BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×

Submission + - Study: smoking still bad, even it doesn't, well, smoke (doctorsonly.co.il)

cheros writes: Big tobacco has not given up, especially not suppressing independent research.

A Washington Post article at http://wapo.st/2fz24jZ suggests that their newest "smokeless" product may not be quite as benign as its marketing suggests and, unsurprisingly, the people who produced the independent study have apparently been threatened to the point of not wanting to discuss their study. The article contains a link to a copy of their study as well as a link to the rebuttal.

The WaPo article contains but one fault: It states This is the company, they point out, that makes Marlboro — the world’s best-selling cigarette — and misled the public for years about the hazards of smoking..

That should be decades.

For now, the study can still be found at https://cdn.doctorsonly.co.il/....

Submission + - iOS 10 deprecate crutial API for VoIP and communication apps (apple.com)

neutrino38 writes: iOS 10 has been released in september 2016. It contains a technical change that has been overlooked by the general public. It deprecates an API that is crutial for VoIP and other instant messaging applications that enable to keep one socket active despite of the fact that the application would run in background. As replacement, developpers needs to use the PushKit: when an incoming call is to be forwarded to an iOS VoIP client

the VoIP infrastructure needs to :
  • withold the call
  • contact Apple push infrastructure using a proprietary protocol to wake up the client app remotely
  • wait for the application to reconnect to the infrastructure and release the call when it is ready

This "I know better than you" approach is ment to further optimize battery life on iOS devices by avoiding the use of resources by apps running in background. It has also the positive effect to force developpers to switch to push model and remove all periodic pollings that ultimately use mobile data and clog the Internet.

However, the decision to use an Apple infrastructure has many consequences for VoIP providers:

  • in order to serve iOS app, those infrastructure will need to be tied with Apple service so the reliability of serving incoming calls is directly bound to Apple service.
  • Apple may revoke the PushKit certificate. It has then life and death decision power over third party communication infrastructures.
  • organisation wanting to setup IPBX and use iOS client have no option but to open access for the push services of Apple in their firewall.
  • It is not possible to have iOS VoIP or communication client in network disconnected from the Internet.
  • Pure standard SIP client are now broken on iOS

This is the perfect walled garden. Ironically, the only VoIP "app" that is not affected is the (future ?) VoLTE client that will be added to iOS one day.May be the day of over the top communication services are numbered on iOS.

Submission + - The 2017 Hugo Awards

Dave Knott writes: The Hugo Awards, the most prestigious awards in science fiction, had their 2017 ceremony today, at WorldCon 75 in Helsinki, Finland.
The winners are:

Best Novel: The Obelisk Gate by N.K. Jemisin
Best Novella: "Every Heart a Doorway" by Seanan McGuire
Best Novelette: "The Tomato Thief" by Ursula Vernon
Best Short Story: "Seasons of Glass and Iron", by Amal El-Mohtar
Best Related Work: Words Are My Matter: Writings About Life and Books, 2000-2016 by Ursula K Le Guin
Best Graphic Story: Monstress, Volume 1: Awakening , written by Marjorie Liu, illustrated by Sana Takeda
Best Dramatic Presentation: Arrival , screenplay by Eric Heisserer based on a short story by Ted Chiang, directed by Denis Villeneuve
Best Dramatic Presentation: The Expanse: Leviathan Wakes , written by Mark Fergus and Hawk Ostby, directed by Terry McDonough
Best Series: The Vorkosigan Saga, by Lois McMaster Bujold (Baen)
John W Campbell Award for Best New Writer: Ada Palmer

Just as they did last year, female creators have dominated the awards, with women taking home awards in the major categories—including N. K. Jemisin, who became the first woman to win the Hugo for Best Novel twice in a row since Lois McMaster Bujold did in 1991 and 1992.
This year’s slate of nominees, unlike the drama surrounding the 2016 and 2015 Hugos, was less impacted by the ballot-stuffing tactics of the “Rabid Puppies”, thanks to a change in the way nominees were voted for this year (including the fact no work could appear in more than one category) in an attempt to avoid tactical slate picks.

Submission + - A New Report Raises Big Questions About Last Year's DNC Hack (thenation.com) 4

Bartles writes: This story from The Nation raises questions about the feasibility of transferring the 2 gigbaytes of data that were stolen from the DNC last year. Was it possible in 2016 to transfer 2 gigabytes of data from DC to Romania through a VPN in 87 seconds?



Forensicator’s first decisive findings, made public in the paper dated July 9, concerned the volume of the supposedly hacked material and what is called the transfer rate—the time a remote hack would require. The metadata established several facts in this regard with granular precision: On the evening of July 5, 2016, 1,976 megabytes of data were downloaded from the DNC’s server. The operation took 87 seconds. This yields a transfer rate of 22.7 megabytes per second.


