Follow Slashdot stories on Twitter


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment Re:Be sure they really are cheaper (Score 4, Informative) 192

I second using a site like pcpartspicker. It can help you avoid some petty technical mistakes, like buying an under capacity CPU cooler, or a power supply without enough of the correct connectors and voltages for your cards.

One thing I've noticed about homebuilt rigs is that they are occasionally louder than normal. I think a lot of builders don't think about noise or airflow, and a lot of the cabinetmakers just provide a bunch of fan mounting points but they can't really consider the cooling needs of the particular motherboard and CPU you're dealing with. If noise is important (perhaps you're going to use it as a media PC in a home theater, too) then you can factor that in as well, or consider options like liquid cooling solutions.

Comment Re:Holy crap ... (Score 1) 67

The security difference between chip-and-signature and chip-and-PIN matters in only one case, and that is if your physical card is stolen from your wallet. Skimmers, data breaches, shoulder-surfing, all the hacking attacks won't yield the secret key inside the chip, preventing it from being counterfeited. If you don't like the security of your chip-and-signature card because you're afraid your card might be stolen, ask your bank to issue you a chip-and-PIN card instead. If your bank won't, there are plenty of other banks who will, and who will be grateful for your business.

Visa and the retailers originally figured U.S. customers would prefer chip-and-signature because it makes selling things "easy". But that's a pretty stupid attitude, because lots of people (including you and me) are wary about identity theft. Customers need to complain to their banks so that they learn we'd rather have PINs than signatures.

Overall credit card security will still remain terrible for a long time to come because static mag stripes still exist, and online card-not-present transactions still use static authentication data like CVV2 codes. What really needs to happen to actually improve security is that mag stripes and static numbers like CVV2 need to be flat-out outlawed. The recent "liability shift" is the opening salvo in the conversion, but we're probably still a decade away from actual security.

Comment Re:Works for me (Score 1) 137

Manufacturers have long made custom versions of products for specific store chains, and not just TV sets. Pots and pans, clothing, furniture, most products are available to any store that's willing to pay for them. Some stores (like Walmart) have a specific price point, so the manufacturers produce a model without the chrome-plated knobs, the low contrast screens, and use only the cheapest cloned capacitors and dubious quality power supplies.

There's a lot of marketing power in it, too. Not only do they get to offer big TVs for ridiculously low prices, it's also safe to tout benefits like a "150% price match guarantee", when they have the exclusive contract to sell that exact model.

Comment Re:What's Unusual? (Score 1) 93

This new piece of malware shows sophistication of design, but that's not unheard of. Older malware was often customized by compile time switches and definitions; this just abstracts some of that away.

Many people (i.e. journalists and managers) think of malware authors as pimple-faced script kiddies hacking in their mothers' basements. They think that large, well-designed projects require teams of skilled developers who would only do so for a fat paycheck.

What's happened now is that vulnerabilities are so profitable that the threat landscape is no longer the exclusive domain of the single hacker - criminal gangs want a piece of it. They can afford to pay team salaries to engineer a solution.

And malware authors have learned to avoid the biggest risks of getting caught. In the old days a virus writer would also be the distributor. Modern authors get paid by selling their exploit code, along with customization and support contracts, to gangs of attackers. The attackers take on the risks, the developers collect fat checks. In some cases of vertical attacks (ATM skimmers for example), the "owner" of the malware uses cryptography to encrypt the skimmed data, preventing the low-level attackers from profiting from the stolen data. The profits go to the top first, and the paychecks cascade down (assuming honor among thieves.)

So what's newsworthy here is that they believe this malware to be further evidence of a new breed of well organized criminal software developers.

Submission + - GlassRAT Targets Chinese Nationals, Lurked for 3 Years Undetected (

chicksdaddy writes: RSA researchers issued a report today ( about a remote access trojan (or RAT) program dubbed “GlassRAT” that they are linking to sophisticated and targeted attacks on “Chinese nationals associated with large multinational corporations," The Security Ledger reports. (

Discovered by RSA in February of this year, GlassRAT was first created in 2012 and “appears to have operated, stealthily, for nearly 3 years in some environments,” in part with the help of a legitimate certificate from a prominent Chinese software publisher and signed by Symantec and Verisign, RSA reports.

