Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - Learn to code by competing with others (hackerearth.com)

Submitted by ariiii123
ariiii123 writes: Competitive coding experience is fast becoming a pre-requisite skill for every programmer. Top companies like Google and Facebook have strongly relied on assessing a candidate’s knowledge of algorithms and data structures to make a hiring decision and competitive coding has a heavy emphasis on this. To encourage more programmers to take up this essential skill, HackerEarth conducts an Easy Challenge on the first of every month. This is a short programming challenge which is open to all programmers, and will have beginner level algorithmic problems to solve.

The May Easy Challenge is live on HackerEarth. This is a short 2 hour contest on 1st May. There will be 4 algorithmic problems to solve. The first one to solve all the problems correctly will be adjudged the winner.

The problem setter for this challenge is: Akash Agrawall
The problem tester and editorialist for this challenge is: Pankaj Jindal

The top 3 beginners (verified) will receive HackerEarth Tshirts.

Register for the May Easy Challenge right now – http://hck.re/6CCvZ5

Submission + - White House Outsources K-12 CS Education to Infosys Charity 1

Submitted by theodp
theodp writes: In December, the White House praised the leadership of Code.org for their efforts to get more computer science into K-12 schools, which were bankrolled by $20 million in philanthropic contributions from the likes of Google, Microsoft, Bill Gates, Steve Ballmer, and Mark Zuckerberg. On Monday, it was announced that Infosys Foundation USA will be partnering with Code.org to bring CS education to millions of U.S. students. Infosys Foundation USA Chair Vandana Sikk, who joins execs from Microsoft, Google, and Amazon execs on Code.org's Board, is the spouse of Infosys CEO Vishal Sikk. The announcement from the tax-deductible charity comes as India-based Infosys finds itself scrutinized by U.S. Senators over allegations of H-1B visa program abuses.

Submission + - Study Finds Gamers Have Greater Cognitive Function And More Grey Matter (blogspot.com)

Submitted by Lin4
Lin4 writes: Gamers everywhere rejoice! It turns out that gaming prowess is an indication of a better connected brain. This latest conclusion was drawn from research which looked at the cognitive function of Action Video Gamers (AVGs) of different levels of proficiency. For the ‘noobs’ out there, action video games subject the gamer to physical challenges, including hand–eye coordination and reaction-time games. This could be racing or fighting for example.
There’s already an abundance of evidence that shows that expert AVG players (gamers who are regional or national champions at AVG competitions) have superior cognitive ability to amateurs. This lead the research team, led by Dezhong Yao, to investigate the brains of expert and amateur gamers to see if they could continue to differentiate the differences between them.

Submission + - Know what data says about you ... (aboutthedata.com)

Submitted by swell
swell writes: A major data aggregator offers their view of the benefits to each of us who are tracked, logged and documented widely. Acxiom has created a friendly site that explains everything in a non-technical way. Visitors are invited to see and edit the information that Acxiom has about them. Slashdotters will howl with derision upon reading this, but it is possible that some thoughtful voices will come forth.

from the site:
"Make Data Work for You -
Know what data says about you and how it is used.

Ever wonder what kind of information determines the ads you see or the offers you receive? Youâ(TM)ve come to the right place. About The Data brings you answers to questions about the data that fuels marketing and helps ensure you see offers on things that mean the most to you and your family."

Comment a new dystopia (Score 4, Insightful) 83

by swell (#49578885) Attached to: Uber Testing Massive Merchant Delivery Service

We all know the dystopia of 1984 in which humans were dehumanized by their own actions; and the Terminator movies where smart machines set out to kill us like cockroaches. The Matrix reduced humans into sleeping energy generators. Uber has advanced a new method of dehumanizing us by sending us on chores to serve a superintelligence (OK, just a central computer now, more or less managed by humans- but are those humans necessary?).

We do have a similar concept in Taskrabbit and the Amazon Mechanical Turk in which humans do tiny chores in response to requests delivered by their devices. Uber seems ready to take this concept worldwide at a grand scale. People will be scurrying about like ants, rushing from one chore to another in a frenzy of blind busy-ness.

And you, mister smarty pants programmer, you think you're off the hook? You'll be lucky to find work writing snippets of code that will be inserted into some diabolical software that doesn't even have a name.

Is this the beginning of a world where nobody has a job, a health insurance plan, a steady income; but instead performs chores when they can be found? Will we compete against each other to do menial tasks? Will we be graded like schoolchildren for our skills, timeliness, reliability? Will future humans be the cooperative slaves of a central computer?

Comment annoying Ireland (Score 1) 114

... like the flea with ambitions to rape the elephant ...

