Per 1 juli 2018: Besluit digitale toegankelijkheid websites en apps overheid

In 2016 is een Europese richtlijn voor digitale toegankelijkheid in werking getreden. Nederland is verplicht om Europese richtlijnen om te zetten in nationale wetgeving. Deze richtlijn is omgezet in een Algemene Maatregel van Bestuur: het Tijdelijk besluit digitale toegankelijkheid overheid.Europese richtlijn digitale toegankelijkheidOp 22 december 2016 trad de EU-richtlijn voor de toegankelijkheid van websites en mobiele applicaties van overheidsinstanties in werking.De richtlijn verplicht lidstaten om te waarborgen dat digitale kanalen van organisaties in de publieke sector toegankelijk zijn. De verplichting geldt voor: websites; mobiele applicaties (apps); intranetten en extranetten die live gaan of substantieel aangepast worden na inwerkingtreding van de nieuwe regels.De richtlijn moet uiterlijk 23 september 2018 in nationale wetgeving zijn omgezet.

Source: Per 1 juli 2018: Besluit digitale toegankelijkheid | Beleid in Nederland | Digitoegankelijk.nl

Attacking Private Networks from the Internet with DNS Rebinding – Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home thermostats, eat your etherium coins and more.

The home WiFi network is a sacred place; your own local neighborhood of cyberspace. There we connect our phones, laptops, and “smart” devices to each other and to the Internet and in turn we improve our lives, or so we are told. By the late twenty teens, our local networks have become populated by a growing number of devices. From 📺 smart TVs and media players to 🗣 home assistants, 📹 security cameras, refrigerators, 🔒 door locks and🌡thermostats, our home networks are a haven for trusted personal and domestic devices.

Many of these devices offer limited or non-existent authentication to access and control their services. They inherently trust other machines on the network in the same way that you would inherently trust someone you’ve allowed into your home. They use protocols like Universal Plug and Play (UPnP) and HTTP to communicate freely between one another but are inherently protected from inbound connections from the Internet by means of their router’s firewall 🚫. They operate in a sort of walled garden, safe from external threat. Or so their developers probably thought.

Source: Attacking Private Networks from the Internet with DNS Rebinding

This is a good explanation of the attack including some POCs and test links

How your ethereum can be stolen through DNS rebinding

http://rebind.network/rebind/index.html

 

EU breaks internet, starts wholesale censorship for rich man copyright holders

The problems are huge, not least because the EU will implement an automated content filter, which means that memes will die, but also, if you have the money to spam the system with requests, you can basically kill any content you want with the actual content holder only having a marginal chance of navigating EU burocracy in order to regain ownership of their rights.

There goes free speech and innovation.

 

Source: COM_2016_0593_FIN.ENG.xhtml.1_EN_ACT_part1_v5.docx

AI Lab: Learn to Code with the Cutting-Edge Microsoft AI Platform

Among our exciting announcements at //Build, one of the things I was thrilled to launch is the AI Lab – a collection of AI projects designed to help developers explore, experience, learn about and code with the latest Microsoft AI Platform technologies.

What is AI Lab?

AI Lab helps our large fast-growing community of developers get started on AI. It currently houses five projects that showcase the latest in custom vision, attnGAN (more below), Visual Studio tools for AI, Cognitive Search, machine reading comprehension and more. Each lab gives you access to the experimentation playground, source code on GitHub, a crisp developer-friendly video, and insights into the underlying business problem and solution. One of the projects we highlighted at //Build was the search and rescue challenge which gave the opportunity to developers worldwide to use AI School resources to build and deploy their first AI model for a problem involving aerial drones.

Source: AI Lab: Learn to Code with the Cutting-Edge Microsoft AI Platform | Machine Learning Blog

New ‘e-dermis’ brings sense of touch, pain to prosthetic hands

a team of engineers at the Johns Hopkins University that has created an electronic skin. When layered on top of prosthetic hands, this e-dermis brings back a real sense of through the fingertips.

“After many years, I felt my hand, as if a hollow shell got filled with life again,” says the anonymous amputee who served as the team’s principal volunteer tester.

Made of fabric and rubber laced with sensors to mimic nerve endings, e-dermis recreates a sense of touch as well as pain by sensing stimuli and relaying the impulses back to the peripheral nerves.

“We’ve made a sensor that goes over the fingertips of a prosthetic hand and acts like your own skin would,” says Luke Osborn, a graduate student in biomedical engineering. “It’s inspired by what is happening in human biology, with receptors for both touch and pain.

“This is interesting and new,” Osborn said, “because now we can have a prosthetic hand that is already on the market and fit it with an e-dermis that can tell the wearer whether he or she is picking up something that is round or whether it has sharp points.”

% buffered00:00Current time01:31

Engineers at the Johns Hopkins University have created an electronic skin and aim to restore the sense of touch through the fingertips of prosthetic hands. Credit: Science Robotics/AAAS

The work—published June 20 in the journal Science Robotics – shows it is possible to restore a range of natural, touch-based feelings to amputees who use prosthetic limbs. The ability to detect pain could be useful, for instance, not only in but also in lower limb prostheses, alerting the user to potential damage to the device.

Source: New ‘e-dermis’ brings sense of touch, pain to prosthetic hands

Skynet for the win? AI hunts down secret testing of nuclear bombs

A group of scientists have built a neural network to sniff out any unusual nuclear activity. Researchers from the Pacific Northwest National Laboratory (PNNL), one of the United States Department of Energy national laboratories, decided to see if they could use deep learning to sort through the different nuclear decay events to identify any suspicious behavior.

