By msmash from Slashdot's security-woes department
An anonymous reader writes: In massive and groundbreaking research, a team of eleven scientists from the University of Florida, Stony Brook University, and Samsung Research America, have looked into what types of AT commands, or the Hayes command set, are currently supported on modern Android devices. The research team analyzed over 2,000 Android firmware images from eleven Android OEMs such as ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony, and ZTE. They say they discovered that these devices support over 3,500 different types of AT commands, some of which grant access to very dangerous functions. These AT commands are all exposed via the phone's USB interface, meaning an attacker would have to either gain access to a user's device, or hide a malicious component inside USB docks, chargers, or charging stations. Once an attacker is connected via the USB to a target's phone, s/he can use one of the phone's secret AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, or even inject touch events solely through the use of AT commands.Read Replies (0)
By msmash from Slashdot's no-longer-a-dominant department
According to the research firm Canalys, Google shipped 5.4 million Google Home speakers in the quarter, compared to 4.1 million for Echo. It's the second quarter in a row that Echo took a backseat to Google. From a report: Things have changed dramatically from the year ago figures. Then, Amazon had an 82% market share of the connected speaker market, to Google's 17%. For the second quarter of this year, Google leads with 32% share and a 449 percent growth, to 24.5% for Amazon. What's behind the turnaround? Voicebot.ai, a newsletter that tracks the connected speaker market, chalks it up to Google having more languages available in international markets for the Google Home speaker than Amazon does for Echo, so Google is available in more countries. And growth is coming from global. Only 16% of the new volume growth came from the U.S. in Q2 2018, says Canalys.Read Replies (0)
By msmash from Slashdot's side-note department
It is well-established established that Bitcoin mining -- aka, donating one's computing power to keep a cryptocurrency network up and running in exchange for a chance to win some free crypto -- uses a lot of electricity. Companies involved in large-scale mining operations know that this is a problem, and they've tried to employ various solutions for making the process more energy efficient. But, according to testimony provided by Princeton computer scientist Arvind Narayanan to the Senate Committee on Energy and Natural Resources, no matter what you do to make cryptocurrency mining harware greener, it's a drop in the bucket compared to the overall network's flabbergasting energy consumption. From a report: Instead, Narayanan told the committee, the only thing that really determines how much energy Bitcoin uses is its price. "If the price of a cryptocurrency goes up, more energy will be used in mining it; if it goes down, less energy will be used," he told the committee. "Little else matters. In particular, the increasing energy efficiency of mining hardware has essentially no impact on energy consumption." In his testimony, Narayanan estimates that Bitcoin mining now uses about five gigawatts of electricity per day (in May, estimates of Bitcoin power consumption were about half of that). He adds that when you've got a computer racing with all its might to earn a free Bitcoin, it's going to be running hot as hell, which means you're probably using even more electricity to keep the computer cool so it doesn't die and/or burn down your entire mining center, which probably makes the overall cost associated with mining even higher.Read Replies (0)
By msmash from Slashdot's closer-look department
One key lesson from the recent T-Mobile and several other breaches: our phone numbers, that serve as a means to identity and verify ourselves, are increasingly getting targeted, and the companies are neither showing an appetite to work on an alternative identity management system, nor are they introducing more safeguards to how phone numbers are handled and exchanged. From a report: Identity management experts have warned for years about over-reliance on phone numbers. But the United States doesn't offer any type of universal ID, which means private institutions and even the federal government itself have had to improvise. As cell phones proliferated, and phone numbers became more reliably attached to individuals long term, it was an obvious choice to start collecting those numbers even more consistently as a type of ID. But over time, SMS messages, biometric scanners, encrypted apps, and other special functions of smartphones have evolved into forms of authentication as well. "The bottom line is society needs identifiers," says Jeremy Grant, coordinator of the Better Identity Coalition, an industry collaboration that includes Visa, Bank of America, Aetna, and Symantec. "We just have to make sure that knowledge of an identifier can't be used to somehow take over the authenticator. And a phone number is only an identifier; in most cases, it's public." Think of your usernames and passwords. The former are generally public knowledge; it's how people know who you are. But you keep the latter guarded, because it's how you prove who you are. The use of phone numbers as both lock and key has led to the rise, in recent years, of so-called SIM swapping attacks, in which an attacker steals your phone number. When you add two-factor authentication to an account and receive your codes through SMS texts, they go to the attacker instead, along with any calls and texts intended for the victim. Sometimes attackers even use inside sources at carriers who will transfer numbers for them.Read Replies (0)
