Chinese government officials have been very vocal in their opposition to the deployment of the Terminal High-Altitude Air Defense (THAAD) system in South Korea, raising concerns that the anti-ballistic missile system's sensitive radar sensors could be used for espionage. And according to researchers at the information security firm FireEye, Chinese hackers have transformed objection to action by targeting South Korean military, government, and defense industry networks with an increasing number of cyberattacks. Those attacks included a denial of service attack against the website of South Korea's Ministry of Foreign Affairs, which the South Korean government says originated from China.
FireEye's director of cyber-espionage analysis John Hultquist told the Wall Street Journal that FireEye had detected a surge in attacks against South Korean targets from China since February, when South Korea announced it would deploy THAAD in response to North Korean missile tests. The espionage attempts have focused on organizations associated with the THAAD deployment. They have included "spear-phishing" e-mails carrying attachments loaded with malware along with "watering hole" attacks that put exploit code to download malware onto websites frequented by military, government, and defense industry officials.
FireEye claims to have found evidence that the attacks were staged by two groups connected to the Chinese military. One, dubbed Tonto Team by FireEye, operates from the same region of China as previous North Korean hacking operations. The other is known among threat researchers as APT10, or "Stone Panda"—the same group believed to be behind recent espionage efforts against US companies lobbying the Trump administration on global trade. These groups have also been joined in attacks by two "patriotic hacking" groups not directly tied to the Chinese government, Hultquist told the Journal—including one calling itself "Denounce Lotte Group" targeting the South Korean conglomerate Lotte. Lotte made the THAAD deployment possible through a land swap with the South Korean government.
How hard it is to write a compiler for Haskell Core? Not too hard, actually!
I wish we had a formally verified compiler for Haskell, or at least for GHC’s intermediate language Core. Now formalizing that part of GHC itself seems to be far out of reach, with the many phases the code goes through (Core to STG to CMM to Assembly or LLVM) and optimizations happening at all of these phases and the many complicated details to the highly tuned GHC runtime (pointer tagging, support for concurrency and garbage collection).Introducing Veggies
So to make that goal of a formally verified compiler more feasible, I set out and implemented code generation from GHC’s intermediate language Core to LLVM IR, with simplicity as the main design driving factor.
You can find the result in the GitHub repository of veggies (the name derives from “verifiable GHC”). If you clone that and run ./boot.sh some-directory, you will find that you can use the program some-directory/bin/veggies just like like you would use ghc. It comes with the full base library, so your favorite variant of HelloWorld might just compile and run.
As of now, the code generation handles all the Core constructs (which is easy when you simply ignore all the types). It supports a good number of primitive operations, including pointers and arrays – I implement these as need – and has support for FFI calls into C.Why you don't want to use Veggies
Since the code generator was written with simplicity in mind, performance of the resulting code is abysmal: Everything is boxed, i.e. represented as pointer to some heap-allocated data, including “unboxed” integer values and “unboxed” tuples. This is very uniform and simplifies the code, but it is also slow, and because there is no garbage collection (and probably never will be for this project), will fill up your memory quickly.
Also, the code is currently only supports 64bit architectures, and this is hard-coded in many places.
There is no support for concurrency.Why it might be interesting to you nevertheless
So if it is not really usable to run programs with, should you care about it? Probably not, but maybe you do for one of these reasons:
So feel free to play around with veggies, and report any issues you have on the GitHub repository.
Dota 2 maker Valve is taking serious action to cut down on the prevalence of smurfing—using a secondary account in order to play against opponents of a lower skill level. Starting next month, Dota 2 players will need to have a unique, valid phone number associated with their account to take part in the game's ranked matchmaking pool.
Ideally, the move will ensure that a single person can only have a single Dota 2 account, so highly skilled players can't pretend to be novices in a ranked match. Unranked play will be unaffected by the change.
Valve says that "online services that provide phone numbers are not allowed," so potential workarounds to create a new "valid" number shouldn't work. In North America, data from the FCC-backed NANPA can help determine the source of any such online phone numbers, but it's unclear whether Valve will also be able to confirm international numbers in a similar way.
