By EditorDavid from Slashdot's old-OS department
PC-MOS/386 "was a multi-user, computer multitasking operating system...announced at COMDEX in November 1986," remembers Wikipedia, saying it runs many MS-DOS titles (though it's optimized for the Intel 80386 processor).
Today Slashdot user Roeland Jansen writes:
After some tracking, racing and other stuff...PC-MOS/386 v5.01 is open source under GPLv3. Back in May he'd posted to a virtualization site that "I still have the source tapes. I want(ed) to make it GPL and while I got an OK on it, I haven't had time nor managed to get it legalized. E.g. lift the NDA and be able to publish."
1987 magazine ads described it as "the gateway to the latest technology...and your networking future," and 30 years later its release on GitHub includes sources and executables. "In concert with Gary Robertson and Rod Roark it has been decided to place all under GPL v3."Read Replies (0)
By EditorDavid from Slashdot's mining-your-own-business department
"Could it turn out users actually prefer to trade a little CPU time to website owners in favor of them not showing ads?" writes phonewebcam, a long-time Slashdot reader.
Slashdot covered the downside [of in-browser cryptocurrency mining] recently, with even [Portuguese professional sportsballer] Cristiano Ronaldo's official site falling victim, but that may not be the full story. This could be an ideal win-win situation, except for one huge downside -- the current gang of online advertisers.
By "current gang of online advertisers," he means Google, according to a longer essay at LinkedIn:
Naturally, the world's largest ad broker, which runs the world most popular browser (desktop and mobile) is keen to see how this plays out, and is also uniquely placed to be able to heavily influence it, too... As it happens, Chrome users can already do something about it via extensions, for example AntiMiner... If cryptocurrencies have a future - and that's a big if (look at China's Bitcoin ban) - it could well turn out that their role just took an unexpected turn.Read Replies (0)
By EditorDavid from Slashdot's road-ahead department
Business Insider reports:
Tesla has created a customized insurance package, InsureMyTesla, that is cheaper than traditional plans because it factors in the vehicles' Autopilot safety features and maintenance costs. InsureMyTesla has been available in 20 countries, but Tesla just recently partnered with Liberty Mutual to make the plan available in the U.S. InsureMyTesla shows how the insurance industry is bound for disruption as cars get safer with self-driving tech.
There have been several false alarms over the past few years about Tesla building a factory in China. Earlier this year, Tesla finally confirmed working with the Shanghai government to establish a manufacturing facility in the region and promised an announcement by the end of the year. Now the Wall Street Journal reports that they have come to an agreement with the local authorities on a "wholly owned" factory in the region... China is already the biggest market for electric vehicles, or any vehicles for that matter, and Tesla profited from the demand by tripling its sales to over $1 billion in the country in 2016. Tesla continues to have strong sales in the country this year, where it leads foreign electric car sales with no close second.Read Replies (0)
By EditorDavid from Slashdot's votes-vs-upvotes department
An anonymous reader quotes Motherboard:
There are nearly as many Canadians who use Facebook daily as there are people in this country who are registered to vote -- which is why the federal government is working with Facebook to protect its next federal election... Facebook is now facing perhaps its biggest test as it looks to curb foreign electoral interference and the rampant disinformation on its platform, both of which undermine the nature of democracy. Facebook Canada's election integrity project includes a partnership with a local digital news media literacy organization MediaSmarts, as well as a "cyberhygiene guide" that highlights particular vulnerabilities such as phishing and page-admin authentication. Facebook also has a crisis email line to help politicians and parties with hacking concerns... Kevin Chan, Facebook Canada's head of public policy, said the social media company is working on preventing bad actors from interfering with the democratic process. "At Facebook we take our responsibilities seriously," Chan said. "We don't want anyone to use our tools to undermine democracy."
At the launch of "the Canadian Election Integrity Initiative," Canada's Minister of Democratic Institutions argued that social media sites "must begin to view themselves as actors in shaping the democratic discourse."
The article points out Facebook "has promised to hire thousands of workers globally to help review flagged and suspicious content, as well as use machine learning to identify suspicious patterns of behavior on its platform."Read Replies (0)
By EditorDavid from Slashdot's cracking-the-verification-code department
Two-factor authentication "protects from an attacker listening in right now," writes Slashdot reader szczys, "but in many case a database breach will negate the protections of two-factor." Hackaday reports:
To fake an app-based 2FA query, someone has to know your TOTP password. That's all, and that's relatively easy. And in the event that the TOTP-key database gets compromised, the bad hackers will know everyone's TOTP keys.
