Sorry, you need to enable JavaScript to visit this website.

Slashdot

Slashdot
News for nerds, stuff that matters
Updated: 8 sec ago

Microsoft Update Servers Left All Azure RHEL Instances Hackable

Mon, 28/11/2016 - 6:00pm
An anonymous reader shares a report on The Register: Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances. Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package Manager contains build host information that allows attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS. From there Duffy found a package labeled PrepareRHUI (Red Hat Update Infrastructure) that runs on all Azure RHEL boxes, and contains the rhui-monitor.cloud build host. Duffy accessed that host and found it had broken username and password authentication. This allowed him to access a backend log collector application which returned logs and configuration files along with a SSL certificate that granted full administrative access to the four Red Hat Update Appliances. Duffy says all Azure RHEL images are configured without GPG validation checks meaning all would accept malicious package updates on their next run of yum updates.

Read more of this story at Slashdot.

Apple's Next iPhone Could Have a Curved Screen, Says WSJ

Mon, 28/11/2016 - 5:20pm
Apple's 2017 iPhone lineup might include a model with a curved screen similar to Samsung's Edge devices, according to people familiar with the matter who spoke with the Wall Street Journal (paywalled). Apple's suppliers told the paper that they were asked to "increase output of thinner organic light emitting displays and submit prototype screens with better resolution than ones from Samsung." From a report on The Verge (since WSJ is paywalled): But with that in mind, the company is also reportedly considering more than 10 prototypes, so a curved display might not make it to market. We've heard this rumor before when it was coupled with the idea that at least one of Apple's new phones would include an OLED display.

Read more of this story at Slashdot.

Amazon Puts New Limit On Customer Reviews: No More Than 5 a Week Except For Verified Purchases

Mon, 28/11/2016 - 4:40pm
Amazon says it will start capping the number of product reviews any customer can submit in a given week, limiting each person to five/week except for products that have been verified by the company as purchased by the reviewer. From a GeekWire report: Books, music and video are exempt from the limit, but the new cap applies to the rest of Amazon's vast online selection of products. It's the latest move by the e-commerce giant to police its online reviews, a critical resource used by many online shoppers to assess products before buying. The news comes during the peak holiday shopping season, the most important time of year for Amazon, as the company tries to get more people comfortable with doing more of their shopping online. An Amazon spokeswoman confirmed the changes in a message to GeekWire, and they're spelled out in Amazon's updated Community Guidelines.

Read more of this story at Slashdot.

Buying Stuff On Your Phone Still Sucks

Mon, 28/11/2016 - 4:00pm
Despite all the advancements smartphone companies have made on the phone, desktop platforms continue to be their preferred way to buy stuff online. CNET spoke with a number of people who not only confirmed that they bought things using a laptop or a desktop computer, but also listed the reasons why they don't use their smartphones to do big transactions. From the report: For now, though, buying stuff on a phone is often terrible, so at least for this Cyber Monday you're likely still buying stuff on a laptop, with its big screen and full physical keyboard. While people are buying on mobile websites and apps a lot more -- up 65 percent from last year -- consumers are three times more likely to complete a purchase on a PC than a phone, according to an Adobe mobile retail report released last month. That's resulted in PCs bringing in 75 percent of retailers' online sales this year, versus just 16 percent from phones, the report said. To consumers, phone screens are too small, pinch-to-zoom features aren't available in mobile apps, it's hard to find things easily, and checkout using that tiny touchscreen keyboard is a pain. When people do buy on mobile, they make smaller purchases than on desktops, Adobe found. Retailers stand to lose billions of dollars in sales if they don't get their act together, Adobe said. And consumers will continue to be frustrated when trying to buy.

Read more of this story at Slashdot.

