By msmash from Slashdot's closer-look department
With their next patch Mozilla will introduce two new features to their Firefox browser they call "DNS over HTTPs" (DoH) and Trusted Recursive Resolver (TRR). Mozilla says this is an additional feature which enables security. Researchers think otherwise. From a report: So let's get to the new Firefox feature called "Trusted Recursive Resolver" (TRR). When Mozilla turns this on by default, the DNS changes you configured in your network won't have any effect anymore. At least for browsing with Firefox, because Mozilla has partnered up with Cloudflare, and will resolve the domain names from the application itself via a DNS server from Cloudflare based in the United States. Cloudflare will then be able to read everyone's DNS requests. From our point of view, us being security geeks, advertising this feature with slogans like "increases security" is rather misleading because in many cases the opposite is the case. While it is true that with TRR you may not expose the websites you call to a random DNS server in an untrustworthy network you don't know, it is not true that this increases security in general. It is true when you are somewhere in a network you don't know, i. e. a public WiFi network, you could automatically use the DNS server configured by the network. This could cause a security issue, because that unknown DNS server might have been compromised. In the worst case it could lead you to a phishing site pretending to be the website of your bank: as soon as you enter your personal banking information, it will be sent straight to the attackers. But on the other hand Mozilla withholds that using their Trusted Recursive Resolver would cause a security issue in the first place for users who are indeed in a trustworthy network where they know their resolvers, or use the ISP's default one. Because sharing data or information with any third party, which is Cloudflare in this case, is a security issue itself.Read Replies (0)
By msmash from Slashdot's how-about-that department
Addressing the bad behaviors on the Internet, that range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills require a wide range of technical and legal considerations, says Vint Cerf, even as he steers clear that he supports encryption. But is there a way to bring more accountability and traceability on our actions on the internet without compromising our privacy? He has a proposition: What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: "Cerfsup"). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority. In the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.Read Replies (0)
By msmash from Slashdot's let-the-conference-begin department
About a quarter of a century ago, a handful of hackers decided to have a party in a cheap hotel, and had a whale of a time. Fast forward to 2018, and that get-together has grown into events that will see an estimated 30,000 people converge on Las Vegas for the biggest security shindig in the world -- the combination of Black Hat USA, DEF CON and BSidesLV. From a report: While that first gathering morphed into the DEF CON hacking conference, the biggest event is Black Hat USA, which began on Saturday, and runs through until Thursday, August 9. This is the flashy corporate brother of DEF CON, and features four days of security training, a one-day invite-only CISO summit day (from which press are strictly barred) and two days of briefings featuring everything from government agents to hardcore hackers talking about the tricks of the trade. Although they have a shared origin -- DEF CON founder Jeff Moss also set up Black Hat USA -- these days, DEF CON and Black Hat USA are run and operated separately. We've previously described the behind-the-scenes and arduous task of setting up and maintaining computer networks for attendees of hacker conventions.Read Replies (0)
By msmash from Slashdot's closer-look department
An anonymous reader shares a report: Not quite, but it's certainly more than a blip in the cultural history of communication: in 2017, for the first time, the number of voice calls -- remember, those things you did with your actual voice on your actual phone -- fell in the UK. Meanwhile, internet addiction keeps growing, presumably because we haven't quite worked out what to do with all those hours we're saving on talking. More than three-quarters (78%) of British adults own a smartphone, and we check them on average every 12 minutes. That adds up to 24 hours a week online via our phones -- much of that time swallowed up by modern-style chat on WhatsApp and Facebook Messenger, with some left over for texting. It has taken a toll on talking, sure, but few smartphone users might claim to feel less connected as a result. Now, the idea of ringing someone for "a chat" has a quaint, retro quality. I can, and will, talk you under the table, but phone calls are a luxury usually reserved for about five people: my mum, my sister, two best friends and my editor, obviously. Even then, I'm rubbish at picking up. Much is made about smartphones leading to dumber conversation -- amid claims that the art of chatter has been lost. Arguably, however, conversation has simply been rebooted and reconfigured. Take the myriad ways in which we can and do communicate now. It's a given that I will spend an embarrassing portion of my day glued to a screen (It's work!) and much of that will be chatting (again, it's work!).Read Replies (0)
By msmash from Slashdot's making-a-mess department
Piriform, the maker of CCleaner, has pulled v5.45 of its suite from the website after users expressed concerns over the privacy changes in the application, the company, which was acquired by Avast last year, said. In v5.45, the company made it impossible to disable "active monitoring", and the privacy settings had been removed for free customers. Additionally, as BetaNews reported earlier this week, Avast also made it impossible for users to quit the software. Addressing these concerns, Avast said, "Today we have removed v5.45 and reverted to v5.44 as the main download for CCleaner while we work on a new version with several key improvements." The company added: We're currently working on separating out cleaning functionality from analytics reporting and offering more user control options which will be remembered when CCleaner is closed. We're also creating a factsheet to share which will outline the data we collect, for which purposes and how it is processed. [...] As stated before, we'll split cleaning alerts (which don't send any data) from UI trend data (which is anonymous and only there to measure the user experience) and provide a separate setting for each in the user preferences. Some of these features run as a separate process from the UI: we'll restore visibility of this in the notifications area, and you'll be able to close it down from that icon menu as before. We understand the importance of this to you all. This work is our number 1 priority and we are taking the time to get it right in the next release. There are numerous changes required, so that does mean it will take weeks, not days. While we work on this, we have removed version 5.45 and reinstated version 5.44. According to stats shared by the company, CCleaner has been downloaded over two billion times. In a week, it is estimated to see five million downloads.Read Replies (0)
By EditorDavid from Slashdot's surf's-up department
An anonymous reader quotes the Mercury News:
Tesla's sleek, $1,500 carbon fiber surfboard sold out in a day, and it's not surprising: The company, in collaboration with a Southern California board maker, said it was producing a limited edition of 200, and Tesla has many die-hard fans. The board "features a mix of the same high-quality matte and gloss finishes used on all our cars," Tesla said in promotional material for the product. "The deck is reinforced with light-weight 'Black Dart' carbon fiber, inspired by the interiors in our cars...."
