Story 2014-07-22

Tails Distro update fails to address serious zero-day vulnerabilities

by
Anonymous Coward
in security on (#3RJ)
story imageThe Tails Linux distro gained a lot of publicity when Edward Snowden noted it as his operating system of choice. But while TAILS goes to great pains to ensure maximum anonymity when using online services, it is not impenetrable. In fact, the software's design is seriously flawed, says Loc Nguyen, a researcher at Exodus.
Tails is comprised of numerous components working in interchange," he said. ... however because there are numerous inter-locking mechanisms in play on the system, it's difficult to readily pinpoint a particular weak area."
Nguyen and team had identified a number of zero-day vulnerabilities in the distro that have gone unaddressed and remain open even as TAILS releases an update to the software. Exodus said it would release details about the zero-days in a series of blog posts next week. For the Tails platform, privacy is contingent on maintaining anonymity and ensuring their actions and communications are not attributable. Thus, any violation of those foundational pillars should be considering highly critical," added Nguyen. This affects every user of Tails, who should all "diversify security platforms so as not to put all your eggs in one basket", he added. Exodus sells to private and public businesses hoping to use the findings for either offensive or defensive means. Those unconcerned about governments targeting their systems might not be concerned about the Tails zero-days. Others will likely be anxious one of their trusted tools to avoid government hackers contains vulnerabilities that could be exploited to spy on any user of the OS."

More on the vulnerabilities at the Register and Forbes.

Here's what happens when you blend Debian and Android

by
in linux on (#3RH)
Yes, Android is based on the Linux kernel, but until the Linux and Android platforms and application ecosystems have been separate things. MicroXwin hopes to change that with a new Linux distro called VolksPC that runs both Debian and Android apps in fully native mode.
"We created a unified distribution that allows both Android and Debian LXDE/XFCE applications to run simultaneously at native speeds. On ARM, our distribution is based on a modified ARMHF Debian Wheezy rootfs", the developers write. As Phoronix reports, the developers claim that apps under both environments run "at native speeds"; the only changes to Android are in startup scripts, providing full compatibility with existing applications; and MicroXwin provides a high-speed X-Windows framework for the system.
The distro hopes to provide the best of both worlds, and a Linux desktop environment with full support for the entire Debian app repository while providing Android's simplicity and ease of use where things like HD video are concerned.

Mozilla's asm.js framework launches to improve web-based gaming

by
in games on (#3RG)
story imageSerious gamers look to dedicated hardware and serious firepower for their gaming experience, but the casual gamer turns to the web, and probably has to start by downloading and installing a plug-in first. That turns a lot of gamers off, and Mozilla hopes to do something about it. Says TechCrunch:
For the longest time, web-based gaming meant that you had to install (often dubious) plugins to make games run smoothly in your browser. WebGL and other technologies changed that a bit in recent years, but because JavaScript isn't exactly a speed freak, plugin-free gaming never quite took off. Mozilla has been trying to work around this with asm.js, a subset of JavaScript that can run extremely fast in Firefox and today, the organization announced that the first commercial 3D game based on asm.js is about to launch.
That game is Dungeon Defenders Eternity, playable on the desktop via Steam, or on the web at playverse.com. A mix of tower defense and role playing styles, looks like a a fun game first, but a good test of a new technology as well. Mozilla's ASM.js may not be revolutionary, but it does stand a chance at improving the ease with which the casual gamer can simply start up a game on the web without needing to worry about downloading and installing a plug-in.

Forensic technologies and the downing of Malaysia Air MH17

by
in science on (#3RF)
The downing of Malaysia Airline MH17 in the Ukraine is turning out to be one of the biggest of tragedies of 2014 and we don't have all the answers yet. Here is a look at some of the technologies being used to unravel the mystery. From infrared to satellite imagery to chemical signatures, it's all being used to get answers. And don't rule out human technology either: eyewitnesses make the list of forensic strategies as well.
The most important element in instilling similar certainty among European partners will probably be infrared satellite imagery. The National Reconnaissance Office, or NRO, and the Air Force Space Command operate a number of infrared satellites, such as the Space Based Infrared System (SBIRS). There are currently two SBIRS satellites in orbit but there will be six by 2022, with Lockheed Martin as developer, under control of Air Force Space Command.
Courtesy of the National Journal.

Size and age of plants impact their productivity more than climate

by
in environment on (#3RE)
A study on plants using data from over 1000 forests has found that the size and age of the plant has more of an impact on their productivity than temperature and precipitation.
"A fundamental assumption of our models for understanding how climate influences the functioning of ecosystems is that temperature and precipitation directly influence how fast plants can take up and use carbon dioxide," said Enquist, a professor in the UA's Department of Ecology and Evolutionary Biology whose research lab led the study.

"Essentially, warm and wet environments are thought to allow plant metabolism to run fast, while cold and drier environments slow down metabolism and hence lower biomass production in ecosystems," he said. "This assumption makes sense, as we know from countless experiments that temperature and water control how fast plants can grow. However, when applied to a the scale of entire ecosystems, this assumption appears to not be correct."

To test the assumption on the scale of ecosystems, the team developed a new mathematical theory that assesses the relative importance of several hypothesized drivers of net primary productivity. That theory was then evaluated using a massive new dataset assembled from more than 1,000 different forest locations across the world.

The analysis revealed a new and general mathematical relationship that governs worldwide variation in terrestrial ecosystem net primary productivity. The team found that plant size and plant age control most of the variation in plant productivity, not temperature and precipitation as traditionally thought.
The abstract is available here.

NASA To Test Free-Flying Housekeeper Robots

by
in space on (#3RD)
story imageSince 2006, three bowling ball-size free-flying Synchronized Position Hold, Engage, Reorient, Experimental Satellites (SPHERES) have been floating around the International Space Station. Now, they are attaching a smartphone to the spheres, making them "Smart SPHERES", a more "intelligent" free-flying robot with built-in cameras to take pictures and video, sensors to help conduct inspections, powerful computing units to make calculations and Wi-Fi connections to transfer data in real time to the computers aboard the space station and at mission control in Houston.
In a two-phase experiment, astronauts will manually use the smartphones to collect visual data using the integrated custom 3-D sensor to generate a full 3-D model of their environment. After the map and its coordinate system are developed, a second activity will involve the smartphones attached to the SPHERES, becoming the free-flying Smart SPHERES. As the free-flying robots move around the space station from waypoint to waypoint, utilizing the 3-D map, they will provide situational awareness to crewmembers inside the station and flight controllers in mission control. These experiments allow NASA to test vision-based navigation in a very small mobile product.

"NASA uses robots for research and mission operations; just think about the rovers on Mars or the robotic arm on the ISS or space shuttle," said Chris Provencher, manager of the Smart SPHERES project. "Inside the ISS space is limited, so it's really exciting to see technology has advanced enough for us to demonstrate the use of small, mobile robots to enhance future exploration missions."

Ultimately it is the hope of researchers that these devices will perform housekeeping-type tasks, such as video surveys for safety and configuration audits, noise level measurements, air flow measurements, and air quality measurements, that will offset work the astronauts currently perform.