Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: annoying Ireland (Score 1) 110

... like the flea with ambitions to rape the elephant ...

Ireland is small. Roughly the size & population of the American state of Maryland. Everyone knows that Maryland is one of the least significant places in the US much less the world. Yet Ireland thinks it can control the internet and how people use it. Even the entire USA can't do that. Silly Ireland. (Sorry to include you in this, Maryland. You're not really a total loser.)

Comment: don't fear AI, it doesn't give a shit about you (Score 1) 195

by swell (#49525593) Attached to: Concerns of an Artificial Intelligence Pioneer

First, Stuart Russell is way ahead of our time. We're nowhere near artificial intelligence of any concern. When it does happen, as it must, we may be concerned. But there is an outcome that must be considered.

If the AI is beyond our ken, It will supersede us. Here is the critical question: is that a problem?

How will we feel if we are displaced on this small blue planet by Artificial Intelligence? We may be retained as maintenance bots or caretakers of the new ecosystem. Our place will be drastically reduced in effectiveness and prestige. We will have to prove our usefulness if the AI are to retain us in their plans for the future.

In the end, we and the theoretical AI are here to serve intelligence. To explore and understand. If they do it better than us, who are we to complain? Understanding must happen. We have always thought of ourselves as the center of the universe; at this point we have to work hard to tag along as AI explores the universe.

Don't we want that? Don't we want a lasting understanding that will survive our short life spans and acquire knowledge that will outlast our planet and solar system and penetrate the galaxy and the universe itself? Don't we want to share with other intelligences that which we've worked so hard to discover? Who cares if the carbon based life forms do that, or if it is an AI?

Intelligence is the pinnacle of value in the universe. Ours is pathetic (as a race). We still believe in magical beings and hope for miracles. Pure intelligence doesn't allow for miracles and will be realized by machines. Let's hope that humans can overcome the tendency to believe in magic and accept that science is the best mode of understanding. Then perhaps we can join with AI in exploring the universe as rational partners.

Comment: best wishes ! (Score 1) 271

by swell (#49501549) Attached to: Ask Slashdot: What Features Would You Like In a Search Engine?

It wouldn't respond to my request. I had to allow a jquery script. Then it searched but couldn't find 'Benghazi'.

Things have been lost from search. Alta Vista allowed search for 'word1' NEAR 'word2', which proved very useful. Google used to give information about its finds such as date, size, ('cached' is still there, but hidden) and some things so long abandoned that I can't remember them. You know why date is important; size is also important because a very large page containing your terms is probably clickbait. A great sadness for me is that Wolfram Alpha is so wrapped up in fancy scripts that I've never been able to use it with my fairly secure Firefox (oh, it's better today).

Accurate reporting would be nice. I'm looking at a Google result that claims it found "About 54,100 results (0.46 seconds)" when actually there were only 245 unique results.

Location would be nice (maybe a flag icon from that country). An opportunity to vote the relevance of a result up or down and maybe indicate something inappropriate. Wildcards would be incredible. Apple's Spotlight search engine can now search the internet as well as local files- maybe your engine could take advantage of some sinister simpatico surreal symbiosis.

We need a fresh approach after a long period of stagnation. Who knows what clever innovation has been missed?

+ - Congress Introduces the Fair Play Fair Pay Act of 2015->

Submitted by Major Blud
Major Blud writes: Congressman Jerrold Nadler (D-NY) and Marsha Blackburn (R-TN) introduced the Fair Play Fair Pay Act today that would end regulations that don't require terrestrial radio stations to pay royalties to artists and labels. Currently, AM/FM radio stations aren't required to pay royalties to publishers and songwriters. The proposed measure requires stations that earn less than $1 million a year in revenue to pay $500 annually. For nonprofit public, college and other non-commercial broadcasters, the fee would be $100 per year — religious and talk stations being exempt from any payments. Larger radio companies like iHeartMedia (858 stations in the US) would have to pay more.

"The current system is antiquated and broken. It pits technologies against each other, and allows certain services to get away with paying little or nothing to artists. For decades, AM/FM radio has used whatever music it wants without paying a cent to the musicians, vocalists, and labels that created it. Satellite radio has paid below market royalties for the music it uses, growing into a multibillion dollar business on the back of an illogical ‘grandfathered’ royalty standard that is now almost two decades old,” said Congressman Nadler.

