By EditorDavid from Slashdot's outpizza-ing-the-hut department
An anonymous reader quotes McClatchy:
Pizza Hut told customers by email on Saturday that some of their personal information may have been compromised. Some of those customers are angry that it took almost two weeks for the fast food chain to notify them. According to a customer notice emailed from the pizza chain, those who placed an order on its website or mobile app between the morning of Oct. 1 and midday Oct. 2 might have had their information exposed. The "temporary security intrusion" lasted for about 28 hours, the notice said, and it's believed that names, billing ZIP codes, delivery addresses, email addresses and payment card information -- meaning account number, expiration date and CVV number -- were compromised... A call center operator told McClatchy that about 60,000 people across the U.S. were affected.
"[W]e estimate that less than one percent of the visits to our website over the course of the relevant week were affected," read a customer notice sent only to those affected, offering them a free year of credit monitoring. But that hasn't stopped sarcastic tweets like this from the breach's angry victims.
"Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it."Read Replies (0)
By EditorDavid from Slashdot's thinking-different department
Speaking at Oxford, Apple CEO Tim Cook shared a lesson learned from the "spectacular" commercial failure of the Power Mac G4 Cube in 2000 -- and from his mentor Steve Jobs. An anonymous reader quotes Business Insider:
"It was a very important product for us, we put a lot of love into it, we put enormous engineering into it," Cook said of the G4 Cube on stage. He calls it an "engineering marvel." At the time, Cook was Apple Senior VP of Worldwide Operations, recruited personally by then-CEO Steve Jobs... While the design was a hit, it was $200 more expensive than the regular Power Mac G4, a more traditional-looking PC with very similar specs. And some Cubes would develop cosmetic cracks in the acrylic cube casing due to a manufacturing flaw. In his talk, Cook says that Apple knew the Cube was flopping "from the very first day, almost..."
Ultimately, Cook says, it was a lesson in humility and pride. Apple had told both employees and customers that the G4 Cube was the future. And yet, despite Apple's massive hype, demand just wasn't there, and the company had to walk away. "This was another thing that Steve [Jobs] taught me, actually," says Cook. "You've got to be willing to look yourself in the mirror and say I was wrong, it's not right." In a broader sense, Cook says that Jobs taught him the value of intellectual honesty -- that, no matter how much you care about something, you have to be willing to take new data and apply it to the situation.
He advised his audience to "be intellectually honest -- and have the courage to change."
And the article points out that today there's a small but enthusiastic community who are still hacking their Power Mac G4 Cubes.Read Replies (0)
By EditorDavid from Slashdot's regretting-retractions department
China now has more laboratory scientists than any other country in the world, reports Amy Qin in the New York Times, and spends more on research than the entire European Union.
But in its rush to dominance, China has stood out in another, less boastful way. Since 2012, the country has retracted more scientific papers because of faked peer reviews than all other countries and territories put together, according to Retraction Watch, a blog that tracks and seeks to publicize retractions of research papers... In April, a scientific journal retracted 107 biology research papers, the vast majority of them written by Chinese authors, after evidence emerged that they had faked glowing reviews of their articles. Then, this summer, a Chinese gene scientist who had won celebrity status for breakthroughs once trumpeted as Nobel Prize-worthy was forced to retract his research when other scientists failed to replicate his results. At the same time, a government investigation highlighted the existence of a thriving online black market that sells everything from positive peer reviews to entire research articles... In part, these numbers may simply reflect the enormous scale of the world's most populous nation. But Chinese scientists also blame what they call the skewed incentives they say are embedded within their nation's academic system.Read Replies (0)
By EditorDavid from Slashdot's asking-him-anything department
Long-time Slashdot reader Rei writes:
On Saturday evening, Elon Musk took questions in a Reddit AMA (Ask-Me-Anything) concerning SpaceX's new design for the BFR (Big F* Rocket). But unlike the 2016 IAC conference where many audience questions seemed to be trolling Musk, this time the tables were turned. Asked why Raptor thrust was reduced from 300 tons to 170, Musk replied, "We chickened out." He responded to a statement about landing on the moon by quoting Bob the Builder, while responding to a user's suggestion about caching internet data from Mars by writing simply "Nerd." A question as to whether BFR autogenous pressurization would be heat-exchanger based, Musk replied that they planned to utilize the Incendio spell from Harry Potter -- helpfully providing a Wikipedia link for the spell.
A technical question about the lack of a tail? "Tails are lame." A question about why the number of landing legs was increased from 3 to 4? "Because 4." After one Redditor observed "This is one bizarre AMA so far," Musk replied "Just wait..." While Musk ultimately did follow up some of the trolling with some actual responses, the overall event could be best described as "surreal".
