SoylentNews

Freeman writes:

https://arstechnica.com/information-technology/2020/05/thunderspy-what-is-is-why-its-not-scary-and-what-to-do-about-it/

Thunderspy, as its creator Björn Ruytenberg has named the attack, in most cases requires the attacker to remove the screws from the computer casing. From there, the attacker locates the Thunderbolt chip and connects a clip, which in turn is connected to a series of commodity components—priced about $600—which is connected to an attacker laptop. These devices analyze the current Thunderbolt firmware and then reflash it with a version that's largely the same except that it disables any of the Intel-developed security features that are turned on.

[...] "There are seriously tons and tons of things you can do to a PC once you open the case," says Hector Martin, an independent security researcher with extensive experience in hacking or reverse-engineering the Nintendo Wii, several generations of the Sony PlayStation, and other devices with strong defenses against physical attacks. "The evil maid threat model is interesting when you restrict it to plugging things into ports, because that can be done very quickly when e.g. the target is just looking away."

[...] Readers who are left wondering how big a threat Thunderspy poses should remember that the high bar of this attack makes it highly unlikely it will ever be actively used in real-world settings, except, perhaps, for the highest-value targets coveted by secretive spy agencies. Whichever camp has a better case, nothing will change that reality.

Previously: https://soylentnews.org/article.pl?sid=20/05/11/1721247

Original Submission

Freeman writes:

The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet (archive)

At 22, he single-handedly put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story.

[...] For the next few minutes, the agents struck a friendly tone, asking Hutchins about his education and Kryptos Logic, the security firm where he worked. For those minutes, Hutchins allowed himself to believe that perhaps the agents wanted only to learn more about his work on WannaCry, that this was just a particularly aggressive way to get his cooperation into their investigation of that world-shaking cyberattack. Then, 11 minutes into the interview, his interrogators asked him about a program called Kronos.

"Kronos," Hutchins said. "I know that name." And it began to dawn on him, with a sort of numbness, that he was not going home after all.

[...] Despite his sentence of time served, his legal case forced him to overstay his visa, and he's soon likely to be deported back to England. As we walk into Santa Monica, past rows of expensive beach homes, he says his goal is to eventually get back here to LA, which now feels more like home than Devon. "Someday I'd like to be able to live in a house by the ocean like this," he says, "Where I can look out the window and if the waves are good, go right out and surf."

A long, but interesting read.

Original Submission

martyb writes:

Excess coffee consumption a culprit for poor health

Cappuccino, latte or short black, coffee is one of the most commonly consumed drinks in the world. But whether it’s good or bad for your health can be clarified by genetics, as a world-first study from the University of South Australia’s Australian Centre for Precision Health shows that excess coffee consumption can cause poor health.

Using data from over 300,000 participants in the UK Biobank, researchers examined connections between genetically instrumented habitual coffee consumption and a full range of diseases, finding that too much coffee can increase the risk of osteoarthritis, arthropathy (joint disease) and obesity.

In earlier research conducted by Professor Hyppönen and team, six cups of coffee a day were considered the upper limit of safe consumption.

Expert genetic epidemiologist, UniSA’s Professor Elina Hyppönen, says understanding any risks associated with habitual coffee intakes could have very large implications for population health.

[...] “In this study, we used a genetic approach – called MR-PheWAS analysis – to establish the true effects of coffee consumption against 1117 clinical conditions.

“Reassuringly, our results suggest that, moderate coffee drinking is mostly safe.

“But it also showed that habitual coffee consumption increased the risks of three diseases: osteoarthritis, arthropathy and obesity, which can cause significant pain and suffering for individuals with these conditions.”

takyon writes:

NVIDIA Ampere Unleashed: NVIDIA Announces New GPU Architecture, A100 GPU, and Accelerator

Like the Volta reveal 3 years ago – and is now traditional for NVIDIA GTC reveals – today's focus is on the very high end of the market. In 2017 NVIDIA launched the Volta-based GV100 GPU, and with it the V100 accelerator. V100 was a massive success for the company, greatly expanding their datacenter business on the back of the Volta architecture's novel tensor cores and sheer brute force that can only be provided by a 800mm²+ GPU. Now in 2020, the company is looking to continue that growth with Volta's successor, the Ampere architecture.

