Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Government

FBI Says Foreign Hackers Breached State Election Systems (theguardian.com) 59

The FBI has uncovered evidence that foreign hackers breached two state election databases in recent weeks, and it has warned election officials across the country to some measures to step up the security of their computer systems. The Guardian reports: The FBI warning did not identify the two states targeted by cyber intruders, but Yahoo News said sources familiar with the document said it referred to Arizona and Illinois, whose voter registration systems were penetrated. Citing a state election board official, Yahoo News said the Illinois voter registration system was shut down for 10 days in late July after hackers downloaded personal data on up to 200,000 voters. The Arizona attack was more limited and involved introducing malicious software into the voter registration system, Yahoo News quoted a state official as saying. No data was removed in that attack, the official said. US intelligence officials have become increasingly worried that hackers sponsored by Russia or other countries may attempt to disrupt the November presidential election.
Music

What Jonathan Coulton Learned From The Technology Industry (geekwire.com) 83

In a new article on GeekWire, Jonathan Coulton explains why he left a comfortable software development job in 2005 to launch a career as an online singer-songwriter. But he also describes the things he learned from the tech industry. "These guys were doing this thing they wanted to do, this thing they felt competent doing. They didn't chase after things, and they worked hard, but it was a business they created because they enjoyed it. They tried to minimize the things they didn't want to do. It wasn't about getting rich; it was about getting satisfied...

"I wanted to a set a good example to my children. I wanted to be the person I wanted to be, someone willing to take chances -- a person who didn't live with enormous regrets..." Within the first year, he had not replaced his software salary, but had enough success to cover his babysitter and to keep food on the table.

When he was younger -- in the pre-internet days -- "It was very unclear how to become a musician," Coulton explains. But somehow rolling his own career path eventually led to a life which includes everything from guest appearances on radio shows to an annual cruise with his fans (this year featuring Aimee Mann, Wil Wheaton, and Redshirts author John Scalzi).
Security

How Security Experts Are Protecting Their Own Data (siliconvalley.com) 180

Today the San Jose Mercury News asked several prominent security experts which security products they were actually using for their own data. An anonymous Slashdot reader writes: The EFF's chief technologist revealed that he doesn't run an anti-virus program, partly because he's using Linux, and partly because he feels anti-virus software creates a false sense of security. ("I don't like to get complacent and rely on it in any way...") He does regularly encrypt his e-mail, "but he doesn't recommend that average users scramble their email, because he thinks the encryption software is just too difficult to use."

The newspaper also interviewed security expert Eugene Spafford, who rarely updates the operating system on one of his computers -- because it's not connected to the internet -- and sometimes even accesses his files with a virtual machine, which he then deletes when he's done. His home router is equipped with a firewall device, and "he's developed some tools in his research center that he uses to try to detect security problems," according to the article. "There are some additional things I do," Spafford added, telling the reporter that "I'm not going to give details of all of them, because that doesn't help me."

Bruce Schneier had a similar answer. When the reporter asked how he protected his data, Schneier wouldn't tell them, adding "I'm kind of a target..."
Google

Google Tests A Software That Judges Hollywood's Portrayal of Women 268

Slashdot reader theodp writes: Aside from it being hosted in a town without a movie theater, the 2016 Bentonville Film Festival was also unusual in that it required all entrants to submit "film scripts and downloadable versions of the film" for judgment by "the team at Google and USC", apparently part of a larger Google-funded research project with USC Engineering "to develop a computer science tool that could quickly and efficiently assess how women are represented in films"...

