Tech Today w/ Ken May

Featured entries

45,000 years ago, in an area that is now part of Ethiopia, humans found a roomy cave at the base of a limestone cliff and turned it into a special kind of workshop. Inside, they built up a cache of over 40 kilograms of reddish stones high in iron oxide. Using a variety of tools, they ground the stones into different colored powders: deep reds, glowing yellows, rose grays. Then they treated the powder by heating it or mixing it with other ingredients to create the world’s first paint. For at least 4,500 years, people returned to this cave, known today as Porc-Epic, covering its walls in symbols and inking their bodies and clothes. Some anthropologists call it the first artist’s workshop. Now, a new study in PLoS One suggests that the cave offers us a new way to understand cultural continuity in the Middle Stone Age, when humans were first becoming sophisticated toolmakers and artisans. Paleoscientists Daniela Eugenia Rosso, Francesco d’Errico, and Alain Queffelec have sorted through the 4,213 pieces of ochre found in the cave, analyzing the layers of history they represent. They argue that Porc-Epic is a rare continuous record of how humans pass on knowledge and rituals across dozens of generations. Read 8 remaining paragraphs | Comments

FCC stonewalls demands for evidence of cyberattack

Posted by kenmay on May - 24 - 2017

The FCC swears that a denial of service attack hit its servers hours after Last Week Tonight ‘s John Oliver rallied support for net neutrality, but where’s the evidence? Well, don’t expect it any time soon. In an interview with ZDNet , the regulator’s David Bray says the FCC won’t release the logs that might show who was responsible for the incident. The logs contain private info like IP addresses, he says. Bray does note that there wasn’t a botnet involved, though — instead, the traffic came from commercial cloud services using the FCC’s public programming interface. But if it wasn’t a botnet, then who was involved? Some critics are concerned that the FCC isn’t exactly being forthright. The advocacy group Fight for the Future tells ZDNet that the FCC should disclose information “to the appropriate authorities and to journalists” to have them investigate the data while maintaining privacy. And if there’s an organization behind the attack, the group says, the FCC should divulge who it is. That it isn’t is worrying — does the Commission not know, or is it trying to hide the origins? Fight for the Future is concerned that the traffic is either from net neutrality supporters (and thus evidence that the FCC couldn’t/wouldn’t handle opposition to its net neutrality rollback ) or opponents trying to stifle criticism. And unfortunately, there’s circumstantial evidence that might support either theory. Anti-net neutrality bots recently flooded the FCC’s comments, and Chairman Ajit Pai even suggested that he might honor these obviously fake statements. It doesn’t help that the FCC has since gone into a “sunshine period” where it won’t take new public comments on decisions. And it’s no secret that telecoms are less than fond of net neutrality proponents, especially when they try to expose astroturfing campaigns . Simply put, both the current FCC and internet providers have a vested interest in downplaying net neutrality’s supporters while enshrining its critics. The FCC says it has since upgraded its website to better handle loads, so it isn’t completely unresponsive. Without more disclosures about what happened around the attack, though, it’s impossible to know just how honest it really is — and it’s not helping its case by being unresponsive to public outcries. Via: Gizmodo Source: ZDNet (1) , (2)

New York forces smart lock maker to improve its security

Posted by kenmay on May - 24 - 2017

Smart locks promise the security of a traditional lock without the need to carry around a key. Most can be unlocked with a mobile app or an RFID-equipped card you can store in your wallet. Unfortunately, they’re also pretty easy to hack open. The office of New York’s attorney general, Eric T. Schneiderman, announced a settlement today with one such smart lock manufacturer. Utah-based Safetech Products has agreed to encrypt all of its smart lock passwords, electronic keys and other credentials within its locks, prompt users to change the default password upon initial setup and establish a more comprehensive security program. Safetech makes both padlocks and door locks, each available on Amazon. According to the New York AG’s office, independent security researchers found that the company’s locks did not secure passwords or other security information in its locks, which left customers open to hacking and theft. “Companies employing new technologies must implement and promote good security practices and ensure that their products are secure, including through the use of encryption, ” Schneiderman said in a statement. “Together, with the help of companies like Safetech, we can safeguard against breaches and illegal intrusions on our private data.” While this may be the first time an attorney general has taken legal action against a smart lock company like this, it won’t likely be the last. Kwikset was sued recently for its Smart key lock’s alleged culpability in the rape and murder of a young woman in Florida by the building security guard. While not a true smart lock, the lock in question has a programmable cylinder that can be made to work with any key, which can be used to give temporary access to anyone. It’s also easily broken into with a screwdriver and a paper clip. As we all turn to smart devices and the Internet of Things in our lives, it becomes even more important to make sure we’re being protected from both hackers and ourselves. The settlement with Safetech could be the first big step towards companies building better security into their smart devices. The devices in our homes are increasingly connected to the internet—posing new privacy & security risks to consumers. We’re taking action. — Eric Schneiderman (@AGSchneiderman) May 23, 2017 Source: New York Attorney General’s office

