A $1, Linux-Capable, Hand-Solderable Processor

Over on the EEVblog, someone noticed an interesting chip that’s been apparently flying under our radar for a while. This is an ARM processor capable of running Linux. It’s hand-solderable in a TQFP package, has a built-in Mali GPU, support for a touch panel, and has support for 512MB of DDR3. If you do it right, this will get you into the territory of a BeagleBone or a Raspberry Pi Zero, on a board that’s whatever form factor you can imagine. Here’s the best part: you can get this part for $1 USD in large-ish quantities. A cursory glance at the usual online retailers tells me you can get this part in quantity one for under $3. This is interesting, to say the least.

The chip in question, the Allwinner A13, is a 1GHz ARM Cortex-A8 processor. While it’s not much, it is a chip that can run Linux in a hand-solderable package. There is no HDMI support, you’ll need to add some more chips (that are probably in a BGA package), but, hey, it’s only a dollar.

If you’d like to prototype with this chip, the best options right now are a few boards from Olimex, and a System on Module from the same company. That SoM is an interesting bit of kit, allowing anyone to connect a power supply, load an SD card, and get this chip doing something.

Currently, there aren’t really any good solutions for a cheap Linux system you can build at home, with hand-solderable chips. Yes, you could put Linux on an ATMega, but that’s the worst PC ever. A better option is the Octavo OSD335x SoC, better known as ‘the BeagleBone on a Chip’. This is a BGA chip, but the layout isn’t too bad, and it can be assembled using a $12 toaster oven. The problem with this chip is the price; at quantity 1000, it’s a $25 chip. At quantity one, it’s a $40 chip. NXP’s i.MX6 chips have great software support, but they’re $30 chips, and you’ll need some DDR to make it do something useful, and that doesn’t even touch the fiddlyness of a 600-ball package

While the Allwinner A13 beats all the other options on price and solderability, it should be noted that like all of these random Linux-capable SoCs, the software is a mess. There is a reason those ‘Raspberry Pi killers’ haven’t yet killed the Raspberry Pi, and it’s because the Allwinner chips don’t have documentation and let’s repeat that for emphasis: the software is a mess.

Source: A $1, Linux-Capable, Hand-Solderable Processor | Hackaday

Hadoop and NoSQL backups timed by AI

Machine learning data management company Imanis Data has introduced an autonomous backup product powered by machine learning.

The firm said users can specify a desired RPO (Recovery Point Objective) and its SmartPolicies tech then set up the backup schedules. The tech is delivered as an upgrade to the Imanis Data Management Platform (IDMP) product.

SmartPolicies uses metrics including criticality and volume of data to be protected, primary cluster workloads, and daily or seasonal resource utilisation, to determine the most efficient way to achieve the desired RPO.

If it can’t be met because, for example, production systems are too busy, or computing resources are insufficient, then SmartPolicies provides recommendations to make the RPO executable.

Other items in the upgrade include any-point-in-time recovery for multiple NoSQL databases, better ransomware prevention and general data management improvements, such as job tag listing and a browsable catalog for simpler recovery.

[…]

Having backup software set up its own schedules based on input RPO values isn’t a new idea, but having it done with machine learning is. The checking of available resources is a darn good idea too and, when you think about it, absolutely necessary.

Otherwise “backup run failed” messages would start popping up all over the place – not good. We expect other backup suppliers to follow in Imanis’s wake and start sporting “machine learning-driven policy” messages quite quickly.

Source: When should I run backup, robot overlord? Autonomous Hadoop and NoSQL backup is now a thing • The Register

Google Chrome Is Now Quietly Forcing You to Log In—Here’s What to Do About It 

Once again, Google has rankled privacy-focused people with a product change that appears to limit users’ options. It’s easy to miss the fact that you’re automatically being logged-in to Chrome if you’re not paying attention.

Chrome 69 released to users on September 5, and you likely noticed that it has a different look. But if you’re the type of person who doesn’t like to log in to the browser with your Google account, you may have missed the fact that it happens automatically when you sign-in to a Google service like Gmail. Previously, users were allowed to keep those logins separate. Members of the message board Hacker News noticed the change relatively quickly and over the weekend, several developers called attention to it.

