By msmash from Slashdot's security-woes department
Copyediting app Grammarly included a gaping security hole that left users of its browser extension open to more embarrassment than just misspelled words. From a report: The Grammarly browser extension for Chrome and Firefox contained a "high severity bug" that was leaking authentication tokens, according to a bug report by Tavis Ormandy, a security researcher with Google's Project Zero. This meant that any website a Grammarly user visited could access the user's "documents, history, logs, and all other data," according to Ormandy. Grammarly provides automated copyediting for virtually anything you type into a browser that has the extension enabled, from blogs to tweets to emails to your attorney. In other words, there is an unfathomable number of scenarios in which this kind of major vulnerability could result in disastrous real-world consequences. Grammarly has approximately 22 million users, according to Ormandy, and the company told Gizmodo in an email that it "has no evidence that any user information was compromised" by the security hole. "We're continuing to monitor actively for any unusual activity," a Grammarly spokesperson said.Read Replies (0)
By msmash from Slashdot's closer-look department
We already knew that thawing Arctic permafrost would release powerful greenhouse gases. On Monday, scientists revealed it could also release massive amounts of mercury -- a potent neurotoxin and serious threat to human health. From a report: Permafrost, the Arctic's frozen soil, acts as a massive ice trap that keeps carbon stuck in the ground and out of the atmosphere -- where, if released as carbon dioxide, the greenhouse gas would drive global warming. But as humans warm the climate, they risk thawing that permafrost and releasing that carbon, with microbial organisms becoming more active and breaking down the ancient plant life that had previously been preserved in the frozen earth. That would further worsen global warming, further thawing the Arctic -- and so on. That cycle would be scary enough, but U.S. government scientists on Monday revealed that the permafrost also contains large volumes of mercury, a toxic element humans have already been pumping into the air by burning coal. There are 32 million gallons worth of mercury, or the equivalent of 50 Olympic swimming pools, trapped in the permafrost, the scientists wrote in a study published in the journal Geophysical Research Letters. For context, that's "twice as much mercury as the rest of all soils, the atmosphere, and ocean combined," they wrote.Read Replies (0)
By msmash from Slashdot's let-there-be-light department
A fascinating story of how Indian women have persevered through various roadblocks, including cultural, to actively contribute to the open source community. An excerpt from the story: As Vaishali Thakker, a 23-year old open source programmer looked over the hall filled with around 200 people, she didn't know how to react to what she had just heard. Thakker was one of the five women on the stage at PyCon India 2017, a conference on the use of the Python programming language, in New Delhi. The topic of the discussion was "Women in open source." As the women started discussing the open source projects they had been working on, the challenges and so on, someone from the audience got up and drew the attention of the gathering to the wi-fi hotspots in the hall. They were named "Shut the fk up" and "Feminism sucks." "It was right on our faces," remembers Thakker. For their part, the organisers were upset and even warned the audience. But the event had no code of conduct for anyone to really penalise or expel the culprits. "It's disheartening when you're talking about the problem, someone is actually giving a proof that it (gender bias) indeed is a problem. In a way, I found it funny, because how stupid can you be to give the proof that the problem actually exists," says Thakker. And how. It's just been three years in her coding career but she is familiar with the high wall that gender stereotyping puts up in the world of software scripting. More so in her chosen field of coding. Thakker is among a small -- but fast-growing -- set of women coders from India shaping the future of several open source platforms globally including the Linux kernel, the core software program behind the world's biggest eponymous open source software.Read Replies (0)
By BeauHD from Slashdot's open-for-business department
An anonymous reader quotes a report from The Guardian: The top-ranking Democrat on the Senate intelligence committee has warned that YouTube's powerful recommendation algorithm may be "optimizing for outrageous, salacious and often fraudulent content" or susceptible to "manipulation by bad actors, including foreign intelligence entities." Senator Mark Warner, of Virginia, made the stark warning after an investigation by the Guardian found that the Google-owned video platform was systematically promoting divisive and conspiratorial videos that were damaging to Hillary Clinton's campaign in the months leading up to the 2016 election.
