By EditorDavid from Slashdot's uh-oh department
An anonymous reader quotes Reuters:
Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday. The magazine, called c't, said it was aware of Intel Corp's plans to patch the flaws, adding that some chips designed by ARM Holdings, a unit of Japan's Softbank, might be affected, while work was continuing to establish whether Advanced Micro Devices chips were vulnerable... The magazine said Google Project Zero, one of the original collective that exposed Meltdown and Spectre in January, had found one of the flaws and that a 90-day embargo on going public with its findings would end on May 7...
"Considering what we have seen with Meltdown and Spectre, we should expect a long and painful cycle of updates, possibly even performance or stability issues," said Yuriy Bulygin, chief executive officer of hardware security firm Eclypsium and a former Intel security researcher. "Hopefully, Meltdown and Spectre led to improvements to the complicated process of patching hardware."
Neowin now reports that Intel "is expected to release microcode updates in two waves; one in May, and the other in August."Read Replies (0)
By EditorDavid from Slashdot's fake-understandings department
Three executives from Facebook, Twitter, and YouTube appeared at Stanford to discuss free speech in the social media age, with one law professor raising concerns about how the online giants are curating their services.
All three tech executives talked about increasing transparency and authenticity. But all acknowledge that nothing is foolproof and political speech in particular is most difficult to regulate, if it should be at all. "That puts a lot of control in the hands of the companies sitting here in term of what kind of speech is allowed to have the global reach," said Juniper Downs, YouTube's global head of public policy and government relations. "That is a responsibility we take very seriously and something we owe to the public and a civil society...."
Facebook is making information available on its platform to researchers to help understand the effect of Facebook usage on elections. Still, Facebook's Vice President of Public Policy Elliot Schrage urged caution. "There is no agreement whatsoever on the prevalence of false news and fake propaganda on our platform," he said. "We have no real understanding of what the scope of misinformation is." He suggested that despite these chaotic times, "I do think we should be pretty modest and circumspect in the approaches we take." Social media companies need to find creative ways to improve the spread of information, Schrage said. But it won't be easy. "No one company," he said, "is going to solve this problem."Read Replies (0)
By EditorDavid from Slashdot's alternate-universes department
Slashdot reader krisdickie is a developer for embedded devices (and many other systems), and spends a lot of time being proactive about security.
This is obviously important, and I don't necessarily see it as a distraction, but rather a complex problem that has some added thrill to being solved. I can't help but wonder though if I (and my team) would have been X times more productive or have come up with some amazing new concept or feature, if we didn't have to deal with implementing security measures.
In a utopian world, where there are no bad actors, we would have likely forfeited many of the systems and ideas that have been put into place to prevent bad things from happening. So my question is -- are we more technically advanced because of the thoughtfulness that has gone into creating these systems?
Or are we just losing precious resources and time dealing with the necessity of protecting ourselves from the perilous few?
Share your own thoughts in the comments. Is the world better or worse off because of our ongoing development of security tech?Read Replies (0)
By EditorDavid from Slashdot's speedy-delivery department
Virgin Hyperloop One just announced that they're teaming with the supply-chain firm DP World to build hyperloop-enabled cargo systems. An anonymous reader quotes CNN:
Called DP World Cargospeed, the venture claims it will be able to "deliver freight at the speed of flight and close to the cost of trucking..." So far Virgin Hyperloop One's test capsule has reached speeds of 387 kmph (240 mph), but the company predicts it will send cargo at a top speed of 1,000 kmph (621 mph). In a blog post by Virgin Hyperloop One CEO Rob Lloyd, he calculated a four-day truck journey could be cut to 16 hours. While costs are estimated to run 50% higher than truck transit, Cargospeed believes it can be over five-times cheaper than air freight...
In the announcement, time-sensitive goods such as food and medical supplies were highlighted as items that could benefit from hyperloop's speed. Renders released with the announcement suggest there are plans to integrate drone delivery into the supply chain too.
Virgin Hyperloop One also released a slick video about the venture promising that they're "pushing the boundaries of innovation."
