Geek Stuff

Microsoft CEO Satya Nadella Warns Against 'Hubris' Amid AI Growth

Slashdot -

Microsoft and its competitors should eschew artificial intelligence systems that replace people instead of maximizing their time, CEO Satya Nadella said in an interview on Monday. From the report: "The fundamental need of every person is to be able to use their time more effectively, not to say, 'let us replace you'," Nadella said in an interview at the DLD conference in Munich. "This year and the next will be the key to democratizing AI. The most exciting thing to me is not just our own promise of AI as exhibited by these products, but to take that capability and put it in the hands of every developer and every organization. [...] There's a thin line between hubris and confidence," Nadella said. "Always there is risk of hubris coming back, missing trends. The only long-term indicator of success is, âhow good is your internal culture?'" "What I've learned if anything in three years as CEO is, it's not about celebrating one product," he said. "That, to me, is the sign of a company that's built to last. In tech it's even more harsh."

Read more of this story at Slashdot.

Windows 10 Gets A New Linux: openSUSE

Slashdot -

An anonymous reader writes: "Running Linux binaries natively on Windows... that sounds awesome indeed," writes Hannes Kuhnemund, the senior product manager for SUSE Linux Enterprise. He's written a blog post describing how to run openSUSE Leap 42.2 and SUSE Linux Enterprise Server 12 SP2 on Windows 10, according to Fossbytes, which reports that currently users have two options -- openSUSE Leap 42.2 and SUSE Linux Enterprise Server 12 SP2. Currently it's Ubuntu that's enabled by default in the Windows Subsystem for Linux, although there's already a project on GitHub that also lets you install Arch Linux. "It's quite unfortunate that Microsoft enabled the wrong Linux (that's my personal opinion) by default within the Windows Subsystem for Linux (WSL)," writes Kuhnemund, "and it is time to change it to the real stuff.

Read more of this story at Slashdot.

Compute Module 3 Launch!

Raspberry Pi -

Way back in April of 2014 we launched the original Compute Module (CM1), which was based around the BCM2835 processor of the original Raspberry Pi. CM1 was a great success and we’ve seen a lot of uptake from various markets, particularly in IoT and home and factory automation. Not to be outdone by its bigger Raspberry Pi brother, the Compute Module is also destined for space!

Compute Module 3

Since releasing the original Compute Module, we’ve launched 2 further generations of much faster Raspberry Pi boards, so today we bring you the shiny new Compute Module 3 (CM3); this is based on the Raspberry Pi 3 hardware, providing twice the RAM and roughly 10x the CPU performance of the original Module. We’ve been talking about the Compute Module 3 since the launch of the Raspberry Pi 3, and we’re already excited to see NEC displays, an early adopter, launching their CM3-enabled display solution.

Compute Module 3

The idea of the Compute Module was to provide an easy and cost-effective route to producing customised products based on the Pi hardware and software platform. The thought was to provide the ‘team in a garage’ with easy access to the same technology as the big guys. The Module takes care of the complexity of routing out the processor pins, the high speed RAM interface, and core power supply, and allows a simple carrier board to provide just what is needed in terms of external interfaces and form factor. The module uses a standard DDR2 SODIMM form factor, sockets for which are made by several manufacturers, are easily available, and are inexpensive.

In fact, today we are launching two versions of Compute Module 3. The first is the ‘standard’ CM3 which has a BCM2837 processor at up to 1.2GHz with 1GByte RAM, the same as Pi3, and 4Gbytes of on-module eMMC flash. The second version is what we are calling ‘Compute Module 3 Lite’ (CM3L) which still has the same BCM2837 and 1Gbyte of RAM, but brings the SD card interface to the Module pins so a user can wire this up to an eMMC or SD card of their choice.

Back side of CM3 (left) and CM3L (right).

