Linux fréttir

You looking for an AI project? You love Lego? Look no further than this Reg reader's machine-learning Lego sorter

TheRegister - Fri, 2019-12-06 07:01
All you need is tens of thousands of Lego bricks, a Raspberry Pi, and a laptop GPU

An engineer has built something that is sure to be the envy of any self-respecting Lego fan: an AI-powered Lego sorting machine.…

Categories: Linux fréttir

Fukushima Melted Fuel Removal Begins 2021, End State Unknown

Slashdot - Fri, 2019-12-06 07:00
Japan's economy and industry ministry said Monday that it will start removing melted fuel from the Fukushima Daiichi nuclear power plant in 2021. The milestone step of debris removal is considered the most difficult part of cleaning up the crisis-hit facility. ABC News reports: Nearly nine years after [the Fukushima nuclear power plant was wrecked by a massive earthquake and tsunami], the decommissioning of the plant, where three reactors melted, remains largely an uncertainty. The revised road map, to be formally approved later this month, lacks details on how the complex should look at the end but maintains a 30- to 40-year target to finish. By far the toughest challenge is to remove the 800 tons of nuclear fuel in the three reactors that melted, fell from the cores and hardened at the bottom of their primary containment vessels. In the past two years, plant operator Tokyo Electric Power Co. (TEPCO), has made progress in gathering details mainly from two of the three reactors. In February, a small telescopic robot sent inside Unit 2 showed that small pieces of debris can come off and be lifted out. The milestone step of debris removal is scheduled to begin at Unit 2 by the end of 2021. [...] TEPCO started removing the fuel rods from the Unit 3 pool in April 2019 and aims to get all 566 removed by March 2021. Removal of the rods from Units 1 and 2 is to begin in 2023. By 2031, TEPCO also plans to remove thousands at two other units that survived the tsunami to be stored in dry casks on the compound. More than 6,300 fuel rods were in six reactor cooling pools at the time of the accident, and only the Unit 4 pool has been emptied. "Japan has yet to develop a plan to dispose of the highly radioactive waste that will come out of the reactors," the report adds. "Under the road map, the government and TEPCO will compile a plan sometime after the first decade of debris removal ending in 2031." "Experts say a 30- to 40-year completion target for the decommissioning is too optimistic. Some have raised doubts if removing all of the melted fuel is doable and suggest an approach like Chernobyl -- contain the reactors and wait until radioactivity naturally decreases."

Read more of this story at Slashdot.

Categories: Linux fréttir

SANS Announces 13th Holiday Hack Challenge and 2nd KringleCon infosec conference

TheRegister - Fri, 2019-12-06 06:00
Sign up, tune in, expand your knowledge, and compete in hacking contests

Promo On December 9, SANS will launch its second annual KringleCon virtual conference followed shortly thereafter by its 13th Holiday Hack Challenge.…

Categories: Linux fréttir

Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads

TheRegister - Fri, 2019-12-06 05:01
OpenVPN, WireGuard, IKEv2/IPSec also vulnerable to unmasking flaw, we're told

A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed.…

Categories: Linux fréttir

Nestle Cannot Claim Bottled Water Is 'Essential Public Service,' Court Rules

Slashdot - Fri, 2019-12-06 03:30
An anonymous reader quotes a report from The Guardian: Michigan's second-highest court has dealt a legal blow to Nestle's Ice Mountain water brand, ruling that the company's commercial water-bottling operation is "not an essential public service" or a public water supply. The court of appeals ruling is a victory for Osceola township, a small mid-Michigan town that blocked Nestle from building a pumping station that doesn't comply with its zoning laws. But the case could also throw a wrench in Nestle's attempts to privatize water around the country. The Osceola case stems from Nestle's attempt to increase the amount of water it pulls from a controversial wellhead in nearby Evart from about 250 gallons per minute to 400 gallons per minute. It needs to build the pump in a children's campground in Osceola township to transport the increased load via a pipe system. The township in 2017 rejected the plans based on its zoning laws, and Nestle subsequently sued. A lower court wrote in late 2017 that water was essential for life and bottling water was an "essential public service" that met a demand, which trumped Osceola township's zoning laws. However, a three-judge panel in the appellate court reversed the decision. "The circuit court's conclusion that [Nestle's] commercial water bottling operation is an 'essential public service' is clearly erroneous," the judges wrote. "Other than in areas with no other source of water, bottled water is not essential." "The court noted that infrastructure that provides essential public services included electrical substations, sewage facilities or other similar structures," the report adds. "Nestle's pumping station does not fit in that category." The judges also disagreed with Nestle's argument that it represented a 'public water supply.' They said state law 'unambiguously' implies public water supplies are 'conveyed to a site through pipes' while nonessential water is provided in bottles."

