Japanese researcher discovers a new optical illusion called ‘curvature blindness’

This new optical illusion makes curvy lines appear zig-zagged

Kohske Takahashi, a cognition and illusion researcher at Chukyo University, Japan has shared a new optical illusion online that will blow your mind and make one think that we should not perceive based on what we see.

The illusion dubbed as “curvature blindness” is described and explained in the journal i-Perception, which provides scientific breakdown and analysis of the optical illusion. It describes how a wavy line can be perceived as a zigzag line on a white, grey and black background.

“Here, we report a novel illusion —— Curvature Blindness Illusion —— that will provide novel implications for contour perception, in particular, for the underlying mechanisms of curve and corner perception,” Takahashi wrote.

In the image below, which displays the illusion, one can see pairs of wavy lines and pairs of zigzag lines against a grey background. Despite how they appear, all the lines are exactly the same.

Japanese researcher discovers a new optical illusion called ‘curvature blindness’

The lines in the top left and bottom right corner when viewed against the grey background appear curvy like sine waves, while those with the grey background appear to have a sharper zig-zag-like pattern. However, a closer look at the grey background reveals that the curved, dark lines that are running from top to bottom appear to carry the zig-zag pattern, although they are curved in reality.

In simpler words, the image consists of light and dark grey dashes linked to make parallel lines in waves and zig-zags on a white, grey and black background. But in reality, the zig-zags don’t actually exist.

“Physically, however, all lines are wavy lines with an identical shape; there is no triangular wave and hence there is no corner,” Takahashi said.

“Despite the simplicity and effect magnitudes, to the best of our knowledge, no one has reported about this phenomenon.”

It’s unclear exactly why human brain perceive the zigzag contour as a sharp corner.

According to Takahashi, when our brains are confused and there is ambiguity over whether a line is a smooth curve or not, it is easy for the brains to see corners rather than curves our brains.

“We propose that the underlying mechanisms for the gentle curve perception and those of obtuse corner perception are competing with each other in an imbalanced way and the percepts of a corner might be dominant in the visual system,” Takahashi explained.

“As the effect magnitudes are quite strong, unless one carefully stares at the region that looks like a corner, it is hard to find that all lines are physically wavy,” added Takahashi.

The post Japanese researcher discovers a new optical illusion called ‘curvature blindness’ appeared first on TechWorm.

from TechWorm Click Here for full article

1.4 Billion Plain-Text Credentials Leaked On The Dark Web

Searchable database of unencrypted usernames and passwords available online

Security experts have found a 41-gigabyte (GB) archive containing over 1.4 billion unencrypted user credentials on the Dark Web, which had been updated at the end of November.

The huge database consisting over 1.4 billion email addresses, passwords, and other credentials in plain text was discovered online on December 5 by security researchers from the California-based identity threat intelligence company, 4iQ. The file found is not the result of a new data breach, but an amalgamation of those from several past breaches, collated into a single database that is over 41GB in size.

According to Julio Casal, 4iQ founder and chief technology officer, the archive is the most massive aggregation of various leaks that’s ever been found in the Dark Web until date.

While scanning the deep and dark web for stolen, leaked or lost data, 4iQ discovered a single file with a database of 1.4 billion clear text credentials — the largest aggregate database found in the dark web to date.” reads a post published by 4iQ on Medium.

“None of the passwords are encrypted, and what’s scary is the we’ve tested a subset of these passwords and most of the have been verified to be true.”

The 41GB file aggregates data from a collection of over 250 previous data breaches and credential lists, which include popular websites such as LinkedIn, Netflix, Last.FM, MySpace, Zoosk, and YouPorn, as well as games like Minecraft and Runescape.

The data was organized and indexed alphabetically by the collector, and the total amount of credentials is 1,400,553,869.

“The breach is almost two times larger than the previous largest credential exposure, the Exploit.in combo list that exposed 797 million records.” continues Julio Casal.

“This new breach adds 385 million new credential pairs, 318 million unique users, and 147 million passwords pertaining to those previous dumps.”

An extensive examination of the archive gave researchers a glimpse of some of the most commonly used weak passwords by the users, which includes passwords such as “123456,” “123456789,” “qwerty,” “password,” and “111111.”

While some of the breaches happened a few years ago, expert observed that the cybercriminals still have good chances of accessing personal accounts as users tend to reuse the easy and common passwords or the same passwords for multiple online services.