Link to Original Source

+ - Acetaminophen reduces both pain and pleasure, study finds->

Submitted by Anonymous Coward
An anonymous reader writes: Researchers studying the commonly used pain reliever acetaminophen found it has a previously unknown side effect: It blunts positive emotions. Acetaminophen, the main ingredient in the over-the-counter pain reliever Tylenol, has been in use for more than 70 years in the United States, but this is the first time that this side effect has been documented.
Link to Original Source

+ - Republicans introduce a bill to overturn net neutrality

Submitted by grimmjeeper
grimmjeeper writes:

A group of Republican lawmakers has introduced a bill that would invalidate the U.S. Federal Communications Commission’s recently passed net neutrality rules. The legislation, introduced by Representative Doug Collins, a Georgia Republican, is called a resolution of disapproval, a move that allows Congress to review new federal regulations from government agencies, using an expedited legislative process.

This move should come as little surprise to anyone. While the main battle in getting net neutrality has been won, the war is far from over.

+ - Duo Security iOS App Vulnerability

Submitted by dajjhman
dajjhman writes: Duo Security put out a PSA today informing users that their iOS application has not been checking the validity of SSL certificate domain names.
For those unfamiliar, Duo Security provides a 2 factor authentication system known for its implementation of push notifications to approve login requests. It is found in numerous applications, ranging from personal use to large enterprises
The vulnerability, identified as DUO-PSA-2015-002, allows attackers to use a Man in the Middle attack to see all of the network data. This was caused by a bug in a 3rd party library they used, and the announcement came along with an update to the App Store.
Duo says that due to the nature of their client-server communications, there was little risk an attacker could activate a push request as there is a client key. The PSA has not been posted to their blog at the time of this writing, but it is reproduced below.
The advisory is signed with the Duo Security PSIRT security@duosecurity.com PGP key which is available from their security contact page.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Duo Product Security Advisory
=============================

Advisory ID: DUO-PSA-2015-002
Publication Date: 2015-04-06
Revision Date: 2015-04-13
Status: Fixed
Document Revision: 2

Overview
========

Duo Security has identified an issue in recent versions of Duo Mobile for iOS that could allow attackers to perform a successful Man-in-the-Middle (MITM) attack against the app's TLS connections, if they can otherwise manipulate the network traffic exchanged between the mobile app and Duo's cloud service.

This issue has been fixed in Duo Mobile 3.7.1; all iOS users should update as soon as possible.

Description
===========

On the iOS platform, Duo Mobile leverages AFNetworking — a widely-used third-party HTTP client library — to communicate with Duo's cloud service. Recently, it was determined that AFNetworking did not validate digital certificates against server hostnames by default. As a result, Duo Mobile would e.g. consider a digital certificate for "www.example.com" as valid for "api-XXXXXXXX.duosecurity.com" when establishing a TLS tunnel.

This behavior makes it possible for an attacker to perform a successful Man-in-the-Middle (MITM) attack against TLS connections from affected versions of Duo Mobile, if he can otherwise manipulate the network traffic exchanged between the mobile app and Duo's cloud service. This might be a risk, for example, when using Duo Mobile while connected to untrusted wi-fi networks.

However, in addition to TLS, Duo Mobile uses application-level signatures to ensure the integrity and authenticity of requests sent from Duo Mobile to Duo's service. Becauses of this mechanism, a MITM attack would still not generally allow an attacker to e.g. approve a fraudulent Duo Push authentication request.

Note: A different vulnerability was introduced into AFNetworking in version 2.5.1, and recently gained widespread attention (http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html). Duo Mobile currently uses AFNetworking version 2.3.1, and was therefore not affected by that particular vulnerability. This is a separate — if very similar — issue.

Impact
======

An attacker can perform a successful Man-in-the-Middle (MITM) attack against Duo Mobile's TLS connections if he can otherwise manipulate the network traffic exchanged between the mobile app and Duo's cloud service. Duo's application-level signing mechanism still generally prevents the attacker from e.g. approving fraudulent Duo Push authentication requests. However, there are some limitations to this technique:

* Duo Mobile cannot use application-level signatures when setting up a new account, because — at this point — the app has not yet negotiated a key-pair with Duo's service. If an attacker intercepted traffic from Duo Mobile during this process, he could gain the ability to generate valid one-time passcodes and exert full control over subsequent Duo Push authentication requests intended for the targeted device.

