By EditorDavid from Slashdot's who-goes-there? department
Earlier this week software developer Tim Cotten discovered a serious glitch in Gmail. An anonymous reader quotes BleepingComputer:
Tampering with the 'From:' header by replacing some text with an , <script> or <img> tag causes the interface to show a blank space instead of the sender's address.... Opening the email does not help, either, as the sender's address continues to remain hidden and shows no info even when hovering on it, an action that typically reveals the details.... Trying to reply to the message is also of no help. Cotten attempted this thinking that Gmail would read the original email headers and determine the destination. "Wrong again! Gmail is at a complete loss at what to do!" Cotten writes in a blog post that details his new finding....
Using the Show Original option, which allows users with more experience to trace an email, the desired detail is still unavailable in the user-friendly view. Looking at the raw info, however, shows the source address buried at the end of the <img> tag Cotten used in his experiment. He didn't even have to spell correctly the data type to trigger the bug. Unfortunately, it is highly unlikely that the average Gmail user will be able to navigate to this area and determine who the apparently anonymous message is coming from. Due to this, for these users the risk of phishing is high.
Cotten's bug report "relies on his previous discovery that proved how a malformed 'From:' header allows placing an arbitrary email address in the sender field," the article points out, also noting a third recently-reported Gmail bug that "allows fraudsters to create a 'mailto:' link that populates the destination field in the app with whatever address they want; the latter was reported about 19 months ago to Google and is still present in the Gmail app for Android."
< article continued at Slashdot's who-goes-there? department
>Read Replies (0)
By EditorDavid from Slashdot's asking-about-asking department
Slashdot reader Thelasko says his wife manages a small eight-person business -- but remains unhappy with the company's IT consultant:
She's had endless problems with Windows 10 Pro's update system causing downtime. Anytime she calls the IT consultant, they don't resolve issues to her satisfaction, and the company gets stuck with a large bill. She's resorted to researching and providing support for the company network herself.
The contract is up at the end of the year, and she wants to find a new consultant. The company owner however, doesn't want to switch because all of the work the consultant provided is covered under a "warranty" for 3 years (the company typically gets charged). I don't work in IT myself, and am unable to provide advice. What should they do? How would Slashdot find a reputable consultant?
Leave your best answers in the comments. How can you find a good IT consultant?Read Replies (0)
By EditorDavid from Slashdot's interpreting-languages department
An anonymous reader writes:
Meanwhile, when it comes to frameworks, "only React has both a high satisfaction ratio and a large user base, although Vue is definitely getting there." Elsewhere the report notes Vue has already overtaken React for certain metrics such as total GitHub stars. "Angular on the other hand does boast a large user base, but its users don't seem too happy," the announcement adds, although later the report argues that Angular's poor satisfaction ratio "is probably in part due to the confusion between Angular and the older, deprecated AngularJS (previous surveys avoided this issue by featuring both as separate items)."
94% of the survey's respondents were male, and "Years of experience" for the respondents seemed to cluster in three cohorts in the demographics breakdown: 27.8% of respondents reported they had 2-5 years of experience, while 28% reported 5-10 years, and 24% reported 10-20 years.
< article continued at Slashdot's interpreting-languages department
>Read Replies (0)
By EditorDavid from Slashdot's sniff-me-not department
An anonymous reader writes: Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information."
Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."
The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.
It's been named Outline because in places where internet use may be restricted — it gives you a line out.Read Replies (0)
By EditorDavid from Slashdot's riding-remotely department
In 2009 GM equipped 17,000 of its units with "remote ignition block," a kill switch that can turn off the engine if the car is stolen. But that was just the beginning, according to a story shared by long-time Slashdot reader AmiMoJo:
Imagine this: You're leaving work, walking to your car, and you find an empty parking spot -- someone stole your brand new Tesla (or whatever fancy autonomous car you're driving). When you call the police, they ask your permission for a "takeover," which you promptly give them. Next thing you know, your car is driving itself to the nearest police station. And here's the kicker -- if the thief is inside he will remain locked inside until police can arrest them.