“Since the data is alphabetically organized, the massive problem of password reuse — — same or very similar passwords for different accounts — — appears constantly and is easily detectable.” states the post.

The researchers highlighted that 14% of the 1.4 billion records (almost 200 million) had not previously been available in readily-usable decrypted form. In other words, the passwords and usernames, were new and in plain text.

“We compared the data with the combination of two larger clear text exposures, aggregating the data from Exploit.in and Anti Public. This new breach adds 385 million new credential pairs, 318 million unique users, and 147 million passwords pertaining to those previous dumps.” continues the expert.

While it is unclear who is behind the collection of billions of user credentials, the culprits have however left the Bitcoin and Dogecoin wallet addresses accessible for anyone who wants to donate for their alleged efforts.

In order to stay safe from potential cyber-attacks, we recommend our readers to use strong passwords, avoid using same passwords on multiple sites, and regularly keep changing your passwords.

Source: securityaffairs

The post 1.4 Billion Plain-Text Credentials Leaked On The Dark Web appeared first on TechWorm.

from TechWorm Click Here for full article

FCC Repeals U.S. Net Neutrality Rules

In recent months, millions of people have protested the FCC’s plan to repeal U.S. net neutrality rules, which were put in place by the Obama administration.

However, an outpouring public outrage, critique from major tech companies, and even warnings from pioneers of the Internet, had no effect.

Today the FCC voted to repeal the old rules, effectively ending net neutrality.

Under the net neutrality rules that have been in effect during recent years, ISPs were specifically prohibited from blocking, throttling, and paid prioritization of “lawful” traffic. In addition, Internet providers could be regulated as carriers under Title II.

Now that these rules have been repealed, Internet providers have more freedom to experiment with paid prioritization. Under the new guidelines, they can charge customers extra for access to some online services, or throttle certain types of traffic.

Most critics of the repeal fear that, now that the old net neutrality rules are in the trash, ‘fast lanes’ for some services, and throttling for others, will become commonplace in the U.S.

This could also mean that BitTorrent traffic becomes a target once again. After all, it was Comcast’s ‘secretive’ BitTorrent throttling that started the broader net neutrality debate, now ten years ago.

Comcast’s throttling history is a sensitive issue, also for the company itself.

Before the Obama-era net neutrality rules, the ISP vowed that it would no longer discriminate against specific traffic classes. Ahead of the FCC vote yesterday, it doubled down on this promise.

“Despite repeated distortions and biased information, as well as misguided, inaccurate attacks from detractors, our Internet service is not going to change,” writes David Cohen, Comcast’s Chief Diversity Officer.

“We have repeatedly stated, and reiterate today, that we do not and will not block, throttle, or discriminate against lawful content.”

It’s worth highlighting the term “lawful” in the last sentence. It is by no means a promise that pirate sites won’t be blocked.

As we’ve highlighted in the past, blocking pirate sites was already an option under the now-repealed rules. The massive copyright loophole made sure of that. Targeting all torrent traffic is even an option, in theory.

That said, today’s FCC vote certainly makes it easier for ISPs to block or throttle BitTorrent traffic across the entire network. For the time being, however, there are no signs that any ISPs plan to do so.

If they do, we will know soon enough. The FCC requires all ISPs to be transparent under the new plan. They have to disclose network management practices, blocking efforts, commercial prioritization, and the like.

And with the current focus on net neutrality, ISPs are likely to tread carefully, or else they might just face an exodus of customers.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

from TorrentFreak Click Here for full article

Using Gmail with OAUTH2 in Linux and on an ESP8266

One of the tasks I dread is configuring a web server to send email correctly via Gmail. The simplest way of sending emails is SMTP, and there are a number of scripts out there that provide a simple method to send mail that way with a minimum of configuration. There’s even PHP mail(), although it’s less than reliable.

Out of the box, Gmail requires OAUTH2 for authentication and to share user data, which has the major advantage of not requiring that you store your username and password in the application that requires access to your account. While they have an ‘allow less secure apps’ option that allows SMTP access for legacy products like Microsoft Outlook, it just doesn’t seem like the right way forward. Google documents how to interact with their API with OAUTH2, so why not just use that instead of putting my username and password in plaintext in a bunch of prototypes and test scripts?