To be fair, Musk provided some serious answers. (And his final comment ended with "Great questions nk!!") But one Redditor suggested Musk's stranger answers were like a threat, along the lines of "Just wait. It will get way more bizarre than that. Let me finish my whiskey."
Musk replied, "How did you know? I am actually drinking whiskey right now. Really."Read Replies (0)
By EditorDavid from Slashdot's fob-fails department
An anonymous reader writes:
Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars. The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations. These codes -- called rolling codes or hopping code -- should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars. This is exactly what Wimmenhove did. He created a device that sniffs the code, computes the next rolling code and uses it to unlock cars...
The researcher said he reached out to Subaru about his findings. "I did [reach out]. I told them about the vulnerability and shared my code with them," Wimmenhove told BleepingComputer. "They referred me to their 'partnership' page and asked me to fill in a questionnaire. It didn't seem like they really cared and I haven't heard back from them."
His Subaru-cracking feat -- documented in a video -- was accomplished using a $25 Raspberry Pi B+ and two dongles, one for wifi ($2) and one for a TV ($8), plus a $1 antenna and a $1 MCX-to-SMA convertor.Read Replies (0)
By EditorDavid from Slashdot's broken-ATMs department
schwit1 quotes the Mises Institue: When Hurricane Maria knocked out power in Puerto Rico, residents there realized they were going to need physical cash — and a lot of it. Bloomberg reported that the Fed was forced to fly a planeload of cash to the Island to help avert disaster. "William Dudley, the New York Fed president, put the word out within minutes, and ultimately a jet loaded with an undisclosed amount of cash landed on the stricken island. [Business executives in Puerto Rico] described corporate clients' urgent requests for hundreds of thousands in cash to meet payrolls, and the challenge of finding enough armored cars to satisfy endless demand at ATMs... As early as the day after the storm, the Fed began working to get money onto the island."
For a time, unless one had a hoard of cash stored up in ones home, it was impossible to get cash at all. 85 percent of Puerto Rico is still without power... Bloomberg continues: "When some generator-powered ATMs finally opened, lines stretched hours long, with people camping out in beach chairs and holding umbrellas against the sun." In an earlier article from September 25, Bloomberg noted how, without cash, necessities were simply unavailable: "Cash only," said Abraham Lebron, the store manager standing guard at Supermax, a supermarket in San Juan's Plaza de las Armas. He was in a well-policed area, but admitted feeling like a sitting duck with so many bills on hand. "The system is down, so we can't process the cards. It's tough, but one finds a way to make it work."Read Replies (0)
By EditorDavid from Slashdot's fighting-over-phishing department
An anonymous reader quotes Computerworld:Microsoft's Edge easily beat rival browsers from Google and Mozilla in third-party tests of the behind-the-scenes services which power anti-malware warnings and malicious website-blocking... NSS Labs says Windows 10's default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox... According to NSS Labs of Austin, Texas, Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all socially-engineered malware (SEM) attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.
Edge bested Chrome and Firefox by decisive margins. For instance, Chrome blocked 74% of all phishing attacks, and 88% of SEM attacks. Meanwhile, Firefox came in third in both tests, stopping just 61% of the phishing attacks and 70% of all SEM attempts... Both Chrome and Mozilla's Firefox rely on the Safe Browsing API (application programing interface), but historically, Mozilla's implementation has performed poorly compared to Google's. No shock: Google created the API. Edge also took top prize in blocking attacks from the get-go. In NSS's SEM attack testing, for example, the Microsoft browser stopped nearly every attempt from the first moments a new attack was detected. Chrome and Firefox, on the other hand, halted 75% and 54% of the brand-new attacks, respectively. Over a week's time, Chrome and Firefox improved their blocking scores, although neither reached Edge's impressive 99.8%.
< article continued at Slashdot's fighting-over-phishing department
>Read Replies (0)
By EditorDavid from Slashdot's fun-with-fair-use department
Long-time Slashdot reader troublemaker_23 quotes ITWire:
German Linux company SUSE Linux is well-known for its Linux and other open source solutions. It is also known for producing videos for geeks and debuting them at its annual SUSECon conference. This year, in Prague, was no different. The company, which marked its 25th year on 2 September, came up with two videos, one to mark the occasion and the other all about Linux and open source. Both videos are parodies of well-known songs: the video Linus Said is based on "Momma Said", while 25 Years is a parody of "7 Years". Some of the lyrics in both SUSE videos would be meaningless to the average person -- but every word will ring a bell, sometimes a very poignant one, with geeks. And that's the primary audience it targets.
