This is the flyer with all the information. do NOT contact me with unsolicited services or offers. post id: 5642593158. posted: 2016-06-18 7:58pm.
from Google Alert - anonymous http://ift.tt/1SbLeh5
via IFTTT
Saturday, June 18, 2016
Orioles: Buck Showalter says Manny Machado will drop his appeal and begin serving 4-game suspension Sunday vs. Blue Jays (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Orioles Video: Jonathan Schoop crushes R.A. Dickey's knuckleball to right for a solo homer in 4-2 win over the Blue Jays (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
An Anonymous Food Company
What should we name our new, protein-packed snack? company_logo. An Anonymous Food Company. 27. days left. $50 x. 5 honors. $150 x.
from Google Alert - anonymous http://ift.tt/1UprDyq
via IFTTT
from Google Alert - anonymous http://ift.tt/1UprDyq
via IFTTT
I have a new follower on Twitter
Anthony Pisapia
#SocEnt, father, husband, building tech, ed, and nonprofit startups. Chief Information and Innovation Officer @ Tower Hill School, Fmr. Head @zipcodewilm
Wilmington, DE
Following: 6350 - Followers: 7657
June 18, 2016 at 04:13PM via Twitter http://twitter.com/anthonypisapia
Orioles reinstate P Yovani Gallardo (shoulder) and SS J.J. Hardy (foot) from DL; P T.J. McFarland optioned to Triple-A (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
[FD] CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion ============================================================================ This information is available in an easier to read format on my blog at http://ift.tt/1UAOsAs With [MS16-063] Microsoft has patched [CVE-2016-0199]: a memory corruption bug in the garbage collector of the JavaScript engine used in Internet Explorer 11. By exploiting this vulnerability, a website can causes this garbage collector to handle some data in memory as if it was an object, when in fact it contains data for another type of value, such as a string or number. The garbage collector code will use this data as a virtual function table (vftable) in order to make a virtual function call. An attacker has enough control over this data to allow execution of arbitrary code. Known affected software and attack vectors
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense
-----BEGIN PGP SIGNED MESSAGE-
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XSS Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238375 Author: Vahagn Vardanyan (ERPScan) Description 1. ADVISORY INFORMATION Title: [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester – XSS vulnerability Advisory ID: [ERPSCAN-16-014] Risk: Medium Advisory URL: http://ift.tt/1Nlf8ym Date published: 08.03.2016 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: XSS Impact: Resource consumption Remotely Exploitable: Yes Locally Exploitable: No CVE-2016-3975 CVSS Information CVSS Base Score v3: 6.1 / 10 CVSS Base Vector: AV : Attack Vector (Related exploit range) Network (N) AC : Attack Complexity (Required attack complexity) Low (L) PR : Privileges Required (Level of privileges needed to exploit) None (N) UI : User Interaction (Required user participation) Required (R) S : Scope (Change in scope due to impact caused to components beyond the vulnerable component) Changed (C) C : Impact to Confidentiality Low (L) I : Impact to Integrity Low (L) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION Anonymous attacker can use a special HTTP request to hijack session data of administrators or users of a web resource. 4. VULNERABLE PACKAGES SAP NetWeaver AS JAVA 7.1 - 7.5 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2238375 6. AUTHOR Vahagn Vardanyan (ERPScan) 7. TECHNICAL DESCRIPTION Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to NavigationURLTester PoC http://SAP:50000/irj/servlet/prt/portal/prteventname/getNavigationURL/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester?navigationTarget=ROLES%3a%2f%2fportal_content%2fadministrator%2fsuper_admin%2fsuper_admin_role%2fcom.sap.portal.system_administration%2fcom.sap.portal.system_admin_ws%2fcom.sap.portal.transport%2fcom.sap.portal.transport_packages%2fcom.sap.portal.wd_admin_studio_export![]()
&portalAlias=&navMode=&queryString=&getNavigationURL=getNavigationURL 8. REPORT TIMELINE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 9. REFERENCES http://ift.tt/1Nlf8ym 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is the most respected and credible Business Application Security provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial and Retail organizations to secure their mission-critical processes. Named as an ‘Emerging Vendor’ in Security by CRN, listed among “TOP 100 SAP Solution providers” and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security, and provide solutions to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both, cyber-attacks as well as internal fraud. Usually our clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to actively monitor and manage security of vast SAP landscapes on a global scale. We ‘follow the sun’ and function in two hubs, located in the Palo Alto and Amsterdam to provide threat intelligence services, agile support and operate local offices and partner network spanning 20+ countries around the globe. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] [ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2234971 Author: Vahagn Vardanyan (ERPScan) Description 1. ADVISORY INFORMATION Title: [ERPSCAN-16-012] SAP NetWeaver AS Java directory traversal vulnerability Advisory ID: [ERPSCAN-16-012] Risk: medium Advisory URL: http://ift.tt/1Nlf8yo Date published: 08.03.2016 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: directory traversal Impact: remotely read file from server Remotely Exploitable: Yes Locally Exploitable: No CVE-2016-3976 CVSS Information CVSS Base Score v3: 7.5 / 10 CVSS Base Vector: AV : Attack Vector (Related exploit range) Network (N) AC : Attack Complexity (Required attack complexity) Low (L) PR : Privileges Required (Level of privileges needed to exploit) None (N) UI : User Interaction (Required user participation) None (N) S : Scope (Change in scope due to impact caused to components beyond the vulnerable component) Changed (C) C : Impact to Confidentiality Low (L) I : Impact to Integrity None (N) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION An authorized attacker can use a special request to read files from the server and then escalate his or her privileges. 4. VULNERABLE PACKAGES SAP NetWeaver AS JAVA 7.1 - 7.5 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2234971 6. AUTHOR Vahagn Vardanyan (ERPScan) 7. TECHNICAL DESCRIPTION An attacker can use an SAP NetWeaver function CrashFileDownloadServlet to read files from the server. PoC GET /XXX/CrashFileDownloadServlet?fileName=..\security\data\SecStore.key Disclaimer: According to the partnership agreement between ERPScan and SAP, our company is not entitled to publish any detailed information about detected vulnerabilities before SAP releases a patch. After the release, SAP suggests respecting an implementation time of three months and asks security researchers to not to reveal any details during this time. However, In this case, the vulnerability allows an attacker to read arbitrary files on a remote server, possibly disclosing confidential information, and many such services are exposed to the Internet. As responsible security researchers, ERPScan team made a decision not to disseminate the full PoC even after the specified time. 8. REPORT TIMELINE Send: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 9. REFERENCES http://ift.tt/1Nlf8yo 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is the most respected and credible Business Application Security provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial and Retail organizations to secure their mission-critical processes. Named as an ‘Emerging Vendor’ in Security by CRN, listed among “TOP 100 SAP Solution providers” and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security, and provide solutions to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both, cyber-attacks as well as internal fraud. Usually our clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to actively monitor and manage security of vast SAP landscapes on a global scale. We ‘follow the sun’ and function in two hubs, located in the Palo Alto and Amsterdam to provide threat intelligence services, agile support and operate local offices and partner network spanning 20+ countries around the globe. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Comet PanSTARRS in the Southern Fish
Now approaching our fair planet this Comet PanSTARRS (C/2013 X1) will come closest on June 21-22, a mere 5.3 light-minutes away. By then its appearance low in northern hemisphere predawn skies (high in the south), will be affected by the light of a nearly Full Moon, though. Still the comet's pretty green coma is about the apparent size of the Full Moon in this telescopic portrait, captured on June 12 from the southern hemisphere's Siding Spring Observatory. The deep image also follows a broad, whitish dust tail up and toward the left in the frame, sweeping away from the Sun and trailing behind the comet's orbit. Buffeted by the solar wind, a fainter, narrow ion tail extends horizontally toward the right. On the left edge, the brightest star is bluish Iota Piscis Austrini. Shining at about fourth magnitude, that star is visible to the unaided eye in the constellation of the Southern Fish. via NASA http://ift.tt/1UDp8G4
Orioles option P Mike Wright to Triple-A Norfolk; owns a 3-4 record in 12 starts with a 6.12 ERA this season (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Dynamic Earth-A New Beginning
The visualization 'Excerpt from "Dynamic Earth"' has been one of the most popular visualizations that the Scientific Visualization Studio has ever created. It's often used in presentations and Hyperwall shows to illustrate the connections between the Earth and the Sun, as well as the power of computer simulation in understanding those connections. There is one part of this visualization, however, that has always seemed a little clumsy to us. The opening shot is a pullback from the limb of the sun, where the sun is represented by a movie of 304 Angstrom images from the Solar Dynamics Observatory (SDO). It is difficult to pull back from the limb of a flat sun image and make the sun look spherical, and the problem was made more difficult because the original sun images were in a spherical dome show format. As a result, the pullback from the sun showed some odd reprojection artifacts. The best solution to this issue was to replace the existing pullout with a new one, one which pulled directly out from the center of the solar disk. For the new beginning, we chose a series of SDO images in the 171 Angstrom channel that show a visible coronal mass ejection (CME) in the lower right corner of the solar disk. Although this is not the specific CME that is seen affecting Venus and Earth later in this visualization, it's presence links the SDO animation thematically to the later solar storm. The SDO images were also brightened considerably and tinted yellow to match the common perception of the Sun as a bright yellow object (even though it is actually white). The original version of this animation is still available as animation 11003. PLease see the page for that version to see the complete credits and metadata for this animation.
