By manishs from Slashdot's truth-is-out-there department
A new report by Television New Zealand in collaboration with The Intercept, based on leaks of former U.S. National Security Agency worker Edward Snowden has for the first time named a target of the NSA's controversial Prism program. The target was a middle-aged civil servant and pro-democracy activist named Tony Fullman. Fullman, who is originally from Fiji but has lived in New Zealand for decades, is an advocate for democracy in Fiji and a critic of Fijian prime minister Frank Bainimarama, who took power in a 2006 coup. From a Fortune report: According to The Intercept, the NSA in 2012 monitored Fullman's communications through the Prism program and passed on information to the New Zealand intelligence services. Around the same time, the New Zealand authorities raided Fullman's home and revoked his passport. The New Zealand intelligence services were not themselves allowed to spy on Fullman, who was a New Zealand citizen. However, as Snowden has repeatedly described, the agencies of many Anglophone countries spy on each other's behalf, in order to bypass their national legal restrictions. Fullman suggested in the article that people in the group may well have said violent things about Bainimarama, but this was just venting, not a plot. According to the report, they never suspected someone was listening into their communications. The NSA was said to be helping by analyzing Fullman's Facebook and Gmail activities. The 190 pages of intercepted documentation seen by The Intercept apparently didn't reveal evidence of a plot.Read Replies (0)
By EditorDavid from Slashdot's freedom-of-tweets department
Twitter complained of "inaccuracies in the details and unfair portrayals" in an article which described their service as "a honeypot for assholes." Buzzfeed interviewed 10 "high-level" former employees who detailed a company "Fenced in by an abiding commitment to free speech above all else and a unique product that makes moderation difficult and trolling almost effortless". An anonymous Slashdot reader summarizes their report:
Twitter's commitment to free speech can be traced to employees at Google's Blogger platform who all went on to work at Twitter. They'd successfully fought for a company policy that "We don't get involved in adjudicating whether something is libel or slander... We'll do it if we believe we are required to by law." One former Twitter employee says "The Blogger brain trust's thinking was set in stone by the time they became Twitter Inc."
Twitter was praised for providing an uncensored voice during 2009 elections in Iran and the Arab Spring, and fought the secrecy of a government subpoena for information on their WikiLeaks account. The former of head of news at Twitter says "The whole 'free speech wing of the free speech party' thing -- that's not a slogan. That's deeply, deeply embedded in the DNA of the company... [Twitter executives] understand that this toxicity can kill them, but how do you draw the line? Where do you draw the line? I would actually challenge anyone to identify a perfect solution. But it feels to a certain extent that it's led to paralysis.
While Twitter now says they are working on the problem, Buzzfeed argues this "maximalist approach to free speech was integral to Twitter's rise, but quickly created the conditions for abuse... Twitter has made an ideology out of protecting its most objectionable users. That ethos also made it a beacon for the internet's most vitriolic personalities, who take particular delight in abusing those who use Twitter for their jobs."Read Replies (0)
By EditorDavid from Slashdot's census-fail department
Slashdot reader River Tam explains the crash of Australia's online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics "were offered DDoS prevention services from their upstream provider...and said they didn't need it." From an article on CSO:
The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected... Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site's operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site.
In an unfortunate confluence of events, IBM's security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site's operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack...these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site...Read Replies (0)
By EditorDavid from Slashdot's taking-some-license department
An anonymous Slashdot reader quotes ITWire:
Linux kernel developer Christoph Hellwig has lost his case against virtualisation company VMware, which he had sued in March 2015 for violation of version 2 of the GNU General Public Licence... The case claimed that VMware had been using Hellwig's code right from 2007 and not releasing source code as required. The Linux kernel, which is released under the GNU GPL version 2, stipulates that anyone who distributes it has to provide source code for the same...
In its ruling, the court said that Hellwig had failed to prove which specific lines of code VMware had used, from among those over which he claimed ownership.
In a statement, Hellwig said he plans to appeal, adding that "The ruling concerned German evidence law; the Court did not rule on the merits of the case, i.e. the question whether or not VMware has to license the kernel of its product vSphere ESXi 5.5.0 under the terms of the GNU General Public License, version 2." The Software Freedom Conservancy has described the lawsuit as "the regretful but necessary next step in both Hellwig and Conservancy's ongoing effort to convince VMware to comply properly with the terms of the GPLv2, the license of Linux and many other Open Source and Free Software included in VMware's ESXi products."Read Replies (0)
By EditorDavid from Slashdot's I-see-you-are-writing-a-subroutine department
The National Science Foundation is developing a way to create working code using "automated program synthesis," a new technology called ExCAPE "that provides human operators with automated assistance.... By removing the need for would-be programmers to learn esoteric programming languages, the method has the potential to significantly expand the number of people engaged in programming in a variety of disciplines, from personalized education to robotics." Rajeev Alur, who leads a team of researchers from America's nine top computer science programs, says that currently software development "remains a tedious and error-prone activity."
Slashdot reader the_insult_dog writes:
While its lofty goals of broadly remaking the art of programming might not be realized, the research has already made some advances and resulted in several tools already in use in areas such as commercial software production and education...
