Latest YouTube Video

Saturday, December 31, 2016

How to create an anonymous function and log a string?

In the "goodbye task", create an anonymous callback function as the second parameter. Inside the body of the function, log the string 'goodbye'. I'm not ...

from Google Alert - anonymous http://ift.tt/2hFqmJv
via IFTTT

Not Not Anonymous

Not Not Anonymous. Download Spotify. Popular. #, Song. Related Artists. Singles. · Gotta Move (Dance to the Music). Do you have the ...

from Google Alert - anonymous http://ift.tt/2ioOrB7
via IFTTT

Friday, December 30, 2016

What Youth » @ishodwair filming for Anonymous Zone in Japan. Photo

Surfing, Skateboarding, Music, Photography, Travel, Culture and general antics of the youth on the run.

from Google Alert - anonymous http://ift.tt/2irek5K
via IFTTT

Anonymous Confession

He fucked up my life in a week. I have never felt so sad and worthless. I have never felt anything in such a long time. I looked at him and talked to him ...

from Google Alert - anonymous http://ift.tt/2hB85v2
via IFTTT

Anonymous Just Hacked Bilderberg & Issued Ominous Threat

Anonymous to Bilderberg: "we are inside your beloved banks and we are reading your assets. You won't be safe anywhere near electricity anymore."

from Google Alert - anonymous http://ift.tt/2iNmt1g
via IFTTT

Don't Ban Anonymous Sperm Donations: Study

FRIDAY, Dec. 30, 2016 (HealthDay News) -- Prohibiting anonymous sperm donations might lead to fewer donors and prompt those still willing to ...

from Google Alert - anonymous http://ift.tt/2iOcuNe
via IFTTT

Ravens promote WR Keenan Reynolds from practice squad for Sunday's game vs. Bengals; place CB Jimmy Smith (ankle) on IR (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

The oddest example of anonymous source reporting that I have ever seen

A curiously odd New York Times article caught my attention that concerned Trump's plan to overhaul and/or privatize the VA hospital system.

from Google Alert - anonymous http://ift.tt/2hCptBm
via IFTTT

Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto

Hi Erik, Thanks for backing me up on a number of things. Only one response below. > > In light of that, there's > > nothing particularly wrong with using CBC, if it is implemented well. > > At least, using it is not *more* wrong than using OFB, CFB, or CTR > > That is wrong. CBC mode allows attacks such as "Sweet32" > (https://sweet32.info/), which is not possible with CTR mode. The site you linked mentioned 64bit block ciphers are vulnerable, even in CTR mode. Obviously the birthday "paradox" applies. Regardless of how right or wrong you are about Sweet32, this far from the most important thing *implementors* should be worried about. Obviously if they start with AES, then the birthday paradox issues are vastly reduced. Any new system should be avoiding the likes of 3DES, Blowfish, etc. So it seems moot. On the flip side, tell me what the impact is of these two scenarios where a developer follows *some* of our advice: (A) They use AES in CBC mode and apply an HMAC to the cipehrtext. They actually validate that HMAC before decrypting. However, they fail to use a unique IV for every message. (B) They use AES in CTR mode and apply an HMAC to the cipehrtext. They actually validate that HMAC before decrypting. However, they fail to use a unique IV for every message. Which is worse? Obviously (B) fails pretty catastrophically. (A) is not great, but at least the plaintext isn't nearly as easy to expose (usually only minor block-level information leaks). In the real world I see these kinds of mistakes all of the time. So be careful of steering people toward a mode that doesn't degrade as gracefully when developers make mistakes. They invariably will do so, unless they've spent as much time with crypto as you and I. tim PS- And to re-iterate, we shouldn't ask them to use any particular cipher mode, but instead to use something off the shelf.

Source: Gmail -> IFTTT-> Blogger

Obama Expels 35 Russian Spies Over Election Hacking; Russia Responds With Duck Meme

The United States has expelled 35 Russian spies in response to Russia's alleged interference in last month's presidential election, further escalating tensions between the countries. The US state department has declared 35 diplomatic intelligence officials from the Russian embassy in Washington DC and the consulate in San Francisco "persona non grata," giving them and their families 72 hours to


from The Hacker News http://ift.tt/2hyhPq7
via IFTTT

[FD] SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)

Vulnerability: SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074) Discovered by: Dawid Golunski (@dawid_golunski) http://ift.tt/2fcYckq Severity: CRITICAL Desc: An independent research uncovered a critical vulnerability in SwiftMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the SwiftMailer class. Despite the significant efforts in responsibly disclosing the vulnerability to the vendor (since 2nd December). The vulnerability remains unfixed as of 28 December. The full advisory at: http://ift.tt/2iweGFC The Video PoC will be very similar to: http://ift.tt/2hZbh4q The SwiftMailer PoC exploit: http://ift.tt/2hy87DZ More updates soon: https://twitter.com/dawid_golunski

Source: Gmail -> IFTTT-> Blogger

Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto

Hi, On Tue, Dec 27, 2016 at 09:01:49AM -0800, Tim wrote: > [...] > > > > But there still are people who use CBC... > > [...] > > All traditional modes that lack integrity protection are vulnerable to > chosen-ciphertext attacks in these kinds of scenarios. > [...] > All traditional modes need a MAC or similar integrity protection. That is correct. > In light of that, there's > nothing particularly wrong with using CBC, if it is implemented well. > At least, using it is not *more* wrong than using OFB, CFB, or CTR That is wrong. CBC mode allows attacks such as "Sweet32" (https://sweet32.info/), which is not possible with CTR mode. > without integrity protection. Correct again, but too simple minded. Any encryption without integrity protection does not provide confidentiality against an active attacker. Using the wrong mode with a block cipher can render authentication irrelevant in attacks on confidentiality. > [...] > We should instead be pointing developers in > the direction of using something off-the-shelf [...]. > Much less room for error. That is sound advice. In addition, broken ciphers, modes, and protocols still implemented for backwards compatibility should not be used. Thanks, Erik

Source: Gmail -> IFTTT-> Blogger

[FD] Executable installers are vulnerable^WEVIL (case 42): SoftMaker's FreeOffice installer allows escalation of privilege

Thursday, December 29, 2016

Automated timetabling for small colleges and high schools using huge integer programs. (arXiv:1612.08777v1 [cs.AI])

We formulate an integer program to solve a highly constrained academic timetabling problem at the United States Merchant Marine Academy. The IP instance that results from our real case study has approximately both 170,000 rows and columns and solves to near optimality in 12 hours, using a commercial solver. Our model is applicable to both high schools and small colleges who wish to deviate from group scheduling. We also solve a necessary preprocessing student subgrouping problem, which breaks up big groups of students into small groups so they can optimally fit into small capacity classes.



from cs.AI updates on arXiv.org http://ift.tt/2iKl4bw
via IFTTT

The Predictron: End-To-End Learning and Planning. (arXiv:1612.08810v1 [cs.LG])

One of the key challenges of artificial intelligence is to learn models that are effective in the context of planning. In this document we introduce the predictron architecture. The predictron consists of a fully abstract model, represented by a Markov reward process, that can be rolled forward multiple "imagined" planning steps. Each forward pass of the predictron accumulates internal rewards and values over multiple planning depths. The predictron is trained end-to-end so as to make these accumulated values accurately approximate the true value function. We applied the predictron to procedurally generated random mazes and a simulator for the game of pool. The predictron yielded significantly more accurate predictions than conventional deep neural network architectures.



from cs.AI updates on arXiv.org http://ift.tt/2idISaW
via IFTTT

Accelerated Convolutions for Efficient Multi-Scale Time to Contact Computation in Julia. (arXiv:1612.08825v1 [cs.CV])

Convolutions have long been regarded as fundamental to applied mathematics, physics and engineering. Their mathematical elegance allows for common tasks such as numerical differentiation to be computed efficiently on large data sets. Efficient computation of convolutions is critical to artificial intelligence in real-time applications, like machine vision, where convolutions must be continuously and efficiently computed on tens to hundreds of kilobytes per second. In this paper, we explore how convolutions are used in fundamental machine vision applications. We present an accelerated n-dimensional convolution package in the high performance computing language, Julia, and demonstrate its efficacy in solving the time to contact problem for machine vision. Results are measured against synthetically generated videos and quantitatively assessed according to their mean squared error from the ground truth. We achieve over an order of magnitude decrease in compute time and allocated memory for comparable machine vision applications. All code is packaged and integrated into the official Julia Package Manager to be used in various other scenarios.



from cs.AI updates on arXiv.org http://ift.tt/2iKxbFD
via IFTTT

FastMask: Segment Object Multi-scale Candidates in One Shot. (arXiv:1612.08843v1 [cs.CV])

Objects appear to scale differently in natural images. This fact requires methods dealing with object-centric tasks e.g. object proposal to have robust performance over scale variances of objects. In the paper we present a novel segment proposal framework, namely FastMask, which takes advantage of the hierarchical structure in deep convolutional neural network to segment multi-scale objects in one shot. Innovatively, we generalize segment proposal network into three different functional components (body, neck and head). We further propose a weight-shared residual neck module as well as a scale-tolerant attentional head module for multi-scale training and efficient one-shot inference. On MS COCO benchmark, the proposed FastMask outperforms all state-of-the-art segment proposal methods in average recall while keeping 2~5 times faster. More impressively, with a slight trade-off in accuracy, FastMask can segment objects in near real time (~13 fps) at 800$\times$600 resolution images, highlighting its potential in practical applications. Our implementation is available on http://ift.tt/2iKFFAt.



from cs.AI updates on arXiv.org http://ift.tt/2idrHpP
via IFTTT

The formal-logical characterisation of lies, deception, and associated notions. (arXiv:1612.08845v1 [cs.LO])

Defining various dishonest notions in a formal way is a key step to enable intelligent agents to act in untrustworthy environments. This review evaluates the literature for this topic by looking at formal definitions based on modal logic as well as other formal approaches. Criteria from philosophical groundwork is used to assess the definitions for correctness and completeness. The key contribution of this review is to show that only a few definitions fully comply with this gold standard and to point out the missing steps towards a successful application of these definitions in an actual agent environment.



from cs.AI updates on arXiv.org http://ift.tt/2iKuC6h
via IFTTT

Efficient iterative policy optimization. (arXiv:1612.08967v1 [cs.AI])

We tackle the issue of finding a good policy when the number of policy updates is limited. This is done by approximating the expected policy reward as a sequence of concave lower bounds which can be efficiently maximized, drastically reducing the number of policy updates required to achieve good performance. We also extend existing methods to negative rewards, enabling the use of control variates.



from cs.AI updates on arXiv.org http://ift.tt/2idxTOM
via IFTTT

Meta-Unsupervised-Learning: A supervised approach to unsupervised learning. (arXiv:1612.09030v1 [cs.LG])

We introduce a new paradigm to investigate unsupervised learning, reducing unsupervised learning to supervised learning. Specifically, we mitigate the subjectivity in unsupervised decision-making by leveraging knowledge acquired from prior, possibly heterogeneous, supervised learning tasks. We demonstrate the versatility of our framework via comprehensive expositions and detailed experiments on several unsupervised problems such as (a) clustering, (b) outlier detection, and (c) similarity prediction under a common umbrella of meta-unsupervised-learning. We also provide rigorous PAC-agnostic bounds to establish the theoretical foundations of our framework, and show that our framing of meta-clustering circumvents Kleinberg's impossibility theorem for clustering.



