Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - Bad Imitation of StackOverflow Jobs Returns Online

Submitted by ewhac
ewhac writes: Just over two years ago, StackOverflow shuttered its job search and developer story services. Despite having one of the nicest job search and skill matching interfaces available at the time, a refreshing dearth of obnoxious ads, and being well-loved by thousands of employers and job seekers, StackOverflow nevertheless claimed an inability to effectively compete in the job search space, and unilaterally shut the services down.

So you could be forgiven for being perplexed when, on 9 May, StackOverflow sent out an email announcing the opening of StackOverflow Jobs. Had StackOverflow seen the error of their ways, pulled in the old code and resurrected the interface and features enjoyed by so many? Of course not. Instead, they've duct-taped the StackOverflow look-and-feel on top of Indeed.com's backend. Writes StackOverflow in their marketing blurb: "We know the previous job site was a beloved part of our community for many years[ ...]. We believe we’ve found a sustainable solution that best serves developer needs while bringing a best-in-class experience. We’re excited to partner with Indeed, a leading global matching and hiring platform to understand the feasibility and functionality of Stack Overflow Jobs once again." Obviously, the phrase, "understand the feasibilty and functionality of Stack Overflow Jobs," is doing a lot of heavy lifting, and glosses over that StackOverflow Jobs argubaly was the best-in-class experience.

The current jobs page is classified as "experimental," and is very bare-bones, being little more than a search filter for Indeed.com results. You are currently required to create an Indeed.com account and profile to search for anything more specific than job title keywords.

Comment Further In To The Enshittocene Age (Score 1) 60

by ewhac (#64434290) Attached to: Roku Wants To Use Home Screen For New Types of Ads

The good news is that Roku has also introduced a recommended content row, that will compile picks from across various streaming services and use AI to point customers toward new shows and movies they might like.

How the fuck does this merit the description "good news?" Here, let me translate this for you:

"We're going to take away the channel selection menu that you put together and prioritized according to your own wishes, and replace it with paid placements and whatever our half-baked Mechanical Turk chundered up. And replace the lower-third of the main screen with video ads."

While you're at it, why not dump dogshit on my plate and call it chocolate cake?

Submission + - xz/liblzma Backdoored, Facilitating ssh Compromise

Submitted by ewhac
ewhac writes: A backdoor has been discovered in the liblzma data compression library, whose purpose is to facilitate a compromise of ssh. liblzma versions 5.6.0 and 5.6.1 are known to be affected. Debian's "unstable" and "testing" repos yesterday rolled back the library by pushing version "5.6.1+really5.4.5-1" to mitigate the exposure. RedHat is also recommending all users roll back to a pre-5.6.0 release.

The backdoor is not in the source code, but rather is in the test suite contained in the distribution tarballs. Hostile payloads masquerading as test data are decompressed during the ./configure phase to modify the Makefile and drop modified versions of liblzma_la-crc32_fast.o and liblzma_la-crc64_fast.o. When the compromised library is loaded by client programs (such as ssh), these in turn install an audit hook in the dynamic linker, allowing them to intercept lookups/calls to RSA_public_decrypt@....plt, which it then replaces with its own code. This compromise appears to have only been discovered in the last few days; study of the precise nature and scope of the compromise is ongoing.

Submission + - Malicious code discovered in popular xz utils (arstechnica.com)

Submitted by Cognitive Dissident
Cognitive Dissident writes: Code designed to compromise SSH connections has been discovered in a widely used compression utility
.

The compression utility, known as xz Utils, introduced the malicious code in versions 5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no confirmed reports of those versions being incorporated into any production releases for major Linux distributions, but both Red Hat and Debian reported that recently published beta releases used at least one of the backdoored versions—specifically, in Fedora 40 and Fedora Rawhide and Debian testing, unstable and experimental distributions. Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it's not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm ANALYGENCE, said in an online interview. “BUT that's only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”

The really worrying part here is that the developer clearly did it on purpose, and he has been on this project for a solid two years. This raises all sorts of questions about the security of Linux in general. How many other 'deep cover' operatives might be planning or actually in the process of inserting malicious code into the Gnu/Linux code base?

