By BeauHD from Slashdot's end-is-nigh department
Researchers with Netlab 360 warn that attackers are mass-exploiting "Drupalgeddon2," the name of an extremely critical vulnerability Drupal maintainers patched in late March. The exploit allows them to take control of powerful website servers. Ars Technica reports: Formally indexed as CVE- 2018-7600, Drupalgeddon2 makes it easy for anyone on the Internet to take complete control of vulnerable servers simply by accessing a URL and injecting publicly available exploit code. Exploits allow attackers to run code of their choice without having to have an account of any type on a vulnerable website. The remote-code vulnerability harkens back to a 2014 Drupal vulnerability that also made it easy to commandeer vulnerable servers.
Drupalgeddon2 "is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses," Daniel Cid, CTO and founder of security firm Sucuri, told Ars. "Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can." China-based Netlab 360, meanwhile, said at least three competing attack groups are exploiting the vulnerability. The most active group, Netlab 360 researchers said in a blog post published Friday, is using it to install multiple malicious payloads, including cryptocurrency miners and software for performing distributed denial-of-service attacks on other domains. The group, dubbed Muhstik after a keyword that pops up in its code, relies on 11 separate command-and-control domains and IP addresses, presumably for redundancy in the event one gets taken down.Read Replies (0)
By BeauHD from Slashdot's rest-assured department
According to a survey of over 350 Tesla owners, Tesla batteries retain over 90 percent of their charging power after 160,000 miles. The EVs dropped only 5 percent of their capacity after 50,000 miles, but lose it at a much slower rate after that. Most Tesla vehicles will have over 90 percent of their charging power after around 185,000 miles, and 80 percent capacity after 500,000. Engadget reports: Tesla has no battery degradation warranty on its Model S and X luxury EVs, but guarantees that the Model 3 will retain 70 percent battery capacity after 120,000 miles (long-range battery) and 100,000 miles (shorter-range battery). That's a bit more generous than the one Nissan offers on the Leaf (66 percent over 100,000 miles) for instance. According to the survey data, Tesla will easily be able to meet this mark.Read Replies (0)
By BeauHD from Slashdot's banned-material department
Pornhub said in February that it was banning AI-generated deepfake videos, but BuzzFeed News found that it's not doing a very good job at enforcing that policy. The media company found more than 70 deepfake videos -- depicting graphic fake sex scenes with Emma Watson, Scarlett Johanson, and other celebrities -- were easily searchable from the site's homepage using the search term "deepfake." From the report: Shortly after the ban in February, Mashable reported that there were dozens of deepfake videos still on the site. Pornhub removed those videos after the report, but a few months later, BuzzFeed News easily found more than 70 deepfake videos using the search term "deepfake" on the site's homepage. Nearly all the videos -- which included graphic and fake depictions of celebrities like Katy Perry, Scarlett Johansson, Daisy Ridley, and Jennifer Lawrence -- had the word "deepfake" prominently mentioned in the title of the video and many of the names of the videos' uploaders contained the word "deepfake." Similarly, a search for "fake deep" returned over 30 of the nonconsensual celebrity videos. Most of the videos surfaced by BuzzFeed News had view counts in the hundreds of thousands -- one video featuring the face of actor Emma Watson garnered over 1 million views. Some accounts posting deepfake videos appeared to have been active for as long as two months and have racked up over 3 million video views. "Content that is flagged on Pornhub that directly violates our Terms of Service is removed as soon as we are made aware of it; this includes non-consensual content," Pornhub said in a statement. "To further ensure the safety of all our fans, we officially took a hard stance against revenge porn, which we believe is a form of sexual assault, and introduced a submission form for the easy removal of non-consensual content." The company also provided a link where users can report any "material that is distributed without the consent of the individuals involved."Read Replies (0)
By BeauHD from Slashdot's hand-selected department
The Netherlands Gaming Authority has published a study it conducted of 10 video games that reward players with loot boxes, packages players can sometimes buy with real money that contain random-in game rewards, and found that 4 of the 10 games it studied violated the Dutch Gaming Act. "It determined that loot boxes are, in general, addictive and that four of the games allowed players to trade items they'd won outside of the game, which means they've got a market value," reports Motherboard. From the report: According to the study, the authorities picked games "based on their popularity on a leading Internet platform that streams videos of games and players." Motherboard has reached out to the Gaming Authority for clarification on both the games it picked (the study doesn't name them) and the method by which it picked them, but did not receive an immediate reply. However, Twitch is the most popular way gamers watch others play and it's a good bet that Twitch is how the Gaming Authority focused its attention. Six of the ten games the Gaming Authority studied aren't in violation of Dutch law. "With these games, there is no opportunity to sell the prizes won outside of the game," the press release said. "This means that the goods have no market value and these loot boxes do not satisfy the definition of a prize in Section 1 of the Betting and Gaming Act."