The Mac App Store Is Full of Scams

Mon, 28/11/2016 - 3:20pm
Over the years, Apple may have improved security, filters, and screening process of apps for its Mac's App Store, but even today things the quality of fraudulent apps continue to not only seep through its gatekeepers, but often times outnumber the good apps. How To Geek did some investigation over this and published the findings yesterday in a story titled, "Don't Be Fooled: The Mac App Store Is Full of Scams". It didn't take long for the publication to find scam apps on Apple's marquee app store for Mac computers. A search for "Microsoft Excel", for instance, returns "Office Bundle" made by a third-party. The app offers templates -- and just that -- for $30. Same is the case with any Office suite application. This might not seem as a real problem to many, but as How to Geek points out, there is one more problem: almost all these apps have icons and title names that are similar to those of Microsoft's, and Apple has had no issues with that. From the article: Let's be blunt: these customers were ripped off, and Apple pocketed $10 each (Editor's note: Apple charges 30 percent on all transactions on App Store(. And you'll only see these comments if you scroll past the two five star reviews that mention the word "app" numerous times. All of these fakes use Microsoft brands like Office, Word, and Excel in the product names. The logos aren't one-to-one copies of Microsoft's official logos, but they're almost always the correct color and letter (blue "W" for Word, green "E" for Excel, etcetera).

Read more of this story at Slashdot.

Deutsche Telekom Says 900,000 Fixed-Line Customers Suffer Outages

Mon, 28/11/2016 - 2:45pm
About 900,000 Deutsche Telekom fixed-line customers have been hit by network outages, the carries said on Monday, and it could not rule out "targeted external factors" as the reason. From a Reuters report: Fixed-line customers have had problems connecting to Deutsche Telekom's network since Sunday afternoon, the company said. "Based on the pattern of errors, it can not be ruled out that the router has been targeted externally, with the result that it can no longer log on to the network," Deutsche Telekom, which has 20 million fixed-line customers, said in a statement on it website.

Read more of this story at Slashdot.

iOS 10.1.1 Is Causing Battery Issues For Many iPhone Users

Mon, 28/11/2016 - 2:05pm
An anonymous reader writes: A recent iOS update to 10.1.1 fix Apple's Health application has had unintended consequences for many users -- shutdown at 30% battery remaining and lack of audio using Apple Earpods. Users on an Apple forum report that the battery indicator jumps from 30% to 1% (dubbed the 30% bug) and a reboot is required where the phone then runs for a few more hours. Some have taken the iPhone back to receive a replacement only to find the same thing happens. Apple has not responded to the 11 pages of forum complaints but apparently, Genius Bar staff have identified unusual discharging of the battery -- which does not make sense if a reboot temporarily fixes the issue and returns the battery indicator to 30%. It also appears to affect all versions of iPhone that support iOS 10.x.

Read more of this story at Slashdot.

Newest Skype For Linux Enables SMS Text Messages From The Desktop

Mon, 28/11/2016 - 12:30pm
BrianFagioli writes: Microsoft has delivered an incredible feature to Linux-based desktop operating systems by way of the latest Alpha version of its Skype client... The newly-released Skype for Linux 1.13 allows users to send SMS test messages from the operating system! True, web-based solutions such as Google Voice have long allowed the sending of text messages, but needing to use a web browser can be a chore. There is convenience and elegance in using the Skype for Linux client.

Read more of this story at Slashdot.

48 Organizations Now Have Access To Every Brit's Browsing Hstory

Mon, 28/11/2016 - 8:30am
schwit1 quotes a report from Zero Hedge on Great Britain's newly-enacted "snoopers' charter": For those who missed our original reports, here is the new law in a nutshell: it requires telecom companies to keep records of all users' web activity for a year, creating databases of personal information that the firms worry could be vulnerable to leaks and hackers. Civil liberties groups say the law establishes mass surveillance of British citizens, following innocent internet users from the office to the living room and the bedroom. They are right. Which government agencies have access to the internet history of any British citizen? Here is the answer courtesy of blogger Chris Yuo, who has compiled the list Click through to the comments to read the entire list.

Read more of this story at Slashdot.

Ask Slashdot: Has Your Team Ever Succumbed To Hype Driven Development?

