Feed aggregator

Researchers claim China trying to hack South Korea missile defense efforts

Ars Technica - Fri, 21/04/2017 - 16:33

Enlarge / South Korea is deploying Lockheed Martin's THAAD missile defense system, and that's sparked the ire of the Chinese government, as well as military and "hacktivist" hacking groups, according to FireEye. (credit: US Army)

Chinese government officials have been very vocal in their opposition to the deployment of the Terminal High-Altitude Air Defense (THAAD) system in South Korea, raising concerns that the anti-ballistic missile system's sensitive radar sensors could be used for espionage. And according to researchers at the information security firm FireEye, Chinese hackers have transformed objection to action by targeting South Korean military, government, and defense industry networks with an increasing number of cyberattacks. Those attacks included a denial of service attack against the website of South Korea's Ministry of Foreign Affairs, which the South Korean government says originated from China.

FireEye's director of cyber-espionage analysis John Hultquist told the Wall Street Journal that FireEye had detected a surge in attacks against South Korean targets from China since February, when South Korea announced it would deploy THAAD in response to North Korean missile tests. The espionage attempts have focused on organizations associated with the THAAD deployment. They have included "spear-phishing" e-mails carrying attachments loaded with malware along with "watering hole" attacks that put exploit code to download malware onto websites frequented by military, government, and defense industry officials.

FireEye claims to have found evidence that the attacks were staged by two groups connected to the Chinese military. One, dubbed Tonto Team by FireEye, operates from the same region of China as previous North Korean hacking operations. The other is known among threat researchers as APT10, or "Stone Panda"—the same group believed to be behind recent espionage efforts against US companies lobbying the Trump administration on global trade. These groups have also been joined in attacks by two "patriotic hacking" groups not directly tied to the Chinese government, Hultquist told the Journal—including one calling itself "Denounce Lotte Group" targeting the South Korean conglomerate Lotte. Lotte made the THAAD deployment possible through a land swap with the South Korean government.

Read on Ars Technica | Comments

Joachim Breitner: veggies: Haskell code generation from scratch

Planet Debian - Fri, 21/04/2017 - 16:30

How hard it is to write a compiler for Haskell Core? Not too hard, actually!

I wish we had a formally verified compiler for Haskell, or at least for GHC’s intermediate language Core. Now formalizing that part of GHC itself seems to be far out of reach, with the many phases the code goes through (Core to STG to CMM to Assembly or LLVM) and optimizations happening at all of these phases and the many complicated details to the highly tuned GHC runtime (pointer tagging, support for concurrency and garbage collection).

Introducing Veggies

So to make that goal of a formally verified compiler more feasible, I set out and implemented code generation from GHC’s intermediate language Core to LLVM IR, with simplicity as the main design driving factor.

You can find the result in the GitHub repository of veggies (the name derives from “verifiable GHC”). If you clone that and run ./boot.sh some-directory, you will find that you can use the program some-directory/bin/veggies just like like you would use ghc. It comes with the full base library, so your favorite variant of HelloWorld might just compile and run.

As of now, the code generation handles all the Core constructs (which is easy when you simply ignore all the types). It supports a good number of primitive operations, including pointers and arrays – I implement these as need – and has support for FFI calls into C.

Why you don't want to use Veggies

Since the code generator was written with simplicity in mind, performance of the resulting code is abysmal: Everything is boxed, i.e. represented as pointer to some heap-allocated data, including “unboxed” integer values and “unboxed” tuples. This is very uniform and simplifies the code, but it is also slow, and because there is no garbage collection (and probably never will be for this project), will fill up your memory quickly.

Also, the code is currently only supports 64bit architectures, and this is hard-coded in many places.

There is no support for concurrency.

