DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Businesses

DJI Proposes New Electronic 'License Plate' For Drones (digitaltrends.com) 78

linuxwrangler writes: Chinese drone maker DJI proposed that drones be required to transmit a unique identifier to assist law enforcement to identify operators where necessary. Anyone with an appropriate receiver could receive the ID number, but the database linking the ID with the registered owner would only be available to government agencies. DJI likens this to a license plate on a car and offers it as a solution to a congressional mandate that the FAA develop methods to remotely identify drone operators. "The best solution is usually the simplest," DJI wrote in a white paper on the topic, which can be downloaded at this link. "The focus of the primary method for remote identification should be on a way for anyone concerned about a drone flight in close proximity to report an identifier number to the authorities, who would then have the tools to investigate the complaint without infringing on operator privacy. [...] No other technology is subject to mandatory industry-wide tracking and recording of its use, and we strongly urge against making UAS the first such technology. The case for such an Orwellian model has not been made. A networked system provides more information than needed, to people who don't require it, and exposes confidential business information in the process."
NASA

NASA Spends 72 Cents of Every SLS Dollar On Overhead Costs, Says Report (arstechnica.com) 159

A new report published by the nonpartisan think tank Center for a New American Security shows us where a lot of NASA's money is being spent. The space agency has reportedly spent $19 billion on rockets -- first on Ares I and V, and now on the Space Launch System rocket -- and $13.9 billion on the Orion spacecraft. If all goes according to plan and NASA is able to fly its first crewed mission with the new vehicles in 2021, "the report estimates the agency will have spent $43 billion before that first flight, essentially a reprise of the Apollo 8 mission around the Moon," reports Ars Technica. "Just the development effort for SLS and Orion, which includes none of the expenses related to in-space activities or landing anywhere, are already nearly half that of the Apollo program." From the report: The new report argues that, given these high costs, NASA should turn over the construction of rockets and spacecraft to the private sector. It buttresses this argument with a remarkable claim about the "overhead" costs associated with the NASA-led programs. These costs entail the administration, management, and development costs paid directly to the space agency -- rather than funds spend on contractors actually building the space hardware. For Orion, according to the report, approximately 56 percent of the program's cost, has gone to NASA instead of the main contractor, Lockheed Martin, and others. For the SLS rocket and its predecessors, the estimated fraction of NASA-related costs is higher -- 72 percent. This means that only about $7 billion of the rocket's $19 billion has gone to the private sector companies, Boeing, Orbital ATK, Aeroject Rocketdyne, and others cutting metal. By comparison the report also estimates NASA's overhead costs for the commercial cargo and crew programs, in which SpaceX, Boeing, and Orbital ATK are developing and providing cargo and astronaut delivery systems for the International Space Station. With these programs, NASA has ceded some control to the private companies, allowing them to retain ownership of the vehicles and design them with other customers in mind as well. With such fixed-price contracts, the NASA overhead costs for these programs is just 14 percent, the report finds.
Software

Ask Slashdot: What's the Best Working Environment For a Developer? 339

New submitter Dorgendubal writes: I work for a company with more than a thousand developers and I'm participating in activities aimed at improving the work experience of developers. Our developers receive an ultrabook that is rather powerful but not really adapted for development (no admin rights, small storage capacity, restrictive security rules, etc.). They also have access to VDIs (more flexibility) but often complain of performance issues during certain hours of the day. Overall, developers want to have maximum autonomy, free choice of their tools (OS, IDE, etc.) and access to internal development environments (PaaS, GIT repositories, continuous delivery tools, etc.) . We recently had a presentation of VMWare on desktop and application virtualization (Workstation & Horizon), which is supposedly the future of the desktops. It sounds interesting on paper but I remain skeptical.

What is the best working environment for a developer, offering flexibility, performance and some level of free choice, without compromising security, compliance, licensing (etc.) requirements? I would like you to share your experiences on BYOD, desktop virtualization, etc. and the level of satisfaction of the developers.
Databases

Facial Recognition Database Used By FBI Is Out of Control, House Committee Hears (theguardian.com) 86