The Washington Post reports that company officials "said they hoped to start construction on a test site in India next year."Read Replies (0)
By EditorDavid from Slashdot's example:-Equifax department
Long-time Slashdot reader Mr_Blank quotes the senior science writer at FiveThirtyEight on a new type of privacy violation:
It's what happens when one person's voluntary disclosure of personal information exposes the personal information of others who had no say in the matter. Your choices didn't cause the breach. Your choices can't prevent it, either. Welcome to a world where you can't opt out of sharing, even if you didn't opt in... We all saw this in action in the recent Cambridge Analytica scandal. The "privacy of the commons" is how the 270,000 Facebook users who actually downloaded the "thisisyourdigitallife" app turned into as many as 87 million users whose data ended up in the hands of a political marketing firm.
Much of the narrative surrounding that scandal has focused on what individuals should be doing to protect themselves. But that idea that privacy is all about your individual decisions is part of the problem, said Julie Cohen, a technology and law professor at Georgetown University. "There's a lot of burden being put on individuals to have an understanding and mastery of something that's so complex that it would be impossible for them to do what they need to do," she said...
[E]xperts say these examples show that we need to think about online privacy less as a personal issue and more as a systemic one. Our digital commons is set up to encourage companies and governments to violate your privacy. If you live in a swamp and an alligator attacks you, do you blame yourself for being a slow swimmer? Or do you blame the swamp for forcing you to hang out with alligators? There isn't yet a clear answer for what the U.S. should do. Almost all of our privacy law and policy is framed around the idea of privacy as a personal choice, Cohen said. The result: very little regulation addressing what data can be collected, how it should be protected, or what can be done with it.Read Replies (0)
By EditorDavid from Slashdot's bizarre-billionaires department
A recent Bloomberg article describes Elon Musk's "bizarre" conference call on Wednesday -- and its aftermath on Wall Street.
Elon Musk told investors not to buy Tesla Inc. shares if they can't stomach volatility. They got the message. The comments -- part of a bizarre, heated conference call after the close Wednesday -- sent the electric-car maker's stock plunging. Tesla fell as much as 8.6 percent Thursday after the chief executive officer rejected analysts' questions on another quarter in which the company burned more than $1 billion in cash.
Investors had shorted a total of more than 40 million shares by Thursday -- the most ever in Tesla history -- and despite a rise in Tesla's stock price on Friday, they shorted 500,000 more shares.
Wired argues that Musk "clearly is avoiding some hard questions about Tesla's financial viability. But it's equally true that the call exposed how limited Wall Street can be about visions for the future and what it takes to create new templates for doing old things." This clash was highlighted by Musk's response to "sober questions by respected Wall Street analysts" like Toni Sacconaghi.
Musk brushed him off, sniping that "bonehead, boring questions are not cool." To add insult to that injury, Musk then fielded questions from a YouTube user, who proceeded to dominate a call normally open only to significant Wall Street analysts. That did not sit well with the Street, and Sacconaghi lambasted Musk the next day on CNBC with the rather clever jab, "This is a financial analyst call, this is not a TED talk."
Friday, Musk returned fire, with tweets asserting that the question was boneheaded because the analyst already knew the answer and was asking purely to advocate a negative thesis about the company.
