Tuesday 30 January 2018

Red Hat Is Acquiring CoreOS

Red Hat's betting big on the container game getting bigger with making public this afternoon their agreement to acquire CoreOS for $250 million USD.

CoreOS produces Container Linux that is the lightweight Linux distribution designed for software containers. Container Linux relies upon Gentoo / Chromium OS foundations, but it will be interesting to see how that changes now under Red Hat ownership.

In the Red Hat press release just sent out to us, Red Hat writes:

CoreOS’s technologies, including Tectonic and Container Linux, will combine with Red Hat’s already-broad Kubernetes and container-native product portfolio to further accelerate adoption and development of the industry’s leading hybrid cloud platform for modern application workloads.

Early to embrace containers and container orchestration, Red Hat contributes deeply to related open source communities, including acting as the second-leading Kubernetes contributor behind only Google. Red Hat also helps enable organizations around the world to embrace container-based applications, offering an enterprise-ready container solution in Red Hat OpenShift, the industry’s most comprehensive enterprise Kubernetes platform. With the addition of CoreOS, Red Hat amplifies its leadership at both the community and enterprise level around container-native and orchestration technologies.


Read the full article here by Phoronix

Sunday 28 January 2018

Open-Source Project Trying To Map Vulkan Onto Direct3D 12 & Metal

While we are seeing exciting projects at the moment about

mapping Direct3D 11 over Vulkan

(as well as D3D9 and D3D12 over Vulkan projects too), there are new open-source projects for mapping Vulkan over Direct3D 12 and Metal.

New VulkanOnD3D12 and VulkanOnMetal open-source projects by the Chabloom project/company are looking to map this open-source, low-level graphics/compute API over other proprietary low-level APIs from Microsoft and Apple. Yes, there is the MoltenVK project that has already begun working to show Vulkan on macOS systems by mapping it to Apple's Metal drivers, but MoltenVK isn't free software / open-source. Now there's VulkanOnMetal as this separate project start-up and then VulkanOnD3D12, although I believe all Windows 10 drivers that have Direct3D 12 support also have Vulkan drivers available. So the effectiveness there may be less, but an interesting technical exercise nevertheless.

VulkanOnD3D12

was started last summer but in recent days has begun seeing new commits.

VulkanOnMetal

is a similar story.

It will be interesting to see how far these projects get and if they can stand the test of time. With the DXVK project for getting Direct3D 11 running on Vulkan has been advancing extremely quickly, so we'll see the potential now for Vulkan to Direct3D 12 / Metal.

At the same time though Khronos is still pursuing

a Vulkan portability initiative

notably for macOS support and we'll see where that low-level 3D portability work leads in 2018.



Read the full article here by Phoronix

OnePlus denies sending clipboard data to China

Phone-maker OnePlus has had a tough time of things in the press recently with claims about users' clipboard data being mined, and the problems following a credit card breach. A second suggestion that the company was sending clipboard data back to China surfaced recently, but the company has been quick to deny any wrongdoing. Suspicions were raised when a OnePlus user noticed a file called badwords.txt which includes a list of words such as "chairman," "private message" and "address." See also: OnePlus admits that up to 40,000 accounts were affected by a credit card breach Download Android 8.0 Oreo for… [Continue Reading]


Read the full article here by Betanews

Saturday 27 January 2018

Epic Buys Cloudgine


Hot on the heels of NVIDIA finally getting its GeForce Now cloud gaming service into beta, we learn this morning that Epic Games nows owns Cloudgine Ltd located in the UK. Cloudgine is a fairly young company, founded in 2012. Giving the video a quick look, you will see that this a cloud gaming services company as well as what look. Interestingly enough, this sector of the market is getting a lot of attention. Companies like Parsec Gaming allow you to build your own virtual cloud gaming computers that allow you to play your games on the go, and even share those with friends as well. Yep, share your games....

