By msmash from Slashdot's how-about-that department
From a blog post on MIT News Office: Veil would provide added protections to people using shared computers in offices, hotel business centers, or university computing centers, and it can be used in conjunction with existing private-browsing systems and with anonymity networks such as Tor, which was designed to protect the identity of web users living under repressive regimes. "Veil was motivated by all this research that was done previously in the security community that said, 'Private-browsing modes are leaky -- Here are 10 different ways that they leak,'" says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the paper. "We asked, 'What is the fundamental problem?' And the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser's best effort is, it still collects it. We might as well not collect that information in the first place."Read Replies (0)
By msmash from Slashdot's shape-of-water department
In some places, taps have been dry for over a year. People bathe their children with bottled water. A group of women has taken over water distribution from the city authorities. The future feared by millions of people across the world has already arrived in Mexico City , BuzzFeed News reports. From the report: In certain areas, people say taps go dry for months. Angry civilians have blocked off highways and squared off with riot police, wresting control of water distribution from the government. "Crime affects us deeply but if you don't have water, you can't do anything," said Marisol Fierro, part of a group of women in charge of delivering water to neighbors. Across the ocean, authorities in South Africa talk about Day Zero, when Cape Town is set to run out of water and the city is forced to shut off its taps. It has made headlines around the world, as people watch on with bated breath. But here in Iztapalapa, a sprawling, drab Mexico City borough where nearly 2 million people live, that day has already arrived, offering a window into what the future may hold for millions of people when the taps run dry. Police officers are sometimes forced to guard water trucks, popular targets for kidnappers who sell their contents for hefty prices. In other cities, politicians might promise expanded broadband, better health care, or higher wages to win votes, but in Mexico City, mayoral hopefuls have made simple access to water central to their campaigns. Reserved and quiet, Emma Pantaleon seems an unlikely protagonist at the front lines of this daily battle. Pantaleon joins Fierro and other women -- housewives who juggle child-rearing, house chores, and part-time jobs -- gathering water requests from their neighbors, coordinating trucks' routes with local authorities, and riding along to ensure the operation runs smoothly. On a recent morning, she sat in the passenger seat of a water tanker as it revved its motor up a hill, dwarfing the dilapidated single-room houses along its path. When the driver swerved left and stepped on the brake, Pantaleon leaped out. It was a scene straight out of Mad Max: Fury Road. Pantaleon, 41, walked over to the nearest cinder block house and called out to its owner. As soon as Catalina Cortez opened the door, the driver and a helper marched in, pulling the truck's hose straight up to a plastic water storage tank taking up a third of the patio.Read Replies (0)
By EditorDavid from Slashdot's those-who-can't-do department
An anonymous reader writes:
I've been asked to put together a half-day workshop whose title is "Thinking Like a Programmer." The idea behind this is that within my institution (a university), we have a vast number of self-taught programmers who have never been taught "best practices" or anything about software engineering. This workshop's intention is to address this lack of formal training.
The question is, what should be covered in this workshop? If you have an idea -- that also has an example of best practice -- please share!
It's really two questions -- what "thinking like a programmer" topics should be covered, but also what examples should be used to illustrate best practices for the material. So leave your best thoughts in the comments.
How would you teach best practices for programmers?Read Replies (0)
By EditorDavid from Slashdot's patchy-patches department
Esther Schindler (Slashdot reader #16,185) writes that the Spectre and Meltdown vulnerabilities have become "a serious distraction" for sysadmins trying to apply patches and keep up with new fixes, sharing an HPE article described as "what other sysadmins have done so far, as well as their current plans and long-term strategy, not to mention how to communicate progress to management."
Everyone has applied patches. But that sounds ever so simple. Ron, an IT admin, summarizes the situation succinctly: "More like applied, applied another, removed, I think re-applied, I give up, and have no clue where I am anymore." That is, sysadmins are ready to apply patches -- when a patch exists. "I applied the patches for Meltdown but I am still waiting for Spectre patches from manufacturers," explains an IT pro named Nick... Vendors have released, pulled back, re-released, and re-pulled back patches, explains Chase, a network administrator. "Everyone is so concerned by this that they rushed code out without testing it enough, leading to what I've heard referred to as 'speculative reboots'..."
The confusion -- and rumored performance hits -- are causing some sysadmins to adopt a "watch carefully" and "wait and see" approach... "The problem is that the patches don't come at no cost in terms of performance. In fact, some patches have warnings about the potential side effects," says Sandra, who recently retired from 30 years of sysadmin work. "Projections of how badly performance will be affected range from 'You won't notice it' to 'significantly impacted.'" Plus, IT staff have to look into whether the patches themselves could break something. They're looking for vulnerabilities and running tests to evaluate how patched systems might break down or be open to other problems.
