SoylentNews

upstart writes in with an IRC submission for carny:

Oh ****... Sudo has a 'make anyone root' bug that needs to be patched – if you're unlucky enough to enable pwfeedback:

Sudo, a standard tool on Unix-y operating systems that lets select users run some or all commands as root, can be exploited to give superpowers to any logged-in user – if deployed with a non-default configuration.

This security hole, discovered by Joe Vennix at Apple Information Security, is only active if the pwfeedback option is enabled. This option shows an asterisk each time a key is pressed, when entering a password. The good news is that pwfeedback is generally disabled by default.

[...] If sudo is installed and vulnerable, any user can trigger the vulnerability, even if not listed in the sudoers list of those with sudo privileges.

[...] You can tell if you are vulnerable by running sudo -l and checking the output. If the word pwfeedback appears under Matching Defaults entries, it is potentially at risk. The next thing to do is to check the version number with sudo --version. Versions 1.7.1 to 1.8.25p1 inclusive are vulnerable. The bug is fixed in sudo 1.8.31, available now, and versions 1.8.26 to 1.8.30 are not exploitable.

[...] The [interim] solution is to disable pwfeedback in the sudoers file, as explained in the linked article.

Better yet, upgrade your copy of sudo so it no longer contains this bug.

Original Submission

upstart writes in with an IRC submission for carny:

Sketchy behavior? Wacom tablet drivers phone home with names, times of every app opened on your computer:

FYI: Wacom's official tablet drivers leak to the manufacturer the names of every application opened, and when, on the computers they are connected to.

Software engineer Robert Heaton made this discovery after noticing his drawing board's fine-print included a privacy policy that gave Wacom permission to, effectively, snoop on him.

Looking deeper, he found that the tablet's driver logged each app he opened on his Apple Mac and transmitted the data to Google to analyze. To be clear, we're talking about Wacom's macOS drivers here: the open-source Linux ones aren't affected, though it would seem the Windows counterparts are.

"Being a mostly normal person, I never usually read privacy policies. Instead I vigorously hammer the 'yes' button in an effort to reach the game, machine, or medical advice on the other side of the agreement as fast as possible," Heaton said earlier today.

"But Wacom's request made me pause. Why does a device that is essentially a mouse need a privacy policy?"

After firing up Burp Suite to observe his network traffic, Heaton found that his peripheral's macOS driver would query the presence of an XML file on a wacom.com server, and if this document was present, the software would feed notifications of applications being opened into Wacom's Google Analytics account. If the XML file was not present, the driver would not spill any details to Google, and note in its logs the telling line: "Analytics disabled either locally or from server kill switch." In other words, the XML file acted as a kill switch.

[...] It appears Wacom gathers this information to figure out which specific applications punters are using alongside its hardware: which apps are popular, which get used a lot, and so on, presumably to help it improve its products. Google Analytics will let you inspect the activities of individual users, such as which applications were opened, though it attempts to mask people's identities using ID numbers. You can't drill down to personally-identifiable things like IP addresses. The data can be analyzed in aggregate to figure out which programs are being run and when.

Original Submission

takyon writes:

Casper's IPO is officially a disaster

Casper's attempt at a public debut is becoming downright embarrassing. The mattress-in-a-box company dramatically slashed its initial public offering price, cutting its valuation and dimming hopes of a positive reception by investors.

The company said Wednesday in a regulatory filing that it had cut its IPO target share price to $12 to $13 from $17 to $19. That values the company at around $500 million, down from the $705 million it valued itself at last week. At one point, Casper was valued at more than $1 billion. Its shares priced at the low-end, or $12, the Wall Street Journal reported.

The New York-based startup filed to go public earlier in January. It plans to trade under the ticker symbol "CSPR" on the New York Stock Exchange.

Casper's long-term prospects for profitability are questionable at best. Casper reported its preliminary 2019 financial results last week, and although sales soared 23% to about $439 million, it lost about $94 million in the past year. Its loss was about 2% more than its losses during 2018.

See also: Casper prices its IPO at $12 a share, giving it a valuation of $490 million, confirming that it's no longer a unicorn

Original Submission

An Anonymous Coward writes:

Swiss federal government organisations and agencies will soon be free to share the source code of their software solutions as open source. In addition, software developers working for the federal government should be able to be part of open source communities. The government wants to anchor this in federal law, according to new Guidelines on Open Source in the Federal Government, made public last Friday.

The guidelines provide recommendations and background knowledge on the use and dissemination of open source software. The 21-page document balances the pros and cons of going open. The first chapter provides a list of advantages including no licence fees, pooling of resources, increased know-how and improved interoperability. These advantages may be offset by, for example, costs already incurred through IT vendor lock-in [OK? In other words if you've spent the money on proprietary software you might as well use it?], initial investment to gain open source expertise, and the need to handle changes in responsibilities and support needs. "Open source communities focus on the product and spend little time on marketing," the guidelines warn. "This can create the false impression that there is no open source solution available."

