ThreatPost reported on some big research last week: A proof-of-concept attack has been pioneered that "fully and practically" breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering. The exploit was developed by Gaëtan Leurent and Thomas Peyrin, academic researchers at Inria France and Nanyang Technological University/Temasek Laboratories in Singapore. They noted that because the attack is much less complex and cheaper than previous PoCs, it places such attacks within the reach of ordinary attackers with ordinary resources. "This work shows once and for all that SHA-1 should not be used in any security protocol where some kind of collision resistance is to be expected from the hash function," the researchers wrote. "Continued usage of SHA-1 for certificates or for authentication of handshake messages in TLS or SSH is dangerous, and there is a concrete risk of abuse by a well-motivated adversary. SHA-1 has been broken since 2004, but it is still used in many security systems; we strongly advise users to remove SHA-1 support to avoid downgrade attacks." Given the footprint of SHA-1, Leurent and Peyrin said that users of GnuPG, OpenSSL and Git could be in immediate danger. Long-time Slashdot reader shanen writes, "I guess the main lesson is that you can never be too sure how long any form of security will remain secure."

Read more of this story at Slashdot.

One police detective bragged that photos "could be covertly taken with a telephoto lens" then input into Clearview AI's database of more than three billion scraped images to immediately identify suspects. Long-time Slashdot reader v3rgEz writes: For the past year, government transparency non-profits and Open the Government have been digging into how local police departments around the country use facial recognition. The New York Times reports on their latest discovery: That a Peter Thiel-backed startup Clearview has scraped Facebook, Venmo, and dozens of other social media sites to create a massive, unregulated tool for law enforcement to track where you were, who you were with, and more, all with just a photo. Read the Clearview docs yourself and file a request in your town to see if your police department is using it. The Times describes Clearview as "the secretive company that might end privacy as we know it," with one of the company's early investors telling the newspaper that because information technology keeps getting more powerful, he's concluded that "there's never going to be privacy." He also expresses his belief that technology can't be banned, then acknowledges "Sure, that might lead to a dystopian future or something, but you can't ban it."

Read more of this story at Slashdot.

Slashdot reader JoshuaZ writes: In a major breakthrough in quantum computing it was shown that MIP* equals RE. MIP* is the set of problems that can be efficiently demonstrated to a classical computer interacting with multiple quantum computers with any amount of shared entanglement between the quantum computers. RE is the set of problems which are recursive; this is essentially all problems which can be computed. This result comes through years of deep development of understanding interactive protocols, where one entity, a verifier, has much less computing power than another set of entities, provers, who wish to convince the verifier of the truth of a claim. In 1990, a major result was that a classical computer with a polynomial amount of time could be convince of any claim in PSPACE by interacting with an arbitrarily powerful classical computer. Here PSPACE is the set of problems solvable by a classical computer with a polynomial amount of space. Subsequent results showed that if one allowed a verifier able to interact with multiple provers, the verifier could be convinced of a solution of any problem in NEXPTIME, a class conjectured to be much larger than PSPACE. For a while, it was believed that in the quantum case, the set of problems might actually be smaller, since multiple quantum computers might be able to use their shared entangled qubits to "cheat" the verifier. However, this has turned out not just to not be the case, but the exact opposite: MIP* is not only large, it is about as large as a computable class can naturally be. This result while a very big deal from a theoretical standpoint is unlikely to have any immediate applications since it supposes quantum computers with arbitrarily large amounts of computational power and infinite amounts of entanglement. The paper in question is a 165 tour de force which includes incidentally showing that the The Connes embedding conjecture, a 50 year old major conjecture from the theory of operator algebras, is false.

Read more of this story at Slashdot.

