By EditorDavid from Slashdot's back-in-black-hats department
Representative Tom Graves, R-Ga., thinks that when anyone gets hacked -- individuals or companies -- they should be able to "fight back" and go "hunt for hackers outside of their own networks." The Active Cyber Defense Certainty ("ACDC") Act is getting closer to being put before lawmakers, and the congressman trying to make "hacking back" easy-breezy-legal believes it would've stopped the WannaCry ransomware. Despite its endlessly lulzy acronym, Graves says he "looks forward to formally introducing ACDC" to the House of Representatives in the next few weeks... The bipartisan ACDC bill would let companies who believe they are under ongoing attack break into the computer of whoever they think is attacking them, for the purposes of stopping the attack or gathering info for law enforcement.
Friday The Hill published a list of objections to the proposed law from the CEO of cybersecurity company Vectra Networks. "To start with, when shooting back, there's the fundamental question of who to shoot... We might be able to retaliate, weeks or months after being attacked, but we certainly could not shoot back in time to stop an attack in progress." And if new retaliatory tools are developed, "How can we be sure that these new weapons won't be stolen and misused? Who can guarantee that they won't be turned against us by our corporate competitors? Would we become victims of our own cyber-arms race?"
Slashdot reader hattable writes, "I would think a proposal like this would land dead in the water, but given some recent, and 'interesting' decisions coming from Congress and White House officials, I am not sure many can predict the momentum."Read Replies (0)
By EditorDavid from Slashdot's inventing-IP-addresses department
In a news magazine show premiering tonight, Megyn Kelly reports that Russian president Vladimir Putin "has denied Russian involvement in the hacking and interference with our U.S. presidential eletion for some time. That changed earlier this week, and the story appears to be evolving yet again." An anonymous reader shared two articles from NBC:
"Hackers can be anywhere. They can be in Russia, in Asia...even in America, Latin America," he said. "They can even be hackers, by the way, in the United States who very skillfully and professionally shifted the blame, as we say, onto Russia. Can you imagine something like that? In the midst of a political battle...?" The journalist asked the Russian president about what American intelligence agencies say is evidence that he became personally involved in a covert campaign to harm Hillary Clinton and benefit Donald Trump. "IP addresses can be invented -- a child can do that! Your underage daughter could do that. That is not proof," Putin replied...
Kelly told viewers that Putin -- the former director of Russia's domestic spy agency -- also suggested that the CIA could have been behind the hacking and noted that many people were convinced Russia was responsible for the assassination of President John F. Kennedy... Earlier, at a Friday forum moderated by Kelly, Putin likened the U.S. blaming his country for hacking the presidential election to "blaming the Jews"...
"Echoing remarks President Donald Trump made on the campaign trail, Putin also questioned the need for NATO."Read Replies (0)
By EditorDavid from Slashdot's microbes-on-Mars department
An anonymous reader quotes The Verge:
Once upon a time on Mars, there was a crater that had a massive lake that may have hosted life. Now researchers are saying that a whole variety of organisms could have flourished there. Sure, that life was probably just microbial, but this is another exciting step toward understanding just how habitable Mars may have been around 3.5 billion years ago. Petrified mud that was once at the bottom of the lake suggests that, at the time, the lake had different chemical environments that could have hosted different types of microbes. The rocks also show that the Red Planet's climate may have been more dynamic than we thought, going from cold and dry to warm and wet, before eventually drying out. We still don't know whether life once existed on Mars when the planet was warmer and had liquid water. But today's findings, published in Science, give a much more nuanced and detailed picture of what this area of Mars could have looked like through time... "The lake had all the right stuff for microbial life to live in," says study co-author Joel Hurowitz, a geochemist and planetary scientist at Stony Brook University.
NASA's Curiosity rover spent three and a half years collecting data from the crater, and that data now suggests that a habitable environment existed there for at least tens of thousands of years -- and possibly as long as "tens of millions of years."Read Replies (0)
By EditorDavid from Slashdot's pioneer-passing department
A NY Times obituary reports that early software engineer and co-designer of COBOL Jean Sammet died on May 20 in Maryland at age 89. "Sammet was a graduate student in math when she first encountered a computer in 1949 at the Univ. of Illinois at Urbana-Champaign," the Times reports. While Grace Hopper is often called the "mother of COBOL," Hopper "was not one of the six people, including Sammet, who designed the language -- a fact Sammet rarely failed to point out... 'I yield to no one in my admiration for Grace,' she said. 'But she was not the mother, creator or developer of COBOL.'"
By 1960 the Pentagon had announced it wouldn't buy computers unless they ran COBOL, inadvertently creating an industry standard. COBOL "really was very good at handling formatted data," Brian Kernighan, tells the Times, which reports that today "More than 200 billion lines of COBOL code are now in use and an estimated 2 billion lines are added or changed each year, according to IBM Research."
