Medicine

Company Says It's Built a Marijuana Breathalyzer That Will Hit the Market In 2020 (techdirt.com) 141

An anonymous reader quotes a report from Techdirt: There's currently no field test equipment that detects marijuana impairment. A company in California thinks it has a solution. From San Francisco Chronicle: "By mid-2020, Hound Laboratories plans to begin selling what it says is the world's first dual alcohol-marijuana breath analyzer, which founder Dr. Mike Lynn says can test whether a user has ingested THC of any kind in the past two to three hours. 'We're allowed to have this in our bodies,' Lynn said of marijuana, which became legal to use recreationally in California in 2018. 'But the tools to differentiate somebody who's impaired from somebody who's not don't exist.'"

We won't know if these claims are true until the testing equipment is deployed. And even then, we still won't know if the machines are accurate or the drivers they catch are actually impaired. Marijuana doesn't work like alcohol, so impairment levels vary from person to person. In addition, there's no baseline for impairment like there is for alcohol. That will have to be sorted out by state legislatures before officers can begin to claim someone is "impaired" just because the equipment has detected THC. At this point, the tech pitched by Hound Labs only provides a yes/no answer. There's a very good chance this new tech will go live before the important details -- the ones safeguarding people's rights and freedoms -- are worked out. The founder of Hound Labs is also a reserve deputy for the Alameda County Sheriff's Office. And it's this agency that's been test driving the weedalyzer.
"[T]his new tech should be greeted with the proper amount of skepticism," the report says. "Breathalyzers that detect alcohol have been around for decades and are still far from perfect. A new device that promises to detect recent marijuana use just because researchers say consumption can be detected for up to three hours shouldn't be treated as a solution."

"The device is stepping into a legal and legislative void with no established baseline for marijuana 'intoxication.'"
Science

Finnish Scientists Produce a Protein Made 'From Thin Air' (huffpost.com) 151

New submitter SysEngineer shares a report from HuffPost: A new protein made from air, water and renewable electricity could revolutionize our food system within the next decade. Developed by the Finnish company Solar Foods in a lab just outside Helsinki, the protein -- called Solein -- is made using living microbes that are then grown in a fermenter in a process similar to brewing beer. The microbes are fed with carbon dioxide, hydrogen, oxygen and nitrogen all taken from the air. This fermentation process, which takes place in huge vats, produces a liquid that is removed and dried to give the final product -- a yellow flour-like powder with multiple food uses.

If the electricity comes totally from renewables -- the aim is to use solar and wind -- the production process could produce virtually zero greenhouse gas emissions, the company says. It would also require far less land and far less water than traditional agriculture. Solar Foods says just 10 liters (2.1 gallons) of water is needed for every 1 kilogram (2.2 pounds) of Solein. To produce 1 kilogram of soy requires 2,500 liters (550 gallons) of water, a figure that rises to more than 15,000 liters (3,300 gallons) for 1 kilogram of beef.
The scientists say Solein has three applications: it can be used as a protein additive in existing foods; it could work as a way to help ingredients bind together; and it could also be used as an ingredient in plant-based meat alternatives.
Printer

MIT Scientists Made a Shape-Shifting Material that Morphs Into a Human Face (arstechnica.com) 24

An anonymous reader quotes Ars Technica: The next big thing in 3D printing just might be so-called "4D materials" which employ the same manufacturing techniques, but are designed to deform over time in response to changes in the environment, like humidity and temperature. They're also sometimes known as active origami or shape-morphing systems. MIT scientists successfully created flat structures that can transform into much more complicated structures than had previously been achieved, including a human face. They published their results last fall in the Proceedings of the National Academy of Sciences...

MIT mechanical engineer Wim van Rees, a co-author of the PNAS paper, devised a theoretical method to turn a thin flat sheet into more complex shapes, like spheres, domes, or a human face. "My goal was to start with a complex 3-D shape that we want to achieve, like a human face, and then ask, 'How do we program a material so it gets there?'" he said. "That's a problem of inverse design..." van Rees and his colleagues decided to use a mesh-like lattice structure instead of the continuous sheet modeled in the initial simulations. They made the lattice out of a rubbery material that expands when the temperature increases. The gaps in the lattice make it easier for the material to adapt to especially large changes in its surface area. The MIT team used an image of [19th century mathematician Carl Friedrich] Gauss to create a virtual map of how much the flat surface would have to bend to reconfigure into a face. Then they devised an algorithm to translate that into the right pattern of ribs in the lattice.