The House oversight committee claims the FBI's facial recognition database is out of control, noting that "no federal law controls this technology" and "no court decision limits it." At last week's House oversight committee hearing, politicians and privacy campaigners presented several "damning facts" about the databases. "About 80% of photos in the FBI's network are non-criminal entries, including pictures from driver's licenses and passports," reports The Guardian. "The algorithms used to identify matches are inaccurate about 15% of the time, and are most likely to misidentify black people than white people." From the report: "Facial recognition technology is a powerful tool law enforcement can use to protect people, their property, our borders, and our nation," said the committee chair, Jason Chaffetz, adding that in the private sector it can be used to protect financial transactions and prevent fraud or identity theft. "But it can also be used by bad actors to harass or stalk individuals. It can be used in a way that chills free speech and free association by targeting people attending certain political meetings, protests, churches, or other types of places in the public." Furthermore, the rise of real-time face recognition technology that allows surveillance and body cameras to scan the faces of people walking down the street was, according to Chaffetz, "most concerning." "For those reasons and others, we must conduct proper oversight of this emerging technology," he said.
Microsoft

Microsoft Yanks Docs.com Search After Complaints of Exposed Sensitive Files (zdnet.com) 55

Microsoft has quietly removed a feature on its document sharing site Docs.com that allowed anyone to search through millions of files for sensitive and personal information. From a report on ZDNet: Users had complained over the weekend on Twitter that anyone could use the site's search box to trawl through publicly-accessible documents and files stored on the site, which were clearly meant to remain private. Among the files reviewed by ZDNet, and seen by others who tweeted about them, included password lists, job acceptance letters, investment portfolios, divorce settlement agreements, and credit card statements -- some of which contained Social Security and driving license numbers, dates of birth, phone numbers, and email and postal addresses. The company removed the site's search feature late on Saturday, but others observed that the files were still cached in Google's search results, as well as Microsoft's own search engine, Bing.
Government

Laptop Ban on Planes Came After Plot To Put Explosives in iPad (theguardian.com) 278

Last week, United States and United Kingdom officials announced new restrictions for airline passengers from eight Middle Eastern countries, forbidding passengers to carry electronics larger than a smartphone into an airplane cabin. Now The Guardian reports, citing a security source, the ban was prompted in part by a plot involving explosives hidden in a fake iPad. From the report: The security source said both bans were not the result of a single specific incident but a combination of factors. One of those, according to the source, was the discovery of a plot to bring down a plane with explosives hidden in a fake iPad that appeared as good as the real thing. Other details of the plot, such as the date, the country involved and the group behind it, remain secret. Discovery of the plot confirmed the fears of the intelligence agencies that Islamist groups had found a novel way to smuggle explosives into the cabin area in carry-on luggage after failed attempts with shoe bombs and explosives hidden in underwear. An explosion in a cabin (where a terrorist can position the explosive against a door or window) can have much more impact than one in the hold (where the terrorist has no control over the position of the explosive, which could be in the middle of luggage, away from the skin of the aircraft), given passengers and crew could be sucked out of any subsequent hole.
Encryption

After 20 Years, OpenSSL Will Change To Apache License 2.0, Seeks Past Contributors (openssl.org) 107

After nearly 20 years and 31,000 commits, OpenSSL wants to change to Apache License v2.0. They're now tracking down all 400 contributors to sign new license agreements, a process expected to take several months. Slashdot reader rich_salz shares links to OpenSSL's official announcement (and their agreement-collecting web site). "This re-licensing activity will make OpenSSL, already the world's most widely-used FOSS encryption software, more convenient to incorporate in the widest possible range of free and open source software," said Mishi Choudhary, Legal Director of Software Freedom Law Center and counsel to OpenSSL. "OpenSSL's team has carefully prepared for this re-licensing, and their process will be an outstanding example of 'how to do it right.'"
Click through for some comments on the significance of this move from the Linux Foundation, Intel, and Oracle.
United Kingdom

London Terrorist Used WhatsApp, UK Calls For Backdoors (yahoo.com) 357

Wednesday 52-year-old Khalid Masood "drove a rented SUV into pedestrians on Westminster Bridge before smashing it into Parliament's gates and rushing onto the grounds, where he fatally stabbed a policeman and was shot by other officers," writes the Associated Press. An anonymous reader quotes their new report: Westminster Bridge attacker Khalid Masood sent a WhatsApp message that cannot be accessed because it was encrypted by the popular messaging service, a top British security official said Sunday. British press reports suggest Masood used the messaging service owned by Facebook just minutes before the Wednesday rampage that left three pedestrians and one police officer dead and dozens more wounded.... Home Secretary Amber Rudd used appearances on BBC and Sky News to urge WhatsApp and other encrypted services to make their platforms accessible to intelligence services and police trying to carrying out lawful eavesdropping. "We need to make sure that organizations like WhatsApp -- and there are plenty of others like that -- don't provide a secret place for terrorists to communicate with each other," she said...

