Department of Mathematics
 Search | Help | Login | pdf version | printable version

Math @ Duke





.......................

.......................


Yunliang Yu, IT Senior Manager

Yunliang Yu

Open source is an investment in the future.

FDS Motto: we serve and empower the faculty.

Contact Info:
Office Location:  029D Physics
Office Phone:  (919) 660-2803
Email Address:   send me a message
Web Page:   http://www.math.duke.edu/~yu

Office Hours:

12:01AM - 12:02AM every other day except today.
Not by appt :-)
Specialties:

Mathematics
Recent Publications

  1. Y. Yu, test 123 (March, 2010). [PNG, PDF]

Famous Sayings:
Your dream will come true, if you eat your soup.
    --- Angela Yu
Don't be a turkey; read a book.
    --- Christina Yu
Security = avoid "unexpected inputs for unintended results".
    --- moi
Attitude is half reality.
    --- me?
To learn and practice what is learned from time to time is pleasure, is it not? To have friends from afar is happiness, is it not? To be unperturbed when not appreciated by others is a gentleman, is it not?
    --- Kungfu Zi
Better to light a candle than to curse the darkness.
    --- Chinese Proverb

mathprograms.org, academicjobsonline.org, mathjobs.org, ShortURLs, sharedworkingplace.org, chinesecalligraphyandwoodcarving.

/. headline news :-)

  • Hacker Says They Compromised ProtonMail; ProtonMail Calls BS
    2018-11-17T19:19:00+00:00
    A hacker going by the name AmFearLiathMor is claiming to have hacked ProtonMail and stolen "significant" amounts of data. They have posted a ransom demand to an anonymous Pastebin but it reads like a prank, as it states that the alleged hackers have access to underwater drone activity and treaty violations in Antarctica. Lawrence Abrams writes via BleepingComputer: According to the message, a hacker going by the name AmFearLiathMor makes quite a few interesting claims such as hacking ProtonMail's services and stealing user's email, that ProtonMail is sending their user's decrypted data to American servers, and that ProtonMail is abusing the lack of Subresource Integrity (SRI) use to purposely and maliciously steal their user's passwords. After reading the Pastebin message (archive.is link), which is shown in its entirety below minus some alleged keys, and seeing the amount of claims, the first thing that came to mind was a corporate version of the sextortion scams that have been running rampant lately. As I kept reading it, though, it just felt like a joke. ProtonMail posted on Twitter that this is a hoax and that there is no evidence that anything states is true. The encrypted email service provided a statement to BleepingComputer: "We believe this extortion attempt is a hoax, and we have seen zero evidence to suggest otherwise. Not a single claim made is true and many of the claims are unsound from a technical standpoint. We are aware of a small number of ProtonMail accounts that have been compromised as a result of those individual users falling for phishing attempts. However, there is zero evidence of a breach of our infrastructure."

    Read more of this story at Slashdot.

  • Mark Shuttleworth Reveals Ubuntu 18.04 Will Get a 10-Year Support Lifespan
    2018-11-17T18:18:00+00:00
    At the OpenStack Summit in Berlin last week, Ubuntu Linux founder Mark Shuttleworth said in a keynote that Ubuntu 18.04 Long Term Support (LTS) support lifespan would be extended from five years to 10 years. "I'm delighted to announce that Ubuntu 18.04 will be supported for a full 10 years," said Shuttleworth, "In part because of the very long time horizons in some of industries like financial services and telecommunications but also from IoT where manufacturing lines for example are being deployed that will be in production for at least a decade." ZDNet reports: Ubuntu 18.04 released in April 2018. While the Ubuntu desktop gets most of the ink, most of Canonical's dollars comes from server and cloud customers. It's for these corporate users Canonical first extended Ubuntu 12.04 security support, then Ubuntu 14.04's support, and now, preemptively, Ubuntu 18.04. In an interview after the keynote, Shuttleworth said Ubuntu 16.04, which is scheduled to reach its end of life in April 2021, will also be given a longer support life span. When it comes to OpenStack, Shuttleworth promised again to support versions of OpenStack dating back to 2014's IceHouse. Shuttleworth said, "What matters isn't day two, what matters is day 1,500." He also doubled-down on Canonical's promise to easily enable OpenStack customers to migrate from one version of OpenStack to another. Generally speaking, upgrading from one version of OpenStack is like a root canal: Long and painful but necessary. With Canonical OpenStack, you can step up all the way from the oldest supported version to the newest one with no more than a second of downtime.

