Language Selection

English French German Italian Portuguese Spanish

Security

Security: Password Managers, 'Cyber Militia', Linux Kernel "LOCKDOWN" and IPFire 2.23

Filed under
Security
  • Open source vs proprietary password managers [Ed: If it's proprietary software, then you can never trust what it's doing with all your passwords; it can compromise everything you have. Like putting a bandit in charge of guarding a neighbourhood]

    Nowadays, we all have huge numbers of subscriptions to online accounts and services. For those accounts to be secure, each one of them must have a unique, robust password. What’s more, truly strong passwords must be complicated, which means that they are extremely difficult to remember.

  • Cyber Militia Launches Non-Profit to Share Technology [Ed: The NSA uses the term "Cyber Militia"; what a bunch of thugs.

    RockNSM is a network security monitoring platform that uses open source technologies, such as CentOS, which is an operating system derived from the RedHat enterprise-level open source system. RockNSM formed the basis for a Task Force Echo network anomaly detection system used for real-world cyber operations.

  • Linux Kernel "LOCKDOWN" Ported To Being An LSM, Still Undergoing Review

    It didn't make it for the Linux 5.2 kernel and now it's up to its 33rd revision on the Linux kernel mailing list... The "lockdown" patches for locking down access to various kernel hardware features has been reworked now and is a Linux Security Module (LSM) as it still tries to get enough endorsements to be mainlined.

    The Lockdown effort has been most recently led by Google's Matthew Garrett and with this 33rd revision he reworked the code to serve as an LSM module. The Lockdown functionality prohibits writing to /dev/mem, restricts PCI BAR and CPU MSR access, doesn't allow kernel module parameters that touch hardware settings, drops system hibernation support, and disables other functionality that could potentially change the hardware state or running Linux kernel image.

  • IPFire 2.23 - Core Update 133 has been released

    This update brings many updates on the core libraries of the system. Various changes to our build system are also helping us to build a more modern distribution, faster. The toolchain is now based on GCC 8.3.0, binutils 2.32 and glibc 2.29 which bring various bugfixes, performance improvements and some new features.

    Although these might not be the most exciting changes, we recommend upgrading as soon as possible since this is essential hardening for backbone components of the user-space.

Security Leftovers

Filed under
Security
  • [Attackers] Used Two Firefox Zero Days to Hit a Crypto Exchange

    Luckily, not only did Coinbase and an outside researcher notice the bugs, but Coinbase picked up on the attack before any money could be stolen or the network could be infiltrated.

  • Romanian hospitals, affected by ransomware attack [iophk: "Windows TCO"]

    Four hospitals in Romania have been affected by the BadRabbit 4 ransomware, the Romanian Intelligence Service (SRI) announced. One of the hospitals is the Victor Babeş Infectious Diseases Hospital in Bucharest. The other hospitals are located in Huşi, Dorohoi and Cărbuneşti.

  • Cyber-attacks on hospitals most likely come from China, SRI says

    The specialists with the Cyberint National Centre with the Romanian Intelligence Service (SRI) suspect that the recent attacks on hospitals in Romania come from China, service representatives say, quoted by digi24.ro.

    “Regarding the cyber-attacks on hospitals, the Cyberint National Centre suspect the attackers are of Chinese origin. The time interval was considered, when the Chinese hackers are active and the clues left along with the ransom requests,” SRI says in a release.

  • Five Romanian hospitals targeted by cyber attack [iophk: "Windows TCO"]

    Five hospitals in the Romanian capital Bucharest are the target of a cyber attack. Various Romanian media report this. Opposite the news platform Stiri Lazi, the Romanian Minister of Health has announced that patients will be affected by the attack.

  • US 'launched cyber-attack on Iran weapons systems'

    The cyber-attack disabled computer systems controlling rocket and missile launchers, the Washington Post said.

  • [Compromise] of U.S. Border Surveillance Contractor Is Way Bigger Than the Government Lets On

    Even as Homeland Security officials have attempted to downplay the impact of a security intrusion that reached deep into the network of a federal surveillance contractor, secret documents, handbooks, and slides concerning surveillance technology deployed along U.S. borders are being widely and openly shared online.

