Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Common? (Score 1) 56

Stunned me too when I got speaking to locals on the earlier aurora orientated photography trips I've done. The very first trip I did, we'd just done a successful all-nighter, which for most of us was the first time we'd ever seen the lights, and were in an Icelandic garage/café getting some breakfast and looking over our images when we got talking with a long distance lorry driver - his response to a question about getting to see the aurora a lot was basically a shrug and "thousands of times, I guess, don't really notice them anymore...". Yep, that'll do it: *minds* *blown*. :)

That said, the AC's analogy below about a really good sunset is probably better than my more direct night sky objects one; they *do* still look, but only when it's a really good display, and after doing many more trips to the Arctic (it can really get under your skin!) I can kind of see why. I've now got a lot of photographs of simple bands of aurora, so unless it's a really nice composition with the background, an unusual colour, or has something else to set it apart, I often don't bother unless I haven't got my camera set up yet and need a few test shots to check I've nailed my focus and the exposure settings are in the ballpark.

Comment Re:BrickerBot (Score 1) 46

A bad solution is still a bad solution. And vigilanteism is still vigilanteism. And DDOS attacks using infected devices are nothing new, it is just that IoT have opened up a new attack vector. Look at how many Windows based computers have been involved in DDOS in the past.

Yes, it's a bad solution, and it's undeniably vigilantism as well. But, like democracy, it's still the best (and at present, only) solution we currently have that is working at scale. The Zero Day Initiative typically gives vendors 90 days (3 months) to fix a problem before they go public except in exceptional circumstances, and most credible vendors are OK with that framework. By comparison Mirai hit almost six months before BrickerBot, Hajime, and other such tools were unleashed, and in all that time noone - whether vendors, ISPs, or owners - did much more than shrug, shuffle their feet, and wring their hands.

They collectively took a huge dump in everyone else's bed and then did nothing about it, so that just left people stepping up with their bad solutions and vigilantism to try and clean up the mess. Want to "fix" BrickerBot and Hajime, etc.? Fix your devices, secure your networks, and isolate your devices, as applicable. Just like Mirai and the rest, if they can't root the device, then they can't propogate either, and everyone benefits - in fact, unlike the blackhat authors of malicious botnets, the vigilantes are more likely to shut up shop as soon as there are credible signs of progress being made. Acknowledging the message they are sending is all that is required.

Comment Looking at my firewall logs (Score 3, Informative) 46

Looking at my firewall logs I think BrickerBot v3.0 may have actually been unleashed on the 18th, not the 20th. There was a huge decline in scanning for port 5358 that started on the 18th, which is now less than half the activity level it was at on the 17th, and less than 15% of the levels it was peaking at prior to BrickerBot v1.0. There are further, but smaller, falls in some of the other typical IoT ports like 2323 that started around the same time as well.

If you're reading, Janit0r (or whatever your current pseudonym is), keep up the good work! Might be worth taking a look at what's going on with Port 81 as well... Just sayin' :)

Submission + - Uber Gets Sued Over Alleged 'Hell' Program To Track Lyft Drivers (techcrunch.com)

An anonymous reader writes: Uber has another lawsuit on its hands. This time, it’s about Uber’s alleged use of a program called “Hell.” The plaintiff, Michael Gonzales, drove for Lyft during the time Uber allegedly used the software. He’s seeking $5 million in a class action lawsuit. As the story goes, Uber allegedly tracked Lyft drivers using a secret software program internally referred to as “Hell.” It allegedly let Uber see how many Lyft drivers were available to give rides, and what their prices were. Hell could allegedly also determine if people were driving for both Uber and Lyft. The lawsuit, filed in the U.S. District Court for the Northern District of California, alleges Uber broadly invaded the privacy of the Lyft drivers, specifically violated the California Invasion of Privacy Act and Federal Wiretap Act and engaged in unfair competition. Uber has not confirmed nor outright denied the claims.

Submission + - A caterpillar may lead to a "plastic pollution" solution. (bbc.com)

FatdogHaiku writes: Researchers at Cambridge University have discovered that the larvae of the moth, which eats wax in bee hives, can also degrade plastic.

