By msmash from Slashdot's security-woes department
Andy Greenberg, writing for Wired: When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. On Friday, Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. That demonstration, which has yet to be confirmed publicly by other security researchers, could poke a hole in the expensive security of the iPhone X, particularly given that the researchers say their mask cost just $150 to make. But it's also a hacking proof-of-concept that, for now, shouldn't alarm the average iPhone owner, given the time, effort, and access to someone's face required to recreate it. Bkav, meanwhile, didn't mince words in its blog post and FAQ on the research. "Apple has done this not so well," writes the company. "Face ID can be fooled by mask, which means it is not an effective security measure."Read Replies (0)
By EditorDavid from Slashdot's hot-rocks department
Better microsampling (and analysis) are revealing "previously obscured" clues about how super-hot molten lava behaves, according to a Science Alert article shared by schwit1:
"The older view is that there's a long period with a big tank of molten rock in the crust," says geoscientist Nathan Andersen from the University of Wisconsin-Madison. "A new view is that magma is stored for a long period in a state that is locked, cool, crystalline, and unable to produce an eruption. That dormant system would need a huge infusion of heat to erupt." Such a huge infusion of heat is what's thought to have unleashed a violent supereruption in California some 765,000 years ago... [A]s awesomely destructive as the supereruption was, lingering evidence from the aftermath can tell us about the magma conditions deep underground before the top blew so spectacularly.
Specifically, an analysis of argon isotopes contained in crystals from the Bishop Tuff -- the large rocky outcrop produced when the Long Valley Caldera was created -- shows the magma from the supereruption was heated rapidly, not slowly simmered. Geologically speaking, that is -- meaning the heating forces that produced the supereruption occurred over decades, or perhaps a couple of centuries. (A long time for people, sure, but a blink of an eye in the life-time of a supervolcano.) The reasoning is that argon quickly escapes from hot crystals, so it wouldn't have a chance to accumulate in the rock if the rock were super-heated for a long time... Unfortunately, while scientists are doing everything they can to read the signs of volcanic supereruptions -- something NASA views as more dangerous than asteroid strikes -- the reality is, the new findings don't bring us any closer to seeing the future.
< article continued at Slashdot's hot-rocks department
>Read Replies (0)
By EditorDavid from Slashdot's my-kingdom-for-a-satellite department
An anonymous reader quotes CNET:
An Orbital ATK Antares rocket carrying a cubesat named Asgardia-1 launched from NASA's Wallops Flight Facility in Virginia early Sunday. The milk carton-sized satellite makes up the entirety of territory of the self-proclaimed "Space Kingdom" of Asgardia... Over 300,000 people signed up online to become "citizens" of the nation over the last year. The main privilege of citizenship so far involves the right to upload data to Asgardia-1 for safekeeping in orbit, seemingly far away from the pesky governments and laws of Earth-bound countries...
As of now, Asgardia's statehood isn't acknowledged by any other actual countries or the United Nations, and it doesn't really even fit the definition of a nation since it's not possible for a human to physically live in Asgardia. Not yet, at least. The long-term vision for Asgardia includes human settlements in space, on the moon and perhaps even more distant colonies.
On Tuesday Orbital ATK's spacecraft will dock with the International Space Station for a one-month re-supply mission -- then blast higher into orbit to deploy the space kingdom's satellite. "Asgardia space kingdom has now established its sovereign territory in space," read an online statement.
Next the space kingdom plans to hold elections for 150 Members of Parliament.Read Replies (0)
By EditorDavid from Slashdot's cyber-war department
chicksdaddy quotes Security Ledger:
North Korean hackers have stepped up their attacks on U.S. defense contractors in an apparent effort to gain intelligence on weapon systems and other assets that might be used against the country in an armed conflict with the United States and its allies, The Security Ledger is reporting. Security experts and defense industry personnel interviewed by The Security Ledger say that probes and attacks by hacking groups known to be associated with the government of the Democratic People's Republic of Korea (DPRK) have increased markedly as hostilities between that country and the United States have ratcheted up in the last year. The hacking attempts seem to be aimed at gaining access to intellectual property belonging to the companies, including weapons systems deployed on the Korean peninsula.
