By EditorDavid from Slashdot's those-who-don't-know-teach department
Slashdot reader Orome1 quotes Help Net Security:
A group of Virginia Tech researchers has analyzed hundreds of posts on Stack Overflow, a popular developer forum/Q&A site, and found that many of the developers who offer answers do not appear to understand the security implications of coding options, showing a lack of cybersecurity training. Another thing they discovered is that, sometimes, the most upvoted posts/answers contain insecure suggestions that introduce security vulnerabilities in software, while correct fixes are less popular and visible simply because they have been offered by users with a lower reputation score...
The researchers concentrated on posts relevant to Java security, from both software engineering and security perspectives, and on posts addressing questions tied to Spring Security, a third-party Java framework that provides authentication, authorization and other security features for enterprise applications... Developers are frustrated when they have to spend too much time figuring out the correct usage of APIs, and often end up choosing completely insecure-but-easy fixes such as using obsolete cryptographic hash functions, disabling cross-site request forgery protection, trusting all certificates in HTTPS verification, or using obsolete communication protocols. "These poor coding practices, if used in production code, will seriously compromise the security of software products," the researchers pointed out.
The researchers blame "the rapidly increasing need for enterprise security applications, the lack of security training in the software development workforce, and poorly designed security libraries." Among their suggested solutions: new developer tools which can recognize security errors and suggest patches.Read Replies (0)
By BeauHD from Slashdot's long-running-speculation department
According to software company Futuremark, Apple doesn't intentionally slow down older iPhones when it releases new software updates as a way to encourage its customers to buy new devices. MacRumors reports: Starting in 2016, Futuremark collected over 100,000 benchmark results for seven different iPhone models across three versions of iOS, using that data to create performance comparison charts to determine whether there have been performance drops in iOS 9, iOS 10, and iOS 11. The first device tested was the iPhone 5s, as it's the oldest device capable of running iOS 11. iPhone 5s, released in 2013, was the first iPhone to get a 64-bit A7 chip, and iOS 11 is limited to 64-bit devices. Futuremark used the 3DMark Sling Shot Extreme Graphics test and calculated all benchmark scores from the iPhone 5s across a given month to make its comparison. The higher the bar, the better the performance, and based on the testing, GPU performance on the iPhone 5s has remained constant from iOS 9 to iOS 11 with just minor variations that Futuremark says "fall well within normal levels." iPhone 5s CPU performance over time was measured using the 3DMark Sling Shot Extreme Physics test, and again, results were largely consistent. CPU performance across those three devices has dropped slightly, something Futuremark attributes to "minor iOS updates or other factors."Read Replies (0)
By BeauHD from Slashdot's golden-brown department
turkeydance shares a report from The Telegraph: If you struggle to get a tan, consider yourself a night owl or are plagued with arthritis, then your Neanderthal ancestors could be to blame, a new genetic study has shown. Although Neanderthals are often portrayed in drawings as swarthy, in fact they arrived in Northern Europe thousands of years before modern humans, giving time for their skin to become paler as their bodies struggled to soak up enough sun. When they interbred with modern humans those pale genes were passed on. Likewise, genetic mutations which predispose people to arthritis also came from our Neanderthal ancestors, as did the propensity to be a night owl rather than a lark, as northern latitudes altered their body clocks. A raft of new papers published in the journals Science and the American Journal of Human Genetics has shed light on just how many traits we owe to our Neanderthal ancestors.