This futuristic and almost slapstick scenario is closer than we think, says Chief Innovation Officer Hans Schönfeld who works for the Dutch police. Currently, his team has already done several experiments to test the crime-halting possibilities of autonomous cars. "We wanted to know if we can make them stop or drive them to certain locations," Schönfeld tells me. "And the result is: yes, we probably can."
The Dutch police tested Tesla, Audi, Mercedes, and Toyota vehicles, he reports, adding "We do this in collaboration with these car companies because this information is valuable to them, too.
"If we can hack into their cars, others can as well."Read Replies (0)
By EditorDavid from Slashdot's cosmic-coding department
Long-time Microsoft programmer Raymond Chen recently shared a memory about an unusual single-line instruction that was once added into the Windows kernel code -- accompanied by an "incredulous" comment from the Microsoft programmer who added it:
; Invalidate the processor cache so that any stray gamma
; rays (I'm serious) that may have flipped cache bits
; while in S1 will be ignored.
; Honestly. The processor manufacturer asked for this.
; I'm serious.
"Less than three weeks later, the INVD instruction was commented out," writes Chen. "But the comment block remains.
"In case we decide to resume trying to deal with gamma rays corrupting the the processor cache, I guess."Read Replies (0)
By EditorDavid from Slashdot's cures-worse-than-diseases department
Friday Greg Kroah-Hartman released stable point releases of Linux kernel 4.19.4, as well as 4.14.83 and 4.9.139. While they were basic maintenance updates, the 4.19.4 and 4.14.83 releases are significant because they also reverted the performance-killing Spectre patches (involving "Single Thread Indirect Branch Predictors", or STIBP) that had been back-ported from Linux 4.20, according to Phoronix:
There is improved STIBP code on the way for Linux 4.20 that by default just applies STIBP to SECCOMP threads and processes requesting it via prctl() but otherwise is off by default (that behavior can also be changed via kernel parameters). Once that code is ready to go for Linux 4.20, we may see it then back-ported to these stable trees.
Aside from reverting STIBP, these point releases just have various fixes in them as noted for 4.19.4, 4.14.83, and 4.9.139.
Last Sunday Linus Torvalds complained that the performance impact of the STIPB code "was clearly way more expensive than people were told," according to ZDNet:
"When performance goes down by 50 percent on some loads, people need to start asking themselves whether it was worth it. It's apparently better to just disable SMT entirely, which is what security-conscious people do anyway," wrote Torvalds. "So why do that STIBP slow-down by default when the people who *really* care already disabled SMT?"Read Replies (0)
By msmash from Slashdot's things-to-look-forward-to department
PHP 7.3 RC6 was released earlier this week. Phoronix ran some benchmarks and compared the performance of v7.3 RC6 with releases going back to the v5.5 series. From the story: I ran some fresh benchmarks over the past day on PHP 5.5.38, PHP 5.6.38, PHP 7.0.32, PHP 7.1.24, PHP 7.2.12, and the PHP 7.3.0-RC6 test release. All of the PHP5/PHP7 builds were configured and built in the same manner. All tests happened from the same Dell PowerEdge R7425 dual EPYC server running Ubuntu 18.10 Linux.
Besides continuing to evolve the performance of PHP7, the PHP 7.3 release is also delivering on FFI (the Foreign Function Interface) to access functions / variables / data structures from the C language, a platform-independent manner for obtaining information on network interfaces, an is_countable() call, WebP support within GD's image create from string, updated SQLite support, improved PHP garbage collection performance, and many other enhancements. PHP 7.3 is just shy of 10% faster than PHP 7.2 in the popular PHPBench. PHP 7.3 is 31% faster than PHP 7.0 or nearly 3x the speed of PHP5.Read Replies (0)
By msmash from Slashdot's exploring-ideas department
The US Intellectual Property Enforcement Coordinator is working hard to update his copyright enforcement plans. In a written submission, Hollywood's MPAA shared a few notable ideas. The group calls for more cooperation from Internet services, including hosting providers, who should filter infringing content and block referral traffic from pirate sites, among other things. From a report: Besides processing takedown notices and terminating repeat infringers, as they are required to do by law, the MPAA also wants hosting companies to use automated piracy filters on their servers. "Hosting providers should filter using automated content recognition technology; forward DMCA notices to users, terminate repeat infringers after receipt of a reasonable number of notices, and prevent re-registration by terminated users," the MPAA suggests.
