By msmash from Slashdot's the-story-of-their-lives department
A feature report on Bloomberg today illustrates the lives of several Uber drivers, who find shelter in car parking at nights when it's too pricey and tiring to go home. An excerpt from the story: In Chicago, Walter Laquian Howard sleeps most nights at the "Uber Terminal." "I left my job thinking this would work, and it's getting harder and harder," Howard said. "They have to understand that some of us have decided to make this a full-time career." Howard has been parking and sleeping at the 7-Eleven four to five nights a week since March 2015, when he began leasing a car from Uber and needed to work more hours to make his minimum payments. Now that it's gotten cold, he wakes up every three hours to turn on the heater. He's rarely alone. Most nights, two to three other ride-hailing drivers sleep in cars parked next to his. It's safe, he said, and the employees let the drivers use the restroom. Howard has gotten to know the convenience store's staff -- Daddy-O and Uncle Mike -- over the past two years while driving for this global ride-hailing gargantuan, valued at $69 billion. "These guys have become my extended family," said Howard, 53. "It's my second home. We have this joke that I'm the resident. I keep asking them: 'Hey, did my mail come in yet?'"Read Replies (0)
By msmash from Slashdot's security-woes department
The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts -- and more complicated patterns are the easiest to crack, security experts reveal. From a research paper: Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 percent of Android device owners. In order to access a device's functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked. New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software. By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy cafe; for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner's fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.Read Replies (0)
By msmash from Slashdot's mystery-solved department
From a report on CNET: During a press conference Sunday, Samsung said two separate battery defects caused both the original batch of Galaxy Note 7 phones and the replacement units to overheat. The first battery, it said, suffered from a design flaw. The battery's external casing was too small for the components inside, causing it to short-circuit and ignite. The second battery, which came from another supplier, didn't have the same flaw, Justin Denison, head of product strategy and marketing for Samsung's US arm, said in an interview ahead of the press conference. In the rush to pump out enough batteries for the replacement units, though, the supplier introduced a manufacturing defect that led to the same result, he said. The explanation puts to rest the mystery behind the exploding Note 7, but it kicks off a new challenge for the embattled company: winning back your trust after a disastrous several months that included two recalls and the decision to kill the critically acclaimed phone. The Sunday press conference marked the start of a Samsung campaign to rebuild company credibility, which will include the upcoming launch of the flagship Galaxy S8 phone, as well as another Note later in the year.Read Replies (0)
By EditorDavid from Slashdot's bad-news-for-Nigeria department
The head of the FTC says Western Union "facilitated scammers and rip-offs," while the company "looked the other way." An anonymous reader quotes Reuters:
The world's biggest money-transfer company agreed to pay $586 million and admitted to turning a blind eye as criminals used its service for money laundering and fraud, U.S. authorities said on Thursday. Western Union, which has over half a million locations in more than 200 countries, admitted "to aiding and abetting wire fraud" by allowing scammers to process transactions, even when the company realized its agents were helping scammers avoid detection, the U.S. Department of Justice and the Federal Trade Commission said in statements...
Fraudsters offering fake prizes and job opportunities swindled tens of thousands of U.S. consumers, giving Western Union agents a cut in return for processing the payments, authorities said. Between 2004 and 2012, the Colorado-based company knew of fraudulent transactions but failed to take steps that would have resulted in disciplining of 2,000 agents, authorities said... Between 2004 and 2015 Western Union collected 550,928 complaints about fraud, with 80 percent of them coming from the United States where it has some 50,000 locations, the government complaint said. The average consumer complaint was for $1,148, the government said.
Reuters seemed to suggest that nearly one out of every thousand transactions was fraudulent, reporting that Western Union "said consumer fraud accounts for less than one-tenth of 1 percent of consumer-to-consumer transactions."Read Replies (0)
By EditorDavid from Slashdot's if-it-ain't-OEM,-don't-fix-it department
Automakers are using the Digital Millennium Copyright Act to shut down tools used by car mechanics -- but three states are trying to stop them.
An anonymous reader quotes IFixIt.Org:
in 2014, Ford sued Autel for making a tool that diagnoses car trouble and tells you what part fixes it. Autel decrypted a list of Ford car parts, which wound up in their diagnostic tool. Ford claimed that the parts list was protected under copyright (even though data isn't creative work) -- and cracking the encryption violated the DMCA. The case is still making its way through the courts. But this much is clear: Ford didn't like Autel's competing tool, and they don't mind wielding the DMCA to shut the company down...
Thankfully, voters are stepping up to protect American jobs. Just last week, at the behest of constituents, three states -- Nebraska, Minnesota, and New York -- introduced Right to Repair legislation (more states will follow). These 'Fair Repair' laws would require manufacturers to provide service information and sell repair parts to owners and independent repair shops.
Activist groups like the EFF and Repair.org want to "ensure that repair people aren't marked as criminals under the DMCA," according to the site, arguing that we're heading towards a future with many more gadgets to fix. "But we'll have to fix copyright law first."Read Replies (0)
By EditorDavid from Slashdot's what-a-concept department
C++ creator Bjarne Stroustrup is arguing that we can improve code by grounding generic programming in concepts -- what's required by a template's arguments. An anonymous reader quotes Paul Krill's report on a new paper by Stroustrup:
In concepts, Stroustrup sees the solution to the interface specification problem that has long dogged C++, the language he founded more than 35 years ago. "The way we write generic code today is simply too different from the way we write other code," Stroustrup says... Currently an ISO technical specification, concepts provide well-specified interfaces to templates without runtime overhead. Concepts, Stroustrup writes, are intended to complete C++'s support for generic programming as initially envisioned. "The purpose of concepts is to fundamentally simplify and improve design. This leads to fewer bugs and clearer -- often shorter -- code"...
