The 'Unpatchable' Exploit That Makes Every Current Nintendo Switch Hackable ( 15

An anonymous reader quotes a report from Ars Technica: A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusee Gelee coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. "Fusee Gelee isn't a perfect, 'holy grail' exploit -- though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ. The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code. The exploit can't be fixed via a downloadable patch because the flawed bootROM can't be modified once the Tegra chip leaves the factory. As Temkin writes, "unfortunately, access to the fuses needed to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible. It is suggested that consumers be made aware of the situation so they can move to other devices, where possible." Ars notes that Nintendo may however be able to detect "hacked" systems when they sign on to Nintendo's servers. "The company could then ban those systems from using the Switch's online functions."

Google Accused of Showing 'Total Contempt' for Android Users' Privacy ( 26

On the heels of a terse privacy debate, Google may have found another thing to worry about: its attempt to rethink the traditional texting system. From a report: Joe Westby is Amnesty International's Technology and Human Rights researcher. Recently, in response to Google's launch of a new messaging service called "Chat", Westby argued that Google, "shows total contempt for Android users' privacy."

"With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications. Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers," Westby contended. Westby continued, saying: "In the wake of the recent Facebook data scandal, Google's decision is not only dangerous but also out of step with current attitudes to data privacy."


AI Trained on Images from Cosmological Simulations Surprisingly Successful at Classifying Real Galaxies in Hubble Images ( 11

A machine learning method which has been widely used in face recognition and other image- and speech-recognition applications, has shown promise in helping astronomers analyze images of galaxies and understand how they form and evolve. From a report: In a new study, accepted for publication in Astrophysical Journal and available online [PDF], researchers used computer simulations of galaxy formation to train a deep learning algorithm, which then proved surprisingly good at analyzing images of galaxies from the Hubble Space Telescope. The researchers used output from the simulations to generate mock images of simulated galaxies as they would look in observations by the Hubble Space Telescope. The mock images were used to train the deep learning system to recognize three key phases of galaxy evolution previously identified in the simulations. The researchers then gave the system a large set of actual Hubble images to classify.

The results showed a remarkable level of consistency in the neural network's classifications of simulated and real galaxies. "We were not expecting it to be all that successful. I'm amazed at how powerful this is," said coauthor Joel Primack, professor emeritus of physics and a member of the Santa Cruz Institute for Particle Physics (SCIPP) at UC Santa Cruz. "We know the simulations have limitations, so we don't want to make too strong a claim. But we don't think this is just a lucky fluke."


New Attack Group Orangeworm Targets Healthcare Sector in US, Asia, and Europe: Symantec ( 23

Security researchers at Symantec say a group of hackers has been targeting firms related to health care in order to steal intellectual property. The security firm observed a hacking team, called Orangeworm, compromise the systems of pharmaceutical firms, medical-device manufacturers, health-care providers, and even IT companies working with medical organizations in the US, Europe, and Asia markets. Victims don't appear to have been chosen at random but "carefully and deliberately." You can read the full report here.

Google Is Testing a New Chrome UI ( 52

Catalin Cimpanu, writing for BleepingComputer: Google engineers have rolled out a new Chrome user interface (UI). Work on the new Refresh UI has been underway since last year, Bleeping Computer has learned. The new UI is in early testing stages, and only available via the Google Chrome Canary distribution, a version of the Chrome browser used as a testing playground. Users who are interested in giving the new UI a spin must install Chrome Canary, and then access chrome://flags, a section that contains various experimental options not included in Chrome's default settings section.

Was There a Civilization On Earth Before Humans? ( 213

Adam Frank, writing for The Atlantic: We're used to imagining extinct civilizations in terms of the sunken statues and subterranean ruins. These kinds of artifacts of previous societies are fine if you're only interested in timescales of a few thousands of years. But once you roll the clock back to tens of millions or hundreds of millions of years, things get more complicated.

When it comes to direct evidence of an industrial civilization -- things like cities, factories, and roads -- the geologic record doesn't go back past what's called the Quaternary period 2.6 million years ago. For example, the oldest large-scale stretch of ancient surface lies in the Negev Desert. It's "just" 1.8 million years old -- older surfaces are mostly visible in cross section via something like a cliff face or rock cuts. Go back much farther than the Quaternary and everything has been turned over and crushed to dust.

