Geek Stuff

Android app ads coming to the Google Play Store

Liliputing -

You may think of Google as a company behind a search engine, mobile operating system, web browser, and self-driving cars. But Google makes most of its money through advertising… so it’s no surprise that the company is often looking for new ways to deliver ads. This week we learned that Google may be working on […]

Android app ads coming to the Google Play Store is a post from: Liliputing

12-Billion-Solar-Mass Black Hole Discovered

Slashdot -

sciencehabit writes: A team of astronomers has discovered what is, in galactic terms, a monstrous baby: a gigantic black hole of 12 billion solar masses in a barely newborn galaxy, just 875 million years after the big bang. It's roughly 3000 times the size of our Milky Way's central black hole. To have grown to such a size in so short a time, it must have been munching matter at close to the maximum physically possible rate for most of its existence. Its large size and rate of consumption also makes it the brightest object in that distant era, and astronomers can use its bright light to study the composition of the early universe: how much of the original hydrogen and helium from the big bang had been forged into heavier elements in the furnaces of stars.

Read more of this story at Slashdot.








LG Urbane LTE luxury smartwatch makes phone calls, supports mobile payments

Liliputing -

LG is introducing a new smartwatch that can double as a phone. The LG G Watch Urbane LTE supports phone calls and text messages, works with LTE data, and supports push-to-talk for walkie-talkie style communication on supported networks. It also features an NFC chip and software that lets you use the watch for mobile payments. […]

LG Urbane LTE luxury smartwatch makes phone calls, supports mobile payments is a post from: Liliputing

Drones Cost $28,000 Per Arrest, On Average

Slashdot -

mpicpp sends this report from CNN: They are sleek, mostly silent converted weapons of war: Drones used by the Border Patrol to scan the skies in the empty deserts of the Southwest to spot illegal immigrants and then, if things work out, have agents arrest them. That's the idea, and the agents who use them say the drones give them a vantage point they never had before. Flying at 18,000 feet, the drones view the landscape below, lock onto potential suspects crossing the Arizona desert, and agents on the ground move into make the arrests. But it's outrageously expensive: $28,000 for a single arrest.

Read more of this story at Slashdot.








Intel To Rebrand Atom Chips Along Lines of Core Processors

Slashdot -

angry tapir writes Intel has announced that going forward it will use style of branding for its Atom chips that is similar to its branding for Core chips. Atom CPUs will have the X3, X5 and X7 designations, much like with the Core i3, i5 and i7 brands. An Atom X3 will deliver good performance, X5 will be better and X7 will be the best, an Intel spokeswoman said.

Read more of this story at Slashdot.








Intel NUC mini PC with Core i7 Broadwell, Iris graphics coming in Q2, 2015

Liliputing -

Intel recently revealed that its first NUC mini computer with a Core i7 processor is scheduled to launch in the second quarter of 2015. But it turns out that’s not the only thing that makes the new system special. The Intel NUC5i7RYH will also be the first member of the NUC family to feature Intel […]

Intel NUC mini PC with Core i7 Broadwell, Iris graphics coming in Q2, 2015 is a post from: Liliputing

Tangram: An Open Source Map Rendering Library

Raspberry Pi -

I have a Raspberry Pi project that I’d love to use street maps for, but it would be a daunting challenge for me to figure out how to read map data and write the code to draw the maps on screen. It’s why I was delighted to discover Tangram ES, which is a library for rendering 2D and 3D maps using OpenGL ES 2 with data from OpenStreetMap. The library works on a number of devices, including of course Raspberry Pi.

Patricio Gonzalez Vivo (from the video above) and the team at Mapzen are responsible for the open source project, which is an offshoot of their WebGL map rendering library, Tangram. While Tangram ES is still a work-in-progress, they’ve been using Raspberry Pi 2 to speed up their development of the library and they’re ready for more people to take it for a spin.

Structured a lot like a research and development lab, Mapzen is a startup founded with the idea that mapping done collaboratively, transparently, and in the open can produce more resilient software, and ultimately, better maps. Their focus is on open source tools and using open data to create the building blocks for future mapping applications, including search & geocoding, routing, and transit, in addition to the rendering work they’re doing with Tangram.