Concepts, Stroustrup believes, will greatly ease engineers' ability to write efficient, reliable C++ code... The most obvious effect will be a massive improvement in the quality of error messages, but the most important long-term effect will be found in the flexibility and clarity of code, Stroustrup says. "In particular, having well-specified interfaces allows for simple, general and zero-overhead overloading of templates. That simplifies much generic code"
Concepts are already available in GNU C Compiler 6.2, and Stroustrup wants them to be included in C++ 20. "In my opinion, concepts should have been part of C++ 17, but the committee couldn't reach consensus on that."Read Replies (0)
By EditorDavid from Slashdot's firmware-forking department
"With all of the drama at CyanogenMod, Android Authority takes a look at the current state of custom ROM development," writes Slashdot reader Thelasko. From the article:
The future of CyanogenMod appears uncertain, after the open source ROM was forced to fork under the name Lineage OS. Fortunately there are already other remixed versions of Android available, with some of the most popular being Paranoid Android, Resurrection Remix, and Dirty Unicorns... [But] with each new version of Android, the gap between Android and popular custom ROMs has shrunk, which begs an interesting question: Are custom ROMs even necessary anymore?
To answer this, let's take a quick look at the state of custom ROM development as it exists today.
The article points out that mobile virtual reality is "on the verge of becoming mainstream and the wearable market has grown tremendously," asking whether custom firmware will also integrate these newer technologies. But the original submission also asks a question that's closer to home. What custom ROMs do Slashdot users have installed?Read Replies (0)
By EditorDavid from Slashdot's in-ur-database-killin-ur-data department
An anonymous reader writes: Two weeks after cybercriminal groups started to hijack and hold for ransom MongoDB servers, similar attacks are now taking place against CouchDB, Hadoop, and ElasticSearch servers. According to the latest tallies, the number of hijacked MongoDB servers is 34,000 (out of 69,000 available on Shodan), 4,681 ElasticSearch clusters (out of 33,000), 126 Hadoop datastores (out of 5,400), and 452 CouchDB databases (out of 4,600). Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."Read Replies (0)
By EditorDavid from Slashdot's say-ahh department
Slashdot reader Krystalo shared this VentureBeat article:
Fresh off its brand redesign, Mozilla has released The Internet Health Report, an open-source initiative to document the state of the internet, combining research and reporting from multiple sources... Mozilla's goal is to start a constructive discussion about the health of the internet by exploring what is currently healthy and unhealthy, as well as what lies ahead...
One notable statistic is the number of people who can't get online in the first place. The report shows that 57.8% of the world's population cannot afford broadband internet, and 39.5% cannot afford an internet connection on their mobile device. Other findings include the fact that there were 51 intentional internet shutdowns across 18 countries in the first 10 months of 2016; almost one-third of the world's population has no data protection rights; and 52% of all websites are in English, even though only 25% of the global population understands the language.
They're now gathering feedback and choosing which metrics to revisit every year, but five key topics include "decentralization: who controls the internet" and "open innovation: how open is it?" as well as security, web literacy, and digital inclusion. But Mozilla says their ultimate goal is very simple: to identify what's helping -- and what's hurting -- the internet.Read Replies (0)
By EditorDavid from Slashdot's blaming-the-Cloud department
"Any student progress from 9:19 to 10:33 a.m. on Friday was not saved..." explained the embarrassed CTO of the educational non-profit Code.org, "and unfortunately cannot be recovered."
Slashdot reader theodp writes:
Code.org CTO Jeremy Stone gave the kids an impromptu lesson on the powers of two with his explanation of why The Cloud ate their homework. "The way we store student coding activity is in a table that until today had a 32-bit index... The database table could only store 4 billion rows of coding activity information [and] we didn't realize we were running up to the limit, and the table got full. We have now made a new student activity table that is storing progress by students. With the new table, we are switching to a 64-bit index which will hold up to 18 quintillion rows of information.
The issue also took the site offline, temporarily making the work of 16 million K-12 students who have used the nonprofit's Code Studio disappear. "On the plus side, this new table will be able to store student coding information for millions of years," explains the site's CTO. But besides Friday's missing saves, "On the down side, until we've moved everything over to the new table, some students' code from before today may temporarily not appear, so please be patient with us as we fix it."Read Replies (0)
By EditorDavid from Slashdot's army-strong department
Thursday the U.S. Army shared some surprising results from its first bug bounty program -- a three-week trial in which they invite 371 security researchers "trained in figuring out how to break into computer networks they're not supposed to."
An anonymous reader quotes Threatpost:
The Army said it received more than 400 bug reports, 118 of which were unique and actionable. Participants who found and reported unique bugs that were fixed were paid upwards of $100,000... The Army also shared high-level details on one issue that was uncovered through the bounty by a researcher who discovered that two vulnerabilities on the goarmy.com website could be chained together to access, without authentication, an internal Department of Defense website.
"They got there through an open proxy, meaning the routing wasn't shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system," said a post published on HackerOne, which managed the two bounty programs on its platform. "On its own, neither vulnerability is particularly interesting, but when you pair them together, it's actually very serious."Read Replies (0)