By BeauHD from Slashdot's preferentially-treated department
An anonymous reader quotes a report from Gizmodo: The U.S. Department of Housing and Urban Development has filed an official discrimination complaint against Facebook, saying the site's dizzying array of advertising tools makes it simple for advertisers to illegally exclude wide swathes of the population from seeing housing ads, Politico wrote on Friday. In a press release, HUD wrote that Facebook's "targeted advertising" model more or less constitutes a way for said advertisers to skirt the federal Fair Housing Act, specifically by excluding members of protected categories: "HUD claims Facebook enables advertisers to control which users receive housing-related ads based upon the recipient's race, color, religion, sex, familial status, national origin, disability, and/or zip code. Facebook then invites advertisers to express unlawful preferences by offering discriminatory options, allowing them to effectively limit housing options for these protected classes under the guise of 'targeted advertising.'"
< article continued at Slashdot's preferentially-treated department
>Read Replies (0)
By EditorDavid from Slashdot's in-the-dirt department
Elon Musk's Boring Company wants to build a transit tunnel connecting Dodger Stadium to a Los Angeles' subway station. An anonymous reader quotes GeekWire:
The Boring Company laid out the plan for the Dugout Loop on its website, saying that the linkup could take baseball fans and concertgoers to the stadium in less than four minutes for a roughly $1 fare. This ride would be nothing like your typical subway trip: Loopers could book their tickets in advance, through an app-based reservation system that's similar to what's used to purchase theater tickets, or buy them over the phone or in person for a given time (say, 5:45 p.m. heading for the stadium).
At least initially, the Dugout Loop clientele would be limited to about 1,400 people per event, or roughly 2.5 percent of stadium capacity. The Boring Company says that capacity could be doubled over time. Loopers would board electric-powered pods (also known as "skates") that are based on the Tesla Model X auto design and are capable of carrying 8 to 16 passengers at a time. The skates would be lowered into the tunnel system, and sent autonomously at speeds of 125 to 150 mph from one terminal to the other. The Boring Company says it'll cover the cost of digging the roughly 3.6-mile tunnel with no public funding sought.
The Boring Company's site says this project will preempt construction of their proof-of-concept tunnel under Los Angeles' Sepulveda Boulevard.
"The Boring Company has made technical progress much faster than expected and has decided to make its first tunnel in Los Angeles an operational one, hence Dugout Loop!"Read Replies (0)
By EditorDavid from Slashdot's disinterested-in-interviews department
An anonymous reader quotes CNN Money:
Chandra Kill had scheduled face-to-face interviews with 21 candidates to fill some job openings at her employment screening firm. Only 11 showed up. "About half flaked out," said Kill.... "A year or two ago it wasn't like this." With the U.S. unemployment rate at its lowest in 18 years, and more job openings than there are people looking for work, candidates are bailing on scheduled interviews. In some cases, new hires are not showing up for their first day of work....
While there's nothing wrong with accepting another job offer, bailing on an employer without notice could have lasting effects. "The world is small," said Johnny Taylor, president and CEO of the Society for Human Resource Management.... He added that he's heard of a candidate being flown out for a job interview only to skip that part of the trip. "I expect that if I send you a plane ticket and block off two hours to meet with you, you will show up." As a result, he said some companies are having candidates agree to reimburse for travel costs if they take the trip but flake on the interview.
In an effort to curb the problem, recruiters have been changing their tactics and moving through the hiring process faster. If they have a qualified candidate that seems like a good fit, they work to get them in for an interview the next day.
Inc. magazine once blamed the problem of no-shows on the low unemployment rate and "the effects technology have had on the communication style of younger generations." But leave your own thoughts in the comments.
And have you ever been a no-show for a job interview?Read Replies (0)
By EditorDavid from Slashdot's see-no-evil department
An anonymous reader quotes the Associated Press:
Egypt's President Abdel-Fattah el-Sissi has ratified an anti-cybercrime law that rights groups say paves the way for censoring online media. The law, published Saturday in the country's official gazette, empowers authorities to order the blocking of websites that publish content considered a threat to national security. Viewers attempting to access blocked sites can also be sentenced to one year in prison or fined up to EGP100,000 ($5,593) under the law. Last month, Egypt's parliament approved a bill placing personal social media accounts and websites with over 5,000 followers under the supervision of the top media authority, which can block them if they're found to be disseminating false news.
