New Linux Syscall Enables Secret Memory Even the Kernel Can't Read Slashdotby msmash on os at January 1, 1970, 1:00 am (cached at August 20, 2021, 11:35 pm)

RoccamOccam writes: After many months of development, the memfd_secret() system call was finally merged for the upcoming 5.14 release of Linux. There have been many changes during this feature's development, but its core purpose remains the same: allow a user-space process to create a range of memory that is inaccessible to anybody else -- kernel included. That memory can be used to store cryptographic keys or any other data that must not be exposed to others. Reportedly, it is even safe from processor vulnerabilities like Spectre because secret memory is uncached mapped.

Read more of this story at Slashdot.

Larger Minority in US Says Some UFOs Are Alien Spacecraft Slashdotby msmash on news at January 1, 1970, 1:00 am (cached at August 20, 2021, 11:05 pm)

Gallup: More Americans are taking UFOs seriously than just two years ago. When asked which of two theories better explains UFO sightings, 41% of adults now believe some UFOs involve alien spacecraft from other planets, up eight points from 33% in 2019. Half of Americans, down from 60% in 2019, remain skeptical, saying all UFO sightings can be explained by human activity or natural phenomena. Another 9% are unwilling to venture a guess. The recent change spans a period when UFOs have received significant coverage in mainstream news publications. This includes a spate of articles in 2019 focused on leaked footage of mysterious flying objects taken by Navy pilots. While the Department of Defense has not suggested these or any UFOs involve alien visitors, the Navy has acknowledged the leaked video is authentic, and in 2020, it commissioned a task force to study "unidentified aerial phenomena" (UAP). The latest Gallup results are based on a telephone poll conducted July 6-21. This was less than a month after the Office of the Director of National Intelligence issued its preliminary report on UAPs, stating that the various types of incidents examined likely fall into one of five categories: "airborne clutter, natural atmospheric phenomena, [U.S. government] or U.S. industry development programs, foreign adversary systems and a catchall 'other' bin." The 2019 survey was conducted Aug. 1-14, several months after the Navy UFO footage was first leaked. From 1973 to 2019, Gallup tracked whether Americans thought UFO sightings involved "something real," as opposed to "just people's imaginations." This wording found between 47% and 57% believing they were real, including 56% in 2019. However, it wasn't clear from the question whether "real" meant people thought UFOs involved alien visitors or earthly objects such as drones, military planes or unusual cloud formations. To address that uncertainty, in a separate 2019 poll, Gallup first asked whether any UFOs have been alien spacecraft, with no questions about UFOs immediately preceding it in the survey. Today's update replicated that methodology, thus providing a reliable trend.

Read more of this story at Slashdot.

The New WikiLeaks Slashdotby msmash on it at January 1, 1970, 1:00 am (cached at August 20, 2021, 10:05 pm)

How the transparency collective DDoSecrets eclipsed Julian Assange. From a report: Whereas WikiLeaks cultivated an anti-imperialist mystique centered on the cultish figure of Assange, DDoSecrets professes something more modest: an unvarnished commitment to providing information useful to journalists and concerned citizens. As the DDoSecrets website puts it, data must fulfill two criteria: "Is it in the public interest?" and "Can a prima facie case be made for the veracity of its contents?" If it passes that test -- and the group, which now has approximately 10 members along with an advisory board and volunteer contributors, decides collectively that they can protect their sources -- then they publish the archive, sometimes as an easily downloadable torrent, other times through its slightly more difficult to reach onion site, which requires using the Tor browser. While many archives are published for a wide audience, others are withheld and only offered to journalists upon request; and in some cases, the organization will write about data it receives without publishing its contents. At its best, the work of DDoSecrets reveals the limits of official transparency, of authorized government leaks and incrementalist beat reporting and FOIA requests that yield pages of useless redactions. Nowhere is this more visible than with BlueLeaks. "Reading the unredacted, hacked documents gives a very different picture than the selections you get from an open records officer," said Brendan McQuade, author of Pacifying the Homeland, a book about the modern surveillance state. Based on BlueLeaks information, he wrote articles that exposed police malfeasance and brought attention to a federal whistleblower suit against the Maine Information and Analysis Center, or MIAC. Maine's state house later voted to close the site (although the bill never cleared the Senate). To McQuade, and to the members of DDoSecrets, hacked data provides what official channels cannot: truth and the potential for accountability.

