By msmash from Slashdot's security-woes department
A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks. From a report: The app, downloaded by thousands of users, allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use. That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk. Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch. We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean, which took down the database within a day of reaching out. "We notified the user and have taken the [server] hosting the exposed database offline," a spokesperson told TechCrunch.Read Replies (0)
By msmash from Slashdot's how-about-that department
As Apple and Amazon compete for a greater share of consumer dollars and attention, they also have a particularly intimate business relationship: Apple is spending more than $30 million a month on Amazon's cloud, CNBC reported Monday, citing citing people familiar with the matter. From the report: Apple's cloud expenditure reflects the company's determination to deliver online services like iCloud quickly and reliably, even if it must depend on a rival to do so. [...] In a February job posting, Apple said it was looking for someone who could "lead and architect our growing AWS footprint." Indeed, that expenditure is on track to expand. At the end of March, Apple's spending was on track to average more than $30 million per month in the first quarter of 2019. That would be more than 10 percent higher than a year earlier, according to two people familiar with the spending. If Apple's AWS use stays at those levels for the rest of 2019, its annual spending would exceed $360 million. Apple spent approximately $350 million in 2018, one of these people said.Read Replies (0)
By msmash from Slashdot's shape-of-things-to-come department
The European Parliament voted last week to interconnect a series of border-control, migration, and law enforcement systems into a gigantic, biometrics-tracking, searchable database of EU and non-EU citizens. From a report: This new database will be known as the Common Identity Repository (CIR) and is set to unify records on over 350 million people. Per its design, CIR will aggregate both identity records (names, dates of birth, passport numbers, and other identification details) and biometrics (fingerprints and facial scans), and make its data available to all border and law enforcement authorities.
Its primary role will be to simplify the jobs of EU border and law enforcement officers who will be able to search a unified system much faster, rather than search through separate databases individually. "The systems covered by the new rules would include the Schengen Information System, Eurodac, the Visa Information System (VIS) and three new systems: the European Criminal Records System for Third Country Nationals (ECRIS-TCN), the Entry/Exit System (EES) and the European Travel Information and Authorisation System (ETIAS)," EU officials said last week.Read Replies (0)
By EditorDavid from Slashdot's manufacturing-machines department
elainerd (Slashdot reader #94,528) shares an article from The Next Web:
Scientists from Cornell University have successfully constructed DNA-based machines with incredibly life-like capabilities. These human-engineered organic machines are capable of locomotion, consuming resources for energy, growing and decaying, and evolving. Eventually they die.
That sure sounds a lot like life, but Dan Luo, professor of biological and environmental engineering in the College of Agriculture and Life Sciences at Cornell, who worked on the research, says otherwise. He told The Stanford Chronicle, "We are introducing a brand-new, lifelike material concept powered by its very own artificial metabolism. We are not making something that's alive, but we are creating materials that are much more lifelike than have ever been seen before." Just how lifelike? According to the research they're on par with biologically complex organisms such as mold.... "Dynamic biomaterials powered by artificial metabolism could provide a previously unexplored route to realize 'artificial' biological systems with regenerating and self-sustaining characteristics."
Basically, the Cornell team grew their own robots using a DNA-based bio-material, observed them metabolizing resources for energy, watched as they decayed and grew, and then programmed them to race against each other... Lead author on the team's paper, Shogo Hamada, told The Stanford Chronicle that "ultimately, the system may lead to lifelike self-reproducing machines."Read Replies (0)
By EditorDavid from Slashdot's cutting-classes department
"I want to just take my Chromebook back and tell them I'm not doing it anymore," said Kallee Forslund, 16, a 10th grader in Wellington.
The New York Times reports on a "rebellion" that started in Kansas against an online "personalized learning" program funded by Mark Zuckerberg and his wife, and developed by Facebook engineers -- including a classroom walk-out, a sit-in, and parent protests at public school board meetings.
