By BeauHD from Slashdot's hit-and-run department
A critical remote code execution vulnerability has been spotted in the LIVE555 media streaming library used by popular media players such as VLC and MPlayer. "Maintained by the company Live Networks, the library works with RTP / RTCP, RTSP or SIP protocols, with the ability to process video and audio formats such as MPEG, H.265, H.264, H.263 +, VP8, DV, JPEG, MPEG, AAC, AMR, AC-3, and Vorbis," reports Hackread. From the report: These findings (CVE-2018-4013) have left millions of users of media players vulnerable to cyber attacks, according to Lilith Wyatt, a researcher at the Cisco Talos Intelligence Group. In this case, the flaw lies in the HTTP packet parsing functionality, which analyzes HTTP headers for RTSP tunneling over HTTP, explains. An update has already been issued to address the vulnerability. Therefore, if you are using any of the vulnerable media players make sure they are updated to the latest version.Read Replies (0)
By BeauHD from Slashdot's prepare-yourself department
The TSA has released its roadmap to use biometrics technology in the coming years. The Verge reports: Customs and Border Protection has been using facial recognition to screen non-U.S. residents on international flights since 2015, a project that was expedited by the Trump administration. Last year, the U.S. government laid out its plans to start expanding the screening tools to U.S. citizens, which would require them to undergo facial scans when they leave the country through a system called the Biometric Pathway. Today's news lays out how the TSA will adopt the same technology, partnering with CBP on biometrics for international travelers, expanding security operations to TSA Precheck members, and eventually, using facial recognition to verify domestic travelers.
TSA says that by moving toward facial recognition technology in a time where travel volume is rising, it's hoping to reduce the need for physical documents like passports and paper tickets. Currently, TSA manually compares the passengers in front of them to their ID photos, but it believes an automated process that can match facial images to photos from passports and visa applications will be more accurate and efficient.Read Replies (0)
By BeauHD from Slashdot's time-to-get-moving department
An anonymous reader quotes a report from CNN: We've all heard exercise helps you live longer. But a new study [published in the journal JAMA Network Open] goes one step further, finding that a sedentary lifestyle is worse for your health than smoking, diabetes and heart disease. Researchers retrospectively studied 122,007 patients who underwent exercise treadmill testing at Cleveland Clinic between January 1, 1991 and December 31, 2014 to measure all-cause mortality relating to the benefits of exercise and fitness. Those with the lowest exercise rate accounted for 12% of the participants. Dr. Wael Jaber, a cardiologist at the Cleveland Clinic and senior author of the study, said the other big revelation from the research is that fitness leads to longer life, with no limit to the benefit of aerobic exercise. Researchers have always been concerned that "ultra" exercisers might be at a higher risk of death, but the study found that not to be the case. "There is no level of exercise or fitness that exposes you to risk," he said. "We can see from the study that the ultra-fit still have lower mortality."Read Replies (0)
By BeauHD from Slashdot's eye-tracking department
An experimental new Android app developed by a team at Cornell University is designed to determine a person's alertness by examining their eyes. The app, called AlertnessScanner, utilizes a smartphone's front-facing camera to gauge the size of users' pupils. "When we're in an alert state, our sympathetic nervous system causes our pupils to dilate so that we can take in information more easily," reports New Atlas. "On the other hand, when we're tired, our parasympathetic nervous system causes our pupils to contract." From the report: In an initial study, test subjects were prompted to use the app to manually take photos of their pupils, once every three hours. Additionally, six times a day they completed a five-minute phone-based Psychomotor Vigilance Test (PVT), which is an established method of gauging reaction time. When the results of the two alertness-testing methods were compared, they were found to be very similar. That said, it was determined that most people wouldn't like having to make a point of using the app so many times every day. Additionally, in order to properly image the test subjects' pupils, the infrared filters of the phones' cameras had to be removed. The researchers managed to address these problems by changing it so that the app automatically takes a one-second-long burst of 30 pupil photos whenever users unlock their phones; and using a larger 13-megapixel front-facing camera.Read Replies (0)
By BeauHD from Slashdot's performance-improvements department
Microsoft is including Google's mitigation for the Spectre Variant 2 speculative execution side-channel attack in the next release of Windows 10, currently codenamed 19H1. ZDNet reports: Google developed a software-based mitigation for Spectre Variant 2 called Retpoline that constrains speculative execution behavior sufficiently to mitigate an attack. Google's testing found its fix had a negligible effect on performance. Retpoline was implemented by Linux distributions such as Red Hat and SUSE, as well as by Oracle for Oracle Linux 6 and 7. And now, as MSPoweruser spotted, Microsoft's kernel engineers have confirmed that Retpoline will be part of the next version of Windows 10, 19H1, which is due out next year. Google's Retpoline plus Microsoft's own kernel modifications have reduced the performance impact to "noise level", according to Mehmet Iyigun of Microsoft's Windows and Azure kernel team. "Yes, we have enabled Retpoline by default in our 19H1 flights along with what we call 'import optimization' to further reduce perf impact due to indirect calls in kernel-mode. Combined, these reduce the perf impact of Spectre v2 mitigations to noise-level for most scenarios," wrote Iyigun.
