By msmash from Slashdot's taking-a-stand department
Reader Presto Vivace shares a report on The Intercept: IBM employees are taking a public stand following a personal pitch to Donald Trump from CEO Ginni Rometty and the company's initial refusal to rule out participating in the creation of a national Muslim registry. In November, Rometty wrote Trump directly, congratulating him on his electoral victory and detailing various services the company could sell his administration. The letter was published on an internal IBM blog along with a personal note from Rometty to her enormous global staff. "As IBMers, we believe that innovation improves the human condition. ... We support, tolerance, diversity, the development of expertise, and the open exchange of ideas," she wrote in the context of lending material support to a man who won the election by rejecting all of those values. Employee comments were a mix of support and horror. Now, some of those who were horrified are going public, denouncing Rometty's letter and asserting "our right to refuse participation in any U.S. government contracts that violate constitutionally protected civil liberties." The IBMPetition.org effort has been spearheaded in part by IBM cybersecurity engineer Daniel Hanley, who told The Intercept he started organizing with his coworkers after reading Rometty's letter. "I was shocked, of course," Hanley said, "because IBM has purported to espouse diversity and inclusion, and yet here's Ginni Rometty in an unqualified way reaching out to an admin whose electoral success was based on racist programs."Read Replies (0)
By msmash from Slashdot's very-nice department
A bipartisan House Oversight and Government Reform Committee report released today urges Congress to pass legislation to regulate cell-site simulation surveillance devices like the Stingray. From a report: The devices, used by local and federal law enforcement agencies around the country, have been controversial, both for their power to track mobile devices and the secrecy often accompanying their use. As the report notes, the devices are still often used by local law enforcement agencies without warrants, instead relying on various lower standards of evidence. The committee's investigation, which last year prompted the Justice Department and Department of Homeland Security to change their policies on when to require a warrant before using the devices, found that the Justice Department uses 310 of the devices and spent $71 million on them between fiscal years 2010 and 2014. Homeland Security has 124 devices and spent $24 million in the same period. [...] The committee recommends that agencies become more "candid" about the devices, and urges states to pass legislation that would "require, with limited exceptions, issuance of a probable cause based warrant prior to law enforcement's use of these devices."Read Replies (0)
By msmash from Slashdot's mere-hacking department
A 'mere' 10.8% phishing success rate has forced Los Angeles County to notify approximately 756,000 individuals that their personal information may have been compromised. The attack occurred on May 13, 2016 when 1,000 County employees received phishing emails. 108 employees were successfully phished. A Nigerian national has been charged in connection with the hack. From a report on The Guardian: Many large organizations would welcome a 10% success rate in their internal anti-phishing training sessions, with 30% and above being common. The 2016 Verizon DBIR suggests that 30% of all phishing emails are opened. The high number of individuals affected from a relatively low number of successes in LA County demonstrates how dangerous phishing attacks can be. The nature of the potentially compromised information is also concerning. "That information may have included first and last names, dates of birth, Social Security numbers, driver's license or state identification numbers, payment card information, bank account information, home addresses, phone numbers, and/or medical information, such as Medi-Cal or insurance carrier identification numbers, diagnosis, treatment history, or medical record numbers," said the County of Los Angeles Chief Executive Office in a statement.Read Replies (0)
By msmash from Slashdot's expectations-vs-reality department
Microsoft is pushing hard for Windows 10 to become the operating system of choice for everyone across the world, but this isn't happening just yet, as Windows 7 keeps dominating the desktop market. From a report on Softpedia: The Firefox Hardware Report published recently by Mozilla shows that Windows 7 is the number one browser for users running the company's browser, with a share of 44.86 percent, followed by Windows 10 with 25.67 percent. Seeing Windows 7 dominating the desktop OS charts is not surprising, but on the other hand, it's living proof that Microsoft will really have a hard time moving users to Windows 10 before 2020 when it reaches end of support. Microsoft's Windows 10, however, already improved substantially since its launch in 2015, mostly thanks to the free upgrade offer targeting Windows 7 and 8.1 users, but this still isn't enough to become the number one choice for PC users.Read Replies (0)
By EditorDavid from Slashdot's Santa's-little-helpers department
Every year more than 10 million packages are stolen off doorsteps, according to a study by August Home Inc. -- a company which sells a "smart" door lock that's controlled by your cellphone so you can remotely let a delivery person into your house. But that's just one of the weird ways consumers are using technology to try to fight package thieves. An anonymous reader reports:
Some online shopping sites will now also text you when one of their packages gets left on your doorstep, according to GeekWire, which reports that for a thousand bucks you can also just buy a lockable iBin parcel-delivery box. But there's also a startup selling an odd new product called Package Guard, "a Frisbee sized, wi-fi-enabled device that alerts a user when a package has been delivered and set on top of it. Package Guard sets off a loud alarm if anyone unauthorized tries to remove the package."
GeekWire details the frustration of one Seattle police detective. "Bach knows the crimes are happening, he knows it all spikes during the holiday season and he knows that the few thieves who are caught are likely to see little if any jail time." (Though Bach admits "We do a wide variety of undercover stings," including a recent operation involving mobile surveillance with a "major delivery company.") One Seattle man even attempted to stop thieves by installing a Ring smart doorbell to film activity on his doorstep, only to discover that this only enabled him to watch helplessly as a thief opened his package, and then successfully stole all of its contents.
Though he yelled at the video "Bring my package back now!" that thief was never caught.Read Replies (0)
By EditorDavid from Slashdot's BlackBerry-mobiles department
BlackBerry's Unix-like OS, QNX, is already in millions of cars. But today they're expanding their facility in Ottawa "to focus on developing advanced driver assistance and autonomous vehicle technology," according to Reuters. And one analyst says "If they can prove that they have the whole package and the security, they could absolutely dominate the market."
