Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 130

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Chrome

Microsoft Edge Beats Chrome and Firefox in Malware-Blocking Tests (computerworld.com) 126

An anonymous reader quotes Computerworld:Microsoft's Edge easily beat rival browsers from Google and Mozilla in third-party tests of the behind-the-scenes services which power anti-malware warnings and malicious website-blocking... NSS Labs says Windows 10's default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox... According to NSS Labs of Austin, Texas, Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all socially-engineered malware (SEM) attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.

Edge bested Chrome and Firefox by decisive margins. For instance, Chrome blocked 74% of all phishing attacks, and 88% of SEM attacks. Meanwhile, Firefox came in third in both tests, stopping just 61% of the phishing attacks and 70% of all SEM attempts... Both Chrome and Mozilla's Firefox rely on the Safe Browsing API (application programing interface), but historically, Mozilla's implementation has performed poorly compared to Google's. No shock: Google created the API. Edge also took top prize in blocking attacks from the get-go. In NSS's SEM attack testing, for example, the Microsoft browser stopped nearly every attempt from the first moments a new attack was detected. Chrome and Firefox, on the other hand, halted 75% and 54% of the brand-new attacks, respectively. Over a week's time, Chrome and Firefox improved their blocking scores, although neither reached Edge's impressive 99.8%.

The researchers spent three weeks continuously monitoring the browsers on Windows 10 computers. But in the real world, Edge runs on just 5% of all personal computers, while Firefox runs on 13% and Chrome on 60%.
Music

SUSE Shares Linux-Themed Music Video Parodies (itwire.com) 28

Long-time Slashdot reader troublemaker_23 quotes ITWire: German Linux company SUSE Linux is well-known for its Linux and other open source solutions. It is also known for producing videos for geeks and debuting them at its annual SUSECon conference. This year, in Prague, was no different. The company, which marked its 25th year on 2 September, came up with two videos, one to mark the occasion and the other all about Linux and open source. Both videos are parodies of well-known songs: the video Linus Said is based on "Momma Said", while 25 Years is a parody of "7 Years". Some of the lyrics in both SUSE videos would be meaningless to the average person -- but every word will ring a bell, sometimes a very poignant one, with geeks. And that's the primary audience it targets.
The article embeds both videos -- and also links to the music videos they're parodying. And it includes links to SUSE's two previous annual music video parodies -- Uptime Funk (based on Bruno Mars' blockbuster hit "Uptown Funk"), and Can't Stop the SUSE, a parody of Justin Timberlake's "Can't Stop the Feeling".
Businesses

Ask Slashdot: How Can You Apply For A Job When Your Code Samples Suck? 403

An anonymous Slashdot reader ran into a problem when looking for a new employer: Most ask for links to "recent work" but the reason I'm leaving my current job is because this company doesn't produce good code. After years of trying to force them to change, they have refused to change any of their poor practices, because the CTO is a narcissist and doesn't recognize that so much is wrong. I have written good code for this company. The problem is it is mostly back-end code where I was afforded some freedom, but the front-end is still a complete mess that doesn't reflect any coherent coding practice whatsoever...

I am giving up on fixing this company but finding it hard to exemplify my work when it is hidden behind some of the worst front-end code I have ever seen. Most job applications ask for links to live code, not for code samples (which I would more easily be able to supply). Some of the websites look okay on the surface, but are one right click -> inspect element away from giving away the mess; most of the projects require a username and password to login as well but account registration is not open. So how do I reference my recent work when all of my recent work is embarrassing on the front-end?

The original submission's title asked what to use for work samples "when the CTO has butchered all my work." Any suggestions? Leave your best thoughts in the comments. How can you apply for a job when your code samples suck?
Input Devices

What Will Replace Computer Keyboards? (xconomy.com) 301

jeffengel writes:Computer keyboards will be phased out over the next 20 years, and we should think carefully about what replaces them as the dominant mode of communicating with machines, argues Android co-founder Rich Miner. Virtual reality technology and brain-computer links -- whose advocates include Elon Musk -- could lead to a "dystopian" future where people live their lives inside of goggles, or they jack directly into computers and become completely "de-personalized," Miner worries.

