Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Businesses

Programmers Are Confessing Their Coding Sins To Protest a Broken Job Interview Process (theoutline.com) 230

A number of programmers have taken it Twitter to bring it to everyone's, but particularly recruiter's, attention about the grueling interview process in their field that relies heavily on technical questions. David Heinemeier Hansson, a well-known programmer and the creator of the popular Ruby on Rails coding framework, started it when he tweeted, "Hello, my name is David. I would fail to write bubble sort on a whiteboard. I look code up on the internet all the time. I don't do riddles." Another coder added, "Hello, my name is Tim. I'm a lead at Google with over 30 years coding experience and I need to look up how to get length of a python string." Another coder chimed in, "Hello my name is Mike, I'm a GDE and lead at NY Times, I don't know what np complete means. Should I?" A feature story on The Outline adds: This interview style, widely used by major tech companies including Google and Amazon, typically pits candidates against a whiteboard without access to reference material -- a scenario working programmers say is demoralizing and an unrealistic test of actual ability. People spend weeks preparing for this process, afraid that the interviewer will quiz them on the one obscure algorithm they haven't studied. "A cottage industry has emerged that reminds us uncomfortably of SAT prep," Karla Monterroso, VP of programs for Code2040, an organization for black and Latino techies, wrote in a critique of the whiteboard interview. [...] This means companies tend to favor recent computer science grads from top-tier schools who have had time to cram; in other words, it doesn't help diversify the field with women, older people, and people of color.
China

Mobile Search Engine Baidu Goes Dark For Nearly 20 Minutes (cnet.com) 16

Zoey Chong, writing for CNET: Baidu is China's equivalent of Google, but hundreds of millions of questions went unanswered when the mobile version of the search engine broke down for 18 minutes last night, reports SCMP. Almost two hours after service was resumed, the company behind China's largest internet search engine apologised (for the third time) on its official Weibo account. "We missed more than hundreds of millions of search requests because our mobile search service broke down tonight, and we're very sorry," the post read.
Security

Severe SQL Injection Flaw Discovered In WordPress Plugin With Over 1 Million Installs (bleepingcomputer.com) 52

According to BleepingComputer, "A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database." The plugin's name is NextGEN Gallery, which has its own set of plugins due to how successful it is. From the report: According to web security firm Sucuri, who discovered the NextGEN Gallery security issues, the first attack scenario can happen if a WordPress site owner activates the NextGEN Basic TagCloud Gallery option on his site. This feature allows site owners to display image galleries that users can navigate via tags. Clicking one of these tags alters the site's URL as the user navigates through photos. Sucuri says that an attack can modify link parameters and insert SQL queries that will be executed by the plugin when the attacker loads the malformed URL. This happens due to improper input sanitization in the URL parameters, a common problem with many WordPress and non-WordPress web applications. The second exploitation scenario can happen if website owners open their site for blog post submissions. Because attackers can create accounts on the site and submit a blog post/article for review, they can also insert malformed NextGEN Gallery shortcodes. Sucuri says the plugin's authors fixed this flaw in NextGEN Gallery 2.1.79.
Television

YouTube Unveils YouTube TV, Its Live TV Streaming Service (techcrunch.com) 87

An anonymous reader quotes a report from TechCrunch: After a year of rumors, YouTube is finally drawing back the curtain on its latest play for entertainment industry domination -- a live TV service. Distinct from YouTube Red, the new service YouTube TV, which has been in the works for years at Google's internet video behemoth, has quietly been inking contracts with media companies to distribute their content on its TV service. The service is fairly low-cost, with a family of six accounts available for $35 per month, and no long-term contract required. Earlier reports from the Wall Street Journal set pricing for the service somewhere between $25 and $40 per month. However, it will only launch in markets where it can offer full, live local broadcast feeds. That's planned for the months ahead, but YouTube didn't offer an exact date. "We decided to create an offering that would give them all of these can't miss live moments," said YouTube exec Robert Kinsel of YouTube TV's offering. He explained that YouTube has partnered with all of the broadcast networks, in order to offer "comprehensive national coverage with ABC, NBC, CBS, Fox all included." In addition, the service is getting USA, FX, FreeForm, MSNBC, CNBC, Fox News, and Fox Business. ShowTime is available for an additional fee. Missing, however, is HBO. For sports fans, the service includes national coverage from ESPN, FoxSports, and NBC SportsNet. Also offered are regional sports networks from Fox and Comcast, SEC Network, Big Ten and ESPNU. Fox Soccer Plus is available as an add-on. In addition, YouTube TV includes YouTube Red's 28 original series. Some other features of the service include a DVR that will never run out of space and that's cable of simultaneous recordings, a visual TV guide, search feature, and voice support integration via Google Home.
Microsoft

