By EditorDavid from Slashdot's census-fail department
Slashdot reader River Tam explains the crash of Australia's online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics "were offered DDoS prevention services from their upstream provider...and said they didn't need it." From an article on CSO:
The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected... Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site's operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site.
In an unfortunate confluence of events, IBM's security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site's operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack...these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site...Read Replies (0)
By EditorDavid from Slashdot's taking-some-license department
An anonymous Slashdot reader quotes ITWire:
Linux kernel developer Christoph Hellwig has lost his case against virtualisation company VMware, which he had sued in March 2015 for violation of version 2 of the GNU General Public Licence... The case claimed that VMware had been using Hellwig's code right from 2007 and not releasing source code as required. The Linux kernel, which is released under the GNU GPL version 2, stipulates that anyone who distributes it has to provide source code for the same...
In its ruling, the court said that Hellwig had failed to prove which specific lines of code VMware had used, from among those over which he claimed ownership.
In a statement, Hellwig said he plans to appeal, adding that "The ruling concerned German evidence law; the Court did not rule on the merits of the case, i.e. the question whether or not VMware has to license the kernel of its product vSphere ESXi 5.5.0 under the terms of the GNU General Public License, version 2." The Software Freedom Conservancy has described the lawsuit as "the regretful but necessary next step in both Hellwig and Conservancy's ongoing effort to convince VMware to comply properly with the terms of the GPLv2, the license of Linux and many other Open Source and Free Software included in VMware's ESXi products."Read Replies (0)
By EditorDavid from Slashdot's I-see-you-are-writing-a-subroutine department
The National Science Foundation is developing a way to create working code using "automated program synthesis," a new technology called ExCAPE "that provides human operators with automated assistance.... By removing the need for would-be programmers to learn esoteric programming languages, the method has the potential to significantly expand the number of people engaged in programming in a variety of disciplines, from personalized education to robotics." Rajeev Alur, who leads a team of researchers from America's nine top computer science programs, says that currently software development "remains a tedious and error-prone activity."
Slashdot reader the_insult_dog writes:
While its lofty goals of broadly remaking the art of programming might not be realized, the research has already made some advances and resulted in several tools already in use in areas such as commercial software production and education...
For example, the NSF created a new tool (which they've recently patented) called NetEgg, which generates code for controlling software-defined networks, as well as Automata Tutor and AutoProf, which provide automated feedback to computer science students.Read Replies (0)
By EditorDavid from Slashdot's an-unexpected-journey department
Random web surfers could send a text message or even upload an image to be displayed on the back glass of Mark Lachniet's pinball machine, according to Mael517, while the machine itself webcast footage of both its playing field and backglass using Twitch. Interestingly, all the extra functionality was coded directly into the machine, according to Lachniet, who added only the webcam and an ethernet cord. The Hobbit [machine] has a whole bunch of hardware that I don't really understand and can barely fix... However, it has a computer in its guts, and this I can mostly understand. After identifying the pinball machine's motherboard, CPU, operating system (Ubuntu) and an SQL database, Lachniet was able to backup its software, and then create his own modifications. He envisions more possibilities -- for example, the ability to announce high scores on social media accounts or allow remote servicing of the machine. Lachniet even sees the possibility of a world-wide registry of pinball game scores with each player's location overlaid on Google Maps "so you could view pinball hot spots and where the high scores were coming from," and maybe even networking machines together to allow real-time global competition."Read Replies (0)
By EditorDavid from Slashdot's bit-flipping-tricks department
An anonymous Slashdot reader writes:
Hacking researchers have uncovered a new attack technique which can alter the memory of virtual machines in the cloud. The team, based at Vrije Universiteit, Amsterdam, introduced the attack, dubbed Flip Feng Shui (FFS)...and explained that hackers could use the technique to crack the keys of secured VMs or install malicious code without it being noticed...
Using FFS, the attacker rents a VM on the same host as their chosen victim. They then write a memory page which they know exists on the vulnerable memory location and let it de-duplicate. The identical pages, with the same information, will merge in order to save capacity and be stored in the same part of memory of the physical computer. This allows the hacker to change information in the general memory of the computer.
The researchers demonstrated two attacks on Debian and Ubuntu systems -- flipping a bit to change a victim's RSA public key, and installing a software package infected with malware by altering a URL used by apt-get. "Debian, Ubuntu and other companies involved in the research were notified before the paper was published, and have all responded to the issue."Read Replies (0)
By EditorDavid from Slashdot's reusable-rockets department
Saturday a SpaceX rocket completed the company's fourth successful landing at sea (watched by over 100,000 viewers on YouTube and Flickr). Saturday's landing means Elon Musk's company has now recovered more than half the rockets they've launched. An anonymous Slashdot reader quotes Saturday's report from The Verge:
Tonight's landing was particularly challenging for SpaceX... The Falcon 9 had to carry its onboard satellite -- called JCSAT-16 -- into...a highly elliptical orbit that takes the satellite 20,000 miles out beyond Earth's surface. Getting to GTO requires a lot of speed and uses up a lot of fuel during take off, more so than getting to lower Earth orbit. That makes things difficult for the rocket landing afterward...there's less fuel leftover for the vehicle to reignite its engines and perform the necessary landing maneuvers.
CEO Elon Musk said the company is aiming to launch its first landed rocket sometime this fall...SpaceX's president, Gwynne Shotwell, estimates that reusing these landed Falcon 9 vehicles will lead to a 30 percent reduction in launch costs.