Scientists also now think that differences in hair color, mood and whether someone will smoke or have an eating disorder could all be related to inter-breeding, after comparing ancient DNA to 112,000 British people who took part in the UK Biobank study. The Biobank includes genetic data along with information on many traits related to physical appearance, diet, sun exposure, behavior, and disease and helps scientists pick apart which traits came from Neanderthals. Dr Janet Kelso, of the Max Planck Institute for Evolutionary Anthropology, in Germany, said: "We can now show that it is skin tone, and the ease with which one tans, as well as hair color that are affected."Read Replies (0)
By BeauHD from Slashdot's it's-a-bird-it's-a-plane-it's-a-butterfly department
dryriver shares a report from BBC: A colorful, shimmering spectacle detected by weather radar over the U.S. state of Colorado has been identified as swarms of migrating butterflies. Scientists at the National Weather Service (NWS) first mistook the orange radar blob for birds and had asked the public to help identifying the species. They later established that the 70-mile wide (110km) mass was a kaleidoscope of Painted Lady butterflies. Forecasters say it is uncommon for flying insects to be detected by radar. "We hadn't seen a signature like that in a while," said NWS meteorologist Paul Schlatter, who first spotted the radar blip. "We detect migrating birds all the time, but they were flying north to south," he told CBS News, explaining that this direction of travel would be unusual for migratory birds for the time of year. So he put the question to Twitter, asking for help determining the bird species. Almost every response he received was the same: "Butterflies." Namely the three-inch long Painted Lady butterfly, which has descended in clouds on the Denver area in recent weeks. The species, commonly mistaken for monarch butterflies, are found across the continental United States, and travel to northern Mexico and the U.S. southwest during colder months. They are known to follow wind patterns, and can glide hundreds of miles each day.Read Replies (0)
By BeauHD from Slashdot's security-breach department
Disqus, a company that builds and provides a web-based comment plugin for news websites, said Friday that hackers stole more than 17.5 million email addresses in a data breach in July 2012. "About a third of those accounts contained passwords, salted and hashed using the weak SHA-1 algorithm, which has largely been deprecated in recent years in favor of stronger password scramblers," reports ZDNet. From the report: Some of the exposed user information dates back to 2007. Many of the accounts don't have passwords because they signed up to the commenting tool using a third-party service, like Facebook or Google. The theft was only discovered this week after the database was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned, who then informed Disqus of the breach. The company said in a blog post, posted less than a day after Hunt's private disclosure, that although there was no evidence of unauthorized logins, affected users will be emailed about the breach. Users whose passwords were exposed will have their passwords force-reset. The company warned users who have used their Disqus password on other sites to change the password on those accounts.Read Replies (0)
By BeauHD from Slashdot's final-stretch department
Last month, it was reported that T-Mobile is close to agreeing tentative terms on a deal to merge with Sprint. Now, it appears that negotiations between the two companies are almost complete. Android Police reports: The report claims that Sprint and T-Mobile are putting the finishing touches on the merger, which will likely be announced at the quarterly earnings report at the end of this month. Some of the current discussion topics include Sprint's valuation (estimated to be around $29 billion), the location of the combined company's headquarters, and appointments to the executive management team. The merge is not expected to include a breakup/termination fee, meaning if one company backed out of the deal, there would be no financial penalty. This would align both companies to lobby government regulators for approval without any conflicts of interest. After AT&T called off its buyout of T-Mobile in 2011 due to government opposition, the company paid a $4 billion breakup fee to T-Mobile, which helped strengthen T-Mobile as a competitor. The report notes that while T-Mobile and Sprint's quarterly earnings reports have not been set, T-Mobile's was on October 24 last year, and Sprint's was the next day.Read Replies (0)
By msmash from Slashdot's interesting-perspective department
The building blocks of the web have become its intellectual Achilles' heel, Quartz reports. Links have turned against us, and they're making it impossible to read and learn. From a report: I know, you got here via a link. Links are crucial for navigation and seem instinctively useful to journalism. But when they're embedded within an article that should be a calm, focused learning experience, they are a gateway to distraction and information addiction. A 2005 study suggested that "increased demands of decision-making and visual processing" in text with links reduced reading comprehension -- a challenge we face every day as we try to parse the web's infinite information. Last week, one of my favorite publications ran a thoughtful, well-written article that I could barely read. It contained 57 links in less than 2,000 words. Today, the top five articles on the New York Times and the Wall Street Journal averaged a link every 197 words -- that's one link for every minute of reading. Since the advent of the written word, there's only been one reason to change the color, style or weight of text: emphasis. Your eye is trained to pause and assign added importance to any word that carries a different style than the words before it. A great article deserves focus, and it's almost impossible to achieve any level of focus when random words are emphasized for no reason other than their association with a previous article or the fact that they refer to an outside resource. Read the full story on Quartz.Read Replies (0)
Regulate Facebook Like AIM
Posted by News Fetcher on October 06 '17 at 02:31 PM
By BeauHD from Slashdot's level-playing-field department
New submitter gooddogsgotoheaven shares a report from Motherboard arguing why the U.S. government should regulate Facebook like AIM: Sixteen years ago, the FCC approved a merger between American Online and Time Warner, but with several conditions. As part of the deal, AOL was required to make its web portal compatible with other chat apps. The government stopped AOL from building a closed system where everyone had to use AIM, meaning it had to adopt interoperability -- the ability to be compatible with other computer systems. The FCC required AOL to be compatible with at least one instant messaging rival immediately after the merger went through. Within six months, the FCC required AOL to make its portal compatible with at least two other rivals, or face penalties. The FCC's decision changed how we communicate with each other on the internet. By forcing AIM to make room for competition, a range of messaging apps and services, as well as social networks emerged. Instead of being limited to AIM, people who used AOL's portal could choose other platforms.
