Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

+ - SourceForge MITM Projects->

Submitted by lister king of smeg
lister king of smeg writes: What happened?

SourceForge, once a trustworthy source code hosting site, started to place misleading ads (like fake download buttons) a few years ago. They are also bundling third-party adware/malware directly with their Windows installer.

Some project managers decided to leave SourceForge – partly because of this, partly just because there are better options today. SF staff hijacked some of these abandoned accounts, partly to bundle the crapware with their installers. It has become just another sleazy garbage site with downloads of fake antivirus programs and such.

How can I help?

If you agree that SourceForge is in fact distributing malicious software under the guise of open source projects, report them to google. Ideally this will help remove them from search results, prevent others from suffering their malware and provide them with incentive to change their behavior.

As this story has been submitted several times in the past several days, by various submitter and is going around various other tech forums( , , ,) this submitter wonders has our shared "glorious Dice Corporate overloads" been shooting this story down?
Link to Original Source

+ - SourceForge assumes ownership of GIMP For Win, wraps installer in adware->

Submitted by Anonymous Coward
An anonymous reader writes: It appears that SourceForge is assuming control of all projects that appear "abandoned." In a blog update on their site, they responded saying in part "There has recently been some report that the GIMP-Win project on SourceForge has been hijacked; this project was actually abandoned over 18 months ago, and SourceForge has stepped-in to keep this project current. "

SourceForge is now offering "to establish a program to enable users and developers to help us remove misleading and confusing ads."

Link to Original Source

+ - Ways to travel faster than light without violating relativity

Submitted by StartsWithABang
StartsWithABang writes: It’s one of the cardinal laws of physics and the underlying principle of Einstein’s relativity itself: the fact that there’s a universal speed limit to the motion of anything through space and time, the speed of light, or c. Light itself will always move at this speed (as well as certain other phenomena, like the force of gravity), while anything with mass — like all known particles of matter and antimatter — will always move slower than that. But if you want something to travel faster-than-light, you aren’t, as you might think, relegated to the realm of science fiction. There are real, physical phenomena that do exactly this, and yet are perfectly consistent with relativity.

Comment: Netcraft confirmed! (Score 2, Funny) 236

by sinij (#49787933) Attached to: In a 5-star rating scheme, the new Mad Max film ...
It is now official. Netcraft has confirmed: /. is dead

One more crippling bombshell hit the already beleaguered /. community when polls start showing as articles. /. market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that /. has lost more market share, this news serves to reinforce what we've known all along. /. is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent comprehensive test.

+ - Insurer denies healthcare breach claim citing lack of minimum required practices->

Submitted by chicksdaddy
chicksdaddy writes: In what may become a trend, an insurance company is denying a claim from a California healthcare provider following the leak of data on more than 32,000 patients. The insurer, Columbia Casualty, charges that Cottage Health System did an inadequate job of protecting patient data.

In a complaint filed in U.S. District Court in California, Columbia alleges that the breach occurred because Cottage and a third party vendor, INSYNC Computer Solution, Inc. failed to follow “minimum required practices,” as spelled out in the policy. Among other things, Cottage “stored medical records on a system that was fully accessible to the internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who ‘surfed’ the Internet,” the complaint alleges.

Disputes like this may become more common, as insurers anxious to get into a cyber insurance market that's growing by about 40% annually use liberally written exclusions to hedge against 'known unknowns' like lax IT practices, pre-existing conditions (like compromises) and so on. (

Link to Original Source

+ - Code Injection: A New Low for ISPs

Submitted by snydeq
snydeq writes: Beyond underhanded, Comcast and other carriers are inserting their own ads and notifications into their customers’ data streams, writes The Deep End's Paul Venezia. 'Comcast and other ISPs “experimenting” with data caps inject JavaScript code into their customers’ data streams in order to display overlays on Web pages that inform them of data cap thresholds. They’ll even display notices that your cable modem may be eligible for replacement. And you can't opt out,' Venezia writes. 'Think about it for a second: Your cable provider is monitoring your traffic and injecting its own code wherever it likes. This is not only obtrusive, but can cause significant problems with normal Web application function. It’s abhorrent on its face, but that hasn’t stopped companies from developing and deploying code to do it.'

