Sorry, you need to enable JavaScript to visit this website.

Slashdot

Slashdot
News for nerds, stuff that matters
Updated: 13 min 8 sec ago

Researcher Hacks Nine Sleep-Tracking Devices To Test Their Accuracy

Mon, 15/05/2017 - 12:30pm
A determined researcher at Brown University extracted "the previously irretrievable sleep tracking data from the Hello Sense, from the Microsoft Band, and nine other popular devices," according to an anonymous reader, "by decompiling the apps and using man-in-the-middle attacks." Then they compared each device's data to that from a research-standard actigraph. Their results? The Fitbit Alta seems to be the most accurate among the other nine in terms of sleep versus awake data... Our findings tell that these consumer-level sleep reports should be taken with a grain of salt, but regardless we're happy to see more and more people investing in improving their sleep.

Read more of this story at Slashdot.

Open Source Educators 'OpenHatch' Close, Leaving Void For Campus Events

Mon, 15/05/2017 - 10:30am
Long-time Slashdot reader paulproteus writes: OpenHatch was a non-profit that organized free tutorials with college computer science groups to learn how to teach how to get involved in open source, covered previously on Slashdot. It has run more than 50 events so far. On Friday, it announced it is closing its doors due to board members moving on to other projects, leaving open the door for other people to organize future Open Source Comes to Campus events. If you have any stories to share about Open Hatch -- or other campus outreach groups -- feel free to leave them in the comments. Are any Slashdot readers involved with Open Source outreach efforts?

Read more of this story at Slashdot.

UK Group Fights Arrest Over Refusing To Surrender Passwords At The Border

Mon, 15/05/2017 - 7:28am
An anonymous reader quotes The Guardian: The human rights group Cage is preparing to mount a legal challenge to UK anti-terrorism legislation over a refusal to hand over mobile and laptop passwords to border control officials at air terminals, ports and international rail stations... The move comes after its international director, Muhammad Rabbani, a UK citizen, was arrested at Heathrow airport in November for refusing to hand over passwords. Rabbani, 35, has been detained at least 20 times over the past decade when entering the UK, under schedule 7 of terrorism legislation that provides broad search powers, but this was the first time he had been arrested... On previous occasions, when asked for his passwords, he said he had refused and eventually his devices were returned to him and he was allowed to go. But there was a new twist this time: when he refused to reveal his passwords, he was arrested under schedule 7 provisions of the terrorism act and held overnight at Heathrow Polar Park police station before being released on bail. He expects to be charged on Wednesday. Rabbani "argues that the real objective...is not stopping terrorists entering the UK, but as a tool to build up a huge data bank on thousands of UK citizens." And his position drew support from Jim Killock, executive director of the UK-based Open Rights Group. "Investigations should take place when there is actual suspicion, and the police should be able to justify their actions on that basis, rather than using wide-ranging powers designed for border searches."

Read more of this story at Slashdot.

Lyft And Waymo Announce They'll Collaborate On Self-Driving Cars

Mon, 15/05/2017 - 5:26am
An anonymous reader quotes NBC: In the race to the self-driving future, Lyft has agreed to work with Waymo, the self-driving car company owned by Google's parent company, to bring autonomous vehicles to the masses, both companies told NBC News on Sunday night. The announcement comes as Waymo has accused Lyft's biggest competitor, Uber, of stealing trade secrets from the company to advance its own self-driving operation... Both companies issued gushy statements about their new partners. Lyft said Waymo "holds today's best self-driving technology, and collaborating with them will accelerate our shared vision of improving lives with the world's best transportation." And Waymo applauded Lyft's "vision and commitment to improving the way cities move", saying it would help their technology "reach more people, in more places."

Read more of this story at Slashdot.