Rudd also urged technology companies to do a better job at preventing the publication of material that promotes extremism. She plans to meet with firms Thursday about setting up an industry board that would take steps to make the web less useful to extremists.

Businesses

Over 14K 'Let's Encrypt' SSL Certificates Issued To PayPal Phishing Sites (bleepingcomputer.com) 250

BleepingComputer reports: During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word 'PayPal' in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites, according to an analysis carried out on a small sample of 1,000 domains, by Vincent Lynch, encryption expert for The SSL Store... Lynch, who points out the abuse of Let's Encrypt's infrastructure, doesn't blame the Certificate Authority (CA), but nevertheless, points out that other CAs have issued a combined number of 461 SSL certificates containing the term "PayPal" in the certificate information, which were later used for phishing attacks... Phishers don't target these CAs because they're commercial services, but also because they know these organizations will refuse to issue certificates for certain hot terms, like "PayPal," for example. Back in 2015, Let's Encrypt made it clear in a blog post it doesn't intend to become the Internet's HTTPS watchdog.
Of course, some web browsers don't even check whether a certificate has been revoked. An anonymous reader writes: Browser makers are also to blame, along with "security experts" who tell people HTTPS is "secure," when they should point out HTTPS means "encrypted communication channel," and not necessarily that the destination website is secure.
IBM

A 21st-Century Version Of OS/2 Warp May Be Released Soon (arcanoae.com) 207

dryriver writes: A company named Arca Noae is working on a new release of the X86 OS/2 operating system code named "Blue Lion" and likely called ArcaOS 5 in its final release. Blue Lion wants to be a modern 21st Century OS/2 Warp, with support for the latest hardware and networking standards, a modern accelerated graphics driver, support for new cryptographic security standards, full backward compatibility with legacy OS/2, DOS and Windows 3.1 applications, suitability for use in mission-critical applications, and also, it appears, the ability to run "ported Linux applications". Blue Lion, which appears to be in closed beta with March 31st 2017 cited as the target release date, will come with up to date Firefox browser and Thunderbird mail client, Apache OpenOffice, other productivity tools, a new package manager, and software update and support subscription to ensure system stability. It is unclear from the information provided whether Blue Lion will be able to run modern Windows applications.
Businesses

Comcast Launches New 24/7 Workplace Surveillance Service (philly.com) 152

America's largest ISP just rolled out a new service that allows small and medium-sized business owners "to oversee their organization" with continuous video surveillance footage that's stored in the cloud -- allowing them to "improve efficiency." An anonymous reader quotes the Philadelphia Inquirer: Inventory is disappearing. Workplace productivity is off. He said/she said office politics are driving people crazy. Who you gonna call...? Comcast Business hopes it will be the one, with the "SmartOffice" surveillance offering formally launched this week in Philadelphia and across "70 percent of our national [internet] service footprint," said Christian Nascimento, executive director of premise services for the Comcast division. Putting a "Smart Cities" (rather than "Big Brother is watching you") spin on "the growing trend for...connected devices across the private and public sectors," the SmartOffice solution "can provide video surveillance to organizations that want to monitor their locations more closely," Nascimento said...
The surveillance cameras are equipped with zoom lenses, night-vision, motion detection, and wide-angle lenses, while an app allows remote access to the footage from smartphones and tablets (though the footage can also be downloaded, or stored online for up to a month). Last year Comcast was heavily involved in an effort to provide Detroit's police department with real-time video feeds from over 120 local businesses, which the mayor said wouldn't have been successful "Without the complete video technology system Comcast provides."
Security

Anti-Virus Vendors Scramble To Patch Hijacking Exploit Involving Microsoft Tool (securityweek.com) 48

"A zero-day attack called Double Agent can take over antivirus software on Windows machines," Network World reported Wednesday. wiredmikey writes: The attack involves the Microsoft Application Verifier, a runtime verification tool for unmanaged code that helps developers find subtle programming errors in their applications... [The exploit] allows a piece of malware executed by a privileged user to register a malicious DLL for a process associated with an antivirus or other endpoint security product, and hijack its agent.
Patches were released by Malwarebytes, AVG, and Trend Micro, the security researchers told BleepingComputer earlier this week. Kaspersky Lab told ZDNet "that measures to detect and block the malicious scenario have now been added to all its products," while Norton downplayed the exploit, saying the attack "would require physical access to the machine and admin privileges to be successful," with their spokesperson "adding that it has deployed additional detection and blocking protections in the unlikely event users are targeted."