And, if we're going back this far, we're not talking about human civilizations anymore. Homo sapiens didn't make their appearance on the planet until just 300,000 years or so ago. [...] Given that all direct evidence would be long gone after many millions of years, what kinds of evidence might then still exist? The best way to answer this question is to figure out what evidence we'd leave behind if human civilization collapsed at its current stage of development.
Mr. Frank, along with Gavin Schmidt, Director of the NASA Goddard Institute for Space Studies, have published their research on the subject [PDF].

EU Opens Competition Probe Into Apple's Bid For Music App Shazam ( 13

EU antitrust regulators opened an investigation on Monday into Apple's bid for British music discovery app Shazam, concerned the deal might give the iPhone maker an unfair advantage in poaching users from its rivals. From a report: Apple announced the deal in December to help it better compete with industry leader Spotify. Shazam lets users identify songs by pointing a smartphone at the audio source. The European Commission said it was concerned about Apple's access to data on Shazam's users who use competing music streaming services in Europe.

Hacking a Satellite is Surprisingly Easy ( 137

Caroline Haskins, writing for The Outline: Hundreds of multi-ton liabilities -- soaring faster than the speed of sound, miles above the surface of the earth -- are operating on Windows-95. They're satellites, responsible for everything from GPS positioning, to taking weather measurements, to carrying cell signals, to providing television and internet. For the countries that own these satellites, they're invaluable resources. Even though they're old, it's more expensive to take satellites down than it is to just leave them up. So they stay up. Unfortunately, these outdated systems makes old satellites prime targets for cyber attacks. [...]

A malicious actor could fake their IP address, which gives information about a user's computer and its location. This person could then get access to the satellite's computer system, and manipulate where the satellite goes or what it does. Alternatively, an actor could jam the satellite's radio transmissions with earth, essentially disabling it. The cost of such an attack could be huge. If a satellite doesn't work, life-saving GPS or online information could be withheld to people on earth when they need it most. What's worse, if part of a satellite -- or an entire satellite -- is knocked out of its orbit from an attack, the debris could create a domino effect and cause extreme damage to other satellites.


MIT Researchers Developed a 'System For Dream Control' ( 49

dmoberhaus writes: Researchers at MIT Media Lab have adapted a centuries' old technique for inducing hypnagogia for the 21st century. Known as Dormio, this system is able to extend and manipulate the period users spend in a transitional state of consciousness between wakefulness and sleep known as hypnagogia. This state is characterized by vivid hallucinations and microdreams, and as the MIT researchers demonstrated, the contents of these microdreams can be manipulated with the system and subsequently result in heightened creativity when the user awakes. Motherboard got the exclusive details on the system.

Amazon Has a Top-Secret Plan to Build Home Robots ( 80

After making smart speakers a household product (at least to some), Amazon seems to have found its next big consumer product: robots. Amazon is building smart robots that are equipped with cameras that let them drive around homes, Bloomberg reported Monday. These robots could launch as soon as next year. From the report: Codenamed "Vesta," after the Roman goddess of the hearth, home and family, the project is overseen by Gregg Zehr, who runs Amazon's Lab126 hardware research and development division based in Sunnyvale, California. Lab126 is responsible for Amazon devices such as the Echo speakers, Fire TV set-top-boxes, Fire tablets and the ill-fated Fire Phone.

The Vesta project originated a few years ago, but this year Amazon began to aggressively ramp up hiring. There are dozens of listings on the Lab 126 Jobs page for openings like "Software Engineer, Robotics" and "Principle Sensors Engineer." People briefed on the plan say the company hopes to begin seeding the robots in employees' homes by the end of this year, and potentially with consumers as early as 2019, though the timeline could change, and Amazon hardware projects are sometimes killed during gestation.


The Last Known Person Born in the 19th Century Dies in Japan at 117 ( 156

Jason Kottke: As of 2015, only two women born in the 1800s and two others born in 1900 (the last year of the 19th century) were still alive. In the next two years, three of those women passed away, including Jamaican Violet Brown, the last living subject of Queen Victoria, who reigned over the British Empire starting in 1837. Last week Nabi Tajima, the last known survivor of the 19th century, died in Japan at age 117.

The Music Industry Had a Fantastic 2017, Driven by Streaming Revenues ( 71

An anonymous reader shares a report: Global recorded music revenues soared by $1.4 billion in 2017 largely due to the increased adoption of music streaming services among consumers, reports the Music Industry Blog. Global recorded music revenues reached $17.4 billion in 2017, putting it just a hair below 2008's $17.7 billion in revenues. That means that most of the decline in recorded music revenues over the past 10 years has now been reversed. Streaming was the largest driver of that growth, accounting for 43% of all revenues. In 2017 streaming revenues surged by 39%, topping out at $7.4 billion.

