Daily Archives: January 3, 2018

Another view: bitcoin isn’t likely to consume all the world’s electricity in 2020 (anyone reminded of climate change discussions?)

Posted on by

The computer process that generates each coin is said to be on pace to require more electricity than the United States consumes in a year. This bitcoin “mining” allegedly consumes more power than most countries use each year, and its electricity usage is roughly equivalent to Bulgaria’s consumption.

But here’s another thing you might want to know: All of that analysis is based on a single estimate of bitcoin’s power consumption that is highly questionable, according to some long-time energy and IT researchers. Despite their skepticism, this power-consumption estimate from the website Digiconomist has quickly been accepted as gospel by many journalists, research analysts and even billionaire investors.
[…]
Several energy experts caution that there is currently no reliable, verifiable way to measure just how much electric power is consumed in the process of minting the cryptocurrency. They say the first step is gathering hard data from the data centers, and no one has done that work yet.

“Many of those calculations that you see today I think are based on very weak assumptions,” said Christian Catalini, an assistant professor at the MIT Sloan School of Management who studies blockchain technology and cryptocurrencies.

Source: No, bitcoin isn’t likely to consume all the world’s electricity in 2020

Acoustic Attacks on HDDs cause them to shut down

Posted on by

The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD’s data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect.Because hard drives store vasts amounts of information inside small areas of each platter, they are programmed to stop all read/write operations during the time a platter vibrates so to avoid scratching storage disks and permanently damaging an HDD.

Source: Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More

These experts figured out why so many bogus US patents get approved

Posted on by

If you’ve read our coverage of the Electronic Frontier Foundation’s “Stupid Patent of the Month” series, you know America has a patent quality problem. People apply for patents on ideas that are obvious, vague, or were invented years earlier. Too often, applications get approved and low-quality patents fall into the hands of patent trolls, creating headaches for real innovators.

Why don’t more low-quality patents get rejected? A recent paper published by the Brookings Institution offers fascinating insights into this question. Written by legal scholars Michael Frakes and Melissa Wasserman, the paper identifies three ways the patent process encourages approval of low-quality patents:

The United States Patent and Trademark Office (USPTO) is funded by fees—and the agency gets more fees if it approves an application.

Unlimited opportunities to refile rejected applications means sometimes granting a patent is the only way to get rid of a persistent applicant.

Patent examiners are given less time to review patent applications as they gain seniority, leading to less thorough reviews.

None of these observations is entirely new. For example, we have covered the problems created by unlimited re-applications in the past. But what sets Frakes and Wasserman’s work apart is that they have convincing empirical evidence for all three theories.

They have data showing that these features of the patent system systematically bias it in the direction of granting more patents. Which means that if we reformed the patent process in the ways they advocate, we’d likely wind up with fewer bogus patents floating around.

Source: These experts figured out why so many bogus patents get approved | Ars Technica

Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner

Posted on by

A Chrome extension with over 105,000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks.The extension does not ask for user permission before hijacking their CPUs to mine Monero all the time the Chrome browser is open.Named “Archive Poster,” the extension is advertised as a mod for Tumblr that allows users an easier way to “reblog, queue, draft, and like posts right from another blog’s archive.”According to users reviews, around the start of December the extension has incorporated the infamous Coinhive in-browser miner in its source code.

Source: Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner

How to Stop Apps From Listening in on Your TV Habits (it turns out thousands are)

Posted on by

That innocent-looking mobile game you just downloaded might just have an ulterior motive. Behind the scenes, hundreds of different apps could be using your smartphone’s microphone to figure out what you watch on TV, a new report from The New York Times reveals.
[…]
All of these apps need to get your permission before they can record in the background. So the easiest way is just to deny that permission. However, it’s possible that you might approved the request without realizing it, or your kid might do it while playing with your phone. In that case, switching it off is pretty easy.

Just head into Settings on your device and check the permissions for the app in question. If the app has microphone access when it doesn’t need to (why would a bowling game need to use your microphone?), just toggle that permission off.

Source: How to Stop Apps From Listening in on Your TV Habits

To drive faster we all need to keep the same distance to the car behind us as the car in front

Posted on by

a new study in IEEE Transactions on Intelligent Transportation Systems mathematically models the implications of the larger problem: You’re not keeping the right distance from the car behind you.