Read more of this story at Slashdot.

Apple's Double Agent Slashdotby msmash on business at January 1, 1970, 1:00 am (cached at August 20, 2021, 9:35 pm)

For more than a year, an active member of a community that traded in illicitly obtained internal Apple documents and devices was also acting as an informant for the company. An anonymous reader shares a report: On Twitter and in Discord channels for the loosely defined Apple "internal" community that trades leaked information and stolen prototypes, he advertised leaked apps, manuals, and stolen devices for sale. But unbeknownst to other members in the community, he shared with Apple personal information of people who sold stolen iPhone prototypes from China, Apple employees who leaked information online, journalists who had relationships with leakers and sellers, and anything that he thought the company would find interesting and worth investigating. Andrey Shumeyko, also known as YRH04E and JVHResearch online, decided to share his story because he felt that Apple took advantage of him and should have compensated him for providing the company this information. "Me coming forward is mostly me finally realizing that that relationship never took into consideration my side and me as a person," Shumeyko told Motherboard. Shumeyko shared several pieces of evidence to back up his claims, including texts and an email thread between him and an Apple email address for the company's Global Security team. Motherboard checked that the emails are legitimate by analyzing their headers, which show Shumeyko received a reply from servers owned by Apple, according to online records. Shumeyko said he established a relationship with Apple's anti-leak team -- officially called Global Security -- after he alerted them of a potential phishing campaign against some Apple Store employees in 2017. Then, in mid-2020, he tried to help Apple investigate one of its worst leaks in recent memory, and became a "mole," as he put it. Last year, months before the official release of Apple's mobile operating system iOS 14, iPhone hackers got their hands on a leaked early version.

Read more of this story at Slashdot.

Cloudflare Says It Mitigated a Record-Breaking 17.2 Million HTTP RPS DDoS Attack Slashdotby msmash on security at January 1, 1970, 1:00 am (cached at August 20, 2021, 9:05 pm)

Internet infrastructure company Cloudflare disclosed today that it mitigated the largest volumetric distributed denial of service attack that was recorded to date. From a report: The attack, which took place last month, targeted one of Cloudflare's customers in the financial industry. Cloudflare said that a threat actor used a botnet of more than 20,000 infected devices to flung HTTP requests at the customer's network in order to consume and crash server resources. Called a volumetric DDoS, these are different from classic bandwidth DDoS attacks where threat actors try to exhaust and clog up the victim's internet connection bandwidth. Instead, attackers focus on sending as many junk HTTP requests to a victim's server in order to take up precious server CPU and RAM and prevent legitimate users from using targeted sites. Cloudflare said this attack peaked at 17.2 million HTTP requests/second (rps), a figure that the company described as almost three times larger than any previous volumetric DDoS attack that was ever reported in the public domain.

Read more of this story at Slashdot.

The World's Largest Computer Chip Slashdotby msmash on business at January 1, 1970, 1:00 am (cached at August 20, 2021, 8:05 pm)

silverjacket writes: A feature article at The New Yorker: 'A typical computer chip is the size of a fingernail. Cerebras's is the size of a dinner plate. It is the largest computer chip in the world.' An excerpt from the story: Even competitors find this feat impressive. "It's all new science," Nigel Toon, the C.E.O. and co-founder of Graphcore, told me. "It's an incredible piece of engineering -- a tour de force." At the same time, another engineer I spoke with described it, somewhat defensively, as a science project -- bigness for bigness's sake. Companies have tried to build mega-chips in the past and failed; Cerebras's plan amounted to a bet that surmounting the engineering challenges would be possible, and worth it. "To be totally honest with you, for me, ignorance was an advantage," Vishra said. "I don't know that, if I'd understood how difficult it was going to be to do what they did, I would have had the guts to invest."

Read more of this story at Slashdot.

