By BeauHD from Slashdot's digital-fingerprints department
At the DefCon hacking conference on Friday, Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, presented a number of studies they've conducted using machine learning techniques to de-anonymize the authors of code samples. "Their work could be useful in a plagiarism dispute, for instance, but it could also have privacy implications, especially for the thousands of developers who contribute open source code to the world," reports Wired. From the report: First, the algorithm they designed identifies all the features found in a selection of code samples. That's a lot of different characteristics. Think of every aspect that exists in natural language: There's the words you choose, which way you put them together, sentence length, and so on. Greenstadt and Caliskan then narrowed the features to only include the ones that actually distinguish developers from each other, trimming the list from hundreds of thousands to around 50 or so. The researchers don't rely on low-level features, like how code was formatted. Instead, they create "abstract syntax trees," which reflect code's underlying structure, rather than its arbitrary components. Their technique is akin to prioritizing someone's sentence structure, instead of whether they indent each line in a paragraph.
The method also requires examples of someone's work to teach an algorithm to know when it spots another one of their code samples. If a random GitHub account pops up and publishes a code fragment, Greenstadt and Caliskan wouldn't necessarily be able to identify the person behind it, because they only have one sample to work with. (They could possibly tell that it was a developer they hadn't seen before.) Greenstadt and Caliskan, however, don't need your life's work to attribute code to you. It only takes a few short samples.Read Replies (0)
By BeauHD from Slashdot's rest-in-peace department
U.S.-based PC case manufacturer, CaseLabs, announced on social media that it is "closing permanently" and will not be able to fill all current orders. "We have been forced into bankruptcy and liquidation," CaseLabs said in a statement. "The tariffs have played a major role raising prices by almost 80 percent (partly due to associated shortages), which cut deeply into our margins. The default of a large account added greatly to the problem... We reached out for a possible deal that would allow us to continue on and persevere through these difficult times, but in the end, it didn't happen." PC Gamer reports: CaseLabs is likely referring to the growing number of tariffs being enforced on Chinese imports by the United States government. China and the US are currently engaged in a trade war, causing many U.S. companies to lose money, lay off employees, or close entirely. CaseLabs went on to say that it won't be able to fill the backlog of case orders, but other parts will most likely ship to customers. "We are so incredibly sorry this is happening. Our user community has been very devoted to us and it's awful to think that we have let any of you down."Read Replies (0)
By msmash from Slashdot's closer-look department
Saudi Arabia's sovereign wealth fund is in talks that could see it becoming a significant investor in Tesla as part of Elon Musk's plan to take the electric car maker private, Bloomberg reported Sunday, citing a person with direct knowledge of the fund's plans. From the report: The Public Investment Fund, which has built up a stake just shy of 5 percent in Tesla in recent months, is exploring how it can be involved in the potential deal, the person said on condition of anonymity. Discussions began before the controversial Aug. 7 tweet by Musk, who is Tesla's co-founder and chief executive officer, saying he was weighing a plan to take the company private. The PIF sees its investment in Tesla as a strategic way for the world's biggest crude producer to hedge against oil, the person said. The Saudi fund hasn't made any firm decisions on whether to increase its stake, or by how much, but talks are ongoing, the person said. It wasn't immediately clear how much the fund would invest in Tesla.Read Replies (0)
By EditorDavid from Slashdot's things-you-market-as-non-GMO department
We've reached a milestone in gene-edited food, according to the Washington Post. "Calyxt's 'healthier' soybean oil, the industry's first true gene-edited food, could make its way into products such as chips, salad dressings and baked goods as soon as the end of this year."
Calyxt's soybean is the first of 23 gene-edited crops the Agriculture Department has recognized to date.... Scientists at Calyxt, a subsidiary of the French pharmaceutical firm Cellectis, developed their soybean by turning "off" the genes responsible for the trans fats in soybean oil. Compared with the conventional version, Calyxt says, oil made from this soybean boasts far more "healthy" fats, and far less of the fats that raise bad cholesterol. Chief executive Federico Tripodi likes to say the product is akin to olive oil but without the pungent flavor that would make it off-putting in Oreos or granola bars.