    Read more of this story at Slashdot.

  • Alphabet Unit Halts Glucose-Detecting Contact Lens Project
    2018-11-17T17:35:00+00:00
    An anonymous reader shares a report from Reuters: Alphabet's life sciences division Verily said on Friday that it was putting on hold one of its oldest and highest-profile projects, a smart contact lens designed to help monitor sugar levels. The project, started in 2014, aimed to help diabetics better manage their blood sugar levels by embedding sensors on a contact lens to monitor the glucose levels in their tears. In a blog update, Verily cited here insufficient consistency in the correlation between tear glucose and blood glucose concentrations to support the requirements of a medical device. On the bright side, Alphabet and Verily said they would continue to work on two other "Smart Lens" projects -- one for presbyopia (far-sightedness), and another to improve sight following cataract surgery.

    Read more of this story at Slashdot.

  • Virginia To Produce 25K-35K Additional CS Grads As Part of Amazon HQ2 Deal
    2018-11-17T16:16:00+00:00
    theodp writes: Developers! Developers! Developers! To make good on the proposal that snagged it a share of the Amazon HQ2 prize, the State of Virginia is also apparently on the hook for doubling the annual number of graduates with computer science or closely related degrees, with a goal to add 25,000 to 35,000 graduates (Amazon's HQ2 RFP demanded info on "education programs related to computer science"). To do that, the state will establish a performance-based investment fund for higher education institutions to expand their bachelor's degree programs, and spend up to $375 million on George Mason University's Arlington campus and a new Virginia Tech campus in Alexandria. The state will also spend $50 million on STEM + CS education in public schools and expanding internships for higher education students. Amazon is certainly focused on boosting the ranks of software engineer types. Earlier this month, Amazon launched Amazon Future Engineer, a program that aims to teach more than 10 million students a year how to code, part of a $50 million Amazon commitment to computer science education that was announced last year at a kickoff event for the Ivanka Trump-led White House K-12 CS Initiative. And on Wednesday, Amazon-bankrolled Code.org -- Amazon is a $10+ million Diamond Supporter of the nonprofit; CS/EE grad Jeff Bezos is a $1+ million Gold Supporter -- announced it has teamed with Amazon Future Engineer to build and launchHour of Code: Dance Party, a signature tutorial for this December's big Hour of Code (powered by AWS in 2017), which has become something of a corporate infomercial (Microsoft recently boasted "learners around the world have completed nearly 100 million Minecraft Hour of Code sessions"). Students participating in the Dance Party tutorial, Code.org explained, can choose from 30 hits like Katy Perry's "Firework" and code interactive dance moves and special effects as they learn basic CS concepts. "The artists whose music is used in this tutorial are not sponsoring or endorsing Amazon as part of licensing use of their music to Code.org," stresses a footnote in Code.org's post. So, don't try to make any connections between Katy Perry's Twitter endorsement of the Code.org/Amazon tutorial later that day and those same-day follow-up Amazon and Katy Perry tweets touting their new exclusive Amazon Music streaming deal, kids!

    Read more of this story at Slashdot.

  • BlackBerry Buys Cybersecurity Firm Cylance For $1.4 Billion
    2018-11-17T15:15:00+00:00
    wiredmikey shares a report from SecurityWeek: BlackBerry on Friday announced that it has agreed to acquire endpoint security firm Cylance for $1.4 billion in cash. "We plan on immediately expanding the capabilities across BlackBerry's 'chip-to-edge' portfolio, including QNX, our safety-certified embedded OS that is deployed in more than 120 million vehicles, robot dogs, medical devices, and more," a BlackBerry company spokesperson told SecurityWeek. "Over time, we plan to integrate Cylance technology with our Spark platform, which is at the center of our strategy to ensure data flowing between endpoints (in a car, business, or smart city) is secured, private, and trusted." Cylance has raised roughly $300 million in funding [prior being acquired]. BlackBerry describes the "Spark platform" as a secure chip-to-edge communications platform "designed for ultra-security and industry-specific safety-certifications, such as ISO 26262 in automobiles."

    Read more of this story at Slashdot.