They designed the ribs to grow at different rates across the mesh sheet, each one able to bend sufficiently to take on the shape of a nose or an eye socket. The printed lattice was cured in a hot oven, and then cooled to room temperature in a saltwater bath.

And voila! It morphed into a human face.

"The team also made a lattice containing conductive liquid metal that transformed into an active antenna, with a resonance frequency that changes as it deforms."
Open Source

Linus Torvalds Calls Blogger's Linux Scheduler Tests 'Pure Garbage' (phoronix.com) 191

On Wednesday Phoronix cited a blog post by C++ game developer Malte Skarupke claiming his spinlocks experiments had discovered the Linux kernel had a scheduler issue affecting developers bringing games to Linux for Google Stadia.

Linus Torvalds has now responded: The whole post seems to be just wrong, and is measuring something completely different than what the author thinks and claims it is measuring.

First off, spinlocks can only be used if you actually know you're not being scheduled while using them. But the blog post author seems to be implementing his own spinlocks in user space with no regard for whether the lock user might be scheduled or not. And the code used for the claimed "lock not held" timing is complete garbage.

It basically reads the time before releasing the lock, and then it reads it after acquiring the lock again, and claims that the time difference is the time when no lock was held. Which is just inane and pointless and completely wrong...

[T]he code in question is pure garbage. You can't do spinlocks like that. Or rather, you very much can do them like that, and when you do that you are measuring random latencies and getting nonsensical values, because what you are measuring is "I have a lot of busywork, where all the processes are CPU-bound, and I'm measuring random points of how long the scheduler kept the process in place".

And then you write a blog-post blamings others, not understanding that it's your incorrect code that is garbage, and is giving random garbage values...

You might even see issues like "when I run this as a foreground UI process, I get different numbers than when I run it in the background as a batch process". Cool interesting numbers, aren't they?

No, they aren't cool and interesting at all, you've just created a particularly bad random number generator...

[Y]ou should never ever think that you're clever enough to write your own locking routines.. Because the likelihood is that you aren't (and by that "you" I very much include myself -- we've tweaked all the in-kernel locking over decades, and gone through the simple test-and-set to ticket locks to cacheline-efficient queuing locks, and even people who know what they are doing tend to get it wrong several times).

There's a reason why you can find decades of academic papers on locking. Really. It's hard.

"It really means a lot to me that Linus responded," the blogger wrote later, "even if the response is negative." They replied to Torvalds' 1,500-word post on the same mailing list -- and this time received a 1900-word response arguing "you did locking fundamentally wrong..." The fact is, doing your own locking is hard. You need to really understand the issues, and you need to not over-simplify your model of the world to the point where it isn't actually describing reality any more...

Dealing with reality is hard. It sometimes means that you need to make your mental model for how locking needs to work a lot more complicated...

Open Source

Linux Kernel Developers and Commits Dropped in 2019 (phoronix.com) 37

Phoronix reports that on New Year's Day, the Linux kernel's Git source tree showed 27,852,148 lines of code, divided among 66,492 files (including docs, Kconfig files, user-space utilities in-tree, etc).

Over its lifetime there's been 887,925 commits, and around 21,074 different authors: During 2019, the Linux kernel saw 74,754 commits, which is actually the lowest point since 2013. The 74k commits is compares to 80k commits seen in both 2017 and 2018, 77k commits in 2016, and 75k commits in both 2014 and 2015. Besides the commit count being lower, the author count for the year is also lower. 2019 saw around 4,189 different authors to the Linux kernel, which is lower than the 4,362 in 2018 and 4,402 in 2017.

While the commit count is lower for the year, on a line count it's about average with 3,386,347 lines of new code added and 1,696,620 lines removed...

Intel and Red Hat have remained the top companies contributing to the upstream Linux kernel.

NASA

After Two Years NASA Loses Contact With Its Briefcase-Sized, Exoplanet-Hunting Satellite (bgr.com) 30

"NASA has a lot of high-tech hardware cruising around in space right now, but one of the space agency's pint-sized exoplanet hunters appears to have gone dark," reports BGR: In a post by NASA's Jet Propulsion Laboratory, the group explains that its ASTERIA satellite has been failing to return attempts to contact it for about a month now.