[...] Designed to be the successor to the V100 accelerator, the A100 aims just as high, just as we'd expect from NVIDIA's new flagship accelerator for compute. The leading Ampere part is built on TSMC's 7nm process and incorporates a whopping 54 billion transistors, 2.5x as many as the V100 before it. NVIDIA has put the full density improvements offered by the 7nm process in use, and then some, as the resulting GPU die is 826mm² in size, even larger than the GV100. NVIDIA went big on the last generation, and in order to top themselves they've gone even bigger this generation.

We'll touch more on the individual specifications a bit later, but at a high level it's clear that NVIDIA has invested more in some areas than others. FP32 performance is, on paper, only modestly improved from the V100. Meanwhile tensor performance is greatly improved – almost 2.5x for FP16 tensors – and NVIDIA has greatly expanded the formats that can be used with INT8/4 support, as well as a new FP32-ish format called TF32. Memory bandwidth is also significantly expected[sic], with multiple stacks of HBM2 memory delivering a total of 1.6TB/second of bandwidth to feed the beast that is Ampere.

See also: Nvidia's first Ampere GPU is designed for data centers and AI, not your PC
Nvidia unveils Ampere GPU architecture for AI boost, and the first target is coronavirus

Previously: NVIDIA's Volta Architecture Unveiled: GV100 and Tesla V100

Original Submission

upstart writes in with an IRC submission for Bytram:

COVID-19 Disease Map: LCSB researchers coordinate international effort:

COVID-19 Disease Map: LCSB researchers coordinate international effort

In the fight against the current pandemic, researchers of the Luxembourg Centre for Systems Biomedicine (LCSB) at the University of Luxembourg are coordinating an international collaboration to build a COVID-19 Disease Map: a comprehensive repository incorporating all current knowledge on the virus-host interaction mechanisms. This online tool will support research and improve our understanding of the disease.

In an article published this week in Nature Scientific Data, the researchers present their project and call for contributions from the R&D community worldwide.

Leveraging over a decade of expertise in disease maps and community building, the LCSB researchers are organising this project as a rapid response to the current epidemic. 162 contributors from 25 countries around the world are now participating in a collaborative effort. Extracting and assembling data from the existing literature and the fast-growing number of COVID-19 publications thanks to a rigorous and efficient organisation, they are building a reliable knowledge repository.

The disease map will provide a graphical, interactive representation of the disease mechanisms and a computational resource for analyses and disease modelling. "This platform will allow domain experts, such as clinicians, virologists, and immunologists, to collaborate with data scientists and computational biologists for a precise formulation of models and accurate data interpretation," explains Prof. Reinhard Schneider, head of the Bioinformatics Core at the LCSB.

Reference: M. Ostaszewski, et. al. COVID-19 Disease Map, building a computational repository of SARS-CoV-2 virus-host interaction mechanisms. Scientific Data 7, 136 (2020). https://doi.org/10.1038/s41597-020-0477-8

Original Submission

upstart writes in with an IRC submission for Bytram:

Dozens of prehistoric, Roman and medieval sites discovered by archaeology volunteers working at home during lockdown:

Dozens of previously unrecorded Roman, prehistoric and medieval sites have been discovered by archaeology volunteers based at home during the coronavirus lockdown.

Digging may be on hold due to the pandemic, but the team have found parts of two Roman roads, around 30 prehistoric or Roman large embanked settlement enclosures, around 20 prehistoric burial mounds, as well as the remains of hundreds of medieval farms, field systems and quarries. Those leading the project believe they will make many more discoveries in the coming weeks.

