Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Transportation

Brazil Judge Rules Uber Drivers Are Employees, Deserve Benefits (reuters.com) 131

An anonymous reader shares a Reuters report: A Brazilian judge ruled that a driver using the Uber ride-hailing app is an employee of the San Francisco-based company and is entitled to workers' benefits, adding to the global debate over labor rights for drivers on the platform. Uber said on Tuesday it would appeal the decision by Judge Marcio Toledo Goncalves, who issued the ruling late Monday in a labor court in Minas Gerais state. Goncalves ordered Uber to pay one driver around 30,000 reais ($10,000) in compensation for overtime, night shifts, holidays and expenses such as gasoline, water and candy for passengers. The consequences for Uber, if the ruling is upheld, could be far greater if more drivers follow suit and if state and federal regulators and tax agencies start treating it, as the judge suggested, as a transportation company rather than a tech firm.
Businesses

IT Decisions Makers and Executives Don't Agree On Cyber Security Responsibility (betanews.com) 119

Sead Fadilpasic, writing for BetaNews: There's a severe disconnect between IT decision makers and C-suite executives when it comes to handling cyber attacks. Namely, both believe the other one is responsible for keeping a company safe. This is according to a new and extensive research by BAE Systems. A total of 221 C-suite executives and 984 IT decision-makers were polled or the report. According to the research, a third (35 percent) of C-suite executives believe IT teams are responsible for data breaches. On the other hand, 50 percent of IT decision makers would place that responsibility in the hands of their senior management. Cost estimates of a successful breach also differ. IT decision makers think it would set them back $19.2 million, while C-suite thinks of a lesser figure, $11.6m. C-level thinks a tenth (10 percent) of their company's IT budget is spent on cyber security, while IT decision makers think that's 15 percent. Also, 84 percent of C-suite, and 81 percent of IT teams believe they have the right protection set up.
Blackberry

BlackBerry Files Patent-Infringement Suit Against Nokia (bloombergquint.com) 53

An anonymous reader writes: BlackBerry has filed a patent-infringement lawsuit against Nokia, demanding royalties on the Finnish company's mobile network products that use an industrywide technology standard. Nokia's products including its Flexi Multiradio base stations, radio network controllers and Liquid Radio software are using technology covered by as many as 11 patents, BlackBerry said in a complaint filed in federal court in Wilmington, Delaware. The mobile network products and services are provided to companies including T-Mobile and AT&T for their LTE networks, BlackBerry said in the complaint. "Nokia has persisted in encouraging the use" of the standard- compliant products without a license from BlackBerry, it said.
Earth

Iron Age Potters Accidentally Recorded the Strength of Earth's Magnetic Field (npr.org) 118

Solandri writes: We've only been able to measure the Earth's magnetic field strength for about two centuries. During this time, there has been a gradual decline in the field strength. In recent years, the rate of decline seems to be accelerating, leading to some speculation that the Earth may be losing its magnetic field -- a catastrophic possibility since the magnetic field is what protects life on Earth from dangerous solar radiation. Ferromagnetic particles in rocks provide a long-term history which tells us the poles have flipped numerous times. But uncertainties in dating the rocks prevents their use in understanding decade-scale magnetic field fluctuations.

Now a group of archeologists and geophysicists have come up with a novel way to produce decade-scale temporal measurements of the Earth's magnetic field strength from before the invention of the magnetometer. When iron-age potters fired their pottery in a kiln to harden it, it loosened tiny ferromagnetic particles in the clay. As the pottery cooled and these particles hardened, it captured a snapshot of the Earth's magnetic field. Crucially, the governments of that time required pottery used to collect taxed goods (e.g. a portion of olive oil sold) to be stamped with a royal seal. These seals changed over time as new kings ascended, or governments were completely replaced after invasion. Thus by cross-referencing the magnetic particles in the pottery with the seals, researchers were able to piece together a history of the Earth's magnetic field strength spanning from the 8th century BCE to the 2nd century BCE. Their findings show that large fluctuations in the strength of the magnetic field over a span of decades are normal.
The study has been published in the journal PNAS.
AT&T