"As the situation between the DPRK and the US has become more tense, we've definitely seen an increase in number of probe attempts from cyber actors coming out of the DPRK," an official at an aerospace and defense firm told Security Ledger. The so-called "probes" were targeting the company's administrative network and included spear phishing attacks via email and other channels. The goal was to compromise computers on the corporate network... So far, the attacks have targeted "weakest links" within the firms, such as Human Resources personnel and general inquiry mailboxes, rather than targeting technical staff directly. However, experts who follow the DPRK's fast evolving cyber capabilities say that the country may have more up their sleeve.
CNBC also reports that America's congressional defense committees have authorized a last-minute request for $4 billion in extra spending for "urgent missile defeat and defense enhancements to counter the threat of North Korea."
Other countries newly interested in purchasing missile defense systems include Japan, Sweden, Poland, and Saudi Arabia.Read Replies (0)
By EditorDavid from Slashdot's distributing-distros department
Slashdot reader boudie2 tipped us off to some Linux news. Liliputing reports:
Samsung's DeX dock lets you connect one of the company's recent phones to an external display, mouse, and keyboard to use your phone like a desktop PC... assuming you're comfortable with a desktop PC that runs Android. But soon you may also be able to use your Android phone as a Linux PC [and] the company has released a brief video that provides more details. One of those details? At least one of the Linux environments in question seems to be Ubuntu 16.04... While that's the only option shown, the fact that it does seem to be an option suggests you may be able to run different Linux environments as well.
Once Ubuntu is loaded, the video shows a user opening Eclipse, an integrated development environment that's used to create Java (and Android apps). In other words, you can develop apps for Android phones with ARM-based processors on an Android phone with an ARM-based processor.
Samsung promised in October that its Linux on Galaxy app will ultimately let users "run their preferred Linux distribution on their smartphones utilizing the same Linux kernel that powers the Android OS."Read Replies (0)
By EditorDavid from Slashdot's momentum-towards-Mars department
"Dangerous radiation. Overstuffed pantries. Cabin fever. NASA could sidestep many of the impediments to a Mars mission if they could just get there faster," writes Space.com, which reports NASA is now exploring an alternative to chemical rockets.
In August, NASA announced an $18.8-million-dollar contract with nuclear company BWXT to design fuel and a reactor suitable for nuclear thermal propulsion (NTP), a rocket technology that could jumpstart a new era of space exploration. "The strengths with NTP are the ability to do the very fast round trip [to Mars], the ability to abort even if you're 2 to 3 months into the missions, the overall architectural robustness, and also the growth potential to even more advanced systems," Michael Houts, principal investigator for the NTP project at NASA's Marshall Space Flight Center, told Space.com. NTP rockets would pull all that off by offering about twice the bang for the buck that chemical rockets do... "Nuclear thermal propulsion can enable you to get to Mars faster, on the order of twice as fast," said Vishal Patel, a researcher involved in subcontract work for BWXT at the Ultra Safe Nuclear Corp. in Los Alamos, New Mexico. "We're looking at nice 3- to 4-month transit times."Read Replies (0)
By EditorDavid from Slashdot's legacy-code department
An anonymous reader writes:
The late Jim Weirich "was a seminal member of the western world's Ruby community," according to Ruby developer Justin Searls, who at the age of 30 took over Weirich's tools (which are used by huge sites like Hulu, Kickstarter, and Twitter). Soon Searls made a will and a succession plan for his own open-source projects. Wired calls succession "a growing concern in the open-source software community," noting developers have another option: transferring their copyrights to an open source group (for example, the Apache Foundation).
Most package-management systems have "at least an ad-hoc process for transferring control over a library," according to Wired, but they also note that "that usually depends on someone noticing that a project has been orphaned and then volunteering to adopt it." Evan Phoenix of the Ruby Gems project acknowledges that "We don't have an official policy mostly because it hasn't come up all that often. We do have an adviser council that is used to decide these types of things case by case." Searls suggests GitHub and package managers like Ruby Gems add a "dead man's switch" to their platform, which would allow programmers to automatically transfer ownership of a project or an account to someone else if the creator doesn't log in or make changes after a set period of time.
