By EditorDavid from Slashdot's (R)eliable-(D)atagram-(S)ockets department
jwhyche (Slashdot reader #6,192) shared this article from Sophos:
Linux systems running kernels prior to 5.0.8 require patching after news emerged of a high-severity flaw that could be remotely exploited.
According to the NIST advisory, CVE-2019-1181 is a race condition affecting the kernel's rds_tcp_kill_sock in net/rds/tcp.c "leading to a use-after-free, related to net namespace cleanup." The RDS bit refers to systems running the Reliable Datagram Sockets (RDS) for the TCP module, which means only systems that run applications using this are affected.
The attention-grabbing part is that this opens unpatched systems to remote compromise and denial of service without the need for system privileges or user interaction. On the other hand, the attack complexity is described as 'high', and any such attack would need to be launched from the local network.Read Replies (0)
By EditorDavid from Slashdot's social-network-effect department
An anonymous reader quotes Fierce Wireless:
Earlier this week, the New York Times published a story with the headline "Your 5G Phone Won't Hurt You. But Russia Wants You to Think Otherwise." [Non-paywalled MSN version here.] The story outlined how RT, the Russia-backed and U.S.-based television network, has been peddling 5G cancer fear-mongering stories, making claims that 5G causes brain cancer, infertility, autism, Alzheimer's and other health disorders.
The Times reports RT has run seven such programs this year, including pieces entitled "5G Apocalypse" and "Experiment on Humanity." The Times article claims that disinformation in these news segments has spread across Facebook, YouTube and TV news channels, and that news outlets almost never mention RT's Russian origins. Anna Belkina, RT's head of communications in Moscow, told the Times in an email, "Unlike many other media, we show the breadth of debate." But, U.S. officials have accused RT of being the Kremlin's principal international propaganda outlet.
VentureBeat adds that the New York Times "has accused Russian broadcaster RT America of stoking health-related 5G disinformation in an effort to delay other countries while Russia prepares to belatedly launch the new technology," adding that at least one of the programs told its viewers in America that 5G "might kill you...."
"Meanwhile, efforts to launch 5G networks are underway within Russia itself, and the New York Times reports that Russians have embraced even more extreme views on the high-frequency wireless signals: It's believed that they can be used to heal wounds, fight hair loss, rejuvenate skin, and treat cancer."Read Replies (0)
By EditorDavid from Slashdot's you-don't-know-Jack department
Long-time Slashdot reader solardiz has long bring an advocate for bringing security to open environments. Wednesday he contacted Slashdot to share this update about a piece of software he's authored called John the Ripper:
John the Ripper is the oldest still evolving password cracker program (and Open Source project), first released in 1996. John the Ripper 1.9.0-jumbo-1, which has just been announced with a lengthy list of changes, is the first release to include FPGA support (in addition to CPU, GPU, and Xeon Phi). This is a long-awaited (or long-delayed) major release, encompassing 4.5 years of development and 6000+ commits by 80+ contributors. From the announcement:
"Added FPGA support for 7 hash types for ZTEX 1.15y boards [...] we support: bcrypt, descrypt (including its bigcrypt extension), sha512crypt & Drupal7, sha256crypt, md5crypt (including its Apache apr1 and AIX smd5 variations) & phpass. As far as we're aware, several of these are implemented on FPGA for the very first time. For bcrypt, our ~119k c/s at cost 5 in ~27W greatly outperforms latest high-end GPUs per board, per dollar, and per Watt. [...] We also support multi-board clusters (tested [...] for up to 16 boards, thus 64 FPGAs, [...] on a Raspberry Pi 2 host)."Read Replies (0)
By EditorDavid from Slashdot's invisible-hands department
The bankruptcy of one of America's largest coal producers revealed that the company was helping to fund "think tanks that have attacked the link between the burning of fossil fuels and climate change, as well as to several conservative advocacy groups that have attempted to undermine policies intended to shift the economy toward renewable energy," reports the Intercept.
The document shows that Cloud Peak Energy helped fund the Institute of Energy Research, a Washington, D.C.-based group that has dismissed the "so-called scientific consensus" on climate change and regularly criticizes investments in renewable energy as a "waste" of resources. Several of the groups that receive funding from Cloud Peak Energy have used aggressive tactics to attempt to discredit environmentalists.