< article continued at Slashdot's patchy-patches department
>Read Replies (0)
By EditorDavid from Slashdot's minority-reports department
Long-time Slashdot reader Rei writes: Three weeks ago, on a party-line vote, the U.S. House Intelligence Committee voted to release a memo from committee chair and Trump transition team member Devin Nunes. The "Nunes Memo" alleged missteps by the FBI in seeking a FISA warrant against Trump aide Carter Page; a corresponding Democratic rebuttal memo was first blocked from simultaneous release by the committee, and subsequently the White House. Tonight, it has finally been released.
Among its many counterclaims: the Steele Dossier, only received in September, did not initiate surveilance of Page which began in July; the Steele dossier was only one, minor component of the FISA application, and only concerning Page's Moscow meetings; Steele's funding source and termination was disclosed in the application; and a number of other "distortions and misrepresentations that are contradicted by the underlying classified documents". Perhaps most seriously, it accuses Nunes of having never read the FISA application which his memo criticized.
Vox argues the memo proves that no one was misled when the surveillance was authorized. "The FBI clearly states right there in the FISA application that they believe Steele was hired to find dirt on Trump... After the Schiff memo was released on Saturday, House Republicans released a document rebutting its core claims. Their response to this damning citation is -- and I am not making this up -- that the vital line in which the FBI discloses the information about Steele was 'buried in a footnote.'"Read Replies (0)
By EditorDavid from Slashdot's we-know-what's-best-for-you department
chicksdaddy brings this report from Security Ledger:
The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers. The group released a survey last week warning of possible privacy and security risks should consumers have the right to repair their own devices. It counts powerful electronics and software industry organizations like CompTIA, CTIA, TechNet and the Consumer Technology Association as members... In an interview with The Security Ledger, Josh Zecher, the Executive Director of The Security Innovation Center, acknowledged that Security Innovation Center's main purpose is to push back on efforts to pass right to repair laws in the states.
He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks. Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves... Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety... "People say 'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."Read Replies (0)
By EditorDavid from Slashdot's throwing-Darts department
An anonymous reader quotes InfoWorld:
Dart has a succinct syntax and can run on a VM with a just-in-time compiler, with the compiler enabling stateful, hot reload during mobile development. Developers also gain from fast development cycles where code can be edited, compiled, and replaced in apps running on a device. Compiling code ahead of time provides fast startup, Google said. Dart can be compiled to native code for ARM and x86 platforms. Google has used the language to build applications for iOS, Android, and the web.Read Replies (0)
By EditorDavid from Slashdot's see-you-in-court department
An anonymous reader quotes the Mercury News:
As a young, female software engineer at male-dominated Google, Loretta Lee was slapped, groped and even had a co-worker pop up from beneath her desk one night and tell her she'd never know what he'd been doing under there, according to a lawsuit filed against the Mountain View tech giant... Lee's lawsuit -- filed in Santa Clara County Superior Court -- alleges the company failed to to protect her, saying, "Google's bro-culture contributed to (Lee's) suffering frequent sexual harassment and gender discrimination, for which Google failed to take corrective action."
She was fired in February 2016 for poor performance, according to the suit... Lee started at the company in 2008 in Los Angeles and later switched to the firm's Mountain View campus, according to the suit, which asserts that she "was considered a talented and rising star" who received consistently "excellent" performance reviews. Lee claims that the "severe and pervasive" sexual harassment she experienced included daily abuse and egregious incidents. In addition to making lewd comments to her and ogling her "constantly," Lee's male co-workers spiked her drinks with whiskey and laughed about it; and shot Nerf balls and darts at her "almost every day," the suit alleges. One male colleague sent her a text message asking if she wanted a "horizontal hug," while another showed up at her apartment with a bottle of liquor, offering to help her fix a problem with one of her devices, refusing to leave when she asked him to, she alleges. At a holiday party, Lee "was slapped in the face by an intoxicated male co-worker for no apparent reason," according to the suit.