The four others though offer the opportunity for players to trade items outside of the game and therefore meet the the Netherlands definition of gambling. To come into compliance, those games need to make their loot boxes less interesting to open. The Gaming Authority wants the companies to "remove the addiction-sensitive elements ('almost winning' effects, visual effects, ability to keep opening loot boxes quickly one after the other and suchlike)...and to implement measures to exclude vulnerable groups or to demonstrate that the loot boxes on offer are harmless."Read Replies (0)
By BeauHD from Slashdot's open-book department
Apple's FoundationDB company announced on Thursday that the FoundationDB core has been open sourced with the goal of building an open community with all major development done in the open. The database company was purchased by Apple back in 2015. As described in the announcement, FoundationDB is a distributed datastore that's been designed from the ground up to be deployed on clusters of commodity hardware. Mac Rumors reports: By open sourcing the project to drive development, FoundationDB is aiming to become "the foundation of the next generation of distributed databases: "The vision of FoundationDB is to start with a simple, powerful core and extend it through the addition of "layers". The key-value store, which is open sourced today, is the core, focused on incorporating only features that aren't possible to write in layers. Layers extend that core by adding features to model specific types of data and handle their access patterns. The fundamental architecture of FoundationDB, including its use of layers, promotes the best practices of scalable and manageable systems. By running multiple layers on a single cluster (for example a document store layer and a graph layer), you can match your specific applications to the best data model. Running less infrastructure reduces your organization's operational and technical overhead." The source for FoundationDB is available on Github, and those who wish to join the project are encouraged to visit the FoundationDB community forums, submit bugs, and make contributions to the core software and documentation.Read Replies (0)
By BeauHD from Slashdot's last-ditch-effort department
An anonymous reader quotes a report from Ars Technica: According to reports from Bloomberg and E&E News, the Trump Administration has been exploring another way to help coal and nuclear generators: the Defense Production Act of 1950. The Act was passed under President Truman. Motivated by the Korean War, it allows the president broad authority to boost U.S. industries that are considered a priority for national security. On Thursday, E&E News cited sources that said "an interagency process is underway" at the White House to examine possible application of the act to the energy industry. The goal would be to give some form of preference to coal and nuclear plants that are struggling to compete with cheap natural gas.
If the DOE decides not to invoke Section 202(c), the president may turn to the Defense Production Act. According to a 2014 summary report (PDF) from the Congressional Research Service (CRS), the act would allow the president to "demand priority for defense-related products," "provide incentives to develop, modernize, and expand defense productive capacity," and establish "a voluntary reserve of trained private sector executives available for emergency federal employment," among other powers. (Some even more permissive applications of the Act were terminated in 1957.) Using the Act to protect coal and nuclear facilities would almost certainly be more controversial, as the link between national defense and keeping uneconomic coal generators running is not well-established. The Administration could apply the Act to "provide or guarantee loans to industry" for material-specific deliveries and production. "The president may also authorize the purchase of 'industrial items or technologies for installation in government or private industrial facilities,'" reports Ars.Read Replies (0)
By BeauHD from Slashdot's cut-short department
Intel is planning to shut down the New Devices Group (NDG), and cease development on the Vaunt smart glasses project that was revealed earlier this year. The glasses are unique in that they use retinal projection to put a display in your eyeball. "There is no camera to creep people out, no button to push, no gesture area to swipe, no glowing LCD screen, no weird arm floating in front of the lens, no speaker, and no microphone," reports The Verge.