The Center for Consumer Freedom, one of the groups listed in the coal company's filing, is part of a sprawling network of front groups set up by a lobbyist named Rick Berman geared toward attacking green groups such as the Sierra Club and Food & Water Watch as dangerous radicals. Other organizations quietly bankrolled by Cloud Peak Energy have directly shaped state policy... The Montana Policy Institute -- a local libertarian think tank that promotes a discredited claim that world temperatures are falling, not rising, and questions whether humans cause climate change -- also received funding from the firm....
Four years ago, falling coal prices led to a series of bankruptcies of the largest coal companies in America. The filings, first reported by The Intercept, similarly revealed that the coal industry had financed a range of activists and organizations dedicated to spreading doubt about the science underpinning climate change...
< article continued at Slashdot's invisible-hands department
>Read Replies (0)
By EditorDavid from Slashdot's land-of-submarines department
schwit1 quotes the maritime industry news site gCaptain:
A private equity investor from Dallas, Texas and his team of explorers have completed a series of record-breaking dives to Challenger Deep in the Marianas Trench, commonly known as the deepest place on earth. The initial record-setting dive took took place on April 28 when American, Victor Vescovo, a retired U.S. Navy officer, made a solo dive to the bottom of the 'Eastern Pool' of the Challenger Deep, reaching a depth of 10,928 meters (35,853 feet deep) and setting a new world record for the deepest dive by any human in history. Vescovo spent four hours (248 minutes) exploring the basin, setting another new record for the longest period of time ever spent on the bottom of the ocean by an individual.
The 10,928-meter depth beats the previous manned dive record by 16 meters (52 feet). [A record set in 2012 by James Cameron.]
CNN reports the explorer "returned to the surface with the depressing news that there appears to be plastic trash down there... As well as four new species that could offer clues about the origins of life on Earth, Vescovo said he observed a plastic bag and candy wrappers at the deepest point on the planet."Read Replies (0)
By EditorDavid from Slashdot's where-everybody-knows-your-name department
"The New York Police Department used a photo of Woody Harrelson in its facial recognition program in an attempt to identify a beer thief who looked like the actor," reports the Associated Press:
Georgetown University's Center on Privacy and Technology highlighted the April 2017 episode in "Garbage In, Garbage Out," a report on what it says are flawed practices in law enforcement's use of facial recognition. The report says security footage of the thief was too pixelated and produced no matches while high-quality images of Harrelson, a three-time Oscar nominee, returned several possible matches and led to one arrest.
The NYPD also used a photo of a New York Knicks player to search its database for a man wanted for a Brooklyn assault, the report said.
"The stakes are too high in criminal investigations to rely on unreliable â" or wrong â" inputs," Georgetown researcher Clare Garvie wrote.... The Georgetown report says facial recognition has helped the NYPD crack about 2,900 cases in more than five years of using the technology.
And in Florida, Vice reports, law enforcement agencies "run roughly 8,000 of these searches per month."Read Replies (0)
By EditorDavid from Slashdot's second-languages department
Google "officially declared Kotlin the go-to language for Android development last week at its Google I/O developer conference," reports Mike Melanson's "This Week in Programming" column, "and the company is backing that up with a couple of initiatives around making it easier (and free) to learn the language now used by a majority of Android developers."
Google teamed up with Udacity to offer Developing Android Apps with Kotlin , a free, self-paced online course on how to build Android apps with Jetpack and Kotlin, meant for people who have programming experience and are comfortable with Kotlin basics. Google also announced "Kotlin/Everywhere, a series of community-driven events focussing on the potential of Kotlin on all platforms," which it is putting on in conjunction with JetBrains.
Of course, this leaves the question that has been asked many times before -- why Kotlin? -- and IT consultant Kristen Carter offers a take on how Android app development became Kotlin-first. Carter offers some business angles, such as the 2010 lawsuit against Google by Oracle, which predates Kotlin by just a year, and she speculates may have been the impetus behind the language's development as "Google has always wanted to get away from the [Java] ecosystem." At the same time, Carter offers some language-specific reasoning too, such as the comparably succinct nature of Kotlin, the absence of Java's NullPointerExceptions, and the ease with which Java developers could transition to Kotlin. Carter ends her piece by posing the possibility that Oracle "knows the significance of Java in android app development" and could "ship Java with a few upgrades in its next version to take on Kotlin."Read Replies (0)
By EditorDavid from Slashdot's policy-or-propaganda department
An anonymous reader quotes the Washington Post:
Venky Ganesan, a partner at technology investor Menlo Ventures, told The Washington Post that the White House's new survey about bias on social media is "pure kabuki theatre" and an attempt to curry political points with conservatives. He said the Trump administration's repeated accusations that tech companies censor conservative voices are unfounded because even though most Silicon Valley executives are liberal or libertarian, they wouldn't let politics get in the way of their primary goal: making money...
