United States

Is Russia Conducting A Social Media War On America? (time.com) 465

An anonymous reader writes: Time magazine ran a cover story about "a dangerous new route for antidemocratic forces" -- social media. "Using these technologies, it is possible to undermine democratic government, and it's becoming easier every day," says Rand Waltzman of the Rand Corp., who ran a major Pentagon research program to understand the propaganda threats posed by social media technology." The article cites current and former FBI and CIA officials who now believe Russia's phishing emails against politicians were "just the most visible battle in an ongoing information war against global democracy." They cite, for example, a March report by U.S. counterintelligence which found "Russians had sent expertly tailored messages carrying malware to more than 10,000 Twitter users in the Defense Department." Each message contained links tailored to the interests of the recipient, but "When clicked, the links took users to a Russian-controlled server that downloaded a program allowing Moscow's hackers to take control of the victim's phone or computer -- and Twitter account...

"In 2016, Russia had used thousands of covert human agents and robot computer programs to spread disinformation referencing the stolen campaign emails of Hillary Clinton, amplifying their effect. Now counterintelligence officials wondered: What chaos could Moscow unleash with thousands of Twitter handles that spoke in real time with the authority of the armed forces of the United States?" The article also notes how algorithms now can identify hot-button issues and people susceptible to suggestion, so "Propagandists can then manually craft messages to influence them, deploying covert provocateurs, either humans or automated computer programs known as bots, in hopes of altering their behavior. That is what Moscow is doing, more than a dozen senior intelligence officials and others investigating Russia's influence operations tell Time."

The article describes a Russian soldier in the Ukraine pretending to be a 42-year-old American housewife. Meanwhile, this week Time's cover shows America's White House halfway-covered with Kremlin-esque spires -- drawing a complaint from the humorists at Mad magazine, who say Time copied the cover of Mad's December issue.
IBM

New OS/2 Warp Operating System 'ArcaOS' 5.0 Released (arcanoae.com) 144

The long-awaited modern OS/2 distribution from Arca Noae was released Monday. martiniturbide writes: ArcaOS 5.0 is an OEM distribution of IBM's discontinued OS/2 Warp operating system. ArcaOS offers a new set of drivers for ACPI, network, USB, video and mouse to run OS/2 in newer hardware. It also includes a new OS installer and open source software like Samba, Libc libraries, SDL, Qt, Firefox and OpenOffice... It's available in two editions, Personal ($129 with an introductory price of $99 for the first 90 days [and six months of support and maintenance updates]) and Commercial ($239 with one year of support and maintenance).

The OS/2 community has been called upon to report supported hardware, open source any OS/2 software, make public as much OS/2 documentation as possible and post the important platform links. OS2World insists that open source has helped OS/2 in the past years and it is time to look under the hood to try to clone internal components like Control Program, Presentation Manager, SOM and Workplace Shell.

By Tuesday Arca Noae was reporting "excessive traffic on the server which is impacting our ordering and delivery process," though the actual downloads of the OS were unaffected, the server load issues were soon mitigated, and they thanked OS/2 enthusiasts for a "truly overwhelming response."
Operating Systems

ReactOS 0.4.5 Released (reactos.org) 117

An anonymous reader shares Colin Finck's forum post announcing ReactOS version 0.4.5: The ReactOS Project is pleased to release version 0.4.5 as a continuation of its three month cadence. Beyond the usual range of bug fixes and syncs with external dependencies, a fair amount of effort has gone into the graphical subsystem. Thanks to the work of Katayama Hirofumi and Mark Jansen, ReactOS now better serves requests for fonts and font metrics, leading to an improved rendering of applications and a more pleasant user experience. Your continued donations have also funded a contract for Giannis Adamopoulos to fix every last quirk in our theming components. The merits of this work can be seen in ReactOS 0.4.5, which comes with a smoother themed user interface and the future promises to bring even more improvements. In another funded effort, Hermes Belusca-Maito has got MS Office 2010 to run under ReactOS, another application from the list of most voted apps. On top of this, there have been several major fixes in the kernel and drivers that should lead to stability improvements on real hardware and on long-running machines. The general notes, tests, and changelog for the release can be found at their respective links. ISO images and prepared VMs for testing can be downloaded here.
Security

