By Soulskill from Slashdot's how-the-sausage-is-made department
writes: The first large-scale analysis of firmware has revealed poor security practices that could present opportunities for hackers probing the Internet of Things. Researchers with Eurecom, a technology-focused graduate school in France, developed a web crawler that plucked more than 30,000 firmware images from the websites of manufacturers including Siemens, Xerox, Bosch, Philips, D-Link, Samsung, LG and Belkin. In one instance, the researchers found a Linux kernel that was 10 years out of date bundled in a recently released firmware image. They also uncovered 41 digital certificates in firmware that were self-signed and contained a private RSA encryption key and 326 instances of terms that could indicate the presence of a backdoor.Read Replies (0)
By Roblimo from Slashdot's you-can-type-faster-if-you-use-more-than-one-finger-at-a-time department
Joshua Lifton says you can learn to type at 225 words per minute with his Stenosaurus
, an open source stenography keyboard that has a not-there-yet website with nothing but the words, "Stenography is about to evolve," on it as of this writing. If you've heard of Joshua it's probably because he's part of the team behind Crowd Supply
, which claims, "Our projects raise an average of $43,600, over twice as much as Kickstarter." A brave boast, but there's plenty of brainpower
behind the company. Joshua, himself. has a PhD from MIT, which according to his company bio means, "he's devoted a significant amount of his time learning how to make things that blink." But the steno machine is his own project, independent of Crowd Supply.
< article continued at Slashdot
>Read Replies (0)
By Soulskill from Slashdot's can't-you-go-back-to-not-passing-legislation department
An anonymous reader writes: Phil Plait reports that a trio of U.S. Congressmen are asking NASA to investigate what they call "an epidemic of anomalies" at SpaceX. They sent a memo (PDF) demanding that SpaceX be held accountable to taxpayers for mission delays stemming from the development of new rockets. Plait notes, "[A]s a contractor, the rules are different for them than they would be if NASA themselves built the rockets, just as the rules are for Boeing or any other contractor. In fact, as reported by Space News, NASA didn't actually pay for the development of the Falcon 9; Elon Musk did." He adds, "Another reason this is silly is that every rocket ever made has undergone problems; they are fiendishly complex machines and no design has ever gotten from the drafting board to the launch pad without issues. Sure, SpaceX has experienced launch delays and other problems, but the critical thing to remember is that those problems are noted, assessed, and fixed sometimes within hours or minutes." Plait accuses the congressmen of trying to bury private spaceflight under red tape in order to protect established industries in their own states.Read Replies (0)
By timothy from Slashdot's he-actually-wrote-the-book department
(attorney Lawrence Rosen
) writes with a response to an article that appeared on Opensource.com late last month, detailing a court case that arose between Versata Software and Ameriprise Financial Services
; part of the resulting dispute hinges on Versata's use of GPL'd software (parsing utility VTD-X, from Ximpleware
), though without acknowledging the license. According to the article's author, attorney Aaron Williamson (former staff attorney for the Software Freedom Law Center), "Lawyers for commercial software vendors have feared a claim like this for essentially the entire 20-odd-year lifetime of the GPL: a vendor incorporates some GPL-licensed code into a product—maybe naively, maybe willfully—and could be compelled to freely license the entire product as a result. The documents filed by Amerprise in the case reflect this fearful atmosphere, adopting the classically fear-mongering characterization of the GPL as a 'viral' license that 'infects' its host and 'requires it to become open source, too.'" Rosen writes: I want to acknowledge Aaron's main points: This lawsuit challenges certain assumptions about GPLv2 licensing, and it also emphasizes the effects of patents on the FOSS (and commercial) software ecosystem. I also want to acknowledge that I have been consulted as an expert by the plaintiff in this litigation (Ximpleware vs. Versata, et al.) and so some of what I say below they may also say in court.
Read on for the rest (and Williamson's article, too, for a better understanding of this reaction to it). An important take-away: it's not just the license that matters.Read Replies (0)
By timothy from Slashdot's don't-steal-the-government-hates-competition department
An anonymous reader writes "Criminals smuggle an estimated $30 billion in U.S. currency into Mexico each year from the United States, most of it laundered drug money. But researchers say help is on the way for border guards in the form of a portable device that identifies specific vapors given off by U.S. paper money. "We're developing a device that mimics the function of trained dogs 'sniffing' out concealed money, but without the drawbacks, such as expensive training, sophisticated operators, down time and communication limitations," says Suiqiong Li, Ph.D., a member of the research team behind the technology. When developing the device, the researchers first had to figure out which gases money emits and how fast that happens. It turned out that the gases are a set of trace chemicals, including aldehydes, furans and organic acids."