It has earned praise from the Center for Science in the Public Interest, a consumer group that says public health will benefit from ingredients with less trans and saturated fats, regardless of how they were developed.... Scientists in university labs and at companies such as Calyxt are already designing plants that are more nutritious, convenient and sustainable, they say.... [U]niversities around the country are working on plants that will withstand droughts, diseases and the ravages of climate change. Such improvements, underway in crops as diverse as oranges, wine grapes and cacao, could protect these plants in the future while cutting down water and chemical use, experts say....
< article continued at Slashdot's things-you-market-as-non-GMO department
>Read Replies (0)
By EditorDavid from Slashdot's unlimited-roaming department
Slashdot reader datavirtue writes:
I've tried a lot of phones for extended periods of time. Some of these have included the Samsung S4, S5, S8+, Note 4, S7, iPhone 5, and Huawei Honor 8. I have stayed away from Apple... My favorite phone was the Nokia 920 Windows phone for its fluid performance and simplicity and hardware camera button, but that phone is long gone.
When searching for an unlocked phone after leaving my current job I ordered a Huawei Honor 8 which refused to join a network, and a iPhone 7 which was DOA. This led to my reluctant purchase of a Sony Xperia XA2 Ultra when the Microcenter sales team couldn't find the last Google Pixel they had in stock. Had no idea I was in for such a treat. The Sony Xperia phone experience is well refined and a joy to use.
Are there any other unlocked phones that you know of under $500 that run this good?
Share your own opinions and experiences in the comments. What's the best unlocked smartphone?Read Replies (0)
By EditorDavid from Slashdot's big-picture department
David Gerard has concerns about the Joint Photographic Experts Group (the ISO working group handling the JPEG standard for image compression). "They seem to think they can advance the cause of DRM for JPEG images...with a bit of applied blockchain." He bases that charge on the fact that the JPEG committee organized a special session on blockchain, and then created an ad hoc group to define use cases.
After six months' collaboration, the group has produced a white paper -- "Towards a Standardized Framework for Media Blockchain" -- as announced in the press release following the 80th meeting in July. The Executive Summary declares, "Fake news, copyright violation, media forensics, privacy and security are emerging challenges for digital media. JPEG has determined that blockchain technology has great potential as a technology component to address these challenges in transparent and trustable media transactions... [T]he standardization committee continues to work on improving various components of the standard. This includes incorporation of new technologies addressing current challenges related to transparent and trustable media transactions such as JPEG Privacy and Security." "JPEG Privacy and Security" is described later in the paper. "JPEG Privacy & Security aims at developing a standard for realizing secure image information sharing, capable of ensuring privacy, maintaining data integrity, and protecting intellectual property rights."
That is, "Privacy and Security" is a euphemism for Digital Rights Management (DRM) in JPEG.... Chair of the group Dr, Frederik Temmermans stressed to me that "JPEG is not working on DRM in particular but on a more generic framework that supports privacy and security features." But DRM is very much a significant part of this.Read Replies (0)
By EditorDavid from Slashdot's seeing-you-off department
The program makes boarding an international flight a breeze: Passengers step up to the gate, get their photo taken and proceed onto the plane. There is no paper ticket or airline app. Thanks to facial recognition technology, their face becomes their boarding pass.... The problem confronting thousands of travelers, is that few companies participating in the program, called the Traveler Verification Service, give explicit guarantees that passengers' facial recognition data will be protected.
And even though the program is run by the Department of Homeland Security, federal officials say they have placed no limits on how participating companies -- mostly airlines but also cruise lines -- can use that data or store it, opening up travelers' most personal information to potential misuse and abuse such as being sold or used to track passengers' whereabouts.
The Department of Homeland Security is now using the data to track foreigners overstaying their visas, according to the Times. "After passengers' faces are scanned at the gate, the scan is sent to Customs and Border Protection and linked with other personally identifying data, such as date of birth and passport and flight information."
