Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - The Short Dumb Life of the Internet of Things

Trailrunner7 writes: We knew it was coming, we knew it would be bad, and we also knew it would be stupid. But just how bad and stupid the Internet of Things has become in its short life has surpassed even the most outrageously pessimistic predictions.

Anyone who has been paying any kind of attention to IoT security, such as it is, has known for years that the vast majority of embedded or allegedly smart devices are terrifically insecure. It’s beyond cliche at this point to make fun of IoT security (although it’s also quite satisfying). So when a botnet comprised largely of Internet-connected rose up last week and DDoS-ed DNS provider Dyn into oblivion for several hours, many observers in the security community kind of shrugged and nodded.

Many of the devices recruited into the Mirai botnet include components made by XiongMai Technologies, a Chinese manufacturer. The company has responded by recalling some of those devices, including CCTV cameras, that have been compromised by Mirai and used in the attacks. That recall will have approximately zero effect on the victims using these devices or the attackers running the Mirai botnets. If you’re using an Internet-connected surveillance camera, it’s because you want to surveil something remotely. Are you going to take those cameras offline, pack them up, and ship them back to the manufacturer? Unlikely. The recall is probably designed mostly to get the vulnerable devices off shelves so more customers don’t but them, but that still doesn’t matter much given that the botnet already is out here kicking in doors.

Security teams know how to clean up a normal botnet, but disinfecting and patching compromised IoT devices is much more complicated. A lot of those devices are in hard-to-reach places and their owners are reticent to patch them even when vendors make fixes available, which is rare. Users and vendors both see these devices as somewhat disposable, so patching them isn’t exactly a priority. And building security into them during the design process isn’t high on the list either, obviously.

Submission + - Easy-To-Exploit Rooting Flaw Puts Linux Computers At Risk (

itwbennett writes: The maintainers of Linux distributions are rushing to patch a privilege escalation vulnerability, tracked as CVE-2016-5195, that has has existed in the Linux kernel for the past nine years and is already being exploited in the wild. The Red Hat security team describes the flaw as a 'race' condition, 'in the way the Linux kernel's memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings.' This allows an attacker who gains access to a limited user account to obtain root privileges and therefore take complete control over the system. The vulnerability was fixed last week by the Linux kernel developers and patches for Linux distributions, including Red Hat, Debian, Ubuntu, Gentoo and Suse, have been released or are in the process of being released.

Submission + - How You Can Determine the Future of AI Ethics

Grand_Axe writes: This is a call for you to take a stand on AI ethics. Its an epochal time for both your rights and AI technology.

Humanoid AI (I’ll just call it AI from now) will bring immeasurable benefits to the world as it gets rolled out in the very near future. One easy example is the crash last week of the ExoMars projects Schiaparelli EDM lander, after years of effort and journeying thousands of miles; no doubt, a craft piloted by AI would have had much better chances.
However, there are a lot of alarmist tales (some factual, others nonsensical) about how AI would ruin us and make the Earth a desolate waste. My counterargument is that AI will only be as dangerous as we make it, we all can do something about it if we engage concerns the right way.

So, lets save the world from apocalyptic visions of crazed AI bot overlords mumbling torrid curses in C++, while chasing tearful old ladies down dark alleys, neon eyes flashing in binary rage due to code gone raving mad.

Robust standards can be the difference between routine and danger. Take for instance the filling of a car with petrol. Although petrol is a highly explosive, volatile fuel that exists as napalm in its most violent form, there are a billion plus cars on earth which regularly drive into petrol stations for refuelling without incident.
Robust safety standards have turned service at the millions of fuel station accidents on earth into a mere routine. The same can happen with AI – it depends on us all to make that so.

The Path

The only robust way to keep AI safe, now and in the far future, is to provide an effective mix of constraints and exclusions to AI interactions that protect the public, while not cutting down on AI capabilities. To this end, a set of proposals is enunciated in a nascent AI ethics effort, The Creed (, its central thrust being:

  1. making AI access to a network as close to impossible as is possible,
  2. ensuring that an AI agent is never in charge of its power switch,
  3. providing a prominently positioned kill switch,
  4. ensuring that an AI agent is never put in charge of a contraption of any sort that can move faster along a path than a toddler can run,
  5. guaranteeing that AI will not be employed to breach privacy,
  6. ownership must be unambiguous.
  7. The Creed is open source; this ensures that it is democratic and that none of its tenets can be hidden under malicious legalistic trickery.

