Communications

Reverse Engineering the Nike+ FuelBand's Communications Protocol 55

Posted by Soulskill
from the talking-to-the-wrist dept.
An anonymous reader writes: Security researcher Simone Margaritelli has reverse engineered the Bluetooth low-energy communications protocol for his Nike+ FuelBand SE, a wrist-worn activity tracker. He learned some disturbing facts: "The authentication system is vulnerable, anyone could connect to your device. The protocol supports direct reading and writing of the device memory, up to 65K of contents. The protocol supports commands that are not supposed to be implemented in a production release (bootloader mode, device self test, etc)." His post explains in detail how he managed this, and how Nike put effort into creating an authentication system, but then completely undermined it by using a hard-coded token. Margaritelli even provides a command list for the device, which can do things like grab an event log, upload a bitmap for the screen, and even reset it.
Government

Safety Review Finds Yucca Mountain Nuclear Waste Site Was Technically Sound 121

Posted by Soulskill
from the wasted-effort dept.
siddesu writes: The U.S. Department of Energy's 2008 proposal to build a nuclear waste repository at Yucca Mountain, Nevada, was technically sound, a report by the NRC says. However, the closed-down project is unlikely to revive, as its staff has moved on, and there are few funds available to restart it. "With the release of the final two volumes of a five-part technical analysis, the commission closed another chapter on the controversial repository nearly five years after President Barack Obama abandoned the project, and more than a quarter century after the site was selected. While the staff recommended against approving construction, the solid technical review could embolden Republicans who now control both houses of Congress and would like to see Yucca Mountain revived."
Biotech

New Study Says Governments Should Ditch Reliance On Biofuels 160

Posted by samzenpus
from the won't-somebody-please-think-of-the-switchgrass? dept.
HughPickens.com writes The NYT reports on a new study from a prominent environmental think tank that concludes turning plant matter into liquid fuel or electricity is so inefficient that the approach is unlikely ever to supply a substantial fraction of global energy demand. They add that continuing to pursue this strategy is likely to use up vast tracts of fertile land that could be devoted to helping feed the world's growing population. "I would say that many of the claims for biofuels have been dramatically exaggerated," says Andrew Steer, president of the World Resources Institute, a global research organization based in Washington that is publishing the report. "There are other, more effective routes to get to a low-carbon world." The report follows several years of rising concern among scientists about biofuel policies in the United States and Europe, and is the strongest call yet by the World Resources Institute, known for nonpartisan analysis of environmental issues, to urge governments to reconsider those policies.

Timothy D. Searchinger says recent science has challenged some of the assumptions underpinning many of the pro-biofuel policies that have often failed to consider the opportunity cost of using land to produce plants for biofuel. According to Searchinger, if forests or grasses were grown instead of biofuels, that would pull carbon dioxide out of the air, storing it in tree trunks and soils and offsetting emissions more effectively than biofuels would do. What is more, as costs for wind and solar power have plummeted over the past decade, and the new report points out that for a given amount of land, solar panels are at least 50 times more efficient than biofuels at capturing the energy of sunlight in a useful form. "It's true that our first-generation biofuels have not lived up to their promise," says Jason Hill said. "We've found they do not offer the environmental benefits they were purported to have, and they have a substantial negative impact on the food system."
Security

D-Link Routers Vulnerable To DNS Hijacking 62

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered. Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link's DSL-2740R ADSL modem/wireless router. The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE.
Intel

FSF-Endorsed Libreboot X200 Laptop Comes With Intel's AMT Removed 163

Posted by timothy
from the if-thine-eye-offends-thee dept.
gnujoshua (540710) writes "The Free Software Foundation has announced its endorsement of the Libreboot X200, a refurbished Lenovo ThinkPad X200 sold by Gluglug. The laptop ships with 100% free software and firmware, including the FSF's endorsed Trisquel GNU/Linux and Libreboot. One of the biggest challenges overcome in achieving FSF's Respects Your Freedom certification was the complete removal of Intel's ME and AMT firmware. The AMT is a controversial proprietary backdoor technology that allows remote access to a machine even when it is powered off. Quoting from the press release: "The ME and its extension, AMT, are serious security issues on modern Intel hardware and one of the main obstacles preventing most Intel based systems from being liberated by users. On most systems, it is extremely difficult to remove, and nearly impossible to replace. Libreboot X200 is the first system where it has actually been removed, permanently," said Gluglug Founder and CEO, Francis Rowe."
Printer

VP Anthony Moschella Shows Off Makerbot's Latest Printers and Materials (Video) 43