We are also releasing an updated version of our get-you-started breakout board, the Compute Module IO Board V3 (CMIO3). This board provides the necessary power to the Module and gives you the ability to program the Module’s flash memory (for the non-Lite versions) or use an SD card (Lite versions), access the processor interfaces in a slightly more friendly fashion (pin headers and flexi connectors, much like the Pi), and provides the necessary HDMI and USB connectors so that you have an entire system that can boot Raspbian (or the OS of your choice). This board provides both a starting template for those who want to design with the Compute Module, and a quick way to start experimenting with the hardware, and building and testing a system, before going to the expense of fabricating a custom board. The CMIO3 can accept an original Compute Module, CM3, or CM3L.

Comprehensive information on the Compute Modules is available in the relevant hardware documentation section of our website, and includes a datasheet and schematics.

With the launch of CM3 and CM3 Lite, we are not obsoleting the original Compute Module; we still see this as a valid product in its own right, being a lower-cost and lower-power option where the performance of a CM3 would be overkill.

CM3 and CM3L are priced at $30 and $25 respectively (excluding tax and shipping), and this price applies to any size order. The original Compute Module is also reduced to $25. Our partners RS and Premier Farnell are also providing full development kits, which include all you need to get started designing with the Compute Module 3.

The CM3 is largely backwards-compatible with CM1 designs which have followed our design guidelines. The caveats are that the Module is 1mm taller than the original Module, and the processor core supply (VBAT) can draw significantly more current. Consequently, the processor itself will run much hotter under heavy CPU load, so designers need to consider thermals based on expected use cases.

CM3 (left) is 1mm taller than CM1 (right)

We’re very glad to finally be launching the Compute Module 3, and we’re excited to see what people do with it. Head on over to our partners element14 and RS Components to buy yours today!

The post Compute Module 3 Launch! appeared first on Raspberry Pi.

Researchers Create A Lithium-Ion Battery With Built-In Flame Retardant

Slashdot -

An anonymous reader quotes Engadget: One big problem with lithium-ion batteries is that they have the tendency to catch fire and blow up all kinds of gadgets like toys and phones. To solve that issue, a group of researchers from Stanford University created lithium-ion batteries with built-in fire extinguishers. They added a component called "triphenyl phosphate" to the plastic fibers of the part that keeps negative and positive electrodes separate. Triphenyl phosphate is a compound commonly used as a flame retardant for various electronics. If the battery's temperature reaches 150 degrees Celsius, the plastic fibers melt and release the chemical. Based on the researchers' tests, the method can stop batteries from burning up within 0.4 seconds.

Read more of this story at Slashdot.

Microsoft's Security Bulletins Will End In February

Slashdot -

Remember how Microsoft switched to cumulative updates? Now Computerworld points out that that's bringing another change. An anonymous reader quotes their report: Microsoft next month will stop issuing detailed security bulletins, which for nearly 20 years have provided individual users and IT professionals information about vulnerabilities and their patches... A searchable database of support documents will replace the bulletins; that database has been available, albeit in preview, since November on the portal Microsoft dubbed the "Security Updates Guide," or SUG. The documents stored in the database are specific to a vulnerability on an edition of Windows, or a version of another Microsoft product. They can be sorted and filtered by the affected software, the patch's release date, its CVE identifier, and the numerical label of the KB, or "knowledge base" support document. Redmond Magazine reports that Microsoft still plans to continue to issue its security advisories, and to issue "out-of-band" security update releases as necessary.

Read more of this story at Slashdot.

Windows 10 Upgrade Bug Disabled Cntrl-C In Bash

Slashdot -

An anonymous reader quotes InfoWorld: A massive set of changes to the Windows Subsystem for Linux (WSL) was rolled into Windows Insider build 15002... If this is any hint, Microsoft's goal is nothing short of making it a credible alternative to other Linux distributions... Some of the fixes also implement functionality that wasn't available before to Linux apps in WSL, such as support for kernel memory overcommit and previously omitted network stack options. Other changes enhance integration between WSL and the rest of Windows... [O]ne major issue in build 15002 is that Ctrl-C in a Bash session no longer works. Microsoft provided an uncommon level of detail for how this bug crept in, saying it had to do with synchronization between the Windows and Bash development teams. The next Insider build should have a fix. But for people doing serious work with Linux command-line apps, not having Ctrl-C is a little like driving a car when only the front brakes work.

