Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

+ - GM Embeds Teen Tracking App in New Malibu ->

Lucas123 writes: GM announced 2016 models of the Chevy Malibu will offer a Teen Driver tracking application that will monitor everything from driving speed to the number of times the anti-lock braking mechanism was used while their kids were in the car. Upon return, a parent can bring up a "report card" on the head unit screen and see the top speed, stability control events, antilock brake events, forward collision alerts, among other things. The new feature can be enabled on Chevy's MyLink in-vehicle infotainment (IVI) system and can be accessed via a password by parents. The Teen Driver alert system will not only monitor activity, but also alert and restrict certain activities, such as driving without a seat belt — try it and the music system will be muted. The Teen Driver system also gives audible and visual warnings when the vehicle is traveling faster than speeds preset by a parent.
Link to Original Source

+ - Paradoxical Crystal Baffles Physicists->

An anonymous reader writes: In a deceptively drab black crystal, physicists have stumbled upon a baffling behavior, one that appears to blur the line between the properties of metals, in which electrons flow freely, and those of insulators, in which electrons are effectively stuck in place. The crystal exhibits hallmarks of both simultaneously.

“This is a big shock,” said Suchitra Sebastian, a condensed matter physicist at the University of Cambridge whose findings appeared today in an advance online edition of the journal Science. Insulators and metals are essentially opposites, she said. “But somehow, it’s a material that’s both. It’s contrary to everything that we know.”

Link to Original Source
Security

Angler Exploit Kit Evasion Techniques Keep Cryptowall Thriving 2 2

msm1267 writes: Since the Angler Exploit Kit began pushing the latest version of Cryptowall ransomware, the kit has gone to great lengths to evade detection from IDS and other security technologies. The latest tactic is an almost-daily change to URL patterns used by the kit in HTTP GET requests for the Angler landing page, requests for a Flash exploit, and requests for the Cryptowall 3.0 payload. Traffic patterns as of yesterday are almost unrecognizable compared to those of as recent as three weeks ago.

+ - Porn Time Shoots Past 1M Downloads, Shows Interest In Oculus Rift

An anonymous reader writes: Porn Time has hit a new milestone: 1 million downloads. The app launched on June 7 for Windows, Mac, and Linux, and for Android on June 18. Today’s announcement comes on July 2, meaning Porn Time has hit the seven-digit mark in less than a month. As its name implies, Porn Time is the naughty version of Popcorn Time, the infamous app for streaming video torrents. It handles pornographic movies for you: Instead of you using a torrent client and a media player, the app takes care ofgrabbing the torrent file, downloading the content, and the playback all in one.

+ - Rocket Labs picks New Zealand for its launch site

schwit1 writes: The small sat rocket company Rocket Labs has chosen a location in New Zealand as its future launch site.

Rocket Lab's all-black Electron booster offers launch for less than $5 million. The company, whose investors include Lockheed Martin, is targeting clients such as university programs and small start-ups, Beck said, and it already has 30 potential clients.

The company didn't specify how much it was investing in the site, which is due to be completed in the fourth quarter. New Zealand, which has been used in the past by the National Aeronautical and Space Administration, is considered a prime location because rockets launched from that deep in the Southern hemisphere can reach a wide range of Earth orbits. Rocket Lab's remote site on the Kaitorete Spit in the Canterbury region also means it has less air and sea traffic, which translates into more frequent launches and economies of scale, the company said. It also will no longer compete for airspace with the U.S. government.

Rocket Labs will have to actually launch something to really make the competition heat up. This announcement, however, illustrates that in the long run, the United States has some significant disadvantages as a spaceport location.

+ - Angler Exploit Kit Evasion Techniques Keep Cryptowall Thriving->

msm1267 writes: Since the Angler Exploit Kit began pushing the latest version of Cryptowall ransomware, the kit has gone to great lengths evade detection from IDS and other security technologies. The latest tactic is an almost-daily change to URL patterns used by the kit in HTTP GET requests for the Angler landing page, requests for a Flash exploit, and requests for the Cryptowall 3.0 payload. Traffic patterns as of yesterday are almost unrecognizable compared to those of as recent as three weeks ago.
Link to Original Source
Security

Ask Slashdot: Dealing With Passwords Transmitted As Cleartext? 88 88

An anonymous reader writes: My brother recently requested a transcript from his university and was given the option to receive the transcript electronically. When he had problems accessing the document, he called me in to help. What I found was that the transcript company had sent an e-mail with a URL (not a link) to where the document was located. What surprised me was that a second e-mail was also sent containing the password (in cleartext) to access the document.

