Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Bug

Bugs In SCADA Software Leave 7,600 Factories Vulnerable 70

Posted by timothy
from the about-that-skeleton-key dept.
mspohr (589790) writes with this news from the BBC: "The discovery of bugs in software used to run oil rigs, refineries and power plants has prompted a global push to patch the widely used control system. The bugs were found by security researchers and, if exploited, could give attackers remote access to control systems for the installations. The U.S. Department of Homeland Security said an attacker with 'low skill' would be able to exploit the bugs. About 7,600 plants around the world are using the vulnerable software. 'We went from zero to total compromise,' said Juan Vazquez, a researcher at security firm Rapid7 who, with colleague Julian Diaz, found several holes in Yokogawa's Centum CS 3000 software which was first released to run on Windows 98 to monitor and control machinery in many large industrial installations. The researchers also explored other SCADA software: 'We ended up finding over 1,000 bugs in 100 days.'" The vulnerabilities reported are in Yokogawa's Centum CS 300 industrial control software.
The Almighty Buck

Most Expensive Aviation Search: $53 Million To Find Flight MH370 233

Posted by timothy
from the what's-the-right-amount-to-spend? dept.
mdsolar (1045926) writes "The search and investigation into missing Malaysia Airlines flight MH370 is already the most expensive in aviation history, figures released to Fairfax Media suggest. The snippets of costings provide only a small snapshot but the $US50 million ($54 million) spent on the two-year probe into Air France Flight 447 — the previous record — appears to have been easily surpassed after just four weeks.... The biggest expense in the search has involved ships, satellites, planes and submarines deployed first in the South China Sea and the Malacca Straits, and then in the remote reaches of the southern Indian Ocean."
Government

Federal Bill Would Criminalize Revenge Porn Websites 328

Posted by timothy
from the drawing-lines dept.
An anonymous reader writes with this excerpt from a thought-provoking article at TechDirt: "My own representative in Congress, Jackie Speier, has apparently decided to introduce a federal 'revenge porn' bill, which is being drafted, in part, by Prof. Mary Anne Franks, who has flat out admitted that her goal is to undermine Section 230 protections for websites (protecting them from liability of actions by third parties) to make them liable for others' actions. Now, I've never written about Franks before, but the last time I linked to a story about her in a different post, she went ballistic on Twitter, attacking me in all sorts of misleading ways. So, let me just be very clear about this. Here's what she has said: '"The impact [of a federal law] for victims would be immediate," Franks said. "If it became a federal criminal law that you can't engage in this type of behavior, potentially Google, any website, Verizon, any of these entities might have to face liability for violations.' That makes it clear her intent is to undermine Section 230 and make third parties — like 'Google, any website, Verizon... face liability.'"
Hardware Hacking

Tesla Model S Has Hidden Ethernet Port, User Runs Firefox On the 17" Screen 208

Posted by timothy
from the wardriving-in-style dept.
New submitter FikseGTS (3604833) writes "A Tesla Model S owner located a 4 pin connector on the left side of the Tesla Model S dashboard that turns out to be a disguised ethernet networking port. After crafting his owns patch cable to connect with the Tesla's port, a networking connection was established between the Tesla Model S and a laptop computer. The Model S is running a 100 Mbps, full duplex ethernet network and 3 devices were found with assigned IP addresses in the 192.168.90.0 subnet. Some ports and services that were open on the devices were 22 (SSH), 23 (telnet),53 (open domain), 80 (HTTP), 111 (rpcbind), 2049 (NFS), 6000 (X11). Port 80 was serving up a web page with the image or media of the current song being played. The operating system is modified version of Ubuntu using an ext3 filesystem. Using X11 it also appears that someone was able to somewhat run Firefox on both of the Model S screens. Is a jailbroken Tesla Model S on the way?" Some more details on this front would be appreciated, for anyone who has a Tesla they'd like to explore.
Android

Illustrating the Socioeconomic Divide With iOS and Android 161

Posted by Soulskill
from the your-phone-is-your-class-marker dept.
An anonymous reader writes: "Android has a huge market share advantage over iOS these days, but it hasn't had as much success at following the money. iOS continues to win over many app developers and businesses who want to maximize their earnings. Now, an article at Slate goes over some of the statistics demonstrating this trend. A map of geo-located Tweets show that in Manhattan, a generally affluent area, most of the Tweets come from iPhones. Meanwhile, in nearby Newark, which is a poorer area, most Tweets come from Android devices. In other tests, traffic data shows 87% of visits to e-commerce websites from tablets come from iPads, and the average value of an order from an iPad is $155, compared to $110 from Android tablets. (Android fairs a bit better on phones). Android shows a huge market share advantage in poorer countries, as well. Not all devs and business are just chasing the money, though. Twitter developer Cennydd Bowles said, 'I do hope, given tech's rhetoric about changing the world and disrupting outdated hierarchies, that we don't really think only those with revenue potential are worth our attention. A designer has a duty to be empathetic; to understand and embrace people not like him/herself. A group owning different devices to the design elite is not a valid reason to neglect their needs.'"
Movies

