By EditorDavid from Slashdot's homeland-insecurity department
An anonymous reader quotes CNN:
U.S. senators want people to hack the Department of Homeland Security. On Thursday, Senators Maggie Hassan, a Democrat and Republican Rob Portman introduced the Hack DHS Act to establish a federal bug bounty program in the DHS... It would be modeled off the Department of Defense efforts, including Hack the Pentagon, the first program of its kind in the federal government. Launched a year ago, Hack the Pentagon paved the way for more recent bug bounty events including Hack the Army and Hack the Air Force... The Hack the DHS Act establishes a framework for bug bounties, including establishing "mission-critical" systems that aren't allowed to be hacked, and making sure researchers who find bugs in DHS don't get prosecuted under the Computer Fraud and Abuse Act. "It's better to find vulnerabilities through someone you have engaged with and vetted," said Jeff Greene, the director of government affairs and policy at security firm Symantec. "In an era of constrained budgets, it's a cost-effective way of identifying vulnerabilities"... If passed, it would be among the first non-military bug bounty programs in the public sector.Read Replies (0)
By EditorDavid from Slashdot's 26-years-in-the-making department
70-year-old Walt Mossberg wrote his last weekly column Thursday, looking back on how "we've all had a hell of a ride for the last few decades" and revisiting his famous 1991 pronouncement that "Personal computers are just too hard to use, and it isn't your fault."
Not only were the interfaces confusing, but most tech products demanded frequent tweaking and fixing of a type that required more technical skill than most people had, or cared to acquire. The whole field was new, and engineers weren't designing products for normal people who had other talents and interests. But, over time, the products have gotten more reliable and easier to use, and the users more sophisticated... So, now, I'd say: "Personal technology is usually pretty easy to use, and, if it's not, it's not your fault." The devices we've come to rely on, like PCs and phones, aren't new anymore. They're refined, built with regular users in mind, and they get better each year. Anything really new is still too close to the engineers to be simple or reliable.
He argues we're now in a strange lull before entering an unrecognizable world where major new breakthroughs in areas like A.I., robotics, smart homes, and augmented reality lead to "ambient computing", where technology itself fades into the background. And he uses his final weekly column to warn that "if we are really going to turn over our homes, our cars, our health and more to private tech companies, on a scale never imagined, we need much, much stronger standards for security and privacy than now exist. Especially in the U.S., it's time to stop dancing around the privacy and security issues and pass real, binding laws."Read Replies (0)
By EditorDavid from Slashdot's protesting-a-pipeline department
An anonymous reader writes:
"A shadowy international mercenary and security firm known as TigerSwan targeted the movement opposed to the Dakota Access Pipeline with military-style counterterrorism measures," reports The Intercept, decrying "the fusion of public and private intelligence operations." Saying the private firm started as a war-on-terror contractor for the U.S. military and State Department, the site details "sweeping and invasive" surveillance of protesters, citing over 100 documents leaked by one of the firm's contractors.
The documents show TigerSwan even havested information about the protesters from social media, and "provide extensive evidence of aerial surveillance and radio eavesdropping, as well as infiltration of camps and activist circles... The leaked materials not only highlight TigerSwan's militaristic approach to protecting its client's interests but also the company's profit-driven imperative to portray the nonviolent water protector movement as unpredictable and menacing enough to justify the continued need for extraordinary security measures... Internal TigerSwan communications describe the movement as 'an ideologically driven insurgency with a strong religious component' and compare the anti-pipeline water protectors to jihadist fighters."
The Intercept reports that recently "the company's role has expanded to include the surveillance of activist networks marginally related to the pipeline, with TigerSwan agents monitoring 'anti-Trump' protests from Chicago to Washington, D.C., as well as warning its client of growing dissent around other pipelines across the country." They also report that TigerSwan "has operated without a license in North Dakota for the entirety of the pipeline security operation."Read Replies (0)
By EditorDavid from Slashdot's knowing-when-you're-awake department
Orome1 quotes Help Net Security: Even though many IoT devices for smart homes encrypt their traffic, a passive network observer -- e.g. an ISP, or a neighborhood WiFi eavesdropper -- can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata. A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the traffic rates of four IoT smart home devices: a Sense sleep monitor, a Nest Cam Indoor security camera, a WeMo smart outlet, and an Amazon Echo smart speaker... "Once an adversary identifies packet streams for a particular device, one or more of the streams are likely to encode device state. Simply plotting send/receive rates of the streams revealed potentially private user interactions for each device we tested," the researchers noted. [PDF] In addition, the article notes, "Separating recorded network traffic into packet streams and associating each stream with an IoT device is not that hard."Read Replies (0)
By EditorDavid from Slashdot's money-for-everyone department
A Silicon Valley Congressman "is pushing for a plan that has been described as a first step toward universal basic income...a long-shot $1 trillion expansion to the earned income tax credit that is already available to low-income families." An anonymous reader quotes the Mecury News:
Stanford University also has created a Basic Income Lab to study the idea, and the San Francisco city treasurer's office has said it's designing pilot tests -- though the department told this news organization it has no updates on the status of that project... The problem is that giving all Americans a $10,000 annual income would cost upwards of $3 trillion a year -- more than three-fourths of the federal budget, said Bob Greenstein, president of Washington, D.C.-based Center for Budget and Policy Priorities. Some proponents advocate funding the move by cutting programs like food stamps and Medicaid. But that approach would take money set aside for low-income families and redistribute it upward, exacerbating poverty and inequality, Greenstein said... Jennifer Lin, deputy director of the East Bay Alliance for a Sustainable Economy, is skeptical that basic income can do much lasting good in Oakland. What the city needs is more high-paying jobs and affordable housing, she said... The idea, [Sam Altman, president of Y Combinator] said at the Commonwealth Club, tackles the question not enough people are asking: "What do we as the tech industry do to solve the problem that we're helping to create?"
