By BeauHD from Slashdot's finger-pointing department
The blame for the record-breaking cybersecurity breach that affects at least 143 million people falls on the open-source server framework, Apache Struts, according to an unsubstantiated report by equity research firm Baird. The firm's source, per one report, is believed to be Equifax. ZDNet reports: Apache Struts is a popular open-source software programming Model-View-Controller (MVC) framework for Java. It is not, as some headlines have had it, a vendor software program. It's also not proven that Struts was the source of the hole the hackers drove through. In fact, several headlines -- some of which have since been retracted -- all source a single quote by a non-technical analyst from an Equifax source. Not only is that troubling journalistically, it's problematic from a technical point of view. In case you haven't noticed, Equifax appears to be utterly and completely clueless about their own technology. Equifax's own data breach detector isn't just useless: it's untrustworthy. Adding insult to injury, the credit agency's advice and support site looks, at first glance, to be a bogus, phishing-type site: "equifaxsecurity2017.com." That domain name screams fake. And what does it ask for if you go there? The last six figures of your social security number and last name. In other words, exactly the kind of information a hacker might ask for. Equifax's technical expertise, it has been shown, is less than acceptable. Could the root cause of the hack be a Struts security hole? Two days before the Equifax breach was reported, ZDNet reported a new and significant Struts security problem. While many jumped on this as the security hole, Equifax admitted hackers had broken in between mid-May through July, long before the most recent Struts flaw was revealed. "It's possible that the hackers found the hole on their own, but zero-day exploits aren't that common," reports ZDNet. "It's far more likely that -- if the problem was indeed with Struts -- it was with a separate but equally serious security problem in Struts, first patched in March." The question then becomes: is it the fault of Struts developers or Equifax's developers, system admins, and their management? "The people who ran the code with a known 'total compromise of system integrity' should get the blame," reports ZDNet.Read Replies (0)
By msmash from Slashdot's what's-happening department
An anonymous reader shares a report: A Polish academic is accusing Google of trying to patent technology he invented and that he purposely released into the public domain so companies like Google couldn't trap it inside restrictive licenses. The technology's name is Asymmetric Numeral Systems (ANS), a family of entropy coding methods that Polish assistant professor Jarosaw (Jarek) Duda developed in the early 2000s, and which is now hot tech at companies like Apple, Google, and Facebook, mostly because it can improve data compression from 3 to 30 times. Duda says that Google is now trying to register a patent that includes most of the ANS basic principles. Ironically, most of the technology described in the patent, Duda said he explained to Google engineers in a Google Groups discussion from 2014. The researcher already filed a complaint, to which WIPO ISA responded by calling out Google for not coming up with "an inventive contribution over the prior art, because it is no more than a straightforward application of known coding algorithms." A Google spokesperson refused to comment, and the mystery remains surrounding Google's decision to patent something that's in the public domain since 2014.Read Replies (0)
By msmash from Slashdot's internet-speeds department
T-Mobile offered the fastest internet speed to subscribers between Q1 and Q2 of 2017 (which ended in June), according to the Wirefly Speed Test, which combed through thousands of test results made using its service. T-Mobile scored highest in overall speed while Verizon ended up with a close second spot, Wirefly, which doesn't require Java or Flash for its tests, added. AT&T and Sprint rounded out the ranking at third and fourth, respectively, the report added, which was done in collaboration with SourceForge. T-Mobile also topped the chart for offering the fastest mobile download speed. An anonymous user writes: T-Mobile offered 22.18 Mbps download speed, while Verizon Wireless ended up with another close second with 21.45 Mbps download. AT&T came in with an average download speed of 17.00 Mbps, and Sprint was trailing all with 15.76 Mbps. You can read the full report here.Read Replies (0)
By msmash from Slashdot's apple's-leak-problem department
Details of new iPhones and other forthcoming Apple devices have been revealed via an apparent leak. From a report: Two news sites were given access to an as-yet-unreleased version of the iOS operating system. The code refers to an iPhone X in addition to two new iPhone 8 handsets. It also details facial recognition tech that acts both as an ID system and maps users' expressions onto emojis. One tech writer said it was the biggest leak of its kind to hit the firm. [...] "As best I've been able to ascertain, these builds were available to download by anyone, but they were obscured by long, unguessable URLs [web addresses]," wrote John Gruber, a blogger known for his coverage of Apple. "Someone within Apple leaked the list of URLs to 9to5Mac and MacRumors. I'm nearly certain this wasn't a mistake, but rather a deliberate malicious act by a rogue Apple employee." Neither Mr Gruber nor the two Apple-related news sites have disclosed their sources. However, the BBC has independently confirmed that an anonymous source provided the publications with links to iOS 11's golden master (GM) code that downloaded the software from Apple's own computer servers. It's a big blow to Apple, which