[…]

If you want to disable the forced login, a user on Hacker News points out a workaround that could change at any time. Copy and paste this text into your browser’s address bar: chrome://flags/#account-consistency. Then disable the option labeled, “Identity consistency between browser and cookie jar,” and restart your browser. Go to this link to ensure that your Sync settings are configured the way you like them. For now, you have a choice, but it shouldn’t be so difficult or obscure.

Source: Google Chrome Is Now Quietly Forcing You to Log In—Here’s What to Do About It 

Hey, Microsoft, stop installing third-party apps on clean Windows 10 installs!

Before Windows 10, a clean install of Windows only included the bare essentials a user would need to get started using their PC. That included software built by Microsoft, such as Mail, Paint, and its web browser, and it never included “bloatware” or “trialware” that one might find on hardware purchased from a third-party OEM that preloaded all kinds of crapware.

The clean install process was simple. With Windows 7, you’d do the install, and once you hit the desktop, that was it. All the programs that were preinstalled were Microsoft-made and were often considered essentials. This changed with Windows 8, with the addition of auto-updating apps such as Travel, News and more. Still, these were acceptable, preinstalled Windows apps and were not really classed as bloatware.

With Windows 10, a clean install stays that way for about two minutes, because the second you hit the desktop, the Microsoft Store immediately starts trying to download third-party apps and games. And these apps keep trying to install themselves even after you cancel the downloads.

Six too many

There are six such apps, which is six too many. These apps are often random, but right now they include things like Candy Crush, Spotify, and Disney Magic Kingdoms. You should not see any of these apps on a fresh install of Windows 10, yet they are there every single time.

There are policies you can set that disable these apps from automatically installing, but that’s not the point. On a fresh, untouched, clean install of Windows 10, these apps will download themselves onto your PC. Even if you cancel the installation of these apps before they manage to complete the download, they will retry at a later date, without you even noticing.

The only way I’ve found that gets rid of them permanently is to let them install initially, without canceling the download, and then uninstall the apps from the Start menu. If you cancel the initial download of the bloatware apps before they complete their first install, the Microsoft Store will just attempt to redownload them later and will keep doing so until that initial install is complete.

Source: Hey, Microsoft, stop installing third-party apps on clean Windows 10 installs! | Windows Central

Open-source alt-droid wants to know if it’s still leaking data to Google

/e/, a Google-free fork of Android, reached a milestone this month with its initial ROM release. It’s available for download, so you can kick the tires, with nightly builds delivered via OTA (over the air) updates.

El Reg interviewed the project’s leader, Gael Duval, in the summer. Duval launched and led the Linux Mandrake project. Back then it was called “eelo”, but has morphed into just /e/ – which autocorrect features won’t try to turn into “eels”.

The project is significant in that the European Commission recently noted how few people switch platforms. If you’re on Apple or Android today, the chances are you will be on the same platform, plugged into the same “ecosystem” of peripherals and services, in 10 years. So it wants more variety and competition within the Android world.

/e/ derives from LineageOS, itself a fork of CynaogenMod, so it can run on around 30 phone models including the Samsung Galaxy S7, and several recent-ish OnePlus devices.

Source: Open-source alt-droid wants to know if it’s still leaking data to Google • The Register

Zoho – GSuite competitor – pulled offline after phishing complaints by DNS registrar, millions of people couldn’t work. Love the cloud!

Zoho .com was pulled offline on Monday after the company’s domain registrar received phishing complaints, the company’s chief executive said.

The web-based office suite company, which also provides customer relationship and invoicing services to small businesses, tweeted that the site was “blocked” earlier in the day by TierraNet, which administers its domain name.

In an email to TechCrunch, Zoho boss Sridhar Vembu said that TierraNet “took our domain down without any notice to us” after receiving complaints about phishing emails from Zoho-hosted email accounts.

In doing so, thousands of businesses that rely on Zoho for their operations couldn’t access their email, documents and files, and other business-critical software during the day. Zoho counts Columbia University, Netflix, Citrix, Air Canada and the Los Angeles Times as customers.

“They kept pointing us back to their legal, even when I tried to call their senior management,” said Vembu in the email.

Source: Zoho pulled offline after phishing complaints, CEO says | TechCrunch

Cisco Video Surveillance Manager Appliance Default Root Password Vulnerability (again)

A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials.

The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Source: Cisco Video Surveillance Manager Appliance Default Password Vulnerability

Incredible that this is still a thing, especially at Cisco, where it’s happened before.

