An anonymous reader quotes Bloomberg News: A Russia-linked group is believed to have utilized Iranian tools to conduct cyber attacks against dozens of countries, in an apparent effort to mask their identities, according to joint advisories by the U.S. and the U.K.

The group, known as Turla, used tools from suspected Iran-based hacking groups and deployed them against old and new targets. In order to acquire the tools, Turla "comprised the suspected Iran-based hacking groups themselves," according to the U.S. National Security Agency and the U.K.'s National Cyber Security Centre, which released the advisories on Monday. The original owners of the tools "were almost certainly not aware of, or complicit with, Turla's use of their implants," the agencies said. The attacks, against more than 35 countries, would appear to the victims as coming from Iran.

New submitter RhettLivingston writes: Real plans for the move of Starship Mk 2 from its current construction site in Cocoa to the Kennedy Space Center have finally emerged. A News 6 Orlando report identifies permit applications and observed preparations for the move,which will take a land and sea route. Barring some remarkably hasty road compaction and paving, the prototype will start its journey off-road, crossing a recently cleared path through vacant land to reach Grissom Parkway. It will then travel east in the westbound lanes of SR 528 for a short distance before loading to a barge in the Indian river via a makeshift dock. The rest of the route is relatively conventional, including offloading at KSC at the site previously used for delivery of the Space Shuttle's external fuel tanks. Given the recent construction of new facilities at the current construction site, it is likely that this will not be the last time this route is utilized. SpaceX declined to say how the company will transport the spacecraft or when the relocation will occur.

SpaceX's "Mk2" orbital Starship prototype is designed to test out the technologies and basic design of the final Starship vehicle -- a giant passenger spacecraft that SpaceX is making to take people to the Moon and Mars.

Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications -- including Apple's FaceID. But there is a catch. Doing so requires the victim to be out cold. From a report: Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim's FaceID and log into their phone simply by putting a pair of modified glasses on their face. By merely placing tape carefully over the lenses of a pair glasses and placing them on the victim's face the researchers demonstrated how they could bypass Apple's FaceID in a specific scenario. The attack itself is difficult, given the bad actor would need to figure out how to put the glasses on an unconscious victim without waking them up.

To launch the attack, researchers with Tencent tapped into a feature behind biometrics called "liveness" detection, which is part of the biometric authentication process that sifts through "real" versus "fake" features on people. It works by detecting background noise, response distortion or focus blur. One such biometrics tool that utilizes liveness detection is FaceID, which is designed and utilized by Apple for the iPhone and iPad Pro. "With the leakage of biometric data and the enhancement of AI fraud ability, liveness detection has become the Achilles' heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture," researchers said during the Black Hat USA 2019 session.

Why would someone build their own Beowulf cluster -- a high-performance parallel computing prototype -- using 12 Raspberry Pi boards? It's using the standard Beowulf cluster architecture found in about 88% of the world's largest parallel computing systems, with an MPI (Message Passing Interface) system that distributes the load over all the nodes.

Matt Trask, a long-time computer engineer now completing his undergraduate degree at Florida Atlantic University, explains how it grew out of his work on "virtual mainframes": In the world of parallel supercomputers (branded 'high-performance computing', or HPC), system manufacturers are motivated to sell their HPC products to industry, but industry has pushed back due to what they call the "Ninja Gap". MPI programming is hard. It is usually not learned until the programmer is in grad school at the earliest, and given that it takes a couple of years to achieve mastery of any particular discipline, most of the proficient MPI programmers are PhDs. And this, is the Ninja Gap -- industry understands that the academic system cannot and will not be able to generate enough 'ninjas' to meet the needs of industry if industry were to adopt HPC technology.

As part of my research into parallel computing systems, I have studied the process of learning to program with MPI and have found that almost all current practitioners are self-taught, coming from disciplines other than computer science. Actual undergraduate CS programs rarely offer MPI programming. Thus my motivation for building a low-cost cluster system with Raspberry Pis, in order to drive down the entry-level costs. This parallel computing system, with a cost of under $1000, could be deployed at any college or community college rather than just at elite research institutions, as is done [for parallel computing systems] today.

The system is entirely open source, using only standard Raspberry Pi 3B+ boards and Raspbian Linux. The version of MPI that is used is called MPICH, another open-source technology that is readily available.
But there's an added visual flourish, explains long-time Slashdot reader iamacat. "To visualize computing, each node is equipped with a servo motor to position itself according to its current load -- lying flat when fully idle, standing up 90 degrees when fully utilized."