Read the Times' pay-walled original article or this free alternate version. Some highlights:
Eight months earlier, public schools near Wichita had rolled out a web-based platform and curriculum from Summit Learning... Many families in the Kansas towns, which have grappled with underfunded public schools and deteriorating test scores, initially embraced the change. Under Summit's program, students spend much of the day on their laptops and go online for lesson plans and quizzes, which they complete at their own pace. Teachers assist students with the work, hold mentoring sessions and lead special projects. The system is free to schools. The laptops are typically bought separately.
Then, students started coming home with headaches and hand cramps. Some said they felt more anxious. One child began having a recurrence of seizures. Another asked to bring her dad's hunting earmuffs to class to block out classmates because work was now done largely alone. "We're allowing the computers to teach and the kids all looked like zombies," said Tyson Koenig, a factory supervisor in McPherson, who visited his son's fourth-grade class. In October, he pulled the 10-year-old out of the school. In a school district survey of McPherson middle school parents released this month, 77 percent of respondents said they preferred their child not be in a classroom that uses Summit. More than 80 percent said their children had expressed concerns about the platform...
< article continued at Slashdot's cutting-classes department
>Read Replies (0)
By EditorDavid from Slashdot's it's-go-time department
CNN tells the story of 24-year-old "social media influencer" Rossi Lorathio Adams II who'd wanted his domain to be the slogan of his social media sites (which at one point had over a million followers on Snapchat, Instagram and Twitter). Unfortunately, that domain was already owned by another man in Iowa -- but Adams came up with a solution:
In June 2017, Adams enlisted his cousin to break into the domain owner's home and force him to transfer it. The cousin drove to the domain owner's house and provided a demand note [which contained "a series of directions on how to change an Internet domain name from the domain owner's GoDaddy account to one of Adams' GoDaddy accounts."] After entering the home, the intruder grabbed the victim's arm and ordered him to connect his computer to the internet. He put the firearm against the victim's head and ordered him to follow the instructions.
"Fearing for his life, the victim quickly turned to move the gun away from his head. The victim then managed to gain control of the gun," court records show. The victim shot the intruder multiple times and called the police. The intruder, Adams' cousin Sherman Hopkins Jr., was sentenced to 20 years in prison last year. Now it's Adams' turn. He will remain in custody pending sentencing. He faces a maximum 20 years in prison, a $250,000 fine and three years of supervised release.Read Replies (0)
By EditorDavid from Slashdot's to-agree-press-1 department
Fast Company shares an essay from an anthropologist who researches human agency, algorithms, AI, and automation in the context of social systems:
With the advent of computational tools for quantitative measurement and metrics, and the development of machine learning based on the big data developed by those metrics, organizations, Amazon among them, started to transition through a period of what I refer to as "extreme data analysis," whereby anything and anyone that can be measured, is. This is a problem. Using counting, metrics, and implementation of outcomes from extreme data analysis to inform policies for humans is a threat to our well-being, and results in the stories we are hearing about in the warehouse, and in other areas of our lives, where humans are too often forfeiting their agency to algorithms and machines. Unfortunately, after decades of building this quantitative scaffolding, a company such as Amazon has pretty much baked it into their infrastructure and their culture....
As the world continues to automate things, processes, and services, humans are put in positions where we must constantly adapt, since at the moment, automation cannot, and does not, cooperate with us outside of its pre-programmed repertoire. Thus, in many instances we must do the yielding of our agency and our choices, to the algorithms or robots, to reach the cooperative outcomes we require.... If every process is eventually automated and restricts human agency, while simultaneously requiring our servitude to function, we will be pinned to the wall with no choices, nothing left to give, and no alternatives for coping with it.
One example provided was the Amazon worker who complained the warehouse temperatures were always kept too hot -- to accommodate the needs of Amazon's robots. But the article argues we also forfeit agency "Every time we use a computer, or any computationally based device...
