Businesses

Trump Administration Cracks Down On H-1B Visa Abuse (cnn.com) 5

An anonymous reader quotes a report from CNN Money: The Trump administration is cracking down on companies that get visas for foreign workers and farm them out to employers. Some staffing agencies seek hard-to-get H-1B visas for high-skilled workers, only to contract them out to other companies. There's nothing inherently illegal about contracting out visa recipients, but the workers are supposed to maintain a relationship with their employers, among other requirements. In some cases, outsourcing firms flood the system with applicants. The U.S. Citizenship and Immigration Services agency said in a new policy memo released Thursday it will require more information about H-1B workers' employment to ensure the workers are doing what they were hired for. Companies will have to provide specific work assignments, including dates and locations, to verify the "employer-employee" relationship between the company applying for an H-1B and its visa recipient.

H-1B visas are valid for three years and can be renewed for another three years. The USCIS says it may limit the length of the visa to shorter than three years based the information an employer provides. For example, if an employer can't prove the H-1B holder is "more likely than not" needed for the full three years, the government might issue the visa for fewer than three years. The memo also says the administration wants to prevent employee "benching." That's when firms bring on H-1B visa holders but don't give them work and don't pay them the required wages while they wait for jobs.

Data Storage

Putting Civilization in a Box For Space Means Choosing Our Legacy (space.com) 31

When SpaceX's record-breaking Falcon Heavy rocket made its first test launch in early February , the craft didn't just hurl Elon Musk's shiny red roadster and spacesuit-clad mannequin to space. It had another, smaller payload, which at first glance seems much less impressive: a 1-inch-wide (2.5 centimeters) quartz disc with Isaac Asimov's "Foundation" trilogy encoded in laser-etched gratings . From a report: The famous science fiction series is only the beginning of the discs' planned contents. At a time when traditional hard drives are just breaking into the terabyte range, the quartz medium can hold up to 360 terabytes per disc. It also boasts a life span of 14 billion years. That's longer than the current age of the universe. This disc was symbolic; future devices will contain much more, and more useful, information. But the technology speaks to grander issues that humanity is now pondering: becoming a multiplanetary civilization, storing information for thousands or millions of years, and contacting and communicating with other intelligences (alien and Earthling).

So how should we record our knowledge and experiences for posterity? How should we ensure that this information is understandable to civilizations that may be quite different from our own? And, most importantly, what should we say? Humans have faced challenges like these before. Ancient civilizations built monuments like the pyramids and left artifacts and writing, sometimes deliberately. Later researchers have used this material to try to piece together ancient worldviews. However, in the modern era, we've set our sights much further: from centuries to millennia, from one planet to interstellar space, and from one species to many.

Security

Hackers Are Selling Legitimate Code-signing Certificates To Evade Malware Detection (zdnet.com) 15

Zack Whittaker, writing for ZDNet Security researchers have found that hackers are using code-signing certificates more to make it easier to bypass security appliances and infect their victims. New research by Recorded Future's Insikt Group found that hackers and malicious actors are obtaining legitimate certificates from issuing authorities in order to sign malicious code. That's contrary to the view that in most cases certificates are stolen from companies and developers and repurposed by hackers to make malware look more legitimate. Code-signing certificates are designed to give your desktop or mobile app a level of assurance by making apps look authentic. Whenever you open a code-signed app, it tells you who the developer is and provides a high level of integrity to the app that it hasn't been tampered with in some way. Most modern operating systems, including Macs , only run code-signed apps by default.
Privacy

Researchers From MIT and Harvard University Present a Paper Describing a New System, Dubbed Veil, That Makes Private Browsing More Private (mit.edu) 8

From a blog post on MIT News Office: Veil would provide added protections to people using shared computers in offices, hotel business centers, or university computing centers, and it can be used in conjunction with existing private-browsing systems and with anonymity networks such as Tor, which was designed to protect the identity of web users living under repressive regimes. "Veil was motivated by all this research that was done previously in the security community that said, 'Private-browsing modes are leaky -- Here are 10 different ways that they leak,'" says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the paper. "We asked, 'What is the fundamental problem?' And the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser's best effort is, it still collects it. We might as well not collect that information in the first place."
Earth

As Cape Town Runs Out of Water, Here's a Look at Parts of Mexico City That Have Been Without Water For a Year (buzzfeed.com) 30