uses surprise as a key element at its events. The leak could take some wind out of its sails as it looks to wow consumers. In 2012, Tim Cook had said the company was planning to "double down on secrecy." At the quarterly earnings call, he blamed the leaks about the upcoming iPhone models as one of the reasons that slowed down the sales of current generation iPhone models. However, an analysis published over the weekend found that Apple itself has been the source of several of these leaks in the years since. Earlier this year, the company held a meeting to boast about its internal progress to curb leaks. The hour-long recording of the meeting ironically got leaked. Nearly all details, except the final press renders of the new iPhone models, have leaked. In a subsequent post, Gruber wrote: The BBC doesn't say definitively that the leak was sent by an Apple employee, but I can state with nearly 100 percent certainty that it was. I also think there's a good chance Apple is going to figure out who it was. [...] That person should be ashamed of themselves, and should be very worried when their phone next rings. Moments ago, 9to5Mac reported about a new tvOS firmware leak, which appeared "to be out in the wild today" that details the upcoming features of the next generation Apple TV streaming device.Read Replies (0)
By msmash from Slashdot's correlation-is-not-causation department
Every three days Nathan (not his real name), a 27-year-old venture capitalist in San Francisco, ingests 15 micrograms of lysergic acid diethylamide (commonly known as LSD or acid). From a story on 1843 Magazine: From the start, a small but significant crossover existed between those who were experimenting with drugs and the burgeoning tech community in San Francisco. "There were a group of engineers who believed there was a causal connection between creativity and LSD," recalls John Markoff, whose 2005 book, "What the Dormouse Said", traces the development of the personal-computer industry through 1960s counterculture. At one research centre in Menlo Park over 350 people -- particularly scientists, engineers and architects -- took part in experiments with psychedelics to see how the drugs affected their work. Tim Scully, a mathematician who, with the chemist Nick Sand, produced 3.6m tabs of LSD in the 1960s, worked at a computer company after being released from his ten-year prison sentence for supplying drugs. "Working in tech, it was more of a plus than a minus that I worked with LSD," he says. No one would turn up to work stoned or high but "people in technology, a lot of them, understood that psychedelics are an extremely good way of teaching you how to think outside the box." San Francisco appears to be at the epicentre of the new trend, just as it was during the original craze five decades ago. Tim Ferriss, an angel investor and author, claimed in 2015 in an interview with CNN that "the billionaires I know, almost without exception, use hallucinogens on a regular basis." Few billionaires are as open about their usage as Ferriss suggests. Steve Jobs was an exception: he spoke frequently about how "taking LSD was a profound experience, one of the most important things in my life." In Walter Isaacson's 2011 biography, the Apple CEO is quoted as joking that Microsoft would be a more original company if Bill Gates, its founder, had experienced psychedelics. As Silicon Valley is a place full of people whose most fervent desire is to be Steve Jobs, individuals are gradually opening up about their usage -- or talking about trying LSD for the first time.Read Replies (0)
By msmash from Slashdot's incredible department
Holly Hartman, a journalism teacher for 22 years, writes an incredible story: After watching nonstop coverage of the hurricane and the incredible rescues that were taking place, I got in bed at 10:30 on Tuesday night. I had been glued to the TV for days. I read an article about the Cajun Navy and the thousands of selfless volunteers who have shown up to this city en masse. The article explained they were using a walkie-talkie-type app called Zello to communicate with each other, locate victims, get directions, etc. I downloaded the app, found the Cajun Navy channel and started listening. I was completely enthralled. Voice after voice after voice coming though my phone in the dark, some asking for help, some saying they were on their way. Most of the transmissions I was hearing when I first tuned in were from Houston, but within 30 minutes or so, calls started coming in from Port Arthur and Orange. Harvey had moved east from Houston and was pummeling East Texas. Call after call from citizens saying they were trapped in their houses and needed boat rescue. None of the volunteer rescuers had made it to that area from Houston, but as soon as the calls started coming in, they were moving out, driving as fast as they could into the middle of Harvey.Read Replies (0)
By EditorDavid from Slashdot's Prime-jobs department
An anonymous reader writes:
A 21-year-old Amazon warehouse worker has been replaced by "a giant, bright yellow mechanical arm" that stacks 25-pound bins. "Her new job at Amazon is to baby-sit several robots at a time," reports the New York Times, "troubleshooting them when necessary and making sure they have bins to load... [T]he company's eye-popping growth has turned it into a hiring machine, with an unquenchable need for entry-level warehouse workers to satisfy customer orders." Even though Amazon now has over 100,000 robots, they still plan to create 50,000 new jobs when they open their second headquarters. "It's certainly true that Amazon would not be able to operate at the costs they have and the costs they provide customers without this automation," said Martin Ford, author of the futurist book Rise of the Robots. "Maybe we wouldn't be getting two-day shipping."