Original Submission

Arthur T Knackerbracket has found the following story:

Most nuclear data measurements are performed at accelerators large enough to occupy a geologic formation a kilometer wide, like the Los Alamos Neutron Science Center located on a mesa in the desert. But a portable device that can reveal the composition of materials quickly on-site would greatly benefit cases such as in archaeology and nuclear arms treaty verification.

Research published this week in AIP Advances, from AIP Publishing, used computational simulations to show that with the right geometric adjustments, it is possible to perform accurate neutron resonance transmission analysis in a device just 5 meters long.

"We expected massive backgrounds to dilute and contaminate our signal, and early simulation work confirmed that the scale of these effects would make the technique entirely impossible," author Areg Danagoulian said. "However, careful optimization of the geometries allowed us to almost completely suppress these effects, giving us a near-perfect signal."

Journal Reference:
Ezra M. Engel, Ethan A. Klein, Areg Danagoulian. Feasibility study of a compact neutron resonance transmission analysis instrument. AIP Advances, 2020; 10 (1): 015051 DOI: 10.1063/1.5129961

Original Submission

chromas from IRC writes:

Google Photos test subscription prints your best pictures every month:

Online photo services with printing options usually revolve around on-demand printing for special occasions, but Google appears to be trying something different: printing photos every month no matter what you've taken. A 9to5Google tipster has revealed a Google Photos test subscription service that automatically selects your 10 best pictures for printing each month. You just tell Google whether you want to focus on faces (including pets), landscapes or a "little bit of everything" -- so long as you're willing to pay $8 per month, you'll get a collection of related 4x6 prints on matte cardstock. You can edit images before committing to the print process.

The trial is billed as invitation- and US-only. We've asked Google if it can elaborate on its plans for the trial, including the possibility of a wider rollout.

Related:
https://9to5google.com/2020/01/31/google-photos-print-subscription/

Original Submission

exec (on IRC) submitted this story for chromas:

Publishers are growing audiences by producing less content:

Increasingly, publishers are seeing that less is more when it comes to producing content.

Publishers including the Guardian, News UK’s The Times of London and Le Monde have trimmed the number of articles they publish, leading to a growth in audience traffic, higher dwell times and ultimately more subscribers.

Over the last year, the Guardian cut its weekly output by one-third[...] In December 2019, the Guardian had 25 million monthly unique users in the U.K., a rise from 23.4 million the previous year, according to Comscore.

From 2017 to 2019, French subscription publisher Le Monde reduced its total number of articles 25%[...] Comscore reported that during December 2019, Le Monde had 9.1 million unique monthly users in France; that’s a rise from 8.4 million in December 2018.

Last summer The Times of London published 15% fewer stories on its online Home News[...] Readers of The Times smartphone app spent on average  28 minutes each day on the Home News section; that’s a 25% rise as compared with the same stretch the prior year, according to the publisher.

[...] Publishers often find that the types of stories they produce the most of are often the least read, so they don’t generate as much ad revenue as the more widely read pieces. This leads to difficult decisions about whether publishers should cut back on premium content (that typically costs more to produce), change the ratio of non-premium to premium content, or tweak the pricing of subscriptions, so that people start to read more of what the newspaper wants them to read, he said.

[Editor's note]:

Some, upon reading this story would wonder if SoylentNews has any plans to do something similar. The very short answer is "no". Read on if you want to know more.

upstart writes in with an IRC submission for Bytram:

Supercomputers help link quantum entanglement to cold coffee:

Theoretical physicists from Trinity College Dublin have found a deep link between one of the most striking features of quantum mechanics -- quantum entanglement -- and thermalisation, which is the process in which something comes into thermal equilibrium with its surroundings.

Their results are published today [Friday 31st January 2020] in the prestigious journal Physical Review Letters.

We are all familiar with thermalisation -- just think how your coffee reaches room temperature over time. Quantum entanglement on the other hand is a different story.

Yet work performed by Marlon Brenes, PhD Candidate, and Professor John Goold from Trinity, in collaboration with Silvia Pappalardi and Professor Alessandro Silva at SISSA in Italy, shows how the two are inextricably linked.

Explaining the importance of the discovery, Professor Goold, leader of Trinity's QuSys group, explains:

"Quantum entanglement is a counterintuitive feature of quantum mechanics, which allows particles that have interacted with each other at some point in time to become correlated in a way which is not possible classically. Measurements on one particle affect the outcomes of measurements of the other -- even if they are light years apart. Einstein called this effect 'spooky action at a distance'."

"It turns out that entanglement is not just spooky but actually ubiquitous and in fact what is even more amazing is that we live in an age where technology is starting to exploit this feature to perform feats which were thought to be impossible just a number of years go. These quantum technologies are being developed rapidly in the private sector with companies such as Google and IBM leading the race."

