By msmash from Slashdot's closer-look department
An anonymous reader writes: For years, embedded device manufacturers have been illegally using Linux. Typically, they use Linux without publishing their device's source code, which Linux's GNU General Public License version 2 (GPLv2) requires them to do. Well, guess what? Another vendor, this time Symantec, appears to be the guilty party. This was revealed when Google engineer and Linux security expert Matthew Garrett was diving into his new Norton Core Router. This is a high-end Wi-Fi router. Symantec claims it's regularly updated with the latest security mechanisms. Garrett popped his box open to take a deeper look into Symantec's magic security sauce. What he found appears to be a Linux distribution based on the QCA Software Development Kit (QSDK) project. This is a GPLv2-licensed, open-source platform built around the Linux-based OpenWrt Wi-Fi router operating system. For Symantec's purposes, QSDK and OpenWrt are an excellent choice. Instead of a read-only firmware, OpenWrt has a fully writable filesystem with package management. This enables Symantec to easily customize its router with updated security features. But -- and it's a big but -- if it's indeed based on QSDK and OpenWrt, Symantec needs to share the Norton Core Router's code with the world.Read Replies (0)
By msmash from Slashdot's weekend-project department
An anonymous reader writes: Ubuntu Linux 18.04 "Bionic Beaver" is almost here -- it is due on April 26. In the interim, today, the second -- and final -- beta becomes available. Bionic Beaver is very significant, as it is an LTS version, meaning "Long Term Support." This is important to those that prefer stability to bleeding edge and don't want to deal with the hassle of upgrades. In other words, you can install 18.04 and be confident that it will be supported for 5 years. In comparison, non-LTS Ubuntu versions get a mere 9 months. There is plenty to be excited about with Ubuntu Linux 18.04 LTS 'Bionic Beaver' Beta 2, including the GNOME 3.28 desktop environment -- Beta 1 did not include GNOME at all. Of course, all the other DE flavors are available too, such as KDE and Xfce. The kernel is at 4.15, which while not the most current version, is still quite modern. Also included is LibreOffice 6.0 -- an essential tool that rivals Microsoft Office. Wayland is available as a technical preview, although X remains the default display server -- for now.Read Replies (0)
By msmash from Slashdot's RIP department
Isao Takahata, co-founder of the prestigious Japanese animator Studio Ghibli, which stuck to a hand-drawn "manga" look in the face of digital filmmaking, has died. He was 82. From a report: Takahata started Ghibli with Oscar-winning animator Hayao Miyazaki in 1985, hoping to create Japan's Disney. He directed "Grave of the Fireflies," a tragic tale about wartime childhood, and produced some of the studio's films, including Miyazaki's 1984 "Nausicaa of the Valley of the Wind," which tells the horror of environmental disaster through a story about a princess. Takahata died Thursday of lung cancer at a Tokyo hospital, the studio said in a statement Friday. He was fully aware of how the floating sumie-brush sketches of faint pastel in his works stood as a stylistic challenge to Hollywood's computer-graphics cartoons. In a 2015 interview with The Associated Press, Takahata talked about how Edo-era woodblock-print artists like Hokusai had the understanding of Western-style perspective and the use of light, but they purposely chose to depict reality with lines, and in a flat way, with minimal shading. "Pom Poko", a movie released in 1994, is often considered the best work of Takahata. The New York Times described it as, "a comic allegory about battling packs of tanuki (Japanese raccoon dogs) joining forces to fight human real estate developers. It's earthy and rollicking in a way that his co-founder's films aren't." In an interview with Wired in 2015, when Takahata was asked what he felt about people regarding him as the heart of Studio Ghibli. "Now you've both finished your final films, what are your feelings on Ghibli's legacy and reputation?, the interviewer asked. Takahata said, "I'm not sure I can respond in any meaningful way. What Hayao Miyazaki has built up is the greatest contribution. The existence of that thick trunk has allowed leaves to unfurl and flowers to bloom to become the fruitful tree that is Studio Ghibli." Further reading: Isao Takahata's stark world of reality (The Japan Times).Read Replies (0)
By msmash from Slashdot's growing-pattern department
An anonymous reader writes: Seoul-born Wendy Hui Kyong Chun, a professor at Brown University known for her work on fake news, is moving to Canada. So is Alan Aspuru-Guzik, a Harvard chemistry professor working on quantum computing and artificial intelligence. They are among 24 top academic minds around the world wooed to Canada by an aggressive recruitment effort offering ultra-attractive sinecures, seven-year funding arrangements -- and, Chun and Aspuru-Guzik said in separate interviews with Axios, a different political environment from the U.S. The "Canada 150 Research Chairs Program" is spending $117 million on seven-year grants of either $350,000 a year or $1 million a year. It's part of a campaign by numerous countries to attract scholars unhappy with Brexit, the election of Donald Trump, and other political trends, sweetened with unusually generous research conditions.Read Replies (0)