The lab, buried beneath 81 feet of concrete, rock and earth, is blocked out from energy from cosmic rays, electronics and other sources. It means that the data collected is less noisy, making it easier to pinpoint unusual activity.

The system looks for electrons emitted and scattered from radioactive particles decaying, and monitor the abundance of argon-37, a radioactive isotope of argon-39 that is created synthetically through nuclear explosions.

Argon-37 which has a half-life of 35 days, is emitted when calcium captures excess neutrons and decays by emitting an alpha particle. Emily Mace, a scientist at PNNL, said she looks for the energy, timing, duration and other features of the decay events to see if it’s from nuclear testing.

“Some pulse shapes are difficult to interpret,” said Mace. “It can be challenging to differentiate between good and bad data.”

Deep learning makes that process easier. Computer scientists collected 32,000 pulses and annotated their properties, teaching the system to spot any odd features that might classify a signal as ‘good’ or ‘bad’.

“Signals can be well behaved or they can be poorly behaved,” said Jesse Ward. “For the network to learn about the good signals, it needs a decent amount of bad signals for comparison.” When the researchers tested their system with 50,000 pulses and asked human experts to differentiate signals, the neural network agreed with them 100 per cent of the time.

It also correctly identified 99.9 per cent of the pulses compared to 96.1 per cent from more conventional techniques.

Source: Skynet for the win? AI hunts down secret testing of nuclear bombs • The Register

Red Shell packaged games (Civ VI, Total War, ESO, KSP and more) contain a spyware which tracks your Internet activity outside of the game

Red shell is a Spyware that tracks data of your PC and shares it with 3rd parties. On their website they formulate it all in very harmless language, but the fact is that this is software from someone i don’t trust and whom i never invited, which is looking at my data and running on my pc against my will. This should have no place in a full price PC game, and in no games if it were up to me.

I make this thread to raise awareness of these user unfriendly marketing practices and data mining software that are common on the mobile market, and which are flooding over to our PC Games market. As a person and a gamer i refuse to be data mined. My data is my own and you have no business making money of it.

The announcement yesterday was only from “Holy Potatoes! We’re in Space?!”, but i would consider all their games as on risk to contain that spyware if they choose to include it again, with or without announcement. Also the Publisher of this one title is Daedalic Entertainment, while the others are self published. I would think it could be interesting to check if other Daedalic Entertainment Games have that spyware in it as well. I had no time to do that.

Reddit [PSA] RED SHELL Spyware – “Holy Potatoes! We’re in Space?!” integrated and removed it after complaints

and
[PSA] Civ VI, Total War, ESO, KSP and more contain a spyware which tracks your Internet activity outside of the game (x-post r/Steam)

Addresses to block:
redshell.io
api.redshell.io
treasuredata.com
api.treasuredata.com

Hackers steal $30m from top Seoul bithumb exchange

Hackers stole more than $30 million worth of cryptocurrencies from South Korea’s top bitcoin exchange, sending the unit’s price falling around the world on Wednesday.

The virtual currency was priced at $6,442 dollars late afternoon in Seoul, down about 4.4 percent from 24 hours earlier, after the latest attack on Bithumb raised concerns over cryptocurrency security.

Hyper-wired South Korea has emerged as a hotbed of trading in virtual units, at one point accounting for some 20 percent of global bitcoin transactions—about 10 times the country’s share of the global economy.

Bithumb, which has more than 1 million customers, is the largest virtual exchange in the South.

“It has been confirmed that virtual currencies worth 35 billion won ($32 million) was stolen through late night yesterday (Tuesday) to early morning today,” the exchange said in a statement.

All deposits and withdrawals were suspended indefinitely to “ensure security”, it said, adding the losses would be covered from the firm’s own reserves.

It was the second major attack on South Korean exchanges in just 10 days, after hackers stole 40 billion won from Seoul-based Coinrail, which suspended withdrawal and deposits services since then.

Read more at: https://phys.org/news/2018-06-hackers-30m-seoul-bitcoin-exchange.html#jCp

Source: Hackers steal $30m from top Seoul bitcoin exchange

IBM AI Project Debater scores 1 – 1 vs man in 2 debates

The AI, called Project Debater, appeared on stage in a packed conference room at IBM’s San Francisco office embodied in a 6ft tall black panel with a blue, animated “mouth”. It was a looming presence alongside the human debaters Noa Ovadia and Dan Zafrir, who stood behind a podium nearby.

Although the machine stumbled at many points, the unprecedented event offered a glimpse into how computers are learning to grapple with the messy, unstructured world of human decision-making.

For each of the two short debates, participants had to prepare a four-minute opening statement, followed by a four-minute rebuttal and a two-minute summary. The opening debate topic was “we should subsidize space exploration”, followed by “we should increase the use of telemedicine”.

In both debates, the audience voted Project Debater to be worse at delivery but better in terms of the amount of information it conveyed. And in spite of several robotic slip-ups, the audience voted the AI to be more persuasive (in terms of changing the audience’s position) than its human opponent, Zafrir, in the second debate.

It’s worth noting, however, that there were many members of IBM staff in the room and they may have been rooting for their creation.

IBM hopes the research will eventually enable a more sophisticated virtual assistant that can absorb massive and diverse sets of information to help build persuasive arguments and make well-informed decisions – as opposed to merely responding to simple questions and commands.

Project Debater was a showcase of IBM’s ability to process very large data sets, including millions of news articles across dozens of subjects, and then turn snippets of arguments into full flowing prose – a challenging task for a computer.

