Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Malaysian Police: VX nerve gas killed N Korea leader's brother in airport attack (reuters.com)

An anonymous reader writes: Malaysian police have announced their finding that Kim Jong Nam, half-brother of North Korean leader Kim Jon Un, was killed by assassins using VX nerve gas in an attack in the busy Kuala Lumpur airport. Malaysian authorities plan to decontaminate the airport and other sites visited by the attackers. Police are holding the two female attackers, one of whom was affected by the chemical agent, as well as two other men. They are seeking seven more North Koreans connected to the case. VX is the most toxic of the nerve gasses and the UN has declared it a weapon of mass destruction. The manufacture and stockpiling of more than 100 grams of VX per year is prohibited by the Chemical Weapons Convention of 1993. It has no commercial uses. The Malaysian police are trying to discover if it was smuggled into their country, or manufactured there. The Malaysian government has recalled its ambassador to North Korea for consultation. North Korea is blaming the death of Kim Jong Nam on Malaysia. North Korea is believed to have major stockpiles of chemical weapons, and is alleged to conduct experiments on prisoners and social undesirables.

Submission + - SPAM: UV-Illuminated Rhodium: Plentiful Methane from Carbon Dioxide

Freshly Exhumed writes: Researchers in the Chemistry and Physics Departments at Duke University have found that CH4 (Methane) is almost exclusively produced when rhodium nanoparticles are mildly illuminated in ultraviolet LED light, yielding a seven-fold increase in the CH4 production rate over dark conditions, while only a slight increase in simultaneous CO production was detected. No other carbon-containing product was observed, making this photocatalytic process an enticing possible solution for the reduction of carbon dioxide concentrations in the atmosphere while simultaneously producing methane for fuel and industrial use. Rhodium is commonly used in automobile catalytic converters.

Submission + - The race for autonomous cars is over. Silicon Valley lost. (autoblog.com)

schwit1 writes: Up until very recently the talk in Silicon Valley was about how the tech industry was going to broom Detroit into the dustbin of history. Companies such as Apple, Google, and Uber — so the thinking went -were going to out run, out gun, and out innovate the automakers. Today that talk is starting to fade. There's a dawning realization that maybe there's a good reason why the traditional car companies have been around for more than a century.

Last year Apple laid off most of the engineers it hired to design its own car. Google (now Waymo) stopped talking about making its own car. And Uber, despite its sky high market valuation, is still a long, long way from ever making any money, much less making its own autonomous cars.

To paraphrase Elon Musk, Silicon Valley is learning that "Making rockets is hard, but making cars is really hard." People outside of the auto industry tend to have a shallow understanding of how complex the business really is. They think all you have to do is design a car and start making it. But most startups never make it past the concept car stage because the move to mass production proves too daunting.

Submission + - Postgres Vision Announces Call for Papers

RaDag writes: Share your story about Postgres and innovation in open source data management at Postgres Vision, to be held June 26-28 in Boston. The deadline to submit is March 17, 2017. The call for papers seeks individual presentations and panel discussions for the open source community and developer tracks.
Practitioners are encouraged to submit proposals on such Postgres and related topics as successful enterprise deployments; data integration projects; cloud projects; best practices; continuous development and DevOps; development efforts with open source; and favorite features or capabilities. Click here for more details.

Submission + - Study Reveals Bot-On-Bot Editing Wars Raging On Wikipedia's Pages (theguardian.com)

An anonymous reader writes: A new study from computer scientists has found that the online encyclopedia is a battleground where silent wars have raged for years. Since Wikipedia launched in 2001, its millions of articles have been ranged over by software robots, or simply “bots," that are built to mend errors, add links to other pages, and perform other basic housekeeping tasks. In the early days, the bots were so rare they worked in isolation. But over time, the number deployed on the encyclopedia exploded with unexpected consequences. The more the bots came into contact with one another, the more they became locked in combat, undoing each other’s edits and changing the links they had added to other pages. Some conflicts only ended when one or other bot was taken out of action. The findings emerged from a study that looked at bot-on-bot conflict in the first ten years of Wikipedia’s existence. The researchers at Oxford and the Alan Turing Institute in London examined the editing histories of pages in 13 different language editions and recorded when bots undid other bots’ changes. While some conflicts mirrored those found in society, such as the best names to use for contested territories, others were more intriguing. Describing their research in a paper entitled Even Good Bots Fight in the journal Plos One, the scientists reveal that among the most contested articles were pages on former president of Pakistan Pervez Musharraf, the Arabic language, Niels Bohr and Arnold Schwarzenegger. One of the most intense battles played out between Xqbot and Darknessbot which fought over 3,629 different articles between 2009 and 2010. Over the period, Xqbot undid more than 2,000 edits made by Darknessbot, with Darknessbot retaliating by undoing more than 1,700 of Xqbot’s changes. The two clashed over pages on all sorts of topics, from Alexander of Greece and Banqiao district in Taiwan to Aston Villa football club.

