"But they knew in their hearts that once science had declared a thing possible, there was no escape from its eventual realization..."
15525 stories
·
13 followers

Backdoored images downloaded 5 million times finally removed from Docker Hub

1 Share

Enlarge (credit: Oren neu dag / Wikimedia)

A single person or group may have made as much as $90,000 over 10 months by spreading 17 malicious images that were downloaded more than 5 million times from Docker Hub, researchers said Wednesday. The repository finally removed the submissions in May, more than eight months after receiving the first complaint.

Docker images are packages that typically include a pre-configured application running on top of an operating system. By downloading them from Docker Hub, administrators can save huge amounts of set-up time. Last July and August one or more people used the Docker Hub account docker123321 to upload three publicly available images that contained surreptitious code for mining cryptocurrencies. In September, a GitHub user complained one of the images contained a backdoor.

Eight months of inaction

Neither the Docker Hub account nor the malicious images it submitted were taken down. Over the coming months, the account went on to submit 14 more malicious images. The submissions were publicly called out two more times, once in January by security firm Sysdig and again in May by security company Fortinet. Eight days after last month's report, Docker Hub finally removed the images. The following image, provided by security firm Kromtech, shows the chronology of the campaign.

Read 4 remaining paragraphs | Comments

Read the whole story
zipcube
12 days ago
reply
Dallas, Texas
Share this story
Delete

SD Association Announces SD 7.0 Spec & SD Express Interface: PCIe + NVMe, Up to 985 MB/s

1 Share

The SD Association - the body responsible for defining the standards for Secure Digital cards - has made it no secret that the organization has been working on a major update to the SD specification to greatly boost transfer rates and otherwise keep the standard in step with greater technology and solid state storage trends. Now at long last, the SD Association has published the SD 7.0 specification, setting the stage for the SD Express card era.

The SD 7.0 specification encompasses two major additions to SD cards. The first is the creation of the SD Express interface, a PCIe x1 + NVMe-based interface/protocol that is very SSD-like in nature and will allow for memory cards with transfer rates up to 985 MB/sec. Along with the new interface, the specification also defines a new SD Ultra Capacity (SDUC) class of cards, which will be able to go up to 128 TB in capacity. Importantly, despite the interface change, the new SD Express cards will maintain backwards compatibility with existing hosts, and current UHS-I-compatible cards will be able to work with future SD Express hosts. The SD Association will promote the SD Express spec together with PCI SIG and NVM Express organizations.

From Extreme to Mainstream

Requirements for removable storage devices continue to evolve at a very rapid pace. Capacities and performance levels required by professional, Hollywood-grade gear in the early 2010s are now needed for mainstream 4K UHD camcorders, upcoming 8K UHD cameras, drones, 360-degree cams, automotive, mobile, and other devices. The SD Association believes that nowadays many of these devices essentially need removable SSDs, and with up to 985 MB/s throughput (SD Express) as well as up to 128 TB capacity (SDUC), the two new standards will provide just that.

When it comes to throughput and perspective capacities, SD Express cards are slated to outperform storage modules for the RED cameras that are used to shoot movies by Hollywood studios (up to 300 MB/s, up to 960 GB). Furthermore, since SD Express uses the NVMe protocol and is considered as “removable SSD,” it is logical to expect at least some of cards to support various reliability-enhancing features found in contemporary SSDs too. Reliability does not seem to be a part of the mandatory spec, but since everything behind the controller can be customized, making SD Express cards more reliable is possible.

SD Express: The Basics

SD Express cards will feature two physical interfaces as well as two set of connectors, with their overall design based on the current UHS-II pin configuration. To maintain compatibility with existing UHS-I and earlier hosts, the first row of pins SD Express cards will carry standard SD (UHS-I) signals as well as certain PCIe 3.0/NVMe 1.3 signals (i.e., REFCLK, CLKREQ# and PERRST# will be shared). Meanwhile the second row of pins, which are used for UHS-II/III signaling on current-generation cards, will instead be used exclusively for PCIe/NVMe signals on SD Express cards (thus preventing SD Express cards from having a UHS-II/III mode). When it comes to voltages, SD Express cards will use 3.3 V and 1.8 V supply, just like all modern SD cards. Maximum power consumption of SD Express cards will be 1.8 W obtained from two supplies. In addition, the SD 7.0 spec reserves space for two additional pins that will be used for future cards with 1.2 V signaling, with an eye on reducing power consumption.