The software is described as a “simple but capable RAT” that packs reverse shell features that allow attackers to remotely control infected computers as well as transfer files and list active processes. The dropper program associated with the file poses as the Adobe Flash player, and was named “Flash.exe” when it was first detected.

RSA discovered it on the PC of a Chinese national working for a large, U.S. multi-national corporation. RSA had been investigating suspicious network traffic on the enterprise network. RSA says telemetry data and anecdotal reports suggest that GlassRAT may principally be targeting Chinese nationals or other Chinese speakers, in China and elsewhere, since at least early 2013.

RSA said it has discovered links between GlassRAT and earlier malware families including Mirage, Magicfire and PlugX. Those applications have been linked to targeted campaigns against the Philippine military and the Mongolian government. (

Submission + - A Secretive Air Cargo Operation Is Running in Ohio, and Signs Point to Amazon (

citadrianne writes: In 2013, at the height of the holiday season, a surge of last minute Amazon orders and bad weather left many customers without gifts under the tree on Christmas day.

Amazon said the problem was not due to issues with its warehouses or staff, but failures on the part of UPS and other shipping partners. It apologized and reimbursed some customers with $20 gift cards, but the debacle underscored for Amazon the disadvantages of relying on third party shippers for its delivery process.

Since then, Amazon has been increasingly investing in its own alternatives, from contracting additional couriers to rolling out its own trucks in some cities.

The latest rumored venture into Amazon shipping has a name: Aerosmith.

An air cargo operation by that name launched in September of this year in Wilmington, Ohio on a trial basis. The operation is being run by the Ohio-based aviation holding company Air Transport Services Group, or ATSG, out of a state-of-the art facility. It's shipping consumer goods for a mysterious client that many believe to be Amazon.

Submission + - Fake Bomb Detector, Blamed for Hundreds of Deaths, Is Still in Use writes: Murtaza Hussain writes at The Intercept that although it remains in use at sensitive security areas throughout the world, the ADE 651 is a complete fraud and the ADE-651’s manufacturer sold it with the full knowledge that it was useless at detecting explosives. There are no batteries in the unit and it consists of a swivelling aerial mounted to a hinge on a hand-grip. The device contains nothing but the type of anti-theft tag used to prevent stealing in high street stores and critics have likened it to a glorified dowsing rod.

The story of how the ADE 651 came into use involves the 2003 U.S. invasion of Iraq. At the height of the conflict, as the new Iraqi government battled a wave of deadly car bombings, it purchased more than 7,000 ADE 651 units worth tens of millions of dollars in a desperate effort to stop the attacks. Not only did the units not help, the device actually heightened the bloodshed by creating “a false sense of security” that contributed to the deaths of hundreds of Iraqi civilians. A BBC investigation led to a subsequent export ban on the devices.

The device is once again back in the news as it was reportedly used for security screening at hotels in the Egyptian resort city of Sharm el-Sheikh where a Russian airliner that took off from that city’s airport was recently destroyed in a likely bombing attack by the militant Islamic State group. Speaking to The Independent about the hotel screening, the U.K. Foreign Office stated it would “continue to raise concerns” over the use of the ADE 651. James McCormick, the man responsible for the manufacture and sale of the ADE 651, received a 10-year prison sentence for his part in manufacture of the devices, sold to Iraq for $40,000 each. An employee of McCormick who later became a whistleblower said that after becoming concerned and questioning McCormick about the device, McCormick told him the ADE 651 “does exactly what it’s designed to. It makes money.”

Comment Re:Awww (Score 3, Interesting) 93

Because neonicotinoids are among the safest overall pesticides that have ever been developed. They very effectively target insects, but have very minor effects on mammals. The LD50 of Safari is over 2000 mg/kg of body weight in rats. They're rated category III by the EPA, which means 'slightly toxic and/or slightly irritating.'