Since its inception, Cloudgine’s research and development has been based on Epic’s Unreal Engine 4. Cloudgine’s cloud computing and online technologies will enhance the UE4 feature set to help developers push the creative and technical limits of games, film, animation and visualization through advances in physics simulation and networking.

As a reminder, Epic is hiring! We are recruiting for Cloudgine’s office in Edinburgh, Scotland, where the team will grow and develop leading-edge technology, as well as the other Epic Games UK locations in Guildford, Newcastle and Leamington Spa. We encourage anyone who is interested in learning more to visit epicgames.com/careers.

Discussion



Read the full article here by [H]ardOCP News/Article Feed

Friday 26 January 2018

Linux.Conf.Au 2018 Videos Now Available

Taking place this week in Sydney, Australia is the 2018 Linux.Conf.Au conference. For those that can't make the event, there's a livestream, but if the time difference impacts you, the recordings are now beginning to trickle in via YouTube.

Linux.Conf.Au this year runs from 22 to 26 January at the University of Technology in Sydney. Talks this year at LCA range from an introduction in kernel hacking to GPL compliance to various hobbyist projects and various hardware topics. The complete LCA 2018 agenda can be found at

Linux.Conf.Au

.

If you are interested in the LCA2018 conference session videos and keynotes, you can find them

over on YouTube

.



Read the full article here by Phoronix

Autonomous Cars Will Need “Autonomous Maintenance” Solutions

Nvidia Inception Program

Competition has begun heating up as to who will be the first one to operate a fleet of fully autonomous vehicles, as demonstrated again by recent announcements from General Motors (GM) and Uber.  However, a lot of work is still needed to allow such vehicles to roam freely throughout our city centers, neighborhoods and freeways, but they are in fact coming.

As autonomous vehicles begin to roll out, the need for remote monitoring will become imperative to ensure their longevity. Passengers will no longer be concerned about the ongoing health of the vehicle and instead will focus on getting from point A to point B safely. However, Mobility as a Service (MaaS) operators will need to maximize the availability of their fleets, which will require real-time insight as to the health of each vehicle on and off the road. Operators will also strive to minimize maintenance cost, which means sending vehicles to the shop when and only when service is required, at times when they would not otherwise generate revenue.

This analysis is already relevant for autonomous shuttles, which are being tested and deployed around the world. It will be all more important when tomorrow’s fleets of autonomous vehicles emerge for MaaS purpose. CARFIT’s NVH (Noise Vibration Harshness)-based, artificial intelligence (AI)-enhanced diagnostics and predictive maintenance solution will allow fleet managers to address these vehicle health-related issues to maximize customer satisfaction while minimizing cost.

NVIDIA has achieved a leading position in recent years within the autonomous driving computing hardware space. They’ve focused on establishing vital working relationships with leading OEMs and industry partnerships with top companies such as Audi, Baidu, Tesla, Toyota, Volvo, and more. Announced this week, CARFIT’s participation in NVIDIA’s Inception Program will provide the startup with a unique platform to further the development of vehicle diagnostics and predictive maintenance solutions as well as critical exposure to NVIDIA’s partner network. In return, the tech giant will be able to leverage CARFIT’s expertise and technology to add value throughout its autonomous driving platform for a more seamless connected car experience.

Disclaimer: CARFIT is an alumnus of our ReadWrite Labs accelerator program. 

The post Autonomous Cars Will Need “Autonomous Maintenance” Solutions appeared first on ReadWrite.



Read the full article here by ReadWriteWeb

Quand je tente de corriger des bugs dans du code offshore

Maintenant que Twitter a doublé sa limite de caractères, tu as deux fois plus de raisons de suivre @lesjoiesducode !



