reCaptcha Considered Harmful

Posted: 28 Jun 2019 09:27 AM PDT

Given that most sane people now have blocked google analytics, Fast Company reports that the new recaptcha wants to embed itself everywhere and declare those who don't use chrome or aren't signed in at their google account as bots, and thus not worthy of accessing the internet.

"It's a better experience for users. Everyone has failed a Captcha," says Cy Khormaee, the reCaptcha product lead at Google. Instead, Google analyzes the way users navigate through a website and assigns them a risk score based on how malicious their behavior is. Khormaee won't share what signals Google uses to determine these scores because he says that would make it easier for scammers to imitate benign users, but he believes that this new version of reCaptcha makes it incredibly difficult for bots or Captcha farmers—humans who are paid tiny amounts to break Captchas online—to fool Google's system.

[...]"You have to understand what behavior on the site should be and mimic that well enough to fool us," he says. "That's a really hard problem versus the general problem of, 'Pretend like I'm a human.'" Website administrators then get access to their visitors' risk scores and can decide how to handle them: For instance, if a user with a high risk score attempts to log in, the website can set rules to ask them to enter additional verification information through two-factor authentication. As Khormaee put it, the "worst case is we have a little inconvenience for legitimate users, but if there is an adversary, we prevent your account from being stolen."

[...]To make this risk-score system work accurately, website administrators are supposed to embed reCaptcha v3 code on all of the pages of their website, not just on forms or log-in pages. Then, reCaptcha learns over time how their website's users typically act, helping the machine learning algorithm underlying it to generate more accurate risk scores. Because reCaptcha v3 is likely to be on every page of a website if you're signed into your Google account there's a chance Google is getting data about every single webpage you go to that is embedded with reCaptcha v3—and there many be no visual indication on the site that it's happening, beyond a small reCaptcha logo hidden in the corner.

And that information is just one request, subpoena, or National Security Letter away from being in the hands of the government, too.

Original Submission

Read more of this story at SoylentNews.

WWII Bomb Explodes in Germany, 4m Deep Crater, 1.7 Righter Scale

Posted: 28 Jun 2019 07:51 AM PDT

Impressive picture too.

A loud explosion in a field startled residents in the town of Limburg in western Germany on Sunday. The blast occurred in the middle of the night and was large enough to register a minor tremor of 1.7 on the Richter scale, according to local media.

[...]Prior to the news release, residents were puzzled and confused by the crater, with some online speculating that it had been caused by a meteorite.

But Rüdiger Jehn, of the European Space Agency, told German newspaper Frankfurter Neue Presse that this was false. "A great deal of heat is released during an asteroid impact," the ESA expert said, adding that no evidence of heat or melting could be seen from the crater footage.

[...]The real culprit was an aerial bomb, which was buried at a depth of at least 4 meters, weighed 250 kilograms (550 pounds) and had a chemical detonator, investigators said. Authorities confirmed that the bomb had exploded by itself, without any external trigger.

[...]Two unexploded bombs were discovered on Monday in the central German town of Giessen, prompting the temporary evacuation of some 2,500 people. Earlier this month, an unexploded device was defused in a busy area of central Berlin.

[...]Between 1940 and 1945, some 2.7 million tons of bombs were dropped on Europe by US and British forces and half of them landed in Germany. Half of those that were dropped on Germany landed in North Rhine-Westphalia, the country's most populous state today.

Of the roughly quarter million bombs that did not explode, thousands are still hidden underground all over Germany.

Original Submission

Read more of this story at SoylentNews.

"Deep Nude" App Removed By Developers After Brouhaha

Posted: 28 Jun 2019 06:14 AM PDT

Katyanna Quach over at El Reg is reporting on the removal of the DeepNude Web and desktop apps from the developers' website. DeepNude is an application that takes photos of clothed women (apparently, the app does not function properly with photos of males -- there's a shocker!), digitally removes clothing and adds realistic looking naughty bits.

From the article:

A machine-learning-powered perv super-tool that automagically removed clothes from women in photos to make them appear naked has been torn offline by its makers.

The shamefaced creators of the $50 Windows and Linux desktop app DeepNude claimed they were overwhelmed by demand from internet creeps: the developers' servers apparently buckled under a stampede of downloads, their buggy software generated more crash reports than they could deal with, and this all came amid a firestorm of social media outrage.