But the face scans are collected by independent companies, and Border Protection officials insist they have no control over how that data gets used.Read Replies (0)
By EditorDavid from Slashdot's bird-brained-ideas department
An anonymous reader quotes the Guardian:
Six crows trained to pick up cigarette ends and rubbish will be put to work next week at a French historical theme park, according to its president. "The goal is not just to clear up, because the visitors are generally careful to keep things clean" but also to show that "nature itself can teach us to take care of the environment", said Nicolas de Villiers of the Puy du Fou park, in the western Vendee region.... The birds will be encouraged to spruce up the park through the use of a small box that delivers a nugget of bird food each time the rook deposits a cigarette end or small piece of rubbish.
"There's an easier way to get rid of all the cigarette butts," suggests one anonymous Slashdot reader.
"Just train the crows to attack smokers."Read Replies (0)
By EditorDavid from Slashdot's return-addresses department
A new Intel security flaw has been discovered that potentially allows passwords to be stolen. An anonymous reader quotes Digital Journal:
As EE News reports, researchers said the new flaw enables an "inverse spectre attack". According to Giorgi Maisuradze and Professor Dr. Christian Rossow a ret2spec (return-to-speculation) vulnerability with the chips allows for would-be attackers to read data without authorization. According to Professor Rossow: "The security gap is caused by CPUs predicting a so-called return address for runtime optimization."
The implications of this are: "If an attacker can manipulate this prediction, he gains control over speculatively executed program code. It can read out data via side channels that should actually be protected from access." This means, in essence, that malicious web pages could interpret the memory of the web browser in order to access and copy critical data. Such data would include stored passwords.
"At least all Intel processors of the past ten years are affected by the vulnerabilities," reports EE News, adding "Similar attack mechanisms could probably also be derived for ARM and AMD processors...."
"Manufacturers were notified of the weaknesses in May 2018 and were granted 90 days to remedy them before the results were published. That deadline has now expired."Read Replies (0)
By EditorDavid from Slashdot's not-so-magic-internet-money department
An anonymous reader quotes CryptoCoinsNews:
Over the past 24 hours, the crypto market has recorded a loss of $18 billion, as major cryptocurrencies including Bitcoin, Ether, EOS, and Bitcoin Cash dropped by 4 to 13 percent. While Bitcoin ended the day with a 4 percent decline in its value, Ether, the native cryptocurrency of Ethereum, plummeted by 13 percent against the US dollar, becoming one of the worst performing major cryptocurrencies alongside NEO. Tokens recorded the steepest drop in their value on August 11, as most Ethereum-based tokens such as Theta Token, Aion, Pundi X, Aelf, DigixDAO, WanChain, and VeChain recorded a drop of around 14 to 18 percent For the first time in 2018, Bitcoin, the most dominant cryptocurrency in the global market, has obtained 50 percent of the market share, securing its year-to-date (YTD) high on the dominance index. The sudden increase in the dominance index of Bitcoin which coincided with the spike in the volume of Tether have demonstrated that investors have become reluctant towards taking high-risk and high-return trades, mostly due to the lack of confidence in the short-term trend of the market. Over the past few weeks, tokens have lost over 50 percent of their value against Bitcoin, which has also fallen by more than 20 percent since late July.
"During this 13-day stretch, the total market cap for all cryptocurrencies has fallen $70 billion," reports MarketPlace, in an article headlined "Bitcoin looks 'very sick' and the pain is not over, says analyst."Read Replies (0)
By EditorDavid from Slashdot's wanna-cry? department
A major virus infection forced the closure of Taiwan Semiconductor Manufacturing Company (TSMC) factories last weekend..." writes Slashdot reader Mark Wilson, noting that it's the largest semiconductor manufacturer in the world, selling chips to Apple, Nvidia, AMD, Qualcomm, and Broadcom, and "responsible for producing iPhone processors."