Fest reports noted that representatives of Google and the White House Office of Science and Technology Policy appeared in a "Reel vs. Real Diversity" panel presentation at the fest, where the importance of diversity and science to President Obama were discussed, and the lack of qualified people to fill 500,000 U.S. tech jobs was blamed in part on how STEM careers have been presented in film and television... In a 2015 report on a Google-sponsored USC Viterbi School of Engineering MacGyver-themed event to promote women in engineering, USC reported that President Obama was kept briefed on efforts to challenge media's stereotypical portrayals of women. As for its own track record, Google recently updated its Diversity page, boasting that "21% of new hires in 2015 were women in tech, compared to 19% of our current population"....
Businesses

How G.E. Is Transforming Into An IoT Start-Up (nytimes.com) 104

Slashdot reader mspohr shares an article about "General Electric 're-inventing' itself as a software start-up." Jeffrey R. Immelt, the CEO of America's largest manufacturer, describes how he realized that data collected from their machines -- like turbines, engines, and medical-imaging equipment -- could be as valuable as the machines themselves. Now G.E. is hiring software engineers and data scientists from Amazon, Apple, Facebook and Google to try to transform the company into a "124-year-old startup" to take advantage of the Internet of Things and offer futuristic new services like predictive maintenance.

The Times calls it "the next battlefield as companies fight to develop the dominant software layer that connects the machines," adding that by 2020 there will be 100 times as much data flowing from G.E.'s machines. Now G.E. Digital is using the open source PaaS, Cloud Foundry, to develop Predix, a cloud-based operating system for industrial applications like monitoring and adjusting equipment in the field, whether it's an oil-field rig or a wind-farm turbine. To help transform the company into a digital powerhouse, they're building a 1,400-employee complex in San Ramon, California "designed to suit the free-range working ways of software developers: open-plan floors, bench seating, whiteboards, couches for impromptu meetings, balconies overlooking the grounds and kitchen areas with snacks." And they've also launched the Industrial Dojo program "to accelerate the ability for developers to contribute code that enables the Industrial Internet".
Databases

100 Arrested In New York Thanks To Better Face-Recognition Technology (arstechnica.com) 83

New York doubled the number of "measurement points" used by their facial recognitation technology this year, leading to 100 arrests for fraud and identity theft, plus another 900 open cases. An anonymous reader quotes a report from Ars Technica: In all, since New York implemented facial recognition technology in 2010, more than 14,000 people have been hampered trying to get multiple licenses. The newly upgraded system increases the measurement points of a driver's license picture from 64 to 128.

The DMV said this vastly improves its chances of matching new photographs with one already in a database of 16 million photos... "Facial recognition plays a critical role in keeping our communities safer by cracking down on individuals who break the law," Gov. Andrew M. Cuomo said in a statement. "New York is leading the nation with this technology, and the results from our use of this enhanced technology are proof positive that its use is vital in making our roads safer and holding fraudsters accountable."

At least 39 US states use some form of facial recognition software, and New York says their new system also "removes high-risk drivers from the road," stressing that new licenses will no longer be issued until a photo clears their database.
Open Source

Linus Loves GPL, But Hates GPL Lawsuits (cio.com) 231

Long-time Slashdot reader sfcrazy writes: During LinuxCon, Torvalds was full of praise for GNU GPL: "The GPL ensures that nobody is ever going to take advantage of your code. It will remain free and nobody can take that away from you. I think that's a big deal for community management... FSF [Free Software Foundation] and I don't have a loving relationship, but I love GPL v2. I really think the license has been one of the defining factors in the success of Linux because it enforced that you have to give back, which meant that the fragmentation has never been something that has been viable from a technical standpoint."

And he thinks the BSD license is bad for everyone: "Over the years, I've become convinced that the BSD license is great for code you don't care about," Torvalds said.

But Linus also addressed the issue of enforcing the GPL on the Linux foundation mailing list when someone proposed a discussion of it at Linuxcon. "I think the whole GPL enforcement issue is absolutely something that should be discussed, but it should be discussed with the working title 'Lawyers: poisonous to openness, poisonous to community, poisonous to projects'... quite apart from the risk of loss in a court, the real risk is something that happens whether you win or lose, and in fact whether you go to court or just threaten: the loss of community, and in particular exactly the kind of community that can (and does) help. You lose your friends."
Privacy

Eavesdropping On Tinder: Researcher Demonstrates Man-in-the-Middle Attacks (hert.org) 19

An anonymous Slashdot reader writes: Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, "Not only we can eavesdrop on the conversation of two strangers, we can also change their reality." The attack can easily be extended to SMS, Whatsapp, iMessage and voice.
"At some point people exchange phone numbers and the Tinder convo stops. That's not a problem..." Zboralski explains, suggesting more ways to continue the man-in-the-middle exploits..