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1tuFaeR
via IFTTT
from NASA's Scientific Visualization Studio: Most Recent Items http://ift.tt/1tuFaeR
via IFTTT
Friday, June 17, 2016
I have a new follower on Twitter
AT: Sports US
Part of the FASTEST growing FREE betting/tipping community!! Loads of fantastic OFFERS. AMERICAN SPORTS EXPERT!!
https://t.co/2RyHF1JlEt
Following: 2324 - Followers: 129
June 17, 2016 at 10:59PM via Twitter http://twitter.com/ATSportsUS
MLB: Blue Jays OF Michael Saunders hits his 3rd home run of the game in the 6th inning vs. Orioles; driven in 8 RBIs (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Anonymous user 415cf8
Name, Anonymous user 415cf8. User since, June 16, 2016. Number of add-ons developed, 0 add-ons. Average rating of developer's add-ons, Not yet ...
from Google Alert - anonymous http://ift.tt/1V34mzy
via IFTTT
from Google Alert - anonymous http://ift.tt/1V34mzy
via IFTTT
Orioles: SS J.J. Hardy to be activated from the disabled list either Saturday or Sunday according to Buck Showalter (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
The Pirate Bay Founder Ordered to Pay $395,000 Fine in Lawsuit he didn't even know about
One of the founders of notorious file-sharing website The Pirate Bay has been ordered to pay a fine worth nearly US$400,000 to several major record labels after their content was shared illegally via the platform. The penalty has been imposed on The Pirate Bay co-founder Peter Sunde by a court in Helsinki, Finland. Interestingly, Sunde, who already left the notorious file sharing site in
from The Hacker News http://ift.tt/21qK6g0
via IFTTT
from The Hacker News http://ift.tt/21qK6g0
via IFTTT
Anonymous Posting in Discussions
Requires students to respond to information, ideas, and concepts not personal likes and dislikes within school community. Allows students to share ...
from Google Alert - anonymous http://ift.tt/1W3yAHM
via IFTTT
from Google Alert - anonymous http://ift.tt/1W3yAHM
via IFTTT
Formal Security-Proved Mobile Anonymous Authentication Protocols with Credit-Based ...
In this manuscript, an anonymous authentication scheme will be proposed to protect the security of the network system and the privacy of users.
from Google Alert - anonymous http://ift.tt/1UfOsaN
via IFTTT
from Google Alert - anonymous http://ift.tt/1UfOsaN
via IFTTT
Anonymous hacks ISIS Twitter account, turns it into a gay pride parade
FTA: In response to the Orlando mass shooting, the hacker-activist group known as Anonymous has hacked into dozens of pro-Islamic State of Iraq ...
from Google Alert - anonymous http://ift.tt/1UmzxbI
via IFTTT
from Google Alert - anonymous http://ift.tt/1UmzxbI
via IFTTT
Github accounts Hacked in 'Password reuse attack'
Popular code repository site GitHub is warning that a number of users' accounts have been compromised by unknown hackers reusing email addresses and passwords obtained from other recent data breaches. Yes, GitHub has become the latest target of a password reuse attack after Facebook CEO Mark Zuckerberg and Twitter. According to a blog post published by Shawn Davenport, VP of Security at
from The Hacker News http://ift.tt/1XsXAJn
via IFTTT
from The Hacker News http://ift.tt/1XsXAJn
via IFTTT
Anonymous tip line created in village
NORTH LEWISBURG – Residents who see suspicious activity but want to remain anonymous are asked to use a new tip line in the village.
from Google Alert - anonymous http://ift.tt/1UzqpC4
via IFTTT
from Google Alert - anonymous http://ift.tt/1UzqpC4
via IFTTT
ISS Daily Summary Report – 06/16/16
Autonomous Mission Operations (AMO) Run 3: The crew executed the final of three crew initiated experiment runs by using onboard AMO software to complete the autonomous deactivation and activation of an Expedite the Processing of Experiments to Space Station (EXPRESS) ER7. The AMO investigation tests advanced software and operational concepts to determine how crew members on the ISS can automate spacecraft system with less involvement from the ground support staff. Microbiome Potable Water Collection: The crew completed a water sample collection from the Potable Water Dispenser (PWD) prior to the weekly PWD beverage adapter cleaning. The sample and supporting materials will be stowed in preparation for ambient return. Microbiome investigates the impact of space travel on both the human immune system and an individual’s microbiome (the collection of microbes that live in and on the human body at any given time). Packed Bed Reactor Experiment (PBRE) Water Release Inspection and Lab Video Setup: The crew inspected and cleaned the Microgravity Science Glovebox (MSG) Work Volume (WV) for water released from the PBRE vent hose. They also set up video camcorder for over-the-shoulder view of the MSG high definition (HD) monitor for the ground to view the water separator. The PBRE is used to study the behavior of gases and liquids when they flow simultaneously through a column filled with fixed porous media. The porous media or “packing” can be made of different shapes and materials and are used widely in chemical engineering as a means to enhance the contact between two immiscible fluid phases (e.g., liquid-gas, water-oil, etc.). Human Research Program (HRP) Collections: The crew collected and stowed saliva samples in the Minus Eighty-degree Freezer for ISS (MELFI). These sample collections will be used to support the HRP: Biochem Profile, Repository, and Cardio Ox investigations. Habitability Human Factors Directed Observations: The crew recorded and submitted a walk-through video documenting observations of an area or activity providing insight related to human factors and habitability. The Habitability investigation collects observations about the relationship between crew members and their environment on the International Space Station. Observations during the 1-year mission, as well as 6-month missions, can help spacecraft designers understand how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need. Fine Motor Skills: A series of interactive tasks on a touchscreen tablet were completed for the Fine Motor Skills investigation. This investigation is the first fine motor skills study to measure long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity. External TV Camera Group (ETVCG) Bulb Remove & Replace (R&R): The crew R&Rd the primary light bulb in the ETVCG Light that was brought inside on EVA 28 in preparation for an upcoming EVA. During checkout post R&R, it was found that the electrical leads were connected to the wrong sockets, which upon power-up, created a short. The 6A fuse in the Maintenance Work Area (MWA) power strip failed due to the overcurrent from the short and was replaced, however, it was still unsuccessful. The crew replaced the MWA power strip with a spare unit and the light successfully powered up. Teams are continuing to investigate. Water Mist Portable Fire Extinguishers (PFE) Deploy: The crew successfully deployed six Water Mist PFEs and attached the cue cards on the exterior of the Portable Emergency Provisions (PEP) lockers. This completes deployment of the Water Mist PFEs. Emergency Roles & Responsibilities Review: In preparation for 3-crew operations, the 46S crew reviewed responsibilities in an emergency situation. Some topics covered were Commander responsibilities, crew accountability, accessing the escape vehicle and communication and coordination not only with each other but ground teams as well. Portable Emergency Provisions (PEPS) Inspection: The crew completed this regularly scheduled maintenance to verify that Portable Fire Extinguishers (PFE), Portable Breathing Apparatus (PBA) and Pre-Breathe masks are free of damage, are functional and ready for use. Today’s Planned Activities All activities were completed unless otherwise noted. HRF. Samples Collection and Preparation for Stowage HRF. Insertion of Samples into MELFI OCT Hardware Setup PK4. Copying Data from the Hard Drive Crew Departure Preparation for Return to Earth FINEMOTR. Assistance during the Experiment Installation of an emergency water mist fire extinguisher Preparation of personal items for return EXPRS3. Laptop Hard Drive R&R IMS Conference (S-band) EXPRS3. CLS 10 Laptop Booting Assistance during the LBNP Training / r/g 2532 MELF2. Ice Bricks Installation into MELFI LBNP Training (FINAL) r/g 2532 SEISMOPROGNOZ. Data Transfer from МКСД Hard Drive (start) r/g 2224 Optical Coherence Tomography (ОСТ) – Subject Optical Coherence Tomography (ОСТ) – Operator ER3. Insertion of an SNFM DVD into the Laptop [Aborted] Transfer of Cargo to Progress 431 (DC1) for Disposal. IMS Update / r/g 2435, 2512 AMO2. ER7 Deactivation AMO2. Status Monitoring BIOME. Water Samples Collection AMO2. ER7 Activation OCT Hardware Restow Hardware Unstow for ETVCG Maintenance Food Labeling Personal Medical Kits Packing Sanitary and Hygiene Monitoring (collection of samples from surfaces) r/g 2555 Prepack of USOS Hardware for Transfer into Soyuz Sanitary and Hygiene Monitoring (collection of samples from operators) r/g 2555 PK4. Filling the Chamber with Cleaning Gas / See OPTIMIS Viewer for procedure HABIT. Software Update On MCC Go Deinstallation of ТА251М1Б (ЛКТ2Д3) #1417726325 and ПЗУ Memory Device #1417726934 AMO2. Status Monitoring SEISMOPROGNOZ. Data Transfer from МКСД Hard Drive (end). Archiving (start) r/g 2224 Portable Fire Extinguishers (PFEs) and Portable Breathing Apparatus (PBAs) Inspection Video Greetings / r/g 2557 СОЖ Maintenance Crew Departure Preparation for Return to Earth ESA. Weekly Crew Conference Emergency Roles and Responsibilities Review Transfer of Cargo into Soyuz 719 for Return / r/g 2529 Cleaning of USOS CQ Nets and Filters External Television Camera Group (ETVCG) Bulb R&R FENIKS. Bioekologiya Kits Deinstallation and Transfer to Soyuz / r/g 2542 Reconfiguration of the Ethernet Cable for SM WAP Configuration File Loading Video Hardware Setup in LAB Monitoring of the Habitation Microbial Status / r/g 2554 HRF. Hardware Setup for Blood Samples Collection ER3. Ejection of […]
from ISS On-Orbit Status Report http://ift.tt/21pNbwJ
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/21pNbwJ
via IFTTT
Northern Lights above Lofoten
The Aurora Borealis or northern lights are familiar visitors to night skies above the village of Reine in the Lofoten Islands, Norway, planet Earth. In this scene, captured from a mountaintop camp site, the auroral curtains do seem to create an eerie tension with the coastal lights though. A modern perspective on the world at night, the stunning image was chosen as the over all winner in The World at Night's 2016 International Earth and Sky Photo Contest. Selections were made from over 900 entries highlighting the beauty of the night sky and its battle with light pollution. via NASA http://ift.tt/1Ytwilx
Thursday, June 16, 2016
Orioles Video: Adam Jones clears the Green Monster for a 2-run homer in 5-1 victory over the Red Sox (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Ravens: RB Trent Richardson will have knee scoped after being limited during OTAs on Wednesday (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Assessing Human Error Against a Benchmark of Perfection. (arXiv:1606.04956v1 [cs.AI])
An increasing number of domains are providing us with detailed trace data on human decisions in settings where we can evaluate the quality of these decisions via an algorithm. Motivated by this development, an emerging line of work has begun to consider whether we can characterize and predict the kinds of decisions where people are likely to make errors.
To investigate what a general framework for human error prediction might look like, we focus on a model system with a rich history in the behavioral sciences: the decisions made by chess players as they select moves in a game. We carry out our analysis at a large scale, employing datasets with several million recorded games, and using chess tablebases to acquire a form of ground truth for a subset of chess positions that have been completely solved by computers but remain challenging even for the best players in the world.