Submission + - First SHA1 Collision (googleblog.com)

ad454 writes: Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We've summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.

https://security.googleblog.co...

Submission + - Google has demonstrated a successful practical attack against SHA-1 (googleblog.com)

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Submission + - Announcing the first SHA1 collision (googleblog.com)

matafagafo writes: Google Security Blog just published

Cryptographic hash functions like SHA-1 are a cryptographer’s swiss army knife. You’ll find that hashes play a role in browser security, managing code repositories, or even just detecting duplicate files in storage. Hash functions compress large amounts of data into a small message digest. As a cryptographic requirement for wide-spread use, finding two messages that lead to the same digest should be computationally infeasible. Over time however, this requirement can fail due to attacks on the mathematical underpinnings of hash functions or to increases in computational power. Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision.


Submission + - Judge Rules Against Forced Fingerprinting

An anonymous reader writes: A federal judge in Chicago has ruled against a government request which would require forced fingerprinting of private citizens in order to open a secure, personal phone or tablet. In the ruling, the judge stated that while fingerprints in and of themselves are not protected, the government’s method of obtaining the fingerprints would violate the Fourth and Fifth amendments. The government’s request was given as part of a search warrant related to a child pornography ring. The court ruled that the government could seize devices, but that it could not compel people physically present at the time of seizure to provide their fingerprints ‘onto the Touch ID sensor of any Apple iPhone, iPad, or other Apple brand device in order to gain access to the contents of any such device.’

Submission + - Google: 99.95% of Recent 'Trusted' DMCA Notices Were Bogus (torrentfreak.com)

AmiMoJo writes: In comments submitted to a U.S. Copyright Office consultation, Google has given the DMCA a vote of support, despite widespread abuse. Noting that the law allows for innovation and agreements with content creators, Google says that 99.95% of URLs it was asked to take down last month didn't even exist in its search indexes. “For example, in January 2017, the most prolific submitter submitted notices that Google honored for 16,457,433 URLs. But on further inspection, 16,450,129 (99.97%) of those URLs were not in our search index in the first place.”

Submission + - Microsoft Research's DeepCoder AI may put programmers out of a job

jmcbain writes: Are you a software programmer who voted in a recent Slashdot poll that a robot/AI would never take your job? Unfortunately, you're wrong. Microsoft, in collaboration with the University of Cambridge, is developing such an AI. This software "can turn your descriptions into working code in seconds. Called DeepCoder, the software can take requirements by the developer, search through a massive database of code snippets and deliver working code in seconds, a significant advance in the state of the art in program synthesis." Another article describes program synthesis as "creating new programs by piecing together lines of code taken from existing software — just like a programmer might. Given a list of inputs and outputs for each code fragment, DeepCoder learned which pieces of code were needed to achieve the desired result overall." The original research paper can be read online.

Submission + - Obama's Feds Tried to Hack Indiana's Election System While Pence Was Governor

EmmaStarc writes: Department of Homeland Security (DHS) officials tried to hack Indiana’s state electoral system with at least 14,800 “scans” or hits between Nov. 1, 2016, to Dec. 16, 2016, The Daily Caller News Foundation Investigative Group has learned.

The attacks are the second confirmed IT scanning assault by DHS officials against states that resisted then-President Barack Obama’s attempt to increase federal involvement in state and local election systems by designating them as “critical infrastructure” for national security. .Source

Submission + - Is Slack Safe? (fastcompany.com)

An anonymous reader writes: If you work in media (or most other tech-oriented jobs), chances are you've come across Slack—or you find yourself using it every waking hour. It's an easy way to chat and collaborate with fellow employees. But amid increasing concerns about press freedom in the U.S. and elsewhere, are chatroom apps like Slack really the best way for journalists—and anyone else with sensitive information—to communicate? Reporters, editors, and privacy advocates aren't so sure.

Submission + - Software Vendor Who Hid Supply Chain Breach Outed (krebsonsecurity.com)

tsu doh nimh writes: Researchers at RSA released a startling report last week that detailed a so-called "supply chain" malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation's largest companies. This intrusion would probably not be that notable if the software vendor didn't have a long list of Fortune 500 customers, and if the attackers hadn't also compromised the company's update servers — essentially guaranteeing that customers who downloaded the software prior to the breach were infected as well. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure as a page inside of its site — not linking to it anywhere. Brian Krebs went and digged it up.

Slashdot Top Deals

Mr. Cole's Axiom: The sum of the intelligence on the planet is a constant; the population is growing.

Working...