By msmash from Slashdot's what's-up-with-that department
Videogames have gotten harder to turn off, mental-health experts and parents say, raising concerns about the impact of seemingly endless gaming sessions on players' lives. From a report: Game developers for years have tweaked the dials not only on how games look and sound but how they operate under the hood, and such changes have made videogames more pervasive and enthralling, industry observers say. The World Health Organization in June added "gaming disorder" to an updated version of its International Classification of Diseases, warning about a condition in which people give up interests and activities to overly indulge in gaming despite negative consequences. It is expected to be formally classified in January 2022. Many games today are free, available on multiple devices, and double as social networks. Where once games were played and put away for a while, now game companies are routinely delivering new content aimed at keeping players constantly engaged. Some new content is available only for a limited time, a maneuver that tugs at people's fears of missing out, psychologists say. "Videogames are engineered specifically to keep people playing," said Douglas A. Gentile, a research scientist focused on the impact of media on children and adults. "They're designed to hit the pleasure centers of the brain in some of the same ways that gambling can."Read Replies (0)
By EditorDavid from Slashdot's wisdom-of-Harvard-dropouts department
"Not enough people are paying attention to this economic trend," writes Bill Gates, challenging the widespread use of forecasts and policies based on a "supply and demand" economic model. An anonymous reader quotes the Gates Notes blog:
Software doesn't work like this. Microsoft might spend a lot of money to develop the first unit of a new program, but every unit after that is virtually free to produce. Unlike the goods that powered our economy in the past, software is an intangible asset. And software isn't the only example: data, insurance, e-books, even movies work in similar ways.
The portion of the world's economy that doesn't fit the old model just keeps getting larger. That has major implications for everything from tax law to economic policy to which cities thrive and which cities fall behind, but in general, the rules that govern the economy haven't kept up. This is one of the biggest trends in the global economy that isn't getting enough attention. If you want to understand why this matters, the brilliant new book Capitalism Without Capital by Jonathan Haskel and Stian Westlake is about as good an explanation as I've seen.... They don't act like there's something evil about the trend or prescribe hard policy solutions. Instead they take the time to convince you why this transition is important and offer broad ideas about what countries can do to keep up in a world where the "Ec 10" supply and demand chart is increasingly irrelevant.
"What the book reinforced for me is that lawmakers need to adjust their economic policymaking to reflect these new realities," Gates writes, adding "a lot has changed since the 1980s. It's time the way we think about the economy does, too."Read Replies (0)
By EditorDavid from Slashdot's detention-of-the-dead department
18-year-old high school student Sean Small was arrested in Indiana on Tuesday and charged with a misdemeanor for posting a videogame clip to social media. An anonymous reader quotes Yahoo Lifestyle:
The clip in question is Sean playing The Walking Dead: Our World, which is an augmented reality game that animates characters into a real-world setting. In this case, players kill zombies. Along with Sean's video he wrote, "Finally something better than Pokemon Go," which is also an augmented reality game....
Sean, who is a member of the Indiana National Guard, pleaded not guilty to an intimidation charge. He was released on $1,000, and his school expulsion hearing is set for next week. The video featured other students walking through the halls as Sean allegedly attempted to kill the zombies the game placed among them.
Realistic footage of shootings in the high school's hallways apparently alarmed the off-duty sheriff's deputy hired to work at the high school -- who then filed the misdemeanor intimidation charge with the county prosecutor.Read Replies (0)
By EditorDavid from Slashdot's can't-lose-for-winning department
Sportsbooks have closed 50,000 betting accounts just in the U.K. -- and placed strict limits on 50,000 more, according to gaming experts contacted by ESPN. "Bookmakers from London to Las Vegas are refusing to take bets from a growing number of customers whose only offense might be trying to win."