Right now, the SDA has only defined an SD Express standard for full-size SD cards; microSD cards will get a PCIe/NVMe interface some time later. Meanwhile, microSDUC cards are expected to hit the market in the foreseeable future (years from now, or course).

Under the hood, the SDA recommends that devices initialize SD Express cards using the legacy SD interface (even though initialization thought PCIe is supported as well), and therefore device makers will need to study thoroughly how shared SD and PCIe signals work. Hosts will identify SD Express cards as “Standard NVMe devices” and therefore will use standard NVMe drivers to access the media. Obviously, SD Express cards will support key NVMe 1.3 capabilities, including bus mastering/DMA, command queuing, Host Memory Buffer (it is not going to be easy to install a large DRAM chip into a high-capacity SD card, but allocated host DRAM size is subject to host device policy), and NVMe power states, just like modern SSDs. The SDA implies that as SD Express gets ‘even faster’, its memory can be used as an extension to host’s DRAM, though it is likely that will happen only several years down the road, possibly with a PCIe Gen 4 or Gen 5 speeds.

At least initially, not all NVMe 1.3 features will be supported. For example, password lock/unlock as well as write protection will be supported only via the legacy SD interface. Meanwhile, Content Protection for Recordable Media (CRPM) the original "secure" part of Secure Digital – will not be supported over PCIe.

Furthermore, some of the SD card speed classes – Speed Class, UHS Speed Class, and Video Speed Class – are being phased out and will not be applicable to SD Express cards operating in PCIe mode. Since the video speed class tops at 90 MB/s, the odds are good that most SD Express cards and hosts will beat that performance. Speaking of hosts, it is worth nothing that because of the reassignment of UHS-II/III pins, SD Express hosts will not be able to support UHS-II/III speeds; those cards will still work on SD Express hosts, but only at UHS-I speeds.

New Opportunities, But There Is a Catch

With the SD 7.0 specification and resulting performance and capacity increases for SD cards, the SD Association announced the most radical evolutionary change to SD ever. What is noteworthy is that the SDA and PCI-SIG will promote SD Express together, which emphasizes the importance of PCIe adoption by SD cards. In fact, it is possible that both organizations envision non-storage PCIe-based devices in SD form-factor, but only time will tell what exactly they want to build in terms of an ecosystem.

Earlier this year Western Digital demonstrated a prototype SD card featuring a PCIe 3.0 x1 interface at MWC. What is particularly noteworthy is that Western Digital said that the custom implementation costs of a PCIe interface was not high because a PCIe x1 PHY is not all that large. Though keep in mind that SD Express cards will not only need a PCIe PHY, but also a nearly fully-fledged NVMe controller, so there will be additional costs.

Obviously, the 985 MB/s maximum transfer rate of SD Express is a significant increase over the 624 MB/s supported by UHS-III. However, a major challenge faced by the SD Association with UHS-II and UHS-III has been the reluctance of device makers to adopt the faster standards. PC makers have rarely integrated fast card readers into their systems, as the only devices that regularly use UHS-II are higher-end DSLR cameras, all the while mainstream users barely need UHS-II/III slots. Since UHS-II/III support is being supplanted by SD Express, it remains to be seen whether the DSLR industry in general will adopt the new standard any time soon. This industry produces not only cameras, but builds card readers, storage devices with SD slots, printers, software and so on. Dropping support for UHS-II is not in the best interests of many people who own high-end cameras from Nikon, Panasonic, Sony, or Leica and have UHS-II supporting hardware. On the other hand, high-end cameras from Canon only support UHS-I, so skipping UHS-II/III and adopting SD Express could make sense for this company and its clients assuming that Canon has no concerns about power consumption of such cards.

Another point to note is that SD cards in general are too large for modern smartphones and even portable gaming consoles, which is why they are not used by companies like Samsung or Nintendo today and will not be used in the future.

Evidently, the SD Express spec opens up new doors to SD cards and offer a straightforward evolution path that will be aligned with advancements of PCI Express and NVM Express technologies. However, it remains to be seen when traditional adopters of such cards will start using them.