Microsoft Is Killing Off Skype WiFi Service (betanews.com) 42

Mark Wilson, writing for BetaNews: Microsoft has announced that it will discontinue its Skype WiFi service as of March 31. The global retirement of the service is to allow the company to focus on "core Skype features." Skype WiFi allows for paid Internet access through hotspots around the world, and is something that proved quite popular with travelers looking to minimize data roaming charges. After the cut-off date, Skype WiFi will no longer be available, and the various mobile apps will no longer act as a hotspot finder.
The Internet

Amazon's Cloud Service Has Outage, Disrupting Sites (usatoday.com) 154

An anonymous reader shares a report on USA Today: Portions of Amazon Web Services, the nation's largest cloud computing company, went offline Tuesday afternoon, affected multiple companies across the United States but especially on the east coast. The outage appeared to have begun around 12:45 pm ET. It was centered in AWS' S3 storage system on the east coast. Many of the services that firms use AWS are for back-end processes, and therefore not immediately visible to consumers, though the outage could disrupt customer-facing activities like logins and payments. At least some websites that appear to be affected are: Airbnb, Down Detector, Freshdesk, Pinterest, SendGrid, Snapchat's Bitmoji, Time, Buffer, Business Insider, Chef, Citrix, CNBC, Codecademy, Coursera, Cracked, Docker, Expedia, Expensify, Giphy, Heroku, Home Chef, iFixit, IFTTT, isitdownrightnow.com, Lonely Planet, Mailchimp, Medium, Microsoft's HockeyApp, News Corp, Quora, Razer, Slack, Sprout Social, Travis CI, Trello, Twilio, Unbounce, the U.S. Securities and Exchange Commission (SEC), and Zendesk.

The dashboard of Amazon Web Services, which tracks the status of the service, is unable to change color, Amazon said. It is because the status dashboard also runs on the service that is down.
Communications

FCC Chairman Calls Net Neutrality a 'Mistake' (theverge.com) 301

FCC chairman Ajit Pai said today that net neutrality was "a mistake" and that the commission is now "on track" to return to a much lighter style of regulation. The Verge adds: "Our new approach injected tremendous uncertainty into the broadband market," Pai said during a speech at Mobile World Congress this afternoon. "And uncertainty is the enemy of growth." Pai has long been opposed to net neutrality and voted against the proposal when it came up in 2015. While he hasn't specifically stated that he plans to reverse the order now that he's chairman, today's speech suggests pretty clearly that he's aiming to. [...] Pai's argument is that internet providers were doing just fine under the old rules and that the new ones have hurt investment.
Youtube

One Billion Hours of YouTube Are Watched Every Day (thenextweb.com) 72

YouTube announced in a blog post that people around the world are now watching a billion hours of YouTube videos every single day. According to YouTube, "If you were to sit and watch a billion hours of YouTube, it would take you over 100,000 years." Mashable reports: The milestone "represents the enjoyment of the fantastically diverse videos that creative people make every single day," Cristos Goodrow, VP of engineering at YouTube, wrote in a blog post Monday. "Around the world, people are spending a billion hours every day rewarding their curiosity, discovering great music, keeping up with the news, connecting with their favorite personalities, or catching up with the latest trend." The 1 billion figure is a 10-fold increase since 2012, YouTube said. The statistic is one that underscores YouTube's efforts to dominate the digital space. On YouTube -- which operates under the motto "Broadcast Yourself" -- users upload 400 hours of video each minute, or 65 years of video a day.
Businesses

Mozilla Acquires Pocket and Its More Than 10 Million Users (recode.net) 80

An anonymous reader quotes a report from Recode: Mozilla, the company behind the Firefox web browser, is buying Pocket, the read-it-later service, for an undisclosed amount. Pocket, which is described by Mozilla as its first strategic acquisition, will continue to operate as a Mozilla subsidiary. Founder Nate Weiner will continue to run Pocket, along with his team of about 25 people. Pocket, previously known as Read It Later, lets users bookmark articles, videos and other content to read or view later on the web or a mobile device. It's great for things like saving offline copies of web articles to read on plane rides or subway commutes, especially where internet access is sparse. Pocket, which was founded in 2007, has more than 10 million monthly active users, according to a rep. That's not bad, but suggests it's still a fairly niche service, especially as big firms like Facebook and Apple build simple "reading list" features into their platforms.
AI

In Twenty, Fifty Years, 'We May Be Entertaining AI', Says Netflix CEO (barrons.com) 109

