By EditorDavid from Slashdot's oops department
A web site where users anonymously review their employer has exposed the e-mail addresses -- and in some cases the names -- of hundreds of thousands of users. An anonymous reader quotes an article from Silicon Beat:
On Friday, the company sent out an email announcing that it had changed its terms of service. Instead of blindly copying email recipients on the message, the company pasted their addresses in the clear. Each message recipient was able to see the email addresses of 999 other Glassdoor users...
Ultimately, the messages exposed the addresses of more than 2 percent of the company's users... Last month, the company said it had some 30 million monthly active users, meaning that more than 600,000 were affected by the exposure... Although the company didnâ(TM)t directly disclose the names of its users, many of their names could be intuited from their email addresses. Some appeared to be in the format of "first name.last name" or "first initial plus last name."
A Glassdoor spokesperson said "We are extremely sorry for this error. We take the privacy of our users very seriously and we know this is not what is expected of us. It certainly isn't how we intend to operate."Read Replies (0)
By EditorDavid from Slashdot's making-Slashdot-great-again department
An anonymous Slashdot reader quotes the Washington Post:
A top official with Hillary Clinton's campaign on Sunday accused the Russian government of orchestrating the release of damaging Democratic Party records in order to help the campaign of Republican Donald Trump -- and some cyber security experts in the U.S. and overseas agree. The extraordinary charge came as some national security officials have been growing increasingly concerned about possible efforts by Russia to meddle in the election, according to several individuals familiar with the situation.
Late last week, hours before the records were released by the website Wikileaks, the White House convened a high-level security meeting to discuss reports that Russia had hacked into systems at the Democratic National Committee... Officials from various intelligence and defense agencies, including the National Security Council, the Department of Defense, the FBI and the Department of Homeland Security, attended the White House meeting Thursday, on the eve of the email release.
Clinton's campaign manager told ABC News "some experts are now telling us that this was done by the Russians for the purpose of helping Donald Trump." Donald Trump's son later responded, "They'll say anything to be able to win this."Read Replies (0)
By EditorDavid from Slashdot's Linus-is-back department
An anonymous Slashdot reader writes: The Linux 4.7 kernel made its official debut today with Linus Torvalds announcing, "after a slight delay due to my travels, I'm back, and 4.7 is out. Despite it being two weeks since rc7, the final patch wasn't all that big, and much of it is trivial one- and few-liners." Linux 4.7 ships with open-source AMD Polaris (RX 480) support, Intel Kabylake graphics improvements, new ARM platform/board support, Xbox One Elite Controller support, and a variety of other new features.
Slashdot reader prisoninmate quotes a report from Softpedia:
The biggest new features of Linux kernel 4.7 are support for the recently announced Radeon RX 480 GPUs (Graphic Processing Units) from AMD, which, of course, has been implemented directly into the AMDGPU video driver, a brand-new security module, called LoadPin, that makes sure the modules loaded by the kernel all originate from the same file system, and support for generating virtual USB Device Controllers in USB/IP. Furthermore, Linux kernel 4.7 is the first one to ensure the production-ready status of the sync_file fencing mechanism used in the Android mobile operating system, allow Berkeley Packet Filter (BPF) programs to attach to tracepoints, as well as to introduce the long-anticipated "schedutil" frequency governor to the cpufreq dynamic frequency scaling subsystem, which promises to be faster and more accurate than existing ones.
Linus's announcement includes the shortlog, calling this release "fairly calm," though "There's a couple of network drivers that got a bit more loving."Read Replies (0)
By EditorDavid from Slashdot's gone-today,-here-tomorrow department
An anonymous reader quotes a report from PC Magazine:
Just what kind of email retentions powers does Yahoo have? According to a policy guide from the company, Yahoo cannot recover emails that have been deleted from a user's account -- simple as that. If the email is in a user's account, it's fair game, and Yahoo can even give law enforcement the IP address of whatever computer is being used to send said email.