Intel issued a statement announcing the plans: "Intel is continuously working on new technologies and experiences. Not all of these develop into a product we choose to take to market. The Superlight [the codename for Vaunt] project is a great example where Intel developed truly differentiated, consumer augmented reality glasses. We are going to take a disciplined approach as we keep inventing and exploring new technologies, which will sometimes require tough choices when market dynamics don't support further investment." From the report: It was always unclear how precisely Intel intended to bring the Vaunt glasses to market, though sources indicated that Intel wanted to find a partner with retail expertise to partner with. Jerry Bautista, the lead for Vaunt, told me back in December that Intel was "working with key ecosystem hardware providers -- whether they're frames or lenses and things like that. Because we believe there's a whole channel to people who wear glasses that's already there." The story was first reported by The Information.Read Replies (0)
By BeauHD from Slashdot's blue-screen department
An anonymous reader quotes a report from The Daily Beast: Companies across the nation are now using some rudimentary artificial intelligence, or AI, systems to screen out applicants before interviews commence and for the interviews themselves. As a Guardian article from March explained, many of these companies are having people interview in front of a camera that is connected to AI that analyzes their facial expressions, their voice and more. One of the top recruiting companies doing this, Hirevue, has large customers like Hilton and Unilever. Their AI scores people using thousands of data points and compares it to the scores of the best current employees. But that can be unintentionally problematic. As Recode pointed out, because most programmers are white men, these AI are actually often trained using white male faces and male voices. That can lead to misperceptions of black faces or female voices, which can lead to the AI making negative judgments about those people. The results could trend sexist or racist, but the employer who is using this AI would be able to shift the blame to a supposedly neutral technology. Companies are also having people do their first interview with an AI chatbot. "One popular AI that does this is called Mya, which promises a 70 percent decrease in hiring time," reports The Daily Beast. "Any number of questions these chatbots could ask could be proxies for race, gender or other factors."Read Replies (0)
By EditorDavid from Slashdot's tomorrowland department
Silicon Valley angel investor Jason Calacanis just announced the "Openbook Challenge," a competition to create a replacement for Facebook.
"Over the next three months, 20 finalists will compete for seven $100,000 incubator grants," explains long-time Slashdot reader reifman. "Their goal is to find startups with a sustainable business model e.g. subscriptions, reasonable advertising, cryptocurrency. etc. And they want it to be 'good for society.'"
Jason Calacanis writes:
All community and social products on the internet have had their era, from AOL to MySpace, and typically they're not shut down by the government -- they're slowly replaced by better products. So, let's start the process of replacing Facebook... We already have two dozen quality teams cranking on projects and we hope to get to 100...
This is not an idea or business plan competition. We're looking for teams that can actually build a better social network, and we'll be judging teams primarily based upon their ability to execute... Keep in mind, that while ideas really matter, Zuckerberg has shown us, execution matters more.
Calacanis has even created a discussion group for the competition...on Facebook. And his announcement includes a famous quote from Mark Zuckerberg.
"Don't be too proud to copy."Read Replies (0)
By EditorDavid from Slashdot's publicly-owned-infrastructure department
Universal Basic Incomes aren't really the issue, argues Fast Company staff writer Ben Schiller. "It's how you find $2 trillion to pay for it."
One answer may come in the form of "universal basic assets" (UBA). UBA can mean a fund of publicly-owned infrastructure or revenue streams -- like Alaska's Permanent Fund which pays residents up to $2,000 a year from state oil taxes. Or, it can mean actual assets that drive down the cost of living, like tuition-free education and free public broadband. There are lots of proposals going around now that fall into these two camps...