Why it might be interesting to you nevertheless

So if it is not really usable to run programs with, should you care about it? Probably not, but maybe you do for one of these reasons:

  • You always wondered how a compiler for Haskell actually works, and reading through a little over a thousands lines of code is less daunting than reading through the 34k lines of code that is GHC’s backend.
  • You have wacky ideas about Code generation for Haskell that you want to experiment with.
  • You have wacky ideas about Haskell that require special support in the backend, and want to prototype that.
  • You want to see how I use the GHC API to provide a ghc-like experience. (I copied GHC’s Main.hs and inserted a few hooks, an approach I copied from GHCJS).
  • You want to learn about running Haskell programs efficiently, and starting from veggies, you can implement all the trick of the trade yourself and enjoy observing the speed-ups you get.
  • You want to compile Haskell code to some weird platform that is supported by LLVM, but where you for some reason cannot run GHC’s runtime. (Because there are no threads and no garbage collection, the code generated by veggies does not require a runtime system.)
  • You want to formally verify Haskell code generation. Note that the code generator targets the same AST for LLVM IR that the vellvm2 project uses, so eventually, veggies can become a verified arrow in the top right corner map of the DeepSpec project.

So feel free to play around with veggies, and report any issues you have on the GitHub repository.

Valve asks for phone numbers to confirm Dota 2 player identities

Ars Technica - Fri, 21/04/2017 - 16:12

Enlarge / Everyone in this picture better have a valid phone number...

Dota 2 maker Valve is taking serious action to cut down on the prevalence of smurfing—using a secondary account in order to play against opponents of a lower skill level. Starting next month, Dota 2 players will need to have a unique, valid phone number associated with their account to take part in the game's ranked matchmaking pool.

Ideally, the move will ensure that a single person can only have a single Dota 2 account, so highly skilled players can't pretend to be novices in a ranked match. Unranked play will be unaffected by the change.

Valve says that "online services that provide phone numbers are not allowed," so potential workarounds to create a new "valid" number shouldn't work. In North America, data from the FCC-backed NANPA can help determine the source of any such online phone numbers, but it's unclear whether Valve will also be able to confirm international numbers in a similar way.

Read 3 remaining paragraphs | Comments

Let There Be Light: 2 Killer Projectors for Your Home Theater

Wired - Fri, 21/04/2017 - 16:00
The latest TVs are gorgeously slim. But a richly colored layer of photons is downright ethereal. The post Let There Be Light: 2 Killer Projectors for Your Home Theater appeared first on WIRED.

Make Movie Night a Blockbuster With This Fully-Loaded TV Room

Wired - Fri, 21/04/2017 - 16:00
Upgrade your den of infinite diversion with the right gear and you'll forget what a movie theater even is. The post Make Movie Night a Blockbuster With This Fully-Loaded TV Room appeared first on WIRED.

How to Set Up a Room in Your Home Just for VR

Wired - Fri, 21/04/2017 - 16:00
You arranged your TV room so you can sit around in comfort. Now, prepare your virtual-reality space. The post How to Set Up a Room in Your Home Just for VR appeared first on WIRED.

Galaxy S8 review: Gorgeous new hardware, same Samsung gimmicks

Ars Technica - Fri, 21/04/2017 - 15:46

Ron Amadeo

The past few months have been a humbling time for Samsung. The Galaxy Note 7's explosive debut and double recall eventually led to an unprecedented cancellation of Samsung's flagship device. The recall process and resulting investigation kept the company's name in the mud for months and months. Memes were created across the Internet, property was damaged, and everyone visiting an airport was constantly reminded that Samsung produced a faulty device. To top it all off, the head of Samsung Group and several other Samsung executives were indicted on corruption allegations, with at least one person resigning as a result.

Now Samsung is ready to move on from those dark times with the launch of a new flagship, the Galaxy S8. It has a lot riding on the S8's success, and the company seems ready to rise to the occasion. The S8 is one of Samsung's strongest flagship offerings ever, with an all-new design, slim bezels, and the debut of a speedy new processor. Since this is a Samsung flagship, it will also be backed by dump trucks full of marketing dollars ensuring it will be featured in every commercial break, be on every billboard, and have prime real estate at every electronics store.

