here's what's coming up in the category
five TV newsroom
Colonel security updates fix several
issues in ubuntu libre office six point
three point six is the final update to
six point three which is going yo l so
close firewall falls victim to the in
the wild SQL injection attack
revolutionary new tech means you can
touch things in VR and Google has
released the AI code for Tatas as open
source software stick around the full
details in this week's crypto corner
coming up this is the category five dot
TV newsroom covering the week's top
textures with a slight linux bias
you
from the newsroom I'm Becca Ferguson
[Music]
canonical has published new Ubuntu Linux
kernel security updates for all of its
supported releases to patch several
vulnerabilities discovered lately by
various security researchers affecting
Linux four point one five four point
four and five point three kernels and
several versions of Ubuntu Linux the new
security patch fixes an issue found in
the Intel Wi-Fi driver a race condition
discovered in Linux kernels virtual
terminal implementation a flaw
discovered in the floppy driver and a
race condition in the block IO tracing
implementation all these issues could
allow a local attacker to either crash
the system or expose sensitive
information the new kernel update also
patches a stack buffer overflow
discovered in the v host net driver this
could allow a local attacker with the
ability to perform ioctl calls on dev v
host dash net to cause a denial of
service crashing the system that's just
to name a few of the critical security
issues that have been patched canonical
urges all users to update their
installations and install the new kernel
versions as soon as possible new kernel
versions are also available for
raspberry pi devices cloud environments
Oh II M processors Snapdragon processors
as well as Amazon Web Services Microsoft
Azure cloud Oracle cloud Google cloud
platform and Google container engine
systems keep in mind when updating a
production system that a system reboot
is required for the security issues to
be corrected so it's best to schedule a
short downtime to perform this update
the document foundation has announced
the release of Libre Office six point
three point six as the sixth and final
update of the six point three series
which will reach end-of-life at the end
of this month coming more than two
months after Libre office six point
three point five the libre office six
point three point six update is here to
provide users of the libre office six
point three series with one last set of
bug and regression fixes it also aims to
improve document compatibility the libre
office six point three series is
targeted at enterprise deployment
simpered
in environments when labor office 6.4 is
already available 6.3 is the only only
version currently recommended by the
document foundation for organizations
that said libre office 6.3 is set to
reach end-of-life on May 29th 2020 and
this is the last update if you're
running Libre Office 6.3 in your
organization it would be best to update
to version 6 point 3 point 6 as soon as
possible and start considering upgrading
your 6 point 3 installations to the 6
point 4 Series in the coming weeks the
current release of labor office is six
point four point three which will be
considered ready for enterprise
deployment by the next point release
which should be out by the end of the
month until then you can get either
version from net or you can get either
version now from the official Libre
Office website binaries are provided for
Deb and rpm based distros or you can
install the latest release from the
stable software repositories of your
Linux distribution
welcome back to the critical part of
your well today we'll only have two
headlines the first one we'll be having
and the second one will be decent
now the having occurs every two hundred
ten thousand blocks or roughly every
four years and reduces the block subsidy
so the money that the miners are getting
by around fifty percent currently that
is twelve and a half percent every ten
minutes and it will be reduced to six
point two five after around the 12th of
May as you can see behind me there is a
clock in the upper time is based on the
current block time so it takes around
eight point eight minutes not 10 minutes
to mine a block and the reason is that
everybody that has got an a6 miner
switched it machine on to take advantage
of the current still too often our
Bitcoin that the system emits every
around 10 minutes or currently every
eight and a half minutes so you have to
watch the upper time because that is the
one that counts there is no time within
the Bitcoin blockchain it's just block
and every look I said it takes around 10
minutes to be mined and so there's this
time difference coming from now how do
you say it correctly is it having a
happening I was asked well you can use
both in the in the blockchain itself in
the code it says having it's hardwired
in there hard-coded in there and if you
want to take a look into that also the
210,000 blocks is hard-coded in there
you go in to github.com then into the
blockchain github and there into the set
directory SCR and there you search for a
file called validate dot CPP in there
just to control F to find to search for
having and you'll find it there and
you'll find also the formula and there
and the other one with the 210,000
blocks you'll find any
in a file called chain perms dot CPP and
the other question is okay what happens
after the let's say that's to 12th of
May 11th of May whenever that having
happens will the Bitcoin system crash no
it won't because it's not the first time