ASTERIA is a tiny satellite capable of observing some very big things. The spacecraft was sent into Earth orbit in late 2017, and it spent several months studying nearby stars for changes in their brightness. These brightness dips are the telltale signs that a planet is orbiting those stars. Much of NASA's exoplanet-hunting hardware is big and beefy, but the ASTERIA mission proved that spotting hints of exoplanets is indeed possible using much smaller devices. CubeSats, which are only about the size of a briefcase, are easier to deploy than their larger counterparts, and ASTERIA showed that CubeSats can make for good planet hunters.

"The ASTERIA project achieved outstanding results during its three -month prime mission and its nearly two-year-long extended mission," Lorraine Fesq of NASA's Jet Propulsion Laboratory said in a statement. "Although we are disappointed that we lost contact with the spacecraft, we are thrilled with all that we have accomplished with this impressive CubeSat."

NASA adds that "Attempts to contact it are expected to continue into March 2020."
Software

EA Appears To Be Permanently Banning Linux Players On Battlefield V 130

Many users have taken to the Lutris Forums to report that EA is permanently banning Linux players on Battlefield V. "Good friends, finally after some time without being able to play Battlefield V for Linux, this week I was using lutris-4.21, I was having fun when my anti-cheat, FairFight, blew me out of the game, so I was banned," writes one user. "As I was not using any cheating, I think the anti-cheat considered dxvk or the table layer that used at the time as cheating..." Another user said the "same problem" happened to them, and they "got banned on tuesday for cheating."

While some users await a response from EA, others have received an email confirming the action that was taken on their account. "... After thoroughly investigating your account and concern, we found that your account was actioned correctly and will not remove this sanction from your account," the email states.

We've seen this happen on multiple occasions with Blizzard, but they eventually fixed the problem the first time. In a comment on Hacker News, user jchw writes: "Anti-cheat software is an absolute shit show of cat-and-mouse tactics. It's often difficult to distinguish anti-cheat software from rootkits or spyware. They're invasive and user hostile, and they frequently cause collateral damage that is swept under the rug and that support tacitly refuses to acknowledge..."
Businesses

Is Fry's Electronics in Trouble? (sfchronicle.com) 240

The tagline "Your best buys are always at Fry's" once blanketed Bay Area airwaves, but that's no longer true of the computer retailer's Palo Alto store. From a report: A temple of electronics known as "ground zero for geek culture," the Portage Avenue Fry's Electronics closed last week after almost 30 years in business. "The Palo Alto store was a fixture for techies everywhere. It's sad they closed," said Abbi Vakil, who works as a hardware engineer in the city. "You will not find an engineer in the Bay Area who hasn't gone to Fry's for some kind of prototype building." Fry's Electronics, a San Jose company that still has dozens of stores from California to Georgia, including seven in the Bay Area, said on Twitter that it had not been able to renew the Palo Alto store's lease. But customers from Sunnyvale to Seattle have been sharing photos and videos of empty shelves on social media for months, raising speculation that the chain may be heading for bankruptcy or shrinking significantly.
Mars

NASA Showcases Its New Mars Rover, Calls It Precursor to Humans on Mars (sciencealert.com) 71

"The Mars 2020 rover, which sets off for the Red Planet next year, will not only search for traces of ancient life, but pave the way for future human missions, NASA scientists said Friday as they unveiled the vehicle."

An anonymous reader quotes Agence France-Presse: The rover has been constructed in a large, sterile room at the Jet Propulsion Laboratory in Pasadena, near Los Angeles, where its driving equipment was given its first successful test last week. Shown to invited journalists on Friday, it is scheduled to leave Earth in July 2020 from Florida's Cape Canaveral, becoming the fifth U.S. rover to land on Mars seven months later in February [of 2021].

"It's designed to seek the signs of life, so we're carrying a number of different instruments that will help us understand the geological and chemical context on the surface of Mars," deputy mission leader Matt Wallace told AFP. Among the devices on board the rover are 23 cameras, two "ears" that will allow it to listen to Martian winds, and lasers used for chemical analysis... Fuelled by a miniature nuclear reactor, Mars 2020 has seven-foot-long (two metre) articulated arms and a drill to crack open rock samples in locations scientists identify as potentially suitable for life. "What we're looking for is ancient microbial life -- we're talking about billions of years ago on Mars, when the planet was much more Earth-like," said Wallace...

