By BeauHD from Slashdot's behind-the-scenes department
An anonymous reader quotes a report from ZDNet: For the past three months, a cybercrime group has been hacking into home routers -- mostly D-Link models -- to change DNS server settings and hijack traffic meant for legitimate sites and redirect it to malicious clones. The attackers operate by using well-known exploits in router firmware to hack into vulnerable devices and make silent changes to the router's DNS configuration, changes that most users won't ever notice. Targeted routers include the following models (the number to the side of each model lists the number of internet-exposed routers, as seen by the BinaryEdge search engine): D-Link DSL-2640B - 14,327; D-Link DSL-2740R - 379; D-Link DSL-2780B - 0; D-Link DSL-526B - 7; ARG-W4 ADSL routers - 0; DSLink 260E routers - 7; Secutech routers - 17; and TOTOLINK routers - 2,265.
Troy Mursch, founder and security researcher at internet monitoring firm Bad Packets, said he detected three distinct waves during which hackers have launched attacks to poison routers' DNS settings --late December 2018, early February 2019, and late March 2019. Attacks are still ongoing, he said today in a report about these attacks. A normal attack would look like this:
1. User's computer or smartphone receives wrong DNS server settings from the hacked router.
2. User tries to access legitimate site.
3. User's device makes a DNS request to the malicious DNS server.
4. Rogue server returns an incorrect IP address for the legitimate site.
5. User lands on a clone of the legitimate site, where he might be required to log in and share his password with the attackers.Read Replies (0)
By BeauHD from Slashdot's animal-behavior department
AmiMoJo shares a report from Gizmodo: Plenty of cat owners will happily tell you their felines are capable of responding to their own names, but the scientific jury remains ambivalent on the matter. A fascinating new experiment suggests this might actually be true for some cats, and it's a capacity very much tied to the social environment in which the cat lives. The new research, published today in Scientific Advances, doesn't mean cats understand the human conception of a name, but it does show that at least some cats can distinguish their names from other words. Prior research has shown that cats can recognize human gestures, facial expressions, and vocal cues. Slashdot reader sciencehabit adds: Give this a shot at home: Say four random words to your cat -- separated by about 15 seconds -- with the same length and intonation as its name. Then say its actual name. If it swivels its ears or perks up its head, chances are it knows what you call it. That's essentially what researchers did in a new study. The scientists saw similar responses when the cat's name came after the names of other felines he lived with, or when a stranger spoke the words. The findings are the first to experimentally show that cats have some understanding of what we are saying to them, the team concludes.Read Replies (0)
By BeauHD from Slashdot's quiet-as-a-mouse department
Amazon has been granted a patent that describes an "unmanned aerial vehicle with inflatable membrane" that would allow it to approach homes silently. The UAV "would have a balloon hidden inside the chasis," reports Slashgear. "That could be inflated using compressed gas, via a tank or chamber also carried on the drone. When the UAV roamed into an area where noise levels needed to be cut -- such as the delivery location, Amazon suggests -- the balloon could be inflated." From the report: In the process it would mean that the traditional drone propellers would have less work to do, since the UAV's buoyancy would be taken care of by the balloon. All the motors would be required for is general positioning. Amazon doesn't envisage flying the drone like a miniature zeppelin, however. Instead, the balloon system would be used to raise and lower the UAV to and from the delivery location. In that way it could help reduce the noise -- and energy -- involved in achieving a cruising altitude, whereupon the balloon would be deflated and gathered back into its dock.
The drone would proceed to the delivery destination, and then the balloon would be reinflated. That could be used to then gently lower the aircraft to the ground, to leave behind its package. Of course, having an inflating balloon near a system of fast-spinning propellers seems like a recipe for disaster, and so part of Amazon's patent outlines the retracting mechanism by which the two elements would be kept apart. The whole thing would be handled by an onboard autopilot, with the balloon reeled back into the storage area. The drone could either return the gas used for inflation to the compression chamber, or allow it to escape. Indeed, another possibility that Amazon suggests is a completely detachable balloon. That, the patent describes, might then float away, or biodegrade, rather than being reused.Read Replies (0)
By BeauHD from Slashdot's that-was-quick department
After facing criticism for including two controversial members in its AI ethics board, Google told Vox that it's pulling the plug on the board altogether. "The inclusion of drone company CEO Dyan Gibbens reopened old divisions in the company over the use of the company's AI for military applications," reports Vox. But it's Heritage Foundation president Kay Coles James who proved most controversial due to her company's hard line stance on immigration and LGBTQ rights. Thousands of Google employees signed a petition earlier this week calling for her removal. From the report: The board survived for barely more than one week. Founded to guide "responsible development of AI" at Google, it would have had eight members and met four times over the course of 2019 to consider concerns about Google's AI program. Those concerns include how AI can enable authoritarian states, how AI algorithms produce disparate outcomes, whether to work on military applications of AI, and more. But it ran into problems from the start.
