Security

Newly Discovered Vulnerability Raises Fears Of Another WannaCry (reuters.com) 52

A newly found flaw in widely used networking software leaves tens of thousands of computers potentially vulnerable to an attack similar to that caused by WannaCry, which infected more than 300,000 computers worldwide, cybersecurity researchers said on Thursday. From a Reuters report: The U.S. Department of Homeland Security on Wednesday announced the vulnerability, which could be exploited to take control of an affected computer, and urged users and administrators to apply a patch. Rebekah Brown of Rapid7, a cybersecurity company, told Reuters that there were no signs yet of attackers exploiting the vulnerability in the 12 hours since its discovery was announced. But she said it had taken researchers only 15 minutes to develop malware that made use of the hole. "This one seems to be very, very easy to exploit," she said. Rapid7 said it had found more than 100,000 computers running vulnerable versions of the software, Samba, free networking software developed for Linux and Unix computers.
Databases

Vermont DMV Caught Using Illegal Facial Recognition Program (vocativ.com) 97

schwit1 quotes a report from Vocativ: The Vermont Department of Motor Vehicles has been caught using facial recognition software -- despite a state law preventing it. Documents obtained by the American Civil Liberties Union of Vermont describe such a program, which uses software to compare the DMV's database of names and driver's license photos with information with state and federal law enforcement. Vermont state law, however, specifically states that "The Department of Motor Vehicles shall not implement any procedures or processes that involve the use of biometric identifiers." The program, the ACLU says, invites state and federal agencies to submit photographs of persons of interest to the Vermont DMV, which it compares against its database of some 2.6 million Vermonters and shares potential matches. Since 2012, the agency has run at least 126 such searches on behalf of local police, the State Department, FBI, and Immigrations and Customs Enforcement.
Robotics

Robot Police Officer Goes On Duty In Dubai (bbc.com) 49

The first robot officer has joined the Dubai Police force tasked with patrolling the city's malls and tourist attractions. "People will be able to use it to report crimes, pay fines and get information by tapping a touchscreen on its chest," reports BBC. "Data collected by the robot will also be shared with the transport and traffic authorities." From the report: The government said the aim was for 25% of the force to be robotic by 2030 but they would not replace humans. "We are not going to replace our police officers with this tool," said Brig Khalid Al Razooqi, director general of smart services at Dubai Police. "But with the number of people in Dubai increasing, we want to relocate police officers so they work in the right areas and can concentrate on providing a safe city. "Most people visit police stations or customer service, but with this tool we can reach the public 24/7. It can protect people from crime because it can broadcast what is happening right away to our command and control center."
Windows

Windows Switch To Git Almost Complete: 8,500 Commits and 1,760 Builds Each Day (arstechnica.com) 142

An anonymous reader quotes a report from Ars Technica: Back in February, Microsoft made the surprising announcement that the Windows development team was going to move to using the open source Git version control system for Windows development. A little over three months after that first revelation, and about 90 percent of the Windows engineering team has made the switch. The Windows repository now has about 4,400 active branches, with 8,500 code pushes made per day and 6,600 code reviews each day. An astonishing 1,760 different Windows builds are made every single day -- more than even the most excitable Windows Insider can handle.
Security

Malicious Subtitles Threaten VLC, Kodi and Popcorn Time Users, Researchers Warn (torrentfreak.com) 119

Millions of people risk having their devices and systems compromised by malicious subtitles, according to a new research published by security firm Check Point. The threat comes from a previously undocumented vulnerability which affects users of popular streaming software, including Kodi, Popcorn-Time, and VLC. Developers of the applications have already applied fixes and in some cases, working on it. From a report: While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users. Researchers from Check Point, who uncovered the problem, describe the subtitle 'attack vector' as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years. "By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim's machine, whether it is a PC, a smart TV, or a mobile device," they write.
Security