In addition, hosting providers should not challenge suspension court orders, when copyright holders go up against pirate sites. Going a step further, hosts should keep an eye on high traffic volumes which may be infringing, and ban referral traffic from pirate sites outright. The MPAA wants these companies to "implement download bandwidth or frequency limitations to prevent high volume traffic for particular files" to "remove files expeditiously" and "block referral traffic from known piracy sites."Read Replies (0)
By msmash from Slashdot's in-the-age-of-internet department
How and why a 1,500-year-old game has conquered the internet. From a report: Two years ago, the world chess championship match drew about 10 million online viewers, while this year's competition between Magnus Carlsen and Fabio Caruana, currently underway in London, is expected to draw more attention yet. Worldwide, chess claims about 600 million fans, which makes it one of the most popular games or sports.
It is noteworthy that China, one of the two most important countries in the world, has decided to invest heavily in chess. This year Chinese teams won both the men's and women's divisions at the Chess Olympiad, a first. That would not have happened without the active support of the Chinese Communist Party. The U.S. is stepping up too, with the aid of chess patron Rex Sinquefield. In recent times America has placed three players in the world's top 10, including Caruana, currently No. 2.
It turns out that chess is oddly well-suited for a high-tech world. Chess does not make for gripping television, but the option of live viewing online, supplemented by computer analysis or personal commentary, has driven a renaissance of the game. For one thing, computer evaluations have made watching more intelligible. Even if you barely understand chess, you can quickly get a sense of the state of play with the frequently changing numerical evaluations ("+ 2.00," for instance, means white has a decisive advantage, whereas "0.00" signals an even position). You also can see, with each move, whether the player will choose what the computer finds best.Read Replies (0)
By msmash from Slashdot's funny-how-that-works department
This year's report contains many of the same findings cited in the previous National Climate Assessment, published in 2014. From a report: More and more of the predicted impacts of global warming are now becoming a reality. For instance, the 2014 assessment forecast that coastal cities would see more flooding in the coming years as sea levels rose. That's no longer theoretical: Scientists have now documented a record number of "nuisance flooding" events during high tides in cities like Miami and Charleston, S.C.
"High tide flooding is now posing daily risks to businesses, neighborhoods, infrastructure, transportation, and ecosystems in the Southeast," the report says. As the oceans have warmed, disruptions in United States fisheries, long predicted, are now underway. In 2012, record ocean temperatures caused lobster catches in Maine to peak a month earlier than usual, and the distribution chain was unprepared.Read Replies (0)
The Fax is Not Yet Obsolete
Posted by News Fetcher on November 24 '18 at 04:01 PM
By msmash from Slashdot's stop-writing-its-obit department
Fax, once at the forefront of communications technologies but now in deep decline, has persisted in many industries. From a report: Law-enforcement agencies remain heavily reliant on fax for routine operations, such as bail postings and return of public-records requests. Health care, too, runs largely on fax. Despite attempts to replace it, a mix of regulatory confusion, digital-security concerns, and stubbornness has kept fax machines droning around the world.
An early facsimile message was sent over telegraph lines in London in 1847, based on a design by the Scottish inventor Alexander Bain. There is some dispute over whether it was the first fax: Competing inventors, including Bain in the United Kingdom and Thomas Edison and Alexander Graham Bell across the Atlantic, sought to father facsimile technology, which was a kind of white whale for inventors. Telegraphs already allowed messages to be passed across distances, one letter at a time using Morse code. But the dream of transmitting copies of messages and images instantly over wires was very much alive.