Sammet was entirely self-taught, and in an interview two months ago shared a story about how her supervisor in 1955 had asked if she wanted to become a computer programmer. "What's a programmer?" she asked. He replied, "I don't know, but I know we need one." Within five years she'd become the section head of MOBIDIC Programming at Sylvania Electric Products, and had helped design COBOL -- before moving on to IBM, where she worked for the next 27 years and created the FORTRAN-based computer algebra system FORMAC.Read Replies (0)
By EditorDavid from Slashdot's Kodi-capable department
BrianFagioli writes: Unfortunately, Kodi is not its own operating system, meaning it has to be run on top of an OS. Sure, you could use Windows 10, but that is overkill if you only want to run Kodi. Instead, a lightweight Linux distribution that only serves to run the media center is preferable. One of the most popular such distros is OpenELEC. It can run on traditional PC hardware, but also Raspberry Pi, and, my favorite — WeTek boxes. Today, version 8.0.4 achieves stable release. It is a fairly ho-hum update, focusing mostly on fixes and stability. The team shares the following changes in the release. - fix crash in WeTek DVB driver on WeTek Play (1st gen).- enable Kernel NEON mode for RPi2 builds.- enable some more SOC sound drivers for RPi/RPi2 builds.- enable Regulator support on all builds.- enable Extcon support on all builds.- fix loading for some I2C sound modules on RPI/RPi2 builds.- fix loading splash screen on systems with Nvidia GPUs.- fix speed problems on Nvidia ION systems.- fix problems loading dvbhdhomerun addons.- fix using user created sleep scripts.- build PNG support with SSE support for x86_64 builds.- update to linux-4.9.30, mesa-17.0.7, alsa-lib-184.108.40.206, alsa-utils-1.1.4, kodi-17,3, mariadb-10.1.23, samba-4.6.4.Read Replies (0)
By EditorDavid from Slashdot's leagues-of-legends department
Professional sports leagues "officially have a millennial problem," writes VentureBeat, citing some interesting findings from L.E.K. Consulting.
40% of millennials prefer watching esports to traditional sports26% of millennial eSports enthusiasts reported a significant uptick in eSports viewing over the past year61% of esports followers said they spent less time watching TV over the past 12 months, and 45% said they had cut back on traditional sports viewingTogether millennials -- ages 17-34 -- and Generation Z peers -- age 16 and under -- comprise 45% of America's consumer base
"At a certain point, this comes down to a new form of media better serving an upcoming generation of consumers," concludes VentureBeat. "Esports leagues are all online. Most matches stream for free on sites like Twitch. They are available on the web or through smartphone apps. Competitive gaming is easily accessible, and it lives where Millennials are already spending their time."
Maybe that's why Major League Baseball's video streaming company recently paid $300 million for the right to stream League of Legends through 2023.Read Replies (0)
By EditorDavid from Slashdot's had-oops department
An anonymous reader quotes the security news editor at Bleeping Computer:
Improperly configured HDFS-based servers, mostly Hadoop installs, are exposing over five petabytes of information, according to John Matherly, founder of Shodan, a search engine for discovering Internet-connected devices. The expert says he discovered 4,487 instances of HDFS-based servers available via public IP addresses and without authentication, which in total exposed over 5,120 TB of data. According to Matherly, 47,820 MongoDB servers exposed only 25 TB of data. To put things in perspective, HDFS servers leak 200 times more data compared to MongoDB servers, which are ten times more prevalent... The countries that exposed the most HDFS instances are by far the US and China, but this should be of no surprise as these two countries host over 50% of all data centers in the world.Read Replies (0)
By EditorDavid from Slashdot's you-need-clearance,-Clarence department
"The U.S. is reportedly seriously considering a greatly expanded ban on laptops in airplane cabins," writes Slashdot reader mirandakatz -- sharing some advice from Dan Gillmor. If the government still allows laptops to be checked in with luggage, "the priority will be to discourage tampering and mitigate the risks associated with theft," he writes, envisioning that "If I have to check mine, I'll pack it in bubble wrap and tape, and do some other things to make it evident if someone has tampered with the machine." But of course there's other precautions:
[W]e can travel with bare-bones operating system setups, with as little personal or business data as possible (preferably none at all) on the laptop's internal disk drive. When we arrive and get back online, we can work mostly in browsers and retrieve what we need from cloud storage for the specific applications that have to run "locally" on the PC... You might also get a Chromebook for international travel. Chromebooks run Google's Chrome operating system and keep pretty much all data in Google's cloud. So you could carry a bare Chromebook through a border, go online, and retrieve the information you need. You have to completely trust Google with this method...
[The article also suggests encrypting the hard disk -- along with your phone -- or carrying an external drive.] I use the Ubuntu operating system, and this simplifies creating a special travel setup. In preparation for international hassles, I've put a copy of my OS and essential data files on an encrypted USB thumb drive, which holds 256 gigabytes of data... If I've forgotten to load some specific files, and I have them backed up in the cloud, I can always go there.
Because of all the additional security procedures, he utlimately predicts higher ticket prices, fewer business travellers, and, according to Bruce Schneier, "a new category of 'trusted travelers' who are allowed to carry their electronics onto planes."Read Replies (0)
By EditorDavid from Slashdot's reply-hazy-try-again department
Some judges in America have recently started using a closed-source algorithm that predicts how likely convicts are to commit another crime. Mosquito Bites shared an article by law professor Frank Pasquale raising concerns about the algorithms:
They may seem scientific, an injection of computational rationality into a criminal justice system riddled with discrimination and inefficiency. However, they are troubling for several reasons: many are secretly computed; they deny due process and intelligible explanations to defendants; and they promote a crabbed and inhumane vision of the role of punishment in society...