Wired also spoke to Michael Droettboom, who took over the Python library Matplotlib after John Hunter died in 2012. He points out that "Sometimes there are parts of the code that only one person understands," stressing the need for developers to also understand the code they're inheriting.Read Replies (0)
By EditorDavid from Slashdot's guardrails-of-the-galaxy department
What if alien life were so advanced that its powers were indistinguishable from physics? It's the one-year anniversary of a startling article which appeared in Nautilus magazine. Long-time Slashdot reader wjcofkc writes: Caleb Scharf, astronomer and the director of the multidisciplinary Columbia Astrobiology Center at Columbia University presents an intriguing thought experiment.
"Perhaps Arthur C. Clarke was being uncharacteristically unambitious. He once pointed out that any sufficiently advanced technology is going to be indistinguishable from magic. If you dropped in on a bunch of Paleolithic farmers with your iPhone and a pair of sneakers, you'd undoubtedly seem pretty magical. But the contrast is only middling: The farmers would still recognize you as basically like them, and before long they'd be taking selfies. But what if life has moved so far on that it doesn't just appear magical, but appears like physics?"
The original submitter included their own counterarguments against the idea, but the astronomer follows his proposal to its ultimate conclusion.
"Perhaps hyper-advanced life isn't just external. Perhaps it's already all around. It is embedded in what we perceive to be physics itself, from the root behavior of particles and fields to the phenomena of complexity and emergence."Read Replies (0)
By EditorDavid from Slashdot's defending-your-license department
An anonymous reader writes:
Earlier this week security-hardened Android build CopperheadOS temporarily blocked Nexus updates on its servers after finding out that other companies have been flashing the ROM onto Nexus phones and selling them commercially in violation of the CopperheadOS licensing terms. The incident highlights an inherent problem in getting open source to be used by the masses: the difficulty of organizations being able to build and monetize a successful, long-term open source business model...
"We've enabled over-the-air updates again," CopperheadOS tweeted Saturday, "to avoid impacting our remaining customers on Nexus devices and other legitimate users. However, downloads on the site will no longer be available and we'll be making changes to the update client for Nexus devices."
In an earlier series of tweets, they explained it's an ongoing issue. "It's not okay to disrespect our non-commercial licensing terms for those official builds by flashing and selling it on hundreds of phones... This is why we've been unable to sell access to Pixel images. There are people that are going to buy those and flash + sell devices in direct competition with us in violation of the licensing terms. Needing to deal with so many people acting in bad faith makes this difficult.
"It's not permitted for our official Nexus builds and yet that's what's happening. We do all of the development, testing, release engineering and we provide the infrastructure, and then competitors sell far more devices than us in violation of our licensing terms. Ridiculous."Read Replies (0)
By EditorDavid from Slashdot's home-improvement department
Slashdot reader zhennian wants to stream music throughout his entire house, "and was hoping that with three old iPods I might be able to put together a centrally managed house-wide audio system."
Ideally it would be possible to control what's playing from a central web interface using an app on an IOS or Android device. With the iPods already plugged into docking stations and on the home wifi network, I assume it should be possible.
A search of the Apple app store didn't bring up much and forking out $AUS400 for a Sonos One or equivalent seems wasted when I've already purchased iPod docks. Can anyone recommend an App that will still be compatible with old (ie. 2007) iPods and might do this?
Or is there a better cheap alternative? Leave your best answers in the comments. Can you convert old iPods into a home music-streaming solution?Read Replies (0)
By EditorDavid from Slashdot's not-so-smart-cities department
What's the world's second-richest man up to now? A Phoenix news station reports:
One of Bill Gates' investment firms has spent $80 million to kickstart the development of a brand-new community in Arizona's far West Valley. The large plot of land is about 45 minutes west of downtown Phoenix off I-10 near Tonopah. The proposed community, made up of close to 25,000 acres of land, is called Belmont. According to Belmont Partners, a real estate investment group based in Arizona, the goal is to turn the land into its own "smart city."
"Belmont will create a forward-thinking community with a communication and infrastructure spine that embraces cutting-edge technology, designed around high-speed digital networks, data centers, new manufacturing technologies and distribution models, autonomous vehicles and autonomous logistics hubs," Belmont Partners said in a news release.
A former columnist for the Phoenix newspaper writes that "Unless Gates plans to turn the land into a preserve, he might want to know a few things that the locals didn't tell him..."
