Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Iron-age potters accidentally recorded Earth's magnetic field strength

Solandri writes: We've only been able to measure the Earth's magnetic field strength for about 2 centuries. During this time, there has been a gradual decline in the field strength. In recent years, the rate of decline seems to be accelerating, leading to some speculation that the Earth may be losing its magnetic field — a catastrophic possibility since the magnetic field is what protects life on Earth from dangerous solar radiation. Ferromagnetic particles in rocks provide a long-term history which tells us the poles have flipped numerous times. But uncertainties in dating the rocks prevents their use in understanding decade-scale magnetic field fluctuations.

Now a group of archeologists and geophysicists have come up with a novel way to produce decade-scale temporal measurements of the Earth's magnetic field strength from before the invention of the magnetometer. When iron-age potters fired their pottery in a kiln to harden it, it loosened tiny ferromagnetic particles in the clay. As the pottery cooled and these particles hardened, it captured a snapshot of the Earth's magnetic field. Crucially, the governments of that time required pottery used to collect taxed goods (e.g. a portion of olive oil sold) to be stamped with a royal seal. These seals changed over time as new kings ascended, or governments were completely replaced after invasion. Thus by cross-referencing the magnetic particles in the pottery with the seals, researchers were able to piece together a history of the Earth's magnetic field strength spanning from the 8th century BCE to the 2nd century BCE. Their findings show that large fluctuations in the magnetic field strength over a span of decades are normal.

Submission + - University DDoSed by Its Own IoT Devices (bleepingcomputer.com)

An anonymous reader writes: An unnamed university has suffered a DDoS attack at the hand of its own IoT devices, according to a sneak preview of Verizon's upcoming yearly data breach report. The DDoS attack was caused by an unnamed IoT malware strain that connected to the university's smart devices, changed their default password, and then launched brute-force attacks to guess the admin credentials of nearby devices.

Investigators said that the hacked devices would then start an abnormally high level of DNS lookups that flooded the university's DNS server, which in turn resulted in the server dropping many DNS requests, including legitimate student traffic. The university's IT team said that many of these rogue DNS requests were related to seafood-related domains. The university said that over 5,000 smart devices had been taken over during this incident. Investigators regained access over hijacked devices after they took the university's network offline and used a script to capture the new admin password, and then rewrite it with their own.

Submission + - Mars Exploration Rover - Opportunity - 13th Anniversary

cusco writes: January 25, 2004 the second Mars Exploration Rover landed on the Red Planet. Opportunity completed its 90-day mission without any major issues, and NASA requested funding for a mission extension. The mission has since been extended over a dozen times, and today marks the beginning of the 13th year of it's '90-day' mission. http://www.jpl.nasa.gov/missio...

The solar panels provide a maximum of 140 watts of power. The computer has 128 mb of RAM. Each of the six wheels has its own motor, and four of them are steerable. It landed wrapped in air bags and bounced 26 times before coming to a rest in Eagle Crater, within 25 kilometers of its initial target area. Designed to travel less than 100 meters a day, Opportunity has driven over 43 kilometers and returned over 200,000 photographs. It's currently on the rim of Endeavor Crater, traveling towards a water-cut gully a kilometer away. http://mars.nasa.gov/mer/missi...

Opportunity is now officially a teenager! Happy Birthday! http://www.jpl.nasa.gov/video/...

Comment Re:And people who back up to a network share, or r (Score 1) 236

I created a backup / warm spare system based on read-only rsync pull to a remote server that keeps several de-duplicated copies, and makes each backup bootable as a VM. I called it Clonebox.

Do you have a HOWTO or similar? I want to set up something like this with a new server (best practices from the start, so I hope)

Comment Re:They are totally different stories (Score 1) 430

I would just question the underlying assumption that improvements in communities will always makes our lives better. That's traditionally been that case in the past, but it doesn't necessarily follow that it will always be the case in the future. We could be reaching a point of either diminishing returns or even a point when communities actually could have a detrimental effect on our lives.

The city is a good example. It's improved our lives in many ways, but it's also created a whole new class of problems, headaches, and population overload. Are we really quantifiably happier today than we were 100 years ago? Well, we certainly have much easier access to many more jobs and benefit from its conveniences. But has it made our overall lives that much BETTER?

Now, get off of my lawn :-)

Submission + - Could Less Gassy Livestock Be a Cash Cow? (bloomberg.com)

schwit1 writes: The hamburgers and cheese that come from U.S. cattle may be favorite fare at many summer cookouts, but the methane the same cows produce is significantly less appetizing.

That's especially the case for sustainable investors looking for a low-emission place to park their cash. "Enteric fermentation," or livestock's digestive process, accounts for 22 percent of all U.S. methane emissions, and the manure they produce makes up 8 percent more, according to the U.S. Environmental Protection Agency.

Adding some Beano to their diet won't cut it?

Submission + - 10 Year-Old Teaches Hackers a Valuable Lesson In Privacy (csoonline.com)

itwbennett writes: At r00tz Asylum, a kids-only gathering at DEF CON, 10-year-old Evan Robertson presented his first-place winning school science fair project, which showed how quickly people will hand over their privacy for a little free Wi-Fi. Robertson set up a Wi-Fi hotspot with terms-of-service that would allow him to access or modify connecting devices 'in any way.' In his science fair experiment, 76 people at local malls and stores connected to his hotspot, and 40 of them (52%) accepted the TOS to gain access. And, proving that security pros aren't all quite as privacy-minded as you might expect them to be, Robertson later set up his hotspot at BSides San Antonio, where 41 people connected to his hotspot, and 20 of them accepted the TOS.