from cs.AI updates on arXiv.org http://ift.tt/2iKx9O1
via IFTTT

From Virtual to Real World Visual Perception using Domain Adaptation -- The DPM as Example. (arXiv:1612.09134v1 [cs.CV])

Supervised learning tends to produce more accurate classifiers than unsupervised learning in general. This implies that training data is preferred with annotations. When addressing visual perception challenges, such as localizing certain object classes within an image, the learning of the involved classifiers turns out to be a practical bottleneck. The reason is that, at least, we have to frame object examples with bounding boxes in thousands of images. A priori, the more complex the model is regarding its number of parameters, the more annotated examples are required. This annotation task is performed by human oracles, which ends up in inaccuracies and errors in the annotations (aka ground truth) since the task is inherently very cumbersome and sometimes ambiguous. As an alternative we have pioneered the use of virtual worlds for collecting such annotations automatically and with high precision. However, since the models learned with virtual data must operate in the real world, we still need to perform domain adaptation (DA). In this chapter we revisit the DA of a deformable part-based model (DPM) as an exemplifying case of virtual- to-real-world DA. As a use case, we address the challenge of vehicle detection for driver assistance, using different publicly available virtual-world data. While doing so, we investigate questions such as: how does the domain gap behave due to virtual-vs-real data with respect to dominant object appearance per domain, as well as the role of photo-realism in the virtual world.



from cs.AI updates on arXiv.org http://ift.tt/2iduOxW
via IFTTT

Deep neural heart rate variability analysis. (arXiv:1612.09205v1 [cs.NE])

Despite of the pain and limited accuracy of blood tests for early recognition of cardiovascular disease, they dominate risk screening and triage. On the other hand, heart rate variability is non-invasive and cheap, but not considered accurate enough for clinical practice. Here, we tackle heart beat interval based classification with deep learning. We introduce an end to end differentiable hybrid architecture, consisting of a layer of biological neuron models of cardiac dynamics (modified FitzHugh Nagumo neurons) and several layers of a standard feed-forward neural network. The proposed model is evaluated on ECGs from 474 stable at-risk (coronary artery disease) patients, and 1172 chest pain patients of an emergency department. We show that it can significantly outperform models based on traditional heart rate variability predictors, as well as approaching or in some cases outperforming clinical blood tests, based only on 60 seconds of inter-beat intervals.



from cs.AI updates on arXiv.org http://ift.tt/2iKruYl
via IFTTT

A hybrid approach to supervised machine learning for algorithmic melody composition. (arXiv:1612.09212v1 [cs.AI])

In this work we present an algorithm for composing monophonic melodies similar in style to those of a given, phrase annotated, sample of melodies. For implementation, a hybrid approach incorporating parametric Markov models of higher order and a contour concept of phrases is used. This work is based on the master thesis of Thayabaran Kathiresan (2015). An online listening test conducted shows that enhancing a pure Markov model with musically relevant context, like count and planed melody contour, improves the result significantly.



from cs.AI updates on arXiv.org http://ift.tt/2idwfg0
via IFTTT

Lifted Relational Algebra with Recursion and Connections to Modal Logic. (arXiv:1612.09251v1 [cs.LO])

We propose a new formalism for specifying and reasoning about problems that involve heterogeneous "pieces of information" -- large collections of data, decision procedures of any kind and complexity and connections between them. The essence of our proposal is to lift Codd's relational algebra from operations on relational tables to operations on classes of structures (with recursion), and to add a direction of information propagation. We observe the presence of information propagation in several formalisms for efficient reasoning and use it to express unary negation and operations used in graph databases. We carefully analyze several reasoning tasks and establish a precise connection between a generalized query evaluation and temporal logic model checking. Our development allows us to reveal a general correspondence between classical and modal logics and may shed a new light on the good computational properties of modal logics and related formalisms.



from cs.AI updates on arXiv.org http://ift.tt/2iKkevE
via IFTTT

Attend, Adapt and Transfer: Attentive Deep Architecture for Adaptive Transfer from Multiple Source Tasks. (arXiv:1510.02879v4 [cs.AI] UPDATED)

Transferring knowledge from prior source tasks in solving a new target task can be useful in several learning applications. The application of transfer poses two serious challenges which have not been adequately addressed. First, the agent should be able to avoid negative transfer, which happens when the transfer hampers or slows down the learning instead of helping it. Second, the agent should be able to selectively transfer, which is the ability to select and transfer from different and multiple source tasks for different parts of the state space of the target task. We propose A2T (Attend, Adapt and Transfer), an attentive deep architecture which adapts and transfers from these source tasks. Our model is generic enough to effect transfer of either policies or value functions. Empirical evaluations on different learning algorithms show that A2T is an effective architecture for transfer by being able to avoid negative transfer while transferring selectively from multiple source tasks in the same domain.



from cs.AI updates on arXiv.org http://ift.tt/1MtHoln
via IFTTT

Overcoming Language Variation in Sentiment Analysis with Social Attention. (arXiv:1511.06052v3 [cs.CL] UPDATED)

Variation in language is ubiquitous, particularly in newer forms of writing such as social media. Fortunately, variation is not random; it is often linked to social properties of the author. In this paper, we show how to exploit social networks to make sentiment analysis more robust to social language variation. The key idea is \emph{linguistic homophily}: the tendency of socially linked individuals to use language in similar ways. We formalize this idea in a novel attention-based neural network architecture, in which attention is divided among several basis models, depending on the author's position in the social network. This has the effect of smoothing the classification function across the social network, and makes it possible to induce personalized classifiers even for authors for whom there is no labeled data or demographic metadata. This model significantly improves the accuracies of sentiment analysis on Twitter and review data.



from cs.AI updates on arXiv.org http://ift.tt/1kJ97UX
via IFTTT

Detection of Cooperative Interactions in Logistic Regression Models. (arXiv:1602.03963v2 [cs.AI] UPDATED)

An important problem in the field of bioinformatics is to identify interactive effects among profiled variables for outcome prediction. In this paper, a logistic regression model with pairwise interactions among a set of binary covariates is considered. Modeling the structure of the interactions by a graph, our goal is to recover the interaction graph from independently identically distributed (i.i.d.) samples of the covariates and the outcome.

When viewed as a feature selection problem, a simple quantity called influence is proposed as a measure of the marginal effects of the interaction terms on the outcome. For the case when the underlying interaction graph is known to be acyclic, it is shown that a simple algorithm that is based on a maximum-weight spanning tree with respect to the plug-in estimates of the influences not only has strong theoretical performance guarantees, but can also outperform generic feature selection algorithms for recovering the interaction graph from i.i.d. samples of the covariates and the outcome. Our results can also be extended to the model that includes both individual effects and pairwise interactions via the help of an auxiliary covariate.



from cs.AI updates on arXiv.org http://ift.tt/1WlXJud
via IFTTT

Bank distress in the news: Describing events through deep learning. (arXiv:1603.05670v2 [cs.CL] UPDATED)

While many models are purposed for detecting the occurrence of significant events in financial systems, the task of providing qualitative detail on the developments is not usually as well automated. We present a deep learning approach for detecting relevant discussion in text and extracting natural language descriptions of events. Supervised by only a small set of event information, comprising entity names and dates, the model is leveraged by unsupervised learning of semantic vector representations on extensive text data. We demonstrate applicability to the study of financial risk based on news (6.6M articles), particularly bank distress and government interventions (243 events), where indices can signal the level of bank-stress-related reporting at the entity level, or aggregated at national or European level, while being coupled with explanations. Thus, we exemplify how text, as timely, widely available and descriptive data, can serve as a useful complementary source of information for financial and systemic risk analytics.



from cs.AI updates on arXiv.org http://ift.tt/1o0i4tC
via IFTTT

A Discrete and Bounded Envy-Free Cake Cutting Protocol for Any Number of Agents. (arXiv:1604.03655v11 [cs.DS] UPDATED)

We consider the well-studied cake cutting problem in which the goal is to find an envy-free allocation based on queries from $n$ agents. The problem has received attention in computer science, mathematics, and economics. It has been a major open problem whether there exists a discrete and bounded envy-free protocol. We resolve the problem by proposing a discrete and bounded envy-free protocol for any number of agents. The maximum number of queries required by the protocol is $n^{n^{n^{n^{n^n}}}}$. We additionally show that even if we do not run our protocol to completion, it can find in at most $n^3{(n^2)}^n$ queries a partial allocation of the cake that achieves proportionality (each agent gets at least $1/n$ of the value of the whole cake) and envy-freeness. Finally we show that an envy-free partial allocation can be computed in at most $n^3{(n^2)}^n$ queries such that each agent gets a connected piece that gives the agent at least $1/(3n)$ of the value of the whole cake.



from cs.AI updates on arXiv.org http://ift.tt/1Q85mzr
via IFTTT

Piecewise convexity of artificial neural networks. (arXiv:1607.04917v2 [cs.LG] UPDATED)

Although artificial neural networks have shown great promise in applications including computer vision and speech recognition, there remains considerable practical and theoretical difficulty in optimizing their parameters. The seemingly unreasonable success of gradient descent methods in minimizing these non-convex functions remains poorly understood. In this work we offer some theoretical guarantees for networks with piecewise affine activation functions, which have in recent years become the norm. We prove three main results. Firstly, that the network is piecewise convex as a function of the input data. Secondly, that the network, considered as a function of the parameters in a single layer, all others held constant, is again piecewise convex. Finally, that the network as a function of all its parameters is piecewise multi-convex, a generalization of biconvexity. From here we characterize the local minima and stationary points of the training objective, showing that they minimize certain subsets of the parameter space. We then analyze the performance of two optimization algorithms on multi-convex problems: gradient descent, and a method which repeatedly solves a number of convex sub-problems. We prove necessary convergence conditions for the first algorithm and both necessary and sufficient conditions for the second, after introducing regularization to the objective. Finally, we remark on the remaining difficulty of the global optimization problem. Under the squared error objective, we show that by varying the training data, a single rectifier neuron admits local minima arbitrarily far apart, both in objective value and parameter space.



from cs.AI updates on arXiv.org http://ift.tt/2aoPPjd
via IFTTT

Facebook anonymous proxy

Facebook anonymous proxy Anonymously view your friends' latest updates and photos by accessing Facebook through ProxySit. ProxyListPro, the ...