    A terabyte of torrents seeded by Distributed Denial of Secrets (DDOS)—journalists dispersing records that governments and corporations would rather nobody read—are as of writing being downloaded daily. As of this week, that includes more than 400 GB of data stolen by an unknown actor from Perceptics, a discreet contractor based in Knoxville, Tennessee, that works for Customs and Border Protection (CBP) and is, regardless of whatever U.S. officials say, right now the epicenter of a major U.S. government data breach.

Security: Windows, 'DevSecOps', SSH, Bash and More

Filed under
Security
  • Electronic Health Records at 26 Hospitals Hit by Two-Hour Outage [iophk: "Windows TCO"]

    Universal, which manages more than 350 health-care facilities in the U.S. and U.K., declined to specify the technical issues or say how many patient records were affected. The problem lasted for less than two hours and the affected hospitals have returned to normal operations, said Eric Goodwin, chief information officer of the King of Prussia, Pennsylvania-based company.

  • DevSecOps: 4 key considerations for beginners

    Security used to be the responsibility of a dedicated team in the last development stage, but with development cycles increasing in number and speed, security practices need to be constantly updated.

    This has led to the rise of DevSecOps, which emphasizes security within DevOps. Companies need DevSecOps to make sure their initiatives run safely and securely. Without DevSecOps, DevOps teams need to rebuild and update all their systems when a vulnerability is found, wasting time and effort.

  • OpenSSH to Keep Private Keys Encrypted at Rest in RAM

    A commit for the OpenSSH project adds protection for private keys in memory when they are not in use, making it more difficult for an adversary to extract them through side-channel attacks leveraging hardware vulnerabilities.

    OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol, being the default solution in many Linux distributions for encrypting connections to a remote system.

  • OpenSSH adds protection against Spectre, Meltdown, Rowhammer and RAMBleed attacks
  • GNU Bash Unsupported Characters Heap-Based Buffer Overflow Vulnerability [CVE-2012-6711]

    A vulnerability in the lib/sh/strtrans.c:anicstr function of GNU Bash could allow an authenticated, local attacker to execute code on a targeted system.The vulnerability is due buffer errors within the lib/sh/strtrans.c:anicstr function of the affected software. An attacker could exploit this vulnerability by providing print data through the echo built-in function. A successful exploit could allow the attacker to execute code on the targeted system.GNU Bash has confirmed this vulnerability and released a software patch.

  • Daily News Roundup: Malware in Your Pirated Software

    Researchers at ESET and Malwarebytes have discovered crypto mining malware hidden in pirated music production software.

  • A Method for Establishing Liability for Data Breaches

    Last month, the First American Financial Corporation—which provides title insurance for millions of Americans—acknowledged a cybersecurity vulnerability that potentially exposed 885 million private financial records related to mortgage deals to unauthorized viewers. These records might have revealed bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images to such viewers. If history is any guide, not much will happen and companies holding sensitive personal information on individuals will have little incentive to improve their cybersecurity postures. Congress needs to act to provide such incentives.

    The story is all too familiar, as news reports of data breaches involving the release of personal information for tens of millions of, or even a hundred million, Americans have become routine. A company (or a government agency) pays insufficient attention to cybersecurity matters despite warnings that the cybersecurity measures it takes are inadequate and therefore fails to prevent a breach that could be remediated by proper attention to such warnings. In the aftermath of such incidents, errant companies are required by law to report breaches to the individuals whose personal information has been potentially compromised. Frequently, these companies also offer free credit monitoring services to affected individuals for a year or two.

Security FUD and Distraction From NSA Back Doors

Filed under
Security
  • Linux Cryptominer Uses Virtual Machines to Attack Windows, macOS [Ed: This is simply malware that people download and install on their machines, but hey, let's blame something else on "Linux"]

    A new cryptocurrency mining malware dubbed LoudMiner uses virtualization software to deploy a Linux XMRig coinminer variant on Windows and macOS systems via a Tiny Core Linux virtual machine.

