2019-01-01 00:00:00 ..
2019-10-06 11:56:21 UTC
2019-10-06 12:35:14 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks. Apple, Amazon, and Supermicro all vehemently denied the report. The NSA dismissed it as a false alarm. The Defcon hacker conference awarded it two Pwnie Awards, for "most overhyped bug" and "most epic fail." And no follow-up reporting has yet affirmed its central premise.
But even as the facts of that story remain unconfirmed, the security community has warned that the possibility of the supply chain attacks it describes is all too real. The NSA, after all, has been doing something like it for years, according to the leaks of whistle-blower Edward Snowden. Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment.
"It's not magical. It's not impossible. I could do this in my basement."
Monta Elkins, FoxGuard
At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minimal skills, working on a shoestring budget, can plant a chip in enterprise IT equipment to offer themselves stealthy backdoor access. (Full disclosure: I'll be speaking at the same conference, which paid for my travel and is providing copies of my forthcoming book to attendees.) With only a $150 hot-air soldering tool, a $40 microscope, and some $2 chips ordered online, Elkins was able to alter a Cisco firewall in a way that he says most IT admins likely wouldn't notice, yet would give a remote attacker deep control.
"We think this stuff is so magical, but it's not really that hard," says Elkins, who works as "hacker in chief" for the industrial-control-system security firm FoxGuard. "By showing people the hardware, I wanted to make it much more real. It's not magical. It's not impossible. I could do this in my basement. And there are lots of people smarter than me, and they can do it for almost nothing."
Elkins used an ATtiny85 chip, about 5 millimeters square, that he found on a $2 Digispark Arduino board; not quite the size of a grain of rice, but smaller than a pinky fingernail. After writing his code to that chip, Elkins desoldered it from the Digispark board and soldered it to the motherboard of a Cisco ASA 5505 firewall. He used an inconspicuous spot that required no extra wiring and would give the chip access to the firewall's serial port.
-- submitted from IRC
I am inviting the editorial team to take a much-deserved break on Monday and am encouraging the editorial staff to maintain "weekend story spacing"[*] on Monday. This is a long holiday weekend in the United States in celebration of Columbus Day (or Indigenous Peoples' Day). As a result, sites tend to post fewer stories. And, of the stories that are posted, a larger fraction are "filler" stories or fluff pieces, if you will. This, in turn, makes it harder for the editorial staff to find stories of interest to post to SoylentNews. Separately, one of our editors is still on leave and the remaining staff has been stretched thin with his absence. Further, several of the editorial staff are facing real-life challenges that conspire to reduce the amount of time and energy that can be given to posting stories on SoylentNews. Do recall that all staff here are volunteers and what you see here is freely given of their own spare time.
We generally try to post 14-15 stories per day on weekdays, and about 10 stories per day on weekends.
Also, a reminder that Linode has informed us of some server maintenance they will need to perform. Except for a short while on IRC (Internet Relay Chat), any downtime should not be visible to the community. Linode reserves up to a two-hour window for their maintenance, but past experience has show that most prior maintenance is completed in less than 30 minutes and often as little as 10-15 minutes. See our earlier story Linode to Perform Maintenance; Several SoylentNews Servers Selected for Servicing for details. The first of our servers to be affected is sodium whose maintenance window starts: 2019-10-18 05:00 AM.
We will keep you informed as things progress.
Recently, Tomasz Mloduchowski posted a popular article on his blog detailing the steps he undertook to get access to the hidden PCIe interface of Raspberry Pi 4: the first Raspberry Pi to include PCIe in its design. After seeing his post, and realizing I was meaning to go buy a Raspberry Pi 4, it just seemed natural to try and replicate his results in the hope of taking it a bit further. I am known for Raspberry Pi Butchery, after all.
What follows is a step-by-step guide to how he made it work. Setting up for remote operation, Desoldering the USB3 chip, soldering ultra-fine wires to the exposed pads using a microscope, a few reboot attempts requiring "professional" wiggling of the PCIe slot, hacking the Linux device tree to extend the bus ID limits, and some linux driver hacking, too. The article is filled with pictures and screen caps. He closes out the article listing the devices that were made available (using lspci) and then mentioning:
I also have tried some other fairly hilarious setups, including the following with a Radeon HD 7990 GPU, and another with a GTX 1060.