Not too long ago I had a similar experience when applying for a job online (ironically for an entry-level IT position). I was required to setup an account with a password and an associated e-mail address. While filling out the application, I paused the process to get some information I didn't have on hand and received an e-mail from the company that said I could continue the process by logging on with my account name and password, both shown in cleartext in the message.

In my brother's case, it was an auto-generated password but still problematic. In my case, it showed that the company was storing my account information in cleartext to be able to e-mail it back to me. Needless to say, I e-mailed the head of their IT department explaining why this was unacceptable.

My questions are: How frequently have people run into companies sending sensitive information (like passwords) in cleartext via e-mail? and What would you do if this type of situation happened to you?

+ - Introducing s2n, a New Open Source TLS Implementation->

Pigskin-Referee writes: At Amazon Web Services, strong encryption is one of our standard features, and an integral aspect of that is the TLS (previously called SSL) encryption protocol. TLS is used with every AWS API and is also available directly to customers of many AWS services including Elastic Load Balancing (ELB), AWS Elastic Beanstalk, Amazon CloudFront, Amazon S3, Amazon RDS, and Amazon SES.

The last 18 months or so has been an eventful time for the TLS protocol. Impressive cryptography analysis highlighted flaws in several TLS algorithms that are more serious than previously thought, and security research revealed issues in several software implementations of TLS. Overall, these developments are positive and improve security, but for many they have also led to time-consuming operational events, such as software upgrades and certificate rotations.

Part of the challenge is that the TLS protocol, including all of its optional extensions, has become very complex. OpenSSL, the de facto reference implementation, contains more than 500,000 lines of code with at least 70,000 of those involved in processing TLS. Naturally with each line of code there is a risk of error, but this large size also presents challenges for code audits, security reviews, performance, and efficiency.

In order to simplify our TLS implementation and as part of our support for strong encryption for everyone, we are pleased to announce availability of a new Open Source implementation of the TLS protocol: s2n. s2n is a library that has been designed to be small, fast, with simplicity as a priority. s2n avoids implementing rarely used options and extensions, and today is just more than 6,000 lines of code. As a result of this, we’ve found that it is easier to review s2n; we have already completed three external security evaluations and penetration tests on s2n, a practice we will be continuing.

Over the coming months, we will begin integrating s2n into several AWS services. TLS is a standardized protocol and s2n already implements the functionality that we use, so this won’t require any changes in your own applications and everything will remain interoperable.

If you are interested in using or contributing to s2n, the source code, documentation, commits and enhancements are all publically available under the terms of the Apache Software License 2.0 from the s2n GitHub repository.

s2n isn’t intended as a replacement for OpenSSL, which we remain committed to supporting through our involvement in the Linux Foundation’s Core Infrastructure Initiative. OpenSSL provides two main libraries: “libssl”, which implements TLS, and “libcrypto,” which is a general-purpose cryptography library. Think of s2n as an analogue of “libssl,” but not “libcrypto.”

Oh and the name? s2n is short for “signal to noise” and is a nod to the almost magical act of encryption—disguising meaningful signals, like your critical data, as seemingly random noise.

Link to Original Source
Transportation

Solar Impulse 2 Breaks Three Records En Route To Hawaii 22 22

Zothecula writes: Solar Impulse 2 has started smashing records even before the longest leg of its round-the-world flight is complete. At around three quarters of the way to its next touch down in Hawaii, the single-pilot aircraft has broken the world records for longest distance and duration for solar aviation, with the record for longest ever solo flight of any kind thrown in for good measure.

