roger_that - Slashdot User

Submission + - Yes, that's Linus Torvalds happily chatting with Microsoft folks at a conference (businessinsider.com)

Submitted by mattydread23 on Wednesday August 24, 2016 @08:52PM

mattydread23 writes: Linus is commonly quoted as saying, "If Microsoft ever does applications for Linux it means I've won." Here he is hanging out, smiling, chatting and posing for photo ops with the Microsoft team at their booth at LinuxCon. It certainly looks like he's won.

Comment Re:Lack of comments (Score 1) 21

by roger_that on Monday August 22, 2016 @09:06AM (#52747337) Attached to: Intel Demos A New Robotics Controller Running Ubuntu

Love your Adventure reference. :) Perhaps these controllers could help explore the Colossal Cave. :)

Submission + - Wrong chemical dumped into Olympic pools made them green (arstechnica.com)

Submitted by Z00L00K on Tuesday August 16, 2016 @01:42AM

Z00L00K writes: After a week of trying to part with green tides in two outdoor swimming pools, Olympic officials over the weekend wrung out a fresh mea culpa and yet another explanation—neither of which were comforting. According to officials, a local pool-maintenance worker mistakenly added 160 liters of hydrogen peroxide to the waters on August 5, which partially neutralized the chlorine used for disinfection. With chlorine disarmed, the officials said that “organic compounds”—i.e. algae and other microbes—were able to grow and turn the water a murky green in the subsequent days. The revelation appears to contradict officials’ previous assurances that despite the emerald hue, which first appeared Tuesday, the waters were safe.

I would personally have avoided using the green pools, but that's just me.

Submission + - NVIDIA Drops Pascal Desktop GPUs Into Laptops With Mobile GeForce GTX 10-Series (hothardware.com)

Submitted by MojoKid on Tuesday August 16, 2016 @12:13AM

MojoKid writes: NVIDIA's new Pascal core graphics architecture is being driven throughout the company's entire product portfolio, as is typically the case. Today, NVIDIA brings Pascal to notebooks with the introduction of the NVIDIA Mobile GeForce GTX 10-Series. What's interesting is that the first laptop-targeted GPUs are actually quite similar to their desktop counterparts. In fact, all three of the Mobile GeForce GTX 10-Series graphics processors NVIDIA is announcing today come sans the traditional "M" tacked on the end of their model numbers. As it turns out, the migration to a 16nm manufacturing process with Pascal has been kind to NVIDIA and the Mobile GeForce GTX 1080 and Mobile GeForce GTX 1060 have nearly identical specs to their desktop counterparts, from CUDA core counts, to boost, and memory clock speeds. However, the Mobile GeForce GTX 1070 actually has a few more CUDA cores at 2048, versus 1920 for the desktop GTX 1070 (with slightly lower clocks). By tweaking boost clock peaks and MXM module power requirements, NVIDIA was able to get these new Pascal mobile GPUs into desktop replacement class machines and even 5-pound, 15-inch class standard notebook designs (for the 1060). In the benchmarks, the new Mobile GeForce GTX 10-Series blows pretty much any previous discrete notebook graphics chip out of the water and smooth 4K or 120Hz gaming is now possible on notebook platforms.

Submission + - Banks still not sanitizing user input.

Submitted by BarbaraHudson on Monday August 15, 2016 @09:11PM

BarbaraHudson writes: Recently I tried once again to use my bank's mobile app. I had deleted it a couple of times in the past because I could never get it to work. The bank had all sorts of excuses — "Maybe your card hasn't been activated for online banking", "You need to download the latest version", "We'll need to reset your password", "We'll issue you a new card", etc. New card, password reset both did nothing.

Turns out that entering the card number as shown on the card will never work. The card format is 9999 9999 9999 9999 (spaces between each group of 4 digits). They failed Rule 00; sanitize input.

Entering the number in that format will always fail. In this case they failed to remove spaces before testing whether the card number was valid. The android code to remove the embedded spaces is pretty generic one-liner:

String cardNo = edittext.getText().toString().replace(" ", "");

Looking at the online forums, others have had the same problem for the app's entire existence.

Having figured that out, I was immediately locked out for "too many failures to answer the security question". Of course, it never presented a security question, because the bozo who wrote the program incremented some "bad answer" counter on every login attempt, even if they never got to the point of seeing a security question. It also locks you out of using web banking on the same account..

Locking someone out of their account is now easy as pie, because it also works if the user enters their name instead of their card number. (If you have 5 John Smiths, you'll lock them all out, since access is granted based on both the user name and password matching if the account number isn't entered). Just load up an android app for the bank (I won't disclose which bank until 45 days have passed since notifying them today), enter their name and a bogus password a few times, and every John Smith is locked out. And of course, if the so-called developers are failing to do such basic input sanitation, it makes me pretty sure there are other intern-level programmer bugs are awaiting exploitation elsewhere.