Even if you are not a hardware or software hacker, the pictures of his efforts along the way, culminating with a huge GPU in a PCI slot attached to a wee little Raspberry Pi 4 are worth the read.
Arthur T Knackerbracket has found the following story:
Adobe has reversed itself on a curious decision that would have denied refunds to customers in Venezuela whose accounts are being canceled through no fault of their own.
Adobe announced Monday that it is deactivating all user accounts in Venezuela in order to comply with an executive order issued by President Donald Trump. Adobe interpreted the executive order much more broadly than other companies, claiming that it was "unable to issue refunds" because the order required cessation of all business activity.
[...] Adobe reversed the no-refund part of its decision in an update to the support document yesterday. "If you purchased directly from Adobe, we will refund you by the end of the month for any paid, but unused services. We are working with our partners on the same," Adobe said in the update.
Adobe also reversed itself on one other portion of the mass account deletion. Adobe originally said it would have to stop providing both fee-based and free services to people in Venezuela. But now, Adobe says its free Behance social media platform will continue to be available in Venezuela after the cutoff date for other services.
"In order to remain compliant, Adobe will be deactivating all accounts in Venezuela, with the exception of Behance, on October 29, 2019," Adobe said.
-- submitted from IRC
Submitted via IRC for Bytram
A new paper from researchers at the University of Chicago introduces a technique for compiling highly optimized quantum instructions that can be executed on near-term hardware. This technique is particularly well suited to a new class of variational quantum algorithms, which are promising candidates for demonstrating useful quantum speedups. The new work was enabled by uniting ideas across the stack, spanning quantum algorithms, machine learning, compilers, and device physics. The interdisciplinary research was carried out by members of the EPiQC (Enabling Practical-scale Quantum Computation) collaboration, an NSF Expedition in Computing.
[...] To match the constraints of current and near-term quantum computers, a new paradigm for variational quantum algorithms has recently emerged. These algorithms tackle similar computational challenges as the originally envisioned quantum algorithms, but build resilience to noise by leaving certain internal program parameters unspecified. Instead, these internal parameters are learned by variation over repeated trials, guided by an optimizer. With a robust optimizer, a variational algorithm can tolerate moderate levels of noise.
While the noise resilience of variational algorithms is appealing, it poses a challenge for compilation, the process of translating a mathematical algorithm into the physical instructions ultimately executed by hardware.
[...] The researchers address the issue of partially specified programs with a parallel technique called partial compilation. Pranav Gokhale, a UChicago PhD student explains, "Although we can't fully compile a variational algorithm before execution, we can at least pre-compile the parts that are specified." For typical variational algorithms, this simple heuristic alone is sufficient, delivering 2x speedups in quantum runtime relative to standard gate-based compilation techniques. Since qubits decay exponentially with time, this runtime speedup also leads to reductions in error rates.
For more complicated algorithms, the researchers apply a second layer of optimizations that numerically characterize variations due to the unspecified parameters, through a process called hyperparameter optimization. "Spending a few minutes on hyperparameter tuning and partial compilation leads to hours of savings in execution time", summarizes Gokhale. Professor Chong notes that this theme of realizing cost savings by shifting resources—whether between traditional and quantum computing or between compilation and execution—echoes in several other EPiQC projects.
The researchers' paper, "Partial Compilation of Variational Algorithms for Noisy Intermediate-Scale Quantum Machines" (arXiv link) will be presented at the MICRO computer architecture conference in Columbus, Ohio on October 14. Gokhale and Chong's co-authors include Yongshan Ding, Thomas Propson, Christopher Winkler, Nelson Leung, Yunong Shi, David I. Schuster, and Henry Hoffmann, all also from the University of Chicago.