Patricio is a graphics engineer on Tangram, responsible for implementing different graphical features such as tessellation, lights, materials, environmental maps, and other CG effects. The team also includes Brett Camper, who is Mapzen’s co-founder, as well as Peter Richardson, Ivan Willing, and Karim Naaji. The ES version of Tangram was started by Matt Blair and Varun Talwar.

“Last December Karim and I thought it could be interesting to get Tangram ES running on a Raspberry Pi,” said Patricio. “At the beginning we thought it would be difficult and probably slow, but at the end we were surprised by the speed of the app and how easy the implementation was. Cross-platform C++ development is possible!”

“In a way, the Pi is an ideal test platform for developing graphics software that targets low-power systems,” said Matt. “The OpenGL ES 2 implementation on the Pi is the strictest that we’ve encountered, so it has become our gold standard for ensuring correct usage of OpenGL. The only major missing piece on the Pi was a compiler that supports C++11, which Tangram uses extensively. However since the Pi is a complete Linux distribution, installing the packages we needed with apt was a breeze.”

Don’t have to take Matt’s word for it; you can install and test drive Tangram ES on the Raspberry Pi right now:

Installing Tangram ES

Using Raspbian, here’s how to install the Tangram ES library from the command line and execute the included sample code:

sudo apt-get update
sudo apt-get install cmake g++-4.7 libcurl4-openssl-dev
cd ~
git clone https://github.com/tangrams/tangram-es.git
cd tangram-es
git submodule init && git submodule update
make rpi
cd build/rpi/bin
./tangram

Users Decry New Icon Look In Windows 10

Slashdot -

jones_supa writes A lot of people got upset about the flat looks of Modern UI presented in Windows 8. Recent builds of Windows 10 Technical Preview have now started replacing the shell icons, and to some people they are just too much to bear. Basically, Microsoft opted to change the icons in search of a fresh and modern look, but there are plenty of people out there who claim that all these new icons are actually very ugly and the company would better stick to the previous design. To find out what people think about these icons, Softpedia asked its readers to tell their opinion and the messages received in the last couple of days pretty much speak for themselves. There are only few testers who think that these icons look good, but the majority wants Microsoft to change them before the final version of the operating system comes out.

Read more of this story at Slashdot.








The Believers: Behind the Rise of Neural Nets

Slashdot -

An anonymous reader writes Deep learning is dominating the news these days, but it's quite possible the field could have died if not for a mysterious call that Geoff Hinton, now at Google, got one night in the 1980s: "You don't know me, but I know you," the mystery man said. "I work for the System Development Corporation. We want to fund long-range speculative research. We're particularly interested in research that either won't work or, if it does work, won't work for a long time. And I've been reading some of your papers." The Chronicle of Higher Ed has a readable profile of the minds behind neural nets, from Rosenblatt to Hassabis, told primarily through Hinton's career.

Read more of this story at Slashdot.








Uber Offers Free Rides To Koreans, Hopes They Won't Report Illegal Drivers

Slashdot -

itwbennett writes Uber Technologies is offering free rides on its uberX ride-sharing service in the South Korean capital of Seoul, after city authorities intensified their crackdown on illegal drivers by offering a reward to residents who report Uber drivers to police. South Korean law prohibits unregistered drivers from soliciting passengers using private or rented vehicles and carries a penalty of up to two years in prison or fines of up to 20 million won.

Read more of this story at Slashdot.








5 White Collar Jobs Robots Already Have Taken

Slashdot -

bizwriter writes University of Oxford researchers Carl Benedikt Frey and Michael Osborne estimated in 2013 that 47 percent of total U.S. jobs could be automated and taken over by computers by 2033. That now includes occupations once thought safe from automation, AI, and robotics. Such positions as journalists, lawyers, doctors, marketers, and financial analysts are already being invaded by our robot overlords. From the article: "Some experts say not to worry because technology has always created new jobs while eliminating old ones ones, displacing but not replacing workers. But lately, as technology has become more sophisticated, the drumbeat of worry has intensified. 'What’s different now?' asked Leigh Watson Healy, chief analyst at market research firm Outsell. 'The pace of technology advancements plus the big data phenomenon lead to a whole new level of machines to perform higher level cognitive tasks.' Translated: the old formula of creating more demanding jobs that need advanced training may no longer hold true. The number of people needed to oversee the machines, and to create them, is limited. Where do the many whose occupations have become obsolete go?"