Its data comes from the /proc filesystem, and the necessary hinges for this prototype were all generated with a 3D printer. "The first lesson is to use CNC'd aluminum for the motor housings instead of 3D-printed plastic," writes Trask. "We've seen some minor distortion of the printed plastic from the heat generated in the servos."

An anonymous reader quotes a report from Electrek: Now a startup developing all solid-state batteries (ASSB) secured backing from several high-profile investors, including several automakers, as it claims a breakthrough for the technology that will enable better electric cars. Solid Power is a Colorado-based startup that spun out of a battery research program at the University of Colorado Boulder. The company claims to have achieved a breakthrough by incorporating a high-capacity lithium metal anode in lithium batteries -- creating a solid-state cell with an energy capacity "2-3X higher" than conventional lithium-ion. They have already attracted investments from important companies, like A123 Systems and more recently BMW, which planned to validate their battery technology for the automotive market. Now they are announcing this week the addition Hyundai, Samsung and several others to the list as they close a $20 million series A round of financing. They are now working with two automakers and two battery cell suppliers for the auto industry. Some of the advantages that they claim their technology has over current batteries, as mentioned in their press release, include:

- 2-3x higher energy vs. current lithium-ion
- Substantially improved safety due to the elimination of the volatile, flammable, and corrosive liquid electrolyte as used in lithium-ion
- Low-cost battery-pack designs through: Minimization of safety features and elimination of pack cooling
- Greatly simplified cell, module, and pack designs through the elimination of the need for liquid containment
- High manufacturability due to compatibility with automated, industry-standard, roll-to-roll production

Solid Power plans to use the funds from its Series A investment to "scale-up production via a multi-MWh roll-to-roll facility, which will be fully constructed and installed by the end of 2018 and fully operational in 2019." The battery cells produced at this new facility "will be utilized for preliminary qualification of the company's solid-state cells for multiple markets including automotive, aerospace and defense."

An anonymous reader quotes a report from The Verge: Google announced today that it's working with Danish hearing aid manufacturer GN Hearing to create a new hearing aid spec for Android smartphones called ASHA, or Audio Streaming for Hearing Aids. It's designed to be battery-efficient, while providing high quality audio with low latency. Hearing aids utilizing this spec will be able to connect to and stream from Android devices without having to use another intermediate device. ASHA will enable Bluetooth hearing aids to be utilized the same way as headphones, used to call friends or listen to music. Google has published the new protocol specifications online for any hearing aid manufacturer to build native hearing aid support for Android. GN Hearing has announced that the ReSound LiNX Quattro and Beltone Amaze will be the first hearing aids to receive direct streaming support in a future update.

The plan to replace passport check-ins with more face scans is being trialed by Quantas on passengers for select flights into the Sydney Airport starting this week. The move is an attempt to replace the "inconvenience" of relying on more traditional paper passports. TechCrunch reports: It's still very early stages in a process that isn't exactly being rolled out overnight. After all, implementing such technology for Sydney's 43 million annual passengers is pretty large undertaking, even without myriad security and privacy concerns to contend with. To start with, the technology will be utilized for select international flights, to help automate check-in, boarding, lounge access and bag drop. Moving forward, the airport also hopes to implement it for mobile check-in and customs processing. "We've worked with Qantas from the outset and are delighted to be partnering with them as we trial this technology," Sydney Airport CEO Geoff Culbert said in a statement provided to the press. "In the future, there will be no more juggling passports and bags at check-in and digging through pockets or smartphones to show your boarding pass," he added. "Your face will be your passport and your boarding pass at every step of the process."

Catalin Cimpanu, writing for BleepingComputer: Malicious app developers can secretly abuse a macOS API function to take screenshots of the user's screen and then use OCR (Optical Character Recognition) to programmatically read the text found in the image. The function is CGWindowListCreateImage, often utilized by Mac apps that take screenshots or live stream a user's desktop. According to Fastlane Tools founder Felix Krause, any Mac app, sandboxed or not, can access this function and secretly take screenshots of the user's screen. Krause argues that miscreants can abuse this privacy loophole and utilize CGWindowListCreateImage to take screenshots of the screen without the user's permission.

Though Docker has 400 corporate customers -- and plans to double its sales staff -- "here's what happens to a startup when Google gets all up in its business," reads a recent headline at Bloomberg: Docker Inc. helped establish a type of software tool known as containers...and they've made the company rich. Venture capitalists have poured about $240 million into the startup, according to research firm CB Insights. Then along came Google, with its own free container system called Kubernetes. Google has successfully inserted Kubernetes into the coder toolbox. While Docker and Kubernetes serve slightly different purposes, customers who choose Google's tool can avoid paying Docker.