BetaNews reports that the researchers "say that it is very easy for antivirus producers to implement a method of protection against this zero-day, but it is simply not being done. 'Microsoft has provided a new design concept for antivirus vendors called Protected Processes...specially designed for antivirus services...the protected process infrastructure only allows trusted, signed code to load and has built-in defense against code injection attacks.'"
China

Microsoft Delivers Secure China-Only Cut of Windows 10 (theregister.co.uk) 98

Earlier this week, CEO of Microsoft Greater China, Alain Crozier, told China Daily that the company is ready to roll out a version of Windows 10 with extra security features demanded by China's government. "We have already developed the first version of the Windows 10 government secure system. It has been tested by three large enterprise customers," Crozier said. The Register reports: China used Edward Snowden's revelations to question whether western technology products could compromise its security. Policy responses included source code reviews for foreign vendors and requiring Chinese buyers to shop from an approved list of products. Microsoft, IBM and Intel all refused to submit source code for inspection, but Redmond and Big Blue have found other ways to get their code into China. IBM's route is a partnership with Dalian Wanda to bring its cloud behind the Great Firewall. Microsoft last year revealed its intention to build a version of Windows 10 for Chinese government users in partnership with state-owned company China Electronics Technology Group Corp. There's no reason to believe Crozier's remarks are incorrect, because Microsoft has a massive incentive to deliver a version of Windows 10 that China's government will accept. To understand why, consider that China's military has over two million active service personnel, the nation's railways employ similar numbers and Microsoft's partner China Electronics Technology Group Corp has more than 140,000 people on its books. Not all of those are going to need Windows, but plenty will.
Software

FedEx Will Pay You $5 To Install Flash (theregister.co.uk) 90

FedEx's Office Print department is offering customers $5 to enable Adobe Flash in their browsers. Why would they do such a thing you may ask? It's because they want customers to design posters, signs, manuals, banners and promotional agents using their "web-based config-o-tronic widgets," which requires Adobe Flash. The Register reports: But the web-based config-o-tronic widgets that let you whip and order those masterpieces requires Adobe Flash, the enemy of anyone interested in security and browser stability. And by anyone we mean Google, which with Chrome 56 will only load Flash if users say they want to use it, and Microsoft which will stop supporting Flash in its Edge browser when the Windows 10 Creators Update debuts. Mozilla's Firefox will still run Flash, but not for long. The impact of all that Flash hate is clearly that people are showing up at FedEx Office Print without the putrid plug-in. But seeing as they can't use the service without it, FedEx has to make the offer depicted above or visible online here. That page offers a link to download Flash, which is both a good and a bad idea. The good is that the link goes to the latest version of Flash, which includes years' worth of bug fixes. The bad is that Flash has needed bug fixes for years and a steady drip of newly-detected problems means there's no guarantee the software's woes have ended. Scoring yourself a $5 discount could therefore cost you plenty in future.
Privacy

Some Of Hacker Group's Claims Of Having Access To 250M iCloud Accounts Aren't False (zdnet.com) 45

Earlier this week, a hacker group claimed that it had access to 250 million iCloud accounts. The hackers, who called themselves part of Turkish Crime Family group, threatened to reset passwords of all the iCloud accounts and remotely wipe those iPhones. Apple could stop them, they said, if it paid them a ransom by April 7. In a statement, Apple said, "the alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services," and that it is working with law enforcement officials to identify the hackers. Now, ZDNet reports that it obtained a set of credentials from the hacker group and was able to verify some of the claims. From the article: ZDNet obtained a set of 54 credentials from the hacker group for verification. All the 54 accounts were valid, based on a check using the site's password reset function. These accounts include "icloud.com," dating back to 2011, and legacy "me.com" and "mac.com" domains from as early as 2000. The list of credentials contained just email addresses and plain-text passwords, separated by a colon, which according to Troy Hunt, data breach expert and owner of notification site Have I Been Pwned, makes it likely that the data "could be aggregated from various sources." We started working to contact each person, one by one, to confirm their password. Most of the accounts are no longer registered with iMessage and could not be immediately reached. However, 10 people in total confirmed that their passwords were accurate, and as a result have now been changed.

Slashdot Top Deals