The past few months have been a humbling time for Samsung. The Galaxy Note 7's explosive debut and double recall eventually led to an unprecedented cancellation of Samsung's flagship device. The recall process and resulting investigation kept the company's name in the mud for months and months. Memes were created across the Internet, property was damaged, and everyone visiting an airport was constantly reminded that Samsung produced a faulty device. To top it all off, the head of Samsung Group and several other Samsung executives were indicted on corruption allegations, with at least one person resigning as a result.
Now Samsung is ready to move on from those dark times with the launch of a new flagship, the Galaxy S8. It has a lot riding on the S8's success, and the company seems ready to rise to the occasion. The S8 is one of Samsung's strongest flagship offerings ever, with an all-new design, slim bezels, and the debut of a speedy new processor. Since this is a Samsung flagship, it will also be backed by dump trucks full of marketing dollars ensuring it will be featured in every commercial break, be on every billboard, and have prime real estate at every electronics store.
Tesla is voluntarily recalling 53,000 Model S and Model X electric vehicles because of problems with the parking brake. As was the case for Tesla's last recall, the company is blaming someone else for the issue. Specifically, the electric parking brakes installed on the EVs "may contain a small gear that could have been manufactured improperly by our third-party supplier."
Unlike the seatbelt recall that affected 90,000 Model S EVs or the Model X recall for faulty rear seats, this issue does not appear to cause a safety risk in the event of a crash. Rather, Tesla says that should the gear break, the car will be stuck with the parking brake on, and therefore will be unable to move.
Quality control issues have plagued the young carmaker. Both the Wall Street Journal and Consumer Reports lambasted the Model X, and many electric motors in early Model S sedans appeared unable to last more than 60,000 miles.
There has been a lot of talk about the millions of people worldwide whose homes will be at the mercy of rising sea levels. Within the US, a 1.8-meter rise in the oceans by 2100 could displace as many as 13.1 million people. Worldwide, up to 180 million people could be at risk.
There has been less talk about where exactly those people will go when they leave their homes. Research on climate migration has painted sea level rise as “primarily a coastal issue,” writes Mathew E. Hauer in Nature Climate Change this week. But the inland regions that absorb climate change migrants will need to have sufficient transport, housing, and infrastructure to absorb the migrants.
To get a picture of what this might look like within the US, Hauer combined two different sets of data in a predictive model. This kind of model relies on a lot of different assumptions, but it provides a starting sketch of what the impact on inland areas might be.
Fansubbing—the unofficial creation of fan-made subtitles for TV shows and movies—is illegal, a Dutch court ruled this week.
The Free Subtitles Foundation, after coming under fire from the Netherlands' anti-piracy association BREIN, decided to raise some money and take BREIN to court. The Foundation's lawyer told TorrentFreak that the lawsuit sought to clarify whether the creators of a TV show or movie can reserve the right to create and distribute subtitles.
And indeed, that's exactly what the court ruled: that subtitles can only be created and distributed with permission from the rights holders. Doing so without permission is copyright infringement, and thus punishable with either jail time or a fine, depending on where you live.
AUSTIN, Texas—TV pilots ain't what they used to be, as the Netflix model takes much of the weight off a first episode's shoulders. Series can take their time revealing characters, unfolding plots, or even having much of the plot take place in a single episode.
Weirdly, the first hour-long episode of Starz' new American Gods series feels like a relic of that older era—in all of the best ways. This is TV built to stun, with equal parts momentum and cautious pauses, and it won't embarrass fans of its source material. The Neil Gaiman novel of the same name has no shortage of mystery, intrigue, and surprise in its first few dozen pages. Starz' take on the book manages to follow its every major plot thread to a satisfying degree, all while setting into motion a solid framework for how we should expect the modern-fantasy epic to unravel.Vikings soaked in corn-syrup blood
I think everyone is aware of the trick with invisible ink. Write your message in lemon juice on paper, and when the juice dries it cannot be seen. But if you heat the paper, the lemon juice reacts with it and turns brown, bringing forth your shining prose for all to read.
That's so old school—I want laser powered invisible writing (and, no, I am not paid to make sense. Why do you ask?). Since lasers are what make life worthwhile, others evidently felt the same. Lo and behold, there has now been laser-powered invisible writing.Watching glass glow
To create laser powered invisible writing, we need to delve into how light interacts with matter. Imagine a glass plate. If I shine a laser through the glass plate, pretty much nothing seems to happen. But internally, there is a whole lot going on. The electric field from the laser beam grabs hold of the electrons surrounding the atoms in the glass and gives them a good shaking. As the electrons shake up and down, they absorb and re-emit light from the laser. The color doesn't change, but the light slows down a little.