Submission + - Red Hat issues urgent alert for Fedora Linux users due to malicious code (betanews.com)

Submitted by BrianFagioli
BrianFagioli writes: In a recent security announcement, Red Hat’s Information Risk and Security and Product Security teams have identified a critical vulnerability in the latest versions of the “xz” compression tools and libraries. The affected versions, 5.6.0 and 5.6.1, contain malicious code that could potentially allow unauthorized access to systems. Fedora Linux 40 users and those using Fedora Rawhide, the development distribution for future Fedora builds, are at risk.

Comment If McKinsey Shows Up, Your Company Is Fscked (Score 3, Interesting) 56

by ewhac (#64354520) Attached to: Red Hat Tries on a McKinsey Cap in Quest To Streamline Techies' Jobs

John Oliver on Last Week Tonight did a whole show on McKinsey. The service they actually provide, as has been noted earlier in these comments, is a way for management to deflect responsibility for what they were always planning to do, anyway, which is usually budget cuts and layoffs, and/or massive boosts to executive pay packages.

Here's the show.

Comment Ten Bucks Says They Threw Away Their Own Servers (Score 2) 42

"...Although I am unable to go into specifics, we had to evaluate our priorities and had to make the difficult decision to discontinue the service."

"Sensors detect Microsoft OneDrive contract, Captain..."

Narrator: "It was not, in fact, cheaper to host their files in The Cloud."

Comment Re:It's Resume-Polishing Time (Score 1) 196

Incidentally, a circle with a radius of 60 miles centered around the VMWare campus in Palo Alto includes: Monterey, most of Carmel-by-the-Sea, Salinas, Hollister, Manteca, a fair chunk of Stockton, Fairfield, Rocktram (Napa just barely escapes), Novato, Point Reyes Station, and the Farallon Islands.

"Tell me you don't live around here, without saying you don't live around here..."

Comment It's Resume-Polishing Time (Score 1) 196

On December 1, there was a story on SFGate -- the online component to the San Francisco Chronicle -- covering an email Broadcom management sent to all employees announcing:

  • They're going to lay off 1267 workers,
  • A mandatory return-to-office policy.

Said Broadcom CEO Hock Tan, "Remote work does not exist at Broadcom," but then clarified that sales workers and employees living more than 60 miles away from a Broadcom office would be able to stay remote. "Any other exception, you better learn how to walk on water, I'm serious."

The mandatory return-to-office reportedly went in to effect December 4. Now it seems his latest Genius Plan is to squeeze his customers, thinking he's got them over a barrel.

You'll forgive me if I'm not the least bit motivated to apply to work for the guy.

Comment No Strings Attached, Please... (Score 1) 98

by ewhac (#64033063) Attached to: America's Bowling Pins Face a Revolutionary New Technology: Strings
Bowling was the family sport when I was growing up, and when all the pin setters were the free-standing type. So I have a deeper than average familiarity with how bowling is "supposed" to feel.

Earlier this year, I saw a string-based pin setter for the first time (Lucky Strike, San Francisco), and was appalled such a thing existed. Based on what I could see from my end, I initially thought the design's appeal was that it consumed less physical depth than free-standing pin setters -- a potentially desirable characteristic where square footage is at premium prices. It does make sense that it would consume less electricity, as there's no pin lifter that has to run continuously, but it never occurred to me that maintenance costs were lower (although I'd like to see numbers on this).

Yes, European bowling alleys have used string-based setters for a long time, but bear in mind that most European bowling is of the nine-pin variety, which uses much smaller balls and pins. Ten-pin alleys in Europe still use the free-standing pin setters.

And yes, the pin action is very different. The movement of the tethers against each other can pull down pins that otherwise would have been left standing. I witnessed this at least twice. And I can't imagine anyone picking up a 7-10 split with one of these things.

And maybe it's just me (and it probably is), but there seems a certain inauthenticity -- a certain chintziness -- to a string-based pin setter, like I'm playing with a cheap replica for kids rather than the real thing for grown-ups. ("Hey! Are you calling European nine-pins chintzy?" No, just... Unfamiliar. I'm sure there are whole schools of thought on how best to use the tethers to your advantage, and which tether materials are "better" than others. It clearly works for them.)

Slashdot Top Deals

"Gotcha, you snot-necked weenies!" -- Post Bros. Comics

Close