FCC Suspends Net Neutrality Comments, As Chairman Pai Mocks 'Mean Tweets'

Mon, 15/05/2017 - 3:22am
An anonymous reader writes:Thursday the FCC stopped accepting comments as part of long-standing rules "to provide FCC decision-makers with a period of repose during which they can reflect on the upcoming items" before their May 18th meeting. Techdirt wondered if this time to reflect would mean less lobbying from FCC Chairman Ajit Pai, but on Friday Pai recorded a Jimmy Kimmel-style video mocking mean tweets, with responses Gizmodo called "appalling" and implying "that anyone who opposes his cash grab for corporations is a moron." Meanwhile, Wednesday The Consumerist reported the FCC's sole Democrat "is deploying some scorched-earth Microsoft Word table-making to use FCC Chair Ajit Pai's own words against him." (In 2014 Pai wrote "A dispute this fundamental is not for us five, unelected individuals to decide... We should also engage computer scientists, technologists, and other technical experts to tell us how they see the Internet's infrastructure and consumers' online experience evolving.") But Pai seemed to be mostly sticking to friendlier audiences, appearing with conservative podcasters from the Taxpayer Protection Alliance, the AEI think tank and The Daily Beast. The Verge reports the flood of fake comments opposing Net Neutrality may have used names and addresses from a breach of 1.4 billion personal information records from marketing company River City Media. Reached on Facebook Messenger, one woman whose named was used "said she hadn't submitted any comments, didn't live at that address anymore and didn't even know what net neutrality is, let alone oppose it." Techdirt adds "If you do still feel the need to comment, the EFF is doing what the FCC itself should do and has set up its own page at DearFCC.org to hold any comments."

Read more of this story at Slashdot.

Microsoft Blasts Spy Agencies For Leaked Exploits Used By WanaDecrypt0r

Mon, 15/05/2017 - 1:39am
An anonymous reader shares Engadget's report about Microsoft's response to the massive WanaDecrypt0r ransomware attack: Company president Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There's an "emerging pattern" of these stockpiles leaking out, he says, and they cause "widespread damage" when that happens. He goes so far as to liken it to a physical weapons leak -- it's as if the US military had "some of its Tomahawk missiles stolen"... Microsoft had already floated the concept of a "Digital Geneva Convention" that required governments to report security holes, but the idea has gained a new sense of urgency in light of the recent ransomware chaos... While Microsoft makes its own efforts by rushing out patches and sharing concerns with other companies, it also chastises customers who could have closed the WannaCry hole two months earlier but didn't. BrianFagioli shared a BetaNews article arguing Microsoft "should absolutely not shoulder any of the responsibility. After all, the vulnerability that led to the disaster was patched back in March." But troublemaker_23 notes that ITwire still faults Microsoft for not planning ahead, since in February 150 million people were still using Windows XP.

Read more of this story at Slashdot.

PCs Connected To the Internet Will Get Infected With WanaDecrypt0r In Minutes

Sun, 14/05/2017 - 11:36pm
An anonymous reader writes: "The Wana Decrypt0r ransomware -- also known as WCry, WannaCry, WannaCrypt, and WanaCrypt0r -- infected a honeypot server made to look like a vulnerable Windows computer six times in the span of 90 minutes, according to an experiment carried out by a French security researcher that goes online by the name of Benkow," reports BleepingComputer. "During one of those infections, Wana Decrypt0r infected the honeypot in a mere three minutes after it was reset, showing the aggressive nature of the ransomware's scanning module, which helps it spread to new victims... Three minutes is about the same amount of time IoT malware will infect a vulnerable home router left connected to the Internet without patches." The article also highlights the fact that the group behind this threat is possibly made of inexperienced coders, who just stumbled upon a way to weaponize an NSA exploit. Their three previous WanaDecrypt0r campaigns were mundane, and one researcher called their code "utter [expletive]." This is because WanaDecrypt0r is actually made of two main modules, the ransomware itself, and the SMB worm (based on the NSA exploit). While the SMB worm is top-shelf code, the ransomware itself is quite unsophisticated, making a lot of operational errors, including using only 3 Bitcoin wallets to handle payments, instead of one per infected user, as most top-shelf ransomware does. This makes it difficult to tell which victims paid and who didn't, as anyone could claim "x" transaction is theirs, even if they didn't pay.

Read more of this story at Slashdot.