< article continued at Slashdot's to-agree-press-1 department
>Read Replies (0)
By EditorDavid from Slashdot's language-barriers department
Alex Gaynor is a software engineer at Mozilla working on Firefox, after previously serving as a director of both the Python Software Foundation and the Django Software Foundation.
In a new blog post today, he argues that memory unsafe languages, "principally C and C++," induce an exceptional number of security vulnerabilities, and that the industry needs to migrate to memory-safe languages like Rust and Swift by default.
One of the responses I frequently receive is that the problem isn't C and C++ themselves, developers are simply holding them wrong. In particular, I often receive defenses of C++ of the form, "C++ is safe if you don't use any of the functionality inherited from C" or similarly that if you use modern C++ types and idioms you will be immune from the memory corruption vulnerabilities that plague other projects. I would like to credit C++'s smart pointer types, because they do significantly help. Unfortunately, my experience working on large C++ projects which use modern idioms is that these are not nearly sufficient to stop the flood of vulnerabilities...
Modern C++ idioms introduce many changes which have the potential to improve security: smart pointers better express expected lifetimes, std::span ensures you always have a correct length handy, std::variant provides a safer abstraction for unions. However modern C++ also introduces some incredible new sources of vulnerabilities: lambda capture use-after-free, uninitialized-value optionals, and un-bounds-checked span.
< article continued at Slashdot's language-barriers department
>Read Replies (0)
By EditorDavid from Slashdot's it's-all-relativity department
An anonymous reader quotes The Next Web:
As stunning and ground-breaking as it is, the EHT project is not just about taking on a challenge. It's an unprecedented test of whether Einstein's ideas about the very nature of space and time hold up in extreme circumstances, and looks closer than ever before at the role of black holes in the universe. To cut a long story short: Einstein was right....
His general theory of relativity has passed two serious tests from the universe's most extreme conditions in the last few years. Here, Einstein's theory predicted the observations from M87 with unerring accuracy, and is seemingly the correct description of the nature of space, time, and gravity. The measurements of the speeds of matter around the center of the black hole are consistent with being near the speed of light.
The advanced computing research center at the University of Texas at Austin says the data for the photo "was collected during a 2017 global campaign, after decades of scientific, engineering, and computational research and preparation." And their own facility played a role in the finished photo, according to an article shared by aarondubrow:
< article continued at Slashdot's it's-all-relativity department
>Read Replies (0)
By EditorDavid from Slashdot's free-code department
"Big changes are here," writes the official blog for Bluecherry:
In 2010 we released our multi-port MPEG4 video capture card with an open source driver (solo6x10) and in 2011 updated the driver to support our multi-port H.264 capture cards. Later, this open source driver was later added into the mainline Linux kernel. In 2013 we released our multi-platform surveillance application client with an open source (GPL) license.
We are proud to announce that Effective April 18, 2019 we have released the entire Bluecherry software application open source with a GPL license.
An anonymous reader writes: This includes the Linux based server application and the Windows / Linux / OS X client.
Bluecherry's GitHub repo is now open for public viewing.Read Replies (0)
By EditorDavid from Slashdot's subsystems-for-industry department
"The new Fieldbus system has been deemed ready to be released into the staging area of the Linux kernel," writes jwhyche (Slashdot reader #6,192).
This newest subsystem for the Linux kernel benefits industrial systems. Fieldbus is a set of network protocols for real-time distributed control of automated industrial systems. Fieldbus is used for connecting different systems/components/instruments within industrial environments. Fieldbus is used for connecting facilities ranging from manufacturing plants up to nuclear energy facilities. The Fieldbus specification has been around for decades while now seeing a formal subsystem within the Linux kernel.