Read more of this story at Slashdot.

How A Professional Poker Player Conned a Casino Out of $9.6 Million

Slashdot -

Phil Ivey is a professional poker player who's won ten World Series of Poker bracelets -- but he's also got a new game. An anonymous reader write: In 2012, Ivey requested that the Borgata casino let him play baccarat with an assistant named Cheng Yin Sun while using a specific brand of playing cards -- purple Gemaco Borgata playing cards -- and an automatic shuffler. He then proceeded to win $9.6 million over four visits. The pair would rotate certain cards 180 degrees, which allowed them to recognize those cards the next time they passed through the deck. (They were exploiting a minute lack of a symmetry in the pattern on the backs of the cards...) But last month a U.S. district judge ruled that Ivey and his partner had a "mutual obligation" to the casino, in which their "primary obligation" was to not use cards whose values would be known to them -- and ordered them to return the $9.6 million [PDF]. "What this ruling says is a player is prohibited from combining his skill and intellect and visual acuity to beat the casino at its own game," Ivey's attorney told the AP, adding that the judge's ruling will be appealed. The judge also ruled Ivey had to return the money he later won playing craps with his winnings from the baccarat game -- though the judge denied the casino's request for restitution over the additional $250,000 worth of goods and services they'd "comped" Ivey during his stay.

Read more of this story at Slashdot.

Apple/Samsung Patent Case Returns To Court To Revisit Infringement Damages

Slashdot -

An anonymous reader quotes MacRumors: The U.S. Court of Appeals for the Federal Circuit on Thursday reopened a longstanding patent lawsuit related to Samsung copying the design of the iPhone nearly six years ago...according to court documents filed electronically this week... Apple's damages were calculated based on Samsung's entire profit from the sale of its infringing Galaxy smartphones, but the Supreme Court ruled it did not have enough info to say whether the amount should be based on the total device, or rather individual components such as the front bezel or the screen. It will now be up to the appeals court to decide. Apple last month said the lawsuit, ongoing since 2011, has always been about Samsung's "blatant copying" of its ideas, adding that it remains optimistic that the U.S. Court of Appeals will "again send a powerful signal that stealing isn't right."

Read more of this story at Slashdot.

Google-Funded Project Envisions Nation's Librarians Teaching Kids to Code

Slashdot -

"We're excited to double down on the findings of Ready to Code 1," says one Google program manager, "by equipping librarians with the knowledge and skills to cultivate computational thinking and coding skills in our youth." theodp writes: Citing the need to fill "500,000 current job openings in the field of computer science," the American Library Association argues in a new whitepaper that "all 115,000 of the nation's school and public libraries are crucial community partners to guarantee youth have skills essential to future employment and civic participation"... The ALA's Google-funded "Libraries Ready to Code" project has entered Phase II, which aims to "equip Master's in Library Science students to deliver coding programs through public and school libraries and foster computational thinking skills among the nation's youth." "Libraries play a vital role in our communities, and Google is proud to build on our partnership with ALA," added Hai Hong, who leads US outreach on Google's K-12 Education team... "Given the ubiquity of technology and the half-a-million unfilled tech jobs in the country, we need to ensure that all youth understand the world around them and have the opportunity to develop the essential skills that employers -- and our nation's economy -- require."

Read more of this story at Slashdot.