Streaming Services Will Pay Writers More Under New Writers Guild Pact

Sun, 14/05/2017 - 9:34pm
An anonymous reader quotes Deadline: Netflix, Amazon and Hulu will be paying a lot more in writers' residuals under the new WGA film and TV contract. New details, outlined by WGA West, reveal that high-budget shows they run will generate anywhere between $3,448-$34,637 more residuals per episode over the life of the three-year contract than they did under the old contract, depending on the platform and the length of the show. Essentially, it's the same deal the Director's Guild of America got in their negotiations last December. The WGA contract, which has been unanimously approved by the WGA West board and the WGA East council, now goes to the guilds' members for final ratification. Voting begins Friday and concludes May 24. For every half-hour of a high-budget show, Netflix will be paying $19,058 more in residuals than it did under the old contract.

Read more of this story at Slashdot.

EFF Warns Most Of Intel's Chipsets Contain 'A Security Hazard'

Sun, 14/05/2017 - 8:34pm
The EFF is issuing a warning about the "tiny homunculus computer" in most of Intel's chipsets -- the largely-undocumented "Management Engine" which houses more than just the AMT module. An anonymous reader quotes their report: While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one....vulnerabilities in any of the other modules could be as bad, if not worse, for security. Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes... It should be up to hardware owners to decide if this code will be installed in their computers or not. Perhaps most alarmingly, there is also reportedly a DRM module that is actively working against the user's interests, and should never be installed in a Management Engine by default... While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems. TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."

Read more of this story at Slashdot.

Nuclear Experts Form International 'Nuclear Crisis Group'

Sun, 14/05/2017 - 7:34pm
Slashdot reader Dan Drollette shares an article by the executive director and publisher of the Bulletin of the Atomic Scientists:On Friday, an elite group of the world's nuclear experts and advisers launched a Nuclear Crisis Group, to help manage the growing risk of nuclear conflict. The group includes leading diplomats with decades of experience, and retired military officers who were once responsible for launching nuclear weapons if given the order to do so. China, India, Pakistan, Russia, and the United States, all countries that have nuclear weapons, are represented. The group intends to create a "shadow security council," or an expert group capable of providing advice to world leaders on nuclear matters... Building on grass-roots support, the Nuclear Crisis Group could serve as a brake on nuclear escalation and be an early step in reversing the downward nuclear security spiral. Not only will they be able to offer expertise to inexperienced leaders who are dabbling in nuclear security, but they will be able to develop and endorse proposals that could make the world safer such as expanding the decision time that leaders have to respond to a nuclear threat, further protecting nuclear systems against cyber attacks and unintended escalations, reenergizing the appetite for arms control negotiations, and questioning global nuclear upgrade programs.

Read more of this story at Slashdot.

Scientists Achieve Direct Counterfactual Quantum Communication For The First Time

Sun, 14/05/2017 - 6:34pm
schwit1 shares an article from ScienceAlert: Quantum communication is a strange beast, but one of the weirdest proposed forms of it is called counterfactual communication -- a type of quantum communication where no particles travel between two recipients. Theoretical physicists have long proposed that such a form of communication would be possible, but now, for the first time, researchers have been able to experimentally achieve it -- transferring a black and white bitmap image from one location to another without sending any physical particles... It works based on the fact that, in the quantum world, all light particles can be fully described by wave functions, rather than as particles. So by embedding messages in light the researchers were able to transmit this message without ever directly sending a particle. It's different than quantum entanglement (which Einstein described as "spooky action at a distance.") The article describes it as "a pretty cool demonstration of just how bizarre and unexplored the quantum world is."

Read more of this story at Slashdot.