Now Network World reports:
The infection struck on Friday, August 3, and affected a number of unpatched Windows 7 computer systems and fab tools over two days. TSMC said it was all back to normal by Monday, August 6. TSMC did not say it was WannaCry, aka WannaCrypt, in its updates, but reportedly blamed WannaCry in follow-up conference calls with the press.... The company said this incident would cause shipment delays and additional costs estimated at 3 percent of third quarter revenue. The company had previously forecast revenues of $8.45 billion to $8.55 billion for its September quarter. A 3 percent loss would mean $250 million, though actual losses may come out lower than that. Still, that's a painful hit. TSMC also said no customer data was compromised....
TSMC isn't directly to blame here; someone [an infected production tool provided by an unidentified vendor] brought WannaCry into their offices and behind their firewall, but TSMC is still culpable because it left systems unpatched more than a year after WannaCry hit.Read Replies (0)
By EditorDavid from Slashdot's owning-a-boat department
"Six years after decommissioning USS Enterprise, the world's first nuclear-powered aircraft carrier, the U.S. Navy is still figuring out how to safely dismantle the ship," reports Popular Mechanics. schwit1 tipped us off to their report:
The General Accounting Office estimates the cost of taking apart the vessel and sending the reactors to a nuclear waste storage facility at up to $1.5 billion, or about one-eighth the cost of a brand-new aircraft carrier.
The USS Enterprise was commissioned in 1961 to be the centerpiece of a nuclear-powered carrier task force, Task Force One, that could sail around the world without refueling.... The Navy decommissioned Enterprise in 2012 and removed the fuel from the eight Westinghouse A2W nuclear reactors in 2013. The plan was to scrap the ship and remove the reactors, transporting them by barge from Puget Sound Naval Base down the Washington Coast and up the Columbia River, then trucking them to the Department of Energyâ(TM)s Hanford Site for permanent storage. However, after decommissioning the cost of disposing of the 93,000-ton ship soared from an estimated $500-$750 million to more than a billion dollars. This caused the Navy to put a pause on disposal while it sought out cheaper options. Today the stripped-down hull of the Enterprise sits in Newport News, Virginia awaiting its fate.
"Although the Navy believes disposing of the reactors will be fairly straightforward, no one has dismantled a nuclear-powered carrier before...
"Whatever the Navy ends up doing, this will only be the first of many nuclear-powered carrier disposals."Read Replies (0)
By EditorDavid from Slashdot's short-tempers department
An anonymous reader quotes the BBC:
Elon Musk's bombshell announcement that he is thinking of taking the electric car company Tesla private has landed him a lawsuit from unhappy investors.... His comments caused the share price to shoot up 11% to nearly $380, though it has since fallen back. Short-sellers, who bet on share price falls, allege he misled the market....
Short-sellers, who make a profit by borrowing shares, selling them and then buying them back at an expected lower price, claim to have lost millions thanks to Mr Musk's comments. Plaintiff Kalman Isaacs alleges the announcement was aimed at "completely decimating" short-sellers. His lawsuit, and another filed by William Chamberlain, accuse Mr Musk and Tesla of violating federal securities laws and artificially inflating Tesla's share price. Neither Mr Musk nor Tesla have commented on the lawsuit, which was filed in a federal court in San Francisco.
Tesla "is holding early discussions with banks about the feasibility and structure of a possible deal," Bloomberg reported yesterday -- and Ars Technica points out that if Mr. Isaacs had simply kept his short positions open through Friday, "he would be at least $60,000 richer."
But Isaacs' hopes to be the lead plaintiff for a class-action lawsuit "representing all Tesla shareholders who traded after Musk's tweet on Tuesday or at any time on Wednesday."Read Replies (0)
By EditorDavid from Slashdot's shades-of-Icarus department
An anonymous reader quotes the Los Angeles Times:
An airline worker stole an empty Alaska Airlines plane from Seattle-Tacoma International Airport in Washington on Friday night, and the National Guard scrambled two fighter jets to chase the aircraft, which crashed on a sparsely populated island in Puget Sound, officials said. No passengers were aboard the 76-seat Horizon Air Q400 turboprop plane, which was stolen by a 29-year-old Horizon Air ground service agent from Pierce County, according to airline and law enforcement officials.... The man was described as suicidal, and it appeared impossible that he could have survived the crash....