Rain Falls at the Summit of Greenland Ice Sheet for First Time on Record Slashdotby msmash on earth at January 1, 1970, 1:00 am (cached at August 20, 2021, 7:35 pm)

Greenland just experienced another massive melt event this year. But this time, something unusual happened. It also rained at the summit of the ice sheet, [Editor's note: the link may be paywalled; alternative source] nearly two miles above sea level. From a report: Around 6 a.m. Saturday, staff at the National Science Foundation's Summit Station woke up to raindrops and water beads condensed on the station's windows. Rain occasionally falls on the ice sheet, but no staff member recalls rain -- even a light drizzle -- ever occurring at the summit before. "Basically, the entire day of Saturday, it was raining every hour that [staff] was making weather observations," said Zoe Courville, a research engineer at the Cold Regions Research and Engineering Laboratory. "And that's the first time that's been observed happening at the station." The rain coincided with warmer temperatures that caused extensive melting across the ice sheet. Some areas were more than 18 degrees Celsius warmer than the average temperature. At the summit, temperatures peaked at 33 degrees Fahrenheit -- within a degree above freezing. The melt extent peaked at 337,000 square miles on Saturday, according to the National Snow and Ice Data Center (NSIDC). This was slightly smaller than the melting event that occurred this summer on July 28, which covered 340,000 square miles of the ice sheet, but it is still significant. Only 2012 and 2021 had multiple melt events covering more than 309,000 square miles in a year.

Read more of this story at Slashdot.

We Built a CSAM System Like Apple's - the Tech Is Dangerous Slashdotby msmash on apple at January 1, 1970, 1:00 am (cached at August 20, 2021, 7:05 pm)

An anonymous reader writes: Earlier this month, Apple unveiled a system that would scan iPhone and iPad photos for child sexual abuse material (CSAM). The announcement sparked a civil liberties firestorm, and Apple's own employees have been expressing alarm. The company insists reservations about the system are rooted in "misunderstandings." We disagree. We wrote the only peer-reviewed publication on how to build a system like Apple's -- and we concluded the technology was dangerous. We're not concerned because we misunderstand how Apple's system works. The problem is, we understand exactly how it works. Our research project began two years ago, as an experimental system to identify CSAM in end-to-end-encrypted online services. As security researchers, we know the value of end-to-end encryption, which protects data from third-party access. But we're also horrified that CSAM is proliferating on encrypted platforms. And we worry online services are reluctant to use encryption without additional tools to combat CSAM. We sought to explore a possible middle ground, where online services could identify harmful content while otherwise preserving end-to-end encryption. The concept was straightforward: If someone shared material that matched a database of known harmful content, the service would be alerted. If a person shared innocent content, the service would learn nothing. People couldn't read the database or learn whether content matched, since that information could reveal law enforcement methods and help criminals evade detection. But we encountered a glaring problem. Our system could be easily repurposed for surveillance and censorship. The design wasn't restricted to a specific category of content; a service could simply swap in any content-matching database, and the person using that service would be none the wiser.

Read more of this story at Slashdot.

Google Calendar Will Let You Record Where You're Working To Help Organize Office Mee Slashdotby msmash on google at January 1, 1970, 1:00 am (cached at August 20, 2021, 6:05 pm)

Google is adding an option to its Calendar service to let you show where you're working on any given day of the week, the company has announced. From a report: The feature will start rolling out from August 30th for users on select Google Workspace plans, and will be accessible via Calendar's settings menu alongside its existing working hours options, as well as on the weekly calendar view below where it shows each day's dates. Available work locations include "Office," "Home," "Unspecified," or "Somewhere else." According to Google, the option is being added so it's "easier to plan in-person collaboration or set expectations in a hybrid workplace." It follows a surge in the popularity of home and hybrid working due to the pandemic. This has meant employees increasingly have to keep track not just of people's working hours, but also their location, when planning in-person meetings and other events. Google Calendar's new feature should help here.

Read more of this story at Slashdot.

