By msmash from Slashdot's closer-look department
More than two dozen hackers and security experts who attended security events last week say security personnel at the Mandalay Bay, Luxor, Caesars Palace, Flamingo, Aria, Cromwell, Tuscany, Linq, or Mirage hotels had entered their rooms. Security news site The Parallax reports: Except for Tuscany, which is independent, all of these hotels are owned by either Caesars Entertainment or MGM Resorts International. And of the three hotel companies, only Caesars returned a request for comment. Richard Broome, executive vice president of communications and government relations for Caesars Entertainment, whose Caesars Palace is co-hosting DefCon this year with the Flamingo, said that following the deadliest mass shooting in U.S. history last year, "periodic" hotel room checks are now standard operating procedure in Las Vegas. On October 1, 2017, from his room at the Mandalay Bay, Stephen Paddock used semiautomatic weapons he'd outfitted with bump stocks to kill 58 people and wound at least 527 others attending a gated country music concert on the Strip below. [...] Two apparent Caesars security officers wearing hotel name tags displaying only the first names "Cynthia" and "Keith," respectively, as well as sheriff's style badges that looked like they came out of a Halloween costume kit, visited my room while I was writing this story. Cynthia told me that they are instructed to refer to the front desk guests who decline to allow their room to be searched. After Cynthia and Keith declined to disclose their last names to me, I asked what they intended to do in the room. They told me that they would enter it, type a code into the room's phone line to signal that it's been checked, and then do a visual spot check. When I asked what they would be looking for, Cynthia replied, "WMDs -- that sort of thing." Other conference attendees reported similar but less pleasant interactions. Katie Moussouris, CEO of Luta Security, wrote on Twitter that two hotel security personnel were "banging" on her room door and "shouted" at her. She also said the hotel's security team supervisor "dismissed" her concerns over how the hotel was treating single, female travelers. Google security engineer Maddie Stone tweeted that a man wearing a light-blue shirt and a walkie-talkie entered her Caesars Palace room with a key, but without knocking, while she was getting dressed. "He left when I started screaming," she wrote, adding that a hotel manager, upon her request, said Caesars would look into whether the man was actually an employee. Stone tweeted that she left DefCon early because of the incident.Read Replies (0)
By msmash from Slashdot's what-in-the-world department
Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to. An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you've used privacy settings that say they will prevent it from doing so. The Associated Press reports that it has confirmed its findings with computer science researchers at Princeton. From the report: For the most part, Google is upfront about asking permission to use your location information. An app like Google Maps will remind you to allow access to location if you use it for navigating. If you agree to let it record your location over time, Google Maps will display that history for you in a "timeline" that maps out your daily movements. Storing your minute-by-minute travels carries privacy risks and has been used by police to determine the location of suspects -- such as a warrant that police in Raleigh, North Carolina, served on Google last year to find devices near a murder scene. So the company will let you "pause" a setting called Location History. Google says that will prevent the company from remembering where you've been. Google's support page on the subject states: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored." That isn't true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking. For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like "chocolate chip cookies," or "kids science kits," pinpoint your precise latitude and longitude -- accurate to the square foot -- and save it to your Google account. The privacy issue affects some two billion users of devices that run Google's Android operating software and hundreds of millions of worldwide iPhone users who rely on Google for maps or search. Storing location data in violation of a user's preferences is wrong, said Jonathan Mayer, a Princeton computer scientist and former chief technologist for the Federal Communications Commission's enforcement bureau.Read Replies (0)
Reddit Blocked In China
Posted by News Fetcher on August 13 '18 at 05:31 AM
By BeauHD from Slashdot's badge-of-honor department
An anonymous reader quotes a report from Quartz: Many Reddit users in China who tried to access the social network this weekend were slightly annoyed to find the company's site and app weren't working. But in China, it's second nature for internet users to turn on their VPNs, and in almost no time at all, they were surfing the "front page of the internet" again. According to users' posts, the crackdown appeared to have started on Friday (Aug. 10). By today (Aug. 13), more people said they were able to access Reddit again. Many, however, report that Reddit remains behind the Great Firewall for them. Comparitech, a tool that checks if a domain is blocked in China, continues to show that reddit.com is not accessible via regular internet access, but reachable over VPN. It's unclear if geography is a factor for why some people are and aren't able to access the site.Read Replies (0)
By BeauHD from Slashdot's grounded-in-physics department
An anonymous reader quotes a report from Popular Mechanics: Earlier this summer, the Swedish Air Force dropped a laser-guided bomb on a forest fire to help suppress the flames. Now there's a proposal for the United States to do the same, using the might of the U.S. Air Force to fight America's raging forest fires via bombs and sonic booms. F-15 Strike Eagle Weapon System Officer Mike Benitez, writing in War on the Rocks, proposes using B-1 bombers stuffed to the gills with bombs to battle wildfires on the American homefront. The idea here is to snuff out fires the way you'd blow out birthday candles at the base. In Sweden, the shockwave from a single bomb snuffed out flames within a 100-yard radius of the impact point. So, Benitez reasons, why not load up a heavy strategic bomber with up to 84 bombs and do some serious firefighting?