Breach at DocuSign Led To Targeted Email Malware Campaign (krebsonsecurity.com) 20

Digital signature service DocuSign said Monday that an unnamed third-party had got access to email addresses of its users after hacking into its systems. From a report: DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign. [...] In an update late Monday, DocuSign confirmed that this malicious third party was able to send the messages to customers and users because it had broken in and stolen DocuSign's list of customers and users.
Advertising

Facebook Downranks News Feed Links To Crappy Sites Smothered In Ads (techcrunch.com) 95

Facebook's New Feed algorithm is targeting links that send people to crappy websites filled with advertisements. According to their blog post, Facebook defines a "low-quality site" as one "containing little substantive content, and that is covered in disruptive, shocking or malicious ads." TechCrunch reports: The change could help Facebook fight fake news, as fakers are often financially motivated and blanket their false information articles in ads. High-quality sites may see a slight boost in referral traffic, while crummy sites will see a decline as the update rolls out gradually over the coming months. Facebook tells me that the change will see it refuse an immaterial number of ad impressions that earned it negligible amounts of money, so it shouldn't have a significant impact on Facebook's revenue. Facebook product manager for News Feed Greg Marra tells me Facebook made the decision based on surveys of users about what disturbed their News Feed experience. One pain point they commonly cited was links that push them to "misleading, sensational, spammy, or otherwise low-quality experiences... [including] sexual content, shocking content, and other things that are going to be really disruptive." Today's change is important because if users don't trust the content on the other side of the links and ads they see in News Feed, they'll click them less. That could reduce Facebook's advertising revenue and the power it derives from controlling referral traffic. Getting sent to a low-quality, shocking site from News Feed could also frustrate users and cause them to end their Facebook browsing session, depriving the social network of further ad views, engagement and content sharing.
GNU is Not Unix

How Psychology Today Sees Richard Stallman (psychologytoday.com) 247

After our article about Richard Stallman's new video interview, Slashdot reader silverjacket shared this recent profile from Psychology Today that describes Richard Stallman's quest "to save us from a web of spyware -- and from ourselves." By using proprietary software, Stallman believes, we are forfeiting control of our computers, and thus of our digital lives. In his denunciation of all nonfree software as inherently abusive and unethical, he has alienated many possible allies and followers. But he is not here to make friends. He is here to save us from a software industry he considers predatory in ways we've yet to recognize... for Stallman, moralism is the whole point. If you write or use free software only for practical reasons, you'll stop when it's inconvenient, and freedom will disappear.
Stallman collaborator Eben Moglen -- a law professor at Columbia, as well as the FSF's general counsel -- assesses Stallman's legacy by saying "the idea of copyleft and the proposition that social and political freedom can't happen in a society without technological freedom -- those are his long-term meanings. And humanity will be aware of those meanings for centuries, whatever it does about them." The article also includes quotes from Linus Torvalds and Eric S. Raymond -- along with some great artwork.

In addition to insisting the reporter refer to Linux as "GNU/Linux," Stallman also required that the article describe free software without using the term open source, a phrase he sees as "a way that people who disagree with me try to cause the ethical issues to be forgotten." And he ultimately got Psychology Today to tell its readers that "Nearly all the software on our phones and computers, as well as on other machines, is nonfree or 'proprietary' software and is riddled with spyware and back doors installed by Apple, Google, Microsoft, and the like."
Privacy

Over 200 Android Apps Are Currently Using Ultrasonic Beacons To Track Users (bleepingcomputer.com) 192

Catalin Cimpanu, writing for BleepingComputer: A team of researchers from the Brunswick Technical University in Germany has discovered an alarming number of Android apps (234, to be exact) that employ ultrasonic tracking beacons to track users and their nearby environment. Their research paper focused on the technology of ultrasound cross-device tracking (uXDT) that became very popular in the last three years. uXDT is the practice of advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones. SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y" and links their two previous advertising profiles together, creating a broader picture of the user's interests, device portfolio, home, and even family members.
Privacy

Gmail, Google Docs Users Hit By Massive Email Phishing Scam (independent.co.uk) 60