Read more of this story at Slashdot.

Categories: Linux fréttir

Project Jedi decision 'risky for the country and for democracy,' says AWS CEO

TheRegister - Fri, 2019-12-06 02:13
Presidential 'disdain' may have been a factor

re:Invernt AWS CEO Andy Jassy faced the press yesterday at Amazon's re:Invent conference in Las Vegas, and there was one thing above all else that the press wanted to discuss. Why was Amazon heading to court to challenge the US Department of Defense's decision to award its $10bn "Project Jedi" IT project to Microsoft rather than to, well, AWS?…

Categories: Linux fréttir

The Case For Portland-To-Vancouver High-Speed Rail

Slashdot - Fri, 2019-12-06 02:10
At the Cascadia Rail Summit outside Seattle, a fledgling scheme to bring high-speed rail from Portland to Vancouver found an enthusiastic reception. Gregory Scruggs writes via CityLab: Only 175 miles separate Portland from Seattle. Then it's another 140 miles north to Vancouver, British Columbia. The three Pacific Northwest cities, which together form the Cascadia megaregion, are currently served by Amtrak service that tops out at 79 mph, shares track with BNSF freight trains, and runs infrequently -- just twice daily round-trip between Seattle and Vancouver. If you want to make the full 315-mile run from Portland to Vancouver on rails, it's going to take you at least 8-and-a-half hours. By bus or car, expect the journey to eat up 5 or 6 hours, with metro-area traffic an unpredictable wild card that regularly balloons travel times. But Roger Millar, Washington State's secretary of transportation, sees a better way: a trans-national, ultra-high-speed rail line that can hit 250 mph and put the three booming cities within super-commuting range. Such a system -- common in Europe and Asia but still alien to North America -- might cost $50 billion or so. That sounds like a lot, but it could be a bargain compared to adding a lane to I-5, the current north-south corridor linking the megaregion. "[For] $108 billion we've got another lane of pavement in each direction, and it still takes you all day to get from Portland to Vancouver," Millar said earlier this month of a hypothetical lane-widening project. "Half of that invested in ultra-high speed rail and it's two hours. That's game-changing stuff."

Read more of this story at Slashdot.

Categories: Linux fréttir

Most of the Largest US Voting Districts Are Vulnerable To Email Spoofing

Slashdot - Fri, 2019-12-06 01:50
Researchers at Valimail found that only 5% of the largest voting counties in the U.S. are protected against email impersonation and phishing attacks. TechCrunch reports: Researchers at Valimail, which has a commercial stake in the email security space, looked at the largest three electoral districts in each U.S. state, and found only 10 out of 187 domains were protected with DMARC, an email security protocol that verifies the authenticity of a sender's email and rejects fraudulent or spoofed emails. DMARC, when enabled and properly enforced, rejects fake emails that hackers design to spoof a genuine email address by sending to spam or bouncing it from the target's inbox altogether. Hackers often use spoofed emails to try to trick victims into opening malicious links from people they know. But the research found that although DMARC is enabled on many domains, it's not properly enforced, rendering its filtering efforts largely ineffective. The researchers said 66% of the district election-related domains had no DMARC entry at all, while 28% had either a valid DMARC entry but no enforcement, or an invalid DMARC entry altogether. [...] The worry is that attackers could use the lack of DMARC to impersonate legitimate email addresses to send targeted phishing or malware in order to gain a foothold on election networks or launch attacks, steal data or delete it altogether, a move that would potentially disrupt the democratic process.