from Google Alert - anonymous http://ift.tt/2id44O2
via IFTTT

ISS Daily Summary Report – 12/28/2016

Extravehicular Activity (EVA) Prep: The crew reviewed procedures for the upcoming S4 Battery EVA.  During this session the crew reviewed the generic EVA prep, emergency and post EVA procedures along with the EVA specific procedures, detailed timelines, and EVA systems briefing. Earlier today ground teams tied Channel 3A to Channel 3B via Seamless Power Channel Handover prior to starting the process of completely discharge the Channel 3A batteries which is expected to be completed on Friday. Fluid Shifts Dilution Measurements: The third of three 49S subjects initiated their Flight Day 45 (FD45) Fluid Shifts Dilution Measurements activities. Beginning with wakeup the subject collected saliva, blood and urine and inserted them into Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) prior to ingesting a Sodium Bromide (NaBr) tracer. Throughout the day, the crew performed additional urine, blood, and saliva collections, inserting those samples into MELFI as well. Finally, the crew configured for tomorrow’s Baseline Imaging in the USOS.  Fluid Shifts is divided into three experiment portions – Dilution Measurements, Baseline Imaging, and Baseline Imaging with Chibis (Lower Body Negative Pressure).  The Fluid Shifts experiment investigates the causes for severe and lasting physical changes to astronaut’s eyes. Because the headward fluid shift is a hypothesized contributor to these changes, reversing this fluid shift with a lower body negative pressure device is investigated as a possible intervention. Results from this study may help to develop preventative measures against lasting changes in vision and eye damage. Japanese Experiment Module Airlock (JEMAL) Depress: Following the successful installation of the J-Small Satellite Orbital Deployer (SSOD) #6 on the JEMAL slide table, the crew depressed the airlock in preparation for the mid-January deployment of the satellites. The J-SSOD facility provides a reliable, safe and economically viable means of deploying research small satellites into Earth orbit. Atmospheric and surface monitoring, radio communications testing, and small object and sample return to the ground for testing and analysis are all potential candidates for this facility.  Veg-03 Harvest and Stow: The crew performed the final harvest of the Outredgous Romaine Lettuce from the Veggie facility today.  Leaves were collected divided between those for consumption and those for return that were placed in the Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI). Following the harvest, the Veggie equipment was cleaned and stowed.  The overall goal of Veg-03 is to further demonstrate proof-of concept for the Veggie plant growth chamber and the planting pillows using ‘Outregous’ Red Romaine lettuce. Future long-duration missions into the solar system, will require a fresh food supply to supplement crew diets, which means growing crops in space. Previous investigations focused on improving productivity in controlled environments, but the limited quarters of the space shuttle and ISS made it difficult to conduct large-scale crop production tests. Veg-03 expands on previous validation tests of the new Veggie hardware, which crew members will soon use to grow cabbage, lettuce and other fresh vegetables in space. Tests determine which types of microorganisms are present in space-grown cabbage, providing baseline data for future crop-growing efforts. Behavioral health surveys assess the impact of growing plants on crew morale and mood.  Extravehicular Mobility Unit (EMU) 3008 Loop Scrub: Last Friday the crew began EMU 3008 loop scrub which could not be completed due to a leak at the Service and Cooling Umbilical (SCU) Display and Control Module (DCM) interface.  Following yesterday’s installation of a new SCU, this morning the crew completed the activation and checkout of the new equipment followed by a nominal EMU 3008 loop scrub.  Today’s Planned Activities All activities were completed unless otherwise noted. Fluid Shifts Saliva Baseline Collection Fluid Shifts MELFI Insertion Operations Fluid Shifts Urine Collection – Subject Fluid Shifts Blood Baseline Collection – Subject Fluid Shifts Galley Water Collection Tracer Ingestion Operations – Subject UIA Oxygen Valve Close Extravehicular Mobility Unit (EMU) Water Recharge Orlan No.4, No.6 checkout prep Fluid Shifts Refrigerated Centrifuge Spin Conclude Combustion Integrated Rack Hardware Gather Fluid Shifts MELFI Insertion JEM Airlock Depressurization Service and Cooling Umbilical (SCU) Activation and Checkout Part 2 UDOD. Experiment Ops with DYKNANIYE-1 and SPRUT-2 Sets. Photo/TV Camcorder Setup Verification Extravehicular Mobility Unit (EMU) Water Recharge SkinSuit H/W Retrieval and Height Measurement Setup БК-3М Oxygen Tank Pressure Check in DC1. SkinSuit Height Measurement Operator SkinSuit Height Measurement & Questionnaire Orlan No.6 Backup Bladder Leak Check. Extravehicular Mobility Unit (EMU) Cooling Loop Maintenance – Part 1 Fluid Shifts Urine Collection – Subject Orlan No.4 Backup Bladder Leak Check. Fluid Shifts MELFI Retrieve Insertion Operations Fluid Shifts Blood 3-Hour Collection – Subject Photo/TV Camcorder Setup Verification Water Recovery Management (WRM) Condensate Pumping Initiation Fluid Shifts Saliva 3-Hour Collection – Subject Fluid Shifts MELFI Retrieve Insertion Operations Spacesuit and БСС (Orlan Interface Unit) leak checks and Orlan valve test. Fluid Shifts Refrigerated Centrifuge Spin Conclude MERLIN Desiccant Pack Swap and Door Inspect Fluid Shifts MELFI Retrieve Insertion Operations Fluid Shifts Blood Collection Conclude Stow Water Recovery Management (WRM) Condensate Pumping Termination Extravehicular Mobility Unit (EMU) Post Scrub Cooling Loop Water (H2O) Sample JEM Airlock Vent Orlan No.4 and БСС (Orlan Interface Unit) leak checks and Orlan valve test. JEM Airlock Vent Confirmation ESA ACTIVE DOSIMETER MOBILE UNIT SWAP Fluid Shifts Saliva 5-Hour Collection – Subject Fluid Shifts MELFI Retrieve Insertion Operations Fluid Shifts Urine Collection End – Subject Combustion Integrated Rack Session Review Fluid Shifts MELFI Insertion Operations COSMOCARD. Setup. Starting 24-hr ECG Recording Public Affairs Office (PAO) High Definition (HD) Config LAB Setup SkinSuit Height Measurement Operator [Aborted] SkinSuit Height Measurement & Questionnaire Comm Config Extravehicular Activity (EVA) Procedure Review PAO Preparation Public Affairs Office (PAO) Event in High Definition (HD) – Lab Telemetry check of Orlan No.4, No.6 systems, БСС, and comm system. Extravehicular Mobility Unit (EMU) Cooling Loop Maintenance Scrub Reconfiguration Perform comm reconfig for nominal ops EVA Extravehicular Mobility Unit (EMU) Cooling Loop Scrub Termination Orlan No.4, No.6, and БСС storage mode operation. Equipment stowage after Orlan No.4, No.6 checkout. Photo/TV Camcorder Setup Verification Download Pille Dosimeter Readings BIMS. Experiment Ops VEG-03 MWA Preparation VEG-03 Harvest […]

from ISS On-Orbit Status Report http://ift.tt/2hslgez
via IFTTT

Anonymous Hawker 800XP bizjet from Moscow Vnukovo on a nightly sightseeing tour over Aleppo ...

Anonymous Hawker 800XP bizjet from Moscow Vnukovo on a nightly ... tour over Aleppo before heading to Latakia/Larnaca(?) Anonymous Hawker ...

from Google Alert - anonymous http://ift.tt/2ikpVna
via IFTTT

3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!

Three critical zero-day vulnerabilities have been discovered in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language. The critical vulnerabilities reside in the unserialized mechanism in PHP 7 – the same mechanism that was found to be vulnerable in PHP 5 as well, allowing hackers to


from The Hacker News http://ift.tt/2hvCN90
via IFTTT

Wednesday, December 28, 2016

Disable cache for blocks for anonymous users

Hello, I've problems with disabling the cache for a block for anonymous users. I've tried to set max-age, but this seems only to affect logged in users.

from Google Alert - anonymous http://ift.tt/2hu1Yc3
via IFTTT

Proxy list anonymous l1

Proxy list anonymous l1 Proxy Server List. Daily Free Proxy Server Lists. Fast Proxy Server List. Fast Proxy Server List containing verified L1/L2/L3 ...

from Google Alert - anonymous http://ift.tt/2irQEvp
via IFTTT

New Android Malware Hijacks Router DNS from Smartphone

Another day, another creepy malware for Android users! Security Researchers have uncovered a new Android malware targeting your devices, but this time instead of attacking the device directly, the malware takes control over the WiFi router to which your device is connected to and then hijacks the web traffic passing through it. Dubbed "Switcher," the new Android malware, discovered by


from The Hacker News http://ift.tt/2i8lMT8
via IFTTT

Anonymous Hawker 800XP bizjet from Moscow Vnukovo on a nightly sightseeing tour over Aleppo ...

Anonymous Hawker 800XP bizjet from Moscow Vnukovo on a nightly sightseeing tour over Aleppo before heading to Latakia/Larnaca(?). Read also ...

from Google Alert - anonymous http://ift.tt/2i8reVK
via IFTTT

Ravens: WR Steve Smith Sr., 37, says he's "89 percent sure" that Sunday will be the final game of his 16-year career (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

feathers-authentication-anonymous

Anonymous authentication strategy for feathers-authentication using Passport.

from Google Alert - anonymous http://ift.tt/2iEYQMj
via IFTTT

NFL: Ravens WR Steve Smith Sr. to retire after Sunday's game; 5-time Pro Bowler 7th in career receiving yards (14,697) (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

FreeBSD Foundation Announces New Uranium Level Donation

We are thrilled to announce we have received a $500000 donation from an anonymous donor. We are incredibly grateful for this donation and want to ...

