By EditorDavid from Slashdot's remote-inoculations department
"Now when a machine is compromised it takes days or weeks for someone to notice and then days or weeks -- or never -- until a patch is put out," says Carnegie Mellon professor David Brumley. "Imagine a world where the first time a hacker exploits a vulnerability he can only exploit one machine and then it's patched." An anonymous reader quotes MIT Technology Review:
Last summer the Pentagon staged a contest in Las Vegas in which high-powered computers spent 12 hours trying to hack one another in pursuit of a $2 million purse. Now Mayhem, the software that won, is beginning to put its hacking skills to work in the real world... Teams entered software that had to patch and protect a collection of server software, while also identifying and exploiting vulnerabilities in the programs under the stewardship of its competitors... ForAllSecure, cofounded by Carnegie Mellon professor David Brumley and two of his PhD students, has started adapting Mayhem to be able to automatically find and patch flaws in certain kinds of commercial software, including that of Internet devices such as routers.
Tests are underway with undisclosed partners, including an Internet device manufacturer, to see if Mayhem can help companies identify and fix vulnerabilities in their products more quickly and comprehensively. The focus is on addressing the challenge of companies needing to devote considerable resources to supporting years of past products with security updates... Last year, Brumley published results from feeding almost 2,000 router firmware images through some of the techniques that powered Mayhem. Over 40%, representing 89 different products, had at least one vulnerability. The software found 14 previously undiscovered vulnerabilities affecting 69 different software builds. ForAllSecure is also working with the Department of Defense on ideas for how to put Mayhem to real world use finding and fixing vulnerabilities.Read Replies (0)
By EditorDavid from Slashdot's goodbye-to-an-API department
The Netscape Plugins API is "an ancient plugins infrastructure inherited from the old Netscape browser on which Mozilla built Firefox," according to Bleeping Computer.
But now an anonymous reader writes: Starting March 7, when Mozilla is scheduled to release Firefox 52, all plugins built on the old NPAPI technology will stop working in Firefox, except for Flash, which Mozilla plans to support for a few more versions. This means technologies such as Java, Silverlight, and various audio and video codecs won't work on Firefox. These plugins once helped the web move forward, but as time advanced, the Internet's standards groups developed standalone Web APIs and alternative technologies to support most of these features without the need of special plugins. The old NPAPI plugins will continue to work in the Firefox ESR (Extended Support Release) 52, but will eventually be deprecated in ESR 53. A series of hacks are available that will allow Firefox users to continue using old NPAPI plugins past Firefox 52, by switching the update channel from Firefox Stable to Firefox ESR.Read Replies (0)
By EditorDavid from Slashdot's our-chemical-romance department
dryriver quotes CNN:
Most of the time, when you order fast food, you know exactly what you're getting: an inexpensive meal that tastes great but is probably loaded with fat, cholesterol and sodium. But it turns out that the packaging your food comes in could also have a negative impact on your health, according to a report published Wednesday in the journal Environmental Science & Technology Letters. The report found fluorinated chemicals in one-third of the fast food packaging researchers tested.
These chemicals are favored for their grease-repellent properties. Along with their use in the fast food industry, fluorinated chemicals -- sometimes called PFASs -- are used "to give water-repellant, stain-resistant, and non-stick properties to consumer products such as furniture, carpets, outdoor gear, clothing, cosmetics (and) cookware," according to a news release that accompanied the report. "The most studied of these substances (PFOSs and PFOAs) has been linked to kidney and testicular cancer, elevated cholesterol, decreased fertility, thyroid problems and changes in hormone functioning, as well as adverse developmental effects and decreased immune response in children."
The chemicals can migrate into your food, says one of the study's authors, who suggests removing it from the packaging as quickly as possible. (You might also request your french fries in a paper cup, which are free from "chemicals of concern".) But they also suggest pressuring fast food chains to remove the chemicals from their packaging, and the president of the Foodservice Packaging Institute acknowledges that after the study concluded in 2015, fluorochemical-free packaging was introduced.Read Replies (0)
By EditorDavid from Slashdot's server-subpoenas department
Every year Google receives more than 25,000 requests from U.S. authorities for "disclosures of user data in criminal matters," according to a U.S. judge's recent ruling. But this one is different. An anonymous reader quotes Reuters:
A U.S. judge has ordered Google to comply with search warrants seeking customer emails stored outside the U.S., diverging from a federal appeals court that reached the opposite conclusion in a similar case involving Microsoft. U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure...because there was "no meaningful interference" with the account holder's "possessory interest" in the data sought.
"Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States," Rueter wrote... The ruling came less than seven months after the 2nd U.S. Circuit Court of Appeals in New York said Microsoft could not be forced to turn over emails stored on a server in Dublin, Ireland that U.S. investigators sought in a narcotics case.
Google announced they'd appeal the case, saying "We will continue to push back on overbroad warrants."Read Replies (0)
By EditorDavid from Slashdot's doing-it-yourself department
The Verge's Paul Miller has some harsh words for the $242 open source DIY laptop kit TERES-I from Olimex.
Instead of buying one hyper-integrated board that has all of the laptop's brains and I/O on it, you buy several little boards and wire them together. Then you put them inside a mostly finished case built by Olimex -- although if you want to go ultra DIY you can 3D print your own case, too. Everything, from the shell's CAD design to the motherboard's wiring, is available on GitHub for perusal or modification, and the modular nature of the internals means you can add a more powerful chipset or modify just about anything you find unsatisfying about the computer if you have the know-how or if Olimex or others offer compatible parts.
But, unfortunately, almost everything about this laptop is unsatisfying right now. It runs a quad-core ARM64 chip, though x86 and MIPS chips might be offered later on. It has a tiny 11.6-inch screen, a huge bezel, a tiny trackpad, a cramped-looking keyboard, and a whole lot of plastic. The OS (Linux, naturally) runs off a microSD card. At least the LCD comes in a 1080p variant, because the default 1366 x 768 resolution is a real throwback. There's even 802.11n Wi-Fi, which has me questioning what decade it is.
But are there any better alternatives? In the comments share your own thoughts about open source laptop kits.Read Replies (0)
By EditorDavid from Slashdot's protocols-for-productivity department
Three researchers "decided to scan the entire IPv4 address range every 15 minutes between 2006-2012 to work out what insights they could gain from humanity's mass connection to the internet," reports ITnews.
The study...analysed data from 411 large regions from middle to high-income countries and found a positive correlation between GDP per capita and the number of IP addresses per head. A 10% increase in IP addresses per capita was associated with an 0.8% hike in GDP, the analysis found. The researchers cautioned that the output and productivity growth they noted when the number of IP address increased was correlation rather than causation. Service-oriented sectors -- such as publishing, news, film production, administrative support, and education -- appear to have suffered a negative effect from increasing internet penetration [PDF]. The researchers believe these sectors were susceptible to competition from cheaper outsourcing providers.
Slashdot Bismillah pointed out that the researchers also measured sleeping patterns over seven years, assuming IP addresses of internet-connected devices generally correlated to people who were awake. According to the article, "They found that sleep patterns may be changing and converging around the world: Europeans slept less, East Asians more, while Americans' sleeping patterns remained static over the seven-year period."Read Replies (0)
By EditorDavid from Slashdot's to-block-or-not-to-block department
Slashdot reader dryriver writes:
I've noticed a disturbing trend while trying to resolve a rather tricky tech issue by asking questions on a number of internet forums. The number of people who don't help at all with problems but rather butt into threads with unhelpful comments like "Why would you want to do that in the first place?" or "why don't you look at X poorly written documentation page " was staggering. One forum user with 1,500+ posts even posted "you are such a n00b if you can't figure this out" in my question thread, even though my tech question wasn't one that is obvious or easy to resolve...
I seem to remember a time when people helped each other far more readily on the internet. Now there seems to be a new breed of forum user who a) hangs out at a forum socially all day b) does not bother to help at all and c) gets a kick out of telling you things like "what a stupid question" or "nobody will help you with that here" or similar... Where have the good old days gone when people much more readily gave other people step-by-step tips, tricks, instructions and advice?
The original submission claims the ratio of unhelpful comments to helpful ones was 5 to 1. Has anyone else experienced this? And if so, what's the best response? Leave your best answers in the comments. How do you deal with aggressive forum users?Read Replies (0)
By EditorDavid from Slashdot's apps-for-apartments department
"For years, Airbnb was the friendly foil to Uber, aiming to work with cities rather than against them," writes Slashdot reader mirandakatz. "But as it grew and regulatory challenges mounted, the startup had to grow fangs." She shares an excerpt from a new book called The Upstarts: How Uber, Airbnb, and the Killer Companies of the New Silicon Valley Are Changing the World.
