By msmash from Slashdot's security-woes department
Hotstar, India's largest video streaming service with more than 300 million users, disabled support for Apple's Safari web browser last week to mitigate a security flaw that allowed unauthorized usage of its platform, TechCrunch reports, citing sources. From the report: As users began to complain about not being able to use Hotstar on Safari, the company's official support account asserted that "technical limitations" on Apple's part were the bottleneck. "These limitations have been from Safari; there is very little we can do on this," the account tweeted Friday evening. Sources at Hotstar told TechCrunch that this was not an accurate description of the event. Instead, company's engineers had identified a security hole that was being exploited by unauthorized users to access and distribute Hotstar's content -- including the premium catalog. Hotstar, which assumes the global record for most concurrent views on a live event, is operated by Star India, a media conglomerate in India that was part of 20th Century Fox that Disney acquired earlier this year.Read Replies (0)
By EditorDavid from Slashdot's free-as-in-DOS department
FreeDOS was originally created in response to Microsoft's announcement that after Windows 95, DOS would no longer be developed as a standalone operating system, according to Computerworld's 2016 interview with FreeDOS's founder and project coordinator, Jim Hall. "I packaged my own extended DOS utilities, as did others," he explains on the FreeDOS web site, "and we found other public domain or open source programs that replaced other DOS commands."
But that was back in 1994, when Jim Hall was still a college student. He went on to spend 11 years as a CIO in local government and the public sector, and served a year on the GNOME Foundation's board of directors. Now it's been 25 years, and as a prominent free software advocate, Hall contacted Slashdot to remind us that the FreeDOS Project "will turn 25 years old on June 29, 2019. This is a huge milestone for any open source software project, and especially for an open source DOS project."
So in honor of FreeDOS's 25th birthday, he's agreed to answer the 10 best questions submitted by Slashdot readers. Leave your questions in the comments. (Ask as many questions as you'd like, but please, one per comment.) We'll pick the very best questions and forward them along for answers.
What else has Jim been up to? "I've decided I want to focus on coaching, advising, and mentoring IT Leaders," explains his page on the FreeDOS site. "I am starting an IT Executive Consulting practice, IT Mentor Group LLC, to help IT Leaders with strategic planning and organizational turnarounds. I am really excited for this new opportunity. It's not every day that you start your own business!"
Jim Hall is also Slashdot reader #2,985...
< article continued at Slashdot's free-as-in-DOS department
>Read Replies (0)
By EditorDavid from Slashdot's tiers-in-their-eyes department
An anonymous reader quotes I Programmer:
In an interview by Jan Vollmer for the German online magazine site t3n, Mozilla CEO Chris Beard has confirmed plans to launch Firefox Premium later this year. Answering Vollmer's questions about how Mozilla is currently monetized Beard answered:
We are working on three sources of income and we want to rebalance them: We have Search, but we also make content. We have a company called Pocket that discovers and curates content. There is also sponsored content. This is the content business. And the third one we are working on and developing as we think about products and services are premium levels for some of these offerings. You can imagine something like a secure storage solution.
Prompted to say more about a premium offer, he continued:
We also tested VPN. We can tell if you're on a public Wi-Fi network and want to do online banking and say, "Wow, you really should use VPN." You can imagine we'll offer a solution that gives us all a certain amount of free VPN Bandwidth and then offer a premium level over a monthly subscription. We want to add more subscription services to our mix and focus more on the relationship with the user to become more resilient in business issues.
Later in the interview, when asked when the subscription services might start Beard tries to be reassuring, saying:
So, what we want to clarify is that there is no plan to charge money for things that are now free. So we will roll out a subscription service and offer a premium level. And the plan is to introduce the first one this year, towards fall. We aim for October.Read Replies (0)
By EditorDavid from Slashdot's unscheduled-updates department
An anonymous reader quotes the Associated Press:
Boeing Co. planned to wait three years to fix a non-working safety alert on its 737 Max aircraft and sped up the process only after the first of two deadly crashes involving the planes. The company acknowledged that it originally planned to fix a cockpit warning light in 2020 after two key U.S. lawmakers disclosed the company's timetable Friday...
