Mediaboss Marketing

Sept 5 Experiments increasingly rely on high-performance computing software. Differences in software environments can cause problems when those experiments need to be reproduced so scientists at the MDC in Berlin are helping find a solution.

Reproducing experiments and results is a cornerstone of science, but researchers acknowledge that actually achieving this feat can be tricky. Specific experimental setups are usually the result of a labs painstaking work and, in todays environment of high-throughput methods, are increasingly expensive. The fact that complex, customized sets of software are frequently involved in the analysis and interpretation of data makes it even more difficult to achieve true reproducibility.

Guix a free software that is used to fully reproduce computational environments might be part of the solution, says Ludovic Courts of Inria, the French National Institute for computer science and applied mathematics in Bordeaux. To implement it he has joined forces with Ricardo Wurmus of the platform for bioinformatics and modeling at the the MDCs Berlin Institute of Medical Systems Biology (BIMSB), scientists from the Utrecht University Medical Center and a growing group of international colleagues.

Capturing complete computational environments

The National Science Foundation in the US and journals such asNatureare insisting that researchers share source code and support reproducibility. The ability to reproduce an experiment depends among other things on the ability to reproduce the software environment, Courts says. That poses particular difficulties in the many cases which require high-performance computing (HPC) environments.

Guix is an outgrowth of a project called GNU launched almost 40 years ago at MIT in the USA. It makes up for some deficits of earlier efforts and is addressing several challenges: Users are no longer dependent on software package management by system administrators, empowering them to fully customize the environment to their needs. It also solves problems that arise when scientists draw on container solutions, which Courts compares to receiving a brand-new computer where everything has already been installed. That works until you make a small modification in the experiment to test a new hypothesis which often happens in the world of research!

The advantage of Guix is how it characterizes software environments in unambiguous terms, similar to a mathematical function. It completely describes all its relations and thus can reproduce them bit-for-bit. This way, Guix facilitates both reproducibility and customizability.

Adapting Guix to scientists needs

Guix was not originally designed for the high-performance computing environments required by todays experiments. So scientists at the MDC, Inria and the partner institutes are building functions that permit Guix to be used on a computing cluster, to implement reproducible workflows. They are also adding packages that were developed at each site.

Before Guix, the installation of scientific software was necessarily ad-hoc, Wurmus says. Groups would build their own software, statically link it into existing systems, and hope that it would never have to change because managing software environments was virtually impossible. Now not only can we manage a single environment per group in a reliable fashion, but we use Guix at all levels: of the group, user, workflow and so on.

The project is scheduled to last two years, at which time its initiators hope to have met the software reproducibility needs of their institutions. The wider objective, Courts says, is to convince others who rely on high-performance computing that Guix represents a major advance toward a fundamental goal in science.

The Max Delbrck Center for Molecular Medicine (MDC)

The Max Delbrck Center for Molecular Medicine in the Helmholtz Association (MDC) was founded in Berlin in 1992. It is named for the German-American physicist Max Delbrck, who was awarded the 1969 Nobel Prize in Physiology and Medicine. The MDCs mission is to study molecular mechanisms in order to understand the origins of disease and thus be able to diagnose, prevent and fight it better and more effectively. In these efforts, the MDC cooperates with the Charit Universittsmedizin Berlin and the Berlin Institute of Health (BIH) as well as with national partners such as the German Center for Cardiovascular Research and numerous international research institutions. More than 1,600 staff and guests from nearly 60 countries work at the MDC, just under 1,300 of them in scientific research. The MDC is funded by the German Federal Ministry of Education and Research (90 percent) and the State of Berlin (10 percent), and is a member of the Helmholtz Association of German Research Centers.http://www.mdc-berlin.de/

Source:Max Delbrck Center for Molecular Medicine

Originally posted here:
Project Adapts Reproducibility Software for HPC Environments - HPCwire (blog)

Reading Black Duck Software's newest paean to the Affero General Public License (AGPL) ("The Quietly Accelerating Adoption of the AGPL"), one could be forgiven for thinking AGPL is rocking the open source licensing planet. After all, Black Duck executive Phil Odence laced his post with fancy charts showing explosive growth of the license, ultimately declaring the AGPL "very popular," and a license his firm sees frequently in audits.