[...]Basement dwellers and trolls could feed it snaps of celebrities, colleagues, ex-girlfriends, and anyone else who takes their fancy, and have the software guess, somewhat badly, what they look like underneath their clothes, keeping their faces intact. These bogus nudes are perfect for distributing around the 'net to humiliate victims.

Read more of this story at SoylentNews.

3,400 Year-old Palace Exposed with Iraqi Drought

Posted: 28 Jun 2019 04:35 AM PDT

Deutsche Welle News is reporting on the discovery of a 3,400 year-old palace of the Mittani Empire in the reservoir created by the Mosul Dam.

According to the article:

A team of German and Kurdish archaeologists have discovered a 3,400-year-old palace that belonged to the mysterious Mittani Empire, the University of Tübingen announced on Thursday.

The discovery was only made possible by a drought that significantly reduced water levels in the Mosul Dam reservoir.

[...]Last year, the team of archaeologists launched an emergency rescue evacuation of the ruins when receding waters revealed them on the ancient banks of the Tigris. The ruins are part of only a handful discovered from the Mittani Empire.

"The Mittani Empire is one of the least researched empires of the Ancient Near East," said archaeologist Ivana Puljiz of the University of Tübingen. "Even the capital of the Mittani Empire has not been identified."

[...]"We also found remains of wall paints in bright shades of red and blue," Puljiz said. "In the second millennium BCE, murals were probably a typical feature of palaces in the Ancient Near East, but we rarely find them preserved. Discovering wall paintings in Kemune is an archaeological sensation."

A team of researchers in Germany will now try to interpret the cuneiform tablets. They hope that the clay tablets will reveal more about the Mittani Empire, which once dominated life in parts of Syria and northern Mesopotamia.

Original Submission

Read more of this story at SoylentNews.

Former FDA Commissioner Scott Gottlieb Joins Pfizer Board of Directors

Posted: 28 Jun 2019 03:01 AM PDT

Scott Gottlieb walks through the revolving door to the Pfizer board

The revolving door turns again. After a two-year stint running the Food and Drug Administration, Scott Gottlieb has joined the board of directors at Pfizer, giving the world's largest drug maker crucial insights into the inner workings of the Trump administration as it attempts to contain national angst over the rising cost of medicines.

And in doing so, Gottlieb is also picking up where he left before joining the agency, since he had been on the board of several smaller pharmaceutical companies and was also a partner at a venture capital firm that invests in life sciences companies.

"This is classic and it's not surprising," said Sidney Wolfe, a founder of Public Citizen Health Research Group and a long-time FDA watchdog, who had expressed concern about Gottlieb's ties to industry before joining the agency. "Philosophically, he's returning to the ecosystem where he's most comfortable. And he'll get paid very well for it, too."

Also at Financial Times.

Related: What a Gottlieb-Led FDA Might Mean for the Pharmaceutical Industry
FDA Nominee is a Proponent of "Adaptive Trials"
Drug Approvals Sped Up in 2017
Koch-Backed Groups Urge Congress to Pass "Right to Try" Legislation
FDA Labels Kratom an Opioid
FDA Has Named Names of Pharma Companies Blocking Cheaper Generics [Updated] (including Pfizer)
U.S. to Make More Drugs Easily Available, Cutting Role Docs Play

Original Submission

Read more of this story at SoylentNews.

New Evidence on the Reliability of Climate Modeling

Posted: 28 Jun 2019 01:45 AM PDT

Columbia Researchers Provide New Evidence on the Reliability of Climate Modeling

The Hadley circulation, or Hadley cell -- a worldwide tropical atmospheric circulation pattern that occurs due to uneven solar heating at different latitudes surrounding the equator -- causes air around the equator to rise to about 10-15 kilometers, flow poleward (toward the North Pole above the equator, the South Pole below the equator), descend in the subtropics, and then flow back to the equator along the Earth's surface. This circulation is widely studied by climate scientists because it controls precipitation in the subtropics and also creates a region called the intertropical convergence zone, producing a band of major, highly-precipitative storms.