Enlarge / The “high bay” at Boeing’s Satellite Development Center in El Segundo, California. A Boeing employee sold documents from the plant to an FBI undercover agent posing as a Russian intelligence agent. Gregory Allen Justice, a 49-year-old engineer living in Culver City, Calif., has pleaded guilty to charges of attempted economic espionage and attempted violation of the Export Control Act. Justice, who according to his father worked for Boeing Satellite Systems in El Segundo, Calif., was arrested last July after selling technical documents about satellite systems to someone he believed to be a Russian intelligence agent. Instead, he sold the docs to an undercover Federal Bureau of Investigation employee. The sting was part of a joint operation by the FBI and the US Air Force Office of Special Investigations. The documents provided by Justice to the undercover agent included information on technology on the US Munitions List, meaning they were regulated by government International Trade in Arms regulations (ITAR). “In exchange for providing these materials during a series of meeting between February and July of 2016, Justice sought and received thousands of dollars in cash payments,” a Justice Department spokesperson said in a statement. “During one meeting, Justice and the undercover agent discussed developing a relationship like one depicted on the television show ‘The Americans.'” Just before he was arrested, Justice offered to take the agent on a tour of the facility where he worked—where he told the agent “all military satellites were built,” according Justice’s plea agreement. Read 1 remaining paragraphs | Comments

Microsoft made the Surface Pro both lighter and quieter

Posted by kenmay on May - 23 - 2017

Microsoft has mostly left the Surface Pro line untouched since late 2015, but the company is finally giving it a long overdue refresh today. Announced at an event in Shanghai earlier, the new machine — now simply dubbed Surface Pro — packs Intel’s 7th-gen Core processors ( Kaby Lake ; m3, i5 and i7 flavors), an enhanced PixelSense display, optional LTE Advanced radio and a battery life of up to 13.5 hours for video playback, which is a notable jump from the old nine hours. Oh, and there’s no longer a fan for the m3 and i5 models. Simply put, Microsoft calls this “the lightest, the best sounding, the fastest and the quietest Surface Pro ever, ” and the company was keen to claim that its own machine is 1.7 times faster than the iPad Pro . While the machine itself looks pretty much the same as before from afar, up close you’ll notice the slightly rounded edges. What’s also not immediately noticeable is the new hinge design: you can now push it all the way down to 165 degrees — or “Studio Mode, ” as Microsoft would like to call it. Even the Surface Pen has been given a spec bump: the old 1, 024-level pressure sensitivity is now at 4, 096 levels, and it comes with tilt sensitivity along with a speedy 21ms latency. Much like the recently announced Surface Laptop line, the new Surface Pro comes with an Alcantara keyboard in three colors: platinum, cobalt blue and burgundy. Pre-order starts today at $799 and up, with specs starting from 128GB SSD plus 4GB RAM all the way up to 1TB SSD plus 16GB RAM, and it’s shipping in mid-June. This mid-cycle update was expected after Surface chief Panos Panay said that a Surface Pro 5 wouldn’t appear until there’s “an experiential change that makes a huge difference in product line.” Even then, this new Surface Pro does manage to pack a few surprises, so it should keep us entertained for the time being. And if that doesn’t scratch the itch, you could just buy one of the many alternatives from other hardware makers. Jon Fingas contributed to this post. Source: Microsoft

Bitcoin Price Hits Fresh Record High Above $2,200

Posted by kenmay on May - 23 - 2017

An anonymous reader writes: Monday marks the seven-year anniversary of Bitcoin Pizza Day — the moment a programmer named Laszlo Hanyecz spent 10, 000 bitcoin on two Papa John’s pizzas. More important than the episode being widely recognized as the first transaction using the cryptocurrency is what it tells us about the bitcoin rally that saw it break through the $2, 100 mark on Monday. Bitcoin was trading as high as $2, 185.89 in the early hours of Monday morning, hitting a fresh record high, after first powering through the $2, 000 barrier over the weekend, according to CoinDesk data. Throughout the weekend, the value of cryptocurrency was looming around $2, 000. Read more of this story at Slashdot.

