SlashDot

An anonymous reader quotes a report from VentureBeat: At the International Supercomputing Conference (ISC) in Frankfurt, Germany this week, Santa Clara-based chipmaker Nvidia announced that it will support processors architected by British semiconductor design company Arm. Nvidia anticipates that the partnership will pave the way for supercomputers capable of "exascale" performance -- in other words, of completing at least a quintillion floating point computations ("flops") per second, where a flop equals two 15-digit numbers multiplied together. Nvidia says that by 2020 it will contribute its full stack of AI and high-performance computing (HPC) software to the Arm ecosystem, which by Nvidia's estimation now accelerates over 600 HPC applications and machine learning frameworks. Among other resources and services, it will make available CUDA-X libraries, graphics-accelerated frameworks, software development kits, PGI compilers with OpenACC support, and profilers. Nvidia founder and CEO Jensen Huang pointed out in a statement that, thanks to this commitment, Nvidia will soon accelerate all major processor architectures: x86, IBM's Power, and Arm. "As traditional compute scaling has ended, the world's supercomputers have become power constrained," said Huang. "Our support for Arm, which designs the world's most energy-efficient CPU architecture, is a giant step forward that builds on initiatives Nvidia is driving to provide the HPC industry a more power-efficient future."

Read more of this story at Slashdot.

Google CEO Sundar Pichai says YouTube is too big to completely fix the site's problems with harmful content. From a report: During a CNN interview that aired Sunday, Pichai was asked whether there will ever be enough humans to filter through and remove such content. "We've gotten much better at using a combination of machines and humans," Pichai said. "So it's one of those things, let's say we're getting it right 99% of the time, you'll still be able to find examples. Our goal is to take that to a very, very small percentage well below 1%." Pichai said Google probably can't get that to 100%. "Any large scale systems, it's tough," Pichai said. "Think about credit card systems, there's some fraud in that. ... Anything when you run at that scale, you have to think about percentages."

Read more of this story at Slashdot.

Artem S. Tashkinov writes: The Register reports that it is possible to crash network-facing Linux servers, PCs, smartphones and tablets, and gadgets, or slow down their network connections, by sending them a series of maliciously crafted packets. It is also possible to hamper FreeBSD machines with the same attack. Patches and mitigations are available, and can be applied by hand if needed, or you can wait for a security fix to be pushed or offered to your at-risk device. A key workaround is to set /proc/sys/net/ipv4/tcp_sack to 0. At the heart of the drama is a programming flaw dubbed SACK Panic aka CVE-2019-11477: this bug can be exploited to remotely crash systems powered by Linux kernel version 2.6.29 or higher, which was released 10 years ago.

Read more of this story at Slashdot.

An anonymous reader shares a report: In the heart of Boston, Tufts Medical Center treats scores of health conditions, from administering measles vaccines for children to pioneering next-generation tools that can eradicate the rarest of cancers. But doctors, administrators and other hospital staff struggled to contain a much different kind of epidemic one April morning last year: a wave of thousands of robocalls that spread, like a virus, from one phone line to the next, disrupting communications for hours to come. For most Americans, such robocalls represent an unavoidable digital-age nuisance, resulting in constant interruptions targeting their phones each month. For hospitals, though, the spam calls amount to a literal life-or-death challenge, one that increasingly is threatening doctors and patients in a setting where every second can count. At Tufts Medical Center, administrators registered more than 4,500 calls between about 9:30 and 11:30 a.m. on April 30, 2018, said Taylor Lehmann, the center's chief information security officer. Many of the messages seemed to be the same: Speaking in Mandarin, an unknown voice threatened deportation unless the person who picked up the phone provided their personal information. Such calls are common, widely documented scams that seek to swindle vulnerable foreigners, who may surrender their private data out of fear their families and homes are at risk. But it proved especially troubling at Tufts, which is situated amid Boston's Chinatown neighborhood, Lehmann said. Officials there couldn't block the calls through their telecom carrier, Windstream, which provides phone and web services to consumers and businesses. "There's nothing we could do," Lehmann said Windstream told them.

Read more of this story at Slashdot.