[...] Historically, climate models have shown a progressive weakening of the Hadley cell in the Northern Hemisphere. Over the past four decades reanalyses, which combine models with observational and satellite data, have shown just the opposite -- a strengthening of the Hadley circulation in the Northern Hemisphere.

[...] The difference in trends between models and reanalyses poses a problem that goes far beyond whether the Hadley cell is going to weaken or strengthen; the inconsistency itself is a major concern for scientists. Reanalyses are used to validate the reliability of climate models -- if the two disagree, that means that either the models or reanalyses are flawed.

[...] To understand which data was correct -- the models or the reanalyses -- they had to compare the systems using a purely observational metric, untainted by any model or simulation. In this case, precipitation served as an observational proxy for latent heating since it is equal to the net latent heating in the atmospheric column. This observational data revealed that the artifact, or flaw, is in the reanalyses -- confirming that the model projections for the future climate are, in fact, correct.

The paper's findings support previous conclusions drawn from a variety of models -- the Hadley circulation is weakening.

Original Submission

Read more of this story at SoylentNews.

iPSCs Used to Grow Human Hair

Posted: 28 Jun 2019 12:21 AM PDT

In a hair raising advance, scientists from Sanford Burnham Prebys have grown hair using human induced pluripotent stem cells (iPSCs.)

The findings were presented at the annual meeting of the International Society for Stem Cell Research (ISSCR), and will potentially provide a new option to the

[m]ore than 80 million men, women and children in the United States [alone, who] experience hair loss. Genetics, aging, childbirth, cancer treatment, burn injuries and medical disorders such as alopecia can cause the condition. Hair loss is often associated with emotional distress that can reduce quality of life and lead to anxiety and depression.

"Our new protocol described today overcomes key technological challenges that kept our discovery from real-world use," says Alexey Terskikh, Ph.D., an associate professor in Sanford Burnham Prebys' Development, Aging and Regeneration Program and the co-founder and chief scientific officer of Stemson Therapeutics. "Now we have a robust, highly controlled method for generating natural-looking hair that grows through the skin using an unlimited source of human iPSC-derived dermal papilla cells. This is a critical breakthrough in the development of cell-based hair-loss therapies and the regenerative medicine field."

The iPSCs used are effectively unlimited in supply and obtainable via a routine blood draw. iPSCs are derived from an adult patient's own cells and are not subject to rejection or the ethical issues that surround embryonic stem cells. The method described in the presentation

features a 3D biodegradable scaffold made from the same material as dissolvable stitches. The scaffold controls the direction of hair growth and helps the stem cells integrate into the skin, a naturally tough barrier.

A new company, Stemson Therapeutics, has been formed to further develop and commercialize the technology.

Original Submission

Read more of this story at SoylentNews.

Intel Selling Off Smartphone Modem Assets

Posted: 27 Jun 2019 10:44 PM PDT

Thanks, Apple: Intel will auction off smartphone modem patents, exit industry

Back in April, Apple announced that it would cease all litigation against chip manufacturer Qualcomm and enter a new partnership with the company that will see Qualcomm modems installed in new crops of iPhones.

On that same day, Intel announced it was exiting the smartphone modem business entirely. Now, according to IAM, Intel is going one step further and auctioning off many of its smartphone modem assets.

This information appears to suggest that without Apple as a partner, Intel has no need for its patents surrounding smartphone modems at all.

According to IAM, the Intel auction will see some 8,500 patents up for sale to the highest bidder.

Also at Tom's Hardware and Wccftech.

Previously: Apple Could Switch From Qualcomm to Intel and MediaTek for Modems
Intel Speeds Up Rollout of 5G Modems
A Billion-Dollar Question: What Was Really Behind Qualcomm's Surprise Ten-Digit Gift to Apple?
Apple's Internal Hardware Team is Working on Modems Now
Intel and Qualcomm Announce 5G Modem Modules for M.2 Slots
Intel Quits 5G Modem Business Hours after Apple Settles with Qualcomm
Qualcomm Will Pocket Almost $5 Billion from Apple Settlement this Quarter
How Qualcomm Shook Down the Cell Phone Industry for Almost 20 Years

Original Submission

Read more of this story at SoylentNews.