Read the full article here by les_joies_du_code();

Intel Plans To Release Chips That Have Built-in Meltdown and Spectre Protections Later This Year

Intel plans to release chips that have built-in protections against the Spectre and Meltdown attacks later this year, company CEO Brian Krzanich said during company's quarterly earnings call this week. From a report: The company has "assigned some of our very best minds" to work on addressing the vulnerability that's exploited by those attacks, Krzanich said on a conference call following Intel's quarterly earnings announcement. That will result in "silicon-based" changes to the company's future chips, he said. "We've been working around clock" to address the vulnerability and attacks, Krzanich said. But, he added, "we're acutely aware we have more to do."
Share on Google+

Read more of this story at Slashdot.



Read the full article here by Slashdot

Facebook Should Be 'Regulated Like Cigarette Industry', Salesforce CEO Says

Facebook should be regulated like a cigarette company, because of the addictive and harmful properties of social media, according to Salesforce chief executive Marc Benioff. From a report: Social networks would be regulated "exactly the same way that you regulated the cigarette industry," Benioff told CNBC at the World Economic Forum in Davos. "Here's a product -- cigarettes -- they're addictive, they're not good for you, maybe there's all kinds of different forces trying to get you to do certain things. There's a lot of parallels. I think that, for sure, technology has addictive qualities that we have to address, and that product designers are working to make those products more addictive, and we need to rein that back as much as possible," he added. Benioff, who founded B2B cloud computing company Salesforce in 1999, and is now worth more than $4bn, suggested that regulation of some form was inevitable for the technology industry. "We're the same as any other industry," he said. "Financial services, consumer product goods, food -- in technology, the government's going to have to be involved. There is some regulation but there probably will have to be more."
Share on Google+

Read more of this story at Slashdot.



Read the full article here by Slashdot

Tuesday 23 January 2018

Facebook Announces That It Has Invented a New Unit of Time

Facebook has announced a new unit of time, called Flicks. "According to the GitHub page documenting Flicks, a Flick is 'the smallest time unit which is LARGER than a nanosecond,' defined as 1/705,600,000 of a second," reports The Verge. (For comparison, a nanosecond is 1/1,000,000,000 of a second, making a Flick roughly 1.41723356 nanoseconds long.) From the report: Now, you may be sitting there wondering what was wrong with regular seconds that Facebook had to go and invent its own unit, especially since the second is one of the few units that is universal across SI and imperial units. The name itself is a portmanteau of the phase "frame-tick," which is also why you might want to use them. Flicks are designed to help measure individual frame duration for video frame rates. So whether your video is 24hz, 25hz, 30hz, 48hz, 50hz, 60hz, 90hz, 100hz, or 120hz, you'll be able to use Flicks to ensure that everything is in sync while still using whole integers (instead of decimals). Programmers already use built in tools in C++ to manage these sorts of exact frame syncing, especially when it comes to designing visual effects in CGI, but the most exact timing possible in C++ is nanoseconds, which doesn't divide evenly into most frame rates. The idea to create a new unit of time to solve this problem dates back to last year, when developer Christopher Horvath posted about it on Facebook.
Share on Google+

Read more of this story at Slashdot.



Read the full article here by Slashdot

Saturday 20 January 2018

US Doctors Plan To Treat Cancer Patients Using CRISPR

An anonymous reader shares a report: The first human test in the U.S. involving the gene-editing tool CRISPR could begin at any time and will employ the DNA cutting technique in a bid to battle deadly cancers. Doctors at the University of Pennsylvania say they will use CRISPR to modify human immune cells so that they become expert cancer killers, according to plans posted this week to a directory of ongoing clinical trials. The study will enroll up to 18 patients fighting three different types of cancer -- multiple myeloma, sarcoma, and melanoma -- in what could become the first medical use of CRISPR outside China, where similar studies have been under way. An advisory group to the National Institutes of Health initially gave a green light to the Penn researchers in June 2016, but until now it was not known whether the trial would proceed.
Share on Google+

Read more of this story at Slashdot.



