By msmash from Slashdot's tussle-continues department
Lorenzo Franceschi-Bicchierai, writing for Motherboard: Google has released a powerful tool that can help security researchers hack and find bugs in iOS 11.1.2, a very recent version of the iPhone operating system. The exploit is the work of Ian Beer, one of the most prolific iOS bug hunters, and a member of Google Project Zero, which works to find bugs in all types of software, including that not made by Google. Beer released the tool Monday, which he says should work for "all devices." The proof of concept works only for those devices he tested -- iPhone 7, 6s and iPod touch 6G -- "but adding more support should be easy," he wrote. Last week, Beer caused a stir among the community of hackers who hack on the iPhone -- also traditionally known as jailbreakers -- by announcing that he was about to publish an exploit for iOS 11.1.2. Researchers reacted with excitement as they realized the tool would make jailbreaking and security research much easier.Read Replies (0)
By msmash from Slashdot's strong-start department
On their first day of trading, bitcoin futures surged past $18,000, adding to a streak for the digital currency that began the year at just $1,000 and has nearly tripled in value over the past month alone. From a report: Reuters reports that bitcoin futures, traded through the Chicago Board Options Exchange (CBOE), saw January contracts, which opened at $15,460 in New York on Sunday evening, leap to a high of $17,170 during Asian hours. Trading, which began at 6 p.m. ET (5 p.m. CT), was so intense that halts designed to cool volatility were triggered twice on the CBOE. The halts are "not surprising based on the volatility of the underlying [asset]. The futures are behaving as expected and designed," Tom Lehrkinder, senior analyst at consulting firm Tabb Group, was quoted by CNBC as saying.Read Replies (0)
By msmash from Slashdot's everyone-agrees department
An anonymous reader shares a report on The Verge: Another former Facebook executive has spoken out about the harm the social network is doing to civil society around the world. Chamath Palihapitiya, who joined Facebook in 2007 and became its vice president for user growth, said he feels "tremendous guilt" about the company he helped make. "I think we have created tools that are ripping apart the social fabric of how society works," he told an audience at Stanford Graduate School of Business, before recommending people take a âoehard breakâ from social media. Palihapitiya's criticisms were aimed not only at Facebook, but the wider online ecosystem. "The short-term, dopamine-driven feedback loops we've created are destroying how society works," he said, referring to online interactions driven by "hearts, likes, thumbs-up." "No civil discourse, no cooperation; misinformation, mistruth. And it's not an American problem -- this is not about Russians ads. This is a global problem." Also read: Sean Parker Unloads on Facebook 'Exploiting' Human PsychologyRead Replies (0)
By msmash from Slashdot's up-next department
An anonymous reader shares a Bloomberg report: For months Lovkesh Joshi was quietly terrified of losing his job as a manager at a top Indian tech services company. Joshi didn't want to burden his wife or friends so he turned to a chatbot therapist called Wysa. Powered by AI, the app promises to be "loyal, supportive and very private," and encourages users to divulge their feelings about a recent major event or big change in their lives. "I could open up and talk," says the 41-year-old father of two school-age children, who says his conversations with the bot flowed naturally. "I felt heard and understood." Joshi moved to a large rival outsourcer two months ago. The upheaval in India's $154 billion tech outsourcing industry has prompted thousands of Indians to seek solace in online therapy services. People accustomed to holding down prestigious jobs and pulling in handsome salaries are losing out to automation, a shift away from long-term legacy contracts and curbs on U.S. work visas. McKinsey & Co says almost half of the four million people working in India's IT services industry will become "irrelevant" in the next three to four years. Indians, like people the world over, tend to hide their mental anguish for fear of being stigmatized. That's why many are embracing the convenience, anonymity and affordability of online counseling startups, most of which use human therapists.Read Replies (0)
By EditorDavid from Slashdot's beyond-man-pages department
A medium-sized company just hired a new IT manager who wants advice from the Slashdot community about their two remaining IT "gofers":
These people have literally been here their entire "careers" and are now near retirement. Quite honestly, they do not have any experience other than reinstalling Windows, binding something to the domain and the occasional driver installation -- and are more than willing to admit this. Given many people are now using Macs and most servers/workstations are running Linux, they have literally lost complete control over the company, with most of these machines sitting around completely unmanaged.