2D spray on transparent wireless antennae created

Metals are widely used for antennas; however, their bulkiness limits the fabrication of thin, lightweight, and flexible antennas. Recently, nanomaterials such as graphene, carbon nanotubes, and conductive polymers came into play. However, poor conductivity limits their use. We show RF devices for wireless communication based on metallic two-dimensional (2D) titanium carbide (MXene) prepared by a single-step spray coating. We fabricated a ~100-nm-thick translucent MXene antenna with a reflection coefficient of less than −10 dB. By increasing the antenna thickness to 8 μm, we achieved a reflection coefficient of −65 dB. We also fabricated a 1-μm-thick MXene RF identification device tag reaching a reading distance of 8 m at 860 MHz. Our finding shows that 2D titanium carbide MXene operates below the skin depth of copper or other metals as well as offers an opportunity to produce transparent antennas.

Source: 2D titanium carbide (MXene) for wireless communication | Science Advances

Windows handwriting recognition on? Then all your typing is stored in plain text on your PC.

If you’re one of the people who own a stylus or touchscreen-capable Windows PC, then there’s a high chance there’s a file on your computer that has slowly collected sensitive data for the past months or even years.

This file is named WaitList.dat, and according to Digital Forensics and Incident Response (DFIR) expert Barnaby Skeggs, this file is only found on touchscreen-capable Windows PCs where the user has enabled the handwriting recognition feature [1, 2] that automatically translates stylus/touchscreen scribbles into formatted text.

Source: This Windows file may be secretly hoarding your passwords and emails | ZDNet

Quantum chicken-or-egg experiment blurs the distinction between before and after

In the everyday world, events occur in a definite order—your alarm clock rings before you wake up, or vice versa. However, a new experiment shows that when fiddling with a photon, it can be impossible to say in which order two events occur, obliterating our common sense notion of before and after and, potentially, muddying the concept of causality. Known as a quantum switch, the setup could provide a useful new tool in budding quantum information technologies.

Quantum mechanics already torpedoes our notion that an object can be in only one place at a time. Thanks to the weirdness of quantum mechanics, a tiny particle like an electron can be in multiple places at once. The quantum switch achieves something similar for two events, A and B, showing that A can occur before B and B can occur before A.

“I’m very excited to see people realizing our idea with an actual experiment,” says Giulio Chiribella of the University of Oxford in the United Kingdom, one of the theorists who in 2009 first proposed the concept.

[…]

The quantum switch could have applications in budding technologies that, for example, manipulate and transmit information encoded in the quantum states of individual photons and other quantum particles. Such devices must pass particles through quantum channels, such as optical fibers, that invariably suffer from noise. But even if two such channels are too noisy to transmit quantum information, they could in principle be fashioned into a quantum switch to enable the information to flow, Jacquiline Romero, a quantum physicist and member of the Queensland team, says. “You introduce indefinite order and suddenly you can communicate,” she says. “That’s pretty cool!”

Source: Quantum chicken-or-egg experiment blurs the distinction between before and after | Science | AAAS

Quantum mechanics defies causal order, experiment confirms

An experiment has confirmed that quantum mechanics allows events to occur with no definite causal order. The work has been carried out by Jacqui Romero, Fabio Costa and colleagues at the University of Queensland in Australia, who say that gaining a better understanding of this indefinite causal order could offer a route towards a theory that combines Einstein’s general theory of relativity with quantum mechanics

In classical physics – and everyday life – there is a strict causal relationship between consecutive events. If a second event (B) happens after a first event (A), for example, then B cannot affect the outcome of A. This relationship, however, breaks down in quantum mechanics because the temporal spread of a particles’s wave function can be greater than the separation in time between A and B. This means that the causal order of A and B cannot be always be distinguished by a quantum particle such as a photon.

[…]

As well as making an experimental connection between relativity and quantum mechanics, the researchers point out that their quantum switch could find use in quantum technologies. “This is just a first proof of principle, but on a larger scale indefinite causal order can have real practical applications, like making computers more efficient or improving communication,” says Costa.

Quantum mechanics defies causal order, experiment confirms

FAQs on Plastics – Our World in Data

A huge amount of information on plastic, with great visualisations

This post draws on data and research discussed in our entry on Plastic Pollution.

Source: FAQs on Plastics – Our World in Data

Earth at Night visualised with light intensity as terrain height

Explore the Earth at night as seen by Suomi NPP VIIRS using the Esri ArcGIS API for JavaScript. Lights are rendered as 3D terrain.