Adding frustration is that they cannot do a password reset over the phone unless you have already signed up for telephone banking. Now why would anyone sign up for telephone banking when an app or the web is supposed to be more convenient? The excuse I was given is that they need it to establish my identity. So why not just text me an sms or email code that I can enter when requesting a password reset?

Lets hope other banks didn't use the same app geniuses.

Comment Re:Ok (Score 1) 62

by roger_that on Thursday August 11, 2016 @09:16AM (#52683563) Attached to: Linux Trojan Mines For Cryptocurrency Using Misconfigured Redis Servers

I don't have any Mod points today, but someone should mod this up. This is not a Linux failure, but a Redis admin failure.

Submission + - NASA TV to Air Spacewalk Live on August 19 (spacecoastdaily.com)

Submitted by William Robinson on Thursday August 11, 2016 @04:02AM

William Robinson writes: NASA Television will be bringing to viewers around the world live coverage Friday, Aug. 19, as two NASA astronauts install a new gateway for American commercial crew spacecraft at the International Space Station. Walking in space alone poses a threat to the astronauts performing their duty, but the new mission of installing a dock into the ISS adds to the level of difficulties that astronauts will need to survive in order to perform their duty. Coverage will begin at 6:30 a.m. EDT Aug. 19, on NASA TV and the agency’s website, with the spacewalk scheduled to begin at 8:05 a.m. Leading up to the spacewalk, NASA TV will air a briefing from the agency’s Johnson Space Center in Houston at 2 p.m. Monday, Aug. 15, during which station and commercial crew experts will discuss the process and significance of installing and connecting the first of two international docking adapters (IDAs) that will be used for the future arrivals of Boeing and SpaceX commercial crew spacecraft. Not an event to miss.

Submission + - Volkswagen screws up again, 100 million remote controls hacked (wired.com) 1

Submitted by Anonymous Coward on Thursday August 11, 2016 @01:37AM

An anonymous reader writes: The Wired writes that 100 million vehicles are vulnerable to a new Volkswagen hack. Researches from Birmingham (UK) and Germany discovered that vehicles which are manufactured by Volkswagen (including Seat, Skoda and Audi) in at least the last 15 years use a very insecure remote control system. Today, the scientific article, that describes the technical details and severity of the problem, is publicly released at the 25th USENIX Security Symposium 2016. It shows that the remote controls use some sort of cryptography, however, VW simply decided to use only one global encryption key for all their cars worldwide. This basically means there is no security all, only obscurity, since every key and every car contains the same secret. The research report states that:
The attacks are hence highly scalable and could be potentially carried out by an unskilled adversary. Since they are executed solely via the wireless interface, with at least the range of the original remote control (i.e., a few tens of meters), and leave no physical traces, they pose a severe threat in practice.

It is interesting how insurance companies might respond to this exposure. All vulnerable cars can be remotely unlocked with information that is extracted from just one recording that is intercepted from a significant distance. Moreover, the alarm system is disabled as well, which enables an adversary to enter the car and connect directly to the On Board Diagnostic (OBD) socket to disable the immobilizer and drive away.

Submission + - Retro computer project directors row (bbc.co.uk)

Submitted by Big Hairy Ian on Wednesday August 10, 2016 @10:25AM

Big Hairy Ian writes: The founders of a crowd-funded project to make a retro computer games console, backed by Spectrum inventor Sir Clive Sinclair, have distanced themselves from the company they used to run.
Retro Computers has received £417,375 ($542,000) from an Indiegogo campaign.
But former directors Paul Andrews and Chris Smith said they had been unable to answer backers' concerns and were now "publicly distancing" themselves.
The company accused Mr Andrews and Mr Smith of developing a rival product.

Submission + - Windows 10 Anniversary Update Is Infested With Bugs (cio.com)

Submitted by itwbennett on Wednesday August 10, 2016 @10:17AM

itwbennett writes: As previously reported on Slashdot, in Tuesday's updates, Microsoft disabled RC4 in its Microsoft Edge and Internet Explorer browsers on Windows 7, Windows 8.1 and Windows 10, after deeming the cipher 'no longer cryptographically secure.' The company also fixed 'a serious security flaw in the Windows PDF Library.' But these aren't the only bugs being reported in the Windows 20 Anniversary Update. CIO.com's Bill Snyder reports that 'there are widespread reports of significant bugs in the update, and they're causing systems to freeze, browsers to misbehave, and peripherals — including Xbox One controllers — to malfunction. Two major antivirus companies also warn that incompatibilities with Windows 10 could open up users to security risks.'