They think microbes in the caterpillar — as well as the insect itself — might play a role in breaking down plastic. If the chemical process can be identified, it could lead to a solution to managing plastic waste in the environment.

Submission + - How Online Shopping Makes Suckers of Us All (theatlantic.com)

Thelasko writes: Will you pay more for those shoes before 7 p.m.? Would the price tag be different if you lived in the suburbs? Standard prices and simple discounts are giving way to far more exotic strategies, designed to extract every last dollar from the consumer.

Submission + - NSA's DoublePulsar Kernel Exploit A 'Bloodbath' (threatpost.com)

msm1267 writes: A little more than two weeks after the latest ShadowBrokers leak of NSA hacking tools, experts are certain that the DoublePulsar post-exploitation Windows kernel attack will have similar staying power to the Conficker bug, and that pen-testers will be finding servers exposed to the flaws patched in MS17-010 for years to come.

MS17-010 was released in March and it closes a number of holes in Windows SMB Server exploited by the NSA. Exploits such as EternalBlue, EternalChampion, EternalSynergy and EternalRomance that are part of the Fuzzbunch exploit platform all drop DoublePulsar onto compromised hosts. DoublePulsar is a sophisticated memory-based kernel payload that hooks onto x86 and 64-bit systems and allows an attacker to execute any raw shellcode payload they wish.

“This is a full ring0 payload that gives you full control over the system and you can do what you want to it,” said Sean Dillon, senior security analyst at RiskSense. Dillon was the first to reverse-engineer a DoublePulsar payload, and published his analysis last Friday.

“This is going to be on networks for years to come. The last major vulnerability of this class was MS08-067, and it’s still found in a lot of places,” Dillon said. “I find it everywhere. This is the most critical Windows patch since that vulnerability.”

Dan Tentler, founder and CEO of Phobos Group, said internet-net wide scans he’s running have found about 3.1 percent of vulnerable machines are already infected (between 62,000 and 65,000 so far), and that percentage is likely to go up as scans continue.

“This is easily describable as a bloodbath,” Tentler said.

Submission + - Lyrebird claims it can recreate anyone's voice based on just a 1 minute sample

Artem Tashkinov writes: Today a Canadian artificial intelligence startup named Lyrebird unveiled its voice imitation deep learning algorithm that can mimic a person's voice and have it read any text with a given emotion, based on the analysis of just a few dozen seconds of audio recording. The website features samples using the recreated voices of Donald Trump, Barack Obama and Hillary Clinton. A similar technology was created by Adobe around a year ago but it requires over 20 minutes of recorded speech. The company sets to open its APIs to public, while the computing for the task will be performed in the cloud.

Submission + - Ontario launches Universal Basic Income Pilot (www.cbc.ca)

epiphani writes: The Ontario Government will pilot universal basic income in a $50M program supporting 4,000 households over a 3 year period. While Slashdot has vigorously debated universal basic income in the past, and even Elon Musk has predicted it's necessity, experts continue to debate and gather data on the approach in the face of increasing automation. Ontario's plan will study three communities over three years, with participants receiving up to $17,000 annually if single, and $24,000 for families.

Submission + - SPAM: Will the high-tech cities of the future be utterly lonely?

randomErr writes: Humans are inherently social animals, and our health suffers if we're cut off from social ties. Loneliness can happen to anyone. In Britain, more than one in eight people say they don't consider anyone a close friend, and the number of Americans who say they have no close friends has roughly tripled in recent decades. One pervasive source of our loneliness is technology. While it offers an easy way to keep in contact with friends — and meet new people through dating and friendship apps — technology's omnipresence encourages shallow conversations that can distract us from meaningful, real-life, interactions. Researchers at the University of Essex found that having a phone nearby, even if we don't check it, can be detrimental to our attempts at connecting with others. Smartphones have transformed post office lines from a chance for some small-talk with the neighbors to an exercise in email-checking, and sealed the fate of coffee shops as nothing more than places of mutual isolation.

