Google’s Tensor Processing Unit could advance Moore’s Law 7 years into the future

“We’ve been running TPUs inside our data centers for more than a year, and have found them to deliver an order of magnitude better-optimized performance per watt for machine learning. This is roughly equivalent to fast-forwarding technology about seven years into the future (three generations of Moore’s Law),” the blog said. “TPU is tailored to machine learning applications, allowing the chip to be more tolerant of reduced computational precision, which means it requires fewer transistors per operation. Because of this, we can squeeze more operations per second into the silicon, use more sophisticated and powerful machine learning models, and apply these models more quickly, so users get more intelligent results more rapidly.”

Source: Google’s Tensor Processing Unit could advance Moore’s Law 7 years into the future | PCWorld

How I Hacked Facebook, and Found Someone’s Backdoor Script

Here I’d like to explain some common security problems found in large corporations during pentesting by giving an example.

Source: How I Hacked Facebook, and Found Someone’s Backdoor Script | DEVCORE 戴夫寇爾

A brief summary, the hacker created a proxy on the credential page to log the credentials of Facebook employees. These logged passwords were stored under web directory for the hacker to use WGET every once in a while

What’s the best way to check if a volume is mounted in a Bash script?

What’s the best way to check if a volume is mounted in a Bash script? What I’d really like is a method that I can use like this: if <something is mounted at /mnt/foo> then <Do some

Source: What’s the best way to check if a volume is mounted in a Bash script?

Avoid using /etc/mtab because it may be inconsistent.

Avoid piping mount because it needn’t be that complicated.

Simply:

if grep -qs '/mnt/foo' /proc/mounts; then
    echo "It's mounted."
else
    echo "It's not mounted."
fi

HTTP is obsolete. It’s time for the distributed, permanent web

IPFS is still in the alpha stages of development, so we’re calling this an experiment for now. It hasn’t replaced our existing site storage (yet). Like with any complex new technology, there’s a lot of improvements to make. But IPFS isn’t vaporware, it works right now. You can try it out on your own computer, and already can use it to help us serve and persist Neocities sites.

Source: HTTP is obsolete. It’s time for the distributed, permanent web

Ikea Patched for Shellshock by Methodically Upgrading All Servers

Glantz explained that the first step in the assembly of his IT infrastructure is to have a well-defined Standard Operating Environment (SOE). The SOE includes a definition of the hardware platforms used as well as the Linux and application software that is installed. There is also an installation and configuration management layer that helps enforce the SOE across the distributed Ikea IT footprint. Additionally, Glantz has defined a lifecycle-management plan that describes the lifecycle of how Linux will be used at Ikea for the next seven years.”

It’s not enough just to have documents, you have to have systems driving how technology works,” Glantz said.

Source: Ikea Patched for Shellshock by Methodically Upgrading All Servers

Logjam: How Diffie-Hellman Fails in Practice

We have published a technical report, Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, which has specifics on these attacks, details on how we broke the most common 512-bit Diffie-Hellman group, and measurements of who is affected. We have also published several proof of concept demos and a Guide to Deploying Diffie-Hellman for TLS.

Source: Logjam: How Diffie-Hellman Fails in Practice

What should I do?

If you run a server…

If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. We have published a Guide to Deploying Diffie-Hellman for TLS with step-by-step instructions. If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman Key Exchange.

Prosecutors suspect man hacked lottery computers to score winning ticket

In court documents filed last week, prosecutors said there is evidence to support the theory Tipton used his privileged position inside the lottery association to enter a locked room that housed the random number generating computers and infect them with software that allowed him to control the winning numbers. The room was enclosed in glass, could only be entered by two people at a time, and was monitored by a video camera. To prevent outside attacks, the computers aren’t connected to the Internet. Prosecutors said Tipton entered the so-called draw room on November 20, 2010, ostensibly to change the time on the computers. The cameras on that date recorded only one second per minute rather than running continuously like normal.

via Prosecutors suspect man hacked lottery computers to score winning ticket | Ars Technica.

Introducing WinSCP

WinSCP is an open source free SFTP client, FTP client, WebDAV client and SCP client for Windows. Its main function is file transfer between a local and a remote computer. Beyond this, WinSCP offers scripting and basic file manager functionality.

via Introducing WinSCP :: WinSCP.

This is a very useful program to get files off a PC and onto a Linux server which supports these services out of the box.  I find Samba to be too clunky, unreliable, and very noisy on an open network by broadcasting packets to everyone.  Only now did I have a need for something like this and SCP solves my problem and is more secure and easier to use than standard ftp.   I still map drives using Samba on my closed network but I may try out the windows version of sshfs sometime in the future.   The user interface on this tool is very intuitive and works well.