We organize our analysis around three categories of features that we argue are present in most settings where the analysis of human error is applicable: the skill of the decision-maker, the time available to make the decision, and the inherent difficulty of the decision. We identify rich structure in all three of these categories of features, and find strong evidence that in our domain, features describing the inherent difficulty of an instance are significantly more powerful than features based on skill or time.
from cs.AI updates on arXiv.org http://ift.tt/1Px4qGf
via IFTTT
Robust Active Perception via Data-association aware Belief Space planning. (arXiv:1606.05124v1 [cs.RO])
We develop a belief space planning (BSP) approach that advances the state of the art by incorporating reasoning about data association (DA) within planning, while considering additional sources of uncertainty. Existing BSP approaches typically assume data association is given and perfect, an assumption that can be harder to justify while operating, in the presence of localization uncertainty, in ambiguous and perceptually aliased environments. In contrast, our data association aware belief space planning (DA-BSP) approach explicitly reasons about DA within belief evolution, and as such can better accommodate these challenging real world scenarios. In particular, we show that due to perceptual aliasing, the posterior belief becomes a mixture of probability distribution functions, and design cost functions that measure the expected level of ambiguity and posterior uncertainty. Using these and standard costs (e.g.~control penalty, distance to goal) within the objective function, yields a general framework that reliably represents action impact, and in particular, capable of active disambiguation. Our approach is thus applicable to robust active perception and autonomous navigation in perceptually aliased environments. We demonstrate key aspects in basic and realistic simulations.
from cs.AI updates on arXiv.org http://ift.tt/1UYUNBq
via IFTTT
Deep Reinforcement Learning Discovers Internal Models. (arXiv:1606.05174v1 [cs.AI])
Deep Reinforcement Learning (DRL) is a trending field of research, showing great promise in challenging problems such as playing Atari, solving Go and controlling robots. While DRL agents perform well in practice we are still lacking the tools to analayze their performance. In this work we present the Semi-Aggregated MDP (SAMDP) model. A model best suited to describe policies exhibiting both spatial and temporal hierarchies. We describe its advantages for analyzing trained policies over other modeling approaches, and show that under the right state representation, like that of DQN agents, SAMDP can help to identify skills. We detail the automatic process of creating it from recorded trajectories, up to presenting it on t-SNE maps. We explain how to evaluate its fitness and show surprising results indicating high compatibility with the policy at hand. We conclude by showing how using the SAMDP model, an extra performance gain can be squeezed from the agent.
from cs.AI updates on arXiv.org http://ift.tt/1YvOQl1
via IFTTT
SQuAD: 100,000+ Questions for Machine Comprehension of Text. (arXiv:1606.05250v1 [cs.CL])
We present a new reading comprehension dataset, SQuAD, consisting of 100,000+ questions posed by crowdworkers on a set of Wikipedia articles, where the answer to each question is a segment of text from the corresponding reading passage. We analyze the dataset in both manual and automatic ways to understand the types of reasoning required to answer the questions, leaning heavily on dependency and constituency trees. We built a strong logistic regression model, which achieves an F1 score of 51.0%, a significant improvement over a simple baseline (20%). However, human performance (86.8%) is much higher, indicating that the dataset presents a good challenge problem for future research.
from cs.AI updates on arXiv.org http://ift.tt/1UYUfeT
via IFTTT
Successor Features for Transfer in Reinforcement Learning. (arXiv:1606.05312v1 [cs.AI])
Transfer in reinforcement learning refers to the notion that generalization should occur not only within a task but also across tasks. Our focus is on transfer where the reward functions vary across tasks while the environment's dynamics remain the same. The method we propose rests on two key ideas: "successor features," a value function representation that decouples the dynamics of the environment from the rewards, and "generalized policy improvement," a generalization of dynamic programming's policy improvement step that considers a set of policies rather than a single one. Put together, the two ideas lead to an approach that integrates seamlessly within the reinforcement learning framework and allows transfer to take place between tasks without any restriction. The proposed method also provides performance guarantees for the transferred policy even before any learning has taken place. We derive two theorems that set our approach in firm theoretical ground and present experiments that show that it successfully promotes transfer in practice.
from cs.AI updates on arXiv.org http://ift.tt/1YvP63w
via IFTTT
Unsupervised Risk Estimation Using Only Conditional Independence Structure. (arXiv:1606.05313v1 [cs.LG])
We show how to estimate a model's test error from unlabeled data, on distributions very different from the training distribution, while assuming only that certain conditional independencies are preserved between train and test. We do not need to assume that the optimal predictor is the same between train and test, or that the true distribution lies in any parametric family. We can also efficiently differentiate the error estimate to perform unsupervised discriminative learning. Our technical tool is the method of moments, which allows us to exploit conditional independencies in the absence of a fully-specified model. Our framework encompasses a large family of losses including the log and exponential loss, and extends to structured output settings such as hidden Markov models.
from cs.AI updates on arXiv.org http://ift.tt/23f7VsK
via IFTTT
On the expressive power of deep neural networks. (arXiv:1606.05336v1 [stat.ML])
We study the expressivity of deep neural networks with random weights. We provide several results, both theoretical and experimental, precisely characterizing their functional properties in terms of the depth and width of the network. In doing so, we illustrate inherent connections between the length of a latent trajectory, local neuron transitions, and network activation patterns. The latter, a notion defined in this paper, is further studied using properties of hyperplane arrangements, which also help precisely characterize the effect of the neural network on the input space. We further show dualities between changes to the latent state and changes to the network weights, and between the number of achievable activation patterns and the number of achievable labellings over input data. We see that the depth of the network affects all of these quantities exponentially, while the width appears at most as a base. These results also suggest that the remaining depth of a neural network is an important determinant of expressivity, supported by experiments on MNIST and CIFAR-10.
from cs.AI updates on arXiv.org http://ift.tt/1tznj7m
via IFTTT
LSTM Neural Reordering Feature for Statistical Machine Translation. (arXiv:1512.00177v3 [cs.CL] UPDATED)
Artificial neural networks are powerful models, which have been widely applied into many aspects of machine translation, such as language modeling and translation modeling. Though notable improvements have been made in these areas, the reordering problem still remains a challenge in statistical machine translations. In this paper, we present a novel neural reordering model that directly models word pairs and alignment. By utilizing LSTM recurrent neural networks, much longer context could be learned for reordering prediction. Experimental results on NIST OpenMT12 Arabic-English and Chinese-English 1000-best rescoring task show that our LSTM neural reordering feature is robust and achieves significant improvements over various baseline systems.
from cs.AI updates on arXiv.org http://ift.tt/1Tt5y0j
via IFTTT
Auxiliary Deep Generative Models. (arXiv:1602.05473v4 [stat.ML] UPDATED)
Deep generative models parameterized by neural networks have recently achieved state-of-the-art performance in unsupervised and semi-supervised learning. We extend deep generative models with auxiliary variables which improves the variational approximation. The auxiliary variables leave the generative model unchanged but make the variational distribution more expressive. Inspired by the structure of the auxiliary variable we also propose a model with two stochastic layers and skip connections. Our findings suggest that more expressive and properly specified deep generative models converge faster with better results. We show state-of-the-art performance within semi-supervised learning on MNIST, SVHN and NORB datasets.
from cs.AI updates on arXiv.org http://ift.tt/1Oh5oUN
via IFTTT
Proving the Incompatibility of Efficiency and Strategyproofness via SMT Solving. (arXiv:1604.05692v3 [cs.GT] UPDATED)
Two important requirements when aggregating the preferences of multiple agents are that the outcome should be economically efficient and the aggregation mechanism should not be manipulable. In this paper, we provide a computer-aided proof of a sweeping impossibility using these two conditions for randomized aggregation mechanisms. More precisely, we show that every efficient aggregation mechanism can be manipulated for all expected utility representations of the agents' preferences. This settles a conjecture by Aziz et al. [2013b] and strengthens a number of existing theorems, including statements that were shown within the special domain of assignment. Our proof is obtained by formulating the claim as a satisfiability problem over predicates from real-valued arithmetic, which is then checked using an SMT (satisfiability modulo theories) solver. To the best of our knowledge, this is the first application of SMT solvers in computational social choice.
from cs.AI updates on arXiv.org http://ift.tt/1SS54hL
via IFTTT
[FD] CVE-2016-5709 - Use of Weak Encryption Algorithm in Solarwinds Virtualization Manager
Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Version(s): < 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th, 2016 Vulnerability Type: Security Misconfiguration CVE Reference: CVE-2016-5709 Risk Level: High CVSSv3 Base Score: 6.0 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) Solution Status: Solution Available Discovered and Provided: Nate Kettlewell, Depth Security ( http://ift.tt/21msDFv )
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Sex, Less Death': Anonymous Hacks ISIS Twitter Accounts, Tweets Gay Pride
In response to the Orlando mass shooting, the hacker-activist group known as Anonymous has hacked into dozens of pro-ISIS Twitter accounts and ...