from Google Alert - anonymous http://ift.tt/2iERR5T
via IFTTT

ISS Daily Summary Report – 12/27/2016

Fluid Shifts Dilution Measurements: The second of three 49S subjects completed their Flight Day 45 blood draw with assistance from a Crew Medical Officer (CMO) Operator in support of the first part of the Fluid Shift activities – Diultion Measurement. Upon wakeup the subject collected saliva, blood and urine and insert them into Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) prior to ingesting a Sodium Bromide (NaBr) tracer. Throughout the day, the subject completed additional urine, blood, and saliva collections and inserted the samples into MELFI. Fluid Shifts is divided into three experiment portions – Dilution Measurements, Baseline Imaging, and Baseline Imaging with Chibis (Lower Body Negative Pressure).  The experiment investigates the causes for severe and lasting physical changes to astronauts’ eyes. Because the headward fluid shift is a hypothesized contributor to these changes, reversing this fluid shift with a lower body negative pressure device is investigated as a possible intervention. Results from this study may help to develop preventative measures against lasting changes in vision and eye damage. Japanese-Small Satellite Orbital Deployer-6 (J-SSOD-6) Installation: The crew completed the J-SSOD-6 installation activities on the Japanese Experiment Module (JEM) Airlock (JEMAL) Slide Table.  The four deployers, holding six satellites, will be grappled by the JEM Remote Manipulator System (JEMRMS) and deployed in January. The J-SSOD facility provides a reliable, safe and economically viable means of deploying research small satellites into Earth orbit. Atmospheric and surface monitoring, radio communications testing, and small object and sample return to the ground for testing and analysis are all potential candidates for this facility. Combustion Integration Rack (CIR) Multi-user Droplet Combustion Apparatus (MDCA) Troubleshooting: The crew performed investigative troubleshooting steps to aid in the removal of a stuck MDCA from the CIR Combustion Chamber. Using a boroscope and a feeler tool, the crew attempted to locate suspected Foreign Object Debris (FOD) along the guide rails. The crew was unable to locate any debris, and ground controllers are reviewing the video taken from the boroscope. Once removed, the MDCA will be replaced with the next planned experiment, Cool Flames Investigation (CFI).  CFI provides new insight into the phenomenon where some types of fuels initially burn very hot, then appear to go out but continue burning at a much lower temperature with no visible flames (cool flames). Understanding cool flame combustion helps scientists develop new engines and fuels that are more efficient and less harmful to the environment. Extravehicular Mobility Unit (EMU) 3008 Loop Scrub: Last Friday the crew attempted to perform the EMU 3008 loop scrub which could not be completed due to a leak at the Service and Cooling Umbilical (SCU) Display and Control Module (DCM) interface.  Earlier today the crew removed the SCU however during the installation of the new SCU they encountered resistance while mating the SCU connection.  The SCU did not receive power upon activation. The crew reported finding damage to the connecter during an inspection of the connectors.  Based on ground specialist recommendations the crew used pliers to unbend the SCU connector back shell prior to them remating the SCU to the UIA.  The new SCU has been reinstalled and it powered up nominally.  The crew will complete the checkout of the new SCU and EMU 3008 Loop Scrub later this week.  Today’s Planned Activities All activities were completed unless otherwise noted. Fluid Shifts Blood Collection Fluid Shifts Refrigerated Centrifuge Configuration TIMER. Battery Charging Service and Cooling Umbilical (SCU) Remove and Replace XF305 Camcorder Setup JEM Airlock Slide Table (ST) Extension to JPM Side Small Satellite Orbital Deployer Checkout Prep Part 1 Kazbek Fitcheck (Soyuz 732) Regenerative Environmental Control and Life Support System (RGN) WSTA Fill [Aborted] Service and Cooling Umbilical (SCU) Activation and Checkout Part 1 JEM Small Satellite Orbital Deployer (SSOD) Multi – 4 Deployers onto Multi-Purpose Experiment Platform Installation Part 2 BIMS. Assistance during the Experiment BIMS. Experiment Ops. Meteor Hard Disk Drive and Antivirus Update ESA PAO Recorded Message “SpaceUp France” CARDIOVECTOR. Experiment Ops. TIMER. Preparation and Video Recording (start) of the Experiment Photo T/V (P/TV) Advanced Resistive Exercise Device (ARED) Exercise Video Setup CONTURE-2. Hardware Setup on Panel 418 (hardware location: МИМ2_Б2, bag #423-23 (00064228R)) Regenerative Environmental Control and Life Support System (RGN) WSTA Fill Total Organic Carbon Analyzer (TOCA) Calibration Check Compound Specific Analyzer-Combustion Products (CSA-CP) Checkout Part 2 CONTURE-2. Experiment Session Prep and Execution. Fluid Shifts Refrigerated Centrifuge Configuration VEG-03 Plant Photo Small Satellite Orbital Deployer Checkout Cleanup СОЖ Maintenance Service and Cooling Umbilical (SCU) Activation and Checkout Part 2 [Deferred] JEM Small Satellite Orbital Deployer (SSOD) Multi – 4 Deployers onto Multi-Purpose Experiment Platform Installation Part 3 Vacuum Cleaning of BД1 and ВД2 Air Ducts in DC1 Countermeasures System (CMS) ЭСПАНДЕР Exercise session Service and Cooling Umbilical (SCU) Activation and Checkout Part 3 [Deferred] TIMER. Video Recording of the Experiment (end) and Closeout Ops JEM Airlock Slide Table (ST) Retraction from JPM Side Combustion Integrated Rack Hardware Troubleshooting Review Combustion Integrated Rack Rack Doors Open Hardware Prep for Spacesuits #4 and 6 Functionality Check. Regenerative Environmental Control and Life Support System (ECLSS) Recycle Tank Fill Part 3 Combustion Integrated Rack Front End Cap Open Photo/TV Camcorder Setup Verification Combustion Integrated Rack Hardware Troubleshooting Activation of Spacesuits #4 and 6. Extravehicular Mobility Unit (EMU) Cooling Loop Maintenance – Part 1[Deferred] Onboard Interface Unit (БСС) Checkout in DC1. Joint Separation of the Water System of Spacesuits #4 and 6 and the Onbaord Interface Unit (БСС) in DC1. Recording of Human Physiology and Microgravity Message Public Affairs Office (PAO) High Definition (HD) Config JEM Setup PAO Preparation Water System Scrubbing with БОС Purification and Degassing Unit in ПхО Transfer Compartument. [Deferred] Air Samples Collection with [АК-1М] in SM and FGB Public Affairs Office (PAO) Event in High Definition (HD) – JEM Combustion Integrated Rack Hardware Troubleshooting Extravehicular Mobility Unit (EMU) Post Scrub Cooling Loop Water (H2O) Sample[Deferred] Extravehicular Mobility Unit (EMU) Cooling Loop Maintenance Scrub Reconfiguration[Deferred] Environmental Health System (EHS) Total Organic Carbon Analyzer (TOCA) Calibration Check Data Record Extravehicular Mobility Unit (EMU) Water […]

from ISS On-Orbit Status Report http://ift.tt/2iE4myy
via IFTTT

Police Ask for Amazon Echo Data to Help Solve a Murder Case

Hey, Alexa! Who did this murder? Arkansas police are seeking help from e-commerce giant Amazon for data that may have been recorded on its Echo device belonging to a suspect in a murder case, bringing the conflict into the realm of the Internet of Things. Amazon Echo is a voice-activated smart home speaker capable of controlling several smart devices by integrating it with a variety of home


from The Hacker News http://ift.tt/2iD4luH
via IFTTT

Anonymous John

He has won four times from 5f to 6f including a win on the all-weather. Finished 5l behind Captain Dion when sixth of 14 at 8-1 on his latest outing at ...

from Google Alert - anonymous http://ift.tt/2hvKfCJ
via IFTTT

I have a new follower on Twitter


🔥 Sollevarsi 🔥
Marketing. Social 📈 Content 📚🖼 Web 🖥 Blog 📝 Consulting 📊 #riseup #gritgrow #growthhacking #seo #socialmedia #contentmarketing https://t.co/0oW41NFZeU
Austin, TX
https://t.co/hmOFXu74je
Following: 6195 - Followers: 7188

December 28, 2016 at 04:10AM via Twitter http://twitter.com/riseupsole

Re: [FD] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]

Dawid Golunski wrote on 26/12/2016 03:31: > Patching: > Responsibly disclosed to PHPMailer team. > They've released a critical security release. > If you are using an affected release update to the 5.2.18 security > release as advised at: > http://ift.tt/2hmdqGJ Am I wrong or the vulnerability only applies if you use the sendmail method to send messages and does not apply if you use SMTP on port 25? I have patched all my PHPMailer installation yesterday, I am asking this only for personal curiosity. Thank you

Source: Gmail -> IFTTT-> Blogger

Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto

> > res = apr_crypto_passphrase(&key, &ivSize, passphrase, > > strlen(passphrase), (unsigned char *) (&salt), sizeof(apr_uuid_t), > > *cipher, APR_MODE_CBC, 1, 4096, f, r->pool); > > CBC. Again. > > The earliest mention of CFB which I know is dated 1989. > The earliest mention of CTR which I know is dated 1990-ies. > > But there still are people who use CBC... > > Please, PLEASE, PPLEEEEAASSSE don't use it. Instead, use either > Blowfish in CFB mode or at least Rijndael (AES) in CTR (or GCM) > mode - both are available, for example, in the OpenSSL library. All traditional modes that lack integrity protection are vulnerable to chosen-ciphertext attacks in these kinds of scenarios. CFB isn't immune and CTR is catastrophically weak. All traditional modes need a MAC or similar integrity protection. In light of that, there's nothing particularly wrong with using CBC, if it is implemented well. At least, using it is not *more* wrong than using OFB, CFB, or CTR without integrity protection. GCM is fine if the implementation is sound and the IVs never repeat, but there are pitfalls. We should instead be pointing developers in the direction of using something off-the-shelf, such as libsodium. Much less room for error. tim

Source: Gmail -> IFTTT-> Blogger

[FD] PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)

PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Discovered by Dawid Golunski (@dawid_golunski) http://ift.tt/2fcYckq Desc: I discovered that the current PHPMailer versions (< 5.2.20) were still vulnerable to RCE as it is possible to bypass the currently available patch. This was reported responsibly to the vendor & assigned a CVEID on the 26th of December. The vendor has been working on a new patch which would fix the problem but not break the RFC too badly. The patch should be published very soon. I'm releasing this as a 0day without the new patch available publicly as a potential bypass was publicly discussed on oss-sec list with Solar Designer in the PHPMailer < 5.2.18 thread, so holding the advisory further would serve no purpose. Current advisory URL: http://ift.tt/2ipuIBa PoC exploit URL: http://ift.tt/2ig1Uhm More updates soon at: https://twitter.com/dawid_golunski Stay tuned.

Source: Gmail -> IFTTT-> Blogger

[FD] PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]

PHPMailer < 5.2.18 Remote Code Execution CVE-2016-10033 Attaching an updated version of the advisory with more details + simple PoC. Still incomplete. There will be more updates/exploits soon at: http://ift.tt/2hFRfJb and the feed: https://twitter.com/dawid_golunski

Source: Gmail -> IFTTT-> Blogger

M31: The Andromeda Galaxy


What is the nearest major galaxy to our own Milky Way Galaxy? Andromeda. In fact, our Galaxy is thought to look much like Andromeda. Together these two galaxies dominate the Local Group of galaxies. The diffuse light from Andromeda is caused by the hundreds of billions of stars that compose it. The several distinct stars that surround Andromeda's image are actually stars in our Galaxy that are well in front of the background object. Andromeda is frequently referred to as M31 since it is the 31st object on Messier's list of diffuse sky objects. M31 is so distant it takes about two million years for light to reach us from there. Although visible without aid, the featured image of M31 is a digital mosaic of several frames taken with a small telescope. Much about M31 remains unknown, including exactly how many billions of years it will before it collides with our home galaxy. via NASA http://ift.tt/2htoT8X