Comment Re:Common? (Score 4, Insightful) 56

Aurora are highly variable objects; they come in many shapes, shades, intensities, speeds they move back and forth across the sky, the speed at which they can appear/disappear, and so on. It's not that they haven't been noticed before, in fact that's how they were identified as being so common - by finding examples captured in previous images of the night sky taken by aurora watchers and similar - it's just that no one has realised they were a distinct form of interaction between particles in the upper atmosphere until now. You've also got to keep in mind that for many people that live in latitudes where aurora are common they're just a fact of life and not all that much more notable than the moon in the night sky, so the chances are pretty high that these jets have been seen on countless occasions, maybe even photographed as well, dismissed as a band/ribbon aurora (not the most photogenic type, and of little interest unless you're new to aurora watching), and that was that.

Submission + - SPAM: Why I Published in a Predatory Journal

randomErr writes: Last month I was invited to submit a paper to a dubious urology journal. I'm an editor of scientific writing who has a strong antipathy for predatory journals. So I decided to troll this publication, the MedCrave Group’s Urology & Nephrology Open Access Journal, to see whether they would agree to publish a totally made-up, Seinfeld-themed “case report” about a man who develops “uromycitisis poisoning.” Seinfeld argued that, due to his illness, he could die if he doesn’t relieve himself whenever he needs to. To my surprise, a representative at Urology & Nephrology Open Access Journal wrote to say that my manuscript was sent out for peer review. Three days later, it was conditionally accepted.

Submission + - A battery made of molten metals (mit.edu) 1

Z00L00K writes: This story came out a while ago, but didn't seem to surface:

A novel rechargeable battery developed at MIT could one day play a critical role in the massive expansion of solar generation needed to mitigate climate change by midcentury. Designed to store energy on the electric grid, the high-capacity battery consists of molten metals that naturally separate to form two electrodes in layers on either side of the molten salt electrolyte between them. Tests with cells made of low-cost, Earth-abundant materials confirm that the liquid battery operates efficiently without losing significant capacity or mechanically degrading — common problems in today’s batteries with solid electrodes. The MIT researchers have already demonstrated a simple, low-cost process for manufacturing prototypes of their battery, and future plans call for field tests on small-scale power grids that include intermittent generating sources such as solar and wind.


Comment Re:Here is my clever idea... (Score 1) 172

Try explaining that to the legacy mainstream media dinosaurs that are still busy taking Google to court for spidering, indexing, and linking to their content, despite the debacle of Spain a few years back, and see how far it gets you. Common sense is in short supply in some corners of the Internet, and fairly large corners at that.

Comment Re:Cautiously saying yes to this (Score 1) 172

I think the law of averages would take care of that. Bandwidth is pretty cheap and the chances are that even if you are constrained by bandwidth, as might be the case with a smaller site on an "xGB/day" hosting plan, then it's more likely to be the case there won't be too many GB of content to spider in the first place. There are always exceptions though, and where there is a real problem there are still going to be workarounds, e.g. explicit opt out clauses for spiders like IA's or, if all else fails, denying access based on User-Agent strings.

It does clearly depend on what effect this might have on the value of "everyone" though. Spidering (for legit purposes and otherwise) is mostly just background noise at present; the real bad actors - cyber criminals - already ignore robots.txt, and not every good actor would significantly benefit from ignoring robots.txt. The only real reasons a good actor might have for ignoring it are for better archiving (as with IA's proposals) or more complete search engine indicies, but if the reason for the content being excluded via robots.txt is that it is highly dynamic, transient, or just fodder for bad robots, then it's of minimal value to search engines anyway. Even if some (or all) of the search engines were to follow IA's lead on this, I think they'd still be looking at balancing that with more intelligence in their spidering just to avoid the risk of cluttering up their databases with broken links and expired data, and that's likely to limit the bandwidth requirements considerably.

Slashdot Top Deals

The price one pays for pursuing any profession, or calling, is an intimate knowledge of its ugly side. -- James Baldwin

Working...