[…]

Once an AI is capable of persuasive arguments, it can be applied as a tool to aid human decision-making.

“We believe there’s massive potential for good in artificial intelligence that can understand us humans,” said Arvind Krishna, director of IBM Research.

One example of this might be corporate boardroom decisions, where there are lots of conflicting points of view. The AI system could, without emotion, listen to the conversation, take all of the evidence and arguments into account and challenge the reasoning of humans where necessary.

“This can increase the level of evidence-based decision-making,” said Reed, adding that the same system could be used for intelligence analysis in counter-terrorism, for example identifying if a particular individual represents a threat.

In both cases, the machine wouldn’t make the decision but would contribute to the discussion and act as another voice at the table.

Source: Man 1, machine 1: landmark debate between AI and humans ends in draw | Technology | The Guardian

Essentially, Project Debater assigns a confidence score to every piece of information it understands. As in: how confident is the system that it actually understands the content of what’s being discussed? “If it’s confident that it got that point right, if it really believes it understands what that opponent was saying, it’s going to try to make a very strong argument against that point specifically,” Welser explains.

”If it’s less confident,” he says, “it’ll do it’s best to make an argument that’ll be convincing as an argument even if it doesn’t exactly answer that point. Which is exactly what a human does too, sometimes.”

So: the human says that government should have specific criteria surrounding basic human needs to justify subsidization. Project Debater responds that space is awesome and good for the economy. A human might choose that tactic as a sneaky way to avoid debating on the wrong terms. Project Debater had different motivations in its algorithms, but not that different.

The point of this experiment wasn’t to make me think that I couldn’t trust that a computer is arguing in good faith — though it very much did that. No, the point is that IBM showing off that it can train AI in new areas of research that could eventually be useful in real, practical contexts.

The first is parsing a lot of information in a decision-making context. The same technology that can read a corpus of data and come up with a bunch of pros and cons for a debate could be (and has been) used to decide whether or not a stock might be worth investing in. IBM’s system didn’t make the value judgement, but it did provide a bunch of information to the bank showing both sides of a debate about the stock.

As for the debating part, Welser says that it “helps us understand how language is used,” by teaching a system to work in a rhetorical context that’s more nuanced than the usual Hey Google give me this piece of information and turn off my lights. Perhaps it might someday help a lawyer structure their arguments, “not that Project Debater would make a very good lawyer,” he joked. Another IBM researcher suggested that this technology could help judge fake news.

How close is this to being something IBM turns into a product? “This is still a research level project,” Welser says, though “the technologies underneath it right now” are already beginning to be used in IBM projects.

https://www.theverge.com/2018/6/18/17477686/ibm-project-debater-ai

The system listened to four minutes of its human opponent’s opening remarks, then parsed that data and created an argument that highlighted and attempted to debunk information shared by the opposing side. That’s incredibly impressive because it has to understand not only the words but the context of those words. Parroting back Wikipedia entries is easy, taking data and creating a narrative that’s based not only on raw data but also takes into account what it’s just heard? That’s tough.

In a world where emotion and bias colors all our decisions, Project Debater could help companies and governments see through the noise of our life experiences and produce mostly impartial conclusions. Of course, the data set it pulls from is based on what humans have written and those will have their own biases and emotion.

While the goal is an unbiased machine, during the discourse Project Debate wasn’t completely sterile. Amid its rebuttal against debater Dan Zafrir, while they argued about telemedicine expansion, the system stated that Zafrir had not told the truth during his opening statement about the increase in the use of telemedicine. In other words, it called him a liar.

When asked about the statement, Slonim said that the system has a confidence threshold during rebuttals. If it’s feeling very confident it creates a more complex statement. If it’s feeling less confident, the statement is less impressive.

https://www.engadget.com/2018/06/18/ibm-s-project-debater-is-an-ai-thats-ready-to-argue/?guccounter=1

IBM site

https://www.research.ibm.com/artificial-intelligence/project-debater/

Here’s some phish-AI research: Machine-learning code crafts phishing URLs that dodge auto-detection

An artificially intelligent system has been demonstrated generating URLs for phishing websites that appear to evade detection by security tools.

Essentially, the software can come up with URLs for webpages that masquerade as legit login pages for real websites, when in actual fact, the webpages simply collect the entered username and passwords to later hijack accounts.

Blacklists and algorithms – intelligent or otherwise – can be used to automatically identify and block links to phishing pages. Humans should be able to spot that the web links are dodgy, but not everyone is so savvy.

Using the Phishtank database, a group of computer scientists from Cyxtera Technologies, a cybersecurity biz based in Florida, USA, have built <a target=”_blank” rel=”nofollow” href=”“>DeepPhish, which is machine-learning software that, allegedly, generates phishing URLs that beat these defense mechanisms.

[…]

The team inspected more than a million URLs on Phishtank to identify three different phishing miscreants who had generated webpages to steal people’s credentials. The team fed these web addresses into AI-based phishing detection algorithm to measure how effective the URLs were at bypassing the system.

The first scumbag of the trio used 1,007 attack URLs, and only 7 were effective at avoiding setting off alarms, across 106 domains, making it successful only 0.69 per cent of the time. The second one had 102 malicious web addresses, across 19 domains. Only five of them bypassed the threat detection algorithm and it was effective 4.91 per cent of the time.

Next, they fed this information into a Long-Short Term Memory network (LSTM) to learn the general structure and extract features from the malicious URLs – for example the second threat actor commonly used “tdcanadatrustindex.html” in its address.