WSJ Columnist: Robots Aren't Destroying <em>Enough</em> Jobs

Sun, 14/05/2017 - 5:34pm
An anonymous reader writes: Will millions be unemployed after a job-destroying robot apocalypse? That's "starkly at odds with the evidence," argues a Wall Street Journal columnist, who says the real problem is robots aren't destroying enough jobs. "Too many sectors, such as health care or personal services, are so resistant to automation that they are holding back the entire country's standard of living." Noting that "churn relative to total employment" is the lowest it's ever been, he writes that "The pessimism would be more plausible if the evidence weren't moving in exactly the opposite direction... "In April, nonfarm private employment rose for the 86th straight month, the longest such streak on record. Monthly job creation has averaged 185,000 this year, more than double what the U.S. can sustain given its demographics. This has driven unemployment down to 4.4%, a 10-year low and below most estimates of 'full employment.' Growing labor shortages have boosted the typical worker's annual wage gain to more than 3% now from 2% in 2012, according to the Federal Reserve Bank of Atlanta. Instead of worrying about robots destroying jobs, business leaders need to figure out how to use them more, especially in low-productivity sectors... The alternative is a tightening labor market that forces companies to pay ever higher wages that must be passed on as inflation, which usually ends with recession. "That is a more imminent threat than an army of androids."

Read more of this story at Slashdot.

Developer Creates An Experimental Perl 5 To Java Compiler

Sun, 14/05/2017 - 4:34pm
An anonymous reader writes: Saturday night saw the announcement of an experimental Perl 5 to Java compiler. "This is the first release," posted developer FlÃvio S. Glock -- after 100 weeks of development. "Note that you don't need to compile a Java file. Perlito5 now compiles the Perl code to JVM bytecode in memory and executes it." He describes the compiler as "a work-in-progress" that "provides an impressive coverage of Perl features, but it will not run most existing Perl programs due to platform differences."

Read more of this story at Slashdot.

Open Source SQL Database CockroachDB Hits 1.0

Sun, 14/05/2017 - 3:34pm
An anonymous reader quotes InfoWorld: CockroachDB, an open source, fault-tolerant SQL database with horizontal scaling and strong consistency across nodes -- and a name few people will likely forget -- is now officially available. Cockroach Labs, the company behind its development, touts CockroachDB as a "cloud native" database solution -- a system engineered to run as a distributed resource. Version 1.0 is available in both basic and for-pay editions, and both boast features that will appeal to enterprises. The company is rolling the dice with its handling of the enterprise edition by also making those components open source and trusting that enterprises will pay for what they use in production.

Read more of this story at Slashdot.

Microsoft Wants To Monitor Your Workplace With AI, Computer Vision and the Cloud

Sun, 14/05/2017 - 2:30pm
"If you're an employee under the heel of a giant corporation you should probably be terrified by the vision of the future of connected gadgets that Microsoft just revealed at its Build developer conference here in Seattle," warns Gizmodo. Slashdot reader dryriver writes: Gizmodo reports on a Microsoft Workplace Monitoring demo where CCTV cameras watch a workplace -- like a construction site -- on 24/7 basis, and AI algorithms constantly oversee and evaluate what is happening in that workplace. The system can track where employees are, where physical equipment and tools are at what time, who does what at what time in this workplace and apparently use Cloud-based AI of some sort to evaluate what is happening in the workplace being monitored. Spotting employees misbehaving, breaking workplace rules or putting themselves and expensive equipment at risk may be the intended "value proposition" this system brings to the workplace. Another aspect may be reducing insurance premiums employers pay by creating a strict, highly monitored work environment. But the system is also very Big Brother -- an AI is monitoring people and equipment in a workplace in realtime at all times, and all the data ends up being processed in the Microsoft Cloud. Gizmodo gave their article the title, "Microsoft's Latest Workplace Tech Demos Creep Me Out."

Read more of this story at Slashdot.

British PM Candidate Promises Social Media Crackdown

Sun, 14/05/2017 - 1:34pm
Theresa May's party "is expected to win a majority at the June 8 election," reports Reuters -- and she's promising they'll pass new social media laws. An anonymous reader quotes Politico: They want to introduce a new measure that could fine or punish internet firms which fail to adequately flag and take down content harmful to minors or "direct users unintentionally to hate speech, pornography or other sources of harm," according to a press release. "The internet has brought a wealth of opportunity but also significant new risks which have evolved faster than society's response to them," May said. "We want social media companies to do more to help redress the balance and will take action to make sure they do"... The Conservative digital platform also promises to better protect Brits' personal information, compelling social media companies to trash user records from before the age of 18. The party plans to encourage the development of digital by default government and business services, as well.