it's not the third time that this
happens and and the miners that have got
old machines are not operating
economically anymore we'll just switch
off their machines or we'll move to
another network the plenty of other
networks that accept or they that can
work with ASIC machines so only the best
machines will continue working on the
Bitcoin blockchain that has always been
like that just to remind you back in
2013 when somebody came up with the ASIC
for the first time all those GPS miners
GPU - sorry the GPO - were obsolete and
could be switched off because none of
them were really mining any bitcoins
anymore
so life will continue and also if let's
say a substantial amount of Bitcoin or
switch of the machines then as it's
currently happening with the time the
time will be inverted so it will take
longer than 10 minutes to mine a Bitcoin
and to mine a block and and after 2016
blocks the difficulty will be just it
anyway and it will be back to the user
of 10 minutes so there's nothing to
worry about this is a natural effect
that happens on the blockchain on the
Bitcoin blockchain and it's not the
first time it's the third time that this
happening now but just just take a look
out I mean it's an interesting it's an
interesting thing that's happening
because it will reduce the subsidy or
the inflation rate from the Bitcoin
blockchain to around only one point
seven nine percent now the second one
will be effect will be really is a
really interesting one it's called D SEP
and it's translated into digital
currency electronic payment and that is
the remember of China on a blockchain so
that happened now as we had
category-five announced it back in
December last year
they have done it now they're rolling it
out and it would have I'm pretty sure
global implications so they're gradually
replacing the paper money with the
blockchain money and as you probably
know from China if you go to a small
market and you want to buy something
very cheap you don't buy it with cash
anymore you pay there with your cell
phone a little bit like Apple pay they
have got their systems and everybody has
got that over there they don't sometimes
they don't even accept credit cards
anymore and in future it will be only
this famous D SEP and you'll see two
charts in a second behind me when it's a
picture of that cell phone application
and the other one is just a comparison
to cash and and other valuables now
they're rolling it out very carefully
it's only in few cities where they're
rolling it out and testing it they will
be involving huge vendors like
McDonald's Starbucks that will be
testing in these cities the the D SEP at
a stage every merchant must accept the D
SEP because it's the official currency
of of China it is a blockchain based on
many things that we know from our
blockchain industry will be incorporated
in there with the only one with big
difference its centralized and what does
that mean so if the government in China
or the Central Bank of China decides to
do something then everybody will have to
follow that and that means that for
example if they give you some money
or you have got some money in your in
your wallet and they can tell you where
to spend it you can't do anything
against that because it's not paper
anymore you cannot just go somewhere and
pay with cash you have to pay with a D
SEP and they can tell you where to buy
it and the question I will be asked well
what happens with us here it's the
symbol it's going to be similar just
wait a few years I mean not to the
extreme that they will tell us
what we're what to do and not to do with
the money because that will be a little
revolution in the Western world but if
the government gives you $1,200 they can
decide where to spend where you they
want you to spend it and that can be
regulated and done through as a digital
currency so watch out we'll keep you
informed on this here and that's it from
me here at the crypto corner I wish you
a fantastic week and that things may
turn out the way you want to to be
panned out so hope to see you next week
thank you for watching thanks Robert
just a reminder we're not giving you
financial advice here on the show rather
we're simply giving you the facts and
leaving it up to you and now back to
Becca Thank You Robbie users of a widely
used firewall from Sophos have been
under a zero-day attack that was
designed to steal usernames
cryptographically protected passwords
and other sensitive data the well
researched and develop attack exploited
an SQL injection flow flaw in fully
patched versions of the Sophos XG
firewall with that toehold in systems
that downloaded and installed a series
of scripts that ultimately executed code
intended to make off with users real
names usernames the cryptographically
hashed form of the passwords and
assaulted sha-256 hash with the
administrator accounts password Sophos
has delivered a hotfix that might
against the vulnerability other data
targeted by the attack included in IP
address allocation permissions for
firewall users system information such
as running OS and version uptime and
network configuration as well as the ARP
tables used to map IP addresses to
device MAC addresses so foes research
researchers wrote in Sunday's disclosure
this malware's primary task appeared to
be data theft which it could perform by
retrieving the contents of various
database tables stored in the firewall
as well as by running some operating
system command the exploits also
downloaded the malware from domains that
appeared in the Lu
to be legitimate to evade detection some
of the malware deleted underlying files