The feature, called an angle of attack or AoA alert, warns pilots when sensors measuring the up-or-down pitch of the plane's nose relative to oncoming air might be wrong. The sensors malfunctioned during a Lion Air flight in Indonesia in October and an Ethiopian Airlines flight from Addis Ababa in March, causing anti-stall software to push the planes' noses down. Pilots were unable to regain control, and both planes crashed, killing everyone aboard -- 346 people in all. It is not clear whether either crash could have been prevented if the cockpit alert had been working... Boeing and the head of the FAA both say the alert is not critical for safety. Boeing says all its planes, including the Max, give pilots all the flight information -- including speed, altitude and engine performance -- that they need to fly safely.
The pilots' union at American Airlines expressed unhappiness about the matter, however, and said Boeing's assurance about the cockpit alert was a factor in the union standing behind Boeing after the first Max crash, in October. Jason Goldberg, an American Airlines pilot and union spokesman, said Boeing told pilots that the alert could pinpoint a faulty sensor even on the ground, before takeoff. "That is one of the things that made us confident initially to make the statement that we were happy to continue to fly the aircraft," he said. "It turned out later that that wasn't true."Read Replies (0)
By EditorDavid from Slashdot's opting-out department
Police investigators have used popular online DNA databases to solve at least 50 open murder and rape cases, reports the Associated Press. But now, "complaints about invasion of privacy have produced a backlash, leading the Florida-based database known as GEDmatch to change its policies."
The nonprofit website's previous practice was to permit police to use its database only to solve homicides and sexual assaults. But its operators granted a Utah police department an exception to find the assailant who choked unconscious a 71-year-old woman practicing the organ alone in church. The assailant's DNA profile led detectives to the great-uncle of a 17-year-old boy. The teen's DNA matched the attacker's, and he was arrested. GEDmatch soon updated its policy to establish that law enforcement only gets matches from the DNA profiles of users who have given permission.
That closed off more than a million profiles. More than 50,000 users agreed to share their information -- a figure that the company says is growing. The 95% reduction in GEDmatch profiles available to police will dramatically reduce the number of hits detectives get and make it more difficult to solve crimes, said David Foran, a forensics biology professor at Michigan State University...
The American Civil Liberties Union and other critics say granting law enforcement exceptions that violate a website's policies is a slippery slope. They also believe broad genetic searches violate suspects' constitutional rights. While many people instinctively support the technique if used to catch serial killers or rapists, they might feel differently about their DNA profiles being analyzed to pursue burglars and shoplifters.
The site's co-founder tells the AP they've now sent an email to users encouraging them to opt-in to police searches.Read Replies (0)
By EditorDavid from Slashdot's performance-review department
The editor of Dice's "Insights" blog argues that Apple's Swift language "has begun to eclipse Objective-C in a key way."
Apple was never shy about prioritizing Swift. As one developer on Twitter pointed out, once Swift dropped, Objective-C documentation and tutorials quickly started vanishing. Since then, the company has iterated on Swift and continued to shy away from Objective-C (except when necessary, such as supporting libraries and frameworks). Swift 5 made an important step forward with ABI stability, which means Swift code worked directly with a binary interface. Before ABI stability, the only safeguard was code was compiled on the same compiler, a fingers-crossed approach Apple really had no option for avoiding...
Swift's performance has also improved. For some time, when compared to Objective-C, Swift compiled slower. Because of ABI stability, performance has improved, and compile-time differences have vanished... Apps written in version 5 are also roughly 10-15 percent smaller than Objective-C apps. Bridging performance also improved.
A lot has gone into Swift 5 to make it more stable, and those improvements have resulted in performance parity with Objective-C... It's time to seriously consider the move to Swift.
In 2017 the creator of Swift (and a self-described "long-time reader/fan of Slashdot") began a five-month stint running Tesla's Autopilot team -- and stopped by to answer questions from Slashdot readers.Read Replies (0)
By EditorDavid from Slashdot's wicked-witches department
"So that Blair Witch reboot wasn't very good. But maybe a video game could change things up?" writes Engadget. Mashable has more details:
Remember The Blair Witch Project, that viral horror sensation that made waves before social media was even a thing? Well, it's back. And it's an Xbox game.
Microsoft debuted a first look trailer for Blair Witch during its annual E3 press conference, and it's coming from Layers of Fear developer Bloober. We don't know much. It returns you to the Black Hills Forest, the site of the movie. There's a camcorder. Also, a dog.
I fear for that dog.