The Mars 2020 mission also carries hopes for an even more ambitious target -- a human mission to Mars. "I think of it, really, as the first human precursor mission to Mars," said Wallace. Equipment on board "will allow us to make oxygen" that could one day be used both for humans to breathe, and to fuel the departure from Mars "for the return trip."

NASA has uploaded footage of the rover's first test drive.
The Media

Washington Post Writer Calls 2019 'The Year of OK Boomer', Calls for Inter-Generational Kindness (sfchronicle.com) 515

"It was the year of 'OK boomer,' and the generations were at each other's throats," argues the national features writer for The Washington Post, starting with a quote from New York University's Michael North, who studies ageism in the workplace.

"Age-based prejudice is the last acceptable form of prejudice. People are making age-based generalizations and stereotypes that you wouldn't be able to get away with about race or background..." People are getting away with it. This year, the baby boom was blamed for almost everything: the fate of the planet, Congress, college debt, plastic straws, the ending of "Game of Thrones." An entire generation was perceived to be operating as a giant monolith, mind-melded in its intention to make young people miserable for the rest of their long lives. Never mind that old people were once young, struggling, loaded with debt, facing a lousy job market, expensive housing, inflation. (Yes, there was something called inflation. It had to be whipped. Ask your parents.)

And, guess what, millennials? You are acquiring property. So, you know, patience.

The sewer of mockery flowed both ways, upstream and down. It was funny, except when it wasn't. If young folk derided the Olds for leaving an environmental and fiscal mess, the baby boom was happy to sling verbal mud in their direction. After "OK boomer" erupted, AARP senior vice president and editorial director Myrna Blyth said in an interview with Axios, "Okay, millennials, but we're the people that actually have the money." (AARP long stood for American Association of Retired Persons, but now a growing number of older Americans can't or won't retire....) What distinguishes these latest ageist salvos are their intensity and frequency. It's an intergenerational quipping contest, fueled by the rapid, reductionist and unrestrictive nature of social media, which makes it far too easy to cast verbal stones. "Social media amplifies previously latent sentiment," North says....

Any day now, boomers won't be blamed for everything that is not okay. This is the year -- can you feel it? -- that, according to Pew's analysis of census projections, millennials are scheduled to surpass the baby boom in sheer size, 73 million to 72 million, because of, well, death. By 2028, Gen X is also projected to be larger than the baby boom, so we'll probably start blaming them.

In the meantime, perhaps the generations need to be kinder to each other.

Open Source

FSF-Approved Hyperbola GNU/Linux Forking OpenBSD, Citing 'User Freedom' Concerns (hyperbola.info) 135

Long-time Slashdot reader twocows writes: Hyperbola GNU/Linux, a FSF-approved distribution of GNU/Linux, has declared their intent to fork OpenBSD and become HyperbolaBSD..."
The news came earlier this week in a roadmap announcement promising "a completely new OS derived from several BSD implementations" (though Hyperbola was originally based on Arch snapshots and Debian development).

"This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom." In 2017 Hyperbola dropped its support for systemd -- but its concerns go far beyond that: This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.

Reasons for this include:

- Linux kernel forcing adaption of DRM, including HDCP.

- Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)

- Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)

- Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies....)

HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.

First Person Shooters (Games)

How Do Bullets Work in Video Games? (gamasutra.com) 92

FPS (first-person shooter) games have been a staple in the video game industry ever since the explosion of Wolfenstein 3D back in 1992. Since then, the genre has been evolving with graphical upgrades, huge budgets, and an eSports ecosystem. But what about its core, the shooting mechanics? How have we progressed on that front? Why do some guns feel like it's the real thing, while others feel like toys?
Government

40% of Anti-Vaccine Group's Funding Came From Wealthy 'Alternative Health' Vendor (lmtonline.com) 110

An anonymous reader quotes the Washington Post: The nation's oldest anti-vaccine advocacy group often emphasizes that it is supported primarily by small donations and concerned parents, describing its founder as the leader of a "national, grass roots movement." But over the past decade a single donor has contributed more than $2.9 million to the National Vaccine Information Center, accounting for about 40 percent of the organization's funding, according to the most recent available tax records.

That donor, osteopathic physician Joseph Mercola, has amassed a fortune selling natural health products, court records show, including vitamin supplements, some of which he claims are alternatives to vaccines.