that executed it and ran solely in
memory the malicious code uses a
creative and roundabout method to ensure
it's executed it's executed each time
firewalls are started those
characteristics strongly suggests that
the threat actors spent weeks or months
laying the groundwork for the attacks
the data the malware was designed to
exfiltrate suggests the attack was
designed to give attackers the means to
further penetrate the organizations that
use the firewall through phishing
attacks and unauthorized access to user
accounts the zero-day vulnerability that
made the attacks possible was a pre
authentication SQL injection flaw found
in the custom operating system that runs
the firewall so folks provided no
additional details about the
vulnerability users of vulnerable
firewalls should ensure the hotfix is
installed as soon as possible and then
examine their systems for signs of
compromised published on the Sophos new
site as the fixes part of the automatic
update ecosystem ensure your firewall
has these enabled to receive the fix a
new lightweight virtual reality device
has been created that would allow users
to touch objects add shops and museums
without ever having to go there in the
flesh the limits of virtual reality have
been stretched in the last five years
the technology has become the medium of
choice for game developers artists and
actors alike seeing a real boom in
projects that bring us alternate
realities during enforced social
isolation through immersive audio and
visual landscapes the ability to visit
mind-blowing locations real or not is on
the brink of becoming an affordable
option for many nowadays what you see
and hear in virtual reality is not so
dissimilar from actually visiting these
places however up until now the
experience did not give us the ability
to physically interact with surrounding
environments Chris Harrison assistant
professor at Carnegie Mellon's
University human-computer interaction
Institute says elements such as walls
furniture and virtual characters are key
to building immersive immersive virtual
worlds and yet contemporary VR systems
do little more than five
and controllers a team at the
Pennsylvania University has created a
new device that uses haptic feedback a
technology which stimulates the
sensation of touch to make the virtual
experience seem more real where other
devices might use a series of expensive
power-hungry motors to give the
sensation of touch their design uses a
simpler mechanical solution from a
shoulder-mounted system a string is
attached to each finger giving
resistance based on what the user should
be feeling a spring-loaded mechanism is
combined with an electric latch that
stops the hand from moving further as it
makes contact with heavy objects in the
virtual world
Kathy Fang co-author of the study says I
think the experience creates surprises
such as when you interact with a railing
and can wrap your fingers around it Fang
said the system would be suitable for VR
games and experiences that involve
interacting the physical obstacles and
objects such as a maze it might also be
used for visits to virtual museums and
at a time when physically visiting
retail stores is not always possible she
says you might also use it to shop in a
furniture store while there research
shows that this method provides a much
more realistic sense of touch the team
says that a mass-produced version when
when ready could be available to the
public for less than $50 google has
released the code for their internally
developed artificial intelligence tapas
they can take a natural language
question such as what's the name of the
latest iPhone and fetch the answer from
a relational database or spreadsheet and
it's now open source the search giant's
researchers detailed the AI on Thursday
tapas is based on Burt a natural
language processing technique that
Google uses in its search engine a
sizable portion of the world's
information is relational that is to say
organized into rows and columns
navigating from these rows and columns
historically required either manually
shift sifting through a spreadsheet or
writing SQL queries natural language
processing makes the task considerably
easier for users which is why the
technology has been extensively adopted
by Google and other players in the
analytics market
the search giant says that the tapas
beats or matches the three top
open-source algorithms for parsing
relational data they train the AI on 6.2
million tables from the English version
of Wikipedia and then set it to work on
a trio of academic datasets benchmark
tests that showed that the neural
network provides accurate comparable
answers as the rival algorithms across
all three data sets the type of language
processing google has implemented into
tapas allows the AI to consider not only
the question posed by users and the data
they wish to query but also the
structure of the relational tables in
which the data is stored tapas can go
beyond just fetching data and also
perform basic calculations for example
if a business user evaluating sales data
asks for the average revenue across
their company's three most popular
products the AI would reply with the
calculated answer not just the data set
Taphouse is available now on the Google
research github repository
big thanks to Roy W Nash in our
community of viewers for submitting
stories to us this week thanks for
watching the category-five TV newsroom
don't forget to Like and subscribe for
all your tech news with a slight Linux
bias and if you appreciate what we do
become a patron at patreon.com slash
category 5 from the category 5 TV
newsroom i'm becca ferguson