By msmash from Slashdot's security-woes department
Lorenzo Franceschi-Bicchierai, writing for Motherboard: Google's platform to deal with bugs and unpatched vulnerabilities had a bug that allowed a security researcher to see a full list of known, unpatched vulnerabilities within Google, creating a kind of bug inception that could have led to more damaging hacks. Alex Birsan, a security researcher, found three vulnerabilities inside the Google Issue Tracker, the company's internal platform where employees keep track of requested features or unpatched bugs in Google's products. The largest one of these was one that allowed him to access the internal platform at all. The company has quickly patched the bugs found by Birsan, and there's no evidence anyone else found the bugs and exploited them. Still, these were bad bugs, especially the one that gave him access to the bug-tracking platform, which could have provided hackers with a list of vulnerable targets at Google. "Exploiting this bug gives you access to every vulnerability report anyone sends to Google until they catch on to the fact that you're spying on them," Birsan told Motherboard in an online chat. "Turning those vulnerability reports into working attacks also takes some time/skill. But the bigger the impact, the quicker it gets fixed by Google. So even if you get lucky and catch a good one as soon as it's reported, you still have to have a plan for what you do with it."Read Replies (0)
The Meaning of AMP
Posted by News Fetcher on October 30 '17 at 08:31 AM
By msmash from Slashdot's stranger-things department
Last week, Ethan Marcotte, an independent web designer, shared how Google describes AMP (Accelerated Mobile Pages). People at Google says AMP "isn't a 'proprietary format'; it's an open standard that anyone can contribute to." But that definition, Marcotte argues, isn't necessarily an honest one. He writes: On the face of it, this statement's true. AMP's markup isn't proprietary as such: rather, all those odd-looking amp- tags are custom elements, part of the HTML standard. And the specification's published, edited, and distributed on GitHub, under one of the more permissive licenses available. So, yes. The HTML standard does allow for the creation of custom elements, it's true, and AMP's license is quite liberal. But spend a bit of time with the rules that outline AMP's governance. Significant features and changes require the approval of AMP's Technical Lead and one Core Committer -- and if you peruse the list of AMP's Core Committers, that list seems exclusively staffed and led by Google employees. Now, there's nothing wrong with this. After all, AMP is a Google-backed project, and they're free to establish any governance model they deem appropriate. But when I hear AMP described as an open, community-led project, it strikes me as incredibly problematic, and more than a little troubling. AMP is, I think, best described as nominally open-source. It's a corporate-led product initiative built with, and distributed on, open web technologies. Jeremy Keith, a web developer, further adds: If AMP were actually the product of working web developers, this justification would make sense. As it is, we've got one team at Google citing the preference of another team at Google but representing it as the will of the people. This is just one example of AMP's sneaky marketing where some finely-shaved semantics allows them to appear far more reasonable than they actually are. At AMP Conf, the Google Search team were at pains to repeat over and over that AMP pages wouldn't get any preferential treatment in search results ... but they appear in a carousel above the search results. Now, if you were to ask any right-thinking person whether they think having their page appear right at the top of a list of search results would be considered preferential treatment, I think they would say hell, yes! This is the only reason why The Guardian, for instance, even have AMP versions of their content -- it's not for the performance benefits (their non-AMP pages are faster); it's for that prime real estate in the carousel. The same semantic nit-picking can be found in their defence of caching. See, they've even got me calling it caching! It's hosting. If I click on a search result, and I am taken to page that has a URL beginning with https://www.google.com/amp/s/... then that page is being hosted on the domain google.com. That is literally what hosting means. Now, you might argue that the original version was hosted on a different domain, but the version that the user gets sent to is the Google copy. You can call it caching if you like, but you can't tell me that Google aren't hosting AMP pages. That's a particularly low blow, because it's such a bait'n'switch.Read Replies (0)
By EditorDavid from Slashdot's war-games department
An anonymous reader quotes the Atlantic:
As far as video games go, Operation Overmatch is rather unremarkable. Players command military vehicles in eight-on-eight matches against the backdrop of rendered cityscapes -- a common setup of games that sometimes have the added advantage of hundreds of millions of dollars in development budgets. Overmatch does have something unique, though: its mission. The game's developers believe it will change how the U.S. Army fights wars. Overmatch's players are nearly all soldiers in real life. As they develop tactics around futuristic weapons and use them in digital battle against peers, the game monitors their actions.
