Month: April 2016

It's bash, it's Windows, it's not a virtual machine.

Perhaps the biggest surprise to come from Microsoft's Build developer conference last week was the Windows Subsystem for Linux (WSL).

The system will ship as part of this summer's Anniversary Update for Windows 10. WSL has two parts; there's the core subsystem, which is already included in Insider Preview builds of the operating system, and then a package of software that Canonical will provide. The core subsystem is what provides the Linux API on Windows, including the ability to natively load Linux executables and libraries. Canonical will provide bash and all the other command-line tools that are expected in a Linux environment.

Microsoft is positioning WSL strictly as a tool for developers, with a particular view to supporting Web developers and the open source software stacks that they depend on. Many developers are very familiar with the bash shell, with building software using make and gcc, and editing text in vi or emacs. WSL will give these developers versions of these tools that are equal in just about every regard to the ones you get on Linux, because they'll be the ones you get on Linux running unmodified on Windows.

(credit: Nick Saltmarsh)

While waiting for an organ donor, patients in need of a transplant may one day have the option of taking out a loaner organ—from a pig.

Researchers report Tuesday that they were able to keep pig hearts alive and beating in the abdomens of five baboons for record amounts of time—a median of 298 days and a max of 945 days. Previous benchmarks were set at a median of 180 and a max of 500 days, respectively.

Data from the prolonged ticker swap, published in Nature Communications, highlights scientists’ progress at breaking down the biological barriers of cross-species organ donation, inching closer to using animal organs in humans in desperate need of transplants. Currently in the US, 22 people die every day just waiting for organs, which are in constant short supply.

Science proves that there's only about a 1% chance that your wife is having Satan's baby instead of yours. (credit: Rosemary's Baby)

Reading the internet, or even perusing the scientific literature, you'd get the idea that people are constantly cheating on their spouses. Indeed, scientists have estimated that anywhere from 10-30 percent of men are unknowingly raising children who are not their own. This situation is referred to as cuckoldry, or scientifically as "extra-pair paternity." Now, however, it appears that our estimates of cuckoldry rates were way off.

A new survey published in Trends in Ecology and Evolution sums up a number of recent studies that show the actual rate of cuckolds in the general population, based on genetic testing and ancestor research, is 1-2 percent. This challenges evolutionary psychologists who have suggested that human women "routinely ‘shop around’ for good genes by engaging in extra-pair copulation to obtain genetic benefits." This idea came in part from studying socially monogamous songbirds, which mate for life but have roughly 1 in 10 babies as a result of "extra pair" matings.

Scientists were so unwilling to believe that human women were different from songbirds that some suggested the discrepancy between expected and actual rates of cuckoldry was a recent development caused by birth control. One study asserted that women who cheat may be getting pregnant less often than they would have historically. But that assumption turned out to be wrong as well. As the study authors write, human extra-pair paternity rates "have stayed near constant at around 1% across several human societies over the past several hundred years."

Enlarge

NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported.

The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities. By piggybacking off the capabilities of trusted third-party add-ons, the malicious add-on faces much better odds of not being detected.

"These vulnerabilities allow a seemingly innocuous extension to reuse security-critical functionality provided by other legitimate, benign extensions to stealthily launch confused deputy-style attacks," the researchers wrote in a paper that was presented last week at the Black Hat security conference in Singapore. "Malicious extensions that utilize this technique would be significantly more difficult to detect by current static or dynamic analysis techniques, or extension vetting procedures."

(credit: samazgor)

WhatsApp has enabled end-to-end encryption across all versions of its messaging and voice calling software, according to a Tuesday announcement on the company's website.

Given that WhatsApp is already in use by over 1 billion people worldwide, as users upgrade to the latest version, it will become the most widely used end-to-end crypto tool.

"We live in a world where more of our data is digitized than ever before," Jan Koum, a WhatsApp co-founder, wrote in a company blog post on Tuesday. "Every day we see stories about sensitive records being improperly accessed or stolen. And if nothing is done, more of people's digital information and communication will be vulnerable to attack in the years to come. Fortunately, end-to-end encryption protects us from these vulnerabilities."