Entrepreneur Peter Barnes has called for the creation of a Sky Trust that would both limit the amount of carbon dioxide in the atmosphere and provide revenue from carbon taxes. These "carbon dividends" solve two problems at once: income inequality and climate change. He would also tax corporations for using natural resources, on the thinking that the atmosphere, minerals and fresh water around us represent a "joint inheritance." He would also tax speculative financial transactions and use of the electromagnetic spectrum. The U.K. think-tank IPPR recently proposed a similar "sovereign wealth fund owned by and run in the interests of citizens." It would finance the fund with "a scrip tax of up to 3% requiring businesses to issue equity to the government, or pay a tax of equivalent value," sales of land owned by the U.K. monarchy, and higher inheritance taxes.
Blockchain can help. Blockchain technology could offer a way to divide publicly-owned infrastructure so it's genuinely publicly-owned. We could issue tokenized securities in the assets around us giving everyone a stake in their environment. Then they could trade those tokens on exchanges, like they were cryptocurrencies, or use the tokens as collateral on loans.Read Replies (0)
By EditorDavid from Slashdot's social-network-effect department
An anonymous reader quotes the New York Times:
Riots and lynchings around the world have been linked to misinformation and hate speech on Facebook, which pushes whatever content keeps users on the site longest -- a potentially damaging practice in countries with weak institutions and histories of social instability. Time and again, communal hatreds overrun the newsfeed unchecked as local media are displaced by Facebook and governments find themselves with little leverage over the company. Some users, energized by hate speech and misinformation, plot real-world attacks.
A reconstruction of Sri Lanka's descent into violence, based on interviews with officials, victims and ordinary users caught up in online anger, found that Facebook's newsfeed played a central role in nearly every step from rumor to killing. Facebook officials, they say, ignored repeated warnings of the potential for violence, resisting pressure to hire moderators or establish emergency points of contact... Sri Lankans say they see little evidence of change. And in other countries, as Facebook expands, analysts and activists worry they, too, may see violence.
A Facebook spokeswoman countered that "we remove such content as soon as we're made aware of it," and said they're now trying to expand those teams and investing in "technology and local language expertise to help us swiftly remove hate content." But one anti-hate group told the Times that Facebook's reporting tools are too slow and ineffective.
"Though they and government officials had repeatedly asked Facebook to establish direct lines, the company had insisted this tool would be sufficient, they said. But nearly every report got the same response: the content did not violate Facebook's standards."Read Replies (0)
By EditorDavid from Slashdot's smiles-on-the-boxes department
Many of Amazon's warehouse workers have to buy their groceries with food stamps through America's Supplemental Nutrition Assistance Program, reports the Intercept.
In Arizona, new data suggests that one in three of the company's own employees depend on SNAP to put food on the table. In Pennsylvania and Ohio, the figure appears to be around one in 10. Overall, of five states that responded to a public records request for a list of their top employers of SNAP recipients, Amazon cracked the top 20 in four.
Though the company now employs 200,000 people in the United States, many of its workers are not making enough money to put food on the table... "The average warehouse worker at Walmart makes just under $40,000 annually, while at Amazon would take home about $24,300 a year," CNN reported in 2013. "That's less than $1,000 above the official federal poverty line for a family of four."
In addition Amazon uses temp workers who may also be on food stamps, notes the article, adding that in 2017 Amazon received $1.2 billion in state and local subsidies, while effectively paying no federal income tax.
"The American people are financing Amazon's pursuit of an e-commerce monopoly every step of the way: first, with tax breaks, subsidies, and infrastructure improvements meant to lure fulfillment centers into town, and later with federal transfers to pay for warehouse workers' food."Read Replies (0)
By EditorDavid from Slashdot's paying-with-plastic department
There's a new trend starting: restaurants that won't accept cash. USA Today reports:
Restaurant owners say ordering is faster from customers who slap down plastic instead of dollars, cutting a few seconds out of the process. But most of the benefits appear to accrue to the restaurants: less time taken counting bills, reduced pilferage, no armored-car fees or fear of stickups. It's a risky strategy. For starters, upscale Millennials -- among the most coveted of diners because of their youth and affluence -- prefer to pay in cash, according to Bankrate.com data. Also, more than a third of Americans between the ages of 18 and 37 do not have a credit card. For customers, patronizing restaurants that don't take cash means one less payment option when they need a quick meal during an all-too-short lunch hour. Plus, it raises questions about whether it discriminates against cardless teens and the poor... A committee in Chicago is weighing Alderman Edward Burke's proposed requirement that merchants accept cash. Massachusetts has had a Discrimination Against Cash Buyers rule on the books since 1978... Lana Swartz, co-editor of the book Paid: Tales of Dongles, Checks, and Other Money Stuff, says "One of the cornerstones of American capitalism is everyone's money is equal."
