By EditorDavid from Slashdot's one-store-to-rule-them-all department
An anonymous reader quotes USA Today:
Amazon's yearly sales account for about 15% of total U.S. consumer online sales, according to the company's statements and the Department of Commerce. But the Seattle e-commerce company may actually be handling double that amount -- 20% to 30% of all U.S. retail goods sold online -- thanks to the volume of sales it transacts for third parties on its website and app. Only a portion of those sales add to its revenue.
"The punchline is that Amazon's twice as big as people give them credit for, because there's this iceberg under the surface, but you only see the tip," said Scot Wingo, executive chairman of Channel Advisor, an e-commerce software company that works with thousands of online sellers. When third-party sales are taken into account, Amazon's share of what U.S. shoppers spend online could be as high as $125 billion yearly...
Amazon's share will grow even larger when they can offer two-hour deliveries, warns one analyst, while another puts it more succinctly. "Amazon's just going to slowly grab more and more of your wallet."Read Replies (0)
By EditorDavid from Slashdot's squashing-bugs department
Orome1 quotes Help Net Security: VeraCrypt, the free, open source disk encryption software based on TrueCrypt, has been audited by experts from cybersecurity company Quarkslab. The researchers found 8 critical, 3 medium, and 15 low-severity vulnerabilities, and some of them have already been addressed in version 1.19 of the software, which was released on the same day as the audit report [which has mitigations for the still-unpatched vulnerabilities].
Anyone want to share their experiences with VeraCrypt? Two Quarkslab engineers spent more than a month on the audit, which was funded (and requested) by the non-profit Open Source Technology Improvement Fund "to evaluate the security of the features brought by VeraCrypt since the publication of the audit results on TrueCrypt 7.1a conducted by the Open Crypto Audit Project." Their report concludes that VeraCrypt's security "is improving which is a good thing for people who want to use a disk encryption software," adding that its main developer "was very positive along the audit, answering all questions, raising issues, discussing findings constructively..."Read Replies (0)
By EditorDavid from Slashdot's all-your-base-are-belong-to-us department
An anonymous Slashdot reader quotes CNN Money:
An American vigilante hacker -- who calls himself "The Jester" -- has defaced the website of the Russian Ministry of Foreign Affairs in retaliation for attacks on American targets... "Comrades! We interrupt regular scheduled Russian Foreign Affairs Website programming to bring you the following important message," he wrote. "Knock it off. You may be able to push around nations around you, but this is America. Nobody is impressed."
In early 2015, CNN Money profiled The Jester as "the vigilante who hacks jihadists," noting he's a former U.S. soldier who now "single-handedly taken down dozens of websites that, he deems, support jihadist propaganda and recruitment efforts. He stopped counting at 179." That article argues that "the fact that he hasn't yet been hunted down and arrested says a lot about federal prosecutors and the FBI. Several cybersecurity experts see it as tacit approval."
"In an exclusive interview with CNNMoney this weekend, Jester said he chose to attack Russia out of frustration for the massive DNS cyberattack that knocked out a portion of the internet in the United States on Friday... 'I'm not gonna sit around watching these f----rs laughing at us.'"Read Replies (0)
By EditorDavid from Slashdot's still-standing department
"It is said that eternal vigilance is the price of liberty...We must continue to work together to make the internet a more resilient place to work, play and communicate," wrote Dyn's Chief Strategy Officer in a Saturday blog post. An anonymous reader reports:
Dyn CSO Kyle York says they're still investigating Friday's attack, "conducting a thorough root cause and forensic analysis" while "carefully monitoring" for any additional attacks. In a section titled "What We Know," he describes "a sophisticated attack across multiple attack vectors and internet locations...one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack." But he warns that "we are unlikely to share all details of the attack and our mitigation efforts to preserve future defenses."
He posted a timeline of the attacks (7:00 EST and 12:00 EST), adding "While there was a third attack attempted, we were able to successfully mitigate it without customer impact... We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these." He predicts Friday's attack will be seen as "historic," and acknowledges his staff's efforts to fight the attack as well as the support received from "the technology community, from the operations teams of the world's top internet companies, to law enforcement and the standards community, to our competition and vendors... On behalf of Dyn, I'd like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support."
Online businesses may have lost up to $110 million in sales and revenue, according to the CEO of Dynatrace, who tells CNN more than half of the 150 websites they monitor were affected.Read Replies (0)
By EditorDavid from Slashdot's In-Soviet-Union,-emails-ignore-you department
Tuesday Lawrence Lessig issued a comment about a leaked email which showed complaints about his smugness from a Clinton campaign staffer: "I'm a big believer in leaks for the public interest... But I can't for the life of me see the public good in a leak like this..." Now mirandakatz shares an article by tech journalist Steven Levy arguing that instead, "The press is mining the dirty work of Russian hackers for gossipy inside-beltway accounts."