The startup gives away its most popular product while trying to convince developers to pay for extras, notably a program that does the same thing as Google's. "Kubernetes basically has ruled the industry, and it is the de facto standard," said Gary Chen, an analyst at IDC. "Docker has to figure out how do they differentiate themselves." It's up to [Docker CEO] Steve Singh to escape a situation that's trapped many startups battling cash-rich tech giants like Google, dangling free alternatives... "They invented this great tech, but they are not the ones profiting from it," said Gary Chen, an analyst at IDC.
Though Docker's CEO is hoping to take the company public someday, Slashdot reader oaf357 predicts a different future: To say that Docker had a very rough 2017 is an understatement. Aside from Uber, I can't think of a more utilized, hyped, and well funded Silicon Valley startup (still in operation) fumbling as bad as Docker did in 2017. People will look back on 2017 as the year Docker, a great piece of software, was completely ruined by bad business practices leading to its end in 2018.
His article criticizes things like the new Moby upstream for the Docker project, along with "Docker's late and awkward embrace of Kubernetes... It's almost as if Docker is conceding itself to being a marginal consulting firm in the container space." And he suggests that ultimately Docker could be acquired by "a large organization like Oracle or Microsoft."

An anonymous reader quotes a report from The Verge: Researchers at Trend Micro have found that certain models of Sonos and Bose speakers have vulnerabilities that leave them open to hijacking, as reported by Wired. The accessible speakers are being exploited by hackers that are using them to play spooky sounds, Alexa commands, and Rick Astley tracks. Only a small percentage of speakers by the two companies are actually affected, including some of the Sonos Play:1, the Sonos One, and the Bose SoundTouch. All it takes is for the speaker to be connected to a misconfigured network and a simple internet scan. Once the speaker is discovered via the scan, the API it uses to talk to apps can be utilized to tell the speakers to play any audio file hosted at a specific URL. Of all the models, between 2,500 to 5,000 Sonos devices and 400 to 500 Bose devices were found by Trend Micro to be open to audio hacking.

An anonymous reader quotes CryptoCoinsNews: It should be no surprise that the elusive hunt for Satoshi, often referred to as the father of Bitcoin, has led to the theory that Elon Musk has been hiding a big secret from all of us. Sahil Gupta, a computer science student at Yale University and former intern at SpaceX, believes just this... Bitcoin was written by someone with mastery of C++, a language Musk has utilized heavily at SpaceX. Musk's 2013 Hyperloop paper also provided insight into his deep understanding of cryptography and economics...

One week before Gupta's Medium post on Musk, another Medium blog was published with a theory that Musk invented Bitcoin for future use on Mars. As radical as this may sounds, the point around Paypal in this article was relevant. Musk has already revolutionized digital currency with his founding role in Paypal, which he sold to eBay in 2002. The author claims Musk is under a non-compete from this deal, leaving him to secrecy about his role in Bitcoin.
Gupta's article cites other clues that suport his theory, including Musk's interest in solving global problems, his unusual silence on the topic of cryptocurrencies, and the fact that "Elon has said publicly he doesn't own any bitcoin, which is consistent with a 'Good Satoshi' who deleted his private keys. This means Satoshi's one million coins (worth about $8 billion) are gone for good." And of course, with a net worth of $19.7 billion, Elon Musk is one of the few people who wouldn't need the money.

UPDATE (11/28/17): On Twitter, Elon Musk has responded, saying the rumors that he created Bitcoin are "not true."

Rei writes: During a live reveal on Thursday, Tesla unveiled its new electric Class 8 Heavy Duty vehicle. As most people familiar with Tesla products would expect, the day cab truck features staggeringly fast acceleration for a vehicle of its size. It can accelerate 0-60 in 5 seconds without a trailer and 20 seconds with a 40-ton gross weight while being able to pull its maximum payload up a 5-degree grade at 65mph (versus a typical maximum of 45mph). The 500-mile range is for the vehicle at full load and highway speeds (80% of U.S. freight routes are 250 miles or less). Tesla also boasts a million mile no-breakdown guarantee; even losing two of its four motors it can out-accelerate a typical diesel truck. The total cost per mile is pegged at 83% of operating a diesel, but when convoying is utilized -- where multiple trucks mirror the action of a lead truck -- the costs drop to 57%, a price cheaper than rail. Tesla went a step further and stole the show from their own event by having the first prototype of the new Tesla Roadster drive out of the back of the truck. With the base model alone boasting a 620 mile range on a 200kWh battery pack with 10kN torque, providing a 1.9 second 0-60, 4.2 second 0-100, and 8.9 second quarter mile, the 2+2-seating convertible will easily be the fastest-accelerating production car in the world. Top speed is not disclosed, but said to be "at least 250mph." The vehicle's release date, however, is not scheduled until 2020.