Moon Phase and Libration, 2017 South Up

Dial-A-MoonMonth: Day: UT Hour: init_user_date();show_moon_image(); show_moon_info();Click on the image to download a high-resolution version with labels for craters near the terminator.The animation archived on this page shows the geocentric phase, libration, position angle of the axis, and apparent diameter of the Moon throughout the year 2017, at hourly intervals. Until the end of 2017, the initial Dial-A-Moon image will be the frame from this animation for the current hour.More in this series:North 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011South 2016 | 2015 | 2014 | 2013Lunar Reconnaissance Orbiter (LRO) has been in orbit around the Moon since the summer of 2009. Its laser altimeter (LOLA) and camera (LROC) are recording the rugged, airless lunar terrain in exceptional detail, making it possible to visualize the Moon with unprecedented fidelity. This is especially evident in the long shadows cast near the terminator, or day-night line. The pummeled, craggy landscape thrown into high relief at the terminator would be impossible to recreate in the computer without global terrain maps like those from LRO.The Moon always keeps the same face to us, but not exactly the same face. Because of the tilt and shape of its orbit, we see the Moon from slightly different angles over the course of a month. When a month is compressed into 24 seconds, as it is in this animation, our changing view of the Moon makes it look like it's wobbling. This wobble is called libration.The word comes from the Latin for "balance scale" (as does the name of the zodiac constellation Libra) and refers to the way such a scale tips up and down on alternating sides. The sub-Earth point gives the amount of libration in longitude and latitude. The sub-Earth point is also the apparent center of the Moon's disk and the location on the Moon where the Earth is directly overhead.The Moon is subject to other motions as well. It appears to roll back and forth around the sub-Earth point. The roll angle is given by the position angle of the axis, which is the angle of the Moon's north pole relative to celestial north. The Moon also approaches and recedes from us, appearing to grow and shrink. The two extremes, called perigee (near) and apogee (far), differ by more than 10%.The most noticed monthly variation in the Moon's appearance is the cycle of phases, caused by the changing angle of the Sun as the Moon orbits the Earth. The cycle begins with the waxing (growing) crescent Moon visible in the west just after sunset. By first quarter, the Moon is high in the sky at sunset and sets around midnight. The full Moon rises at sunset and is high in the sky at midnight. The third quarter Moon is often surprisingly conspicuous in the daylit western sky long after sunrise.Celestial south is up in these images, corresponding to the view from the southern hemisphere. The descriptions of the print resolution stills also assume a southern hemisphere orientation. (There is also a north-up version of this page.)The Moon's OrbitFrom this birdseye view, it's somewhat easier to see that the phases of the Moon are an effect of the changing angles of the sun, Moon and Earth. The Moon is full when its orbit places it in the middle of the night side of the Earth. First and Third Quarter Moon occur when the Moon is along the day-night line on the Earth.The First Point of Aries is at the 3 o'clock position in the image. The sun is in this direction at the March equinox. You can check this by freezing the animation at the 1:03 mark, or by freezing the full animation with the time stamp near March 20 at 10:00 UTC. This direction serves as the zero point for both ecliptic longitude and right ascension.The south pole of the Earth is tilted 23.5 degrees toward the 12 o'clock position at the top of the image. The tilt of the Earth is important for understanding why the north pole of the Moon seems to swing back and forth. In the full animation, watch both the orbit and the "gyroscope" Moon in the lower left. The widest swings happen when the Moon is at the 3 o'clock and 9 o'clock positions. When the Moon is at the 3 o'clock position, the ground we're standing on is tilted to the left when we look at the Moon. At the 9 o'clock position, it's tilted to the right. The tilt itself doesn't change. We're just turned around, looking in the opposite direction.The subsolar and sub-Earth points are the locations on the Moon's surface where the sun or the Earth are directly overhead, at the zenith. A line pointing straight up at one of these points will be pointing toward the sun or the Earth. The sub-Earth point is also the apparent center of the Moon's disk as observed from the Earth.In the animation, the blue dot is the sub-Earth point, and the yellow dot is the subsolar point. The lunar latitude and longitude of the sub-Earth point is a measure of the Moon's libration. For example, when the blue dot moves to the left of the meridian (the line at 0 degrees longitude), an extra bit of the Moon's eastern limb is rotating into view, and when it moves above the equator, a bit of the far side beyond the south pole becomes visible.At any given time, half of the Moon is in sunlight, and the subsolar point is in the center of the lit half. Full Moon occurs when the subsolar point is near the center of the Moon's disk. When the subsolar point is somewhere on the far side of the Moon, observers on Earth see a crescent phase.The Moon's orbit around the Earth isn't a perfect circle. The orbit is slightly elliptical, and because of that, the Moon's distance from the Earth varies between 28 and 32 Earth diameters, or about 356,400 and 406,700 kilometers. In each orbit, the smallest distance is called perigee, from Greek words meaning "near earth," while the greatest distance is called apogee. The Moon looks largest at perigee because that's when it's closest to us.The animation follows the imaginary line connecting the Earth and the Moon as it sweeps around the Moon's orbit. From this vantage point, it's easy to see the variation in the Moon's distance. Both the distance and the sizes of the Earth and Moon are to scale in this view. In the HD-resolution frames, the Earth is 50 pixels wide, the Moon is 14 pixels wide, and the distance between them is about 1500 pixels, on average.Note too that the Earth appears to go through phases just like the Moon does. For someone standing on the surface of the Moon, the sun and the stars rise and set, but the Earth doesn't move in the sky. It goes through a monthly sequence of phases as the sun angle changes. The phases are the opposite of the Moon's. During New Moon here, the Earth is full as viewed from the Moon.

from NASA's Scientific Visualization Studio: Most Popular
via IFTTT

Tuesday, December 27, 2016

Chameleon in a Candy Store

Read Chameleon in a Candy Store by Anonymous with Kobo. A Simon & Schuster eBook. Simon & Schuster has a great book for every reader.

from Google Alert - anonymous http://ift.tt/2iCIDDi
via IFTTT

Anonymous user 95bbe8

Name, Anonymous user 95bbe8. User since, June 18, 2016. Number of add-ons developed, 1 theme. Average rating of developer's add-ons, Not yet ...

from Google Alert - anonymous http://ift.tt/2i5NtM8
via IFTTT

I have a new follower on Twitter


Expedien, Inc
Data Analytics, Big Data, Data Management, and Business Intelligence services provider, a SAP & Informatica Alliance Partner Firm.
Houston
https://t.co/8QMm2nRRcr
Following: 469 - Followers: 648

December 27, 2016 at 10:48PM via Twitter http://twitter.com/Expedien_Inc

I have a new follower on Twitter


Gina Stepp
Gina Stepp is a writer with a focus on family studies and a master's degree in forensic psychology. Fan of acoustic music--learning to play the mandolin.
Southern California
http://t.co/jq2GM9FHia
Following: 3097 - Followers: 3752

December 27, 2016 at 09:43PM via Twitter http://twitter.com/Gina525

Thoughts?

http://ift.tt/2ifuQpr.

from Google Alert - anonymous http://ift.tt/2ipaNCc
via IFTTT

I have a new follower on Twitter


PredictiveHire
#AI for #talent & #HR. Improving productivity, performance, profitability, equality, diversity & social mobility #WorkforceScience #PredictiveAnalytics
Global
https://t.co/PqCDNU0iRj
Following: 7685 - Followers: 9179

December 27, 2016 at 08:48PM via Twitter http://twitter.com/Predictive_Hire

Solving Combinatorial Optimization problems with Quantum inspired Evolutionary Algorithm Tuned using a Novel Heuristic Method. (arXiv:1612.08109v1 [cs.AI])

Quantum inspired Evolutionary Algorithms were proposed more than a decade ago and have been employed for solving a wide range of difficult search and optimization problems. A number of changes have been proposed to improve performance of canonical QEA. However, canonical QEA is one of the few evolutionary algorithms, which uses a search operator with relatively large number of parameters. It is well known that performance of evolutionary algorithms is dependent on specific value of parameters for a given problem. The advantage of having large number of parameters in an operator is that the search process can be made more powerful even with a single operator without requiring a combination of other operators for exploration and exploitation. However, the tuning of operators with large number of parameters is complex and computationally expensive. This paper proposes a novel heuristic method for tuning parameters of canonical QEA. The tuned QEA outperforms canonical QEA on a class of discrete combinatorial optimization problems which, validates the design of the proposed parameter tuning framework. The proposed framework can be used for tuning other algorithms with both large and small number of tunable parameters.



from cs.AI updates on arXiv.org http://ift.tt/2hLOBBv
via IFTTT

Theory-guided Data Science: A New Paradigm for Scientific Discovery. (arXiv:1612.08544v1 [cs.LG])

Data science models, although successful in a number of commercial domains, have had limited applicability in scientific problems involving complex physical phenomena. Theory-guided data science (TGDS) is an emerging paradigm that aims to leverage the wealth of scientific knowledge for improving the effectiveness of data science models in enabling scientific discovery. The overarching vision of TGDS is to introduce scientific consistency as an essential component for learning generalizable models. Further, by producing scientifically interpretable models, TGDS aims to advance our scientific understanding by discovering novel domain insights. Indeed, the paradigm of TGDS has started to gain prominence in a number of scientific disciplines such as turbulence modeling, material discovery, quantum chemistry, bio-medical science, bio-marker discovery, climate science, and hydrology. In this paper, we formally conceptualize the paradigm of TGDS and present a taxonomy of research themes in TGDS. We describe several approaches for integrating domain knowledge in different research themes using illustrative examples from different disciplines. We also highlight some of the promising avenues of novel research for realizing the full potential of theory-guided data science.



from cs.AI updates on arXiv.org http://ift.tt/2huWMpL
via IFTTT

Monte Carlo Sort for unreliable human comparisons. (arXiv:1612.08555v1 [cs.AI])

Algorithms which sort lists of real numbers into ascending order have been studied for decades. They are typically based on a series of pairwise comparisons and run entirely on chip. However people routinely sort lists which depend on subjective or complex judgements that cannot be automated. Examples include marketing research; where surveys are used to learn about customer preferences for products, the recruiting process; where interviewers attempt to rank potential employees, and sporting tournaments; where we infer team rankings from a series of one on one matches. We develop a novel sorting algorithm, where each pairwise comparison reflects a subjective human judgement about which element is bigger or better. We introduce a finite and large error rate to each judgement, and we take the cost of each comparison to significantly exceed the cost of other computational steps. The algorithm must request the most informative sequence of comparisons from the user; in order to identify the correct sorted list with minimum human input. Our Discrete Adiabatic Monte Carlo approach exploits the gradual acquisition of information by tracking a set of plausible hypotheses which are updated after each additional comparison.



from cs.AI updates on arXiv.org http://ift.tt/2hLQJcw
via IFTTT

A Sparse Nonlinear Classifier Design Using AUC Optimization. (arXiv:1612.08633v1 [cs.AI])

AUC (Area under the ROC curve) is an important performance measure for applications where the data is highly imbalanced. Learning to maximize AUC performance is thus an important research problem. Using a max-margin based surrogate loss function, AUC optimization problem can be approximated as a pairwise rankSVM learning problem. Batch learning methods for solving the kernelized version of this problem suffer from scalability and may not result in sparse classifiers. Recent years have witnessed an increased interest in the development of online or single-pass online learning algorithms that design a classifier by maximizing the AUC performance. The AUC performance of nonlinear classifiers, designed using online methods, is not comparable with that of nonlinear classifiers designed using batch learning algorithms on many real-world datasets. Motivated by these observations, we design a scalable algorithm for maximizing AUC performance by greedily adding the required number of basis functions into the classifier model. The resulting sparse classifiers perform faster inference. Our experimental results show that the level of sparsity achievable can be order of magnitude smaller than the Kernel RankSVM model without affecting the AUC performance much.



from cs.AI updates on arXiv.org http://ift.tt/2huZ3Be
via IFTTT

Role of Simplicity in Creative Behaviour: The Case of the Poietic Generator. (arXiv:1612.08657v1 [cs.AI])

We propose to apply Simplicity Theory (ST) to model interest in creative situations. ST has been designed to describe and predict interest in communication. Here we use ST to derive a decision rule that we apply to a simplified version of a creative game, the Poietic Generator. The decision rule produces what can be regarded as an elementary form of creativity. This study is meant as a proof of principle. It suggests that some creative actions may be motivated by the search for unexpected simplicity.



from cs.AI updates on arXiv.org http://ift.tt/2hv5kNt
via IFTTT

The Linearization of Belief Propagation on Pairwise Markov Networks. (arXiv:1502.04956v2 [cs.AI] UPDATED)

Belief Propagation (BP) is a widely used approximation for exact probabilistic inference in graphical models, such as Markov Random Fields (MRFs). In graphs with cycles, however, no exact convergence guarantees for BP are known, in general. For the case when all edges in the MRF carry the same symmetric, doubly stochastic potential, recent works have proposed to approximate BP by linearizing the update equations around default values, which was shown to work well for the problem of node classification. The present paper generalizes all prior work and derives an approach that approximates loopy BP on any pairwise MRF with the problem of solving a linear equation system. This approach combines exact convergence guarantees and a fast matrix implementation with the ability to model heterogenous networks. Experiments on synthetic graphs with planted edge potentials show that the linearization has comparable labeling accuracy as BP for graphs with weak potentials, while speeding-up inference by orders of magnitude.