Writing in 1863, Jules Verne imagined that the Paris of the 1960s would be replete with fax machines, or as he called them, "picture-telegraphs." The technology did eventually lead to a revolution in communication, though it didn't happen until years later. It first became known to many Americans after the 1939 New York World's Fair, where a fax machine transmitted newspaper images from around the world at a rate of 18 minutes per page -- lightning speed for the time. Further reading: 'You Had to Be There': As Technologies Change Ever Faster, the Knowledge of Obsolete Things Becomes Ever Sweeter.Read Replies (0)
Standing Desks Are Overrated
Posted by News Fetcher on November 24 '18 at 02:41 PM
By msmash from Slashdot's pendulum-swings-back department
Standing desks have become trendy in recent years -- so much so that they have been promoted by some health officials as well as some countries. Research, however, suggests that warnings about sitting at work are overblown, and that standing desks are overrated as a way to improve health. From a report: Dr. David Rempel, a professor of medicine at the University of California, San Francisco, who has written on this issue, said, "Well-meaning safety professionals and some office furniture manufacturers are pushing sit-stand workstations as a way of improving cardiovascular health -- but there is no scientific evidence to support this recommendation." Let's start with what we know about research on sitting, then explain why it can be misleading as it relates to work. A number of studies have found a significant association between prolonged sitting time over a 24-hour period and increased risk for cardiovascular disease. A 2015 study, for instance, followed more than 150,000 older adults -- all of whom were healthy at the start of the study -- for almost seven years on average. Researchers found that those who sat at least 12 hours a day had significantly higher mortality than those who sat for less than five hours per day.
< article continued at Slashdot's pendulum-swings-back department
>Read Replies (0)
By msmash from Slashdot's exploring-options department
A diet supplemented with red algae could lessen the huge amounts of greenhouse gases emitted by cows and sheep, if we can just figure out how to grow enough. From a report: In a wooden barn on the edge of campus at the University of California, Davis, cattle line up at their assigned feed slots to snatch mouthfuls of alfalfa hay. This past spring, several of these Holstein dairy cows participated in a study to test a promising path to reducing methane emissions from livestock, a huge source of the greenhouse gases driving climate change. By adding a small amount of seaweed to the animals' feed, researchers found, they could cut the cows' methane production by nearly 60%. Each year, livestock production pumps out greenhouse gases with the equivalent warming effect of more than 7 gigatons of carbon dioxide, roughly the same global impact as the transportation industry. Nearly 40% of that is produced during digestion: cattle, goats, and sheep belch and pass methane, a highly potent, albeit relatively short-lived, greenhouse gas.
If the reductions achieved in the UC Davis study could be applied across the worldwide livestock industry, it would eliminate nearly 2 gigatons of those emissions annually -- about a quarter of United States' total climate pollution each year. Ermias Kebreab, an animal science professor at UC Davis who leads the work, is preparing to undertake a more ambitious study in the months ahead, evaluating whether smaller amounts of a more potent form of seaweed can cut methane emissions even further. Meanwhile, some businesses have begun to explore what could be the harder challenge: Growing it on a massive scale.Read Replies (0)
By msmash from Slashdot's shape-of-things-to-come department
If it feels like new technologies go from flights of fancy to billion-dollar businesses faster than ever, that's because they do. From a column (which may be paywalled): Consider that Uber, founded in 2009, started allowing drivers to sign up with their own cars in 2013. Five short years later, the company operates in more than 70 countries and competes with dozens of copycats. It's considering going public in 2019 at a potential valuation of $120 billion, which would make it the biggest IPO in U.S. history by far. When novel software can go from hackathon to app store overnight, and even complex hardware can hit manufacturing lines in months, the determining factor of success is us -- as consumers, workers, even regulators. If the pitch works and we bite, a technology can quickly transform our social norms.
At the WSJ Tech D. Live conference in Laguna Beach, Calif., this week, what became apparent across dozens of talks, classes and informal chats is that, when almost anything we can dream up is possible, the most important factors in the spread of technology are now cultural. Not every new development in technology leads to an Uber-scale industry, of course, but here are five trends that highlight this shift. China's success in addressing tech needs at home has made it a global leader. As Google struggles with walkouts and morale at Facebook craters, many workers at Chinese startups are so committed to their work that they've adopted a grueling schedule called 996 -- 9 a.m. to 9 p.m., six days a week. In 2018, China will eclipse the U.S. in spending on R&D, projects the National Science Board.