Cloudflare, along with a group of individual and academic partners, is forming a new coalition that will provide truly random, unpredictable numbers for a variety of applications, including election systems and lotteries. From a report: The problem of producing truly random numbers on a consistent basis has been a thorny one for cryptographers for many years. There have been plenty of efforts to establish sources of randomness, with some success, but one of the drawbacks is that any single randomness generator can be a target for abuse by privileged insiders or outside attackers. This is especially true in high-value applications that require random numbers, such as lottery or election systems. Also, if a given source of random numbers fails for any reason, the applications that rely on it can be crippled, as well. To help address this problem, Cloudflare has teamed up with the University of Chile, the Ecole polytechnique federale de Lausanne, and several individual researchers to form a consortium of randomness beacons distributed around the world. The system is based on the drand randomness beacon developed by Nicholas Gailly, a researcher at Protocol Labs, a research lab for network protocols, and the aim is to have a distributed network of beacons that will always be available. "Our founding members are contributing their individual high-entropy sources to provide a more random and unpredictable beacon to generate publicly verifiable random values every sixty seconds. The fact that the drand beacon is decentralized and built using appropriate, provably-secure cryptographic primitives, increases our confidence that it possesses all the aforementioned properties," Dina Kozlov, a product manager at Cloudflare, said. "This global network of servers generating randomness ensures that even if a few servers are offline, the beacon continues to produce new numbers by using the remaining online servers. Even if one or two of the servers or their entropy sources were to be compromised, the rest will still ensure that the jointly-produced entropy is fully unpredictable and unbiasable." Random numbers are vital to many kinds of systems and there are plenty of hardware and software-based random number generators. But more than one RNG has been found to have a bias, whether intentional or accidental, so randomness beacons emerged.

Read more of this story at Slashdot.

Microsoft has released To-Do for Mac, finally giving Apple users access to the task management tool on their desktops. The Mac app will allow users to work offline, view their upcoming tasks under "My Day," share to-do lists with friends and colleagues and see flagged emails. From a report: "Today, we'd like to announce the arrival of a new family member -- that's right, the moment many of you have been waiting for is here -- say hello to the Mac app. If you've already been using our app on Android, iOS, Windows, or web, then the Mac app will feel very familiar. Sign in and all your tasks will be waiting for you, ready to be checked off. You can work offline, add tasks to My Day, see your flagged email in your Flagged email list, and share your lists with colleagues or friends and family. The Planner integration isn't available yet, but we're already working on bringing the Assigned to Me list to you," says Polly Davidson, Social Media Strategist, Microsoft.

Read more of this story at Slashdot.

Over a quarter of all the major content management systems (CMSs) use the old and outdated MD5 hashing scheme as the default for securing and storing user passwords. From a report: Some of the projects that use MD5 as the default method for storing user passwords include WordPress, osCommerce, SuiteCRM, Simple Machines Forum, miniBB, MyBB, SugarCRM, CMS Made Simple, MantisBT, Phorum, Observium, X3cms, and Composr. The MD5 algorithm has been cracked for years now, meaning all passwords stored in this format can be reversed back to their plaintext version. This means that unless website owners changed these default settings by modifying the CMS source code, most websites built on top of these CMSs puts user passwords at risk in the case a hacker steals the site's database. This revelation is just one of the many observations that came out of an extensive academic research project at the University of Piraeus, in Greece. Academics examined 49 commonly used CMSs and 47 popular web application frameworks and looked at their default password storage mechanism, namely their password hashing schemes.

Read more of this story at Slashdot.

In just three pages, a Russian mathematician has presented a better way to color certain types of networks than many experts thought possible. From a report: A paper posted online last month has disproved a 53-year-old conjecture about the best way to assign colors to the nodes of a network. The paper shows, in a mere three pages, that there are better ways to color certain networks than many mathematicians had supposed possible. Network coloring problems, which were inspired by the question of how to color maps so that adjoining countries are different colors, have been a focus of study among mathematicians for nearly 200 years. The goal is to figure out how to color the nodes of some network (or graph, as mathematicians call them) so that no two connected nodes share the same color. Depending on the context, such a coloring can provide an effective way to seat guests at a wedding, schedule factory tasks for different time slots, or even solve a sudoku puzzle. Graph coloring problems tend to be simple to state, but they are often enormously hard to solve. Even the question that launched the field -- Do four colors suffice to color any map? -- took more than a century to answer (the answer is yes, in case you were wondering). The problem tackled in the new paper seemed, until now, to be no exception to this rule. Unsolved for more than 50 years, it concerns tensor products -- graphs made by combining two different graphs (call them G and H) in a specific way. The tensor product of G and H is a new, larger graph in which each node represents a pair of nodes from the original graphs -- one from G and one from H -- and two nodes in the tensor product are connected if both their corresponding nodes in G and their corresponding nodes in H are connected.

Read more of this story at Slashdot.