Read more of this story at Slashdot.

Categories: Linux fréttir

Fancy privacy in Chrome? Yeah, we'll get to that after we start app detection says Google

TheRegister - Fri, 2019-12-06 01:42
Privacy developers concerned over Chocolate Factory plans

A nascent web API called getInstalledRelatedApps offers a glimpse of why online privacy remains such an uncertain proposition. In development since 2015, Google has been experimenting with the API since the release of Chrome 59 in 2017. As its name suggests, it is designed to let web apps and sites determine whether a corresponding native app is installed on a user's device.…

Categories: Linux fréttir

Snapdragon XR2 Chip To Enable Standalone Headsets With 3K x 3K Resolution, 7 Cameras

Slashdot - Fri, 2019-12-06 01:30
An anonymous reader quotes a report from Road to VR: Qualcomm today announced Snapdragon XR2 5G, its latest chipset platform dedicated to the needs of standalone VR and AR headsets. The new platform is aimed at high-end devices with support for 3K x 3K displays at 90Hz, along with integrated 5G, accelerated AI processing, and up to seven simultaneous camera feeds for user and environment tracking. While XR1 was made for low-end devices, XR2 5G targets high-end standalone headsets, making it a candidate for Oculus Quest 2, Magic Leap 2, and similar next-gen devices. XR2 offers up notable improvements over Snapdragon 835 (one of the most common chipsets found in current standalone headsets, including Quest); Qualcomm claims 2x performance in CPU & GPU, 4x increase in pixel throughput for video playback, and up to 6x resolution per-eye compared to Snapdragon 835 -- supporting up to 3K x 3K displays at 90Hz. [...] Notably, XR2 supports up to seven simultaneous camera feeds (up from four in prior platforms). This is key for advanced tracking, both of the environment and the user. [...] Qualcomm also says that XR2 offers low-latency pass-through video which could improve the pass-through video experience on headsets like Quest, and potentially enable a wider range of pass-through AR use-cases. Additionally XR2 boasts significantly accelerated AI processing; 11x compared to Snapdragon 835, which could greatly benefit the sort of operations used for turning incoming video feeds into useful tracking information.

Read more of this story at Slashdot.

Categories: Linux fréttir

Apple Will Reportedly Release An iPhone Without Any Ports In 2021

Slashdot - Fri, 2019-12-06 01:10
Apple analyst Ming-Chi Kuo says there will be four new OLED iPhone models in 2020, followed by a new iPhone without a Lightning port in 2021. 9to5Mac reports: In 2021, Kuo is predicting a followup to the iPhone SE 2 as well as a new iPhone model without Lightning connectivity. Kuo says that this would "provide the completely wireless experience," meaning there would be no ports at all rather than a switch to USB-C from Lightning. Kuo implies that Apple only plans to remove the Lightning port from the "highest-end model" at first, rather than from the entire iPhone lineup at once. Kuo says The 2021 followup to the iPhone SE 2, which Kuo refers to as the "iPhone SE 2 Plus," will reportedly feature an all-screen design without a Home button. Kuo predicts this device will have a screen size of either 5.5-inches or 6.1-inches. Interestingly, Kuo says the iPhone SE 2 Plus still won't include Face ID authentication. Instead, Apple is reportedly planning to integrate Touch ID into the power button on the side of the device. As for the 2020 OLED iPhones, here's what Kuo had to say: Kuo predicts that Apple will introduce 5.4-inch, two 6.1-inch, and a 6.7-inch OLED iPhone models in 2020. He says that all four of these iPhones will also feature 5G connectivity. The difference between all of these models, other than screen sizes, will be camera technology. According to Kuo, the 5.4-inch OLED iPhone will feature a dual-camera setup on the back. The lower-end 6.1-inch iPhone will feature a similar dual-camera system. The higher-end 6.1-inch model and the 6.7-inch model will include triple-lens camera setups as well as time-of-flight 3D sensing technology. In terms of design for the 2020 OLED iPhone, Kuo says the form factor will be "similar to the iPhone 4."