The team, led by Dr. Chris Smart from the University of Exeter and working as part of the National Lottery Heritage Fund supported Understanding Landscapes project, are analysing images derived from LiDAR, or light detection and ranging, data. This laser technology is used during aerial surveys to produce highly detailed topographical maps. Modern vegetation and buildings can be removed, allowing archaeologists to look at the shape of the land surface to find the remains of archaeological earthworks. The data, obtained from the Tellus South West project and the Environment Agency, is being systematically examined and cross-referenced with records of known archaeology and historic maps, meaning the total of new discoveries regularly changes.

Dr. Smart said: "The South West arguably has the most comprehensive LiDAR data yet available in the UK and we are using this to map as much of the historic environment as possible. The project's current focus is the Tamar Valley, but this has been extended to include a broad swathe of land between Bodmin Moor and Dartmoor, Plymouth and Barnstaple—about 4000 sq.km in all.

"This is the first major systematic analysis of LiDAR data from the Tamar Valley westwards and builds upon training workshops we ran earlier in the year. Ordinarily we would now be out in the field surveying archaeological sites with groups of volunteers, or preparing for our community excavations, but this is all now on hold. I knew there would be enthusiasm within our volunteer group to continue working during lockdown—one even suggested temporarily rebranding our project "Lockdown Landscapes' – but I don't think they realised how many new discoveries they would make.

Original Submission

upstart writes in with an IRC submission for Bytram:

Older, larger companies benefit from not investing in worker safety, study finds:

When it's cheaper to pay nominal fines for violating workplace regulations than to provide safe workplaces, that indicates current safety regulations are not enough to protect workers, researchers say.

Oregon State University Public Health and Human Sciences associate professor Anthony Veltri was one of several authors on the study, an international collaboration between Mark Pagell, Mary Parkinson, Michalis Louis and Brian Fynes of University College Dublin in Ireland; John Gray of the Ohio State University in Columbus, Ohio; and Frank Wiengarten of Universitat Ramon Llull in Spain.

"Organizations that do not provide a safe workplace gain an economic advantage over those that do," said Veltri, who studies occupational safety and health. "The goal of improving the longevity of a business conflicts with the goal of protecting the workforce."

The study, published last week in the journal Management Science, looked at both short- and long-term survival of more than 100,000 Oregon-based organizations over a 25-year period. In this study, "survival" was defined as ongoing operations, even in the face of an ownership change.

[...] Although there are businesses that provide safe workplaces and also improve their competitiveness, such businesses are not the norm, the study says. And while organizations seeking to maximize their survival are unlikely to harm workers on purpose, they are correct in calculating that the costs of preventing all harm to workers is higher than the cost of not doing so.

Original Submission

upstart writes in with an IRC submission for Bytram:

Is it because websites are converging on what boosts search rank? Or maybe there is a consolidation in the frameworks used to build web sites? Perhaps users gravitate to using sites whose layouts are "familiar"?

Yes, websites really are starting to look more similar:

Over the past few years, articles and blog posts have started to ask some version of the same question: "Why are all websites starting to look the same?"

These posts usually point out some common design elements, from large images with superimposed text, to hamburger menus, which are those three horizontal lines that, when clicked, reveal a list of page options to choose from.

My colleagues Bardia Doosti, David Crandall, Norman Su and I were studying the history of the web when we started to notice these posts cropping up. None of the authors had done any sort of empirical study, though. It was more of a hunch they had.

We decided to investigate the claim to see if there were any truth to the notion that websites are starting to look the same and, if so, explore why this has been happening. So we ran a series of data mining studies that scrutinized nearly 200,000 images across 10,000 websites.

[...] This outsize power is part a larger story of consolidation in the tech industry—one that certainly could be a cause for concern. We believe aesthetic consolidation should be critically examined as well.

Original Submission

upstart writes in with an IRC submission for Bytram:

NYC caps restaurant delivery app service fees during COVID-19:

Third-party food delivery services like Grubhub, DoorDash and Postmates operating in New York City won't be allowed to charge restaurants more than 20 percent commission on orders during states of emergency like the coronavirus pandemic, according to a bill passed by New York City Council members on Wednesday. These apps can charge restaurants fees of more than 30 percent per order, cutting into profits at a time when COVID-19 has shut their doors except for takeout and delivery orders.