His article drew a response from Tinder, arguing they "employ several manual and automated mechanisms" to deter fake and duplicate profiles. But while they're looking for ways to improve, "ultimately, it is unrealistic for any company to positively validate the real-world identity of millions of users while maintaining the commonly expected level of usability."
Ubuntu

Ubuntu Linux 16.10 'Yakkety Yak' Beta 1 Now Available For Download (betanews.com) 90

An anonymous reader quotes a report from BetaNews: Today, the first beta of Ubuntu Linux 16.10 sees release. Once again, a silly animal name is assigned, this time being the letter "Y" for the horned mammal, "Yakkety Yak." This is also a play on the classic song "Yakety Yak" by The Coasters. Please be sure not to "talk back" while testing this beta operating system! "Pre-releases of the Yakkety Yak are not encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage. They are, however, recommended for Ubuntu flavor developers and those who want to help in testing, reporting and fixing bugs as we work towards getting this bos grunniens ready. Beta 1 includes a number of software updates that are ready for wider testing. These images are still under development, so you should expect some bugs," says Set Hallstrom, Ubuntu Studio project lead. He adds: "While these Beta 1 images have been tested and work, except as noted in the release notes, Ubuntu developers are continuing to improve the Yakkety Yak. In particular, once newer daily images are available, system installation bugs identified in the Beta 1 installer should be verified against the current daily image before being reported in Launchpad. Using an obsolete image to re-report bugs that have already been fixed wastes your time and the time of developers who are busy trying to make 16.10 the best Ubuntu release yet. Always ensure your system is up to date before reporting bugs." Here are the following download links: Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio.
Communications

Twitter Is Working On Anti-Harassment Keyword Filtering Tool, Says Report (bloomberg.com) 169

Twitter CEO Jack Dorsey has made it a top priority for company to limit hateful conduct. In late December 2015, for example, the company changed its rules to explicitly ban "hateful conduct" for the first time. A new report says Twitter is working to further curb the rise of hateful conduct as it is "working on a keyword-based tool that will let people filter the posts they see, giving users a more effective way to block out harassing and offensive tweets." Bloomberg reports: "The San Francisco-based company has been discussing how to implement the tool for about a year as it seeks to stem abuse on the site, said the people [familiar with the matter], who asked not to be identified because the initiative isn't public. By using keywords, users could block swear words or racial slurs, for example, to screen out offenders. The filtering tool could eventually become a moderator for any kind of content, the people said. For example, users could block a hashtag about an event they don't care to read about."
Democrats

Hillary Clinton Used BleachBit To Wipe Emails (neowin.net) 544

An anonymous reader quotes a report from Neowin: The open-source disk cleaning application, BleachBit, got quite a decent ad pitch from the world of politics after it was revealed lawyers of the presidential hopeful, Hillary Clinton, used the software to wipe her email servers. Clinton is currently in hot water, being accused of using private servers for storing sensitive emails. "[South Carolina Representative, Trey Gowdy, spoke to Fox News about Hillary Clinton's lawyers using BleachBit to wipe the private servers. He said:] 'She and her lawyers had those emails deleted. And they didn't just push the delete button; they had them deleted where even God can't read them. They were using something called BleachBit. You don't use BleachBit for yoga emails or bridesmaids emails. When you're using BleachBit, it is something you really do not want the world to see.'" Two of the main features that are listed on the BleachBit website include "Shred files to hide their contents and prevent data recovery," and "Overwrite free disk space to hide previously deleted files." These two features would make it pretty difficult for anyone trying to recover the deleted emails. Slashdot reader ahziem adds: The IT team for presidential candidate Hillary Clinton used the open source cleaning software BleachBit to wipe systems "so even God couldn't read them," according to South Carolina Rep. Trey Gowdy on Fox News. His comments on the "drastic cyber-measure" were in response to the question of whether emails on her private Microsoft Exchange Server were simply about "yoga and wedding plans." Perhaps Clinton's team used an open-source application because, unlike proprietary applications, it can be audited, like for backdoors. In response to the Edward Snowden leaks in 2013, privacy expert Bruce Schneier advised in an article in which he stated he also uses BleachBit, "Closed-source software is easier for the NSA to backdoor than open-source software." Ironically, Schneier was writing to a non-governmental audience. Have any Slashdotters had any experience with BleachBit? Specifically, have you used it for erasing "yoga emails" or "bridesmaids emails?"
Media