New OS/2 Warp Operating System ‘ArcaOS’ 5.0 Released

Posted by kenmay on May - 22 - 2017

The long-awaited modern OS/2 distribution from Arca Noae was released Monday. martiniturbide writes: ArcaOS 5.0 is an OEM distribution of IBM’s discontinued OS/2 Warp operating system. ArcaOS offers a new set of drivers for ACPI, network, USB, video and mouse to run OS/2 in newer hardware. It also includes a new OS installer and open source software like Samba, Libc libraries, SDL, Qt, Firefox and OpenOffice… It’s available in two editions, Personal ($129 with an introductory price of $99 for the first 90 days [and six months of support and maintenance updates]) and Commercial ($239 with one year of support and maintenance). The OS/2 community has been called upon to report supported hardware, open source any OS/2 software, make public as much OS/2 documentation as possible and post the important platform links. OS2World insists that open source has helped OS/2 in the past years and it is time to look under the hood to try to clone internal components like Control Program, Presentation Manager, SOM and Workplace Shell. By Tuesday Arca Noae was reporting “excessive traffic on the server which is impacting our ordering and delivery process, ” though the actual downloads of the OS were unaffected, the server load issues were soon mitigated, and they thanked OS/2 enthusiasts for a “truly overwhelming response.” Read more of this story at Slashdot.

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload. EternalRocks is far more complex than WannaCry’s SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received. Last but not least, the worm does not have a killswitch domain, which means the worm can’t be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm’s owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo. Ars Technica quotes security researchers who say “there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April… These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch.” Read more of this story at Slashdot.

A lot of the technology billed as holographic, well, isn’t. Not even HoloLens . Real holography requires a laser-generated 3D image, and it’s no mean feat to stuff that into something you can comfortably wear. Microsoft just made some important progress, however. Its researchers have developed a true, near-eye holographic whose optics can fit inside a regular pair of glasses. The mirrors and the liquid crystal on silicon needed to achieve the effect sit inside the frame — it’s only the electronics that have to stay outside. While this extra-compact size would normally result in an unusable picture, corrections in the holographic projector make it easy to read details down to individual pixels. The tech giant has also tackled some problems with generating those holograms. Its team took advantage of eye-tracked rendering (that is, providing the most visual detail where you’re looking) and GPU-boosted algorithms to generate high-detail holograms in real time, complete with realistic focus and vision correction. You wouldn’t necessarily need a set of corrective eyewear to compensate for astigmatism or other eyesight issues. Microsoft is quick to point out that this doesn’t necessarily hint at its hardware plans. It’s just as well — the tech still faces some serious limitations. Besides the necessity of external electronics, the glasses only produce a monoscopic picture. A stereoscopic image is another challenge altogether. If everything comes together, though, you could have a real holographic display that’s comfortable to wear all day long. Whether you’re a doctor , designer or gamer , you could plunge yourself into augmented reality without a bulky headset weighing you down. Source: Microsoft Research

Enlarge (credit: Adrien Guinet ) Owners of some Windows XP computers infected by the WCry ransomware may be able to decrypt their data without making the $300 to $600 payment demand, a researcher said Thursday. Adrien Guinet, a researcher with France-based Quarkslab, has released software that he said allowed him to recover the secret decryption key required to restore an infected XP computer in his lab. The software has not yet been tested to see if it works reliably on a large variety of XP computers, and even when it does work, there are limitations. The recovery technique is also of limited value because Windows XP computers weren’t affected by last week’s major outbreak of WCry. Still, it may be helpful to XP users hit in other campaigns. “This software has only been tested and known to work under Windows XP,” he wrote in a readme note accompanying his app , which he calls Wannakey. “In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!” Read 7 remaining paragraphs | Comments