Ireland is small. Roughly the size & population of the American state of Maryland. Everyone knows that Maryland is one of the least significant places in the US much less the world. Yet Ireland thinks it can control the internet and how people use it. Even the entire USA can't do that. Silly Ireland. (Sorry to include you in this, Maryland. You're not really a total loser.)

Comment don't fear AI, it doesn't give a shit about you (Score 1) 197

by swell (#49525593) Attached to: Concerns of an Artificial Intelligence Pioneer

First, Stuart Russell is way ahead of our time. We're nowhere near artificial intelligence of any concern. When it does happen, as it must, we may be concerned. But there is an outcome that must be considered.

If the AI is beyond our ken, It will supersede us. Here is the critical question: is that a problem?

How will we feel if we are displaced on this small blue planet by Artificial Intelligence? We may be retained as maintenance bots or caretakers of the new ecosystem. Our place will be drastically reduced in effectiveness and prestige. We will have to prove our usefulness if the AI are to retain us in their plans for the future.

In the end, we and the theoretical AI are here to serve intelligence. To explore and understand. If they do it better than us, who are we to complain? Understanding must happen. We have always thought of ourselves as the center of the universe; at this point we have to work hard to tag along as AI explores the universe.

Don't we want that? Don't we want a lasting understanding that will survive our short life spans and acquire knowledge that will outlast our planet and solar system and penetrate the galaxy and the universe itself? Don't we want to share with other intelligences that which we've worked so hard to discover? Who cares if the carbon based life forms do that, or if it is an AI?

Intelligence is the pinnacle of value in the universe. Ours is pathetic (as a race). We still believe in magical beings and hope for miracles. Pure intelligence doesn't allow for miracles and will be realized by machines. Let's hope that humans can overcome the tendency to believe in magic and accept that science is the best mode of understanding. Then perhaps we can join with AI in exploring the universe as rational partners.

Comment best wishes ! (Score 1) 276

by swell (#49501549) Attached to: Ask Slashdot: What Features Would You Like In a Search Engine?

It wouldn't respond to my request. I had to allow a jquery script. Then it searched but couldn't find 'Benghazi'.

Things have been lost from search. Alta Vista allowed search for 'word1' NEAR 'word2', which proved very useful. Google used to give information about its finds such as date, size, ('cached' is still there, but hidden) and some things so long abandoned that I can't remember them. You know why date is important; size is also important because a very large page containing your terms is probably clickbait. A great sadness for me is that Wolfram Alpha is so wrapped up in fancy scripts that I've never been able to use it with my fairly secure Firefox (oh, it's better today).

Accurate reporting would be nice. I'm looking at a Google result that claims it found "About 54,100 results (0.46 seconds)" when actually there were only 245 unique results.

Location would be nice (maybe a flag icon from that country). An opportunity to vote the relevance of a result up or down and maybe indicate something inappropriate. Wildcards would be incredible. Apple's Spotlight search engine can now search the internet as well as local files- maybe your engine could take advantage of some sinister simpatico surreal symbiosis.

We need a fresh approach after a long period of stagnation. Who knows what clever innovation has been missed?

Submission + - Duo Security iOS App Vulnerability

Submitted by dajjhman
dajjhman writes: Duo Security put out a PSA today informing users that their iOS application has not been checking the validity of SSL certificate domain names.
For those unfamiliar, Duo Security provides a 2 factor authentication system known for its implementation of push notifications to approve login requests. It is found in numerous applications, ranging from personal use to large enterprises
The vulnerability, identified as DUO-PSA-2015-002, allows attackers to use a Man in the Middle attack to see all of the network data. This was caused by a bug in a 3rd party library they used, and the announcement came along with an update to the App Store.
Duo says that due to the nature of their client-server communications, there was little risk an attacker could activate a push request as there is a client key. The PSA has not been posted to their blog at the time of this writing, but it is reproduced below.
The advisory is signed with the Duo Security PSIRT security@duosecurity.com PGP key which is available from their security contact page.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Duo Product Security Advisory
=============================

Advisory ID: DUO-PSA-2015-002
Publication Date: 2015-04-06
Revision Date: 2015-04-13
Status: Fixed
Document Revision: 2

Overview
========

Duo Security has identified an issue in recent versions of Duo Mobile for iOS that could allow attackers to perform a successful Man-in-the-Middle (MITM) attack against the app's TLS connections, if they can otherwise manipulate the network traffic exchanged between the mobile app and Duo's cloud service.

This issue has been fixed in Duo Mobile 3.7.1; all iOS users should update as soon as possible.