Maybe, maybe not. For all AGPL's supposed popularity, Black Duck can only come up with 8,000 or so projects (among over 60 million open source repositories) that carry the license, with the only reasonably well-known project being MongoDB. That's hardly how I'd characterize "popular."

Meanwhile, permissive licenses like Apache and BSD control virtually any promising project that developers will actually use, from Kubernetes to TensorFlow to Kafka. It's permissive licensing all the way down. Why? Because it's developers that increasingly run the world, and they don't want to get locked out of preferred projects by a license.

It's not surprising that companies would choose the AGPL to control their code. The AGPL is the closest thing possible to a proprietary software license. But...but...but...open source! No, it's free software, as in users are free to use it, and corporations are free to charge money for it (through dual-licensing arrangements), but the AGPL is absolutely not free in any meaningful sense for developers.

SEE:The fall of GPL and the rise of permissive open-source licenses (ZDNet)

This, by the way, is almost certainly the reason that Black Duck is blogging about it. After all, the AGPL must be the open source gift that keeps on giving to a company that makes money by first convincing customers that open source is risky and then selling them the way to de-risk their software. AGPL takes that risk factor to the nth degree ("If GPL3 is scary to private businesses, then AGPL is even scarier," as one recent Black Duck blog post highlights).

AGPL is a way to make one's software radically open, like dropping a nuclear bomb on someone's lap and urging them to keep it.

It's also a way to keep the big clouds of the world from turning one's project into their product. Small wonder, then, that some companies that license their code under the AGPL internally describe it as the "Amazon GPL." AWS, for example, has made orders of magnitude more money from MySQL than MySQL AB (and now Oracle) ever hoped to make (through RDS). By licensing with the AGPL, these companies ensure that no one besides themselves can monetize the project.

The collateral damage in this bargain, however, is developers. Developers want to get stuff done with a minimum of overhead (be it infrastructure or lawyers). In fact, this shift toward permissive licensing has become so pronounced that on GitHub it's still far too common for projects not to have a license at all. The GitHub generation is having to be coaxed into slapping on a license at all. (Redmonk analyst James Governor dubbed this "post open source software.")

SEE: How to get an open-source job (ZDNet)

This is why, by Black Duck's own analysis of over two million open source projects, permissive licenses power over 50% of all open source projects (and even more if we recognize that GPL 2.0 licensing effectively acts like a permissive license in cloud computing contexts):

Black Duck Software

AGPL? It accounts for fewer than 1% of these two million open source projects. And if we add in the other 58 million open source projects....Well, the AGPL's share of those 60 million projects is virtually zero (as in "none").

As such, don't believe Black Duck's AGPL hype. Yes, the license FUD serves the company's sales and marketing operations well, but it doesn't serve developers, or the companies for which they build applications, well at all. Most successful open source projects have a single company or a small group of companies behind them, as a Linux Foundation study uncovered. Fortunately, most of these same companies recognize that developer freedom is the first freedom they need to prioritize. It's why they eschew the AGPL, and you probably should, too.

Image: iStockphoto/polygraphus

Continue reading here:
Don't believe the hype, AGPL open source licensing is toxic and unpopular - TechRepublic (blog)

The Latest on a tech firm agreeing to pay $3.5 million to settle complaints about software it preloaded on laptops (all times local):

6:25 p.m.

A technology company that has agreed to pay $3.5 million and change how it sells laptop computers as part of a settlement reached with federal officials and authorities in New Jersey and 31 other states says it "disagrees with the allegations" contained in complaints about its preloaded software.

Morrisville, North Carolina-based Lenovo said Tuesday it's unaware of any instances of a third party exploiting vulnerabilities in the VisualDiscovery software to gain access to a user's communications.

The VisualDiscovery software was installed on hundreds of thousands of laptops to deliver pop-up ads to consumers.

The Federal Trade Commission says Lenovo "compromised consumers' privacy."

The company notes it stopped preloading VisualDiscovery and worked with antivirus software providers to disable and remove it from consumers' computers after learning of the issues. It says it's pleased to "bring this matter to a close."