The article embeds both videos -- and also links to the music videos they're parodying. And it includes links to SUSE's two previous annual music video parodies -- Uptime Funk (based on Bruno Mars' blockbuster hit "Uptown Funk"), and Can't Stop the SUSE, a parody of Justin Timberlake's "Can't Stop the Feeling".Read Replies (0)
By EditorDavid from Slashdot's dysfunctional-programming department
An anonymous Slashdot reader ran into a problem when looking for a new employer:
Most ask for links to "recent work" but the reason I'm leaving my current job is because this company doesn't produce good code. After years of trying to force them to change, they have refused to change any of their poor practices, because the CTO is a narcissist and doesn't recognize that so much is wrong. I have written good code for this company. The problem is it is mostly back-end code where I was afforded some freedom, but the front-end is still a complete mess that doesn't reflect any coherent coding practice whatsoever...
I am giving up on fixing this company but finding it hard to exemplify my work when it is hidden behind some of the worst front-end code I have ever seen. Most job applications ask for links to live code, not for code samples (which I would more easily be able to supply). Some of the websites look okay on the surface, but are one right click -> inspect element away from giving away the mess; most of the projects require a username and password to login as well but account registration is not open.
So how do I reference my recent work when all of my recent work is embarrassing on the front-end?
The original submission's title asked what to use for work samples "when the CTO has butchered all my work." Any suggestions? Leave your best thoughts in the comments. How can you apply for a job when your code samples suck?Read Replies (0)
By EditorDavid from Slashdot's uncabling-TV department
An anonymous reader quotes the Washington Post:
On Wednesday, AT&T told regulators that it expects to finish the quarter with about 90,000 fewer TV subscribers than it began with. AT&T blamed a number of issues, including hurricane damage to infrastructure, rising credit standards and competition from rivals. The report also shows AT&T lost more traditional TV customers than it gained back through its online video app, DirecTV Now. And analysts are suggesting that that's evidence that cord-cutting is the main culprit... "DirecTV, like all of its cable peers, is suffering from the ravages of cord-cutting," said industry analyst Craig Moffett in a research note this week. Moffett added that while nobody expected AT&T's pay-TV numbers to look good, hardly anyone could have predicted they would look "this bad."
The outlook doesn't look much healthier for the rest of the television industry. Over the past year, cable and satellite firms have collectively lost nearly 3 million customers, according to estimates by market analysts at SNL Kagan and New Street Research. The number of households with traditional TV service is hovering at about the level it was in 2000, according to New Street's Jonathan Chaplin, in a study last week. Other analysts predict that, after factoring in AT&T's newly disclosed losses, the industry will have lost 1 million traditional TV subscribers by the end of this quarter.Read Replies (0)
An anonymous reader quotes Ars Technica:
Equifax isn't the only credit-reporting behemoth with a website redirecting visitors to fake Adobe Flash updates. A security researcher from AV provider Malwarebytes said transunioncentroamerica.com, a TransUnion site serving people in Central America, [was] also sending visitors to the fraudulent updates and other types of malicious pages... Malwarebytes security researcher Jerome Segura says he was able to repeatedly reproduce a similar chain of fraudulent redirects when he pointed his browser to the transunioncentroamerica.com site. On some occasions, the final link in the chain would push a fake Flash update. In other cases, it delivered an exploit kit that tried to infect computers with unpatched browsers or browser plugins... "This is not something users want to have," Segura told Ars...
Equifax on Thursday was quick to say that its systems were never compromised in the attacks. TransUnion said much the same thing. This is an important distinction in some respects because it means that the redirections weren't the result of attackers having access to restricted parts of either company's networks. At the same time, the incidents show that visitors to both sites remain much more vulnerable to malicious content than they should be.
Both sites hosted fireclick.js, an old script from a small web analytics company which pulls pages from sites like Akamai, SiteStats.info, and Ostats.net. "It appears that attackers have compromised the third-party library," writes BankInfoSecurity, adding that Malwarebytes estimates over a 1,000 more sites are using the same library.Read Replies (0)
By EditorDavid from Slashdot's litter-from-space department
China launched a space laboratory named Tiangong 1 into orbit in 2011. The space laboratory was supposed to become a symbol of China's ambitious bid to become a space superpower. After two years in space, Tiangong 1 started experiencing technical failure. Last year Chinese officials confirmed that the space laboratory had to be scrapped. The 8.5 ton heavy space laboratory has begun its descent towards Earth and is expected to crash back to Earth within the next few months.
Most of the laboratory is expected to burn up in earth's atmosphere, but experts believe that pieces as heavy as 100 kilograms (220 pounds) may survive re-entry and impact earth's surface. Nobody will be able to predict with any precision where those chunks of space laboratory will land on Earth until a few hours before re-entry occurs. The chance that anyone would be harmed by Tiangong-1's debris is considered unlikely.
