Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - The Hard Truths of Navigating Ageism in IT

snydeq writes: In an industry that favors youth over experience, the best defense against age discrimination may be avoiding becoming a victim in the first place, writes Bob Violino in a report on your rights and how to deal with ageism in IT. 'How old is too old to work in IT? That depends on who is doing the hiring and paying the salaries of IT pros. But one thing is for certain: Widespread age discrimination has become a central issue, affecting many people working or seeking work in today’s IT industry, according to legal and career experts.'

Submission + - The Black and Blue Bill - Holding Police LESS Accountable (washingtonpost.com)

schwit1 writes: The bill would create new federal crimes, impose federal police over the will of local officials and voters and shield police officers from virtually any civil liability, even in cases of egregious misconduct.

Let’s look first at the new federal crimes. The bill would create new federal crimes for killing, attempting to kill or conspiring to kill a state or local law enforcement officer who works for a police agency that receives federal funding. Because nearly all police agencies receive some sort of federal funding, including most local sheriff’s departments and town police, the bill basically makes it a federal crime to kill, attempt to kill or conspire to kill any police officer (as well as any judge or first responder). The bill would also allow for the federal death penalty in such cases, and it would impose limits on the ability of defendants to file habeas petitions in federal court after they’ve exhausted their appeals.

But perhaps the most disturbing part of the bill is the new restrictions it puts on suing police officers for constitutional violations. Police officers are protected by qualified immunity, which requires you to show that not only were your rights violated but also a reasonable police officer should have known that the actions in question were a violation of the Constitution. Under this bill, even if you can show all of that, if the police can show that the violation and resulting injuries were “incurred in the course of, or as a result of, or . . . related to, conduct by the injured party that, more likely than not, constituted a felony or a crime of violence . . . (including any deprivation in the course of arrest or apprehension for, or the investigation, prosecution, or adjudication of, such an offense),” then the officers are liable only for out-of-pocket expenses. What’s more, the bill would bar plaintiffs from recovering attorneys fees in such cases.

Submission + - With $380M to Spend, Laurene Jobs Quietly Put Her Tax-Exempt Ducks in a Row

theodp writes: Back in 2013, the NY Times reported that Laurene Powell Jobs (widow of Steve) didn't need any tax benefits for her giving: "Ms. Powell Jobs said that Emerson [her philanthropic organization] did not need the tax structure of a foundation, and that 'doing things anonymously and being nimble and flexible and responsive are all things we value on our team'." Her eschewing of the tax-exempt 501(c)(3) structure was later cited by the business press as a model for Facebook CEO Mark Zuckerberg's Chan-Zuckerberg LLC. But with $380+ million burning a hole in her philanthropic pocket and former U.S. Dept. of Education Chief Arne Duncan now on her payroll, Jobs decided to quietly put her tax-exempt ducks in a row last year with the formation of a new 501(c)(3) entity, the Emerson Collective Foundation. Federal and state record searches indicate that Jobs filed papers — including a Form 1023 Application for Recognition of Exemption Under Section 501(c)(3) of the Internal Revenue Code, a Statement of Revenue listing receipts of $381,567,500 for 7/31/2016-12/31/2016, and Jobs' good-enough-for-government-work resume — seeking tax-exempt status within days of announcing she would award $100 million in a contest to "rethink high school" (including $10M for a pet charter school of Zuckerberg and Bill Gates). The move may help Jobs stretch her philanthropy dollars — the top IRS tax rate is currently 39.5%. There's no indication if Zuckerberg will follow suit (a Zuck FB post promoted the NYT narrative that billionaires who structure their philanthropic organizations as LLCs have no interest in getting tax benefits on the money they funnel through them), although the Facebook CEO has coincidentally hired Jim Shelton, former U.S. Deputy Secretary of Education to Arne Duncan, to head his education initiatives.

Submission + - Author of EternalRocks SMB Worm Calls It Quits After Intense Media Coverage (bleepingcomputer.com)

An anonymous reader writes: The developer of the EternalRocks SMB worm appears to have shut down his operation, following the intense media coverage his malware has received in the past seven days.