Banning or limiting sophisticated players has been a regular part of Las Vegas sports betting for decades, and, like in the U.K., there's absolutely nothing illegal about it. Bettors say the practice is increasing and has even occurred in some of the new states (such as New Jersey) that have entered into the now-legal bookmaking game in recent months. "Americans should be worried," said Brian Chappell, a founder for the U.K. bettor advocacy group Justice for Punters. "It's coming."
In Nevada, refusing to take bets from any customer, from card counters to wise-guy sports bettors, is completely within any casino's legal rights. From Caesars Palace to the Venetian to more local spots like Station Casinos, every bookmaker in town will tell you -- albeit somewhat quietly -- that they've 86'd customers for one reason or another. Seasoned bettors are concerned, though, that the practice of banning or limiting accounts is not only increasing, but the reasoning behind the decisions is becoming more and more suspect. Many believe that the only thing betting intelligently will get you at some shops is a one-way ticket to being thrown out...
< article continued at Slashdot's can't-lose-for-winning department
>Read Replies (0)
By EditorDavid from Slashdot's California-coincidence department
An anonymous reader writes:
Verizon testified Friday before a California State Assembly committee about why its "throttling" of county firefighters was completely unrelated to net neutrality. Then they surprised everyone by announcing that they were lifting all data caps on public safety workers with unlimited data plans, including federal justice agencies like the FBI, CIA and Secret Service.
Verizon claimed this was completely unrelated to the fact that 13 California Congressmen are now demanding that the FTC investigate Verizon's throttling of firefighters battling California's 290,692-acre wildfire. "It is unacceptable for communications providers to deceive their customers," the Congressmen wrote, "but when the consumer in question is a government entity tasked with fire and emergency services, we can't afford to wait a moment longer."
Meanwhile, the California Professional Firefighters, which represents more than 30,000 firefighters and emergency personnel, came out in support of a strict new California law that restores net neutrality provisions, saying their group had "come to conclude that if net neutrality is not restored, the effect could be disastrous to the public's safety." One county fire chief even testified this was the third time in eight months they've been throttled by Verizon.Read Replies (0)
By EditorDavid from Slashdot's package-mismanagement department
Since April, according to the company, npm users have run 50 million automatic scans and have deliberately invoked the command 3.1 million times. And they're running 3.4 million security audits a week. Across all audits, 51 per cent found at least one vulnerability and 11 per cent identified a critical vulnerability. In a phone interview with The Register, Adam Baldwin, head of security at NPM, said he didn't have data on how many people are choosing to fix flagged flaws. "But what we've seen from pull requests suggests it's gaining traction," he said.
Incidentally, npm's thinking about security is finding similar expression elsewhere in the industry. Earlier this year, GitHub began alerting developers when their code contains insecure libraries. During a recent media briefing, GitHub's head of platform Sam Lambert said he hoped that the process could be made more automated through the mechanized submission of git pull requests that developers could simply accept to replace flawed code.
Baldwin said NPM might implement something similar, an intervention rather than a simple notification. "Currently it's not proactive policy enforcement," he said. "But it's something we're considering." That would appeal to NPM's growing enterprise constituency. "Enterprises for sure want the compliance and control," said Baldwin. "They want that ability to know the open source they're bringing in is safe or meets a certain set of criteria."
< article continued at Slashdot's package-mismanagement department
>Read Replies (0)
By EditorDavid from Slashdot's get-off-of-my-cloud department
SpzToid quotes Vanity Fair:
The controversy involves a plan to move all of the Defense Department's data -- classified and unclassified -- on to the cloud. The information is currently strewn across some 400 centers, and the Pentagon's top brass believes that consolidating it into one cloud-based system, the way the CIA did in 2013, will make it more secure and accessible. That's why, on July 26, the Defense Department issued a request for proposals called JEDI, short for Joint Enterprise Defense Infrastructure. Whoever winds up landing the winner-take-all contract will be awarded $10 billion -- instantly becoming one of America's biggest federal contractors.
But when JEDI was issued, on the day Congress recessed for the summer, the deal appeared to be rigged in favor of a single provider: Amazon. According to insiders familiar with the 1,375-page request for proposal, the language contains a host of technical stipulations that only Amazon can meet, making it hard for other leading cloud-services providers to win -- or even apply for -- the contract. One provision, for instance, stipulates that bidders must already generate more than $2 billion a year in commercial cloud revenues -- a "bigger is better" requirement that rules out all but a few of Amazon's rivals... Much of the language of JEDI, in fact, seems specifically tailored for Jeff Bezos. "Everybody immediately knew that it was for Amazon," says a rival bidder who asked not to be named. To even make a bid, a provider must maintain a distance of at least 150 miles between its data centers and provide "32 GB of RAM" -- specifications that few providers other than Amazon can meet.
