Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Could Less Gassy Livestock Be a Cash Cow? (

schwit1 writes: The hamburgers and cheese that come from U.S. cattle may be favorite fare at many summer cookouts, but the methane the same cows produce is significantly less appetizing.

That's especially the case for sustainable investors looking for a low-emission place to park their cash. "Enteric fermentation," or livestock's digestive process, accounts for 22 percent of all U.S. methane emissions, and the manure they produce makes up 8 percent more, according to the U.S. Environmental Protection Agency.

Adding some Beano to their diet won't cut it?

Submission + - 10 Year-Old Teaches Hackers a Valuable Lesson In Privacy (

itwbennett writes: At r00tz Asylum, a kids-only gathering at DEF CON, 10-year-old Evan Robertson presented his first-place winning school science fair project, which showed how quickly people will hand over their privacy for a little free Wi-Fi. Robertson set up a Wi-Fi hotspot with terms-of-service that would allow him to access or modify connecting devices 'in any way.' In his science fair experiment, 76 people at local malls and stores connected to his hotspot, and 40 of them (52%) accepted the TOS to gain access. And, proving that security pros aren't all quite as privacy-minded as you might expect them to be, Robertson later set up his hotspot at BSides San Antonio, where 41 people connected to his hotspot, and 20 of them accepted the TOS.

Submission + - Banks still not sanitizing user input.

BarbaraHudson writes: Recently I tried once again to use my bank's mobile app. I had deleted it a couple of times in the past because I could never get it to work. The bank had all sorts of excuses — "Maybe your card hasn't been activated for online banking", "You need to download the latest version", "We'll need to reset your password", "We'll issue you a new card", etc. New card, password reset both did nothing.

Turns out that entering the card number as shown on the card will never work. The card format is 9999 9999 9999 9999 (spaces between each group of 4 digits). They failed Rule 00; sanitize input.

Entering the number in that format will always fail. In this case they failed to remove spaces before testing whether the card number was valid. The android code to remove the embedded spaces is pretty generic one-liner:

String cardNo = edittext.getText().toString().replace(" ", "");

Looking at the online forums, others have had the same problem for the app's entire existence.

Having figured that out, I was immediately locked out for "too many failures to answer the security question". Of course, it never presented a security question, because the bozo who wrote the program incremented some "bad answer" counter on every login attempt, even if they never got to the point of seeing a security question. It also locks you out of using web banking on the same account..

Locking someone out of their account is now easy as pie, because it also works if the user enters their name instead of their card number. (If you have 5 John Smiths, you'll lock them all out, since access is granted based on both the user name and password matching if the account number isn't entered). Just load up an android app for the bank (I won't disclose which bank until 45 days have passed since notifying them today), enter their name and a bogus password a few times, and every John Smith is locked out. And of course, if the so-called developers are failing to do such basic input sanitation, it makes me pretty sure there are other intern-level programmer bugs are awaiting exploitation elsewhere.

Adding frustration is that they cannot do a password reset over the phone unless you have already signed up for telephone banking. Now why would anyone sign up for telephone banking when an app or the web is supposed to be more convenient? The excuse I was given is that they need it to establish my identity. So why not just text me an sms or email code that I can enter when requesting a password reset?

Lets hope other banks didn't use the same app geniuses.

Submission + - Elio Motors Locks-in $7300 Base Price For Their Ultra-Efficient 3-Wheel Car (

slinches writes: Elio Motors has locked in the base price of $7300 for non-refundable reservation holders for their 84mpg 3-wheel "autocycle". Reservations can be made for as little as $100 or as much as $1000 with higher values getting priority delivery when they go into production. The price is above the $6800 target that had been quoted for the last few years, but those who are willing to make a binding commitment to purchase a vehicle can sign an additional online form to knock their price back down to $7000. The locked-in prices will be available until they reach a total of 65,000 reservations (~57,000 have been made to date).

The startup car company is attempting to disrupt the auto industry by producing an efficient, affordable vehicle similar to what VW did with the $1699 Beetle in 1968, but at an even more affordable price (the Beetle cost $11,768 in 2016 dollars)

The vehicle itself, while technically a motorcycle under federal law, is controlled like a car with a steering wheel and pedals. Most states have enacted legislation exempting such vehicles from the extra license endorsements or helmet requirements that motorcycles and trikes normally need. Standard features of the base model include an enclosed cabin with A/C, heat, cruise control and power windows & door lock.