Read more of this story at Slashdot.








Reddit Imposes Ban On Sexual Content Posted Without Permission

Slashdot -

Mark Wilson writes If you want to post naked pictures or videos of people on Reddit without their consent, you only have a couple of weeks to do so. As of March, the site is imposing a ban on content of an explicit nature that the subject has not given permission to be posted. The cleanup of the site comes hot on the heels of news from Google that explicit content will be banned from Blogger. It also comes in the wake of last year's Fappening which saw a glut of naked celebrity photos leaked online.

Read more of this story at Slashdot.








Marco Civil Da Internet: The Devil in the Detail

EFF's Deeplinks -

On April 24, 2014, Brazil’s President, Dilma Rousseff, signed Marco Civil Da Internet, a civil-rights based framework for the Internet which Brazilian activists have long fought. Dubbed the “Internet Constitution,” the law seeks to reinforce the protection of fundamental freedoms in the digital age. The law was developed through a participatory process, but not without getting caught in the traditional horse-trading of the legislative process, which resulted in several concessions. One of the most damaging concessions, fiercely opposed by digital rights activists, was a data retention mandate that compels the collection and storage of connections logs of any innocent individual.

Brazil is now in the midst of rolling out the Marco Civil’s secondary legislation, together with a comprehensive data protection law that will heavily influence how online companies and governments can treat personal data in the country. The Ministry of Justice has announced a public online consultation over these two pieces of legislation in the style of the Marco Civil’s process, where all the stakeholders can contribute to the development of the bills. These results of these consultations will determine how Marco Civil is enforced in practice, as Dennys Antonialli, executive director of InternetLab, an independent research center working in the fields of law and technology in Sao Paulo, explains:

"Both consultations intend to gather inputs about the way these laws should be shaped. Although Marco Civil establishes a number of rights for internet users in Brazil, many of its provisions still depend on further regulation, such as zero rating plans and limits for data retention. This is the time to voice concerns to policymakers and make sure they will be addressed properly. The same goes for the draft of the Data Protection Bill, which will serve as a baseline privacy legislation in the country and complement Marco Civil in various ways.”

(InternetLab’s weekly newsletters on the Brazilian consultation are a great resource for anyone attempting to keep up with the process, incidentally.)

If the data protection law passes Congress, Brazil will join more than 100 countries with privacy laws that restrict the collection, use, and disclosure of personal data. As of now, as with the United States, Brazil has limited sectoral laws in some areas.  More general data protection principles can be effective in protecting personal data, but successfully enforcing those principles, while reconciling them with other rights, including free expression, requires careful drafting, especially in a fast-moving digital environment.

Marco Civil in Practice: Net Neutrality

Another report issued by ARTICLE 19 Brazil analyzes how effective Marco Civil has been during its first six months of implementation. In its report, ARTICLE 19 draws attention to the "Whatsapp and TIM" network neutrality case. In 2014, the telecom company TIM (the Brazilian subsidiary of Telecom Italia Mobile), in partnership with Whatsapp, released a zero rating plan that allowed subscribers to use the app for "free,” meaning it would not drain subscribers’ data allowances. The zero rating proposal generated discussions about a possible violation of the net neutrality provision of Marco Civil. Marcelo Bechara, the counselor of the National Telecommunications Agency (ANATEL), believes the proposal is a matter of the free market, while others argue that the gratuity of the app generates an asymmetry in traffic (since many users will choose to use this particular app) thus limiting and inhibiting the emergence of new applications and innovations.

According to the InternetLab, the most discussed topic in the Marco Civil’s consultation is "Net neutrality". The main discussion involves "zero rating" plans and the following question: "Can the mobile operators perform this type of discrimination in favor of one application in spite of its competitors?” Join the discussion here.