Read 101 remaining paragraphs | Comments

Review: Fitbit Alta HR

Wired - Fri, 21/04/2017 - 15:00
The Alta HR offers a way to log all of your fitness fundamentals without much fuss, with the addition of a heart rate monitor to give you extra data. The post Review: Fitbit Alta HR appeared first on WIRED.

Stable kernels 4.10.12, 4.9.24, and 4.4.63 released

LWN.net - Fri, 21/04/2017 - 14:47
The 4.10.12, 4.9.24, and 4.4.63 stable kernels have been released. Users of those series should upgrade.

Tesla recalls 53,000 vehicles built in 2016 over faulty parking brake

Ars Technica - Fri, 21/04/2017 - 14:47

Enlarge (credit: Tesla)

Tesla is voluntarily recalling 53,000 Model S and Model X electric vehicles because of problems with the parking brake. As was the case for Tesla's last recall, the company is blaming someone else for the issue. Specifically, the electric parking brakes installed on the EVs "may contain a small gear that could have been manufactured improperly by our third-party supplier."

Unlike the seatbelt recall that affected 90,000 Model S EVs or the Model X recall for faulty rear seats, this issue does not appear to cause a safety risk in the event of a crash. Rather, Tesla says that should the gear break, the car will be stuck with the parking brake on, and therefore will be unable to move.

Quality control issues have plagued the young carmaker. Both the Wall Street Journal and Consumer Reports lambasted the Model X, and many electric motors in early Model S sedans appeared unable to last more than 60,000 miles.

Read 2 remaining paragraphs | Comments

The Wacky Physics of Firing a Ball Out of a Moving Cart

Wired - Fri, 21/04/2017 - 14:30
A classic physics experiment features a moving cart firing a ball into the air. What happens if you place the cart on an incline? The post The Wacky Physics of Firing a Ball Out of a Moving Cart appeared first on WIRED.

Security updates for Friday

LWN.net - Fri, 21/04/2017 - 14:09
Security updates have been issued by CentOS (bind, firefox, java-1.8.0-openjdk, and nss and nss-util), Debian (icedove), Fedora (jenkins-xstream and xstream), Mageia (chromium-browser-stable, flash-player-plugin, gimp, and wireshark), openSUSE (gstreamer-0_10-plugins-base), Oracle (bind, firefox, java-1.8.0-openjdk, and nss and nss-util), Red Hat (firefox and java-1.8.0-openjdk), Scientific Linux (bind, firefox, nss and nss-util, and nss-util), SUSE (xen), and Ubuntu (bind9, curl, freetype, and qemu).

If you live inland, don’t think sea level rise won’t affect you

Ars Technica - Fri, 21/04/2017 - 14:04

Enlarge (credit: flickr user: Richard)

There has been a lot of talk about the millions of people worldwide whose homes will be at the mercy of rising sea levels. Within the US, a 1.8-meter rise in the oceans by 2100 could displace as many as 13.1 million people. Worldwide, up to 180 million people could be at risk.

There has been less talk about where exactly those people will go when they leave their homes. Research on climate migration has painted sea level rise as “primarily a coastal issue,” writes Mathew E. Hauer in Nature Climate Change this week. But the inland regions that absorb climate change migrants will need to have sufficient transport, housing, and infrastructure to absorb the migrants.

To get a picture of what this might look like within the US, Hauer combined two different sets of data in a predictive model. This kind of model relies on a lot of different assumptions, but it provides a starting sketch of what the impact on inland areas might be.

Read 10 remaining paragraphs | Comments

Fansubs for TV shows and movies are illegal, court rules

Ars Technica - Fri, 21/04/2017 - 13:54

Fansubbing—the unofficial creation of fan-made subtitles for TV shows and movies—is illegal, a Dutch court ruled this week.