Or, at least, that's what Yahoo has said. A magistrate judge from the Northern District of California has ordered Yahoo to produce documents, as well as a witness for deposition, related to the company's ability to recover seemingly deleted emails in a UK drug case... a UK defendant was convicted -- and is currently serving an extra 20-year prison sentence -- as part of a conspiracy to import drugs into the United Kingdom. He's currently appealing the conviction, in part because the means by which Yahoo recovered the emails in question allegedly violate British law.
The drug smugglers apparently communicated by creating a draft of an email, which was then available to others who logged into that same account.Read Replies (0)
By EditorDavid from Slashdot's assembly department
Videos are now online from this week's Curry On conference, which incuded talks by programming pioneers Larry Wall and Matthias Felleisen, as well as speakers from Google, Twitter, Facebook, Microsoft, and Oracle. Dave Herman from Mozilla Research also talked about building an open source research lab, while Larry Wall's keynote was titled "It's the End of the World as We Know It, and I Feel Fine." Billing itself as a non-profit conference about programming languages and emerging computer-industry challenges, this year's installment included talks about Java, Rust, Scala, Perl, Racket, Clojure, Rascal, Go and Oden. Held in a different European city each year, the annual conference hopes to provoke an open conversation between academia and the larger technology industry.Read Replies (0)
By manishs from Slashdot's hitting-the-ceiling department
Moore's Law, an empirical observation of the number of components that could be built on an integrated circuit and their corresponding cost, has largely held strong for more than 50 years, but its days are really numbered now. The prediction of the 2015 International Technology Roadmap for Semiconductors, which was only officially made available this month, says that transistor could stop shrinking in just five years. From an article on IEEE: After 2021, the report forecasts, it will no longer be economically desirable for companies to continue to shrink the dimensions of transistors in microprocessors. Instead, chip manufacturers will turn to other means of boosting density, namely turning the transistor from a horizontal to a vertical geometry and building multiple layers of circuitry, one on top of another. These roadmapping shifts may seem like trivial administrative changes. But "this is a major disruption, or earthquake, in the industry," says analyst Dan Hutcheson, of the firm VLSI Research. U.S. semiconductor companies had reason to cooperate and identify common needs in the early 1990s, at the outset of the roadmapping effort that eventually led to the ITRS's creation in 1998. Suppliers had a hard time identifying what the semiconductor companies needed, he says, and it made sense for chip companies to collectively set priorities to make the most of limited R&D funding.It still might not be the end of Moore's remarkable observation, though. The report adds that processors could still continue to fulfill Moore's Law with increased vertical density. The original report published by ITRS is here.Read Replies (0)
By EditorDavid from Slashdot's one-giant-leap-for-Slurpees department
An anonymous Slashdot reader write:
A drone has autonomously delivered Slurpees, a chicken sandwich, doughnuts, hot coffee and candy from a Reno, Nevada 7-Eleven to a nearby home. The delivery was made "in a matter of minutes" to two busy working parents near their store in Reno, Nevada, and the drone hovered in place and gently lowered each package to the ground in the family's backyard.
"To find customers willing to have their order handled by a flying robot, the companies surveyed households within a one-mile radius of the store from which they planned to deliver," reports Tech Crunch. 7-Eleven partnered with drone-delivery company Flirtey, which has also used its drones to perform a ship-to-shore delivery of medical supplies . They're calling this flight the first FAA-approved drone delivery to a home and a historic milestone in commercial deliveries, and both companies plan to continue working together in the future to perform more testing on drone deliveries.Read Replies (0)
By manishs from Slashdot's what-if department
A few weeks ago, we had an intense discussion on what would happen if Apple's next iPhone doesn't have a headphone port -- and what that means for the rest of the industry, as well as the pros and cons of ditching the legacy port. Over the past few months, we have seen many smartphone manufacturers launch new handsets that don't have a headphone jack. Mashable has a report today in which it says that it is already causing frustration among users. From the article: In the Android camp, phones like Lenovo's Moto Z and Moto Z Force and China's LeEco have already scrapped the 3.5mm headphone jack; to listen to music on the company's three latest phones, users need to plug in USB Type-C headphones, go wireless, or use a dongle. I'm all for letting go of old technologies to push forward, but what is happening is actually going to make things worse. The headphone jack has worked for 50 years and it can work for another 50 more because it's universal. Headphones I plug into my iPhone work in an Android phone, in a BlackBerry, in my computer, in my PS4 controller, in my tablet, in any speaker with audio-out, and so on. I can walk into any electronics store and pick up a pair of headphones and not have to worry about compatibility with any of my devices. I know it'll work. [...] With a universal headphone jack, I never have to worry whether or not the crappy pack-in iPhone EarPods I have will work with the Android phone I'm reviewing or not. I also never have to worry if I'll be able to plug my headphones into a friend's phone to listen to some new song. Same applies for when I want to use my earbuds and headphones with another person's device. And there lies the real issue. I will need different dongles -- a Lightning-to-headphone-jack and a USB-Type-C-to-headphone-jack to be prepared because I do carry both iPhone and Android phone on me daily. Dongles also get lost.Read Replies (0)
By EditorDavid from Slashdot's adaptable-Androids department
This week saw the release of the Moto Z Droid and Force Droid, new Android smartphones from Motorola and Lenovo with snap-on modules. Slashdot reader MojoKid writes that the Z Force Droid "is sheathed behind Moto ShatterShield technology making it virtually indestructible."