He takes a more "humanistic" view of the future of human-machine interfaces, one that frees us to be more expressive and requires computers to communicate on our level, not the other way around. That means software that can understand our speech, facial expressions, gestures, and handwriting. These technologies already exist, but have a lot of room for improvement.

One example he gives is holding up your hand to pause a video.
Google

Google Bombs Are Our New Normal (wired.com) 94

mirandakatz writes: Tech companies' worst crises used to come in the form of pranks like Google bombs: Users figured out how to game search results, such as when a search for "miserable failure" turned up links to information about then-president George W. Bush. Today, in the era of fake news and Russian interference, that's basically our new normal -- but as Karen Wickre, a former communications lead at companies like Google and Twitter, points out, tech companies' approaches to dealing with the new breed of crises haven't evolved much since the age of Google bombs. Wickre suggests a new, collaborative approach that she dubs the "Federation," writing that "No single company, no matter how massive and wealthy, can hire its way out of a steady gusher of bad information or false and manipulative ads...The era of the edge case -- the exception, the outlier—is over. Welcome to our time, where trouble is forever brewing."
Businesses

Real Moviegoers Don't Care About Rotten Tomatoes 173

In a recent essay published on the Hollywood Reporter, Martin Scorsese inveighs against two conjoined trends -- the widespread reporting of box-office results and the grading of movies by consumers on CinemaScore and by critics on Rotten Tomatoes -- and blames it for "a tone that is hostile to serious filmmakers." In particular, he contends that this hostile environment is worsening "as film criticism written by passionately engaged people with actual knowledge of film history has gradually faded from the scene." Richard Brody, a movie critic at the New Yorker, thinks Scorsese is missing the mark. He writes: I think that film criticism is, over all, better than ever, because, with its new Internet-centrism, it's more democratic than ever and many of the critics who write largely online are more film-curious than ever. Anyone who is active on so-called Film Twitter -- who sees links by critics, mainly younger critics, to his or her work -- can't help but be impressed by the knowledge, the curiosity, and the sensibility of many of them. Their tastes tend to be broader and more daring than those of many senior critics on more established publications. And, even if readers of the wider press aren't reading these more obscure critics, the critics whom general readers read are often reading those young critics (and if they're not, it shows). This is, of course, not universally so, any more than it ever was. The Internet is democratic in all directions -- it's also available to writers of lesser knowledge, duller taste, and dubious agendas, and it may be their work that's advertised most loudly -- but the younger generation of critics is present online and there for the finding. [...] What Scorsese doesn't exactly say, but what, I think, marks a generation gap in movie thinking that his essay reflects, is the appearance of an increasing divide between artistically ambitious films and Hollywood films -- the gap between the top box-office films and the award winners. For filmmakers ready to work on lower budgets, the gap is irrelevant. The filmmakers whose conceptions tend toward the spectacular are the ones whose styles may, literally, be cramped by shrinking budgets -- filmmakers such as Scorsese and Wes Anderson, whose work has both an original and elaborate sense of style and a grand historical reach.
Security

Equifax Website Hacked Again, this Time To Redirect To Fake Flash Update (arstechnica.com) 150

For several hours on Wednesday Equifax's website was compromised again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers, reports Dan Goodin at Ars Technica. From the report: Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to contest what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp:centerbluray.info. He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the control of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once. Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. Update: Equifax said on Thursday it was taking one of its web pages offline as its security team looks into reports of another potential cyber breach.
Science

Half the Universe's Missing Matter Has Just Been Finally Found (newscientist.com) 247