AMD Releases Firmware Update For SEV Encryption Vulnerability

Posted: 27 Jun 2019 09:08 PM PDT

Thomas Claburn over at El Reg is reporting on a firmware update released by AMD which addresses flaw(s) in their Secure Encrypted Virtualization (SEV) technology, which is designed to isolate memory used by virtual machines from hypervisors and each other.

According to the article:

Microchip slinger AMD has issued a firmware patch to fix the encryption in its Secure Encrypted Virtualization technology (SEV), used to defend the memory of Linux KVM virtual machines running on its Epyc processors.

"Through ongoing collaboration with industry researchers AMD became aware that, if using the user-selectable AMD secure encryption feature on a virtual machine running the Linux operating system, an encryption key could be compromised by manipulating the encryption technology's behavior," an AMD spokesperson told The Register last night.

"AMD released firmware-based cryptography updates to our ecosystem partners and on the AMD website to remediate this risk."

SEV isolates guest VMs from one another and the hypervisor using encryption keys, which are managed by the AMD Secure Processor. Each guest VM has its own cryptographic key, which is used directly with the underlying hardware and Secure Processor to transparently and automatically encrypt and decrypt sections of RAM on the fly as it is accessed.
What went wrong

When a VM is launched, it generates a key by multiplying points on a curve against the Platform Diffie-Hellman (PDH) key. Typically, the curve would be from America's National Institute of Standards and Technology's (NIST) list of curves. In an invalid curve attack, a different curve is used and the results of that computation can be used to defeat the encryption.
The flaw, disclosed to AMD in February, affects AMD Epyc servers running SEV firmware version 0.17 build 11 and below. AMD made the firmware update available to hardware partners on June 4 to distribute to customers and installations; it can be downloaded directly from here[.zip]. The fix involves restricting key generation to official NIST curves.

The vulnerability has been assigned CVE-2019-9836.

More coverage of the firmware release can be found at Phoronix and Anandtech.

Original Submission

Read more of this story at SoylentNews.

NASA Will Send a Plutonium-Powered Rotorcraft Drone to Explore Titan

Posted: 27 Jun 2019 07:29 PM PDT

NASA has selected the Dragonfly mission to Titan as the agency's fourth New Frontiers mission:

NASA has announced that our next destination in the solar system is the unique, richly organic world Titan. Advancing our search for the building blocks of life, the Dragonfly mission will fly multiple sorties to sample and examine sites around Saturn's icy moon.

Dragonfly will launch in 2026 and arrive in 2034. The rotorcraft will fly to dozens of promising locations on Titan looking for prebiotic chemical processes common on both Titan and Earth. Dragonfly marks the first time NASA will fly a multi-rotor vehicle for science on another planet; it has eight rotors and flies like a large drone. It will take advantage of Titan's dense atmosphere – four times denser than Earth's – to become the first vehicle ever to fly its entire science payload to new places for repeatable and targeted access to surface materials.

Titan is an analog to the very early Earth, and can provide clues to how life may have arisen on our planet. During its 2.7-year baseline mission, Dragonfly will explore diverse environments from organic dunes to the floor of an impact crater where liquid water and complex organic materials key to life once existed together for possibly tens of thousands of years. Its instruments will study how far prebiotic chemistry may have progressed. They also will investigate the moon's atmospheric and surface properties and its subsurface ocean and liquid reservoirs. Additionally, instruments will search for chemical evidence of past or extant life.

Hopefully, some of us will live to see this epic mission reach Titan in 15 years.

Also at Spaceflight Now, New Scientist, NYT, and CNN.

Previously: Titan Ripe for Drone Invasion
NASA New Frontiers Finalists: Comet 67P Sample Return and a Titan Drone

Original Submission

Read more of this story at SoylentNews.

EU Approves of IBM Acquisition of Red Hat, Deal Set to Close in July

Posted: 27 Jun 2019 05:52 PM PDT

IBM Cleared By European Commision To Move Forward In Landmark Purchase Of Red Hat

IBM made a big splash with its announcement last fall that it would be moving forward with its largest-ever acquisition. The acquisition in question is for Red Hat, an American open-source software company for an eye-watering $34 billion dollars.

[...] Europe was the last major governing body that had not yet cleared the IBM-Red Hat deal. The U.S. gave it the green light this past May and so with today's announcement that the European Commission has unanimously voted "yes" to allow the deal to proceed, there isn't anything standing in the way. IBM expects the deal to close sometime in July.