"If you are starting to look ahead what do you see?" a journalist asked Netflix CEO Reed Hastings at the Mobile World Congress. An anonymous reader shares a report: Hastings cited the work of Charlie Booker on "Black Mirror," saying "He tells many strange and wonderful stories on tech," and that "what's amazing about tech is, it's very hard to predict." "What we do is try to learn and adapt," said Hastings. "Rather than commit to one particular point of view, we will adapt to that." "If it's contact lenses with amazing capabilities, at some point, we will adapt to that." Hastings said the Internet's importance in one sense is that watching things on streaming is "so easy and convenient," with the result that "a show like The Crown, which would have been a niche before, is spreading around the world." "I just can't emphasize enough how much it's just beginning," he repeated. But, pressed stock, what about ten years out or twenty years out? Hastings said at that point there will be "some serious virtual reality" to contend with. And past twenty years? "Over twenty to fifty years, you get into some serious debate over humans," mused Hastings. "I don't know if you can really talk about entertaining at that point. I'm not sure if in twenty to fifty years we are going to be entertaining you, or entertaining AIs."
Google

Is Google's Comment Filtering Tool 'Vanishing' Legitimate Comments? (vortex.com) 99

Slashdot reader Lauren Weinstein writes: Google has announced (with considerable fanfare) public access to their new "Perspective" comment filtering system API, which uses Google's machine learning/AI system to determine which comments on a site shouldn't be displayed due to perceived high spam/toxicity scores. It's a fascinating effort. And if you run a website that supports comments, I urge you not to put this Google service into production, at least for now.

The bottom line is that I view Google's spam detection systems as currently too prone to false positives -- thereby enabling a form of algorithm-driven "censorship" (for lack of a better word in this specific context) -- especially by "lazy" sites that might accept Google's determinations of comment scoring as gospel... as someone who deals with significant numbers of comments filtered by Google every day -- I have nearly 400K followers on Google Plus -- I can tell you with considerable confidence that the problem isn't "spam" comments that are being missed, it's completely legitimate non-spam, non-toxic comments that are inappropriately marked as spam and hidden by Google.

Lauren is also collecting noteworthy experiences for a white paper about "the perceived overall state of Google (and its parent corporation Alphabet, Inc.)" to better understand how internet companies are now impacting our lives in unanticipated ways. He's inviting people to share their recent experiences with "specific Google services (including everything from Search to Gmail to YouTube and beyond), accounts, privacy, security, interactions, legal or copyright issues -- essentially anything positive, negative, or neutral that you are free to impart to me, that you believe might be of interest."
Bug

Google Discloses Yet Another New Unpatched Microsoft Vulnerability In Edge/IE (bleepingcomputer.com) 72

An anonymous reader quotes BleepingComputer: Google has gone public with details of a second unpatched vulnerability in Microsoft products, this time in Edge and Internet Explorer, after last week they've published details about a bug in the Windows GDI (Graphics Device Interface) component... The bug, discovered by Google Project Zero researcher Ivan Fratric, is tracked by the CVE-2017-0037 identifier and is a type confusion, a kind of security flaw that can allow an attacker to execute code on the affected machine, and take over a device.

Details about CVE-2017-0037 are available in Google's bug report, along with proof-of-concept code. The PoC code causes a crash of the exploited browser, but depending on the attacker's skill level, more dangerous exploits could be built... Besides the Edge and IE bug, Microsoft products are also plagued by two other severe security flaws, one affecting the Windows GDI component and one the SMB file sharing protocol shipped with all Windows OS versions...

Google's team notified Microsoft of the bug 90 days ago, only disclosing it publicly on Friday.
Microsoft

94% of Microsoft Vulnerabilities Can Be Mitigated By Turning Off Admin Rights (computerworld.com) 234

An anonymous reader quotes Computerworld: If you want to shut out the overwhelming majority of vulnerabilities in Microsoft products, turn off admin rights on the PC. That's the conclusion from global endpoint security firm Avecto, which has issued its annual Microsoft Vulnerabilities report. It found that there were 530 Microsoft vulnerabilities reported in 2016, and of these critical vulnerabilities, 94% were found to be mitigated by removing admin rights, up from 85% reported last year. This is especially true with the browser, for those who still use Microsoft's browsers. 100% of vulnerabilities impacting both Internet Explorer and Edge could be mitigated by removing admin rights, Avecto reported... Windows 10 was found to have the highest proportion of vulnerabilities of any OS (395), 46% more than Windows 8 and Windows 8.1 (265 each). Avecto found that 93% of Windows 10 vulnerabilities could be mitigated by removing admin rights.
Of course, the stats are based on vulnerabilities announced in Microsoft Security Bulletins, but there's an overwhelming pattern. Turning off admin rights mitigated the vast majority of vulnerabilities, whether it was Windows Server (90%) or older versions of Microsoft Office (99%). And turning off admin rights in Office 2016 mitigated 100% of its vulnerabilities.
Businesses