< article continued at Slashdot's shape-of-things-to-come department
>Read Replies (0)
By msmash from Slashdot's closer-look department
An anonymous reader writes: Forbes magazine has an in-depth piece on Joe Liemandt. As you may be aware, Liemandt was the founder of Trilogy, a startup which has been credited to help put Austin on the tech map. He is also founder of ESW Capital, a private equity firm that is scooping up software startups left and right. Forbes called him "one of the most mysterious and innovative figures in technology."
But the story explores the approach Liemandt and his team took to acquire enterprise software companies, install new leadership, lay off staff and hire significantly cheaper tech labor abroad. And the numbers are compelling -- $15 an hour C++ programmers. Those are Amazon warehouse wages -- and those $15 programming gigs don't come with much for benefits. Plus, they require you to install software to your computer that tracks surfing, keystrokes and even takes screen grabs and photos via your computer's camera -- and this is typically on a gig worker's personal computer, not an employers' machine.
The story opens with this: From an office suite on the 26th floor of the iconic Frost Bank Tower in Austin, Texas, a little-known recruiting firm called Crossover is searching the globe for software engineers. Crossover is looking for anyone who can commit to a 40- or 50-hour workweek, but it has no interest in full-time employees. It wants contract workers who are willing to toil from their homes or even in local cafes. "The best people in the world aren't in your Zip code," says Andy Tryba, chief executive of Crossover, in a promotional YouTube video. Which, Tryba emphasizes, also means you don't have to pay them like they are your neighbors. "The world is going to a cloud wage."
< article continued at Slashdot's closer-look department
>Read Replies (0)
By msmash from Slashdot's take-that-$1,000-iPhone department
Microsoft briefly overtook Apple as the world's most valuable listed company, fulfilling what it almost did eight years ago and adding a feather on the cap on CEO Satya Nadella. From a report: Redmond, Washington-headquartered Microsoft had a market cap of $753.34 billion, beating out the iPhone maker's $746.82 billion in intra-day trade on Friday at the Nasdaq in New York. Apple, however, regained control at the close. According to the Nasdaq website, Apple's market cap rose back up to $817.58 billion. Right behind it is Microsoft, which also increased to $791.19 billion. Tech companies have undergone some rough times recently. In particular, the so-called FAANG group -- Facebook, Amazon, Apple, Netflix and Google (Alphabet) -- had, as at November 20, combined market cap losses of over $1.02 trillion from their recent highs.Read Replies (0)
By msmash from Slashdot's closer-look department
What kind of person racks up debts and doesn't pay them? Your credit score is an attempt to answer this question. A report elaborates: These important three-digit numbers summarize our statistical risk for lenders. The allure of the credit score is its clarity: It cuts through appearances and converts our messy lives into an easily readable metric. The difference between a score of 750 and 600 is obvious. One is an excellent bet for a lender to make; the other is not. On balance, credit scores have made borrowing more convenient, and fairer, for consumers. But the U.S. Department of Homeland Security wants to use credit scores for an entirely different purpose, one they were never built for and are not suited for.
The agency charged with safeguarding the nation would like to make immigrants submit their credit scores when applying for legal resident status. The new rule, contained in a proposal signed by DHS Secretary Kirstjen Nielsen, is designed to help immigration officers identify applicants likely to become a "public charge" -- that is, a person primarily dependent on government assistance for food, housing, or medical care. According to the proposal, credit scores and other financial records (including credit reports, the comprehensive individual files from which credit scores are generated) would be reviewed to predict an applicant's chances of "self-sufficiency." The proposal is open for public comment until Dec. 10. Setting aside the proposal's moral abdication when it comes to the needy, we should be troubled by another injustice: its abuse of personal metrics.Read Replies (0)