Jan 17

“Not sure if this is good news (Oracle is very busy patching their stuff) or bad news (Oracle is very busy patching their stuff) but this quarterly cycle they tied their all-time high number of vulnerability fixes released,” writes Slashdot reader bobthesungeek76036. “And they are urging folks to not drag their feet in deploying these patches.” Threatpost reports: The software giant patched 300+ bugs in its quarterly update. Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update (CPU). Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle’s previous all-time high for number of patches issued, in July 2019, which overtook its previous record of 308 in July 2017. The company said in a pre-release announcement that some of the vulnerabilities affect multiple products. “Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update patches as soon as possible,” it added. “Some of these vulnerabilities were remotely exploitable, not requiring any login data; therefore posing an extremely high risk of exposure,” said Boris Cipot, senior security engineer at Synopsys, speaking to Threatpost. “Additionally, there were database, system-level, Java and virtualization patches within the scope of this update. These are all critical elements within a company’s infrastructure, and for this reason the update should be considered mandatory. At the same time, organizations need to take into account the impact that this update could have on their systems, scheduling downtime accordingly.”

Read more of this story at Slashdot.

full article

Jan 15

A team of programmers scraped a pet adoption website to cheat in a $10,000 contest that was intended to help shelter pets get adopted. From a report: Kaggle, an online data science community that regularly hosts machine learning competitions with prizes often in the tens of thousands of dollars, has uncovered a cheating scandal involving a winning team. The Google subsidiary announced late last week that the winner of a competition involving a pet adoption site had been disqualified from the contest for fraudulently obtaining and obscuring test set data. The fact that a team cheated in a competition nominally intended to help shelter animals also raises questions about whether the people who participate in machine learning competitions like Kaggle are actually interested in making the world a better place, or whether they simply want to win prize money and climb virtual leaderboards.

The competition asked contestants to develop algorithms to predict the rate of pet adoption based on pet listings from PetFinder.my, a Malaysian pet adoption site. The goal, according to the competition, was to help discover what makes a shelter pet’s online profile appealing for adopters. The winning team’s entry would be “adapted into AI tools that will guide shelters and rescuers around the world on improving their pet profiles’ appeal, reducing animal suffering and euthanization,” the competition site said. The algorithm from BestPetting, the first place team, seemed to almost perfectly predict the rate of adoption for the test set against which the submissions were evaluated, winning with a nearly perfect score of 0.912 (out of 1.0). As a reward for their winning solution, the team of three was awarded the top prize of $10,000. Nine months after the close of the competition, however, one observant teenager found that the impressive results were too good to be true.

Read more of this story at Slashdot.

full article

Jan 14

Cy Guy writes: Having not learned the lessons of Jurassic Park and the Terminator, scientists from the University of Vermont and Tufts have created “reconfigurable organisms” using stem cells from frogs. But don’t worry, the research was funded by the Department of Defense, so I’m sure nothing could possibly go wrong this time. “The robots, which are less than 1mm long, are designed by an ‘evolutionary algorithm’ that runs on a supercomputer,” reports The Guardian. “The program starts by generating random 3D configurations of 500 to 1,000 skin and heart cells. Each design is then tested in a virtual environment, to see, for example, how far it moves when the heart cells are set beating. The best performers are used to spawn more designs, which themselves are then put through their paces.”

“Because heart cells spontaneously contract and relax, they behave like miniature engines that drive the robots along until their energy reserves run out,” the report adds. “The cells have enough fuel inside them for the robots to survive for a week to 10 days before keeling over.”
The findings have been published in the Proceedings of the National Academy of Sciences.

Read more of this story at Slashdot.

full article

Jan 13

An anonymous reader quotes a report from Ars Technica: On December 16, 2019, Citrix revealed a vulnerability in the company’s Application Delivery Controller and Gateway products — commercial virtual-private-network gateways formerly marketed as NetScaler and used by tens of thousands of companies. The flaw, discovered by Mikhail Klyuchnikov of Positive Technologies, could give an attacker direct access to the local networks behind the gateways from the Internet without the need for an account or authentication using a crafted Web request. Citrix has published steps to reduce the risk of the exploit. But these steps, which simply configure a responder to handle requests using the text that targets the flaw, breaks under some circumstances and might interfere with access to the administration portal for the gateways by legitimate users. A permanent patch will not be released until January 20. And as of January 12, over 25,000 servers remain vulnerable, based on scans by Bad Packets.