A man in Michigan has sued Confide, a secure messaging app that is reportedly used by Republicans in the Trump White House, over allegations that the app isn’t nearly as secure when run on a desktop computer, as opposed to a mobile device.
While the app does prevent screenshots on mobile devices, the new lawsuit, which was filed in federal court in New York on Thursday, notes that the app fails to block screenshots on Windows. Similarly, the mac OS and Windows versions both allow for entire messages to be read all at once rather than line-by-line, as the mobile app does. The two desktop platforms also lack a key feature—notification of a screenshot.
"By failing to offer the protections it advertised, Confide not only fails to maintain the confidentiality of messages sent or received by desktop App users, but its entire user base," lawyers for the plaintiff, Jeremy Auman, wrote in their civil complaint.
A fair amount of things happened since I last blogged something else than music. First of all we did actually hold a Debian Diversity meeting. It was quite nice, less people around than hoped for, and I account that to some extend to the trolls and haters that defaced the titanpad page for the agenda and destroyed the doodle entry for settling on a date for the meeting. They even tried to troll my blog with comments, and while I did approve controversial responses in the past, those went over the line of being acceptable and didn't carry any relevant content.
One response that I didn't approve but kept in my mailbox is even giving me strength to carry on. There is one sentence in it that speaks to me: Think you can stop us? You can't you stupid b*tch. You have ruined the Debian community for us. The rest of the message is of no further relevance, but even though I can't take credit for being responsible for that, I'm glad to be a perceived part of ruining the Debian community for intolerant and hateful people.
A lot of other things happened since too. Mostly locally here in Vienna, several queer empowering groups were founding around me, some of them existed already, some formed with the help of myself. We now have several great regular meetings for non-binary people, for queer polyamory people about which we gave an interview, a queer playfight (I might explain that concept another time), a polyamory discussion group, two bi-/pansexual groups, a queer-feminist choir, and there will be an European Lesbian* Conference in October where I help with the organization …
… and on June 21st I'll finally receive the keys to my flat in Que[e]rbau Seestadt. I'm sooo looking forward to it. It will be part of the Let me come Home experience that I'm currently in. Another part of that experience is that I started changing my name (and gender marker) officially. I had my first appointment in the corresponding bureau, and I hope that it won't last too long because I have to get my papers in time for booking my flight to Montreal, and somewhen along the process my current passport won't contain correct data anymore. So for the people who have it in their signing policy to see government IDs this might be your chance to finally sign my key then.
I plan to do a diversity BoF at debconf where we can speak more directly on where we want to head with the project. I hope I'll find the time to do an IRC meeting beforehand. I'm just uncertain how to coordinate that one to make it accessible for interested parties while keeping the destructive trolls out. I'm open for ideas here.
Following up on a previous post announcing the availability of a first round of AWS AMIs for stretch, I'm happy to announce the availability of a second round of images. These images address all the feedback we've received about the first round. The notable changes include:
AMI details are listed on the wiki. As usual, you're encouraged to submit feedback to the cloud team via the cloud.debian.org BTS pseudopackage, the debian-cloud mailing list, or #debian-cloud on irc.
Time for a new release of Rblpapi -- version 0.3.6 is now on CRAN. Rblpapi provides a direct interface between R and the Bloomberg Terminal via the C++ API provided by Bloomberg Labs (but note that a valid Bloomberg license and installation is required).
This is the seventh release since the package first appeared on CRAN last year. This release brings a very nice new function lookupSecurity() contributed by Kevin Jin as well as a number of small fixes and enhancements. Details below:Changes in Rblpapi version 0.3.6 (2017-04-20)
bdp documentation has another ovveride example
Added file init.c with calls to R_registerRoutines() and R_useDynamicSymbols(); also use .registration=TRUE in useDynLib in NAMESPACE (Dirk in #220)
getBars and getTicks can now return data.table objects (Dirk in #221)
bds has improved internal protect logic via Rcpp::Shield (Dirk in #222)
Courtesy of CRANberries, there is also a diffstat report for the this release. As always, more detailed information is on the Rblpapi page. Questions, comments etc should go to the issue tickets system at the GitHub repo.