The plane made an unauthorized takeoff from the airport around 8 p.m. and crashed on Ketron Island, about five miles southwest of Tacoma, after the renegade pilot bantered erratically with air-traffic controllers who pleaded with him to land the plane, according to officials and dispatch audio. "This is probably jail time for life, huh?" said the man, identified on the radio as Rich, according to dispatch audio reviewed by the Seattle Times.... At another point, the employee said: "I'm gonna land it, in a safe kind of manner. I think I'm gonna try to do a barrel roll, and if that goes good, I'm just gonna nose down and call it a night...."
"Oh, my God! Oh, my God! He's OK? He's OK," one woman said in a video posted on Facebook, which showed at least one military jet in pursuit. Itâ(TM)s not clear how long afterward the plane crashed.Read Replies (0)
By EditorDavid from Slashdot's slow-processes department
An anonymous reader quotes InsideHPC:
Today Julia Computing announced the Julia 1.0 programming language release, "the most important Julia milestone since Julia was introduced in February 2012." As the first complete, reliable, stable and forward-compatible Julia release, version 1.0 is the fastest, simplest and most productive open-source programming language for scientific, numeric and mathematical computing. "With today's Julia 1.0 release, Julia now provides the language stability that commercial customers require together with the unique combination of lightning speed and high productivity that gives Julia its competitive advantage compared with Python, R, C++ and Java."
The Register reports:
Created by Jeff Bezanson, Stefan Karpinski, Viral Shah, and Alan Edelman, the language was designed to excel at data science, machine learning, and scientific computing.... Six years ago, Julia's creators framed their goals thus:
"We want a language that's open source, with a liberal license. We want the speed of C with the dynamism of Ruby. We want a language that's homoiconic, with true macros like Lisp, but with obvious, familiar mathematical notation like Matlab. We want something as usable for general programming as Python, as easy for statistics as R, as natural for string processing as Perl, as powerful for linear algebra as Matlab, as good at gluing programs together as the shell. Something that is dirt simple to learn, yet keeps the most serious hackers happy. We want it interactive and we want it compiled...."
In a julialang.org post announcing the milestone, the minders of the language claim to have achieved some of their goals.Read Replies (0)
By EditorDavid from Slashdot's look-what-I-found department
"Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU," Tom's Hardware reports, citing a presentation by security researcher Christopher Domas at the Black Hat Briefings conference in Las Vegas.
The command -- ".byte 0x0f, 0x3f" in Linux -- "isn't supposed to exist, doesn't have a name, and gives you root right away," Domas said, adding that he calls it "God Mode." The backdoor completely breaks the protection-ring model of operating-system security, in which the OS kernel runs in ring 0, device drivers run in rings 1 and 2, and user applications and interfaces ("userland") run in ring 3, furthest from the kernel and with the least privileges. To put it simply, Domas' God Mode takes you from the outermost to the innermost ring in four bytes. "We have direct ring 3 to ring 0 hardware privilege escalation," Domas said. "This has never been done.... It's a secret, co-located core buried alongside the x86 chip. It has unrestricted access to the x86."
The good news is that, as far as Domas knows, this backdoor exists only on VIA C3 Nehemiah chips made in 2003 and used in embedded systems and thin clients. The bad news is that it's entirely possible that such hidden backdoors exist on many other chipsets. "These black boxes that we're trusting are things that we have no way to look into," he said. "These backdoors probably exist elsewhere." Domas discovered the backdoor, which exists on VIA C3 Nehemiah chips made in 2003, by combing through filed patents.