An anonymous reader shares a report: The missing links between galaxies have finally been found. This is the first detection of the roughly half of the normal matter in our universe -- protons, neutrons and electrons -- unaccounted for by previous observations of stars, galaxies and other bright objects in space. You have probably heard about the hunt for dark matter, a mysterious substance thought to permeate the universe, the effects of which we can see through its gravitational pull. But our models of the universe also say there should be about twice as much ordinary matter out there, compared with what we have observed so far. Two separate teams found the missing matter -- made of particles called baryons rather than dark matter -- linking galaxies together through filaments of hot, diffuse gas. "The missing baryon problem is solved," says Hideki Tanimura at the Institute of Space Astrophysics in Orsay, France, leader of one of the groups. The other team was led by Anna de Graaff at the University of Edinburgh, UK. Because the gas is so tenuous and not quite hot enough for X-ray telescopes to pick up, nobody had been able to see it before.
ISS

Astronaut Scott Kelly Describes One Year In Space -- And Its After Effects (brisbanetimes.com.au) 200

53-year-old astronaut Scott Kelly shared a dramatic excerpt from his new book Endurance: A Year in Space, A Lifetime of Discovery in the Brisbane Times, describing his first 48 hours back on earth and what he'd learned on the mission: I push back from the table and struggle to stand up, feeling like a very old man getting out of a recliner... I make it to my bedroom without incident and close the door behind me. Every part of my body hurts. All my joints and all of my muscles are protesting the crushing pressure of gravity. I'm also nauseated, though I haven't thrown up... When I'm finally vertical, the pain in my legs is awful, and on top of that pain I feel a sensation that's even more alarming: it feels as though all the blood in my body is rushing to my legs, like the sensation of the blood rushing to your head when you do a handstand, but in reverse. I can feel the tissue in my legs swelling... Normally if I woke up feeling like this, I would go to the emergency room. But no one at the hospital will have seen symptoms of having been in space for a year...

Our space agencies won't be able to push out farther into space, to a destination like Mars, until we can learn more about how to strengthen the weakest links in the chain that make space flight possible: the human body and mind... [V]ery little is known about what occurs after month six. The symptoms may get precipitously worse in the ninth month, for instance, or they may level off. We don't know, and there is only one way to find out... On my previous flight to the space station, a mission of 159 days, I lost bone mass, my muscles atrophied, and my blood redistributed itself in my body, which strained and shrank the walls of my heart. More troubling, I experienced problems with my vision, as many other astronauts had. I had been exposed to more than 30 times the radiation of a person on Earth, equivalent to about 10 chest X-rays every day. This exposure would increase my risk of a fatal cancer for the rest of my life.

Kelly says the Space Station crew performed more than 400 experiments, though about 25% of his time went to tracking his own health. "If we could learn how to counteract the devastating impact of bone loss in microgravity, the solutions could well be applied to osteoporosis and other bone diseases. If we could learn how to keep our hearts healthy in space, that knowledge could be useful on Earth." Kelly says he felt better a few months after returning to earth, adding "It's gratifying to see how curious people are about my mission, how much children instinctively feel the excitement and wonder of space flight, and how many people think, as I do, that Mars is the next step... I know now that if we decide to do it, we can."
Youtube

YouTube Alters Algorithm To Promote News, Penalize Vegas Shooting Conspiracy Theories (usatoday.com) 372

An anonymous reader quotes USA Today: YouTube has changed its powerful search algorithm to promote videos from more mainstream news outlets in search results after people looking for details on the Las Vegas shooting were served up conspiracy theories and misinformation. YouTube confirmed the changes Thursday... In the days after the mass shooting, videos abounded on YouTube, some questioning whether the shooting occurred and others claiming law enforcement officials had deceived the public about what really happened...