But Barron's replayed the conference call, and argued that Musk was mistaken, reporting that "the analyst wanted to know about capital requirements, not expenditures."Read Replies (0)
By EditorDavid from Slashdot's fishing-chips department
An anonymous reader quotes BleepingComputer: Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike. Only patches for Windows 10 versions were affected, the researcher wrote today in a tweet. Microsoft quietly fixed the issue on Windows 10 Redstone 4 (v1803), also known as the April 2018 Update, released on Monday. "Welp, it turns out the Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation," Ionescu wrote. Ionescu pointed out that older versions of Windows 10 are still running with outdated and bypass-able Meltdown patches. Wednesday Microsoft issued a security update, but it wasn't to backport the "fixed" Meltdown patches for older Windows 10 versions. Instead, the emergency update fixed a vulnerability in the Windows Host Compute Service Shim (hcsshim) library (CVE-2018-8115) that allows an attacker to remotely execute code on vulnerable systems.Read Replies (0)
By EditorDavid from Slashdot's dying-young department
Long-time Slashdot reader Okian Warrior quotes Live Science:
The CEO of a biomedical startup who sparked controversy when he injected himself with an untested herpes treatment in front of a live audience in February has died, according to an email sent to Live Science. Aaron Traywick, the CEO of Ascendance Biomedical, was found dead at 11:30 a.m. ET on Sunday (April 29) in a spa room in Washington, D.C., according to a statement provided to Live Science by the Metropolitan Police Department (MPD) of the District of Columbia. Traywick was 28 years old. According to the website News2Share.com, Traywick was found in a flotation tank. Flotation tanks are soundproof pods filled with body-temperature saltwater that are used to promote "sensory deprivation."
Vice News reports that Traywick had "lost touch" with co-workers at his company more than four weeks ago, adding that "Disagreements over the company's direction and philosophical differences over how to best distribute its creations split the small startup."
MIT Technology Review reports that Traywick, "who had no formal medical training, was also planning to test an experimental lung cancer treatment that supposedly involved the gene-editing tool CRISPR. The therapy was to be offered at a clinic in Tijuana, Mexico, just a few miles over the U.S. border... An employee at the Tijuana clinic, International BioCare Hospital & Wellness Center, confirmed in a phone interview that doctors there were working with Traywick to set up the trial but won't be moving forward with it after his death...
"In December, the American Society for Gene and Cell Therapy issued a statement warning patients about unregulated gene therapies, saying such procedures are potentially dangerous and unlikely to provide any benefit."Read Replies (0)
By EditorDavid from Slashdot's we-the-people department
Supporters gathered 625,000 signatures to put the "California Consumer Privacy Act" on the ballot in November -- far exceeding the 365,880 signatures needed to qualify. The Mercury News reports:
The proposed initiative aims to allow consumers to see what personal information companies are collecting about them and ask the companies to stop selling that information, and also seeks to hold businesses accountable for data breaches. "Today is a major step forward in our campaign, and an affirmation that California voters care deeply about the fundamental privacy protections provided in the California Consumer Privacy Act," said Alastair Mactaggart, the San Francisco real estate developer who is bankrolling the measure. He has spent $1.65 million on the effort, according to filings with the California secretary of state.
The measure is opposed by companies such as AT&T, Comcast, Verizon and Google, which have all donated $200,000 each to fight the measure. Facebook has also given $200,000 to the opposition. However, Facebook last month said it would leave the effort to fight the initiative.
The article notes that Facebook's decision to stop publicly opposing the privacy measure occurred "around the time Facebook CEO Mark Zuckerberg was testifying to Congress about the company's Cambridge Analytica privacy scandal."Read Replies (0)
By EditorDavid from Slashdot's MaliceVille department
Slashdot reader lod123 quotes ThreatPost:
At least 25,936 malicious apps are currently using one of Facebook's APIs, such as a login API or messaging API. These allow apps to access a range of information from Facebook profiles, like name, location and email address. Trustlook discovered the malicious apps using a formula, which created a risk score for apps based on more than 80 pieces of information for each app, including permissions, libraries, risky API calls and network activity... A malicious app (with a risk score above 7) "might be doing things such as capturing pictures and audio when the app is closed, or making an unusually large amount of network calls," a spokesperson told Threatpost...
To be fair, Facebook is not the only company with its APIs embedded in malicious applications... "The problem, for the most part, is that this is data that is provided when their login is used elsewhere. The API is simply passing through intelligence it has gathered from their profile," said Chris Roberts, chief security architect at Acalvio, via email. "LinkedIn, Google and Twitter, among others, have similarly flawed APIs that can be used to harvest information both about you (the target) and possibly associated individuals...depending upon queries and other developer privileges that are being exploited."