The Slashdot Interview With VideoLAN President and Lead VLC Developer Jean-Baptiste Kempf 40

You asked, he answered!

VideoLan President and Lead Developer of VLC Jean-Baptiste Kempf has responded to questions submitted by Slashdot readers. Read on to find out about the upcoming VideoLAN projects; how they keep VLC sustainable; what are some mistakes they wish they hadn't made; and what security challenges they face, among others!
AI

Amazon, NVIDIA and The CIA Want To Teach AI To Watch Us From Space (technologyreview.com) 60

An anonymous reader quotes a report from MIT Technology Review: Satellite operator DigitalGlobe is teaming up with Amazon, the venture arm of the CIA, and NVIDIA to make computers watch the Earth from above and automatically map our roads, buildings, and piles of trash. MIT Technology Review reports: "In a joint project, DigitalGlobe today released satellite imagery depicting the whole of Rio de Janeiro to a resolution of 50 centimeters. The outlines of 200,000 buildings inside the city's roughly 1,900 square kilometers have been manually marked on the photos. The SpaceNet data set, as it is called, is intended to spark efforts to train machine-learning algorithms to interpret high-resolution satellite photos by themselves. DigitalGlobe says the SpaceNet data set should eventually include high-resolution images of half a million square kilometers of Earth, and that it will add annotations beyond just buildings. DigitalGlobe's data is much more detailed than publicly available satellite data such as NASA's, which typically has a resolution of tens of meters. Amazon will make the SpaceNet data available via its cloud computing service. Nvidia will provide tools to help machine-learning researchers train and test algorithms on the data, and CosmiQ Works, a division of the CIA's venture arm In-Q-Tel focused on space, is also supporting the project." "We need to develop new algorithms for this data," says senior vice president at DigitalGlobe, Tony Frazier. He goes on to say that health and aid programs are to benefit from software that is able to map roads, bridges and various other infrastructure. The CEO of Descartes Labs, Mark Johnson, a "startup that predicts crop yields from public satellite images," says the data that is collected "should be welcome to startups and researchers," according to MIT Technology Review. "Potential applications could include estimated economic output from activity in urban areas, or guiding city governments on how to improve services such as trash collections, he says."
Data Storage

Intel Launches Flurry of 3D NAND-Based SSDs For Consumer and Enterprise Markets (hothardware.com) 145

MojoKid writes: Intel launched a handful of new SSD products today that cover a broad spectrum of applications and employ 3D NAND technology. The SSD 600p Series is offered in four capacities ranging from 128GB, to 256GB, 512GB and 1TB. The drivers are targeted at consumer desktops and notebooks and are available in the M.2 form-factor. The entry-level 128GB model offers sequential reads and writes of up to 770 MB/sec and 450 MB/sec respectively. At higher densities, the multi-channel 1TB model offers sequential reads and writes that jump to 1,800 MB/sec and 560 MB/sec respectively. The 128GB SSD 600p weighs in at $69, while the 1TB model is priced at $359, or about .36 cents per GiB. For the data center, Intel has also introduced the DC P3520 and DC S3520 Series SSDs in 2.5-inch and PCIe half-height card form-factors. Available in 450GB to 2TB capacities, the range-topping 2TB model offers random reads/writes of 1,700 MB/sec and 1,350 MB/sec respectively. Finally, Intel launched the SSD E 6000p (PCIe M.2) and SSD E 5420s Series (SATA). The former supports Core vPro processors and is targeted at point-of-sale systems and digital signage. The latter is aimed at helping customers ease the transition from HDDs to SSDs in IoT applications.
Medicine