Mon, 28/11/2016 - 4:30am
marekkirejczyk, the VP of Engineering at development shop Daftcode, shares a warning about hype-driven development: Someone reads a blog post, it's trending on Twitter, and we just came back from a conference where there was a great talk about it. Soon after, the team starts using this new shiny technology (or software architecture design paradigm), but instead of going faster (as promised) and building a better product, they get into trouble. They slow down, get demotivated, have problems delivering the next working version to production. Describing behind-schedule teams that "just need a few more days to sort it all out," he blames all the hype surrounding React.js, microservices, NoSQL, and that "Test-Driven Development Is Dead" blog post by Ruby on Rails creator David Heinemeier Hansson. ("The list goes on and on... The root of all evil seems to be social media.") Does all this sound familiar to any Slashdot readers? Has your team ever succumbed to hype-driven development?

Read more of this story at Slashdot.

Ron Glass, Firefly's Shepherd Book, Has Died

Mon, 28/11/2016 - 2:58am
Slashdot reader tiqui tells us that Emmy-nominated actor Ron Glass has died. The actor was 71 and the family has not released more details of his death, but Firefly/Serenity fans can follow this link to the Hollywood Reporter for more information. Firefly creator Joss Whedon posted on Twitter that Glass "got there with grace, humor and enormous heart. He was, among so many other things, my Shepherd. Raise, appropriately, a glass. Rest, Ron." And Nathan Fillion, who played Captain Reynolds on Firefly, posted an appropriate quote on Instagram. ("Shepard, don't move." "Won't go far...") The actor's Emmy nomination for Best Supporting Actor came in 1982, for his role on the long-running TV series Barney Miller. Interestingly, one of Glass's co-stars on that show was Abe Vigoda, who also died earlier this year at age 94 -- a full 34 years after his death was mistakenly reported by People magazine.

Read more of this story at Slashdot.

Online Pranksters Mock Trump's $149 Christmas Ornament, Rename Trump Tower on Google Maps

Mon, 28/11/2016 - 12:58am
An anonymous reader quotes a Digital Trends story about a suspicious malfunction on Google Maps: At some point yesterday, Donald Trump's Fifth Avenue home was given a rather unceremonious rechristening, and a search for "Trump Tower" revealed a pin for "Dump Tower" instead. It was rather tricky to find for some, and required zooming in on the building itself at just the right angle (which is perhaps how the culprit got away with the stunt in the first place). At a separate angle, someone else (or perhaps the same person) transliterated the skyscraper's name in Russian Cyrillic, perhaps meant to be a jab at Trump's alleged ties to President Vladimir Putin and company... While the team [at Google Maps] managed to put out this first fire, another quickly arose to take its place (as is often the case on the internet), and later in the day on Saturday, Trump International Hotel and Tower in Columbus Circle was renamed Dump International Hotel and Tower. Meanwhile, another anonymous reader writes: Earlier this week Donald Trump emailed his supporters selling a $149 collectible "Make America Great Again" Christmas ornament finished with 14k gold, to raise money for both his campaign and the Republican party. But Yahoo News reports that it's now getting some suspicious negative (and politically-charged) reviews on its page on Amazon. ("One Star. "It tried to put my nativity figures into an internment camp.") And another reviewer even wrote a satirical story about how their family decided on the ornament for the tree. "During our family meeting we overwhelmingly chose the other ornament but somehow we still ended up with this one. We're not sure what happened."

Read more of this story at Slashdot.

Julian Assange Could Be Time's 'Person Of The Year', And Is Also Still Not Dead

Sun, 27/11/2016 - 11:44pm
Long-time Slashdot reader cstacy noticed Saturday that Julian Assange hadn't made any communications or public appearances in six weeks. But today an anonymous reader writes: Julian Assange is still not dead, reports The Inquisitr, noting "the WikiLeaks founder made his first appearance in weeks, speaking with an interviewer for a conference in Beirut" including comments about the recent death of Fidel Castro. Assange is also in the running to be chosen as "Person of the Year" in Time magazine's annual online reader's poll, and last Monday even moved briefly into first place, inching past Donald Trump. "It's worth noting that the poll presents people alphabetically," Time reported, "so Assange is the first option participants consider and Trump comes near the end of the poll." I think the poll's being hacked by state actors, since Vladimir Putin now leads with 38%, followed by Theresa May (16%) and North Korea leader Kim Jong Un (13%), and Donald Trump is locked in a tie for fourth place with India Prime Minister Narendra Modi at 9%. Time worked with Opentopic and IBM's Watson to assemble the initial list for reader's votes, which also included Apple CEO Tim Cook and FBI director James Comey. Surprisingly, a few celebrities also turned up on the list too, including comedian Samantha Bee, Hamilton creator Lin-Manuel Miranda, and Olympic gymnast Simone Biles.