___

11:50 a.m.

A technology company will pay $3.5 million and change how it sells laptop computers as part of a settlement reached with federal officials and 32 states, including New Jersey.

The agreement with Lenovo announced Tuesday settles allegations that the North Carolina-based firm sold devices with preloaded software that made users' sensitive personal information vulnerable to hackers.

The VisualDiscovery software was installed on hundreds of thousands of laptops to deliver pop-up ads to consumers.

Lenovo stopped shipping laptops with VisualDiscovery preinstalled in February 2015, but some states contend that some laptops with the software were still being sold by various retail outlets as late as June 2015.

Under the settlement, Lenovo will now obtain consumers' consent to use the software and provide a reasonable way for consumers to opt out, disable or remove it.

See the original post:
The Latest: Tech firm disagrees with software allegations - Sacramento Bee

Here are our picks for the top best VPN for Windows 2017.

Best Free VPN for Windows 10 PC 2017

The Internet is no longer safe to use. Our privacy on the Internet has become a joke with hackers and Internet services constantly spying on our data usage and personal information. This is where a VPN, or Virtual Private Network, comes to play. It basically masks your IP (Internet Protocol) address that is provided to you by your ISP (Internet Service Provider). Well, that also means your original IP address is not visible online, protecting you from possible DDoS attacks and hacking. Talking about the best VPN Softwares available in the market, most of them actually comes at a price. However, there are a bunch of free VPN software as well. But, it is to be noted that the free VPN applications do not provide as many features and goodies as those supplied by the paid ones.

Virtual Private Network, or VPN in short, is a technology that creates a safe and secure connection over a less secure network. Originally developed as an idea for allowing remote users and branch offices to securely connect to corporate applications, VPN is now used on a wider scale by the users of the Internet to protect their personal details from the dirty hands of hackers, ISPs, and Government organizations.

Speaking of which, a VPN software blankets your original IP address and provides you a different one that may reflect a different geographical location. After connecting to a VPN, all your data is encrypted and they travel through secure tunnels, making it rather unlikely to be tracked by others.

There are a plethora of reasons why people use a VPN software on their Windows PC. While the primary use is to hide the real IP address, it is often used to gain access to restricted apps and websites. And thats not it! The VPN tricks the Internet by altering your geographic location virtually, thus letting you freely access Geo-blocked websites and applications without any restrictions. Speaking of which, it is particularly useful in countries such China and Russia, that maintains a strict policy over the usage of Internet.

Now suppose you are connected to a public WiFi hotspot, it is something worth remembering that all your browsing activity may be visible to other users on the network while you are on a non-HTTPS website. And, that definitely doesnt sound any good! This is where you have to use a VPN and protect yourself from the risk of being watched by the others.

Torrenting: If you tell me that you dont download files using BitTorrent protocol at all, then chances are you are either an enormous liar or you are not connected to the Internet. And, that second option seems highly unlikely. Legal or illegal torrents, its always recommended that you use a VPN service while downloading them, for both protecting your privacy as well as save to get rid of the dirty throttling trick that your ISP might come up with.

Talking about throttling speeds, your ISP never likes you surfing high bandwidth sites like Netflix, YouTube, Amazon Prime Video, so on and so forth. So, what they do is throttle your speeds so that they dont consume much data. Enabling a VPN will help you bypass this issue, and provide a seamless connection while watching your favorite videos in high resolution.

Best Free VPN for Windows 10 PC: CyberGhost Secure VPN

CyberGhost VPN is one of the best free VPN software for Windows 10 operating system. It provides a simple user interface and comes packed with several features to let you surf anonymously on the Internet. As with every freebie, the free version of CyberGhost VPN also comes with limited features as well: 1GB traffic/month, and limited bandwidth (up to 2Mbps).

Best Free VPN for Windows 10 PC 2017: TunnelBear VPN

TunnelBear is yet another wonderful VPN for the Windows users. Sporting a very user-friendly interface, this one lets you choose an alternate geographic location for yourself. All you have to do is click the connect button on the top of the applications, and let the TunnelBear take care of your online privacy for you. By default, it provides 500GB traffic/month, however, you can add a 1GB to it by tweeting about your experience with the software. So youre getting 1.5GB per month, which is pretty sweet for a free VPN software.

