By EditorDavid from Slashdot's lost-in-space department
Long-time Slashdot reader RockDoctor writes: A paper published on Arxiv last week reports on a project to redetermine the "orbits of long period comets... We recently attempted to check, whether the assumption of a parabolic orbit for hundreds of comets discovered after 1950 is fully justified in all cases." The full work by Królikowska & Dybczynski remains in preparation (which is perfectly normal), but this intriguing result deserved early attention. During this research we found an interesting case of the comet C/2014 W10 PANSTARRS. (that's the 10th reported comet in fortnight W of year 2014, source : the PANSTARRS team)
After discovery on 2014-11-25, fourteen observations were made over three days, giving a first-estimate orbit with an eccentricity of 0.6039453. So far, so boring — as the temporary designation suggests, these get found on most days. But that orbit is subject to uncertainty so some more measurements were made on 2014-12-22 from a different observatory. When all of the data is considered, it becomes impossible to clearly assign an orbit to this object (this is possible if, for example, there is a fragmentation of the object between observations), but many of the solutions which can be obtained have a hyperbolic orbit — that is, the object is extra-solar.
If correct, this "post-covery" would double the size of the catalogue of interstellar objects known.
Unfortunately, the quality of the original data remains poor — estimates of the orbital eccentricity vary between 1.22 and 1.65 — which is in contrast to the prompt recognition and intense observation campaign for 'Oumuamua. The report's main conclusion is that Our main purpose is to show that similar cases should be treated in future with greater care by more reliable preliminary orbit determination and alerting observers about the importance of the object to initiate more follow-up observations. Which is exactly what happened with 'Oumuamua.Read Replies (0)
By EditorDavid from Slashdot's bug-bounty-declined department
"A Russian security researcher has published details about a zero-day vulnerability affecting VirtualBox, an Oracle software application for running virtual machines," reports ZDNet.
According to a text file uploaded on GitHub, Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs that can allow malicious code to escape the VirtualBox virtual machine (the guest OS) and execute on the underlying (host) operating system. Once out of the VirtualBox VM, the malicious code runs in the OS' limited userspace (kernel ring 3), but Zelenyuk said that attackers can use many of the already known privilege escalation bugs to gain kernel-level access (ring 0). "The exploit is 100% reliable," Zelenyuk said. "It means it either works always or never because of mismatched binaries or other, more subtle reasons I didn't account."
The Russian researcher says the zero-day affects all current VirtualBox releases, works regardless of the host or guest operating system the user is running, and is reliable against the default configuration of newly created VMs. Besides a detailed write-up of the entire exploit chain, Zelenyuk has also published video proof, showing the zero-day in action against an Ubuntu VM running inside VirtualBox on an Ubuntu host OS.
Long-time Slashdot reader Artem Tashkinov warns that the exploit utilizes "bugs in the data link layer of the default E1000 network interface adapter which makes this vulnerability critical for everyone who uses virtualization to run untrusted code." According to ZDNet, the same security researcher "found and reported a similar issue in mid-2017, which Oracle took over 15 months to fix."
"This lengthy and drawn-out patching process appears to have angered Zelenyuk, who instead of reporting this bug to Oracle, has decided to publish details online without notifying the vendor."Read Replies (0)
By EditorDavid from Slashdot's aging-vs-artificial-brains department
Slashdot reader pgmrdlm quotes Science Daily: Timely diagnosis of Alzheimer's disease is extremely important, as treatments and interventions are more effective early in the course of the disease. However, early diagnosis has proven to be challenging. Research has linked the disease process to changes in metabolism, as shown by glucose uptake in certain regions of the brain, but these changes can be difficult to recognize... Researchers trained [a] deep learning algorithm on a special imaging technology known as 18-F-fluorodeoxyglucose positron emission tomography (FDG-PET). In an FDG-PET scan, FDG, a radioactive glucose compound, is injected into the blood. PET scans can then measure the uptake of FDG in brain cells, an indicator of metabolic activity. The researchers had access to data from the Alzheimer's Disease Neuroimaging Initiative (ADNI), a major multi-site study focused on clinical trials to improve prevention and treatment of this disease. The ADNI dataset included more than 2,100 FDG-PET brain images from 1,002 patients. Researchers trained the deep learning algorithm on 90 percent of the dataset and then tested it on the remaining 10 percent of the dataset. Through deep learning, the algorithm was able to teach itself metabolic patterns that corresponded to Alzheimer's disease. Finally, the researchers tested the algorithm on an independent set of 40 imaging exams from 40 patients that it had never studied. The algorithm achieved 100 percent sensitivity at detecting the disease an average of more than six years prior to the final diagnosis. "We were very pleased with the algorithm's performance," Dr. Sohn said. "It was able to predict every single case that advanced to Alzheimer's diseaseRead Replies (0)
By EditorDavid from Slashdot's punchcard-interfaces department
"Think your vintage computer hardware is old?" writes long-time Slashdot reader corrosive_nf. "Ken Shirriff, Robert Garne, and their associates probably have you beat.