Read more of this story at Slashdot.

You Can Now Rent A Mirai Botnet Of 400,000 Bots

Sun, 27/11/2016 - 10:35pm
An anonymous reader writes: Two hackers are renting access to a massive Mirai botnet, which they claim has more than 400,000 infected bots, ready to carry out DDoS attacks at anyone's behest. The hackers have quite a reputation on the hacking underground and have previously been linked to the GovRAT malware, which was used to steal data from several US companies. Renting around 50,000 bots costs between $3,000-$4,000 for 2 weeks, meaning renting the whole thing costs between $20,000-$30,000. After the Mirai source code leaked, there are countless smaller Mirai botnets around, but this one is [believed to be the one] accounting for more than half of all infected IoT devices...that supposedly shut down Internet access in Liberia. The original Mirai botnet was limited to only 200,000 bots because there were only 200,000 IoT devices connected online that had their Telnet ports open. The botnet that's up for rent now has received improvements and can also spread to IoT devices via SSH, hence the 400,000 bots total. Interestingly, the article claims the botnet's creators had access \to the Mirai source code "long before it went public."

Read more of this story at Slashdot.

Self-Driving Trucks Begin Real-World Tests on Ohio's Highways

Sun, 27/11/2016 - 9:35pm
An anonymous reader writes: "A vehicle from self-driving truck maker Otto will travel a 35-mile stretch of U.S. Route 33 on Monday in central Ohio..." reports the Associated Press. The truck "will travel in regular traffic, and a driver in the truck will be positioned to intervene should anything go awry, Department of Transportation spokesman Matt Bruning said Friday, adding that 'safety is obviously No. 1.'" Ohio sees this route as "a corridor where new technologies can be safely tested in real-life traffic, aided by a fiber-optic cable network and sensor systems slated for installation next year" -- although next week the truck will also start driving on the Ohio Turnpike.

Read more of this story at Slashdot.

Sugar-Free Products Might Actually Stop Us From Getting Slimmer

Sun, 27/11/2016 - 8:35pm
Nutritionists suspected that artificial sweeteners weren't really helping people lose weight, according to a new article submitted by schwit1. Now there's hints of proof in a new aspartame study by the Massachusetts General Hospital. "We found that aspartame blocks a gut enzyme called intestinal alkaline phosphatase," explains Professor Hodin. IAP is produced in the small intestine. "We previously showed [this enzyme] can prevent obesity, diabetes and metabolic syndrome [a disease characterized by a combination of obesity, high blood pressure, a metabolic disorder and insulin resistance]. So, we think that aspartame might not work because, even as it is substituting for sugar, it blocks the beneficial aspects of IAP...." The researchers confirmed their suspicions via a variety of tests on mice. In one case, they fed IAP directly to mice, who were also on a high-fat diet. It turned out that the IAP could effectively prevent the emergence of the metabolic syndrome. It also helped relieve symptoms in animals that were already suffering from the obesity-related illness.

Read more of this story at Slashdot.

Researchers Successfully Achieve Suspended Animation With Mouse Embryos

Sun, 27/11/2016 - 7:34pm
"It was completely surprising. We were standing around in the tissue culture room, scratching our heads, and saying 'Wow, what do we make of this?'" An anonymous reader quotes Engadget's report on new research with "huge implications": A team of scientists from the University of California, San Francisco only wanted to slow down mice embryos' cell growth in the lab. Instead, they managed to completely pause their development, putting the blastocysts (very early embryos) in suspended animation for a month. What's more, they found that the process can put stem cells derived from the blastocysts in suspended animation as well, [and] the researchers were able to prove that the embryos can develop normally even after a pause in their growth. Team member Ramalho-Santos from the Eli and Edythe Broad Center of Regeneration Medicine and Stem Cell Research said... "To put it in perspective, mouse pregnancies only last about 20 days, so the 30-day-old 'paused' embryos we were seeing would have been pups approaching weaning already if they'd been allowed to develop normally." The new research could lead to better treatments for damaged organs and even aging, according to the article. (Besides, of course, its science fiction-y implications for long-distance space travel...)