Best Free VPN for Windows 10 PC 2017: SurfEasy VPN

Coming next is a Canadian-based VPN service called SurfEasy VPN. The software is easy to setup and the free version offers monthly data limits of 500MB/month. The SurfEasy VPN also provides torrenting protection, thus taking care of your privacy while sharing and downloading files using a P2P software. And, thats always a good feature to have! The number of locations provided by the service is rather low when compared to the TunnelBear or the CyberGhost VPN, but the connections are solid with the 13 countries on board, including the US, France, UK, Australia, and Singapore.

Best Free VPN for Windows 10 PC 2017: WindScribe VPN

The next on the list is WindScribe VPN, yet another free VPN service for Windows. Wanna know the best part? It provides a monthly cap of 10GB traffic/month, but theres a catch! Although WindScribe has got 20 servers on board, if you are a free user, you do not have the privilege to access all servers. Also, the free users are restricted to use the service only on one device at a time. However, that doesnt sound a total bummer considering its a free service and you are not even spending a penny on the same.

Best Free VPN for Windows 10 PC 2017: Avira Phantom VPN

And at last, but not the least, we have the Avira Phantom on the list of best VPN for Windows 10 (2017). Yes, you guessed that right! The service is owned by Avira, the AntiVirus company. Available on multiple platforms including Android, Windows, and iOS; the VPN service provided by Avira is trust-worthy and something worth giving a try. Its easy to use and provides a monthly cap of 500MB data, which is pretty decent. However, you can double that size up, for up to 1GB/month, simply by registering an account on the application. Also, the service lets you choose your location from 13 servers located around the globe.

It is worth noting that all of the above VPN services also comes with a premium variant that you can use after paying a certain amount. After using the free version, if you think its worth investing some dollars on it, then go forward and try out the premium version as well. Needless to say, the premium version will come with additional (or unlimited) data cap per month and several other features to play with. So, which VPN service are you planning to use? Or if you already use one, do let us know about it in the comments below.

So, which VPN service are you planning to use? Or if you already use one, do let us know about it in the comments below.

Go here to read the rest:
Best free VPN software for Windows 10 PC to protect yourself online - Android Marvel (blog)

But months later, for Ms. Greenhalgh, other election security experts and some state officials, questions still linger about what happened that day in Durham as well as other counties in North Carolina, Virginia, Georgia and Arizona.

After a presidential campaign scarred by Russian meddling, local, state and federal agencies have conducted little of the type of digital forensic investigation required to assess the impact, if any, on voting in at least 21 states whose election systems were targeted by Russian hackers, according to interviews with nearly two dozen national security and state officials and election technology specialists.

The assaults on the vast back-end election apparatus voter-registration operations, state and local election databases, e-poll books and other equipment have received far less attention than other aspects of the Russian interference, such as the hacking of Democratic emails and spreading of false or damaging information about Mrs. Clinton. Yet the hacking of electoral systems was more extensive than previously disclosed, The New York Times found.

Beyond VR Systems, hackers breached at least two other providers of critical election services well ahead of the 2016 voting, said current and former intelligence officials, speaking on condition of anonymity because the information is classified. The officials would not disclose the names of the companies.

Intelligence officials in January reassured Americans that there was no indication that Russian hackers had altered the vote count on Election Day, the bottom-line outcome. But the assurances stopped there.

Government officials said that they intentionally did not address the security of the back-end election systems, whose disruption could prevent voters from even casting ballots.

Thats partly because states control elections; they have fewer resources than the federal government but have long been loath to allow even cursory federal intrusions into the voting process.

That, along with legal constraints on intelligence agencies involvement in domestic issues, has hobbled any broad examination of Russian efforts to compromise American election systems. Those attempts include combing through voter databases, scanning for vulnerabilities or seeking to alter data, which have been identified in multiple states. Current congressional inquiries and the special counsels Russia investigation have not focused on the matter.