The reality people saw often depended on where their sympathies lay. Regulators, left-wing politicians, hotel CEOs, union leaders, affordable housing advocates, and angry neighbors tired of carousing guests saw Airbnb as nothing but a rule breaker from the far-away land of arrogant, entitled billionaires. Investors, hosts, property owners struggling to make their monthly mortgage payments, travel-discount shoppers, and high-tech aficionados tended to believe in the startup with good intentions that was disrupting the stultified hospitality industry.
The book is by Brad Stone, who also wrote The Everything Store: Jeff Bezos and the Rise of Amazon. He describes how "good AirBNB" got Portland to eliminate the $4,000 permits for B&Bs by agreeing to collect lodging taxes from AirBNB hosts (and by opening a Portland call center). But his excerpt ends as "momentum was shifting" against AirBNB in New York City, as powerful hotels and their service employee unions convinced city lawmakers that legitimizing the company would be "politically radioactive" -- while the company's CEO "was going to fight for every inch of territory".Read Replies (0)
By EditorDavid from Slashdot's ready-player-one department
Pong's creator is now "a grizzled guy in his mid-70s" who believes there's a market for people who'd prefer to try out virtual reality headsets at videogame arcades. An anonymous reader quotes MIT Technology Review:
In 1972, Atari founder Nolan Bushnell invented Pong, a version of table tennis that, in many ways, launched the video-game industry. Forty-five years later, Bushnell is using that same simple game to test the waters for virtual-reality arcade gaming. Bushnell's latest venture is a company called Modal VR, which is building its own wireless virtual-reality headsets and games that it plans to roll out in places like arcades, malls, and movie theaters in the coming months.
Bushnell's company has built three games -- a fighting game called Mythic Combat and Project Zenith a first-person shooter set in outer space. (More than 16 players can gather in the same virtual space.) Their third game, a VR adaptation of Pong "was originally put together as a joke, in homage to Bushnell's past -- but the company decided to use the simple two-player game anyway to demonstrate what it's working on at the World's Fair Nano technology fair in San Francisco in late January."
The article describes players who "donned a prototype bulky black headset and played Pong in virtual reality, running from side to side to control the game's simple white paddles -- which a smiling Bushnell said was fitting because "we're at the Pong stage of VR."Read Replies (0)
By EditorDavid from Slashdot's chasing-its-Tails department
All of its outgoing connections are routed through Tor, and it even blocks non-anonymous connections. You can carry it around on a USB stick, and Edward Snowden uses it. But a big change is coming with Tails 3.0. BrianFagioli quotes BetaNews: Unfortunately for some users, Tails will soon not work on their computers. The upcoming version 3.0 of the operating system is dropping 32-bit processor support. While a decline in compatibility is normally a bad thing, in this case, it is good. You see, because there are so few 32-bit Tails users, the team was wasting resources by supporting them. Not to mention, 64-bit processors are more secure too... "In the beginning of 2016, only 4% of Tails users were still using a 32-bit computer. Of course, some of these computers will keep working for a while. But once the number had fallen this low, the benefits of switching Tails to 64-bit outweighed the reasons we had to keep supporting 32-bit computers," says the Tails team... "In the last few years, the developers who maintain Tails have spent lots of time addressing such issues. We would rather see them spend their time in ways that benefit our users on the long term, and not on problems that will vanish when Tails switches to 64-bit eventually."Read Replies (0)
By EditorDavid from Slashdot's new-from-New-Mexico department
"It's not often that a scientific discipline gains a 23-satellite constellation overnight," reports Science magazine, describing 16 years worth of radiation measurements from GPS satellites finally released by Los Alamos National Lab. "Although billions of people globally use data from GPS satellites, they remain U.S. military assets."
Scientists have long sought the data generated by sensors used to monitor the status of the satellites, which operate in the heavy radiation of medium-Earth orbit and can be vulnerable to solar storms. But few have been allowed to tap this resource... That attitude changed in October 2016, when the outgoing Obama administration issued an executive order aimed at preparing the country for extreme space weather. Such bursts in charged particles, originating in a solar flare or coronal mass ejection, could disable the electrical power grid or divert flights away from the Arctic, where radiation exposure is heightened. The GPS data, which dates from December 2000, fill a hole in studies of space weather, the complex interplay of Earth's magnetic field with bombarding radiation from cosmic rays and the sun.Read Replies (0)
By EditorDavid from Slashdot's preserving-your-posts department
Kaspersky Lab surveyed 16,750 people and concluded that often negative experiences on social experience overpower their positive effects -- and they're doing something about it. JustAnotherOldGuy pointed us to their latest announcement.
