By EditorDavid from Slashdot's language-barriers department
Hewlett-Packard's Enterprise blog summarizes a talk by Linux kernel developer Kees Cook at the North America edition of the 2018 Linux Security Summit. Its title? "Making C Less Dangerous."
"C is a fancy assembler. It's almost machine code," said Cook, speaking to an audience of several hundred peers, who understood and appreciated the application speed resulting from C... Over time, Cook and the people he worked with discovered numerous native C problems. To deal with these weaknesses, the Kernel Self Protection Project has worked slowly and steadily on protecting the Linux kernel from attack. In the process, it has worked to remove troublesome code from Linux....
With its operational baggage and weak standard libraries, C contains a great deal of undefined behavior. Cook cited -- and agreed with -- Raph Levien's blog post "With Undefined Behavior, Anything Is Possible." Cook gave concrete examples. "What are the contents of 'uninitialized' variables? Whatever was in memory from before! Void pointers have no type, yet we can call typed functions through them? Sure! Assembly doesn't care: Everything can be an address to call! Why does memcpy() have no 'max destination length' argument? Just do what I say; memory areas are all the same!" Some of these idiosyncracies are relatively easy to deal with. Cook commented, "Linus [Torvalds] likes the idea of always initializing local variables. So, you should 'just do it....'" The long-term solution? More security-savvy open source developers... While at times, the idea of coming up with a Linux C dialect has been attractive, that's not going to happen. The real issue behind the problem of dangerous code is "people don't want to do the work to clean up code -- not just bad code, but C itself," he said. As with all open source projects, "we need more dedicated developers, reviewers, testers, and backporters."
LWN.net has its own run-down of Cook's talk, as well as a link to a PDF file of his slides.
< article continued at Slashdot's language-barriers department
>Read Replies (0)
By EditorDavid from Slashdot's it's-alive department
Zorro (Slashdot reader #15,797) summarizes a new article in the Guardian:
The death of a woman hit by a self-driving car highlights an unfolding technological crisis, as code piled on code creates "a universe no one fully understands."
"In some ways we've lost agency. When programs pass into code and code passes into algorithms and then algorithms start to create new algorithms, it gets farther and farther from human agency. Software is released into a code universe which no one can fully understand."
The author dubs these man-made monsters "franken-algos," since "After a time in the wild, we no longer know what they are: they have the potential to become erratic." Self-learning algorithms are already part of the "new all-machine phase" of Wall Street trading, leading to what science historian George Dyson believes are rules "where nobody knows what the rules are: the algorithms create their own rules -- you let them evolve the same way nature evolves organisms."
Where does it end? There's already a robotic sharpshooter policing the demilitarized zone between North and South Korea, and "swarms of coordinated, weaponized drones" already being developed by three different countries.
The article suggests re-thinking our legal system to assign blame for any badly malfunctioning algorithms, noting that the Association for Computing Machinery recently updated its code of ethics "along the lines of medicine's Hippocratic oath, to instruct computing professionals to do no harm and consider the wider impacts of their work.... Solutions exist or can be found for most of the problems described here, but not without incentivizing big tech to place the health of society on a par with their bottom lines.
< article continued at Slashdot's it's-alive department
>Read Replies (0)
By EditorDavid from Slashdot's shooting-stars department
"It looks like a tiny yellow submarine, but this underwater drone is on a mission to kill," reports ABC. Specifically, to kill the starfish that are destroying coral on Australia's Great Barrier Reef. An anonymous reader quotes ABC:
In a bid to eradicate the pest, Queensland researchers have developed world-first robots to administer a lethal injection to the starfish using new technology... Researcher Matt Dunbabin said the technology was 99.4 per cent accurate in delivering a toxic substance only harmful to the starfish.... Divers have played a big role in helping to combat the starfish, but Professor Dunbabin said the robot would take the efforts to the next level. "Divers currently control certain areas, but there are not enough divers to actually make a difference on the scale of the reef," he said. The drone can also monitor and gather huge amounts of data about coral bleaching, water quality and pollution.