After a detour where QNX's industrial-focused software was used to reinvent the now-discarded BlackBerry phone operating system, BlackBerry is focused on how its embedded software interacts with the explosion of sensors, cameras and other components required for a car to drive itself... "What QNX is doing is providing the infrastructure that allows you to build higher-level algorithms and to also acquire data from the sensors in a reliable manner," said Sebastian Fischmeister, a University of Waterloo associate professor who has worked with QNX since 2009.
Instead of focussing on AI, BlackBerry wants "a niche role as a trusty sidekick," Reuters reports, adding that besides a recent deal with Ford, BlackBerry is also holding advanced discussions with "more than one or two" major automakers, according to the head of the company.Read Replies (0)
By EditorDavid from Slashdot's embracing-and-extending department
An anonymous reader quote InfoWorld:
Two years ago Microsoft did the unthinkable: It declared it would open-source its .NET server-side cloud stack with the introduction of .NET Core... Thus far, the move has paid off. Microsoft has positioned .NET Core as a means for taking .NET beyond Windows. The cross-platform version extends .NET's reach to MacOS and Linux...
Developers are buying in, says Scott Hunter, Microsoft partner director program manager for .NET. "Forty percent of our .NET Core customers are brand-new developers to the platform, which is what we want with .NET Core," Hunter says. "We want to bring new people in." Thanks in considerable part to .NET Core, .NET has seen a 61% uptick in the number of developers engaged with the platform in the past year.
The article includes an interesting quote from Microsoft-watching analyst Rob Sanfilippo. "It could be argued that the technology generates indirect revenue by incenting the use of Azure services or Microsoft developer tools."Read Replies (0)
By EditorDavid from Slashdot's telecommuting-troubles department
"If someone gave you a big chunk of change to build a small one- or two-room office, what would you do?" asks long-time Slashdot reader darkpixel2k, as he plans to build a small office out in his backyard.
My plan is to trench CAT6 from our ISP fiber DMARC over to the ~12x20 building, wire the structure up for network and power, and furnish it with a small rack, UPS, switch, router, a desk, whiteboard walls, a wireless access point, and an air conditioner for the summer heat... While I have the "big picture" idea in my head, I don't really have a grasp of the fine details that would make it a comfortable work environment... Should I put down carpet and one of those plastic mats for chairs? A friend suggested I wire up speakers so I don't have to listen to my terrible laptop speakers, and a large flat-screen TV so I can display dashboards and statistics.
Lastly, physical security is somewhat of an issue. While everything is insured, downtime of a few days or weeks due to meth heads would be a huge impact to the company and also on my paycheck. I was talking with the local company that builds small office-like structures, sheds, and barns, and they said they can "double up" the 2x4s to strengthen the walls and make a stronger door, but I need to supply my own lock. Should I use some off-the-shelf lock from a big-box hardware store? Should I install a digital lock?
There's more details in the original submission -- but it's also a lot of fun to speculate about what you'd do with a big chunk of change to build your own work-from-home office. So leave your best answers for darkpixel2k in the comments. How should he furnish (and secure) his work-from-home office?Read Replies (0)
By EditorDavid from Slashdot's what's-a-patch? department
Core evangelist Thibaut Rouffineau writes about the results of Ubuntu's survey of 2000 consumers about their Internet of Things devices:
This survey revealed that, worryingly, only 31% of consumers that own connected devices perform updates as soon as they become available. A further 40% of consumers have never consciously performed updates on their devices... Of those polled, nearly two thirds felt that it was not their responsibility to keep firmware updated. 22% believed it was the job of software developers, while 18% consider it to be the responsibility of device manufacturers.
Canonical has taken the view for some time now that better automatic mechanisms to fix vulnerabilities remotely are needed as an essential step on the way to a secure IoT. We need to remove the burden of performing software updates from the user and we need to actively ban the dreaded 'default password', as Canonical has done with Ubuntu Core 16... It's clear to us that too many of the solutions to IoT security proposed today involve either mitigating security issues after-the-fact, or living in a world where IoT security problems are the accepted norm. This should not and cannot be the case.
They'll be publishing their complete findings in a new paper in January.Read Replies (0)
By EditorDavid from Slashdot's denial-of-liberty-counterattack department
This week the FBI arrested a 26-year-old southern California man for launching a DDoS attack against online chat service Chatango at the end of 2014 and in early 2015 -- part of a new crackdown on the customers of "DDoS-for-hire" services. An anonymous reader writes:
Sean Krishanmakoto Sharma, a computer science graduate student at USC, is now facing up to 10 years in prison and/or a fine of up to $250,000. Court documents describe a service called Xtreme Stresser as "basically a Linux botnet DDoS tool," and allege that Sharma rented it for an attack on Chatango, an online chat service. "Sharma is now free on a $100,000 bail," reports Bleeping Computer, adding "As part of his bail release agreement, Sharma is banned from accessing certain sites such as HackForums and tools such as VPNs..."
"Sharma's arrest is part of a bigger operation against DDoS-for-Hire services, called Operation Tarpit," the article points out. "Coordinated by Europol, Operation Tarpit took place between December 5 and December 9, and concluded with the arrest of 34 users of DDoS-for-hire services across the globe, in countries such as Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States." It grew out of an earlier investigation into a U.K.-based DDoS-for-hire service which had 400 customers who ultimately launched 603,499 DDoS attacks on 224,548 targets.
Most of the other suspects arrested were under the age of 20.Read Replies (0)