The legislation restricts fees charged by third-party food delivery services during states of emergency when restaurants are prohibited from serving customers in-house, and for 90 days afterward. During these periods, the services can only charge up to 15% per order for providing delivery services, and no more than a 5% fee per order for other types of charges (like credit card processing and marketing).

Violations of the law could mean fines up to $1,000 per restaurant per day for the delivery services.

Original Submission

upstart writes in with an IRC submission for Bytram:

Unreal Engine is now royalty-free until a game makes a whopping $1 million:

Since the rise of Fortnite as a popular game and Unreal Engine 4 as a popular game-making toolkit, Epic Games, the studio behind both, has been keen to capitalize on this momentum. That has included an aggressive push to lock down game makers in its ecosystem, and Tuesday saw Epic announce its most generous developer-specific offer yet: a massive increase to its "royalty-free" grace period.

As of today, any game or software maker who uses Unreal Engine for commercial purposes doesn't owe Epic Games a penny until a single piece of software exceeds one meeeeeeellion dollars ($1,000,000) in gross revenue. This is on top of the company's existing policy to not charge Unreal Engine users a monthly fee, whether they're using the software suite for commercial or educational purposes.

Previously, Epic offered a royalty-free grace period for a game or app's first $50,000 of revenue, then began requiring payment of 5 percent of the software's "worldwide gross revenue" from that point on, including DLC, crowd-sourced fundraising related to the software, and other related revenue streams. That 5-percent fee still applies, but it now leaves game makers unaffected until a $1 million threshold is hit.

Original Submission

[20200514_131223 UTC: Updated to add links from original source.--martyb]

DeathMonkey writes:

The US Senate voted down an amendment to the USA Patriot Act on Wednesday that would create a tougher standard for government investigators to collect the web search and browsing histories of people in the states. The bipartisan amendment, proposed by Sen. Ron Wyden of Oregon, a Democrat, and Sen. Steve Daines of Montana, a Republican, would've required the Department of Justice to show probable cause when requesting approval from the Foreign Intelligence Surveillance Court to collect the data for counterterrorism or counterintelligence investigations.

Later Wednesday, the Senate voted to approve a separate bipartisan amendment that would expand a program that reviews some FISA Court requests and provides advice to judges on privacy and civil liberties concerns.

Before the vote on the browsing history issue, Daines told the Senate the bill was necessary to keep the government from intruding into the most sensitive information of internet users in the US. "If you want to see an American's search history, then you better go to a judge and get a warrant," he said.

The amendment required 60 votes to pass and failed with a final tally of 59 ayes and 37 nays. A separate amendment drafted by Kentucky Sen. Mitch McConnell, a Republican, would expressly allow the collection of web search and browsing data under section 215 of the Patriot Act, which doesn't require that investigators show probable cause. The Wyden-Daines amendment, by contrast, would've given government the ability to request the data under a separate part of the law, Title I, which does require probable cause.

Senate rejects tougher standards for collection of search and browsing dat

Original Submission

An Anonymous Coward writes:

If you missed out on the last pre-order for the BraveHeart release of the PinePhone that shipped last January, you have another opportunity to buy now. What is it? According to their Wiki:

The PinePhone is a smartphone created by Pine64, capable of running mainline Linux and supported by many partner projects. The "BraveHeart" edition was the first publicly-available version of the phone, though it came without a fully functional OS (factory test image) and was geared specifically towards tinkerers and hackers. People looking for a stable consumer-grade phone should wait for the final release...

https://store.pine64.org/?product=pinephone-community-edition-ubports-limited-edition-linux-smartphone

The "Community Edition: UBports" Limited Edition PinePhone is aimed primarily at UBports community members, willing to run their OS on a mainline Linux and provide feedback to UBports developers.