Microsoft Developers Hid a Secret Puzzle in Windows Backgrounds as They Knew Images Would Leak ( 42

An anonymous reader shares a report: Microsoft developers working on Windows 8 created a puzzle and embedded it in the wallpapers used for internal builds of the operating system. The team knew that the images would leak out to the public -- and probably the internal builds of Windows -- so they decided to have some fun with it. Over the course of numerous builds, the puzzle was developed -- but only one person ever solved it! Over the weekend, Jensen Harris -- a former group program manager of Microsoft Office and Microsoft director leading the team working on the redesign of Windows 8 -- took to Twitter to come clean about the secret puzzle. He explained that it was common for internal test builds of Windows to have wallpapers that were not intended for public release, but said that messages tended to be included to discourage leaking: "Traditionally, these wallpapers included text embedded in them threatening to throw people in jail if they leaked the build, blah blah, substantial penalty for early withdrawal, not all coins go up in value (some go down!), etc. etc. We wanted to try a more elegant tact. So early in Windows 8, we created a wallpaper that was a combination of the text the lawyers wanted us to use with an attempt to appeal to people's better nature...thus the "shhh... let's not leak our hard work" series of wallpapers was born."

Are Widescreen Laptops Dumb? ( 350

"After years of phones, laptops, tablets, and TV screens converging on 16:9 as the 'right' display shape -- allowing video playback without distracting black bars -- smartphones have disturbed the universality recently by moving to even more elongated formats like 18:9, 19:9, or even 19.5:9 in the iPhone X's case," writes Amelia Holowaty Krales via The Verge. "That's prompted me to consider where else the default widescreen proportions might be a poor fit, and I've realized that laptops are the worst offenders." Krales makes the case for why a 16:9 screen of 13 to 15 inches in size is a poor fit: Practically every interface in Apple's macOS, Microsoft's Windows, and on the web is designed by stacking user controls in a vertical hierarchy. At the top of every MacBook, there's a menu bar. At the bottom, by default, is the Dock for launching your most-used apps. On Windows, you have the taskbar serving a similar purpose -- and though it may be moved around the screen like Apple's Dock, it's most commonly kept as a sliver traversing the bottom of the display. Every window in these operating systems has chrome -- the extra buttons and indicator bars that allow you to close, reshape, or move a window around -- and the components of that chrome are usually attached at the top and bottom. Look at your favorite website (hopefully this one) on the internet, and you'll again see a vertical structure.

As if all that wasn't enough, there's also the matter of tabs. Tabs are a couple of decades old now, and, like much of the rest of the desktop and web environment, they were initially thought up in an age where the predominant computer displays were close to square with a 4:3 aspect ratio. That's to say, most computer screens were the shape of an iPad when many of today's most common interface and design elements were being developed. As much of a chrome minimalist as I try to be, I still can't extricate myself from needing a menu bar in my OS and tab and address bars inside my browser. I'm still learning to live without a bookmarks bar. With all of these horizontal bars invading our vertical space, a 16:9 screen quickly starts to feel cramped, especially at the typical laptop size. You wind up spending more time scrolling through content than engaging with it.
What is your preferred aspect ratio for a laptop? Do you prefer Microsoft and Google's machines that have a squarer 3:2 aspect ratio, or Apple's MacBook Pro that has a 16:10 display?
The Internet

Net Neutrality Is Over Monday, But Experts Say ISPs Will Wait To Screw Us ( 202

An anonymous reader quotes a report from Inverse: Parts of the Federal Communication Commission's repeal of net neutrality is slated to take effect on April 23, causing worry among internet users who fear the worst from their internet service providers. However, many experts believe there won't be immediate changes come Monday, but that ISPs will wait until users aren't paying attention to make their move. "Don't expect any changes right out of the gate," Dary Merckens, CTO of Gunner Technology, tells Inverse. Merckens specializes in JavaScript development for government and business, and sees why ISPs would want to lay low for a while before enacting real changes. "It would be a PR nightmare for ISPs if they introduced sweeping changes immediately after the repeal of net neutrality," he says.

While parts of the FCC's new plan will go into effect on Monday, the majority of the order still doesn't have a date for when it will be official. Specific rules that modify data collection requirements still have to be approved by the Office of Management and Budget, and the earliest that can happen is on April 27. Tech experts and consumer policy advocates don't expect changes to happen right away, as ISPs will likely avoid any large-scale changes in order to convince policymakers that the net neutrality repeal was no big deal after all.

Slashdot Top Deals