Apple Will Fight 'Right To Repair' Legislation (vice.com) 310

An anonymous reader quotes a report from Motherboard: Apple is planning to fight proposed electronics "Right to Repair" legislation being considered by the Nebraska state legislature, according to a source within the legislature who is familiar with the bill's path through the statehouse. The legislation would require Apple and other electronics manufacturers to sell repair parts to consumers and independent repair shops, and would require manufacturers to make diagnostic and service manuals available to the public. Nebraska is one of eight states that are considering right to repair bills; last month, Nebraska, Minnesota, New York, Massachusetts, Kansas, and Wyoming introduced legislation. Last week, lawmakers in Illinois and Tennessee officially introduced similar bills. According to the source, an Apple representative, staffer, or lobbyist will testify against the bill at a hearing in Lincoln on March 9. ATT will also argue against the bill, the source said. The source told me that at least one of the companies plans to say that consumers who repair their own phones could cause lithium batteries to catch fire. So far, Nebraska is the only state to schedule a hearing for its legislation.
Microsoft

Microsoft Delays February Patch Tuesday Indefinitely (sans.edu) 88

UnderAttack writes: Microsoft today announced that it had to delay its February Patch Tuesday due to issues with a particular patch. This was also supposed to be the first Patch Tuesday using a new format, which led some to believe that even Microsoft had issues understanding how the new format is exactly going to work with no more simple bulletin summary and patches being released as large monolithic updates. Ars Technica notes the importance of this Patch Tuesday as "there's an in-the-wild zero-day flaw in SMB, Microsoft's file sharing protocol, that at the very least allows systems to be crashed." They also elaborate on the way Microsoft is "continuing to tune the way updates are delivered to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2."
Canada

Canada Remains a 'Safe Haven' For Online Piracy, Rightsholders Claim (torrentfreak.com) 134

The MPAA, RIAA and other entertainment industry groups are calling out Canada, claiming that it remains a "safe haven" for copyright infringers and pirate sites, reports TorrentFreak. From the article: One of the main criticisms is that, despite having been called out repeatedly in the past, the country still offers a home to many pirate sites. "For a number of years, extending well into the current decade, Canada had a well-deserved reputation as a safe haven for some of the most massive and flagrant Internet sites dedicated to the online theft of copyright material," IIPA writes. Another disturbing development, according to IIPA, is the emergence of stand-alone BitTorrent applications that allow users to stream content directly through an attractive and user-friendly interface, hinting at Popcorn Time. In addition to the traditional pirate sites that remain in Canada, IIPA reports that several websites offering modified game console gear have also moved there in an attempt to escape liability under U.S. law.
Microsoft

Microsoft Calls For 'Digital Geneva Convention' (usatoday.com) 148

Microsoft is calling for a digital Geneva Convention to outline protections for civilians and companies from government-sponsored cyberattacks. In comments Tuesday at the RSA security industry conference in San Francisco, Microsoft President and Chief Legal Officer Brad Smith said the rising trend of government entities wielding the internet as a weapon was worrying. From a report on USA Today: In the cyber realm, tech must be committed to "100% defense and zero percent offense," Smith said at the opening keynote at the RSA computer security conference. Smith called for a "digital Geneva Convention," like the one created in the aftermath of World War II which set ground rules for how conduct during wartime, defining basic rights for civilians caught up armed conflicts. In the 21st century such rules are needed "to commit governments to protect civilians from nation-state attacks in times of peace," a draft of Smith's speech released to USA TODAY said. This digital Geneva Convention would establish protocols, norms and international processes for how tech companies would deal with cyber aggression and attacks of nations aimed at civilian targets, which appears to effectively mean anything but military servers.
Databases

Story Of a Country Which Has Built a Centralized Biometrics Database Of 1.1B People But Appears To Be Mishandling It Now (mashable.com) 60

In a bid to get more Indians to have a birth certificate or any sort of ID card, India announced Aadhaar project in 2009. At the time, there were more Indians without these ID cards than those with. As a result of this, much of the government funding for the citizens were disappearing before they could see them. But according to several security experts, lawyers, politicians and journalists, the government is using poor security practices, and this is exposing the biometrics data -- photo, name, address, fingerprint, iris info -- of people at risk. More than 1.1 billion people -- and 99 percent of all adults -- in India have enrolled themselves to the system. From a report: "There are two fundamental flaws in Aadhaar: it is poorly designed, and it is being poorly verified," Member of Parliament and privacy advocate, Rajeev Chandrasekhar told Mashable India. Another issue with Aadhaar is, Chandrasekhar explains, there is no firm legislation to safeguard the privacy and rights of the billion people who have enrolled into the system. There's little a person whose Aadhaar data has been compromised could do. [...] "Aadhaar is remote, covert, and non-consensual," he told Mashable India, adding the existence of a central database of any kind, but especially in the context of the Aadhaar, and at the scale it is working is appalling. Abraham said fingerprint and iris data of a person can be stolen with little effort -- a "gummy bear" which sells for a few cents, can store one's fingerprint, while a high-resolution camera can capture one's iris data. The report goes on to say that the Indian government is also not telling how the data is being shared with private companies. Experts cited in the story have expressed concerns that those companies (some of which are run by people who were previously members of the team which designed the framework of Aadhaar) can store and create a parallel database of their own. On top of that, the government is making Aadhaar mandatory for availing several things including registration for nation-wide examinations, but in the beginning it promised Aadhaar will be used only to help poor get grocery at subsidized prices.
Communications

