By EditorDavid from Slashdot's on-second-thought department
An anonymous reader quotes BleepingComputer:
Red Hat is releasing updates for reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot. "Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday. "The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd," Red Had added.
Instead, Red Hat is recommending that each customer contact their OEM hardware provider and inquire about mitigations for CVE-2017-5715 on a per-system basis. Besides Red Hat Enterprise Linux, other RHEL-based distros like CentOS and Scientific Linux are also expected to be affected by Red Hat's decision to revert previous Spectre Variant 2 updates, so these users will also have to contact CPU/OEM vendors.
At least one site "characterized the move as Red Hat washing its hands of the responsibility to provide customers with firmware patches," writes Data Center Knowledge, arguing instead that Red Hat "isn't actually involved in writing the firmware updates. It passes the microcode created by chipmakers to its users 'as a customer convenience.'"
"What I would have said if they'd asked us ahead of time is that microcode is something that CPU vendors develop," Jon Masters, chief ARM architect at Red Hat, told Data Center Knowledge in a phone interview Thursday. "It's actually an encrypted, signed binary image, so we don't have the capability, even if we wanted to produce microcode. It's a binary blob that we cannot generate. The only people who can actually generate that are the CPU vendors."Read Replies (0)
By EditorDavid from Slashdot's num-num-num department
An anonymous reader writes about "a little-known problem plaguing many newer vehicles from the likes of Honda, Toyota, and Kia."
The car makers used soy-insulated wiring to cut costs and "Go Green", but owners in rural areas are finding the local wildlife finds the wiring irresistible; thousands of dollars in damage has been done by rats and other critters eating wiring harnesses. Hackaday is asking their community to brainstorm solutions to this unique problem, as owners of affected vehicles have had to resort to sprinkling their driveway with coyote urine and putting rat traps on the wheels.
Hackaday reports that "It isn't just one or two cases either, it's enough of a problem that some car manufacturers are getting hit with class-action lawsuits." Back in 2010 Slashdot reported that rabbits had already discovered the joys of eating soy-insulated wires, and were turning the parking lot at the Denver International Airport into their own personal buffet.
There's even a web site called HowToPreventRatsFromEatingCarWires.com, which reports that Honda has already manufactured a special wire-wrapping tape that's infused with the active ingredient from chili peppers.Read Replies (0)
By BeauHD from Slashdot's surprise-surprise department
An anonymous reader quotes a report from The Verge: Twitter this evening released a new set of statistics related to its investigation on Russia propaganda efforts to influence the 2016 U.S. presidential election, including that 677,775 people were exposed to social media posts from more than 50,000 automated accounts with links to the Russian government. Many of the new accounts uncovered have been traced back to an organization called the the Internet Research Agency, or IRA, with known ties to the Kremlin. The data was first presented in an incomplete form to the Senate Select Intelligence Committee last November, which held hearings to question Facebook, Google, and Twitter on the role the respective platforms and products played in the Russian effort to help elect President Donald Trump. Twitter says it's now uncovered more accounts and new information on the wide-reaching Russian cyberintelligence campaign.