Those are the thoughts that run through my head every time this comes up for a project, and each time I’ve somehow forgotten the steps to do it, also forgotten to write it down, and end up wasting quite a bit of time due to my own foolishness. As penance, I’ve decided to document the process and share it with all of you, and then also make it work on an ESP8266 board running the Arduino development environment.

Before we continue, now would be a good time for a non-technical refresher on how OAUTH works. The main differences between OAUTH and OAUTH2 are that the latter requires HTTPS, and the access tokens that allow an application to use specific services in a user account have an expiry.

To use Gmail with OAUTH2, we will need to start with five things: An application registered in the Google APIs, its client ID and client secret, a computer running LAMP (a by-the-hour VPS works just fine here), and a domain name that points to it.

Registering an application with Google API is easy. Go to the Google API console, log in, create a new project, and enter it. Enable the Gmail API; it should be suggested on the front page.


With the project created and the Gmail API enabled, the dashboard should look something like this

Then click on ‘credentials’ on the sidebar, create credentials, and finally ‘create OAUTH Client ID’. Before you can continue, you need to create a consent screen. The only entry you really need to fill out at this time is ‘Product Name Shown to Users’.

After saving that form, select ‘Web Application’ as your application type. Note the field called ‘Authorized redirect URIs’, we’ll return to it later. It’s important that it be correctly set for us to be able to receive a refresh token later on in this process.

For now, just press ‘Create’. A pop-up will display containing your Client ID and Client secret. You’ll need them soon, so best to copy/paste them into a local file on your computer for now.

Next, we will use those two pieces of data to request an access token and refresh token. We may as well accomplish two things at the same time here by installing the popular PHP email sender called PHPMailer on our web server. It includes a tool to request an OAUTH2 access/refresh token as well as being easily capable of sending a quick test email. To install it, we’ll use the Composer PHP dependency management tool:

$sudo apt-get install composer

Then we should navigate to our web-accessible directory, in my case /var/www/html, and install a few PHP scripts. Note that this should not be done as root, so create another user if needed and give them access to the directory:

$composer require phpmailer/phpmailer
$composer require league/oauth2-client
$composer require league/oauth2-google

Now enter the directory vendor/phpmailer/phpmailer. There will be a script called get_oauth_token.php. Move this script up three directories into the directory you just ran the ‘composer’ commands from. The location of this script as seen from the web needs to be entered into the ‘Authorized redirect URIs’ field of the Google API that we saw earlier. In this case it would have been http://ift.tt/2j5Mb34. Public IP addresses will not work, this is why a domain name pointed to your web server is a requirement.

Now, open get_oauth_token.php in a text editor and paste in your Client ID and Client Secret where needed. Don’t try to run the script locally, it will fail. Open up a web browser on any computer, and navigate to the URL you entered as the ‘Authorized redirect URI’. Then select Google from the list of email services – at this point if it worked you will be asked to log in and then authorize the unverified application, under ‘Advanced’ under the warning prompt, at which point you will finally receive a refresh token. If you only want an access token for some reason you’ll have to edit the script to echo it back.

If that didn’t work, there are two common reasons: a wrong redirect URI or the script cannot find its dependencies. In the former case, the error message from Google will tell you the script URL as it sees it, and you can use that information to update the redirect URI in the Google API Console to fix the issue. For the latter, check your apache error log, probably located in /var/log/apache2/error.log, to see what dependency is not being found. You might see something like this:

PHP Warning: require(vendor/autoload.php): failed to open stream: No such file or directory in /var/www/html/mydomain/get_oauth_token.php on line 59, referer: http://ift.tt/2zdiAxk

If you have received your refresh token, congratulations: the painful part is over. You can just go to the PHPMailer Github page and fill out their OAUTH2 example (gmail_xoauth.phps), and it ought to just work. If all you needed to do is send mail from a project on your VPS, you’re more or less ready to move on to more interesting parts of your project:

$email = 'someone@gmail.com';
$clientId = 'RANDOMCHARS-----duv1n2.apps.googleusercontent.com';
$clientSecret = 'RANDOMCHARS-----lGyjPcRtvP';
//Obtained by configuring and running get_oauth_token.php
//after setting up an app in Google Developer Console.
$refreshToken = 'RANDOMCHARS-----DWxgOvPT003r-yFUV49TQYag7_Aod7y0';

Remember to clean up any unnecessary scripts that contain your refresh token and other sensitive data before continuing.