Read the full article here by Slashdot

Intel's new cameras add human-like 3D vision to any machine

Intel has released two ready-to-use RealSense depth cameras, the D415 and the D435, that can add 3D capabilities to any device or machine. They both come in a USB-powered form factor and are capable of processing depth in real time, thanks to the chipmaker's new RealSense vision processor D4. The models work indoors and outdoors in any lighting environment, so they can be used for almost any machine that needs a depth camera. Those include drones meant to soar the skies and robots with AR/VR features.

Intel says the cameras' target audiences aren't just developers and manufacturers, but also makers and educators, since they're easy to use and will work as soon as you plug them in. Also, it comes with Intel's RealSense SDK 2.0, which is now a cross-platform, open source SDK.

Intel RealSense VP Sagi Ben Moshe said in a statement:

"Many of today's machines and devices use 2D image recognition-based computer vision, but with Intel RealSense's best-in-class depth technology, we are redefining future technologies to 'see' like a human, so devices and machines can truly enrich people's lives. With its compact, ready-to-use form, the Intel RealSense D400 Depth Camera series not only makes it easy for developers to build 3D depth sensing into any design, but they are also ready to be embedded into high-volume products."

The D415 and the D435 are now available for pre-order for $149 and $145, respectively. D415 has a narrow field of view and a rolling shutter that scans its environment from one side to the other to take an image. It works best when dealing with small objects and anything that needs precise measurements. D435, on the other hand, has a wider field of view and has a global shutter that takes images all at once. That makes it ideal for capturing depth perception of objects in motion and for covering big areas, since it minimizes blind spots.

Source: Intel



Read the full article here by Engadget

Friday 19 January 2018

Google's Fuchsia OS On the Pixelbook

An anonymous reader quotes a report from 9to5Google: Our early look at Fuchsia OS last May provided a glimpse into a number of new interface paradigms. Several months later, we now have an updated hands-on with Google's future operating system that can span various form factors. This look at the in-development OS eight months later comes courtesy of Ars Technica who managed to get Fuchsia installed on the Pixelbook. The Made by Google Chromebook is only the third officially supported "target device" for Fuchsia development. As our last dive into the non-Linux kernel OS was through an Android APK, we did not encounter a lockscreen. The Ars hands-on shows a basic one that displays the time at center and Fuchsia logo in the top-left corner to switch between phone and desktop/tablet mode, while a FAB (of sorts) in the opposite corner lets users bring up WiFi controls, Login, and Guest. Only Guest is fully functioning at this stage -- at least for non-Google employees. Once in this mode, we encounter an interface similar to the one we spotted last year. The big difference is how Google has filled in demo information and tweaked some elements. On phones and tablets, Fuchsia essentially has three zones. Recent apps are above, at center are controls, and below is a mixture of the Google Feed and Search. The controls swap out the always-displayed profile icon for a Fuchsia button. Tapping still surfaces Quick Settings which actually reflect current device battery levels and IP address. Impressively, Ars found a working web browser that can actually surf the internet. Google.com is the default homepage, with users able to visit other sites through that search bar. Other examples of applications, which are just static images, include a (non-working) phone dialer, video player, and Google Docs. The Google Calendar is notable for having subtle differences to any known version, including the tablet or web app.
Share on Google+

Read more of this story at Slashdot.



Read the full article here by Slashdot

Wine 3.0 released

The Wine team has released Wine 3.0. The main new features and improvements are: Direct3D 10 and 11 support. The Direct3D command stream. The Android graphics driver. Improved DirectWrite and Direct2D support. You'll get it through your distribution of choice, or you can build or download it yourself.

Read the full article here by OSNews

The End of the Rainbow

The retina is the exposed surface of the brain, so if you think about a pot of gold while looking at a rainbow, then there's one at BOTH ends.

