Tech Today w/ Ken May

Archive for July 18th, 2017

An anonymous reader writes: “Thai security researcher Worawit Wang has put together an exploit based on ETERNALSYNERGY that can also target newer versions of the Windows operating system, ” reports Bleeping Computer. “ETERNALSYNERGY is one of the NSA exploits leaked by the Shadow Brokers hacking group in April this year. According to a Microsoft technical analysis, the exploit can allow an attacker to execute code on Windows machines with SMB services exposed to external connections. The exploit works up to Windows 8. According to Microsoft, the techniques used in the original ETERNALSYNERGY exploit do not work on newer platforms due to several kernel security improvements. Wang says his exploit targets the same vulnerability but uses a different exploitation technique. His method ‘should never crash a target, ‘ the expert says. ‘Chance should be nearly 0%, ‘ Wang adds.” Combining his exploit with the original ETERNALSYNERGY exploit would allow a hacker to target all Windows versions except Windows 10. This is about 75% of all Windows PCs. The exploit code is available for download from Wang’s GitHub or ExploitDB. Sheila A. Berta, a security researcher for Telefonica’s Eleven Paths security unit, has published a step-by-step guide on how to use Wang’s exploit. Read more of this story at Slashdot.

Categories: reader

Bosch took us for a ride in its level 3 autonomous car

Posted by kenmay on July - 18 - 2017

Bosch provided flights to Frankfurt and three nights’ accommodation for this trip to the Bosch Mobility Experience. Video edited by Jennifer Hahn. (video link) BOXBERG, GERMANY—Are autonomous cars like buses? In one way, yes. You wait ages for a ride in one, and then all of a sudden several show up in short succession. In late June,  we went for a spin in Jack , Audi’s level 3 autonomous test vehicle. Then, a couple of weeks later in Germany at the Bosch Mobility Experience, we got to sample another such vehicle. Read 14 remaining paragraphs | Comments

Categories: reader

State-sponsored hackers have “probably compromised” the UK’s energy industry. A leaked memo from the National Cybersecurity Centre (NCSC) identifies links “from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors.” These threats are “known to target the energy and manufacturing sectors, ” the document says. The memo, obtained by Motherboard and verified by a number of sources, goes on to say that as a result of these connections, “a number of industrial control system engineering and services organisations are likely to have been compromised.” The NCSC has neither confirmed nor denied the authenticity of the memo. However, in a statement given to the BBC it said: “We are aware of reports of malicious cyber-activity targeting the energy sector around the globe … We are liaising with our counterparts to better understand the threat and continue to manage any risks to the UK.” The leaked memo follows claims that Russian hackers have tried to infiltrate America’s nuclear power industry via phishing emails, as well as allegations that Ireland’s Electricity Supply Board has been targeted by groups with links to the Kremlin. These reports appear to be connected, suggesting there may be a large-scale effort brewing to identify vulnerabilities in global energy industry. It appears that despite the hack no actual damage has been done, but we’ve seen the consequences of cyberattacks on critical infrastructure — this development will no doubt call into question the effectiveness of national security once again. Via: The Guardian Source: Motherboard