This is not surprising, considering the number of Pulse Secure VPNs that have not yet been patched over six months after a fix was made available, despite Pulse Secure executives saying that they have “worked aggressively” to get customers to patch that vulnerability. And given that vulnerable Pulse Secure servers have been targeted now for ransomware attacks, the same will likely be true for unprotected Citrix VPN servers — especially since last week, proof-of-concept exploits of the vulnerability began to appear, including at least two published on GitHub, as ZDNet’s Catalin Cimpanu reported. “The vulnerability allows the remote execution of commands in just two HTTP requests, thanks to a directory traversal bug in the implementation of the gateway’s Web interface,” the report adds. “The attacks use a request for the directory ‘/vpn/../vpns/’ to fool the Apache Web server on the gateway to point to the ‘/vpns/’ directory without authentication. The attacks then inject a command based on the template returned from the first request.”

You can check for the vulnerability here.

Read more of this story at Slashdot.

full article

Jan 13

This week a former engineer for the Microsoft Windows Core OS Division shared an insightful (and very entertaining) list with “some changes I have noticed over the last 20 years” in the computer programming world. Some excerpts:

- Some programming concepts that were mostly theoretical 20 years ago have since made it to mainstream including many functional programming paradigms like immutability, tail recursion, lazily evaluated collections, pattern matching, first class functions and looking down upon anyone who don’t use them…

- 3 billion devices run Java. That number hasn’t changed in the last 10 years though…

- A package management ecosystem is essential for programming languages now. People simply don’t want to go through the hassle of finding, downloading and installing libraries anymore. 20 years ago we used to visit web sites, downloaded zip files, copied them to correct locations, added them to the paths in the build configuration and prayed that they worked.

- Being a software development team now involves all team members performing a mysterious ritual of standing up together for 15 minutes in the morning and drawing occult symbols with post-its….

- Since we have much faster CPUs now, numerical calculations are done in Python which is much slower than Fortran. So numerical calculations basically take the same amount of time as they did 20 years ago…

- Even programming languages took a side on the debate on Tabs vs Spaces….
- Code must run behind at least three levels of virtualization now. Code that runs on bare metal is unnecessarily performant….

- A tutorial isn’t really helpful if it’s not a video recording that takes orders of magnitude longer to understand than its text.

- There is StackOverflow which simply didn’t exist back then. Asking a programming question involved talking to your colleagues.

- People develop software on Macs.

In our new world where internet connectivity is the norm and being offline the exception, “Security is something we have to think about now… Because of side-channel attacks we can’t even trust the physical processor anymore.”

And of course, “We don’t use IRC for communication anymore. We prefer a bloated version called Slack because we just didn’t want to type in a server address….”

Read more of this story at Slashdot.

full article

Jan 10

An anonymous reader shares a report: “When I put in the earpieces and goggles the first time it was crazy - it feels so believable,” says Anna Taylor, 32, of her visit to a virtual reality (VR) arcade. “The whole experience of being immersed in a compelling virtual world is incredible.” Anna has since visited the east London arcade many times, at first alone and then with others. But despite her enthusiasm for gaming, she won’t be buying her own virtual reality headset. “I wouldn’t invest in buying virtual reality applications for home,” she explains. “It’s fine to play more of a basic game when you are playing with other people, [and] because it’s brand new there are more layers of excitement. But when you’re [playing] on your own, you want the quality you are used to.” As a keen gamer, Anna should be part of the core audience for at-home VR entertainment. But her lack of interest is pretty common, and it means that virtual reality headsets have yet to take off.

Many big name adopters have abandoned their VR projects. Google recently halted sales of Daydream, its VR headset, admitting that “there just hasn’t been the broad consumer or developer adoption we had hoped.” Meanwhile, the BBC has announced it is ending the funding for its VR hub, less than two years after it was founded.
VR received very little attention at CES, the annual trade show for consumer electronics, which got underway this week. However, PlayStation did announce it has sold five million VR headsets since launch in 2016.

Read more of this story at Slashdot.

full article

Jan 08

pnutjam writes: New York is proposing a statewide virtual currency aimed at helping unbanked citizens get access to day-to-day financial transactions without predatory fees. Since there are an estimated 14 million U.S. adults without bank accounts, lawmakers in New York are trying to fix this with a new bill that “would create a ‘public Venmo’ system designed to include more people in the formal economy and stimulate local economic growth,” reports Motherboard. “In November, New York State Assemblymember Ron Kim, Senator Julia Salazar, and Cornell law professor Robert Hockett announced their Inclusive Value Ledger (IVL) proposal. If passed, it would create the country’s first publicly owned electronic banking platform, as well as a digital currency that can be exchanged for goods and services within the state.”