"The bad news is that Microsoft didn't include the Retpoline fix in the latest Windows 10 October 2018 Update Redstone 5, or RS5, release, even though, according to CrowdStrike researcher Alex Ionescu, it could have," reports ZDNet.Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
An anonymous reader shares new work that could allow us to generate electricity using supercritical carbon dioxide. Ars Technica reports: The researchers involved in the new work, a large U.S.-based collaboration, focus on a composite material: tungsten and zirconium carbide. These have extremely high melting points: 3,700K for both materials. Both of them conduct heat extremely well, and neither of them expands or softens much under these conditions, meaning they would hold up better to the mechanical stresses. While the stats are impressive, the amazing part of this is how the material is fabricated. The researchers started with tungsten carbide, a ceramic that can be formed into a porous material simply by pouring it as a powder into a mold and heating it. At this point, the ceramic can be further machined to produce a final shape. Once in its final form, the ceramic was placed in a bath of a molten mixture of copper and zirconium. The molten mixture filled the pores, and the zirconium reacted with the tungsten carbide, replacing the tungsten. The copper in the molten material formed a thin film on the surface of the solid.
< article continued at Slashdot's new-and-improved department
>Read Replies (0)
By EditorDavid from Slashdot's putting-it-to-the-testers department
An anonymous reader quotes Gizmodo:
When it was discovered earlier this month that the 1809 build of Windows 10 was deleting user files just because, Microsoft halted the update until the problem was fixed. Shame, then, that another not-as-bad-but-still-bad file overwriting bug has now reared its head. in 1809, overwriting files by extracting from an archive using File Explorer doesn't result in an overwrite prompt dialogue and also doesn't replace any files at all; it just fails silently. There are also some reports that it did overwrite items, but did so silently without asking.
Ars Technica speculates that there's a larger program with Microsoft's testing process:
[M]any of the preview builds had a bug wherein deleting a directory that was synced to OneDrive crashed the machine. Not only was this bug integrated into the Windows code, it was allowed to ship to end users. This tells us some fundamental things about how Windows is being developed. Either tests do not exist at all for this code (and I've been told that yes, it's permitted to integrate code without tests, though I would hope this isn't the norm), or test failures are being regarded as acceptable, non-blocking issues, and developers are being allowed to integrate code that they know doesn't work properly...
Microsoft's new development process has, proportionately, a greater amount of time spent writing new features, and a reduced amount of time stabilizing and fixing those features. That would be fine if the quality of the features were higher to start with, with the testing infrastructure to support it and higher standards before new code was integrated. But the experience with Windows 10 thus far is that Microsoft hasn't developed the processes and systems needed to sustain this new approach.Read Replies (0)
By EditorDavid from Slashdot's influence-marketing department
A major new campaign of disinformation around Brexit, designed to stir up U.K. 'Leave' voters, and distributed via Facebook, may have reached over 10 million people in the U.K., according to new research. The source of the campaign is so far unknown, and will be embarrassing to Facebook, which only this week claimed it was clamping down on "dark" political advertising on its platform. Researchers for the U.K.-based digital agency 89up allege that Mainstream Network -- which looks and reads like a "mainstream" news site but which has no contact details or reporter bylines -- is serving hyper-targeted Facebook advertisements aimed at exhorting people in Leave-voting U.K. constituencies to tell their MP to "chuck Chequers." Chequers is the name given to the U.K. Prime Ministers's proposed deal with the EU regarding the U.K.'s departure from the EU next year.
ABC News reports:
When the Justice Department unsealed criminal charges detailing a yearslong effort by a Russian troll farm to "sow division and discord in the U.S. political system," it was the first federal case alleging continued foreign interference in U.S. elections. Earlier Friday, American intelligence officials released a rare public statement asserting that Russia, China, Iran and other countries are engaged in ongoing efforts to influence U.S. policy and voters in future elections. The statement didn't provide details on those efforts. That stood in contrast with the criminal charges, which provided a detailed narrative of Russian activities...