The big problem is with bees. Neonics are supposedly 150X more lethal to bees than to any other insect genera.

The EU has already banned neonics (possibly because population density is higher and bees may be more shared than in the US); the US is dragging their feet.

Comment Re:Translation : (Score 1) 93

Actually, they've known for several years that minute quantities of neonicotinoids cause bees to 'dance' incorrectly; where the dance no longer correctly directs other bees to their discovery of nectar. The loss of food may be partly responsible for Colony Collapse Disorder. It's not surprising that this would also lead to reduced pollination.

Submission + - Anonymous Reportedly "RickRolling" Isis (

retroworks writes: According to a recent tweet from the #OpParis account, Anonymous are delivering on their threat to hack Isis [slashdot, and are now flooding all pro-Isis hastags with the grandfather of all 2007 memes — Rick Aston's "Never Gonna Give You Up" (1987) music video, aka “Rick Roll” meme. Whenever a targeted Isis account tries to spread a message, the topic will instead be flooded with countless videos of Rick Astley circa 1987.

Not all are praising Anonymous methods, however. While Metro UK reports that the attacks have been successful, finding and shutting down 5,500 Twitter accounts, the article also indicates that professional security agencies have seen sources they monitor shut down. Rick Aston drowns out intelligence as well as recruitment.

Submission + - How Close Are We To a Mission on Mars? (

destinyland writes: "NASA is developing the capabilities needed to send humans to an asteroid by 2025 and Mars in the 2030s," reads the official NASA web site. But National Geographic points out that "the details haven't been announced, in large part because such a massive, long-term spending project would require the unlikely support of several successive U.S. presidents." And yet on November 4th, NASA put out a call for astronaut applications "in anticipation of returning human spaceflight launches to American soil, and in preparation for the agency’s journey to Mars," and they're currently experimenting with growing food in space. And this week they not only ordered the first commercial mission to the International Space Station, but also quietly announced that they've now partnered with 22 private space companies.

Submission + - Tape Disintegration Threatens Historical Records, But Chemistry Can Help (

An anonymous reader writes: Modern storage methods are designed with longevity in mind. But we haven't always had the scientific knowledge or the foresight to do so. From the late 60s to the late 80s, much of the world's cultural history was recorded on magnetic tapes. Several decades on, those tapes are disintegrating, and we're faced with the permanent loss of that data. "The Cultural Heritage Index estimates that there are 46 million magnetic tapes in museums and archives in the U.S. alone—and about 40 percent of them are of unknown quality. (The remaining 60 percent are known to be either already disintegrated or in good enough condition to be played.)" Fortunately, researchers have worked out a method to determine which copies are recoverable. They "combined a laptop-sized infrared spectrometer with an algorithm that uses multivariate statistics to pick up patterns of all the absorption peaks." Here's the abstract from their research paper. "As the tapes go through the breakdown reaction, the chemical changes give off tiny signals in the form of compounds, which can be seen with infrared light—and when the patterns of reactions are analyzed with the model, it can predict which tapes are playable."

Submission + - Ask Slashdot: Is Scrum still relevant? (

An anonymous reader writes: In an article titled "Scrum is dead: breaking down the new open development method," Ahmad Nassri writes:

Among the most "oversold as a cure" methodologies introduced to business development teams today is Scrum, which is one of several agile approaches to software development and introduced as a way to streamline the process. Scrum has become something of an intractable method, complete with its own holy text, the Manifesto for Agile Software Development , and daily devotions (a.k.a., Scrum meetings).

Although Scrum may have made more sense when it was being developed in the early '90s, much has changed over the years. Startups and businesses have work forces spread over many countries and time zones, making sharing offices more difficult for employees. As our workforce world evolves, our software development methods should evolve, too.

What do you think? Is Scrum still a viable approach to software development, or is it time to make way for a different way of doing things?

How many Bavarian Illuminati does it take to screw in a lightbulb? Three: one to screw it in, and one to confuse the issue.