We dont know if any of the problems were an accident, or the random problems you get with computer systems, or whether it was a local hacker, or actual malfeasance by a sovereign nation-state, said Michael Daniel, who served as the cybersecurity coordinator in the Obama White House. If you really want to know what happened, youd have to do a lot of forensics, a lot of research and investigation, and you may not find out even then.

In interviews, academic and private election security experts acknowledged the challenges of such diagnostics but argued that the effort is necessary. They warned about what could come, perhaps as soon as next years midterm elections, if the existing mix of outdated voting equipment, haphazard election-verification procedures and array of outside vendors is not improved to build an effective defense against Russian or other hackers.

In Durham, a local firm with limited digital forensics or software engineering expertise produced a confidential report, much of it involving interviews with poll workers, on the countys election problems. The report was obtained by The Times, and election technology specialists who reviewed it at the Times request said the firm had not conducted any malware analysis or checked to see if any of the e-poll book software was altered, adding that the report produced more questions than answers.

Neither VR Systems which operates in seven states beyond North Carolina nor local officials were warned before Election Day that Russian hackers could have compromised their software. After problems arose, Durham County rebuffed help from the Department of Homeland Security and Free & Fair, a team of digital election-forensics experts who volunteered to conduct a free autopsy. The same was true elsewhere across the country.

I always got stonewalled, said Joe Kiniry, the chief executive and chief scientist at Free & Fair.

Still, some of the incidents reported in North Carolina occur in every election, said Charles Stewart III, a political scientist at the Massachusetts Institute of Technology and an expert on election administration.

Election officials and advocates and reporters who were watching most closely came away saying this was an amazingly quiet election, he said, playing down the notion of tampering. He added, though, that the problems in Durham and elsewhere raise questions about the auditing of e-poll books and security of small election vendors.

Ms. Greenhalgh shares those concerns. We still dont know if Russian hackers did this, she said about what happened in North Carolina. But we still dont know that they didnt.

North Carolina went for Donald J. Trump in a close election. But in Durham County, Hillary Clinton won 78 percent of the 156,000 votes, winning by a larger margin than President Barack Obama had against Mitt Romney four years earlier.

While only a fraction of voters were turned away because of the e-poll book difficulties more than half of the county cast their ballots days earlier plenty of others were affected when the state mandated that the entire county revert to paper rolls on Election Day. People steamed as everything slowed. Voters gave up and left polling places in droves theres no way of knowing the numbers, but they include more than a hundred North Carolina Central University students facing four-hour delays.

At a call center operated by the monitoring group Election Protection, Ms. Greenhalgh was fielding technical complaints from voters in Mississippi, Texas and North Carolina. Only a handful came from the first two states.

Her account of the troubles matches complaints logged in the Election Incident Reporting System, a tracking tool created by nonprofit groups. As the problems mounted, The Charlotte Observer reported that Durhams e-poll book vendor was Florida-based VR Systems, which Ms. Greenhalgh knew from a CNN report had been hacked earlier by Russians. Chills went through my spine, she recalled.

The vendor does not make the touch-screen equipment used to cast or tally votes and does not manage county data. But without the information needed to verify voters identities and eligibility, which county officials load onto VRs poll books, voters cannot cast ballots at all.

Details of the breach did not emerge until June, in a classified National Security Agency report leaked to The Intercept, a national security news site. That report found that hackers from Russias military intelligence agency, the G.R.U., had penetrated the companys computer systems as early as August 2016, then sent spear-phishing emails from a fake VR Systems account to 122 state and local election jurisdictions. The emails sought to trick election officials into downloading malicious software to take over their computers.

The N.S.A. analysis did not say whether the hackers had sabotaged voter data. It is unknown, the agency concluded, whether Russian phishing successfully compromised the intended victims, and what potential data could have been accessed.

VR Systems chief operating officer, Ben Martin, said he did not believe Russian hackers were successful. He acknowledged that the vendor was a juicy target, given that its systems are used in battleground states including North Carolina, Florida and Virginia. But he said that the company blocked access from its systems to local databases, and employs security protocols to bar intruders and digital triggers that sound alerts if its software is manipulated.