from Google Alert - anonymous http://ift.tt/266efo5
via IFTTT
from Google Alert - anonymous http://ift.tt/266efo5
via IFTTT
Ravens: Joe Flacco believes he will be under center when training camp begins July 28; sidelined since Nov. knee injury (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
[FD] Stack Overflow in BLAT
Hi Hackers, Greetings from Vishnu (@dh4wk) 1. Vulnerable Product Version: *Blat v3.2.14* Link: blat.net 2. Vulnerability Information Impact: Attacker may gain administrative access / can perform a DOS Remotely Exploitable: No Locally Exploitable: May be possible 3. Product Details An open source Windows (32 & 64 bit) command line SMTP mailer. We can use it to automatically email logs, the contents of a html FORM, or whatever else you need to send. Since blat is lightweight, user friendly and simple (but awesome) many vendors incorporates it with their Softwares. I have seen blat in many commercial Softwares which use it for sending mails to its customers. And Blat is awesome. 4. Vulnerability Description The Overflow vulnerability lies in the profile option parameter “–p”. When a string of 236 bytes is send to blat, the EBP and EIP register gets overwritten by the user input. Reproduction: * blat.exe crashes with this command blat.exe –install smtp.my.tld 127.0.0.1 –p <”A”*234+”B”*2>* Feeding this command overwrites EBP with 0x00410041 and EIP with 0x00420042 (Please refer to the attached screen shot) 5. Links http://ift.tt/1UludWb http://ift.tt/1OsFtRn Regards, Vishnu (@dh4wk)
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Papouch TME Temperature & Humidity Thermometers - Multiple Vulnerabilities
+++++ *Vulnerable Products* 1. Papouch TME Ethernet thermometer 2. Papouch TME multi: Temperature and humidity via Ethernet *All versions affected* *TME - Ethernet Thermometer* http://ift.tt/260eODo *TME multi: Temperature and humidity via Ethernet* http://ift.tt/23ejAI0 *Vulnerability Details* *1. Weak Credentials Management* Device have three security levels – user (temperature viewing) and administrator (configuration), superadmin (sensor calibration). Each level has own password. *Issue* According to device manual, Superadmin password cannot be cleared. The default password is 1234. This level allows you to access all settings including sensor calibration. -> The application does not allow/enforce a mandatory, password change from default to strong password values. *2. Authentication Issues & Sensitive Information Leakage* By default, password authentication is not enabled on Telnet access. Telnet service runs on TCP 9999. Telnet to 9999t drops in setup mode and gives access to device configuration. Configuration reveals administrative password in clear-text without any authentication. Anyone can then use this password to gain administrative access to the device. -> Telnet access must have authentication enabled by default, a mandatory password change must be enforced, and any login passwords and SNMP community strings must be hidden/masked/censured. *3. Vulnerable to Cross-Site Request Forgery* In Device Management portal, there is no CSRF Token generated per page and / or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. *Overall Impact* AFAIK, these products are typically used for monitoring temperatures in Data Center, Fuel Tanks, Heating system monitoring, AC failure monitoring, or performing Food / grain storage temperature monitoring etc. Therefore, impact due to device compromise can be severe depending upon the utility & environment where they are deployed. +++++
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Blindspot Advisory: HTTP Header Injection in Python urllib
Python's built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. "smuggling" attacks) via the http scheme. If an attacker could convince a Python application using this library to fetch an arbitrary URL, or fetch a resource from a malicious web server, then these injections could allow for a great deal of access to certain internal services. URLs of the following form allow injection into the HTTP stream: http://127.0.0.1%0d%0aX-injected:%20header%0d%0ax-leftover:%20:12345/foo http://localhost%00%0d%0ax-bar:%20:12345/foo More details here: http://ift.tt/1XXmPEE Thank you, tim
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
VNCserver - with anonymous TLS certificate?
Hi! My tigerVNC client (and I ;-) ) would like to connect to raspi VNC server with TLS. Is there any way to make that happen? Kind regards anazazi.
from Google Alert - anonymous http://ift.tt/1Q8ecEq
via IFTTT
from Google Alert - anonymous http://ift.tt/1Q8ecEq
via IFTTT
Allow for anonymous users to remove csrf token, remove members_only wiget?
I wanted to remove some token from add to cart forms even for anonymous users and I realised that eventhough anonymous (for now) is the only role ...
from Google Alert - anonymous http://ift.tt/1UQsVCo
via IFTTT
from Google Alert - anonymous http://ift.tt/1UQsVCo
via IFTTT
Anonymous spam Isis with gay porn after Orlando attack
Anonymous members have hijacked a number of Isis Twitter accounts in response to the Orlando shooting this weekend; replacing jihadist content ...
from Google Alert - anonymous http://ift.tt/1UAA47c
via IFTTT
from Google Alert - anonymous http://ift.tt/1UAA47c
via IFTTT
Show available plans to anonymous users
It looks like subscription plans can only be listed on the following page: /user/USER_ID/subscription/signup So that means users must be logged in to ...
from Google Alert - anonymous http://ift.tt/1UWvwrI
via IFTTT
from Google Alert - anonymous http://ift.tt/1UWvwrI
via IFTTT
Wednesday, June 15, 2016
International artists overtake Copper Mountain for Altitude Anonymous music festival
Off the slopes and into the clubs, Copper Mountain Resort will be transformed this weekend as international DJs head to the county for the third annual ...
from Google Alert - anonymous http://ift.tt/1UPVfET
via IFTTT
from Google Alert - anonymous http://ift.tt/1UPVfET
via IFTTT
ISS Daily Summary Report – 06/15/16
Cygnus Spacecraft Fire Experiment-I (Saffire-I) Operations: Yesterday, Saffire-1 successfully completed the first of two phases when a flame experiment was performed inside the Cygnus vehicle after departing the ISS. Today began the second phase which consists of retrieving experiment data via downlink passes at various ground sites. Because fire is extremely dangerous on a spacecraft, most controlled flame growth experiments have been limited to small sizes. Instruments measure flame growth and oxygen use, improving understanding of fire growth in microgravity and safeguarding future space missions. Dose Distribution Inside the ISS – 3D (DOSIS 3D): The European Space Agency’s (ESA’s) DOSIS 3D passive detectors were de-installed from the Columbus module. Data from the various active and passive radiation detectors installed in the ISS are used to measure radiation field parameters such as absorbed dose, particle influence and Linear Energy Transfer (LET) spectra as well as dose equivalent at different locations inside the ISS using passive and active measurement devices. Human Research Program (HRP) Collections: The crew collected saliva samples and stowed them in the Minus Eighty-degree Freezer for ISS (MELFI). These sample collections are used to support the following HRP investigations: Biochem Profile, Repository, and Cardio Ox. Microgravity Experiment Research Locker Incubator (MERLIN) Desiccant Kit Installation: Eight desiccant packs were installed inside the MERLIN which provides a single middeck locker-sized Expedite the Processing of Experiments to Space Station (EXPRESS) Rack compatible freezer/refrigerator or incubator that can be used for a variety of experiments. Fine Motor Skills: The crew completed a series of interactive tasks for the Fine Motor Skills investigation. This investigation is the first fine motor skills study to measure long-term microgravity exposure, different phases of microgravity adaptation, and sensorimotor recovery after returning to Earth gravity. Dose Tracker: The crew completed entries for medication tracking. This investigation documents the medication usage of crew members before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data is expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions. Extravehicular Mobility Unit (EMU) Cooling Loop Maintenance: The crew completed ionic and particulate filtration (scrubbing) and biocidal maintenance (iodination) of EMUs 3003 and 3010 and Airlock cooling water loops. These activities are part of nominal 90-day maintenance requirements. Urine Processor Assembly (UPA) and Water Processor Assembly (WPA) Status: Overnight both UPA and WPA completed their process cycles and the Waste and Hygiene Compartment (WHC) was configured to UPA. UPA conductivity was still elevated and oscillating during the first part of the run before it was able to stay in process consistently. Teams are reviewing data from the runs. 45 Soyuz (45S) Undock Preparations: The 45S crew performed descent training in preparation for 45S undock and landing this Saturday. 45S performed a nominal thruster test in preparation for departure. Today’s Planned Activities All activities were completed unless otherwise noted. HRF – sample collection and prep for stow Check status of fuses in MRM1 on БПП-4, БПП-7 by LED indication HRF- Insertion of samples into MELFI Close shutters of windows № 6,8,9,12,13,14 in SM/ r/g 6965 Search of NeST SSD memory device RADIOSKAF. Deactivation of «TOMSK- TPU 120” nano satellite from charging unit and stowage r/g 2530 DOSETRK – questionnaire fill out Emergency Book Update Close USOS windows shutters PK4- Hard drive data copying Crew Departure Preparations for Return to Earth п On MCC GO Water transfer from Progress №432 tank БВ2 (on [АО] aggregate compartment) into ЕДВ r/g 2541 EMU SS cooling loop scrubbing (start) Final configuration of EWC WAP access point and stowage of WAP SM FINEMOTR- Experiment run PBRE – Water Purification [АСУ] toilet activation in Soyuz №719 Replace urine receptacle МП #0950040and filter insert in АСУ [АСУ] activation after replacement Soyuz 719 СУДН test prior to undock r/g 2538 Preparation of US equipment for stowage in Soyuz SOZh maintenance Install radiation monitors ARED – clean flywheel cylinder DOSIS. Transfer DOSIS 3D kit to be returned to the ground / r/g 2546 Handover DOS3D dosimeters to RS to be placed into payload container and be returned in Soyuz Downlink log-file ТВМ1-Н via RSS2 r/g 2550 Crew Departure Preparations for Return to Earth MATRESHKA-R. Remove СПД passive assemblies to be returned in Soyuz / r/g 2545 РК4 – experiment run / See OPTIMIS Viewer for Procedure Water sampling after EMU SS cooling loop scrubbing EMU SS – connectivity test MATRESHKA-R. Remove napkins and towels from protection curtain in starboard cabin r/g 2545 DOS3D – remove 3D passive sensors in Columbus LBNP assist / r/g 2532 LBNP session (FINAL) r/g 2532 Check positioning of ИП-1 sensors Camera installation in LAB for feeding to RWS monitor 3 РК4 – Experiment Run Reconfigure equipment for cleaning EMU SS cooling loop scrubbing Stow personal medical kits Soyuz 719 descent simulation r/g 2539, 2544 DUBRAVA. Observation and photography with [ВСС] equipment / r/g 2548 Progress 432 (on [АО]) cargo ops and IMS update / r/g 1812, 1832 EMU reconfig IMS update PAO Hardware Preparation EMU SPACE SUIT – Long Drying DOSETRK- – questionnaire Video downlink – terminate RWS deactivation Pille dosimeters reading / r/g 2540 Crew prep for PAO PAO Replace flash-card of Pille equipment r/g 2540 Stow syringes used in H2O connectivity test Sprint Exercise- at crew’s discretion KONTENT. Experiment run / r/g 2537 On MCC GO Closeout ops after Progress №432 RODNIK tank БВ2 compression (on [АО]) Greetings video recording / r/g 2547 MERLIN – Desiccant Change out Completed Task List Items iPAD cert update [Active] Ground Activities All activities were completed unless otherwise noted. EMU operations Nominal ground commanding Three-Day Look Ahead: Thursday, 06/16: JEM stowage wire kit install, Emergency R&R review, Neuro Mapping Friday, 06/17: Change of Command, […]
from ISS On-Orbit Status Report http://ift.tt/1ZSyXny
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1ZSyXny
via IFTTT
I have a new follower on Twitter
Elizabeth Fleming
Following: 3689 - Followers: 24
June 15, 2016 at 09:57PM via Twitter http://twitter.com/_harvey34
Impossibility in Belief Merging. (arXiv:1606.04589v1 [cs.AI])
With the aim of studying social properties of belief merging and having a better understanding of impossibility, we extend in three ways the framework of logic-based merging introduced by Konieczny and Pino P\'erez. First, at the level of representation of the information, we pass from belief bases to complex epistemic states. Second, the profiles are represented as functions of finite societies to the set of epistemic states (a sort of vectors) and not as multisets of epistemic states. Third, we extend the set of rational postulates in order to consider the epistemic versions of the classical postulates of Social Choice Theory: Standard Domain, Pareto Property, Independence of Irrelevant Alternatives and Absence of Dictator. These epistemic versions of social postulates are given, essentially, in terms of the finite propositional logic. We state some representation theorems for these operators. These extensions and representation theorems allow us to establish an epistemic and very general version of Arrow's Impossibility Theorem. One of the interesting features of our result, is that it holds for different representations of epistemic states; for instance conditionals, Ordinal Conditional functions and, of course, total preorders.