Driverless Electric Shuttle Deployed In Downtown Las Vegas

Slashdot -

schwit1 quotes the Associated Press: There's a new thrill on the streets of downtown Las Vegas, where high- and low-rollers alike are climbing aboard what officials call the first driverless electric shuttle operating on a public U.S. street. The oval-shaped shuttle began running Tuesday as part of a 10-day pilot program, carrying up to 12 passengers for free along a short stretch of the Fremont Street East entertainment district. The vehicle has a human attendant and computer monitor, but no steering wheel and no brake pedals. Passengers push a button at a marked stop to board it. The shuttle uses GPS, electronic curb sensors and other technology, and doesn't require lane lines to make its way. The shuttle -- which they've named Arma -- is traveling at 15 miles per hour, and the ride is smooth, according to the mayor of Las Vegas. ("It's clean and quiet and seats comfortably.") They've blocked all the side streets, so the shuttle doesn't have to deal with traffic signals yet, though eventually they'll install special transmitters at every intersection to communicate whether the lights are red or green, and the city plans to deploy more of the vehicles by the end of the year.

Read more of this story at Slashdot.

Meet Lux, A New Lisp-like Language

Slashdot -

Drawing on Haskell, Clojure, and ML, the new Lux language first targeted the Java Virtual Machine, but will be a universal, cross-platform language. An anonymous reader quotes JavaWorld: Currently in an 0.5 beta release, Lux claims that while it implements features common to Lisp-like languages, such as macros, they're more flexible and powerful in Lux... [W]hereas Clojure is dynamically typed, as many Lisp-like languages have been, Lux is statically typed to reduce bugs and enhance performance. Lux also lets programmers create new types programmatically, which provides some of the flexibility found in dynamically typed languages. The functional language Haskell has type classes, but Lux is intended to be less constraining. Getting around any constraints can be done natively to the language, not via hacks in the type system. There's a a 16-chapter book about the language on GitHub.

Read more of this story at Slashdot.

Hackers Corrupt Data For Cloud-Based Medical Marijuana System

Slashdot -

Long-time Slashdot reader t0qer writes: I'm the IT director at a medical marijuana dispensary. Last week the point of sales system we were using was hacked... What scares me about this breach is, I have about 30,000 patients in my database alone. If this company has 1,000 more customers like me, even half of that is still 15 million people on a list of people that "Smoke pot"... " No patient, consumer, or client data was ever extracted or viewed," the company's data directory has said. "The forensic analysis proves that. The data was encrypted -- so it couldn't have been viewed -- and it was never extracted, so nobody has it and could attempt decryption." They're saying it was a "targeted" attack meant to corrupt the data rather than retrieve it, and they're "reconstructing historical data" from backups, though their web site adds that their backup sites were also targeted. "In response to this attack, all client sites have been migrated to a new, more secure environment," the company's CEO announced on YouTube Saturday, adding that "Keeping our client's data secure has always been our top priority." Last week one industry publication had reported that the outage "has sent 1,000 marijuana retailers in 23 states scrambling to handle everything from sales and inventory management to regulatory compliance issues."

Read more of this story at Slashdot.

Thousands Of Cubans Now Have Internet Access

Slashdot -

There's been a dramatic change in one of the world's least-connected countries. An anonymous reader quotes the AP: Since the summer of 2015, the Cuban government has opened 240 public Wi-Fi spots in parks and on street corners across the country... The government estimates that 100,000 Cubans connect to the internet daily. A new feature of urban life in Cuba is the sight of people sitting at all hours on street corners or park benches, their faces illuminated by the screen of smartphones connected by applications such as Facebook Messenger to relatives in Miami, Ecuador or other outposts of the Cuban diaspora... Cuban ingenuity has spread internet far beyond those public places: thousands of people grab the public signals through commercially available repeaters, imported illegally into Cuba and often sold for about $100 -- double the original price. Mounted on rooftops, the repeaters grab the public signals and create a form of home internet increasingly available in private rentals for tourists and cafes and restaurants for Cubans and visitors alike. The article also points out that last month, for the first time ever, 2,000 Cubans began receiving home internet access.

Read more of this story at Slashdot.

Will The Death of the PC Bring 'An End To Openness'?