DEFCON Conference To Target Voting Machines (politico.com) 105

An anonymous reader quotes a report from Politico: Hackers will target American voting machines -- as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar's Palace in Las Vegas at the end of July for DEFCON, the world's largest hacking conference, organizers are planning to have waiting what they call "a village" of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks. With all the attention on Russia's apparent attempts to meddle in American elections -- former President Barack Obama and aides have made many accusations toward Moscow, but insisted that there's no evidence of actual vote tampering -- voting machines were an obvious next target, said DEFCON founder Jeff Moss.
The Almighty Buck

Uber Plans Millions In Back Pay After Shorting NYC Drivers (bloomberg.com) 32

An anonymous reader quotes a report from Bloomberg: Uber Technologies Inc. said it underpaid its New York City drivers by improperly calculating the company's share of passenger fares, and will pay out an average of $900 per driver in restitution, costing tens of millions of dollars. The back pay could run at least $45 million, based on the approximately 50,000 drivers the Independent Drivers Guild says work in New York City. The ride-hailing company has previously misled drivers about how much they could make and miscalculated fares. In this case, Uber was taking its cut of fares based on the pretax sum, instead of after taxes and fees as stated in its terms of service. The issue was also raised in a lawsuit against San Francisco-based Uber filed by the New York Taxi Workers Alliance. In March, Uber acknowledged that it had underestimated drivers' pay in Philadelphia by millions of dollars. "We are committed to paying every driver every penny they are owed -- plus interest -- as quickly as possible," Rachel Holt, Uber's head of U.S. operations, said in a statement. "We are working hard to regain driver trust, and that means being transparent, sticking to our word, and making the Uber experience better from end to end."
Software

DJI Threatens To 'Brick' Its Copters Unless Owners Agree To Share Their Details (thesun.co.uk) 192

schwit1 quotes a report from The Sun: A top drone manufacturer has warned that customers' expensive gadgets will be crippled if they don't register their details on its website. DJI drones -- which cost between $1,200 and $3,000 -- won't be able to fly to their full potential or beam back footage if their owners don't sign up next week, the company warned. Those who splashed out for the snazzy gadgets will find they are limited to a teensy 50m radius and it won't be flying higher than 30m if they don't play ball. The company said on its website: "DJI will soon introduce a new application activation process for international customers. This new step, to take effect at the end of next week, ensures you will use the correct set of geospatial information and flight functions for your aircraft, as determined by your geographical location and user profile. All existing flight safety limitations, such as geofencing boundaries and altitude limits, remain the same. Even if you have registered when activating your aircraft upon purchase, you will have to log in once when you update the new version of DJI GO or GO 4 App."
Programming

'Coding Is Not Fun, It's Technically and Ethically Complex' (qz.com) 350

An anonymous reader shares an article: For starters, the profile of a programmer's mind is pretty uncommon. As well as being highly analytical and creative, software developers need almost superhuman focus to manage the complexity of their tasks. Manic attention to detail is a must; slovenliness is verboten. Coding isn't the only job that demands intense focus. But you'd never hear someone say that brain surgery is "fun," or that structural engineering is "easy." When it comes to programming, why do policymakers and technologists pretend otherwise? For one, it helps lure people to the field at a time when software (in the words of the venture capitalist Marc Andreessen) is "eating the world" -- and so, by expanding the labor pool, keeps industry ticking over and wages under control. Another reason is that the very word "coding" sounds routine and repetitive, as though there's some sort of key that developers apply by rote to crack any given problem. It doesn't help that Hollywood has cast the "coder" as a socially challenged, type-first-think-later hacker, inevitably white and male, with the power to thwart the Nazis or penetrate the CIA. Insisting on the glamor and fun of coding is the wrong way to acquaint kids with computer science. It insults their intelligence and plants the pernicious notion in their heads that you don't need discipline in order to progress. As anyone with even minimal exposure to making software knows, behind a minute of typing lies an hour of study. It's better to admit that coding is complicated, technically and ethically. Computers, at the moment, can only execute orders, to varying degrees of sophistication. So it's up to the developer to be clear: the machine does what you say, not what you mean. More and more "decisions" are being entrusted to software, including life-or-death ones: think self-driving cars; think semi-autonomous weapons; think Facebook and Google making inferences about your marital, psychological, or physical status, before selling it to the highest bidder. Yet it's rarely in the interests of companies and governments to encourage us to probe what's going on beneath these processes.
Bitcoin

