By EditorDavid from Slashdot's opening-source department
"A Russian defense agency was allowed to review the cyberdefense software used by the Pentagon to protect its computer networks," writes new submitter quonset. "This according to Russian regulatory records and interviews with people with direct knowledge of the issue." Reuters reports:
The Russian review of ArcSight's source code, the closely guarded internal instructions of the software, was part of Hewlett Packard Enterprise's effort to win the certification required to sell the product to Russia's public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman. Six former U.S. intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack. "It's a huge security vulnerability," said Greg Martin, a former security architect for ArcSight. "You are definitely giving inner access and potential exploits to an adversary."
It's another example of the problems security companies face when they try to do business internationally, according to Reuters. "One reason Russia requests the reviews before allowing sales to government agencies and state-run companies is to ensure that U.S. intelligence services have not placed spy tools in the software."
Long-time Slashdot reader bbsguru has his own worries. "So, opening your code for review because it is demanded by a potential customer? What could possibly go wrong? HPE may find out, and the U.S. Military is among the many clients depending on the answer."Read Replies (0)
By EditorDavid from Slashdot's bitcoin-and-beards department
"Drug dealer caught because of BitCoin usage," writes Slashdot reader DogDude. TechSpot reports:
38-year-old French national Gal Vallerius stands accused of acting as an administrator, senior moderator, and vendor for dark web marketplace Dream Market, where visitors can purchase anything from heroin to stolen financial data. Upon arriving at Atlanta international airport on August 31, Vallerius was arrested and his laptop searched. U.S. Drug Enforcement Administration agents allegedly discovered $500,000 of Bitcoin and Bitcoin cash on the computer, as well a Tor installation and a PGP encryption key for someone called OxyMonster...
In addition to his role with the site, agents had identified OxyMonster as a major seller of Oxycontin and crystal meth. "OxyMonster's vendor profile featured listings for Schedule II controlled substances Oxycontin and Ritalin," testified DEA agent Austin Love. "His profile listed 60 prior sales and five-star reviews from buyers. In addition, his profile stated that he ships from France to anywhere in Europe." Investigators discovered OxyMonster's real identity by tracing outgoing Bitcoin transactions from his tip jar to wallets registered to Vallerius. Agents then checked his Twitter and Instagram accounts, where they found many writing similarities, including regular use of quotation marks, double exclamation marks, and the word "cheers," as well as intermittent French posts. The evidence led to a warrant being issued for Vallerius' arrest.
U.S. investigators had been monitoring the site for nearly two years, but got their break when Vallerius flew to the U.S. for a beard-growing competition in Austin, Texas. He now faces a life sentence for conspiracy to distribute controlled substances.Read Replies (0)
By EditorDavid from Slashdot's un-harsh-realities department
Eloking quotes Windows Central:
At an event in San Francisco, HoloLens inventor Alex Kipman outlined the future of Windows Mixed Reality, which Redmond seems to believe is the future of computing. Whether or not it is remains to be seen, but either way, there will be no shortage of Windows Mixed Reality headsets this holiday season, with perhaps the most compelling option coming from Samsung.
The $500 Samsung HMD Odyssey sports dual AMOLED eye displays, complete with a 110-degree field of view. This could potentially make a huge difference in the quality of the Windows Mixed Reality experience for two reasons. First, AMOLED displays can generate deeper blacks and more vibrant colors than your average OLED or LCD screen. Second, all other Windows Mixed Reality headsets we've seen have a 95-degree FoV. The Samsung headset will be more immersive because there will be less dead space in your peripheral vision.
The headset -- which comes with motion controllers -- is expected to launch in one month.Read Replies (0)
By EditorDavid from Slashdot's and-buy-my-book department
Tim O'Reilly, publisher of geeky books, "seizes on this singular moment in history" for a futuristic new book of his own, according to this interview with Steven Levy. An anonymous reader writes:
When it comes to artificial intelligence, O'Reilly sees a reason for optimism in the fact that we're already discussing biased algorithms. ("We had plenty of bias before but we couldn't see it.") O'Reilly ultimately believes AI won't take away our jobs, and even argues that we're defining it all wrong. "What we now call AI is just the next stage of us weaving our intelligence together into a greater whole. If you think about the internet as weaving all of us together, transmitting ideas, in some sense an AI might be the equivalent of a multi-cellular being and we're its microbiome, as opposed to the idea that an AI will be like the golem or the Frankenstein. If that's the case, the systems we are building today, like Google and Facebook and financial markets, are really more important than the fake ethics of worrying about some far future AI.
"We tend to be afraid of new technology and we tend to demonize it, but to me, you have to use it as an opportunity for introspection. Our fears ultimately should be of ourselves and other people."