First, Arizona doesn't have enough water to continue these kind of developments, no matter what the mouthpieces of the Real Estate Industrial Complex say... Second, climate change poses a clear and present danger to Arizona now. Summers are significantly hotter and lasting longer than a few decades ago. Massive wildfires are common, another new phenomenon. Whether Phoenix will even be inhabitable by mid-century is an open question. Already, it is a man-made environment totally dependent on electricity to power air conditioning and gasoline delivered by vulnerable pipelines.
All of which make it questionable whether all the dreamed developments ever get built, much less last long.
"To be fair, wealthy people who were clever in one area -- especially tech -- often think they know a lot about everything," the columnist concludes. "If this is the case here, he might want to study up."Read Replies (0)
By EditorDavid from Slashdot's moving-slow-and-breaking-things department
"Equifax executives will forgo their 2017 bonuses," reports CNBC. But according to the New York Post, the company "hasn't lost any significant business customers... Equifax largely does business with banks and other financial institutions -- not with the people they collect information on."
Even though it's facing more than 240 class-action lawsuits, Equifax's revenue actually increased 3.8% from July to September, to a whopping $834.8 million, while their net income for that period was $96.3 million -- which is still more than the $87.5 million that the breach cost them, according to a new article shared by chicksdaddy:
The disclosure, made as part of the company's quarterly filing with the US Securities and Exchange Commission, is the first public disclosure of the direct costs of the incident, which saw the company's stock price plunge by more than 30% and wiped out billions of dollars in value to shareholders. Around $55.5m of the $87.5m in breach-related costs stems from product costs â" mostly credit monitoring services that it is offering to affected individuals. Professional fees added up to another $17.1m for Equifax and consumer support costs totaled $14.9m, the company said. Equifax also said it has spent $27.3 million of pretax expenses stemming from the cost of investigating and remediating the hack to Equifax's internal network as well as legal and other professional expenses.
< article continued at Slashdot's moving-slow-and-breaking-things department
>Read Replies (0)
By EditorDavid from Slashdot's legacy-languages department
An anonymous reader writes:
After 35 years of programming in C, Eric S. Raymond believes that we're finally seeing viable alternatives to the language. "We went thirty years -- most of my time in the field -- without any plausible C successor, nor any real vision of what a post-C technology platform for systems programming might look like. Now we have two such visions...and there is another."
"I have a friend working on a language he calls 'Cx' which is C with minimal changes for type safety; the goal of his project is explicitly to produce a code lifter that, with minimal human assistance, can pull up legacy C codebases. I won't name him so he doesn't get stuck in a situation where he might be overpromising, but the approach looks sound to me and I'm trying to get him more funding. So, now I can see three plausible paths out of C. Two years ago I couldn't see any. I repeat: this is huge... Go, or Rust, or Cx -- any way you slice it, C's hold is slipping."
Raymond's essay also includes a fascinating look back at the history of programming languages after 1982, when the major complied languages (FORTRAN, Pascal, and COBOL) "were either confined to legacy code, retreated to single-platform fortresses, or simply ran on inertia under increasing pressure from C around the edges of their domains.
"Then it stayed that way for nearly thirty years."Read Replies (0)
By EditorDavid from Slashdot's you-said-that-last-time department
"FBI officials said Tuesday they have been stymied in their efforts to unlock the cellphone of the man who shot and killed at least 26 people at a church here on Sunday," reports the Houston Chronicle. Slashdot reader Anon E. Muss writes:
The police obtained a search warrant for the phone, but so far they've been unable to unlock it. The phone has been sent to the FBI, in the hope that they can break in... If it is secure, and the FBI can't open it, expect all hell to break loose. The usual idiots (e.g. politicians) will soon be ranting hysterically about the evil tech industry, and how they're refusing to help law enforcement.
FBI special agent Christopher Combs complained to the Chronicle that "law enforcement increasingly cannot get in to these phones."
A law professor at the Georgia Institute of Technology argues there's other sources of information besides a phone, and police officers might recognize this with better training.
As just one example, Apple says the FBI could've simply just used the dead shooter's fingerprint to open his iPhone. But after 48 hours, the iPhone's fingerprint ID stops working.Read Replies (0)