Firing these people is nearly impossible. (They have a lot of goodwill within other departments, and they have quite literally worked there for more than 60 years combined.) So I've been tasked with attempting to retrain these people in the next six months. Given they still have to do work (imaging computers and fixing basic issues), what are the best ways of retraining them into basic network, Windows, Mac, Linux, and "cloud" first-level help desk support?
Monster_user had some suggestions -- for example, "Don't overtrain. Select and target areas where they will be able to provide a strong impact." Any other good advice?
Leave your best answers in the comments. What's the best way to retrain old IT workers?Read Replies (0)
By EditorDavid from Slashdot's first-star-I-see-tonight department
NASA will host a media teleconference at 1 p.m. EST Thursday, Dec. 14, to announce the latest discovery made by its planet-hunting Kepler space telescope. The discovery was made by researchers using machine learning from Google. Machine learning is an approach to artificial intelligence, and demonstrates new ways of analyzing Kepler data... When Kepler launched in March 2009, scientists didn't know how common planets were beyond our solar system. Thanks to Kepler's treasure trove of discoveries, astronomers now believe there may be at least one planet orbiting every star in the sky.
Kepler spots alien worlds by noticing the tiny brightness dips they cause when they cross the face of their host star from the spacecraft's perspective. Kepler is the most accomplished planet hunter in history. It has found more than 2,500 confirmed alien worlds -- about 70 percent of all known exoplanets -- along with a roughly equal number of "candidates" that await confirmation by follow-up observations or analyses. The vast majority of these discoveries have come via observations that Kepler made during its original mission, which ran from 2009 to 2013. Study of these data sets is ongoing; over the past few years, researchers have used improved analysis techniques to spot many exoplanets in data that Kepler gathered a half-decade ago or more.
Space.com describes Thursday's announcement as an exoplanet discovery. (Earlier they reported on the discovery of "a possibly habitable alien world" about 2.2 times the size of earth orbiting a dwarf star "within the range of distances where liquid water could exist on a world's surface".)
Slashdot reader schwit1 points out that other less-credible sites speculate NASA's announcement will be "a major discovery about life beyond earth."Read Replies (0)
By EditorDavid from Slashdot's init-for-the-money department
"Systemd developers split the community over a tiny detail that decreases stability significantly and increases complexity for not much real value." So argues Nico Schottelius, talking about his experiences as the CEO of a Swiss company providing VM hosting, datacenters, and high-speed fiber internet. Long-time Slashdot reader walterbyrd quotes Nico's essay:
While I am writing here in flowery words, the reason to use Devuan is hard calculated costs. We are a small team at ungleich and we simply don't have the time to fix problems caused by systemd on a daily basis. This is even without calculating the security risks that come with systemd. Our objective is to create a great, easy-to-use platform for VM hosting, not to walk a tightrope...
[W]hat the Devuan developers are doing is creating stability. Think about it not in a few repeating systemd bugs or about the insecurity caused by a huge, monolithic piece of software running with root privileges. Why do people favor Linux on servers over Windows? It is very easy: people don't use Windows, because it is too complex, too error prone and not suitable as a stable basis. Read it again. This is exactly what systemd introduces into Linux: error prone complexity and instability. With systemd the main advantage to using Linux is obsolete.
The essay argues that while Devuan foisted another choice into the community, "it is not their fault. Creating Devuan is simply a counteraction to ensure Linux stays stable. which is of high importance for a lot of people."Read Replies (0)
By EditorDavid from Slashdot's cause-or-effect? department
An anonymous reader quotes the Atlantic:
Blaine Hurst, the CEO and president of Panera, told me that because of its new [self-service] kiosks, and an app that allows online ordering, the chain is now processing more orders overall, which means it needs more total workers to fulfill customer demand. Starbucks patrons who use the chain's app return more frequently than those who don't, the company has said, and the greater efficiency that online ordering allows has boosted sales at busy stores during peak hours. Starbucks employed 8 percent more people in the U.S. in 2016 than it did in 2015, the year it launched the app...