"Companies like YouTube have immense power and influence in shaping the media and content that users see," Warner said. "I've been increasingly concerned that the recommendation engine algorithms behind platforms like YouTube are, at best, intrinsically flawed in optimizing for outrageous, salacious and often fraudulent content." He added: "At worst, they can be highly susceptible to gaming and manipulation by bad actors, including foreign intelligence entities." YouTube's algorithm determines which videos to promote in the "Up next" column beside the video player. The Guardian found that "the algorithm was six times more likely to recommend videos that was damaging to Clinton than Trump, and also tended to amplify wild conspiracy theories about the former secretary of state."Read Replies (0)
By BeauHD from Slashdot's big-dilemmas department
According to a new working paper from the National Bureau of Economics, the number of American firms listed publicly in the U.S. has dropped more than half. In 1997, more than 7,500 American firms were listed publicly in the U.S. Nearly two decades later, in 2016, the number had dropped to 3,618 firms. Quartz reports: The crux of the issue is that U.S. startups are increasingly shunning stock market boards. That could have worrying implications for America's long-term economic prospects. One big reason young companies are shying away from IPOs is that public listings don't offer much benefit to promising startups, say the paper's authors, economists Craig Doidge, Kathleen Kahle, Andrew Karolyi, and Rene Stulz. In fact, going public can hurt them. The upside of public listing is that it lets companies raise huge sums of capital, issue more shares, issue debt with relative ease, and use equity to fund acquisitions. But because of the ways the American economy has evolved, those advantages are less important than they once were.
When industry powered U.S. growth, companies grew by spending on capital investments like factories and machinery. Back in 1975, firms once spent six times more on capital investments than they did on research and development. But as the U.S. shifted toward a services and knowledge-based economy, intangible investments became increasingly important. In 2002, R&D expenditures for the average firm surpassed capital expenditures for the first time. It's stayed that way since; nowadays, average R&D spending is roughly twice that of capital expenditures. The problem is, two features of public listings -- disclosure and accounting standards -- make things tough on companies with more intangible assets. U.S. securities law requires companies to disclose their activities in detail. But startups are wary of sharing information that might benefit their competitors.Read Replies (0)
By BeauHD from Slashdot's properly-allowed department
Over the weekend, a lawsuit was filed against T-Mobile claiming that the company's lack of security allowed hackers to enter his wireless account last fall and steal cryptocoins worth thousands of dollars. "Carlos Tapang of Washington state accuses T-Mobile of having 'improperly allowed wrongdoers to access' his wireless account on November 7th last year," reports The Verge. "The hackers then cancelled his number and transferred it to an AT&T account under their control. 'T-Mobile was unable to contain this security breach until the next day,' when it finally got the number back from AT&T, Tapang alleges in the suit, first spotted by Law360." From the report: After gaining control of his phone number, the hackers were able to change the password on one of Tapang's cryptocurrency accounts and steal 1,000 OmiseGo (OMG) tokens and 19.6 BitConnect coins, Tapang claims. The hackers then exchanged the coins for 2.875 Bitcoin and transferred it out of his account, the suit states. On November 7th, the price of Bitcoin was $7,118.80, so had the hackers cashed out then, they would have netted a profit of $20,466.55. Tapang goes on to say, "After the incident, BTC price reached more than $17,000.00 per coin," but given the volatility of bitcoin prices, the hackers may not have benefited from the soar.