WikiLeaks, believed by many to be a Kremlin front, surprised some observers Tuesday morning (Snowden called it a "plot twist") when it released documents linking a Russian tech company with access to thousands of citizens' telephone and internet communications with Moscow. From a report: Writing a summary of the cache of mostly Russian-language documents, Wikileaks claims they show how a long-established Russian company which supplies software to telcos is also installing infrastructure, under state mandate, that enables Russian state agencies to tap into, search and spy on citizens' digital activity -- suggesting a similar state-funded mass surveillance program to the one utilized by the U.S.'s NSA or by GCHQ in the U.K. (both of which were detailed in the 2013 Snowden disclosures). The documents which Wikileaks has published (there are just 34 "base documents" in this leak) relate to a St. Petersburg-based company, called Peter-Service, which it claims is a contractor for Russian state surveillance. The company was set up in 1992 to provide billing solutions before going on to become a major supplier of software to the mobile telecoms industry.

An anonymous reader quotes USA Today: A fugitive South Carolina inmate recaptured in Texas this week had chopped his way through a prison fence using wire cutters apparently dropped by a drone, prison officials said Friday. Jimmy Causey, 46, fled the Lieber Correctional Institution in Ridgeville, S.C., on the evening of July 4th after leaving a paper mache doll in his bed to fool guards into thinking he was asleep. He was not discovered missing until Wednesday afternoon. Causey was captured early Friday 1,200 miles away in a motel in Austin by Texas Rangers acting on a tip, WLTX-TV reported... "We believe a drone was used to fly in the tools that allow(ed) him to escape," South Carolina Corrections Director Bryan Stirling said...

Stirling said prison officials are investigating the performance by prison guards that night but pointed to cellphones and drones as the main problem. The director said he and other officials have sought federal help for years to combat the use of drones to drop contraband into prison. "It's a simple fix," Stirling said. "Allow us to block the signal... They are physically incarcerated, but they are not virtually incarcerated."
It's the second time the same convict escaped from South Carolina's maximum security prison -- albeit the first time he's (allegedly) used a drone. The state's Law Enforcement Division Chief also complains that the federal government still prohibits state corrections officials from blocking cellphones, and "as long as cellphones continue to be utilized by inmates in prisons we're going to have things like this -- we're going to have very well-planned escapes..."

"In a fascinating example of poor timing, disk images of OS/2 2.0 pre-release level 6.605 from July/September 1991 were missing for over 25 years, only to show up literally one day after after the 25th anniversary of the OS/2 2.0 release," writes the site OS/2 Museum. An anonymous reader writes: It's the last OS/2 2.0 pre-release which didn't use the Workplace Shell (WPS), but "instead utilized the same old Desktop Manager as OS/2 1.2/1.3, which makes it the closest surviving relative of the Microsoft OS/2 2.0 SDK." Featuring a 16-bit/32-bit hybrid kernel and a "DOS Window" icon (as well as a few games like Reversi and Klondike Solitaire), "the look and feel was not quite the same as OS/2 1.3 and in fact was a cross between OS/2 1.3 and Windows 3.1."
The elusive 6.605 pre-release fell between 6.149 and 6.167 -- and "It is not known what possessed IBM to assign it a completely out-of-sequence number."

An anonymous reader quotes a report from Polygon: After 16 years, IMDb's message boards and the ability to privately message other users is shutting down, with many members of the community openly mourning the loss of the section. IMDb, which stands from the Internet Movie Database, is one of the world's biggest databases for film and television. According to the company, there is information on more than 4.1 million titles and 7.7 million personalities available on the site as of January 2017. The message board, which was introduced in 2001, reportedly remains one of the most used services on the website, but despite that, the company is getting ready to shut it down, citing a desire to foster a positive environment and serve its audience the best way it can. "After in-depth discussion and examination, we have concluded that IMDb's message boards are no longer providing a positive, useful experience for the vast majority of our more than 250 million monthly users worldwide," a statement on the site reads. "The decision to retire a long-standing feature was made only after careful consideration and was based on data and traffic. Because IMDb's message boards continue to be utilized by a small but passionate community of IMDb users, we announced our decision to disable our message boards on February 3, 2017 but will leave them open for two additional weeks so that users will have ample time to archive any message board content they'd like to keep for personal use. During this two-week transition period, which concludes on February 19, 2017, IMDb message board users can exchange contact information with any other board users they would like to remain in communication with (since once we shut down the IMDb message boards, users will no longer be able to send personal messages to one another)."