By BeauHD from Slashdot's shrouded-in-secrecy department
The Electronic Frontier Foundation's Peter Eckersley writes: Yesterday, The New York Times reported that there is widespread unrest amongst Google's employees about the company's work on a U.S. military project called "Project Maven." Google has claimed that its work on Maven is for "non-offensive uses only," but it seems that the company is building computer vision systems to flag objects and people seen by military drones for human review. This may in some cases lead to subsequent targeting by missile strikes. EFF has been mulling the ethical implications of such contracts, and we have some advice for Google and other tech companies that are considering building military AI systems. The EFF lists several "starting points" any company, or any worker, considering whether to work with the military on a project with potentially dangerous or risk AI applications should be asking: 1. Is it possible to create strong and binding international institutions or agreements that define acceptable military uses and limitations in the use of AI? While this is not an easy task, the current lack of such structures is troubling. There are serious and potentially destabilizing impacts from deploying AI in any military setting not clearly governed by settled rules of war. The use of AI in potential target identification processes is one clear category of uses that must be governed by law.
2.Is there a robust process for studying and mitigating the safety and geopolitical stability problems that could result from the deployment of military AI? Does this process apply before work commences, along the development pathway and after deployment? Could it incorporate the sufficient expertise to address subtle and complex technical problems? And would those leading the process have sufficient independence and authority to ensure that it can check companies' and military agencies' decisions?
< article continued at Slashdot's shrouded-in-secrecy department
>Read Replies (0)
By BeauHD from Slashdot's fork-and-bork department
An anonymous reader quotes a report from The Register: A remote-code execution vulnerability in Windows Defender -- a flaw that can be exploited by malicious .rar files to run malware on PCs -- has been traced back to an open-source archiving tool Microsoft adopted for its own use. The bug, CVE-2018-0986, was patched on Tuesday in the latest version of the Microsoft Malware Protection Engine (1.1.14700.5) in Windows Defender, Security Essentials, Exchange Server, Forefront Endpoint Protection, and Intune Endpoint Protection. This update should be installed, or may have been automatically installed already on your device. The vulnerability can be leveraged by an attacker to achieve remote code execution on a victim's machine simply by getting the mark to download -- via a webpage or email or similar -- a specially crafted .rar file while the anti-malware engine's scanning feature is on. In many cases, this analysis set to happen automatically.
When the malware engine scans the malicious archive, it triggers a memory corruption bug that leads to the execution of evil code smuggled within the file with powerful LocalSystem rights, granting total control over the computer. The screwup was discovered and reported to Microsoft by legendary security researcher Halvar Flake, now working for Google. Flake was able to trace the vulnerability back to an older version of unrar, an open-source archiving utility used to unpack .rar archives. Apparently, Microsoft forked that version of unrar and incorporated the component into its operating system's antivirus engine. That forked code was then modified so that all signed integer variables were converted to unsigned variables, causing knock-on problems with mathematical comparisons. This in turn left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to potentially execute.Read Replies (0)
By BeauHD from Slashdot's early-days department
Coinbase announced today that it is launching a new incubator fund for early-stage startups. "We're going to invest off our balance sheet into crypto companies," Coinbase President and COO Asiff Hirji told CNBC's "Fast Money" Thursday. "We will invest in companies that are in the space and are aligned with our values." From the report: Profits from the fund will be "de minimis" in the scope of the entire company but the fund is already off to a $15 million start and set to grow, Hirji said. The fund's seed-stage investments, which will begin this week, will help companies and founders in the crypto and blockchain space get off the ground. It's also meant to focus on building relationships within that ecosystem, he said. In order to do that, Coinbase could be investing in its competitors.