Amazon's top operations executive says they're saving less-tedious jobs for the humans who work as "pickers" and "stowers" for the robots. "It's a new item each time," Mr. Clark said. "You're finding something, you're inspecting things, you're engaging your mind in a way that I think is important." The Times reports that the robots "also cut down on the walking required of workers, making Amazon pickers more efficient and less tired. The robots also allow Amazon to pack shelves together like cars in rush-hour traffic, because they no longer need aisle space for humans, [meaning] more inventory under one roof, which means better selection for customers."
"When Amazon installed the robots, some people who had stacked bins before took courses at the company to become robot operators. Many others moved to receiving stations, where they manually sort big boxes of merchandise into bins. No people were laid off when the robots were installed, and Amazon found new roles for the displaced workers, Clark said... The question going forward is: What happens when the future generations of robots arrive?"Read Replies (0)
By EditorDavid from Slashdot's inherited-class department
Long-time Slashdot reader theodp writes: On Friday night, the Big Four Networks simultaneously aired EIF Presents: XQ Super School Live [YouTube], a commercial-free, one-hour TV special that championed Laurene Powell Jobs' mission to rethink the American high school. The closing credits listed Jobs as an Executive Producer, and noted that the chock-full-of-celebrities special was sponsored in part by her Emerson Collective and Apple.
"Surely Samuel L. Jackson, Tom Hanks, Mahershala Ali, Justin Timberlake, Cate Blanchett and a bevy of other celebrities have nothing but laudable intentions by appearing on Friday night's live televised high school reform spectacular on four -- count them, four -- major networks (NBC, ABC, CBS and Fox)," writes the Washington Post's Valerie Strauss. "But when an hour of prime time on four networks is purchased, it's fair to ask whether that is a public service or propaganda."
The Post points out gently that "not everyone believes" in the need to "transform" high schools, while theodp notes "viewers were pitched XQ Super School Board Program kits, which XQ's website explains are designed to prepare individuals for a school board candidacy."
If this seems suspiciously political -- or at least a way to ensure schools are friendly to Laurene Powell Jobs' specific proposals -- the nonprofit's web site adds reassuringly that "XQ won't be endorsing or supporting particular candidates; we'll be supporting all candidates who stand with us in a shared commitment to rethink high school, so all young people can be educated as they deserve."Read Replies (0)
By EditorDavid from Slashdot's identity-thief-crisis department
Equifax's data breach was colossal -- but what should happen next? The Guardian writes:
The problem is that companies like Equifax are able to accumulate -- essentially, without limit -- as much sensitive, personal data as they can get their hands on. There is an urgent need for strict regulations on what types of data companies can collect and how much data a company can possess, both in aggregate and about individuals. At the very least, this will lessen the severity and size of (inevitable) data breaches... Without putting hard limits on the data capitalists who extract and exploit our personal information, they will continue to reap the benefit while we bear the risks.
Marc Rotenberg, president of the Electronic Privacy Information Center, adds, "we need to penalize companies that collect SSNs but can't protect [them]." Wired reports:
Experts across numerous privacy and security fields agree that the solution to the over-collection and over-use of SSNs isn't one particular replacement, but a diverse array of authentications like individual codes (similar to passwords), biometrics, and even physical tokens to create more variation in the ID process. Some also argue that the government likely won't be the driving force behind the shift. "We have a government that works at a glacial pace in the best of times," says Brenda Sharton, who chairs the Privacy & Cybersecurity practice at the Goodwin law firm, which has worked on data privacy breach investigations since the early 2000s. "There will reach a point where SSN [exposure] becomes untenable. And it may push us in the direction of having companies require multi-factor authentication."
Meanwhile TechCrunch argues, "This crass, callow, and lazy treatment of our digital data cannot stand...":
< article continued at Slashdot's identity-thief-crisis department
>Read Replies (0)
By EditorDavid from Slashdot's unfree-software-foundations department
"Proprietary software makes it possible to design products to cheat ordinary users..." writes Richard Stallman -- linking to a new essay by Cory Doctorow:
Carriers adapted custom versions of Android to lock customers to their networks with shovelware apps that couldn't be removed from the home-screen and app store lock-in that forced customers to buy apps through their phone company. What began with printers and spread to phones is coming to everything: this kind of technology has proliferated to smart thermostats (no apps that let you turn your AC cooler when the power company dials it up a couple degrees), tractors (no buying your parts from third-party companies), cars (no taking your GM to an independent mechanic), and many categories besides.
All these forms of cheating treat the owner of the device as an enemy of the company that made or sold it, to be thwarted, tricked, or forced into conducting their affairs in the best interest of the company's shareholders. To do this, they run programs and processes that attempt to hide themselves and their nature from their owners, and proxies for their owners (like reviewers and researchers). Increasingly, cheating devices behave differently depending on who is looking at them. When they believe themselves to be under close scrutiny, their behavior reverts to a more respectable, less egregious standard. This is a shocking and ghastly turn of affairs, one that takes us back to the dark ages.Read Replies (0)