Board member Alessandro Acquisti resigned. Another member, Joanna Bryson, defending her decision not to resign, claimed of James, "Believe it or not, I know worse about one of the other people." Other board members found themselves swamped with demands that they justify their decision to remain on the board. The panel was supposed to add outside perspectives to ongoing AI ethics work by Google engineers, all of which will continue. Hopefully, the cancellation of the board doesn't represent a retreat from Google's AI ethics work, but a chance to consider how to more constructively engage outside stakeholders. Here is Google's statement on the matter: "It's become clear that in the current environment, ATEAC can't function as we wanted. So we're ending the council and going back to the drawing board. We'll continue to be responsible in our work on the important issues that AI raises, and will find different ways of getting outside opinions on these topics."Read Replies (0)
By BeauHD from Slashdot's downward-spiral department
An anonymous reader quotes a report from CNN: Successive ocean heat waves are not only damaging Australia's Great Barrier Reef, they are compromising its ability to recover, raising the risk of "widespread ecological collapse," a new study has found. The 2,300-kilometer-long (1,500 mile) reef has endured multiple large-scale "bleaching" events caused by above-average water temperatures in the last two decades, including back-to-back occurrences in 2016 and 2017.
The new study, released Wednesday in the journal Nature, examined the number of adult corals which survived these two events and how many new corals they created to replenish the reef in 2018.
The answer was as bleak as it was stark: "Dead corals don't make babies," the study's lead author, Terry Hughes, said in a press release. Scientists working on the study found the loss in adult corals caused a "crash in coral replenishment" on the reef, as heat stresses brought about by warming ocean temperatures impacted the ability of coral to heal. "The number of new corals settling on the Great Barrier Reef declined by 89% following the unprecedented loss of adult corals from global warming in 2016 and 2017," said Hughes. Scientists working on the report say they would expect coral recruitment to recover over the next 5 to 10 years, as more corals reach sexual maturity, but only in the absence of another bleaching event. However, with sea temperatures continuing to rise this seems a near-impossiblity.Read Replies (0)
By BeauHD from Slashdot's inherent-biases department
Researchers from Northeastern Unviersity, the University of Southern Carolina, and tech accountability non-profit Upturn have released a paper that says Facebook's ad delivery system itself can steer ads intended to be inclusive toward discrimination without explicit intent. "In a paper titled, 'Discrimination through optimization: How Facebook's ad delivery can lead to skewed outcomes,' co-authors Muhammad Ali, Piotr Sapiezynski, Miranda Bogen, Aleksandra Korolova, Alan Mislove, and Aaron Rieke find that advertiser budgets and ad content affect ad delivery, skewing it along gender and racial lines even when neutral ad targeting settings are used," reports The Register. From the report: The researchers found that Facebook ads tend to be shown to men because women tend to click on ads more often, making them more expensive to reach through Facebook's system. That divide becomes apparent when ad budgets are compared, because the ad budget affects ad distribution. As the paper explains, "the higher the daily budget, the smaller the fraction of men in the audience." Such segregation may be appropriate and desirable for certain types of marketing pitches, but when applied to credit, employment and housing ads, the consequences can be problematic.
< article continued at Slashdot's inherent-biases department
>Read Replies (0)
By BeauHD from Slashdot's no-thank-you department
Google is testing a new "Pilot Program" that puts a row of advertisements on the Android TV home screen. XDA Developers, which was the first to report the program, says: "We're currently seeing reports that it has shown up in Sony smart TVs, the Mi Box 3 from Xiaomi, NVIDIA Shield TV, and others." Ars Technica reports: The advertising is a "Sponsored Channel" part of the "Android TV Core Services" app that ships with all Android TV devices. A "Channel" in Android TV parlance means an entire row of thumbnails in the UI will be dedicated to "sponsored" content. Google provided XDA Developers with a statement saying that yes, this is on purpose, but for now it's a "pilot program."