from cs.AI updates on arXiv.org http://ift.tt/1rqVHPC
via IFTTT
Deep Reinforcement Learning With Macro-Actions. (arXiv:1606.04615v1 [cs.LG])
Deep reinforcement learning has been shown to be a powerful framework for learning policies from complex high-dimensional sensory inputs to actions in complex tasks, such as the Atari domain. In this paper, we explore output representation modeling in the form of temporal abstraction to improve convergence and reliability of deep reinforcement learning approaches. We concentrate on macro-actions, and evaluate these on different Atari 2600 games, where we show that they yield significant improvements in learning speed. Additionally, we show that they can even achieve better scores than DQN. We offer analysis and explanation for both convergence and final results, revealing a problem deep RL approaches have with sparse reward signals.
from cs.AI updates on arXiv.org http://ift.tt/1rqV60t
via IFTTT
Natural Language Generation as Planning under Uncertainty Using Reinforcement Learning. (arXiv:1606.04686v1 [cs.CL])
We present and evaluate a new model for Natural Language Generation (NLG) in Spoken Dialogue Systems, based on statistical planning, given noisy feedback from the current generation context (e.g. a user and a surface realiser). We study its use in a standard NLG problem: how to present information (in this case a set of search results) to users, given the complex trade- offs between utterance length, amount of information conveyed, and cognitive load. We set these trade-offs by analysing existing MATCH data. We then train a NLG pol- icy using Reinforcement Learning (RL), which adapts its behaviour to noisy feed- back from the current generation context. This policy is compared to several base- lines derived from previous work in this area. The learned policy significantly out- performs all the prior approaches.
from cs.AI updates on arXiv.org http://ift.tt/1WO6HV5
via IFTTT
Strategic Attentive Writer for Learning Macro-Actions. (arXiv:1606.04695v1 [cs.AI])
We present a novel deep recurrent neural network architecture that learns to build implicit plans in an end-to-end manner by purely interacting with an environment in reinforcement learning setting. The network builds an internal plan, which is continuously updated upon observation of the next input from the environment. It can also partition this internal representation into contiguous sub- sequences by learning for how long the plan can be committed to - i.e. followed without re-planing. Combining these properties, the proposed model, dubbed STRategic Attentive Writer (STRAW) can learn high-level, temporally abstracted macro- actions of varying lengths that are solely learnt from data without any prior information. These macro-actions enable both structured exploration and economic computation. We experimentally demonstrate that STRAW delivers strong improvements on several ATARI games by employing temporally extended planning strategies (e.g. Ms. Pacman and Frostbite). It is at the same time a general algorithm that can be applied on any sequence data. To that end, we also show that when trained on text prediction task, STRAW naturally predicts frequent n-grams (instead of macro-actions), demonstrating the generality of the approach.
from cs.AI updates on arXiv.org http://ift.tt/1rqVvzZ
via IFTTT
Safe Exploration in Finite Markov Decision Processes with Gaussian Processes. (arXiv:1606.04753v1 [cs.LG])
In classical reinforcement learning, when exploring an environment, agents accept arbitrary short term loss for long term gain. This is infeasible for safety critical applications, such as robotics, where even a single unsafe action may cause system failure. In this paper, we address the problem of safely exploring finite Markov decision processes (MDP). We define safety in terms of an, a priori unknown, safety constraint that depends on states and actions. We aim to explore the MDP under this constraint, assuming that the unknown function satisfies regularity conditions expressed via a Gaussian process prior. We develop a novel algorithm for this task and prove that it is able to completely explore the safely reachable part of the MDP without violating the safety constraint. To achieve this, it cautiously explores safe states and actions in order to gain statistical confidence about the safety of unvisited state-action pairs from noisy observations collected while navigating the environment. Moreover, the algorithm explicitly considers reachability when exploring the MDP, ensuring that it does not get stuck in any state with no safe way out. We demonstrate our method on digital terrain models for the task of exploring an unknown map with a rover.
from cs.AI updates on arXiv.org http://ift.tt/1WO6Pnu
via IFTTT
Category theoretic foundation of single-photon-based decision making. (arXiv:1602.08199v2 [physics.optics] UPDATED)
Decision making is a vital function in the age of machine learning and artificial intelligence; however, its physical realizations and their theoretical fundamentals are not yet known. In our former study, we demonstrated that single photons can be used to make decisions in uncertain, dynamically changing environments. The multi-armed bandit problem was successfully solved using the dual probabilistic and particle attributes of single photons. Herein, we revolutionize how decision making is comprehended via a category theoretic viewpoint; we present the category theoretic foundation of the single-photon-based decision making, including quantitative analysis that agrees well with the experimental results. The category theoretic model unveils complex interdependencies of the entities of the subject matter in the most simplified manner, including a dynamically changing environment. In particular, the octahedral structure and the braid structure in triangulated categories provide clear understandings and quantitative metrics of the underlying mechanisms for the single-photon decision maker. This is the first demonstration of a category theoretic interpretation of decision making, and provides a solid understanding and a design fundamental for machine learning and artificial intelligence.
from cs.AI updates on arXiv.org http://ift.tt/1oIavbK
via IFTTT
Ravens: Elvis Dumervil underwent offseason foot surgery, expects to be ready at some point during training camp (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
MLB: Steven Wright (AL-best 2.09 ERA) takes the mound for the Red Sox against the Orioles; watch live in the ESPN App (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
MLB: Steven Wright (AL-best 2.09 ERA) takes the mound for the Red Sox against the Orioles; watch live in the ESPN App (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Anonymous Safety Hotline
Dial the NIH Clinical Center. Anonymous Safety Hotline. 1-866-444-8811. For more information, please contact the NIH CC Office of Patient Safety and ...
from Google Alert - anonymous http://ift.tt/1Puy0Mx
via IFTTT
from Google Alert - anonymous http://ift.tt/1Puy0Mx
via IFTTT
build failure: error: use of deleted function '{anonymous}::Block::Block(const {anonymous}::Block&)'
[with ArgTypes = {}; T = {anonymous}::Block]' /home/sachs/src/julia-master/src/cgmemmgr.cpp:597:32: required from 'void* ...
from Google Alert - anonymous http://ift.tt/1Pur0za
via IFTTT
from Google Alert - anonymous http://ift.tt/1Pur0za
via IFTTT
I have a new follower on Twitter
Delayla Uilkinson
Meow! Let's have some fun? I'm here (my login same in tw) - https://t.co/v0hlMvJryA
Following: 800 - Followers: 4
June 15, 2016 at 03:30PM via Twitter http://twitter.com/pankratiigolub1
How to Hack Someones Facebook Account Just by Knowing their Phone Numbers
Hacking Facebook account is one of the major queries on the Internet today. It's hard to find — how to hack Facebook account, but researchers have just proven by taking control of a Facebook account with only the target's phone number and some hacking skills. Yes, your Facebook account can be hacked, no matter how strong your password is or how much extra security measures you have taken. No
from The Hacker News http://ift.tt/24R8U1u
via IFTTT
from The Hacker News http://ift.tt/24R8U1u
via IFTTT
Orioles: Chris Davis doles out his class superlatives for the roster, including naming Darren O'Day the class clown (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
[FD] Microsoft Visio multiple DLL side loading vulnerabilities
--------------------------------------------------------------------
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
help enable accesspress anonymous post through smartphone
first of all accesspress anonymous post is great plugin it work fine while using pc for posting. my problem is i cant upload post anonymous by use of ...
from Google Alert - anonymous http://ift.tt/23ajam4
via IFTTT
from Google Alert - anonymous http://ift.tt/23ajam4
via IFTTT
Anonymous Donor Creates Women's Giving Initiative Challenge
Anonymous Donor Creates Women's Giving Initiative Challenge. Published on 15 June 2016. The Women's Giving Initiative (WGI) is a group of ...
from Google Alert - anonymous http://ift.tt/28EIO6A
via IFTTT
from Google Alert - anonymous http://ift.tt/28EIO6A
via IFTTT
[FD] Siklu EtherHaul Hidden ‘root’ Account
[+] Credits: Ian Ling [+] Website: iancaling.com [+] Source: http://ift.tt/1UUAgOu Vendor: ================= www.siklu.com/ Product: ====================== -EtherHaul EH-1200F/FX/TX, EH-2200F/FX, EH-600T/TL -EtherHaul EH-1200/TL Vulnerability Type: =================== Default Root Account CVE Reference: ============== N/A Vulnerability Details: ===================== Siklu EtherHaul radios have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both ssh and the device’s web interface and grants access to the underlying embedded Linux shell on the device, allowing full control over it. See source above for details on how the password was found. Affected versions: -EtherHaul EH-1200F/FX/TX, EH-2200F/FX, EH-600T/TL < 6.9.0 -EtherHaul EH-1200/TL ALL VERSIONS Impact: The remote attacker has full control over the device, including shell access. This can lead to packet sniffing and tampering, denial of service, and even damage to the device ("bricking"). Disclosure Timeline: =================================== Vendor Notification: December 2, 2015 Public Disclosure: June 2, 2016 Exploitation Technique: ======================= Remote Severity Level: ================ Critical
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] CVE-2016-3642 - Java Deserialization in Solarwinds Virtualization Manager 6.3.1
Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Version(s): < 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th, 2016 Vulnerability Type: Deserialization of Untrusted Data [CWE-502] CVE Reference: CVE-2016-3642 Risk Level: High CVSSv2 Base Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Solution Status: Solution Available Discovered and Provided: Nate Kettlewell, Depth Security ( http://ift.tt/21msDFv )
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Is it suitable for anonymous users notifications
I thought I had a very simple and common use case, but I couldn't find any simple solution to achieve it. I want to setup anonymous notifications for a ...