< article continued at Slashdot's money-for-everyone department
>Read Replies (0)
By EditorDavid from Slashdot's engineers-vs-ageism department
Tech analyst James Governor argues that Amazon's cloud business is "demolishing the cult of youth."
It just announced it is hiring James Gosling, one of the original inventors of Java... Meanwhile James Hamilton continues to completely kick ass in compute, network, and data center design for AWS... He's in his 50s. Tim Bray, one of the inventors of XML, joined Amazon in 2014. He's another Sun alumni. He's 61 now. He still codes. When you sit down with one of the AWS engineering teams you're sitting down with grownups... Adrian Cockcroft joined AWS in October 2016. He graduated in 1982, not 2002. He is VP Cloud Architecture Strategy at AWS, a perfect role for someone that helped drive Netflix's transition from on-prem Java hairball to serious cloud leadership.
Great engineering is not maths -- it involves tradeoffs, wisdom and experience... The company puts such a premium on independent groups working fast and making their own decisions it requires a particular skillset, which generally involves a great deal of field experience. A related trend is hiring seasoned marketing talent from the likes of IBM. Some other older companies have older distinguished engineers because they grew up with the company. AWS is explicitly bringing that experience in. It's refreshing to the see a different perspective on value.
In a later post the analyst acknowledges engineering managers are generally older than their reports, but adds that "If AWS sees value in hiring engineering leadership from folks that are frankly a bit older than the norm in the industry, isn't that worth shining a light on?" In response to the article, XML inventor Tim Bray suggested a new acronym: GaaS. "Geezers as a service," while Amazon CTO Werner Vogels tweeted "There is no compression algorithm for experience."Read Replies (0)
By EditorDavid from Slashdot's flight-funding department
An anonymous reader shares The Guardian's report on plans for a new aircraft that's two-and-a-half times the size of a 747.
Google co-founder Sergey Brin is building a hi-tech airship in Silicon Valley destined to be the largest aircraft in the world, according to multiple sources with knowledge of the project. "It's going to be massive on a grand scale," said one, adding that the airship is likely to be nearly 200 meters [656 feet] long... Brin wants the gargantuan airship, funded personally by the billionaire, to be able to deliver supplies and food on humanitarian missions to remote locations. However, it will also serve as a luxurious intercontinental "air yacht" for Brin's friends and family.
One source put the project's price tag at $100m to $150m. Igor Pasternak, an airship designer who was involved in the early stages of the project, believes airships could be as revolutionary for the trillion-dollar global cargo market as the internet was for communications. "Sergey is pretty innovative and forward looking," he said. "Trucks are only as good as your roads, trains can only go where you have rails, and planes need airports. Airships can deliver from point A to point Z without stopping anywhere in between."
The Guardian quips that while Brin's plans may stay secret for a while, "the good news is that the first flight test of such an enormous aircraft will be impossible to hide."Read Replies (0)
By EditorDavid from Slashdot's edging-out-Edge department
An anonymous reader shares Computerworld's interview with David Michael Smith of Gartner.
"Most enterprises still have a 'standard' browser, and most of the time, that's something from Microsoft. These days it's IE11. But we've found that people actually use Chrome more than IE... It's the most-used browser in enterprise," he said... IE retains a sizable share -- Smith called it "a significant presence" -- largely because it's still required in most companies. "There are a lot of [enterprise] applications that only work in IE, because [those apps] use plug-ins," Smith said, ticking off examples like Adobe Flash, Java and Microsoft's own Silverlight. "Anything that requires an ActiveX control needs IE." Many businesses have adopted the two-prong strategy that Gartner and others began recommending years ago: Keep a "legacy" browser to handle older sites, services and web apps, but offer another for everything else...