Ethereum Could Be Worth More Than Bitcoin Very Soon (inc.com) 84

Ethereum is an open software platform based on blockchain technology that enables developers to build and deploy decentralized applications, according to Blockgeeks. It is currently the second most valuable cryptocurrency on the planet, but it could overthrow Bitcoin and become the most valuable cryptocurrency in the near future. Inc.com reports: If you aren't familiar, what Bitcoin does for payments, Ethereum does for anything involving programming and computing. While it utilizes its own version of a blockchain, it is functionally different from Bitcoin. For example, on the Ethereum platform you could host a crowdfunding campaign or any type of "smart contract." Ethereum's goal is to make a decentralized internet. And it has a very good shot at becoming "the new internet," literally. It could one day replace a lot of technology and ways that we host and execute code online. As of the time of writing, Ethereum has a market cap of over $17 billion. Bitcoin's market cap is $34 billion. This makes Ether (the name of Ethereum's token) the second most valuable cryptocurrency in the world. And that number jumped up over $3 billion just yesterday. It's making a major climb and has no end in sight, according to many. The Enterprise Ethereum Alliance is what initially spiked major interest (and shot up the price). Just the other day, 86 new companies joined the alliance.
Businesses

Tech-Savvy Workers Increasingly Common in Non-IT Roles (betanews.com) 124

An anonymous reader shares an article: IT professionals are becoming an increasingly common presence outside of the traditional IT departments, new research has found. According to CompTIA, it seems executives are calling for specialized skills, faster reflexes and more teamwork in their workers. According to the report, a fifth (21 percent) of CFOs say they have a dedicated tech role in their department. Those roles include business scientists, analysts, and software developers. There are also hybrid positions -- in part technical, but also focused on the business itself. "This isn't a case of rogue IT running rampant or CIOs and their teams becoming obsolete," says Carolyn April, senior director, industry analysis, CompTIA. "Rather, it signals that a tech-savvier workforce is populating business units and job roles."
Social Networks

Facebook Flooded With 'Sextortion' and Revenge Porn, Files Reveal (theguardian.com) 54

An anonymous reader writes: Facebook had to assess nearly 54,000 potential cases of revenge pornography and "sextortion" on the site in a single month, according to a leaked document. Figures shared with staff reveal that in January Facebook had to disable more than 14,000 accounts related to these types of sexual abuse -- and 33 of the cases reviewed involved children. The company relies on users to report most abusive content, meaning the real scale of the problem could be much greater. But the Guardian has been told that moderators find Facebook's policies on sexual content the hardest to follow. "Sexual policy is the one where moderators make most mistakes," said a source. "It is very complex." Facebook admitted this was a high priority area and that it was using "image-matching" software to stop explicit content getting on to the site. It also acknowledged it was difficult to draw a line between acceptable and unacceptable sexual content.
Android

Hackers Hit Russian Bank Customers, Planned International Cyber Raids (reuters.com) 19

Russian cyber criminals used malware planted on Android mobile devices to steal from domestic bank customers and were planning to target European lenders before their arrest, investigators and sources with knowledge of the case told Reuters. From the report: Their campaign raised a relatively small sum by cyber-crime standards -- more than 50 million roubles ($892,000) -- but they had also obtained more sophisticated malicious software for a modest monthly fee to go after the clients of banks in France and possibly a range of other western nations. Russia's relationship to cyber crime is under intense scrutiny after U.S. intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the U.S. presidency by hacking Democratic Party servers. The Kremlin has repeatedly denied the allegation. The gang members tricked the Russian banks' customers into downloading malware via fake mobile banking applications, as well as via pornography and e-commerce programs, according to a report compiled by cyber security firm Group-IB which investigated the attack with the Russian Interior Ministry.
Open Source

Why The US Government Open Sources Its Code (opensource.com) 58

He's been the White House technology advisor since 2015, and this month Alvand Salehi delivered a keynote address at OSCON about the U.S. government's commitment to open source software. An anonymous reader quotes OpenSource.com: The Federal Source Code Policy, released in August 2016, was the first U.S. government policy to support open source across the government... All new custom source code developed by or for the federal government must be available to all other federal agencies for sharing and reuse; and at least 20% of new government custom-developed code must be released to the public as open source. It also established Code.gov as a platform for access to government-developed open source code and a way for other developers to participate.