Read more of this story at Slashdot.

WanaDecrypt0r Ransomware Earns Just $26,000 In Ransom Payments

Sun, 14/05/2017 - 11:34am
An anonymous reader quotes Krebs On Security: As thousands of organizations work to contain and clean up the mess from this week's devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what's being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam... It's worth noting that the ransom note Wana popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters... I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward.

Read more of this story at Slashdot.

Slashdot Asks: Should Businesses Switch To Biometric Passwords?

Sun, 14/05/2017 - 7:30am
This question was inspired by a recent article in Harvard Business Review: It's become abundantly clear that passwords are an untenable way to secure our data online. And asking your customers to keep track of complicated log-in information is a terrible user experience... The threat to security when relying on passwords is one reason businesses are increasingly migrating to biometric systems. Identity verification through biometrics can ensure greater security for personal information, while also providing customers with a more seamless experience in the digital environment of smartphones, tablets, sensors, and other devices... the idea is to verify someone's identity with a high degree of assurance by tying it to multiple mechanisms at once, known as biometric modalities [which] when used in concert, can provide a significantly safer environment for the customer, and are much easier to use... [I]f an app simultaneously requires a thumbprint, a retina scan, and a vocal recognition signature, it would be close to impossible for a bad actor to replicate that in the seconds needed to open the app. This got me curious -- are Slashdot's readers already seeing biometric verification systems in their own lives? Share your experiences in the comments, as well as your informed opinion. Do you think businesses should be switching to biometric passwords?

Read more of this story at Slashdot.

Why Amanda Palmer Left the Music 'Industry' For Crowdfunding

Sun, 14/05/2017 - 4:06am
Amanda Palmer says abandoning the commercial music industry for a subscription model made it possible to take more chances, like a new album with psychedelia artist Edward Ka-Spel. An anonymous reader quotes Digital Trends: I spent my whole life in this music industry trying to figure out how to sell what I'm making. But I don't "sell" anymore -- I just have this magical net of supporters who are supporting me whether I choose to make a record with Edward or make a record with my dad, which I did last year... [S]ometimes, you absolutely want to do ridiculous, noncommercial stuff. The Patreon patrons have been a godsend in that sense. I've had to continually re-educate myself that this isn't about selling music. It's about making music. I got so used to those two being inseparable that it took a lot of psychological work to divorce the processes. She says her supporters "haven't just promised; they've put down their credit card." And Neil Gaiman, her husband, also strongly endorses the freedom to experiment. "If, as an artist, you ever listen to your fans' demands, and their demands are always insisting you make the last thing they liked again, you would go nowhere."

Read more of this story at Slashdot.

Up To 1.4M More Fake Wells Fargo Accounts Possible

Sun, 14/05/2017 - 1:04am
An anonymous reader quotes the Bay Area Newsgroup: Wells Fargo may have opened as many as 3.5 million bogus bank accounts without its customers' permission, attorneys for customers suing the bank have alleged in a court filing, suggesting the bank may have created far more fake accounts than previously indicated. The plaintiffs' new estimate of bogus bank accounts is about 1.4 million, or 67%, higher than the original estimate -- disclosed last year as part of a settlement with regulators -- that up to 2.1 million accounts were opened without customers' permission... The attorneys covered a period from 2002 to 2017, rather than the previously scrutinized five-year stretch from 2011 to some time in 2016 in which the bank acknowledged setting up unauthorized accounts. Wells Fargo terminated 5,300 employees for creating fake accounts, and their CEO now acknowledges that "we had an incentive program and a high-pressure sales culture within our community bank that drove behavior that many times was inappropriate and inconsistent with our values." In a possibly-related story, Wells Fargo plans to shut 450 branches over the next two years.

Read more of this story at Slashdot.