By EditorDavid from Slashdot's magical-map-making department
After Saturday's story about the code samples in the new movie Arrival, an anonymous reader reminded us of this classic essay at Nmap.org:
For reasons unknown, Hollywood has decided that Nmap is the tool to show whenever hacking scenes are needed... While Nmap had been used in some previous obscure movies, it was The Matrix Reloaded which really turned Nmap into a movie star!
Nmap.org has a tradition -- the first person to notify them when new Nmap appears in a new movie wins a signed copy of Nmap Network Scanning "or a T-shirt of your choice from the Zero Day Clothing Nmap Store." (The site adds that "movie script writers, artists, and digital asset managers are also welcome to email Fyodor for advice.") And Nmap.org just added another film, Oliver Stone's new movie about Edward Snowden.
In one early scene, Snowden is given a network security challenge at a CIA training class which is expected to take 5 to 8 hours. But with the help Nmap and a custom Nmap NSE script named ptest.nse, Snowden stuns the professor by completing everything in 38 minutes!
According to the site, even the movie's trailer features Nmap. Anybody else have their own favorite stories about code in the movies?Read Replies (0)
By EditorDavid from Slashdot's car-karma department
Friday EE Times shared the story of a Tesla crash that occurred during a test drive. "The salesperson suggested that my friend not brake, letting the system do the work. It didn't..." One Oregon news site even argues autopiloted Tesla's may actually have a higher crash rate.
But there's also been stories about Teslas that have saved lives -- like the grateful driver whose Model S slammed on the brakes to prevent a collision with a pedestrian, and another man whose Tesla drove him 20 miles to a hospital after he'd suddenly experienced a pulmonary embolism. (Slate wrote a story about the incident titled "Code is My Co-Pilot".) Now an anonymous Slashdot reader asks:
How many successes has the autopilot had in saving life and reducing damage to property? What is the ratio of these successes to the very public failures?
I'd be curious to hear what Slashdot readers think. If you add it all up, are self-driving cars keeping us safer -- or just making us drive more recklessly?Read Replies (0)
By EditorDavid from Slashdot's adult-password-finder department
"Almost every account password was cracked, thanks to the company's poor security practices," reports ZDNet -- even for "deleted" accounts. An anonymous reader quotes their article:
The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the "world's largest sex and swinger community [and] also includes over 15 million "deleted" accounts that weren't purged from the databases. On top of that, 62 million accounts from Cams.com, and 7 million from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company. The data accounts for two decades' worth of data from the company's largest sites, according to breach notification LeakedSource, which obtained the data... The three largest site's SQL databases included usernames, email addresses, and the date of the last visit, and passwords, which were either stored in plaintext or scrambled with the SHA-1 hash function, which by modern standards isn't cryptographically as secure as newer algorithms.
The attack apparently coincides with the discovery of "a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on the web server. " Ironically, Friend Finder Networks doesn't even own Penthouse.com anymore. They sold the site to a new owner last February.Read Replies (0)
By EditorDavid from Slashdot's expired-playback-patents department
Long-time Slashdot reader jrincayc shares news from Red Hat's Fedora Engineering Manager, Tom Callaway. On the Fedora-legal mailing list, Callaway announced:
Red Hat has determined that it is now acceptable for Fedora to include MP3 decoding functionality (not specific to any implementation, or binding by any unseen agreement). Encoding functionality is not permitted at this time.
And the same day Christian Schaller announced on the Gnome blog that mp3 playback would be supported in Fedora Workstation 25.
You should be able to download the mp3 plugin on Day 1 through GNOME Software or through the missing codec installer in various GStreamer applications. For Fedora Workstation 26 I would not be surprised if we decide to ship it on the install media.