< article continued at Slashdot's get-off-of-my-cloud department
>Read Replies (0)
By EditorDavid from Slashdot's science-fiction-in-San-Jose department
AmiMoJo quotes the Verge:
The 2018 Hugo Awards were held Sunday night at the World Science Fiction Convention in San Jose, California. The Hugo award, voted on by members of the fan community, is considered the highest honour for science fiction and fantasy literature... N.K. Jemisin took home the top honor for The Stone Sky, the third installment of her Broken Earth trilogy. Other winners include Martha Wells for her first Murderbot novella All Systems Red, Suzanne Palmer for her novelette "The Secret Life of Bots," and Rebecca Roanhorse for her short story "Welcome to your Authentic Indian Experience." [Those last two links apparently let you read the entire story online!] Roanhorse also took home the John W. Campbell Jr. Award for Best New Writer.
Ursula K. Le Guin also posthumously won an award for "Best Related Work" for her collection of blog posts No Time to Spare: Thinking About What Matters.
And Zack Snyder finally won something, when Blade Runner 2049 lost in the "Best Dramatic Presentation -- Long Form" category to Wonder Woman ("screenplay by Allan Heinberg, story by Zack Snyder & Allan Heinberg and Jason Fuch.")Read Replies (0)
By EditorDavid from Slashdot's surprise-endings department
Slashdot reader nolaguy quotes the New York Post:
Movie subscription service MoviePass has pulled the plug on annual subscriptions, telling those subscribers that they will have to adhere to the same terms as monthly subscribers. The service made the announcement Friday in an email to those members and offered them prorated refunds if they want to cancel their annual memberships.... Until Friday's announcement, subscribers to the $89 annual plans had been able to see a movie a day.
CNET reports that MoviePass "is now forcing you onto its monthly three-movie-a-month plan -- effective immediately...and you'll receive up to a $5.00 discount on any additional movie tickets purchased." They're plannning to apply the $89 annual fees toward the $9.95 monthly fees, but....
To add insult to injury, MoviePass says you'll only have until Aug. 31 -- a week from today -- if you want to get some of your money back in the form of a prorated refund, which you can only get by canceling your plan. And just to make things more ridiculous, MoviePass is preying on your FOMO by saying that if you do take the refund, you won't be able to sign up for MoviePass again for nine months.
CNET's article ends with a link to their list of "the 11 times that MoviePass altered the deal," adding "This is getting sad. And a little shady."Read Replies (0)
By EditorDavid from Slashdot's courtroom-drama department
Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com:
Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.
The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...
You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.
"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."Read Replies (0)
By EditorDavid from Slashdot's ice-ice-baby department
Iwastheone quotes Phys.org:
First, according to Rice University engineers, get a nanotube hole. Then insert water. If the nanotube is just the right width, the water molecules will align into a square rod. Rice materials scientist Rouzbeh Shahsavari and his team used molecular models to demonstrate their theory that weak van der Waals forces between the inner surface of the nanotube and the water molecules are strong enough to snap the oxygen and hydrogen atoms into place. Shahsavari referred to the contents as two-dimensional "ice," because the molecules freeze regardless of the temperature.
He said the research provides valuable insight on ways to leverage atomic interactions between nanotubes and water molecules to fabricate nanochannels and energy-storing nanocapacitors... The researchers already knew that hydrogen atoms in tightly confined water take on interesting structural properties. Recent experiments by other labs showed strong evidence for the formation of nanotube ice and prompted the researchers to build density functional theory models to analyze the forces responsible... They discovered that nanotubes in the middle diameters had the most impact on the balance between molecular interactions and van der Waals pressure that prompted the transition from a square water tube to ice.
The paper describes "solid-like water nanotubes," and the head of the research team believes they could have practical applications, according to the article.