"The IBM 1401 was introduced in 1959, and these guys are keeping one alive in a computer museum... [T]he volunteers have to go digging through historical archives and do some detective work to figure out solutions to pretty much anything!"
Many things that we take for granted are done very differently in old computers. For instance, the IBM 1401 uses 6-bit characters, not bytes. It used decimal memory addressing, not binary. It's also interesting how much people could accomplish with limited resources, running a Fortran compiler on the 1401 with just 8K of memory. Finally, working on the 1401 has given them a deeper understanding of how computers really work. It's not a black box; you can see the individual transistors that are performing operations and each ferrite core that stores a bit.
"It's a way of keeping history alive," says one of the volunteers at Silicon Valley's Computer History museum. "For museum visitors, seeing the IBM 1401 in operation gives them a feeling for what computers were like in the 1960s, the full experience of punching data onto cards and then seeing and hearing the system processing cards....
"So far, things are breaking slowly enough that we can keep up, so it's more of a challenge than an annoyance."Read Replies (0)
By EditorDavid from Slashdot's free-as-in-freedom department
"We recently published a number of updates to our licensing materials," the Free Software Foundation announced Thursday, adding that "While we generally post individual announcements for these types of important changes, there were so many in such a short span that we needed to combine them all in one place."
We added the Commons Clause to our list of nonfree licenses. Not a stand-alone license in and of itself, it is meant to be added to an existing free license to prevent using the work commercially, rendering the work nonfree. It's particularly nasty given that the name, and the fact that it is attached to pre-existing free licenses, may make it seem as if the work is still free software.
If a previously existing project that was under a free license adds the Commons Clause, users should work to fork that program and continue using it under the free license. If it isn't worth forking, users should simply avoid the package. We are glad to see that in the case of Redis modules using the Commons Clause, people are stepping up to maintain free versions.
There's also a new addition to their GNU Licenses FAQ which explains what the GNU GPL says about translating code into another programming language. ("If the original program carries a free license, that license gives permission to translate it. How you can use and license the translated program is determined by that license. If the original program is licensed under certain versions of the GNU GPL, the translated program must be covered by the same versions of the GNU GPL...") And they've also clarified how to handle projects that combine code under multiple compatible licenses.
The FSF has also updated a document commenting on various licenses, clarifying that the Fraunhofer FDK AAC free software license "is incompatible with any version of the GNU GPL. It has a special danger in the form of a term expressly stating it does not grant you any patent licenses, with an enticement to buy some.
< article continued at Slashdot's free-as-in-freedom department
>Read Replies (0)
By EditorDavid from Slashdot's check-mates department
"It's the biggest chess event of the year as World Champion Magnus Carlsen will try to defend his title against the American challenger Fabiano Caruana," reports Chess.com -- which is webcasting game two right now (7 a.m. PST, 3 p.m. London/GMT).
After seven grueling hours and 115 moves on Friday, the first game of their 12-game competition ended in a draw -- though challenger Caruana acknowledged that "I was quite fortunate to end up with a draw... I was outplayed after the opening... I think I was clearly losing, for a long time I was losing."
This was not the most pleasant experience to defend this extremely long game with white. I think I was quite fortunate to end up with a draw... There was definitely a lot of nerves. It is a very different feeling playing the first game of a world championship match.... Normally with white you shouldn't be too happy with a draw, but considering my position I am very happy. I am relieved to have escaped."