"Authorities say the new measures are needed to tackle instability and terrorism," reports the BBC.
"But human rights groups accuse the government of trying to crush all political dissent in the country."Read Replies (0)
By EditorDavid from Slashdot's alternate-open-source-web-browsers department
Long-time Slashdot reader tdailey spotted a new version of Pale Moon, a customised version of Firefox optimized for speed and efficiency. Beta News reports it's the first major update since November of 2016:
There are virtually no visual or obvious changes in this new major build, but the under-the-hood changes are both extensive and necessary.... Despite all the updates, Moonchild is keen to stress certain things haven't changed -- unlike Firefox, for example, Pale Moon continues to support NPAPI plugins, complete themes and a fully customizable user interface. There is also no DRM built into the browser, although third-party plugins such as Silverlight are supported. It will also continue to work with certain "legacy" plugins of the type abandoned by Firefox.
Pale Moon strips out what one reviewer calls "little-used components" of Firefox, including parental controls and accessbility features, as well as crash reports and support for Internet Explorer's ActiveX and ActiveX scripting technology.
"Proving that open source leads to great development, Pale Moon takes the already decent Firefox web browser and makes it even better and a faster."Read Replies (0)
By EditorDavid from Slashdot's long-and-short-of-it department
An anonymous reader quotes Fortune:
Investors betting that Tesla stock will lose value -- so-called "shorts" -- have made $1.2 billion since CEO Elon Musk first tweeted about taking the company private. Much of that gain came on Friday, after the New York Times published a revealing, emotional interview with Musk that drove Tesla stock down nearly 9%. The tally comes from a report released Friday by stock analytics firm S3 Partners. The Friday collapse helped reverse a price spike after Musk's August 7 Tweet saying he was "considering taking Tesla private at $420," about 18% higher than the stock's market value at the time.
According to S3, the subsequent surge in Tesla stock cost short positions $1.3 billion. But soon after, it became clear that Musk had exaggerated the certainty of his funding, and the SEC began a probe of his statements, driving the stock back down. On Friday, the Times interview with Musk detailed his 120-hour work weeks, lack of social life, and reliance on Ambien to sleep. That sent the stock down 9% in one day, for a total drop of 19% over 10 days. That gave $2.5 billion back to the shorts, for a net gain of $1.2 billion since Musk's going-private tweet.
Tesla remains the most-shorted stock on the American stock exchanges, and the researchers note that only 4% of shorts have actually cashed in these on-paper gains.Read Replies (0)
By EditorDavid from Slashdot's not-passing-Go department
An anonymous reader quotes the Sophos security blog:
The Australian government wants to force companies to help it get at suspected criminals' data. If they can't, it would jail people for up to a decade if they refuse to unlock their phones. The country's Assistance and Access Bill, introduced this week for public consultation, strengthens the penalties for people who refuse to unlock their phones for the police. Under Australia's existing Crimes Act, judges could jail a person for two years for not handing over their data. The proposed Bill extends that to up to ten years, arguing that the existing penalty wasn't strong enough...
[C]ompanies would be subject to two kinds of government order that would compel them to help retrieve a suspect's information. The first of these is a "technical assistance notice" that requires telcos to hand over any decryption keys they hold. This notice would help the government in end-to-end encryption cases where the target lets a service provider hold their own encryption keys. But what if the suspect stores the keys themselves? In that case, the government would pull out the big guns with a second kind of order called a technical capability notice. It forces communications providers to build new capabilities that would help the government access a target's information where possible. In short, the government asks companies whether they can access the data. If they can't, then the second order asks them to figure out a way....
The government's explanatory note says that the Bill could force a manufacturer to hand over detailed specs of a device, install government software on it, help agencies develop their own "systems and capabilities", and notify agencies of major changes to their systems.