* Requests from Duo Mobile to Duo's service have application-level signatures, but responses from the service do not. It may therefore be feasible for an attacker to manipulate details of a fraudulent authentication request such that it appears legitimate, thereby tricking a user into approving it.

Affected Product(s)
===================

* Duo Mobile for iOS, versions 3.4 — 3.7

Solution
========

Duo Mobile 3.7.1 was published to the iTunes App Store on April 6, 2015. This version ensures that certificate domain-name validation is performed for all TLS connections.

Users should upgrade to this version immediately to prevent the issues described above. Note that administrators can audit their users' Duo Mobile app versions in the "phones" section of the Duo administrative interface.

As noted above, there is a small risk that users' Duo Mobile credentials could be compromised, if an attacker captured network traffic from Duo Mobile during account setup. After users have upgraded, administrators may choose to forcibly invalidate any existing credentials by re-activating users' Duo Mobile accounts in the administrative interface.

Vulnerability Metrics
=====================

Vulnerability Class: Improper Certificate Validation (CWE-295)
Remotely Exploitable: Yes
Authentication Required: No
Severity: High
CVSSv2 Overall Score: 5.8
CVSSv2 Group Scores: Base: 6.8, Temporal: 5.9, Environmental: 5.8
CVSSv2 Vector: (AV:A/AC:L/Au:N/C:C/I:P/A:N/E:H/RL:OF/RC:C/CDP:MH/TD:M/CR:M/IR:H/AR:M)

References
==========

* CWE-295: Improper Certificate Validation — https://cwe.mitre.org/data/def...
* AFNetworking issue #2619 — https://github.com/AFNetworkin...
* Heartbleed Defense-in-Depth Part #2: Don't Trust SSL — https://www.duosecurity.com/bl...

Timeline
========

2015-04-02
* Engineers at Duo internally discover that Duo Mobile for iOS does not correctly validate server certificates.
* Duo develops a fix and submits an updated Duo Mobile 3.7.1 to the iTunes App Store.

2015-04-03
* Duo Mobile for iOS version 3.7.1 is approved by Apple

2015-04-06
* Duo completes testing on Duo Mobile for iOS 3.7.1 and releases it to end users.
* Duo drafts advisory and shares it with affected Enterprise and Business customers.

2015-04-13
* Duo updates advisory and shares it with all remaining customers.

Credits/Contact
===============

Technical questions regarding this issue should be sent to support@duosecurity.com and reference "DUO-PSA-2015-002" in the subject.

Other feedback regarding this issue can be sent to security@duosecurity.com.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJVJD/IAAoJEEcOFkS+z+1x0q4QAIsyyybXIUV5/kui63aSzPrY
AT1GcSK0WGQzaH2T8gSBwMZl7QUPBJQERLm65F7hFXzDgzbFUrb9rnMvMPOdqYFK
mc0EIfwsoWH8M02JfHZvS476Yi56MAvY+DEOtVI/z23481ScT+fK5AyHvAyjfb2M
NFJJGjTfF6JOTdufY3D22RpCbpK68ITL8wVS+eCC9CR2xf6MlgITBRqdzyo3Qc34
1nRxnRc7xqPnkjSrtcT/lf8D5Q7j/yNv0qryRokY9neYxrogLXqqIkP/JhdhzFvH
DN8TPOMrRDfEPCdUDAdWBaGY0+gpVBIV+2gBzG+8/d+fEh5inTiEkBmjE11M722W
X3JGorP7DJ9TNoQM+TP1Y/r7khr/X5trk/X6RDeDKVLEaCx9KPTr7tSzy83/F2MI
c+kUwEsnrhxNPuLGWb38Exb0DQ7SmQJ6xvTx6EFcBcQDssDvfKPc6tIADSvMqw3t
ZxXkcqXJncq+M6Cvyxm+A6kb0FBcUAbmdyL6lhBhUTIimhg+i4QLBqkO42RaHogn
nY9WQhVZYAKCdGXcteSlez/2HFtE9+OoP23NK1UK+OoHJjCVg/qBKuBwyzY1JA2y
lBz1VGdWIVNqD3bEdHNLSnSa0hqXJ/mLgffogK/hj4COSI0f5CZaiSaZwCgpMPC+
kP6aGmqdITXzdgag6VHy
=16Yr
-----END PGP SIGNATURE-----