One of the principles behind The Creed is to create a hardened opaque box in which a useful AI agent can live in its own virtual world, which we in turn can manipulate because, we will be in full control of its communications and its sensors.
The logic is that it is impossible to react in a sustained and proper way to phenomena whose simplest components one has never previously experienced. If you live in a hardened opaque box, you can’t see outside that box, neither can you break out of it.

Therefore, by keeping to the tenets of The Creed, we can stop AI agents from fully experiencing our world and learning how to operate autonomously within it to the extent that they can become a threat to us; by the same token, we can buy reaction time for ourselves if they do.
The constraints that are applicable to AI packaging (as listed in The Creed) will also create barrier between AI and any actuator as well as slow down AI self- transportation speed to that of a toddler.

The other principle behind The Creed is community ownership. The Creed is open source, so contributions to fix pressing safety (and other) concerns can be made by the public in timely fashion; and because the you will be directly affected, the solutions you contribute are guaranteed to be sound, satisfactory and effective.

Community ownership of The Creed will make certain that AI never ever becomes an agent of dystopia and that it remains a tool to enhance the average person, rather than one by which the strong can forever subjugate the weak.

How is The Creed Managed? What Next?

I’m currently the sole manager of The Creed, which is a conflict of interest. Therefore, I wish for third parties to take over, preferably individuals and (or) organisations that have already proven (emphasis on proven) themselves to be advocates of the public good. This is because such parties would be unlikely to spring nasty surprises as trojans for big business. I did exchange emails with one such organisation, the Free Software Foundation (, unfortunately although they were kind, The Creed fell outside the scope of their work.
It would be great to have a credible third party take over management of The Creed. It could be you or your organisation.

What’s the Alternative?

There are a few efforts at AI ethics, but they all seem lumbering beasts that share a foggy concept of AI.
The most notable is the Partnership on Artificial Intelligence to Benefit People and Society (lets call it PAIBPS), an alliance of Google, Facebook, Amazon, IBM and Microsoft — most of which have been fined for breaching privacy, all of which are involved in IOT which is about pervasive data collection. You’d sooner leave a chicken’s welfare to a fox.

You can imagine that the definition of privacy that might come out of PAIBPS would shock the goatskin boxers right off Fred Flintstone. Yet privacy is a defining human characteristic, even if for some strange reason it is not discussed in textbooks as such.
Here on Earth, humans are the only living things that possess a sense of privacy. Animals certainly don’t care about it; your average libidinous pup would unceremoniously use your knee in the market square with scant thought for #TheOtherRoom. Not even chimps have invented loin cloths.

Your privacy is your humanity, without privacy, you are debased. This is a rather unhealthy perception of humans to give to AI agents.

Privacy is not the only area in which the concept of The Creed is superior to PAIBPS, just as important is speed of reaction to pressing concerns. As an example, The Creed was posted to GitHub on May 3, 2016, complete with the tenet that all AI agents must have a kill switch. From June 8th 2016 (a month later) news reports began to appear that Google was researching into building a kill switch ( and had even engaged academics (from one of the worlds top universities) who had produced a paper on how to code a kill switch Erm, its just a switch, Joe!

Putting aside the appearance of a timing coincidence, Google has been involved in AI far longer than my sub two year foray. So why wasn’t the need for a kill switch obvious to them long ago? It is most likely that conflicting business interests blind sided them. Anyway, at least Google made an effort, Microsoft on the other hand simply unleashed the despicable “kush loving” Tay on Twitter, thus enabling the worlds population of innocent little kids with hideous new vocabulary. Oh well!

Because conflicting big business interests will always win against public good, the best we can expect from PAIBPS is long winded bureaucratic waffle of the alarming kind. The only way forward is a community owned effort, which The Creed is.

Thanks for your time, please share your thoughts.
The Creed can be found at

My name is Asame Imoni Obiomah, I’m a pioneer of humanoid AI with plans to make the worlds first ever humanoid AI, Okeuvo, available to the buying public this Xmas.
The address of my website is

Submission + - Young Voters Prefer Giant Meteor for President (

mikeebbbd writes: From Reuters: a poll by UMass Lowell’s Center for Public Opinion and Odyssey Millennials found that many young voters prefer #GiantMeteor2016 to either Trump or Clinton. Random lottery was also suggested as an option.

Comment: The lottery method might, at least, provide some use for the moldering machinery of the Selective Service system.