Tuxedo Computers "has teamed up with Manjaro to tease not one, not two, but several" Linux laptops, Forbes reports: The Tuxedo Computers InfinityBook Pro 15...can be loaded with up to 64GB of RAM, a 10th-generation Intel Core i7 CPU, and as high as a 2TB Samsung EVO Plus NVMe drive. You can also purchase up to a 5-year warranty, and user-installed upgrades will not void the warranty... Manjaro Lead Project Developer Philip Müller also teased a forthcoming AMD Ryzen laptop [on Forbes' "Linux For Everyone" podcast]. "Yes, we are currently evaluating which models we want to use because the industry is screaming for that," Müller says. "In the upcoming weeks we might get some of those for internal testing. Once they're certified and the drivers are ready, we'll see when we can launch those." Müller also tells me they're prepping what he describes as a "Dell XPS 13 killer." "It's 10th-generation Intel based, we will have it in 14-inch with a 180-degree lid, so you can lay it flat on your desk if you like," he says. The Manjaro/Tuxedo Computers partnership will also offer some intense customization options, Forbes adds. "Want your company logo laser-etched on the lid? OK. Want to swap out the Manjaro logo with your logo on the Super key? Sure, no problem. Want to show off your knowledge of fictional alien races? Why not get a 100% Klingon keyboard?"

Read more of this story at Slashdot.

"I've grown quite fond of the docker container runtime. It's easy to install and use, and many of the technologies I write about depend upon this software," writes TechRepublic/Linux.com contributor Jack Wallen. "But Red Hat has other plans." The company decided -- seemingly out of the blue -- to drop support for the docker runtime engine. In place of docker came Podman. When trying to ascertain why Red Hat split with Docker, nothing came clear. Sure, I could easily draw the conclusion that Red Hat had grown tired of the security issues surrounding Docker and wanted to take matters in their own hands. There was also Red Hat's issue with "no big fat daemons." If that's the case, how do they justify their stance on systemd? Here's where my tinfoil hat comes into play. Understand this is pure conjecture here and I have zero facts to back these claims up... Red Hat is now owned by IBM. IBM was desperate to gain serious traction within the cloud. To do that, IBM needed Red Hat, so they purchased the company. Next, IBM had to score a bit of vendor lock-in. Using a tool like docker wouldn't give them that lock-in. However, if Red Hat developed and depended on their own container runtime, vendor lock-in was attainable.... Red Hat has jettisoned a mature, known commodity for a less-mature, relatively unknown piece of software -- without offering justification for the migration.... Until Red Hat offers up a sound justification for migrating from the docker container engine to Podman, there's going to be a lot of people sporting tinfoil hats. It comes with the territory of an always-connected world. And if it does turn out to be an IBM grab for vendor lock-in, there'll be a lot of admins migrating away from RHEL/CentOS to the likes of Ubuntu Server, SUSE/openSUSE, Debian, and more. Red Hat's product manager of containers later touted Podman's ability to deploy containers without root access privileges in an interview with eWeek. "We felt the sum total of its features, as well as the project's performance, security and stability, made it reasonable to move to 1.0. Since Podman is set to be the default container engine for the single-node use case in Red Hat Enterprise Linux 8, we wanted to make some pledges about its supportability." And a Red Hat spokesperson also shared their position with The New Stack. "We saw our customer base wanting the container runtime lifecycle baked-in to the OS or in delivered tandem with OpenShift."

Read more of this story at Slashdot.

schwit1 shared this report from the defense news site Task & Purpose: The computer-based logistics system of the F-35 stealth fighter jet made by Lockheed Martin, which has been plagued by delays, will be replaced by another network made by the same company, a Pentagon official said on Tuesday. The Autonomic Logistics Information System (ALIS) was designed to underpin the F-35 fleet's daily operations, ranging from mission planning and flight scheduling to repairs and scheduled maintenance, as well as the tracking and ordering of parts... ALIS was blamed for delaying aircraft maintenance, one of the very things it was meant to facilitate. "One Air Force unit estimated that it spent the equivalent of more than 45,000 hours per year performing additional tasks and manual workarounds because ALIS was not functioning as needed," the GAO said in a November report.

Read more of this story at Slashdot.