The subsystem allows for devices to exchange data over a Fieldbus whether it be Profinet, FLNet, or one of the other implementations. The subsystem provides a generic framework for exposing switches, lights, actuators, motors, and other hardware... The Linux kernel's Fieldbus subsystem has gone through over ten rounds of public revisions in recent months and has been deemed ready to premiere with Linux 5.2 [which] should debut in July.Read Replies (0)
By EditorDavid from Slashdot's language-about-languages department
"At the first annual charity event conducted by Puget Sound Programming Python on April 2, four legendary language creators came together to discuss the past and future of language design," reports PacktPub.
- Guido van Rossum, the creator of Python
- James Gosling, the founder, and lead designer behind the Java programming language
- Anders Hejlsberg, the original author of Turbo Pascal who has also worked on the development of C# and TypeScript
- Larry Wall, the creator of Perl
You can watch the video here -- the speaker introductions start about 50 minutes into the video-- or read PacktPub's summary of the event:
Guido van Rossum said designing a programming language is very similar to the way JK Rowling writes her books, the Harry Potter series... He says JK Rowling is a genius in the way that some details that she mentioned in her first Harry Potter book ended up playing an important plot point in part six and seven... When designing a language we start with committing to certain details like the keywords we want to use, the style of coding we want to follow, etc. But, whatever we decide on we are stuck with them and in the future, we need to find new ways to use those details, just like Rowling...
When James Gosling was asked how Java came into existence and what were the design principles he abided by, he simply said, "it didn't come out of like a personal passion project or something. It was actually from trying to build a prototype.... It started out as kind of doing better C and then it got out of control that the rest of the project really ended up just providing the context." In the end, the only thing out of that project survived was Java...
< article continued at Slashdot's language-about-languages department
>Read Replies (0)
By EditorDavid from Slashdot's I-see-what-you-did-there department
Bearhouse shares a new study from the UK's "National Cyber Security Centre," which advises the public on computer security, about the world's most-frequently cracked passwords.
It's probably no surprise to the Slashdot readership: people use bad passwords. A recent study of publicly-available "hacked" accounts -- by the UK National Cyber Security Centre -- reveals "123456" was top, followed by the much more secure "123456789" and hard-to-guess "qwerty". If you're a soccer (football) fan, then try "Liverpool" or "Chelsea" -- they'll work in more than half a million cases. Finally, for musicians, Metallica gets beaten down by 50cent, 140k to 190k respectively.
The most common fictional names used as passwords were "superman" (333,139 users), "naruto" (242,749), "tigger" (237,290), "pokemon" (226,947), and "batman" (203,116).
The organization recommends instead choosing three random words as a password -- and also checking "password blacklists" that show passwords that have already been found in past data breaches. (Developers and sysadmins are also advised to implement these checks as part of their rules for which user passwords will be allowed.) The organization also released a file from the "Have I Been Pwned" site containing the top 100,000 passwords.
So what are the top ten most-frequently used passwords?
123456123456789qwertypassword11111112345678abc1231234567password112345Read Replies (0)
By EditorDavid from Slashdot's flying-fleet department
Inc. magazine describes as "stunning" announcement from Southwest Airlines, "by far the biggest 737 Max customer in the United States, with 34 of the planes among its fleet, and plans for many more. "
Speaking at a chamber of commerce event in Dallas, Southwest chairman and CEO Gary Kelly said Southwest has no plans to abandon the 737 Max. In fact, he said it will purchase "hundreds" more 737 Max aircraft. "It's a very good airplane, but Boeing has acknowledged that they've got some things they need to address with the software in that airplane," Kelly said, according to the Dallas Business Journal. "It seems like it's a relatively straight-forward modification. We're obviously anxious to get the airplane back in service."
That's it: all-in on the 737 Max. Or at least close to it...
By flying just one aircraft, Southwest knows that almost any of its pilots can fly any of its planes. Its scheduling and maintenance tasks become a lot easier than for airlines with multiple types of aircraft. But it also means that ultimately, Southwest's brand and its overall success are tied up with Boeing and the 737 in a way that few other airlines are.