The Free Subtitles Foundation, after coming under fire from the Netherlands' anti-piracy association BREIN, decided to raise some money and take BREIN to court. The Foundation's lawyer told TorrentFreak that the lawsuit sought to clarify whether the creators of a TV show or movie can reserve the right to create and distribute subtitles.

And indeed, that's exactly what the court ruled: that subtitles can only be created and distributed with permission from the rights holders. Doing so without permission is copyright infringement, and thus punishable with either jail time or a fine, depending on where you live.

Read 6 remaining paragraphs | Comments

American Gods may have finally nailed the modern-fantasy formula on TV

Ars Technica - Fri, 21/04/2017 - 12:30

AUSTIN, Texas—TV pilots ain't what they used to be, as the Netflix model takes much of the weight off a first episode's shoulders. Series can take their time revealing characters, unfolding plots, or even having much of the plot take place in a single episode.

Weirdly, the first hour-long episode of Starz' new American Gods series feels like a relic of that older era—in all of the best ways. This is TV built to stun, with equal parts momentum and cautious pauses, and it won't embarrass fans of its source material. The Neil Gaiman novel of the same name has no shortage of mystery, intrigue, and surprise in its first few dozen pages. Starz' take on the book manages to follow its every major plot thread to a satisfying degree, all while setting into motion a solid framework for how we should expect the modern-fantasy epic to unravel.

Vikings soaked in corn-syrup blood

Read 13 remaining paragraphs | Comments

Like disappearing ink, but cooler: Laser-powered invisible images demonstrated

Ars Technica - Fri, 21/04/2017 - 12:00

Enlarge / In the UK, Jean Michel Jarre performs on stage at NIA Arena on May 24, 2009. (credit: Steve Thorne/Redferns/Getty Images)

I think everyone is aware of the trick with invisible ink. Write your message in lemon juice on paper, and when the juice dries it cannot be seen. But if you heat the paper, the lemon juice reacts with it and turns brown, bringing forth your shining prose for all to read.

That's so old school—I want laser powered invisible writing (and, no, I am not paid to make sense. Why do you ask?). Since lasers are what make life worthwhile, others evidently felt the same. Lo and behold, there has now been laser-powered invisible writing.

Watching glass glow

To create laser powered invisible writing, we need to delve into how light interacts with matter. Imagine a glass plate. If I shine a laser through the glass plate, pretty much nothing seems to happen. But internally, there is a whole lot going on. The electric field from the laser beam grabs hold of the electrons surrounding the atoms in the glass and gives them a good shaking. As the electrons shake up and down, they absorb and re-emit light from the laser. The color doesn't change, but the light slows down a little.

Read 12 remaining paragraphs | Comments

Man sues Confide: I wouldn’t have spent $7/month if I’d known it was flawed

Ars Technica - Fri, 21/04/2017 - 10:00

Enlarge (credit: Confide)

A man in Michigan has sued Confide, a secure messaging app that is reportedly used by Republicans in the Trump White House, over allegations that the app isn’t nearly as secure when run on a desktop computer, as opposed to a mobile device.

While the app does prevent screenshots on mobile devices, the new lawsuit, which was filed in federal court in New York on Thursday, notes that the app fails to block screenshots on Windows. Similarly, the mac OS and Windows versions both allow for entire messages to be read all at once rather than line-by-line, as the mobile app does. The two desktop platforms also lack a key feature—notification of a screenshot.

"By failing to offer the protections it advertised, Confide not only fails to maintain the confidentiality of messages sent or received by desktop App users, but its entire user base," lawyers for the plaintiff, Jeremy Auman, wrote in their civil complaint.

Read 9 remaining paragraphs | Comments

Rhonda D'Vine: Home

Planet Debian - Fri, 21/04/2017 - 09:01

A fair amount of things happened since I last blogged something else than music. First of all we did actually hold a Debian Diversity meeting. It was quite nice, less people around than hoped for, and I account that to some extend to the trolls and haters that defaced the titanpad page for the agenda and destroyed the doodle entry for settling on a date for the meeting. They even tried to troll my blog with comments, and while I did approve controversial responses in the past, those went over the line of being acceptable and didn't carry any relevant content.