Description
===========

On the iOS platform, Duo Mobile leverages AFNetworking — a widely-used third-party HTTP client library — to communicate with Duo's cloud service. Recently, it was determined that AFNetworking did not validate digital certificates against server hostnames by default. As a result, Duo Mobile would e.g. consider a digital certificate for "www.example.com" as valid for "api-XXXXXXXX.duosecurity.com" when establishing a TLS tunnel.

This behavior makes it possible for an attacker to perform a successful Man-in-the-Middle (MITM) attack against TLS connections from affected versions of Duo Mobile, if he can otherwise manipulate the network traffic exchanged between the mobile app and Duo's cloud service. This might be a risk, for example, when using Duo Mobile while connected to untrusted wi-fi networks.

However, in addition to TLS, Duo Mobile uses application-level signatures to ensure the integrity and authenticity of requests sent from Duo Mobile to Duo's service. Becauses of this mechanism, a MITM attack would still not generally allow an attacker to e.g. approve a fraudulent Duo Push authentication request.

Note: A different vulnerability was introduced into AFNetworking in version 2.5.1, and recently gained widespread attention (http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html). Duo Mobile currently uses AFNetworking version 2.3.1, and was therefore not affected by that particular vulnerability. This is a separate — if very similar — issue.

Impact
======

An attacker can perform a successful Man-in-the-Middle (MITM) attack against Duo Mobile's TLS connections if he can otherwise manipulate the network traffic exchanged between the mobile app and Duo's cloud service. Duo's application-level signing mechanism still generally prevents the attacker from e.g. approving fraudulent Duo Push authentication requests. However, there are some limitations to this technique:

* Duo Mobile cannot use application-level signatures when setting up a new account, because — at this point — the app has not yet negotiated a key-pair with Duo's service. If an attacker intercepted traffic from Duo Mobile during this process, he could gain the ability to generate valid one-time passcodes and exert full control over subsequent Duo Push authentication requests intended for the targeted device.

* Requests from Duo Mobile to Duo's service have application-level signatures, but responses from the service do not. It may therefore be feasible for an attacker to manipulate details of a fraudulent authentication request such that it appears legitimate, thereby tricking a user into approving it.

Affected Product(s)
===================

* Duo Mobile for iOS, versions 3.4 — 3.7

Solution
========

Duo Mobile 3.7.1 was published to the iTunes App Store on April 6, 2015. This version ensures that certificate domain-name validation is performed for all TLS connections.

Users should upgrade to this version immediately to prevent the issues described above. Note that administrators can audit their users' Duo Mobile app versions in the "phones" section of the Duo administrative interface.

As noted above, there is a small risk that users' Duo Mobile credentials could be compromised, if an attacker captured network traffic from Duo Mobile during account setup. After users have upgraded, administrators may choose to forcibly invalidate any existing credentials by re-activating users' Duo Mobile accounts in the administrative interface.

Vulnerability Metrics
=====================

Vulnerability Class: Improper Certificate Validation (CWE-295)
Remotely Exploitable: Yes
Authentication Required: No
Severity: High
CVSSv2 Overall Score: 5.8
CVSSv2 Group Scores: Base: 6.8, Temporal: 5.9, Environmental: 5.8
CVSSv2 Vector: (AV:A/AC:L/Au:N/C:C/I:P/A:N/E:H/RL:OF/RC:C/CDP:MH/TD:M/CR:M/IR:H/AR:M)

References
==========

* CWE-295: Improper Certificate Validation — https://cwe.mitre.org/data/def...
* AFNetworking issue #2619 — https://github.com/AFNetworkin...
* Heartbleed Defense-in-Depth Part #2: Don't Trust SSL — https://www.duosecurity.com/bl...

Timeline
========

2015-04-02
* Engineers at Duo internally discover that Duo Mobile for iOS does not correctly validate server certificates.
* Duo develops a fix and submits an updated Duo Mobile 3.7.1 to the iTunes App Store.

2015-04-03
* Duo Mobile for iOS version 3.7.1 is approved by Apple

2015-04-06
* Duo completes testing on Duo Mobile for iOS 3.7.1 and releases it to end users.
* Duo drafts advisory and shares it with affected Enterprise and Business customers.

2015-04-13
* Duo updates advisory and shares it with all remaining customers.

Credits/Contact
===============

Technical questions regarding this issue should be sent to support@duosecurity.com and reference "DUO-PSA-2015-002" in the subject.