This is perfectly legal. As long as journalists don't do the stealing themselves, they are solidly allowed to publish what thieves expose, especially if, as in this case, the contents are available to all... [But] is the exploitation of stolen personal emails a moral act? By diving into this corpus to expose anything unseemly or embarrassing, reporters may be, however unwillingly, participating in a scheme by a foreign power to mess with our election...
As a 'good' journalist, I know that I'm supposed to cheer on the availability of information... But it's difficult to argue that these discoveries were unearthed by reporters for the sake of public good...
He's sympathetic to the idea that minutiae from campaigns lets journalists "examine the failings of 'business as usual'," but "it would be so much nicer if some disgruntled colleague of Podesta's was providing information to reporters, rather than Vladimir Putin using them as stooges to undermine our democracy." He ultimately asks, "is it moral to amplify anything that's already exposed on the internet, even if the exposers are lawbreakers with an agenda?"Read Replies (0)
By EditorDavid from Slashdot's leapin'-lemurs! department
"Linux distributions and silly names go together like peanut butter and jelly," notes BetaNews. BrianFagioli writes:
One of the most well-known Linux distributions to use funny names is Ubuntu. It famously uses the convention of an adjective and a lesser-known animal, each starting with the same letter... For example, Ubuntu 16.10 uses the letter "Y" -- "Yakkety Yak". The next version of the operating system will use the letter "Z" [and] Canonical has chosen "Zesty Zapus"... It is apparently a type of jumping mouse...
"As we come to the end of the alphabet, I want to thank everyone who makes this fun. Your passion and focus and intellect, and occasionally your sharp differences, all make it a privilege to be part of this body incorporate. Right now, Ubuntu is moving even faster to the centre of the cloud and edge operations. From AWS to the zaniest new devices, Ubuntu helps people get things done faster, cleaner, and more efficiently, thanks to you...", says Mark Shuttleworth, CEO, Canonical... "we are a tiny band in a market of giants, but our focus on delivering free software freely together with enterprise support, services and solutions appears to be opening doors, and minds, everywhere. So, in honour of the valiantly tiny leaping long-tailed over the obstacles of life, our next release which will be Ubuntu 17.04, is hereby code named the Zesty Zapus".
My favorite was Xenial Xerus.Read Replies (0)
By EditorDavid from Slashdot's suspecting-state-actors department
"The Dark Web is rife with speculation that North Korea is responsible for the Dyn hack" says John McAfee, according to a new article on CSO:
McAfee said they certainly have the capability and if it's true...then forensic analysis will point to either Russia, China, or some group within the U.S. [And] who hacked the Democratic National Committee? McAfee -- in an email exchange and follow up phone call -- said sources within the Dark Web suggest it was Iran, and he absolutely agrees. While Russian hackers get more media attention nowadays, Iranian hackers have had their share... "The Iranians view Trump as a destabilizing force within America," said McAfee. "They would like nothing more than to have Trump as President....
"If all evidence points to the Russians, then, with 100% certainty, it is not the Russians. Anyone who is capable of carrying out a hack of such sophistication is also capable, with far less effort than that involved in the hack, of hiding their tracks or making it appear that the hack came from some other quarter..."
Bruce Schneier writes that "we don't know anything much of anything" about yesterday's massive DDOS attacks. "If I had to guess, though, I don't think it's China. I think it's more likely related to the DDoS attacks against Brian Krebs than the probing attacks against the Internet infrastructure..." Earlier this month Krebs had warned that source code had been released for the massive DDOS attacks he endured in September, "virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices."Read Replies (0)
By EditorDavid from Slashdot's video-velocities department
Virginia software engineer Brad Myers has played Super Mario 22,000 times, and just set a new speed record earlier this month -- 4 minutes and 56.878 seconds. An anonymous Slashdot reader summarizes a new article at FiveThirtyEight:
"In this 31-year-old video game, there is a full-on, high-speed assault on Bowser's castle under way right now..." writes Oliver Roeder, describing a collaborative community of both theorists and experimentalists "who test the theories in game after callus-creating game... 'Everything in my run, so many people contributed so much knowledge at various points in the game's history,' Myers told me. 'Now someone can come along and use that as their starting point.'"
Online broadcasts form a kind of peer-review system, with an ever-expanding canon of tricks -- for example, intentionally bumping into objects for a slight increase in speed. But the success rate for the maneuver is estimated at 3%, meaning speed runners spend most of their time stating over. "On average, about 1 out of 1,000 times does a record-setting campaign continue beyond its halfway point..."Read Replies (0)
By EditorDavid from Slashdot's Mozilla-meets-Microsoft department
An anonymous reader quotes InfoWorld:
Developers of Mozilla's Rust language, devised for fast and safe system-level programming, have unveiled the first release of the Rust Language Service, a project that provides IDEs and editors with live, contextual information about Rust code. RLS is one of the first implementations of the Language Server Protocol, co-developed by Microsoft, Codenvy, and Red Hat to standardize communications between IDEs and language runtimes. It's another sign of Rust's effort to be an A-list language across the board -- not only by providing better solutions to common programming problems, but also cultivating first-class, cutting-edge tooling support from beyond its ecosystem...
