By EditorDavid from Slashdot's just-in-time department
An anonymous reader quotes InfoWorld:
Oracle plans to drop from Java its serialization feature that has been a thorn in the side when it comes to security. Also known as Java object serialization, the feature is used for encoding objects into streams of bytes... Removing serialization is a long-term goal and is part of Project Amber, which is focused on productivity-oriented Java language features, says Mark Reinhold, chief architect of the Java platform group at Oracle.
To replace the current serialization technology, a small serialization framework would be placed in the platform once records, the Java version of data classes, are supported. The framework could support a graph of records, and developers could plug in a serialization engine of their choice, supporting formats such as JSON or XML, enabling serialization of records in a safe way. But Reinhold cannot yet say which release of Java will have the records capability. Serialization was a "horrible mistake" made in 1997, Reinhold says. He estimates that at least a third -- maybe even half -- of Java vulnerabilities have involved serialization. Serialization overall is brittle but holds the appeal of being easy to use in simple use cases, Reinhold says.Read Replies (0)
By EditorDavid from Slashdot's toil-and-trouble department
"We are now officially in a tech bubble larger than March of 2000," argues Keith Wright, instructor of accounting and information services at the Villanova School of Business. An anonymous reader quotes his commentary on CNBC:
In case you missed it, the peak in the tech unicorn bubble already has been reached. And it's going to be all downhill from here. Massive losses are coming in venture capital-funded start-ups that are, in some cases, as much as 50 percent overvalued... 76% of the companies that went public last year were unprofitable on a per-share basis in the year leading up to their initial offerings, according to data compiled by Jay Ritter, a professor at the University of Florida's Warrington College of Business, and recently featured in the New York Times. This is the largest number since the peak of the dot-com boom in 2000, when 81 percent of newly public companies were unprofitable...
Several financial models project that up to 80 percent of unicorn companies are set to fail within two years. Uber, the highest-valued private technology company, has rapidly growing revenue but remains highly unprofitable. With revenue of $6.5 billion in 2016, it still registered a net loss of $2.8 billion. The truth is, when a unicorn is overvalued, it doesn't take long for the market to discover this fact.Read Replies (0)
By EditorDavid from Slashdot's game-over department
An anonymous reader writes:
18-year-old Casey Viner, who instigated the 911 call which led to a fatal shooting in Wichita (hiring Tyler Barriss to perform the actual call), is in big trouble. "If convicted on the 10 counts he faces, Viner could spend almost the rest of his life in prison and pay a $1,000,000 fine," reports a local Cincinnati news site. Ironically, Viner's father is a corporal with the county sheriff's department.
The 19-year-old intended target for the SWAT attack had supplied a real address in Wichita for a house where he used to live. But in an eerie coincidence, ten days before the fatal shooting in Wichita, Cincinnati police had responded to a similar SWAT call which had sent them to a house where Viner used to live. The local police said "the facts and circumstances and the verbiage were very, very similar."
25-year-old Tyler Barriss also faces a life sentence for false information which resulted in a death -- as well as several local charges. And Thursday a federal grand jury also indicted Barriss "for a threat that caused an evacuation of a high-profile FCC hearing" into net neutrality regulations just two weeks before the fatal Wichita shooting, "and another threat eight days later that targeted FBI headquarters."
Barriss's lawyer insists that his client wasn't responsible for the Wichita death, blaming instead a "gung-ho, crazy cop."Read Replies (0)
By EditorDavid from Slashdot's see-and-spray department
Rick Schumann writes:
A Swiss company called ecoRobotix is betting the agricultural industry will be willing to welcome their solar-powered weed-killing autonomous robot, in an effort to reduce the use of herbicides by up to a factor of 20 and perhaps even eliminate the need for herbicide-resistant GMO crops entirely.
The 'see-and-spray' robot goes from plant to plant, visually differentiating the actual crops and weeds, and squirting the weeds selectively and precisely with weed killer, as opposed to the current technique of using large quantities of weed killer like Monsantos' Roundup to spray entire crops.
Weeds are already becoming resistant to such glyphosate-based herbicides after "more than 20 years of near-ubiquitous use," reports Reuters. (The head of one pesticide company's science division concedes that "That was probably a once-in-a-lifetime product.") But AI-based precision spraying "could mean established herbicides whose effect has worn off on some weeds could be used successfully in more potent, targeted doses."