"RangerBot will be designed to stay underwater almost three times longer than a human diver, gather vastly more data, map expansive underwater areas at scales not previously possible, and operate in all conditions and all times of the day or night," according to Researchers at the Queensland University of Technology.
The starfish-killing robots were partially funded by Google (through their Google.org Impact Challenge program to fund and support nonprofit innovators), reports The Drive. One study had found the reef's coral cover declined 50% between 1985 and 2012, "with nearly half of that drop resulting from the coral-destroying starfish species."Read Replies (0)
By EditorDavid from Slashdot's millionaire-prisoners department
He'd sold his second online advertising company for $300 million at the age of 25. Six years later he was charged with 47 felonies. And now? "A Silicon Valley millionaire entrepreneur who avoided jail time for a domestic violence conviction in 2014 -- and had his probation revoked following another domestic violence incident -- was sentenced to a year in jail Friday after losing his appeal," writes CBS SF. An anonymous reader quotes their report:
Gurbaksh Chahal, founder of online advertising companies Gravity4 and RadiumOne, sobbed while asking San Francisco Superior Court Judge Tracy Brown for leniency... The 36-year-old was immediately remanded into custody after Brown declined to change her ruling. Chahal must serve at least six months of the one-year sentence. He has been out of custody on $250,000 bail...
Chahal was charged with felony domestic violence in 2013 after police say he punched and kicked his girlfriend 117 times inside his San Francisco penthouse. Security camera video evidence of the attack was deemed inadmissible after a judge ruled police had obtained it without a warrant. With no video and after his girlfriend declined to cooperate with police, Chahal pleaded guilty in 2014 to two misdemeanor battery charges of domestic violence and was sentenced to three years probation.... He was accused of violating his probation in 2016 by kicking another girlfriend in the same South Beach apartment.
"Tonight he's sleeping in the big house," quipped a local TV reporter, adding "that's got to feel very different."Read Replies (0)
By EditorDavid from Slashdot's stuck-in-a-silo department
This week in Vancouver, Linux kernel developer Greg Kroah-Hartman criticized Intel's slow initial response to the Spectre and Meltdown bugs in a talk at the Open Source Summit North America. An anonymous reader quotes eWeek:
Kroah-Hartman said that when Intel finally decided to tell Linux developers, the disclosure was siloed.... "Intel siloed SUSE, they siloed Red Hat, they siloed Canonical. They never told Oracle, and they wouldn't let us talk to each other." For an initial set of vulnerabilities, Kroah-Hartman said the different Linux vendors typically work together. However, in this case they ended up working on their own, and each came up with different solutions. "It really wasn't working, and a number of us kernel developers yelled at [Intel] and pleaded, and we finally got them to allow us to talk to each other the last week of December ," he said. "All of our Christmas vacations were ruined. This was not good. Intel really messed up on this," Kroah-Hartman said...
"The majority of the world runs Debian or they run their own kernel," Kroah-Hartman said. "Debian was not allowed to be part of the disclosure, so the majority of the world was caught with their pants down, and that's not good." To Intel's credit, Kroah-Hartman said that after Linux kernel developers complained loudly to the company in December 2017 and into January 2018, it fixed its disclosure process for future Meltdown- and Spectre-related vulnerabilities... "Intel has gotten better at this," he said.
An interesting side effect of the Meltdown and Spectre vulnerabilities is that Linux and Windows developers are now working together, since both operating systems face similar risks from the CPU vulnerabilities. "Windows and Linux kernel developers now have this wonderful back channel. We're talking to each other and we're fixing bugs for each other," Kroah-Hartman said. "We are working well together. We have always wanted that."Read Replies (0)
By EditorDavid from Slashdot's anger-mismanagement department
Were the creators of Facebook and Twitter oblivious to how social networks could be abused? "I struggle to believe that these brilliant product CEOs, who have created social media services used by millions of people worldwide, are actually naive," writes the former CEO of Reddit. "It's a lot more likely that they simply don't care."