from Google Alert - anonymous http://ift.tt/1UjBHsB
via IFTTT
from Google Alert - anonymous http://ift.tt/1UjBHsB
via IFTTT
[FD] CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager
Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Version(s): < 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th, 2016 Vulnerability Type: Security Misconfiguration CVE Reference: CVE-2016-3643 Risk Level: High CVSSv3 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C/CR:M/IR:M/AR:M/MAV:L/MAC:L/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H) Solution Status: Solution Available Discovered and Provided: Nate Kettlewell, Depth Security ( http://ift.tt/21msDFv )
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager
Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Version(s): < 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th, 2016 Vulnerability Type: Security Misconfiguration CVE Reference: CVE-2016-3643 Risk Level: High CVSSv2 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C/CR:M/IR:M/AR:M/MAV:L/MAC:L/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H) Solution Status: Solution Available Discovered and Provided: Nate Kettlewell, Depth Security ( http://ift.tt/21msDFv )
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Java Deserialization in Solarwinds Virtualization Manager 6.3.1
Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Version(s): < 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th, 2016 Vulnerability Type: Deserialization of Untrusted Data [CWE-502] CVE Reference: CVE-2016-3642 Risk Level: High CVSSv2 Base Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Solution Status: Solution Available Discovered and Provided: Nate Kettlewell, Depth Security ( http://ift.tt/21msDFv )
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
US charges Chinese ex-IBM employee with Espionage
The United States federal authorities have boosted charges against a former IBM Corp. software developer in China for allegedly stealing valuable source code from his former employer in the US. Chinese national Xu Jiaqiang, 30, was arrested by the FBI in December last year, when he was charged with just one count of theft of a trade secret. However, Jiaqiang has been charged with six counts:
from The Hacker News http://ift.tt/28EcBw6
via IFTTT
from The Hacker News http://ift.tt/28EcBw6
via IFTTT
ISS Daily Summary Report – 06/14/16
Cygnus Departure: Cygnus unberthed nominally from the ISS at 6:45AM CDT with release at 8:35AM CDT. Post departure science objectives including Saffire, NanoRacks CubeSat deployments, and ReEntry Breakup Recorder – Wireless (REBR-W) are scheduled to occur prior to re-entry on June 22. Saffire-I intentionally lights a large-scale fire inside the empty Cygnus resupply vehicle after it leaves the ISS and before it re-enters Earth’s atmosphere. Because fire is extremely dangerous on a spacecraft, most previous controlled flame experiments have been limited to small sizes. Subsequent experiment data downloads can take up to eight days to complete. The NanoRacks CubeSat Deployer- External (NRCSD-E) is a ground loaded launch case designed to be mounted externally and deploy cubesats from a free-flying spacecraft. REBR-W is a cost-effective system that rides a re-entering space vehicle, records data during the re-entry and breakup of the vehicle, and returns the data for analysis. Understanding how vehicles behave during atmospheric reentry gives future spacecraft developers unique information that can enhance design efficiencies and safety. Spacecraft Fire Experiment-I (Saffire-I) Operations: Following the unberth of OA-6 from the International Space Station (ISS), Saffire-I began the first of two phases by turning on the power to the experiment avionics, initiating the experiment run, and recording and compressing the resulting data. The second phase is composed of data downloads which could take up to eight days to complete. Microbiome: The crew collected several samples from various physical surfaces before stowing the samples in MELFI (Minus Eighty-degree Freezer for ISS). Microbiome investigates the impact of space travel on both the human immune system and an individual’s microbiome (the collection of microbes that live in and on the human body at any given time). Manufacturing Device Print Removal: The crew removed and stowed a recently printed 3D object and cleaned the extruder print nozzle. The Manufacturing Device hardware consists of a single EXPRESS locker equivalent which houses a 3D printer and associated hardware. Microgravity Experiment Research Locker Incubator (MERLIN) Desiccant Kit Removal: Eight desiccant packs were removed and discarded from inside MERLIN and the MERLIN door was partially opened for a 24-hour dryout period. The MERLIN provides a single middeck locker-sized Expedite the Processing of Experiments to Space Station (EXPRESS) Rack compatible freezer/refrigerator or incubator that can be used for a variety of experiments. Dose Tracker: The crew completed entries for medication tracking today. This investigation documents the medication usage of crew members before and during their missions by capturing data regarding medication use during spaceflight, including side effect qualities, frequencies and severities. The data is expected to either support or counter anecdotal evidence of medication ineffectiveness during flight and unusual side effects experienced during flight. It is also expected that specific, near-real-time questioning about symptom relief and side effects will provide the data required to establish whether spaceflight-associated alterations in pharmacokinetics (PK) or pharmacodynamics (PD) is occurring during missions. External robotics operations: Robotics ground controllers unberthed Cygnus from the Node 1 Nadir (N1N) Common Berthing Mechanism (CBM) and manuevered it to the release position using the Space Station Remote Manipulator System (SSRMS). The ISS crew then released the vehicle and backed the SSRMS away. Following Cygnus departure, ground controllers maneuvered the SSRMS to a park position. They then de-configured the MSS from Hot Backup and supported a video survey of the N1N CBM. Urine Processor Assembly (UPA) High Conductivity Fault – This morning UPA faulted due to high conductivity. This is the first process cycle since UPA was shut down due to erratic conductivity of the urine distillate. UPA was recovered and is currently processing. Node 3 Forward Hatch Handle Guide Install – Today the crew completed the Node 3 Forward hatch handle guide installation. Oxygen Generator System (OGS) Recirculation Loop Sample and Activated Carbon/Ion Exchange (ACTEX) Cartridge Replacement – The crew performed sample draws of the OGS recirculation loop for return and replaced the ACTEX cartridge. The loop sample is performed every 180 days, and the ACTEX cartridge is changed out every 730 days. Today’s Planned Activities All activities were completed unless otherwise noted. Samples Collection in CQs using CDM HRF. Samples Collection and Preparation for Stowage HRF. Insertion of Samples into MELFI BIOME. Samples Collection HRF. Insertion of Samples into MELFI Checking the Results of Antivirus Scanning on [ВКС] Laptops / r/g 8247 OTKLIK. Hardware Monitoring / r/g 1588 HMS. Vision Test Closing of USOS Windows Shutters ISS Ham Video Deactivation Cygnus-Node1 Vestibule Depressurization – Part 1 СОЖ Maintenance HMS. Vision Questionnaire Functionality Check of RSE-Med USB ports r/g 2517 HMS. Hardware Setup prior to Tonometry Test DOSETRK Questionnaire Tonometry Test – CMO Photography of the Window in the Descent Module ([СА]) of Soyuz 720 in Plane IV / r/g 2511 Tonometry Test – Subject UDOD. Experiment Ops with DYKHANIYE-1 and SPRUT-2 Kits r/g 2506 Tonometry Hardware Restow MERLIN Desiccant Kit Removal Removal, Cleaning and Stow of the Item Printed on the 3D Printer UDOD. Photography during the Experiment / r/g 2505 Cygnus-Node1 Vestibule Depressurization – Part 2 LAB Camcorder Setup on LAB RWS Monitor 3 Transfer of Cargo to Soyuz 719 for Return / r/g 2529 Cygnus. PCS Command and PROX Link Verification Inflight Maintenance. Hatch Guide Installation Water Recovery Management (WRM) Condensate Transfer (start) Node 1 Nadir- Common Berthing Mechanism (CBM) Demate J-ITCS. ITCS Coolant Sampling Adapter Installation Soyuz 720 IRIDIUM Telephone Setup and Charging (start) Soyuz 720 IRIDIUM Telephone – Monitoring Battery Charge Water Recovery Management (WRM) Condensate Transfer (end) Soyuz 720 IRIDIUM Telephone Charging (end) CBEF. Reconfiguration Cygnus-Node1 Vestibule Depressurization – Part 3 DRAGON. Cargo Transfer Ops Inflight Maintenance (IFM) Oxygen Generation System (OGS) Hardware Gather OGS. ACTEX Cartridge Flushing Crew Departure Prepartion for Return to Earth SSRMS. Cygnus Release Control RELAKSATSIYA. Hardware Setup r/g 2510 TV Downlink Test via Ku-band in MPEG-2 prior to Soyuz 731 Docking to the ISS Inflight Maintenance. OGS Internal ACTEX Cartridge R&R Soyuz 719 IRIDIUM Telephone Charging (start) / Communication System [PТК] Cygnus. PROX Power Off RELAKSATSIYA. Setting Parameters r/g 2510 PILOT-T. Experiment […]
from ISS On-Orbit Status Report http://ift.tt/1Q40vpV
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1Q40vpV
via IFTTT
Android Ransomware now targets your Smart TV, Too!