  • Report confirms shift of botnet attack focus to Linux, IoT [Ed: A 'report' shifts focus from Microsoft Windows back doors (which are causing huge damage at the moment) to "Linux" (usually just machine with default password unchanged)]
  • Botnets shift from Windows towards Linux and IoT platforms [Ed: Microsoft money has poisoned and polluted corporate media (advertising money) to the point each time it covers "Linux" it's either a story about Linux being dangerous or a story about Vista 10 (WeaSeL)]
  • Free proxy service found running on top of 2,600+ hacked WordPress sites [Ed: Considering there are many millions of WordPress sites, many of which aren't patching properly, this is only expected and it's the fault of their administrators]
  • Four CVEs Describe SACKs of Linux and FreeBSD Vulnerabilities [Ed: When searching news for "Linux" these days almost half the results are about security because corporate media chooses to focus on nothing else, even obsessing over the same story for weeks]

    Four new CVEs present issues that have a potential DoS impact on almost every Linux user.

  • Remote Desktop Protocol

    As with any piece of software, bugs arise sooner or later. A critical security exploit allowing a man-in-the-middle- style attack was discovered in RDP version 5.2. In 2012, another critical vulnerability was discovered to allow a Windows computer to be compromised by unauthenticated clients. Version 6.1, found in Windows Server 2008, revealed a critical exploit that harvested user credentials. More recently, an exploit discovered in March 2018 allowed remote code execution attack and another credential- harvesting scenario.

Security Leftovers

Filed under
Security

CentOS 7 and RHEL 7 Get Important Linux Kernel Update to Patch SACK Panic Flaws

Filed under
Red Hat
Security

The new Linux kernel security updates patch an integer overflow flaw (CVE-2019-11477) discovered by Jonathan Looney in Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments, which could allow a remote attacker to cause a so-called SACK Panic attack (denial of service) by sending malicious sequences of SACK segments on a TCP connection that has a small TCP MSS value.

"While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented," reads Red Hat's security advisory. "Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments."

Read more

Security: Updates, Holes, FUD and Primers

Filed under
Security
  • Security updates for Friday
  • Critical Firefox vulnerability fixed in 67.0.3
  • NASA Lab Hacked Using A $25 Raspberry Pi Computer

    Raspberry Pi is a teeny-tiny device that can be tinkered with to gain deceptively high capabilities. This has been proved by a recent report which confirmed that a NASA lab was hacked using a Raspberry Pi.

    The breach occurred in April 2018 where NASA’s Jet Propulsion Laboratory (JPL) was hacked and 500MB of data from major mission systems was stolen.

    [...]

    Apparently, the system administrators did not consistently update the inventory system while adding new devices to the network.

  • DragonFlyBSD 5.6.1 Released To Fix TTM & OpenSSH Problems

    There are two primary and separate bug fixes in DragonFlyBSD 5.6.1 around OpenSSH and TTM. The OpenSSH issue is a SSHD configuration issue for the SSH daemon. The TTM bug is a lockup issue that could come about when using the Radeon DRM graphics driver with this Radeon/TTM code ported over to DragonFlyBSD from the Linux kernel.

    That's it for DragonFlyBSD 5.6.1, which is on top of the many great additions in version 5.6 like HAMMER2 by default, a VM rework / performance improvements, and other enhancements.

  • Google Accidentally Releases July 2019 Pixel Update In June

    Some owners of Pixel 3A and 3A XL devices had a happy, or rather surprising, moment when they realized that Google goofed-up badly.

    As posted on Reddit, Google accidentally released a build of the monthly security update meant for July 2019. It is 79.8MB in size and comes with a label that says “CONFIDENTIAL INTERNAL ONLY.” This clearly means it’s an internal build and not meant for public release.

  • 100 Million Dell [Microsoft Windows-laden] PCs At Risk Due To Criticial Bug In ‘SupportAssist’ Software

    The SupportAssist software comes pre-loaded on most Dell laptops and desktops. It’s used to check for different hardware and software issues that could arise over the course of time on Dell machines. For example, it can be used to test whether the battery is in a healthy condition or not.

    Unfortunately, the innocent-looking SupportAssist could open doors for attackers who can use it to achieve privilege escalation on Dell machines running Windows 10. The vulnerability was discovered by security firm SafeBreach Labs, the firm told Fossbytes in an email.

  • Bird Miner: This Cryptominer Malware Emulates Linux To Attack Macs [Ed: Attributing dumb people installing malicious files on their disk to "Linux".]