[S]ocial media companies and the leaders who run them are rewarded for focusing on reach and engagement, not for positive impact or for protecting subsets of users from harm. They're rewarded for keeping costs down, which encourages the free-for-all, anything-goes approach misnomered "free speech." If they don't need to monitor their platforms, they don't need to come up with real policies -- and avoid paying for all the people and tools required to implement them....
In the earliest days, it wasn't always obvious what these platforms were doing and what they would become -- even to insiders. But at a certain point, it became clear that money was the driving factor, and dopamine- or rage-induced interactions meant more money.... CEOs should just forget about hiding behind "naivete" and "free speech," and instead remind themselves they can take actions that will meaningfully change the direction of the future. The first step is acknowledging the problem... You've solved for increasing engagement; now it's time to make real, positive interactions a priority.
The next time a CEO claims ignorance, "we must hold them accountable," the essay argues, complaining that right now there's a vacuum of leadership.
So instead, "Everyone's holding hands on the road to hell."Read Replies (0)
By EditorDavid from Slashdot's final-fantasies department
An anonymous reader quotes CNET:
J.R.R. Tolkien fans can get their hands on what might be the late author's final work. The Fall of Gondolin was published August 30 by Houghton Mifflin Harcourt in the US and HarperCollins in the UK. J.R.R. Tolkien died in 1973, but since his death, his son Christopher, now 93, has edited a number of his father's works, including this one. The book tells of the founding of the Elven city of Gondolin, and is considered one of Tolkien's Lost Tales...
The Fall of Gondolin follows another posthumously published Lost Tale, The Tale of Beren and Luthien, which came out in 2017. At the time, many expected that book to be J.R.R. Tolkien's final published work. Christopher Tolkien even wrote in its preface that it was "(presumptively) my last book in the long series of my father's writings." But now, Entertainment Weekly reports, Christopher Tolkien has written that "The Fall of Gondolin is indubitably the last."
The book is illustrated by Alan Lee, who has illustrated numerous Tolkien books, and along with Grant Major and Dan Hennah won an Oscar for best art direction for the 2003 film, The Lord of the Rings: The Return of the King.
The Washington Post includes the book's description of a "hideous mechanical army" deployed in battle against Gondolin, and summarizes the book's plot. "In short, the evil overlord Morgoth -- called Melko here -- seeks to dominate the entire world, but the hidden elvish city of Gondolin remains out of his grasp."
"We are reminded that Tolkien first drafted this story while in the hospital recuperating from the Battle of the Somme."Read Replies (0)
By EditorDavid from Slashdot's cruising-plutonium department
Russia isn't the first country to launch a floating nuclear power plant. 50 years ago America's army built a floating nuclear power plant to supply energy to the Panama Canal Zone. Even though it's now being dismantled in Texas -- a four-year job -- China has plans to build as many as 20 floating nuclear power plants.
Gayle BAS quotes the Bulletin of the Atomic Scientists:
Proponents say that floating nuclear plants have major advantages over land-based power plants: They have easy access to cooling water and can be quickly installed near coastal cities with rapidly growing energy demands. And unlike other types of energy that produce relatively few climate-altering emissions, nuclear power plants can run 24/7.
But as with onshore nuclear reactors, the closely related issues of safety and economics could be showstoppers.Read Replies (0)
By EditorDavid from Slashdot's achievement-unlocked department
"Almost 25 years after it was released, Doom 2 has finally given up its last secret..." writes Polygon. An anonymous reader quotes their report:
It's secret No. 4 on Map 15 (Industrial Zone). Now, the area in question has been known, seen and accessed by other means (usually a noclip cheat code). Getting to it without a cheat appears to be deliberately impossible, according to Doom co-creator John Romero. Romero tweeted out congratulations to the solution's discoverer, Zero Master. Zero Master figured out that the way to trigger the secret was to be pushed into the secret area by an enemy (in this case, a Pain Elemental).
Apparently the secret sector was an area just below the floor of a teleporter -- but entering that teleporter meant players rose up to the level of the teleporter's floor, according to Romero, so "you never enter the sector... you would never get inside the teleporter sector to trigger the secret."