Each shot fired and decision made, in addition to messages the players write in private forums, is a bit of information soaked up with a frequency not found in actual combat, or even in high-powered simulations without a wide network of players. The data is logged, sorted, and then analyzed, using insights from sports and commercial video games. Overmatch's team hopes this data will inform the Army's decisions about which technologies to purchase and how to develop tactics using them, all with the aim of building a more forward-thinking, prepared force... While the game currently has about 1,000 players recruited by word of mouth and outreach from the Overmatch team, the developers eventually want to involve tens of thousands of soldiers. This milestone would allow for millions of hours of game play per year, according to project estimates, enough to generate rigorous data sets and test hypotheses.Read Replies (0)
By EditorDavid from Slashdot's Idoru department
An anonymous reader quotes Bloomberg. [Alternate version here]:
During her 10-year career, she's released more than 100,000 songs in a variety of languages and opened shows for Lady Gaga. And yet Hatsune Miku, who boasts 2.5 million Facebook followers, doesn't actually exist -- at least not in the typical way we think of a flesh-and-blood diva. Miku is a computer-simulated pop star created more than a decade ago by Hiroyuki Ito, CEO of Crypton Future Media in Sapporo, Japan.
She started life as a piece of voice-synthesis software but since has evolved to become a singing sensation in her own right -- thanks to the creativity of her legions of fans. Crucial to Miku's success is the ability for devotees to purchase the Yamaha-powered Vocaloid software and write their own songs for the star to sing right back at them. Fans then can upload songs to the web and vie for the honor of having her perform them at "live" gigs, in which the computer-animated Miku takes center stage, surrounded by human guitarists, drummers and pianists.
Bloomberg's article includes some video clips of the virtual artist -- as well as her real-world fans.Read Replies (0)
By EditorDavid from Slashdot's searching-for-signals department
"In the absence of physical evidence, scientists are employing powerful computational tools to attempt to solve the greatest aviation mystery of our time: the disappearance of flight MH370." Slashdot reader Esther Schindler shared this article from HPE Insights:
Satellite communications provider Inmarsat announced it had found recorded signals in its archives that MH370 had sent for another six hours after it disappeared. The plane had been aloft and flying for that whole time -- but where had it gone? As Inmarsat scientists examined the signals, they saw that what they had was not data such as text messages or location information. Rather, the signals contained metadata: information about the signal itself. This was recorded as the satellite automatically contacted the plane's communications system every hour to see if it was still logged on. Bafflingly, whoever had taken the plane hadn't used the satcom system to communicate with the outside world, but had switched it off and then on again, leaving it able to exchange hourly "pings" with the satellite. Some of the metadata related to extremely subtle variations in the frequency of the signal. "We're talking about changes as big as one part in a billion," says Inmarsat scientist Chris Ashton.
< article continued at Slashdot's searching-for-signals department
>Read Replies (0)
By EditorDavid from Slashdot's out-of-print department
An anonymous reader quotes the Press Democrat:
When deadly flames incinerated hundreds of homes in Santa Rosa's Fountaingrove neighborhood earlier this month, they also destroyed irreplaceable papers and correspondence held nearby and once belonging to the founders of Silicon Valley's first technology company, Hewlett-Packard. The Tubbs fire consumed the collected archives of William Hewlett and David Packard, the tech pioneers who in 1938 formed an electronics company in a Palo Alto garage with $538 in cash. More than 100 boxes of the two men's writings, correspondence, speeches and other items were contained in one of two modular buildings that burned to the ground at the Fountaingrove headquarters of Keysight Technologies. Keysight, the world's largest electronics measurement company, traces its roots to HP and acquired the archives in 2014 when its business was split from Agilent Technologies -- itself an HP spinoff.