Marco Civil in Practice: Anonymity

In Brazil, the Constitution prohibits anonymous speech. The intention behind the prohibition is to keep the possibility of identifying anyone who expresses any opinions, beliefs or comments, both in the online or in the offline world. Anonymity is a crucial for the exercise of our fundamental freedoms, which makes it possible for individuals to express themselves freely and without fear of retaliation. By not allowing Brazilian citizens to engage in anonymous speech, the Constitution imposes significant obstacles to their ability to report abuses of power or express unpopular opinions. Nevertheless, that prohibition does not extend to the protection of privacy.

Limited by these significant Constitutional obstacles, the Marco Civil reinforces that freedom of speech is a foundational principle for Internet users in Brazil. However, this provision has to be construed under limitations imposed by the Brazilian Constitution, leaving very little room for interpretations that could allow anonymity for free expression purposes. Marco Civil also establishes that Brazilian law should be applicable to any products or services used by individuals located in Brazil. This provision has empowered public prosecutors and law enforcement officials to claim that the constitutional ban on anonymous speech should also prevent the use of Internet applications that allow anonymous expression.

A recent example of this restriction is the ban imposed to “Secret,” an Internet application that markets itself as a “safe place to say what’s on your mind anonymously.” Invoking the Brazilian constitution’s prohibition, the public prosecutor’s office brought a lawsuit against the service, which had quickly become extremely popular in Brazil. Although later overturned, an injunction was granted to ban “Secret” from online application stores (Google and Apple) in Brazil and to have it remotely removed from devices where it had already been installed

This high-profile case points to a potential danger of broadening the scope of the constitution’s prohibition and applying it to prevent the use of privacy enhancing technologies, which would also bring undesirable repercussions to the rights of reading and browsing anonymously. (Check EFF’s policy paper on Anonymity and Encryption).

The Marco Civil remains one of the best-crafted and democratically debated expressions of rights online to acquire the force of law in the world. But it’s not the end of the story. Like every foundational document, from the any Constitution to the Universal Declaration of Human Rights, the real challenges come in interpretation and enforcement. It’s up to Brazil’s engaged citizens to make sure that the law and upcoming legislation upholds the high standard its creators set.

Related Issues: Free SpeechInternational Privacy StandardsMandatory Data RetentionSurveillance and Human Rights
Share this:   ||  Join EFF

Samsung introduces faster storage for smartphones (like the Samsung Galaxy S6)

Liliputing -

Most current smartphones use a type of flash storage called eMMC. But Samsung has started mass producing a new embedded memory solution which the company says offers faster speeds without consuming any more power. Samsung says phones with its new UFS 2.0 memory will offer quicker boot times, faster file copying, and improved multitasking, among […]

Samsung introduces faster storage for smartphones (like the Samsung Galaxy S6) is a post from: Liliputing

Argonne National Laboratory Shuts Down Online Ask a Scientist Program

Slashdot -

itamblyn writes In a surprising decision, Argonne National Laboratory has decided to pull the plug on its long-standing NEWTON Ask A Scientist Program. NEWTON is (soon to be was) an on online repository of science questions submitted by school children from around the world. A volunteer group of scientists contributed grade-level appropriate answers to these questions. For the past 25 years, a wide range of topics ranging have been covered, including the classic "why is the sky blue" to "is there way to break down the components of plastics completely into their original form". Over the years, over 20,000 questions have been answered. According to ANL, the website will be shut down permanently on 1 March. There is no plan to make the content available in an alternate form or to hand over stewardship to another organization. When contacted about transferring the repository to another institution or moving to a donation model, the response from ANL was simply: "Thank you again for all your support for Newton. Unfortunately, moving Newton to another organization is not a possibility at this time. Thank you again for your energy and support."

Read more of this story at Slashdot.








Dear Software Vendors: Please Stop Trying to Intercept Your Customers’ Encrypted Traffic

EFF's Deeplinks -

Over the past week many more details have emerged about the HTTPS-breaking Superfish software that Lenovo pre-installed on its laptops for several months. As is often the case with breaking security incidents, most of what we know has come from security engineers volunteering their time to study the problem and sharing their findings via blogs and social media.