Public outcry over YouTube videos promoting conspiracy theories is just the latest online flap for the major U.S. Internet companies. Within hours of the attack, Facebook and Google were called out for promoting conspiracy theories... Helping drive YouTube's popularity is the "Up next" column which suggests additional videos to viewers. The Wall Street Journal found incidents this week in which YouTube suggested videos promoting conspiracy theories next to videos from mainstream news sources. YouTube acknowledged issues with the "Up next" algorithm and said it was looking to promote more authoritative results there, too.

At least one video was viewed over a million times, and Slashdot reader Lauren Weinstein writes that "I've received emails from Google users who report YouTube pushing links to some of those trending fake videos directly to their phones as notifications." He's suggesting that from now on, YouTube's top trending videos should be reviewed by actual humans.
The Internet

'Our Addiction To Links is Making Good Journalism Harder To Read' (qz.com) 92

The building blocks of the web have become its intellectual Achilles' heel, Quartz reports. Links have turned against us, and they're making it impossible to read and learn. From a report: I know, you got here via a link. Links are crucial for navigation and seem instinctively useful to journalism. But when they're embedded within an article that should be a calm, focused learning experience, they are a gateway to distraction and information addiction. A 2005 study suggested that "increased demands of decision-making and visual processing" in text with links reduced reading comprehension -- a challenge we face every day as we try to parse the web's infinite information. Last week, one of my favorite publications ran a thoughtful, well-written article that I could barely read. It contained 57 links in less than 2,000 words. Today, the top five articles on the New York Times and the Wall Street Journal averaged a link every 197 words -- that's one link for every minute of reading. Since the advent of the written word, there's only been one reason to change the color, style or weight of text: emphasis. Your eye is trained to pause and assign added importance to any word that carries a different style than the words before it. A great article deserves focus, and it's almost impossible to achieve any level of focus when random words are emphasized for no reason other than their association with a previous article or the fact that they refer to an outside resource. Read the full story on Quartz.
The Internet

North Korea Gets Second Route To Internet Via Russia Link (bloomberg.com) 73

Russia is providing North Korea another way to get on the internet, according to cybersecurity outfit FireEye. In an interview on Monday, FireEye's chief technology officer for the Asia-Pacific region, Bryce Boland, said that Russia telecommunications company TransTeleCom opened a new link for users in North Korea. Until now, state-owned China United Network Communications Ltd. was the country's sole connection. Bloomberg reports: "Having an additional loop via Russia gives North Korea more options for how they can operate and reduces the possibility for the United States to put pressure just on a single country to turn off their internet connectivity," Boland said. For Russia, it offers "visibility into North Korean network traffic that might help them understand what North Korea is up to." TransTeleCom, a unit of state-owned Russian Railways JSC, is one of the country's five largest communications service providers, according to its website. The company operates a fiber optic network that runs along railway lines and stretches from Vladivostok to St. Petersburg. TransTeleCom "has historically had a junction of network links with North Korea" under a 2009 agreement with Korea Post and Telecommunications Corp, the company's press office said in an emailed statement that offered no other details.
Communications

Red Cross Asks For 50 Ham Radio Operators To Fly To Puerto Rico (arrl.org) 121

Bruce Perens writes: The red cross has asked for 50 ham radio operators to fly to Puerto Rico and be deployed there for up to three weeks. This is unprecedented in the 75-year cooperation between Red Cross and ARRL, the national organization of ham radio operators for the U.S. The operators will relay health-and-welfare messages and provide communications links where those are missing and are essential to rescue and recovery. With much infrastructure destroyed, short-wave radio is a critical means of communicating from Puerto Rico to the Mainland at this time.
Businesses

If Data Is the New Oil, Are Tech Companies Robbing Us Blind? (digitaltrends.com) 154

An anonymous reader quotes a report from Digital Trends: Data is the new oil, or so the saying goes. So why are we giving it away for nothing more than ostensibly free email, better movie recommendations, and more accurate search results? It's an important question to ask in a world where the accumulation and scraping of data is worth billions of dollars -- and even a money-losing company with enough data about its users can be worth well into the eight-figure region. The essential bargain that's driven by today's tech giants is the purest form of cognitive capitalism: users feed in their brains -- whether this means solving a CAPTCHA to train AI systems or clicking links on Google to help it learn which websites are more important than others. In exchange for this, we get access to ostensibly "free" services, while simultaneously helping to train new technologies which may one day put large numbers of us out of business.