Do you own a Smartwatch, Smart TV, Smart fridge, or any Internet-connected smart device? If your answer is yes, then you need to know the latest interest of the cyber criminals in the field of Internet of Things. Ransomware! After targeting hospitals, universities, and businesses, Ransomware has started popping up on Smart TV screens. A new version of the Frantic Locker (better known as
from The Hacker News http://ift.tt/1ZQhk7W
via IFTTT
from The Hacker News http://ift.tt/1ZQhk7W
via IFTTT
[FD] FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability
Document Title: =============== FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability References (Source): ==================== http://ift.tt/1Vp7B8k Fortinet PSIRT ID: 1624561 Release Notes #1: http://ift.tt/1rpgdjF Release Notes #2: http://ift.tt/25X4c8e Release Notes #3: http://ift.tt/1rpfA9Y Release Date: ============= 2016-06-15 Vulnerability Laboratory ID (VL-ID): ==================================== 1687 Common Vulnerability Scoring System: ==================================== 3.7 Product & Service Introduction: =============================== FortiManager appliances allow you to centrally manage any number of Fortinet devices, from several to thousands, including FortiGate®, FortiWiFi™, FortiCarrier™, FortiMail™ and FortiAnalyzer™ appliances and virtual appliances, as well as FortiClient™ endpoint security agents. You can further simplify control and management of large deployments by grouping devices and agents into administrative domains (ADOMs). The FortiManager family of management appliances provides centralized policy-based provisioning, device configuration, and update management for FortiGate, FortiWiFi, and FortiMail appliances, and FortiClient end-point security agents, plus end-to-end network monitoring and device control. FortiManager delivers a lower TCO for Fortinet implementations by minimizing both initial deployment costs and ongoing operating expenses. Control administrative access and simplify policy deployment using role-based administration to define user privileges for specific management domains and functions, and aggregating collections of Fortinet appliances and agents into independent management domains. In addition, by locally hosting security content updates for managed devices and agents, FortiManager appliances minimize Web filtering rating request response time and maximize network protection. (Copy of the Vendor Homepage: http://ift.tt/225kwMQ ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a persistent web validation vulnerability in the official Fotinet FortiManager and FortiAnalyzer appliance product series. Vulnerability Disclosure Timeline: ================================== 2016-01-25: Researcher Notification & Coordination (Marco Onorati - Evolution Security GmbH) 2016-01-26: Vendor Notification (FortiGuard Security Team) 2016-02-10: Vendor Response/Feedback (FortiGuard Security Team) 2016-02-17: Vendor Fix/Patch #1 (Fortinet Service Developer Team) 2016-05-08: Vendor Fix/Patch #2 (Fortinet Service Developer Team) 2016-06-16: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Fortinet Product: FortiManager - Appliance (Web-Application) 200D, 300D, 1000D, 3900E, 4000E, Virtual Appliances Versio Fortinet Product: FortiManager - Appliance (Web-Application) Legacy - 100, 100C, 400A, 400B, 400C, 1000C, 3000C & 4000 Fortinet Product: FortiAnalyzer - Appliance (Web-Application) 200D, 300D, 1000D, 2000D, 3000E, 3500E, 3900E, VM Base & VM Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A persistent input validation web vulnerability and filter bypass issue has been discovered in the official Fotinet FortiManager and FortiAnalyzer appliance product series. The application-side web vulnerability allows remote attackers to inject own malicious script codes on the application-side of the affected modules context. The vulnerability is located in the `filename` value of the ` Layout Header [Header Image]` module. Remote attackers with low privileged web-application user accounts are able to inject own malicious script codes on the application-side of the affected ` Advanced Settings - Advanced Settings - Layout Header` module. The request method to inject is POST and the issue is located on the application-side of the fortimanager/fortianalyzer appliance web-application. The security risk of the client-side cross site scripting web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.7. Exploitation of the application-side web vulnerability requires no privileged web-application user account and low or medium user interaction. Successful exploitation of the vulnerability results in persistent phishing, session hijacking, persistent external redirect to malicious sources and application-side manipulation of affected or connected web module context. Request Method(s): [+] POST Vulnerable Module(s): [+] /report/graphic/upload/ Vulnerable Parameter(s): [+] filename Affected Serie(s): FortiManager [+] FortiManager 200D [+] FortiManager 300D [+] FortiManager 1000D [+] FortiManager 3900E [+] FortiManager-4000E [+] FortiManager Virtual Appliances [+] FortiMoM-VM FortiManager Legacy Models [+] FortiManager 100 [+] FortiManager 100C [+] FortiManager 400A [+] FortiManager 400B [+] FortiManager 400C [+] FortiManager 1000C [+] FortiManager 3000C [+] FortiManager 4000D Affected Serie(s): FortiAnalyzer [+] FortiAnalyzer 200D [+] FortiAnalyzer 300D [+] FortiAnalyzer 1000D [+] FortiAnalyzer 2000B [+] FortiAnalyzer 3000E [+] FortiAnalyzer 3500E [+] FortiAnalyzer 3900E [+] FortiAnalyzer VM Base [+] FortiAnalyzer VM GB1 [+] FortiAnalyzer VM GB5 [+] FortiAnalyzer VM GB25 [+] FortiAnalyzer VM GB100 [+] FortiAnalyzer VM GB500 [+] FortiAnalyzer VM GB2000 Proof of Concept (PoC): ======================= The persistent input validation web vulnerability can be exploited by local low privileged web-application user accounts and low user interaction (click). For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Login to the Fortinet FortiManager appliance web-application 2. Open the following module Reports > Reports > Client Reputation > Advanced Settings > Advanced Settings > Layout Header 3. Scroll to the layout header section 4. Start a session tamper to intercept the http protocol communication 5. Choose a random file and perform the upload 6. Change with the live session tamper the filename value of the logo to a script code payload 7. Wait since the upload has been performed and click next to the upload input field 8. The script code executes were the filename is normally visible next to the upload via submit 9. Successful reproduce of the vulnerability! Note: There could be other sections that are affected after the inject were the logo image is displayed finally! PoC: (Source) Reports > Reports > Client Reputation > Advanced Settings > Advanced Settings > Layout Header [Header Image] (filename) PoC: Reports > Reports > Client Reputation > Advanced Settings > Advanced Settings > Layout Header [Header Image] (filename)
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
| <" |
materials manager
Manage purchasing, warehouse/inventory, shipping/receiving. REQUIREMENTS: College Degree or equivalent, Min 5 yrs experience of listed job ...
from Google Alert - anonymous http://ift.tt/1VYFwWt
via IFTTT
from Google Alert - anonymous http://ift.tt/1VYFwWt
via IFTTT
Microsoft releases tons of Security Updates to patch 44 vulnerabilities
Microsoft has released 16 security bulletins on Tuesday resolving a total of 44 security holes in its software, including Windows, Office, Exchange Server, Internet Explorer and Edge. Five bulletins have been rated “critical” that could be used to carry out remote code execution and affected: Windows, Internet Explorer (IE), Edge (the new, improved IE), Microsoft Office and Office services;
from The Hacker News http://ift.tt/1S4Wn2Y
via IFTTT
from The Hacker News http://ift.tt/1S4Wn2Y
via IFTTT
Marijuana Anonymous
... to imagine a life without marijuana? Marijuana Anonymous is a 12-step program for people who think they might have a problem with pot. All are...
from Google Alert - anonymous http://ift.tt/2392R90
via IFTTT
from Google Alert - anonymous http://ift.tt/2392R90
via IFTTT
I have a new follower on Twitter
Sexy Data Science
When data is easy & sexy #datascience #datasexy
Los Angeles, CA
https://t.co/Xt7eN247gH
Following: 2406 - Followers: 1914
June 15, 2016 at 12:32AM via Twitter http://twitter.com/sexydatascience
The North America and Pelican Nebulas
Here lie familiar shapes in unfamiliar locations. On the left is an emission nebula cataloged as NGC 7000, famous partly because it resembles our fair planet's continent of North America. The emission region to the right of the North America Nebula is IC 5070, also known for its suggestive outlines as the Pelican Nebula. Separated by a dark cloud of obscuring dust, the two bright nebulae are about 1,500 light-years away. At that distance, the 4 degree wide field of view spans 100 light-years. This spectacular cosmic portrait combines narrow band images to highlight bright ionization fronts with fine details of dark, dusty forms in silhouette. Emission from atomic hydrogen, sulfur, and oxygen is captured in the narrow band image in scientifically assigned colors. These nebulae can be seen with binoculars from a dark location. via NASA http://ift.tt/1UxhPiV
Tuesday, June 14, 2016
Orioles Video: Manny Machado takes David Price deep for his 17th HR of the season, plates 2 runs in 3-2 win over Red Sox (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Micro-interventions in urban transport from pattern discovery on the flow of passengers and on the bus network. (arXiv:1606.04190v1 [cs.AI])
In this paper, we describe a case study in a big metropolis, in which from data collected by digital sensors, we tried to understand mobility patterns of persons using buses and how this can generate knowledge to suggest interventions that are applied incrementally into the transportation network in use. We have first estimated an Origin-Destination matrix of buses users from datasets about the ticket validation and GPS positioning of buses. Then we represent the supply of buses with their routes through bus stops as a complex network, which allowed us to understand the bottlenecks of the current scenario and, in particular, applying community discovery techniques, to identify clusters that the service supply infrastructure has. Finally, from the superimposing of the flow of people represented in the OriginDestination matrix in the supply network, we exemplify how micro-interventions can be prospected by means of an example of the introduction of express routes.
from cs.AI updates on arXiv.org http://ift.tt/261d8WF
via IFTTT
Spreadsheet Probabilistic Programming. (arXiv:1606.04216v1 [cs.AI])
Spreadsheet workbook contents are simple programs. Because of this, probabilistic programming techniques can be used to perform Bayesian inversion of spreadsheet computations. What is more, existing execution engines in spreadsheet applications such as Microsoft Excel can be made to do this using only built-in functionality. We demonstrate this by developing a native Excel implementation of both a particle Markov Chain Monte Carlo variant and black-box variational inference for spreadsheet probabilistic programming. The resulting engine performs probabilistically coherent inference over spreadsheet computations, notably including spreadsheets that include user-defined black-box functions. Spreadsheet engines that choose to integrate the functionality we describe in this paper will give their users the ability to both easily develop probabilistic models and maintain them over time by including actuals via a simple user-interface mechanism. For spreadsheet end-users this would mean having access to efficient and probabilistically coherent probabilistic modeling and inference for use in all kinds of decision making under uncertainty.
from cs.AI updates on arXiv.org http://ift.tt/1tpCr6t
via IFTTT
Experimental and causal view on information integration in autonomous agents. (arXiv:1606.04250v1 [cs.AI])
The amount of digitally available but heterogeneous information about the world is remarkable, and new technologies such as self-driving cars, smart homes or the "internet of things" will further increase it. In this paper we examine certain aspects of the problem of how such heterogeneous information can be harnessed by intelligent agents. We first discuss potentials and limitations of some existing approaches, followed by two investigations. The focus of the first investigation is on using the novel experimentation platform {\em Malmo} to obtain a better understanding of the problem. The focus of the second investigation is on understanding how information about the hardware of different agents (such as self-driving cars), the agents' sensory data, and physical or causal information can be utilized for knowledge transfer between agents and subsequent more data-efficient decision making. Finally, we present some thoughts on what a general theory for the problem could look like, and formulate open questions.
from cs.AI updates on arXiv.org http://ift.tt/1VYei2h
via IFTTT
Context Trees: Augmenting Geospatial Trajectories with Context. (arXiv:1606.04269v1 [cs.AI])
Exposing latent knowledge in geospatial trajectories has the potential to provide a better understanding of the movements of individuals and groups. Motivated by such a desire, this work presents the context tree, a new hierarchical data structure that summarises the context behind user actions in a single model. We propose a method for context tree construction that augments geospatial trajectories with land usage data to identify such contexts. Through evaluation of the construction method and analysis of the properties of generated context trees, we demonstrate the foundation for understanding and modelling behaviour afforded. Summarising user contexts into a single data structure gives easy access to information that would otherwise remain latent, providing the basis for better understanding and predicting the actions and behaviours of individuals and groups. Finally, we also present a method for pruning context trees, for use in applications where it is desirable to reduce the size of the tree while retaining useful information.
from cs.AI updates on arXiv.org http://ift.tt/1tpCRtw
via IFTTT
Entropy/IP: Uncovering Structure in IPv6 Addresses. (arXiv:1606.04327v1 [cs.NI])
In this paper, we introduce Entropy/IP: a system that discovers Internet address structure based on analyses of a subset of IPv6 addresses known to be active, i.e., training data, gleaned by readily available passive and active means. The system is completely automated and employs a combination of information-theoretic and machine learning techniques to probabilistically model IPv6 addresses. We present results showing that our system is effective in exposing structural characteristics of portions of the IPv6 Internet address space populated by active client, service, and router addresses.