How Cable Monopolies Hurt ISP Customers (backchannel.com) 89

"New York subscribers have had to overpay month after month for services that Spectrum deliberately didn't provide," reports Backchannel -- noting these practices are significant because together Comcast and Charter (formerly Time Warner Cable) account for half of America's 92 million high-speed internet connections. An anonymous reader quotes Backchannel: Based on the company's own documents and statements, it appears that just about everything it has been saying since 2012 to New York State residents about their internet access and data services is untrue...because of business decisions the company deliberately made in order to keep its capital expenditures as low as possible... Its marketing department kept sending out advertising claims to the public that didn't match the reality of what consumers were experiencing or square with what company engineers were telling Spectrum executives. That gives the AG's office its legal hook: Spectrum's actions in knowingly saying one thing but doing another amount to fraudulent, unfair, and deceptive behavior under New York law...

The branding people went nuts, using adjectives like Turbo, Extreme, and Ultimate for the company's highest-speed 200 or 300 Mbps download offerings. But no one, or very few people, could actually experience those speeds...because, according to the complaint, the company deliberately required that internet data connections be shared among a gazillion people in each neighborhood... [T]he lawsuit won't by itself make much of a difference. But maybe the public nature of the attorney-general's assault -- charging Spectrum for illegal misconduct -- will lead to a call for alternatives. Maybe it will generate momentum for better, faster, wholesale fiber networks controlled by cities and localities themselves. If that happened, retail competition would bloom. We'd get honest, straightforward, inexpensive service, rather than the horrendously expensive cable bundles we're stuck with today.

The article says Spectrum charged 800,000 New Yorkers $10 a month for outdated cable boxes that "weren't even capable of transmitting and receiving wifi at the speeds the company advertised customers would be getting," then promised the FCC in 2013 that they'd replace them, and then didn't. "With no competition, it had no reason to upgrade its services. Indeed, the company's incentives went exactly in the other direction."
Security

Ask Slashdot: How Are You Responding To Cloudbleed? (reuters.com) 82

An anonymous IT geek writes: Cloudflare-hosted web sites have been leaking data as far back as September, according to Gizmodo, which reports that at least Cloudflare "acted fast" when the leak was discovered, closing the hole within 44 minutes, and working with search engines to purge their caches. (Though apparently some of it is still lingering...) Cloudflare CEO Matthew Prince "claims that there was no detectable uptick in requests to Cloudflare-powered websites from September of last year...until today. That means the company is fairly confident hackers didn't discover the vulnerability before Google's researchers did."

And the company's CTO also told Reuters that "We've seen absolutely no evidence that this has been exploited. It's very unlikely that someone has got this information... We do not know of anybody who has had a security problem as a result of this." Nevertheless, Fortune warns that "So many sites were vulnerable that it doesn't make sense to review the list and change passwords on a case-by-case basis." Some sites are now even resetting every user's password as a precaution, while site operators "are also being advised to wipe their sites' cookies and security certificates, and perform their own web searches to see if site data leaked." But I'd like to know what security precautions are being taken by Slashdot's readers?

Leave your own answers in the comments. How did you respond to Cloudbleed?
Bug

Severe IE 11 Bug Allows 'Persistent JavaScript' Attacks (bleepingcomputer.com) 92

An anonymous reader writes: New research published today shows how a malicious website owner could show a constant stream of popups, even after the user has left his site, or even worse, execute any kind of persistent JavaScript code while the user is on other domains. In an interview, the researcher who found these flaws explains that this flaw is an attacker's dream, as it could be used for: ad fraud (by continuing to load ads even when the user is navigating other sites), zero-day attacks (by downloading exploit code even after the user has left the page), tech support scams (by showing errors and popups on legitimate and reputable sites), and malvertising (by redirecting users later on, from other sites, even if they leave the malicious site too quickly).

This severe flaw in the browser security model affects only Internet Explorer 11, which unfortunately is the second most used browser version, after Chrome 55, with a market share of over 10%. Even worse for IE11 users, there's no fix available for this issue because the researcher has decided to stop reporting bugs to Microsoft after they've ignored many of his previous reports. For IE11 users, a demo page is available here.