  • Dutch Government Report Says Microsoft Office Telemetry Collection Breaks EU GDPR Laws
    2018-11-17T14:14:00+00:00
    "The Register reports that Microsoft has been accused of breaking EU's GDPR law by harvesting information through Office 365 and sending it to U.S. servers," writes Slashdot reader Hymer. "The discovery was made by the Dutch government." From the report: The dossier's authors found that the Windows goliath was collecting telemetry and other content from its Office applications, including email titles and sentences where translation or spellchecker was used, and secretly storing the data on systems in the United States. Those actions break Europe's new GDPR privacy safeguards, it is claimed, and may put Microsoft on the hook for potentially tens of millions of dollars in fines. The Dutch authorities are working with the corporation to fix the situation, and are using the threat of a fine as a stick to make it happen. The investigation was jumpstarted by the fact that Microsoft doesn't publicly reveal what information it gathers on users and doesn't provide an option for turning off diagnostic and telemetry data sent by its Office software to the company as a way of monitoring how well it is functioning and identifying any software issues. Much of what Microsoft collects is diagnostics, the researchers found, and it has seemingly tried to make the system GDPR compliant by storing Office documents on servers based in the EU. But it also collected other data that contained private information and some of that data still ended up on U.S. servers.

    Read more of this story at Slashdot.

  • 86 Organizations Demand Zuckerberg To Improve Takedown Appeals
    2018-11-17T13:00:00+00:00
    An anonymous reader quotes a report from Motherboard: An open letter to Mark Zuckerberg signed by 86 organizations and published on Tuesday implores Facebook to provide a clear, fast mechanism that allows users to appeal instances of content takedowns and account deactivations. The letter which was spearheaded by the Electronic Frontier Foundation, Article 19, Ranking Digital Rights, and the Center for Democratic Technology (CDT) -- expanded upon the Santa Clara Principles published earlier this year, which called for all social media platforms to improve its transparency and responsiveness to flagged posts and appeals for removed content. In April of this year, Facebook launched appeals for posts that are removed on grounds nudity, hate speech, or graphic violence. The press release claims that one of Facebook's human content reviewers will review all appeals within 24 hours, and notify users if their appeal has been approved or denied. The open letter to Mark Zuckerberg also requests that all content takedown and deactivation appeals are reviewed by a human moderator, which Facebook claims that it already does. EFF Director of International Freedom of Expression, Jillian York, believes the undercurrent of content moderation on social media is the censorship or restriction of speech towards marginalized groups. "There are accounts, [and] there is content that is taken down frequently from social media, and we don't hear those stories as much because they're often overshadowed by the pushes for hate speech to come down," York said. "I respect the people doing that work, I think it's really important. But really, the thing about appeals is they work in every case. So if someone breaks the rules for hate speech and they appeal, they're not gonna get their account restored. But if someone who should not have had their account taken down in the first place, appeals are the right solution to that."

    Read more of this story at Slashdot.

  • Lock-Screen Bypass Bug Quietly Patched In Handsets
    2018-11-17T10:00:00+00:00
    secwatcher shares a report from Threatpost: A design flaw affecting all in-display fingerprint sensors -- that left over a half-dozen cellphone models vulnerable to a trivial lock-screen bypass attack -- has been quietly patched. The flaw was tied to a bug in the popular in-display fingerprint reader technology used for user authentication. In-display fingerprint reader technology is widely considered an up-and-coming feature to be used in a number of flagship model phones introduced in 2019 by top OEM phone makers, according to Tencent's Xuanwu Lab which is credited for first identifying the flaw earlier this year. Impacted are all phones tested in the first half of 2018 that had in-display fingerprint sensors. That includes current models of Huawei Technologies' Porsche Design Mate RS and Mate 20 Pro model phones. Researchers said that many more cellphone manufacturers are impacted by the issue. The most popular phone in the U.S. that is impacted by this vulnerability is the OnePlus 6T. "[A]ll an attacker needs to carry out the attack is an opaque reflective material such as aluminum foil," reports Threatpost. "By placing the reflective material over a residual fingerprint on the phone's display the capacitance fingerprint imaging mechanism can be tricked into authenticating a fingerprint."

    Read more of this story at Slashdot.