If Facebook were forced to make room for other services on its platform in the same way AOL made room for other chat apps, new services could emerge. "Facebook has to allow people to access their relationships however they want through other businesses or tools that are not controlled by Facebook," Matt Stoller, a fellow at the Open Markets Institute, said. "Having them control and mediate the structure of those relationships -- that's not right." Of course, people can opt out of Facebook and choose to use other, smaller social networks. But those businesses are essentially unable to thrive because of the hold Facebook has on how we communicate online. All our friends and family are already on Facebook, and because the platform is not regulated to allow competition, it's incredibly difficult for other, newer ones to emerge.Read Replies (0)
By BeauHD from Slashdot's on-call department
An anonymous reader quotes a report from Bloomberg: Amazon.com Inc. is almost certain to enter the business of selling prescription drugs by 2019, said two analysts at Leerink Partners, posing a direct threat to the U.S.'s biggest brick-and-mortar drugstore chains. "It's a matter of when, not if," Leerink Partners analyst David Larsen said in a report to clients late Thursday. "We expect an announcement within the next 1-2 years." Amazon has a long standing interest in prescription drugs, an industry with multiple middlemen, long supply chains and opaque pricing. In the 1990s, it invested in startup Drugstore.com and Amazon Chief Executive Officer Jeff Bezos sat on the board. Walgreens eventually purchased the site and shuttered it last year to focus on its own branded website Walgreens.com. Leerink's calls with industry experts suggest that Amazon "is in active discussions" with mid-size pharmacy benefit managers and possibly larger player such as Prime Therapeutics, Larsen's colleague, Ana Gupte, wrote in a separate report Friday. On Friday, CNBC reported that Amazon could make a decision about selling prescription drugs online before Thanksgiving.Read Replies (0)
By msmash from Slashdot's road-less-travelled department
The Guardian reports: Decade after he stayed up all night coding a prototype of what was then called an "awesome" button, Rosenstein belongs to a small but growing band of Silicon Valley heretics who complain about the rise of the so-called "attention economy": an internet shaped around the demands of an advertising economy. These refuseniks are rarely founders or chief executives, who have little incentive to deviate from the mantra that their companies are making the world a better place. Instead, they tend to have worked a rung or two down the corporate ladder: designers, engineers and product managers who, like Rosenstein, several years ago put in place the building blocks of a digital world from which they are now trying to disentangle themselves. "It is very common," Rosenstein says, "for humans to develop things with the best of intentions and for them to have unintended, negative consequences." Rosenstein, who also helped create Gchat during a stint at Google, and now leads a San Francisco-based company that improves office productivity, appears most concerned about the psychological effects on people who, research shows, touch, swipe or tap their phone 2,617 times a day. There is growing concern that as well as addicting users, technology is contributing toward so-called "continuous partial attention", severely limiting people's ability to focus, and possibly lowering IQ. One recent study showed that the mere presence of smartphones damages cognitive capacity -- even when the device is turned off. "Everyone is distracted," Rosenstein says. "All of the time."Read Replies (0)
By msmash from Slashdot's shape-of-things-to-come department
Analysts at McKinsey & Company write: For the better part of a decade, telecom companies have suffered through declining revenues, cash flow, and return on investment just as tech companies like Google, Facebook, Amazon, and others have mushroomed by building their businesses on the operators' own infrastructure. While these tech visionaries have enjoyed well over $1 trillion in combined market-cap growth by innovating and thinking differently and adeptly, telecom companies have tried to compete by implementing the same old survival tactics: cutting costs, reducing the workforce, and timidly entering into new business adjacencies. The trouble is that playbook no longer applies. [...] We've seen this before in other capital-intensive industries. The airline industry, for example, despite incredible growth in travel during the early part