Submission + - Banks still not sanitizing user input.

BarbaraHudson writes: Recently I tried once again to use my bank's mobile app. I had deleted it a couple of times in the past because I could never get it to work. The bank had all sorts of excuses — "Maybe your card hasn't been activated for online banking", "You need to download the latest version", "We'll need to reset your password", "We'll issue you a new card", etc. New card, password reset both did nothing.

Turns out that entering the card number as shown on the card will never work. The card format is 9999 9999 9999 9999 (spaces between each group of 4 digits). They failed Rule 00; sanitize input.

Entering the number in that format will always fail. In this case they failed to remove spaces before testing whether the card number was valid. The android code to remove the embedded spaces is pretty generic one-liner:

String cardNo = edittext.getText().toString().replace(" ", "");

Looking at the online forums, others have had the same problem for the app's entire existence.

Having figured that out, I was immediately locked out for "too many failures to answer the security question". Of course, it never presented a security question, because the bozo who wrote the program incremented some "bad answer" counter on every login attempt, even if they never got to the point of seeing a security question. It also locks you out of using web banking on the same account..

Locking someone out of their account is now easy as pie, because it also works if the user enters their name instead of their card number. (If you have 5 John Smiths, you'll lock them all out, since access is granted based on both the user name and password matching if the account number isn't entered). Just load up an android app for the bank (I won't disclose which bank until 45 days have passed since notifying them today), enter their name and a bogus password a few times, and every John Smith is locked out. And of course, if the so-called developers are failing to do such basic input sanitation, it makes me pretty sure there are other intern-level programmer bugs are awaiting exploitation elsewhere.

Adding frustration is that they cannot do a password reset over the phone unless you have already signed up for telephone banking. Now why would anyone sign up for telephone banking when an app or the web is supposed to be more convenient? The excuse I was given is that they need it to establish my identity. So why not just text me an sms or email code that I can enter when requesting a password reset?

Lets hope other banks didn't use the same app geniuses.

Submission + - Elio Motors Locks-in $7300 Base Price For Their Ultra-Efficient 3-Wheel Car (fortune.com)

slinches writes: Elio Motors has locked in the base price of $7300 for non-refundable reservation holders for their 84mpg 3-wheel "autocycle". Reservations can be made for as little as $100 or as much as $1000 with higher values getting priority delivery when they go into production. The price is above the $6800 target that had been quoted for the last few years, but those who are willing to make a binding commitment to purchase a vehicle can sign an additional online form to knock their price back down to $7000. The locked-in prices will be available until they reach a total of 65,000 reservations (~57,000 have been made to date).

The startup car company is attempting to disrupt the auto industry by producing an efficient, affordable vehicle similar to what VW did with the $1699 Beetle in 1968, but at an even more affordable price (the Beetle cost $11,768 in 2016 dollars)

The vehicle itself, while technically a motorcycle under federal law, is controlled like a car with a steering wheel and pedals. Most states have enacted legislation exempting such vehicles from the extra license endorsements or helmet requirements that motorcycles and trikes normally need. Standard features of the base model include an enclosed cabin with A/C, heat, cruise control and power windows & door lock.

Submission + - Visual Studio 2015 c++ compiler secretly inserts telemetry code into binaries (infoq.com) 4

edxwelch writes: Reddit user "sammiesdog" discovered recently that the Visual Studio 2015 c++ compiler was inserting calls to a Microsoft telemetery function into binaries.
"I compiled a simple program with only main(). When looking at the compiled binary in Ida, I see a calls for telemetry_main_invoke_trigger and telemetry_main_return_trigger. I can not find documentation for these calls, either on the web or in the options page."
Only after the discovery did Steve Carroll, the dev manager for Visual C++, admit to the feature and posted a work around. The "feature" is to be removed in Update 3 of the product.

Submission + - Killing two Schrödinger's cats with one stone... (yale.edu)

slew writes: If it wasn't enough that inside a box, you can have a half alive, half dead cat, apparently you can split a quantum mechanical "cat" into two boxes and through the wonders of quantum entanglement, you might be able kill two cats with one stone...

Okay, they didn't use real cats, or boxes (just a microwaves in a resonator cavity), but they performed an actual experiment, not just a thought experiment.

Apparently, this entertaining research might have some actual practical uses for circuit quantum electrodynamics (cQED) in some sort of boring (yawn) quantum computer error correction capacity, someday... But I'm still waiting for the real cat experiment...

Submission + - Schneier: security claims are unfalsifiable (schneier.com)

An anonymous reader writes: "While the claim that countermeasures are sufficient is always subject to correction, the claim that they are necessary is not. Thus, the response to new information can only be to ratchet upward: newly observed or speculated attack capabilities can argue a countermeasure in, but no possible observation argues one out."

As a consequence "Once we go wrong we stay wrong and errors accumulate, and we have no systematic way to rank or prioritize measures."

Original paper: http://research.microsoft.com/...

Slashdot Top Deals

"When the going gets tough, the tough get empirical." -- Jon Carroll

Working...