GeekSpeak for 2016-06-15

Carbonated Elements Thank Asimov for Automating Jobs

Teaser medium

Ben ponders hot carbonated drinks, Bios update security fail, new Element names, trademark on “thankyou”, Microsoft+LinkedIn, some Apple news and other GeekNews of the week.

ASUS Delivers BIOS and UEFI Updates over HTTP with No Verification

The LiveUpdate feature installed on ASUS devices queries the ASUS servers for new updates via unencrypted HTTP requests, easy to intercept and spoof.

On the other side of the query proces, the ASUS servers reply to these queries in HTTP as well, using obfuscated XML files, which are also easy to reverse-engineer and duplicate.

ASUS LiveUpdate doesn’t verify the validity of the response it receives from the server in any way, and it will also install any software it receives without checking its source or content.

Since LiveUpdate can deliver anything from USB drivers up to BIOS /UEFI firmware, an attacker only needs to have the patience to wait for a user’s laptop to query for updates before delivering their malicious code.

Some other suggested names for new elements

This isn’t finalized, but these are the proposed names that will substitute for the current placeholders (e.g., ununpentium, ununseptium). Nilhonium, Moscovium, and Tennesine are all named for places; Oganessen is named for the Russian physicist Yuri Oganessian.
But we all know scientists are bad at naming things, and we have until November to lobby for other names. Here are some suggestions

Citigroup trademarks “THANKYOU” and sues AT&T for thanking clients

In its lawsuit, the financial institution says AT&T is infringing Citigroup’s intellectual property because of AT&T’s brand new marketing campaign (PDF) connected to AT&T’s co-branded, Citigroup credit card called “the AT&T Universal Card.” AT&T is illegally marketing the phrases “thanks” and “AT&T THANKS,” Citigroup claims. This “is likely to cause consumer confusion and constitutes trademark infringement, false designation of origin, and unfair competition in violation of Citigroup’s rights,” the suit says.

Microsoft to acquire LinkedIn

Microsoft Corp. (Nasdaq: MSFT) and LinkedIn Corporation (NYSE: LNKD) on Monday announced they have entered into a definitive agreement under which Microsoft will acquire LinkedIn for $196 per share in an all-cash transaction valued at $26.2 billion, inclusive of LinkedIn’s net cash. LinkedIn will retain its distinct brand, culture and independence. Jeff Weiner will remain CEO of LinkedIn, reporting to Satya Nadella, CEO of Microsoft. Reid Hoffman, chairman of the board, co-founder and controlling shareholder of LinkedIn, and Weiner both fully support this transaction. The transaction is expected to close this calendar year.

Programmer Automates His Job For 6 Years, Finally Gets Fired, Forgets How To Code

Reddit user FiletOfFish1066 just got fired from his programming job. The reason and circumstances will completely blow your mind, though. FiletOfFish1066 (FOF) worked at a well-known tech company in the Bay Area and for six full years did nothing except play League of Legends, browse Reddit, work out in a gym, and basically do whatever he felt like doing. Guess how much his company paid him to basically do nothing for a full six years? $95,000 per year on average.

Digging into the dev documentation for APFS, Apple’s new file system

APFS looks to be a major update over Apple’s old and creaky HFS+ file system, which has been around in one form or another for decades. It has been the subject of expansions and additions over the years, but HFS+ never approached the extensibility and flexibility of current next-generation file systems. Rather than continuing to bolt stuff onto the old code, we now (finally!) get a new file system that has some truly compelling features.

This Robot Intentionally Hurts People--And Makes Them Bleed

But now a Berkeley, California man wants to start a robust conversation among ethicists, philosophers, lawyers, and others about where technology is going—and what dangers robots will present humanity in the future. Alexander Reben, a roboticist and artist, has built a tabletop robot whose sole mechanical purpose is to hurt people. Reben hopes his Frankenstein gets people talking.

Researchers Turn Smartphone Vibration Motor into Microphone to Spy on You

Two researchers from the University of Illinois at Urbana-Champaign have devised a method for turning vibration motors, like the ones found in smartphones, into makeshift microphones, capable of recording the sound around them.

New versions of Firefox prepare for its biggest change ever

Today’s launch of Firefox 47 means the E10S version, Firefox 48, has reached the beta stage. With Electrolysis, Firefox will finally be able to use two or more processes at once…. the main problem being that it breaks a lot of extensions

Apple’s ‘Differential Privacy’ Is About Collecting Your Data—But Not ​Your Data | WIRED

Craig Federighi gave his familiar nod to privacy, emphasizing that Apple doesn’t assemble user profiles, does end-to-end encrypt iMessage and Facetime and tries to keep as much computation as possible that involves your private information on your personal device rather than on an Apple server. But Federighi also acknowledged the growing reality that collecting user information is crucial to making good software, especially in an age of big data analysis and machine learning. The answer, he suggested rather cryptically, is “differential privacy.”

Read more about Differential Privacy on Wikipedia, it is a fairly cool concept.

Linear Digressions episode speaking of Data Anonymization

This great episode of Linear Digressions covers that Netflix “anonymized” data release that researchers were able to de-anonymize via use of IMDB.