Slate reports Caruana has spent $50,000 on chess coaching just in 2018 in hopes of claiming the 1 million euro prize. Ironically, the match's "ceremonial starter", actor Woody Harrelson, bungled Caruana's first move by knocking over his king -- and then by moving the wrong pawn. "Caruana was ready to accept the mistake and continue with the match before officials gave Harrelson a third chance and he finally moved the correct piece."
Defending champion Magnus Carlsen later admitted that "I couldn't quite find the knockout before the time trouble.... I tried to find a way to exchange in order to play for a win, but I couldn't find it. Then I just moved around hoping to force a blunder, but I didn't succeed."Read Replies (0)
By BeauHD from Slashdot's sharing-is-caring department
An anonymous reader quotes a report from Motherboard: This week, U.S. Cyber Command (CYBERCOM), a part of the military tasked with hacking and cybersecurity focused missions, started publicly releasing unclassified samples of adversaries' malware it has discovered. CYBERCOM says the move is to improve information sharing among the cybersecurity community, but in some ways it could be seen as a signal to those who hack U.S. systems: we may release your tools to the wider world. On Friday, CYBERCOM uploaded multiple files to VirusTotal, a Google-owned search engine and repository for malware. Once uploaded, VirusTotal users can download the malware, see which anti-virus or cybersecurity products likely detect it, and see links to other pieces of malicious code.
One of the two samples CYBERCOM distributed on Friday is marked as coming from APT28, a Russian government-linked hacking group, by several different cybersecurity firms, according to VirusTotal. Those include Kaspersky Lab, Symantec, and Crowdstrike, among others. APT28 is also known as Sofacy and Fancy Bear. The malware itself does not appear to still be active.Read Replies (0)
By BeauHD from Slashdot's what's-inside department
iFixit has released their teardown of the new Mac mini, providing a look inside the portable desktop computer. Some of the notable findings include user-upgradable RAM and soldered CPU and SSD. Mac Rumors reports: While the RAM in the previous-gen Mac mini from 2014 was soldered to the logic board, the new Mac mini has user-upgradeable RAM, as discovered earlier this week. As seen in older iMacs, the RAM is protected by a perforated shield that allows the memory modules to operate at a high frequency of 2666 MHz without interfering with other device functions, according to iFixit. To upgrade the RAM, the shield can be removed by unfastening four Torx screws.
Other silicon on the logic board of this particular Mac mini includes the Apple T2 security chip, a 3.6GHz quad-core Intel Core i3 processor, Intel UHD Graphics 630, 128GB of flash storage from Toshiba, an Intel JHL7540 Thunderbolt 3 controller, and a Gigabit Ethernet controller from Broadcom. Despite the good news about the RAM, the CPU and SSD are soldered to the logic board, as are many ports, so this isn't a truly modular Mac mini. iFixit awarded the new Mac mini a repairability score of 6/10, with 10 being the easiest to repair, topping the latest MacBook Air, MacBook, MacBook Pro, iMac, and iMac Pro, and trailing only the 2013 Mac Pro.Read Replies (0)
By BeauHD from Slashdot's family-feud department
An anonymous reader quotes a report from Bloomberg: Amazon.com Inc. has taken another step toward eliminating software from Oracle Corp. that has long helped the e-commerce giant run its retail business. An executive with Amazon's cloud-computing unit hit back at Oracle Executive Chairman Larry Ellison, who ridiculed the internet giant as recently as last month for relying on Oracle databases to track transactions and store information, even though Amazon sells competing software, including Redshift, Aurora and DynamoDB. Amazon's effort to end its use of Oracle's products has made new progress, Andy Jassy, the chief executive officer of Amazon Web Services, tweeted Friday. "In latest episode of 'uh huh, keep talkin' Larry,' Amazon's Consumer business turned off its Oracle data warehouse Nov. 1 and moved to Redshift," Jassy wrote. By the end of 2018, Amazon will stop using 88 percent of its Oracle databases, including 97 percent of its mission-critical databases, he added.Read Replies (0)
By BeauHD from Slashdot's hide-and-seek department