Submission + - Deserialization Issues Also Affect .NET, Not Just Java (bleepingcomputer.com)

An anonymous reader writes: The .NET ecosystem is affected by a deserialization flaw that has wreaked havoc among Java apps and apps and developers in 2016. The issue at hand is in how some .NET libraries deserialize JSON or XML data, doing it in a total unsecured way, but also how developers handle deserialization operations when working with libraries that offer optional secure systems to prevent deserialized data from accessing and running certain methods automatically. The issue is similar to a flaw known as Mad Gadget (or Java Apocalypse) that came to light in 2015 and 2016. The flaw rocked the Java ecosystem in 2016, as it affected the Java Commons Collection and 70 other Java libraries, and was even used to compromise PayPal's servers.

Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products. The Java deserialization flaw was so dangerous that Google engineers banded together in their free time to repair open-source Java libraries and limit the flaw's reach, patching over 2,600 projects. Now a similar issue was discovered in .NET. This research has been presented at the Black Hat and DEF CON security conferences. On page 5, researchers included reviews for all the .NET and Java apps they analyzed, pointing out which ones are safe and how developers should use them to avoid deserialization attacks when working with JSON data.

Submission + - FBI Says Islamic State Used eBay, PayPal To Channel Money To the US (theverge.com)

An anonymous reader writes: Islamic State allegedly used PayPal and fake eBay transactions to channel money to an operative in the US, The Wall Street Journal reports. The man who allegedly received the money was American citizen Mohamed Elshinawy, who was arrested last year in Maryland. The FBI claims that Elshinawy, in his early 30s, sold computer printers on eBay as a front in order to receive the payments through PayPal. The details have come to light because of a recently unsealed FBI affidavit, which alleges Elshinawy was part of a worldwide network that used such channels to fund ISIS. Elshinawy received $8,700 from ISIS, including five PayPal payments from senior ISIS official Siful Sujan through his technology company. Those funds were used to buy a laptop, a cellphone, and a VPN to communicate with IS, according to the affidavit. Sujan was killed in a drone strike in 2015.

Submission + - Silicon Valley Billionaire Fails to Prevent Access to Public Beach

Robotron23 writes: Vinod Khosla, a Silicon Valley venture capitalist, has lost his appeal to privatize Martins Beach; a publicly-owned strip of coastline in California. Having previously fenced off the land in a bid to render the area private, Khosla has been ordered to restore access by a California court. Khosla had previously demanded the government pay him $30 million to reopen the gate to the beachfront.

Submission + - North Korea's "not quite" ICBM can't hit the lower 48 states

Lasrick writes: Theodore A. Postol,,Markus Schiller, and Robert Schmucker publish an analysis in the Bulletin of the Atomic Scientists explaining that the missiles North Korea launched this week are not quite ICBMs after all, and probably can't carry a nuclear warhead to the mainland United States. The main article is accompanied by further notes from Ted Postal and a slide show of some of the data they used. In his comments, Postol points out: 'Although the findings that my colleagues and I reach indicate that the United States is still many years away from potentially being under threat from North Korean nuclear-armed ballistic missiles, North Korea clearly has substantial resources for advancing its ballistic missile programs and is definitely learning how to adapt and control the Russian liquid propellant rocket motors it obtained roughly 30 years ago.' Worth reading.

Submission + - DNC Leaks not a Russian Hack Says Former NSA Experts (thenation.com) 1

Tulsa_Time writes: Former NSA experts say it wasn’t a hack at all, but a leak—an inside job by someone with access to the DNC’s system.

"There was no hack of the Democratic National Committee’s system on July 5 last year—not by the Russians, not by anyone else. Hard science now demonstrates it was a leak—a download executed locally with a memory key or a similarly portable data-storage device. In short, it was an inside job by someone with access to the DNC’s system. This casts serious doubt on the initial “hack,” as alleged, that led to the very consequential publication of a large store of documents on WikiLeaks last summer.
Forensic investigations of documents made public two weeks prior to the July 5 leak by the person or entity known as Guccifer 2.0 show that they were fraudulent: Before Guccifer posted them they were adulterated by cutting and pasting them into a blank template that had Russian as its default language. Guccifer took responsibility on June 15 for an intrusion the DNC reported on June 14 and professed to be a WikiLeaks source—claims essential to the official narrative implicating Russia in what was soon cast as an extensive hacking operation. To put the point simply, forensic science now devastates this narrative."

Submission + - NASA looks at reviving atomic rocket program (newatlas.com)

Big Hairy Ian writes: When the first manned mission to Mars sets out, it may be on the tail of an atomic rocket engine. The Space Race vintage technology could have a renaissance at NASA after the space agency's Marshall Space Flight Center in Huntsville, Alabama signed a contract with BWXT Nuclear Energy to develop updated Nuclear Thermal Propulsion (NTP) concepts and new fuel elements to power them.

The Apollo missions to the Moon demonstrated many things. They showcased human ingenuity, determination, and courage. They proved what American engineering and industry could accomplish in short order when let loose on a goal and demonstrated that humankind need no longer be confined to a single planet.

Unfortunately, it also showed the fact that chemical rockets, even at the dawn of the conquest of space, had reached their technical limits. True, they could send astronauts to the Moon, but only by using a disposable rocket the size of a skyscraper of which only a capsule with the roominess of an SUV returned. And even this was in no shape for anything except a museum.

At the very least it looks much more feasible than Project Orion https://en.wikipedia.org/wiki/...

Slashdot Top Deals