The Internet Association, a trade association representing Facebook, Google and other tech companies, also pushed back on President Trump's repeated accusations that their products are biased against conservatives. The association says the platforms are open and enable the speech of all Americans -- including the president himself. "That's why the president uses Twitter so much," said Michael Beckerman, the Internet Association's chief executive. "He actually used Twitter for this particular announcement, which is perhaps ironic."
The article adds that the Trump administration "declined to tell The Washington Post what it planned to do with the data it's amassing." But on Twitter the New York Times technology columnist Kevin Roose argued that the survey "is just going to be used to assemble a voter file, which Trump will then pay Facebook millions of dollars to target with ads about how biased Facebook is."
< article continued at Slashdot's policy-or-propaganda department
>Read Replies (0)
By BeauHD from Slashdot's back-and-forth department
After being released from jail earlier this month after the grand jury she refused to testify before expired, NPR reports that Chelsea Manning, the former U.S. Army intelligence analyst who provided information to WikiLeaks, has been sent back to jail. An anonymous reader shares the report: Former Army intelligence analyst Chelsea Manning was sent back to jail Thursday after refusing for a second time to comply with a grand jury investigating WikiLeaks and its founder, Julian Assange. "Facing jail again, potentially today, doesn't change my stance," Manning told reporters in Alexandria, Va., before U.S. District Judge Anthony Trenga said she was in contempt of court. "I will not cooperate with this or any other grand jury," Manning insisted. "So it doesn't matter what it is or what the case is, I'm just not going to comply or cooperate."
Manning said prosecutors had put her in an impossible position despite the Justice Department granting her immunity from self-incrimination. In addition to being held in custody for the duration of the grand jury's investigation or until Manning testifies, the judge ordered her to be fined $500 every day that she is in custody after 30 days and $1,000 every day in custody after 60 days, according to a statement by Manning's lawyers.Read Replies (0)
By BeauHD from Slashdot's physical-and-not-so-physical-media department
Ben Sisario, American author, academic, and journalist who covers the music industry for The New York Times, shares why he still likes to list to compact discs: I try to keep an eye on all the major platforms out there, which means regularly poking around on about a dozen apps. My go-to sources are Spotify, SoundCloud, Bandcamp and Mixcloud, which has excellent D.J.-style mixes and to me feels more human than most. At home I have a Sonos Play:5 speaker, which plays streaming music and podcasts, and is a piece of cake to use. I also have Google Chromecast Audio, a little plug-in device (now discontinued) that allows me to send high-fidelity streams to my stereo. It sounds better that way, but it's not nearly as easy to use as the Sonos. To be honest, my preferred way to listen to music is on CD, as unfashionable as that might be. You push a button, the music plays, and then it's over -- no ads, no privacy terrors, no algorithms! Do you share the same sentiment as Sisario, or have you gone all in on music streaming? Why or why not?Read Replies (0)
By BeauHD from Slashdot's future-transportation department
German startup Lilium has unveiled a new "flying taxi" that can vertically take off and be the basis for an on-demand air service within six years. The Guardian reports: The electric jet-powered five-seater aircraft is designed to travel up to 300km, a journey that would take it an hour at top speed. While a smaller version of its novel plane flew in 2017, Lilium said that the maiden flight of a full-scale prototype earlier this month -- a brief, remote-controlled test hover in Munich -- was a "huge step." The firm, which has attracted more than $100 million in investment since its founding in 2015, has set a target of offering Uber-style, app-based air taxis in multiple cities by 2025.