Meanwhile, the Associated Press reports:
< article continued at Slashdot's paying-with-plastic department
>Read Replies (0)
By EditorDavid from Slashdot's does-Reddit-need-editing? department
An anonymous reader quotes former Reddit product head Dan McComas:
I think, ultimately, the problem that Reddit has is the same as Twitter and Discord. By focusing on growth and growth only and ignoring the problems, they amassed a large set of cultural norms on their platforms. Their cultural norms are different for every community, but they tend to stem from harassment or abuse or bad behavior, and they have worked themselves into a position where they're completely defensive... I really don't believe it's possible for either of them to catch up on the problem. I think the best that they can do is figure out how to hide this behavior from an average user.
I don't see any way that it's going to improve. I have no hope for either of those platforms. I just think that the problems are too ingrained, in not only the site and the site's communities and users but in the general understanding and expectations of the public... I don't think that they're going to be able to turn these things around...
I fundamentally believe that my time at Reddit made the world a worse place. And that sucks, and it sucks to have to say that about myself... I've got a lot of advice for start-ups, and it's not very fucking complicated. It's just: Think about the impact that you want to have on your users and on the people consuming your content and do the right thing... Don't be idiots about it. You're people, you see what's going on, you see trends that are forming, just fucking do something. It's not that hard.Read Replies (0)
By EditorDavid from Slashdot's you're-welcome department
Eventbrite lets you sell tickets online for your events. An anonymous reader reports on Eventbrite's newly-updated merchant agreement.
The merchant agreement specifies that you "grant permission to Eventbrite and its agents to enter onto and remain on the premises (including real property, fixtures, equipment, or other personal property) where your event is hosted...with personnel and equipment for the purpose of photographing and recording the Premises, both internally and externally in connection with the production of digital content on the date of your event(s) and any other dates reasonably requested by Eventbrite (for example, during setup and breakdown for the event) (the 'Shoot')."
But in addition, you're also granting them permission to record and use footage of all your attendees and speakers, "in any manner, in any medium or context now known or hereafter developed, without further authorization from, or compensation to." And after that Eventbrite "will own all rights of every nature whatsoever in and to all films and photographs taken and recordings made hereunder, including without limitation of all copyrights therein and renewals and extensions thereof, and the exclusive right to use and exploit the Recordings in any manner, in any medium or context now known or hereafter developed..." You're even responsible for obtaining all the clearances and licenses "necessary to secure Eventbrite the permissions and rights described above," and you also release Eventbrite from any claims that may arise regarding use of the Recordings, "including, without limitation, any claims of defamation, invasion of privacy, or infringement of rights of likeness, publicity or copyright."
"So, yeah. No," tweeted Ars Technica's national security editor. "Eventbrite is now off my list for recommended event organizing tools."Read Replies (0)
By EditorDavid from Slashdot's 24-years-later department
Long-time Slashdot reader williamyf writes:
You may think of it as the end of an era, or as the final nail in the coffin. Today Lycos, one of the pioneering web portals of the '90s, notified all it's users that "On May 15th, 2018, we will no longer be offering free Lycos Mail accounts." They have been very upfront about the reason:
"Q: Why are you doing this?
A: Providing mailboxes costs us money, and we no longer make enough from ads to support the cost of the mailboxes."
At it's heyday, Lycos was acquired by Terra Networks (a division of Telefonica), then sold to Daum Communications in Korea and then to Ybrant Digital in India. The search engine and other parts (like Angelfire, Tripod and Gamesville) continue working. In the meantime, instructions are provided to download all your mail via POP3 for offline archiving, or to upgrade to Paid Accounts.Read Replies (0)