"Also, someone looking to start a fire who is carrying a can of petrol stands out. No one's going to look twice at someone with a bag of crisps, and the evidence destroys itself. This is especially helpful if someone is trying to make a deliberate fire look accidental. Criminals have presumably worked this out and told each other."
"Crisps encourage fire—they feed it—because they are hugely calorific and fatty. As the video shows, a packet of crisps—either the potato ones or the puffy, maize or corn-based ones—can set a car seat on fire within 200 seconds. Plenty of time for someone to get away."
Mr. Schneier and friends have created a new website to promote a change to the socio-economic technical milieu we are currently facing.
He suggests we need to have "public interest technologists" to help the situation.
"We need technologists who work in the public interest. We need public-interest technologists.
Defining this term is difficult. One Ford Foundation blog post described public-interest technologists as "technology practitioners who focus on social justice, the common good, and/or the public interest.""
Is he right? How can this be implemented without becoming as riddled with government agents, spies and mafias as the key positions of our corporations and institutions are right now?
Full disclosure: this writer has been a public interest technologist for a while now and I have actually alluded to the need for something like what is being suggested on multiple occasions, 'a different kind of organization' is the way I put it, way back a few months ago.
"It originally developed with households that are seeking unsecured loans being financed by other households. That's all it is: crowdsourcing consumer loans," said William Bazley, assistant professor of finance at the University of Kansas.
In his new article, "The Real and Social Effects of Online Lending," Bazley examines the fledgling industry, analyzing data that reveals why this modern method of borrowing is proliferating. He recently won the award for Best Paper on FinTech at the Northern Finance Association conference in Vancouver.
"When traditional credit becomes scarce, such as when banks merge or there's a natural disaster, having access to these markets and loan products moderates some of the decline in new business establishments," Bazley said.
He explains how these loans temper the effects of traditional credit scarcity by supporting small business growth. There are also social welfare implications. When conventional credit markets have frictions—something that prevents a trade from being executed smoothly—economic vitality suffers, and crime increases.
"In communities that can borrow in online peer-to-peer lending markets, the drop in economic growth is less severe. And the jump in crime is also moderated," Bazley said.
The first peer-to-peer lending in the U.S. appeared in 2006. The industry soared when banks refused to issue loans during the financial crisis of 2007-2008. Currently, Lending Club and Prosper are the two most successful of these companies.
As of 2016, they've originated about $100 billion in personal loans. According to a Price Waterhouse Coopers study, it's expected by 2025 these markets will generate about $150 billion in volume per year.
The Real and Social Effects of Online Lending: https://docs.wixstatic.com/ugd/113ef3_2b246ea4acdc4ad5abc71e5a90c76716.pdf
As part of its big robot push for upcoming the 2020 Tokyo Olympic and Paralympic Games, Toyota says it will have 20 of its e-Palette electric vehicles on-site to transport athletes.
Each of the vehicles will travel through the athletes' village at a leisurely 12 miles per hour along a designated loop. As an SAE Level 4-capable autonomous vehicle, the e-Palette will be able to navigate the area all on its own. However, a safety attendant will be onboard each vehicle to ensure nothing goes wrong. Those capabilities put the e-Palette in about the same ballpark as Waymo's current fleet of autonomous vehicles.
Toyota adds that it consulted with athletes to adapt the vehicle to their needs. It can transport up to four passengers in wheelchairs at the same time, and includes an electric ramp to facilitate easy and quick boarding. The automaker also made the interior elements of the Tokyo 2020 Version contrast to help colorblind individuals.
Arthur T Knackerbracket has found the following story:
A recent analysis reveals that treatment of male breast cancer has evolved over the years. In addition, certain patient-, tumor-, and treatment-related factors are linked with better survival. The findings are published early online in CANCER, a peer-reviewed journal of the American Cancer Society.
Male breast cancer (MBC) comprises one percent of all breast cancer cases, yet no prospective randomized clinical trials specifically focused on MBC have been successfully completed. Some studies suggest that the incidence of MBC may be rising, however, and there is an increasing appreciation that the tumor biology of MBC differs from that of female breast cancer.