"You may also see us invest in companies that ostensibly look competitive with Coinbase," the San Francisco-based company said in a blog post. "We're taking a long term view of the space, and we believe that multiple approaches are healthy and good." Hirji emphasized that Coinbase Ventures is searching for founders, not the next money-making cryptocurrency. "By giving them access to capital we hope that they will grow great businesses," he said. "It's not about investing in the token, it's not about trying to line up tokens that we would put on our exchange."Read Replies (0)
By BeauHD from Slashdot's cause-and-effect department
Both the United Kingdom and Australia said Thursday that they have opened formal investigations into Facebook amid allegations that their citizens' data was improperly shared with Cambridge Analytica. ABC News reports: The Information Commissioner's Office in the U.K. is "looking at how data was collected from a third party app on Facebook and shared with Cambridge Analytica. We are also conducting a broader investigation into how social media platforms were used in political campaigning," according to Commissioner Elizabeth Denham. The office will investigate Facebook, along with 29 other organizations that have not been named. Earlier Thursday, Australia said it had opened a formal investigation into the tech giant amid allegations that Australian users' data was improperly shared with Cambridge Analytica. "Today I have opened a formal investigation into Facebook, following confirmation from Facebook that the information of over 300,000 Australian users may have been acquired and used without authorization," Angelene Falk, Australia's acting information commissioner and acting privacy commissioner, said. According to Falk, Australia will work with international regulatory agencies to investigate whether Facebook violated the country's privacy act. Under Australian law, the commissioner has the power to issue fines of up to $1.6 million to organizations that fail to comply with the act, according to the Australian Broadcasting Corporation. Australia and the U.K. joined the United States and Israel in investigating Facebook's breach of privacy.Read Replies (0)
By BeauHD from Slashdot's connecting-the-dots department
An anonymous reader writes: Within the past week, two Tesla crashes have been reported while Autopilot was engaged, and both involved a Tesla vehicle slamming into a highway divider. One of the crashes resulted in the death of Walter Huang, a Tesla customer with a Model X. The other crash resulted in minor injuries to the driver, thanks largely to a working highway safety barrier in front of the concrete divider. Ars Technica reports on the growing evidence that Tesla's Autopilot handles lane dividers poorly: "The September crash isn't the only evidence that has emerged that Tesla's Autopilot feature doesn't deal well with highway lane dividers. At least two people have uploaded videos to YouTube showing their Tesla vehicles steering toward concrete barriers. One driver grabbed the wheel to prevent a collision, while the other slammed on the brakes. Tesla argues that this issue doesn't necessarily mean that Autopilot is unsafe. 'Autopilot is intended for use only with a fully attentive driver,' a Tesla spokesperson told KGO-TV. Tesla argues that Autopilot can't prevent all accidents but that it makes accidents less likely. There's some data to back this up. A 2017 study by the National Highway Transportation Safety Administration (NHTSA) found that the rate of accidents dropped by 40 percent after the introduction of Autopilot. And Tesla argues that Autopilot-equipped Tesla cars have gone 320 million miles per fatality, much better than the 86 million miles for the average car. These figures don't necessarily settle the debate. That NHTSA figure doesn't break down the severity of crashes -- it's possible that Autopilot prevents relatively minor crashes but is less effective at preventing the most serious crashes. And as some Ars commenters have pointed out, luxury cars generally have fewer fatalities than the average vehicle. So it's possible that Tesla cars' low crash rates have more to do with its wealthy customer base than its Autopilot technology. What we can say, at a minimum, is that there's little evidence that Autopilot makes Tesla drivers less safe. And we can expect Tesla to steadily improve the car's capabilities over time."Read Replies (0)