Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - Researchers create Mac "firmworm" that spreads via Thunderbolt Ethernet adapters

BIOS4breakfast writes: Wired reports that later this week at BlackHat and Defcon, Trammel Hudson will show the Thunderstrike 2 update to his Thunderstrike attack on Mac firmware (previously covered on Slashdot). Trammel teamed up with Xeno Kovah and Corey Kallenberg from LegbaCore, who have previously shown numerous exploits for PC firmware. They found that multiple vulnerabilities that were already publicly disclosed were still present in Mac firmware. This allows a remote attacker to break into the Mac over the network, and infect its firmware. The infected firmware can then infect Apple Thunderbolt to Ethernet adapters' PCI Option ROM. And then those adapters can infect the firmware of any Mac they are plugged into — hence creating the self-propagating Thunderstrike 2 "firmworm". Unlike worms like Stuxnet, it never exists on the filesystem, it only ever lives in firmware (which no one ever checks.) A video showing the proof of concept attack is posted here.

Submission + - CollegeBoard: Analyses of CS Study Benefits Shouldn't be Interpreted as Causal

theodp writes: Code.org, backed by some of tech's wealthiest individuals and their companies, is this close to getting computer science declared a 'core subject' in K-12 public schools. So, when the non-profit recently asked CollegeBoard for more evidence that learning computer science is linked to improved learning in other subjects, it must have been disheartened by the study results. "The purpose of this brief note," wrote the CollegeBoard, "is to document some exploratory analyses linking participation in AP Computer Science to subsequent performance in SAT Mathematics and AP Calculus and Statistics. None of these analyses should be interpreted as causal. Although there appears to be a relationship between AP CS participation and subsequent outcomes, it is highly likely that this is the result of one or more omitted and confounding characteristics of students that are not able to be controlled for given this research design."

Submission + - Could the Slashdot community take control of Slashdot? 10 10

turp182 writes: This is intended to be an idea generation story for how the community itself could purchase and then control Slashdot. If this happened I believe a lot of former users would at least come and take a look, and some of them would participate again.

This is not about improving the site, only about aquiring the site.

First, here's what we know:
1. DHI (Dice) paid $20 million for Slashdot, SourceForce, and Freecode, purchased from Geeknet back in 2012:
    http://techcrunch.com/2012/09/...
2. Slashdot has an Alexa Global Rank of 1,689, obtaining actual traffic numbers require money to see:
    http://www.alexa.com/siteinfo/...
3. According to Quantcast, Slashdot has over 250,000 unique monthly views:
    https://www.quantcast.com/slas...
4. Per an Arstechnia article, Slashdot Media (Slashdot and Sourceforge) had 2015Q2 revenues of $1.7 million and have expected full year revenues of $15-$16 million (which doesn't make sense given the quarterly number):
    http://arstechnica.com/informa...

Next, things we don't know:
0. Is Slashdot viable without a corporate owner? (the only question that matters)
1. What would DHI (Dice) sell Slashdot for? Would they split it from Sourceforge?
2. What are the hosting and equipment costs?
3. What are the personnel costs (editors, advertising saleforce, etc.)?
4. What other expenses does the site incur (legal for example)?
5. What is Slashdot's portion of the revenue of Slashdot Media?

These questions would need to be answered in order to valuate the site. Getting that info and performing the valuation would require expensive professional services.

What are possible ways we could proceed?

In my opinion, a non-profit organization would be the best route.

Finally, the hard part: Funding. Here are some ideas.

1. Benefactor(s) — It would be very nice to have people with some wealth that could help.
2. Crowdfunding/Kickstarter — I would contribute to such an effort I think a lot of Slashdotters would contribute. I think this would need to be a part of the funding rather than all of it.
3. Grants and Corporate Donations — Slashdot has a wide and varied membership and audience. We regularly see post from people that work at Google, Apple, and Microsoft. And at universities. We are developers (like me), scientists, experts, and also ordinary (also like me). A revived Slashdot could be a corporate cause in the world of tax deductions for companies.
4. ????
5. Profit!

Oh, the last thing: Is this even a relevant conversation?

I can't say. I think timing is the problem, with generating funds and access to financial information (probably won't get this without the funds) being the most critical barriers. Someone will buy the site, we're inside the top 2,000 global sites per info above.

The best solution, I believe, is to find a large corporate "sponsor" willing to help with the initial purchase and to be the recipient of any crowd sourcing funds to help repay them. The key is the site would have to have autonomy as a separate organization. They could have prime advertising space (so we should focus on IBM...) with the goal would be to repay the sponsor in full over time (no interest please?).

The second best is seeking a combination of "legal pledges" from companies/schools/organizations combined with crowdsourcing. This could get access to the necessary financials.

Also problematic, from a time perspective, a group of people would need to be formed to handle organization (managing fundraising/crowdsourcing) and interations with DHI (Dice). All volunteer for sure.

Is this even a relevant conversation? I say it is, I actually love Slashdot; it offers fun, entertaining, and enlightning conversation (I browse above the sewer), and I find the article selection interesting (this gyrates, but I still check a lot).

And to finish, the most critical question: Is Slashdot financially viable as an independent organization?

Submission + - H1B Records Being Destroyed by Feds

Foofoobar writes: On the tail of 100,000 layoffs by IBM, the Feds are deleting all long term electronic records associated with the H1B program. No reason was given and this would never have been noticed until the Labor Dept posted a note saying those records were no longer available. This directly inhibits ANY research on companies using these. What is the government trying to hide?
Input Devices

Equatorial Mounts For Budget Astrophotography? 85 85

Timoris writes "With the Perseids approaching rapidly, I am looking for a good beginner's motorized equatorial mount for astrophotography. I have seen a few for $150 to $200, but apparently the motor vibrations make for poor photographs. Orion makes good mounts, but are out of my price range ($350) and the motor is sold separately, adding to the price half over again. Does anyone have any good experience with any low- or mid-priced mounts?"

Old mail has arrived.

Working...