Since IBM is a distant third or fourth in the cloud computing scene, regulators found no reason the merger would promote competition concerns in the rapidly expanding cloud computing market. IBM has never bought anything this expensive before, and as a matter of global history, this will go down as the most expensive software sale ever at $34 billion. Interestingly, it seems we are seeing continued consolidation in the cloud space with a few other notable recent mergers being announced.

Also at Reuters and CNBC.

See also: Red Hat millionaires: Watch for workers to cash out if IBM's $34B acquisition wins approval

Previously: IBM Acquires Red Hat
Three Acquisitions In 2018 To Impact 2019's Tech Landscape

Original Submission

Read more of this story at SoylentNews.

Ancient Intervention Could Boost Dwindling Water Reserves in Coastal Peru

Posted: 27 Jun 2019 04:12 PM PDT

Ancient Intervention Could Boost Dwindling Water Reserves in Coastal Peru:

Senior author Dr Wouter Buytaert, of Imperial's Department of Civil and Environmental Engineering, said: "The people of Lima live with one of the world's most unstable water situations. There's too much water in the wet seasons, and too little in the dry ones.

"The indigenous peoples of Peru knew how to get around this, so we're looking to them for answers."

Ancient Peruvian civilisations in 600 AD created systems within mountains to divert excess rainwater from source streams onto mountain slopes and through rocks.

The water would take some months to trickle through the system and resurface downstream -- just in time for the dry season.

To study this, the researchers looked at one such system in Huamantanga. They used dye tracers and hydrological monitoring to study the system from the wet to dry seasons of 2014-2015 and 2015-2016. Social scientists involved also worked with Huamantanga's local people to understand the practice and help map the landscape.

They found the water took between two weeks and eight months to re-emerge, with an average time of 45 days. From these time scales, they calculated that, if governments upscale the systems to cater to today's population size, they could reroute and delay 35 per cent of wet season water, equivalent to 99 million cubic metres per year of water through Lima's natural terrain.

This could increase the water available in the dry season by up to 33 per cent in the early months, and an average of 7.5 per cent for the remaining months. The method could essentially extend the wet season, providing more drinking water and longer crop-growing periods for local farmers.

Journal Reference:
Boris F. Ochoa-Tocachi, Juan D. Bardales, Javier Antiporta, Katya Pérez, Luis Acosta, Feng Mao, Zed Zulkafli, Junior Gil-Ríos, Oscar Angulo, Sam Grainger, Gena Gammie, Bert De Bièvre, Wouter Buytaert. Potential contributions of pre-Inca infiltration infrastructure to Andean water security. Nature Sustainability, 2019; DOI: 10.1038/s41893-019-0307-1

Original Submission

Read more of this story at SoylentNews.

2nd Florida City Pays Hackers, as 3rd City Faces Breach

Posted: 27 Jun 2019 02:50 PM PDT

2nd Florida City Pays Hackers, as 3rd City Faces Breach:

A second small Florida city this month has paid hundreds of thousands of dollars to hackers who took over most of its computer operations, an official said Wednesday, while a third Florida city said its data was breached.

The attacks in Riviera Beach, Lake City and Key Biscayne underscore the need for municipal governments to update and secure their software systems, and also reflect the dilemma of how to respond to hackers. The FBI doesn't condone paying ransom to hackers, but city governments often consider it the most convenient option.

The city manager of Lake City, a community of about 13,000 residents some 60 miles (100 kilometers) west of Jacksonville, says it paid about $460,000 in bitcoin Tuesday to recover data and computer operations.

In a separate case, the Village of Key Biscayne, just off the coast of Miami, reported a data breach earlier this week. This comes a week after Riviera Beach in South Florida agreed to pay $600,000 in ransom.

It was not immediately clear if there was any connection between the attacks.

Joseph Helfenberg, city manager of Lake City, said paying the ransom was the cheapest option available since the city is paying a $10,000 deductible, and the rest is being covered by its insurer.

"We had a lot of attempts to recover the data that were unsuccessful," Helfenberg said Wednesday.

[...] Michigan State criminal justice professor Tom Holy said the recent attacks underscore the need for governments and businesses to spend money on backup systems and security protocols. If a city has been backing up its data, it's probably not worth paying a ransom, but if they haven't, "paying might be the cheapest option," Holt said.