+ - Can Bad Scientific Practice Be Fixed? 3

Submitted by writes: Richard Horton writes in that a recent symposium on the reproducibility and reliability of biomedical research discussed one of the most sensitive issues in science today: the idea that something has gone fundamentally wrong with science (PDF), one of our greatest human creations. The case against science is straightforward: much of the scientific literature, perhaps half, may simply be untrue. Afflicted by studies with small sample sizes, tiny effects, invalid exploratory analyses, and flagrant conflicts of interest, together with an obsession for pursuing fashionable trends of dubious importance, science has taken a turn towards darkness. According to Horton, editor-in-chief of The Lancet, a United Kingdom-based medical journal, the apparent endemicity of bad research behaviour is alarming. In their quest for telling a compelling story, scientists too often sculpt data to fit their preferred theory of the world or retrofit hypotheses to fit their data.

Can bad scientific practices be fixed? Part of the problem is that no-one is incentivized to be right. Instead, scientists are incentivized to be productive and innovative. Tony Weidberg says that the particle physics community now invests great effort into intensive checking and rechecking of data prior to publication following several high-profile errors,. By filtering results through independent working groups, physicists are encouraged to criticize. Good criticism is rewarded. The goal is a reliable result, and the incentives for scientists are aligned around this goal. "The good news is that science is beginning to take some of its worst failings very seriously," says Horton. "The bad news is that nobody is ready to take the first step to clean up the system."

Comment: InfoSec implications of AI (Score 1) 413

by sinij (#49765849) Attached to: What AI Experts Think About the Existential Risk of AI
I am Information Security practitioner and not an expert in this field, because nobody is. My experiences is that nobody knows what they are doing, most information systems are not secure in mistaken belief that nobody would bother breaking them, others are just secure enough to deter low-knowledge attacks. Almost everyone practices what is known proportional value deterrent, but treat high-value systems as truly isolated when so many side-channels exist.

If malicious AI ever shows up, we are screwed. We have zero hope of securing any information system from it. The only hope is that it won't end us because there is a good chance that a lot of hardware that AI might need will go dark.

Comment: Isowhat? (Score 4, Informative) 95

I had to read TFA to figure out what isostatic is.

"Bizarrely enough, if we wanted to reach the Earth’s mantle, our best bet would be to dive down to the ocean floor and dig there; we’d “only” have to go through maybe 3 km of crust, as opposed to upwards of 25 km atop the Himalayas. This concept is known as isostatic compensation, and was actually uncovered by the famed British astronomer George Airy."

Comment: Sate business (Score 2, Informative) 288

In Russia, there is no such thing as independent large corporation, there are only nominally privately owned, and formally state owned corporations. While Kaspersky does some good work, they should be treated the same way as NIST is in USA, with a primary mission to protect and advance state interest.

Comment: Re:You're dying off (Score 3, Insightful) 287

by sinij (#49717413) Attached to: The Auto Industry May Mimic the 1980s PC Industry
Both views are simplifications. What you should be asking is as following, as people under 25 as they get older, still care about pointless shiny in their cars?

When I was under 25 I made some very questionable stylistic and functional choices for my auto, now as I got older I grew out of it.

Comment: Primary purpose is to drive (Score 1) 287

by sinij (#49717379) Attached to: The Auto Industry May Mimic the 1980s PC Industry
I still remember how awful early consumer operating systems were. They crashed, they had ridiculous requirements, and bad design. While all of this was unfortunate, the improvements were to the primary purpose of these systems.

For cars, the awfulness of digital platform is for secondary purposes - these systems do not improve how the car drives, yet implications for your safety when something goes wrong are much higher.

Your good nature will bring unbounded happiness.