Tan Youhui contacted an alleged hitman in October 2013, with a request to kill a business competitor, surnamed Wei.

The hired man, Xi Guangan, received two million Chinese yuan ($282,600) to kill Wei, who had filed a lawsuit against Tan's company over a dispute arising from a development project, the court said.

Xi took the money and outsourced the job to another would-be hitman, Mo Tianxiang, while keeping half of the initial amount.

[...] The chain of outsourcing continued for over six months until the job reached a fifth person, Ling Xiansi. By that point, Ling was offered just 100,000 yuan ($14,100) to murder Wei, the court said.

Ling also got cold feet. But rather than killing Wei or finding another supposed hitman, he met with the intended target directly -- and offered to help fake his death.

[...] Ling later reported his "success" up the chain, all the way to Tan -- the original contractor. Wei meanwhile also reported the case to the police, who charged Tan and the five middlemen for intentional homicide.

Tan received a five-year jail term for initiating the murder plot, while the would-be hitmen received prison sentences between two to four years, according to the verdict.

I don't suppose it's possible to outsource serving time in prison?

Original Submission

Freeman writes:

https://arstechnica.com/information-technology/2019/10/robo-tank-army-picks-contenders-for-robotic-combat-vehicle-competition/:

On October 18, the National Advanced Mobility Consortium—an organization of industry and academic researchers contracted by the US government to develop autonomous ground systems for the military—announced the selection of four companies to build prototype light robotic combat vehicles for the US Army. These are "non-developmental" prototypes, meaning they're based on existing technologies that could be turned into deployable systems with relatively minor modifications.

The Robotic Combat Vehicle-Light (RCV-L) program is part of the Army Futures Command's Next Generation Combat Vehicle effort. It seeks to provide soldiers in mechanized infantry and armor units with robotic "wingmen" that extend their reach and effectiveness on the battlefield. The Army hopes to have prototypes of the RCV-L as well as a heavier vehicle (the Robotic Combat Vehicle-Medium) in full testing in 2020. Two of each design will be fielded as "platoons" for testing, with the goal of wide deployment of tankbots by 2028.

Working in concert with new crewed combat vehicles, the robotic vehicles would provide additional sensors and firepower to bring to bear on an enemy in the field. By using robots to make the "first contact" with an enemy, unit commanders would be given more time to make decisions before committing human soldiers to the fight—or at least, that's the doctrinal thinking behind the Army's robotic combat crew goals.

The four companies chosen to develop the first prototypes are HDT Global, Oshkosh Defense, QinetiQ, and Textron. Each has already fielded some combination of ground vehicle and robotic systems—some of which have already been evaluated in some form by the Army.

Tankbots seems like a good name for a dystopian sci-fi movie to me.

Original Submission

RandomFactor writes:

In an extremely rare reversal, the biotech company Biogen said that it will submit the experimental amyloid beta targeting drug aducanumab—which previously had its drug trial stopped as futile—to the Food and Drug Administration for approval.

The company said a “new analysis of a larger dataset” showed that the drug, aducanumab, reduced clinical decline in patients with early Alzheimer’s disease on multiple measures of the drug’s effectiveness. That directly contradicts a decision in March to halt studies of the therapy based on the recommendations of an independent monitoring board that was charged with protecting patients in the study.

The reversal came about because the decision to halt the study was made based on an early part of the dataset where the dosage was reduced in an effort to avoid a potential side effect. When results on patients exposed to higher doses in later portions of the study was available and factored in the results turned significant.

Biogen said that it conducted a new analysis in consultation with the FDA of a larger data set from the discontinued studies. The new analysis includes additional data that became available after the previous analysis showed the studies were “futile” — that it had no chance of succeeding. Biogen said that the new data show aducanumab is “pharmacologically and clinically active” and that it reduced patients’ clinical decline based on the results of a survey called Clinical Dementia Rating-Sum of Boxes (CDR-SB), which was the main goal of both studies.

After praising the announcement as "a testament to Biogen’s steadfast determination to follow the science and do the right thing for patients,”

Michel Vounatsos, Biogen’s chief executive, said in a statement. “We are hopeful about the prospect of offering patients the first therapy to reduce the clinical decline of Alzheimer’s disease and the potential implication of these results for similar approaches targeting amyloid beta.”

There is still discussion going on and analysts are examining and questioning the results, but with tens of millions affected by the disease worldwide, there is now a glimmer of hope.

Original Submission

upstart writes:

Submitted via IRC for SoyCow9088

Avast says hackers breached internal network through compromised VPN profile

Czech cyber-security software maker Avast disclosed today a security breach that impacted its internal network.

In a statement published today, the company said it believed the attack's purpose was to insert malware into the CCleaner software, similar to the infamous CCleaner 2017 incident.

Avast said the breach occurred because the attacker compromised an employee's VPN credentials, gaining access to an account that was not protected using a multi-factor authentication solution.

The intrusion was detected on September 23, but Avast said it found evidence of the attacker targeting its infrastructure going as far back as May 14, this year.

"The user, whose credentials were apparently compromised [...], did not have domain admin privileges. However, through a successful privilege escalation, the actor managed to obtain domain admin privileges," said Jaya Baloo, Avast Chief Information Security Officer (CISO).

This sudden access rights elevation prompted the company to investigate, Baloo told ZDNet in an email today.

Staff eventually tracked down other security alerts inside Avast's ATA dashboard, alerts that engineers previously ignored, thinking they were false positives. ATA stands for Microsoft Advanced Threat Analytics, an on-premise network parsing engine and traffic analysis system that Microsoft sells to enterprises in order to protect internal networks from malicious attacks triggered from inside.

The alert showed that the compromised user account replicated Avast's Active Directory service, an effective digital map of the company's internal network.

Original Submission