from cs.AI updates on arXiv.org http://ift.tt/1MvHhEQ
via IFTTT

Thailand Censorship OpSingleGateway

Greetings world, we are Anonymous. Many of the governments in the world today censor what can be seen. The government of Thailand has been ...

from Google Alert - anonymous http://ift.tt/2hLzPe0
via IFTTT

Ravens: John Harbaugh won't be entering final year of deal despite speculation he was only signed through 2017 - Hensley (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

I have a new follower on Twitter


Wings DAO Platform
Wings is a cross blockchain Decentralized Autonomous Organizations management platform that allows easy DAO setup, participation or administration.

https://t.co/tLUO7BVy8C
Following: 4530 - Followers: 7916

December 27, 2016 at 03:48PM via Twitter http://twitter.com/wingsplatform

Anonymous Hacks and Defaces Thai LA Consulate to Protest Arrests and Cyber Law

Anonymous Hacks and Defaces Thai LA Consulate to Protest Arrests and Cyber Law. Tweet. | More... |. Target: http://ift.tt/2hkYR2w.

from Google Alert - anonymous http://ift.tt/2iANwkl
via IFTTT

Anonymous' recently released journalist Barret Brown still vows never to back down

Barrett Brown, the activist and journalist known best for his work with anonymous, was recently released from jail after serving a brutal 4-year sentence ...

from Google Alert - anonymous http://ift.tt/2inOFIB
via IFTTT

Did You Install Super Mario Run APK for Android? That's Malware

After the success of Pokémon Go, Nintendo's "Super Mario Run" has become the hottest game to hit the market with enormous popularity and massive social impact. The game has taken the world by storm since its launch for iOS devices over a week ago. But if you have downloaded a Super Mario Run APK for your Android device, Beware! That's malware. Since Super Mario Run has currently been released


from The Hacker News http://ift.tt/2htJvxG
via IFTTT

I have a new follower on Twitter


Harun Tahta
Tahta tabi, zoruna mı gitti?


Following: 21 - Followers: 15

December 27, 2016 at 09:48AM via Twitter http://twitter.com/TahtaHarun

ISS Daily Summary Report – 12/23/2016

Fluid Shifts Dilution Measurements: The 49S subject, with blood draw assistance from a Crew Medical Officer (CMO) Operator, performed the first part of the Fluid Shift activities – Dilution Measurement. Upon wakeup the subject collected saliva, blood and urine and inserted them into Minus Eighty Degree Celsius Laboratory Freezer for ISS (MELFI) prior to ingesting a Sodium Bromide (NaBr) tracer. Throughout the day, the crew will perform more urine, blood, and saliva collections, inserting the samples into MELFI as well. Fluid Shifts is divided into three experiment portions – Dilution Measurements, Baseline Imaging, and Baseline Imaging with Chibis (Lower Body Negative Pressure).  The Fluid Shifts experiment investigates the causes for severe and lasting physical changes to astronaut’s eyes. Because the headward fluid shift is a hypothesized contributor to these changes, reversing this fluid shift with a lower body negative pressure device is investigated as a possible intervention. Results from this study may help to develop preventative measures against lasting changes in vision and eye damage.  Aerosol Samplers Cartridge Removal: The crew closed and removed the Active Aerosol Sampler (AAS) in the LAB and PMM locations. The battery powered AAS actively pulls in air and collects particles using the principal of thermophoresis. This is accomplished by flowing the sampled air through a large thermal gradient in a narrow channel. During this process, particles are driven to the cold side of the channel where an electron microscope (EM) grid is held in place by a tiny magnet. When returned to Earth, these grids are easily removed and placed directly in the EM for analysis. Veg-03 Harvest and Consumption: The crew performed the second of two consumption harvests of the Outredgous Romaine Lettuce from the Veggie facility today.  The fourth and final harvest next week is scheduled, where the harvested leaves will be placed in MELFI for return. The overall goal of Veg-03 is to further demonstrate proof-of concept for the Veggie plant growth chamber and the planting pillows using ‘Outregous’ Red Romaine lettuce. Future long-duration missions into the solar system, will require a fresh food supply to supplement crew diets, which means growing crops in space. Previous investigations focused on improving productivity in controlled environments, but the limited quarters of the space shuttle and ISS made it difficult to conduct large-scale crop production tests. Veg-03 expands on previous validation tests of the new Veggie hardware, which crew members will soon use to grow cabbage, lettuce and other fresh vegetables in space. Tests determine which types of microorganisms are present in space-grown cabbage, providing baseline data for future crop-growing efforts. Behavioral health surveys assess the impact of growing plants on crew morale and mood. Node 1 (N1) Galley Rack Operations: The crew rotated the galley rack and routed and installed the galley data cable between the N1 aft/port endcone gore panel and the N1 Utility Interface Panel (UIP).  Extravehicular Mobility Unit (EMU) Maintenance: The crew completed the following in preparation for upcoming EVA’s: EMU 3006 Loop Scrub EMU 3008 Loop Scrub – was cancelled due to a water leak at the Service and Cooling Umbilical (SCU).  Time will be scheduled next week to changeout the SCU and complete the EMU 3008 loop scrub. Liquid Cooling Ventilation Garments (LVCGs) filled with water Conductivity tests Today’s Planned Activities All activities were completed unless otherwise noted. Fluid Shifts Baseline Collections Fluid Shifts MELFI Insertion Operations Fluid Shifts Galley Water Collection Tracer Ingestion Operations Fluid Shifts Refrigerated Centrifuge Configuration Fluid Shifts Refrigerated Centrifuge Spin Conclude CWC-I to ЕДВ init Initiate water transfer from CWC-I to ЕДВ EMU Cooling Loop Maintenance – Part 1 IMS Tagup (S-band)  [СТТС] comm system switchover to the primary set R&R of FGB БР-9ЦУ-8 system ЭА025М ЗУ2Б (А56) Test of file exchange link MCC- Soyuz 733 [СА] PC Terminate water transfer from CWC-I to ЕДВ CWC-I to EDV Term Search for vacuum pressure gauge hose VIZIR. Experiment set up and start using СКПИ P/L Total Organic Carbon Analyzer (TOCA) Waste Water Bag (WWB) Changeout Strata Status Check VEG-03 Consumption Harvest #2 Aerosol Passive Samplers Status Check Environmental Health System (EHS) Total Organic Carbon Analyzer (TOCA) Low Calibration EMU Post Scrub Cooling Loop Water (H2O) Sample Regenerative Environmental Control and Life Support System (ECLSS) Recycle Tank Drain EMU Cooling Loop Maintenance Scrub Reconfiguration EMU) Liquid Cooling Ventilation Garment (LVCG) Water Fill Fluid Shifts Refrigerated Centrifuge Spin Conclude SARCOLAB. EPM Hard Drive Removal and Stowage Fluid Shifts MELFI Retrieve Insertion Operations EMU loop scrub init [EMU 3008 Aborted] Regenerative Environmental Control and Life Support System (ECLSS) Recycle Tank Drain Part 2 BIOCARD. Operator Assistance During the Experiment BIOCARD. Experiment EMU Water Recharge Regenerative Environmental Control and Life Support System (RGN) WSTA Fill Cleaning ПФ1, ПФ2 dust filters and В1, B2, Fan Grilles in MRM2 Aerosol Samplers Cartridge Removal EMU Liquid Cooling Ventilation Garment (LVCG) Water Fill Countermeasures System (CMS) Treadmill 2 (T2) Exercise Session EMU Cooling Loop Scrub Termination FLUID SHIFTS. Big Picture Overview IMS Update Fluid Shifts Urine Containment Bag Stow Retrieval Regenerative Environmental Control and Life Support System (RGN) WSTA Fill Environmental Health System (EHS) Total Organic Carbon Analyzer (TOCA) Low Calibration Data Closeout EMU Conductivity Test Galley Data Cable Installation Regenerative Environmental Control and Life Support System (RGN) WSTA Fill Dose Tracker Data Entry Subject Ultrasound 2 HRF Rack 1 Setup СОЖ maintenance HTV-6 Cargo Stowage Ops in RS VIZIR. СКПИ Closeout Ops Regenerative Environmental Control and Life Support System (ECLSS) Recycle Tank R&R MRM2 comm config to support the P/L Ops Kulonovskiy Kristall Experiment Run MOTOCARD. Experiment Ops MOTOCARD. Operator Assistance with the Experiment EMU Long Life Battery (LLB) Charge Terminate MRM2 Comm Reconfig for Nominal Ops KULONOVSKIY KRISTALL. Copying data to removable hard drive Date /Time Sync on 6 RS still cameras to the station time LAB1O1_K1 Audit CMO OBT Stow Syringes used in H2O Conductivity Test CONTENT. Experiment Ops Completed Task List Items Inverter outlet label deploy Headset replace ARED cleat audit Handover procedures questions HTV6 consolidation Deploy aluminum tape on Saibo/Ryutai racks SSC5 fan clean VEG03 pillow […]