Source: Earth at Night

AI’s ‘deep-fake’ vids surge ahead in realism

Researchers from Carnegie Mellon University and Facebook Reality Lab are presenting Recycle-GAN, a generative adversarial system for “unsupervised video retargeting” this week at the European Conference on Computer Vision (ECCV) in Germany.

Unlike most methods, Recycle-GAN doesn’t rely on learning an explicit mapping between the images in a source and target video to perform a face swap. Instead, it’s an unsupervised learning method that begins to line up the frames from both videos based on “spatial and temporal information”.

In other words, the content that is transferred from one video to another not only relies on mapping the space but also the order of the frames to make sure both are in sync. The researchers use the comedians Stephen Colbert and John Oliver as an example. Colbert is made to look like he is delivering the same speech as Oliver, as his face is use to mimic the small movements of Oliver’s head nodding or his mouth speaking.

Here’s one where John Oliver is turned into a cartoon character.

It’s not just faces, Recycle-Gan can be used for other scenarios too. Other examples include synching up different flowers so they appear to bloom and die at the same time.

The researchers also play around with wind conditions, turning what looks like a soft breeze blowing into the trees into a more windy day without changing the background.

“I think there are a lot of stories to be told,” said Aayush Bansal, co-author of the research and a PhD. student at CMU.”It’s a tool for the artist that gives them an initial model that they can then improve,” he added.

Recycle-GAN might prove useful in other areas. Simulating various effects for video footage taken from self-driving cars could help them drive under different conditions.

“Such effects might be useful in developing self-driving cars that can navigate at night or in bad weather, Bansal said. These videos might be difficult to obtain or tedious to label, but its something Recycle-GAN might be able to generate automatically.

Source: The eyes don’t have it! AI’s ‘deep-fake’ vids surge ahead in realism • The Register

Solid-state battery startup secures backing from several automakers as it claims 2- 3x higher energy capacity, better safety through solid-state

Solid Power is a Colorado-based startup that spun out of a battery research program at the University of Colorado Boulder.

The company claims to have achieved a breakthrough by incorporating a high-capacity lithium metal anode in lithium batteries – creating a solid-state cell with an energy capacity “2-3X higher” than conventional lithium-ion.

They have already attracted investments from important companies, like A123 Systems and more recently BMW, which planned to validate their battery technology for the automotive market.

Now they are announcing this week the addition Hyundai, Samsung and several others to the list as they close a $20 million series A round of financing.

They are now working with two automakers and two battery cell suppliers for the auto industry.

Co-founder and CEO Doug Campbell commented on the announcement:

“We are at the center of the ‘electrification of everything’ with ASSB technology emerging as the clear leader in ‘post lithium-ion’ technologies. Solid-state batteries are a game changer for EV, electronics, defense, and medical device markets, and Solid Power’s technology is poised to revolutionize the industry with a competitive product paying special attention to safety, performance, and cost.”

In a press release, the company listed a bunch of advantages that they claim their technology has over current batteries:

  • 2 – 3X higher energy vs. current lithium-ion
  • Substantially improved safety due to the elimination of the volatile, flammable, and corrosive liquid electrolyte as used in lithium-ion
  • Low-cost battery-pack designs through:
    • Minimization of safety features
    • Elimination of pack cooling
    • Greatly simplified cell, module, and pack designs through the elimination of the need for liquid containment
  • High manufacturability due to compatibility with automated, industry-standard, roll-to-roll production

Solid Power said that it plans to use the funds from its Series A investment to “scale-up production via a multi-MWh roll-to-roll facility, which will be fully constructed and installed by the end of 2018 and fully operational in 2019.”

Source: Solid-state battery startup secures backing from several automakers as it claims breakthrough for electric vehicles | Electrek

Article 11, Article 13: EU’s Dangerous Copyright Bill Advances: massive censorship and upload filters (which are impossible) and huge taxes for links.

Members of the European Parliament voted Wednesday to approve a sweeping overhaul of the EU’s copyright laws that includes two controversial articles that threaten to hand more power to the richest tech companies and generally break the internet.

Overall, MEPs voted in favor of the EU Copyright Directive with a strong majority of 438 to 226. But the process isn’t over. There are still more parliamentary procedures to go through, and individual countries will eventually have to decide how they intend to implement the rules. That’s part of the reason that it’s so difficult to raise public awareness on this issue.