The Hewlett and Packard collections had been appraised in 2005 at nearly $2 million and were part of a wider company archive valued at $3.3 million. However, those acquainted with the archives and the pioneering company's impact on the technology world said the losses can't be represented by a dollar figure... Karen Lewis, the former HP staff archivist who first assembled the collections, called it irresponsible to put them in a building without proper protection. Both Hewlett-Packard and Agilent earlier had housed the archives within special vaults inside permanent facilities, complete with foam fire retardant and other safeguards, she said. "This could easily have been prevented, and it's a huge loss," Lewis said.
Lewis has described the collection as "the history of Silicon Valley ... This is the history of the electronics industry." Keysight Technologies spokesman Jeff Weber said the company "is saddened by the loss of documents that remind us of our visionary founders, rich history and lineage to the original Silicon Valley startup."
< article continued at Slashdot's out-of-print department
>Read Replies (0)
By EditorDavid from Slashdot's great-news-everyone department
Long-time Slashdot reader wonkavader writes: Billy West, Maurice LaMarche, and Phil LaMarr from the Futurama cast are working on a Kickstarter campaign to animate the Goblins web-comic. Also involved are Matt King, Jim Cummings, Matthew Mercer, Steve Blum, and Jennifer Hale from World of Warcraft, Resident Evil, Cowboy Bebop, Mass Effect, Powerpuff Girls, and other stuff. It's surprising to see so many well-known voice people...
The writing for the show will be done by Matt King and Phil LaMarr along with the original Goblins creator, Tarol Hunt. They have an initial teaser trailer (or rather the 'animatic') which is definitely aimed at people who have already been following the comic. Last week Reddit hosted an AMA with some of the project's stars, including Phil LaMarr (Samurai Jack, Futurama), Matt Yang King (WoW, GI:Joe), Tarol Hunt and Danielle Stephens (Goblins Comic).Read Replies (0)
By EditorDavid from Slashdot's fickle-fingers-of-failure department
An anonymous reader quotes an announcement from SLAC:
Scientists from Stanford University and the Department of Energy's SLAC National Accelerator Laboratory have captured the first atomic-level images of finger-like growths called dendrites that can pierce the barrier between battery compartments and trigger short circuits or fires... This is the first study to examine the inner lives of batteries with cryo-electron microscopy, or cryo-EM, a technique whose ability to image delicate, flash-frozen proteins and other "biological machines" in atomic detail was honored with the 2017 Nobel Prize in chemistry... The ability to see this level of detail for the first time with cryo-EM will give scientists a powerful tool for understanding how batteries and their components work at the most fundamental level and for investigating why high-energy batteries used in laptops, cell phones, airplanes and electric cars sometimes fail, the researchers said...
In cryo-EM, samples are flash-frozen by dipping them into liquid nitrogen, then sliced for examination under the microscope. You can freeze a whole coin-cell battery at a particular point in its charge-discharge cycle, remove the component you're interested in and see what is happening inside that component at an atom-by-atom scale. You could even create a stop-action movie of battery activity by stringing together images made at different points in the cycle... Zooming in, they used a different technique to look at the way electrons bounced off the atoms in the dendrite, revealing the locations of individual atoms in both the crystal and its solid electrolyte interphase (SEI) coating. When they added a chemical commonly used to improve battery performance, the atomic structure of the SEI coating became more orderly, and they think this may help explain why the additive works.Read Replies (0)
By EditorDavid from Slashdot's cause-and-no-effect department
An anonymous reader quotes a local NBC news report:
Stories are starting to pour in about those impacted by last month's massive Equifax data breach, which compromised the private information of more than 140 million people. Katie Van Fleet of Seattle says she's spent months trying to regain her stolen identity, and says it has been stolen more than a dozen times. "I kept receiving letters from Kohl's, from Macy's, from Home Depot, from Old Navy saying 'thank you for your application,'" she said to CNN affiliate KCPQ. But she says she's never applied for credit from any of those places. Instead, Van Fleet and her attorney Catherine Fleming say they believe her personal data was stolen during the massive Equifax security breach... Fleming has filed a class-action lawsuit against Equifax, saying they were negligent in losing private information on more than 140 million Americans... "Countless people, I mean, I've really, truly lost count, and the stories that like Katie's, the stories I hear are heart-wrenching," Fleming said.