Now, less than a week after orders were submitted, 21 of the boards -- sized to fit in the Palo Alto electric car maker's Model 3 and Model S sedans, and the Model X SUV -- are up for sale on eBay. Asking prices are steep, as high as $6,450, with most sellers wanting $3,000 to $4,000.Read Replies (0)
By EditorDavid from Slashdot's degrees-of-separation department
A a new article in CIO magazine argues that when it comes to computer science, "few of us really need much of any of it." Slashdot reader itwbennett offers this summary:
At the heart of the matter is the fact that most businesses don't really need programmers to be deep thinkers. For them, it's "just as worthwhile to hire someone from a physics lab who just used Python to massage some data streams from an instrument. They can learn the shallow details just as readily as the CS genius," according to the article.
CIO's anonymous author promises an incomplete list of "why we may be better off ignoring CS majors." Some of the highlights:
Theory distracts and confuses. "Many computer scientists are mathematicians at heart and the theorem-obsessed mindset permeates the discipline." Academic languages are rarely used. "...the academy breeds snobbery and a love for arcane solutions." Many CS professors are mathematicians, not programmers. "One of the dirty secrets about most computer science departments is that most of the professors can't program computers. Their real job is giving lectures and wrangling grants...." Many required subjects are rarely used. "...it's too bad few of us use many data structures any more." Institutions breed arrogance. "...the very nature of academic degrees are designed to give graduates the ability to argue one's superiority with authority. " Many modern skills are ignored. "If you want to understand Node.js, React, game design or cloud computation, you'll find very little of it in the average curriculum... It's very common for computer science departments to produce deep thinkers who understand some of the fundamental challenges without any shallow knowledge of the details that dominate the average employee's day."
"It's not that CS degrees are bad," the article concludes. "It's just that they're not going to speak to the problems that most of us need to solve."Read Replies (0)
By EditorDavid from Slashdot's sky-net department
InfoQ got some interesting insights from their interview with Christophe de Hauwer, the chief strategy and development officer at the communications satellite company SES:
According to Morgan Stanly, the global space economy is predicted to grow from $350 billion in revenues today to more than $1.1 trillion by 2040. This impressive growth is driven by an exploding demand for connectivity... On one hand, satellite will be key to satisfy consumers' demand for always-on, high-performance connectivity. On the other hand, it will play an essential role in providing connectivity to populations in underserved and unserved areas...
[A]irlines are facing growing demands for inflight connectivity: market studies have shown that 63% of travelers think more flights should offer Wi-Fi, and 48% think Wi-Fi in the air should be as fast as it is on the ground. We are shaping and scaling our satellite fleet in order to deliver both the performance and economics needed to take these services mainstream. Whether a plane is travelling along densely populated routes or vast areas of deserts, we want to have them covered with the right kind of connectivity, always on, everywhere.
He also points out that SpaceX's re-usable rockets are just one of the ways space technology is making telecommunications cheaper.
"Electric propulsion means satellites can achieve a 40-50% reduction in their mass; high-throughput spot beams deliver a significantly higher amount of bandwidth than traditional satellites and can reduce cost per bit; fully new digitized payloads enable increased efficiency, full flexibility in global coverage and further optimization of spectrum use."Read Replies (0)
By EditorDavid from Slashdot's trash-talk department
"Ever wondered why pages seem to load slower and slower? Or why it is that browsing seems to take just as long to load a page, even though your broadband connection doubled in speed a couple of months ago?" gb7djk, a long-time Slashdot reader, blames "the bullshit web" -- as described in this essay by Calgary-based front-end developer Nick Heer (who does his testing on a 50 Mbps connection).
A story at the Hill took over nine seconds to load; at Politico, seventeen seconds; at CNN, over thirty seconds. This is the bullshit web... When I use the word "bullshit" in this article, it isn't in a profane sense. It is much closer to Harry Frankfurt's definition in On Bullshit: "It is just this lack of connection to a concern with truth -- this indifference to how things really are -- that I regard as of the essence of bullshit...." The average internet connection in the United States is about six times as fast as it was just ten years ago, but instead of making it faster to browse the same types of websites, we're simply occupying that extra bandwidth with more stuff. Some of this stuff is amazing.... But a lot of the stuff we're seeing is a pile-up of garbage on seemingly every major website that does nothing to make visitors happier -- if anything, much of this stuff is deeply irritating and morally indefensible.
