Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - First victim of SHA-1 collisions: Subversion. Technique was reverse engineered

Artem Tashkinov writes: A WebKit developer who tried to upload "bad" PDF files generated from the first successful SHA-1 attack broke WebKit's SVN repository because Subversion uses SHA-1 hash to differentiate commits. The reason to upload the files was to create a test for checking cache poisoning in WebKit.

Another news story is that based on the theoretical incomplete description of the SHA-1 collision attack published by Google just two days ago, people have managed to recreate the attack in practice and now you can download a python script which can create a new PDF file with the same SHA-1 hashsum using your input PDF. The attack is also implemented as a website which can prepare two PDF files with different JPEG images which will result in the same hash sum.

Submission + - White House blocks news organizations from press briefing (cnn.com)

ClickOnThis writes: CNN reports that it, along with several other major news organizations, were blocked from attending a press briefing at the White House today. From the article:

The New York Times, the Los Angeles Times, Politico and BuzzFeed were also excluded from the meeting, which is known as a gaggle and is less formal than the televised Q-and-A session in the White House briefing room. The gaggle was held by White House press secretary Sean Spicer.

In a brief statement defending the move, administration spokeswoman Sarah Sanders said the White House "had the pool there so everyone would be represented and get an update from us today."

The pool usually includes a representative from one television network and one print outlet. In this case, four of the five major television networks — NBC, ABC, CBS and Fox News — were invited and attended the meeting, while only CNN was blocked.

And while The New York Times was kept out, conservative media organizations Breitbart News, The Washington Times and One America News Network were also allowed in.


Comment Re: s/drug trials/climate change/g (Score 1) 320

Shifting the goal posts, are we? I'm pretty sure there's no falsified predictions about hurricanes in the Atlantic specifically before 2020, so I'm not sure what you're getting at. As we get further into the red zone, there's some evidence to suggest that hurricane intensity might increase, though frequency is less certain.

Maybe you should skim through the IPCC AR5 WGII impacts summary, to see what we're actually expecting. There's much more to be concerned about than just hurricanes, and the risks and damages far outweigh any small plant growth benefit we might expect from boosted CO2 (which is discussed in Chapter 7 - studies suggest that food production will see a net negative effect).

Submission + - Malaysian Police: VX nerve gas killed N Korea leader's brother in airport attack (reuters.com)

An anonymous reader writes: Malaysian police have announced their finding that Kim Jong Nam, half-brother of North Korean leader Kim Jon Un, was killed by assassins using VX nerve gas in an attack in the busy Kuala Lumpur airport. Malaysian authorities plan to decontaminate the airport and other sites visited by the attackers. Police are holding the two female attackers, one of whom was affected by the chemical agent, as well as two other men. They are seeking seven more North Koreans connected to the case. VX is the most toxic of the nerve gasses and the UN has declared it a weapon of mass destruction. The manufacture and stockpiling of more than 100 grams of VX per year is prohibited by the Chemical Weapons Convention of 1993. It has no commercial uses. The Malaysian police are trying to discover if it was smuggled into their country, or manufactured there. The Malaysian government has recalled its ambassador to North Korea for consultation. North Korea is blaming the death of Kim Jong Nam on Malaysia. North Korea is believed to have major stockpiles of chemical weapons, and is alleged to conduct experiments on prisoners and social undesirables.

Submission + - SPAM: UV-Illuminated Rhodium: Plentiful Methane from Carbon Dioxide

Freshly Exhumed writes: Researchers in the Chemistry and Physics Departments at Duke University have found that CH4 (Methane) is almost exclusively produced when rhodium nanoparticles are mildly illuminated in ultraviolet LED light, yielding a seven-fold increase in the CH4 production rate over dark conditions, while only a slight increase in simultaneous CO production was detected. No other carbon-containing product was observed, making this photocatalytic process an enticing possible solution for the reduction of carbon dioxide concentrations in the atmosphere while simultaneously producing methane for fuel and industrial use. Rhodium is commonly used in automobile catalytic converters.

Submission + - The race for autonomous cars is over. Silicon Valley lost. (autoblog.com)

schwit1 writes: Up until very recently the talk in Silicon Valley was about how the tech industry was going to broom Detroit into the dustbin of history. Companies such as Apple, Google, and Uber — so the thinking went -were going to out run, out gun, and out innovate the automakers. Today that talk is starting to fade. There's a dawning realization that maybe there's a good reason why the traditional car companies have been around for more than a century.

Last year Apple laid off most of the engineers it hired to design its own car. Google (now Waymo) stopped talking about making its own car. And Uber, despite its sky high market valuation, is still a long, long way from ever making any money, much less making its own autonomous cars.

To paraphrase Elon Musk, Silicon Valley is learning that "Making rockets is hard, but making cars is really hard." People outside of the auto industry tend to have a shallow understanding of how complex the business really is. They think all you have to do is design a car and start making it. But most startups never make it past the concept car stage because the move to mass production proves too daunting.

Comment Re: s/drug trials/climate change/g (Score 1) 320

Consider that the global average land+sea temperature for this month (February), averaged over the entire 20th century, was 12.1 C. In a chaotic system, one would expect a roughly equal probability of seeing a cooler temperature as a hotter one, individually or averaged, though the average of large numbers of readings are less likely to show outliers. Seasonal and other cyclical factors would skew temperatures one way for a while, then the other way, balancing out over time.