US National Weather Service Suffered 'Catastrophic' Outage; Website Stopped Sending Forecasts, Warnings (miamiherald.com) 100

jo7hs2 quotes a report from Miami Herald: On a day when a blizzard is pasting Maine and Northern California faces a dire flooding threat, several of the National Weather Service's primary systems for sending out alerts to the public have failed. As of approximately 1:15 p.m. Eastern Time, products from the National Weather Service ceased disseminating over the internet, including forecasts, warnings and current conditions. The Weather Service's public-facing website, Weather.gov, has not posted updated information since the outage began. Ryan Hickman, chief technology officer for Allison House, a weather data provider, called the situation "catastrophic." Hickman said two core routers for transmitting information from the Weather Service offices out to satellites, which beam the information back to public service providers, had stopped working. Hickman added that another backup system known as the Emergency Managers Weather Information Network (EMWIN) was also not operating.

Slashdot reader jo7hs2 notes: "The systems are back up as of Monday evening."

Security

Michael Flynn Resigns As Trump's National Security Adviser (go.com) 895

An anonymous reader quotes a report from ABC News: President Donald Trump's embattled national security adviser Michael Flynn, who faced questions about a call to the Russian ambassador prior to the inauguration, has resigned. Retired Army General Keith Kellogg was named acting national security adviser to replace Flynn. ABC News reported Monday that Flynn called Vice President Mike Pence on Friday to apologize for misleading him about his conversation with the ambassador in November. Flynn previously denied that he spoke about sanctions the U.S. imposed on Russia for its suspected interference in the 2016 election, a claim repeated by Pence in January. An administration official later claimed Pence was relying on information provided to him by Flynn. In his resignation later, Flynn cited the "fast pace of events" for "inadvertently" briefing "the Vice President Elect and others with incomplete information regarding [his] phone calls with the Russian Ambassador." You can view Flynn's full resignation letter, as provided by the White House, here.
Businesses

Ransomware Insurance Is Coming (onthewire.io) 86

Trailrunner7 quotes a report from On the Wire: As bad as the ransomware problem is right now -- and it's plenty bad -- we're likely only at the beginning of what could become a crisis, experts say. "Lots of people are being infected and lots of people are paying. The bottom line its it's getting worse and it's going to continue to do so," Jeremiah Grossman, chief of security strategy at SentinelOne, said during a talk on the ransomware epidemic at the RSA Conference here Monday. "Seven-figure ransoms have already been paid. When you're out of business, you'll pay whatever you have to in order to stay in business. You're dealing with an active, sentient adversary." The ransomware market seems to be headed in the same direction as real-world kidnapping, where high-profile targets take out insurance policies to pay ransoms. Grossman said it probably won't be long before the insurance companies latch onto the ransomware game, too. "The insurance companies are going to see a large profit potential in this. Kidnapping and ransom insurance is still very boutique. This economic model will probably apply equally well to ransomware," he said. According to The FindLaw Corporate Counsel Blog, "Ransomware attacks fall under your cyber insurance policy's 'cyber extortion' coverage and can generally be considered "first-party" or "third-party" coverage, according to Christine Marciano, president of Cyber Data Risk Managers. Third-party coverage would likely leave a company uninsured when they are the victims of a ransomware attack. Even if your insurance policy covers ransomware attacks made against your company, the deductible may be so high that the company will be stuck paying any ransomware demands out of pocket (should the company decide to pay to decrypt its data). And your coverage may be sub-limited to relatively small amounts, according Kevin Kalinich, the global cyber risk practice leader for Aon Risk Solutions. A $10 million policy may only provide $500,000 for cyber extortion claims, he explains."
Chrome

Chrome's Sandbox Feature Infringes On Three Patents So Google Must Now Pay $20 Million (bleepingcomputer.com) 104

An anonymous reader writes: After five years of litigation at various levels of the U.S. legal system, today, following the conclusion of a jury trial, Google was ordered to pay $20 million to two developers after a jury ruled that Google had infringed on three patents when it designed Chrome's sandboxing feature. Litigation had been going on since 2012, with Google winning the original verdict, but then losing the appeal. After the Supreme Court refused to listen to Google's petition, they sent the case back for a retrial in the U.S. District Court in Eastern Texas, the home of all patent trolls. As expected, Google lost the case and must now pay $20 million in damages, in the form of rolling royalties, which means the company stands to pay more money as Chrome becomes more popular in the future.
Privacy