Submission + - Despite Obama's pledge to make govern. more open, report says secret laws abound ( 1

schwit1 writes: The Justice Department has kept classified at least 74 opinions, memos and letters on national security issues, including interrogation, detention and surveillance, according to a report released Tuesday by the Brennan Center for Justice.

Also still classified are between 25 and 30 significant opinions issued between 2003 and 2013 by the Foreign Intelligence Surveillance Court (FISC), the secretive federal court that interprets the law governing foreign intelligence-gathering inside the United States.

And at the State Department, 807 international agreements signed between 2004 and 2014 have not been published.

Submission + - SPAM: Retired four-star general admits leaking top-secret info to media

Okian Warrior writes: Former vice chairman of the US Joint Chiefs of Staff Gen. James Cartwright pled guilty in federal court Monday, admitting he lied to the FBI when questioned about whether he provided two journalists with top secret information in 2012.

While the charge of making false statements to federal investigators carries a five-year maximum sentence, Cartwright's plea agreement states that he should face no more than six months in prison.

Link to Original Source

Submission + - US Republican Senate Committee hacked

pdclarry writes: While all of the recent news has been about hacking the Democratic party, apparently the Republicans have also been hacked, over many months (since March 2016). This was not about politics, however; it was to steal credit card numbers. Brian Krebs reports that; "a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the Web storefront of the National Republican Senatorial Committee (NRSC)." "If you purchased a “Never Hillary” poster or donated funds to the NRSC through its Web site between March 2016 and the first week of this month [October 2016], there’s an excellent chance that your payment card data was siphoned by malware and is now for sale in the cybercrime underground." Krebs says his information comes from Dutch researcher Willem De Groot, co-founder and head of security at Dutch e-commerce site The Republicans were not alone; theirs was just one of 5,900 e-commerce sites hacked by the same Russian actors.

Submission + - WikiLeaks Transmits Cryptic Hashes As Assange's Internet Link Is Cut (

MojoKid writes: If you follow WikiLeaks on Twitter, you may have noticed a series of cryptic tweets consisting of strings of numbers and letters. These are hashes that appear to be related to another WikiLeak post on Twitter claiming its co-founder, Julian Assange, is without Internet access after his connection was "intentionally severed by a state party." That action has reportedly activated WikiLeaks' "appropriate contingency plans" in response. The announcement surfaced several hours after the site posted the aforementioned cryptic hash posts, three in all with references to Ecuador, Secretary of State John Kerry, and the UK FCO (United Kingdom Foreign Commonwealth Office). Each tweet contained a 64-character hash, which led to rumors that Assange was dead and that the strings of characters were "dead man's keys" or a "dead man's switch," codes to reveal classified secrets in the event of his death. That doesn't appear to be the case. Instead, those hashes, which are preceded by "pre-commitment" labels, are unique codes that can prove the legitimacy of documents leaked in the future that contain the same hashes. Any changes to the documents would alter the 64-character code assigned to them.

Submission + - Tesla And Panasonic To Produce Solar Cells, If SolarCity Deal Succeeds

An anonymous reader writes: Tesla and Panasonic have signed an agreement to manufacture photovoltaic (PV) cells for use in home energy storage solutions including Tesla’s Powerwall and Powerpack. For now, the deal is non-binding and depends on the pending Tesla acquisition of SolarCity. If the purchase closes, Panasonic will begin production of the solar cells at a site in Buffalo, New York in 2017. Tesla has said that it will make a long-term commitment to buy the panels from the supplier. Tesla has already established a relationship with Panasonic, which produces batteries for its electric vehicles and home energy storage products at the Gigafactory in Nevada. The automaker noted that the new solar partnership will help boost production of solar cells and its sustainable energy products. ‘We are excited to expand our partnership with Panasonic as we move towards a combined Tesla and SolarCity. By working together on solar, we will be able to accelerate production of high-efficiency, extremely reliable solar cells and modules at the best cost,’ commented JB Straubel, Tesla chief technology officer, and co-founder.

Submission + - Yahoo's Smart Billboards Would Reveal Much About You, In Public

An anonymous reader writes: Yahoo has filed a patent for advertising billboards outfitted with a wide array of sensors — including drone-based cameras — which would use facial and vehicle recognition, data brokers, cell-tower information and social network information to attempt to identify worthwhile advertising targets and aim personalised ads at them as they pass, on foot or in cars. The scheme, which was submitted on October 6th, anticipates using the same kind of micro-auction processes that currently determine which ads users see in web pages and mobile apps. The implementation of public ad-targeting brings up some fascinating and chilling prospects, as users find that the ads which 'bloom' around them betray much about their private lives.