The Amazon Fire TV Is Kind of a Mess 96

Posted by Soulskill
from the why-is-streaming-tv/movies-still-so-terrible-in-2014 dept.
redletterdave writes: "At the Fire TV unveiling, Amazon officials sounded like they perfectly understood how frustrating TV streaming devices are for their owners. Amazon focused on three main problems: Search is hard, especially for anything not on a bestseller list; streaming devices often provide slow or laggy performance; and TV set-top boxes tend to be closed ecosystems. The Fire TV is Amazon's attempt to solve these three problems—the key word here being 'attempt.' Perhaps Amazon's homegrown solution was a bit premature and its ambitions too lofty, because while Fire TV can do almost everything, little of it is done right." An example given by the review is how the touted Voice Search works — it doesn't interact at all with supported apps, instead bringing up Amazon search results. Thus, even if you have access to a movie for free through Netflix, using the Voice Search for that movie will only bring up Amazon's paid options.
Bug

Nest Halts Sales of Smart Fire Alarm After Discovering Dangerous Flaw 128

Posted by Soulskill
from the out-of-the-frying-pan dept.
fructose writes: "The Nest Protect has a flaw in its software that, under the right circumstances, could disable the alarm and not notify the owners of a fire. To remedy this flaw, they are disabling the Nest Wave feature through automatic updates. Owners who don't have their Nest Protects connected to their WiFi net or don't have a Nest account are suggested to either update the device manually or return it to Nest for a full refund. While they work out the problem, all sales are being halted to prevent unsafe units from being sold. There have been no reported incidents resulting from this flaw, but they aren't taking any chances."
Cellphones

Google Project Ara Design Will Use Electro-Permanent Magnets To Lock In Modules 62

Posted by Soulskill
from the magnets-how-the-heck-to-they-work dept.
MojoKid writes: "Google's Project Ara, an effort to develop a modular smartphone platform, sounded at first as much like vaporware, but Google is actually making it happen. In an upbeat video, Dave Hakkens (the guy who created the Phonebloks design that appears to be the conceptual basis for Project Ara) visited the Google campus to see what progress is being made on the project. The teams working on Project Ara have figured out a key solution to one of the first problems they encountered, which was how to keep all the modules stuck together. They decided to use electro-permanent magnets. In terms of design, they've decided not to cover up the modules, instead making their very modularity part of the aesthetic appeal. 3D Systems is involved on campus, as they're delivering the 3D printing technology to make covers for the modules."
Security

TCP/IP Might Have Been Secure From the Start If Not For the NSA 149

Posted by Soulskill
from the another-lash-for-the-whipping-boy dept.
chicksdaddy writes: "The pervasiveness of the NSA's spying operation has turned it into a kind of bugaboo — the monster lurking behind every locked networking closet and the invisible hand behind every flawed crypto implementation. Those inclined to don the tinfoil cap won't be reassured by Vint Cerf's offhand observation in a Google Hangout on Wednesday that, back in the mid 1970s, the world's favorite intelligence agency may have also stood in the way of stronger network layer security being a part of the original specification for TCP/IP. (Video with time code.) Researchers at the time were working on just such a lightweight cryptosystem. On Stanford's campus, Cerf noted that Whit Diffie and Martin Hellman had researched and published a paper that described the functioning of a public key cryptography system. But they didn't yet have the algorithms to make it practical. (Ron Rivest, Adi Shamir and Leonard Adleman published the RSA algorithm in 1977). As it turns out, however, Cerf did have access to some really bleeding edge cryptographic technology back then that might have been used to implement strong, protocol-level security into the earliest specifications of TCP/IP. Why weren't they used? The crypto tools were part of a classified NSA project he was working on at Stanford in the mid 1970s to build a secure, classified Internet. 'At the time I couldn't share that with my friends,' Cerf said."
XBox (Games)