Sony has tersely worded a support page detailing the "Sponsored channel," too. There's no mention here of it being a pilot program. Sony's page, titled "A sponsored channel has suddenly appeared on my TV Home menu," says, "This change is included in the latest Android TV Launcher app (Home app) update. The purpose is to help you discover new apps and contents for your TV." Sony goes on to say, "This channel is managed by Google" and "the Sponsored channel cannot be customized." Sony basically could replace the entire page with a "Deal with it" sunglasses gif, and it would send the same message.Read Replies (0)
By BeauHD from Slashdot's open-access department
An anonymous reader quotes a report from ZDNet: This week, the Apache Software Foundation has patched a severe vulnerability in the Apache (httpd) web server project that could --under certain circumstances-- allow rogue server scripts to execute code with root privileges and take over the underlying server. The vulnerability, tracked as CVE-2019-0211, affects Apache web server releases for Unix systems only, from 2.4.17 to 2.4.38, and was fixed this week with the release of version 2.4.39. According to the Apache team, less-privileged Apache child processes (such as CGI scripts) can execute malicious code with the privileges of the parent process. Because on most Unix systems Apache httpd runs under the root user, any threat actor who has planted a malicious CGI script on an Apache server can use CVE-2019-0211 to take over the underlying system running the Apache httpd process, and inherently control the entire machine.
"First of all, it is a LOCAL vulnerability, which means you need to have some kind of access to the server," Charles Fol, the security researcher who discovered this vulnerability told ZDNet in an interview yesterday. This means that attackers either have to register accounts with shared hosting providers or compromise existing accounts. Once this happens, the attacker only needs to upload a malicious CGI script through their rented/compromised server's control panel to take control of the hosting provider's server to plant malware or steal data from other customers who have data stored on the same machine. "The web hoster has total access to the server through the 'root' account. If one of the users successfully exploits the vulnerability I reported, he/she will get full access to the server, just like the web hoster," Fol said. "This implies read/write/delete any file/database of the other clients."Read Replies (0)
By BeauHD from Slashdot's time-to-get-serious department
The United Kingdom is working on legislation that would hold social media executives liable for harmful content distributed on their platforms. The leaked white paper comes less than 24 hours after Australia passed sweeping legislation that threatens huge fines for social media companies and jail for their executives if they fail to rapidly remove "abhorrent violent material" from their platforms. From the report: Under plans expected to be published on Monday, the government will legislate for a new statutory duty of care, to be policed by an independent regulator and likely to be funded through a levy on media companies. The regulator -- likely initially to be Ofcom, but in the longer term a new body -- will have the power to impose substantial fines against companies that breach their duty of care and to hold individual executives personally liable.
The scope of the recommendations is broad. As well as social media platforms such as Facebook and search engines such as Google they take in online messaging services and file hosting sites. Other proposals in the online harm white paper include: - Government powers to direct the regulator on specific issues such as terrorist activity or child sexual exploitation.
- Annual "transparency reports" from social media companies, disclosing the prevalence of harmful content on their platforms and what they are doing to combat it.
< article continued at Slashdot's time-to-get-serious department
>Read Replies (0)
By BeauHD from Slashdot's another-service-bites-the-dust department
Last year, Google announced that YouTube Music would be the company's primary streaming service that would eventually replace Play Music. We have now learned that in anticipation of this change, Google will close the Google Play Artist Hub that musicians use to directly interact with the Play Store. 9to5Google reports: Smaller, indie artists that were not signed by labels could use the Google Play Artist Hub to manage their presence on the Play Store and upload/sell songs. In an email today, Google told these musicians that the Artist Hub is shutting down on April 30th. YouTube Music is cited as the reason by Google: "With the launch of YouTube Music last year, we eventually plan to replace Google Play Music with YouTube Music. In anticipation of this change, we are shutting down the Artist Hub."
This portal allowed smaller artists to directly interact with Google to see statistics, and get paid for streams/purchases. Musicians can still sell their content in the Play Store and have content available for streaming in Play Music, but must now sign-up with a third-party distributor to handle that entire process. At the end of this month, all existing songs and albums uploaded through the Google Play Artist Hub will "no longer appear in the Google Play Store or Google Play Music service (including the paid streaming and free radio service)." Artists that would still like to "make [their] music available for purchase/download" have to republish, with Google providing a list of "YouTube partners," including AWAL, Believe, CD Baby, DistroKid, Stem, and TuneCore.Read Replies (0)
By BeauHD from Slashdot's hold-your-position department
An anonymous reader quotes a report from Ars Technica: Democrats in the U.S. House of Representatives yesterday rejected Republican attempts to weaken a bill that would restore net neutrality rules.