Unfortunately, the security implications have gone from bad to worse the more we’ve learned. For instance, researchers have determined that the software library Superfish uses to intercept traffic—developed by a company known as Komodia—is present in more than a dozen other software products, including parental control software and (supposed) privacy-enhancing/ad-blocking software. All of these products have the same vulnerability that Superfish does: anyone with a little technical know-how could intercept and modify your otherwise secure HTTPS traffic.

What’s worse is that these attacks are even easier than researchers originally thought, because of the way Komodia’s software handles invalid certificates: it alters the part of the certificate which specifies what website the certificate is for—for example changing www.eff.org to verify_fail.www.eff.org—and then signs the certificate and sends it on to your browser. Since the website listed on the certificate (verify_fail.www.eff.org) doesn’t match the website the user is actually visiting (www.eff.org), the browser shows a warning to the user.

But certificates have another field, called the Subject Alternative Name, which is used to list alternative domain names for which the certificate can be used (so that website operators can re-use the same certificate across all of their domain names). EFF, for example, uses the same certificate for eff.org, www.eff.org, and *.eff.org. Even if the “main” domain name listed in the certificate doesn’t match the domain name of the website the user is browsing, the certificate will still be accepted as long as one of the alternative names match. And because Komodia’s software signs the certificate (and tells your browser that it should trust certificates it signs if they’re otherwise valid), the certificate will pass all the browser’s checks, and come up smelling like roses.

This means that an attacker doesn’t even need to know which Komodia-based product a user has (and thus which Komodia private key to use to sign their evil certificate)—they just have to create an invalid certificate with the target domain as one of the alternative names, and every Komodia-based product will cause it to be accepted.

Evidence of Man-in-the-Middle Attacks in the Decentralized SSL Observatory

We searched the Decentralized SSL Observatory for examples of certificates that Komodia should have rejected, but which it ended up causing browsers to accept, and found over 1600 entries. Affected domains included sensitive websites like Google (including mail.google.com, accounts.google.com, and checkout.google.com), Yahoo (including login.yahoo.com), Bing, Windows Live Mail, Amazon, eBay (including checkout.payments.ebay.com), Twitter, Netflix, Mozilla’s Add-Ons website, www.gpg4win.org, several banking websites (including mint.com and domains from HSBC and Wells Fargo), several insurance websites, the Decentralized SSL Observatory itself, and even superfish.com.1

While it’s likely that some of these domains had legitimately invalid certificates (due to configuration errors or other routine issues), it seems unlikely that all of them did. Thus it’s possible that Komodia’s software enabled real MitM attacks which gave attackers access to people’s email, search histories, social media accounts, e-commerce accounts, bank accounts, and even the ability to install malicious software that could permanently compromise a user’s browser or read their encryption keys.

To make matters worse, Komodia isn’t the only software vendor that’s been tripped up by this sort of problem. Another piece of software known as PrivDog is also vulnerable. Ostensibly, PrivDog is supposed to protect your privacy by intercepting your traffic and substituting ads from “untrusted sources” with ads from a “trusted” source, namely AdTrustMedia. Like Komodia’s software, PrivDog installs a root certificate when it’s installed, which it then uses to sign the certificates it intercepts. However, a bug in certain versions of PrivDog cause it to sign all certificates, whether they’re valid or not. Simply put, this means that any certificate your browser sees while PrivDog is installed could be the result of a man-in-the-middle attack, and you’d have no way of knowing. The Decentralized SSL Observatory has collected over 17,000 different certificates from PrivDog users, any one of which could be from an attack. Unfortunately, there’s no way to know for sure.

So what can we learn from this Lenovo/Superfish/Komodia/PrivDog debacle? For users, we’ve learned that you can’t trust the software that comes preinstalled on your computers—which means reinstalling a fresh OS will now have to be standard operating procedure whenever someone buys a new computer.