All the text from effective URLs were taken to create sentences and encoded into a vector and fed into the LSTM, where it is trained to predict the next character given the previous one.

Over time it learns to generate a stream of text to simulate a list of pseudo URLs that are similar to the ones used as input. When DeepPhish was trained on data from the first threat actor, it also managed to create 1,007 URLs, and 210 of them were effective at evading detection, bumping up the score from 0.69 per cent to 20.90 per cent.

When it was following the structure from the second threat actor, it also produced 102 fake URLs and 37 of them were successful, increasing the likelihood of tricking the existent defense mechanism from 4.91 per cent to 36.28 per cent.

The effectiveness rate isn’t very high as a lot of what comes out the LSTM is effective gibberish, containing strings of forbidden characters.

“It is important to automate the process of retraining the AI phishing detection system by incorporating the new synthetic URLs that each threat actor may create,” the researchers warned. ®

Source: Here’s some phish-AI research: Machine-learning code crafts phishing URLs that dodge auto-detection • The Register

EU sets up High-Level Group on Artificial Intelligence

Following an open selection process, the Commission has appointed 52 experts to a new High-Level Expert Group on Artificial Intelligence, comprising representatives from academia, civil society, as well as industry.

The High-Level Expert Group on Artificial Intelligence (AI HLG) will have as a general objective to support the implementation of the European strategy on AI. This will include the elaboration of recommendations on future AI-related policy development and on ethical, legal and societal issues related to AI, including socio-economic challenges.

Moreover, the AI HLG will serve as the steering group for the European AI Alliance’s work, interact with other initiatives, help stimulate a multi-stakeholder dialogue, gather participants’ views and reflect them in its analysis and reports.

In particular, the group will be tasked to:

  1. Advise the Commission on next steps addressing AI-related mid to long-term challenges and opportunities through recommendations which will feed into the policy development process, the legislative evaluation process and the development of a next-generation digital strategy.
  2. Propose to the Commission draft AI ethics guidelines, covering issues such as fairness, safety, transparency, the future of work, democracy and more broadly the impact on the application of the Charter of Fundamental Rights, including privacy and personal data protection, dignity, consumer protection and non-discrimination
  3. Support the Commission on further engagement and outreach mechanisms to interact with a broader set of stakeholders in the context of the AI Alliance, share information and gather their input on the group’s and the Commission’s work.

Source: High-Level Group on Artificial Intelligence | Digital Single Market

Significant Vulnerabilities in Axis Cameras – patch now!

One of the vendors for which we found vulnerable devices was Axis Communications. Our team discovered a critical chain of vulnerabilities in Axis security cameras. The vulnerabilities allow an adversary that obtained the camera’s IP address to remotely take over the cameras (via LAN or internet). In total, VDOO has responsibly disclosed seven vulnerabilities to Axis security team.

The vulnerabilities’ IDs in Mitre are: CVE-2018-10658CVE-2018-10659CVE-2018-10660CVE-2018-10661CVE-2018-10662CVE-2018-10663 and CVE-2018-10664.

Chaining three of the reported vulnerabilities together, allows an unauthenticated remote attacker that has access to the camera login page through the network (without any previous access to the camera or credentials to the camera) to fully control the affected camera. An attacker with such control could do the following:

  • Access to camera’s video stream
  • Freeze the camera’s video stream
  • Control the camera – move the lens to a desired point, turn motion detection on/off
  • Add the camera to a botnet
  • Alter the camera’s software
  • Use the camera as an infiltration point for network (performing lateral movement)
  • Render the camera useless
  • Use the camera to perform other nefarious tasks (DDoS attacks, Bitcoin mining, others)

The vulnerable products include 390 models of Axis IP Cameras. The full list of affected products can be found here. Axis uses the ACV-128401 identifier for relating to the issues we discovered.

To the best of our knowledge, these vulnerabilities were not exploited in the field, and therefore, did not lead to any concrete privacy violation or security threat to Axis’s customers.

We strongly recommend Axis customers who did not update their camera’s firmware to do so immediately or mitigate the risks in alternative ways. See instructions in FAQ section below.

We also recommend that other camera vendors follow our recommendations at the end of this report to avoid and mitigate similar threats.

Source: VDOO Discovers Significant Vulnerabilities in Axis Cameras – VDOO

Transforming Standard Video Into Slow Motion with AI

Researchers from NVIDIA developed a deep learning-based system that can produce high-quality slow-motion videos from a 30-frame-per-second video, outperforming various state-of-the-art methods that aim to do the same. The researchers will present their work at the annual Computer Vision and Pattern Recognition (CVPR) conference in Salt Lake City, Utah this week. 

“There are many memorable moments in your life that you might want to record with a camera in slow-motion because they are hard to see clearly with your eyes: the first time a baby walks, a difficult skateboard trick, a dog catching a ball,” the researchers wrote in the research paper.  “While it is possible to take 240-frame-per-second videos with a cell phone, recording everything at high frame rates is impractical, as it requires large memories and is power-intensive for mobile devices,” the team explained.

With this new research, users can slow down their recordings after taking them.

Using NVIDIA Tesla V100 GPUs and cuDNN-accelerated PyTorch deep learning framework the team trained their system on over 11,000 videos of everyday and sports activities shot at 240 frames-per-second. Once trained, the convolutional neural network predicted the extra frames.

The team used a separate dataset to validate the accuracy of their system.

The result can make videos shot at a lower frame rate look more fluid and less blurry.