< article continued at Slashdot's not-passing-Go department
>Read Replies (0)
By EditorDavid from Slashdot's virtually-private department
"A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions," reports Bleeping Computer, citing research presented last week at the Black Hat and DEF CON security conferences. An anonymous reader writes:
The conditions are that the VPN service/client uses the OpenVPN protocol and that the VPN app compresses the HTTP traffic before it encrypts it using TLS. To make matters worse, the OpenVPN protocol compresses all data by default before sending it via the VPN tunnel. At least one VPN provider, TunnelBear, has now updated its client to turn off the compression. [UPDATE: ExpressVPN has since also disabled compression to prevent VORACLE attacks.]
HTTPS traffic is safe, and only HTTP data sent via the VPN under these conditions can be recovered. Users can also stay safe by switching to another VPN protocol if their VPN client suppports multiple tunneling technologies.
In response to the security researcher's report, the OpenVPN project "has decided to add a more explicit warning in its documentation regarding the dangers of using pre-encryption compression."Read Replies (0)
By EditorDavid from Slashdot's seeking-CVEs department
Long-time Slashdot reader Mike Bouma shares a paper (via OS News) making the case for "a small microkernel as the core of the trusted computing base, with OS services separated into mutually-protected components (servers) -- in contrast to 'monolithic' designs such as Linux, Windows or MacOS."
While intuitive, the benefits of the small trusted computing base have not been quantified to date. We address this by a study of critical Linux CVEs [PDF] where we examine whether they would be prevented or mitigated by a microkernel-based design. We find that almost all exploits are at least mitigated to less than critical severity, and 40% completely eliminated by an OS design based on a verified microkernel, such as seL4....
Our results provide very strong evidence that operating system structure has a strong effect on security. 96% of critical Linux exploits would not reach critical severity in a microkernel-based system, 57% would be reduced to low severity, the majority of which would be eliminated altogether if the system was based on a verified microkernel. Even without verification, a microkernel-based design alone would completely prevent 29% of exploits...
The conclusion is inevitable: From the security point of view, the monolithic OS design is flawed and a root cause of the majority of compromises. It is time for the world to move to an OS structure appropriate for 21st century security requirements.Read Replies (0)
By EditorDavid from Slashdot's not-shopping-locally department
"Even as the White House began cracking down on U.S. work visas, major Silicon Valley technology firms last year dramatically ramped up hiring of workers under the controversial H-1B visa program," reports the Mercury News.
Menlo Park-based Facebook in 2017 received 720 H-1B approvals, a 53 percent increase over 2016, according to the National Foundation for American Policy, which obtained federal government data. Mountain View's Google received 1,213 H-1B approvals, a 31 percent increase. The number of H-1B approvals at Intel in Santa Clara rose 19 percent and Cupertino-based Apple received 673, a 7 percent increase.... [E]xperts say the data doesn't show how many additional H-1B contractors tech companies may get from staffing agencies or outsourcing companies. In response to this news organization's inquiries, Facebook said it does not publicly discuss its use of H-1B workers or contractors. Google, Apple and Intel did not respond to requests for information about their use of H-1B workers or contractors....
Amazon chalked up the largest increase in H-1B approvals, with 2,515 in 2017, a 78 percent leap. Microsoft received 1,479 approvals, an increase of 29 percent. Neither company responded to a request for comment.
A distinguished fellow at Carnegie Mellon's School of Engineering at Silicon Valley believes that the threat of a U.S. crackdown on H-1B visas may simply have prompted companies to secure as many visas as possible while they could.Read Replies (0)
By EditorDavid from Slashdot's cloaking-cleartext department
The systems and database administrator for a Fortune 500 company notes that while NFS is "decades old and predating Linux...the most obvious feature missing from NFSv4 is native, standalone encryption." emil (Slashdot reader #695) summarizes this article from Linux Journal:
NFS is the most popular remote file system in the Linux, UNIX, and greater POSIX community. The NFS protocol pushes file traffic over cleartext connections in the default configuration, which is poison to sensitive information.