"Consistent with our commitment to transparency, we are emailing notifications to 677,775 people in the United States who followed one of these accounts or retweeted or liked a Tweet from these accounts during the election period," writes Twitter's public policy division in a blog post published today. "Because we have already suspended these accounts, the relevant content on Twitter is no longer publicly available."Read Replies (0)
By BeauHD from Slashdot's cause-and-effect department
Ars Technica reports of how the government shutdown affects federal agencies like NASA, as well as commercial companies like SpaceX: So far, NASA has been keeping quiet about this particular shutdown and has been directing all questions to the White House Office of Management and Budget, which did not respond to a request for comment. But NASA's acting administrator, Robert Lightfoot, told employees in an email obtained by The Verge to be on alert for directions over the next couple of days. "If there is a lapse in funding for the federal government Friday night, report to work the same way you normally would until further notice, and you will receive guidance on how best to closeout your activities on Monday," he wrote in the email. The most recent guidance from NASA, released in 2017, indicates that all nonessential employees should stay home during a shutdown, while a small contingent of staff continue to work on "excepted" projects. The heads of each NASA center decide which employees need to stay, but they're typically the people who operate important or hazardous programs, including employees working on upcoming launches or those who operate satellites and the International Space Station. NASA's next big mission is the launch of its exoplanet-hunting satellite, TESS, which is going up on a SpaceX Falcon 9 rocket from Florida in March. So it shouldn't be affected by a shutdown (unless it takes a while to find a resolution). However, it's possible that preparations on another big spacecraft, the James Webb Space Telescope, may come to a halt, according to Nature. The space telescope is currently at NASA's Johnson Space Center for testing, but NASA's guidelines say that only spacecraft preparations that are "necessary to prevent harm to life or property" should continue during a shutdown. More immediately, an Atlas V rocket from the United Launch Alliance is launching a missile-detecting satellite tonight out of the Cape Canaveral Air Force Station in Florida, while SpaceX is slated to launch a communications satellite on January 30th. The timing of both launches may mean they avoid the shutdown. But if they did occur during the shutdown, it's unclear if they would suffer delays.Read Replies (0)
How To Tame the Tech Titans
Posted by News Fetcher on January 19 '18 at 08:50 PM
By BeauHD from Slashdot's information-is-key department
dryriver shares an opinion piece from The Economist: Not long ago, being the boss of a big Western tech firm was a dream job. As the billions rolled in, so did the plaudits: Google, Facebook, Amazon and others were making the world a better place. Today these companies are accused of being BAADD -- big, anti-competitive, addictive and destructive to democracy. Regulators fine them, politicians grill them and one-time backers warn of their power to cause harm. Much of this techlash is misguided. The presumption that big businesses must necessarily be wicked is plain wrong. Apple is to be admired as the world's most valuable listed company for the simple reason that it makes things people want to buy, even while facing fierce competition. Many online services would be worse if their providers were smaller. Evidence for the link between smartphones and unhappiness is weak. Fake news is not only an online phenomenon. But big tech platforms, particularly Facebook, Google and Amazon, do indeed raise a worry about fair competition. That is partly because they often benefit from legal exemptions. Unlike publishers, Facebook and Google are rarely held responsible for what users do on them; and for years most American buyers on Amazon did not pay sales tax. Nor do the titans simply compete in a market. Increasingly, they are the market itself, providing the infrastructure (or "platforms") for much of the digital economy. Many of their services appear to be free, but users "pay" for them by giving away their data. Powerful though they already are, their huge stockmarket valuations suggest that investors are counting on them to double or even triple in size in the next decade. There is thus a justified fear that the tech titans will use their power to protect and extend their dominance, to the detriment of consumers (see article). The tricky task for policymakers is to restrain them without unduly stifling innovation.Read Replies (0)
By BeauHD from Slashdot's can't-see-the-forest-through-the-trees department
An anonymous reader quotes a report from DSLReports: While the FCC is fortunately backing away from a plan that would have weakened the standard definition of broadband, the agency under Ajit Pai still can't seem to acknowledge the lack of competition in the broadband sector. Or the impact this limited competition has in encouraging higher prices, net neutrality violations, privacy violations, or what's widely agreed to be some of the worst customer service of any industry in America. The Trump FCC had been widely criticized for a plan to weaken the standard definition of broadband from 25 Mbps down, 3 Mbps up, to include any wireless connection capable of 10 Mbps down, 1 Mbps up. Consumer advocates argued the move was a ham-fisted attempt to try and tilt the data to downplay the industry's obvious competitive and coverage shortcomings. They also argued that the plan made no coherent sense, given that wireless broadband is frequently capped, often not available (with carrier maps the FCC relies on falsely over-stating coverage), and significantly more expensive than traditional fixed-line service.