Apple CEO Tim Cook said Sunday in a commencement address at Stanford University that technology companies need to take responsibility for the "chaos" they create. From a report: He did not name specific companies in his speech, but referenced several reasons that tech firms, particularly social media platforms, have come under scrutiny in recent months. He also made an apparent reference to embattled health startup Theranos. "Lately it seems this industry is becoming better known for a less noble innovation -- the belief you can claim credit without accepting responsibility," Cook said, according to videos posted online of his speech. "We see it every day now with every data breach, every privacy violation, every blind eye turned to hate speech, fake news poisoning out national conversation, the false miracles in exchange for a single drop of your blood," he added. "Too many seem to think that good intentions excuse away harmful outcomes, but whether you like it or not, what you build and what you create define who you are. It feels a bit crazy that anyone should have to say this, but if you built a chaos factory, you can't dodge responsibility for the chaos."

Read more of this story at Slashdot.

Malaysia Airlines Flight 370's disappearance in March 2014 instantly become a global news phenomenon, as multiple countries joined the search for the Boeing 777 and its 239 passengers and crew. But the mystery is still swirling five years on. The Atlantic's July cover story looks at all of the known evidence about how MH370 vanished into the Indian Ocean to deliver the clearest picture to date of what happened: that in all likelihood the plane was intentionally crashed by the pilot. From the report: In truth, a lot can now be known with certainty about the fate of MH 370. First, the disappearance was an intentional act. It is inconceivable that the known flight path, accompanied by radio and electronic silence, was caused by any combination of system failure and human error. The story also tracked down Blaine Gibson, an American who has taken it upon himself to recover pieces of MH370 wreckage. Gibson has collected more plane fragments than any other person or entity -- and on beaches hundreds of miles apart. What Gibson's discovery of so many pieces of debris has confirmed is that the signals analysis was correct. The airplane flew for six hours until the flight came suddenly to an end. There was no effort by someone at the controls to bring the plane down gently. It shattered. Amid the bizarre conspiracy theories that continue to surround the disappearance of MH370, Gibson has become a target of threats and abuse. Yet his work to recover pieces of MH370 continues.

Read more of this story at Slashdot.

China's Huawei has taken a harder-than-expected hit from a U.S. ban, the company's founder and CEO Ren Zhengfei said, and slashed revenue expectations for the year. From a report: Ren's downbeat assessment that the ban will hit revenue by $30 billion, the first time Huawei has quantified the impact of the U.S. action, comes as a surprise after weeks of defiant comments from company executives who maintained Huawei was technologically self-sufficient. [...] Huawei had not expected that U.S. determination to "crack" the company would be "so strong and so pervasive," Ren said, speaking at the company's Shenzhen headquarters on Monday. Two U.S. tech experts, George Gilder and Nicholas Negroponte, also joined the session. "We did not expect they would attack us on so many aspects," Ren said, adding he expects a revival in business in 2021.

Read more of this story at Slashdot.

Samsung has reminded owners of its smart TVs that they should be regularly scanning for malware using its built-in virus scanning software. From a report: In a tweet, Samsung US support account shared a video Sunday outlining how users can scan their smart TVs for viruses. It is unclear what prompted the tweet or why the process seems to be opt-in as opposed to the operating system automatically scanning for viruses in the background. "Scanning your computer for malware viruses is important to keep it running smoothly. This also is true for your QLED TV if it's connected to Wi-Fi! Prevent malicious software attacks on your TV by scanning for viruses on your TV every few weeks," the company said in the tweet. It has since deleted the tweet.

Read more of this story at Slashdot.

Some users of Yahoo Japan are rising up against Japan's biggest web portal after the rollout of a new rating system that's being compared with a social-scoring initiative in China. From a report: The 48 million people with a Yahoo! Japan ID will have to opt-out within a privacy settings webpage if they don't want to be rated. The score is based on a variety of factors and is calculated based on inputs such as payment history, shopping reviews, whether a user canceled bookings and the amount of identifiable personal information. Unless users opt out, their ratings may be accessible to freelance jobs site Crowdworks, Yahoo's bike-sharing service and other businesses. Makoto Niida, a longtime Yahoo user, opted out of the rating system when he learned about it. "It's a big deal that the service was enabled by default," Niida said. "The way they created services that benefit businesses without clear explanations to their users reminds me of Chinaâ(TM)s surveillance society." Yahoo's new credit-score program follows efforts by Mizuho Financial Group, NTT Docomo and other companies to use algorithms to assign ratings to consumers. Japan doesn't have a system similar to FICO in the U.S., so businesses in the world's third-largest economy have come up with their own solutions to determine financial trustworthiness.

Read more of this story at Slashdot.