Categories: reader

Dungeons & Dragons , the quintessential pen-and-paper game, is more popular than ever, thanks to Twitch channels like Geek and Sundry and podcasts like The Adventure Zone . But it’s one thing to listen or watch a presentation crafted by seasoned gamers and another to actually run your own adventure. Players may get frustrated by the hundreds of pages of rules and quit before they’ve even had their first goblin encounter. Wizards of the Coast and social gaming firm Curse aim to fix this with the launch of D&D Beyond , a website and app intended to take care of all the fine print and number crunching, leaving dungeon masters and players free to focus on crafting a good story. While Curse specializes in video game add-ons and communities, D&D Beyond is a different kind of project — a digital companion for a tabletop game. At launch it will mostly consist of a compendium of the rules and world information from D&D ‘s fifth edition, broken down into sections like “spells” and “monsters” that can be either browsed in a list or searched, with plenty of filters to narrow down the exact information required. The current Player’s Handbook and Dungeon Master’s Guide may give you all the information you need to play an adventure, but anyone who’s ever used the books can attest to how hard it is to find anything in them. Many players end up turning to outside wikis and forums to get the information they want instead. Wizards of the Coast has tried over the years to provide some limited online help: Dungeons & Dragons has had digital content since its second edition, and the tools provided for the fourth edition did rather well with players. One thing all of these sites had in common is that they’ve always been meant as a supplement to the game — you still needed to buy the books to play. The eventual goal is for D&D Beyond to completely replace the physical books. That doesn’t mean paper devotees are out of luck — the guides will stay in print as long as there’s demand. But players who prefer to keep everything on their computer or phone will have an official way to do that. While seasoned players will appreciate things like easier-to-access game minutia, it’s newbie adventurers who will benefit the most. For example, character creation has been boiled down to a step-by-step process on the Beyond site that walks you through choosing a race, class and so forth. I used the builder to make an elven ranger and was impressed with how easy it is: After each selection it’ll give you drop-downs for things like expertises and languages, with the weapons and armor you can use clearly marked. When I copied my gnome bard from the game I currently play with friends, it actually showed me a few skill roll bonuses I had missed when I leveled up my character by hand. The sheer complexity of Dungeons & Dragons is what’s made it so hard to build effective digital tools for it, but Project Lead Adam Bradford notes that it’s not the depth that makes it so hard to digitize but the breadth. The game is an open world, ultimately only limited by the imagination of its players. The rules are written as a guide, not a rigid framework for adventurers to operate in. To support freedom of ideas the site allows plenty of manual input, ranging from things as mundane as dice rolls to full-blown homebrew content that can be uploaded to the site’s database. There’s an entire section dedicated to sharing user-generated content where gamers can upvote the best submissions and add anything they find to their “collection.” Even with so much of the game experience being moved online, Curse still envisions people sitting around a table to play Dungeons & Dragons , just with their laptops in front of them. Even if the entire game is run through Beyond, with future iterations of the site keeping track of combat turns, attacks and statuses, players will still need to talk to one another to describe what’s happening. The company also sees the site as a way to make the game more accessible when you’re not playing. When you’re at work or in class you can look at your character, browse for new spells and read backstory anytime you want. By making those little things more accessible during downtime, the actual play sessions can be focused on story, socialization and performance. The idea of Dungeons & Dragons as performance hasn’t always been a prominent part of the brand. Sure, you’re trying to amuse yourself and your friends, but no one was really playing for an audience outside gaming conventions. Now you can watch seasoned players run through campaigns like the Penny Arcade’s Acquisitions Inc. video series. Curse wants to help that phenomenon grow, especially after its sale to Twitch last year. You need a Twitch account to sign up for D&D Beyond, because the company has big plans down the line for integrating D&D campaigns into the streaming site. The idea is that when you set up a stream it’ll be connected to the Beyond page for that particular campaign, displaying relevant infographics on the screen to give viewers a better idea of what’s going on. This will include interactive elements — each player will have her character name displayed, which can be moused over to look at that character sheet — and animations for things like spells or statuses. Games will look a lot more professional, and with most of the rules crunching going on behind the curtain, they will be a lot more entertaining to watch, with an increased emphasis on performance. Features like interactive Twitch streams and the ability to run games completely through the site are big tasks, but Bradford says Curse is in it for the long haul. The first step is to get dungeon master tools up and running later this year, like combat and initiative tracking. There’s been a lot of demand for encounter building — that is, designing battles against monsters and other foes. Encounters form the core of Dungeons & Dragons gameplay, with a typical session usually structured around one or two big battles. Wizards of the Coast sells predesigned adventures, but some players prefer something more customized to their group, especially if they have the type of friends who tend to step outside the box. Beyond will let dungeon masters tweak existing monsters and build entirely new ones: As an example Bradford mentioned a Challenge Rating 12 Mind Flayer that had been separated from its colony. It would be weaker, but how would a player modify its stats? Beyond can eliminate the guesswork, even taking into account small things like how carrying certain magical items might affect the creature. Unfortunately, these tools won’t be ready when Beyond comes out in August. Everything introduced in the current beta is what players should expect at launch. That’s the compendium, character builder and spell book, which will be available free of charge to registered users. Nothing needed to play will be locked away behind a paywall. Instead, the premium tiers will have features that make the site more useful, like the ability to store unlimited characters or use homebrew content. The site will also offer a lot of onetime purchases, like guides and special character classes. Dungeon masters who opt into the most expensive Master Tier will be able to share this content with their players with a click. It certainly beats having to carry around a backpack full of source books to every session. Of course, some people like carrying around heavy bags of books and arguing about attack bonuses. Nothing has to change for them. But for players who really care about collaborative storytelling and love performing, D&D Beyond could be the push they need to give tabletop role-playing a try. It makes Dungeons & Dragons less about the math and more about being someone else for a little while.

Categories: reader

India’s first solar-powered train makes its debut

Posted by kenmay on July - 18 - 2017

India’s diesel-powered train network has a new kid on the block. The gas-guzzling Indian Railway system has just debuted its first solar-powered train, called the Diesel Electric Multiple Unit (DEMU). It will operate in the city of New Delhi. Placement of the solar panels on the train car was challenging. Sandeep Gupta, Vice Chairman and Managing Director of Jakson Engineers Limited (the company that produced and installed the solar panels) told Business Standard , “It is not an easy task to fit solar panels on the roof of train coaches that run at a speed of 80 km per hour.” The panels feed into an onboard battery that can store surplus power. The train will still be pulled by a diesel locomotive; the solar panels will only power passenger comfort systems, such as lights, information displays and fans. Even so, Indian Railways estimates that just one train with six solar-panel equipped cars will save 21, 000 liters (5, 547 gallons) of diesel fuel per year, at a cost savings around Rs12 lakh (almost $20, 000). Indian Railways is the largest rail network in Asia , running around 11, 000 trains daily. The service moves roughly 13 million passengers every day. That translates to incredibly large fuel bills; in 2015, the service spent Rs16, 395 crore ($2.5 billion) on diesel . They’ve been trying to reduce their fuel consumption, in part by more reliance on solar energy; the hope is that it will save them Rs41, 000 crore ($6.31 billion) over the next 10 years. Via: Quartz Source: Business Standard

Categories: reader

When metal rocker Ronnie James Dio was a doo-wop artist

Posted by kenmay on July - 18 - 2017

Before Elf, Rainbow, Black Sabbath, Dio, and Heaven & Hell, late metal legend Ronnie James Dio was a doo-wop artist. (more…)

Categories: reader