Other feedback regarding this issue can be sent to security@duosecurity.com.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJVJD/IAAoJEEcOFkS+z+1x0q4QAIsyyybXIUV5/kui63aSzPrY
AT1GcSK0WGQzaH2T8gSBwMZl7QUPBJQERLm65F7hFXzDgzbFUrb9rnMvMPOdqYFK
mc0EIfwsoWH8M02JfHZvS476Yi56MAvY+DEOtVI/z23481ScT+fK5AyHvAyjfb2M
NFJJGjTfF6JOTdufY3D22RpCbpK68ITL8wVS+eCC9CR2xf6MlgITBRqdzyo3Qc34
1nRxnRc7xqPnkjSrtcT/lf8D5Q7j/yNv0qryRokY9neYxrogLXqqIkP/JhdhzFvH
DN8TPOMrRDfEPCdUDAdWBaGY0+gpVBIV+2gBzG+8/d+fEh5inTiEkBmjE11M722W
X3JGorP7DJ9TNoQM+TP1Y/r7khr/X5trk/X6RDeDKVLEaCx9KPTr7tSzy83/F2MI
c+kUwEsnrhxNPuLGWb38Exb0DQ7SmQJ6xvTx6EFcBcQDssDvfKPc6tIADSvMqw3t
ZxXkcqXJncq+M6Cvyxm+A6kb0FBcUAbmdyL6lhBhUTIimhg+i4QLBqkO42RaHogn
nY9WQhVZYAKCdGXcteSlez/2HFtE9+OoP23NK1UK+OoHJjCVg/qBKuBwyzY1JA2y
lBz1VGdWIVNqD3bEdHNLSnSa0hqXJ/mLgffogK/hj4COSI0f5CZaiSaZwCgpMPC+
kP6aGmqdITXzdgag6VHy
=16Yr
-----END PGP SIGNATURE-----

Submission + - Republicans introduce a bill to overturn net neutrality

Submitted by grimmjeeper
grimmjeeper writes:

A group of Republican lawmakers has introduced a bill that would invalidate the U.S. Federal Communications Commission’s recently passed net neutrality rules. The legislation, introduced by Representative Doug Collins, a Georgia Republican, is called a resolution of disapproval, a move that allows Congress to review new federal regulations from government agencies, using an expedited legislative process.

This move should come as little surprise to anyone. While the main battle in getting net neutrality has been won, the war is far from over.

Submission + - Little Languages For Compiling to JavaScript

Submitted by snydeq
snydeq writes: InfoWorld's Peter Wayner provides an overview of little languages that help you compile your code to JavaScript with surprising ease and few compromises. From Opal to Shen to PyPy, these tools enable developers to bring code written in everything from Ruby to Erlang and beyond to the Web. 'There are plenty of rationalizations that make the idea more palatable. First, JavaScript engines run much, much faster than they did in the past. Second, crafting a Web UI has never been easier, thanks to frameworks and ample HTML/CSS design talent. Third, JavaScript is becoming a bit of a lingua franca. If you can convert all of these languages to JavaScript, and the list is surprisingly long, you can also link them all together.'

Submission + - Congress Introduces the Fair Play Fair Pay Act of 2015 (house.gov)

Submitted by Major Blud
Major Blud writes: Congressman Jerrold Nadler (D-NY) and Marsha Blackburn (R-TN) introduced the Fair Play Fair Pay Act today that would end regulations that don't require terrestrial radio stations to pay royalties to artists and labels. Currently, AM/FM radio stations aren't required to pay royalties to publishers and songwriters. The proposed measure requires stations that earn less than $1 million a year in revenue to pay $500 annually. For nonprofit public, college and other non-commercial broadcasters, the fee would be $100 per year — religious and talk stations being exempt from any payments. Larger radio companies like iHeartMedia (858 stations in the US) would have to pay more.

"The current system is antiquated and broken. It pits technologies against each other, and allows certain services to get away with paying little or nothing to artists. For decades, AM/FM radio has used whatever music it wants without paying a cent to the musicians, vocalists, and labels that created it. Satellite radio has paid below market royalties for the music it uses, growing into a multibillion dollar business on the back of an illogical ‘grandfathered’ royalty standard that is now almost two decades old,” said Congressman Nadler.

Submission + - Acetaminophen reduces both pain and pleasure, study finds (scienceblog.com)

Submitted by Anonymous Coward
An anonymous reader writes: Researchers studying the commonly used pain reliever acetaminophen found it has a previously unknown side effect: It blunts positive emotions. Acetaminophen, the main ingredient in the over-the-counter pain reliever Tylenol, has been in use for more than 70 years in the United States, but this is the first time that this side effect has been documented.

Slashdot Top Deals

Remember, UNIX spelled backwards is XINU. -- Mt.

Close