Five-Year-Old Uncovers Xbox One Login Flaw 196

Posted by Soulskill
from the kids-input-the-darnedest-credentials dept.
New submitter Smiffa2001 writes: "The BBC reports that five-year-old Kristoffer Von Hassel from San Diego has uncovered a (frankly embarrassing) security flaw within the Xbox One login screen. Apparently by entering an incorrect password in the first prompt and then filling the second field with spaces, a user can log in without knowing a password to an account. Young Kristoffer's dad submitted the flaw to Microsoft — who have patched the flaw — and have generously provided four free games, $50, a year-long subscription to Xbox Live and an entry on their list of Security Researcher Acknowledgments."
Space

How Many People Does It Take To Colonize Another Star System? 392

Posted by Soulskill
from the i'll-volunteer-everyone-in-california dept.
Hugh Pickens DOT Com writes: "The nearest star systems — such as our nearest neighbor, Proxima Centauri, which is 4.2 light-years from home — are so far away, reaching them would require a generational starship. Entire generations of people would be born, live, and die before the ship reached its destination. This brings up the question of how many people you need to send on a hypothetical interstellar mission to sustain sufficient genetic diversity. Anthropologist Cameron Smith has calculated how many people would be required to maintain genetic diversity and secure the success of the endeavor. William Gardner-O'Kearney helped Smith build the MATLAB simulations to calculate how many different scenarios would play out during interstellar travel and ran some simulations specially to show why the success of an interstellar mission depends crucially on the starting population size. Gardner-O'Kearny calculated each population's possible trajectory over 300 years, or 30 generations. Because there are a lot of random variables to consider, he calculated the trajectory of each population 10 times, then averaged the results.

A population of 150 people, proposed by John Moore in 2002, is not nearly high enough to maintain genetic variation. Over many generations, inbreeding leads to the loss of more than 80 percent of the original diversity found within the hypothetical gene. A population of 500 people would not be sufficient either, Smith says. "Five hundred people picked at random today from the human population would not probably represent all of human genetic diversity . . . If you're going to seed a planet for its entire future, you want to have as much genetic diversity as possible, because that diversity is your insurance policy for adaptation to new conditions." A starting population of 40,000 people maintains 100 percent of its variation, while the 10,000-person scenario stays relatively stable too. So, Smith concludes that a number between 10,000 and 40,000 is a pretty safe bet when it comes to preserving genetic variation. Luckily, tens of thousands of pioneers wouldn't have to be housed all in one starship. Spreading people out among multiple ships also spreads out the risk. Modular ships could dock together for trade and social gatherings, but travel separately so that disaster for one wouldn't spell disaster for all. 'With 10,000,' Smith says, 'you can set off with good amount of human genetic diversity, survive even a bad disease sweep, and arrive in numbers, perhaps, and diversity sufficient to make a good go at Humanity 2.0.'"
Education

Ask Slashdot: the State of Open CS, IT, and DBA Courseware in 2014? 84

Posted by Soulskill
from the education-is-cheap,-it's-that-one-piece-of-paper-that's-expensive dept.
xyourfacekillerx writes "Not long ago, Slashdot readers answered a question for someone seeking to finish a BS in CS online. I am in a similar situation with a different question. I have spent five years frivolously studying philosophy at a very expensive university, and now I want to start towards an Associate's in CS, and then perhaps a Bachelor's (I want to program for a living; I write code daily anyways). After four hours of combing through Google results, I still don't have much useful information. Problem 1: I am out of money and I have an 8 to 5 job, so on-campus enrollment is not an option. Problem 2: and I have very little to transfer due to the specificity of my prior studies: I don't even have my core English/Language or even math cores to transfer. My questions are: 1) Just where are the open CS courses? Who offers it in a way that's more than just lecture notes posts online? 2) Can any of it help or hinder me getting a degree (i.e. does any of it transfer, potentially? Is it a waste of time? Additionally, any tips about accredited online universities (preferably self-paced) where I can start to get my associates and/or bachelor's in CS at low cost would be useful. I intend to be enrolled online somewhere by Fall, and I am starting my own search among local (Colorado) junior colleges who don't demand on-campus presence like most four-years schools do."
Microsoft