In some places, taps have been dry for over a year. People bathe their children with bottled water. A group of women has taken over water distribution from the city authorities. The future feared by millions of people across the world has already arrived in Mexico City , BuzzFeed News reports. From the report: In certain areas, people say taps go dry for months. Angry civilians have blocked off highways and squared off with riot police, wresting control of water distribution from the government. "Crime affects us deeply but if you don't have water, you can't do anything," said Marisol Fierro, part of a group of women in charge of delivering water to neighbors. Across the ocean, authorities in South Africa talk about Day Zero, when Cape Town is set to run out of water and the city is forced to shut off its taps. It has made headlines around the world, as people watch on with bated breath. But here in Iztapalapa, a sprawling, drab Mexico City borough where nearly 2 million people live, that day has already arrived, offering a window into what the future may hold for millions of people when the taps run dry. Police officers are sometimes forced to guard water trucks, popular targets for kidnappers who sell their contents for hefty prices. In other cities, politicians might promise expanded broadband, better health care, or higher wages to win votes, but in Mexico City, mayoral hopefuls have made simple access to water central to their campaigns. Reserved and quiet, Emma Pantaleon seems an unlikely protagonist at the front lines of this daily battle. Pantaleon joins Fierro and other women -- housewives who juggle child-rearing, house chores, and part-time jobs -- gathering water requests from their neighbors, coordinating trucks' routes with local authorities, and riding along to ensure the operation runs smoothly.

On a recent morning, she sat in the passenger seat of a water tanker as it revved its motor up a hill, dwarfing the dilapidated single-room houses along its path. When the driver swerved left and stepped on the brake, Pantaleon leaped out. It was a scene straight out of Mad Max: Fury Road. Pantaleon, 41, walked over to the nearest cinder block house and called out to its owner. As soon as Catalina Cortez opened the door, the driver and a helper marched in, pulling the truck's hose straight up to a plastic water storage tank taking up a third of the patio.

Data Storage

Dropbox Shows How It Manages Costs By Deleting Inactive Accounts (cnbc.com) 11

Dropbox employs a somewhat unusual technique to lower its costs, the cloud software company revealed on Friday in its filing to go public . From a report: In a process the company calls "infrastructure optimization," Dropbox said it deletes users' accounts if they don't sign in for a year and don't respond to emails. That keeps the company from incurring storage costs for inactive users, a tactic Yahoo has used in the past. Dropbox said that the costs of revenue dropped 6 percent in 2017 to $21.7 million, mostly due to a $35.1 million reduction "in our infrastructure costs." As it prepares to lure public market investors, Dropbox is paying particularly close attention to its expenses. The company operates in an intensively competitive market against vendors including Apple, Amazon, Box, Google and Microsoft. Once reliant on Amazon Web Services , Dropbox has moved away from public cloud in recent years and has been building its own data center infrastructure to store the majority of user data. Another way it's managed costs is by making sure that there weren't too many copies of users' files on third-party infrastructure.
Bitcoin

Nearly Half of 2017's Cryptocurrencies Have Already Failed (engadget.com) 7

An anonymous reader shares an Engadget report: The surging price of bitcoin (among others) in 2017 led more than a few companies to hop on the cryptocurrency bandwagon with hopes of striking it rich almost overnight. Many of their initial coin offerings seemed dodgy from the outset... and it turns out they were. Bitcoin.com has conducted a study of ICOs tracked by Tokendata, and a whopping 46 percent of the 902 crowdsale-based virtual currencies have already failed. Of these, 142 never got enough funding; another 276 have either slowly faded away or were out scams.
China

Apple Moves To Store iCloud Keys in China, Raising Human Rights Fears (reuters.com) 20

Apple will begin hosting Chinese users' iCloud accounts in a new Chinese data center at the end of this month to comply with new laws there. The move would give Chinese authorities far easier access to text messages, email and other data stored in the cloud. From a report: That's because of a change to how the company handles the cryptographic keys needed to unlock an iCloud account. Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the U.S. legal system. Now, according to Apple , for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.
United States

Russian Spies Hacked the Olympics and Tried To Make it Look Like North Korea Did it, US Officials Say (washingtonpost.com) 27

Ellen Nakashima, reporting for the Washington Post: Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympic Games in South Korea [Editor's note: the link may be paywalled; alternative source], according to U.S. intelligence. They did so while trying to make it appear as though the intrusion was conducted by North Korea, what is known as a "false-flag" operation, said two U.S. officials who spoke on the condition of anonymity to discuss a sensitive matter. Officials in PyeongChang acknowledged that the Games were hit by a cyberattack during the Feb. 9 Opening Ceremonies but had refused to confirm whether Russia was responsible. That evening there were disruptions to the Internet, broadcast systems and the Olympics website. Many attendees were unable to print their tickets for the ceremony, resulting in empty seats.
Education

Ask Slashdot: How Would You Teach 'Best Practices' For Programmers? 124

An anonymous reader writes: I've been asked to put together a half-day workshop whose title is "Thinking Like a Programmer." The idea behind this is that within my institution (a university), we have a vast number of self-taught programmers who have never been taught "best practices" or anything about software engineering. This workshop's intention is to address this lack of formal training.

The question is, what should be covered in this workshop? If you have an idea -- that also has an example of best practice -- please share!

It's really two questions -- what "thinking like a programmer" topics should be covered, but also what examples should be used to illustrate best practices for the material. So leave your best thoughts in the comments.