Posted by timothy
from the now-you-can-make-fake-wood-designer-shapes-on-the-3d-printer-at-your-local-makerspace dept.
You may have read a few weeks ago about the new materials that MakerBot has introduced for its 3-D printers; earlier this month, I got a chance to see some of them in person, and have them explained by MakerBot VP of Product Anthony Moschella in a cramped demo closet — please excuse the lighting — at the company's booth at CES. Moschella had some things to say about materials, timelines, and what MakerBot is doing to try to salvage its open-source cred, despite being a very willing part of a corporate conspiracy to sell boxes of Martha Stewart-branded extruder filament — as well as a few unremarkable things that the company's ever-vigilant PR overseer decreed Moschella couldn't answer on the record for reasons like agreements between MakerBot parent Stratasys and their suppliers. The good news for owners of recent MakerBot models: they'll be upgradeable to use the new and interesting materials with a part swap, rather than a whole-machine swap (it takes a "smart extruder" rather than the current, dumber one). And the pretty good news for fans of open source, besides that the current generation of MakerBots are all Linux-based computers themselves, is that MakerBot's open API provides a broad path for 3-D makers to interact with the printers. (The bad news is that there's no move afoot to return the machines' guts to open source hardware, like the early generations of MakerBots, but STL files at least don't care whether you ship them to an FSF-approved printer to be made manifest.)
Communications

Mozilla Dusts Off Old Servers, Lights Up Tor Relays 77

Posted by timothy
from the good-citizenship dept.
TechCurmudgeon writes According to The Register, "Mozilla has given the Tor network a capacity kick with the launch of 14 relays that will help distribute user traffic. Engineers working under the Foundation's Polaris Project inked in November pulled Mozilla's spare and decommissioned hardware out of the cupboard for dedicated use in the Tor network. It included a pair of Juniper EX4200 switches and three HP SL170zG6 (48GB ram, 2*Xeon L5640, 2*1Gbps NIC) servers, along with a dedicated existing IP transit provider (2 X 10Gbps). French Mozilla engineer Arzhel Younsi (@xionoxfr) said its network was designed to fall no lower than half of its network capacity in the event of maintenance or failure. The Polaris initiative was a effort of Mozilla, the Tor Project and the Centre for Democracy and Technology to help build more privacy controls into technology."
Data Storage

Former NATO Nuclear Bunker Now an 'Airless' Unmanned Data Center 146

Posted by timothy
from the no-humans-involved dept.
An anonymous reader writes A German company has converted a 1960s nuclear bunker 100 miles from network hub Frankfurt into a state-of-the-art underground data center with very few operators and very little oxygen. IT Vision Technology (ITVT) CEO Jochen Klipfel says: 'We developed a solution that reduces the oxygen content in the air, so that even matches go outIt took us two years'. ITVT have the European Air Force among its customers, so security is an even higher priority than in the average DC build; the refurbished bunker has walls 11 feet thick and the central complex is buried twenty feet under the earth.
Displays

Dell 2015 XPS 13: Smallest 13" Notebook With Broadwell-U, QHD+ Display Reviewed 114

Posted by timothy
from the if-you-can-defy-them-they're-only-guidelines-of-physics dept.
MojoKid writes Dell's 2015 XPS 13 notebook made a splash out at CES this year with its near bezel-less 13-inch QHD+ (3200X1800) display and Intel's new 5th Gen Core series Broadwell-U processor. At 2.8 pounds, the 2015 XPS 13 isn't the absolute lightest 13-inch ultrabook book out there but it's lighter than a 13-inch MacBook Air and only a few ounces heavier than Lenovo's Core M-powered Yoga 3 Pro. The machine's Z dimensions are thin, at .33" up front to .6" at its back edge. However, its 11.98" width almost defies the laws of physics, squeezing a 13.3" (diagonal) display into an 11.98-inch frame making it what is essentially the smallest 13-inch ultrabook to hit the market yet. Performance-wise, this review shows its benchmarks numbers are strong and Intel's Broadwell-U seems to be an appreciable upgrade versus the previous generation architecture, along with lower power consumption.
Data Storage