According to a message he posted on the homepage of his own command-and-control server, the malware's author seems to have been scared by the intense and apocalyptic headlines the world's media has been running about his SMB worm. These headlines are just fearmongering, since EternalRocks never delivered any malware, but the worm was discovered after the WannaCry ransomware outbreak, which also used a SMB worm to spread.

Nonetheless, the Croatian researcher who uncovered the worm doesn't believe the malware author's explanation. He says the crook had to give up on his SMB worm because he exposed his infrastructure, and law enforcement agencies are now keeping a close eye on him. Doing anything malicious would be extremely hard, as he would only reveal more clues about his location.

Submission + - Responding to Production Defects: Sustaining Engineering or Original DevTeam

Jeff Candiello writes: My management is trying to form a sustaining team for a new product. I'd like convince them that making dev teams responsible for fixing their own production defects will force them to be accountable for promoting code that works. Instead my management team wants to build a sustaining team to handle defects that show up in production to "ensure that dev teams can stay focused on new features". Google isn't bringing back more than a blog post or two about this. Hoping to find some articles/resources that outline the pro's and con's to either approach.

Submission + - Tabby's Star Dims Again, Astronomers Scramble to Catch It in the Act (scientificamerican.com)

x_t0ken_407 writes:

The star, called KIC 8462852 and nicknamed “Tabby's Star” after Yale University astronomer Tabetha “Tabby” Boyajian, first made news in 2015 when researchers discovered something odd about its light, whose strange brightenings and dimmings have even caused some to speculate it might host alien megastructures around it...These dimming events are far too substantial to be caused by planets crossing the face of the star, so scientists looked for other explanations. Some have even suggested that it might host signs of intelligent alien life—specifically, a Dyson sphere, a hypothetical megastructure built around a star to capture as much of its energy as possible to power an advanced civilization.

Submission + - Did China Hack The CIA In Massive Intelligence Breach From 2010 To 2012? (ibtimes.com)

schwit1 writes: Both the CIA and the FBI declined to comment on reports saying the Chinese government killed or imprisoned 18 to 20 CIA sources from 2010 to 2012 and dismantled the agency's spying operations in the country. It is described as one of the worst intelligence breach in decades, current and former American officials told the New York Times.

Investigators were uncertain whether the breach was a result of a double agent within the CIA who had betrayed the U.S. or whether the Chinese had hacked the communications system used by the agency to be in contact with foreign sources. The Times reported Saturday citing former American officials from the final weeks of 2010 till the end of 2012, the Chinese killed up to 20 CIA sources.

Submission + - North Korea's Unit 180, the cyber warfare cell that worries the West (reuters.com)

schwit1 writes:

North Korea's main spy agency has a special cell called Unit 180 that is likely to have launched some of its most daring and successful cyber attacks, according to defectors, officials and internet security experts

Cyber security researchers have also said they have found technical evidence that could link North Korea with the global WannaCry "ransomware" cyber attack that infected more than 300,000 computers in 150 countries this month. Pyongyang has called the allegation "ridiculous".

The crux of the allegations against North Korea is its connection to a hacking group called Lazarus that is linked to last year's $81 million cyber heist at the Bangladesh central bank and the 2014 attack on Sony's Hollywood studio. The U.S. government has blamed North Korea for the Sony hack and some U.S. officials have said prosecutors are building a case against Pyongyang in the Bangladesh Bank theft.

The Pentagon makes a point:

The U.S. Department of Defense said in a report submitted to Congress last year that North Korea likely "views cyber as a cost-effective, asymmetric, deniable tool that it can employ with little risk from reprisal attacks, in part because its networks are largely separated from the Internet".

Submission + - PCs Connected to the Internet Will Get Infected with WanaDecrypt0r In Minutes (bleepingcomputer.com)

An anonymous reader writes: The Wana Decrypt0r ransomware — also known as WCry, WannaCry, WannaCrypt, and WanaCrypt0r — infected a honeypot server made to look like a vulnerable Windows computer six times in the span of 90 minutes, according to an experiment carried out by a French security researcher that goes online by the name of Benkow.