O'Reilly calls financial markets "the first rogue AI," while also priasing innovators like Elon Musk and Jeff Bezos for moving humankind in new and positive directions. And he also calls Uber "a good metaphor for what's right and wrong in tech" because of its clashes with both its drivers and city governments. "It's interesting that Lyft, which has been both more cooperative in general and better to drivers, is gaining share. That indicates there's a competitive advantage in doing it right, and you can only go so far being an ass."Read Replies (0)
By EditorDavid from Slashdot's rise-of-the-machines department
Slashdot reader mmiscool shares some videos about "the next step in 3D printing":
Autodrop3d is an open source system that solves the problem of needing a human to remove a 3D print from its print bed. Implemented as an open source hardware and software system, it allows for web based, multi-user print queue, automatic notifications, and web-based CAD design tools to all be integrated in one open source system. There's a video that shows the hardware in operation and a link to the web site with a Git repository for the software and hardware components.
Autodrop3D is now raising money on Kickstarter, promising to show their support for open source innovation by "releasing all of our documentation, design files, and software prior to the end of this Kickstarter campaign."
And for $75 pledges, "we will 3D print an object of your choice and mail it to you.... You will also receive our heartfelt thanks."Read Replies (0)
By EditorDavid from Slashdot's those-who-don't-know-teach department
Slashdot reader Orome1 quotes Help Net Security:
A group of Virginia Tech researchers has analyzed hundreds of posts on Stack Overflow, a popular developer forum/Q&A site, and found that many of the developers who offer answers do not appear to understand the security implications of coding options, showing a lack of cybersecurity training. Another thing they discovered is that, sometimes, the most upvoted posts/answers contain insecure suggestions that introduce security vulnerabilities in software, while correct fixes are less popular and visible simply because they have been offered by users with a lower reputation score...
The researchers concentrated on posts relevant to Java security, from both software engineering and security perspectives, and on posts addressing questions tied to Spring Security, a third-party Java framework that provides authentication, authorization and other security features for enterprise applications... Developers are frustrated when they have to spend too much time figuring out the correct usage of APIs, and often end up choosing completely insecure-but-easy fixes such as using obsolete cryptographic hash functions, disabling cross-site request forgery protection, trusting all certificates in HTTPS verification, or using obsolete communication protocols. "These poor coding practices, if used in production code, will seriously compromise the security of software products," the researchers pointed out.
The researchers blame "the rapidly increasing need for enterprise security applications, the lack of security training in the software development workforce, and poorly designed security libraries." Among their suggested solutions: new developer tools which can recognize security errors and suggest patches.Read Replies (0)
By BeauHD from Slashdot's long-running-speculation department
According to software company Futuremark, Apple doesn't intentionally slow down older iPhones when it releases new software updates as a way to encourage its customers to buy new devices. MacRumors reports: Starting in 2016, Futuremark collected over 100,000 benchmark results for seven different iPhone models across three versions of iOS, using that data to create performance comparison charts to determine whether there have been performance drops in iOS 9, iOS 10, and iOS 11. The first device tested was the iPhone 5s, as it's the oldest device capable of running iOS 11. iPhone 5s, released in 2013, was the first iPhone to get a 64-bit A7 chip, and iOS 11 is limited to 64-bit devices. Futuremark used the 3DMark Sling Shot Extreme Graphics test and calculated all benchmark scores from the iPhone 5s across a given month to make its comparison. The higher the bar, the better the performance, and based on the testing, GPU performance on the iPhone 5s has remained constant from iOS 9 to iOS 11 with just minor variations that Futuremark says "fall well within normal levels." iPhone 5s CPU performance over time was measured using the 3DMark Sling Shot Extreme Physics test, and again, results were largely consistent. CPU performance across those three devices has dropped slightly, something Futuremark attributes to "minor iOS updates or other factors."Read Replies (0)
By BeauHD from Slashdot's golden-brown department
turkeydance shares a report from The Telegraph: If you struggle to get a tan, consider yourself a night owl or are plagued with arthritis, then your Neanderthal ancestors could be to blame, a new genetic study has shown. Although Neanderthals are often portrayed in drawings as swarthy, in fact they arrived in Northern Europe thousands of years before modern humans, giving time for their skin to become paler as their bodies struggled to soak up enough sun. When they interbred with modern humans those pale genes were passed on. Likewise, genetic mutations which predispose people to arthritis also came from our Neanderthal ancestors, as did the propensity to be a night owl rather than a lark, as northern latitudes altered their body clocks. A raft of new papers published in the journals Science and the American Journal of Human Genetics has shed light on just how many traits we owe to our Neanderthal ancestors.