A Trustlook spokesperson summarized their position after the report. "Just as Coke does not want its ads running on certain websites, Facebook should not want malicious app developers using its APIs."Read Replies (0)
By EditorDavid from Slashdot's music-to-their-ears department
An anonymous reader writes:
Pandora's stock had its best day ever on Wall Street, rising more than 25% after reporting their subscription and other revenue had surged 61.3 percent to $104.7 million.
Previous users have apparently been lured back with targeted marketing touting a new service that lets users briefly play their favorite songs on demand if they'll watch a short ad. "Pandora said it ended the quarter with 5.63 million subscribers to its Pandora Plus and Pandora Platinum paid services, which was 19 percent higher than the same period a year ago," reports one Silicon Valley newspaper. March saw more former users returning than in the same month a year ago -- for the first time in 18 months.
And an important factor was switching from brand-based marketing to data-based marketing -- that is, "using the information that Pandora has on users' listening preferences." Pandora's Chief Executive brags to MarketWatch that "We really have world-class data-science capabilities. We just never used them in our own marketing."
Revenue for the quarter rose to $319.2 million, up 12 percent over the first quarter of 2017... But Pandora is still losing money. The company posted a net loss of $131.7 million, a slight improvement on the $132.3 million loss in Q1 2017. Overall engagement is down year-over-year, with active listeners dropping 4 percent to 72.3 million. Listener hours dipped from 5.21 billion to 4.96 billion.Read Replies (0)
By EditorDavid from Slashdot's mission-to-Mars department
"This is a big day. We're going back to Mars," said one NASA official, presiding over this morning's launch of the first Mars surface craft to lift off since 2011. CNN reports:
The Atlas V 401 rocket also carried two suitcase-size spacecraft, designed to orbit Mars, as it blasted into the dark and cloudy sky, which turned bright gold for seconds as the rocket ascended in a plume of smoke... After a six-month journey, if it all goes as planned, InSight -- whose name is short for Interior Exploration using Seismic Investigations, Geodesy and Heat Transport -- will touch down just north of the Martian equator on November 26, joining five other NASA spacecraft operating on and above Mars.
The 790-pound (358-kilogram) probe will then begin its two-year science mission to seek the "fingerprints" of the processes that formed the rocky planets of the solar system. It will measure the planet's "vital signs: 'its "pulse' (seismology), 'temperature' (heat flow) and 'reflexes' (precision tracking)," according to NASA. The explorer doesn't have wheels, so it can't roll around gathering up dirt to study. But it does have a 7.8-foot-long (2.4-meter) robotic arm. The arm will place a seismometer on the ground to detect "marsquakes" (think earthquakes, but on Mars, of course). InSight also will burrow 10 to 16 feet into the crust of Mars, going 15 times deeper than any previous Martian mission, according to NASA.
The rocket is carrying two briefcase-sized satellites (named Wall-E and Eva) which will demonstrate that cubesats can survey journeys to other planets.
Two microchips have also been affixed to the lander carrying the names of 2.4 million space enthusiasts -- including William Shatner.Read Replies (0)
By BeauHD from Slashdot's disappearing-into-thin-air department
An anonymous reader quotes a report from The Globe and Mail: Canada's best and brightest computer engineering graduates are leaving for jobs in Silicon Valley at alarmingly high rates, fueling a worse "brain drain" than the mass exodus by Canadian doctors two decades ago, according to a new study. The study, led by Zachary Spicer, a senior associate with the Munk School of Global Affairs' Innovation Policy Lab at University of Toronto, found one-in-four recent science, technology, engineering and math (STEM) graduates from three of the country's top universities -- University of Waterloo, University of British Columbia and U of T -- were working outside Canada. The numbers were higher for graduates of computer engineering and computer science (30 percent), engineering science (27 percent) and software engineering, where two out three graduates were working outside Canada, mostly in the United States. Nearly 44 percent of those working abroad were employed as software engineers, with Microsoft, Google, Facebook and Amazon listed as top employers.Read Replies (0)
By BeauHD from Slashdot's end-of-the-road department
In a blog post on Friday, Nvidia announced it is "pulling the plug" on the GeForce Partner Program (GPP) due to the company's unwillingness to combat "rumors" and "mistruths" about the platform. The GPP has only been active for a couple of months. It was launched as a way for gamers to know exactly what they're buying when shopping for a new gaming PC. "With this program, partners would provide full transparency regarding the installed hardware and software in their products," reports Digital Trends. From the report: Shortly after the launch, unnamed sources from add-in card and desktop/laptop manufacturers came forward to reveal that the program will likely hurt consumer choice. Even more, they worried that some of the agreement language may actually be illegal while the program itself could disrupt the current business they have with AMD and Intel. They also revealed one major requirement: The resulting product sports the label "[gaming brand] Aligned Exclusively with GeForce." As an example, if Asus wanted to add its Republic of Gamers (RoG) line to Nvidia's program, it wouldn't be allowed to sell RoG products with AMD-based graphics. Of course, manufacturers can choose whether or not to join Nvidia's program, but membership supposedly had its "perks" including access to early technology, sales rebate programs, game bundling, and more.