Encrypted Email Is Still a Pain in 2017 (incoherency.co.uk) 216

Bristol-based software developer James Stanley, who used to work at Netcraft, shares how encrypted emails, something which was first introduced over 25 years ago, is still difficult to setup and use for even reasonably tech savvy people. He says he recently tried to install Enigmail, a Thunderbird add-on, but not only things like GPG, PGP, OpenPGP were -- for no reason -- confusing, Enigmail continues to suffer from a bug that takes forever in generating keys. From his blog post: Encrypted email is nothing new (PGP was initially released in 1991 -- 26 years ago!), but it still has a huge barrier to entry for anyone who isn't already familiar with how to use it. I think my experience would have been better if Enigmail had generated keys out-of-the-box, or if (a.) gpg agreed with Enigmail on nomenclature (is it a secring or a private key?) and (b.) output the paths of the files it had generated. My experience would have been a lot worse had I not been able to call on the help of somebody who already knows how to use it.
NASA

US-Born NASA Scientist Detained At The Border Until He Unlocked His Phone (theverge.com) 626

Sidd Bikkannavar works at NASA's Jet Propulsion Laboratory. After racing solar-powered cars in Chile, he had trouble returning to America. mspohr quote The Verge: Bikkannavar says he was detained by U.S. Customs and Border Patrol and pressured to give the Customs and Border Protection agents his phone and access PIN. Since the phone was issued by NASA, it may have contained sensitive material that wasn't supposed to be shared. Bikkannavar's phone was returned to him after it was searched by CBP, but he doesn't know exactly what information officials might have taken from the device...

The officer also presented Bikkannavar with a document titled "Inspection of Electronic Devices" and explained that CBP had authority to search his phone. Bikkannavar did not want to hand over the device, because it was given to him by JPL and is technically NASA property. He even showed the officer the JPL barcode on the back of phone. Nonetheless, CBP asked for the phone and the access PIN. "I was cautiously telling him I wasn't allowed to give it out, because I didn't want to seem like I was not cooperating," says Bikkannavar. "I told him I'm not really allowed to give the passcode; I have to protect access. But he insisted they had the authority to search it."

While border agents have the right to search devices, The Verge reports that travelers aren't legally required to unlock their phones, "although agents can detain them for significant periods of time if they do not." They also report that Bikkannavar "was not allowed to leave until he gave CBP his PIN," adding that the cybersecurity team at JPL "was not happy about the breach."
Government

Face Recognition + Mandatory Police Body Cameras = Mass Surveillance? (siliconvalley.com) 110

Facial recognition software is already in use, and it has privacy advocates worried. An anonymous reader quotes the Bay Area Newsgroup. Southern California-based FaceFirst sells its facial recognition technology to retail stores, which use it to identify shoplifters who have been banned from the store, and alert management if they return. Corporate offices and banks also use the software to recognize people who are wanted by police... Several local law enforcement agencies have expressed interest in the technology, but so far none have had the budget for it. FaceFirst sells software police officers can install on their smartphones and use to identify people in the field from up to 12 feet away.

Some privacy experts worry facial recognition technology will show up next in police body cameras, with potentially dangerous consequences... The problem, say privacy advocates, is that all kinds of people come into contact with police, including many who are never suspected of any crimes. So lots of innocent people could be caught up in a police database fed by face-recognizing body cameras. The body cameras could turn into a "massive mobile surveillance network," said Jeramie Scott, national security counsel for the Electronic Privacy Information Center.

One-third of America's police departments use body cameras. (And just in San Jose, there's already 450 neighborhood cameras that have also agreed to share their footage for police investigations.) The new technologies concern the ACLU's policy director for technology and civil liberties. "You have very powerful systems being purchased, most often in secret, with little-to-no public debate and no process in place to make sure that there are policies in place to safeguard community members."
Electronic Frontier Foundation