  • NASA Decommissions the Kepler Space Telescope
    2018-11-17T07:00:00+00:00
    Late last month, NASA announced that it would be retiring the Kepler space telescope after nearly ten years of service -- double its initial mission life. Now, as Space.com reports, the planet-hunting telescope has been officially decommissioned, "beaming 'goodnight' commands to the sun-orbiting observatory." From the report: "Kepler's team disabled the safety modes that could inadvertently turn systems back on, and severed communications by shutting down the transmitters," NASA officials wrote in a statement today (Nov. 16). "Because the spacecraft is slowly spinning, the Kepler team had to carefully time the commands so that instructions would reach the spacecraft during periods of viable communication." The final commands were sent from Kepler's operations center at the University of Colorado Boulder's Laboratory for Atmospheric and Space Physics, NASA officials said. The commands got to the spacecraft via NASA's Deep Space Network, the system of big radio dishes the space agency uses to keep in touch with its far-flung probes.

    Read more of this story at Slashdot.

  • There Is No Link Between Insomnia and Early Death, Study Finds
    2018-11-17T03:30:00+00:00
    A new report published in the journal Science Direct says there is no link between insomnia and early death. The researchers reportedly "reviewed 17 studies, which covered close to 37 million people, to compile their results," the BBC notes. From the report: This new report goes against what the NHS says, which claims that as well as putting people at risk of obesity, heart disease and type 2 diabetes, that insomnia shortens life expectancy. The NHS recommends things like exercising to tire yourself out during the day and cutting down on caffeine. It also says smoking, eating too much or drinking alcohol late at night can stop you from sleeping well. Other recommendations include writing a list of things that are playing on your mind and trying to get to bed at a similar time every night. "There was no difference in the odds of mortality for those individuals with symptoms of insomnia when compared to those without symptoms," the study says. "This finding was echoed in the assessment of the rate of mortality in those with and without symptoms of insomnia using the outcomes of multivariate models, with the most complete adjustment for potential confounders, as reported by the individual studies included in this meta-analysis. Additional analyses revealed a tendency for an increased risk of mortality associated with hypnotic use."

    Read more of this story at Slashdot.

  • A New Senate Bill Would Hit Robocallers With Up To a $10,000 Fine For Every Call
    2018-11-17T02:05:00+00:00
    Massachusetts Democratic Senator Ed Markey and South Dakota Republican Senator John Thune have introduced a bill on Friday that aims to ramp up the penalties on illegal robocalls and stop scammers from sending them. Gizmodo reports: The Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, raises the penalty for robocalls from $1,500 per call to up to $10,000 per call, and allows the Federal Communications Commission (FCC) to take action on illegal robocalls up to three years after the calls are placed, instead of a year. The Act also aims to push the FCC to work along with the Consumer Financial Protection Bureau, Department of Justice, Department of Homeland Security, Federal Trade Commission (FTC), and other agencies to provide information to Congress about advancements in hindering robocall and prosecuting scammers. Perhaps most importantly for us highly annoyed Americans, the bill would also force phone service providers to use call authentication that filters out illegitimate calls before they go through to consumers.

    Read more of this story at Slashdot.

  • Mid-Range Google 'Pixel 3 Lite' Leaks With Snapdragon 670, Headphone Jack
    2018-11-17T01:25:00+00:00
    The first alleged images of the rumored "budget" Pixel 3 have been leaked. The Pixel 3 Lite, as it is being called, looks very similar to the Pixel 3, although it features a plastic build construction, slower processor, and a headphone jack. 9to5Google reports: Just like the standard Pixel 3, there's a display that's roughly 5.56-inches in size, but this time it's an IPS LCD panel at 2220x1080 rather than an OLED panel. Obviously, there's also no notch to be seen on this alleged Pixel 3 Lite. There's a single front-facing camera as well as one speaker above that display, relatively thick bezels on the top and bottom, and a speaker along the bottom of the device as well. Perhaps most interesting when it comes to the hardware, though, is that there's a headphone jack on the top of the phone. That's certainly unexpected since the Pixel 2 dropped the jack and Google hasn't looked back since. Tests from Rozetked reveal some of the specifications running this device as well. That includes a Snapdragon 670 chipset, 4GB of RAM, and 32GB of storage. Previous reports have pointed to a Snapdragon 710. Battery capacity on this device is also reported at 2915 mAh and there's a USB-C port along the bottom. It is rumored to include the same 12MP and 8MP cameras found in the standard Pixel 3 and Pixel 3 XL, which will be a huge selling point for the affordable phone market. The price is expected to be around $400-500.