Read the full article here by xkcd.com

Thursday 18 January 2018

Google ditches Ubuntu for Debian for internal engineering environment

Google engineers have transitioned from Ubuntu to Debian for their internal machines.
The company, which has been using Goobuntu, a customised version of Ubuntu, for years, announced last year that it would be switching to gLinux, based on Debian Testing.
MuyLinux reports (Spanish) that The Debconf’17 held last August revealed plans for the move as well as a roadmap for the project and plans for a smooth transition.
That process has now begun, as the company moves from a “light-skinned” distro which it has no contribution to. Google used Ubuntu’s Long Term Support (LTS) builds as a customer of the Ubuntu Advantage Program but was not active in the community.
In the case of Debian, it will send changes upstream as an active contributor, whilst running on the Test stream so it can take advantage of faster testing of new builds.
This might mean that there are more problems for users than the safe pair of hands of the commercial Ubuntu, but it also means that Google will have complete autonomy over how to fix them, and benefit the community at the same time.
For Canonical, it’s a big loss. Though Ubuntu has a huge number of clients in servers, cloud, and remains the biggest distro for the limited PC market, the loss of a paying customer the size of Google won’t go unnoticed.

Source: http://ift.tt/2Dd4pIi
Submitted by: Arnfried Walbrecht



Read the full article here by Full Circle Magazine

Wednesday 17 January 2018

Four Pi Zeros, Four Cameras, One Really Neat 3D Scanner

Sometimes when you walk into a hackerspace you will see somebody’s project on the table that stands so far above the norm of a run-of-the-mill open night on a damp winter’s evening, that you have to know more. If you are a Hackaday scribe you have to know more, and you ask the person behind it if they have something online about it to share with the readership.

[Jolar] was working on his 3D scanner project on just such an evening in Oxford Hackspace. It’s a neatly self-contained unit in the form of a triangular frame made of aluminium extrusions, into thich are placed a stack of Raspberry Pi Zeros with attached cameras, and a very small projector which needed an extra lens from a pair of reading glasses to help it project so closely.

The cameras are arranged to have differing views of the object to be scanned, and the projector casts an array of randomly created dots onto it to aid triangulation from the images. A press of a button, and the four images are taken and, uploaded to a cloud drive in this case, and then picked up by his laptop for processing.

A Multi-view Stereo (MVS) algorithm does the processing work, and creates a 3D model. Doing the processing is VisualSFM, and the resulting files can then be viewed in MeshLab or imported into a CAD package. Seeing it in action the whole process is quick and seamless, and could easily be something you’d see on a commercial product. There is more to come from this project, so it is definitely one to watch.

Four Pi boards may seem a lot, but it is nothing to this scanner with 39 of them.

 



Read the full article here by Hack a Day

Friday 12 January 2018

AMD is deploying a patch for the second Spectre CPU vulnerability

While Intel is at the center of the Spectre/Meltdown fiasco, AMD's chips are also affected by the CPU vulnerabilities. The company previously said that the risk of exploit using variant 2 was near zero due to its chips' architecture. But in its latest announcement, it said that because both variants are still "applicable to AMD processors," it also plans to release patches for the second variant to be absolutely safe. AMD already provided PC manufacturers its fix for the first Spectre version, and Microsoft has begun rolling it out. The chipmaker also said it's working with Redmond to address a problem that delayed the distribution of patches for its older processors.

Since the second version of Spectre needs a different fix, AMD will provide its customers and partners for Ryzen and EPYC processors with a patch for its chips starting this week. Firmware updates for its older chips will follow in the coming weeks. If you use Linux, you might get it sooner than you think, since Linux vendors have already started releasing OS patches for the second variant. You might have to wait a bit if you're a Windows user, though, since AMD is still working out distribution timing with Microsoft.

Despite deciding to release a patch for version 2, the company reiterated that its chips' architecture will make it very difficult for attackers to use the exploit. It also maintained that Meltdown isn't applicable to AMD chips at all. AMD's processors aren't "susceptible" to Meltdown, the chipmaker wrote, "due to [the company's] use of privilege level protections within paging architecture." Since "no mitigation is required" for variant 3, it won't be creating a patch for the vulnerability.