"Which is really awful, but that's the point we may be at," Holt said. "This ransomware threat is not going to go away anytime soon."

What would happen in your town or city if it were attacked for ransom? Are networks properly partitioned? Are backups up-to-date? Have the backups actually been tested?

Original Submission

Read more of this story at SoylentNews.

Unique Cardiac Signature Detectable at 200 Meters

Posted: 27 Jun 2019 01:35 PM PDT

Everyone has a heartbeat with a unique auditory signature. A new device developed for U.S. Special Forces can be used to tell them apart similar to irises or fingerprints even at a distance.

A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser. "I don't want to say you could do it from space," says Steward Remaly, of the Pentagon's Combatting [sic] Terrorism Technical Support Office, "but longer ranges should be possible."

[...]the new device, called Jetson uses laser vibrometry to detect surface vibrations the heartbeat causes on skin, clothing, or jackets (though it is not effective through very heavy clothing such as thick winter coats).

Cardiac signatures are already used for security identification. The Canadian company Nymi has developed a wrist-worn pulse sensor as an alternative to fingerprint identification. The technology has been trialed by the Halifax building society in the UK.

Jetson extends this approach by adapting an off-the shelf device that is usually used to check vibration from a distance in structures such as wind turbines. For Jetson, a special gimbal was added so that an invisible, quarter-size laser spot could be kept on a target. It takes about 30 seconds to get a good return, so at present the device is only effective where the subject is sitting or standing.

The developers of the technology indicate that this could likely also be adjusted to scan remotely for heart issues such as arrythmias.

Original Submission

Read more of this story at SoylentNews.

Linode Reboot Schedule for our Servers

Posted: 27 Jun 2019 12:00 PM PDT

For those who might not be aware, SoylentNews operations run on servers from Linode. I have recently become aware of their plans to reboot servers:

To complete our mitigations against the recent MDS (ZombieLoad) CPU vulnerability, we will be performing maintenance on a subset of Linode's host machines. This maintenance will update the underlying infrastructure that Linodes reside on and will not affect the data stored within them.

Here is the schedule for our affected systems:

fluorine (*)2019-06-25 05:00 AM UTC
beryllium (*)2019-06-27 09:00 AM UTC
helium2019-06-28 03:00 AM UTC
boron2019-06-28 04:00 AM UTC
hydrogen2019-07-02 09:00 AM UTC
sodium2019-07-03 02:00 AM UTC

(*) Completed.

Historically, there is a two-hour window for reboots to occur, but it usually takes far less time than that.

We will attempt to minimize any impact on site operations, but want to let the community know what was coming up.

Read more of this story at SoylentNews.

Researchers Reveal Lack of Evidence for Drugs Prescribed to Treat Chronic Pain in Children

Posted: 27 Jun 2019 10:47 AM PDT

Medical Xpress:

Decisions to prescribe children drugs to treat chronic pain are not guided by sufficient, high quality evidence, according to an important new study published today.

Published as part of a special collection of systematic reviews in the Cochrane Library and recently summarised in the journal PAIN, the overview highlights a dearth of information available about treating childhood chronic pain and concludes that much more needs to be done to improve the quality and quantity of evidence available. It is led by researchers at the University of Bath in collaboration with an international team of researchers and physicians.

In adults, chronic pain lasting for three months or more is known to have a devastating effect. What is less well known is that one in five children also report chronic pain, which is both distressing and disabling for children and their parents.

But the new study reveals a stark contrast between the evidence available for the drugs used to treat adults with chronic pain, compared with that conducted in children. For adults with chronic pain, 300,000 patients have been studied in hundreds of individual randomised control trials. Yet only 393 children have participated in just six trials ever undertaken.

The research is a summary of all available systematic reviews of studies in this area and is supported by the National Institute for Health Research (NIHR), Versus Arthritis and also involves Bath's Centre for Pain Services (part of the RUH Foundation Trust).

The team who prepared the overview stress that lack of evidence does not mean evidence of no effect. But they argue there has been very little investment in researching which drugs can best help children with chronic pain and suggest that this issue should be urgently addressed to increase confidence that children are getting the best treatment.

Read more of this story at SoylentNews.