“Our method can generate multiple intermediate frames that are spatially and temporally coherent,” the researchers said. “Our multi-frame approach consistently outperforms state-of-the-art single frame methods.”

To help demonstrate the research, the team took a series of clips from The Slow Mo Guys, a popular slow-motion based science and technology entertainment YouTube series created by Gavin Free, starring himself and his friend Daniel Gruchy, and made their videos even slower.

The method can take everyday videos of life’s most precious moments and slow them down to look like your favorite cinematic slow-motion scenes, adding suspense, emphasis, and anticipation.

Source: Transforming Standard Video Into Slow Motion with AI – NVIDIA Developer News CenterNVIDIA Developer News Center

Paper straw factory to open in Britain as restaurants ditch plastic

No paper straws have been made in Britain for the last several decades. But that is about to change as a group of packaging industry veterans prepare to open a dedicated paper straw production line in Ebbw Vale, Wales, making hundreds of millions of straws a year for McDonald’s and other food companies as they prepare for a ban on plastic straws in the UK.

“We spotted a huge opportunity, and we went for it,” said Mark Varney, sales and marketing director of the newly created paper straw manufacturer Transcend Packaging. “When the BBC’s Blue Planet II was on the telly and the government started talking about the dangers of plastic straws, we saw a niche in the market.”

Varney and his business partners, all stalwarts of the packaging industry, watched as chains including Costa Coffee, Wetherspoons and Pizza Express announced plans to phase out plastic straws in favour of biodegradable paper.

“It is great that all these businesses are phasing out plastic straws, but the problem for them was where to get paper ones from,” Varney said. “Everyone is having to import them from China, and when you look at the carbon footprint of that it kind of defeats the exercise.”

So Varney and his partners set about opening what they reckon will be the only paper straw production plant in Europe. “We set up this company to give the the customers what they actually want: biodegradable paper straws made in the UK,” he said.

Transcend signed a deal last week to supply straws to 1,361 McDonald’s outlets from September. The deal was agreed before Transcend has made its first straw as the company is waiting on delivery of machines from China. McDonald’s uses 1.8m straws a day in the UK. The Northern Irish factory of the Finnish packaging company Huhtamaki will also supply McDonald’s but is understood to not yet have paper straw production capabilities.

Source: Paper straw factory to open in Britain as restaurants ditch plastic | Business | The Guardian

Climate Change Can Be Reversed by Turning Air Into Gasoline

A team of scientists from Harvard University and the company Carbon Engineering announced on Thursday that they have found a method to cheaply and directly pull carbon-dioxide pollution out of the atmosphere.

[…]

the new technique is noteworthy because it promises to remove carbon dioxide cheaply. As recently as 2011, a panel of experts estimated that it would cost at least $600 to remove a metric ton of carbon dioxide from the atmosphere.

The new paper says it can remove the same ton for as little as $94, and for no more than $232. At those rates, it would cost between $1 and $2.50 to remove the carbon dioxide released by burning a gallon of gasoline in a modern car.

[…]

Their technique, while chemically complicated, does not rely on unprecedented science. In effect, Keith and his colleagues have grafted a cooling tower onto a paper mill. It has three major steps.

First, outside air is sucked into the factory’s “contactors” and exposed to an alkaline liquid. These contactors resemble industrial cooling towers: They have large fans to inhale air from the outside world, and they’re lined with corrugated plastic structures that allow as much air as possible to come into contact with the liquid. In a cooling tower, the air is meant to cool the liquid; but in this design, the air is meant to come into contact with the strong base. “CO2 is a weak acid, so it wants to be in the base,” said Keith.

Second, the now-watery liquid (containing carbon dioxide) is brought into the factory, where it undergoes a series of chemical reactions to separate the base from the acid. The liquid is frozen into solid pellets, slowly heated, and converted into a slurry. Again, these techniques have been borrowed from elsewhere in chemical industry: “Taking CO2 out of a carbonate solution is what almost every paper mill in the world does,” Keith told me.

Finally, the carbon dioxide is combined with hydrogen and converted into liquid fuels, including gasoline, diesel, and jet fuel. This is in some ways the most conventional aspect of the process: Oil companies convert hydrocarbon gases into liquid fuels every day, using a set of chemical reactions called the Fischer-Tropsch process. But it’s key to Carbon Engineering’s business: It means the company can produce carbon-neutral hydrocarbons.

What does that mean? Consider an example: If you were to burn Carbon Engineering’s gas in your car, you would release carbon-dioxide pollution out of your tailpipe and into Earth’s atmosphere. But as this carbon dioxide came from the air in the first place, these emissions would not introduce any new CO2 to the atmosphere. Nor would any new oil have to be mined to power your car.

Source: Climate Change Can Be Reversed by Turning Air Into Gasoline – The Atlantic

Customer Rewards get a lot weirder if you think of them as seperate transactions

Source: xkcd: Customer Rewards

Giant African baobab trees die suddenly after thousands of years

Some of Africa’s oldest and biggest baobab trees have abruptly died, wholly or in part, in the past decade, according to researchers.

The trees, aged between 1,100 and 2,500 years and in some cases as wide as a bus is long, may have fallen victim to climate change, the team speculated.

“We report that nine of the 13 oldest … individuals have died, or at least their oldest parts/stems have collapsed and died, over the past 12 years,” they wrote in the scientific journal Nature Plants, describing “an event of an unprecedented magnitude”.

“It is definitely shocking and dramatic to experience during our lifetime the demise of so many trees with millennial ages,” said the study’s co-author Adrian Patrut of the Babeș-Bolyai University in Romania.