Meanwhile, another Silicon Valley startup has built a machine using on-board cameras to distinguish weeds from crops -- and was recently acquired by the John Deere tractor company. Reuters calls these companies the "new breed of AI weeders that investors say could disrupt the $100 billion pesticides and seeds industry."
The original submission asks: Should we welcome our weed-killing robotic overlords?Read Replies (0)
By EditorDavid from Slashdot's liberty,-happiness,-and-the-pursuit-of-life department
schwit1 shared this article from the Washington Post:
The House on Tuesday passed "right to try" legislation that would allow people with life-threatening illnesses to bypass the Food and Drug Administration to obtain experimental medications, ending a drawn-out battle over access to unapproved therapies. President Trump is expected to quickly sign the measure, which was praised by supporters as a lifeline for desperate patients but denounced by scores of medical and consumer groups as unnecessary and dangerous...
The FDA would be largely left out of the equation under the new legislation and would not oversee the right-to-try process. Drug manufacturers would have to report "adverse events" -- safety problems, including premature deaths -- only once a year. The agency also would be restricted in how it used such information when considering the experimental treatments for approval. Patients would be eligible for right-to-try if they had a "life-threatening illness" and had exhausted all available treatment options. The medication itself must have completed early-stage safety testing, called Phase 1 trials, and be in active development with the goal of FDA approval.
One Congressman opposing the bill argued that eliminating FDA oversight would "provide fly-by-night physicians and clinics the opportunity to peddle false hope and ineffective drugs to desperate patients," noting that the bill is opposed by over 100 patient advocacy and consumer groups.Read Replies (0)
By EditorDavid from Slashdot's Redmond-goes-to-Langley department
wyattstorch516 shared this story from the AP: Microsoft Corp. said it's secured a lucrative cloud deal with the intelligence community that marks a rapid expansion by the software giant into a market led by Amazon.com Inc. The deal, which the company said Wednesday is worth hundreds of millions of dollars, allows 17 intelligence agencies and offices to use Microsoft's Azure Government, a cloud service tailored for federal and local governments, in addition to other products Microsoft already offers, such as its Windows 10 operating system and word processing programs.
The cloud agreement gives Microsoft more power to make its case to the Pentagon as it goes up against competitors like International Business Machines Corp., Oracle Corp. and Amazon for the agency's winner-take-all cloud computing contract for up to 10 years.
That contract is expected to be worth billions of dollars, according to the article, adding that "the Defense Department has said it intends to move the department's technology needs -- 3.4 million users and 4 million devices -- to the cloud to give it a tactical edge on the battlefield and strengthen its use of emerging technologies."
One Microsoft executive said this week's deal reinforces "the fact that we are a solid cloud platform that the federal government can put their trust in."Read Replies (0)
By BeauHD from Slashdot's sunshine-state department
"Companies like Tesla and SunRun are starting to bid on utility contracts that would allow them to string together dozens or hundreds of systems that act as an enormous reserve to balance the flow of electricity on the grid," reports Quartz. "Doing so would accelerate the grid's transformation from 20th century hub-and-spoke architecture to a transmission network moving electricity among thousands or millions of customers who generate and store their own power." From the report: In theory, networked home-solar-and-battery systems, acting in coordination over a single geographical area, could replace things like natural gas "peaker" plants need to help support the grid on a moment's notice. But it's an open question whether it makes financial sense. Kamath says renewable mandates could keep home solar-storage solutions for the grid going for a while, but the idea will have to prove itself on the market, perhaps by aggregating large areas, if it wants to seriously compete with existing energy assets.