Benitez chose the B-1 for his hypothetical scenario not only because of its bomb-carrying capability, but for the same reason the heavy bomber became a close air support platform of choice in Afghanistan: its long range translated into persistence over the battlefield, enabling the big bomber to hang around above friendly forces and bomb the Taliban for hours. The B-1 could do donuts in the skies over a wildfire as firefighters on the ground work out the best way to tackle it. The B-1 wouldn't carry just any bomb, either, but ordinance that was designed for firefighting. Most bombs use a steel casing that fragments into deadly shrapnel, but this would be unnecessary (and dangerous) when fighting fires. A firefighting bomb would use a combustible casing that would disintegrate on impact. Ideally the bomb would use a thermobaric warhead, one that kills via overpressure, as it generates even more powerful blast waves than traditional high-explosive bombs.Read Replies (0)
By BeauHD from Slashdot's all-about-the-technicalities department
theshowmecanuck writes: Bethesda just pulled a cease and desist on an Amazon Marketplace sale of one of their games. This, despite the fact that the resale of used games is legal in the USA. Bethesda is saying that because it isn't being offered with a warranty, it is not protected through the First Sale Doctrine. UPDATE: The game in question was sealed and unopened, technically not "used," but being sold secondhand. In a letter sent to the seller by Bethesda's legal firm, they made the argument that the sale was not "by an authorized reseller," and was therefore "unlawful." Bethesda also took issue with the seller's use of the word "new" in selling the unwrapped game, claiming that this constituted "false advertising."
Bethesda offered the following statement: "Bethesda does not and will not block the sale of pre-owned games. The issue in this case is that the seller offered a pre-owned game as 'new' on the Amazon Marketplace. We do not allow non-authorized resellers to represent what they sell as 'new' because we can't verify that the game hasn't been opened and repackaged. This is how we help protect buyers from fraud and ensure our customers always receive authentic new product, with all enclosed materials and warranty intact. In this case, if the game had been listed as 'Pre-Owned,' this would not have been an issue."Read Replies (0)
By BeauHD from Slashdot's head-in-the-clouds department
An anonymous reader quotes a report from Bloomberg: Oracle is named in a lawsuit alleging the company's executives lied to shareholders when they explained why cloud sales were growing. The investor leading the case, the City of Sunrise Firefighters' Pension Fund, claimed Oracle engaged in coercion and threats to sell its cloud-computing products, creating an unsustainable model that fell apart, according to the suit seeking class-action status and filed Friday in San Jose, California. The Florida-based firefighter pension fund and other investors lost money when Oracle's stock plummeted in March after reporting a disappointing earnings report and outlook, according to the lawsuit.