One response that I didn't approve but kept in my mailbox is even giving me strength to carry on. There is one sentence in it that speaks to me: Think you can stop us? You can't you stupid b*tch. You have ruined the Debian community for us. The rest of the message is of no further relevance, but even though I can't take credit for being responsible for that, I'm glad to be a perceived part of ruining the Debian community for intolerant and hateful people.

A lot of other things happened since too. Mostly locally here in Vienna, several queer empowering groups were founding around me, some of them existed already, some formed with the help of myself. We now have several great regular meetings for non-binary people, for queer polyamory people about which we gave an interview, a queer playfight (I might explain that concept another time), a polyamory discussion group, two bi-/pansexual groups, a queer-feminist choir, and there will be an European Lesbian* Conference in October where I help with the organization …

… and on June 21st I'll finally receive the keys to my flat in Que[e]rbau Seestadt. I'm sooo looking forward to it. It will be part of the Let me come Home experience that I'm currently in. Another part of that experience is that I started changing my name (and gender marker) officially. I had my first appointment in the corresponding bureau, and I hope that it won't last too long because I have to get my papers in time for booking my flight to Montreal, and somewhen along the process my current passport won't contain correct data anymore. So for the people who have it in their signing policy to see government IDs this might be your chance to finally sign my key then.

I plan to do a diversity BoF at debconf where we can speak more directly on where we want to head with the project. I hope I'll find the time to do an IRC meeting beforehand. I'm just uncertain how to coordinate that one to make it accessible for interested parties while keeping the destructive trolls out. I'm open for ideas here.

/personal | permanent link | Comments: 3 | Flattr this

Noah Meyerhans: Stretch images for Amazon EC2, round 2

Planet Debian - Fri, 21/04/2017 - 05:37

Following up on a previous post announcing the availability of a first round of AWS AMIs for stretch, I'm happy to announce the availability of a second round of images. These images address all the feedback we've received about the first round. The notable changes include:

  • Don't install a local MTA.
  • Don't install busybox.
  • Ensure that /etc/machine-id is recreated at launch.
  • Fix the security.debian.org sources.list entry.
  • Enable Enhanced Networking and ENA support.
  • Images are owned by the official debian.org AWS account, rather than my personal account.

AMI details are listed on the wiki. As usual, you're encouraged to submit feedback to the cloud team via the cloud.debian.org BTS pseudopackage, the debian-cloud mailing list, or #debian-cloud on irc.

Dirk Eddelbuettel: Rblpapi 0.3.6

Planet Debian - Fri, 21/04/2017 - 02:36

Time for a new release of Rblpapi -- version 0.3.6 is now on CRAN. Rblpapi provides a direct interface between R and the Bloomberg Terminal via the C++ API provided by Bloomberg Labs (but note that a valid Bloomberg license and installation is required).

This is the seventh release since the package first appeared on CRAN last year. This release brings a very nice new function lookupSecurity() contributed by Kevin Jin as well as a number of small fixes and enhancements. Details below:

Changes in Rblpapi version 0.3.6 (2017-04-20)
  • bdh can now store in double preventing overflow (Whit and John in #205 closing #163)

  • bdp documentation has another ovveride example

  • A new function lookupSecurity can search for securities, optionally filtered by yellow key (Kevin Jin and Dirk in #216 and #217 closing #215)

  • Added file init.c with calls to R_registerRoutines() and R_useDynamicSymbols(); also use .registration=TRUE in useDynLib in NAMESPACE (Dirk in #220)

  • getBars and getTicks can now return data.table objects (Dirk in #221)

  • bds has improved internal protect logic via Rcpp::Shield (Dirk in #222)

Courtesy of CRANberries, there is also a diffstat report for the this release. As always, more detailed information is on the Rblpapi page. Questions, comments etc should go to the issue tickets system at the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Syndicate content