Proposed Disk Array With 99.999% Availablity For 4 Years, Sans Maintenance 250

Posted by timothy
from the with-enough-disks-all-rooms-are-full dept.
Thorfinn.au writes with this paper from four researchers (Jehan-François Pâris, Ahmed Amer, Darrell D. E. Long, and Thomas Schwarz, S. J.), with an interesting approach to long-term, fault-tolerant storage: As the prices of magnetic storage continue to decrease, the cost of replacing failed disks becomes increasingly dominated by the cost of the service call itself. We propose to eliminate these calls by building disk arrays that contain enough spare disks to operate without any human intervention during their whole lifetime. To evaluate the feasibility of this approach, we have simulated the behaviour of two-dimensional disk arrays with N parity disks and N(N – 1)/2 data disks under realistic failure and repair assumptions. Our conclusion is that having N(N + 1)/2 spare disks is more than enough to achieve a 99.999 percent probability of not losing data over four years. We observe that the same objectives cannot be reached with RAID level 6 organizations and would require RAID stripes that could tolerate triple disk failures.
Android

Embedded Linux Conference Headlined By Drones 22

Posted by Soulskill
from the penguins-can-fly dept.
DeviceGuru writes: The Linux Foundation has released the full agenda for its annual North American Embedded Linux Conference + Android Builders Summit, which takes place Mar. 23-25 in San Jose, Calif. The ELC, which this year is titled Drones, Things, and Automobiles, increasingly reflects new opportunities for Linux in areas such as drones, robots, automotive computers, IoT gizmos, 3D sensing, modular phones, and much more. For those worried that ELC is skimping on the basics as it explores the more colorful sides of Linux, worry not, as there are still plenty of sessions on booting, trace analysis, NAND support, PHY frameworks, power management, defragmenting, systemd, device tree, and toolchain.
Media

Ask Slashdot: Best Medium For Personal Archive? 250

Posted by timothy
from the but-with-8-tracks-you-can-still-lose-7 dept.
An anonymous reader writes What would be the best media to store a backup of important files in a lockbox? Like a lot of people we have a lot of important information on our computers, and have a lot of files that we don't want backed up in the cloud, but want to preserve. Everything from our personally ripped media, family pictures, important documents, etc.. We are considering BluRay, HDD, and SSD but wanted to ask the Slashdot community what they would do. So, in 2015, what technology (or technologies!) would you employ to best ensure your data's long-term survival? Where would you put that lockbox?
Portables

Getting Charged Up Over Chargers at CES (Video) 33

Posted by Roblimo
from the slip-me-some-of-that-juice-Bruce dept.
First we look at Skiva Technology and their Octofire 8-port USB charger that pulled in nearly five times the requested amount from a Kickstarter campaign. (The 'pulled in X times the requested Kickstarter amount' is becoming a common product boast, isn't it?) Then, for MacBook owners who are tired of having their chargers or charger cords break, we take a brief look at the Juiceboxx Charger Case. These two power-oriented products and WakaWaka, which we posted about on January 9, are just a tiny, random sample of the many items in this category that were on display at CES 2015. Timothy was the only Slashdot person working CES, so it's shocking that he managed to cover as many (hopefully interesting) products as he did, considering that even the biggest IT journo mills don't come close to total coverage of the overwhelming muddle CES has become in recent years. (Alternate Video Link)
Bug

NVIDIA GTX 970 Specifications Corrected, Memory Pools Explained 113

Posted by samzenpus
from the under-the-hood dept.
Vigile writes Over the weekend NVIDIA sent out its first official response to the claims of hampered performance on the GTX 970 and a potential lack of access to 1/8th of the on-board memory. Today NVIDIA has clarified the situation again, this time with some important changes to the specifications of the GPU. First, the ROP count and L2 cache capacity of the GTX 970 were incorrectly reported at launch (last September). The GTX 970 has 52 ROPs and 1792 KB of L2 cache compared to the GTX 980 that has 64 ROPs and 2048 KB of L2 cache; previously both GPUs claimed to have identical specs. Because of this change, one of the 32-bit memory channels is accessed differently, forcing NVIDIA to create 3.5GB and 0.5GB pools of memory to improve overall performance for the majority of use cases. The smaller, 500MB pool operates at 1/7th the speed of the 3.5GB pool and thus will lower total graphics system performance by 4-6% when added into the memory system. That occurs when games request MORE than 3.5GB of memory allocation though, which happens only in extreme cases and combinations of resolution and anti-aliasing. Still, the jury is out on whether NVIDIA has answered enough questions to temper the fire from consumers.
Cellphones

Modular Smartphones Could Be Reused As Computer Clusters 82

Posted by samzenpus
from the build-your-own dept.
itwbennett writes The promise of modular smartphones like Google's Project Ara is that buyers will be able to upgrade components at will — and now Finnish company Circular Devices has come up with a use for discarded computing modules, which they're calling Puzzlecluster. Drawings of the Puzzlecluster architecture show a chassis with slots for the reused modules, which can then be interconnected with others to create the cluster. Just one unit could also be used as a desktop computer."
Graphics