New submitter reyahtbor warns of a "massive" phishing attack sweeping the web: Multiple media sources are now reporting on a massive Gmail/Google Docs phishing attack. The Independent is among the top publications reporting about it: "Huge numbers of people may have been compromised by the phishing scam that allows hackers to take over people's email accounts. It's not clear who is running the quickly spreading scam or why. But it gives people access to people's most personal details and information, and so the damage may be massive. The scam works by sending users an innocent looking Google Doc link, which appears to have come from someone you might know. But if it's clicked then it will give over access to your Gmail account -- and turn it into a tool for spreading the hack further. As such, experts have advised people to only click on Google Doc links they are absolutely sure about. If you have already clicked on such a link, or may have done, inform your workplace IT staff as the account may have been compromised. The hack doesn't only appear to be affecting Gmail accounts but a range of corporate and business ones that use Google's email service too. If you think you may have clicked on it, you should head to Google's My Account page. Head to the permissions option and remove the 'Google Doc' app, which appears the same as any other." UPDATE 5/3/17: Here's Google's official statement on today's phishing attack: "We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."
Data Storage

Developer Shares A Recoverable Container Format That's File System Agnostic (github.com) 133

Long-time Slashdot reader MarcoPon writes: I created a thing: SeqBox. It's an archive/container format (and corresponding suite of tools) with some interesting and unique features. Basically an SBX file is composed of a series of sector-sized blocks with a small header with a recognizable signature, integrity check, info about the file they belong to, and a sequence number. The results of this encoding is the ability to recover an SBX container even if the file system is corrupted, completely lost or just unknown, no matter how much the file is fragmented.
Government

NSA Halts Collection of Americans' Emails About Foreign Targets (nytimes.com) 48

The NSA is stopping one of the most disputed forms of its warrantless surveillance program (alternative source), one in which it collects Americans' emails and texts to and from people overseas and that mention a foreigner under surveillance, NYTimes reports on Friday citing officials familiar with the matter. From the report: National security officials have argued that such surveillance is lawful and helpful in identifying people who might have links to terrorism, espionage or otherwise are targeted for intelligence-gathering. The fact that the sender of such a message would know an email address or phone number associated with a surveillance target is grounds for suspicion, these officials argued. [...] The N.S.A. made the change to resolve problems it was having complying with special rules imposed by the Foreign Intelligence Surveillance Court in 2011 to protect Americans' privacy. For technical reasons, the agency ended up collecting messages sent and received domestically as a byproduct of such surveillance, the officials said.
Facebook

Facebook Shows Related Articles and Fact Checkers Before You Open Links (techcrunch.com) 119

An anonymous reader quotes a report from TechCrunch: Facebook wants you to think about whether a headline is true and see other perspectives on the topic before you even read the article. In its next step against fake news, Facebook today begins testing a different version of its Related Articles widget that normally appears when you return to the News Feed after opening a link. Now Facebook will also show Related Articles including third-party fact checkers before you read an article about a topic that many people are discussing. If you saw a link saying "Chocolate cures cancer!" from a little-known blog, the Related Article box might appear before you click to show links from the New York Times or a medical journal noting that while chocolate has antioxidants that can lower your risk for cancer, it's not a cure. If an outside fact checker like Snopes had debunked the original post, that could appear in Related Articles too. Facebook says this is just a test, so it won't necessarily roll out to everyone unless it proves useful. It notes that Facebook Pages should not see a significant change in the reach of their News Feed posts. There will be no ads surfaced in Related Articles.
Open Source

Systemd-Free Devuan Announces Its First Stable Release Candidate 'Jessie' 1.0.0 (devuan.org) 372

Long-time reader jaromil writes: Devuan 1.0.0-RC is announced, following its beta 2 release last year. The Debian fork that spawned over systemd controversy is reaching stability and plans long-term support. Devuan deploys an innovative continuous integration setup: with fallback on Debian packages, it overlays its own modifications and then uses the merged source repository to ship images for 11 ARM targets, a desktop and minimal live, vagrant and qemu virtual machines and the classic installer isos. The release announcement contains several links to projects that have already adopted this distribution as a base OS.
"Dear Init Freedom Lovers," begins the announcement, "Once again the Veteran Unix Admins salute you!" It points out that Devuan "can be adopted as a flawless upgrade path from both Debian Wheezy and Jessie. This is a main goal for the Devuan Jessie stable release and has proven to be a very stable operation every time it has been performed. "
Google