One Reddit user notes Zero Master "has the first legit Doom 2 100% save file on earth, after 24 years."Read Replies (0)
By EditorDavid from Slashdot's taking-licenses department
An anonymous reader quotes Motherboard:
Less than 24 hours after a software developer revoked access to Lerna, a popular open-source software management program, for any organization that contracted with U.S. immigrations and Customs Enforcement, access has been restored for any organization that wishes to use it and the developer has been removed from the project... The modified version specifically banned 16 organizations, including Microsoft, Palantir, Amazon, Northeastern University, Johns Hopkins University, Dell, Xerox, LinkedIn, and UPS... Although open-source developer Jamie Kyle acknowledged that it's "part of the deal" that anyone "can use open source for evil," he told me he couldn't stand to see the software he helped develop get used by companies contracting with ICE.
Kyle's modification of Lerna's license was originally assented to by other lead developers on the project, but the decision polarized the open-source community. Some applauded his principled stand against ICE's human rights violations, while others condemned his violation of the spirit of open-source software. Eric Raymond, the founder of the Open Source Initiative and one of the authors of the standard-bearing Open Source Definition, said Kyle's decision violated the fifth clause of the definition, which prohibits discrimination against people or groups. "Lerna has defected from the open-source community and should be shunned by anyone who values the health of that community," Raymond wrote in a blog post on his website.
The core contributor who eventually removed Kyle also apologized for Kyle's licensing change, calling it a "rash decision" (which was also "unenforceable.")
Eric Raymond had called the decision "destructive of one of the deep norms that keeps the open source community functional -- keeping politics separated from our work."Read Replies (0)
By BeauHD from Slashdot's it's-a-bird-it's-a-plane-it's-a-tanker-drone department
Boeing has been awarded an $805 million contract by the U.S. Navy to build four prototypes of its design for the MQ-25 "Stingray," an unmanned, carrier-based tanker aircraft. The drone "will help extend the range of the Navy's future carrier air wings and keep carriers themselves out of range of coastal defenses," reports Ars Technica. From the report: Boeing beat out Lockheed Martin and General Atomics for the contract. Northrop Grumman -- which built the Navy's first carrier-based drone prototype, the X-47B Unmanned Combat Air System-Demonstration (UCAS-D) -- dropped out of the competition last year. The prototype contract is the first step toward delivering "initial operating capability," a first production run of the drones, by 2024. The MQ-25's design requirements called for an aircraft capable of launching from a carrier deck and delivering 14,000 pounds (6,300kg) of fuel to aircraft 500 nautical miles (926km) away. That capacity and range, along with the low-observable shape of the drone, could essentially double the range of F/A-18 Super Hornet and F-35C Joint Strike Fighter attack missions. Eventually, Boeing could deliver up to 72 Stingrays at a cost of $13 billion.Read Replies (0)
By BeauHD from Slashdot's next-on-the-list department
schwit1 shares a report from Time: In a new paper published in Science, researchers led by Eric Olson, professor and chair of molecular biology at UT Southwestern Medical Center, reported that he and his team successfully used CRISPR to correct the genetic defect responsible for Duchenne muscular dystrophy in four beagles bred with the disease-causing gene. It's the first use of CRISPR to treat muscular dystrophy in a large animal. (Previous studies had tested the technology on rodents.) In varying degrees, the genetic therapy halted the muscle degradation associated with the disease. Duchenne is caused by mutations in the dystrophin gene, which codes for a protein essential for normal muscle function. People born with the disease are often eventually confined to wheelchairs as their muscles continue to weaken, and in the later stages, many rely on ventilators to breathe as their diaphragm muscles stop working. Eventually, they develop heart and respiratory failure. Olson and his team "fixed" the mutated dystrophin gene in four dogs by splicing out an offending section of the gene using CRISPR. The gene editing technology, discovered in 2012, can cut out sections of DNA at precise locations (and also potentially introduce new DNA as well). In the case of Duchenne, says Olson, simply snipping out a section of the mutated dystrophin gene allows the gene to make enough of the proper protein that muscles need to function. The hope is that if those animal studies and human trials prove this technique is safe and effective, CRISPR could potentially lead to a cure for Duchenne, Olson says. "We are going for a cure, not a treatment," he says. "All of the other therapies so far for Duchenne muscular dystrophy have treated the symptoms and consequences of the disease. This is going right at the root cause of the genetic mutation."Read Replies (0)