How did this come to pass? In the old days, there was a physical dongle made by RSA that generated pseudorandom numbers in hardware. The secret key was stored in the dongle's flash memory, and the device was shipped with it installed. This was pretty plausibly "something you had" even though it was based on a secret number embedded in silicon. (More like "something you don't know?") The app authenticators are doing something very similar, even though it's all on your computer and the secret is stored somewhere on your hard drive or in your cell phone. The ease of finding this secret pushes it across the plausibility border into "something I know", at least for me.
The original submission calls two-factor authentication "an enhancement to password security, but good password practices are far and away still the most important of security protocols." (Meaning complex and frequently-changed passwords.)Read Replies (0)
By EditorDavid from Slashdot's no-you department
An anonymous reader quotes PCMag:
In a Wednesday blog post, Redmond examined Google's browser security and took the opportunity to throw some shade at Chrome's security philosophy, while also touting the benefits of its own Edge browser. The post, written by Microsoft security team member Jordan Rabet, noted that Google's Chrome browser uses "sandboxing" and isolation techniques designed to contain any malicious code. Nevertheless, Microsoft still managed to find a security hole in Chrome that could be used to execute malicious code on the browser.
In the past Google has also disclosed vulnerabilities found in Microsoft products -- including Edge.Read Replies (0)
By EditorDavid from Slashdot's I'll-be-seeing-you department
"Researchers were able to use GPS data from an ad network to track a user to their actual location, and trace movements through town," writes phantomfive. Mashable reports:
The idea is straightforward: Associate a series of ads with a specific individual as well as predetermined GPS coordinates. When those ads are served to a smartphone app, you know where that individual has been... It's a surprisingly simple technique, and the researchers say you can pull it off for "$1,000 or less." The relatively low cost means that digitally tracking a target in this manner isn't just for corporations, governments, or criminal enterprises. Rather, the stalker next door can have a go at it as well... Refusing to click on the popups isn't enough, as the person being surveilled doesn't need to do so for this to work -- simply being served the advertisements is all it takes.
It's "an industry-wide issue," according to the researchers, while Mashable labels it "digital surveillance, made available to any and all with money on hand, brought to the masses by your friendly neighborhood Silicon Valley disrupters."Read Replies (0)
By EditorDavid from Slashdot's we-built-this-city-on-one-click-shopping department
New York Times columnist Timothy Egan was part of the paper's Pulitzer Prize-winning team in 2001. Now he's written an op-ed arguing Amazon "took Seattle's soul." An anonymous reader writes:
Since Amazon arrived "we've been overwhelmed by a future we never had any say over," Egan writes, with a message for cities competing to be the site of Amazon's next headquarters. Amazon now owns as much office space as Seattle's next 40 biggest employers combined, according to an analysis by the Seattle Times, "a mind-boggling 19 percent of all prime office space in the city, the most for any employer in a major U.S. city...more than twice as large as any other company in any other big U.S. city."
Egan notes Amazon is offering 50,000 high-paying jobs and $5 billion worth of investments, "a once-in-a-century, destiny-shaping event," but "You think you can shape Amazon? Not a chance. It will shape you... What comes with the title of being the fastest growing big city in the country, with having the nation's hottest real estate market, is that the city no longer works for some people. For many others, the pace of change, not to mention the traffic, has been disorienting... [M]edian home prices have doubled in five years, to $700,000. This is not a good thing in a place where teachers and cops used to be able to afford a house with a water view... As a Seattle native, I miss the old city, the lack of pretense, and dinner parties that didn't turn into discussions of real estate porn.
Wages have risen faster in Amazon's Seattle than anywhere else in America, and while Amazon changed the city's character, it also poured $38 billion into the city's economy. (Besides Amazon's own 40,000 employees, it also attracted another 50,000 new jobs.) "To the next Amazon lottery winner I would say, enjoy the boom," Egan concludes, "but be careful what you wish for."Read Replies (0)
By EditorDavid from Slashdot's gettingi-schooled department
An anonymous reader quotes Ars Technica:
[O]ne of the most prominent institutions, New York's Flatiron School, will be shelling out $375,000 to settle charges brought by New York Attorney General Eric Schneiderman's office. The AG said the school operated for a period without the proper educational license, and it improperly marketed both its job placement rates and the salaries of its graduates. New York regulators didn't find any inaccuracies in Flatiron's "outcomes report," a document the company is proud of. However, the Attorney General's office found that certain statements made on Flatiron's website didn't constitute "clear and conspicuous" disclosure.
For instance, Flatiron claimed that 98.5 percent of graduates were employed within 180 days of graduation. However, only by carefully reading the outcomes report would one find that the rate included not just full-time employees, but apprentices, contract workers, and freelancers. Some of the freelancers worked for less than 12 weeks. The school also reported an average salary of $74,447 but didn't mention on its website that the average salary claim only applied to graduates who achieved full-time employment. That group comprised only 58 percent of classroom graduates and 39 percent of those who took online courses.