Update: AMD clarified that it never said its chips were not susceptible to variant 2.

Via: Reuters

Source: AMD



Read the full article here by Engadget

(PR) Intel AMT Security Issue Lets Attackers Bypass Login Credentials

F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists within Intel's Active Management Technology (AMT) and potentially affects millions of laptops globally.

The security issue "is almost deceptively simple to exploit, but it has incredible destructive potential," said Harry Sintonen, who investigated the issue in his role as Senior Security Consultant at F-Secure. "In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures."


Read the full article here by techPowerUp!

Thursday 11 January 2018

Spectre and Meltdown: Attackers Always Have The Advantage

While the whole industry is scrambling on Spectre, Meltdown focused most of the spotlight on Intel and there is no shortage of outrage in Internet comments. Like many great discoveries, this one is obvious with the power of hindsight. So much so that the spectrum of reactions have spanned an extreme range. From “It’s so obvious, Intel engineers must be idiots” to “It’s so obvious, Intel engineers must have known! They kept it from us in a conspiracy with the NSA!”

We won’t try to sway those who choose to believe in a conspiracy that’s simultaneously secret and obvious to everyone. However, as evidence of non-obviousness, some very smart people got remarkably close to the Meltdown effect last summer, without getting it all the way. [Trammel Hudson] did some digging and found a paper from the early 1990s (PDF) that warns of the dangers of fetching info into the cache that might cross priviledge boundaries, but it wasn’t weaponized until recently. In short, these are old vulnerabilities, but exploiting them was hard enough that it took twenty years to do it.

Building a new CPU is the work of a large team over several years. But they weren’t all working on the same thing for all that time. Any single feature would have been the work of a small team of engineers over a period of months. During development they fixed many problems we’ll never see. But at the end of the day, they are only human. They can be 99.9% perfect and that won’t be good enough, because once hardware is released into the world: it is open season on that 0.1% the team missed.

The odds are stacked in the attacker’s favor. The team on defense has a handful of people working a few months to protect against all known and yet-to-be discovered attacks. It is a tough match against the attackers coming afterwards: there are a lot more of them, they’re continually refining the state of the art, they have twenty years to work on a problem if they need to, and they only need to find a single flaw to win. In that light, exploits like Spectre and Meltdown will probably always be with us.

Let’s look at some factors that paved the way to Intel’s current embarrassing situation.

In Intel’s x86 lineage of processors, the Pentium Pro in 1995 was first to perform speculative execution. It was the high-end offering for demanding roles like multi-user servers, so it had to keep low-privilege users’ applications from running wild. But the design only accounted for direct methods of access. The general concept of side-channel attacks were well-established by that time in the analog world but it hadn’t yet been proven applicable to the digital world. For instance, one of the groundbreaking papers in side-channel attacks, pulling encryption keys out of certain cryptography algorithm implementations, was not published until a year after the Pentium Pro came to market.

Computer security was a very different and a far smaller field in the 1990s. For one, Internet Explorer 6, the subject of many hard lessons in security, was not released until 2001. The growth of our global interconnected network would expand opportunities and fuel a tremendous growth in security research on offense and defense, but that was still years away. And in the early 1990s, software security was in such a horrible state that only a few researchers were looking into hardware.

The Need for Speed

During this time when more people were looking harder at more things, Intel’s never-ending quest for speed inadvertently made the vulnerability easier to exploit. Historically CPU performance advancements have outpaced those for memory, and their growing disparity was a drag on overall system performance. CPU memory caches were designed to help climb this “memory wall”, termed in a 1994 ACM paper. One Pentium Pro performance boost came from moving its L2 cache from the motherboard to its chip package. Later processors added a third level of cache, and eventually Intel integrated everything into a single piece of silicon. Each of these advances made cache access faster, but that also increased the time difference between reading cached and uncached data. On modern processors, this difference stands out clearly against the background noise, illustrated in this paper on Meltdown.