When NASA's SkyLab fell to earth in 1979, an Australian town fined them $400 -- for littering.Read Replies (0)
By EditorDavid from Slashdot's extortion-through-encryption department
Slashdot reader rmurph04 writes:
Ransomware is a $6.2 million industry, based on sales generated from a network of more than 6,300 Dark Web marketplaces that sell over 45,000 products, according to a report released Wednesday by cybersecurity firm Carbon Black.
While the authors of the software are earning six-figure incomes, ransom payments totalled $1 billion in 2016, according to FBI estimates -- up from just $24 million in 2015. Carbon Black, which was founded by former U.S. government "offensive security hackers," argues that ransomware's growth has been aided by "the emergence of Bitcoin for ransom payment, and the anonymity network, Tor, to mask illicit activities.. Bitcoin allows money to be transferred in a way that makes it nearly impossible for law enforcement to 'follow the money.'"Read Replies (0)
By EditorDavid from Slashdot's losing-your-keys department
Computer keyboards will be phased out over the next 20 years, and we should think carefully about what replaces them as the dominant mode of communicating with machines, argues Android co-founder Rich Miner. Virtual reality technology and brain-computer links -- whose advocates include Elon Musk -- could lead to a "dystopian" future where people live their lives inside of goggles, or they jack directly into computers and become completely "de-personalized," Miner worries.
He takes a more "humanistic" view of the future of human-machine interfaces, one that frees us to be more expressive and requires computers to communicate on our level, not the other way around. That means software that can understand our speech, facial expressions, gestures, and handwriting. These technologies already exist, but have a lot of room for improvement.
One example he gives is holding up your hand to pause a video.Read Replies (0)
By EditorDavid from Slashdot's code-for-currency department
Long-time Slashdot reader Esther Schindler quotes Hewlett Packard Enterprise:
When you handle trillions of dollars a year in transactions and manage the largest known vault of gold in the world, security and efficiency are top priorities. Open source reusable software components are key to the New York Fed's successful operation, explains Colin Wynd, vice president and head of the bank's Common Service Organization... The nearly 2,000 developers across the Federal Reserve System used to have a disparate set of developer tools. Now, they benefit from a standard toolset and architecture, which also places limits on which applications the bank will consider using. "We don't want a third-party application that isn't compatible with our common architecture," said Wynd.
One less obvious advantage to open source adoption is in career satisfaction and advancement. It gives developers opportunities to work on more interesting applications, said Wynd. Developers can now take on projects or switch jobs more easily across Federal Reserve banks because the New York Fed uses a lot of common open source components and a standard tool set, meaning retraining is minimal if needed at all."
Providing training in-house also creates a more consistent use of best practices. "Our biggest headache is to prove to groups that an application is secure, because we have to defend against nation state attacks."Read Replies (0)
By EditorDavid from Slashdot's branching-out department
Microsoft's campus now features three outdoor treehouses for its employees. An anonymous reader quotes CNBC:
More than 12 feet off the ground, the treehouses feature charred-wood walls, skylights, at least one gas fireplace, Wi-Fi and hidden electrical outlets. Employees can even grab a bite at an outdoor extension of the indoor cafeteria. The "more Hobbit than HQ" treehouses are designed by Pete Nelson of the TV show "Treehouse Masters" and are part of Microsoft's growing "outdoor districts..." The company touts the professional benefits of working in nature -- greater creativity, focus and happiness -- but honestly, the treehouses are just plain cool.
Microsoft touts a Harvard physician who believes nature "stimulates reward neurons in your brain. It turns off the stress response, which means you have lower cortisol levels, lower heart rate and blood pressure, and improved immune response." There's a short video on the "Working at Microsoft" channel on YouTube, but I'm curious what Slashdot readers think about working outdoors. Or, in a tree...Read Replies (0)
By EditorDavid from Slashdot's gotta-catch-'em-all department
"How can the police induce citizens to help investigate crime? By trying to make it 'cool' and turning it into a game that awards points for hits," reports CSO. mrwireless writes:
Through their 'police of the future' innovation initiative, and inspired by Pokemon Go, the Dutch police are building an app where you can score points by photographing the license plates of stolen cars. When a car is reported stolen the app will notify people in the neighbourhood, and then the game is on! Privacy activists are worried this creates a whole new relationship with the police, as a deputization of citizens blurs boundaries, and institutionalizes 'coveillance' -- citizens spying on citizens. It could be a slippery slope to situations that more resemble the Stasi regime's, which famously used this form of neighborly surveillance as its preferred method of control.
CSO cites Spiegel Online's description of the unofficial 189,000 Stasi informants as "totally normal citizens of East Germany who betrayed others: neighbors reporting on neighbors, schoolchildren informing on classmates, university students passing along information on other students, managers spying on employees and Communist bosses denouncing party members."
The Dutch police are also building another app that allows citizens to search for missing persons.Read Replies (0)