Kotaku writes that "According to the description the game will be a 'first-person, story-driven psychological horror game based on the cinematic lore of Blair Witch.'"Read Replies (0)
By EditorDavid from Slashdot's you'll-never-forget-Johnny-Mnemonic department
An anonymous reader quotes VentureBeat:
CD Projekt Red showed off a new demo of Cyberpunk 2077 at Microsoft's Xbox press event at the Electronic Entertainment Expo, the big game trade show in Los Angeles. And actor Keanu Reeves surprised everyone by coming out on stage to say that he would be in it. The trailer reveals one of the key characters of Cyberpunk 2077, Johnny Silverhand. The legendary rockerboy is played by Reeves (The Matrix trilogy, John Wick series, Johnny Mnemonic). In addition to his appearance and voice, Reeves is also providing full-body motion capture for the character. The game debuts on April 16, 2020...
We all know that CD Projekt Red has a hell of a game in Cyberpunk 2077, which the company revealed in a 48-minute gameplay video last year. The video showed an amazingly detailed open world, as the narrator said the ambition was to create "the most believable city in any open world to date." I interpreted that as a shot across the bow of Rockstar Games and the Grand Theft Auto and Red Dead Redemption teams, as Cyberpunk 2077 was as incredibly hyper detailed as any Rockstar game I've ever seen. It's the only game I've seen with such density of interaction and the realism integrity of Grand Theft Auto V and Red Dead Redemption 2....
Last year's demo of the upcoming game promised deeper the details of the open world, with fascinating futuristic touches such as cranial chip implants, robotic body modifications, hyperfast video communications, and surveillance drones. The dystopic city seemed like a living thing, and the choices for getting things done seemed like they had no limits. You could be as peaceful or violent as you wished... It's a mature game, aimed at adults who can deal with subjects like nudity, drugs, and murder.Read Replies (0)
By EditorDavid from Slashdot's reviewing-the-reviewers department
An anonymous reader quotes Slate:
The overall argument of Billion Dollar Bully, the new documentary about Yelp released on Amazon and iTunes in May, is that Yelp extorts small business owners for advertising fees in return for helping to manage and improve reviews on their platform... Yelp has fought back against the allegations made in the film, arguing that "There has never been a connection between ratings and reviews on Yelp and buying advertising...." But the issue for small business owners has always been broader than advertising: Local businesses feel that Yelp offers no due process to resolve disputes and misunderstandings. That's because the company's standard position is to absolve itself of any responsibility to get involved....
Yelp is combating the claims made in the film by purchasing the domain BillionDollarBully.com and redirecting it to a Yelp page that explains that the company does not extort local businesses to manipulate ratings.
The Hustle argues that despite "legions" of anecdotal evidence from business owners, "the linkage between these two things ultimately can't be proven without transparency around Yelp's filtering algorithm." This is apparently leaving some restauranteurs feeling powerless and angry:
In isolated bids to circumvent the "oppression" of online reviews, business owners have plunked "NO YELPERS" signs in their windows, shamed rude reviewers on Instagram, and launched anti-Yelp websites. Dan Neves, a waiter at a fine dining establishment in Austin, Texas, created YELP BULLIES EXPOSED, a private Facebook group that tracks down rude Yelpers and sends them a one-pound bag of animal feces... "I've had friends get fired over bad Yelp reviews, even if the review was untrue," says Neves.
< article continued at Slashdot's reviewing-the-reviewers department
>Read Replies (0)
By EditorDavid from Slashdot's one-Ring-to-rule-them-all department
"Police departments are piggybacking on Ring's network to build out their surveillance networks..." reports CNET, adding that Ring "helps police avoid roadblocks for surveillance technology, whether a lack of funding or the public's concerns about privacy."
While residential neighborhoods aren't usually lined with security cameras, the smart doorbell's popularity has essentially created private surveillance networks powered by Amazon and promoted by police departments. Police departments across the country, from major cities like Houston to towns with fewer than 30,000 people, have offered free or discounted Ring doorbells to citizens, sometimes using taxpayer funds to pay for Amazon's products.
While Ring owners are supposed to have a choice on providing police footage, in some giveaways, police require recipients to turn over footage when requested. Ring said Tuesday that it would start cracking down on those strings attached...
While more surveillance footage in neighborhoods could help police investigate crimes, the sheer number of cameras run by Amazon's Ring business raises questions about privacy involving both law enforcement and tech giants... More than 50 local police departments across the US have partnered with Ring over the last two years, lauding how the Amazon-owned product allows them to access security footage in areas that typically don't have cameras -- on suburban doorsteps. But privacy advocates argue this partnership gives law enforcement an unprecedented amount of surveillance. "What we have here is a perfect marriage between law enforcement and one of the world's biggest companies creating conditions for a society that few people would want to be a part of," said Mohammad Tajsar, staff attorney at the ACLU of Southern California...