But are things about to get worse? Marketwatch reports:
< article continued at Slashdot's cause-and-no-effect department
>Read Replies (0)
By EditorDavid from Slashdot's funerals-for-feeds department
"Feeds need to die because they distort our views and disconnect us from other human beings around us," argues TechCrunch's Romain Dillet:
At first, I thought I was missing out on some Very Important Content. I felt disconnected. I fought against my own FOMO. But now, I don't feel anything. What's going on on Instagram? I don't care. Facebook is now the worst internet forum you can find. Twitter is filled with horrible, abusive people. Instagram has become a tiny Facebook now that it has discouraged all the weird, funny accounts from posting with its broken algorithm. LinkedIn's feed is pure spam.
And here's what I realized after forgetting about all those "social" networks. First, they're tricking you and pushing the right buttons to make you check your feed just one more time. They all use thirsty notifications, promote contrarian posts that get a lot of engagement and play with your emotions. Posting has been gamified and you want to check one more time if you got more likes on your last Instagram photo. Everything is now a story so that you pay more attention to your phone and you get bored less quickly -- moving pictures with sound tend to attract your eyes... [F]inally, I realized that I was missing out by constantly checking all my feeds. By putting my phone on 'Do Not Disturb' for days, I discovered new places, started conversations and noticed tiny little things that made me smile.
He concludes that technology has improved the way we learn, communicate, and share information, "But it has gone too far...
"Forget about your phone for a minute, look around and talk with people next to you."Read Replies (0)
By EditorDavid from Slashdot's fire-and-ice department
schwit1 quotes UPI:
New research suggests volcanic eruptions can trigger periods of rapid ice sheet melting... "Over a time span of 1,000 years, we found that volcanic eruptions generally correspond with enhanced ice sheet melting within a year or so," Francesco Muschitiello, a postdoctoral researcher at Columbia University's Lamont-Doherty Earth Observatory, said in a news release. The volcanoes of note weren't situated next-door, but thousands of miles from the ice sheet, a reminder of the unexpected global impacts of volcanic activity.
The new research -- detailed this week in the journal Nature Communications -- suggests ash ejected into the atmosphere by erupting volcanoes can be deposited thousands of miles away. When it's deposited on ice sheets, the dark particles cause the ice to absorb more thermal energy and accelerate melting... Some scientists have even suggested melting encouraged by volcanic eruptions could trigger even more eruptions, a positive feedback loop. As glaciers and ice sheets melt, pressure is relieved from the planet's crust, allowing magma to rise to the surface.Read Replies (0)
By EditorDavid from Slashdot's AMT-away department
"San Francisco company Purism announced that they are now offering their Librem laptops with the Intel Management Engine disabled," writes Slashdot reader boudie2. Purism describes Management Engine as "a separate CPU that can run and control a computer even when powered off."
HardOCP reports that Management Engine "is widely despised by security professionals and privacy advocates because it relies on signed and secret Intel code, isn't easily alterable, isn't fully documented, and has been found to be vulnerable to exploitation... In short, it's a tiny potentially hackable computer in your computer that you cannot totally control, nor opt-out of, but it can totally control your system."
Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it. Purism, because it runs coreboot and maintains its own BIOS firmware update process, has been able to release and ship coreboot that disables the Management Engine from running, directly halting the ME CPU without the ability of recovery... "Disabling the Management Engine, long believed to be impossible, is now possible and available in all current Librem laptops. It is also available as a software update for previously shipped recent Librem laptops," says Todd Weaver, Founder & CEO of Purism.Read Replies (0)