In addition to visualizing the address structure for exploration, the system uses its models to generate candidate target addresses for scanning. For each of 15 evaluated datasets, we train on 1K addresses and generate 1M candidates for scanning. We achieve some success in 14 datasets, finding up to 40% of the generated addresses to be active. In 11 of these datasets, we find active network identifiers (e.g., /64 prefixes or `subnets') not seen in training. Thus, we provide the first evidence that it is practical to discover subnets and hosts by scanning probabilistically selected areas of the IPv6 address space not known to contain active hosts a priori.
from cs.AI updates on arXiv.org http://ift.tt/1VYfGlw
via IFTTT
Digits that are not: Generating new types through deep neural nets. (arXiv:1606.04345v1 [cs.AI])
For an artificial creative agent, an essential driver of the search for novelty is a value function which is often provided by the system designer or users. We argue that an important barrier for progress in creativity research is the inability of these systems to develop their own notion of value for novelty. We propose a notion of knowledge-driven creativity that circumvent the need for an externally imposed value function, allowing the system to explore based on what it has learned from a set of referential objects. The concept is illustrated by a specific knowledge model provided by a deep generative autoencoder. Using the described system, we train a knowledge model on a set of digit images and we use the same model to build coherent sets of new digits that do not belong to known digit types.
from cs.AI updates on arXiv.org http://ift.tt/1tpCC1y
via IFTTT
Relating Strong Spatial Cognition to Symbolic Problem Solving --- An Example. (arXiv:1606.04397v1 [cs.AI])
In this note, we discuss and analyse a shortest path finding approach using strong spatial cognition. It is compared with a symbolic graph-based algorithm and it is shown that both approaches are similar with respect to structure and complexity. Nevertheless, the strong spatial cognition solution is easy to understand and even pops up immediately when one has to solve the problem.
from cs.AI updates on arXiv.org http://ift.tt/1VYfGSF
via IFTTT
The Parallel Knowledge Gradient Method for Batch Bayesian Optimization. (arXiv:1606.04414v1 [stat.ML])
In many applications of black-box optimization, one can evaluate multiple points simultaneously, e.g. when evaluating the performances of several different neural network architectures in a parallel computing environment. In this paper, we develop a novel batch Bayesian optimization algorithm --- the parallel knowledge gradient method. By construction, this method provides the one-step Bayes optimal batch of points to sample. We provide an efficient strategy for computing this Bayes-optimal batch of points, and we demonstrate that the parallel knowledge gradient method finds global optima significantly faster than previous batch Bayesian optimization algorithms on both synthetic test functions and when tuning hyperparameters of practical machine learning algorithms, especially when function evaluations are noisy.
from cs.AI updates on arXiv.org http://ift.tt/1UyfjsU
via IFTTT
Logic Tensor Networks: Deep Learning and Logical Reasoning from Data and Knowledge. (arXiv:1606.04422v1 [cs.AI])
We propose real logic: a uniform framework for integrating automatic learning and reasoning. Real logic is defined on a full first-order language where formulas have truth-value in the interval [0,1] and semantics defined concretely on the domain of real numbers. Logical constants are interpreted as (feature) vectors of real numbers. Real logic promotes a well-founded integration of deductive reasoning on knowledge-bases with efficient, data-driven relational machine learning. We show how Real Logic can be implemented in deep Tensor Neural Networks with the use of Google's TensorFlow primitives. The paper concludes with experiments on a simple but representative example of knowledge completion.
from cs.AI updates on arXiv.org http://ift.tt/1YpYmpM
via IFTTT
DeepMath - Deep Sequence Models for Premise Selection. (arXiv:1606.04442v1 [cs.AI])
We study the effectiveness of neural sequence models for premise selection in automated theorem proving, one of the main bottlenecks in the formalization of mathematics. We propose a two stage approach for this task that yields good results for the premise selection task on the Mizar corpus while avoiding the hand-engineered features of existing state-of-the-art models. To our knowledge, this is the first time deep learning has been applied to theorem proving.
from cs.AI updates on arXiv.org http://ift.tt/1tpCT4B
via IFTTT
Lifted Convex Quadratic Programming. (arXiv:1606.04486v1 [cs.AI])
Symmetry is the essential element of lifted inference that has recently demon- strated the possibility to perform very efficient inference in highly-connected, but symmetric probabilistic models models. This raises the question, whether this holds for optimisation problems in general. Here we show that for a large class of optimisation methods this is actually the case. More precisely, we introduce the concept of fractional symmetries of convex quadratic programs (QPs), which lie at the heart of many machine learning approaches, and exploit it to lift, i.e., to compress QPs. These lifted QPs can then be tackled with the usual optimization toolbox (off-the-shelf solvers, cutting plane algorithms, stochastic gradients etc.). If the original QP exhibits symmetry, then the lifted one will generally be more compact, and hence their optimization is likely to be more efficient.
from cs.AI updates on arXiv.org http://ift.tt/1tpD4gc
via IFTTT
Why is Compiling Lifted Inference into a Low-Level Language so Effective?. (arXiv:1606.04512v1 [cs.AI])
First-order knowledge compilation techniques have proven efficient for lifted inference. They compile a relational probability model into a target circuit on which many inference queries can be answered efficiently. Early methods used data structures as their target circuit. In our KR-2016 paper, we showed that compiling to a low-level program instead of a data structure offers orders of magnitude speedup, resulting in the state-of-the-art lifted inference technique. In this paper, we conduct experiments to address two questions regarding our KR-2016 results: 1- does the speedup come from more efficient compilation or more efficient reasoning with the target circuit?, and 2- why are low-level programs more efficient target circuits than data structures?
from cs.AI updates on arXiv.org http://ift.tt/1VYeWwO
via IFTTT
Sparsely Connected and Disjointly Trained Deep Neural Networks for Low Resource Behavioral Annotation: Acoustic Classification in Couples' Therapy. (arXiv:1606.04518v1 [cs.LG])
Observational studies are based on accurate assessment of human state. A behavior recognition system that models interlocutors' state in real-time can significantly aid the mental health domain. However, behavior recognition from speech remains a challenging task since it is difficult to find generalizable and representative features because of noisy and high-dimensional data, especially when data is limited and annotated coarsely and subjectively. Deep Neural Networks (DNN) have shown promise in a wide range of machine learning tasks, but for Behavioral Signal Processing (BSP) tasks their application has been constrained due to limited quantity of data. We propose a Sparsely-Connected and Disjointly-Trained DNN (SD-DNN) framework to deal with limited data. First, we break the acoustic feature set into subsets and train multiple distinct classifiers. Then, the hidden layers of these classifiers become parts of a deeper network that integrates all feature streams. The overall system allows for full connectivity while limiting the number of parameters trained at any time and allows convergence possible with even limited data. We present results on multiple behavior codes in the couples' therapy domain and demonstrate the benefits in behavior classification accuracy. We also show the viability of this system towards live behavior annotations.
from cs.AI updates on arXiv.org http://ift.tt/1tpCorj
via IFTTT
Dissociation and Propagation for Approximate Lifted Inference with Standard Relational Database Management Systems. (arXiv:1310.6257v4 [cs.DB] UPDATED)
Probabilistic inference over large data sets is a challenging data management problem since exact inference is generally #P-hard and is most often solved approximately with sampling-based methods today. This paper proposes an alternative approach for approximate evaluation of conjunctive queries with standard relational databases: In our approach, every query is evaluated entirely in the database engine by evaluating a fixed number of query plans, each providing an upper bound on the true probability, then taking their minimum. We provide an algorithm that takes into account important schema information to enumerate only the minimal necessary plans among all possible plans. Importantly, this algorithm is a strict generalization of all known PTIME self-join-free conjunctive queries: A query is in PTIME if and only if our algorithm returns one single plan. Furthermore, our approach is a generalization of a family of efficient ranking methods from graphs to hypergraphs. We also adapt three relational query optimization techniques to evaluate all necessary plans very fast. We give a detailed experimental evaluation of our approach and, in the process, provide a new way of thinking about the value of probabilistic methods over non-probabilistic methods for ranking query answers. We also note that the techniques developed in this paper apply immediately to lifted inference from statistical relational models since lifted inference corresponds to PTIME plans in probabilistic databases.
from cs.AI updates on arXiv.org http://ift.tt/18MQRQf
via IFTTT
Automatic learning of gait signatures for people identification. (arXiv:1603.01006v2 [cs.CV] UPDATED)
This work targets people identification in video based on the way they walk (i.e. gait). While classical methods typically derive gait signatures from sequences of binary silhouettes, in this work we explore the use of convolutional neural networks (CNN) for learning high-level descriptors from low-level motion features (i.e. optical flow components). We carry out a thorough experimental evaluation of the proposed CNN architecture on the challenging TUM-GAID dataset. The experimental results indicate that using spatio-temporal cuboids of optical flow as input data for CNN allows to obtain state-of-the-art results on the gait task with an image resolution eight times lower than the previously reported results (i.e. 80x60 pixels).
from cs.AI updates on arXiv.org http://ift.tt/1QWDHZm
via IFTTT
Subscribe to:
Posts (Atom)