Momentum to oppose the legislation built up earlier this summer, culminating with Parliament deciding to open it up for amendments in July. Many people may have thought the worst was over. It wasn’t—but make no mistake, today’s vote in favor of the directive was extremely consequential.

The biggest issue with this legislation has been Articles 11 and 13. These two provisions have come to be known as the “link tax” and “upload filter” requirements, respectively.

In brief, the link tax is intended to take power back from giant platforms like Google and Facebook by requiring them to pay news outlets for the privilege of linking or quoting articles. But critics say this will mostly harm smaller websites that can’t afford to pay the tax, and the tech giants will easily pay up or just decide not link to news. The latter outcome has already happened when this was tried in Spain. On top of inhibiting the spread of news, the link tax could also make it all but impossible for Wikipedia and other non-profit educational sources to do their work because of their reliance on links, quotes, and citation.

The upload filter section of the legislation demands that all platforms aside from “small/micro enterprises” use a content ID system of some sort to prevent any copyrighted works from being uploaded. Sites will face all copyright liabilities in the event that something makes it past the filter. Because even the best filtering systems, like YouTube’s, are still horrible, critics say that the inevitable outcome is that over-filtering will be the default mode of operation. Remixing, meme-making, sharing of works in the public domain, and other fair use practices would likely all fall victim to platforms that would rather play it safe, just say no to flagged content, and avoid legal battles. Copyright trolls will likely be able to fraudulently claim ownership of intellectual property with little recourse for their victims.

We’ve gone further in-depth on all of the implications of the copyright directive, but the fact is, it’s full of vagaries and blind spots that make it impossible to say just how it will shake out. Joe McNamee, executive director of digital rights association EDRi, recently told The Verge, “The system is so complicated that last Friday the [European Parliament] legal affairs committee tweeted an incorrect assessment of what’s happening. If they don’t understand the rules, what hope the rest of us?” As we come closer to living parallel lives online and IRL, such sweeping legislation is dangerous to play with.

Source: Article 11, Article 13: EU’s Dangerous Copyright Bill Advances

You know all those movies you bought from Apple? Um, well, think different: You didn’t. Didn’t you learn that from Amazon in 2009?

Remember when you decided to buy, rather than rent, that movie online? We have some bad news for you – you didn’t.

Biologist Anders Gonçalves da Silva was surprised this week to find three movies he had purchased through iTunes simply disappeared one day from his library. So he contacted Apple to find out what had happened.

And Apple told him it no longer had the license rights for those movies so they had been removed. To which he of course responded: Ah, but I didn’t rent them, I actually bought them through your “buy” option.

At which point da Silva learnt a valuable lesson about the realities of digital purchases and modern licensing rules: While he had bought the movies, what he had actually paid for was the ability to download the movie to his hard drive.

“Please be informed that the iTunes/App Store is a store front that give content providers a platform or a place to sell their items,” the company informed him. “We can only offer what has been made available to us. Since the content provider has removed these movies… I am unable to provide you the copy of the movies.”

Sure, he could stream it whenever he wanted since he had bought it, but once those licensing rights were up, if he hadn’t downloaded the movie, it was gone – forever.

[…]

And it’s not fair to single out just Apple either: pretty much every provider of digital content has the same rules. Amazon got in hot water a few years ago when its deal with Disney expired and customers discovered that their expensive movie purchases vanished over night. In 2009 thee was a similar ruckus when it pulled George Orwell’s classic 1984 from Kindles without notice.

Source: You know all those movies you bought from Apple? Um, well, think different: You didn’t • The Register

Wow, great invention: Now AI eggheads teach machines how to be sarcastic using Reddit

It’s tricky. Computers have to follow what is being said by whom, the context of the conversation and often some real world facts to understand cultural references. Feeding machines single sentences is often ineffective; it’s a difficult task for humans to detect if individual remarks are cheeky too.

The researchers, therefore, built a system designed to inspect individual sentences as well as the ones before and after it. The model is made up of several bidirectional long-short term memory networks (BiLSTMs) stitched together, and was accurate at spotting a sarcastic comment about 70 per cent of the time.

“Typical LSTMs read and encode the data – a sentence – from left to right. BiLSTMs will process the sentence in a left to right and right to left manner,” Reza Ghaeini, coauthor of the research on arXiv and a PhD student at Oregon State University, explained to The Register this week.