Motorola guarantees it not to crack or shatter if dropped... However, what's truly standout are Moto Mods, which are snap-on back-packs of sorts that add new features, like the JBL Speaker, Moto Insta-Projector and Incipio OffGrid Power Pack (2220 mAh) mods... Even the fairly complex projector mod fires up in seconds and works really well.
But the Verge has called it "a good phone headed down the wrong path," adding "this company is competing in the global smartphone market, not a high school science fair, and its success will depend on presenting better value than the competition, not cleverer design. Without the benefit of the value-projecting fairy dust of brands like Apple and Beats, Lenovo will have an uphill climb trying to justify its Moto Mods pricing with functionality and looks, and our review has shown that none of the company's extras are essential."Read Replies (0)
By EditorDavid from Slashdot's phoning-it-in department
An anonymous Slashdot reader writes:
A company called Andromium is attempting to harness the processing power of your Android smartphone and turn it into a full fledged computer. The 'Superbook' consists of a 11.6-inch laptop shell, which you connect to your phone via a USB Micro-B or Type-C cable, and run the Andromium OS application (currently in beta, but available in the Play Store)... The leader of the project and Company co-founder Gordon Zheng, previously worked at Google and pitched the idea to them... They refused so he quit his job and founded Andromium Inc.
In December 2014 the company had introduced their first product which was a dock which used the MHL standard to output to external monitor. That campaign failed, however their newest creation, the Superbook smashed their Kickstarter goal in just over 20 minutes.
And within their first 38 hours, they'd crowdfunded $500,000. In an intriguing side note, Andromium "says it'll open its SDK so developers can tailor their apps for Andromium, too, though how much support that gets remains to be seen," reports Tech Insider. But more importantly, "Andromium says its prototypes are finished, and that it hopes to ship the Superbook to backers by February 2017."Read Replies (0)
By EditorDavid from Slashdot's high-risk-vulnerabilities department
itwbennett writes: "Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors," writes Lucian Constantin on CSOonline. The vulnerabilities, which were found by researchers from Cisco's Talos team, are in the Oracle Outside In Technology (OIT), a collection of SDKs that are used in third-party products, including Microsoft Exchange, Novell Groupwise, IBM WebSphere Portal, Google Search Appliance, Avira AntiVir for Exchange, Raytheon SureView, Guidance Encase and Veritas Enterprise Vault.
"It's not clear how many of those products are also affected by the newly patched seventeen flaws, because some of them might not use all of the vulnerable SDKs or might include other limiting factors," writes Constantin. But the Cisco researchers confirmed that Microsoft Exchange servers (version 2013 and earlier) are affected if they have WebReady Document Viewing enabled. In a blog post the researchers describe how an attacker could exploit these vulnerabilities.
TL;DR version: "Attackers can exploit the flaws to execute rogue code on systems by sending specifically crafted content to applications using the vulnerable OIT SDKs."Read Replies (0)