Among the nine were four of the largest African baobabs. While the cause of the die-off remains unclear, the researchers “suspect that the demise of monumental baobabs may be associated at least in part with significant modifications of climate conditions that affect southern Africa in particular”.

Further research is needed, said the team from Romania, South Africa and the United States, “to support or refute this supposition”.

Between 2005 and 2017, the researchers probed and dated “practically all known very large and potentially old” African baobabs – more than 60 individuals in all. Collating data on girth, height, wood volume and age, they noted the “unexpected and intriguing fact” that most of the very oldest and biggest trees died during the study period. All were in southern Africa – Zimbabwe, Namibia, South Africa, Botswana, and Zambia.

The baobab is the biggest and longest-living flowering tree, according to the research team. It is found naturally in Africa’s savannah region and outside the continent in tropical areas to which it was introduced. It is a strange-looking plant, with branches resembling gnarled roots reaching for the sky, giving it an upside-down look.

Source: Giant African baobab trees die suddenly after thousands of years | World news | The Guardian

A.I. Can Track Human Bodies Through Walls Now, With Just a Wifi Signal

A new piece of software has been trained to use wifi signals — which pass through walls, but bounce off living tissue — to monitor the movements, breathing, and heartbeats of humans on the other side of those walls. The researchers say this new tech’s promise lies in areas like remote healthcare, particularly elder care, but it’s hard to ignore slightly more dystopian applications.

[…]

“We actually are tracking 14 different joints on the body … the head, the neck, the shoulders, the elbows, the wrists, the hips, the knees, and the feet,” Katabi said. “So you can get the full stick-figure that is dynamically moving with the individuals that are obstructed from you — and that’s something new that was not possible before.”

RF-Pose A.I. using turning machine learning and a wifi signal into X-ray vision
An animation created by the RF-Pose software as it translates a wifi signal into a visual of human motion behind a wall.

The technology works a little bit like radar, but to teach their neural network how to interpret these granular bits of human activity, the team at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) had to create two separate A.I.s: a student and a teacher.

[…]

the team developed one A.I. program that monitored human movements with a camera, on one side of a wall, and fed that information to their wifi X-ray A.I., called RF-Pose, as it struggled to make sense of the radio waves passing through that wall on the other side.

 

Source: A.I. Can Track Human Bodies Through Walls Now, With Just a Wifi Signal | Inverse

A machine has figured out Rubik’s Cube all by itself – using a reverse technique called autodictic iteration

In these scenarios, a deep-learning machine is given the rules of the game and then plays against itself. Crucially, it is rewarded at each step according to how it performs. This reward process is hugely important because it helps the machine to distinguish good play from bad play. In other words, it helps the machine learn.

But this doesn’t work in many real-world situations, because rewards are often rare or hard to determine.

For example, random turns of a Rubik’s Cube cannot easily be rewarded, since it is hard to judge whether the new configuration is any closer to a solution. And a sequence of random turns can go on for a long time without reaching a solution, so the end-state reward can only be offered rarely.

In chess, by contrast, there is a relatively large search space but each move can be evaluated and rewarded accordingly. That just isn’t the case for the Rubik’s Cube.

Enter Stephen McAleer and colleagues from the University of California, Irvine. These guys have pioneered a new kind of deep-learning technique, called “autodidactic iteration,” that can teach itself to solve a Rubik’s Cube with no human assistance. The trick that McAleer and co have mastered is to find a way for the machine to create its own system of rewards.

Here’s how it works. Given an unsolved cube, the machine must decide whether a specific move is an improvement on the existing configuration. To do this, it must be able to evaluate the move.

Autodidactic iteration does this by starting with the finished cube and working backwards to find a configuration that is similar to the proposed move. This process is not perfect, but deep learning helps the system figure out which moves are generally better than others.

Having been trained, the network then uses a standard search tree to hunt for suggested moves for each configuration.

The result is an algorithm that performs remarkably well. “Our algorithm is able to solve 100% of randomly scrambled cubes while achieving a median solve length of 30 moves—less than or equal to solvers that employ human domain knowledge,” say McAleer and co.

That’s interesting because it has implications for a variety of other tasks that deep learning has struggled with, including puzzles like Sokoban, games like Montezuma’s Revenge, and problems like prime number factorization.

Indeed, McAleer and co have other goals in their sights: “We are working on extending this method to find approximate solutions to other combinatorial optimization problems such as prediction of protein tertiary structure.”

Source: A machine has figured out Rubik’s Cube all by itself – MIT Technology Review

Bitcoin Price: ‘Bloody Sunday’ Not Caused by Coinrail Hack

As CCN reported, the little-known Coinrail became the latest cryptocurrency exchange to fall prey to hackers, who are said to have made off with approximately $40 million worth of tokens, a fairly pedestrian figure relative to some of the hacks seen over the years.

Later that day, the bitcoin price began to careen downwards, taking every other major cryptocurrency with it. This led some observers to draw the conclusion that the two events were linked.

Writing in market commentary made available to CCN, Greenspan said that “there is absolutely no reason why this smash and grab job at a local boutique should have sent bitcoin down by $1,000.”

While the bitcoin price did experience a small decline in the immediate aftermath of the report that an exchange had been hacked, Greenspan noted that the bulk of the decline came more than 15 hours later and that the scale of the pullback was entirely disproportionate to both the size of the hack and Coinrail’s significance in the cryptocurrency ecosystem.

bitcoin price
The bitcoin price declined after the Coinrail hack was first reported (circled), but the major drop occurred more than 15 hours later. | Source: eToro

He argued that the decline was instead a technical correction, as most of it occurred immediately after the bitcoin price broke beneath its long-term trendline and moved closer to two key support levels.