According to Nvidia, all it asked of its partners was to "brand their products in a way that would be crystal clear." The company says it didn't want "substitute GPUs hidden behind a pile of techno-jargon." Specifications for desktops and laptops tend to list their graphics components and PC gamers are generally intelligent shoppers that don't need any clarification. Regardless, Nvidia is pulling the controversial program because the "rumors, conjecture, and mistruths go far beyond" the program's intent.Read Replies (0)
By BeauHD from Slashdot's completely-meaningless department
An anonymous reader shares an excerpt from an article via The Guardian, written by David Graeber: One day, the wall shelves in my office collapsed. This left books scattered all over the floor and a jagged, half-dislocated metal frame that once held the shelves in place dangling over my desk. I'm a professor of anthropology at a university. A carpenter appeared an hour later to inspect the damage, and announced gravely that, as there were books all over the floor, safety rules prevented him from entering the room or taking further action. I would have to stack the books and not touch anything else, whereupon he would return at the earliest available opportunity. The carpenter never reappeared. Each day, someone in the anthropology department would call, often multiple times, to ask about the fate of the carpenter, who always turned out to have something extremely pressing to do. By the time a week was out, it had become apparent that there was one man employed by buildings and grounds whose entire job it was to apologize for the fact that the carpenter hadn't come. He seemed a nice man. Still, it's hard to imagine he was particularly happy with his work life.
< article continued at Slashdot's completely-meaningless department
>Read Replies (0)
By BeauHD from Slashdot's fortune-and-glory department
Yale physicists have uncovered hints of a time crystal, a form of matter that "ticks" when exposed to an electromagnetic pulse, in a child's toy. The discovery means there are now new puzzles to solve, in terms of how time crystals form in the first place. Yale News reports: Ordinary crystals such as salt or quartz are examples of three-dimensional, ordered spatial crystals. Their atoms are arranged in a repeating system, something scientists have known for a century. Time crystals, first identified in 2016, are different. Their atoms spin periodically, first in one direction and then in another, as a pulsating force is used to flip them. That's the "ticking." In addition, the ticking in a time crystal is locked at a particular frequency, even when the pulse flips are imperfect.
Monoammonium phosphate (MAP) crystals are considered so easy to grow that they are sometimes included in crystal growing kits aimed at youngsters. It would be unusual to find a time crystal signature inside a MAP crystal, [Yale Physics professor Sean Barrett] explained, because time crystals were thought to form in crystals with more internal "disorder." The researchers used nuclear magnetic resonance (NMR) to look for a DTC signature -- and quickly found it. Another unexpected thing happened, as well. "We realized that just finding the DTC signature didn't necessarily prove that the system had a quantum memory of how it came to be," said Yale graduate student Robert Blum, a co-author on the studies. "This spurred us to try a time crystal 'echo,' which revealed the hidden coherence, or quantum order, within the system," added Rovny, also a Yale graduate student and lead author of the studies. The findings are described in a pair of studies, one in the journal Physical Review Letters and the other in the journal Physical Review B.Read Replies (0)