What do bitcoins smell like?Read Replies (0)
By timothy from Slashdot's keep-the-recording-handy department
An anonymous reader writes In yet another example of the quality of Comcast's customer service, a story surfaced today of a Comcast customer who was over-charged for a service that was never provided. At first, the consumer seemed to be on the losing end of a customer service conversation, with Comcast insisting that the charges were fair. But then, the consumer whipped out a recording of a previous conversation that he had with another Comcast representative in which not only was the consumer promised that he wouldn't be charged for services not rendered, but the reason why was explained. Suddenly Comcast conceded, and the fees were dropped. But most telling of all, the Comcast rep implied that she only dropped them because he had taped his previous interaction with Comcast customer service.
I wish I had recordings of every conversation that I've ever had with AT&T, the USPS, and the landlord I once had in Philadelphia. Lifehacker posted last year a few tips on the practicality of recording phone calls
, using Google Voice, a VoIP service, or a dedicated app. Can anyone update their advice by recommending a good Android app (or iOS, for that matter) designed specifically to record sales and service calls, complete with automated notice?Read Replies (0)
By timothy from Slashdot's follow-that-car-driver department
writes WSJ looks at the cantankerous rivalry between two popular ride-sharing companies, Uber and Lyft, and the dirty tactics each employs to weaken its opponent. Lyft, for example, alleges that representatives from Uber frequently order short rides from Lyft just to slow down Lyft's service and to try to poach its drivers. WSJ points out that the rivalry is more than just a made-for-TV competition: "It's a battle for a key role in the future of urban transportation."
Lyft certainly isn't Uber's only rival, though, even setting aside conventional taxis and car services, even those two names are big in U.S. cities: its clash with has Gett reportedly involved tricks at least as dirty
. Another way to look at the rivalry, too, is that the biggest clash is not between Uber and any other particular company, but rather between the various ride-calling / ride-sharing services taken together and the existing, regulated taxi and car-service companies they threaten.Read Replies (0)
By timothy from Slashdot's how-far-away-you-are department
writes "Microsoft has been working on ways to make any regular 2D camera capture depth, meaning it could do some of the same things a Kinect does. As you can see in the video below the team managed to pull this off and we might see this tech all around in the near future. What's really impressive is that this works with many types of cameras. The research team used a smartphone as well as a regular webcam and both managed to achieve some impressive results, the cameras have to be slightly modified but that's only to permit more IR light to hit the sensor." The video
is impressive, but note that so are several of the other projects that Microsoft has created
for this year's SIGGRAPH
, in particular one that makes first-person sports-cam footage more watchable
.Read Replies (0)
By Unknown Lamer from Slashdot's have-to-break-the-law-to-protect-the-law department
Via Ars Technica
comes news that an Amtrak employee was paid nearly $900,000 over the last ten years to give the DEA passenger lists
outside of normal channels. Strangely enough, the DEA already had access to such information through official channels. From the article: The employee, described as a "secretary to a train and engine crew" in a summary obtained by the AP, was selling the customer data without Amtrak's approval. Amtrak and other transportation companies collect information from their customers including credit card numbers, travel itineraries, emergency contact info, passport numbers, and dates of birth. When booking tickets online in recent years, Amtrak has also collected phone numbers and e-mail addresses. ... Amtrak has long worked closely with the DEA to track drug trafficking activity on its train lines. The Albuquerque Journal reported in 2001 that "a computer with access to Amtrak's ticketing information sits on a desk in the [DEA]'s local office," wrote the ACLU.Read Replies (0)
By Unknown Lamer from Slashdot's order-out-of department
writes Ever since Nvidia unveiled its 64-bit Project Denver CPU at CES last year, there's been discussion over what the core might be and what kind of performance it would offer. Visibly, the chip is huge, more than 2x the size of the Cortex-A15 that powers the 32-bit version of Tegra K1. Now we know a bit more about the core, and it's like nothing you'd expect. It is, however, somewhat similar to the designs we've seen in the past from the vanished CPU manufacturer Transmeta. When it designed Project Denver, Nvidia chose to step away from the out-of-order execution engine that typifies virtually all high-end ARM and x86 processors. In an OoOE design, the CPU itself is responsible for deciding which code should be executed at any given cycle. OoOE chips tend to be much faster than their in-order counterparts, but the additional silicon burns power and takes up die area. What Nvidia has developed is an in-order architecture that relies on a dynamic optimization program (running on one of the two CPUs) to calculate and optimize the most efficient way to execute code. This data is then stored inside a special 128MB buffer of main memory. The advantage of decoding and storing the most optimized execution method is that the chip doesn't have to decode the data again; it can simply grab that information from memory. Furthermore, this kind of approach may pay dividends on tablets, where users tend to use a small subset of applications. Once Denver sees you run Facebook or Candy Crush a few times, it's got the code optimized and waiting. There's no need to keep decoding it for execution over and over.Read Replies (0)