+ - UK government illegally spied on Amnesty International->

Mark Wilson writes: A court has revealed that the UK intelligence agency, GCHQ, illegally spied on human rights organization Amnesty International. It is an allegation that the agency had previously denied, but an email from the Investigatory Powers Tribunal backtracked on a judgement made in June which said no such spying had taken place.

The email was sent to Amnesty International yesterday, and while it conceded that the organization was indeed the subject of surveillance, no explanation has been offered. It is now clear that, for some reason, communications by Amnesty International were illegally intercepted, stored, and examined. What is not clear is when the spying happened, what data was collected and, more importantly, why it happened.

Link to Original Source

+ - Can New Chicago Taxes on Netflix, Apple, Spotify Withstand Legal Challenges?->

Mr D from 63 writes: In a tax ruling issued in early June, the city of Chicago expanded its amusement tax to include amusements such as TV shows, movies, videos, music and online games, if they are delivered by electronic means to customers in the city. The ruling became effective July 1.

The initial tax rate is 9% on streaming content. Sales of movies and music and the rest is not taxable, and the tax must be paid whether a customer is paying a subscription charge, a per event fee or some other variation. Chicago expects to collect $12 million a year as a result of the new tax ruling.

Amusement Tax Ruling;

The amusement tax applies to charges paid for the privilege to witness, view or participate in an amusement. This includes not only charges paid for the privilege to witness, view or participate in amusements in person but also charges paid for the privilege to witness, view or participate in amusements that are delivered electronically. Thus:

        a) charges paid for the privilege of watching electronically delivered television shows, movies or videos are subject to the amusement tax, if the shows, movies or videos are delivered to a patron (i.e., customer) in the City (see paragraph 13 below);

        b) charges paid for the privilege of listening to electronically delivered music are subject to the amusement tax, if the music is delivered to a customer in the City;

        c) and charges paid for the privilege of participating in games, on-line or otherwise, are subject to the amusement tax if the games are delivered to a customer in the City.

Link to Original Source

+ - The Strange Story of the U.S Weather "Supercomputer Police" in China->

An anonymous reader writes: When IBM sent Zaphiris Christidis on an international assignment to China to manage the supercomputing division for climate and environment applications, he would be part of an over 50,000 strong force in China managing weather forecasting and research. While some were part of IBM or other technology vendor teams, it was striking to him how many people in the country were devoted to operational weather forecasting, not to mention how complex each of the regional centers that radiated off the main Beijing sites were...
Link to Original Source

+ - Teachers granted power to 'confiscate and destroy' unhealthy lunch->

schwit1 writes: The British government is urging school leaders to use their "common law powers" to search student lunches and potentially confiscate any items they deem "unhealthy or inappropriate."

Education minister Lord Nash tells Express, "Schools have common law powers to search pupils, with their consent, for items." There is nothing to prevent schools from having a policy of inspecting lunch boxes for food items that are prohibited under their school food policies.

"A member of staff may confiscate, keep or destroy such items found as a result of the search if it is reasonable to do so in the circumstances." The government's foray into lunch inspections began when Cherry Tree Primary School in Colchester banned a Peperami sausage snack and scotch eggs from a six-year-old girl's lunch. Manchester's Manley Park Primary School seized cereal bars from lunches, according to the Huffington Post.

Link to Original Source
Programming

Watching People Code Is Becoming an (Even Bigger) Thing 81 81

itwbennett writes: Faithful Slashdot readers may recall the story of Adam Wulf, who spent two weeks live-streaming himself writing a mobile app. The phenomenon has quickly become thing, by which we mean a business. Twitch.TV, Watch People Code (which is an offshoot of the subreddit by the same name), Ludum Dare, and, of course, YouTube, are bursting with live or archived streams of lots of people writing lots of code for lots of different things. And just this week, Y Combinator-backed startup Livecoding.TV launched. The site has signed up 40,000 users since its beta went live in February, but unlike the other sites in this space what it doesn't have (and doesn't have plans for) is advertising. As co-founder Jamie Green told ITworld: 'We have some different ideas around monetisation in the pipeline, but for now we are just focussed on building a community around live education.'

In 1750 Issac Newton became discouraged when he fell up a flight of stairs.

Working...