On Election Day, as the e-poll book problems continued, Ms. Greenhalgh urged an Election Protection colleague in North Carolina to warn the state Board of Elections of a cyberattack and suggest that it call in the F.B.I. and Department of Homeland Security. In an email, she also warned a Homeland Security election specialist of the problems. Later, the specialist told her Durham County had rejected the agencys help.

When Ms. Greenhalgh, who works at Verified Voting, a nonprofit dedicated to election integrity, followed up with the North Carolina colleague, he reported that state officials said they would not require federal help.

He said: The state does not view this as a problem. Theres nothing we can do, so weve moved on to other things, Ms. Greenhalgh recalled. Meanwhile, Im thinking, What could be more important to move on to?

The idea of subverting the American vote by hacking election systems is not new. In an assessment of Russian cyberattacks released in January, intelligence agencies said Kremlin spy services had been collecting information on election processes, technology and equipment in the United States since early 2014.

The Russians shied away from measures that might alter the tallying of votes, the report added, a conclusion drawn from American spying and intercepts of Russian officials communications and an analysis by the Department of Homeland Security, according to the current and former government officials.

The most obvious way to rig an election controlling hundreds or thousands of decentralized voting machines is also the most difficult. During a conference of computer hackers last month in Las Vegas, participants had direct access and quickly took over more than 30 voting machines. But remotely infiltrating machines of different makes and models and then covertly changing the vote count is far more challenging.

The New York Times would like to hear from readers who want to share messages and materials with our journalists.

Beginning in 2015, the American officials said, Russian hackers focused instead on other internet-accessible targets: computers at the Democratic National Committee, state and local voter databases, election websites, e-poll book vendors and other back-end election services.

Apart from the Russian influence campaign intended to undermine Mrs. Clinton and other Democratic officials, the impact of the quieter Russian hacking efforts at the state and county level has not been widely studied. Federal officials have been so tight-lipped that not even many election officials in the 21 states the hackers assaulted know whether their systems were compromised, in part because they have not been granted security clearances to examine the classified evidence.

The January intelligence assessment implied that the Russian hackers had achieved broader access than has been assumed. Without elaborating, the report said the Russians had obtained and maintained access to multiple U.S. state and local election boards.

Two previously acknowledged strikes in June 2016 hint at Russian ambitions. In Arizona, Russian hackers successfully stole a username and password for an election official in Gila County. And in Illinois, Russian hackers inserted a malicious program into the Illinois State Board of Elections database. According to Ken Menzel, the boards general counsel, the program tried unsuccessfully to alter things other than voter data he declined to be more specific and managed to illegally download registration files for 90,000 voters before being detected.

On Election Day last year, a number of counties reported problems similar to those in Durham. In North Carolina, e-poll book incidents occurred in the counties that are home to the states largest cities, including Raleigh, Winston-Salem, Fayetteville and Charlotte. Three of Virginias most populous counties Prince William, Loudoun, and Henrico as well as Fulton County, Georgia, which includes Atlanta, and Maricopa County, Arizona, which includes Phoenix, also reported difficulties. All were attributed to software glitches.

Senator Mark Warner, Democrat of Virginia and vice chairman of the Senate intelligence committee, argued for more scrutiny of suspicious incidents. We must harden our cyber defenses, and thoroughly educate the American public about the danger posed by attacks, he said in an email. In other words: we are not making our elections any safer by withholding information about the scope and scale of the threat.

In Durham County, officials have rejected any notion that an intruder sought to alter the election outcome. We do not believe, and evidence does not suggest, that hacking occurred on Election Day, Derek Bowens, the election director, said in a recent email.

But last month, after inquiries from reporters and the North Carolina State Board of Elections and Ethics Enforcement, Durham county officials voted to turn over laptops and other devices to the board for further analysis. It was not clear which government agency or private forensics firm, would conduct the investigation.

Ms. Greenhalgh will be watching closely. What people focus on is, Did someone mess with the vote totals? she said. What they dont realize is that messing with the e-poll books to keep people from voting is just as effective.

Read more:
Russian Election Hacking Efforts, Wider Than Previously Known, Draw Little Scrutiny - New York Times