Submission + - Widespread Linux Flaw Allows TCP Session Hijacking, Data Injection

Submitted by Trailrunner7 on Wednesday August 10, 2016 @10:03AM

Trailrunner7 writes: The TCP implementation in all Linux systems built since 2012 has a serious flaw that can allow an attacker to terminate or inject data into a session between any two vulnerable machines on the Internet. The bug could also be used to end encrypted connections or downgrade the privacy of connections run through Tor or other anonymity networks.

The vulnerability was introduced in Linux 3.6 and an attacker does not need to be in a man-in-the-middle position in order to exploit it. The researchers at the University of California Riverside who discovered the flaw say that it results from an attackers ability to infer the TCP sequence numbers for the packets flowing between two hosts.

Submission + - Lenovo Fails To Perform Planned Spark SSD Demo

Submitted by Anonymous Coward on Wednesday August 10, 2016 @09:43AM

An anonymous reader writes: Lenovo, the Chinese PC giant, planned to unveil its long-anticipated Project Spark solid state drive for data center use. However, it backed out of the demonstration at the last minute, citing a ‘reassessment of the risk’ involved with completing a demonstration of the technology so far from the 2017 mid-year release date. Project Spark represents Lenovo’s initial entry into the highly competitive SSD market. A demonstration was planned at the Flash Memory Summit in California but was cancelled on the same day. The prototype SSD, approximately the size of a memory stick, is believed to have between 6 and 8TB of storage space. Lenovo is currently researching linking multiple Project Spark cards onto a single board, which could provide storage capacity of more than 48TB.

Submission + - What Exactly Happens to Your Brain When You Exercise? (myfitnesspal.com)

Submitted by bethanyprichards on Tuesday August 02, 2016 @09:24AM

bethanyprichards writes: Exercise is good for your body. We all know that. But did you know that exercise also has massive brain-boosting benefits?

Studies have shown the positive effects that physical activity can have on your mood, your sleep and even your focus at work. But until recently, scientists had been unsure exactly why it was that people who were in better shape physically tended to be in better shape mentally.

To get to the bottom of this, researchers at the UC Davis Health System conducted a study with 38 healthy volunteers and measured two specific neurotransmitters in charge of regulating messaging in the brain — a process researchers call “brain metabolism.”

In the study, published earlier this year in The Journal of Neuroscience, participants exercised on stationary bikes, hitting about 85% of their maximum heart rate. The researchers had them do this for three vigorous sessions, each lasting between eight and 20 minutes.

Immediately before and after the sessions, the researchers used an extremely detailed MRI technique to measure the amount of glutamate and GABA — neurotransmitters that drive communication between brain cells and help to regulate both physical and emotional health — produced by their brains.

They found that both neurotransmitters spiked when the participants exercised. The largest increases were found in the visual cortex, which helps us process information (think mental clarity and focus) and in the anterior cingulate cortex, which helps regulate heart rate and emotion (take mood boost, for instance).

So what, you say — we've all experienced that immediate endorphin boost from exercise. That's where the learnings from the study were really interesting. The boost lasted long beyond the participants' workouts. The end results found evidence that exercising upped the participants' levels of glutamate and GABA even when they weren't working out.

In other words, you can boost your long-term brain metabolism as you chase those long-term fitness goals, like running that half-marathon or meeting your weight goal.

The authors of the study even suggested that the glutamate and GABA effects could go so far as to make exercise an important part of treatment for depression and other psychiatric disorders — possibly even as an alternative to the current class of drugs that work by affecting the behavior of neurotransmitters.

Now that's what we call a brain boost.

The post What Exactly Happens to Your Brain When You Exercise? appeared first on Hello Healthy.

Submission + - GhostMail Stops Providing Secure Comms, Storage To Individual Users (helpnetsecurity.com)

Submitted by Anonymous Coward on Tuesday August 02, 2016 @08:47AM

An anonymous reader writes: Encrypted email, chat and storage service GhostMail will no longer provide its services to individual users. Instead, it will concentrate on the enterprise market.

In an email sent to users and note prominently displayed on its website’s web page, the company explained that “the world has changed for the worse” and that they “do not want to take the risk of supplying our extremely secure service to the wrong people.”

Submission + - 36000 SAP Systems Exposed Online, Most Open To Attacks (helpnetsecurity.com)

Submitted by dinscott on Tuesday August 02, 2016 @08:45AM

dinscott writes: ERPScan released the first comprehensive SAP Cybersecurity Threat Report, covering product security, implementation security, and security awareness.

Among the interesting findings is that of the 36,000 services found online, 69 percent should not be exposed directly to the Internet as they are designed for internal use only, have critical vulnerabilities or require additional network filtration. Also, that countries where the highest number of SAP security presentations were delivered are characterized by more secure SAP system installations than countries where researchers did not present their studies — a win for those who preach SAP security.

Slashdot Top Deals