That may seem counterintuitive, since you don’t have much control over how far you are from the car behind you—especially when that person is a tailgater. But the math says that if everyone kept an equal distance between the cars ahead and behind, all spaced out in a more orderly fashion, traffic would move almost twice as quickly. Now sure, you’re probably not going to convince everyone on the road to do that. Still, the finding could be a simple yet powerful way to optimize semi-autonomous cars long before the fully self-driving car of tomorrow arrives.
[…]
Problem is, we’re talking about an emergent property here. “To get the full benefits of this, a significant fraction of the cars would have to have this,” says Horn. “In terms of societal implementation that’s a big factor, because even if it’s relatively cheap, people who implement it will question whether the first car that gets it is worth that investment, because until other cars get it, it doesn’t do a whole lot of good.”
[…]
“It sounds pretty drastic, but the benefits are huge,” says Horn. “We’re talking about a potential doubling of throughput, huge decreases in CO2 emissions, a lot of aggravation reduced and fuel used.”

Source: Math Says You’re Driving Wrong and It’s Slowing Us All Down | WIRED

Forever 21: Yes, hackers breached our payment system for half of 2017

Posted on by

A breach at Forever 21 left customer payment card information exposed to hackers, the retailer confirmed Thursday. The company didn’t specify how many customers had information stolen, but said various point of sales terminals were affected between April 3 and November 18, 2017. Hackers collected credit card numbers, expiration dates, verification codes and sometimes cardholder names.

Source: Forever 21: Yes, hackers breached our payment system – CNET

Hackers Can Rickroll Thousands of Sonos and Bose Speakers Over the Internet

Posted on by

Perhaps you’ve been hearing strange sounds in your home—ghostly creaks and moans, random Rick Astley tunes, Alexa commands issued in someone else’s voice. If so, you haven’t necessarily lost your mind. Instead, if you own one of a few models of internet-connected speaker and you’ve been careless with your network settings, you might be one of thousands of people whose Sonos or Bose devices have been left wide open to audio hijacking by hackers around the world.Researchers at Trend Micro have found that some models of Sonos and Bose speakers—including the Sonos Play:1, the newer Sonos One, and Bose SoundTouch systems—can be pinpointed online with simple internet scans, accessed remotely, and then commandeered with straightforward tricks to play any audio file that a hacker chooses. Only a small fraction of the total number of Bose and Sonos speakers were found to be accessible in their scans. But the researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.

Source: Hackers Can Rickroll Thousands of Sonos and Bose Speakers Over the Internet | WIRED

The evidence-based medicine problem: US doctors cling to procedures that don’t work. Just under half of expensive operations.

Posted on by

The recent news that stents inserted in patients with heart disease to keep arteries open work no better than a placebo ought to be shocking. Each year, hundreds of thousands of American patients receive stents for the relief of chest pain, and the cost of the procedure ranges from $11,000 to $41,000 in US hospitals.

But in fact, American doctors routinely prescribe medical treatments that are not based on sound science.The stent controversy serves as a reminder that the United States struggles when it comes to winnowing evidence-based treatments from the ineffective chaff. As surgeon and health care researcher Atul Gawande observes, “Millions of people are receiving drugs that aren’t helping them, operations that aren’t going to make them better, and scans and tests that do nothing beneficial for them, and often cause harm.

”Of course, many Americans receive too little medicine, not too much. But the delivery of useless or low-value services should concern anyone who cares about improving the quality, safety and cost-effectiveness of medical care. Estimates vary about what fraction of the treatments provided to patients is supported by adequate evidence, but some reviews place the figure at under half.

Naturally that carries a heavy cost: One study found that overtreatment — one type of wasteful spending — added between $158 billion and $226 billion to US health care spending in 2011.

Source: The evidence-based medicine problem: US doctors cling to procedures that don’t work – Vox

Web trackers exploit browser login managers

Posted on by

First, a user fills out a login form on the page and asks the browser to save the login. The tracking script is not present on the login page [1]. Then, the user visits another page on the same website which includes the third-party tracking script. The tracking script inserts an invisible login form, which is automatically filled in by the browser’s login manager. The third-party script retrieves the user’s email address by reading the populated form and sends the email hashes to third-party servers.