To examine how MBC has been treated in the United States in recent years, and to identify factors associated with patient prognosis, a team led by Kathryn Ruddy, MD, MPH, and Siddhartha Yadav, MBBS, at Mayo Clinic in Rochester, analyzed information from the National Cancer Database on men diagnosed with stage I-III breast cancer between 2004 and 2014.
[...]Factors associated with worse overall survival were older age, black race, multiple comorbidities, high tumor grade and stage, and undergoing total mastectomy. Residing in higher income areas; having tumors that express the progesterone receptor; and receiving chemotherapy, radiation, and anti-estrogen therapy were associated with better overall survival.
“Male breast cancer in the United States: Treatment patterns and prognostic factors in the twenty-first century.” Siddhartha Yadav, Dhauna Karam, Irbaz Bin Riaz, Hao Xie, Urshila Durani, Narjust Duma, Karthik V. Giridhar, Tina J. Hieken, Judy C. Boughey, Robert W. Mutter, John R. Hawse, Rafael E. Jimenez, Fergus J. Couch, Roberto A. Leon Ferre, and Kathryn J. Ruddy. CANCER; (DOI: 10.1002/cncr.32472).
For better or worse, AI can now figure out what you're doing even without "seeing" you. The MIT Computer Science & AI Lab (CSAIL) has unveiled a neural network model that can detect human actions through walls or in extremely dark places.
Although automating the process of action recognition from visual data has been a computer vision research focus for some time, previous camera-based approaches — much like human eyes — could only sense visible light and were largely limited by occlusions. The MIT CSAIL researchers overcame those challenges by using radio signals in the WiFi frequencies, which can penetrate occlusions.
Their "RF-Action" AI model is an end-to-end deep neural network that recognizes human actions from wireless signals. The model uses radio frequency (RF) signals as input, generates 3D human "skeletons" as an intermediate representation, and can track and recognize actions and interactions of multiple people. The skeleton step enables the model to learn not only from RF-based datasets, but also from existing vision-based datasets.
Researchers say RF-Action is the first model to use radio signals for skeleton-based action recognition. "There are lots of potential applications regarding human behavior understanding and smart homes. For example, monitoring the elderly's abnormal behaviors such as falling down at home, monitoring whether patients take their medicine appropriately, or remote control of smart home devices by actions," says the paper's co-first author Tianhong Li.
Using RF in the "WiFi" bands. 25 hours of data was all it took (or all they collected) to train and test the AI. This article was unclear if the WiFi RF used was active, or passive although earlier reporting specifically mentioned passive.
MIT CSAIL RF Action site has a link to the paper:
Making the Invisible Visible: Action Recognition Through Walls and Occlusions
Tianhong Li*, Lijie Fan*, Mingmin Zhao, Yingcheng Liu, Dina Katabi
International Conference on Computer Vision (ICCV), 2019
[PDF] [arXiv] [BibTeX]
This looks like an update of the story we first published in 2015, but now including AI.
Wall Street company Clear offers a fast way around the long TSA lines at a number of large USA airports. Here's an article about it, https://www.fastcompany.com/90245393/clear-new-york-startup-speed-through-lines-at-airport-or-stadium
What's the pitch? You can sign up right at the airport in five minutes for $179 a year. If you are about to miss your flight because the TSA lines are an hour long, this might look like a trip saver. Of course there is a catch, they use biometric data: fingerprints, irises, faces... and a promise that your data is safe with them.
Clear's only domestic competition at airports is the Transportation Security Administration's service TSA PreCheck, which has more members (7 million), and is much cheaper ($85 for five years) and more widely available (200-plus airports). Another program, Global Entry, is run by the U.S. Customs and Border Protection service to expedite passage of international travelers entering the United States. PreCheck and Global Entry both collect fingerprints from participating travelers but unlike Clear do not capture iris or facial scans. All three of the services—PreCheck, Global Entry, and Clear—worked with the Department of Homeland Security to develop tools that could predict the threat level of individual travelers, the "known traveler" model.