Chrome 59 To Address Punycode Phishing Attack 69

Google says it will be rolling out a patch to Chrome in v59 to address a decade-old unicode vulnerability called Punycode that allowed attackers to fool people into clicking on compromised links. Engadget adds: Thanks to something called Punycode, phishers are able to register bogus domains that look identical to a real website. Take this proof-of-concept from software engineer Xudong Zheng, where apple.com won't take you to a store selling Macs, iPhones and iPads. The real website is actually https://www.xn--80ak6aa92e [dot] com. The xn-- prefix tells browsers like Chrome that the domain uses ASCII compatible encoding. It allows companies and individuals from countries with non-traditional alphabets to register a domain that contains A-Z characters but renders in their local language. The issue was first reported to Google and Mozilla on January 20th and Google has issued a fix in Chrome 59. It's currently live in the Canary (advance beta release) but the search giant will likely make it available to all Chrome users soon.
Google

Google Is Working On a Tool For Managing Job Applicants (axios.com) 64

Google is quietly testing "Google Hire," a job applicant tracking system that appears to rival services like Greenhouse and Lever, Axios is reporting. From the report: The service lets employers post job listings, then accept and manage applications, according to job listing links spotted by Axios reader Colin Heilbut. So far, several tech companies seem to be using (or testing) Google Hire, including Medisas, Poynt, DramaFever, SingleHop, and CoreOS.
Firefox

Firefox To Let Users Control Memory Usage (bleepingcomputer.com) 213

An anonymous reader quotes a report from BleepingComputer: Mozilla engineers are working on a new section in the browser's preferences that will let users control the browser's performance. Work on this new section started last Friday when an issue was opened in the Firefox bug tracker. Right now, the Firefox UI team has proposed a basic sketch of the settings section and its controls. Firefox developers are now working to isolate or implement the code needed to control those settings [1, 2, 3]. According to the current version of the planned Performance settings section UI, users will be able to control if they use UI animations (to be added in a future Firefox version), if they use page prefetching (feature to preload links listed on a page), and how many "content" processes Firefox uses (Firefox currently supports two processes [one for the Firefox core and one for content], but this will expand to more starting v54).
Education

Tearing Down Science's Citation Paywall, One Link at a Time (wired.com) 50

Citations play an incredibly important role in academia. To scientists, citations are currency. Citations establish credibility, and determine the impact of a given paper, researcher, and institution. However, the system of how citations work is crippled with a problem. Over the last few decades, only researchers with subscriptions to two proprietary databases, Web of Science and Scopus, have been able to track citation records and measure the influence of a given article or scientific idea. This isn't just a problem for scientists trying to get their resumes noticed; a citation trail tells the general public how it knows what it knows, each link a breadcrumb back to a foundational idea about how the world works, reads an article on Wired. The article adds: On Thursday, a coalition of open data advocates, universities, and 29 journal publishers announced the Initiative for Open Citations with a commitment to make citation data easily available to anyone at no cost (alternative source). "This is the first time we have something at this scale open to the public with no copyright restrictions," says Dario Taraborelli, head of research at the Wikimedia Foundation, a founding member of the initiative. "Our long-term vision is to create a clearinghouse of data that can be used by anyone, not just scientists, and not just institutions that can afford licenses." Here's how it works: When a researcher publishes a paper, the journal registers it with Crossref, a nonprofit you can think of as a database linking millions of articles. The journal also bundles those links with unique identifying metadata like author, title, page number of print edition, and who funded the research. All of the major publishers started doing this when Crossref launched in 2000. But most of them held the reference data -- the information detailing who cited whom and where -- under strict copyright restrictions. Accessing it meant paying tens of thousands of dollars in subscription fees to the companies that own Web of Science or Scopus. Historically, just 1 percent of publications using Crossref made references freely available. Six months after the Initiative for Open Citations started convincing publishers to open up their licensing agreements, that figure is approaching 40 percent, with around 14 million citation links already indexed and ready for anyone to use. The group hopes to maintain a similar trajectory through the year.
Nintendo