We found two scripts using this technique to extract email addresses from login managers on the websites which embed them. These addresses are then hashed and sent to one or more third-party servers. These scripts were present on 1110 of the Alexa top 1 million sites. The process of detecting these scripts is described in our measurement methodology in the Appendix 1. We provide a brief analysis of each script in the sections below.

Source: No boundaries for user identities: Web trackers exploit browser login managers

Canada to use AI to Study ‘Suicide-Related Behavior’ on Social Media

Posted on by

his month the Canadian government is launching a pilot program to research and predict suicide rates in the country using artificial intelligence. The pilot will mine Canadians’ social media posts “in order to identify patterns associated with users who discuss suicide-related behavior,” according to a recently published contract document.

Source: Canada Is Using AI to Study ‘Suicide-Related Behavior’ on Social Media

‘Kernel memory leaking’ Intel / ARM processor design flaw forces Linux, Windows, OSX redesign, massive slowdowns to be expected

Posted on by

t is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.The fix is to separate the kernel’s memory completely from user processes using what’s called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.
[…]
At best, the vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs.

At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory. Suffice to say, this is not great. The kernel’s memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys, files cached from disk, and so on. Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data.

Specifically, in terms of the best-case scenario, it is possible the bug could be abused to defeat KASLR: kernel address space layout randomization. This is a defense mechanism used by various operating systems to place components of the kernel in randomized locations in virtual memory. This mechanism can thwart attempts to abuse other bugs within the kernel: typically, exploit code – particularly return-oriented programming exploits – relies on reusing computer instructions in known locations in memory.

Source: ‘Kernel memory leaking’ Intel processor design flaw forces Linux, Windows redesign • The Register

This very specifically could mean that you can’t seperate Virtual Machines properly any more.

AMD is quite chuffed to not be affected.

Using stickers in the field of view to fool image recognition AIs

Posted on by

In a research paper presented in December through a workshop at the 31st Conference on Neural Information Processing Systems (NIPS 2017) and made available last week through ArXiv, a team of researchers from Google discuss a technique for creating an adversarial patch.

This patch, sticker, or cutout consists of a psychedelic graphic which, when placed next to an object like a banana, makes image recognition software see something entirely different, such as a toaster.
[…]
“We construct an attack that does not attempt to subtly transform an existing item into another,” the researchers explain. “Instead, this attack generates an image-independent patch that is extremely salient to a neural network. This patch can then be placed anywhere within the field of view of the classifier, and causes the classifier to output a targeted class.”

The boffins observe that because the patch is separate from the scene, it allows attacks on image recognition systems without concern for lighting conditions, camera angles, the type of classifier being attacked, or other objects present in the scene.

While the ruse recalls schemes to trick face scanning systems with geometric makeup patterns, it doesn’t involve altering the salient object in the scene. The addition of the adversarial patch to the scene is enough to confuse the image classification code.

Source: Now that’s sticker shock: Sticky labels make image-recog AI go bananas for toasters • The Register

Nvidia: bans using cheap GeForce, Titan GPUs in servers through EULA. Is that legal?!

Posted on by

The chip-design giant updated its GeForce and Titan software licensing in the past few days, adding a new clause that reads: “No Datacenter Deployment. The SOFTWARE is not licensed for datacenter deployment, except that blockchain processing in a datacenter is permitted.”

In other words, if you wanted to bung a bunch of GeForce GPUs into a server box and use them to accelerate math-heavy software – such as machine learning, simulations and analytics – then, well, you can’t without breaking your licensing agreement with Nvidia. Unless you’re doing trendy blockchain stuff.

A copy of the license in the Google cache, dated December 31, 2017, shows no mention of the data center ban. Open the page today, and, oh look, data center use is verboten.

Source: Nvidia: Using cheap GeForce, Titan GPUs in servers? Haha, nope! • The Register

I don’t really understand how a company hopes to defend being able to tell you where and for what purpose you are allowed to used hardware you bought from them. You bought it, you paid for it, it’s your hardware to do with whatever you want. Unless the government says you can’t. Such as for eg. weaponry. Which I am pretty sure they don’t specify for Nvidia graphics cards.