But the most important lesson is for software vendors, who should learn that attempting to intercept their customers’ encrypted HTTPS traffic will only put their customers’ security at risk. Certificate validation is a very complicated and tricky process which has taken decades of careful engineering work by browser developers.2 Taking certificate validation outside of the browser and attempting to design any piece of cryptographic software from scratch without painstaking security audits is a recipe for disaster.

Let the events of the last week serve as a warning: attempting to insert backdoors into encryption as Komodia attempted to do (and as others have called for in other contexts) will inevitably put users’ privacy and security at risk.

  • 1. Based on the “verify_fail” pattern, we also found certificates that purport to be from five pieces of software which, to our knowledge, haven’t yet been identified as using Komodia’s proxy software. The issuer fields for these certificates were: "O=Sweesh LTD, L=Tel Aviv, ST=Tel Aviv, C=IL, CN=Sweesh LT", "O=Kinner lake Gibraltar, L=My Town, ST=State or Providence, C=GI, CN=Kinner lake Gibraltar", "C=US, ST=California, L=SanDiego, O=EdgeWave.com, OU=Security, CN=EdgeWave.com/emailAddress=support@edgewave.com", "O=NordNet/emailAddress=cert-ssl@nordnet.net, L=HEM, ST=HEM, C=FR, CN=Nordnet.fr", and "O=PSafe Tecnologia S.A./emailAddress=psafe@psafe.com, L=Rio de janeiro, ST=Rio de janeiro, C=BR, CN=PSafe Tecnologia S.A.". While we were unable to identify any organizations associated with the first two certificates, EdgeWave, NordNet, and PSafe appear to sell antivirus or web filtering products.
  • 2. Just last year, for example, researchers found a number of bugs in certificate validation libraries [PDF] through fuzz testing.
Related Issues: PrivacyEncrypting the WebSecurity
Share this:   ||  Join EFF

Ceres' Mystery Bright Dots May Have Volcanic Origin

Slashdot -

astroengine writes As NASA's Dawn mission slowly spirals in on its dwarf planet target, Ceres' alien landscape is becoming sharper by the day. And, at a distance of only 29,000 miles (46,000 kilometers), the robotic spacecraft has revealed multiple bright patches on the surface, but one of the brightest spots has revealed a dimmer bright patch right next door. "Ceres' bright spot can now be seen to have a companion of lesser brightness, but apparently in the same basin," said Chris Russell, of the University of California, Los Angeles (UCLA) and principal investigator for the Dawn mission. "This may be pointing to a volcano-like origin of the spots, but we will have to wait for better resolution before we can make such geologic interpretations."

Read more of this story at Slashdot.








Developers Disclose Schematics For 50-1000 MHz Software-Defined Transceiver

Slashdot -

Bruce Perens writes Chris Testa KD2BMH and I have been working for years on a software-defined transceiver that would be FCC-legal and could communicate using essentially any mode and protocol up to 1 MHz wide on frequencies between 50 and 1000 MHz. It's been discussed here before, most recently when Chris taught gate-array programming in Python. We are about to submit the third generation of the design for PCB fabrication, and hope that this version will be salable as a "developer board" and later as a packaged walkie-talkie, mobile, and base station. This radio is unique in that it uses your smartphone for the GUI, uses apps to provide communication modes, contains an on-board FLASH-based gate-array and a ucLinux system. We intend to go for FSF "Respects Your Freedom" certification for the device. My slide show contains 20 pages of schematics and is full of ham jargon ("HT" means "handi-talkie", an old Motorola product name and the hams word for "walkie talkie") but many non-hams should be able to parse it with some help from search engines. Bruce Perens K6BP

Read more of this story at Slashdot.








3 Million Strong RAMNIT Botnet Taken Down

Slashdot -

An anonymous reader writes The National Crime Agency's National Cyber Crime Unit worked with law enforcement colleagues in the Netherlands, Italy and Germany, co-ordinated through Europol's European Cybercrime Centre, to shut down command and control servers used by the RAMNIT botnet. Investigators believe that RAMNIT may have infected over three million computers worldwide, with around 33,000 of those being in the UK. It has so far largely been used to attempt to take money from bank accounts.

Read more of this story at Slashdot.








Pages

Subscribe to debianHELP aggregator - Geek Stuff