The school's courses last 12 to 16 weeks, and cost between $12,000 and $15,000, according to a statement from the attorney general's office [PDF]. (Or $1,500 a month for an onine coding class). Eligible graduate can claim their share of the $375,000 by filing a complaint within the next thee months.Read Replies (0)
By EditorDavid from Slashdot's bad-botnets department
An anonymous reader writes: Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper, researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, routers, network-attached storage (NAS) devices, network video recorders (NVRs), and digital video recorders (DVRs), primarily from vendors such as Netgear, D-Link, Linksys, GoAhead, JAWS, Vacron, AVTECH, MicroTik, TP-Link, and Synology. The botnet reuses some Mirai source code, but it's unique in its own right. Unlike Mirai, which relied on scanning for devices with weak or default passwords, this botnet was put together using exploits for unpatched vulnerabilities. The botnet's author is still struggling to control his botnet, as researchers spotted over two million infected devices sitting in the botnet's C&C servers' queue, waiting to be processed. As of now, the botnet has not been used in live DDoS attacks, but the capability is in there.
Today is the one-year anniversary of the Dyn DDoS attack, the article points out, adding that "This week both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online."Read Replies (0)
By EditorDavid from Slashdot's house-always-wins department
"A trio of data scientists developed a betting strategy to beat bookmakers at football games," writes austro. [The game Americans call soccer.] New Scientist reports:
The team studied 10 years' worth of data on nearly half a million football matches and the associated odds offered by 32 bookmakers between January 2005 and June 2015. When they applied their strategy in a simulation, they made a return of 3.5 per cent. Making bets randomly resulted in a loss of 3.32 per cent. Then the team decided to try betting for real. They developed an online tool that would apply their odds-averaging formula to upcoming football matches. When a favorable opportunity arose, a member of the team would email Kaunitz and his wife, one of whom then placed a bet. They kept this up for five months, placing $50 bets around 30 times a week. And they were winning. After five months the team had made a profit of $957.50 -- a return of 8.5 per cent. But their streak was cut short. Following a series of several small wins, the trio were surprised to find that their accounts had been limited, restricting how much they could bet to as little as $1.25. The gambling industry has long restricted players who appear to show an edge over the house, says Mark Griffiths at Nottingham Trent University, UK.
The paper "illustrates how the sports gambling industry compensates market inefficiencies with discriminatory practices against successful clients," adds austro, noting that the researchers posted a paper explaining their methodology on arxiv last week. "They also made the dataset and source code available on github. And best of all, they made an online publicly available dashboard that shows a live list of bet recommendations on football matches based on their strategy here or here for anyone to try."Read Replies (0)
By EditorDavid from Slashdot's hacks-for-hire department
An anonymous reader quotes Mashable:
Google, in collaboration with bug bounty platform HackerOne, has launched the Google Play Security Reward Program, which promises $1,000 to anyone who can identify security vulnerabilities in participating Google Play apps. Thirteen apps are currently participating, including Tinder, Duolingo, Dropbox, Snapchat, and Headspace... If you find a security vulnerability in one of the participating apps, you can report that vulnerability to the developer, and work with them to fix it. When the problem has been resolved, the Android Security team will pay you $1,000 as a reward, on top of any reward you get from the app developer. Google will be collecting data on the vulnerabilities and sharing it (anonymized) with other developers who may be exposed to the same problems. For HackerOne, it's about attracting more and better participants in bounty programs.Read Replies (0)
By EditorDavid from Slashdot's fake-credentials department
Here's some surprising news from the Akamia Edge conference. chicksdaddy writes:
[E]xecutives at some of the U.S.'s leading corporations agreed that the much maligned password won't be abandoned any time soon, even as data breaches and follow-on attacks make passwords more susceptible than ever to abuse, the Security Ledger reports. "We reached the end of needing passwords maybe seven years ago, but we still use them," said Steve Winterfeld, Director of Cybersecurity, at clothing retailer Nordstrom. "They're still the primary layer of defense."
"It's hard to kill them," noted Shalini Mayor, who is a Senior Director at Visa Inc. "The question is what to replace them with." This, even though the cost of using passwords is high and getting higher, as sophisticated attacks attempt to compromise legitimate accounts using so-called "credential stuffing" techniques, which use automated password guessing attacks against web-based applications... Stronger and more reliable alternatives to passwords already exist, but the obstacles to using them are often prohibitive. Shalani Mayor said Visa is "looking at" biometric technologies like Apple's TouchID as a tool for making payments securely. Such technologies -- from fingerprint scans to facial and retinal scans -- promise more secure and reliable factors than alphanumeric passwords, the executives agreed. But customers often resist the technologies or find them error prone or too difficult to use.Read Replies (0)