< article continued at Slashdot's influence-marketing department
>Read Replies (0)
By EditorDavid from Slashdot's shooting-stars department
An anonymous reader quotes Space.com:
If you're a meteor enthusiast, the year 2018 has been very kind to you. This past summer, the annual Perseid meteor shower reached its peak the day after a new moon, ensuring that no moonlight would hinder those spotting celestial streakers. And looking ahead to December, the Geminid meteor shower, the most prolific of all of the annual displays, will reach its peak when an almost-first-quarter moon is setting during the late evening hours. This will make for excellent viewing conditions. And coming almost midway between these two popular showers, this weekend brings one of the most reliable meteor events. A sort of lesser version of the summertime Perseids, the Orionid meteor shower should reach its peak activity early on Sunday morning...
[Y]ou should wait until around 2 a.m. in your local time zone, when Orion will have climbed well above the horizon. And just prior to the break of dawn, at around 5 a.m., Orion will appear highest in the sky toward the south. That's when Orionid viewing will be at its best... Past studies have demonstrated that about half of all observed Orionids leave trails that last longer than those of other meteors of equivalent brightness. This is undoubtedly connected to the makeup of Halley's Comet; the object produces meteors that start burning up very high in our atmosphere, at around 80 miles (130 km) up, possibly because they are composed of lightweight material. This suggests they came from the diffuse surface of Halley's nucleus as opposed to its core.Read Replies (0)
By EditorDavid from Slashdot's wanna-bet? department
Layzej writes: Back in 2005, solar physicists Galina Mashnich and Vladimir Bashkirtsev made a $10,000 bet that global temperatures, driven primarily by changes in the Sun's activity, would fall over the next decade. The bet would compare the then record hot years between 1998 to 2003 with that between between 2012 and 2017. With temperatures falling from their peak during the 1998 super El-Nino, and solar output continuing to fall, this seemed like a sure bet. The results are now in and all datasets show that climate modeler James Annan is the clear winner. At the time of the wager, Annan had supposed that the reputation of the scientists involved would be enough to ensure payment once the bet was settled. Unfortunately, as was the case with Alfred Russel Wallace's famous 1870 bet against flat-Earthers, the losing parties have refused to pay up.
"More precisely, Bashkirtsev is refusing to pay," writes the climate modeler on his blog, "and Mashnich is refusing to even reply to email.
"With impressive chutzpah, Bashkirtsev proposed we should arrange a follow-up bet which he would promise to honour."Read Replies (0)
By EditorDavid from Slashdot's more-than-40-hour-work-weeks department
An anonymous reader quotes Forbes:
Rockstar Games co-founder and VP Dan Hauser unleashed a storm of controversy when he casually stated in an interview with Vulture that "We were working 100-hour weeks" putting the finishing touches on Red Dead Redemption 2. Reaction was swift with many condemning the ubiquitous practice of crunch time in the video game industry in general and Rockstar's history of imposing harsh demands on its employees in particular... Hauser responded that he was talking about a senior writing team of four people working over a three-week period. This kind of intense short-term engagement was common for the team which had been working together for 12 years. Hauser went on to say that Rockstar doesn't "ask or expect anyone to work anything like this". Employees are given the option of working excessive overtime but doing so is a "choice" not a requirement.
A QA tester at Rockstar's Lincoln studio in the UK has taken to Reddit to answer questions and clarify misconceptions about overtime at Rockstar that have arisen in the wake of Hauser's comments.... He has no knowledge of working conditions at other Rockstar studios. The first thing the poster points out is that he and other QA testers (with the possible exception of salaried staff) are paid for their overtime work. He then writes "The other big thing is that this overtime is NOT optional, it is expected of us. If we are not able to work overtime on a certain day without a good reason, you have to make it up on another day. This usually means that if you want a full weekend off that you will have to work a double weekend to make up for it... We have been in crunch since October 9th 2017 which is before I started working here...."
< article continued at Slashdot's more-than-40-hour-work-weeks department
>Read Replies (0)
By EditorDavid from Slashdot's status-updates department
The November issue of Popular Mechanics includes a message from its editors that Elon Musk is "under attack," arguing that while some criticisms have merit, "much of it is myopic and small-brained, from sideline observers gleefully salivating at the opportunity to take him down a peg."
But what have these stock analysts and pontificators done for humanity? Elon Musk is an engineer at heart, a tinkerer, a problem-solver -- the kind of person Popular Mechanics has always championed -- and the problems he's trying to solve are hard. Really hard. He could find better ways to spend his money, that's for sure. And yet there he is, trying to build gasless cars and build reusable rockets and build tunnels that make traffic go away. For all his faults and unpredictability, we need him out there doing that. We need people who have ideas. We need people who take risks. We need people who try.
The magazine includes statements from 12 high-profile supporters, including investor Mark Cuban, who writes "When you invest in a company run by an entrepreneur like Elon, you are investing in the mindset and approach that an entrepreneur brings to the table as much as you are valuing the net present value of future cash flows. That is not typical for public companies that are overwhelmingly run by hired CEOs. My advice for Elon is simple: Be yourself. Be true to your mission. Respect your investors. Ignore your critics."