TLS can wrap this traffic, finally bringing wire security to files vulnerable to compromise in transit. Before using a cloud provider's toolset, review NFS usage and encrypt where necessary.
The article's author complains that Google Cloud "makes no mention of data security in its documented procedures," though "the performance penalty for tunneling NFS over stunnel is surprisingly small...."
"While the crusade against telnet may have been largely won, Linux and the greater UNIX community still have areas of willful blindness. NFS should have been secured long ago, and it is objectionable that a workaround with stunnel is even necessary."Read Replies (0)
By BeauHD from Slashdot's and-so-it-begins department
Netflix has confirmed that it will start airing video ads for other Netflix series between episodes. These ads will reportedly only be for Netflix content, not outside products or content, and will, at least for now, only appear for a "segment" of Netflix's user base. Ars Technica reports: The news emerged via user reports, particularly on the primary Netflix Reddit community, in which users claimed that ads for entirely different series would play between episodes of a given show's binging. One initial claim said that "unskippable" ads for the AMC series Better Call Saul appeared between episodes of Rick & Morty, and that this ad appeared while using Netflix's smart TV app on an LG set in the UK. Replies to that thread included an allegation that a video ad for I Am A Killer (a Netflix-produced true-crime series) appeared between episodes of the animated comedy Bob's Burgers.
In a statement given to Ars Technica, Netflix described the change as follows: "We are testing whether surfacing recommendations between episodes helps members discover stories they will enjoy faster." The reasoning, Netflix's statement says, comes from its last controversial decision: to add auto-playing videos, complete with unmuteable audio, while browsing through Netflix content. Netflix offered one major rebuttal to at least one Reddit claim, pointing out that the ads for Netflix content are entirely skippable.Read Replies (0)
By BeauHD from Slashdot's everything-in-moderation department
An anonymous reader quotes a report from the BBC: In the study, published in The Lancet Public Health, 15,400 people from the U.S. filled out questionnaires on the food and drink they consumed, along with portion sizes. From this, scientists estimated the proportion of calories they got from carbohydrates, fats, and protein. After following the group for an average of 25 years, researchers found that those who got 50-55% of their energy from carbohydrates (the moderate carb group) had a slightly lower risk of death compared with the low and high-carb groups. Researchers estimated that, from the age of 50, people in the moderate carb group were on average expected to live for another 33 years. This was: four years more than people who got 30% or less of their energy from carbs (extra-low-carb group); 2.3 years more than the 30%-40% (low-carb) group; and 1.1 years more than the 65% or more (high-carb) group.
The scientists then compared low-carb diets rich in animal proteins and fats with those that contained lots of plant-based protein and fat. They found that eating more beef, lamb, pork, chicken and cheese in place of carbs was linked with a slightly increased risk of death. But replacing carbohydrates with more plant-based proteins and fats, such as legumes and nuts, was actually found to slightly reduce the risk of mortality.Read Replies (0)
By BeauHD from Slashdot's fashion-over-function department
It's a well-documented, often criticized phenomenon that women's pockets are too small to fit a smartphone, but "there's been very little data to back up a wealth of anecdotal evidence," writes Megan Farokhmanesh via The Verge. Now, The Pudding has used scientific findings to fill this absence. From the report: According to The Pudding's findings, pockets in women's jeans are, on average, 48 percent shorter and 6.5 percent narrower than those of men's. To put this into a perspective we all care about, the site says that only 40 percent of women's front pockets can completely fit a iPhone X. The number only goes down for the Samsung Galaxy or Google Pixel (20 percent and 5 percent, respectively, though the report doesn't specify which model) of the flagships). As for men's pockets? The Pudding marks a 100 percent success rate for the iPhone X, 95 percent for the Samsung Galaxy, and 85 percent for the Google Pixel. "If you're thinking 'But men are bigger than women,' then sure, on average that's true," the site adds. "But here we measured 80 pairs of jeans that all boasted a 32 inch waistband, meaning that these jeans were all made to fit the same size person."Read Replies (0)