New Cards Incoming

Last but not least, with the introduction of SD Express and SDUC, the SDA will also be using new logotypes for the standards. As noted above, only full-size SD cards are getting SD Express at this time, so the new SD Express logos only apply to those cards. It should also be noted that while SD Express and SDUC are both part of the SD 7.0 standard, they can be implemented separately, so we're going to see SD Express cards offered in conjunction with all 3 capacity classes. This means there are logos for SDHC Express (up to 32 GB), SDXC Express (up to 2 TB), and SDUC Express (up to 128 TB). All of these cards will be backwards compatible with UHS-I-supporting hosts, so they will feature an appropriate marking.

Separately, there will be full-size SDUC and microSDUC cards that will use the traditional SD protocol, and those cards also get their own SDUC logo.

Related Reading:

Sources: Press Release, White Paper

Read the whole story
zipcube
12 days ago
reply
Dallas, Texas
Share this story
Delete

Tesla Model S tops insurance chart, Autopilot in the news again

1 Share

Aurich / Getty/ Tesla

Does Tesla's Autopilot software have something against emergency services? That's a flippant question, but there's something underneath it. On Tuesday, a Model S electric vehicle—with Autopilot engaged, according to the driver—crashed into a police car in Laguna Beach, California. The police car was unoccupied at the time, but the Tesla driver sustained minor injuries. Last month, another Model S, also under Autopilot, slammed into the back of a stationary fire truck in South Jordan, Utah, resulting in a broken ankle for the Tesla driver. And in January, a third Autopiloted Model S plowed into the back of another fire engine, this time in Culver City, California.

It's probably best to avoid the conspiracy theories, though. It's not some bug with Autopilot's sensors and flashing lights—it's more like inattentive drivers who should be paying attention to the road. As we learned last year, automatic emergency braking is only trained to work in a relatively narrow set of circumstances, typically in the case of a moving vehicle that's directly ahead of the car. So a stationary emergency vehicle on the shoulder of the road, particularly one at an angle, might not get classified properly to trigger the function.

It has been a rough couple of weeks for Autopilot. The suite of advanced driver assistance systems, which includes adaptive cruise control and lane keeping, has

also been blamed

for destroying a Model 3 in Greece last week. In that case, the facts are even murkier—the car was on an unsupported road trip at the time, and Tesla had warned the owner before he set off.

"While we appreciate [driver] You You Xue's effort to spread the word about Model 3, he was informed that Tesla does not yet have a presence in Eastern Europe and that there is no connectivity or service available for vehicles there," a Tesla spokesperson told Ars. "In addition, Model 3 has not yet been approved and homologated for driving outside of the U.S. and Canada. Although we haven’t been able to retrieve any data from the vehicle given that the accident occurred in an unsupported area, Tesla has always been clear that the driver must remain responsible for the car at all times when using Autopilot. We’re sorry to hear that this accident occurred, and we’re glad You You is safe."

Last week also saw Tesla settle a class-action lawsuit filed last year by owners claiming the company misrepresented the capabilities of Enhanced Autopilot, a $5,000 option on the EVs.

One might feel some sympathy for Tesla, as it's often the company's most loyal "superusers" who keep getting Tesla into trouble by pushing the bounds of the system—familiarity breeds contempt, after all. Once again it's important to stress that Autopilot is not a self-driving system and was never designed to allow the driver to cede situational awareness to the car. If you drive a Tesla and use Autopilot—or any car with adaptive cruise control—it's always your job to be paying attention to the road ahead.

Are Tesla’s safety claims backed up by the data?

It's reasonable to ask why crashes involving Teslas get covered when the overwhelming majority of the 40,000-odd road deaths in the US each year receive no such scrutiny. There are a couple of factors at play. The first is Autopilot, which through operational design allows cars to travel for long intervals without human interaction or any form of driver monitoring beyond a torque sensor in the steering wheel. (By contrast, the industry standard for other adaptive cruise control and lane keeping systems is just 15 seconds of hands-free operation before deactivation.) Hence, every time there is a crash involving a Tesla, the first question anyone asks is "was Autopilot driving?"