He added, "I know this has been a big wishlist item for a long time for a lot of people..."Read Replies (0)
By EditorDavid from Slashdot's 20-year-old-languages department
An anonymous reader quotes InfoWorld:
Sun Microsystems officially open-sourced Java on November 13, 2006... "The source code for Java was available to all from the first day it was released in 1995," says [Java creator James] Gosling, who is now chief architect at Liquid Robotics. "What we wanted out of that was for the community to help with security analysis, bug reporting, performance enhancement, understanding corner cases, and a whole lot more. It was very successful." Java's original license, Gosling says, allowed people to use the source code internally but not redistribute. "It wasn't 'open' enough for the 'open source' crowd," he says... While Gosling has taken Oracle to task for its handling of Java at times, he sees the  open-sourcing as beneficial. "It's one of the most heavily scrutinized and solid bodies of software you'll find. Community participation was vitally important..."
A former Oracle Java evangelist, however, sees the open source move as watered down. "Sun didn't open-source Java per se," says Reza Rahman, who has led a recent protest against Oracle's handling of enterprise Java. "What they did was to open-source the JDK under a modified GPL license. In particular, the Java SE and Java EE TCKs [Technology Compatibility Kits] remain closed source."
Rahman adds that "Without open-sourcing the JDK, I donâ(TM)t think Java would be where it is today."Read Replies (0)
By EditorDavid from Slashdot's looking-for-bad-hombres department
An anonymous reader reports that Donald Trump's upcoming presidency raises a few concerns for the security industry:
"Some of his statements that industry professionals find troubling are his calls for 'closing parts of the Internet', his support for mass surveillance, and demands that Apple should have helped the FBI break the encrypted communications of the San Bernardino shooter's iPhone," writes SC Magazine. One digital rights activist even used Trump's surprise victory as an opportunity to suggest President Obama begin "declassifying and dismantling as much of the federal government's unaccountable, secretive, mass surveillance state as he can -- before Trump is the one running it... he has made it very clear exactly how he would use such powers: to target Muslims, immigrant families, marginalized communities, political dissidents, and journalists."
Edward Snowden's lawyer says "I think many Americans are waking up to the fact we have created a presidency that is too powerful," and the Verge adds that Pinboard CEO Maciej Ceglowski is now urging tech sites to stop collecting so much data. "According to Ceglowski, the only sane response to a Trump presidency was to get rid of as much stored user data as possible. 'If you work at Google or Facebook,' he wrote on Pinboard's Twitter account, 'please start a meaningful internal conversation about giving people tools to scrub their behavioral data.'"
Could a Trump presidency ultimately lead to a massive public backlash against government surveillance?Read Replies (0)
By EditorDavid from Slashdot's at-the-movies department
The new movie "Arrival" depicts first contact with aliens, and its producers faced the question of how interstellar spacecraft would actually work. They turned to futurist Stephen Wolfram, who came up with an answer overnight, and also tasked his son with writing much of the computer code seen on displays in the movie. Slashdot reader mirandakatz brings us Wolfram's story:
Christopher was well aware that code shown in movies often doesn't make sense (a favorite, regardless of context, seems to be the source code for nmap.c in Linux). But he wanted to create code that would make sense, and would actually do the analyses that would be going on in the movie... For instance, there's a nice shot of rearranging alien "handwriting," in which one sees a Wolfram Language notebook with rather elegant Wolfram Language code in it. And, yes, those lines of code actually do the transformation that's in the notebook. It's real stuff, with real computations being done...
For the movie, I wanted to have a particular theory for interstellar travel. And who knows, maybe one day in the distant future it'll turn out to be correct. But as of now, we certainly don't know. In fact, for all we know, there's just some simple "hack" in existing physics that'll immediately make interstellar travel possible.