As part of Microsoft's effort to reduce more atmospheric carbon than it emits, the company has announced a $1 billion "Climate Innovation Fund," reports GeekWire: Microsoft said the new fund will leverage its balance sheet to loan money and take equity stakes in ventures to encourage the development of new environmental innovations. The money will be invested over the next four years. The company cited four criteria for investments, including sustainability initiatives, market impact, technological advances, and climate equity, addressing the tendency of climate change to disproportionately hurt people in developing countries. "We deeply understand this is just a fraction of what is needed to solve this problem," said Amy Hood, the company's chief financial officer, outlining the plan at the event Thursday morning.... Microsoft said it is signing the United Nations' 1.5-degree Business Ambition Pledge, and said it will publicly track its progress in an annual Environmental Sustainability Report. The article notes that Bill Gates "reviewed Microsoft's new initiative but wasn't involved in its creation." Gates has his own $1 billion Breakthrough Energy Ventures fund and has meanwhile also invested in mini nuclear reactors to address climate change. And this spring he'll release a book titled "How to Avoid a Climate Disaster: The Solutions We Have and the Breakthroughs We Need."

Read more of this story at Slashdot.

There was a great New Yorker article in September 2016 that laid out what a Trump presidency would be like. We need to do that again. We're staring at the next level. What if Trump succeeds at fully taking over the government? What if he's exonerated? What will that be like?

Today's song: Anything goes.

People are cackling over the design of the Space Force uniform. Why do they need camouflage in space? Obviously it's not really a priority. I'm a big believer in prior art, and there's an obvious choice here. License the design of the Star Trek uniforms from whoever owns them. It has the advantage of looking vaguely futuristic, and it makes Star Trek downright prescient. That is if the Space Force ever amounts to anything.

You know now that I've said it, RSS really is not a good way to read my blog. The right way is to wait until the day is over and read all of it from top to bottom. That's the way I put it together. It's a daily cycle thing. So subscribe to the email. And perhaps we need a new kind of reader that doesn't have the limits of email (I'm well aware of them, having written my own email distribution software) and RSS (ditto).

"SpaceX is setting out to prove a critical safety system will be able to save astronaut lives in the event of a launch emergency during ascent," reports CNET: The Crew Dragon in-flight abort test...is a required step before NASA will allow astronauts to fly to the International Space Station in the SpaceX capsule as part of the Commercial Crew Program. [UPDATE: Though they'd originally planned to launch Saturday, SpaceX tweeted early Saturday morning that "due to sustained winds and rough seas in the recovery area" they're now targeting Sunday, January 19, "with a six-hour test window opening at 8:00 a.m. EST, 13:00 UTC." Watch SpaceX's livestream here.] NASA will also livestream the event... Backup test opportunities are set for Sunday or Monday if Saturday doesn't work out. Crew Dragon will take a ride on a Falcon 9 rocket, which won't survive the test. The launch will take place at Florida's Kennedy Space Center, which will allow the rocket to break up over the Atlantic Ocean. It could be quite an eye-opening experience. SpaceX shared an animated video showing how the test is expected to go. If all goes well, the Crew Dragon capsule will separate from the rocket, deploy parachutes and float gently down to the water.... SpaceX successfully sent an uncrewed Crew Dragon to the International Space Station in early 2019. The ultimate goal is to make a return trip with NASA astronauts on board. If the in-flight abort test works out, then the first launch of humans from U.S. soil since the end of the space shuttle era should finally happen in 2020.

Read more of this story at Slashdot.

I've heard a dozen reports about the mystery of how Parnas's friend from Connecticut knew the ambassador's movements and not one person has said that it could be because someone hacked her Google account by phishing her. You don't have to infiltrate the embassy to do that.

Plot for a scifi book. An alien race from a faraway galaxy visits earth. We know they're coming and where they'll land. When they show up, they walk by the humans and greet the dogs. Turns out dogs are the master species of earth. And of course the aliens are canines as well.