In a statement (pdf), FCC boss Ajit Pai stated the agency would fortunately be backing away from the measure, while acknowledging that frequently capped and expensive wireless isn't a comparable replacement for fixed-line broadband. "The draft report maintains the same benchmark speed for fixed broadband service previously adopted by the Commission: 25 Mbps download/3 Mbps upload," stated Pai. "The draft report also concludes that mobile broadband service is not a full substitute for fixed service. Instead, it notes there are differences between the two technologies, including clear variations in consumer preferences and demands." That's the good news. The bad news: the FCC under Pai's leadership continues to downplay and ignore the lack of competition in the sector, and the high prices and various bad behaviors most people are painfully familiar with.Read Replies (0)
By BeauHD from Slashdot's back-to-the-basics department
sqorbit writes: Nintendo has announced a new experience for its popular Switch game console, called Nintendo Labo. Nintendo Labo lets you interact with the Switch and its Joy-Con controllers by building things with cardboard. Launching on April 20th, Labo will allow you to build things such as a piano and a fishing pole out of cardboard pieces that, once attached to the Switch, provide the user new ways to interact with the device. Nintendo of America's President, Reggie Fils-Aime, states that "Labo is unlike anything we've done before." Nintendo has a history of non-traditional ideas in gaming, sometimes working and sometimes not. Cardboard cuts may attract non-traditional gamers back to the Nintendo platform. While Microsoft and Sony appear to be focused on 4K, graphics and computing power, Nintendo appears focused on producing "fun" gaming experiences, regardless of how cheesy or technologically outdated they me be. Would you buy a Nintendo Labo kit for $69.99 or $79.99? "The 'Variety Kit' features five different games and Toy-Con -- including the RC car, fishing, and piano -- for $69.99," The Verge notes. "The 'Robot Kit,' meanwhile, will be sold separately for $79.99."Read Replies (0)
By BeauHD from Slashdot's right-vs-wrong department
An anonymous reader quotes a report from The Verge: Google CEO Sundar Pichai responded today to the firing of employee James Damore over his controversial memo on workplace diversity, stating that while he does not regret the decision, he regrets that people misunderstood it as a politically motivated event. Speaking in a live conversation with journalist and Recode co-founder Kara Swisher, MSNBC host Ari Melber, and YouTube CEO Susan Wojcicki in San Francisco, Pichai said that the decision to fire Damore was about ensuring women at Google felt like the company was committed to creating a welcoming environment.
"I regret that people misunderstand that we may have made this for a political belief one way or another," Pichai said. "It's important for the women at Google, and all the people at Google, that we want to make a inclusive environment." When pressed by Swisher on the issue of regret, Pichai stated more definitively, "I don't regret it." Wojcicki, who has spoken publicly about how Damore's memo affected her personally, followed up with, "I think it was the right decision."Read Replies (0)
By BeauHD from Slashdot's short-term-vs-long-term-implications department
Computer security professional Bruce Schneier highlights the key findings of a study that suggests security breaches don't affect stock price. The study has been published in the Journal of Information Privacy and Security. From the report: -While the difference in stock price between the sampled breached companies and their peers was negative (1.13%) in the first 3 days following announcement of a breach, by the 14th day the return difference had rebounded to + 0.05%, and on average remained positive through the period assessed.
-For the differences in the breached companies' betas and the beta of their peer sets, the differences in the means of 8 months pre-breach versus post-breach was not meaningful at 90, 180, and 360 day post-breach periods.
-For the differences in the breached companies' beta correlations against the peer indices pre- and post-breach, the difference in the means of the rolling 60 day correlation 8 months pre- breach versus post-breach was not meaningful at 90, 180, and 360 day post-breach periods.
-In regression analysis, use of the number of accessed records, date, data sensitivity, and malicious versus accidental leak as variables failed to yield an R2 greater than 16.15% for response variables of 3, 14, 60, and 90 day return differential, excess beta differential, and rolling beta correlation differential, indicating that the financial impact on breached companies was highly idiosyncratic.