"Nanotube ice could find use in molecular machines or as nanoscale capillaries, or foster ways to deliver a few molecules of water or sequestered drugs to targeted cells, like a nanoscale syringe."Read Replies (0)
By EditorDavid from Slashdot's big-bangs-versus-whimpers department
"The Big Bang Theory is dead. If you need me, I'll be dancing on its grave," writes a TV columnist for the Guardian:
The inexplicably popular geek sitcom has announced that its 12th season will be its last. Its demise should come as a relief to everybody... Producers have promised an "epic creative close" when the series ends in May. After that, The Big Bang Theory will be dead, and nobody will be sad. Except, of course, they will. Because, inexplicably, The Big Bang Theory is still one of the most-watched shows on U.S. television. It regularly gets more than 15 million viewers an episode, and, statistically, not all of them can be incapacitated to the point of being unable to change channels whenever it comes on.
Nothing confuses me more than The Big Bang Theory's success. It has always been markedly less smart than it thought it was; the TV version of someone wearing a "GEEK" T-shirt because they liked a Facebook post about the moon once.... Watch any recent episode of The Big Bang Theory and you'll see that it is barely even a sitcom at this point. It has been going on for so long that the writing, presentation and performances are more or less autonomous. Everyone is just glumly going through the motions, stuck in the tracks they've carved out for themselves over the years. It's like watching a museum exhibit of a sitcom made with mannequins and miserable circus bears.
The actor who plays Sheldon will be 46 when the show ends, the columnist points out, adding that for 12 years he's been playing "a weirdly ageless man-boy trapped in a developmentally arrested closed-loop flatshare scenario more suited to somebody half his age." The Guardian titled their piece "Our Long Nightmare is Finally Over" -- but leave your own thoughts in the comments.
How do you feel about the ending of The Big Bang Theory?Read Replies (0)
By EditorDavid from Slashdot's thinking-of-the-children department
Russian trolls "seem to be using vaccination as a wedge issue, promoting discord in American society," according to a new study shared by long-time Slashdot reader skam240.
"The topic became another issue the Russian trolls seized upon to widen existing rifts in America and turn citizens against each other," reports NBC News.
But Fortune reports there's more to the story:
While the latest study highlights how Russian outfits have increasingly used social media to toy with people's emotions to influence their behavior, it's also notable for the fact that most Twitter users appeared to have ignored its anti-vaccine messages... Outside of the Russian trolls, virtually no real Twitter users actually responded to the messages, said the paper's author David Broniatowski, an assistant professor in at George Washington University's School of Engineering and Applied Science. Generally, Russian trolls try to exploit controversial topics like religion, and race and class division, but "sometimes they get it hilariously wrong," he said.
Broniatowski attributed the campaign's failure to the content of the tweets, which included: "VaccinateUS mandatory #vaccines infringe on constitutionally protected religious freedoms;" "Did you know there was a secret government database of #vaccine-damaged children? #VaccinateUS;" and "Dont get #vaccines. Iluminati are behind it. #VaccinateUS." The messages were so far-fetched that even people who believe in conspiracy theories chose to ignore them.Read Replies (0)
By EditorDavid from Slashdot's Clippy-not-included department
An anonymous reader quotes the Washington Examiner:
The Energy Department is participating in a major push with electric utility Southern and a company founded by Microsoft founder Bill Gates to develop small nuclear power reactors that are less expensive and more efficient than their much larger cousins. "Molten salt reactors are getting a reboot," the Energy Department tweeted late Wednesday, offering a schematic of a battery-like power plant module that "could power America's energy"... The Department of Energy linked to a detailed description of how its Oak Ridge National Laboratory and other federal labs are teaming up with Southern Company, a big coal utility with several nuclear plants, and Gates' TerraPower to test and develop a type of reactor that uses liquefied sodium "as both coolant and fuel."
These liquid-metal reactors are sometimes referred to as nuclear batteries because they are small, self-contained units, which theoretically can be deployed anywhere, although the version being tested at Oak Ridge appears to be one requiring a permanent structure and housing. TerraPower was awarded a $40 million award by the Energy Department in 2016 to pursue the project.
Currently it's in the "early design phase" to assess commercial viability, but testing will begin in 2019, "which will help validate the reactor's safety systems for license certification by the Nuclear Regulatory Commission."Read Replies (0)