Government

FCC To Halt Rule That Protects Your Private Data From Security Breaches (arstechnica.com) 119

According to Ars Technica, "The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information." From the report: The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC's new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening. The data security rule requires ISPs and phone companies to take "reasonable" steps to protect customers' information -- such as Social Security numbers, financial and health information, and Web browsing data -- from theft and data breaches. The rule would be blocked even if a majority of commissioners supported keeping them in place, because the FCC's Wireline Competition Bureau can make the decision on its own. That "full commission vote on the pending petitions" could wipe out the entire privacy rulemaking, not just the data security section, in response to petitions filed by trade groups representing ISPs. That vote has not yet been scheduled. The most well-known portion of the privacy order requires ISPs to get opt-in consent from consumers before sharing Web browsing data and other private information with advertisers and other third parties. The opt-in rule is supposed to take effect December 4, 2017, unless the FCC or Congress eliminates it before then. Pai has said that ISPs shouldn't face stricter rules than online providers like Google and Facebook, which are regulated separately by the Federal Trade Commission. Pai wants a "technology-neutral privacy framework for the online world" based on the FTC's standards. According to today's FCC statement, the data security rule "is not consistent with the FTC's privacy standards."
Government

Security Lapse Exposed New York Airport's Critical Servers For a Year (zdnet.com) 45

An anonymous reader quotes a report from ZDNet: A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found. The internet-connected storage drive contained several backup images of servers used by Stewart International Airport, but neither the backup drive nor the disk images were password protected, allowing anyone to access their contents. Since April last year, the airport had been inadvertently leaking its own highly-sensitive files as a result of the drive's misconfiguration. Vickery, who also posted an analysis of his findings, said the drive "was, in essence, acting as a public web server" because the airport was backing up unprotected copies of its systems to a Buffalo-branded drive, installed by a contract third-party IT specialist. When contacted Thursday, the contractor dismissed the claims and would not comment further. Though the listing still appears on Shodan, the search engine for unprotected devices and databases, the drive has since been secured. The files contained eleven disk images, accounting for hundreds of gigabytes of files and folders, which when mounted included dozens of airport staff email accounts, sensitive human resources files, interoffice memos, payroll data, and what appears to be a large financial tracking database. Many of the files we reviewed include "confidential" internal airport documents, which contain schematics and details of other core infrastructure.
Bug

Cloudflare Leaks Sensitive User Data Across the Web (theregister.co.uk) 87

ShaunC writes: In a bug that's been christened "Cloudbleed," Cloudflare disclosed today that some of their products accidentally exposed private user information from a number of websites. Similar to 2014's Heartbleed, Cloudflare's problem involved a buffer overrun that allowed uninitialized memory contents to leak into normal web traffic. Tavis Ormandy, of Google's Project Zero, discovered the flaw last week. Affected sites include Uber, Fitbit, and OK Cupid, as well as unnamed services for hotel booking and password management. Cloudflare says the bug has been fixed, and Google has purged affected pages from its search index and cache. Further reading: The Register, Ars Technica
Wikipedia

Study Reveals Bot-On-Bot Editing Wars Raging On Wikipedia's Pages (theguardian.com) 97

An anonymous reader quotes a report from The Guardian: A new study from computer scientists has found that the online encyclopedia is a battleground where silent wars have raged for years. Since Wikipedia launched in 2001, its millions of articles have been ranged over by software robots, or simply "bots," that are built to mend errors, add links to other pages, and perform other basic housekeeping tasks. In the early days, the bots were so rare they worked in isolation. But over time, the number deployed on the encyclopedia exploded with unexpected consequences. The more the bots came into contact with one another, the more they became locked in combat, undoing each other's edits and changing the links they had added to other pages. Some conflicts only ended when one or other bot was taken out of action. The findings emerged from a study that looked at bot-on-bot conflict in the first ten years of Wikipedia's existence. The researchers at Oxford and the Alan Turing Institute in London examined the editing histories of pages in 13 different language editions and recorded when bots undid other bots' changes. While some conflicts mirrored those found in society, such as the best names to use for contested territories, others were more intriguing. Describing their research in a paper entitled Even Good Bots Fight in the journal Plos One, the scientists reveal that among the most contested articles were pages on former president of Pakistan Pervez Musharraf, the Arabic language, Niels Bohr and Arnold Schwarzenegger. One of the most intense battles played out between Xqbot and Darknessbot which fought over 3,629 different articles between 2009 and 2010. Over the period, Xqbot undid more than 2,000 edits made by Darknessbot, with Darknessbot retaliating by undoing more than 1,700 of Xqbot's changes. The two clashed over pages on all sorts of topics, from Alexander of Greece and Banqiao district in Taiwan to Aston Villa football club.

Slashdot Top Deals