+ - Little Languages For Compiling to JavaScript

Submitted by snydeq
snydeq writes: InfoWorld's Peter Wayner provides an overview of little languages that help you compile your code to JavaScript with surprising ease and few compromises. From Opal to Shen to PyPy, these tools enable developers to bring code written in everything from Ruby to Erlang and beyond to the Web. 'There are plenty of rationalizations that make the idea more palatable. First, JavaScript engines run much, much faster than they did in the past. Second, crafting a Web UI has never been easier, thanks to frameworks and ample HTML/CSS design talent. Third, JavaScript is becoming a bit of a lingua franca. If you can convert all of these languages to JavaScript, and the list is surprisingly long, you can also link them all together.'

Comment: xylitol (Score 1, Interesting) 68

by swell (#49455269) Attached to: Plaque-busting Nanoparticles Could Help Fight Tooth Decay

Nanobots delivering drugs to my teeth? No thanks. Xylitol sweetener will kill the bacteria, lower acidity and prevent bacteria from sticking to my teeth. And it tastes great. Don't expect your dentist to tell you about it. Don't expect to find it in your ADA approved toothpaste. Why would they want you to use it?

Just as sugar devastates your oral and physical health, xylitol benefits your health in many ways. Start here: http://xylitol.org/xylitol-use...

Comment: it's Kansas people, give him a break (Score 1) 297

by swell (#49451755) Attached to: Would-Be Bomber Arrested In Kansas; Planned Suicide Attack on Ft. Riley

Gotta say, if I lived in Kansas when I was 20 years old, I mighta done something ... something strange too. As it is I lived in another midwest state, not quite as boring. I acted out. Nobody should live in such circumstances. Everyone knows your business. Gossip. Rumors. Spiteful neighbors. If you're not a devout Christian, forget being accepted. God help you if you are LGBT etc. A simple lapse of judgement when you sorta borrow a car or release some cash from a liquor store and you're marked like forever.

When you live in such a place, even the middle east must seem a paradise. Lots of activity; while home is just oppressive stagnation. Lots of fighting for things that people believe in rather than ho-hum useless voting every few years. Real people taking their future into their own hands and not sitting back hoping for some politician to make things right. That's what I'm talkin 'bout!

So, let's have some pity on the gullible lad manipulated by the spooks at the FBI. The worst he could really do is paint graffiti on the Post Office. When he gets older we can all laugh it off as one of those adolescent pranks. Except that he'll be in prison for a very long time because there is no exception in our legal system for people of low IQ who do stupid stuff.

Comment: don't trust anything from the USA (Score 2) 100

by swell (#49451011) Attached to: Microsoft: Feds Are 'Rewriting' the Law To Obtain Emails Overseas

Every American manufacturer and service provider is suspect because of these government demands. Digital equipment may have back doors for the convenience of government spies. Cloud services are probably being watched. Software may have embedded spyware.

If you were a foreign company or government would you trust anything coming from the US? Even a US company or individual can't trust our own companies. Our government is making us non-competitive worldwide. (Open source products may be safer.)

Comment: don't feed monopolies (Score 2) 281

by swell (#49450931) Attached to: The Myth of Going Off the Power Grid

California ratepayers have lost billions of dollars to our friendly utilities. You may recall Enron, who devastated the entire state by manipulating utility prices. Now we have the power plant at San Onofre shutting down because the utilities and the government overseers were incompetent. Because the California Public Utility Commission exists to assure Wall Street profits, and not ratepayer protection, we have a few billion more in costs that ratepayers are expected to pay (shareholders are still raking in big dividends/profits).

So do you think it is a good idea to continue dependence upon the energy monopoly? How did you feel about the Microsoft monopoly? Is it good to have profit seeking telephone and cable and oil and water monopolies? When was this ever a good idea for ordinary consumers?

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Working...