Submission + - AVTECH Shuns Security Firm and Leaves All Products Vulnerable Without a Patch (

An anonymous reader writes: AVTECH, a Taiwanese CCTV equipment manufacturer, has failed to respond to Search-Lab, a Hungarian security firm, who spent more than a year trying to inform the company about 14 security bugs affecting the firmware of ALL its products. Almost a year after it first contacted the hardware maker, Search-Lab published a public advisory about the vulnerabilities it discovered, warning sysadmins that their AVTECH products may be in danger of exploitation and remote takeover.

Search-Lab says their researchers is not the only one that spotted these issues. Currently, the term "AVTECH" is the second most popular search term on Shodan, where anyone can find more than 130,000 of these devices available online. Taking into account the recent attacks from IoT botnets, AVTECH is now on the same level of incompetence and indifference as other CCTV hardware makers such as AVer, Dahua, and TVT, all Chinese and Taiwanese companies.

A list of confirmed affected firmware versions is available here, proof of concept exploitation code is available on GitHub, and an exploitation video is available here.

Submission + - 130,000 Avtech IP Cameras, DVRs Can Be Easily Roped Into IoT Botnets (

Orome1 writes: Security researcher Gergely Eberhardt has unearthed over dozen of vulnerabilities in most IP cameras, NVRs and DVRs by Taiwanese manufacturer Avtech, including things like plaintext storage of administrative password and authentication bypass flaws. With all this information now public, and no patches from the manufacturer, these devices are ripe for getting compromised and conscripted into botnets.

Submission + - Bad science persists because poor methods are rewarded (

ananyo writes: In 1962 psychologist Jacob Cohen analysed 70 articles published in the Journal of Abnormal and Social Psychology and calculated their statistical power (a mathematical estimate of the probability that an experiment would detect a real effect). He reckoned most of the studies he looked at would actually have detected the effects their authors were looking for only about 20% of the time—yet, in fact, nearly all reported significant results. Scientists, Cohen surmised, were not reporting their unsuccessful research. Many papers must also actually be reporting false positives.
A new paper finds that little has changed in over 50 years. The average power of papers culled from 44 reviews published between 1960 and 2011 was about 24%. The authors build an evolutionary computer model to suggest why and show that poor methods that get "results" will inevitably prosper. They also show that replication efforts cannot stop the degradation of the scientific record as long as science continues to reward the volume of a researcher's publications--rather than their quality.

Submission + - Nokia Says It Can Deliver Internet 1,000x Faster Than Google Fiber (

An anonymous reader writes: Verizon Fios has topped Netflix's speed index for quite some time now with its 500 Mbps up and down internet speeds. When compared to dial-up speeds of about 56 Kbps, Fios is roughly 1000 times faster (since 500 Mbps is equivalent to 500,000 Kbps). Google Fiber on the other hand offers 1 Gbps speeds, but it's not as widely available as Fios as of yet. In a statement made to ZDNet last week, Nokia said it has figured out how to deliver internet that is 2,000 times faster than Verizon Fios, or 1,000 times faster than Google Fiber. Their technique is called Probabilistic Constellation Shaping (PCS), which can deliver 1 Tbps speeds over a fiber connection. "The trial of the novel modulation approach, known as Probabilistic Constellation Shaping (PCS), uses quadrature amplitude modulation (QAM) formats to achieve higher transmission capacity over a given channel to significantly improve the spectral efficiency of optical communications," Nokia explains. "PCS modifies the probability with which constellation points, the alphabet of the transmission, are used. Traditionally, all constellation points are used with the same frequency. PCS cleverly uses constellation points with high amplitude less frequently than those with lesser amplitude to transmit signals that, on average, are more resilient to noise and other impairments. This allows the transmission rate to be tailored to ideally fit the transmission channel, delivering up to 30 percent greater reach." Nokia's demonstration is described as being achieve in "real-world conditions," though there is no timeframe as to when the technology will be deployed in real networks.
User Journal

Journal Journal: Yet more false equivalencies: Hillary Clinton is NOT Mitt Romney 46

False equivalencies: Hillary Clinton is NOT Mitt Romney

There are certainly some things to dislike about Hillary, but I actually think she was being refreshingly honest with the "basket of deplorables" comment. You sure can't tell from the worthless commentary of the worthless media, but it is important to understand the REAL differences.

Slashdot Top Deals

As in certain cults it is possible to kill a process if you know its true name. -- Ken Thompson and Dennis M. Ritchie