Read more of this story at Slashdot.

Ransomware Compromises San Francisco's Mass Transit System

Sun, 27/11/2016 - 6:34pm
Buses and light rail cars make San Francisco's "Muni" fleet the seventh largest mass transit system in America. But yesterday its arrival-time screens just displayed the message "You Hacked, ALL Data Encrypted" -- and all the rides were free, according to a local CBS report shared by RAYinNYC: Inside sources say the system has been hacked for days. The San Francisco Municipal Transportation Agency has officially confirmed the hack, but says it has not affected any service... The hack affects employees, as well. According to sources, SFMTA workers are not sure if they will get paid this week. Cyber attackers also hit Muni's email systems. Though the article claims "The transit agency has no idea who is behind it, or what the hackers are demanding in return," Business Insider reports "The attack seems to be an example of ransomware, where a computer system is taken over and the users are locked out until a certain amount of money is sent to the attacker." In addition, they're reporting the attack "reportedly included an email address where Muni officials could ask for the key to unlock its systems." One San Francisco local told CBS, "I think it is terrifying. I really do I think if they can start doing this here, we're not safe anywhere."

Read more of this story at Slashdot.

'No Man's Sky' Releases Huge New 'Foundation' Update

Sun, 27/11/2016 - 5:34pm
"No Man's Sky changed a great deal this morning, getting new modes and a ton of gameplay tweaks thanks to update 1.1, the largest one yet," reports Kotaku. Calling it "the first of many free updates," the game's developers introduced a new Minecraft-style Creative Mode which "allows players to explore the universe without limits, and build a huge base," plus a tougher Survival Mode, "creating a much more challenging endurance experience." The Next Web calls it "features that really should have been in the game from Day One." Now, when you stumble upon a desolate outpost, you can build your own base on it, which can be upgraded with new housing, hydroponics, research, and storage buildings. If all goes well, you'll start to attract alien settlers who bring their own skills to your new society. As your stockpiles of resources begin to swell, you'll want to schlep them across the galaxy to other bases and trade terminals. Which is where freighters come in... Oh, and did I mention you can now stack items five times per inventory slot, meaning you can carry more stuff? Handy. "The discussion around No Man's Sky since release has been intense and dramatic," Hello Games announced Friday, describing update 1.1 as "putting in place a foundation for things to come... the first small step in a longer journey." Hello Games founder Sean Murray tweeted "We're getting better as quickly as we can for the players who invested in us," adding "Thank you for sticking with us." At 2 a.m. this morning, he tweeted "If you could have lived our lives over the last months, you'd know how meaningful this is," adding "Here's the update..."

Read more of this story at Slashdot.

Will Trump Protect America's IT Workers From H-1B Visa Abuses?

Sun, 27/11/2016 - 4:34pm
Monday president-elect Donald Trump sent "the strongest signal yet that the H-1B visa program is going get real scrutiny once he takes office," according to CIO. Slashdot reader OverTheGeicoE summarizes their report: President-elect Donald Trump released a video message outlining his policy plans for his first 100 days in office. At 1 minute, 56 seconds into the message, he states that he will direct the Department of Labor to investigate "all abuses of the visa programs that undercut the American worker." During his presidential campaign, Trump was critical of the H-1B visa program that has been widely criticized for displacing U.S. high-technology workers. "Companies are importing low-wage workers on H-1B visas to take jobs from young college-trained Americans," said Trump at an Ohio rally. At other rallies, Trump invited former IT workers from Disney who had been forced to train their H-1B replacements to speak. "What he didn't say was that he was going to close the door to skilled immigrants," one tech entrepreneur told CNN Money -- although Trump's selection for attorney general has called the shortage of qualified American tech workers "a hoax".

Read more of this story at Slashdot.