Ask Slashdot: GPU of Choice For OpenCL On Linux? 109

Posted by timothy
from the discriminating-tastes dept.
Bram Stolk writes So, I am running GNU/Linux on a modern Haswell CPU, with an old Radeon HD5xxx from 2009. I'm pretty happy with the open source Gallium driver for 3D acceleration. But now I want to do some GPGPU development using OpenCL on this box, and the old GPU will no longer cut it. What do my fellow technophiles from Slashdot recommend as a replacement GPU? Go NVIDIA, go AMD, or just use the integrated Intel GPU instead? Bonus points for open sourced solutions. Performance not really important, but OpenCL driver maturity is.
Mars

NASA Considers Autonomous Martian Helicopter To Augment Future Rovers 83

Posted by timothy
from the imperial-probe-droid dept.
SternisheFan (2529412) writes with this story at the Verge about an approach being considered by NASA to overcome some of the difficulties in moving a wheeled or multi-legged ground vehicle around the surface of Mars, which has proven to be a difficult task. Rover teams still have a tough time with the Martian surface even though they're flush with terrestrial data. The alien surface is uneven, and ridges and valleys make navigating the terrain difficult. The newest solution proposed by JPL is the Mars Helicopter, an autonomous drone that could 'triple the distances that Mars rovers can drive in a Martian day,' according to NASA. The helicopter would fly ahead of a rover when its view is blocked and send Earth-bound engineers the right data to plan the rover's route.
Space

Europe and China Will Team Up For a Robotic Space Mission 39

Posted by timothy
from the actually-the-robots-are-pulling-the-strings dept.
Taco Cowboy writes with this excerpt from Space.com: On Monday (Jan. 19), the Chinese Academy of Sciences (CAS) and the European Space Agency (ESA) issued a call for proposals for a robotic space mission that the two organizations will develop jointly. "The goal of the present Call is to define a scientific space mission to be implemented by ESA and CAS as a cooperative endeavor between the European and Chinese scientific communities," ESA officials wrote in a statement Monday. "The mission selected as an outcome of the present Joint Call will follow a collaborative approach through all the phases: study, definition, implementation, operations and scientific exploitation." The call envisions a low-budget mission, saying that ESA and CAS are each prepared to contribute about 53 million euros (U.S. $61.5 million at current exchange rates). The spacecraft must weigh less than 661 lbs. (300 kilograms) at launch and be designed to operate for at least two to three years, ESA officials wrote in the call for proposals. All proposals are due by March 16, and the peer-review process will start in April. Mission selection is expected to occur in late 2015, followed by six years of development, with a launch in 2021.
Input Devices

Ask Slashdot: Where Can You Get a Good 3-Button Mouse Today? 429

Posted by timothy
from the hiding-with-the-egg-cream dept.
guises writes Ever since mouse wheels were introduced the middle mouse button has been sidelined to an inadequate click-wheel function, or in some cases ditched altogether. This has never sat well with me, a proper middle button is invaluable for pasting, games, and navigation. More than that, my hand categorically rejects two button mice — the dangling ring finger causes me genuine physical discomfort. I have begged Logitech on multiple occasions to make just one, among their many screwy specialty mice, to replace the Mouseman which I loved so dearly. I thought for a moment that I had been answered with the g600, only to find that they had put the right mouse button in the middle.

So my question to Slashdot is: where does a person turn for a three button mouse these days? I've only found two, both ergonomic and priced accordingly. I use the Contour and like the shape and wheel position, but would love to find something wireless and with a higher DPI sensor.
Bug

NVIDIA Responds To GTX 970 Memory Bug 145

Posted by timothy
from the can't-remeber-why-you'upset dept.
Vigile writes Over the past week or so, owners of the GeForce GTX 970 have found several instances where the GPU was unable or unwilling to address memory capacities over 3.5GB despite having 4GB of on-board frame buffer. Specific benchmarks were written to demonstrate the issue and users even found ways to configure games to utilize more than 3.5GB of memory using DSR and high levels of MSAA. While the GTX 980 can access 4GB of its memory, the GTX 970 appeared to be less likely to do so and would see a dramatic performance hit when it did. NVIDIA responded today saying that the GTX 970 has "fewer crossbar resources to the memory system" as a result of disabled groups of cores called SMMs. NVIDIA states that "to optimally manage memory traffic in this configuration, we segment graphics memory into a 3.5GB section and a 0.5GB section" and that the GPU has "higher priority" to the larger pool. The question that remains is should this affect gamers' view of the GTX 970? If performance metrics already take the different memory configuration into account, then I don't see the GTX 970 declining in popularity.