SunRun told investors in 2017 that its pilot programs suggest it could competitively generate $2,000 worth of services by managing electricity flow back to the grid. The company has recently dropped its combative stance with utilities dragging their feet on accepting home solar. Instead, it's pursuing cooperation with the utilities now, in hopes of selling them home-based power. That would allow it grab a chunk of the billions being spent on modernizing the grid. "We don't want to be in a position of building two competing infrastructures," SunRun's Jurich said.Read Replies (0)
By BeauHD from Slashdot's gotta-start-somewhere department
By BeauHD from Slashdot's only-time-will-tell department
At the VivaTech conference in Paris, Alphabet CEO Eric Schmidt was asked about Elon Musk's warnings about AI. He responded by saying: "I think Elon is exactly wrong. He doesn't understand the benefits that this technology will provide to making every human being smarter. The fact of the matter is that AI and machine learning are so fundamentally good for humanity." TechCrunch reports: He acknowledged that there are risks around how the technology might be misused, but he said they're outweighed by the benefits: "The example I would offer is, would you not invent the telephone because of the possible misuse of the telephone by evil people? No, you would build the telephone and you would try to find a way to police the misuse of the telephone."
After wryly observing that Schmidt had just given the journalists in the audience their headlines, interviewer (and former Publicis CEO) Maurice Levy asked how AI and public policy can be developed so that some groups aren't "left behind." Schmidt replied that government should fund research and education around these technologies. "As [these new solutions] emerge, they will benefit all of us, and I mean the people who think they're in trouble, too," he said. He added that data shows "workers who work in jobs where the job gets more complicated get higher wages -- if they can be helped to do it." Schmidt also argued that contrary to concerns that automation and technology will eliminate jobs, "The embracement of AI is net positive for jobs." In fact, he said there will be "too many jobs" -- because as society ages, there won't be enough people working and paying taxes to fund crucial services. So AI is "the best way to make them more productive, to make them smarter, more scalable, quicker and so forth."Read Replies (0)
By BeauHD from Slashdot's nothing-to-brag-about department
The latest American Customer Satisfaction Index survey finds that Verizon FiOS has been rated the highest in customer satisfaction with a score of 70 out of 100. But, as DSLReports notes, that's nothing to write home about since that score was a one point decline from one year earlier. Furthermore, the industry average was 64 points, which is not only a decline from last year but lower than most of the other industries the group tracks. From the report: According to the ACSI, high prices and poor customer service continues to plague an U.S. broadband industry with some very obvious competitive shortcomings.
"According to users, most aspects of ISPs are getting worse," the ACSI said. "Courtesy and helpfulness of staff has waned to 76 and in-store service is slower (74). Bills are more difficult to understand (-3 percent to 71), and customers aren't happy with the variety of plans available (-3 percent to 64)." Not a single ISP tracked by the firm saw an improvement in customer satisfaction scores. The worst of the worst according to the ACSI is Mediacom, which saw a 9% plummet year over year to a score of 53, which is lower than most airlines, banks, and even the IRS according to the report. Charter Spectrum and Suddenlink also saw 8% declines in satisfaction year over year, and despite repeated claims that customer service is now its top priority, Comcast saw zero improvement in broadband satisfaction and a slight decline in pay TV satisfaction.Read Replies (0)
By BeauHD from Slashdot's last-piece-of-the-puzzle department
The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices. Ars Technica reports: Researchers from Cisco's Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware infected more than 500,000 devices made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Known as VPNFilter, the malware allowed attackers to collect communications, launch attacks on others, and permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot. Later in the day, The Daily Beast reported that VPNFilter was indeed developed by a Russian hacking group, one known by a variety of names, including Sofacy, Fancy Bear, APT 28, and Pawn Storm. The Daily Beast also said the FBI had seized an Internet domain VPNFilter used as a backup means to deliver later stages of the malware to devices that were already infected with the initial stage 1. The seizure meant that the primary and secondary means to deliver stages 2 and 3 had been dismantled, leaving only a third fallback, which relied on attackers sending special packets to each infected device.
< article continued at Slashdot's last-piece-of-the-puzzle department
>Read Replies (0)
By msmash from Slashdot's security-woes department
Shaun Nichols, reporting for The Register: A group of German researchers have devised a method to thwart the VM security in AMD's server chips. Dubbed SEVered (PDF), the attack would potentially allow an attacker, or malicious admin who had access to the hypervisor, the ability to bypass AMD's Secure Encrypted Virtualization (SEV) protections. The problem, say Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that SEV, which is designed to isolate VMs from the prying eyes of the hypervisor, doesn't fully isolate and encrypt the VM data within the physical memory itself.Read Replies (0)