Scientists also now think that differences in hair color, mood and whether someone will smoke or have an eating disorder could all be related to inter-breeding, after comparing ancient DNA to 112,000 British people who took part in the UK Biobank study. The Biobank includes genetic data along with information on many traits related to physical appearance, diet, sun exposure, behavior, and disease and helps scientists pick apart which traits came from Neanderthals. Dr Janet Kelso, of the Max Planck Institute for Evolutionary Anthropology, in Germany, said: "We can now show that it is skin tone, and the ease with which one tans, as well as hair color that are affected."Read Replies (0)
By BeauHD from Slashdot's it's-a-bird-it's-a-plane-it's-a-butterfly department
dryriver shares a report from BBC: A colorful, shimmering spectacle detected by weather radar over the U.S. state of Colorado has been identified as swarms of migrating butterflies. Scientists at the National Weather Service (NWS) first mistook the orange radar blob for birds and had asked the public to help identifying the species. They later established that the 70-mile wide (110km) mass was a kaleidoscope of Painted Lady butterflies. Forecasters say it is uncommon for flying insects to be detected by radar. "We hadn't seen a signature like that in a while," said NWS meteorologist Paul Schlatter, who first spotted the radar blip. "We detect migrating birds all the time, but they were flying north to south," he told CBS News, explaining that this direction of travel would be unusual for migratory birds for the time of year. So he put the question to Twitter, asking for help determining the bird species. Almost every response he received was the same: "Butterflies." Namely the three-inch long Painted Lady butterfly, which has descended in clouds on the Denver area in recent weeks. The species, commonly mistaken for monarch butterflies, are found across the continental United States, and travel to northern Mexico and the U.S. southwest during colder months. They are known to follow wind patterns, and can glide hundreds of miles each day.Read Replies (0)
By BeauHD from Slashdot's security-breach department
Disqus, a company that builds and provides a web-based comment plugin for news websites, said Friday that hackers stole more than 17.5 million email addresses in a data breach in July 2012. "About a third of those accounts contained passwords, salted and hashed using the weak SHA-1 algorithm, which has largely been deprecated in recent years in favor of stronger password scramblers," reports ZDNet. From the report: Some of the exposed user information dates back to 2007. Many of the accounts don't have passwords because they signed up to the commenting tool using a third-party service, like Facebook or Google. The theft was only discovered this week after the database was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned, who then informed Disqus of the breach. The company said in a blog post, posted less than a day after Hunt's private disclosure, that although there was no evidence of unauthorized logins, affected users will be emailed about the breach. Users whose passwords were exposed will have their passwords force-reset. The company warned users who have used their Disqus password on other sites to change the password on those accounts.Read Replies (0)
By BeauHD from Slashdot's final-stretch department
Last month, it was reported that T-Mobile is close to agreeing tentative terms on a deal to merge with Sprint. Now, it appears that negotiations between the two companies are almost complete. Android Police reports: The report claims that Sprint and T-Mobile are putting the finishing touches on the merger, which will likely be announced at the quarterly earnings report at the end of this month. Some of the current discussion topics include Sprint's valuation (estimated to be around $29 billion), the location of the combined company's headquarters, and appointments to the executive management team. The merge is not expected to include a breakup/termination fee, meaning if one company backed out of the deal, there would be no financial penalty. This would align both companies to lobby government regulators for approval without any conflicts of interest. After AT&T called off its buyout of T-Mobile in 2011 due to government opposition, the company paid a $4 billion breakup fee to T-Mobile, which helped strengthen T-Mobile as a competitor. The report notes that while T-Mobile and Sprint's quarterly earnings reports have not been set, T-Mobile's was on October 24 last year, and Sprint's was the next day.Read Replies (0)
By msmash from Slashdot's interesting-perspective department
The building blocks of the web have become its intellectual Achilles' heel, Quartz reports. Links have turned against us, and they're making it impossible to read and learn. From a report: I know, you got here via a link. Links are crucial for navigation and seem instinctively useful to journalism. But when they're embedded within an article that should be a calm, focused learning experience, they are a gateway to distraction and information addiction. A 2005 study suggested that "increased demands of decision-making and visual processing" in text with links reduced reading comprehension -- a challenge we face every day as we try to parse the web's infinite information. Last week, one of my favorite publications ran a thoughtful, well-written article that I could barely read. It contained 57 links in less than 2,000 words. Today, the top five articles on the New York Times and the Wall Street Journal averaged a link every 197 words -- that's one link for every minute of reading. Since the advent of the written word, there's only been one reason to change the color, style or weight of text: emphasis. Your eye is trained to pause and assign added importance to any word that carries a different style than the words before it. A great article deserves focus, and it's almost impossible to achieve any level of focus when random words are emphasized for no reason other than their association with a previous article or the fact that they refer to an outside resource. Read the full story on Quartz.Read Replies (0)