The latest iteration, with room for a pilot and four passengers, will be the template for Lilium's mass production model. With sufficient economy of scale, Lilium believes fares would be around $70 per head for a cross-city hop from, for example, JFK airport to Manhattan. According to Lilium, the relatively simple design, beyond the 36 electric jet engines needed for vertical take-off and landing, make it more safe and affordable than other planes. Once in the air, the power needed in cruise is little more than that of an electric car, Lilium says. The fixed wing design gives a longer range than competitors with drone-based aircraft, which consume much more energy keeping airborne. Lilium will now seek certification for its new plane through rigorous flight testing, the next landmark being to move the jet seamlessly from vertical to horizontal flight.Read Replies (0)
By BeauHD from Slashdot's knowledge-is-power department
CNBC's Todd Haselton has discovered that Google saves years of information on the purchases you've made, even outside Google, and pulls this information from Gmail. An anonymous reader shares the report: A page called "Purchases" shows an accurate list of many -- though not all -- of the things I've bought dating back to at least 2012. I made these purchases using online services or apps such as Amazon, DoorDash or Seamless, or in stores such as Macy's, but never directly through Google. But because the digital receipts went to my Gmail account, Google has a list of info about my buying habits. Google even knows about things I long forgot I'd purchased, like dress shoes I bought inside a Macy's store on Sept. 14, 2015.
But there isn't an easy way to remove all of this. You can delete all the receipts in your Gmail inbox and archived messages. But, if you're like me, you might save receipts in Gmail in case you need them later for returns. There is no way to delete them from Purchases without also deleting them from Gmail -- when you click on the "Delete" option in Purchases, it simply guides you back to the Gmail message. Google's privacy page says that only you can view your purchases. But it says "Information about your orders may also be saved with your activity in other Google services " and that you can see and delete this information on a separate "My Activity" page. Except you can't. Google's activity controls page doesn't give you any ability to manage the data it stores on Purchases. Google says you can turn off the tracking entirely, but when CNBC tried this, it didn't work.
Google says it doesn't use your Gmail to show you ads and promises it "does not sell your personal information, which includes your Gmail and Google Account information," and does "not share your personal information with advertisers, unless you have asked us to."Read Replies (0)
By BeauHD from Slashdot's tech-for-thought department
dryriver writes: For capitalism to work for consumers in a beneficial way, the big players have to compete hard against each other and innovate courageously. What appears to be happening instead, however, is that every year almost everybody is making roughly the same product at roughly the same price point. Most 4K TVs at the same price point have the same features -- there is little to distinguish manufacturer A from manufacturer B. Ditto for smartphones -- nobody suddenly puts a 3D scanning capable lightfield camera, shake-the-phone-to-charge-it or something similarly innovative into their next phone. Ditto for game consoles -- Xbox and Playstation are not very different from each other at all. Nintendo does "different," but underpowers its hardware. Ditto for laptops -- the only major difference I see in laptops is the quality of the screen panel used and of the cooling system. The last laptop with an auto stereoscopic 3D screen I have seen is the long-discontinued Toshiba Satellite 3D. Ditto for CPUs and GPUs -- it doesn't really matter whether you buy Intel, AMD, or Nvidia. There is nothing so "different" or "distinct" in any of the electronics they make that it makes you go "wow, that is truly groundbreaking." Ditto for sports action cameras, DSLRs, portable storage and just about everything else "tech." So where precisely -- besides pricing and build-quality differences -- is the competition in what these companies are doing? Shouldn't somebody be trying to "pull far ahead of the pack" or "ahead of the curve" with some crazy new feature that nobody else has? Or is true innovation in tech simply dead now?Read Replies (0)
By BeauHD from Slashdot's don't-mess-with-my-settings-bro department
An anonymous reader quotes a report from Ars Technica: On May 17, researchers at Tenable revealed that they had discovered a vulnerability in the Windows version of the desktop application for Slack, the widely used collaboration service. The vulnerability, in Slack Desktop version 3.3.7 for Windows, could have been used to change the destination of a file download from a Slack conversation to a remote file share owned by an attacker. This would allow the attacker to not only steal the files that were downloaded by a targeted user, but also allow the attacker to alter the files and add malware to them. When victims opened the files, they would get a potentially nasty surprise. Tenable reported the vulnerability to Slack via HackerOne. Slack has issued an update to the Windows desktop client that closes the vulnerability. Once the attacker had changed the default download location, "the attacker could have not only stolen the document, but even inserted malicious code in it so that when opened by victim after download (through the Slack application), their machine would have been infected," writes Tenable's David Wells in a blog post.Read Replies (0)
By BeauHD from Slashdot's world-is-your-oyster department
Microsoft is working on an ambitious new Minecraft game with an augmented-reality spin that hopes to one up Niantic's wildly popular Pokemon Go mobile game. The Verge's Tom Warren sat down with Microsoft's HoloLens and Kinect creator, Alex Kipman, to take a look Minecraft Earth, a new free-to-play game for iOS and Android that lets players create and share whatever they've made in the game with friends in the real world, away from TV screens and monitors.