By BeauHD from Slashdot's slowly-but-surely department
An anonymous reader quotes a report from The Seattle Times: Lego is trying to refashion the product it is best known for: It wants to eliminate its dependence on petroleum-based plastics, and build its toys entirely from plant-based or recycled materials by 2030. The challenge is designing blocks that click together yet separate easily, retain bright colors, and survive the rigors of being put through a laundry load, or the weight of an unknowing parent's foot. In essence, the company wants to switch the ingredients, but keep the product exactly the same. [...] Lego emits about 1 million tons of carbon dioxide each year, about three-quarters of which comes from the raw materials that go into its factories, according to Tim Brooks, the company's vice president for environmental responsibility. Lego is taking a two-pronged approach to reducing the amount of pollution it causes. For one, it wants to keep all of its packaging out of landfills by 2025 by eliminating things like plastic bags inside its cardboard packaging. It is also pushing for the plastic in its toys to come from sources like plant fibers or recycled bottles by 2030. The billion-dollar company is reportedly investing about $120 million and hiring about 100 people to make these changes possible. "Lego is already using polyethylene made from sugar-cane husks in flexible pieces like dragon wings, palm trees and fishing rods, but these constitute only 1 to 2 percent of its output, and the material is too soft for the company's toy blocks," reports The Seattle Times. Lego has already experimented with around 200 alternatives, but most of the materials have so far fallen short.Read Replies (0)
By BeauHD from Slashdot's not-good-enough department
Democratic lawmakers on Wednesday criticized the FCC on its response to Verizon's throttling of firefighters' data speeds as they battled a major wildfire in Northern California. "In a letter Friday, Senator Edward Markey and Congresswoman Anna Eshoo demanded answers from the FCC over what steps it is currently taking to address 'critical threats to public safety,' citing its decision to repeal Obama-era net neutrality protections," reports Gizmodo. From the report: The 2015 Open Internet Order -- overturned by the FCC's Republican majority last winter -- reclassified internet providers like Verizon as common carriers under Title II of the Federal Communications Act, granting the FCC regulatory authority that, in this instance, would have allowed the commission to investigate and potential penalize Verizon for its decision. At Chairman Ajit Pai's direction, the commission abdicated that authority this year. It no longer has the power to establish rules prohibiting Verizon from throttling emergency services, or charging police and fire departments additional fees to maintain their communications at optimal speeds when usage peaks -- say, during a wildfire, or an earthquake, or a mass shooting.
"The FCC has incorrectly suggested that the Federal Trade Commission (FTC) could sufficiently fill this void," wrote Markey and Eschoo, whose congressional districting includes portions of Santa Clara. "We strongly disagree with that assertion." In their letter, the Democratic lawmakers urged the FCC to make use of its Public Safety and Homeland Security Bureau and investigate the matter, saying that while the FTC may find Verizon's actions exemplify an "unfair and deceptive practice," both agencies should use "all of the tools available" to resolve this public safety matter. "To do nothing is unacceptable," they said.Read Replies (0)
By BeauHD from Slashdot's first-of-its-kind department
Apple's self-driving car program has reported its first-ever accident, according to a filing to the state's DMV. No injuries were reported. AppleInsider reports: A test car was rear-ended by a Nissan Leaf while merging onto an expressway, Bloomberg's Mark Gurman said on Twitter. The Apple vehicle suffered "moderate" damage. Details are still forthcoming, so it's unclear if the fault was with the Nissan driver, Apple's hardware and software, or some combination of the two. In an update, AppleInsider provided the following information: "The Apple vehicle, a Lexus SUV, was merging onto the Lawrence Expressway in California's Bay Area on Aug. 24, Gurman later wrote, citing a filing by Apple's Steve Kenner with the Department of Motor Vehicles. The Leaf was moving at just 15 miles per hour, but was also damaged."Read Replies (0)