The suit claimed that Oracle's executives lied in forward-looking statements, which are never guaranteed, during earnings calls and at investor conferences in 2017 when they said customers were rapidly adopting their cloud-based products and cloud sales would accelerate. The firefighter pension, which manages about $143 million for 235 participants, alleged that Oracle used software license audits and weakened existing maintenance programs to compel customers to buy the cloud products.Read Replies (0)
By BeauHD from Slashdot's inside-information department
Internal information belonging to hosting provider GoDaddy has been exposed via an error in Amazon's AWS bucket configuration. According to cybersecurity firm UpGuard, a set of documents were left in an Amazon S3 bucket which was available to the public. ZDNet reports: The information involved in the security breach appeared to describe GoDaddy's architecture, as well as "high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios," according to UpGuard. Configuration files for hostnames, operating systems, workloads, AWS regions, memory, CPU specifications, and more were included in the exposed cache, which described at least 24,000 systems.
"Essentially, this data mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarized and modeled data on totals, averages, and other calculated fields," the cybersecurity firm said. The open bucket, called "abbottgodaddy," also included what the company believes to be business information relating to GoDaddy and Amazon AWS' relationship, including rate negotiations. This information should have been kept confidential. The open bucket, called "abbottgodaddy," also included what the company believes to be business information relating to GoDaddy and Amazon AWS' relationship, including rate negotiations. This information should have been kept confidential.Read Replies (0)
By BeauHD from Slashdot's digital-fingerprints department
At the DefCon hacking conference on Friday, Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, presented a number of studies they've conducted using machine learning techniques to de-anonymize the authors of code samples. "Their work could be useful in a plagiarism dispute, for instance, but it could also have privacy implications, especially for the thousands of developers who contribute open source code to the world," reports Wired. From the report: First, the algorithm they designed identifies all the features found in a selection of code samples. That's a lot of different characteristics. Think of every aspect that exists in natural language: There's the words you choose, which way you put them together, sentence length, and so on. Greenstadt and Caliskan then narrowed the features to only include the ones that actually distinguish developers from each other, trimming the list from hundreds of thousands to around 50 or so. The researchers don't rely on low-level features, like how code was formatted. Instead, they create "abstract syntax trees," which reflect code's underlying structure, rather than its arbitrary components. Their technique is akin to prioritizing someone's sentence structure, instead of whether they indent each line in a paragraph.
The method also requires examples of someone's work to teach an algorithm to know when it spots another one of their code samples. If a random GitHub account pops up and publishes a code fragment, Greenstadt and Caliskan wouldn't necessarily be able to identify the person behind it, because they only have one sample to work with. (They could possibly tell that it was a developer they hadn't seen before.) Greenstadt and Caliskan, however, don't need your life's work to attribute code to you. It only takes a few short samples.Read Replies (0)
By BeauHD from Slashdot's rest-in-peace department
U.S.-based PC case manufacturer, CaseLabs, announced on social media that it is "closing permanently" and will not be able to fill all current orders. "We have been forced into bankruptcy and liquidation," CaseLabs said in a statement. "The tariffs have played a major role raising prices by almost 80 percent (partly due to associated shortages), which cut deeply into our margins. The default of a large account added greatly to the problem... We reached out for a possible deal that would allow us to continue on and persevere through these difficult times, but in the end, it didn't happen." PC Gamer reports: CaseLabs is likely referring to the growing number of tariffs being enforced on Chinese imports by the United States government. China and the US are currently engaged in a trade war, causing many U.S. companies to lose money, lay off employees, or close entirely. CaseLabs went on to say that it won't be able to fill the backlog of case orders, but other parts will most likely ship to customers. "We are so incredibly sorry this is happening. Our user community has been very devoted to us and it's awful to think that we have let any of you down."Read Replies (0)
By msmash from Slashdot's closer-look department
Saudi Arabia's sovereign wealth fund is in talks that could see it becoming a significant investor in Tesla as part of Elon Musk's plan to take the electric car maker private, Bloomberg reported Sunday, citing a person with direct knowledge of the fund's plans. From the report: The Public Investment Fund, which has built up a stake just shy of 5 percent in Tesla in recent months, is exploring how it can be involved in the potential deal, the person said on condition of anonymity. Discussions began before the controversial Aug. 7 tweet by Musk, who is Tesla's co-founder and chief executive officer, saying he was weighing a plan to take the company private. The PIF sees its investment in Tesla as a strategic way for the world's biggest crude producer to hedge against oil, the person said. The Saudi fund hasn't made any firm decisions on whether to increase its stake, or by how much, but talks are ongoing, the person said. It wasn't immediately clear how much the fund would invest in Tesla.Read Replies (0)
By EditorDavid from Slashdot's things-you-market-as-non-GMO department
We've reached a milestone in gene-edited food, according to the Washington Post. "Calyxt's 'healthier' soybean oil, the industry's first true gene-edited food, could make its way into products such as chips, salad dressings and baked goods as soon as the end of this year."