"We have covered the entire planet in Minecraft," explains Torfi Ilafsson, game director of Minecraft Earth. "Every lake is a place you can fish, every park is a place you can chop down trees. We've actually taken maps of the entire world and converted them to Minecraft." Warren writes: These maps, based on OpenStreetMap, have allowed Microsoft to start working out where to place Minecraft adventures into the world. These adventures spawn dynamically on the Minecraft Earth map and are designed for multiple people to get involved in. This is really where Minecraft Earth starts to get interesting and beyond anything I've played in other AR games like Pokemon Go. I tried a variety of adventures during my brief Minecraft Earth gameplay demo, and they range from peaceful and friendly to a little more risky, knowing you enter them and might lose all your treasure if you die to a monster. The fascinating part of adventures is that you can be side-by-side with friends, all experiencing the same game on the exact same spot of a sidewalk or in a park at the same time. Microsoft is doing some impressive behind-the-scenes computational magic (more on that later) so that when you play an adventure, it's in a precise location, beyond regular GPS coordinates, so that everyone is experiencing the same thing. You can fight monsters, break down structures for resources together, and even stand in front of a friend to block them from physically killing a virtual sheep.
< article continued at Slashdot's world-is-your-oyster department
>Read Replies (0)
By BeauHD from Slashdot's too-much-passion department
An anonymous reader quotes a report from Reuters: A California man was sentenced to 20 months in prison on Friday after pleading guilty for threatening to kill the family of U.S. Federal Communications Commission Chairman Ajit Pai over the regulator's successful effort to repeal net neutrality rules. The Justice Department said Markara Man, 33, of Norwalk, California, sent the email threats "in hopes it would cause (Pai) to reverse his position on net neutrality." Led by Pai, the FCC in December 2017 repealed landmark net neutrality protections, which required internet service providers to provide users equal access to all data, regardless of their kind, source or destination. When Markara pleaded guilty in September 2018, Pai thanked law enforcement and the FCC for protecting him and his family, adding "I am deeply grateful for all they have done to keep us safe." In November 2018, Tyler Barriss pleaded guilty for calling in a bomb threat to the FCC during the December 2017 meeting where the vote to repeal net neutrality was held.Read Replies (0)
By msmash from Slashdot's here's-to-the-next-10-years department
For more than three decades, Stephen Wolfram, a 59-year-old scientist, software designer and entrepreneur, has built software that has attracted an avid following among mathematicians and scientists. His Mathematica program for symbolic mathematical computation and its programming language, Wolfram Language, are favorites of the intelligentsia of the quant world in universities and corporations. Wolfram Alpha, one of his creations, is a unique search engine that does not forage the web, but culls its own painstakingly curated database to find answers. This week, the search engine turned 10.
On the big occasion, Mr. Wolfram has shared some insight: It was a unique and surprising achievement when it first arrived, and over its first decade it's become ever stronger and more unique. It's found its way into more and more of the fabric of the computational world, both realizing some of the long-term aspirations of artificial intelligence, and defining new directions for what one can expect to be possible. Oh, and by now, a significant fraction of a billion people have used it. And we've been able to keep it private and independent, and its main website has stayed free and without external advertising.
As the years have gone by, Wolfram Alpha has found its way into intelligent assistants like Siri, and now also Alexa. It's become part of chatbots, tutoring systems, smart TVs, NASA websites, smart OCR apps, talking (toy) dinosaurs, smart contract oracles, and more. It's been used by an immense range of people, for all sorts of purposes. Inventors have used it to figure out what might be possible. Leaders and policymakers have used it to make decisions. Professionals have used it to do their jobs every day. People around the world have used it to satisfy their curiosity about all sorts of peculiar things. And countless students have used it to solve problems, and learn. The footage of the launch of Alpha, from 10 years ago.Read Replies (0)