The Big Short: Security Flaws Fuel Bet Against St. Jude (securityledger.com) 79

chicksdaddy writes: "Call it The Big Short -- or maybe just the medical device industry's 'Shot Heard Round The World': a report from Muddy Waters Research recommends that its readers bet against (or 'short') St. Jude Medical after learning of serious security vulnerabilities in a range of the company's implantable cardiac devices," The Security Ledger reports. "The Muddy Waters report on St. Jude's set off a steep sell off in St. Jude Medical's stock, which finished the day down 5%, helping to push down medical stocks overall. The report cites the 'strong possibility that close to half of STJ's revenue is about to disappear for approximately two years' as a result of 'product safety' issues stemming from remotely exploitable vulnerabilities in STJ's pacemakers, implantable cardioverter defibrillator (ICD), and cardiac resynchronization therapy (CRT) devices. The vulnerabilities are linked to St. Jude's Merlin at home remote patient management platform, said Muddy Waters. The firm cited research by MedSec Holdings Ltd., a cybersecurity research firm that identified the vulnerabilities in St. Jude's ecosystem. Muddy Waters said that the affected products should be recalled until the vulnerabilities are fixed. In an e-mail statement to Security Ledger, St. Jude's Chief Technology Officer, Phil Ebeling, called the allegations 'absolutely untrue.' 'There are several layers of security measures in place. We conduct security assessments on an ongoing basis and work with external experts specifically on Merlin at home and on all our devices,' Ebeling said."

More controversial: MedSec CEO Justine Bone acknowledged in an interview with Bloomberg that her company did not first reach out to St. Jude to provide them with information on the security holes before working with Muddy Waters. Information security experts who have worked with the medical device industry to improve security expressed confusion and dismay. "If safety was the goal then I think (MedSec's) execution was poor," said Joshua Corman of The Atlantic Institute and I Am The Cavalry. "And if profit was the goal it may come at the cost of safety. It seems like a high stakes game that people may live to regret."

Crime

US Unveils Charges Against KickassTorrents, Names Two More Defendants (arstechnica.com) 110

A total of three men are said to be operators of file-sharing site KickassTorrents (KAT), according to U.S. prosecutors. Last month, federal authorities arrested the 30-year-old Ukrainian mastermind of KAT, Artem Vaulin, and formally charged him with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. Two other Ukrainians were named in the new indictment (PDF): Levgen (Eugene) Kutsenko and Oleksander (Alex) Radostin. While only Vaulin has been arrested, bench warrants have been issue for the arrest of all three men. Ars Technica reports: "Prosecutors say the three men developed and maintained the site together and used it to 'generate millions of dollars from the unlawful distribution of copyright-protected media, including movies, [...] television shows, music, video games, computer software, and electronic books.' They gave out 'Reputation' and 'User Achievement' awards to users who uploaded the most popular files, including a special award for users who had uploaded more than 1,000 torrents. The indictment presents a selection of the evidence that the government intends to use to convict the men, and it isn't just simple downloads of the copyrighted movies. The government combed through Vaulin's e-mails and traced the bitcoins that were given to him via a 'donation' button."
Open Source

Princeton Researchers Announce Open Source 25-Core Processor (pcworld.com) 112

An anonymous reader writes: Researchers at Princeton announced at Hot Chips this week their 25-core Piton Processor. The processor was designed specifically to increase data center efficiency with novel architecture features enabling over 8,000 of these processors to be connected together to build a system with over 200,000 cores. Fabricated on IBM's 32nm process and with over 460 million transistors, Piton is one of the largest and most complex academic processors every built. The Princeton team has opened their design up and released all of the chip source code, tests, and infrastructure as open source in the OpenPiton project, enabling others to build scalable, manycore processors with potentially thousands of cores.
Government