When an algorithmic scoring process is kept secret, it is impossible to challenge key aspects of it. How is the algorithm weighting different data points, and why? Each of these inquiries is crucial to two core legal principles: due process, and the ability to meaningfully appeal an adverse decision... A secret risk assessment algorithm that offers a damning score is analogous to evidence offered by an anonymous expert, whom one cannot cross-examine... Humans are in charge of governments, and can demand explanations for decisions in natural language, not computer code. Failing to do so in the criminal context risks ceding inherently governmental and legal functions to an unaccountable computational elite.
This issue will grow more and more important, the law professor argues, since there's now proprietary analytics software that also predicts "the chances that any given person will be mentally ill, a bad employee, a failing student, a criminal, or a terrorist."Read Replies (0)
By EditorDavid from Slashdot's why-1984-happened department
Eric S. Raymond recently documented one of the first public calls for free software, which happened immediately after AT&T's fateful decision commercialize Unix:
[I]n October 1984 I was in a crowd of people watching a presentation by a woman from Bell Labs describing the then-new getopt(3) library, written by AT&T as a way to regularize the processing of command-line arguments in C programs... Everybody thought this was a fine idea, and several people asked questions probing whether AT&T was going to let anyone else use the getopt code they had written. These questions related to the general anxiety about Unix source code distributions drying up. Frustration mounted as the woman gave evasive answers which seemed to add up to "No, we refuse to commit to allowing general access to this code." Which seemed to confirm everyone's worst fears about what was going to happen to Unix source code access in general. At which point Henry Spencer stands up and says (not in these exact words) "I will write and share a conforming implementation." -- and got a cheer from the assembled.
If you're thinking "That's not a big deal, we do this sort of thing all the time," my actual point is that in October 1984 this was indeed a big deal. It took an actual imaginative leap for Henry Spencer to, in effect, say "Screw AT&T and its legalisms and evasions, if they're going to cut off source access we hackers are gonna do it for ourselves"... [H]e got an actual cheer exactly because he was pushing forward, exposing the possibility of doing not just small projects and demos and quirky little tools but at competing with the likes of AT&T itself at software production.
< article continued at Slashdot's why-1984-happened department
>Read Replies (0)
By EditorDavid from Slashdot's tracking-the-code department
Slashdot reader dryriver writes:
There appear to be two main ways to write code today. One is with text-based languages ranging from BASIC to Python to C++. The other is to use a flow-based or dataflow programming-based visual programming language where you connect boxes or nodes with lines. What I have never (personally) come across is a way to program by drawing classical vertical (top to bottom) flow charts. Is there a programming environment that lets you do this...?
There are software tools that can turn, say, C code into a visual flow chart representation of said C code. Is there any way to do the opposite -- draw a flowchart, and have that flowchart turn into working C code?
Leave your best answers in the comments.Read Replies (0)
By EditorDavid from Slashdot's freeing-the-software department
Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3,872. Bruce Perens writes:
There's been a lot of confusion about the recent Artifex v. Hancomcase, in which the court found that the GPL was an enforceable contract. I'm going to try to explain the whole thing in clear terms for the legal layman.
Two key quotes: "What has changed now is that for the purposes of the court, the GPL is both a license, which can be enforced through a claim of copyright infringement, and a contract, which can be enforced through a claim of breach of contract. You can allege both in your court claim in a single case, and fall back on one if you can't prove the other. Thus, the potential to enforce the GPL in court is somewhat stronger than before this finding, and you have a case to cite rather than spending time in court arguing whether the GPL is a contract or not...""Another interesting point in the case is that the court found Artifex's claim of damages to be admissible because of their use of dual-licensing. An economic structure for remuneration of the developer by users who did not wish to comply with the GPL terms, and thus acquired a commercial license, was clearly present."Read Replies (0)
By EditorDavid from Slashdot's time-standard-time department
AmiMoJo quotes the Register: The Internet Engineering Task Force has taken another small step in protecting everybody's privacy... As the draft proposal explains, the RFCs that define NTP have what amounts to a convenience feature: packets going from client to server have the same set of fields as packets sent from servers to clients... "Populating these fields with accurate information is harmful to privacy of clients because it allows a passive observer to fingerprint clients and track them as they move across networks". The header fields in question are Stratum, Root Delay, Root Dispersion, Reference ID, Reference Timestamp, Origin Timestamp, and Receive Timestamp. The Origin Timestamp and Receive Timestamp offer a handy example or a "particularly severe information leak". Under NTP's spec (RFC 5905), clients copy the server's most recent timestamp into their next request to a server – and that's a boon to a snoop-level watcher.
The proposal "proposes backward-compatible updates to the Network Time
Protocol to strip unnecessary identifying information from client
requests and to improve resilience against blind spoofing of
unauthenticated server responses." Specifically, client developers should set those fields to zero.Read Replies (0)