Before this policy was released, agencies were spending a lot of money to redevelop software already in use by other government agencies. This initiative is expected to save the government millions of dollars in wasteful and duplicative spending on software development. Because of this, Salehi said, open source is not a partisan issue, and "Code.gov is here to stay." Another benefit: Releasing open source code allows the government to benefit from the brainpower of developers across the country to improve their code.

Code.gov points potential contributors to their code repository on GitHub.
IBM

Ex-IBM Employee Guilty of Stealing Secrets For China (fortune.com) 71

An anonymous reader quotes Fortune: A former developer for IBM pled guilty on Friday to economic espionage and to stealing trade secrets related to a type of software known as a clustered file system, which IBM sells to customers around the world. Xu Jiaqiang stole the secrets during his stint at IBM from 2010 to 2014 "to benefit the National Health and Family Planning Commission of the People's Republic of China," according to the U.S. Justice Department. In a press release describing the criminal charges, the Justice Department also stated that Xu tried to sell secret IBM source code to undercover FBI agents posing as tech investors. (The agency does not explain if Xu's scheme to sell to tech investors was to benefit China or to line his own pockets).

Part of the sting involved Xu demonstrating the stolen software, which speeds computer performance by distributing works across multiple servers, on a sample network. The former employee acknowledged that others would know the software had been taken from IBM, but said he could create extra computer scripts to help mask its origins.

At one point 31-year-old Xu even showed undercover FBI agents the part of the source code that identified it as coming from IBM "as well as the date on which it had been copyrighted."
The Internet

Vint Cerf Reflects On The Last 60 Years (computerworld.com) 66

Computerworld celebrated its 50th anniversary by interviewing Vinton Cerf. The 73-year-old "father of the internet" remembers reading the early issues of the magazine, and reflects on how much things have changed since he gained access to computers at UCLA in 1960, "the beginning of my love affair with computing." I worry 100 years from now our descendants may not know much about us or be able to read our emails or tweets or documents because nobody saved them or the software you need to read them won't exist anymore. It's a huge issue. I have files of text that were written 20 years ago in WordPerfect, except I don't have WordPerfect running anywhere...

Q: Do you think [creating the internet] was your greatest accomplishment?

No. Getting it turned on was a big deal. Keeping it running for the last some odd years was an even bigger deal. Protecting it from hostile governments that want to shut it down and supporting new applications at a higher capacity are all evolutions. The evolution continues... I don't know if I can point to anything and say that's the biggest accomplishment. It's one big climb up the mountain.

Looking ahead to a future filled with AI, Cerf says "I worry about turning over too much autonomous authority to a piece of software," though he's not overly concerned, "not like Stephen Hawking or Elon Musk, who are alarmists about artificial intelligence. Every time you use Google search or self-driving cars, you're using A.I. These are all assistive technologies and I suspect this is how it will be used."

He also acknowledges that "I probably don't have another 50 years left, unless Ray Kurzweil's predictions come true, and I can upload my consciousness into a computer."
Data Storage

Endless OS Now Ships With Steam And Slack FlatPak Applications (endlessos.com) 95

An anonymous reader writes: Steam and Slack are now both included as Flatpak applications on the Endless OS, a free Linux distribution built upon the decades of evolution of the Linux operating system and the contributions of thousands of volunteers on the GNOME project. The beauty of Flatpak is the ability to bridge app creators and Linux distributions using a universal framework, making it possible to bring this kind of software to operating systems that encourage open collaboration...

As an open-source deployment mechanism, Flatpak was developed by an independent cohort made up of volunteers and contributors from supporting organizations in the open-source community. Alexander Larsson, lead developer of Flatpak and principal engineer at Red Hat, provided comment saying, "We're particularly excited about the opportunity Endless affords to advance the benefits of open-source environments to entirely new audiences."