    One of the biggest disadvantages of using pirated software is the increased risk of letting your computer get infected with malware. Cybercriminals often bundle the cracked versions of paid software on piracy websites with adware and cryptominer to earn free cash. So, if you’re installing such programs from unknown sources, the chances of you getting hacked are pretty good.

    The same attack vector is being used by hackers to distribute a new Mac cryptocurrency miner named Bird Miner. As Malwarebytes’ official blog explains, Bird Miner has been found to be bundled with a cracked installer of a software named Ableton Live, which is a tool for high-end music production.

  • New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux

    A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. And while cryptomining is not new on Mac, this one has a unique twist: It runs via Linux emulation.

  • Understanding Public Key Infrastructure and X.509 Certificates

    Public Key Infrastructure (PKI) provides a framework of encryption and data communications standards used to secure communications over public networks. At the heart of PKI is a trust built among clients, servers and certificate authorities (CAs). This trust is established and propagated through the generation, exchange and verification of certificates.

    This article focuses on understanding the certificates used to establish trust between clients and servers. These certificates are the most visible part of the PKI (especially when things break!), so understanding them will help to make sense of—and correct—many common errors.

    As a brief introduction, imagine you want to connect to your bank to schedule a bill payment, but you want to ensure that your communication is secure. "Secure" in this context means not only that the content remains confidential, but also that the server with which you're communicating actually belongs to your bank.

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • Jelle Van der Waa: Mini DebConf Hamburg 2019

    The reproducible builds project was invited to join the mini DebConf Hamburg sprints and conference part. I attended with the intention to get together to work on Arch Linux reproducible test setup improvements, reproducing more packages and comparing results.

    The first improvement was adding JSON status output for Arch Linux and coincidently also OpenSUSE and in the future Alpine the commit can be viewed here. The result was deployed and the Arch Linux JSON results are live.

    The next day, I investigated why Arch Linux's kernel is not reproducible.

  • Rogue Raspberry Pi allowed hackers to infiltrate NASA's systems [iophk: "article is missing any relevant details, lack of bureaucracy was not the cause here unlike what is asserted]

    That's according to a recent audit by the agency's Office of Inspector General, which reveals a number of security weaknesses affecting its Jet Propulsion Laboratory (JPL).

    The report claims that multiple IT security control weaknesses "reduce JPL's ability to prevent, detect and mitigate attacks targeting its systems and networks" while "exposing NASA systems and data to exploitation by cybercriminals".

  • Hacking Hardware Security Modules

    This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of the HSM. The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials. Finally, we exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM. This firmware includes a persistent backdoor that survives a firmware update.

  • The looming threat of malicious backdoors in software source code

    The history of backdoors in source code has largely been about managing insider threats. For example, a rogue developer looking to sabotage the organization. What’s changed is that increasingly well-funded nation-state attackers can afford to take a much longer-term view. This means writing useful code with backdoors planted deep inside it, making the code widely available, and waiting to see who adopts it.

  • A Florida city paid a $600,000 bitcoin ransom to hackers who took over its computers — and it's a massive alarm bell for the rest of the US [iophk: "Windows TCO"]

    A Florida city's council voted to pay a ransom of $600,000 in Bitcoin to [crackers] that targeted its computer systems — and the payout is a sign of how unprepared much of the US is to deal with a coming wave of cyberattacks.

Security: John Deere, Windows, Debian, Ubuntu, and Mozilla Firefox

Filed under
Security
  • John Deere's Promotional USB Drive Hijacks Your Keyboard

    “The device itself, it’s pretty ingenious, actually,” the Reddit user said. “It’s an HID-compliant keyboard that, when connected detects what platform it’s on and automatically sends a keyboard shortcut to open a browser, and then it barfs the link into the address bar.”

  • New Variant of the Houdini Worm Emerges

    WSH RAT is currently being offered as a subscription, at $50 per month. The malware operators are actively marketing the malware as compatible with all Windows XP to Windows 10 releases, featuring automatic startup methods, and various remote access, evasion, and stealing capabilities.

  • Debian's Intel MDS Mitigations Are Available for Sandy Bridge Server/Core-X CPUs

    The Debian Project recently announced the general availability of a new security update for the intel-microcode firmware to patch the recently disclosed Intel MDS (Microarchitectural Data Sampling) vulnerabilities on more Intel CPUs.