Take that CNN article, for example. Here's what it contained when I loaded it:
- Eleven web fonts, totalling 414 KB
- Four stylesheets, totalling 315 KB
- Twenty frames
- Twenty-nine XML HTTP requests, totalling about 500 KB
- Approximately one hundred scripts, totalling several megabytes -- though it's hard to pin down the number and actual size because some of the scripts are "beacons" that load after the page is technically finished downloading.
< article continued at Slashdot's trash-talk department
>Read Replies (0)
By EditorDavid from Slashdot's unfriending department
"Facebook really is evil," writes Quartz reporter Nikhil Sonnad. "Not on purpose. In the banal kind of way. Underlying all of Facebook's screw-ups is a bumbling obliviousness to real humans..." An anonymous reader quotes Sonnad's essay:
The imperative to "connect people" lacks the one ingredient essential for being a good citizen: Treating individual human beings as sacrosanct. To Facebook, the world is not made up of individuals, but of connections between them. The billions of Facebook accounts belong not to "people" but to "users," collections of data points connected to other collections of data points on a vast Social Network, to be targeted and monetized by computer programs.
There are certain things you do not in good conscience do to humans. To data, you can do whatever you like.... With Facebook, "life is turned into a database," writes technologist Jaron Lanier in his 2010 book You Are Not a Gadget... Silicon Valley culture has come to accept as certain, Lanier writes, that "all of reality, including humans, is one big information system".... The problem, says Lanier, is that there is nothing special about humans in this information system. Every data point is treated equally, irrespective of how humans experience it.
The essay argues Facebook's value system "has diverged from that of the rest of society," adding that Facebook "seems to be blind to the possibility that it could be used for ill."
Facebook needs to "check their instinctive technological optimism against the realities of human life. Absent human considerations, Facebook will continue to bring thoughtless, banal harm to the world."Read Replies (0)
By EditorDavid from Slashdot's word-on-the-street department
An anonymous reader quotes CBS MoneyWatch:
The number of people residing in campers and other vehicles surged 46 percent over the past year, a recent homeless census in Seattle's King County, Washington found. The problem is "exploding" in cities with expensive housing markets, including Los Angeles, Portland and San Francisco, according to Governing magazine. The problem of vehicle residency is national in scope, although its impact may be more "acutely felt in urban areas where space is more limited," said Sara Rankin, an assistant professor law at Seattle University and the director of Homeless Rights Advocacy Project, in an email to CBS MoneyWatch.
"Amazon, Microsoft and other big tech companies are in the Seattle area," notes Zero Hedge, adding "It is a region that is supposedly 'prospering', and yet this is going on."
Back in Silicon Valley, one Google employee slept in a truck in Google's parking lot for two years -- allowing him to save at least $48,000 that he would've paid in rent -- though many vehicle-dwellers apparently have non-technical jobs as plumbers, janitors, and even teachers. "A fair number of
the 'vehicular homeless' in Silicon Valley are employed but are unable to find affordable housing," reports CBS, citing an AP article last November about "Silicon Valley's car people".
"Lines of RVs can be found near the headquarters of tech heavyweights such as Apple, Google and Hewlett-Packard."Read Replies (0)
By EditorDavid from Slashdot's chip-off-the-ol-blockchain department
"Corporate America's love affair with all things blockchain may be cooling," reports Bloomberg. An anonymous reader quotes their report. [Alternate version here.]
A number of software projects based on the distributed ledger technology will be wound down this year, according to Forrester Research Inc. And some companies pushing ahead with pilot tests are scaling back their ambitions and timelines. In 90 percent of cases, the experiments will never become part of a company's operations, the firm estimates. Even Nasdaq Inc., a high-profile champion of blockchain and cryptocurrencies, hasn't moved as quickly as hoped. The exchange operator, which talked in 2016 about deploying blockchain for voting in shareholder meetings and private-company stock issuance, isn't using the technology in any widely deployed projects yet...
"The disconnect between the hype and the reality is significant -- I've never seen anything like it," said Rajesh Kandaswamy, an analyst at Gartner Inc. "In terms of actual production use, it's very rare...." Only 1 percent of chief information officers said they had any kind of blockchain adoption in their organizations, and only 8 percent said they were in short-term planning or active experimentation with the technology, according to a Gartner study. Nearly 80 percent of CIOs said they had no interest in the technology. Many companies that previously announced blockchain rollouts have changed plans
Problems include the fact that most blockchains "also can't yet handle a large volume of transactions," and worries about compatibility with other software -- which some hope to address next year with software certification testing. But at least two big tech companies are aggressively pushing blockchain.
"So far, IBM and Microsoft have grabbed 51 percent of the more than $700 million market for blockchain products and services, WinterGreen Research Inc. estimated earlier this year,"Read Replies (0)