Meanwhile, in a Friday post on Twitter, Musk jokingly claimed that he'd purchased and then deleted the game of Fortnite, posting a doctored Marketwatch article quoting him as saying "I had to save these kids from eternal virginity."
"Had to been done," tweeted Musk, adding "ur welcome".Read Replies (0)
By EditorDavid from Slashdot's batches-of-patches department
America's Multi-State Information Sharing & Analysis Center is operated in collaboration with its Department of Homeland Security's Office of Cybersecurity and Communications -- and they've got some bad news.
MS-ISAC released an advisory warning government agencies, businesses, and home users of multiple high-risk security issues in PHP that can allow attackers to execute arbitrary code. Furthermore, if the PHP vulnerabilities are not successfully exploited, attackers could still induce a denial-of-service condition rendering the probed servers unusable... The PHP Group has issued fixes in the PHP 7.1.23 and 7.2.11 releases for all the high-risk bugs that could lead to DoS and arbitrary code execution in all vulnerable PHP 7.1 and 7.2 versions before these latest updates.
But meanwhile, Threatpost reported this week that 62% of the world's web sites are still running PHP version 5 -- even though its end of life is December 31st. "The deadlines will not be extended, and it is critical that PHP-based websites are upgraded to ensure that security support is provided," warned a recent CERT notice.
So far Drupal is the only CMS posting an official notice requiring upgrades to PHP 7 (by March, three months after the PHP 5.6's end of life deadline). Threatpost notes that "There has been no such notice from WordPress or Joomla."Read Replies (0)
By EditorDavid from Slashdot's willing-to-commit department
An anonymous reader quotes Martin Monperrus, a professor of software at Stockholm's KTH Royal Institute of Technology:
Repairnator is a bot. It constantly monitors software bugs discovered during continuous integration of open-source software and tries to fix them automatically. If it succeeds to synthesize a valid patch, Repairnator proposes the patch to the human developers, disguised under a fake human identity. To date, Repairnator has been able to produce 5 patches that were accepted by the human developers and permanently merged in the code base...
It analyzes bugs and produces patches, in the same way as human developers involved in software maintenance activities. This idea of a program repair bot is disruptive, because today humans are responsible for fixing bugs. In others words, we are talking about a bot meant to (partially) replace human developers for tedious tasks.... [F]or a patch to be human-competitive 1) the bot has to synthesize the patch faster than the human developer 2) the patch has to be judged good-enough by the human developer and permanently merged in the code base.... We believe that Repairnator prefigures a certain future of software development, where bots and humans will smoothly collaborate and even cooperate on software artifacts.
Their fake identity was a software engineer named Luc Esape, with a profile picture that "looks like a junior developer, eager to make open-source contributions... humans tend to have a priori biases against machines, and are more tolerant to errors if the contribution comes from a human peer. In the context of program repair, this means that developers may put the bar higher on the quality of the patch, if they know that the patch comes from a bot."
< article continued at Slashdot's willing-to-commit department
>Read Replies (0)
By EditorDavid from Slashdot's second-planet-to-the-right department
NASA recently developed a program for manned missions to explore Venus -- even though the planet's surface is 860 degrees, which NASA explains is "hot enough to melt lead." Long-time Slashdot reader Zorro shares this week's article from Newsweek:
As surprising as it may seem, the upper atmosphere of Venus is the most Earth-like location in the solar system. Between altitudes of 30 miles and 40 miles, the pressure and temperature can be compared to regions of the Earth's lower atmosphere. The atmospheric pressure in the Venusian atmosphere at 34 miles is about half that of the pressure at sea level on Earth. In fact you would be fine without a pressure suit, as this is roughly equivalent to the air pressure you would encounter at the summit of Mount Kilimanjaro. Nor would you need to insulate yourself as the temperature here ranges between 68 degrees Fahrenheit and 86 degrees Fahrenheit. The atmosphere above this altitude is also dense enough to protect astronauts from ionising radiation from space. The closer proximity of the sun provides an even greater abundance of available solar radiation than on Earth, which can be used to generate power (approximately 1.4 times greater).... [C]onceivably you could go for a walk on a platform outside the airship, carrying only your air supply and wearing a chemical hazard suit.
Venus is 8 million miles closer to Earth than Mars (though it's 100 times further away than the moon). But the atmosphere around Venus contains traces of sulphuric acid (responsible for its dense clouds), so the vessel would need to be corrosion-resistant material like teflon. (One NASA paper explored the possibility of airbone microbes living in Venus's atmosphere.) There's a slick video from NASA's Langley Research Center titled "A way to explore Venus" showcasing HAVOC -- "High Altitude Venus Operational Concept."
< article continued at Slashdot's second-planet-to-the-right department
>Read Replies (0)