Your Save Data Is Not Safe On the Nintendo Switch (arstechnica.com) 161

An anonymous reader quotes a report from Ars Technica: In a post-launch update to our initial Nintendo Switch review, we noted that there is no way to externally back up game save data stored on the system. A recent horror story from a fellow writer who lost dozens of hours of game progress thanks to a broken system highlights just how troublesome this missing feature can be. Over at GamesRadar, Anthony John Agnello recounts his experience with Nintendo support after his Switch turned into a useless brick for no discernible reason last week (full disclosure: I know Agnello personally and have served with him on some convention panels). After sending his (under warranty) system to Nintendo for repair, Agnello received a fixed system and the following distressing message from the company two days later: "We have inspected the Nintendo Switch system that was sent to us for repair and found that the issue has made some of the information on this system unreadable. As a result, the save data, settings, and links with any Nintendo Accounts on your system were unable to be preserved." Agnello says he lost 55 hours of progress on The Legend of Zelda: Breath of the Wild, as well as more progress on a few other downloadable games. While he was able to redownload the games that were deleted, he'd have to start from scratch on each one (if only all that progress was easily, instantly unlockable in some way...)
AI

New AI Algorithm Beats Even the World's Worst Traffic (vice.com) 130

"Computer scientists at Nanyang Technological University in Singapore have developed a new intelligent routing algorithm that attempts to minimize the occurrence of spontaneous traffic jams -- those sudden snarls caused by greedy merges and other isolated disruptions -- throughout a roadway network," reports Motherboard. "It's both computationally distributed and fast, requirements for any real-world traffic management system. Their work is described in the April issue of IEEE Transactions on Emerging Topics in Computational Intelligence." From the report: The Nanyang researchers' algorithm starts off by just assuming that, given enough traffic density, shit is going to happen. Someone is going to make a greedy merge -- something is going to cause enough of a traffic perturbation to result in a network breakdown. Breakdown in this context is a technical-ish term indicating that for some period of time the traffic outflow from a segment of roadway is going to be less than the traffic inflow. "We assume that the traffic breakdown model has already been given, and the probability of traffic breakdown occurrence is larger than zero (meaning that traffic breakdowns would occur), and our goal is to direct the traffic flow so that the overall traffic breakdown probability is minimized," Hongliang Guo and colleagues write. Put differently, "our objective is to maximize the probability that none of the network links encounters a traffic breakdown." So, the goal of the algorithm is this maximization, which reduces to a fairly tidy equation. It then becomes a machine learning problem. Things get pretty messy at this point, but just understand that we're taking the current traffic load, adding an unknown additional load that might enter the network at any time, and then coming up with probabilities of network breakdown at each of the network's nodes or intersections. Crunch some linear algebra and we wind up with optimal routes through the network. Crucially, Guo and co. were able to come up with some mathematical optimizations that make this kind of calculation feasible in real-time. They were able to demonstrate their algorithm in simulations and are currently working on a further analysis with BMW, which is providing a vast trove of data from its Munich car-sharing fleet. This may not be as distant a technology as it might seem. As it turns out, only 10 percent of cars in a network need to be driving according to the optimizations for those optimizations to have a positive effect on the entire network.
Piracy

'Pirate' Movie Streaming Sites Declared Legal By Italian Court (torrentfreak.com) 48

A Court of Appeal in Rome has overturned a 600,000 euro ruling against four unlicensed sites that offered streaming movies to the public. From a report: When it comes to passing judgment on so-called 'pirate' sites, Italy has more experience than most around Europe. Courts have passed down many decisions against unlicensed sites which have seen hundreds blocked by ISPs. Today, however, news coming out of the country suggests that the parameters of what defines a pirate site may not be so loosely interpreted in future. It began in 2015 when the operator of four sites that linked to pirated movies was found guilty of copyright infringement by a local court and ordered to pay more almost 600,000 in fines and costs. As a result, filmakers.biz, filmaker.me, filmakerz.org, and cineteka.org all shutdown but in the background, an appeal was filed. The appeal was heard by the Rome Court of Appeal in February and now, through lawyer Fulvio Sarzana who defended the sites' operator, we hear of a particularly interesting ruling. "The Court ruled that the indication of links does not qualify as making direct disposal of files protected by copyright law," Sarzana told TF in an email.

Slashdot Top Deals