Nvidia's $40 Billion Arm Deal Faces Tougher Antitrust Hurdle Slashdotby msmash on business at January 1, 1970, 1:00 am (cached at August 20, 2021, 5:35 pm)

Nvidia's planned $40 billion takeover of chipmaker Arm should get a longer antitrust probe, British regulators warned after rejecting potential concessions. From a report: In the first reaction on the deal from a major antitrust watchdog, the Competition and Markets Authority said in a statement that it was concerned the deal would give Nvidia too much control over semiconductors used in data center services, smart devices and gaming consoles. Lengthy regulatory reviews can add risk to closing a deal that looks set to overshoot Nvidia's initial target to close in March 2022. Nvidia hasn't yet filed for European Union approval, where an extended review takes at least five months. Nvidia's move to buy Arm from Japan's SoftBank Group Corp. initially raised antitrust concerns from rivals and customers such as Qualcomm and Alphabet's Google over how Nvidia might control Arm's licenses for essential chip technology. U.K. Digital Secretary Oliver Dowden must still decide whether the CMA should open an in-depth probe. Dowden is also separately weighing whether the deal should be blocked over potential risks to national security. The U.K. is leaning toward a veto, according to a person familiar with the matter earlier this month.

Read more of this story at Slashdot.

Climate change: Will I still be able to fly in a net zero world? BBC News | Science/Nature | UK Edition(cached at August 20, 2021, 5:30 pm)

A new study asks if lifestyle changes including an end to flying will be necessary to reach net zero?
Google Gave Phone Makers Extra Money To Ditch Third-Party App Stores Slashdotby msmash on google at January 1, 1970, 1:00 am (cached at August 20, 2021, 5:05 pm)

A newly unredacted sections of Epic's antitrust complaint against Google reveal new details on the lengths to which Google went to undermine third-party app stores on the Android platform. From a report: According to the new text, starting in 2019, Google ran a "Premier Device Program" that gave Android phone makers a greater share of search revenue than they would normally receive. In exchange, the OEMs agreed to ship their devices without any third-party app stores preinstalled. Specifically, they followed a rule that prohibited "apps with APK install privileges" without Google's approval, leaving the Play Store as the only built-in digital marketplace for software. As noted by Leah Nylen, products that qualified as a Premier Device would receive a 12 percent share of Google search revenue compared to the 8 percent they'd normally earn. Google sweetened the deal further for companies like LG and Motorola, offering them between 3 and 6 percent of what customers spent in the Google Play Store on their devices. "Google's Premier Device Program was not publicly known, and was not known to Epic, before Google recently began producing relevant documents in this litigation," Epic's lawyers wrote in the complaint. "Google has sought to conceal its most restrictive anticompetitive conduct by, among other things, including in the agreements themselves a provision restricting signatories from making 'any public statement regarding [the] Agreement without the other party's prior written approval.'"

Read more of this story at Slashdot.

Catching up on the news Scripting News(cached at August 20, 2021, 5:03 pm)

I caught up on the news last night, and was surprised to hear that somehow what's going on in Afghanistan is dooming the Biden presidency.

And the reporters, esp Wolf Blitzer, are spinning it that way through the words they use to characterize events. And as a result, everyone has to tiptoe in this space. It's a dangerous time. The whole thing could explode at any time. Beating the drum for war, as they are, is a crazy crazy thing to do, as destructive as invading the Capitol on January 6.

If they felt so strongly about Afghanistan (they didn't) why didn't they say something before? They had 20 years to speak up. No one ever did. Better to leave it to fester. Let's live this lie, everyone seemed to agree. Now all of a sudden, Afghanistan is more important as everything else.

Here's the thing, this all is fake news. It's worse than the lies on Facebook because they use brands like CNN and the NYT to lie this way.

[no title] Scripting News(cached at August 20, 2021, 4:32 pm)

You know where Twitter asks "What's happening?" This might work better. It's in the spirit of the Progressive commercials where they teach people not to be their parents. "The waiter does not need to know your name."
[no title] Scripting News(cached at August 20, 2021, 4:32 pm)

A new feature in PagePark (v0.8.24) made it possible to use a custom template for opml.org. I wanted to put a menu at the top of the page, linking to other outlines on the site.