How would you teach best practices for programmers?
Bug

How Are Sysadmins Handling Spectre/Meltdown Patches? (hpe.com) 36

Esther Schindler (Slashdot reader #16,185) writes that the Spectre and Meltdown vulnerabilities have become "a serious distraction" for sysadmins trying to apply patches and keep up with new fixes, sharing an HPE article described as "what other sysadmins have done so far, as well as their current plans and long-term strategy, not to mention how to communicate progress to management." Everyone has applied patches. But that sounds ever so simple. Ron, an IT admin, summarizes the situation succinctly: "More like applied, applied another, removed, I think re-applied, I give up, and have no clue where I am anymore." That is, sysadmins are ready to apply patches -- when a patch exists. "I applied the patches for Meltdown but I am still waiting for Spectre patches from manufacturers," explains an IT pro named Nick... Vendors have released, pulled back, re-released, and re-pulled back patches, explains Chase, a network administrator. "Everyone is so concerned by this that they rushed code out without testing it enough, leading to what I've heard referred to as 'speculative reboots'..."

The confusion -- and rumored performance hits -- are causing some sysadmins to adopt a "watch carefully" and "wait and see" approach... "The problem is that the patches don't come at no cost in terms of performance. In fact, some patches have warnings about the potential side effects," says Sandra, who recently retired from 30 years of sysadmin work. "Projections of how badly performance will be affected range from 'You won't notice it' to 'significantly impacted.'" Plus, IT staff have to look into whether the patches themselves could break something. They're looking for vulnerabilities and running tests to evaluate how patched systems might break down or be open to other problems.

The article concludes that "everyone knows that Spectre and Meltdown patches are just Band-Aids," with some now looking at buying new servers. One university systems engineer says "I would be curious to see what the new performance figures for Intel vs. AMD (vs. ARM?) turn out to be."
United States

House Democrats' Counter-Memo Released, Alleging Major Factual Inaccuracies (vox.com) 161

Long-time Slashdot reader Rei writes: Three weeks ago, on a party-line vote, the U.S. House Intelligence Committee voted to release a memo from committee chair and Trump transition team member Devin Nunes. The "Nunes Memo" alleged missteps by the FBI in seeking a FISA warrant against Trump aide Carter Page; a corresponding Democratic rebuttal memo was first blocked from simultaneous release by the committee, and subsequently the White House. Tonight, it has finally been released.

Among its many counterclaims: the Steele Dossier, only received in September, did not initiate surveilance of Page which began in July; the Steele dossier was only one, minor component of the FISA application, and only concerning Page's Moscow meetings; Steele's funding source and termination was disclosed in the application; and a number of other "distortions and misrepresentations that are contradicted by the underlying classified documents". Perhaps most seriously, it accuses Nunes of having never read the FISA application which his memo criticized.

Vox argues the memo proves that no one was misled when the surveillance was authorized. "The FBI clearly states right there in the FISA application that they believe Steele was hired to find dirt on Trump... After the Schiff memo was released on Saturday, House Republicans released a document rebutting its core claims. Their response to this damning citation is -- and I am not making this up -- that the vital line in which the FBI discloses the information about Steele was 'buried in a footnote.'"
Businesses

Visa Claims Chip Cards Reduced Fraud By 70% (arstechnica.com) 146

An anonymous reader quotes Ars Technica: Although only 59 percent of US storefronts have terminals that accept chip cards, fraud has dropped 70 percent from September 2015 to December 2017 for those retailers that have completed the chip upgrade, according to Visa.

There are a few ways to interpret those numbers. First, it seems like two years has resulted in staggeringly little progress in encouraging storefronts to shift from magnetic stripe to chip-embedded cards, given that in early 2016, 37 percent of US storefronts were able to process chip cards. On the other hand, fraud dropping 70 percent for retailers who install chip cards seems great. Chip-embedded cards aren't un-hackable, but they do make it harder to steal card numbers en masse as we saw in the Target's 2013 breach.

Security

New Tech Industry Lobbying Group Argues 'Right to Repair' Laws Endanger Consumers (securityledger.com) 126

chicksdaddy brings this report from Security Ledger: The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers. The group released a survey last week warning of possible privacy and security risks should consumers have the right to repair their own devices. It counts powerful electronics and software industry organizations like CompTIA, CTIA, TechNet and the Consumer Technology Association as members... In an interview with The Security Ledger, Josh Zecher, the Executive Director of The Security Innovation Center, acknowledged that Security Innovation Center's main purpose is to push back on efforts to pass right to repair laws in the states.

He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks. Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves... Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety... "People say 'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."

The Almighty Buck

Is Cryptocurrency Threatening Earnings at Bank of America? (thenextweb.com) 45

An anonymous reader quotes The Next Web: One of the world's largest financial institutions admitted in its annual report that cryptocurrency is a looming threat to its business model. According to a report filed with the SEC by Bank of America, "Clients may choose to conduct business with other market participants who engage in business or offer products in areas we deem speculative or risky, such as cryptocurrencies. Increased competition may negatively affect our earnings by creating pressure to lower prices or credit standards on our products and services requiring additional investment to improve the quality and delivery of our technology and/or reducing our market share, or affecting the willingness of clients to do business with us."

Slashdot Top Deals