The Rust Language Service is "pre-alpha", and the whole Language Service Protocol is only currently supported by two IDEs -- Eclipse and Microsoft's Visual Studio Code. Earlier InfoWorld described it as "a JSON-based data exchange protocol for providing language services consistently across different code editors and IDEs," and one of the Rust developers has already developed a sample RLS client for Visual Studio Code.Read Replies (0)
By EditorDavid from Slashdot's bright-ideas department
Earlier this week, Tesla signed a non-binding agreement to buy solar cells from a new Panasonic factory in Buffalo, New York -- but it's part of a much bigger maneuver. An anonymous Slashdot reader writes:
"If all goes to plan, Tesla will be supplying customers with the solar panels that generate electricity that could then be used to charge the battery in their Tesla car or the battery in the Tesla Powerwall home energy storage system," reports the Christian Science Monitor. The Wall Street Journal reports that Musk's SolarCity "will sell, finance and install the panels."
But the Buffalo News suggests the deal is really "aimed squarely at skeptical shareholders" who may be leary of a proposed merger between Tesla and SolarCity," which one analyst calculates will require nearly $6 billion in extra capital. Panasonic could help shoulder the costs of the Buffalo factory, while also putting a more experienced manufacturer in charge of producing high-efficiency solar modules.
The Stack reports some shareholders have actually filed a lawsuit against the merger.Read Replies (0)
By EditorDavid from Slashdot's expect-charges department
Eight months after being rescued at sea near Cuba and then arrested, Anonymous hacker Martin Gottesfeld now faces prosecution as well as death by hunger. Newsweek reports:
A member of Anonymous has been indicted on hacking charges while on the third week of a prison hunger strike protesting perceived institutionalized torture and political prosecutions. Martin Gottesfeld, 32, was charged this week in relation to the hacking of Boston Childrenâ(TM)s Hospital in 2014 following the alleged mistreatment of one of its patients. Gottesfeld has previously admitted to targeting the hospital, though says he did it in defense of "an innocent, learning-disabled, 15-year-old girl"...
Since beginning his hunger strike on October 3, Gottesfeld tells Newsweek from prison he has lost 16.5 pounds. He says he will continue his hunger strike until two demands are met: a promise from the presidential candidates that children are not mistreated in the way he claims Pelletier was; and an end to the "political" style of prosecution waged by Carmen Ortiz, the U.S. attorney for Massachusetts.
The indictment claims that the hospital spent more than $300,000 to "mitigate" the damage from the 2014 attack.Read Replies (0)
By BeauHD from Slashdot's known-web-tracking department
By BeauHD from Slashdot's party's-over department
An anonymous reader quotes a report from TorrentFreak: Pirate services obtain content by capturing and restreaming feeds obtained from official sources, often from something as humble as a regular subscriber account. These streams can then be redistributed by thousands of other sites and services, many of which are easily found using a simple search. Dedicated anti-piracy companies track down these streams and send takedown notices to the hosts carrying them. Sometimes this means that streams go down quickly but in other cases hosts can take a while to respond or may not comply at all. Networking company Cisco thinks it has found a solution to these problems. The company's claims center around its Streaming Piracy Prevention (SPP) platform, a system that aims to take down illicit streams in real-time. Perhaps most interestingly, Cisco says SPP functions without needing to send takedown notices to companies hosting illicit streams. "Traditional takedown mechanisms such as sending legal notices (commonly referred to as 'DMCA notices') are ineffective where pirate services have put in place infrastructure capable of delivering video at tens and even hundreds of gigabits per second, as in essence there is nobody to send a notice to," the company explains. "Escalation to infrastructure providers works to an extent, but the process is often slow as the pirate services will likely provide the largest revenue source for many of the platform providers in question." To overcome these problems Cisco says it has partnered with Friend MTS (FMTS), a UK-based company specializing in content-protection. Among its services, FMTS offers Distribution iD, which allows content providers to pinpoint which of their downstream distributors' platforms are a current source of content leaks. "Robust and unique watermarks are embedded into each distributor feed for identification. The code is invisible to the viewer but can be recovered by our specialist detector software," FMTS explains. "Once infringing content has been located, the service automatically extracts the watermark for accurate distributor identification." According to Cisco, FMTS feeds the SPP service with pirate video streams it finds online. These are tracked back to the source of the leak (such as a particular distributor or specific pay TV subscriber account) which can then be shut-down in real time.Read Replies (0)