Chrome, said Smith, is now the "overwhelming choice" as the modern enterprise browser... Smith wasn't optimistic that Edge would supplant Chrome, even when Windows 10 is widely deployed on corporate computers in the next few years. "Edge certainly will have opportunities" once Windows 10 is the enterprise-standard OS, "but I would say that Chrome has a lot of momentum, largely for the fact that it is so popular on the internet."
While a year ago Chrome and Microsoft's browsers both held 41% of the browser market share, now Chrome holds 59% to just 24% for both IE and Edge combined.Read Replies (0)
By EditorDavid from Slashdot's summer-reading department
ChristianVillum writes: Creative Commons staff-members Sarah Hinchliff Pearson and Paul Stacey have now published Made With Creative Commons, the awaited book they successfully funded on Kickstarter in 2015. "Made With Creative Commons is a book about sharing," explains the book's description. "It is about sharing textbooks, music, data, art, and more. People, organizations, and businesses all over the world are sharing their work using Creative Commons licenses because they want to encourage the public to reuse their works, to copy them, to modify them... But if they are giving their work away to the public for free, how do they make money?
"This is the question this book sets out to answer. There are 24 in-depth examples of different ways to sustain what you do when you share your work. And there are lessons, about how to make money but also about what sharing really looks like -- why we do it and what it can bring to the economy and the world. Full of practical advice and inspiring stories, Made with Creative Commons is a book that will show you what it really means to share."
There's free versions in PDF, ePub, and MOBI formats for downloading from the Creative Commons site, and there's also an edit-able version on Google Docs. A small Danish non-profit publisher named Ctrl+Alt+Delete Books is also publishing print copies of the book under a Creative Commons license "to ensure easy sharing," and is making the book available on Amazon or through the publisher's own web site.Read Replies (0)
By EditorDavid from Slashdot's maximum-modularity department
Long-time Slashdot reader Wycliffe writes:
So I have a travel keyboard that I love. I can carry my OS on a USB flash drive. There are several options for portable battery powered monitors. The only thing I'm missing to have a completely modular laptop is the CPU/MB/RAM... I can get a laptop but it seems silly to carry around a laptop with a keyboard when I never use the keyboard. I don't need a long battery life, if I need more than an hour then I can find somewhere to plug it in...
I've thought about buying a small box like a Zotac and trying to replace the hard drive with a battery -- but does anything like this already exist...? Also, are there any systems like this with decent specs? Most stuff I see like the Intel Compute Stick are horribly underpowered compared to a decent laptop.
The original submission drew some interesting discussion. Another option is "a good x86/x64 tablet that I can install Linux on" -- especially with a decent processor -- or "laptop-like systems that got rid of the screen entirely... I just need the travel CPU part without the added weight of a second keyboard and monitor." So leave your best suggestions in the comments. Is there a good, lightweight computer that's battery-powered without a screen or a keyboard?Read Replies (0)
By EditorDavid from Slashdot's Android-first department
Slashdot reader BrianFagioli has posted an update about his communication with Opera over their plans for iOS. They'd originally tweeted Thursday that "at this moment we don't have a team working on IOS which is why we haven't released any updates." But Friday they clarified that "It does not mean we give up development on iOS. It's just that now our resources are on Android."
They reiterated that point in an email.
We would like to clarify that Opera does not abandon iOS... We plan to keep developing it as Opera Min[i] provides unique features that other browsers do not have, such as data saving for both webpages and video, ad-blocking, built-in newsfeed etc. And people love using it. As most of the engineering resources are now on Android, our update on iOS is slow at this moment. Please bear with us and do stay tune for our next updates.
The tweet Friday also emphasized that "We will update iOS for sure."Read Replies (0)
By EditorDavid from Slashdot's impermanent-storage department
An anonymous reader writes: NAND flash memory chips, the building blocks of solid-state drives (SSDs), include what could be called "programming vulnerabilities" that can be exploited to alter stored data or shorten the SSD's lifespan. According to research published earlier this year, the programming logic powering of MLC NAND flash memory chips (the tech used for the latest generation of SSDs), is vulnerable to at least two types of attacks. The first is called "program interference," and takes place when an attacker manages to write data with a certain pattern to a target's SSD. Writing this data repeatedly and at high speeds causes errors in the SSD, which then corrupts data stored on nearby cells. This attack is similar to the infamous Rowhammer attack on RAM chips. The second attack is called "read disturb" and in this scenario, an attacker's exploit code causes the SSD to perform a large number of read operations in a very short time, which causes a phenomenon of "read disturb errors," that alters the SSD ability to read data from nearby cells, even long after the attack stops.Read Replies (0)