“Though the CoinRail hack may have set us off-track, I don’t think that this will have very significant ramifications in the long run,” he said. “The industry has certainly seen much bigger hacks before and other than a technical price level, this doesn’t change much for the path of the industry over the next five years.”

Source: Bitcoin Price: ‘Bloody Sunday’ Not Caused by Coinrail Hack

Hackers Stole Over $20 Million From Misconfigured Ethereum Clients

A group of hackers has stolen over $20 million worth of Ethereum from Ethereum-based apps and mining rigs, Chinese cyber-security firm Qihoo 360 Netlab reported today.

The cause of these thefts is Ethereum software applications that have been configured to expose an RPC [Remote Procedure Call] interface on port 8545.

The purpose of this interface is to provide access to a programmatic API that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service —such as a mineror wallet application that users or companies have set up for mining or managing funds.

Because of its role, this RPC interface grants access to some pretty sensitive functions, allowing a third-party app the ability to retrieve private keys, move funds, or retrieve the owner’s personal details.

As such, this interface comes disabled by default in most apps, and is usually accompanied by a warning from the original app’s developers not to turn it on unless properly secured by an access control list (ACL), a firewall, or other authentication systems.

Almost all Ethereum-based software comes with an RPC interface nowadays, and in most cases, even when turned on, they are appropriately configured to listen to requests only via the local interface (127.0.0.1), meaning from apps running on the same machine as the original mining/wallet app that exposes the RPC interface.

Some users don’t like to read the documentation

But across the years, developers have been known to tinker with their Ethereum apps, sometimes without knowing what they are doing.

This isn’t a new issue. Months after its launch, the Ethereum Project sent out an official security advisory to warn that some of the users of the geth Ethereum mining software were running mining rigs with this interface open to remote connections, allowing attackers to steal their funds.

But despite the warning from the official Ethereum devs, users have continued to misconfigure their Ethereum clients across the years, and many have reported losing funds out of the blue, but which were later traced back to exposed RPC interfaces.

Source: Hackers Stole Over $20 Million From Misconfigured Ethereum Clients

Blockchain’s Once-Feared 51% Attack Is Now Becoming Regular among smaller coins

Monacoin, bitcoin gold, zencash, verge and now, litecoin cash.

At least five cryptocurrencies have recently been hit with an attack that used to be more theoretical than actual, all in the last month. In each case, attackers have been able to amass enough computing power to compromise these smaller networks, rearrange their transactions and abscond with millions of dollars in an effort that’s perhaps the crypto equivalent of a bank heist.

More surprising, though, may be that so-called 51% attacks are a well-known and dangerous cryptocurrency attack vector.

While there have been some instances of such attacks working successfully in the past, they haven’t exactly been all that common. They’ve been so rare, some technologists have gone as far as to argue miners on certain larger blockchains would never fall victim to one. The age-old (in crypto time) argument? It’s too costly and they wouldn’t get all that much money out of it.

But that doesn’t seem to be the case anymore.

NYU computer science researcher Joseph Bonneau released research last year featuring estimates of how much money it would cost to execute these attacks on top blockchains by simply renting power, rather than buying all the equipment.

One conclusion he drew? These attacks were likely to increase. And, it turns out he was right.

“Generally, the community thought this was a distant threat. I thought it was much less distant and have been trying to warn of the risk,” he told CoinDesk, adding:

“Even I didn’t think it would start happening this soon.”

Inside the attacks

Stepping back, cryptocurrencies aim to solve a long-standing computer science issue called the “double spend problem.”

Essentially, without creating an incentive for computers to monitor and prevent bad behavior, messaging networks were unable to act as money systems. In short, they couldn’t prevent someone from spending the same piece of data five or even 1,000 times at once (without trusting a third party to do all the dirty work).

That’s the entire reason they work as they do, with miners (a term that denotes the machines necessary to run blockchain software) consuming electricity and making sure no one’s money is getting stolen.

To make money using this attack vector, hackers need a few pieces to be in place. For one, an attacker can’t do anything they want when they’ve racked up a majority of the hashing power. But they are able to double spend transactions under certain conditions.

It wouldn’t make sense to amass all this expensive hashing power to double spend a $3 transaction on a cup of coffee. An attacker will only benefit from this investment if they’re able to steal thousands or even millions of dollars.

As such, hackers have found various clever ways of making sure the conditions are just right to make them extra money. That’s why attackers of monacoin, bitcoin gold, zencash and litecoin cash have all targeted exchanges holding millions in cryptocurrency.

By amassing more than half of the network’s hashing power, the bitcoin gold attacker was able to double spend two very expensive transactions sent to an exchange.

Through three successful attacks of zencash (a lesser-known cryptocurrency that’s a fork of a fork of privacy-minded Zcash), the attacker was able to run off with about more than 21,000 zen (the zencash token) worth well over $500,000 at the time of writing.

Though, the attack on verge was a bit different since the attacker exploited insecure rules to confuse the network into giving him or her money. Though, it’s clear the attacks targeted verge’s lower protocol layer, researchers are debating whether they technically constitute 51% attacks.

Small coins at risk

But, if these attacks were uncommon for such a long time, why are we suddenly seeing a burst of them?