SpaceX named their drone ship "Of Course I Still Love You."Read Replies (0)
By EditorDavid from Slashdot's predicting-the-future department
"The world's next energy revolution is probably no more than five or ten years away," reports The Telegraph. "Cutting-edge research into cheap and clean forms of electricity storage is moving so fast that we may never again need to build 20th Century power plants in this country..." Slashdot reader mdsolar quotes their article:
The US Energy Department is funding 75 projects developing electricity storage, mobilizing teams of scientists at Harvard, MIT, Stanford, and the elite Lawrence Livermore and Oak Ridge labs in a bid for what it calls the "Holy Grail" of energy policy. You can track what they are doing at the Advanced Research Projects Agency-Energy (ARPA-E). There are plans for hydrogen bromide, or zinc-air batteries, or storage in molten glass, or next-generation flywheels, many claiming "drastic improvements" that can slash storage costs by 80pc to 90pc and reach the magical figure of $100 per kilowatt hour in relatively short order. "Storage is a huge deal," says Ernest Moniz, the U,S. Energy Secretary and himself a nuclear physicist. He is now confident that the U.S. grid and power system will be completely "decarbonized" by the middle of the century.
One energy consultant predicts the energy storage market will be worth $90 billion in 2025 -- 100 times larger than it is today.Read Replies (0)
By EditorDavid from Slashdot's car-alarm department
Long-time Slashdot reader chicksdaddy quotes a report from Security Ledger:
One of every five software vulnerabilities discovered in vehicles in the last three years are rated "critical" and are unlikely to be resolved through after the fact security fixes, according to an analysis by the firm IOActive. "These are the high priority 'hair on fire' vulnerabilities that are easily discovered and exploited and can cause major impacts to the system or component," the firm said in its report...
The bulk of vulnerabilities that were identified stemmed from a failure by automakers and suppliers to follow security best practices including designing in security or applying secure development lifecycle (SDL) practices to software creation... The result is that vehicle cybersecurity vulnerabilities are not solvable using "bolt-on" solutions, IOActive concluded...
The article argues we're years away from standards or regulations, while describing auto-makers as "wedded to the notion that keeping the details of their systems secret will ensure security."Read Replies (0)
By EditorDavid from Slashdot's memories-of-1993 department
An anonymous reader writes: Tim Gihring at MinnPost talks to the creators of what was, briefly, the biggest thing in the internet, Gopher. Gopher, for those who don't know or have forgotten, was the original linked internet application, allowing you to change pages and servers easily, though a hierarchical menu system. It was quick, it was easy to use, and important for this day and age, it didn't have Flash.
The article remembers Tim Berners-Lee describing the idea of a worldwide web at a mid-March, 1992 meeting of the Internet Engineering Task Force, at a time when Gopher "was like the Web but more straightforward, and it was already working."
Gopher became magnitudes more popular -- both MTV and the White House announced Gopher sites -- leading to GopherCons around the country. Just curious -- how many Slashdot readers today remember using Gopher?Read Replies (0)
By EditorDavid from Slashdot's do-not-pass-Go department
He grew up in San Jose, and at the age of 25 sold his second online advertising company to Yahoo for $300 million just nine years ago. Friday Gurbaksh Chahal was sentenced to one year in jail for violating his probation on 47 felony charges from 2013, according to an article in The Guardian submitted by an anonymous Slashdot reader:
Police officials said that a 30-minute security camera video they obtained showed the entrepreneur hitting and kicking his then girlfriend 117 times and attempting to suffocate her inside his $7 million San Francisco penthouse. Chahal's lawyers, however, claimed that police had illegally seized the video, and a judge ruled that the footage was inadmissible despite prosecutors' argument that officers didn't have time to secure a warrant out of fear that the tech executive would erase the footage.
Without the video, most of the charges were dropped, and Chahal, 34, pleaded guilty to two misdemeanor battery charges of domestic violence... In Silicon Valley, critics have argued that Chahal's case and the lack of serious consequences he faced highlight the way in which privileged and wealthy businessmen can get away with serious misconduct.. On September 17, 2014, prosecutors say he attacked another woman in his home, leading to another arrest. Friday Chahal was released on bail while his lawyer appeals the one-year jail sentence for violating his probation.Read Replies (0)
By EditorDavid from Slashdot's voting-twice-for-$15 department
An anonymous Slashdot reader quotes a report from CBS News:
For the hackers at Symantec Security Response, Election Day results could be manipulated by an affordable device you can find online. "I can insert it, and then it resets the card, and now I'm able to vote again," said Brian Varner, a principle researcher at Symantec, demonstrating the device...
Symantec Security Response director Kevin Haley said elections can also be hacked by breaking into the machines after the votes are collected. "The results go from that machine into a piece of electronics that takes it to the central counting place," Haley said. "That data is not encrypted and that's vulnerable for manipulation."
40 states are using a voting technology that's at least 10 years old, according to the article. And while one of America's national election official argues that "there are paper trails everywhere," CBS reports that only 60% of states conduct routine audits of their paper trails, while "not all states even have paper records, like in some parts of swing states Virginia and Pennsylvania, which experts say could be devastating."Read Replies (0)
By EditorDavid from Slashdot's Second-Generation-Robotic-Droid-Series-2 department
An anonymous Slashdot reader quotes The Guardian:
The British actor who played R2-D2 in the Star Wars films has died at the age of 81 after a long illness. Kenny Baker, who was 3-feet 8-inches tall, shot to fame in 1977 when he first played the robot character.
He went on to play the character in The Empire Strikes Back and Return of the Jedi, as well as the three Star Wars prequels from 1999 to 2005. He also appeared in a number of other much loved films in the 1980s, including The Elephant Man, Time Bandits and Flash Gordon.
Baker's niece told the newspaper that "He brought lots of happiness to people and we'll be celebrating the fact that he was well loved throughout the world..."Read Replies (0)