For 2015, the globally-averaged temperature for February was 0.86 C higher than that 20th century average. If that was a single reading, or a local average, that wouldn't be at all noteworthy. Even averaged across the entire globe for the month, it was merely the second-highest February recorded, next to 1998. Similarly for land-only average temperatures, though with larger variations.

But when you consider that 2015 was the 30th hotter-than-average February in a row, the odds shift dramatically. If there's a 50/50 chance that we would see a hotter-than-average February any given year, then there's 1 chance in 2^30 that we would get 30 hotter "heads" in a row - ridiculously improbable. There hasn't been a cooler-than-average February since 1985 - and February 2016 was even hotter, setting a new record at 1.21 C above the average. Clearly the global average temperature isn't stable, but is showing a long-term underlying rising trend, which makes the new highest-temperature-ever records not only more likely, but bound to happen eventually. (Incidentally, if you use yearly averages instead of just February, it's now been 38 years of above-average temperatures.)

So the existence of a rising temperature trend is virtually certain. Whether it's anthropic or caused by a hitherto-undiscovered long-term natural cycle is a separate discussion, but the probability of the former is very high indeed.

Comment Re: s/drug trials/climate change/g (Score 1) 320

You'd expect *occasional* records - and increasingly infrequently, as each new record would require an ever-more-unlikely combination of random variables, like flipping coins and getting a new record number of heads in a row.

What we're actually seeing today is a steady progression of new records, each slightly exceeding the record set only a few years earlier - so commonly that people like yourself are starting to dismiss this situation as "expected". It is absolutely *not* expected from a normal Gaussian distribution of chaotic variables - unless you add a rising trend underneath. Then a whole stream new records is no longer ridiculously improbable, but inevitable.

Submission + - Postgres Vision Announces Call for Papers

RaDag writes: Share your story about Postgres and innovation in open source data management at Postgres Vision, to be held June 26-28 in Boston. The deadline to submit is March 17, 2017. The call for papers seeks individual presentations and panel discussions for the open source community and developer tracks.
Practitioners are encouraged to submit proposals on such Postgres and related topics as successful enterprise deployments; data integration projects; cloud projects; best practices; continuous development and DevOps; development efforts with open source; and favorite features or capabilities. Click here for more details.

Submission + - Study Reveals Bot-On-Bot Editing Wars Raging On Wikipedia's Pages (theguardian.com)

An anonymous reader writes: A new study from computer scientists has found that the online encyclopedia is a battleground where silent wars have raged for years. Since Wikipedia launched in 2001, its millions of articles have been ranged over by software robots, or simply “bots," that are built to mend errors, add links to other pages, and perform other basic housekeeping tasks. In the early days, the bots were so rare they worked in isolation. But over time, the number deployed on the encyclopedia exploded with unexpected consequences. The more the bots came into contact with one another, the more they became locked in combat, undoing each other’s edits and changing the links they had added to other pages. Some conflicts only ended when one or other bot was taken out of action. The findings emerged from a study that looked at bot-on-bot conflict in the first ten years of Wikipedia’s existence. The researchers at Oxford and the Alan Turing Institute in London examined the editing histories of pages in 13 different language editions and recorded when bots undid other bots’ changes. While some conflicts mirrored those found in society, such as the best names to use for contested territories, others were more intriguing. Describing their research in a paper entitled Even Good Bots Fight in the journal Plos One, the scientists reveal that among the most contested articles were pages on former president of Pakistan Pervez Musharraf, the Arabic language, Niels Bohr and Arnold Schwarzenegger. One of the most intense battles played out between Xqbot and Darknessbot which fought over 3,629 different articles between 2009 and 2010. Over the period, Xqbot undid more than 2,000 edits made by Darknessbot, with Darknessbot retaliating by undoing more than 1,700 of Xqbot’s changes. The two clashed over pages on all sorts of topics, from Alexander of Greece and Banqiao district in Taiwan to Aston Villa football club.

Submission + - Autism Risk Linked to Herpes Infection During Pregnancy (neurosciencenews.com)

baalcat writes: Women with signs of active genital herpes had twice the odds of giving birth to offspring with autism spectrum disorder.

Women actively infected with genital herpes during early pregnancy had twice the odds of giving birth to a child later diagnosed with autism spectrum disorder (ASD), according to a study by scientists at the Center for Infection and Immunity at Columbia University’s Mailman School of Public Health and the Norwegian Institute of Public Health.

The study is the first to provide immunological evidence on the role of gestational infection in autism, reporting an association between maternal anti-herpes simplex virus-2 (HSV-2) antibodies and risk for ASD in offspring. Results appear in mSphere, a journal of the American Society for Microbiology.

Submission + - A.T.F. Filled Secret Bank Account With Millions From Shadowy Cigarette Sales (nytimes.com)

schwit1 writes: “Working from an office suite behind a Burger King in southern Virginia, operatives used a web of shadowy cigarette sales to funnel tens of millions of dollars into a secret bank account. They weren’t known smugglers, but rather agents from the Bureau of Alcohol, Tobacco, Firearms and Explosives. The operation, not authorized under Justice Department rules, gave agents an off-the-books way to finance undercover investigations and pay informants without the usual cumbersome paperwork and close oversight, according to court records and people close to the operation.”

Laws and rules are for the little people.

Submission + - First SHA1 Collision (googleblog.com)

ad454 writes: Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We've summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.

https://security.googleblog.co...

Submission + - Google has demonstrated a successful practical attack against SHA-1 (googleblog.com)

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Slashdot Top Deals

"May your future be limited only by your dreams." -- Christa McAuliffe

Working...