In conversation with CoinDesk, researchers argued there isn’t a single, clear reason. Rather, there a number of factors that likely contributed. For example, it’s no coincidence smaller coins are the ones being attacked. Since they have attracted fewer miners, it’s easier to buy (or rent) the computing power necessary needed to build up a majority share of the network.

Further, zencash co-creator Rob Viglione argued the rise of mining marketplaces, where users can effectively rent mining hardware without buying it, setting it up and running it, has made it easier, since attackers can use it to easily buy up a ton of mining power all at once, without having to spend the time or money to set up their own miners.

Meanwhile, it’s grown easier to execute attacks as these marketplaces have amassed more hashing power.

“Hackers are now realizing it can be used to attack networks,” he said.

As a data point for this, someone even erected a website Crypto51 showing how expensive it is to 51% attack various blockchains using a mining marketplace (in this instance, one called NiceHash). Attacking bytecoin, for example, might cost as little as $719 to attack using rented computing power.

“If your savings are in a coin, or anything else, that costs less than $1 million a day to attack, you should reconsider what you are doing,” tweeted Cornell professor Emin Gün Sirer.

On the other hand, larger cryptocurrencies such as bitcoin and ethereum are harder to 51% attack because they’re much larger, requiring more hashing power than NiceHash has available.

“Bitcoin is too big and there isn’t enough spare bitcoin mining capacity sitting around to pull off the attack,” Bonneau told CoinDesk.

Source: Blockchain’s Once-Feared 51% Attack Is Now Becoming Regular – Telegraph

EU Copyright law could put end to net memes

Memes, remixes and other user-generated content could disappear online if the EU’s proposed rules on copyright become law, warn experts.

Digital rights groups are campaigning against the Copyright Directive, which the European Parliament will vote on later this month.

The legislation aims to protect rights-holders in the internet age.

But critics say it misunderstands the way people engage with web content and risks excessive censorship.

The Copyright Directive is an attempt to reshape copyright for the internet, in particular rebalancing the relationship between copyright holders and online platforms.

Article 13 states that platform providers should “take measures to ensure the functioning of agreements concluded with rights-holders for the use of their works”.

Critics say this will, in effect, require all internet platforms to filter all content put online by users, which many believe would be an excessive restriction on free speech.

There is also concern that the proposals will rely on algorithms that will be programmed to “play safe” and delete anything that creates a risk for the platform.

A campaign against Article 13 – Copyright 4 Creativity – said that the proposals could “destroy the internet as we know it”.

“Should Article 13 of the Copyright Directive be adopted, it will impose widespread censorship of all the content you share online,” it said.

It is urging users to write to their MEP ahead of the vote on 20 June.

Jim Killock, executive director of the UK’s Open Rights Group, told the BBC: “Article 13 will create a ‘Robo-copyright’ regime, where machines zap anything they identify as breaking copyright rules, despite legal bans on laws that require ‘general monitoring’ of users to protect their privacy.

“Unfortunately, while machines can spot duplicate uploads of Beyonce songs, they can’t spot parodies, understand memes that use copyright images, or make any kind of cultural judgement about what creative people are doing. We see this all too often on YouTube already.

Source: Copyright law could put end to net memes – BBC News

Cisco Removes Backdoor Account, Fourth in the Last Four Months

For the fourth time in as many months, Cisco has removed hardcoded credentials that were left inside one of its products, which an attacker could have exploited to gain access to devices and inherently to customer networks.

This time around, the hardcoded password was found in Cisco’s Wide Area Application Services (WAAS), which is a software package that runs on Cisco hardware that can optimize WAN traffic management.

Harcoded SNMP community string

This backdoor mechanism (CVE-2018-0329) was in the form of a hardcoded, read-only SNMP community string in the configuration file of the SNMP daemon.

[…]

The string came to light by accident, while security researcher Aaron Blair from RIoT Solutions was researching another WaaS vulnerability (CVE-2018-0352).

This second vulnerability was a privilege escalation in the WaaS disk check tool that allowed Blair to elevate his account’s access level from “admin” to “root.” Normally, Cisco users are permitted only admin access. The root user level grants access to the underlying OS files and is typically reserved only for Cisco engineers.

By using his newly granted root-level access, Blair says he was able to spot the hidden SNMP community string inside the /etc/snmp/snmpd.conf file.

“This string can not be discovered or disabled without access to the root filesystem, which regular administrative users do not have under normal circumstances,” Blair says.

Source: Cisco Removes Backdoor Account, Fourth in the Last Four Months

The first 3D printed houses will be built in the Netherlands this year

The city of Eindhoven soon hopes to boast the world’s first commercially-developed 3D-printed homes, an endeavor known as Project Milestone.

Artist's rendering of 3D printed home neighborhood.
Artist’s rendering of 3D printed home neighborhood. (3dprintedhouse.nl)

Construction on the first home begins this year and five houses will be on the rental market by 2019, project organizers say. Within a week of releasing images of the new homes, 20 families expressed interest in dwelling in these postmodern pods, according to the project website.

“The first aim of the project is to build five great houses that are comfortable to live in and will have happy occupants,” developers say. Beyond that, they hope to promote 3D concrete printing science and technology so that printed housing “will soon be a reality that is widely adopted.”

3D printed concrete.
3D printed concrete. (3dprintedhouses.nl)

The “printer” in this case is a big robotic arm that will shape cement of a light, whipped-cream consistency, based on an architect’s design. The cement is layered for strength.

Source: The first 3D printed houses will be built in the Netherlands this year — Quartz

 
Skip to toolbar