"JetBrains released its State of Developer Ecosystem 2019 report, which found while Java is still the most popular primary language and JavaScript is the most used overall, Python is gaining speed," reports SD Times: The report surveyed about 7,000 developers worldwide, and revealed Python is the most studied programming language, the most loved language, and the third top primary programming language developers are using... The top use cases developers are using Python for include data analysis, web development, machine learning and writing automation scripts, according to the JetBrains report. More developers are also beginning to move over to Python 3, with 9 out of 10 developers using the current version. The JetBrains report also found while Go is still a young language, it is the most promising programming language. "Go started out with a share of 8% in 2017 and now it has reached 18%. In addition, the biggest number of developers (13%) chose Go as a language they would like to adopt or migrate to," the report stated... Seventy-three percent of JavaScript developers use TypeScript, which is up from 17 percent last year. Seventy-one percent of Kotlin developers use Kotlin for work. Java 8 is still the most popular programming language, but developers are beginning to migrate to Java 10 and 11. JetBrains (which designed Kotlin in 2011) also said that 60% of their survey's respondents identified themselves as professional web back-end developers (while 46% said they did web front-end, and 23% developed mobile applications). 41% said they hadn't contributed to open source projects "but I would like to," while 21% said they contributed "several times a year." "16% of developers don't have any tests in their projects. Among fully-employed senior developers though, that statistic is just 8%. Like last year, about 30% of developers still don't have unit tests in their projects." Other interesting statistics: 52% say they code in their dreams. 57% expect AI to replace developers "partially" in the future. "83% prefer the Dark theme for their editor or IDE. This represents a growth of 6 percentage points since last year for each environment. 47% take public transit to work. And 97% of respondents using Rust "said they have been using Rust for less than a year. With only 14% using it for work, it's much more popular as a language for personal/side projects." And more than 90% of the Rust developers who responded worked with codebases with less than 300 files.

Read more of this story at Slashdot.

There's now a new $175 million remake of Godzilla: King of the Monsters. I loved it, Msmash walked out of it, and BeauHD didn't bother to go see it. The movie performed poorly at the box office, but I'm not the only person who still likes Godzilla. There's also a new anime version on Netflix. And critic Matt Zoller Seitz (once a finalist for the Pulitzer Prize in criticism) is calling the new film "a frequently astounding movie... its imperfections are compensated by magnificence." For all its crash-and-bash action, this is a real science fiction movie that goes to the trouble of not merely creating a world, but thinking about the implications of its images and predicaments. It cares what the people in it must feel and think about their situation, and how it might weigh on them every day even when they aren't talking about it amongst themselves. It's also suffused with a spiritual or theological awareness, and takes it all as seriously as recent DC films took their comparisons of caped wonders to figures from the Old Testament and ancient mythology... [A]t the level of image, sound and music, "Godzilla: King of the Monsters" is a frequently brilliant film that earnestly grapples with the material it presents... It deploys state-of-the-art moviemaking tools to try to return audiences to a stage of childlike terror and delight. Arthur C. Clarke famously observed that any sufficiently advanced technology is indistinguishable from magic. This movie is magic. No expense was spared. For fans of the franchise there was even a quick Easter egg about what happened to the Mothra twins when they grew up. And of course the film-makers included Blue Oyster Cult's "Godzilla" song in the closing credits -- an over-the-top remake featuring a chanting Japanese taiko drum group, members of the band Dethklok from Metalocalypse, and heavy-metal drumming legend Gene Hoglan. The film's composer called it "perhaps the most audacious piece of music I have ever produced, jammed to the breaking point...It is complete musical madness." But what it all for nothing? Leave your own thoughts in the comments. Does anyone still like Godzilla?

Read more of this story at Slashdot.

Every day 5.7 million people ride the subway in New York City -- and are subjected to both "the whims of the Metropolitan Transit Authority and the unheard-of reliability of a marginally successful operating system from the early 1990s." martiniturbide shared this report from Tedium: OS/2 and MTA consultant Neil Waldhauer said in an email, "For a few years, you could bet your career on OS/2." To understand why, you need to understand the timing. Waldhauer continues, "The design is from a time before either Linux or Windows was around. OS/2 would have seemed like a secure choice for the future." So for a lack of options, the MTA went with its best one. And it's worked out for decades, as one of the key software components of a quite complex system... Despite the failure of OS/2 in the consumer market, it was hilariously robust, leading to a long life in industrial and enterprise systems -- with one other famous example being ATMs. Waldhauer said, "Thinking about all the operating systems in use [in the MTA], I'd have to say that OS/2 is probably the most robust part of the system, except for the mainframe." It's still in use in the NYC subway system in 2019. IBM had long given up on it, even allowing another company to maintain the software in 2001. (These days, a firm named Arca Noae sells an officially supported version of OS/2, ArcaOS, though most of its users are in similar situations to the MTA.)