from ISS On-Orbit Status Report http://ift.tt/2hkg3FI
via IFTTT

ISS Daily Summary Report – 12/22/2016

Sarcolab-3 Deconfigure and Stow: After successful completion of the Flight Day (FD) 30-60 sessions on Tuesday and Wednesday, the crew deconfigured and stowed the Muscle Atrophy Research & Exercise System (MARES). Later today, the crew will verify and downlink the data and stow the remaining ancillary Sarcolab-3 hardware. The next session will be in the FD 30-60 window. Myotendinous and Neuromuscular Adaptation to Long-term Spaceflight (Sarcolab) investigates the adaptation and deterioration of the soleus, or calf muscle, where it joins the Achilles tendon which links it to the heel and carries loads from the entire body. Muscle fiber samples are taken from crew members before and after flight and analyzed for changes in structural and chemical properties. MRI and ultrasound tests and electrode stimulation are conducted to help assess muscle and tendon changes caused by microgravity exposure. Japanese-Small Satellite Orbital Deployer (J-SSOD) Exchange: On Monday, the satellite housed in J-SSOD #5 was successfully deployed and the launcher was returned to the Japanese Experiment Module Airlock (JEMAL) Slide Table.  Today, the crew removed J-SSOD #5 and installed J-SSOD #6, the first Enhanced J-SSOD which is able to launch twice the satellites when compared to previous deployers.  J-SSOD #6 will deploy the following experiments: AOBA-Velox-III (2U): A demonstration of Pulsed Plasma Thruster TuPOD (3U): Deployment of two CubeSat daughter satellites EGG (3U): Demonstration to unfold a toroidal inflable structure for aeroshells ITF-2 (1U): Builds a network for people using satellite data FREEDOM (1U): Demonstrate a de-orbit devices using a thin-film unfolding mechanism in space WASEDA-SAT3 (1U): Image projection on the surface of a drag chute with a micro-projector Manufacturing Device: With ground support, the crew was able to recover the Manufacturing Device capability.  The crew was able to trim the printing filament to prevent jamming then they reinstalled the canister into the 3-D printer.  Ground teams report that the Manufacturing Device is ready for printing operations.  Manufacturing Device consists of the Additive Manufacturing Facility (AMF), a permanent manufacturing facility on the ISS, providing hardware manufacturing services. The ability to manufacture on the ISS enables on-demand repair and production capability, as well as essential research for manufacturing on long-term missions. AMF allows for immediate repair of essential components, upgrades of existing hardware, installation of new hardware that is manufactured, and the manufacturing capability to support commercial interests on the ISS. Advanced Colloids Experiment Temperature Control-1 (ACE-T-1) Module Installation: On Tuesday, the crew successfully replaced the failed Fluids Integrated Rack (FIR) Image Processing and Storage Unit (IPSU).  Today, the crew replaced the ACE-T-1 module with the next experiment module that was flown up on HTV-6.  ACE-T-1 studies tiny suspended particles which have been designed by scientists to connect themselves in a specific way to form organized structures within water. The particles that were flown on HTV-6 are cylindrical in shape, versus bullet-shaped as the previous ACE-T-1 module investigated.  Materials having complex structures and unique properties potentially can be made with more knowledge of how these particles are joined together and the conditions which control their behaviors. FIR is a complementary fluid physics research facility designed to host investigations in areas such as colloids, gels, bubbles, wetting and capillary action, and phase changes, including boiling and cooling.  Aerosol Sampling: Today was the fourth of five Active Aerosol Sampler (AAS) deployments.  The samplers were placed in the LAB and Permanent Multipurpose Module (PMM) near the deployed Passive Samplers. The LAB location was chosen to capture particle samples for a “typical” day, to compare with a LAB sampling session performed on December 8.  The PMM location was chosen to capture particle samples in a “low people traffic” area, i.e. stowage. The battery powered AAS, actively pulls in air and collects particles using the principal of thermophoresis. This is accomplished by flowing the sampled air through a large thermal gradient in a narrow channel. During this process, particles are driven to the cold side of the channel, where an electron microscope (EM) grid is held in place by a tiny magnet. When returned to Earth, these grids are easily removed and placed directly in the EM for analysis. Node 1 (N1) Galley Rack Operations: The crew completed steps to provide Internal Thermal Control System (ITCS) utilities to the N1 Galley Rack. They routed ITCS Jumpers from the N1 Forward Port Alcove into, and along, the Deck Port Standoff area to the Utility Interface Panel on the rack which will provide Moderate Temperature Loop (MTL) cooling to the rack. Per the plan, no connections were made to the Galley Rack or Node 1 Forward Port Alcove QDs which will be planned in the future.  H-2 Transfer Vehicle (HTV) Cargo Operations: The crew has unloaded all cargo from the vehicle. They are now ready to load the vehicle.  Today’s Planned Activities All activities were completed unless otherwise noted. Crew Evaluation of New Food Items Video Footage of Greetings Preparation of Reports for Roscosmos Web Site and Social Media EKON-M. Observations and photography PAO hardware setup Personal CO2 Monitor iPad Application Restart Crew Prep for PAO Aerosol Samplers Battery Charge TV conference  Russian Father Frost Greetings to the ISS Crew (S + Ku-band) In Flight Maintenance (IFM) Waste and Hygiene Compartment (WHC) Full Fill OTKLIK. Hardware Monitoring SARCOLAB. PL and Laptop Activation Measuring Partial CO Pressure at RS Central Post using US portable CSA-CP analyzer Audit of Docking and Internal Transfer System (ССВП) Items SARCOLAB. Initiate Battery Discharge CARDIOVECTOR. Experiment Manufacturing Device Filament Trim. SARCOLAB. Removing MARES knee mechanisms In Flight Maintenance (IFM) Waste and Hygiene Compartment (WHC) Full Fill LEHX SERIAL CABLE CONNECTION BETWEEN JEM  TEPCCONTROL UNIT AND MEDICAL LAPTOP HRF2 Supply Kit Inventory PILOT-T. Preparation for the experiment MRM2 comm config to support the P/L Ops Kulonovskiy Kristall Experiment Run Galley Internal Thermal Control System (ITCS) Jumper Installation PILOT-T. Experiment Ops Story Time Too Much of a Good Thing Read MRM2 Comm Reconfig for Nominal Ops Health Maintenance System (HMS) – ESA Nutritional Assessment KULONOVSKYI KRISTALL. Copying data to removable hard drive Hardware stowage for disposal in Progress […]

from ISS On-Orbit Status Report http://ift.tt/2hpEO6C
via IFTTT

I have a new follower on Twitter


Haşim İşgüzar
Tembel İnsan
İstanbul

Following: 23 - Followers: 6

December 27, 2016 at 05:48AM via Twitter http://twitter.com/HasimIsG

Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto

On 2016-12-23 13:28:33 +0100, RedTeam Pentesting GmbH wrote: > res = apr_crypto_passphrase(&key, &ivSize, passphrase, > strlen(passphrase), (unsigned char *) (&salt), sizeof(apr_uuid_t), > *cipher, APR_MODE_CBC, 1, 4096, f, r->pool); CBC. Again. The earliest mention of CFB which I know is dated 1989. The earliest mention of CTR which I know is dated 1990-ies. But there still are people who use CBC... Please, PLEASE, PPLEEEEAASSSE don't use it. Instead, use either Blowfish in CFB mode or at least Rijndael (AES) in CTR (or GCM) mode - both are available, for example, in the OpenSSL library.

Source: Gmail -> IFTTT-> Blogger

[FD] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]

PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Severity: CRITICAL Discovered by: Dawid Golunski (@dawid_golunski) http://ift.tt/2fcYckq PHPMailer "Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more" Desc: An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class. Patching: Responsibly disclosed to PHPMailer team. They've released a critical security release. If you are using an affected release update to the 5.2.18 security release as advised at: http://ift.tt/2hmdqGJ Notes: I know this is a bad timing and a short notice (for everyone probably ;) I've spent most of my Christmas break working on this issue with affected vendors. This has been quite a rush as one of the vendors leaked excessive information on this vulnerability at one point which could aid potential attackers. I've released a limited advisory at the link below: http://ift.tt/2hFRfJb This is to give people a chance to immediately patch or at least be aware of the issue before we get closer to a working day/end of holiday for affected users to act on this issue. I'm planning to release the full advisory and a PoC exploit shortly so that everyone is on the same page. Upcoming Video PoC exploit: http://ift.tt/2hsL5QJ For updates follow: https://twitter.com/dawid_golunski I'll also send another email to the list once it is published. For now, Patch it now before someone else patches it for you (through a reverse shell ;)

Source: Gmail -> IFTTT-> Blogger

[FD] kernel vuln status question - how can I be protected

Dear kernel maintainers, specialists, Regarding latest kernel vulns, like CVE-2016-8655, there were some reports how and where ubuntu/debian/redhat distributions fixed the problem. However, I could not find clear indications about fixes in plain vanilla kernel sources. No indication on LTS, and of course nothing on the others. O.K. there is a patch for the particular CVS+kernel version, but it is rather not evident to people that they must not go and install a recent 3.16.39 as it is not fixed. I really could not find out details and exact information no matter how I tried to find on googole. What about having a channel to get latest information? What about having LTS not just patches but information feed. Or what about sending out additional information added to actual security patches how it should/would/had affect to other versions. Of course, maybe there is a trivial solution on that, e.g. I did not see some notes, but I'm afraid I'm right and zillions of admins simply do not know if they are vulnerable or not. So is there a plan for 3.16.39 patch? What about 3.2 3.4 and similar? Should one use the existing af_packet patch? Or from now on we should trust on vendors (Debian, Redhat or Andorid... ) and it recommended to avoid bjuilding kernel from scratch now? b.

Source: Gmail -> IFTTT-> Blogger

[FD] Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files (WordPress plugin)

Details ================ Software: Image Slider Version: 1.1.41,1.1.89 Homepage: http://ift.tt/2i2kFUR Advisory report: http://ift.tt/2izs5Ms CVE: Awaiting assignment CVSS: 5.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N) Description ================ Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files Vulnerability ================ Any user able to create or edit “Sliders” (the same users who can create/edit posts, as far as I can tell) is able to delete arbitrary files that the web user has permission to write to. In addition, the attacker is told whether that operation succeeded or failed. Depending on configuration this could lead to the attacker being able to: Delete media uploads Delete plugin files (this would be especially bad if there were security plugins limiting the attacker’s abilities) Delete important system files (/etc/hosts, /usr/bin/php) Attempt to delete unimportant files in order to discover more information about the system (i.e. attempting to delete /usr/share/doc/apt/changelog.gz would have little effect on the system if successful but it would tell the attacker that the host is running a Debian derivative) Proof of concept ================ First, make sure you have a file to delete. I’m going to use /etc/hosts as an example because it demonstrates that you’re not limited to files within the WordPress installation, but make sure whichever file you use can be deleted by the user account WordPress is running under Visit /wp-admin/post-new.php?post_type=easyimageslider Input the following JavaScript in the inspector’s console to get the nonce value: document.querySelector(\'[data-tnonce]\').dataset[\'tnonce\'] Create a page containing the following code, replace NONCE with the nonce you got in the previous step, visit the page and click submit
If WordPress is being run as root (or if the web user has permission to write to that file) then the page will display “1”, if not it won’t display anything. Mitigations ================ Disable the plugin. No fixed version is known. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2015-10-29: Discovered 2016-12-09: Reported to vendor via info@ghozylab.com 2016-12-23: Vendor has not responded after 14 days 2016-12-23: Published Discovered by dxw: ================ Tom Adams Please visit security.dxw.com for more information.

Source: Gmail -> IFTTT-> Blogger

[FD] BlackArch Linux OVA Image released!

Stabat Sancta Maria (Anonymous)

Stabat Sancta Maria (Anonymous) .... Composer, Anonymous. Key, A major. Movements/SectionsMov'ts/Sec's, 3 movements. Stabat Sancta Maria ...

from Google Alert - anonymous http://ift.tt/2hJiMJR
via IFTTT

Adoramus Te Christe (Anonymous)

Adoramus Te Christe (Anonymous) .... Composer, Anonymous. Key, E-flat major. Movements/SectionsMov'ts/Sec's, 1. First Publication. 2012.

from Google Alert - anonymous http://ift.tt/2ic2qwu
via IFTTT

Monday, December 26, 2016

Alcoholics Anonymous - Big Book

Alcoholics Anonymous - Big Book. Sunday, 5/21/2017 10 a.m. - 12 p.m.. Treiber Conference Center - Community Memorial Hospital Campus

from Google Alert - anonymous http://ift.tt/2i92FWW
via IFTTT

I have a new follower on Twitter


Kaseya Corp
Kaseya solutions allow MSPs and IT organizations to efficiently manage and secure IT in order to drive IT service and business success.
Boston, MA, USA
http://t.co/rbftW6eGgW
Following: 6254 - Followers: 9689

December 26, 2016 at 07:13PM via Twitter http://twitter.com/KaseyaCorp

Sundays and Wednesday evenings

Atheist/Agnostic Alcoholics Anonymous (We Agnostics Of Uptown) Men's Center in Minneapolis (women are welcome too) 3249 Hennepin Ave South, ...

from Google Alert - anonymous http://ift.tt/2ixIWim
via IFTTT

What is the difference between Normal function vs Anonymous Function?