“The IVL plan calls for New York State to distribute the $55 billion per year in uncollected individual tax credits through a ‘public Venmo,’ a publicly-administered, non-extractive payment system that would allow recipients to spend freely within the state economy without transaction fees or delays,” the report says. “Every business and individual residing in New York would be issued a virtual wallet, connected to a state government-controlled master wallet, that could act as a viable alternative to a bank account without the fees of a for-profit bank.” The proposal does not include any specifics as to how the payment system will be secure, nor does it address the specific privacy needs for certain groups the lawmakers hope the system will serve, such as people who are undocumented.

Read more of this story at Slashdot.

full article

Jan 06

The once-king-of-the-hill smartphone vendor, which had a terrible 2018, continued to bleed last year, according to financial disclosures it made on Monday. From a report: HTC reported revenue of 10,015 TWD ($333 million) in 2019, down 57.8% from 23,741 TWD ($789 million) it posted the year before, and whopping 87% below over $2 billion it grossed in 2017. As Bloomberg columnist Tim Culpan pointed out, Apple now generates more from selling AirPods in a fortnight than HTC clocks from selling each of its offering in a year. The drop in revenue comes as the Taiwanese firm scales back its smartphone business — a sizable portion of which it sold to Google two years ago — and focuses on virtual reality headsets and accessories. HTC has yet to disclose how much money it lost in the quarter that ended in December, but in the other three quarters last year, it lost 7.05 billion TWD ($234.4 million).

Read more of this story at Slashdot.

full article

Jan 06

The Verge has been investigating Samsung’s “artificial human” project Neon, which seems to be about creating realistic human avatars:

A tweet from the project’s lead and some leaked videos pretty much confirm this — although they don’t give us nearly enough information to judge how impressive Neon is. The lead of Neon, computer-human interaction researcher Paranav Mistry, tweeted this image, apparently showing one of the project’s avatars. Mistry says the company’s “Core R3″ technology can now “autonomously create new expressions, new movements, new dialog (even in Hindi), completely different from the original captured data….”

In a recent interview, Mistry made clear he thinks “digital humans” will be a major technology in the 2020s… “While films may disrupt our sense of reality, ‘virtual humans’ or ‘digital humans’ will be reality. A digital human could extend its role to become a part of our everyday lives: a virtual news anchor, virtual receptionist, or even an AI-generated film star.”

Reddit users also found the URLs for videos in the source code on Neon’s home page — and though the videos have since been removed, some of the footage has been archived and analyzed on YouTube.

Read more of this story at Slashdot.

full article

Jan 06

An anonymous reader quotes Ars Technica:
The next big thing in 3D printing just might be so-called “4D materials” which employ the same manufacturing techniques, but are designed to deform over time in response to changes in the environment, like humidity and temperature. They’re also sometimes known as active origami or shape-morphing systems. MIT scientists successfully created flat structures that can transform into much more complicated structures than had previously been achieved, including a human face. They published their results last fall in the Proceedings of the National Academy of Sciences…

MIT mechanical engineer Wim van Rees, a co-author of the PNAS paper, devised a theoretical method to turn a thin flat sheet into more complex shapes, like spheres, domes, or a human face. “My goal was to start with a complex 3-D shape that we want to achieve, like a human face, and then ask, ‘How do we program a material so it gets there?’” he said. “That’s a problem of inverse design…” van Rees and his colleagues decided to use a mesh-like lattice structure instead of the continuous sheet modeled in the initial simulations. They made the lattice out of a rubbery material that expands when the temperature increases. The gaps in the lattice make it easier for the material to adapt to especially large changes in its surface area. The MIT team used an image of [19th century mathematician Carl Friedrich] Gauss to create a virtual map of how much the flat surface would have to bend to reconfigure into a face. Then they devised an algorithm to translate that into the right pattern of ribs in the lattice.

They designed the ribs to grow at different rates across the mesh sheet, each one able to bend sufficiently to take on the shape of a nose or an eye socket. The printed lattice was cured in a hot oven, and then cooled to room temperature in a saltwater bath.

And voila! It morphed into a human face.

“The team also made a lattice containing conductive liquid metal that transformed into an active antenna, with a resonance frequency that changes as it deforms.”

Read more of this story at Slashdot.

full article

«     |     ?     |     »