The suit alleges T-Mobile is at fault partly because the carrier said it would add a PIN code to Tapang's account prior to the incident, but didn't actually implement it. Tapang also states that hackers are able to call T-Mobile's customer support multiple times to gain access to customer accounts, until they're able to get an agent on the line that would grant them access without requiring further identity verification. The complaint also lists several anonymous internet users who have posted about similar security breaches to their own T-Mobile accounts.Read Replies (0)
By BeauHD from Slashdot's tech-heavyweights department
Recode highlights the presentations each side gave on Day 1 in the Waymo v. Uber trial: Alphabet's self-driving arm, Waymo, and Uber gave their opening statements in front of a jury on Monday, commencing the courtroom phase of what has already been a messy legal battle. The day was entirely about opening arguments, but both Uber's and Waymo's strategy centers largely on one thing: Our opponent stooped to the levels they did because they were afraid we would beat them. Uber claims Waymo's lawsuit is baseless and is only suing because they were upset they were losing top talent at a time when competing companies began gaining ground. Waymo claims Uber was worried about getting beat in the self-driving car race so it stole Waymo's trade secrets when it hired one of its former executives. If Uber loses the case, it could have to pay out millions of dollars in damages and potentially stall its self-driving efforts. For Waymo, losing the case will have largely reputational risks. Alphabet rarely, if ever, sues over any issues with people or other companies, which means this litigation carries a lot of weight. Uber as the defense doesn't have to prove anything, just cast enough doubt on Waymo's claims. Waymo has to prove both motivation on the part of Uber to intentionally steal trade secrets, and that the information Uber stole was proprietary. "That was quite the story," Uber attorney Bill Carmody said in his opening statement. "I want to tell you right up front. It didn't happen, there's no conspiracy, there's no cheating, period end of story." It'll be up to the jury to determine if Waymo has presented enough evidence to prove that not only did Uber steal trade secrets, that the company was using them in their current self-driving technology. Painting Waymo as a company that was growing increasingly concerned over losing top engineers to Uber -- in addition to harboring personal grievances against Levandowski -- could help the ride-hail company convince the jury that Waymo had ulterior motives with its lawsuit. Recode has a detailed list in their report of all the evidence Uber and Waymo presented against one another, as well as their strategies going forward.Read Replies (0)
By BeauHD from Slashdot's join-the-club department
An anonymous reader quotes a report from The Hill: New Jersey on Monday became the latest state to implement its own net neutrality rules following the Federal Communications Commission's repeal of the Obama-era consumer protections. Gov. Phil Murphy (D) signed an executive order prohibiting all internet service providers that do business with the state from blocking, throttling or favoring web content.
"We may not agree with everything we see online, but that does not give us a justifiable reason to block the free, uninterrupted, and indiscriminate flow of information," Murphy said in a statement. "And, it certainly doesn't give certain companies or individuals a right to pay their way to the front of the line. "While New Jersey cannot unilaterally regulate net neutrality back into law or cement it as a state regulation, we can exercise our power as a consumer to make our preferences known," he added. Gurbir Grewal, New Jersey's attorney general, also announced on Monday that the state would be the 22nd to join a lawsuit against the FCC.Read Replies (0)
By BeauHD from Slashdot's slow-and-steady department
According to Google's Platform Versions page, Android 8.0 Oreo mobile operating system finally has 1.1 percent adoption. Like Android Nougat before it, Android Oreo took five months to pass the 1 percent adoption mark. VentureBeat reports: On the bright side, Nougat this month has passed Marshmallow, meaning the second newest Android version is now the most widely used. The latest version of Android typically takes more than a year to become the most-used release, and so far it doesn't look like Oreo's story will be any different. Google's Platform Versions tool uses data gathered from the Google Play Store app, which requires Android 2.2 and above. This means devices running older versions are not included, nor are devices that don't have Google Play installed (such as many Android phones and tablets in China, Amazon's Fire line, and so on). Also, Android versions that have less than 0.1 percent adoption, such as Android 3.0 Honeycomb and Android 2.2 Froyo, are not listed. The two next-oldest Android versions are thus set to drop off the list sometime this year. The Android adoption order now stands as follows: Nougat in first place, Marshmallow in second place, Lollipop in third, KitKat in fourth, Jelly Bean in fifth, Oreo in sixth, ICS in seventh, and Gingerbread in last. All eyes are now on Oreo to see how slowly it can climb the ranks.Read Replies (0)