“The outcome of the BiLSTM for each position is the concatenation of forward and backward encodings of each position. Therefore, now each position contains information about the whole sentence (what is seen before and what will be seen after).”

So, where’s the best place to learn sarcasm? Reddit’s message boards, of course. The dataset known as SARC – geddit? – contains hundreds of thousands of sarcastic and non-sarcastic comments and responses.

“It is quite difficult for both machines and humans to distinguish sarcasm without context,” Mikhail Khodak, a graduate student at Princeton who helped compile SARC, previously told El Reg.

“One of the advantages of our corpus is that we provide the text preceding each statement as well as the author of the statement, so algorithms can see whether it is sarcastic in the context of the conversation or in the context of the author’s past statements.”

Source: Wow, great invention: Now AI eggheads teach machines how to be sarcastic using Reddit • The Register

Top European Court Rules UK Mass Surveillance Regime Violates Human Rights

The European Court of Human Rights (ECHR) ruled this week that the United Kingdom government’s surveillance regime violated human rights laws.

The matter first came to light in 2013 when NSA whistleblower Edward Snowden revealed British surveillance practices—namely that the government intercepts social media, messages, and phone calls regardless of criminal record or suspicions of criminal activity.

The ECHR decided the surveillance program violates Article 8 of the European Convention on Human Rights—the right to a private life and a family life—due to what the court regarded as “insufficient oversight” of the selection of collected communications.

The court also believes that journalistic sources were not adequately protected. ECHR judges wrote, “In view of the potential chilling effect that any perceived interference with the confidentiality of journalists’ communications and, in particular, their sources might have on the freedom of the press, the Court found that the bulk interception regime was also in violation of article 10.”

In 2016, the UK Investigatory Powers Tribunal also ruled that intelligence agencies violated human rights through bulk collection and unsatisfactory oversight.

A group of human rights organizations including Big Brother Watch and Amnesty International brought the case to the court. The advocacy groups focused on the power granted by the Regulation of Investigatory Powers Act 2000 (RIPA), which was replaced in 2016 by the Investigatory Powers Act in 2016, a bill that hasn’t yet gone into effect.

“This landmark judgment confirming that the UK’s mass spying breached fundamental rights vindicates Mr. Snowden’s courageous whistleblowing,” Silkie Carlo, director of the Big Brother Watch, said in a statement. “Under the guise of counter-terrorism, the UK has adopted the most authoritarian surveillance regime of any Western state, corroding democracy itself and the rights of the British public. This judgment is a vital step towards protecting millions of law-abiding citizens from unjustified intrusion.”

The ECHR did deviate from these watchdog groups with the court ruling that the practice of sharing collected information with foreign nations—as opposed to oversight of the collection itself—does not violate freedom of speech or the right to a private life.

Source: Top European Court Rules UK Mass Surveillance Regime Violates Human Rights

Facebook creates an AI-based tool to automate bug fixes

SapFix, which is still under development, is designed to generate fixes automatically for specific bugs before sending them to human engineers for approval.

Facebook, which announced the tool today ahead of its @Scale conference in San Jose, California, for developers building large-scale systems and applications, calls SapFix an “AI hybrid tool.” It uses artificial intelligence to automate the creation of fixes for bugs that have been identified by its software testing tool Sapienz, which is already being used in production.

SapFix will eventually be able to operate independently from Sapienz, but for now it’s still a proof-of-concept that relies on the latter tool to pinpoint bugs first of all.

SapFix can fix bugs in a number of ways, depending on how complex they are, Facebook engineers Yue Jia, Ke Mao and Mark Harman wrote in a blog post announcing the tools. For simpler bugs, SapFix creates patches that revert the code submission that introduced them. In the case of more complicated bugs, SapFix uses a collection of “templated fixes” that were created by human engineers based on previous bug fixes.

And in case those human-designed template fixes aren’t up to the job, SapFix will then attempt what’s called a “mutation-based fix,” which works by continually making small modifications to the code that caused the software to crash, until a solution is found.

SapFix goes further by generating multiple potential fixes for each bug, then submits these for human evaluation. It also performs tests on each of these fixes so engineers can see if they might cause other problems, such as compilation errors and other crashes somewhere else.