In an age in which concepts like universal basic income are increasingly widely discussed, one of the most intriguing solutions is one first put forward by virtual reality pioneer Jaron Lanier. In his book Who Owns the Future?, Lanier suggests that users should receive a micropayment every time their data is used to earn a company money. For example, consider the user who signs up to an online dating service. Here, the user provides data that the dating company uses to match them with a potential data. This matching process is, itself, based on algorithms honed by the data coming from previous users. The data resulting from the new user will further perfect the algorithms for later users of the service. In the case that your data somehow matches someone else successfully in a relationship, Lanier says you would be entitled to a micropayment.

Earth

Mind-Altering Cat Parasite Linked To a Whole Lot of Neurological Disorders (sciencealert.com) 209

schwit1 shares a report from ScienceAlert: The brain-dwelling parasite Toxoplasma gondii is estimated to be hosted by at least 2 billion people around the world, and new evidence suggests the lodger could be more dangerous than we think. While the protozoan invader poses the greatest risk to developing fetuses infected in the womb, new research suggests the parasite could alter and amplify a range of neurological disorders, including epilepsy, Alzheimer's, and Parkinson's, and also cancer. "This study is a paradigm shifter," says one of the team, neuroscientist Dennis Steindler from Tufts University. "We now have to insert infectious disease into the equation of neurodegenerative diseases, epilepsy, and neural cancers." The findings are part of an emerging field of research looking into how T. gondii, which is usually transmitted to humans via contact with cat faeces (or by eating uncooked meat), produces proteins that alter and manipulate the brain chemistry of their infected hosts.
Earth

Climate Change Could Wipe Out a Third of Parasite Species, Study Finds (nytimes.com) 240

An anonymous reader quotes a report from The New York Times (Warning: source may be paywalled, alternative source): Recently, scientists carried out the first large-scale study of what climate change may do to the world's much-loathed parasites. The team came to a startling conclusion: as many as one in three parasite species may face extinction in the next century. As global warming raises the planet's temperature, the researchers found, many species will lose territory in which to survive. Some of their hosts will be lost, too. Researchers have begun carefully studying the roles that parasites play. They make up the majority of the biomass in some ecosystems, outweighing predators sharing their environments by a factor of 20 to 1. For decades, scientists who studied food webs drew lines between species -- between wildebeest and the grass they grazed on, for example, and between the wildebeest and the lions that ate them. In a major oversight, they didn't factor in the extent to which parasites feed on hosts. As it turns out, as much as 80 percent of the lines in a given food web are links to parasites. They are big players in the food supply.

Some researchers had already investigated the fate of a few parasite species, but Colin J. Carlson, lead author of the study and a graduate student at the University of California, Berkeley, and his colleagues wanted to get a global view of the impact of climate change. Some kinds won't lose much in a warming world, the study found. For instance, thorny-headed worms are likely to be protected because their hosts, fish and birds, are common and widespread. But other types, such as fleas and tapeworms, may not be able to tolerate much change in temperature; many others infect only hosts that are facing extinction, as well. In all, roughly 30 percent of parasitic species could disappear, Mr. Carlson concluded. The impact of climate change will be as great or greater for these species as for any others studied so far.
The study has been published in Science Advances.
Communications