IBM

New OS/2 Warp Operating System 'ArcaOS' 5.0 Released (arcanoae.com) 144

The long-awaited modern OS/2 distribution from Arca Noae was released Monday. martiniturbide writes: ArcaOS 5.0 is an OEM distribution of IBM's discontinued OS/2 Warp operating system. ArcaOS offers a new set of drivers for ACPI, network, USB, video and mouse to run OS/2 in newer hardware. It also includes a new OS installer and open source software like Samba, Libc libraries, SDL, Qt, Firefox and OpenOffice... It's available in two editions, Personal ($129 with an introductory price of $99 for the first 90 days [and six months of support and maintenance updates]) and Commercial ($239 with one year of support and maintenance).

The OS/2 community has been called upon to report supported hardware, open source any OS/2 software, make public as much OS/2 documentation as possible and post the important platform links. OS2World insists that open source has helped OS/2 in the past years and it is time to look under the hood to try to clone internal components like Control Program, Presentation Manager, SOM and Workplace Shell.

By Tuesday Arca Noae was reporting "excessive traffic on the server which is impacting our ordering and delivery process," though the actual downloads of the OS were unaffected, the server load issues were soon mitigated, and they thanked OS/2 enthusiasts for a "truly overwhelming response."
Robotics

Robots Could Wipe Out Another 6 Million Retail Jobs (cnn.com) 280

According to a new study this week from financial services firm Cornerstone Capital Group, between 6 million and 7.5 million retail jobs are at risk of being replaced over the course of the next 10 years by some form of automation. "That represents at least 38% of the current retail work force, which consists of 16 million workers," reports CNN. "Retail could actually lose a greater proportion of jobs to automation than manufacturing has, according to the study." From the report: That doesn't mean that robots will be roving the aisles of your local department store chatting with customers. Instead, expect to see more automated checkout lines instead of cashiers. This shift alone will likely eliminate millions of jobs. "Cashiers are considered one of the most easily automatable jobs in the economy," said the report. And these job losses will hit women particularly hard, since about 73% of cashiers are women. There will also be fewer sales jobs, as more and more consumers use in-store smartphones and touchscreen computers to find what they need, said John Wilson, head of research at Cornerstone. There will still be some sales people on the floor, but just not as many of them. Rising wages are also helping to drive automation, as state and city governments hike their minimum wages. Additionally, several major retailers including Walmart, the nation's largest employer, have increased wages in order to find and retain the workers they need. The increased competition from e-commerce is also a factor, since it requires retailers to be as efficient as possible in order to compete.
Microsoft

Linux Distros Won't Run On Microsoft's Education-Focused Windows 10 S OS (betanews.com) 115

Reader BrianFagioli writes: I was sort of hopeful for Windows 10 S when Microsoft made a shocking announcement at Build 2017 that it is bringing Linux distributions to the Windows Store. This gave the impression that students using the S variant of the OS would be able to tinker with Linux. Unfortunately, this is not the case as Microsoft will be blocking Linux on the new OS. In other words, not all apps in the store will be available for Windows 10 S. "Windows 10 S does not run command-line applications, nor the Windows Console, Cmd / PowerShell, or Linux/Bash/WSL instances since command-line apps run outside the safe environment that protects Windows 10 S from malicious / misbehaving software," says Rich Turner, Senior Product Manager, Microsoft. Tuner further explains, "Linux distro store packages are an exotic type of app package that are published to the Windows Store by known partners. Users find and install distros , safely, quickly, and reliably via the Windows Store app. Once installed, however, distros should be treated as command-line tools that run outside the UWP sandbox and secure runtime infrastructure. They run with the capabilities granted to the local user -- in the same way as Cmd and PowerShell do. This is why Linux distros don't run on Windows 10 S: Even though they're delivered via the Windows Store, and installed as standard UWP APPX's, they run as non-UWP command-line tools and this can access more of a system than a UWP can."

Slashdot Top Deals