Wolfram's theory posited that space is just one of the attributes emerging from a low-level network of nodes, where long-range connections occasionally break out of three-dimensional space altogether. His 6,900-word essay (originally published on his blog) also suggests film-making has "some structural similarities" with software development -- and grapples with the question of how we'd actually communicate with aliens once they've arrived.Read Replies (0)
By EditorDavid from Slashdot's courting-disaster department
"America's children have officially won the right to sue their government over global warming," reports Motherboard. An anonymous reader quotes their article:
Thursday, a lawsuit filed by 21 youth plaintiffs was ruled valid by U.S. District Judge Ann Aiken in Eugene, Oregon. A group of citizens, whose ages range from nine to twenty, charged President Obama, the fossil fuel industry, and other federal agencies with violating their constitutional rights by declining to take action against climate change. "Federal courts too often have been cautious and overly deferential in the arena of environmental law, and the world has suffered for it," wrote Judge Aiken in her ruling. [PDF]
Several groups -- including the U.S. government and the American Petroleum Institute -- had asked the judge to throw out the case, but the judge ruled instead that climate change would "threaten plaintiffs' fundamental constitutional rights to life and liberty," calling man-made climate change an "undisputed" fact. In a related story, Slashdot reader devinp shares a new study which suggests "Global changes in temperature due to human-induced climate change have already impacted every aspect of life on Earth from genes to entire ecosystems, with increasingly unpredictable consequences for humans."Read Replies (0)
By EditorDavid from Slashdot's ethernet-adapting department
Does Ethernet need new features like "stream reservation" and time synchronization to make sure time-sensitive data isn't delayed on the network? coondoggie quotes Network World: The demand from Internet of Things, automotive networking and video applications are driving changes to Ethernet technology that will make it more time-sensitive. Key to those changes are a number of developing standards but also a push this week from the University of New Hampshire InterOperability Laboratory to set up three new industry specific Ethernet Time-Sensitive Networking consortiums -- Automotive Networking, Industrial Networking, and ProAV Networking aimed at developing deterministic performance within standard Ethernet for real-time, mission critical applications. "Standards-based precise time, guaranteed bandwidth, and guaranteed worst-case latency in a converged Ethernet network is a game-changer to many industries," said Bob Noseworthy, Chief Engineer, UNH-IOL.
The article also acknowledges the work of the Avnu Alliance, which is also trying to build an ecosystem of "low-latency, time-synchronized, highly reliable synchronized networked devices using open standards through certification."Read Replies (0)
By EditorDavid from Slashdot's desolation-of-debugging department
InfoWorld has identified "seven of the gnarliest corners of the programming world," which Slashdot reader snydeq describes as "worthy of large markers reading, 'Here be dragons.'" Some examples:
Multithreading. "It sounded like a good idea," according to the article, but it just leads to a myriad of thread-managing tools, and "When they don't work, it's pure chaos. The data doesn't make sense. The columns don't add up. Money disappears from accounts with a poof. It's all bits in memory. And good luck trying to pin down any of it..."NP-complete problems. "Everyone runs with fear from these problems because they're the perfect example of one of the biggest bogeymen in Silicon Valley: algorithms that won't scale."
The other dangerous corners include closures, security, encryption, and identity management, as well as that moment "when the machine runs out of RAM." What else needs to be on a definitive list of the most dangerous "gotchas" in professional programming?Read Replies (0)
By EditorDavid from Slashdot's trading-futures department
Slashdot reader whoever57 writes;
Navinder Sarao, the British trader who was accused of causing the "flash crash" in 2010 and was extradited to the U.S. this week has pleaded guilty to one count of wire fraud and one count of spoofing. No details of the plea deal have been released, but it's believed that he's agreed to forfeit $13 million. Several years of jail time are also expected for Mr. Sarao.
From the Telegraph:
Sarao, a 37-year-old working out of a modest suburban home in Hounslow in west London, allegedly made tens of millions of dollars with a computer program that could automatically manipulate prices... "Navinder Sarao abused sophisticated technology to make a quick profit, and jeopardised the integrity of US financial markets," said Assistant Attorney General Leslie Caldwell.
Sentencing guidelines suggest he'll spend at least six and a half years in prison, though he faced a maximum possible sentence of 30 years and still faces the possibility of $38 million in sanctions.Read Replies (0)