Microsoft To Allow Code Contributions To F# 100

Posted by Soulskill
from the also-debating-renaming-it-to-hashtag-F dept.
An anonymous reader writes "The F# programming language team has been providing source code releases for years, but all contributions to the core implementation were internal. Microsoft is now changing that. They've announced that they'll be accepting code contributions from the community for the core F# language, the compiler, library, and Visual F# tools. They praised the quality of work currently being done by the F# community: 'The F# community is already doing high-quality, cross-platform open engineering using modern tools, testing methodology and build processes. Some particularly active projects include the Visual F# Power Tools, FSharp.Data, F# Editing Support for Open Editors, the Deedle DataFrame library and a host of testing tools, web tools, templates, type providers and other tools.' Microsoft is actively solicited bug fixes, optimizations, and library improvements."
Math

P vs. NP Problem Linked To the Quantum Nature of the Universe 199

Posted by Soulskill
from the schrodingers-cat-is-both-alive-and-equal-to-NP dept.
KentuckyFC writes: "One of the greatest mysteries in science is why we don't see quantum effects on the macroscopic scale; why Schrodinger's famous cat cannot be both alive and dead at the same time. Now one theorist says the answer is because P is NOT equal to NP. Here's the thinking: The equation that describes the state of any quantum object is called Schrodinger's equation. Physicists have always thought it can be used to describe everything in the universe, even large objects, and perhaps the universe itself. But the new idea is that this requires an additional assumption — that an efficient algorithm exists to solve the equation for complex macroscopic systems. But is this true? The new approach involves showing that the problem of solving Schrodinger's equation is NP-hard. So if macroscopic superpositions exist, there must be an algorithm that can solve this NP-hard problem quickly and efficiently. And because all NP-hard problems are mathematically equivalent, this algorithm must also be capable of solving all other NP-hard problems too, such as the traveling salesman problem. In other words, NP-hard problems are equivalent to the class of much easier problems called P. Or P=NP. But here's the thing: computational complexity theorists have good reason to think that P is not equal to NP (although they haven't yet proven it). If they're right, then macroscopic superpositions cannot exist, which explains why we do not (and cannot) observe them in the real world. Voila!"
Open Source

Linus Torvalds Suspends Key Linux Developer 641

Posted by Soulskill
from the arguing-about-penguins dept.
alphadogg writes: "An argument between developers of some of the most basic parts of Linux turned heated this week, resulting in a prominent Red Hat employee and code contributor being banned from working on the Linux kernel. Kay Sievers, a well-known open-source software engineer, is a key developer of systemd, a system management framework for Linux-based operating systems. Systemd is currently used by several prominent Linux distributions, including two of the most prominent enterprise distros, Red Hat and SUSE. It was recently announced that Ubuntu would adopt systemd in future versions as well. Sievers was banned by kernel maintainer Linus Torvalds on Wednesday for failing to address an issue that caused systemd to interact with the Linux kernel in negative ways."
Editorial

Algorithm Challenge: Burning Man Vehicle Exodus 273

Posted by Soulskill
from the in-the-name-of-efficiency dept.
Slashdot contributor Bennett Haselton writes: "A year ago, getting ready for Burning Man, I read that the cars in the exit line sometimes have to wait in the sun for hours to get out. I came up with an algorithm that I thought would alleviate the problem. Do you think it would work? If not, why not? Or can you think of a better one?" Read on for the rest of Bennett's thoughts.
Cloud

GameSpy Multiplayer Shutting Down, Affecting Hundreds of Games 145

Posted by Soulskill
from the things-you-may-no-longer-experience dept.
An anonymous reader writes "For over a decade, GameSpy has provided and hosted multiplayer services for a variety of video games. GameSpy was purchased in 2012, and there were some worrying shutdowns of older servers, which disabled multiplayer capabilities for a number of games. Now, the whole service is going offline on May 31. Some publishers are scrambling to move to other platforms, while others are simply giving up on those games. Nintendo's recent abandonment of Wi-Fi games was a result of their reliance on GameSpy's servers. Bohemia Interactive, developers of the Arma series, said the GameSpy closure will affect matchmaking and CD-key authentication."
NASA

NASA To Catalog and Release Source Code For Over 1,000 Projects 46

Posted by Soulskill
from the go-big-or-go-home dept.
An anonymous reader writes "By the end of next week, NASA will release a master catalog of over 1,000 software projects it has conducted over the years and will provide instructions on how the public can obtain copies of the source code. NASA's goal is to eventually 'host the actual software code in its own online repository, a kind of GitHub for astronauts.' This follows NASA's release of the code running the Apollo 11 Guidance Computer a few years back. Scientists not affiliated with NASA have already adapted some of NASA's software. 'In 2005, marine biologists adapted the Hubble Space Telescope's star-mapping algorithm to track and identify endangered whale sharks. That software has now been adapted to track polar bears in the arctic and sunfish in the Galapagos Islands.' The Hubble Space Telescope's scheduling software has reportedly also been used to schedule MRIs at hospitals and as control algorithms for online dating services. The possibilities could be endless."
Transportation