    Last month, on May 14th, Intel disclosed four new security vulnerabilities affecting many of its Intel microprocessor families. The tech giant was quick to release updated microcode firmware to mitigate these flaws, but not all the processor families were patched.

  • Canonical Outs New Linux Kernel Live Patch for Ubuntu 18.04 LTS and 16.04 LTS

    Canonical released a new Linux kernel live patch for the Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus) operating system series to address the recently disclosed TCP Denial of Service (DoS) vulnerabilities.

    Coming hot on the heels of the recent Linux kernel security updates published earlier this week for all supported Ubuntu releases, the new Linux kernel live patch is only targeted at Ubuntu versions that support the kernel live patch and are long-term supported, including Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus).

  • Firefox Users Warned to Patch Critical Flaw

    Mozilla is urging users of its Firefox browsers to update them immediately to fix a critical zero-day vulnerability. Anyone using Firefox on a Windows, macOS or Linux desktop is at risk.

    The vulnerability, CVE-2019011707, is a type confusion in Array.pop. It has been patched in Firefox 67.0.3 and Firefox ESR 60.7.1.

    Mozilla announced the patch Tuesday, but the vulnerability was discovered by Samuel Groß of Google Project Zero on April 15.

    Mozilla implemented the fix after digital currency exchange Coinbase reported exploitation of the vulnerability for targeted spearphishing attacks.

    "On Monday, June 17, 2019, Coinbase reported a vulnerability used as part of targeted attacks for a spear phishing campaign," Selena Deckelmann, senior director, Firefox Browser Engineering, told TechNewsWorld. "In less than 24 hours, we released a fix for the exploit."

Tails 3.14.1 is out

Filed under
GNU
Linux
Security
Web
Debian

This release is an emergency release to fix a critical security vulnerability in Tor Browser.

It also fixes other security vulnerabilities. You should upgrade as soon as possible.

Read more

Also: It's Time to Switch to a Privacy Browser

Syndicate content

More in Tux Machines

today's leftovers

  • Hardware Review - The ZaReason Virtus 9200 Desktop
  • Chrome OS 76 will disable Crostini Linux backups by default
    Essentially, this is still a work in progress feature. And I shouldn’t be terribly surprised by that, even though in my experience, the functionality hasn’t failed me yet. That’s because we know that the Chromium team is considering on a way to backup and restore Linux containers directly from the Files app on a Chromebook. That proposal is targeted for Chrome OS 78, so this gives the team more time to work that out, as well as any other nits that might not be quite right with the current implementation.
  • Andrei Lisita: Something to show for
    Unfortunately along with the progress that was made we also encountered a bug with the NintendoDS core that causes Games to crash if we attempt to load a savestate. We are not yet 100% sure if the bug is caused by my changes or by the NintendoDS core itself. I hope we are able to fix it by the end of the summer although I am not even sure where to start since savestates are working perfectly fine with other cores. Another confusing matter about this is that the Restart/Resume Dialog works fine with the NintendoDS core and it also uses savestates. This led me to believe that perhaps cores can be used to load savestates only once, but this can’t be the problem since we re-instantiate the core every time we load a savestate. In the worst case we might just have to make a special case for the NintendoDS core and not use savestates with it, except for the Resume/Restart dialog. This would sadden me deeply since there are plenty of NintendoDS games which could benefit from this feature.
  • OSMC's June update is here with Kodi v18.3
    Team Kodi recently announced the 18.3 point release of Kodi Leia. We have now prepared this for all supported OSMC devices and added some improvements and fixes. Here's what's new:

OSS Leftovers

  • A comparison of open source, real-time data streaming platforms
    A variety of open source, real-time data streaming platforms are available today for enterprises looking to drive business insights from data as quickly as possible. The options include Spark Streaming, Kafka Streams, Flink, Hazelcast Jet, Streamlio, Storm, Samza and Flume -- some of which can be used in tandem with each other. Enterprises are adopting these real-time data streaming platforms for tasks such as making sense of a business marketing campaign, improving financial trading or recommending marketing messages to consumers at critical junctures in the customer journey. These are all time-critical areas that can be used for improving business decisions or baked into applications driven by data from a variety of sources.
  • Amphenol’s Jason Ellison on Signal Integrity Careers and His Free, Open Source PCB Design Software
    Ellison, Senior Staff Signal Integrity Engineer at Amphenol ICC, gives his insight on the importance of networking, giving to the EE community, and his open-source signal integrity project. How does signal integrity engineering compare to other EE fields? What are open-source resources worth these days? What makes for a good work life for an engineer? Learn this and more in this Engineer Spotlight! Jason Ellison started down the path to becoming an electrical engineer because someone told him it was "fun and easy if you're good at math." In this interview with AAC's Mark Hughes, Ellison—a Senior Staff Signal Integrity Engineer at Amphenol ICC—describes how his career has grown from these beginnings into the rewarding and diverse work of signal integrity engineering.
  • Cruise open-sources Webviz, a tool for robotics data analysis [Ed: Releasing a little tool that's part of proprietary software so that it 'feels' more "open"]
    Cruise, the self-driving startup that General Motors acquired for nearly $1 billion in 2016, generates an enormous amount of data by any measure. It orchestrates 200,000 hours of driving simulation jobs daily in Google Cloud Platform, spread across 30,000 virtual cars in an environment running on 300,000 processor cores and 5,000 graphics cards. Both those cars and Cruise’s fleet of over 180 real-world autonomous Chevrolet Bolts make thousands of decisions every second, and they base these decisions on observations captured in binary format from cameras, microphones, radar sensors, and lidar sensors.
  • EWF launches world’s first open source blockchain for the energy industry
    The Energy Web Foundation this week announced that it has launched the world’s first public, open-source, enterprise-grade blockchain tailored to the energy sector: the Energy Web Chain (EW Chain). More than ten Energy Web Foundation (EWF) Affiliates — including utilities, grid operators, and blockchain developers — are hosting validator nodes for the live network, according to the company.
  • Pimcore Releases Pimcore 6.0, Amplifying User-Friendly Digital Experiences Through Open Source
    Pimcore, the leading open-source platform for data and customer experience management, has released the most powerful version of the Pimcore platform, Pimcore 6.0. The updated platform includes a new user interface that seamlessly connects MDM/PIM, DAM, WCM, and digital commerce capabilities to create more advanced and user-friendly experiences quickly and efficiently.
  • VCV Rack reaches version 1.0.0: free and open-source modular synth gets a full release
    VCV Rack is a free, open-source modular software synth that’s been gaining ground for a couple of years, but only now has it reached the significant milestone of version 1.0. Designed to replicate the feeling of having a hardware modular synth on your desktop, VCV Rack enables you to add both free and paid-for modules, and now supports polyphony of up to 16 voices. There’s MIDI Output, too with CV-Gate, CV-MIDI and CV-CC modules enabling you to interface with drum machines, desktop synths and Eurorack gear.
  • Flying Above the Shoulders of Giants
    Thanks to open-source platforms, developers can stand on the shoulders of software giants to build bigger and better things. Linux is probably the biggest...
  • MIT Researchers Open-Source AutoML Visualization Tool ATMSeer
    A research team from MIT, Hong Kong University, and Zhejiang University has open-sourced ATMSeer, a tool for visualizing and controlling automated machine-learning processes. Solving a problem with machine learning (ML) requires more than just a dataset and training. For any given ML tasks, there are a variety of algorithms that could be used, and for each algorithm there can be many hyperparameters that can be tweaked. Because different values of hyperparameters will produce models with different accuracies, ML practitioners usually try out several sets of hyperparameter values on a given dataset to try to find hyperparameters that produce the best model. This can be time-consuming, as a separate training job and model evaluation process must be conducted for each set. Of course, they can be run in parallel, but the jobs must be setup and triggered, and the results recorded. Furthermore, choosing the particular values for hyperparameters can involve a bit of guesswork, especially for ones that can take on any numeric value: if 2.5 and 2.6 produce good results, maybe 2.55 would be even better? What about 2.56 or 2.54?
  • Open-Source Cybersecurity Tool to Enhance Grid Protection
    A revolutionary new cybersecurity tool that can help protect the electric power grid has been released to the public on the code-hosting website GitHub.
  • Quick notes for Mozilla Whistler All Hands 2019
  • Deeper into the data fabric with MongoDB
    However, to gain access to rich search functionality, many organisations pair their database with a search engine such as Elasticsearch or Solr, which MongoDB claims can complicate development and operations — because we end up with two entirely separate systems to learn, maintain and scale.