During one of those infections, Wana Decrypt0r infected the honeypot in a mere three minutes after it was reset, showing the aggressive nature of the ransomware's scanning module, which helps it spread to new victims. Three minutes is about the same amount of time IoT malware will infect a vulnerable home router left connected to the Internet without patches.

The article also highlights the fact that the group behind this threat is possible made of inexperienced coders, who just stumbled upon a way to weaponize an NSA exploit. Their three previous WanaDecrypt0r campaigns were mundane, and one researcher called their code "utter [expletive]." This is because WanaDecrypt0r is actually made of two main modules, the ransomware itself, and the SMB worm (based on the NSA exploit). While the SMB worm is top-shelf code, the ransomware itself is quite unsophisticated, making a lot of operational errors, including using only 3 Bitcoin wallets to handle payments, instead of one per infected user, as most top-shelf ransomware does. This makes it difficult to tell which victims paid and who didn't, as anyone could claim "x" transaction is theirs, even if they didn't pay.

Submission + - Star Trek Bridge Crew gets IBM Watson-powered voice commands (theverge.com)

PolygamousRanchKid writes: Star Trek Bridge Crew — the VR game that puts you in the slip-on space shoes of a Starfleet officer — already emphasizes vocal communication when you’re playing with real humans, but it will soon allow you to use your voice to issue orders to computer-controlled characters, too.

The feature has been made possible using IBM’s VR Speech Sandbox. The software combines IBM Watson’s Speech to Text and Conversation services with the company’s Unity SDK, using the natural language processing capabilities of IBM’s Watson software to parse your barked commands, and allow AI-controlled characters to act on them. Players will be able to launch photon torpedoes, jump to warp speed, or lock S-foils in attack formation (maybe not that last one) by requesting that your crew members push the relevant blinking buttons on their own command consoles.

Let's just skip all that stuff, and cut right to the part where Kirk gets the girl . . .

How well it actually works in practice, we’ll see this summer, aboard our own starships.

"Scotty, beam up the IBM stock price!" — Posterior Admiral Ginni Rometty

Submission + - Announcing the "Google Issues" Mailing List (vortex.com)

Lauren Weinstein writes: Even relatively new readers will know by now that postings relating to Google have long been a very frequent component of these lists, and of my blog (which itself is around 14 years old).

The volume of Google-related postings seems likely to only be increasing. So with hopefully only relatively minor risk to the spacetime continuum, I have created a new mailing list to deal exclusively with all manner of Google-centric issues (and associated Alphabet, Inc. topics as well).

The subscription page (and archive information) for this new moderated mailing list is at:


Submission + - 7th Grader Suspended for Liking Instagram photo of airsoft gun. 1

BitterOak writes: It seems zero tolerance has run amok in Ohio, where a 7th grader was handed a 10 day suspension for liking a photo of an airsoft gun on Instagram that was posted by a friend. They use airsoft guns recreationally (not at school) so he thought nothing of liking the photo. Apparently that ran afoul of the school district's zero tolerance policy on guns. His parents managed to get the suspension lifted, but not until after the student had been sent home and an investigation was conducted. This raises questions about what role schools should have in patrolling students' social media use.

Submission + - The "anti-patterns" that turned the IoT into the Internet of Shit (boingboing.net)

An anonymous reader writes: Junade Ali at Cloudflare presents a primer on "anti-patterns" that have transformed IoT devices into ghastly security nightmares.

This JSON request instructs the alarm clock on every “alarmSound” event to send a HTTP request to the coffee machine. Whilst this may seem a simple and effective way of implementing the Pub/Sub pattern in HTTP, this poses a significant security risk. By not being able to validate if the receiver of the subscribed message wants the message or not, there is effectively a DDOS vulnerability. An attacker with the ability to set subscriptions on the alarm clock can effectively send HTTP messages to any device or internet property they want. If this is done across enough devices, a DDOS vulnerability is created. Toast popping out of a toaster or a car driving across a road traffic sensor could be the trigger of a future large scale DDOS against a web property.

IoT Security Anti-Patterns [Junade Ali/Cloudflare] https://blog.cloudflare.com/io...

Slashdot Top Deals

Have you reconsidered a computer career?