Slashdot -

Slashdot reader snydeq shared "11 Predictions For the Future of Programming" by InfoWorld's contributing editor -- and one prediction was particularly dire: The passing of the PC isn't only the slow death of a particular form factor. It;s the dying of a particularly open and welcoming marketplace... Consoles are tightly locked down. No one gets into that marketplace without an investment of capital. The app stores are a bit more open, but they're still walled gardens that limit what we can do. Sure, they are still open to programmers who jump through the right hoops but anyone who makes a false move can be tossed... For now, most of the people reading this probably have a decent desktop that can compile and run code, but that's slowly changing. Fewer people have the opportunity to write code and share it. For all of the talk about the need to teach the next generation to program, there are fewer practical vectors for open code to be distributed.

Read more of this story at Slashdot.

Ask Slashdot: What's The Best Place To Suggest New Open Source Software?

Slashdot -

dryriver writes: Somebody I know has been searching up and down the internet for an open source software that can apply GPU pixel shaders (HLSL/GLSL/Cg/SweetFX) to a video and save the result out to a video file. He came up with nothing, so I said "Why not petition the open source community to create such a tool?" His reply was "Where exactly does one go to ask for a new open source software?" So that is my question: Where on the internet can one best go to request that a new open source software tool that does not exist yet be developed? Or do open source tools only come into existence when someone -- a coder -- starts to build a software, opens the source, and invites other coders to join the fray? This is a good place to discuss the general logistics of new open source projects -- so leave your best answers in the comments. What's the best place to suggest new open source software?

Read more of this story at Slashdot.

Google Launches Key Transparency While A Trade-Off in WhatsApp is Called a Backdoor

EFF's Deeplinks -

The Guardian ran a sensational story on Friday claiming a backdoor was discovered in WhatsApp, enabling intelligence agencies to snoop on encrypted messages. Gizmodo followed up saying it's no backdoor at all, but reasonable, intended behavior. So what's really going on here?

The lost phone, lost message dilemma

The issue at question is WhatsApp's answer to the question of what applications should do when someone's phone number changes (or they reinstall their app, or switch phones).

Suppose Alice sends a message to Bob encrypted with Bob's key K1. Alice's message is stored encrypted at the server until Bob can connect and download it. This behavior is required for any app that allows asynchronous communications (meaning you can send a message to somebody while they are offline), which nearly all popular messaging apps support.

Unfortunately, Bob just dropped his phone in a lake. Later on, Bob gets a new phone and reinstalls WhatsApp. On this new phone, the app will create a new key K2. There are two possible behaviors here:

  • Fail safe: The server can delete the queued message, since it was encrypted with K1, which no longer exists. Bob will never see the message. If Alice has turned on key change notifications, she will be warned that Bob is using a new key. She will be told that her message was not delivered and given the option to re-send it. This is what Signal does.
  • Proceed: The server will tell Alice's phone that Bob has a new key K2, and to please re-encrypt the message for K2. Alice's phone will do this, and Bob will get the message. If Alice has turned on key change notifications, she will then be warned that Bob's key had changed. This is what WhatsApp does.

Note that the second behavior makes the service seem more reliable: it's one less way a message can fail to be delivered.

The issue here is that the second behavior opens a security hole: Bob need not have actually lost his phone for the server to act as if he has lost it. Acting maliciously, the server could pretend that Bob's new key is a key that the server controls. Then, it will tell Alice about this new key, but will not give Alice a chance to intervene and prevent the message from being sent. Her phone will automatically re-send the message, which the server can now read. Alice will be notified and can later attempt to verify the new fingerprint with Bob, but by then it will be too late.

By contrast, the first behavior of failing safe prevents this potential attack vector. As far as reliability, however, it also introduces a case in which messages could fail to be delivered.

What to do if you use WhatsApp

If you are a high-risk user whose safety might be compromised by a single revealed message, you may want to consider alternative applications. As we mention in our Surveillance Self-Defense guides for Android and iOS, we don't currently recommend WhatsApp for secure communications.

But if your threat model can tolerate being notified after a potential security incident, WhatsApp still does a laudable job of keeping your communications secure. And thanks to WhatsApp's massive user base, using WhatsApp is not immediate evidence of secretive activity.