Read more of this story at Slashdot.

Categories: Linux fréttir

Asteroid Bennu is flinging particles of dust and rock from its surface and scientists can't work out why

TheRegister - Fri, 2019-12-06 00:52
Images beamed back from NASA's OSIRIS-REx spacecraft leave scientists baffled

Pic A closeup image of Bennu snapped by NASA’s OSIRIS-REx spacecraft reveals that the asteroid’s surface is surprisingly volatile, randomly spitting out shards of debris into space.…

Categories: Linux fréttir

The US Is Suspected of Killing a Terrorist In Syria Using Missile With Knife Warhead

Slashdot - Fri, 2019-12-06 00:50
pgmrdlm shares a report from Business Insider: A suspected terrorist in Syria was reportedly killed with a rare U.S. missile packed with swords, according to multiple reports. The weapon that shredded the car did not explode. While the driver's side was torn apart, the vehicle was actually mostly intact. The deadly precision weapon was, according to a report from the Wall Street Journal in May, designed by the U.S. to reduce civilian casualties. The Journal noted that the R9X has been used covertly, albeit rarely, against targets in Syria, Yemen and elsewhere since 2017.

Read more of this story at Slashdot.

Categories: Linux fréttir

Filmmakers Sue State Department Over Social Media Surveillance Rules

Slashdot - Fri, 2019-12-06 00:30
A group of filmmakers have sued the State Department for making visa applicants hand over details about their social media accounts. "The lawsuit argues that the requirement unconstitutionally discourages applicants from speaking online -- and, conversely, discourages people who post political speech from trying to enter the U.S.," reports The Verge. From the report: This lawsuit, filed by the Doc Society and the International Documentary Association, challenges the decision on First Amendment grounds. It calls the registration system "the cornerstone of a far reaching digital surveillance regime" that makes would-be visitors provide "effectively a live database of their personal, creative, and political activities online" -- which the government can monitor at any time, long after the application process has been completed. Applicants must even disclose accounts that they use pseudonymously, and if U.S. authorities fail to keep that information secure, it could potentially endanger people who are trying to avoid censorship from a repressive foreign government. The plaintiffs in this lawsuit say that some non-U.S. members have begun deleting social media content or stopped expressing themselves online because they're afraid it will complicate their ability to enter the U.S. Others have decided to stop working in the country because they don't want to reveal their social media accounts. "The Registration Requirement enables the government to compile a database of millions of people's speech and associations, which it can cross-reference to glean more information about any given visa applicant," warns the suit. And "the government's indefinite retention of information collected through the Registration Requirement further exacerbates the requirement's chilling effect because it facilitates surveillance into the future."

Read more of this story at Slashdot.

Categories: Linux fréttir

China Resurrects Great Cannon For DDoS Attacks On Hong Kong Forum

Slashdot - Fri, 2019-12-06 00:10
An anonymous reader quotes a report from ZDNet: After more than two years since it's been used the last time, the Chinese government deployed an infamous DDoS tool named the "Great Cannon" to launch attacks against LIHKG, an online forum where Hong Kong residents are organizing anti-Beijing protests. [...] DDoS attacks with the Great Cannon have been rare, mainly because they tend to generate a lot of bad press for the Chinese government. But in a report published today, AT&T Cybersecurity says the tool has been deployed once again. This time, the Great Cannon's victim was LIHKG.com, an online platform where the organizers of the Hong Kong 2019 protests have been sharing information about the locations of daily demonstrations. The site is also a place where Hong Kong residents congregate to recant stories of Chinese police abuse and upload video evidence. AT&T Cybersecurity says the first Great Cannon DDoS attacks targeted LIHKG on August 31, while the last one being recorded on November 27. AT&T Cybersecurity researcher Chris Doman said the August attacks used JavaScript code that was very similar to the one spotted in the 2017 attacks on Mingjingnews.com. According to LIHKG, the site received more than 1.5 billion requests per hour during the August attack, compared to the site's previous traffic record that was only a meager 6.5 million requests per hour.