You asked, he answered! The creator of Apple's Swift programming language (and a self-described "long-time reader/fan of Slashdot") stopped by on his way to a new job at Tesla just to field questions from Slashdot readers. Read on for Chris's answers...

Scientists used rocks and soil collected by the Apollo 14 moonwalkers in 1971 to calculate the age of the moon. It turns out that it is much older than scientists suspected, coming in at 4.51 billion years old. ABC News reports: A research team reported Wednesday that the moon formed within 60 million years of the birth of the solar system. Previous estimates ranged within 100 million years, all the way out to 200 million years after the solar system's creation, not quite 4.6 billion years ago. The scientists conducted uranium-lead dating on fragments of the mineral zircon extracted from Apollo 14 lunar samples. The pieces of zircon were minuscule -- no bigger than a grain of sand. The moon was created from debris knocked off from Earth, which itself is thought to be roughly 4.54 billion years old. Some of the eight zircon samples were used in a previous study, also conducted at UCLA, that utilized more limited techniques. Melanie Barboni, lead author of the study from the University of California, Los Angeles, said she is studying more zircons from Apollo 14 samples, but doesn't expect it to change her estimate of 4.51 billion years for the moon's age, possibly 4.52 billion years at the most. The study was published today in the journal Science.

Google.org gives nonprofits roughly $100 million each year. But now the Register argues that festive giving "has become a 'Googlicious' sales push." Among other things, The Register criticizes the $30 million in grant funding that Google.org gave this Christmas "to nonprofits to bring phones, tablets, hardware and training to communities that can benefit from them most," some of which utilized the crowdfunding site DonorsChoose (which tacks a fee of at least $30 fee onto every donation). "The most critical learning resources that teachers need are often exercise books, pen and paper, but incentives built into the process steer educators to request and receive Google hardware, rather than humble classroom staples," claims the Register. theodp writes: [O]ne can't help but wonder if Google.org's decision to award $18,130 to teachers at Timberland Charter Academy for Chromebooks to help make students "become 'Google'licious" while leaving another humbler $399 request from a teacher at the same school for basic school supplies -- pencils, paper, erasers, etc. -- unfunded is more aligned with Google's interests than the Christmas spirit. Google, The Register reminds readers, lowered its 2015 tax bill by $3.6 billion using the old Dutch Sandwich loophole trick, according to new regulatory filings in the Netherlands.
The article even criticizes the "Santa's Village" site at Google.org, which includes games like Code Boogie, plus a game about airport security at the North Pole. Their complaint is its "Season of Giving" game, which invites children to print out and color ornaments that represent charities -- including DonorsChoose.org. The article ends by quoting Slashdot reader theodp ("who documents the influence of Big Tech in education") as saying "Nothing says Christmas fun more than making ornaments to celebrate Google's pet causes..."

The stars have finally aligned for WiGig, an ultra-fast, short-range wireless network. The Wi-Fi Alliance has launched a certification process for WiGig products, which it claims, can go as fast as 8Gbps. The technology was first announced in 2009, and it is based on IEEE 802.11ad standard that is supported by many new products. CNET adds:That speed is good enough to replace network cables today. And tomorrow, WiGig should be good for beaming high-resolution video from your phone to your 4K TV or linking a lightweight virtual-reality headset to its control computer. VR and its cousin, augmented reality, work better when you don't have a thick cable tethering your head to a PC. New speed is especially helpful when conventional wireless networks clog up. We're all streaming video at higher resolutions, hooking up new devices like cars and security cameras to the network, and getting phones for our kids. Another complication: Phones using newer mobile data networks can barge in on the same radio airwaves that Wi-Fi uses. Saturation of regular Wi-Fi radio channels "will create a demand for new spectrum to carry this traffic," said Yaron Kahana, manager of Intel's WiGig product line. "In three years we expect WiGig to be highly utilized for data transfer." WiGig and Wi-Fi both use unlicensed radio spectrum available without government permission -- 2.4 gigahertz and 5GHz in the case of Wi-Fi. Unlicensed spectrum is great, but airwaves are already often crowded. WiGig, though, uses the 60GHz band that's unlicensed but not so busy. You will want to check for WiGig sticker in the next gear you purchase.