James Bessen, an economist at Boston University School of Law, found that as the number of ATMs in America increased fivefold from 1990 to 2010, the number of bank tellers also grew. Bessen believes that ATMs drove demand for consumer banking: No longer constrained by a branch's limited hours, consumers used banking services more frequently, and people who were unbanked opened accounts to take advantage of the new technology. Although each branch employed fewer tellers, banks added more branches, so the number of tellers grew overall. And as machines took over many basic cash-handling tasks, the nature of the tellers' job changed. They were now tasked with talking to customers about products -- a certificate of deposit, an auto loan -- which in turn made them more valuable to their employers. "It's not clear that automation in the restaurant industry will lead to job losses," Bessen told me.Read Replies (0)
By EditorDavid from Slashdot's living-long-and-prospering department
An anonymous reader quotes Newsweek:
We have reached our peak in terms of lifespan, athletic performance and height, according to a new survey of research and historical records... "These traits no longer increase, despite further continuous nutritional, medical, and scientific progress," said Jean-FranÃois Toussaint, a physiologist at Paris Descartes University, France, in a press release... For the study, published in the journal Frontiers in Physiology, a team of French scientists, including Toussaint, from a range of fields analyzed 120 years' worth of historical records and previous research to gauge the varying pace of changes seen in human athletic performance, human lifespan and human height. While, as they observe, the 20th century saw a surge in improvements in all three areas that mirrored industrial, medical and scientific advances, the pace of those advances has slowed significantly in recent years.
< article continued at Slashdot's living-long-and-prospering department
>Read Replies (0)
By EditorDavid from Slashdot's back-to-the-futures department
"5PM CT is the start of Bitcoin futures trading and the $CBOE website appears to be down," one market watcher posted on Twitter (and his observation was quickly confirmed by other cryptocurrency-watching accounts and confirmed by CBOE). "I'm guessing watching Bitcoin futures start trading is a more popular spectator sport than anticipated."
Bitcoin futures will also begin trading on the Chicago Mercantile Exchange in eight days. The Street report that the anticipation of that "has triggered wild swings in bitcoin prices over the last week."
Overall, trading bitcoin futures is a positive development for the cryptocurrency says the research team at Fundstrat... The introduction of derivatives lays the necessary market structure for institutions to allocate cash towards cryptocurrencies, points out Fundstrat...
Short sellers may now express negative views on bitcoin, which could lead to short-term pricing pressure. But the ability for short sellers to hate on bitcoin could be viewed as a longer term positive, Fundstrat says. Shorting essentially creates true price discovery and means that hedge funds could take bitcoin more seriously. This should improve the long-term prospects of bitcoin as it broadens sponsorship, Fundstrat believes.Read Replies (0)
By EditorDavid from Slashdot's uh-oh department
Several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks, according to research presented at the Black Hat Europe 2017 security conference. An anonymous reader writes:
Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.Read Replies (0)
By EditorDavid from Slashdot's Pai-in-your-face department
"FCC general counsel Tom Johnson has told the New York State attorney general that the FCC is not providing information for his investigation into fake net-neutrality comments, saying those comments did not affect the review, and challenging the state's ability to investigate the feds." Variety has more:
The FCC's general counsel, in a letter to New York Attorney General Eric Schneiderman, also dismissed his concerns that the volume of fake comments or those made with stolen identities have "corrupted" the rule-making process... He added that Schneiderman's request for logs of IP addresses would be "unduly burdensome" to the commission, and would "raise significant personal privacy concerns."
Amy Spitalnick, Schneiderman's press secretary, said in a statement that the FCC "made clear that it will continue to obstruct a law enforcement investigation. It's easy for the FCC to claim that there's no problem with the process, when they're hiding the very information that would allow us to determine if there was a problem. To be clear, impersonation is a violation of New York law," she said... "The only privacy jeopardized by the FCC's continued obstruction of this investigation is that of the perpetrators who impersonated real Americans."
One of the FCC's Democratic commissioners claimed that this response "shows the FCC's sheer contempt for public input and unreasonable failure to support integrity in its process... Moreover, the FCC refuses to look into how nearly half a million comments came from Russian sources."Read Replies (0)
By EditorDavid from Slashdot's who-watches-the-Watchmen? department
Slashdot reader Trax3001BBS shares an article from The Register:
Microsoft posted an out-of-band security update Thursday to address a remote code execution flaw in its Malware Protection Engine. Redmond says the flaw, dubbed CVE-2017-11937, has not yet been exploited in the wild. Because it is an out-of-band critical fix, however, it should be installed as soon as possible. For most users, this will happen automatically. The security hole is present in Windows Defender and Microsoft Security Essentials, as well as Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016... According to Microsoft, the vulnerability can be triggered when the Malware Protection Engine scans a downloaded file to check for threats. In many systems this is set to happen automatically for all new files. By exploiting a memory corruption error in the malware scanning tool, the attack file would be able to execute code on the target machine with LocalSystem privileges.Read Replies (0)