< article continued at Slashdot's see-you-in-court department
>Read Replies (0)
By EditorDavid from Slashdot's free-money department
AmiMoJo writes: "A system glitch at cryptocurrency exchange site Zaif enabled users to obtain digital money for free, with one apparently "purchasing" Bitcoin valued at $20,000,000,000,000 and then attempting to cash in on it..." according to the Japanese newspaper Asahi Shimbun. "The glitch, which lasted for 18 minutes from 5:40 p.m. to 5:58 p.m. on Feb. 16, affected Zaif's price calculation system, enabling customers to buy cryptocurrencies for nothing." CoinDesk adds that "At least one customer attempted to resell their bitcoin, but the large amount of the cryptocurrency offered soon drew attention even outside the exchange. The firm later cancelled the transactions and corrected the users' balances. However, a source suggests that the correction is still being agreed with one of the seven users who attempted to transfer the free bitcoin away from the Zaif platform."Read Replies (0)
By EditorDavid from Slashdot's fresh-commits department
An anonymous reader writes:
GitHub has quietly made a few changes this month. Labels for issues and pull requests will now also support emojis and on-hover descriptions. And they're also deprecating the anonymous creation of "gist" code snippets on March 19th, since "as the only way to create anonymous content on GitHub, they also see a large volume of spam." Current anonymous gists will remain accessible. But the biggest change involves permanently removing support for three weak cryptographic standards, both on github.com and api.github.com.
The three weak cryptography standards that are no longer supported are:
TLSv1/TLSv1.1. "This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com."
diffie-hellman-group1-sha1. "This applies to all SSH connections to github.com."
diffie-hellman-group14-sha1. "This applies to all SSH connections to github.com."Read Replies (0)
By EditorDavid from Slashdot's secret-messages department
An anonymous reader quotes The New Web:One of the first messaging services to offer end-to-end encryption for truly private conversations, Signal has largely been developed by a team that's never grown larger than three full-time developers over the years it's been around. Now, it's getting a shot in the arm from the co-founder of a rival app. Brian Acton, who built WhatsApp with Jan Koum into a $19 billion business and sold it to Facebook, is pouring $50 million into an initiative to support the ongoing development of Signal. Having left WhatsApp last fall, he's now free to explore projects whose ideals he agrees with, and that includes creating truly private online services.
"Starting with an initial $50,000,000 in funding, we can now increase the size of our team, our capacity, and our ambitions," wrote Signal founder Moxie Marlinspike (a former Twitter executive).
Acton will now also serve as the executive chairman of the newly-formed Signal Foundation, which according to its web site will "develop open source privacy technology that protects free expression and enables secure global communication."Read Replies (0)
By EditorDavid from Slashdot's phony-phone-calls department
In January an online gamer in California was arrested after at leat 20 fake emergency calls to police, one leading to a fatal shooting in Kansas. But this week in California there's been at least two more fake calls:
A 12-year-old gamer heard a knock at his door Sunday -- which turned out to be "teams of Los Angeles police officers and other rescue personnel who believed two people had just hung themselves." The Los Angeles Police Department "said there's no way to initially discern swatting calls from actually emergencies, so they handle every scenario as if someone's life is in danger," according to the Los Angeles Times. The seventh-grader described it as "the most terrifying thing in my life."
36-year-old David Pearce has been arrested for falsely reporting an emergency at a Beverly Hills hotel involving "men with guns" holding him hostage. A local police captain later said that the people in the room had not made the call and in fact might have been asleep through much of the emergency. The Los Angeles Times reports that there's roughly 400 'SWATting' cases each year, according to FBI estimates, adding that "Some experts have said police agencies need to take the phenomenon more seriously and provide formal training to dispatchers and others to better recognize hoax callers."
Meanwhile, in the wake of a fatal shooting in Wichita, Kansas lawmakers have passed a new bipartisan bill increasing the penalties for SWAT calls. If a fake call results in a fatality -- and the caller intentionally masks their identity -- it's the equivalent of second-degree murder. "The caller must be held accountable," one lawmaker told the Topeka Capital-Journal.Read Replies (0)
By EditorDavid from Slashdot's fine-fellowships department
On Wednesday the Computer History Museum, "the world's leading institution exploring the history of computing and its transformational impact on society," proudly announced the three Fellow Award honorees for 2018:
Dov Frohman-Bentchkowsky -- "For the invention of the first commercial erasable programmable read-only memory (EPROM), which enabled rapid development of microprocessor-based systems."
Dame Stephanie Shirley CH -- "For a lifetime of entrepreneurship promoting the growth of the UK software industry and the advancement of women in computing."
Guido van Rossum -- "For the creation and evolution of the Python programming language, and for leadership of its community."
"We are delighted to induct these outstanding new Fellows with diverse contributions in hardware, in services, and in software," said Len Shustek, the Museum's board chairman. "They are true heroes of the Digital Age."Read Replies (0)