The House Commerce Committee yesterday approved the "Save the Internet Act" in a 30-22 party-line vote, potentially setting up a vote of the full House next week. The bill is short and simple -- it would fully reinstate the rules implemented by the Federal Communications Commission under then-Chairman Tom Wheeler in 2015, reversing the repeal led by FCC Chairman Ajit Pai in 2017.
< article continued at Slashdot's hold-your-position department
>Read Replies (0)
By msmash from Slashdot's new-twist-in-the-long-saga department
U.S. authorities gathered information about Huawei through secret surveillance that they plan to use in a case accusing the Chinese telecom equipment maker of sanctions-busting and bank fraud, prosecutors said on Thursday. From a report: Assistant U.S. Attorney Alex Solomon said at a hearing in federal court in Brooklyn that the evidence, obtained under the U.S. Foreign Intelligence Surveillance Act (FISA), would require classified handling. The government notified Huawei in a court filing on Thursday of its intent to use the information, saying it was "obtained or derived from electronic surveillance and physical search," but gave no details. The United States has been pressuring other countries to drop Huawei from their cellular networks, worried its equipment could be used by Beijing for spying. The company says the concerns are unfounded. Brian Frey, a former federal prosecutor who is not involved in the Huawei case, said FISA surveillance, which requires a warrant from a special court, is generally sought in connection with suspected espionage.Read Replies (0)
By msmash from Slashdot's how-about-that department
Following the release of Visual Studio 2019 for Windows and Mac platforms, Microsoft today is releasing a snap version of Visual Studio Code. A report adds: No, the source-code editor is not the Windows-maker's first snap -- it also released one for Skype, for instance. "As of today, Visual Studio Code is available for Linux as a snap, providing seamless auto-updates for its users. Visual Studio Code, a free, lightweight code editor, has redefined editors for building modern web and cloud applications, with built-in support for debugging, task running, and version control for a variety of languages and frameworks," says Canonical. Joao Moreno, Software Development Engineer, Microsoft Visual Studio Code offers the following statement: "The automatic update functionality of snaps is a major benefit. It is clear there is a thriving community around snaps and that it is moving forward at great pace. The backing of Canonical ensures our confidence in its ongoing development and long-term future."Read Replies (0)
By msmash from Slashdot's how-about-that department
Microsoft has announced that starting with the Windows 10 May 2019 Update, which will hit general availability late next month, users will no longer be forced to install new Windows 10 feature updates as they become available. From a report: This comes after feedback from users who have had countless issues with updates breaking programs, losing files, and installing at inconvenient times. Microsoft has been working hard to improve Windows Update, and while the system is better than it was at launch in 2015, it's still not perfect. Now, users will have the option to not have to deal with feature updates when they are released.
What Microsoft is doing here is splitting Windows Update in two. The normal "check for updates" button will now only function for security and monthly patches. Feature updates now get their own area in Windows Update where the user can initiate the download and install process for the latest feature update available. If the user doesn't want to initiate that process, they don't have to. The user will be alerted that a new feature update is available every now and then, but at no point will the user be forced to install that update, as long as the version of Windows 10 they're currently running is still in support.Read Replies (0)
The End of the Desktop?
Posted by News Fetcher on April 04 '19 at 09:50 AM
By msmash from Slashdot's food-for-thought department
Steven J. Vaughan-Nichols, writing for ComputerWorld : Of course, at one time, to get any work done with a computer, you first had to learn a lot, about computers, operating systems, commands and more. Eventually, "friendly" became the most important adverb in computing circles, and we've reached the point in user-friendliness that people don't even talk about it anymore. Today, Google has shown with its Chrome OS that most of us can pretty much do anything we need to do on a computer with just a web browser. But Google's path is not Microsoft's path. Instead, it's moving us first to Windows as desktop as a service (DaaS) via Microsoft Managed Desktop (MMD). This bundles Windows 10 Enterprise, Office 365 and Enterprise Mobility + Security and cloud-based system management into Microsoft 365 Enterprise.
The next step, Windows Virtual Desktop, enables companies to virtualize Windows 7 and 10, Office 365 ProPlus apps and other third-party applications on Azure-based virtual machines. If all goes well, you'll be able to subscribe to Windows Virtual Desktop this fall. Of course, Virtual Desktop is a play for business users -- for now. I expect Virtual Desktop to be offered to consumers in 2020. By 2025, Windows as an actual desktop operating system will be a niche product. Sound crazy? Uh, you do know that Microsoft already really, really wants you to "rent" Office 365 rather than buy Office 2019, don't you?
< article continued at Slashdot's food-for-thought department
>Read Replies (0)