< article continued at Slashdot's one-Ring-to-rule-them-all department
>Read Replies (0)
By EditorDavid from Slashdot's mistaken-identities department
"I am not saying that Neal Stephenson is Satoshi Nakamoto," writes the features editor at Reason. "What I am saying is: Would it really be surprising if he were?"
This prompted a strong rebuke from CCN Markets:
The article starts, "Consider the possibility that Neal Stephenson is Satoshi Nakamoto, the pseudonymous inventor of Bitcoin."
Let's not do that. That's like saying let's consider the possibility that anyone at all is Satoshi Nakamoto. In one respect, it doesn't matter. In another, it's exhausting the lengths people will go with this... if someone doesn't advance the idea that they are Satoshi Nakamoto themselves, there's no reason to put that sort of grief upon them. If someone is just brilliant, you can tell them that without insinuating that they invented the blockchain and Bitcoin.... You don't just off-handedly claim someone might be Satoshi Nakamoto. There needs to be a reason.
Reason had written that "For nearly three decades, Stephenson's novels have displayed an obsessive, technically astute fascination with cryptography, digital currency, the social and technological infrastructure of a post-government world, and Asian culture," and that the science fiction author "described the core concepts of cryptocurrency years before Bitcoin became a technical reality."
They also note later that "Satoshi Nakamoto's initials are SN; Neal Stephenson's are NS."
Coin Telegraph writes that the question "has seemingly come to a head over the last couple of months, as a number of people have gone a step further" -- not only publicly claiming to be the creator of bitcoin, but even filing copyright and trademark claims. Their list of "Satoshi posers" includes Craig Wright, Wei Liu, and the brother of Colombian drug lord Pablo Escobar. (And another new theory also suggests "global criminal kingpin" Paul Le Roux, the creator of encryption software E4M and TrueCrypt.Read Replies (0)
By EditorDavid from Slashdot's measuring-medicines department
In a controversial pharmaceutical story, this week the Washington Post reported "that Pfizer had evidence that [their drug] Enbrel could be useful in Alzheimer's disease, and didn't do anything with it," according to a blog post from Science magazine:
This came from an analysis of insurance claim data: a set of about 127,000 patients with an Alzheimer's diagnosis and a set of 127,000 without. It turns out that more people in the second group had been treated with Enbrel (302 patients) versus the first (110 patients). The Post obtained internal Pfizer documents discussing this and whether it was worth further investigation, and the company had concluded it wasn't.
Why wouldn't they? Several reasons. The biggest, though, is that no one undertakes an Alzheimer's trial lightly. The clinical success rate for Alzheimer's trials is arguably zero per cent... The article does note that Pfizer was getting out of Alzheimer's in general at the time (2015), but it also explicitly makes clear that Enbrel was nearing the end of its patent lifetime and brings up the idea that Pfizer deliberately took a pass because they weren't going to reap as much profit. Well, you'll have to trust me on this, it's a little out there, but drug companies don't generally walk away from big profits if they can help it. I've had my problems with Pfizer over the years, but I have never called into question their ability to make money. If Pfizer really thought that this was a promising lead into an Alzheimer's therapy, they would have found a way to turn a profit off of it.
The blogger also argues that Pfizer's data represented "a noticeable-but-small signal, and by itself (I cannot state this strongly enough), it would not be enough for anyone to launch an Alzheimer's trial."Read Replies (0)
By EditorDavid from Slashdot's abandoned-by-Oracle department
An anonymous reader reminded us about the open source reimplementation of Java Web Start, a framework originally developed by Sun Microsystems that allowed users to more easily run Java applications in an applet-like sandbox using a web browser.
Java Web Start (JWS) was deprecated in Java 9, and starting with Java 11, Oracle removed JWS from their JDK distributions. This means that clients that have the latest version of Java installed can no longer use JWS-based applications. And since public support of Java 8 has ended in Q2/2019, companies no longer get any updates and security fixes for Java Web Start.
This is why we decided to create OpenWebStart, an open source reimplementation of the Java Web Start technology. Our replacement will provide the most commonly used features of Java Web Start and the JNLP standard, so that your customers can continue using applications based on Java Web Start and JNLP without any change.
Red Hat is apparently involved in its parent project, IcedTea-Web, which it distributes as part of their Windows OpenJDK distribution.Read Replies (0)