Raspberry Pi 4 is here!

The latest version of the Raspberry Pi—Raspberry Pi 4—was released today, earlier than anticipated, featuring a new 1.5GHz Arm chip and VideoCore GPU with some brand new additions: dual-HDMI 4K display output; USB3 ports; Gigabit Ethernet; and multiple RAM options up to 4GB. The Raspberry Pi 4 is a very powerful single-board computer and starts at the usual price of $35. That gets you the standard 1GB RAM, or you can pay $45 for the 2GB model or $55 for the 4GB model—premium-priced models are a first for Raspberry Pi. Read more

Open Data, Open Access and Open Hardware

  • DoD’s Joint AI Center to open-source natural disaster satellite imagery data set
    As climate change escalates, the impact of natural disasters is likely to become less predictable. To encourage the use of machine learning for building damage assessment this week, Carnegie Mellon University’s Software Engineering Institute and CrowdAI — the U.S. Department of Defense’s Joint AI Center (JAIC) and Defense Innovation Unit — open-sourced a labeled data set of some of the largest natural disasters in the past decade. Called xBD, it covers the impact of disasters around the globe, like the 2010 earthquake that hit Haiti. “Although large-scale disasters bring catastrophic damage, they are relatively infrequent, so the availability of relevant satellite imagery is low. Furthermore, building design differs depending on where a structure is located in the world. As a result, damage of the same severity can look different from place to place, and data must exist to reflect this phenomenon,” reads a research paper detailing the creation of xBD. [...]

    xBD includes approximately 700,000 satellite images of buildings before and after eight different kinds of natural disasters, including earthquakes, wildfires, floods, and volcanic eruptions. Covering about 5,000 square kilometers, it contains images of floods in India and Africa, dam collapses in Laos and Brazil, and historic deadly fires in California and Greece.

    The data set will be made available in the coming weeks alongside the xView 2.0 Challenge to unearth additional insights from xBD, coauthor and CrowdAI machine learning lead Jigar Doshi told VentureBeat. The data set collection effort was informed by the California Air National Guard’s approach to damage assessment from wildfires.

  • Open-source textbooks offer free alternative for UC Clermont students
    Some UC Clermont College students are avoiding paying hundreds of dollars for textbooks — and getting the content for free — thanks to online open-source textbooks, a growing trend among faculty at the college and throughout higher education. UC Clermont Dean Jeff Bauer, who is also a professor of business, said the benefits of open textbooks are many. “All students have the book on the first day of class, it saves them a lot of money, and the information can be accessed anywhere, anytime, without carrying around a heavy textbook,” Bauer said. “They don’t need to visit the bookstore before or after each semester to buy or sell back books, either.”
  • Open Source Computer Controlled Loom Knits Pikachu For You
    The origin story of software takes us back past punch card computers and Babbage's Difference Engine to a French weaver called Joseph Marie Jacquard.
  • Successful open-source RISC-V microcontroller launched through crowdfunding
    X-FAB Silicon Foundries, together with crowd-sourcing IC platform partner Efabless Corporation, launched the first-silicon availability of the Efabless RISC-V SoC reference design. This open-source semiconductor project went from start of design to tape-out in less than three months employing the Efabless design flow produced on open-source tools. The mixed-signal SoC, called Raven, is based on the community developed ultra-low power PicoRV32 RISC-V core. Efabless has bench-tested the Raven at 100MHz, and based on simulations, the solution should operate at up to 150MHz.
  • Open Hardware: Open-Source MRI Scanners Could Bring Enormous Cost Savings
    Wulfsberg explore the possibilities of open source MRI scanning. As open-source technology takes its place around the world—everywhere from makerspaces to FabLabs, users on every level have access to design and innovation. In allowing such access to MRI scanning, the researchers realize the potential for ‘technological literacy’ globally—and with MRIs specifically, astronomical sums could be saved in healthcare costs. The authors point out that medical technology is vital to the population of the world for treating not only conditions and illnesses, but also disabilities. As so many others deeply involved in the world of technology and 3D printing realize, with greater availability, accessibility, and affordability, huge strides can be made to improve and save lives. Today, with so many MRI patents expiring, the technology is open for commercialization.