59% have felt unhappy when they have seen friends' posts from a party they were not invited to, and 45% revealed that their friends' happy holiday pictures have had a negative influence on them. Furthermore, 37% also admitted that looking at past happy posts of their own can leave them with the feeling that their own past was better than their present life. Previous research has also demonstrated peoples' frustration with social media as 78% admitted that they have considered leaving social networks altogether. The only thing that makes people stay on social media is the fear of losing their digital memories, such as photos, and contacts with their friends.
To help people decide more freely if they want to stay in social media or leave without losing their digital memories, Kaspersky Lab is developing a new app -- FFForget will allow people to back up all of their memories from the social networks they use and keep them in a safe, encrypted memory container and will give people the freedom to leave any network whenever they want, without losing what belongs to them -- their digital lives.
The FFForget app will be released in 2017, but there's already a web page where you can sign up for early access. Kaspersky plans to monetize this by creating both a free version of the app -- limited to one social network -- and a $1.99-per-month version which automatically backs up social content from Facebook, Google, Twitter, and Instagram in real-time with a fancier interface and more powerful encryption.Read Replies (0)
By EditorDavid from Slashdot's stupid-surveys department
Peter Thiel recently complained parts of Silicon Valley are "hyper-politically correct" about sexual activity, and shared a friend's theory that conservative parts of America tolerate Silicon Valley "because people there just don't have that much sex. They're not having that much fun." Long-time Slashdot reader SonicSpike quotes Business Insider's investigation into Thiel's claim.
Silicon Valley has the highest ratio of single men to single women... (However, it's worth noting that the San Francisco metropolitan area also has the highest ratio of people who identify as LGBT in the U.S.) In fact, Dr. Sandra Lindholm, a sex therapist and clinical psychologist in the Bay Area, recently told Forbes that she's now seeing an uptick in young, male clients who complain about a variety of sexual challenges and issues. "They're coming to sex therapy because they don't feel they have time or energy for sex," Lindhold said.
Some of the common issues include low sexual desire, difficulty meeting women, and performance issues. Plus, she points out people in tech generally have a reputation for being introverted. Another particular issue that frequently comes up is what she calls "tech overload": people spend so much time on their gadgets that they "forget about being in the moment." Although there's no official data on Silicon Valley's sex frequency, a 2012 survey by condom maker Trojan revealed that Bay Area residents had the least amount of sex and the shortest time in bed, in a sample of 10 major US cities including New York, Chicago, Miami, and so on.Read Replies (0)
By EditorDavid from Slashdot's print-on-demand department
Last year an attacker forced thousands of unsecured printers to spew racist and anti-semitic messages. But this year's attack is even bigger. An anonymous reader writes: A grey-hat hacker going by the name of Stackoverflowin has pwned over 150,000 printers that have been left accessible online. For the past 24 hours, Stackoverflowin has been running an automated script that searches for open printer ports and sends a rogue print job to the target's device. The script targets IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections. From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung. The printed out message included recommendations for printer owners to secure their device. The hacker said that people who reached out were very nice and thanked him.
The printers apparently spew out an ASCII drawing of a robot, along with the words "stackoverflowin the hacker god has returned. your printer is part of a flaming botnet... For the love of God, please close this port." The messages sometimes also include a link to a Twitter feed named LMAOstack.Read Replies (0)
By EditorDavid from Slashdot's rescued-by-Rust department
An anonymous reader quotes InfoWorld:
After version 53, Firefox will require Rust to compile successfully, due to the presence of Firefox components built with the language. But this decision may restrict the number of platforms that Firefox can be ported to -- for now... Rust depends on LLVM, which has dependencies of its own -- and all of them would need to be supported on the target platform. A discussion on the Bugzilla tracker for Firefox raises many of these points...
What about proper support for Linux distributions with long-term support, where the tools available on the distro are often frozen, and where newer Rust features might not be available? What about support for Firefox on "non-tier-1" platforms, which make up a smaller share of Firefox users? Mozilla's stance is that in the long run, the pain of transition will be worth it. "The advantage of using Rust is too great," according to maintainer Ted Mielczarek. "We normally don't go out of our way to make life harder for people maintaining Firefox ports, but in this case we can't let lesser-used platforms restrict us from using Rust in Firefox."
InfoWorld points out most Firefox users won't be affected, adding that those who are should "marshal efforts to build out whatever platforms need Rust support." Since most users just want Mozilla to deliver a fast and feature-competitive browser, the article concludes that "The pressure's on not only to move to Rust, but to prove the move was worth it."Read Replies (0)