But what has all this got to do with cold coffee?

Journal Reference:

Marlon Brenes, Silvia Pappalardi, John Goold, Alessandro Silva Multipartite Entanglement Structure in the Eigenstate Thermalization Hypothesis, Physical Review Letters (DOI: doi:10.1103/PhysRevLett.124.040605)

Original Submission

upstart writes in with an IRC submission for Bytram:

Newest solar telescope produces first images: Preeminent telescope to play critical role in better understanding sun, space weather:

Just released first images from the National Science Foundation's Daniel K. Inouye Solar Telescope reveal unprecedented detail of the sun's surface and preview the world-class products to come from this preeminent 4-meter solar telescope. NSF's Inouye Solar Telescope, on the summit of Haleakala, Maui, in Hawai'i, will enable a new era of solar science and a leap forward in understanding the sun and its impacts on our planet.

Activity on the sun, known as space weather, can affect systems on Earth. Magnetic eruptions on the sun can impact air travel, disrupt satellite communications and bring down power grids, causing long-lasting blackouts and disabling technologies such as GPS.

The first images from NSF's Inouye Solar Telescope show a close-up view of the sun's surface, which can provide important detail for scientists. The images show a pattern of turbulent "boiling" plasma that covers the entire sun. The cell-like structures -- each about the size of Texas -- are the signature of violent motions that transport heat from the inside of the sun to its surface. That hot solar plasma rises in the bright centers of "cells," cools, then sinks below the surface in dark lanes in a process known as convection.

"Since NSF began work on this ground-based telescope, we have eagerly awaited the first images," said France Córdova, NSF director. "We can now share these images and videos, which are the most detailed of our sun to date. NSF's Inouye Solar Telescope will be able to map the magnetic fields within the sun's corona, where solar eruptions occur that can impact life on Earth. This telescope will improve our understanding of what drives space weather and ultimately help forecasters better predict solar storms."

Arthur T Knackerbracket has found the following story:

In an advisory on Monday, the social network noted it had “became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers” on December 24.

That is the same day that security researcher Ibrahim Balic revealed he had managed to match 17 million phone numbers to Twitter accounts by uploading a list of two billion automatically generated phone numbers to Twitter's contact upload feature, and match them to usernames.

The feature is supposed to be used by tweeters seeking their friends on Twitters, by uploading their phone's address book. But Twitter seemingly did not fully limit requests to its API, deciding that preventing sequential numbers from being uploaded was sufficiently secure.

It wasn’t, and Twitter now says that, as well as Balic's probing, it “observed a particularly high volume of requests coming from individual IP addresses located within Iran, Israel, and Malaysia," adding that “it is possible that some of these IP addresses may have ties to state-sponsored actors.”

Being able to connect a specific phone number to a Twitter account is potentially enormously valuable to a hacker, fraudster, or spy: not only can you link the identity attached to that number to the identity attached to the username, and potentially fully de-anonymizing someone, you now know which high-value numbers to hijack, via SIM swap attacks, for example, to gain control of accounts secured by SMS or voice-call two-factor authentication.

Original Submission

Arthur T Knackerbracket has found the following story:

If you ask those of us who grew up somewhere in the 1950s to 1970s what our car would be like in the year 2020, we might have described an Avrocar. This top secret vehicle from Canadian Avro was part hovercraft and part jet-powered vertical takeoff vehicle. There were two prototypes actually made and [Real Engineering] has a short video[*] on how the prototypes worked, how the real design might have worked, and even has a lot of footage of the actual devices.

The designer, [Jack Frost], experimented with ground effect and the Coanda effect. The Canadian branch of Avro, a British company, worked with the U.S. military

[...] The ground effect is well understood by anyone who has seen a hovercraft working. The Conada effect is a little more obscure. This is the effect where a fluid — and for this purpose, air is a fluid — will hug a convex shape. According to the video, the Conada effect inspired the shape, but might not have been very significant for the actual operation.

[Frost’s] saucer was airflow neutral, but with some carefully-placed jet engines, the craft could create a virtual airfoil. In theory, the craft could take off and land vertically, but also be made to perform well at both subsonic and supersonic speeds.

Of course, a theory is one thing and practice often another. The aerodynamic center of pressure was too far away from the center of gravity. The craft was unstable and the mechanical systems of the day couldn’t tame it.

[*] Video is available on YouTube.

Original Submission

Arthur T Knackerbracket has found the following story:

With Brexit "done" [...] the starting position for the future relationship has been published (PDF) and, as expected, it appears the UK will have access to the Public Regulated Service (PRS) of Galileo required by the military.

It just won't be able to participate in developing the thing, and its use must also not "contravene the essential security interests of the Union and its Member States", which will doubtless set the "take back control" crowd a-frothing.