The Only Safe Email is Text-Only Email (theconversation.com) 174

Sergey Bratus, Research Associate Professor of Computer Science, Dartmouth College, and Anna Shubina, Post-doctoral Associate in Computer Science, Dartmouth College write: The real issue is that today's web-based email systems are electronic minefields filled with demands and enticements to click and engage in an increasingly responsive and interactive online experience. It's not just Gmail, Yahoo mail and similar services: Desktop-computer-based email programs like Outlook display messages in the same unsafe way. Simply put, safe email is plain-text email -- showing only the plain words of the message exactly as they arrived, without embedded links or images. Webmail is convenient for advertisers (and lets you write good-looking emails with images and nice fonts), but carries with it unnecessary -- and serious -- danger, because a webpage (or an email) can easily show one thing but do another. Returning email to its origins in plain text may seem radical, but it provides radically better security. Even the federal government's top cybersecurity experts have come to the startling, but important, conclusion that any person, organization or government serious about web security should return to plain-text email (PDF).
Businesses

Apple Suffers 'Major iPhone X Leak' 114

Details of new iPhones and other forthcoming Apple devices have been revealed via an apparent leak. From a report: Two news sites were given access to an as-yet-unreleased version of the iOS operating system. The code refers to an iPhone X in addition to two new iPhone 8 handsets. It also details facial recognition tech that acts both as an ID system and maps users' expressions onto emojis. One tech writer said it was the biggest leak of its kind to hit the firm. [...] "As best I've been able to ascertain, these builds were available to download by anyone, but they were obscured by long, unguessable URLs [web addresses]," wrote John Gruber, a blogger known for his coverage of Apple. "Someone within Apple leaked the list of URLs to 9to5Mac and MacRumors. I'm nearly certain this wasn't a mistake, but rather a deliberate malicious act by a rogue Apple employee." Neither Mr Gruber nor the two Apple-related news sites have disclosed their sources. However, the BBC has independently confirmed that an anonymous source provided the publications with links to iOS 11's golden master (GM) code that downloaded the software from Apple's own computer servers. It's a big blow to Apple, which uses surprise as a key element at its events. The leak could take some wind out of its sails as it looks to wow consumers. In 2012, Tim Cook had said the company was planning to "double down on secrecy." At the quarterly earnings call, he blamed the leaks about the upcoming iPhone models as one of the reasons that slowed down the sales of current generation iPhone models. However, an analysis published over the weekend found that Apple itself has been the source of several of these leaks in the years since. Earlier this year, the company held a meeting to boast about its internal progress to curb leaks. The hour-long recording of the meeting ironically got leaked. Nearly all details, except the final press renders of the new iPhone models, have leaked. In a subsequent post, Gruber wrote: The BBC doesn't say definitively that the leak was sent by an Apple employee, but I can state with nearly 100 percent certainty that it was. I also think there's a good chance Apple is going to figure out who it was. [...] That person should be ashamed of themselves, and should be very worried when their phone next rings. Moments ago, 9to5Mac reported about a new tvOS firmware leak, which appeared "to be out in the wild today" that details the upcoming features of the next generation Apple TV streaming device.
Facebook

Why RSS Still Beats Facebook and Twitter for Tracking News (gizmodo.com) 108

An anonymous reader shares a report: One of the main reasons RSS is so beloved of news gatherers is that it catches everything a site publishes -- not just the articles that have proved popular with other users, not just the articles from today, not just the articles that happened to be tweeted out while you were actually staring at Twitter. Everything. In our age of information overload that might seem like a bad idea, but RSS also cuts out everything you don't want to hear about. You're in full control of what's in your feed and what isn't, so you don't get friends and colleagues throwing links into your feeds that you've got no interest in reading. Perhaps most importantly, you don't need to be constantly online and constantly refreshing your feeds to make sure you don't miss anything. It's like putting a recording schedule in place for the shows you know you definitely want to catch rather than flicking through the channels hoping you land on something interesting. There's no rush with RSS -- you don't miss out on a day's worth of news, or TV recaps, or game reviews if you're offline for 24 hours. It's all waiting for you when you get back. And if you're on holiday and the unread article count starts to get scarily high, just hit the mark all as read button and you're back to a clean slate.

Slashdot Top Deals