Read more of this story at Slashdot.

Bloomberg reports on a five-year, $77 million project by America's Department of Defense to create an implantable brain device that restores memory-generation capacity for people with traumatic brain injuries. A device has now been developed by Michael Kahana, a professor of psychology at the University of Pennsylvania, and the medical technology company Medtronic Plc, and successfully tested with funding from America's Defense Advanced Research Projects Agency (Darpa). Connected to the left temporal cortex, it monitors the brain's electrical activity and forecasts whether a lasting memory will be created. "Just like meteorologists predict the weather by putting sensors in the environment that measure humidity and wind speed and temperature, we put sensors in the brain and measure electrical signals," Kahana says. If brain activity is suboptimal, the device provides a small zap, undetectable to the patient, to strengthen the signal and increase the chance of memory formation. In two separate studies, researchers found the prototype consistently boosted memory 15 per cent to 18 per cent. The second group performing human testing, a team from Wake Forest Baptist Medical Center in Winston-Salem, N.C., aided by colleagues at the University of Southern California, has a more finely tuned method. In a study published last year, their patients showed memory retention improvement of as much as 37 per cent. "We're looking at questions like, 'Where are my keys? Where did I park the car? Have I taken my pills?'â" says Robert Hampson, lead author of the 2018 study... Both groups have tested their devices only on epileptic patients with electrodes already implanted in their brains to monitor seizures; each implant requires clunky external hardware that won't fit in somebody's skull. The next steps will be building smaller implants and getting approval from the U.S. Food and Drug Administration to bring the devices to market... Justin Sanchez, who just stepped down as director of Darpa's biological technologies office, says veterans will be the first to use the prosthetics. "We have hundreds of thousands of military personnel with traumatic brain injuries," he says. The next group will likely be stroke and Alzheimer's patients.

Read more of this story at Slashdot.

An anonymous reader quotes Bloomberg: Twitch Interactive, the livestreaming platform owned by Amazon.com, has sued anonymous trolls who flooded the site last month with pornography, violent content and copyrighted movies and television shows... Twitch says it works to remove offensive posts and ban the accounts of the users who post them, but that the videos quickly reappear, apparently posted by bots, while other bots work to drive users to the impermissible content. Twitch temporarily suspended new creators from streaming after a May 25 attack by trolls. The company said that if it learns the identities of the anonymous streamers who have abused its terms of service -- named in the lawsuit as "John and Jane Does 1-100" -- it will ask the court to prohibit their using the platform and order them to pay restitution and damages.

Read more of this story at Slashdot.

Researchers from Austria's Graz University of Technology "have devised an automated system for browser profiling using two new side channel attacks that can help expose information about software and hardware," reports The Register. The researchers recently presented a paper titled "JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits," which The Register says "calls into question the effectiveness of anonymized browsing and browser privacy extensions... " Long-time Slashdot reader Artem S. Tashkinov shared their report: One of the side-channel attacks developed for JavaScript Template Attacks involve measuring runtime differences between two code snippets to infer the underlying instruction set architecture through variations in JIT compiler behavior. The other involves measuring timing differences in the memory allocator to infer the allocated size of a memory region. The boffins' exploration of the JavaScript environment reveals not only the ability to fingerprint via browser version, installed privacy extension, privacy mode, operating system, device microarchitecture, and virtual machine, but also the properties of JavaScript objects. And their research shows there are far more of these than are covered in official documentation. This means browser fingerprints have the potential to be far more detailed -- have more data points -- than they are now. The Mozilla Developer Network documentation for Firefox, for example, covers 2,247 browser properties. The researchers were able to capture 15,709. Though not all of these are usable for fingerprinting and some represent duplicates, they say they found about 10,000 usable properties for all browsers.

Read more of this story at Slashdot.

Remember the outrage last year when a researcher discovered that for Venmo's 40 million users, all transactions are "public" by default and broadcast on Venmo's API? More than a year later, computer science student Dan Salmon has demonstrated that it's still incredibly easy to download millions of transactions through Venmo's developer API without obtaining user permissions (without even using the Venmo app). He proved this by downloading 7 million of them," TechCrunch reports: Dan Salmon said he scraped the transactions during a cumulative six months to raise awareness and warn users to set their Venmo payments to private... Using that data, anyone can look at an entire user's public transaction history, who they shared money with, when, and in some cases for what reason -- including illicit goods and substances. "There's truly no reason to have this API open to unauthenticated requests," he told TechCrunch. "The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that's your goal then you should require a token with each request to verify that the user is logged in." He published the scraped data on his GitHub page.

Read more of this story at Slashdot.