"Some of the VIA C3 x86 processors have God Mode enabled by default," Domas adds. "You can reach it from userland. Antivirus software, ASLR and all the other security mitigations are useless."Read Replies (0)
By EditorDavid from Slashdot's beating-the-cheaters department
Recently the Palm Beach Post noted that 20% of the academic credit awarded at Florida Atlantic University is for online courses. So how can they stop cheaters?
Where once it was enough for a professor to roam the aisles of a classroom, checking for cheat sheets and keeping an eye out for students signaling one another, proctoring today's tests often requires web cams and biometric IDs. A field of more than a dozen test-proctoring services has emerged in the past decade. Typically, the company gets some sort of visual on the test taker via a web cam and then asks the student to show the camera his or her ID. Other security layers can include software that recognizes faces or even keystroking patterns.
The next step is to monitor the student during the test. In the online proctoring world, that is done in one of three ways:
* A remote but live proctor who watches in real time.
* A record-and-review method in which a proctor watches the testing session, but not in real time.
* An automated system, in which the software is programmed to spot abnormalities and flag them.
Honorlock -- one of the record-and-review outfits -- expected to proctor roughly 100,000 tests in the 2017-2018 school year, and promises schools that their solution also searches the web for copies of the test and automatically files takedown notices for any leaked copies, according to a link shared by Slashdot reader Presto Vivace. Besides filming students during tests, it also includes patented technology that "detects and prevents searching for test answers online from any secondary device." And it even verifies the identity of test takers using "any government issued" i.d. (like a driver's license or passport) or student ID which includes a photo.
< article continued at Slashdot's beating-the-cheaters department
>Read Replies (0)
By BeauHD from Slashdot's back-to-the-drawing-board department
An anonymous reader quotes a report from Phys.Org: In recent years, some physicists have been investigating the possibility that gravity is not actually a fundamental force, but rather an emergent phenomenon that arises from the collective motion of small bits of information encoded on spacetime surfaces called holographic screens. The theory, called emergent gravity, hinges on the existence of a close connection between gravity and thermodynamics. Emergent gravity has received its share of criticism, however, and a new paper adds to this by showing that the holographic screen surfaces described by the theory do not actually behave thermodynamically, undermining a key assumption of the theory.
In the new paper, the scientists tested whether different kinds of surfaces obey an analogue of the first law of thermodynamics, which is a special form of energy conservation. Their results reveal that, while surfaces near black holes (called stretched horizons) do obey the first law, ordinary surfaces -- including holographic screens -- generally do not. The only exception is that ordinary surfaces that are spherically symmetric do obey the first law. As the scientists explain, the finding that stretched horizons obey the first law is not surprising, since these surfaces inherit much of their behavior from the nearby horizons. Still, the scientists caution that the results do not necessarily imply that stretched horizons obey all of the laws of thermodynamics. On the other hand, the finding that ordinary surfaces do not obey the first law is more unexpected, especially as it is one of the key assumptions of emergent gravity. Going forward, researchers will work to understand what this means for the future of emergent gravity, as well as explore other possible implications.Read Replies (0)
By BeauHD from Slashdot's space-meetup department
Zorro shares a report from Space.com: The Japanese spacecraft Hayabusa2 has successfully rendezvoused with Ryugu, beginning an 18-month stay at the diamond-shaped asteroid. Launched by the Japan Aerospace Exploration Agency, JAXA, in 2014, the probe will poke, prod and even impact the asteroid, deploying a small lander and three rovers. It will then blast an artificial crater to analyze material below the asteroid's surface. After that, the probe will head back to Earth, arriving near the end of 2020 with samples in tow. Hayabusa2 automatically fired its thrusters this morning (June 27) at 9:35 a.m. local Japanese time (8:45 p.m. on June 26 EDT, or 1245 GMT), bringing the probe within a constant 12 miles (20 kilometers) of the asteroid, according to a statement from JAXA. The Hayabusa2 team will have to select the best place for the probe's lander and rovers based on the space rock's spinning-top-like shape and its rotation; the 3,000-foot-wide (900 meters) asteroid rotates perpendicular to its orbit, completing a full rotation every 7.5 hours.Read Replies (0)