-Based on returns, the most impacted industries at the 3 day post-breach date were U.S. Financial Services, Transportation, and Global Telecom. At the 90 day post-breach date, the three most impacted industries were U.S. Financial Services, U.S. Healthcare, and Global Telecom.Read Replies (0)
By msmash from Slashdot's closer-look department
An anonymous reader shares a report: A survey of 1,700 bug bounty hunters registered on the HackerOne platform reveals that top white-hat hackers make on average 2.7 times more money than the average salary of a software engineer in the same country. The reported numbers are different for each country and may depend on a bug bunter's ability to find bugs, but the survey's results highlight the rising popularity of bug hunting as a sustainable profession, especially in less developed countries, where it can help talented programmers live a financially care-free life. According to HackerOne's report, it pays to be a vulnerability researcher in India, where top bug hunters can make 16 times more compared to the average salary of a software engineer. Other countries where bug hunting can assure someone a comfortable living are Argentina (x15.6), Egypt (x8.1), Hong Kong (x7.6), the Philippines (x5.4), and Latvia (x5.2).Read Replies (0)
By msmash from Slashdot's inside-Apple-CEO's-head department
Tim Cook, speaking at Harlow college in Essex, shared his views on the limits on technology and social media he feels should be imposed on kids. He said: "I don't believe in overuse [of technology]. I'm not a person that says we've achieved success if you're using it all the time," he said. "I don't subscribe to that at all." Even in computer-aided courses, such as graphic design, technology should not dominate, he said. "There are are still concepts that you want to talk about and understand. In a course on literature, do I think you should use technology a lot? Probably not." The 57-year old chief executive, who took the reins at Apple after the death of Steve Jobs in 2011, said the company cared deeply about children outside the classroom. "I don't have a kid, but I have a nephew that I put some boundaries on. There are some things that I won't allow; I don't want them on a social network."Read Replies (0)
By msmash from Slashdot's moving-forward department
A simple-to-take test that tells if you have a tumor lurking, and even where it is in your body, is a lot closer to reality -- and may cost only $500. From a report: The new test, developed at Johns Hopkins University, looks for signs of eight common types of cancer. It requires only a blood sample and may prove inexpensive enough for doctors to give during a routine physical. "The idea is this test would make its way into the public and we could set up screening centers," says Nickolas Papadopoulos, one of the Johns Hopkins researchers behind the test. "That's why it has to be cheap and noninvasive." Although the test isn't commercially available yet, it will be used to screen 50,000 retirement-age women with no history of cancer as part of a $50 million, five-year study with the Geisinger Health System in Pennsylvania, a spokesperson with the insurer said. The test, detailed today in the journal Science, could be a major advance for "liquid biopsy" technology, which aims to detect cancer in the blood before a person feels sick or notices a lump. That's useful because early-stage cancer that hasn't spread can often be cured.Read Replies (0)
By msmash from Slashdot's shape-of-things department
BMW announced this week that the company plans to shift Apple CarPlay infotainment support from a one-time fee to a subscription service. Tim Stevens, writing about the implications of the move for CNET: While GM and other manufacturers happily include Apple's CarPlay service for free even on their most attainable models, BMW and plenty of others have levied upgrade fees to enable CarPlay, or bundled the service inside pricey packages of widgets you may or may not want. That, sadly, is par for this margin-rich golf course, but when we learned this week that BMW would change from a single, up-front fee to an annual fee, in my mind that changed everything. Instead of a one-time, $300 fee, starting on 2019 models BMW will charge $80 annually for the privilege of accessing Apple's otherwise totally free CarPlay service. You do get the first year free, much like your friendly neighborhood dealer of another sort, but after that it's pay up or have your Lightning cable metaphorically snipped. On the surface this is pretty offensive, and it seemed like something must be driving this. The official word from BMW is that this is a change that will save many (perhaps most) BMW owners money. Indeed, the vehicle segments where BMW plays are notorious for short-term leases, and those owning the car for only a few years will save money over that one-time $300. But still, the notion of paying annually for something that's free rubbed me the wrong way. And, based on the feedback we saw from the article, it rubbed a lot of you the wrong way, too.Read Replies (0)