Then there's the fact that Tesla itself repeatedly talks up the safety of its cars, thereby inviting media attention. At various times it has claimed its vehicles are four times safer than average—and sometimes that they're the safest cars on the road. Tesla EVs do indeed score very well in crash testing—even if the Insurance Institute for Highway Safety (IIHS) did not include the Model S among the three safest full-size sedans in 2017. Neither the Model S nor Model X is included in the institute's list of top safety picks for 2018.

But there's also reason to be skeptical of the company's claims. For instance, Tesla repeatedly cites a National Highway Transportation Safety Administration statistic that the introduction of Autosteer to Autopilot reduced crashes by 40 percent. 

But last month

, the NHTSA told us that it was a "cursory comparison" and that the agency "did not assess the effectiveness of this technology."

It's reasonable to expect that a luxury car like a Tesla would have a higher-than-average safety record, based both on owner demographics and the average age of the vehicles. On the other hand, the Model S did not appear on the IIHS's list of 11 vehicles that recorded zero occupant deaths between 2012 and 2015, a list that included several other luxury cars and SUVs. And in just the past few weeks, there has been a spate of fatal Tesla crashes, both here in the US and in Norway and Switzerland.

"In the US, there is one automotive fatality every 86 million miles across all vehicles from all manufacturers. For Tesla, there is one fatality, including known pedestrian fatalities, every 320 million miles in vehicles equipped with Autopilot hardware. If you are driving a Tesla equipped with Autopilot hardware, you are 3.7 times less likely to be involved in a fatal accident," Tesla told us. "Tesla Autopilot does not prevent all accidents—such a standard would be impossible—but it makes them much less likely to occur. It unequivocally makes the world safer for the vehicle occupants, pedestrians and cyclists." (Note that Autopilot is not believed to be a factor in all but one of the recent fatal crashes.)

The Model S is now the most expensive car to insure

Regardless of whether or not Autopilot is involved, the insurance industry—a dispassionate industry if ever there was one—has looked at the Model S and found it wanting. According to data from the Insurance Institute for Highway Safety, analyzed by 24/7 Wall Street, the US' best-selling EV is also the nation's most expensive car to insure. The average annual insurance premium for a Model S sedan is now $1,789.48, with an average collision insurance claim of $1,310. Insurance for the next-most expensive car on the list—Mercedes-Benz's flagship S-Class sedan—will set you back $1,540.63, with an average collision claim of just $803.40.

Last year, AAA raised rates on both Model S and Model X EVs, citing abnormally high claim frequencies and high costs of insurance claims compared to other luxury vehicles. Tesla was not pleased, and it disputed AAA's claims, stating that its cars were not being compared appropriately. To combat the problem of sky-high insurance rates, Tesla has partnered with Liberty Mutual to underwrite insurance plans specifically for its EVs, and according to Electrek, Tesla recently hired a former Liberty Mutual executive to run the InsureMyTesla program here in the US. A Tesla spokesperson told us, "Tesla guarantees that there will always be an insurance provider that will charge less for a Model S or X than any other car with a similar driver, price and vehicle category," adding that the Model 3 is now also part of the program.

Read the whole story
zipcube
15 days ago
reply
Dallas, Texas
Share this story
Delete

Researchers Develop Tech That Lets Surveillance Cameras Text to Say Hello

1 Share

Researchers at Purdue University have found a new way to get surveillance cameras to “talk” to the people they see. The system is called PHADE, which stands for “private human addressing,” and it enables cameras to send messages to people’s devices when they’ve entered a specific area without collecting their personal…

Read more...

Read the whole story
zipcube
26 days ago
reply
Dallas, Texas
Share this story
Delete

NASA to Extend Juno Jupiter Mission by Three Years

2 Shares

The Juno spacecraft currently orbiting Jupiter was supposed end its mission by crashing into the gas giant next month. Not anymore!

Read more...

Read the whole story
zipcube
26 days ago
reply
Dallas, Texas
Share this story
Delete

Apple Finally Offers Fixes for Faulty Butterfly Keyboards, Acknowledging the Design Sucks

1 Share

At this point, it’s no secret that the butterfly keyboard used on newer models of Apple’s MacBook and MacBook Pro laptops have a litany of issues. Apple might be the last to recognize it, but the company is finally offering its customers free fixes for issues stemming from the flawed keyboard design.

Read more...

Read the whole story
zipcube
26 days ago
reply
Dallas, Texas
Share this story
Delete
Next Page of Stories