For example, the NSF created a new tool (which they've recently patented) called NetEgg, which generates code for controlling software-defined networks, as well as Automata Tutor and AutoProf, which provide automated feedback to computer science students.Read Replies (0)
By EditorDavid from Slashdot's an-unexpected-journey department
Random web surfers could send a text message or even upload an image to be displayed on the back glass of Mark Lachniet's pinball machine, according to Mael517, while the machine itself webcast footage of both its playing field and backglass using Twitch. Interestingly, all the extra functionality was coded directly into the machine, according to Lachniet, who added only the webcam and an ethernet cord. The Hobbit [machine] has a whole bunch of hardware that I don't really understand and can barely fix... However, it has a computer in its guts, and this I can mostly understand. After identifying the pinball machine's motherboard, CPU, operating system (Ubuntu) and an SQL database, Lachniet was able to backup its software, and then create his own modifications. He envisions more possibilities -- for example, the ability to announce high scores on social media accounts or allow remote servicing of the machine. Lachniet even sees the possibility of a world-wide registry of pinball game scores with each player's location overlaid on Google Maps "so you could view pinball hot spots and where the high scores were coming from," and maybe even networking machines together to allow real-time global competition."Read Replies (0)
By EditorDavid from Slashdot's bit-flipping-tricks department
An anonymous Slashdot reader writes:
Hacking researchers have uncovered a new attack technique which can alter the memory of virtual machines in the cloud. The team, based at Vrije Universiteit, Amsterdam, introduced the attack, dubbed Flip Feng Shui (FFS)...and explained that hackers could use the technique to crack the keys of secured VMs or install malicious code without it being noticed...
Using FFS, the attacker rents a VM on the same host as their chosen victim. They then write a memory page which they know exists on the vulnerable memory location and let it de-duplicate. The identical pages, with the same information, will merge in order to save capacity and be stored in the same part of memory of the physical computer. This allows the hacker to change information in the general memory of the computer.
The researchers demonstrated two attacks on Debian and Ubuntu systems -- flipping a bit to change a victim's RSA public key, and installing a software package infected with malware by altering a URL used by apt-get. "Debian, Ubuntu and other companies involved in the research were notified before the paper was published, and have all responded to the issue."Read Replies (0)
By EditorDavid from Slashdot's reusable-rockets department
Saturday a SpaceX rocket completed the company's fourth successful landing at sea (watched by over 100,000 viewers on YouTube and Flickr). Saturday's landing means Elon Musk's company has now recovered more than half the rockets they've launched. An anonymous Slashdot reader quotes Saturday's report from The Verge:
Tonight's landing was particularly challenging for SpaceX... The Falcon 9 had to carry its onboard satellite -- called JCSAT-16 -- into...a highly elliptical orbit that takes the satellite 20,000 miles out beyond Earth's surface. Getting to GTO requires a lot of speed and uses up a lot of fuel during take off, more so than getting to lower Earth orbit. That makes things difficult for the rocket landing afterward...there's less fuel leftover for the vehicle to reignite its engines and perform the necessary landing maneuvers.
CEO Elon Musk said the company is aiming to launch its first landed rocket sometime this fall...SpaceX's president, Gwynne Shotwell, estimates that reusing these landed Falcon 9 vehicles will lead to a 30 percent reduction in launch costs.
SpaceX named their drone ship "Of Course I Still Love You."Read Replies (0)
By EditorDavid from Slashdot's predicting-the-future department
"The world's next energy revolution is probably no more than five or ten years away," reports The Telegraph. "Cutting-edge research into cheap and clean forms of electricity storage is moving so fast that we may never again need to build 20th Century power plants in this country..." Slashdot reader mdsolar quotes their article:
The US Energy Department is funding 75 projects developing electricity storage, mobilizing teams of scientists at Harvard, MIT, Stanford, and the elite Lawrence Livermore and Oak Ridge labs in a bid for what it calls the "Holy Grail" of energy policy. You can track what they are doing at the Advanced Research Projects Agency-Energy (ARPA-E). There are plans for hydrogen bromide, or zinc-air batteries, or storage in molten glass, or next-generation flywheels, many claiming "drastic improvements" that can slash storage costs by 80pc to 90pc and reach the magical figure of $100 per kilowatt hour in relatively short order. "Storage is a huge deal," says Ernest Moniz, the U,S. Energy Secretary and himself a nuclear physicist. He is now confident that the U.S. grid and power system will be completely "decarbonized" by the middle of the century.
One energy consultant predicts the energy storage market will be worth $90 billion in 2025 -- 100 times larger than it is today.Read Replies (0)
By EditorDavid from Slashdot's car-alarm department
Long-time Slashdot reader chicksdaddy quotes a report from Security Ledger:
One of every five software vulnerabilities discovered in vehicles in the last three years are rated "critical" and are unlikely to be resolved through after the fact security fixes, according to an analysis by the firm IOActive. "These are the high priority 'hair on fire' vulnerabilities that are easily discovered and exploited and can cause major impacts to the system or component," the firm said in its report...
The bulk of vulnerabilities that were identified stemmed from a failure by automakers and suppliers to follow security best practices including designing in security or applying secure development lifecycle (SDL) practices to software creation... The result is that vehicle cybersecurity vulnerabilities are not solvable using "bolt-on" solutions, IOActive concluded...
The article argues we're years away from standards or regulations, while describing auto-makers as "wedded to the notion that keeping the details of their systems secret will ensure security."Read Replies (0)