Hacker Holds Key To Free Flights 144

Posted by Soulskill
from the TSA-bans-cell-phones-and-sitting-down-in-response dept.
mask.of.sanity writes: "A security researcher says he has developed a method to score free flights across Europe by generating fake boarding passes designed for Apple's Passbook app. The 18-year-old computer science undergrad didn't reveal the 'bypass' which gets the holder of the fraudulent ticket past the last scanner and onto the jetway; he's saving that for his talk at Hack in the Box in Amsterdam next month."
Mars

Will Living On Mars Drive Us Crazy? 150

Posted by samzenpus
from the can't-you-hear-them?-didn't-you-see-the-crowd? dept.
Hugh Pickens DOT Com (2995471) writes "When astronauts first began flying in space, NASA worried about 'space madness,' a mental malady they thought might arise from humans experiencing microgravity and claustrophobic isolation inside of a cramped spacecraft high above the Earth. Now Megan Garber writes in The Atlantic that NASA is hoping to find out what life on Mars does to the human emotional state by putting three men and three women in a 1,000-square-foot habitat shaped like a dome for four months. The volunteers in the second HI-SEAS mission — a purposely tiny group selected out of a group of 700 applicants — include, among others, a neuropsychologist, an aerospace engineer, and an Air Force veteran who is studying human factors in aviation. 'We're going to stress them,' says Kim Binsted, the project's principal investigator. 'That's the nature of the study.' That test involves isolating the crew in the same way they'd be isolated on Mars. The only communication they'll be allowed with the outside world—that is to say, with their family and friends—will be conducted through email. (And that will be given an artificial delay of 20 minutes to simulate the lag involved in Mars-to-Earth communications.)

If that doesn't seem too stressful, here's another source of stress: Each mission member will get only eight minutes of shower time ... per week. The stress will be compounded by the fact that the only time the crew will be able to leave their habitat-yurt is when they're wearing puffy, insulated uniforms that simulate space suits. In the Hawaiian heat. Throughout the mission, researchers will be testing the subjects' moods and the changes they exhibit in their relationships with each other. They'll also be examining the crew members' cognitive skills, seeing whether—and how—they change as the experiment wears on. Binsted says the mission has gotten the attention of the TV world but don't expect to see much inside-the-dome footage. 'You wouldn't believe the number of producers who called us,' says Binsted. 'Fortunately, we're not ethically allowed to subject our crew to that kind of thing.'"
Space

Skydiver's Helmet Cam Captures a Falling Meteor 142

Posted by samzenpus
from the that's-a-close-one dept.
reifman (786887) writes "Anders Helstrup went skydiving nearly two years ago near Hedmark, Norway and while he didn't realize it at the time, when he reviewed the footage taken by two cameras fixed to his helmet during the dive, he saw a rock plummet past him. He took it to experts and they realized he had captured a meteorite falling during its dark flight — when it has been slowed by atmospheric braking, and has cooled and is no longer luminous."
Space

Saturn's Moon Enceladus Has Underground Ocean 51

Posted by samzenpus
from the water-at-the-bottom-of-the-ocean dept.
astroengine (1577233) writes "Gravity measurements made with the Saturn-orbiting Cassini spacecraft indicate the small moon Enceladus has an ocean sandwiched between its rocky core and icy shell, a finding that raises the prospects of a niche for life beyond Earth. The Cassini data shows the body of water, which is in the moon's southern hemisphere, must be as large or larger than Lake Superior and sitting on top of the moon's rocky core at a depth of about 31 miles. 'The ocean may extend halfway or more toward the equator in every direction,' said planetary scientist David Stevenson, with the California Institute of Technology in Pasadena."
The Internet

Oxford Internet Institute Creates Internet "Tube" Map 56

Posted by samzenpus
from the follow-the-lines dept.
First time accepted submitter Jahta (1141213) writes "The Oxford Internet Institute has created a schematic of the world's international fiber-optic links in the style of the famous London Tube map. The schematic also highlights nodes where censorship and surveillance are known to be in operation. The map uses data sourced from cablemap.info. Each node has been assigned to a country, and all nodes located in the same country have been collapsed into a single node. The resulting network has been then abstracted."

Only through hard work and perseverance can one truly suffer.

Working...