Clear is currently experimenting with an adaptation of this model that could be deployed at a vast number of non-airport venues. "In travel, prescreening programs like PreCheck and Global Entry create known travelers," Clear said in a statement to Fast Company. "As a qualified anti-terrorism technology, Clear believes creating known fan programs can continue to make experiences safer and easier." A former Clear executive put it this way: "If you wanted to do predictive analytics to show who at a stadium is more likely to bring a gun in, they have the ability to do that."
Here's the company pitch if anyone is interested : https://www.clearme.com/how-it-works/
Submitted via IRC for Bytram
A breakdown in the nation's regulatory system and poor communication from Boeing compromised the safety of the 737 Max jet before it crashed twice in five months and killed 346 people, according to a damning report released Friday.
Boeing did not adequately explain to federal regulators how a crucial new system on the plane worked, the report says. That system was found to have played a role in the accidents in Indonesia last October and Ethiopia in March.
[...] "This report confirms our very worst fears about a broken system," Senator Richard Blumenthal, Democrat of Connecticut, said in an interview. "To put the fox in charge of the henhouse never made any sense, and now we see the deeply tragic consequences."
Hours after the report was released, Boeing's board stripped the company's chief executive, Dennis A. Muilenburg, of his chairman title. The move was the most direct response yet from a board that has resisted shaking up the management team before the Max is flying again, even as pressure mounted inside Boeing to hold someone accountable. The Max has been grounded for more than seven months.
[...] Friday's report, which was put together by representatives of the Federal Aviation Administration, NASA and nine international regulators, provided the first official detailed account of how federal regulators certified the Max. Lawmakers and federal investigators are still conducting their own inquiries into the design and approval of the jet.
Speaking with Alex Wiltshire in Edge magazine #338, Google's top streaming engineer claims the company is verging on gaming superiority with its cloud streaming service, Stadia, thanks to the advancements it's making in modelling and machine learning. It's even eyeing up the gaming performance crown in just a couple of years.
"Ultimately, we think in a year or two we'll have games that are running faster and feel more responsive in the cloud than they do locally," Bakar says to Edge, "regardless of how powerful the local machine is."
This would be achieved using Google's homegrown streaming tech, which it's been teasing ever since Stadia was first announced late last year with Project Stream. The company believes its tech is capable of overcoming the hurdles presented by over-the-web gaming, despite its extensive web of datacentres sitting potentially hundreds of miles away from a user.
Specifically Bakar notes Google's "negative latency" will act as a workaround for any potential lag between player and server. This term describes a buffer of predicted latency, inherent to a Stadia players setup or connection, in which the Stadia system will run lag mitigation. This can include increasing fps rapidly to reduce latency between player input and display, or even predicting user inputs.
Yes, you heard that correctly. Stadia might start predicting what action, button, or movement you're likely to do next and render it ready for you – which sounds rather frightening.
With enough latency, the game will play itself and the console will just stream the game-play movie. I have the feeling a Netflix subscription will be cheaper.
Submitted via IRC for Bytram
Arm, Synopsys, and Samsung Foundry have developed a set of optimized tools and IP that will enable chip designers to build next-generation SoCs based on Arm’s Hercules processor cores on Samsung’s 5LPE (5 nm, Low Power Early) node faster. The three companies expect the tools and IP to be used by designers of SoCs for a wide variety of applications.
The set of Synopsys tools are certified by Samsung Foundry for its 5LPE manufacturing technology, and now includes the Fusion Design Platform as well as QuickStart Implementation Kit that are enabled to optimize power, performance, and area for 5LPE designs. Meanwhile, Arm will provide Artisan Physical IP and POP IP tailored for Samsung’s 5LPE process. The IP packages will enable Arm’s partners to quickly develop 5LPE-optimized SoCs based on the Arm Hercules general-purpose CPU cores.
[...] Considering that Arm’s Hercules are the company’s next-generation advanced CPU cores and 5LPE is a leading-edge process technology, Samsung expects the new tools and IP to be used for SoCs aimed at HPC, automotive, 5G, and AI applications.
Samsung expected to tape out the first 5LPE chips in the second half of 2019 and plans to start volume production using the node in the first half of 2020.