    Read more of this story at Slashdot.

  • Cheaper, Disc-Free Xbox One Coming Next Year, Report Says
    2018-11-17T00:45:00+00:00
    An anonymous reader quotes a report from Ars Technica: Microsoft is planning to release a disc-free version of the Xbox One as early as next spring, according to an unsourced report from author Brad Sams of Thurrott.com (who has been reliable with early Xbox-related information in the past). The report suggests the disc-free version of the system would not replace the existing Xbox One hardware, and it would instead represent "the lowest possible price for the Xbox One S console." Sams says that price could come in at $199 "or lower," a significant reduction from the system's current $299 starting price (but not as compelling compared to $199 deals for the Xbox One and PS4 planned for Black Friday this year). Buyers will also be able to add a subscription to the Xbox Games Pass program for as little as $1, according to Sams. For players who already have games on disc, Sams says Microsoft will offer a "disc to digital" program in association with participating publishers. Players will be able to take their discs into participating retailers (including Microsoft Stores) and trade them in for a "digital entitlement" that can be applied to their Xbox Live account.

    Read more of this story at Slashdot.

  • MiSafes' Child-Tracking Smartwatches Are 'Easy To Hack'
    2018-11-17T00:03:00+00:00
    The location-tracking "MiSafe" smartwatch may not be as safe as the name proclaims. According to security researchers from Pen Test Partners, the watches are easy to hack as they do not encrypt the data they use or secure each child's account. The researchers found that they could track children's movements, surreptitiously listen in to their activities and make spoof calls to the watches that appeared to be from parents. The BBC reports: The MiSafes watch was first released in 2015. It uses a global positioning system (GPS) sensor and a 2G mobile data connection to let parents see where their child is, via a smartphone app. In addition, parents can create a "safe zone" and receive an alert if the child leaves the area. The adult can also listen in to what their offspring is doing at any time and trigger two-way calls. Pen Test Partner's Ken Munro and Alan Monie learned of the product's existence when a friend bought one for his son earlier this year. Out of curiosity, they probed its security measures and found that easy-to-find PC software could be used to mimic the app's communications. This software could be used to change the assigned ID number, which was all it took to get access to others' accounts. This made it possible to see personal information used to register the product, including: a photo of the child; their name, gender and date of birth; their height and weight; the parents' phone numbers; and the phone number assigned to the watch's Sim card.

    Read more of this story at Slashdot.

  • Google Cloud Executive Who Sought Pentagon Contract Steps Down
    2018-11-16T23:20:00+00:00
    Diane Greene, whose pursuit of Pentagon contracts for artificial intelligence technology sparked a worker uprising at Google, is stepping down as chief executive of the company's cloud computing business (Warning: source may be paywalled; alternative source). "Ms. Greene said she would stay on as chief executive until January. She will be replaced by Thomas Kurian, who oversaw product development at Oracle until his resignation in October. Ms. Greene will remain a board director at Google's parent company, Alphabet," reports The New York Times. From the report: The change in leadership caps a turbulent three years for Ms. Greene, who was brought on to expand Google's cloud computing business. Google Cloud has struggled to make major inroads in persuading corporate customers to use its computing infrastructure over alternatives like Amazon's A.W.S. and Microsoft's Azure. In a blog post published by the company, Ms. Greene said she had initially told friends and family that she was planning to run Google Cloud for only two years but stayed for three. Ms. Greene, a widely respected technologist and entrepreneur, said that after leaving Google Cloud, she planned to help female founders of companies by investing in and mentoring them. Ms. Greene joined Google in 2015 when it acquired Bebop, a start-up she had founded, for $380 million. Ms. Greene defended Google's pursuit of a Defense Department contract for the Maven program, which uses AI to interpret video images and could be used to improve the targeting of drone strikes. In March, she said it was a small contract worth "only" $9 million and that the technology would be used for nonlethal purposes.

    Read more of this story at Slashdot.

 

dept@math.duke.edu
ph: 919.660.2800
fax: 919.660.2821

Mathematics Department
Duke University, Box 90320
Durham, NC 27708-0320