I am totally confused about anonymous function, is this a kind of some hidden function? Posting to the forum is only allowed for members with active ...

from Google Alert - anonymous http://ift.tt/2hhfnAY
via IFTTT

Anonymous

Showing 1-4 of 4 results for “Anonymous”. Sorted by date added, Popularity, Relevance, Release date, Title, Author. Filters. Filter search results.

from Google Alert - anonymous http://ift.tt/2iwdXr4
via IFTTT

Anonymous' Journalist Released after 4 Years in Jail -- Vows Never to Back Down

Barrett Brown, the activist and journalist known best for his work with anonymous, was recently released from jail after serving a brutal 4-year ...

from Google Alert - anonymous http://ift.tt/2hh9HGP
via IFTTT

OpenCV: Resolving NoneType errors

nonetype_output

Each week I receive and respond to at least 2-3 emails and 3-4 blog post comments regarding

NoneType
  errors in OpenCV and Python.

For beginners, these errors can be hard to diagnose — by definition they aren’t very informative.

Since this question is getting asked so often I decided to dedicate an entire blog post to the topic.

While

NoneType
  errors can be caused for a nearly unlimited number of reasons, in my experience, both as a computer vision developer and chatting with other programmers here on PyImageSearch, in over 95% of the cases,
NoneType
  errors in OpenCV are caused by either:
  1. An invalid image path passed to
    cv2.imread
    
     .
  2. A problem reading a frame from a video stream/video file via
    cv2.VideoCapture
    
      and the associated
    .read
    
      method.

To learn more about

NoneType
  errors in OpenCV (and how to avoid them), just keep reading.

Looking for the source code to this post?
Jump right to the downloads section.

OpenCV: Resolving NoneType errors

In the first part of this blog post I’ll discuss exactly what

NoneType
  errors are in the Python programming language.

I’ll then discuss the two primary reasons you’ll run into

NoneType
  errors when using OpenCV and Python together.

Finally, I’ll put together an actual example that not only causes a

NoneType
  error, but also resolves it as well.

What is a NoneType error?

When using the Python programming language you’ll inevitably run into an error that looks like this:

AttributeError: 'NoneType' object has no attribute ‘something’

Where

something
  can be replaced by whatever the name of the actual attribute is.

We see these errors when we think we are working with an instance of a particular Class or Object, but in reality we have the Python built-in type

None
 .

As the name suggests,

None
  represents the absence of a value, such as when a function call returns an unexpected result or fails entirely.

Here is an example of generating a

NoneType
  error from the Python shell:
>>> foo = None
>>> foo.bar = True
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'NoneType' object has no attribute 'bar'
>>>

Here I create a variable named

foo
  and set it to
None
 .

I then try to set the

bar
  attribute of
foo
  to
True
 , but since
foo
  is a
NoneType
  object, Python will not allow this — hence the error message.

Two reasons for 95% of OpenCV NoneType errors

When using OpenCV and Python bindings, you’re bound to come across

NoneType
  errors at some point.

In my experience, over 95% of the time these

NoneType
  errors can be traced back to either an issue with
cv2.imread
  or
cv2.VideoCapture
 .

I have provided details for each of the cases below.

Case #1: cv2.imread

If you are receiving a

NoneType
  error and your code is calling
cv2.imread
 , then the likely cause of the error is an invalid file path supplied to
cv2.imread
 .

The

cv2.imread
  function does not explicitly throw an error message if you give it an invalid file path (i.e., a path to a nonexistent file). Instead,
cv2.imread
  will simply return
None
 .

Anytime you try to access an attribute of a

None
  image loaded from disk via
cv2.imread
  you’ll get a
NoneType
  error.

Here is an example of trying to load a nonexistent image from disk:

$ python
>>> import cv2
>>> path = "path/to/image/that/does/not/exist.png"
>>> image = cv2.imread(path)
>>> print(image.shape)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'NoneType' object has no attribute 'shape'

As you can see,

cv2.imread
  gladly accepts the image path (even though it doesn’t exist), realizes the image path is invalid, and returns
None
 . This is especially confusing for Python programmers who are used to these types of functions throwing exceptions.

As an added bonus, I’ll also mention the

AssertionFailed
  exception.

If you try to pass an invalid image (i.e.,

NoneType
  image) into another OpenCV function, Python + OpenCV will complain that the image doesn’t have any width, height, or depth information — and how could it, the “image” is a
None
  object after all!

Here is an example of an error message you might see when loading a nonexistent image from disk and followed by immediately calling an OpenCV function on it:

>>> import cv2
>>> path = "path/to/image/that/does/not/exist.png"
>>> image = cv2.imread(path)
>>> gray = cv2.cvtColor(image, cv2.COLOR_BGR2GRAY)
OpenCV Error: Assertion failed (scn == 3 || scn == 4) in cvtColor, file /tmp/opencv20150906-42178-3d0iam/opencv-2.4.12/modules/imgproc/src/color.cpp, line 3739
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
cv2.error: /tmp/opencv20150906-42178-3d0iam/opencv-2.4.12/modules/imgproc/src/color.cpp:3739: error: (-215) scn == 3 || scn == 4 in function cvtColor

>>>

These types of errors can be harder to debug since there are many reasons why an

AssertionError
  could be thrown. But in most cases, your first step should be be ensuring that your image was correctly loaded from disk.

A final, more rare problem you may encounter with

cv2.imread
  is that your image does exist on disk, but you didn’t compile OpenCV with the given image I/O libraries installed.

For example, let’s say you have a .JPEG file on disk and you knew you had the correct path to it.

You then try to load the JPEG file via

cv2.imread
  and notice a
NoneType
  or
AssertionError
 .

How can this be?

The file exists!

In this case, you likely forgot to compile OpenCV with JPEG file support enabled.

In Debian/Ubuntu systems, this is caused by a lack of

libjpeg
  being installed.

For macOS systems, you likely forgot to install the

jpeg
  library via Homebrew.

To resolve this problem, regardless of operating system, you’ll need to re-compile and re-install OpenCV. Please see this page for more details on how to compile and install OpenCV on your particular system.

Case #2: cv2.VideoCapture and .read

Just like we see

NoneType
  errors and
AssertionError
  exceptions when using
cv2.imread
 , you’ll also see these errors when working with video streams/video files as well.

To access a video stream, OpenCV uses the

cv2.VideoCapture
  which accepts a single argument, either:
  1. string representing the path to a video file on disk.
  2. An integer representing the index of a webcam on your computer.

Working with video streams and video files with OpenCV is more complex than simply loading an image via

cv2.imread
 , but the same rules apply.

If you try to call the

.read
  method of an instantiated
cv2.VideoCapture
  (regardless if it’s a video file or webcam stream) and notice a
NoneType
  error or 
AssertionError
 , then you likely have a problem with either:
  1. The path to your input video file (it’s probably incorrect).
  2. Not having the proper video codecs installed, in which case you’ll need to install the codecs, followed by re-compiling and re-installing OpenCV (see this page for a complete list of tutorials).
  3. Your webcam not being accessible via OpenCV. This could be for any number of reasons, including missing drivers, an incorrect index passed to
    cv2.VideoCapture
    
     , or simply your webcam is not properly attached to your system.

Again, working with video files is more complex than working with simple image files, so make sure you’re systematic in resolving the issue.

First, try to access your webcam via a separate piece of software than OpenCV.

Or, try to load your video file in a movie player.

If both of those work, you likely have a problem with your OpenCV install.

Otherwise, it’s most likely a codec or driver issue.

An example of creating and resolving an OpenCV NoneType error

To demonstrate a

NoneType
  error in action I decided to create a highly simplified Python + OpenCV script that represents what you might see elsewhere on the PyImageSearch blog.

Open up a new file, name it

display_image.py
 , and insert the following code:
# import the necessary packages
import argparse
import cv2

# construct the argument parse and parse the arguments
ap = argparse.ArgumentParser()
ap.add_argument("-i", "--image", required=True,
        help="path to the image file")
args = vars(ap.parse_args())

# load the image from disk and display the width, height,
# and depth
image = cv2.imread(args["image"])
(h, w, d) = image.shape
print("w: {}, h: {}, d: {}".format(w, h, d))

# show the image
cv2.imshow("Image", image)
cv2.waitKey(0)

All this script does is:

  • Parse command line arguments.
  • (Attempts to) load an image from disk.
  • Prints the width, height, and depth of the image to the terminal.
  • Displays the image to our screen.

For most Python developers who are familiar with the command line, this script won’t give you any trouble.

But if you’re new to the command line and are unfamiliar/uncomfortable with command line arguments, you can easily run into a

NoneType
  error if you’re not careful.

How, you might say?

The answer lies in not properly using/understanding command line arguments.

Over the past few years of running this blog, I’ve seen many emails and blog post comments from readers who are trying to modify the

.add_argument
  function to supply the path to their image file.

DON’T DO THIS — you don’t have to change a single line of argument parsing code.

Instead, what you should do is spend the next 10 minutes reading through this excellent article that explains what command line arguments are and how to use them in Python:

http://ift.tt/2hqUqIK

This is required reading if you expect to follow tutorials here on the PyImageSearch blog.

Working with the command line, and therefore command line arguments, are a big part of what it means to be a computer scientist — a lack of command line skills is only going to harm youYou’ll thank me later.

Going back to the example, let’s check the contents of my local directory:

$ ls -l
total 800
-rw-r--r--  1 adrianrosebrock  staff     541 Dec 21 08:45 display_image.py
-rw-r--r--  1 adrianrosebrock  staff  403494 Dec 21 08:45 jemma.png

As we can see, I have two files:

  1. display_image.py
    
     : My Python script that I’ll be executing shortly.
  2. jemma.png
    
     : The photo I’ll be loading from disk.

If I execute the following command I’ll see the

jemma.png
  image displayed to my screen, along with information on the dimensions of the image:
$ python display_image.py --image jemma.png
w: 376, h: 500, d: 3
Figure 1: Loading and displaying an image to my screen with OpenCV and Python.

Figure 1: Loading and displaying an image to my screen with OpenCV and Python.

However, let’s try to load an image path that does not exist:

$ python display_image.py --image i_dont_exist.png
Traceback (most recent call last):
  File "display_image.py", line 17, in <module>
    (h, w, d) = image.shape
AttributeError: 'NoneType' object has no attribute 'shape'

Sure enough, there is our

NoneType
  error.

In this case, it was caused because I did not supply a valid image path to

cv2.imread
 .

Summary

In this blog post I discussed

NoneType
  errors and
AssertionError
  exceptions in OpenCV and Python.

In the vast majority of these situations, these errors can be attributed to either the

cv2.imread
  or
cv2.VideoCapture
  methods.

Whenever you encounter one of these errors, make sure you can load your image/read your frame before continuing. In over 95% of circumstances, your image/frame was not properly read.

Otherwise, if you are using command line arguments and are unfamiliar with them, there is a chance that you aren’t using them properly. In that case, make sure you educate yourself by reading this tutorial on command line arguments — you’ll thank me later.

Anyway, I hope this tutorial has helped you in your journey to OpenCV mastery!

If you’re just getting started studying computer vision and OpenCV, I would highly encourage you to take a look at my book, Practical Python and OpenCV, which will help you grasp the fundamentals.

Otherwise, make sure you enter your email address in the form below to be notified when future blog posts and tutorials are published!

Downloads:

If you would like to download the code and images used in this post, please enter your email address in the form below. Not only will you get a .zip of the code, I’ll also send you a FREE 11-page Resource Guide on Computer Vision and Image Search Engines, including exclusive techniques that I don’t post on this blog! Sound good? If so, enter your email address and I’ll send you the code immediately!

The post OpenCV: Resolving NoneType errors appeared first on PyImageSearch.



from PyImageSearch http://ift.tt/2hr35us
via IFTTT