Source: Facebook creates an AI-based tool to automate bug fixes – SiliconANGLE

Cold Boot Attacks are back – plug a sleeping laptop into some kit and read all the memory, slurp all the passwords

Olle and his fellow cyber security consultant Pasi Saarinen recently discovered a new way to physically hack into PCs. According to their research, this method will work against nearly all modern computers. This includes laptops from some of the world’s biggest vendors like Dell, Lenovo, and even Apple.

And because these computers are everywhere, Olle and Pasi are sharing their research with companies like Microsoft, Apple and Intel, but also the public. The pair are presenting their research at the SEC-T conference in Sweden on September 13, and at Microsoft’s BlueHat v18 in the US on September 27.

[…]

Because cold boot attacks are nothing new, there have been developments to make them less effective. One safeguard created by the Trusted Computing Group (TCG) was to overwrite the contents of the RAM when the power was restored.

And that’s where Olle and Pasi’s research comes in. The two experts figured out a way to disable this overwrite feature by physically manipulating the computer’s hardware. Using a simple tool, Olle and Pasi learned how to rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. Cold boot attacks can then be carried out by booting a special program off a USB stick.

Cold boot attacks are a known method of obtaining encryption keys from devices. But the reality is that attackers can get their hands on all kinds of information using these attacks. Passwords, credentials to corporate networks, and any data stored on the machine are at risk.

Source: The Chilling Reality of Cold Boot Attacks – F-Secure Blog

Plants communicate distress using their own kind of nervous system

Plants may lack brains, but they have a nervous system, of sorts. And now, plant biologists have discovered that when a leaf gets eaten, it warns other leaves by using some of the same signals as animals. The new work is starting to unravel a long-standing mystery about how different parts of a plant communicate with one another.

Animal nerve cells talk to each other with the aid of an amino acid called glutamate, which—after being released by an excited nerve cell—helps set off a wave of calcium ions in adjacent cells. The wave travels down the next nerve cell, which relays a signal to the next one in line, enabling long-distance communication.

Source: Plants communicate distress using their own kind of nervous system

Mikrotik routers pwned en masse, send network data to mysterious box

More than 7,500 Mikrotik routers have been compromised with malware that logs and transmits network traffic data to an unknown control server.

This is according to researchers from 360 Netlab, who found the routers had all been taken over via an exploit for CVE-2018-14847, a vulnerability first disclosed in the Vault7 data dump of supposed CIA hacking tools.

Since mid-July, Netlab said, attackers have looked to exploit the flaw and enlist routers to do things like force connected machines to mine cryptocurrency, and, in this case, forward their details on traffic packets to a remote server.

“At present, a total of 7,500 MikroTik RouterOS device IPs have been compromised by the attacker and their TZSP traffic is being forwarded to some collecting IP addresses,” the researchers explained.

The infection does not appear to be targeting any specific region, as the hacked devices reside across five different continents with Russia, Brazil, and Indonesia being the most commonly impacted.

The researchers noted that the malware is also resilient to reboots.

Source: Mikrotik routers pwned en masse, send network data to mysterious box • The Register

Outlook, Skype ‘throttle’ users amid storm cloud drama, can’t login. Yay cloud!

Folks around the planet are today unable to use Microsoft Skype and Office 365’s Outlook due to a baffling “Throttled” error message.

The weird text box pops up in the chat software and cloud-backed email client, preventing people from sending messages, and talking to contacts.

This is, according to Microsoft, due to a botched update to Azure’s backend authentication systems. The internal upgrade was introduced as its engineers brought servers knocked out by storms in Texas back online, and promptly broke Outlook and Skype. Outlook Web Access is said to be unaffected.

Source: Ever wanted to strangle Microsoft? Now Outlook, Skype ‘throttle’ users amid storm cloud drama • The Register

Mobile spyware maker mSpy leaks 2 million records

mSpy, a commercial spyware solution designed to help you spy on kids and partners, has leaked over 2 million records including software purchases and iCloud usernames and authentication tokens of devices running mSky. The data appears to have come from an unsecured database that allowed security researchers to pull out millions of records.

“Before it was taken offline sometime in the past 12 hours, the database contained millions of records, including the username, password and private encryption key of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months,” wrote security researcher Brian Krebs.

Source: Mobile spyware maker leaks 2 million records | TechCrunch

Google Dataset Search

https://toolbox.google.com/datasetsearch

 

 
Skip to toolbar