Malware Sold To Governments Helped Them Spy on iPhones (washingtonpost.com) 31

One of the world's most evasive digital arms dealers is believed to have been taking advantage of three security vulnerabilities in popular Apple products in its efforts to spy on dissidents and journalists, reports The New York Times. (Editor's note: the link could be paywalled, here's an alternate source). From the report: Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target's mobile phone, was responsible for the intrusions. The NSO Group's software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user. In response, Apple on Thursday released a patched version of its mobile software, iOS 9.3.5. Users can get the patch through a normal software update.The Washington Post reports that these "zero-day" flaws were previously used by the governments to take over victims' phones by tricking them into clicking on a link to a text message. Motherboard says that this is the first time anyone has uncovered such an attack in the wild. "Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars."
Transportation

Singapore Launches World's First 'Self-driving' Taxi Service (theguardian.com) 60

Days before ride-hailing service Uber debuts its self-driving car in Pittsburgh, a company in Singapore has beaten Uber to the race. The Guardian reports: The world's first "self-driving" taxi service has been launched in Singapore -- albeit with a human backup driver and co-pilot on board for the time being. Members of the public selected to take part in the trial would be able to hail a free ride through their smartphones, said nuTonomy, an autonomous vehicle software startup. The cars -- modified Renault Zoe and Mitsubishi i-MiEV electrics -- had a driver in the front prepared to take back the wheel and a researcher in the back watching the car's computers, the company said. Each was fitted with Lidar, a laser-based detection system like radar. An Associated Press reporter taking a ride on Wednesday observed that the safety driver had to step on the brakes once, when a car was obstructing the test car's lane and another vehicle, which appeared to be parked, suddenly began moving in the oncoming lane. The service would start with six cars, growing to a dozen by the end of the year, said nuTonomy, adding that it aimed to have a fully self-driving taxi fleet in Singapore by 2018.
Social Networks

Researchers Create Algorithm That Diagnoses Depression From Your Instagram Feed (inverse.com) 84

An anonymous reader quotes a report from Inverse: Harvard University's Andrew Reece and the University of Vermont's Chris Danforth crafted an algorithm that can correctly diagnose depression, with up to 70 percent accuracy, based on a patient's Instagram feed alone. After a careful screening process, the team analyzed almost 50,000 photos from 166 participants, all of whom were Instagram users and 71 of whom had already been diagnosed with clinical depression. Their results confirmed their two hypotheses: first, that "markers of depression are observable in Instagram user behavior," and second, that "these depressive signals are detectable in posts made even before the date of first diagnosis." The duo had good rationale for both hypotheses. Photos shared on Instagram, despite their innocent appearance, are data-laden: Photos are either taken during the day or at night, in- or outdoors. They may include or exclude people. The user may or may not have used a filter. You can imagine an algorithm drooling at these binary inputs, all of which reflect a person's preferences, and, in turn, their well-being. Metadata is likewise full of analyzable information: How many people liked the photo? How many commented on it? How often does the user post, and how often do they browse? Many studies have shown that depressed people both perceive less color in the world and prefer dark, anemic scenes and images. The majority of healthy people, on the other hand, prefer colorful things. [Reece and Danforth] collected each photo's hue, saturation, and value averages. Depressed people, they found, tended to post photos that were more bluish, unsaturated, and dark. "Increased hue, along with decreased brightness and saturation, predicted depression," they write. The researchers found that happy people post less than depressed people, happy people post photos with more people in them than their depressed counterparts. and that depressed participants were less likely to use filters. The majority of "healthy" participants chose the Valencia filter, while the majority of "depressed" participants chose the Inkwell filter. Inverse has a neat little chart embedded in their report that shows the usage of Instagram filters between depressed and healthy users.

Slashdot Top Deals