ESP8266: We Don’t Need No Stinking Servers

Now what if we wanted to use these tokens to send email directly from project on a Raspberry Pi without needing a server in the middle? It turns out that once we have the client ID, client secret, and refresh token, we no longer require the server and domain name we’ve been using so far, and a mail-sending application, e.g. PHPMailer, can be installed on a computer anywhere with Internet access as long as it is configured with those values.

Things get a little more complicated when we try to do this on an ESP8266. OAUTH2 requires that we use SSL, and access tokens regularly expire and need to be refreshed. Thankfully, [jalmeroth] generously wrote a proof-of-concept and published it on GitHub. If provided with an access token, it can access your Gmail account and use it to send an email. It can also directly update/get data from Google Sheets, but I didn’t test this. However, if the access token was expired, it couldn’t detect that, although it did include working code to actually request a new token, but not parse it out and use it.

In an attempt to add to the functionality of that proof of concept, I forked the project and made a few changes. First, I changed to order of operations in the code to make it check if the current access token was valid before doing anything else. Second, Google API was responding ‘400 Bad Request’ if the access token was invalid, and everything but ‘200 OK’ responses were being filtered out by the code. Finally, I wrote a couple of JSON parsers that check the reason for the ‘400 Bad Request’ and extract and use the access token returned by Google API when a new one is requested.

It works, but it’s hardly reliable – not surprising considering I’ve never really used the Arduino platform before. Notably, the SHA1 fingerprint for Google API fails often. Checking from my local machine, the SHA1 fingerprint varies between two signatures there too. It would be fairly easy to check for either of them, or just keep trying, but I’d rather understand what’s going on first. (Is it just a CDN or something else?) Or perhaps I should rewrite the whole application in Lua where I’m more competent.

A fun little application built on the above was to place a button on my office that sends an email to my phone. I don’t want people to contact me at that email address frivolously, but do want to know immediately if someone is waiting outside my office. The big red button is for normal requests, but urgent requests require lockpicking. If it’s urgent it better also be interesting.

Finally, did you know that Hackaday provides an API for accessing hackaday.io? It uses the simpler OAUTH (not OAUTH2) authentication, so should be more straightforward than the above to implement on the ESP8266. Have any of you used it?

Filed under: Arduino Hacks, google hacks, how-to, Original Art

from Hackaday Click Here for full article

Friday Hack Chat: Eagle One Year Later

Way back in June of 2016, Autodesk acquired Cadsoft, and with it EagleCAD, the popular PCB design software. There were plans for some features that should have been in Eagle two decades ago, and right now Autodesk is rolling out an impressive list of features that include UX improvements, integration with MCAD and Fusion360, and push and shove routing.

Six months into the new age of Eagle, Autodesk announced they would be changing their licensing models to a subscription service. Where you could pay less than $100 once and hold onto version 6.0 forever, now you’re required to pay $15 every month for your copy of Eagle. Yes, there’s still a free, educational version, but this change to a subscription model caused much consternation in the community when announced.

For this week’s Hack Chat, we’re going to be talking about Eagle, one year in. Our guest for this Hack Chat is Matt Berggren, director of Autodesk Circuits, hardware engineer, and technologist that has been working on bringing electronic design to everyone. We’ll be asking Matt all about Eagle, with questions including:

  • What new features are in the latest edition of Eagle?
  • What’s on the Eagle wishlist?
  • What technical challenges arise when designing new features?
  • Where can a beginner find resources for designing PCBs in Eagle?

Join the chat to hear about new features in Eagle, how things are holding up for Eagle under new ownership, and how exactly the new subscription model for Eagle is going. We’re looking for questions from the community, so if you have a question for Matt or the rest of the Eagle team, put it on the Hack Chat event page.

If you’re wondering about how Altium and KiCad are holding up, or have any questions about these PCB design tools, don’t worry: we’re going to have Hack Chats with these engineers in the new year.

join-hack-chat

Our Hack Chats are live community events on the Hackaday.io Hack Chat group messaging. This Hack Chat is going down on noon, PST, Friday, December 15th. Time Zones got you down? Here’s a handy count down timer!

Click that speech bubble to the left, and you’ll be taken directly to the Hack Chat group on Hackaday.io.

You don’t have to wait until Friday; join whenever you want and you can see what the community is talking about.

Filed under: Hackaday Columns

from Hackaday Click Here for full article

1 2 3 4 65