According to federal contracting documents, the U.S. Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) have hidden an undisclosed number of covert surveillance cameras inside streetlights around the country. Quartz reports: According to government procurement data, the DEA has paid a Houston, Texas company called Cowboy Streetlight Concealments LLC roughly $22,000 since June 2018 for "video recording and reproducing equipment." ICE paid out about $28,000 to Cowboy Streetlight Concealments over the same period of time. It's unclear where the DEA and ICE streetlight cameras have been installed, or where the next deployments will take place. ICE offices in Dallas, Houston, and San Antonio have provided funding for recent acquisitions from Cowboy Streetlight Concealments; the DEA's most recent purchases were funded by the agency's Office of Investigative Technology, which is located in Lorton, Virginia. "We do streetlight concealments and camera enclosures," Christie Crawford, who owns Cowboy Streetlight Concealments with her husband, told Quartz. "Basically, there's businesses out there that will build concealments for the government and that's what we do. They specify what's best for them, and we make it. And that's about all I can probably say."Read Replies (0)
By BeauHD from Slashdot's winners-and-losers department
dmoberhaus writes: Perceptual ad blockers were supposed to be the "superweapon" that put an end to the arms race between advertisers and users. According to new research, however, perceptual ad blockers will come out on the losing side in the war against internet advertisers and expose users to a host of new attack vectors in the process. Researchers at Stanford tricked six different visual classifiers used in perceptual ad blockers with adversarial ads designed to trick the ad blockers by making nearly imperceptible changes to the ads. "The researchers tried several different adversarial attacks on the perceptual ad blockers' visual classifiers," Motherboard reports. "One attack, for example, slightly altered the AdChoices logo that is commonly used to disclose advertisements to fool the perceptual ad blocker. In another attack, the researchers demonstrated how website publishers could overlay a transparent mask over a website that would allow ads to evade perceptual ad blockers."
"The aim of our work is not to downplay the merits of ad-blocking, nor discredit the perceptual ad blocking philosophy, which is sound when instantiated with a robust visual ad detector," the researchers concluded. "Rather, our overarching goal is to highlight and raise awareness on the vulnerabilities that arise in building ad blockers with current computer vision systems."Read Replies (0)
By BeauHD from Slashdot's what's-yours-is-mine department
Late last month, HealthCare.gov suffered a data breach exposing 75,000 customers. Details were sparse at the time of the breach, but have now learned that hackers obtained "inappropriate access" to a number of broker and agent accounts, which "engaged in excessive searching" of the government's healthcare marketplace systems. TechCrunch reports: [The Centers for Medicare and Medicaid Services (CMS)] didn't say how the attackers gained access to the accounts, but said it shut off the affected accounts "immediately." In a letter sent to affected customers this week (and buried on the Healthcare.gov website), CMS disclosed that sensitive personal data -- including partial Social Security numbers, immigration status and some tax information -- may have been taken. According to the letter, the data included name, date of birth, address, sex, and the last four digits of the Social Security number (SSN), if SSN was provided on the application. Other information could include expected income, tax filing status, family relationships, whether the applicant is a citizen or an immigrant, immigration document types and numbers, employer name, pregnancy status, health insurance status, and more. The government did say that no bank account information was stolen.Read Replies (0)
By BeauHD from Slashdot's never-a-contest department
An anonymous reader quotes a report from Recode: To dozens of cities across the United States, Amazon's widely publicized search for a "second headquarters" looked like thousands of new jobs, up for grabs. To Pivot co-host Scott Galloway, it now looks like a "ruse." "I lease office space all the time for my businesses and I always tell my real estate agent, 'We can lease any office in the world as long as I can walk there from where I live,'" Galloway said on the latest episode. "Amazon is now talking about having three headquarters, Seattle, Crystal City and Long Island City. The Bezos's also own three homes, and the average distance from those three homes to a headquarters is 6.4 miles.
"This was never a contest," he added. "It was a con meant to induce ridiculous terms that they then took to the cites all along that they knew they were going to be in." In other words: By soliciting bids from lots of place where it was never going to move, Galloway alleges, Amazon was probably able to get more tax breaks from the pre-determined "winners." "I would bet, Kara, that when they pick two cities and they went to 2 and 3, they didn't say, 'Well, only half our headquarters is going there, so we're going to let you cut the tax subsidies and incentives in half,'" he explained. "This just has ill will written all over it, and I think people started to figure out what was going on ... It's the Olympics on steroids. A lot of high fives and ribbon cutting, and then 10 years later, we realize it was a bad idea."Read Replies (0)