In recent years, the center has been at the forefront of a movement that has led some parents to forgo or delay immunizing their children against vaccine-preventable diseases such as measles. Health officials say falling vaccination rates contributed to the infectious virus sickening more than 1,200 people in the United States this year, the largest number in more than 25 years. Measles outbreaks are surging worldwide, including in Samoa -- where nearly 80 people have died since mid-October, the great majority of them young children and infants... The group claimed credit this year for helping to defeat legislation in a dozen states that would have made it harder for parents to opt out of vaccinating their children...

Mercola, whose claims about other products have drawn warnings from regulators, has also given at least $4 million to several groups that echo the anti-vaccine message. His net worth, derived largely from his network of private companies, has grown to "in excess of $100 million," he said in a 2017 affidavit.

In 2010 Mercola's site and the anti-vaccination group "launched a website that tracks vaccine-related legislation in every state. The site provides activists with detailed information, including how to sign up for public comment to support or oppose legislation in their state, where to park to attend a public hearing and what color T-shirt to wear to rallies..."

"In 2016, in response to a complaint from the Federal Trade Commission, Mercola refunded nearly $2.6 million to more than 1,300 people who bought tanning beds that he claimed could reduce the risk of skin cancer."
Media

Hundreds of 'Pink Slime' Local News Outlets Are Distributing Algorithmic Stories and Conservative Talking Points, Investigation Finds (cjr.org) 228

The Tow Center for Digital Journalism at Columbia's Graduate School of Journalism reports: An increasingly popular tactic challenges conventional wisdom on the spread of electoral disinformation: the creation of partisan outlets masquerading as local news organizations. An investigation by the Tow Center for Digital Journalism at Columbia Journalism School has discovered at least 450 websites in a network of local and business news organizations, each distributing thousands of algorithmically generated articles and a smaller number of reported stories. Of the 450 sites we discovered, at least 189 were set up as local news networks across ten states within the last twelve months by an organization called Metric Media. Titles like the East Michigan News, Hickory Sun, and Grand Canyon Times have appeared on the web ahead of the 2020 election. These networks of sites can be used in a variety of ways: as 'stage setting' for events, focusing attention on issues such as voter fraud and energy pricing, providing the appearance of neutrality for partisan issues, or to gather data from users that can then be used for political targeting.

On October 20, the Lansing State Journal first broke the story of the network's existence. About three dozen local news sites, owned by Metric Media, had appeared in Michigan. Further reporting by the Michigan Daily, the Guardian and the New York Times identified yet more sites. Ultimately, previous reporting has identified around 200 of these sites. Our analysis suggests that there are at least twice that number of publications across a number of related networks, of which Metric Media is just one component. Over a two-week period starting November 26, we tapped into the RSS feeds of these 189 Metric Media sites, all of which were we found that were created this year, and found over fifteen thousand unique stories had been published (over fifty thousand when aggregated across the sites), but only about a hundred titles had the bylines of human reporters. The rest cited automated services or press releases.

Games

Vim Releases 'Killersheep' Game To Demo Two New Features In Vim 8.2 (vim.org) 24

The creators of Vim have released a game called "Killersheep" to show off two new features in Vim 8.2.

"Before I did the keynote at VimConf 2018 I asked plugin developers what they wanted from Vim," reads the announcement at Vim.org. "The result was a very long list of requested features. The top two items were clear: Popup windows and text properties." After more than a year of development the new features are now ready for the Vim crowds.

Popup windows make it possible to show messages, function prototypes, code snippets and anything else on top of the text being edited. They open and close quickly and can be highlighted in many ways... This was no small effort. Although the existing window support could be used, popup windows are different enough to require a lot of extra logic. Especially to update the screen efficiently. Also to make it easy for plugin writers to use them; you don't need to tell Vim exactly where to show one, just give a reference point and the text to display, Vim will figure out the size and where the popup fits best.

Text properties can be used for something as simple as highlighting a text snippet or something as complicated as using an external parser to locate syntax items and highlight them asynchronously. This can be used instead of the pattern based syntax highlighting. A text property sticks with the text, also when inserting a word before it. And this is done efficiently by storing the properties with the text.

Debian

Debian Begins Vote On Supporting Non-Systemd Init Options (phoronix.com) 225

"It's been five years already since the vote to transition to systemd in Debian over Upstart," reports Phoronix, noting that the Debian developer community has now begun a 20-day ranked-choice vote on eight different proposals for "'init system diversity' and just how much Debian developers care (or not) in supporting alternatives to systemd."