If you would like to turn on WhatsApp's key change notifications, go into Settings → Account → Security, and slide “Show security notifications” to the right.

In defense of security trade-offs

The difference between WhatsApp and Signal here is a case of sensible defaults. Signal was designed as a secure messaging tool first and foremost. Signal users are willing to tolerate lower reliability for more security. As anybody who's used Signal extensively can probably attest, these types of edge cases add up and overall the app can seem less reliable.

WhatsApp, on the other hand, was a massively popular tool before end-to-end encryption was added. The goal was to add encryption in a way that WhatsApp users wouldn't even know it was there (and the vast majority of them don't). If encryption can cause messages to not be delivered in new ways, the average WhatsApp user will see that as a disadvantage. WhatsApp is not competing with Signal in the marketplace, but it does compete with many apps that are not end-to-end encrypted by default and don't have to make these security trade-offs, like Hangouts, Allo, or Facebook Messenger, and we applaud WhatsApp for giving end-to-end encryption to everyone whether they know it's there or not.

Nevertheless, this is certainly a vulnerability of WhatsApp, and they should give users the choice to opt into more restrictive Signal-like defaults.

But it's inaccurate to the point of irresponsibility to call this behavior a backdoor.

This is a classic security trade-off. Every communication system must make security trade-offs. Perfect security does no good if the resulting tool is so difficult that it goes unused. Famously, PGP made few security trade-offs early on, and it appears to be going the way of the dodo as a result.

Ideally, users should be given as much control as possible. But WhatsApp has to set defaults, and their choice is defensible.

Detecting bad behavior more easily with Key Transparency

Coincidentally, Google just announced the launch of its new Key Transparency project. This project embraces a big security trade-off: given that most users will not verify their contacts' key fingerprints and catch attacks before they happen, the project provides a way to build guarantees into messaging protocols that a server's misbehavior will be permanently and publicly visible after the fact. For a messaging application, this means you can audit a log and see exactly which keys the service provider has ever published for your account and when.

This is a very powerful concept and provides additional checks on the situation above: Bob and anyone else with the appropriate permissions will know if his account has been abused to leak the messages that Alice sent to him, without having to verify fingerprints.

It's important to note that transparency does not prevent the server from attacking: it merely ensures that attacks will be visible after the fact to more people, more readily. For a few users, this is not enough, and they should continue to demand more restrictive settings to prevent attacks at the cost of making the tool more difficult to use. But transparency can be a big win as a remedy against mass surveillance of users who won't tolerate any reduction in user experience or reliability for the sake of security.

Adding key transparency will not prevent a user from being attacked, but it will catch a server that's carried out an attack.

We are still a long way from building the perfect usable and secure messaging application, and WhatsApp, like all such applications, has to make tradeoffs. As the secure messaging community continues to work towards the ideal solution, we should not write off the current batch as being backdoored and insecure in their imperfect but earnest attempts.


Share this: Join EFF

Debian 8.7 Released

Slashdot -

Debian 8.7 has been released. An anonymous reader quotes Debian.org: This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available. Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old "jessie" CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. 86 packages have been updated -- including some fixes for systemd. ("Rework logic to determine when we decide to add automatic deps for mounts; various ordering fixes for ifupdown; systemctl: Fix argument handling when invoked as shutdown...")

Read more of this story at Slashdot.

SpaceX Returns To Flight, And Nails Another Drone Landing

Slashdot -

Applehu Akbar writes: SpaceX successfully launched a 10-satellite Iridium NEXT package, and then landed on a drone ship — this time from Vandenburg AFB in California. The launch had been delayed several days by this week's record rainfall and flooding. CNN has video of the launch, and points out its obvious significance. "Because rockets are worth tens of millions of dollars, and they have historically been discarded after launch, mastering the landing is key to making space travel more affordable... Saturday's launch marks the seventh time SpaceX has successfully landed a rocket."

Read more of this story at Slashdot.

Pages

Subscribe to debianHELP aggregator - Geek Stuff