Three Privacy Groups Challenge The FBI's Malware-Obtained Evidence (eff.org) 118

In 2015 the FBI took over a Tor-accessible child pornography site to infect its users with malware so they could be identified and prosecuted. But now one suspect is challenging that evidence in court, with three different privacy groups filing briefs in his support. An anonymous reader writes. One EFF attorney argues it's a classic case of an unreasonable search, which is prohibited by the U.S. Constitution. "If the FBI tried to get a single warrant to search 8,000 houses, such a request would unquestionably be denied." But there's another problem, since the FBI infected users in 120 different countries. "According to Privacy International, the case also raises important questions: What if a foreign country had carried out a similar hacking operation that affected U.S. citizens?" writes Computerworld. "Would the U.S. welcome this...? The U.S. was overstepping its bounds by conducting an investigation outside its borders without the consent of affected countries, the group said."
The FBI's evidence is also being challenged by the ACLU of Massachusetts, and the EFF plans to file two more challenges in March, warning that otherwise "the precedent is likely to impact the digital privacy rights of all Internet users for years to come... Courts need to send a very clear message that vague search warrants that lack the required specifics about who and what is to be searched won't be upheld."
Government

CS Professor Argues Silicon Valley Is Exploiting Both H-1B Visas And Workers (huffingtonpost.com) 318

schwit1 quotes Norm Matloff, a CS professor at the University of California at Davis, on H-1B visa programs: The Trump administration has drafted a new executive order that could actually mean higher wages for both foreign workers and Americans working in Silicon Valley. The Silicon Valley companies, of course, will not be happy if it goes into effect... Their lobbyists claim there is a "talent shortage" among Americans and thus that the industry needs more of such work visas. This is patently false. The truth is that they want an expansion of the H-1B work visa program because they want to hire cheap, immobile labor -- i.e., foreign workers.

To see how this works, note that most Silicon Valley firms sponsor their H-1B workers, who hold a temporary visa, for U.S. permanent residency (green card) under the employment-based program in immigration law. EB sponsorship renders the workers de facto indentured servants; though they have the right to move to another employer, they do not dare do so, as it would mean starting the lengthy green card process all over again.

Computerworld also argues this year's annual H-1B visa lottery "may be different, because of President Donald Trump," reporting that the lottery has historically favored the largest firms heavily. "In the 2015 fiscal year, for instance, the top 10 firms received 38% of all the H-1B visas in computer occupations alone. All these firms, except for Amazon and to a partial extent IBM, are outsourcers."
EU

Finland's Universal Basic Income Called 'Useless' By Trade Union Economist (bloomberg.com) 723

An anonymous reader quotes Bloomberg: Finland's basic income experiment is unworkable, uneconomical and ultimately useless. Plus, it will only encourage some people to work less. That's not the view of a hard core Thatcherite, but of the country's biggest trade union. The labor group says the results of the two-year pilot program will fail to sway its opposition to a welfare-policy idea that's gaining traction among those looking for an alternative in the post-industrial age. "We think it takes social policy in the wrong direction," said Ilkka Kaukoranta, chief economist of the Central Organization of Finnish Trade Unions, which has nearly one million members.

Since January, a group of unemployed Finns aged between 25 and 58 have been receiving a stipend of 560 euros ($600) per month. The amount isn't means-tested and is paid regardless of whether the recipient finds a job, starts a business or returns to school... Advocates say it eliminates poverty traps and redistributes income while empowering the individual and reducing paperwork... While limited in scope (it's conditional on the beneficiary having received some form of unemployment support in November 2016) and size (it's based on a randomly-selected sample of 2,000 jobless people), the Finnish trial may help answer questions like: "Does it work"? "Is it worth it"? And the most fundamental of all: "Does it incite laboriousness or laziness...?"

The trade union argues this UBI program would cost 5% of Finland's entire gross domestic product, making it "impossibly expensive."
Cellphones

Mission Possible: Self-Destructing Phones Are Now a Reality (yahoo.com) 142

drunkdrone quotes the International Business Times: Self-destructing gadgets favored by the likes of James Bond and Mission: Impossible's Ethan Hunt have taken one step closer to reality. Researchers in Saudi Arabia have developed a mechanism that, when triggered, can destroy a smartphone or other electronic device in as little as 10 seconds. The self-destruct mechanism has been created by electrical engineers at the King Abdulla University of Science and Technology and consists of a polymer layer that rapidly expands when subjected to temperatures above 80 degrees Celsius, effectively bursting the phone open from the inside. The mechanism can be adapted to be triggered in various ways, including remotely through a smartphone app or when it's subjected to pressure.

Once triggered, power from the device's battery is directed to electrodes that rapidly heat, causing the polymer layer to expand to around seven times its original size within 10-15 seconds. This crushes the vital components inside the device, destroying any information stored on board.

One engineer believes the phone will see adoption in the intelligence and financial communities, though it can also be retrofitted to existing phones for just $15. This raises an interesting question -- would you want a self-destructing phone?

Slashdot Top Deals