of this century, destroyed economic value until 2015 when, for the first time, the industry-level average return on invested capital (ROIC) was just in excess of its cost of capital. This return to economic profitability was achieved through a combination of falling fuel prices; significant industry consolidation, especially in the United States; and the growth of ancillary revenues, such as checked-baggage fees. If global operators were to follow the airline industry's prior trajectory, the implications could be dramatic. That's not just for the operators that would see declining investment as capital and talent move into sectors with superior returns but also for current and future over-the-top (OTT) players, such as Amazon, Apple, Facebook, Google, and Netflix, who rely so heavily on the operators' networks and investments.Read Replies (0)
By msmash from Slashdot's real-reason department
Last year, when it was rumoured that the then upcoming iPhone models -- 7 and 7 Plus -- won't have the 3.5mm audio jack, The Verge's Nilay Patel wrote that if Apple does do it, it would be a user-hostile and stupid move. When those iPhone models were official announced, they indeed didn't have the audio jack. Earlier this week, Android-maker Google announced the Pixel 2 and Pixel 2 XL smartphones that also don't feature the decades-old audio jack either, a move that would likely push rest of the smartphone makers to adopt a similar change. The rationale behind killing the traditional headphones jack, both Apple and Google say, is to move to an improved technology: Bluetooth. But there is another motive at play here, it appears. Patel, writes for The Verge: As the headphone jack disappears, the obvious replacement isn't another wire with a proprietary connector like Apple's Lightning or the many incompatible and strange flavors of USB-C audio. It's Bluetooth. And Bluetooth continues to suck, for a variety of reasons. Newer phones like the iPhone 8, Galaxy S8, and the Pixel 2 have Bluetooth 5, which promises to be better, but 1. There are literally no Bluetooth 5 headphones out yet, and 2. we have definitely heard that promise before. So we'll see. To improve Bluetooth, platform vendors like Apple and Google are riffing on top of it, and that means they're building custom solutions. And building custom solutions means they're taking the opportunity to prioritize their own products, because that is a fair and rational thing for platform vendors to do. Unfortunately, what is fair and rational for platform vendors isn't always great for markets, competition, or consumers. And at the end of this road, we will have taken a simple, universal thing that enabled a vibrant market with tons of options for every consumer, and turned it into yet another limited market defined by ecosystem lock-in. The playbook is simple: last year, Apple dropped the headphone jack and replaced it with its W1 system, which is basically a custom controller chip and software management layer for Bluetooth. The exemplary set of W1 headphones is, of course, AirPods, but Apple also owns Beats, and there are a few sets of W1 Beats headphones available as well. You can still use regular Bluetooth headphones with an iPhone, and you can use AirPods as regular Bluetooth headphones, but the combination iPhone / W1 experience is obviously superior to anything else on the market. [...] Google's version of this is the Pixel Buds, a set of over-ear neckbuds that serve as basic Bluetooth headphones but gain additional capabilities when used with certain phones. Seamless fast pairing? You need Android N or higher, which most Android phones don't have.Read Replies (0)
By msmash from Slashdot's end-of-an-era department
It's the end of an era: as of December 15, AOL's Instant Messenger will no longer exist. From a report: In a statement from Oath, the new entity formed under Verizon combining AOL with the recently-acquired Yahoo, the service will be discontinued. "AIM tapped into new digital technologies and ignited a cultural shift, but the way in which we communicate with each other has profoundly changed," said Michael Albers, VP of Communications Product at Oath. AIM was a staple of personal computers since first launching in 1997, serving as a precursor to popular apps like WhatsApp and Facebook Messenger. However, AIM couldn't make the seamless transition to mobile, where most users rely on instant messaging services. Users will be able to manually download any images or files on AIM before the service shuts down. However, users won't be able to export or save their Buddy List, the group of contacts available on AIM.Read Replies (0)