Calyxt's soybean is the first of 23 gene-edited crops the Agriculture Department has recognized to date.... Scientists at Calyxt, a subsidiary of the French pharmaceutical firm Cellectis, developed their soybean by turning "off" the genes responsible for the trans fats in soybean oil. Compared with the conventional version, Calyxt says, oil made from this soybean boasts far more "healthy" fats, and far less of the fats that raise bad cholesterol. Chief executive Federico Tripodi likes to say the product is akin to olive oil but without the pungent flavor that would make it off-putting in Oreos or granola bars.
It has earned praise from the Center for Science in the Public Interest, a consumer group that says public health will benefit from ingredients with less trans and saturated fats, regardless of how they were developed.... Scientists in university labs and at companies such as Calyxt are already designing plants that are more nutritious, convenient and sustainable, they say.... [U]niversities around the country are working on plants that will withstand droughts, diseases and the ravages of climate change. Such improvements, underway in crops as diverse as oranges, wine grapes and cacao, could protect these plants in the future while cutting down water and chemical use, experts say....
< article continued at Slashdot's things-you-market-as-non-GMO department
>Read Replies (0)
By EditorDavid from Slashdot's unlimited-roaming department
Slashdot reader datavirtue writes:
I've tried a lot of phones for extended periods of time. Some of these have included the Samsung S4, S5, S8+, Note 4, S7, iPhone 5, and Huawei Honor 8. I have stayed away from Apple... My favorite phone was the Nokia 920 Windows phone for its fluid performance and simplicity and hardware camera button, but that phone is long gone.
When searching for an unlocked phone after leaving my current job I ordered a Huawei Honor 8 which refused to join a network, and a iPhone 7 which was DOA. This led to my reluctant purchase of a Sony Xperia XA2 Ultra when the Microcenter sales team couldn't find the last Google Pixel they had in stock. Had no idea I was in for such a treat. The Sony Xperia phone experience is well refined and a joy to use.
Are there any other unlocked phones that you know of under $500 that run this good?
Share your own opinions and experiences in the comments. What's the best unlocked smartphone?Read Replies (0)
By EditorDavid from Slashdot's big-picture department
David Gerard has concerns about the Joint Photographic Experts Group (the ISO working group handling the JPEG standard for image compression). "They seem to think they can advance the cause of DRM for JPEG images...with a bit of applied blockchain." He bases that charge on the fact that the JPEG committee organized a special session on blockchain, and then created an ad hoc group to define use cases.
After six months' collaboration, the group has produced a white paper -- "Towards a Standardized Framework for Media Blockchain" -- as announced in the press release following the 80th meeting in July. The Executive Summary declares, "Fake news, copyright violation, media forensics, privacy and security are emerging challenges for digital media. JPEG has determined that blockchain technology has great potential as a technology component to address these challenges in transparent and trustable media transactions... [T]he standardization committee continues to work on improving various components of the standard. This includes incorporation of new technologies addressing current challenges related to transparent and trustable media transactions such as JPEG Privacy and Security." "JPEG Privacy and Security" is described later in the paper. "JPEG Privacy & Security aims at developing a standard for realizing secure image information sharing, capable of ensuring privacy, maintaining data integrity, and protecting intellectual property rights."
That is, "Privacy and Security" is a euphemism for Digital Rights Management (DRM) in JPEG.... Chair of the group Dr, Frederik Temmermans stressed to me that "JPEG is not working on DRM in particular but on a more generic framework that supports privacy and security features." But DRM is very much a significant part of this.Read Replies (0)