Marketwatch adds that in fact, major airlines "are hungry for fuel-efficient single-aisle aircraft such as the Max, and there's a long backlog for the jet's closest competitor, Airbus SE, analysts at Oxford Economics said in a note Thursday.
"That will shield Boeing from a mass cancellation of orders," the analysts said.Read Replies (0)
By EditorDavid from Slashdot's never-prospering department
"Epic Games gave bans to more than 1,200 Fortnite accounts and revoked cash prizes that more than 200 players had won following Epic's investigations of cheating in the first week of Fortnite's World Cup Online Open," reports Polygon:
That cheater (whom Epic did not name) used the cheat software during the tournament's semifinals. The account involved had played "for less than five minutes" before being discovered and banned, Epic said.
The great majority of the other accounts sanctioned received two-week bans for their misconduct. Of them, 196 players forfeited their winnings after they were caught circumventing region locks to play in several regions. Epic said that will change the prize payouts for others in the tournament, but their improved finishes won't be reflected on Fortnite's in-game leaderboard. Nine prize winners lost their money for sharing accounts, and one winner's earnings were vacated for teaming.
Epic Games said it has added a "real-time teaming detection algorithm" to its competitive play. Teaming, in which players in a solo mode work cooperatively and create a competitive disadvantage for others, can get players banned even in competitive non-tournament play.Read Replies (0)
By EditorDavid from Slashdot's guitarist-G-11-mission department
An anonymous reader quotes Ars Technica:
An Antares rocket built by Northrop Grumman launched on Wednesday afternoon, boosting a Cygnus spacecraft with 3.4 tons of cargo toward the International Space Station. The launch from Wallops Island, Virginia, went flawlessly, and the spacecraft arrived at the station on Friday. However, when NASA's International Space Station program posted the launch video to its Facebook page on Thursday, there was a problem. Apparently the agency's caption service hadn't gotten to this video clip yet, so viewers with captions enabled were treated not just to the glory of a rocket launch, but the glory of Facebook's automatically generated crazywords...
Some of the captions are just hilariously bad. For example, when the announcer triumphantly declares, "And we have liftoff of the Antares NG-11 mission to the ISS," the automatically generated caption service helpfully says, "And we have liftoff of the guitarist G 11 mission to the ice sets."
There's more examples in the photos at the top of their article -- for example, a caption stating that the uncrewed launch "had a phenomenal displaced people at 60 seconds," and translating the phrase "TVC is nominal" to "phenomenal."
While the lift-off announcer does use what may be unfamiliar names for the rockets, along with other technical jargon, the article points out that YouTube's auto-captioning of the same launch "seemed to have no problem with those bits of space argot."Read Replies (0)
By EditorDavid from Slashdot's oh-her-majesty's-secret-servers department
eatmorekix quotes Vice:
In 2012, Paragon Studios announced it was shutting down City of Heroes, a massively multiplayer online game where a community of players created their own superheroes, went on adventures together, and formed lasting friendships.
The news was crushing to the game's devoted community because they could no longer play and hang out in the virtual space they loved, and today, years after the game's shutdown, the community is in an uproar again. As Massivelyop first reported, a group of City of Heroes players called the Secret Cabal of Reverse Engineers (SCORE) had created their own, private server where they could continue to play the game for the last six years, but kept it relatively secret.
"I like the rest of you have been lied to," Reddit user avoca wrote in a thread titled "BE ANGRY" on the City of Heroes subreddit. "I have been told City of Heroes has been shutdown. Today, I learn I have been mistaken. For all of these years, City of Heroes has lived on. In secret. For every passing day and every withdrawal symptom, a person is playing on this secret server, and they are gaining xp, leveling up, performing task forces and forming supergroups."
In 2004 the game's lead designer answered questions from Slashdot's reader.
15 years, a member of the emulator team tells Massivelyop that they'd tried to keep their City of Heroes server a secret for over six years because they were worried about getting a cease and desist notice from the game's publishers.Read Replies (0)