Flash-forward to today: timing attacks against cache memory have become very popular. Last year all the stars aligned as multiple teams independently examined how to employ the techniques against speculative execution. The acknowledgements credited Jann Horn of Google Project Zero as the first to notify Intel of Meltdown in June 2017, triggering investigation into how to handle a problem whose seeds were planted over twenty years ago.

This episode will be remembered as a milestone in computer security. It is a painful lesson with repercussions that will continue reverberating for some time. We have every right to hold industry-dominant Intel to high standards and put them under spotlight. We expect mitigation and fixes. The fundamental mismatch of fast processors that use slow memory will persist, so CPU design will evolve in response to these findings, and the state of the art will move forward. Both in how to find problems and how to respond to them, because there are certainly more flaws awaiting discovery.

So we can’t stop you if you want to keep calling Intel engineers idiots. But we think that the moral of this story is that there will always be exploits like these because attack is much easier than defense. The Intel engineers probably made what they thought was a reasonable security-versus-speed tradeoff back in the day. And given the state of play in 1995 and the fact that it took twenty years and some very clever hacking to weaponize this design flaw, we’d say they were probably right. Of course, now that the cat is out of the bag, it’s going to take even more cleverness to fix it up.


Filed under: Current Events, Hackaday Columns, Rants, Security Hacks

Read the full article here by Hack a Day

Wednesday 10 January 2018

Intel Posts Updated Microcode Files For Linux

In the wake of Meltdown and Spectre, Intel yesterday released new microcode binaries for Linux systems.

There isn't any official change-log, so it's difficult to comment exactly on what has changed, but presumably some security fixes around Spectre/Meltdown given the timing. I'll be doing some before/after benchmarks on some Intel Linux systems looking to see if the updated microcode causes any noticeable impact.

The updated Intel x86 CPU microcode binaries can be fetched from

downloadcenter.intel.com

.



Read the full article here by Phoronix

Monday 8 January 2018

Chrome Patch for Meltdown and Spectre Will Not Be Released until January 23

According to Google's support page, it will be over two weeks until the next version of Chrome (which includes mitigations to protect against Meltdown and Spectre) is released. For the time being, users may enable "Site Mitigation," an experimental feature that makes it harder for untrusted websites to access or steal from information. Mozilla has already updated Firefox (57.0.4) with Meltdown and Spectre patches. Discussion

Read the full article here by [H]ardOCP News/Article Feed

Sunday 7 January 2018

Google Loses Up to 250 Bikes a Week

What's happening to Google's 1,100 Gbikes? The Mercury News reports: Last summer, it emerged that some of the company's bikes -- intended to help Googlers move quickly and in environmentally friendly fashion around the company's sprawling campus and surrounding areas -- were sleeping with the fishes in Stevens Creek. And now, a new report has revealed that 100 to 250 Google bikes go missing every week, on average. "The disappearances often aren't the work of ordinary thieves, however. Many residents of Mountain View, a city of 80,000 that has effectively become Google's company town, see the employee perk as a community service," the Wall Street Journal reported. And for the company, here's one Google bike use case that's got to burn a little: 68-year-old Sharon Veach told the newspaper that she sometimes uses one of the bicycles as part of her commute: to the offices of Google's arch foe, Oracle... Mountain View Mayor Ken Rosenberg even admitted to helping himself to a Google bike to go to a movie after a meeting at the company's campus, according to the WSJ. One Silicon Valley resident reportedly told a neighbor that "I've got a whole garage full of them," while Veach describes the bikes as "a reward for having to deal with the buses" that carry Google employees. Google has already hired 30 contractors to prowl the city in five vans looking for lost or stolen bikes -- only a third of which have GPS trackers -- and they eventually recover about two-thirds of the missing bikes. They've discovered them as far away as Mexico, Alaska, and the Burning Man festival in Nevada.
Share on Google+

Read more of this story at Slashdot.