The eight options they're voting on:
  • Choice 1: F: Focus on systemd
  • Choice 2: B: Systemd but we support exploring alternatives
  • Choice 3: A: Support for multiple init systems is Important
  • Choice 4: D: Support non-systemd systems, without blocking progress
  • Choice 5: H: Support portability, without blocking progress
  • Choice 6: E: Support for multiple init systems is Required
  • Choice 7: G: Support portability and multiple implementations
  • Choice 8: Further Discussion

There's detailed descriptions of each option on the Debian developers mailing list. "This is a non-secret vote," the post explains. "After the voting period is over the details on who voted what will be published."


Linux

NextCloud Linux Servers Targetted by NextCry Ransomware (linuxsecurity.com) 28

b-dayyy quotes Linux Security: A new and particularly troublesome ransomware variant has been identified in the wild. Dubbed NextCry, this nasty strain of ransomware encrypts data on NextCloud Linux servers and has managed to evade the detection of public scanning platforms and antivirus engines. To make matters worse, there is currently no free decryption tool available for victims.

Ransomware hunter and creator of ID Ransomware Michael Gillespie notes that the NextCry ransomware, which is a Python script compiled in a Linux ELF binary using pyInstaller, oddly uses Base64 to encode file names as well as the content of files which have already been encrypted. Gillespie has also confirmed that NextCry encrypts data using the AES algorithm with a 256-bit key.

The ransom note that NextCry victims receive reads "READ_FOR_DECRYPT", and demands 0.025 BTC for a victim's files to be unlocked.

Transportation

A Real-Life Tesla Study Shows Durability of EV Batteries 124

Slashdot reader Rutabaga8 is the CEO of a web site conducting in-depth research on personal finance topics. They recently contacted Slashdot to share "some surprising results" from their analysis of a nonprofit advocacy group's seven years of data on Tesla batteries: By seven years of age, the typical car could still deliver around 93% of the original range on a full charge. That means a Tesla battery typically loses around 1 percentage point of range each year on the road.

Of course, cars that put more miles on the odometer are likely to get faster battery deterioration, because it's the number of charges that really impact battery degradation. However, the data showed that by 150,000 miles Tesla cars still achieved more than 85% of their original range when they were charged to full capacity.
AI

John Carmack Stepping Down As CTO of Oculus To Work On AI (theverge.com) 41

Oculus CTO John Carmack announced Wednesday that he is stepping down from the augmented-reality company to focus his time on artificial general intelligence. The Verge reports: Carmack will remain in a "consulting CTO" position at Oculus, where he will "still have a voice" in the development work at the company, he wrote. Recent comments from Carmack suggest he may have soured on VR. Carmack was a champion of phone-based VR for years at Oculus, but in October, he delivered a "eulogy" for Oculus' phone-based Gear VR. And in a video for receiving a lifetime achievement award this week at the VR Awards, he said that "I really haven't been satisfied with the pace of progress that we've been making" in VR.
Privacy

DNA Databases Are a National Security Leak Waiting To Happen (technologyreview.com) 35

schwit1 writes: A private DNA ancestry database that's been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers. Security flaws in the service, called GEDmatch, not only risk exposing people's genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample. GEDMatch, which crowdsources DNA profiles, was created by genealogy enthusiasts to let people search for relatives and is run entirely by volunteers. It shows how a trend toward sharing DNA data online can create privacy risks affecting everyone, even people who don't choose to share their own information.

"You can replace your credit card number, but you can't replace your genome," says Peter Ney, a postdoctoral researcher in computer science at the University of Washington. Ney, along with professors and DNA security researchers Luis Ceze and Tadayoshi Kohno, described in a report posted online how they developed and tested a novel attack employing DNA data they uploaded to GEDmatch. Using specially designed DNA profiles, they say, they were able to run searches that let them guess more than 90% of the DNA data of other users. The founder of GEDmatch, Curtis Rogers, confirmed that the researchers alerted him to the threat during the summer.
"The same attack wouldn't work on other genealogy sites, like 23andMe, because they don't permit data uploads," the report notes. "Others, like MyHeritage, do allow uploads but don't give users as much information about their matches."

"The problem with GEDmatch is the browser is too good, and searches too deeply," says Erlich. "If I were them, I would remove it, fix it, then put it back."

Slashdot Top Deals