Read more of this story at Slashdot.

Categories: Linux fréttir

44 Million Microsoft Users Reused Passwords in the First Three Months of 2019

Slashdot - Thu, 2019-12-05 23:30
The Microsoft threat research team scanned all Microsoft user accounts and found that 44 million users were employing usernames and passwords that leaked online following security breaches at other online services. From a report: The scan took place between January and March 2019. Microsoft said it scanned user accounts using a database of over three billion leaked credentials, which it obtained from multiple sources, such as law enforcement and public databases. The scan effectively helped Microsoft identify users who reused the same usernames and passwords across different online accounts. The 44 million total included Microsoft Services Accounts (regular user accounts), but also Azure AD accounts.

Read more of this story at Slashdot.

Categories: Linux fréttir

VCs find exciting new way to blow $1m: Wire it directly to hackers after getting spoofed

TheRegister - Thu, 2019-12-05 23:05
Who needs an elevator pitch when you have man-in-the-middle attack?

A group of hackers used a compromised email account to steal a start-up's $1m venture capital payment.…

Categories: Linux fréttir

Advocates Call For FTC Probe of 'Kidtech'

Slashdot - Thu, 2019-12-05 22:50
A collection of 31 advocacy groups is pressing the Federal Trade Commission on Thursday to dig into how digital media companies advertise to children and collect their data. From a report: The request for the FTC to use its subpoena authority to probe so-called kidtech companies comes as the agency considers updates to how it implements a children's online privacy law. The coalition, which includes the Center for Digital Democracy and the Campaign for a Commercial-Free Childhood, argues the FTC must examine data collection and digital marketing practices before it changes how it enforces the Children's Online Privacy Protection Act. Possible targets for the FTC study include Google, Disney, Viacom, Adobe, TikTok, Twitch and AT&T's Warner Media. "As kids are spending more time than ever on digital devices, we need the full power of the law to protect them from predatory data collection -- but we can't protect children from Big Tech business models if we don't know how those models truly work," Josh Golin, executive director of the Campaign for Commercial-Free Childhood, said in a statement.

Read more of this story at Slashdot.

Categories: Linux fréttir

If there's somethin' stored in a secure enclave, who ya gonna call? Membuster!

TheRegister - Thu, 2019-12-05 22:22
Boffins ride the memory bus past Intel's SGX to your data

Computer scientists from UC Berkeley, Texas A&M, and semiconductor biz SK Hynix have found a way to defeat secure enclave protections by observing memory requests from a CPU to off-chip DRAM through the memory bus.…

Categories: Linux fréttir

The Most Copied StackOverflow Java Code Snippet Contains a Bug

Slashdot - Thu, 2019-12-05 22:11
The admission comes from the author of the snippet itself, Andreas Lundblad, a Java developer at Palantir, and one of the highest-ranked contributors to StackOverflow, a Q&A website for programming-related topics. From a report: An academic paper [PDF] published in 2018 identified a code snippet Lundblad posted on the site as the most copied Java code taken from StackOverflow and then re-used in open source projects. The code snippet was provided as an answer to a StackOverflow question posted in September 2010. The code snippet printed byte counts (123,456,789 bytes) in a human-readable format, like 123.5 MB. Academics found that this code had been copied and embedded in more than 6,000 GitHub Java projects, more than any other StackOverflow Java snippet. In a blog post published last week, Lundblad said that the code had a flaw as it incorrectly converted byte counts into human-readable formats. Lundblad said he revisited the code after learning of the academic paper and its results. He looked at the code again and published a corrected version on his blog.

Read more of this story at Slashdot.

Categories: Linux fréttir

Pages

Subscribe to netserv.is aggregator - Linux fréttir