Read the full article here by Slashdot

Saturday 6 January 2018

CPU Usage Differences after Applying Meltdown Patch at Epic Games

The Fortnite team at Epic has published a new announcement that offers insight into what effect the Meltdown patch could have on multiplayer gaming. Judging by the chart, the impact on CPU usage is rather significant. The company warns that "unexpected issues" may occur as its cloud services continue to be updated. We wanted to provide a bit more context for the most recent login issues and service instability. All of our cloud services are affected by updates required to mitigate the Meltdown vulnerability. We heavily rely on cloud services to run our back-end, and we may experience further service issues due to ongoing updates. Discussion

Read the full article here by [H]ardOCP News/Article Feed

Meltdown and Spectre

New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.

Read the full article here by xkcd.com

Friday 5 January 2018

Intel says it will patch 90 percent of recent chips by next week (updated)

A little more than a day since Google Project Zero went public with its findings regarding a major security flaw in Intel (and others) chip designs, the company announced that it is already is pushing out patches to eliminate the vulnerability. Intel has "already issued updates for the majority of processor products introduced within the past five years," per the company press release, and expects to have 90 percent of affected chips produced within the past five years patched by the end of the week.

The flaw, which afflicts chips made over the past decade, enables ordinary processes to determine the layout of protected kernel memory. This "software analysis method", as Intel describes the flaw, allows a pair of exploits, dubbed "Meltdown" and "Spectre," to swipe data from other apps on vulnerable devices -- be they PCs, servers or mobile phones -- running Intel, ARM or AMD chips.

The solution cooked up by Intel and its partners so far entails severing the link between the kernel and these processes, though that could have a dramatic impact on a patched chip's operating speed. The company asserts that the impacts will be "highly workload-dependent" and not particularly noticeable by the average consumer.

Update: Microsoft says it will release an update for Surface devices to protect them against the chip vulnerability. The company also explains that it "has not received any information to indicate that these vulnerabilities have been used to attack customers at this time."

You can check the list of Surface gear that will receive the patch at the link above, but Microsoft says the updates will be available devices running Windows 10 with Windows Update or through the Microsoft Download Center.

Source: Intel



Read the full article here by Engadget

Thursday 4 January 2018

Dashlane's Project Mirror aims to kill off the password in 2018

Most digital services still rely on passwords for security, but recent breaches have shown that they are far from a perfect solution. Password management specialist Dashlane has set an ambitious goal to kill off the password in 2018 with the launch of its Project Mirror. The goal of Project Mirror is to put Internet users in control of their login and digital data, and allow them to control their identities more easily. Passwords have widespread adoption and could exist well into the future with current technologies, but Dashlane sees Project Mirror as a year-long effort to eliminate users’ dependence on… [Continue Reading]


Read the full article here by Betanews

Wednesday 3 January 2018

Blender Shortcuts Map

Haiku OS Ends 2017 On A High Note With Better USB 3.0 & UEFI Abilities

While

Haiku OS is incredibly close to delivering their long-awaited beta

, it didn't end up materializing in 2017 but they still made much headway into this open-source BeOS-inspired operating system.

The Haiku OS project has put out their latest activity report highlighting work done through the end of December. Some of the recent progress includes polishing the user-interface and other UI improvements, the package repositories are now being generated automatically, fixes to the Haiku standard library, their USB 3.0 stack is getting into better shape, the TCP stack has received many fixes, Btrfs file-system support continues getting better, and the UEFI support for Haiku OS is also coming along.

More details on the latest adventures in the Haiku OS space can be found via the activity reports at

Haiku-OS.org

. It will be interesting to try out Haiku OS once they reach their beta state in early 2018.



Read the full article here by Phoronix