The "Community Edition: UBports" Edition PinePhone comes with UBports OS build installed. Please note that the OS build is still in a beta stage, and while most core functionality (phone calls, SMS messages, LTE, GPS and GPU acceleration) works, some elements remain a work-in-progress.

The phone seems to be the same hardware as the Braveheart and the same price $149.99 + shipping. Pine will donate $10 to the UBPorts Foundation for every phone purchased.

It comes pre-installed with UBPorts, but there is nothing keeping you from re-flashing to whichever OS you want. Currently there are several ports in progress like, Debian, PostmarketOS, SailfishOS, Maemo Leste, etc. Some of these can even make phone calls and sms texts already :)

upstart writes in with an IRC submission for Bytram:

COVID-19 resurges in reopened countries; Wuhan sees first cluster in a month:

The World Health Organization on Monday called for continued vigilance as several areas that have eased lockdown restriction began to see a resurgence in COVID-19 cases—and the United States begins unbuttoning as well.

The Chinese city of Wuhan—where the pandemic began last December—saw its first cluster of cases in at least a month. The city began reopening in early April.

The cluster was just six cases: an 89-year-old symptomatic man and five asymptomatic cases. All of the infected lived in the same residential community.

[...] NPR's Emily Feng reported from Beijing that "The rise of such hard-to-detect asymptomatic cases has alarmed public health authorities in China, who have ramped up contact tracing and testing efforts."

China state media announced Tuesday that it has ordered all residents of Wuhan—roughly 11 million persons—to be tested within the next 10 days.

Likewise, the mayor of Seoul shut down bars and restaurants over the weekend—just days after South Korea had eased restrictions and allowed businesses to reopen—due to a spike of 86 new COVID-19 cases. Authorities identified a 29-year-old who visited five nightclubs and a bar while infected with the virus, sparking an outbreak of at least 54 cases, according to NPR. The uptick also led South Korean officials to delay the reopening of schools.

Original Submission

c0lo writes:

Australian Broadcast Corp

The Genesis II Church of Health and Healing has been claiming chlorine dioxide is a "miracle cure".

For years it has sold the industrial bleach as Miracle Mineral Solution (MMS), stating it can cure things like autism, acne, cancer, diabetes and now COVID-19.

[...] Following an investigation [...] last week, the Therapeutic Goods Administration (TGA) today announced it had issued 12 infringement notices totalling $151,200 to MMS Australia for alleged unlawful advertising of Miracle Mineral Solution and other medicines.

... still a long way to injecting it, right? But maybe that's for The Genesis III Church of Health and Healing

Original Submission

upstart writes in with an IRC submission for Bytram:

SpaceX Crew Dragon simulator challenges you to dock with the ISS, and it's not easy:

It's a good thing I'm not on board the historic SpaceX Crew Dragon launch to the International Space Station scheduled for May 27. It turns out I suck at piloting a spacecraft.

SpaceX released a docking simulator online Tuesday that lets anyone try to safely connect the crew capsule with the ISS. Spoiler alert: I missed.

"This simulator will familiarize you with the controls of the actual interface used by NASA astronauts to manually pilot the SpaceX Dragon 2 vehicles to the International Space Station," SpaceX said, warning that the process "requires patience and precision." I had neither.

My attempt at the delicate dance of control and corrections didn't go well. "Do not use large movements near the ISS," SpaceX advised. I'm pretty sure I accidentally crashed into one of the ISS solar arrays.

Fortunately, the upcoming SpaceX Demo-2 mission will be crewed by NASA astronauts Bob Behnken and Doug Hurley, who are trained experts at this whole complicated docking thing.

The astronauts probably won't have to call on their training. "Crew Dragon missions will autonomously dock and undock with the space station, but crew can take manual control of the spacecraft if necessary," SpaceX tweeted.

NASA administrator Jim Bridenstine also took to Twitter on Tuesday to remind everyone that he aced the simulator on his first try last year. Show-off.

Original Submission