[...] Galileo was one of those moments of awakening when UK lawmakers realised that if you leave a club, you also lose access to its toys.

The UK was also blocked from working and bidding on sensitive parts of the system, much to the outrage of politicos taken by surprise at the prospect of not having access to a system into which [it] had poured funds.

[...] UK [announced] that it would build its own version.

The UK military already has access to sensitive bits of GPS, and Galileo's PRS would, certainly initially, be a handy backup. Access to PRS could also render redundant the proposed multibillion-pound Brexit Satellite (BS) system to give the UK its very own sat-nav system.

[...] And then there is the question of national ego. Dr Bleddyn Bowen, lecturer in International Relations and Space Policy at the University of Leicester, told The Register: "I don't know what prestige will be gained as the UK GNSS or Brexit System is widely seen as a waste of resources."

He added that the BS was regarded by many in the space community as "a political vanity project".

upstart writes in with an IRC submission for RandomFactor:

Your shrieking alarm clock sound might be the reason your mornings suck:

Researchers at RMIT University in Australia investigated how alarm tones and wake-up music tie into sleep inertia, which is the feeling of grogginess some people experience in the mornings. The effects of sleep inertia can last for hours, putting a serious drag on the early part of the day.

The team asked 50 participants to fill out an online survey on the type of alarm sound they use. They also rated their grogginess and alertness levels. "You would assume that a startling 'beep beep beep' alarm would improve alertness, but our data revealed that melodic alarms may be the key element. This was unexpected," said RMIT doctoral researcher Stuart McFarlane in a release on Monday.

The researchers published the results of the study in the journal PLOS One last week. The team isn't drawing hard and fast conclusions from the data just yet, but is calling for further study into how alarm tones, sounds and music play into sleep inertia.

Journal Reference:
Stuart J. McFarlane, Jair E. Garcia, Darrin S. Verhagen, Adrian G. Dyer. Alarm tones, music and their elements: Analysis of reported waking sounds to counteract sleep inertia, PLOS ONE (DOI: 10.1371/journal.pone.0215788)

Original Submission

takyon writes:

Zhaoxin's x86-Compatible CPUs for DIY Enthusiasts Now Available

Zhaoxin, a joint venture between Via Technologies and the Chinese government, has been selling processors for various client systems for years, but recently the company rolled out its latest CPUs that some of the local PC makers position as solutions for DIY enthusiasts. At least initially, Zhaoxin's KaiXian KX-6780A will be available only in China.

Zhaoxin's KaiXian KX-6780A is an eight-core x86-64 processor with 8 MB of L2 cache, a dual-channel DDR4-3200 memory controller, modern I/O interfaces (PCIe, SATA, USB, etc.), and integrated DirectX 11.1-capable graphics (possibly S3 based but unknown). The CPU cores are in-house designed LuJiaZui cores, built around a superscalar, multi-issue, out-of-order microarchitecture that supports modern instruction sets extensions like SSE 4.2 as well as AVX along with virtualization and encryption technologies. The processor is made using TSMC's 16 nm process technology.

Zhaoxin formally introduced its KaiXian KX-6000-series CPUs back in 2018, but it looks like higher-end models like the KX-U6780A and the KX-U6880A are entering the consumer market this quarter.

Also at Wccftech.

Previously: Zhaoxin KaiXian KX-6000: A Chinese x86 SoC

Original Submission

Chocolate writes:

According to Boing Boing, Australia's location corrected:

Australia sits on a fast-moving tectonic plate and is drifting north several inches a year. As its GPS coordinates haven't been updated since 1994, the discrepancy has grown to six feet and has begun causing trouble. The Sydney Morning Herald reports that the continent's location is being fixed.

That report, "NSW and Victoria just jumped 1.8 metres north" reports:

The change is being made to fix a 1.8 metre inaccuracy that has crept into our GPS coordinates, caused by Australia slowly drifting north.

[...]Australia sits atop one of the fastest-moving tectonic plates in the world. We move about seven centimetres north-east every year.

[...]In the days of paper maps our tectonic drift did not pose a real problem. The continent might move but the distance from Melbourne to Sydney stayed the same. That meant Australia could get away with the slight inaccuracy that has crept in since we last set our coordinates in 1994.

[...]Because Australia’s underlying map data is now off by about 1.8 metres, it throws off the accuracy of the GPS location. The blue dot is accurate, but the underlying map is not.

"Effectively the coordinate you have from your GPS has already moved the 1.8 metres – it's the mapping data that has been left behind," says Dr John Dawson, director of positioning at Geoscience Australia, the federal government department supervising the fix.

The governments of New South Wales and of Victoria updated their map data on January 1. All Australian states and territories expect to have their coordinates updated by June.

Help, my country is trying to escape.

Original Submission