Submission + - Visual Studio 2015 c++ compiler secretly inserts telemetry code into binaries ( 4

edxwelch writes: Reddit user "sammiesdog" discovered recently that the Visual Studio 2015 c++ compiler was inserting calls to a Microsoft telemetery function into binaries.
"I compiled a simple program with only main(). When looking at the compiled binary in Ida, I see a calls for telemetry_main_invoke_trigger and telemetry_main_return_trigger. I can not find documentation for these calls, either on the web or in the options page."
Only after the discovery did Steve Carroll, the dev manager for Visual C++, admit to the feature and posted a work around. The "feature" is to be removed in Update 3 of the product.

Submission + - Killing two Schrödinger's cats with one stone... (

slew writes: If it wasn't enough that inside a box, you can have a half alive, half dead cat, apparently you can split a quantum mechanical "cat" into two boxes and through the wonders of quantum entanglement, you might be able kill two cats with one stone...

Okay, they didn't use real cats, or boxes (just a microwaves in a resonator cavity), but they performed an actual experiment, not just a thought experiment.

Apparently, this entertaining research might have some actual practical uses for circuit quantum electrodynamics (cQED) in some sort of boring (yawn) quantum computer error correction capacity, someday... But I'm still waiting for the real cat experiment...

Submission + - Schneier: security claims are unfalsifiable (

An anonymous reader writes: "While the claim that countermeasures are sufficient is always subject to correction, the claim that they are necessary is not. Thus, the response to new information can only be to ratchet upward: newly observed or speculated attack capabilities can argue a countermeasure in, but no possible observation argues one out."

As a consequence "Once we go wrong we stay wrong and errors accumulate, and we have no systematic way to rank or prioritize measures."

Original paper:

Submission + - When DNA Implicates the Innocent (

schwit1 writes: The criminal justice system’s reliance on DNA evidence, often treated as infallible, carries significant risks.

In December 2012 a homeless man named Lukis Anderson was charged with the murder of Raveesh Kumra, a Silicon Valley multimillionaire, based on DNA evidence. The charge carried a possible death sentence. But Anderson was not guilty. He had a rock-solid alibi: drunk and nearly comatose, Anderson had been hospitalized—and under constant medical supervision—the night of the murder in November. Later his legal team learned his DNA made its way to the crime scene by way of the paramedics who had arrived at Kumra's residence. They had treated Anderson earlier on the same day—inadvertently “planting” the evidence at the crime scene more than three hours later. The case, presented in February at the annual American Academy of Forensic Sciences meeting in Las Vegas, provides one of the few definitive examples of a DNA transfer implicating an innocent person and illustrates a growing opinion that the criminal justice system's reliance on DNA evidence, often treated as infallible, actually carries significant risks.

Submission + - Japan responds to Boston Robotics' New Atlas demo video. (

An anonymous reader writes: Some seven weeks ago, a new light-weight version of the american Atlas humanoid robot made global headlines by easily walking in the woods and getting up from serious physical abuse.
( )

At that time many netizens wondered how the once dominating japanese robotics industry has lost traction with their cute, but fragile and limited ASIMO humanoid model? Today, SCHAFT company, the former robotics lab of Tokyo University and winner of the 2013 DARPA Challenge Trials, demonstrated their response to the american Terminator.

The yet-unnamed and torsoless, bipedal robot looks like a petite hybrid of H.G. Wells' martian space invaders and Imperial chicken walkers. Although SCHAFT still needs to improve the robot's speed, it can carry 60kg / 132lbs cargo, keep balance over loose pipes, fit in narrow corridors and move over rough terrain, including sandy beaches and a walk in the woods that resembles the New Atlas video.

Google and its Alphabet parent company may now rejoice, since they own both of these demonstrably successful robotic tech houses and won't be cut off from the pioneering scene, even after they have sold off the Boston Robotics branch. On the other hand, the menial and humiliating chores assigned to SCHAFT's robot, like spin-brushing floors and serving dishes to human masters, may influence a future cybernetic uprisal just as much as those heavy kicks suffered by the New Atlas.

Submission + - Japan testing fingerprints as 'currency'. What could go wrong? (

schwit1 writes: Starting this summer, the government will test a system in which foreign tourists will be able to verify their identities and buy things at stores using only their fingerprints.

The government hopes to increase the number of foreign tourists by using the system to prevent crime and relieve users from the necessity of carrying cash or credit cards. It aims to realize the system by the 2020 Tokyo Olympic and Paralympic Games.

The experiment will have inbound tourists register their fingerprints and other data, such as credit card information, at airports and elsewhere.

Tourists would then be able to conduct tax exemption procedures and make purchases after verifying their identities by placing two fingers on special devices installed at stores.

The Inns and Hotels Law requires foreign tourists to show their passports when they check into ryokan inns or hotels.

The government plans to substitute fingerprint authentication for that requirement.

Submission + - Conditions for life may hinge on how fast the universe is expanding (

sciencehabit writes: Scientists have known for several years now that stars, galaxies, and almost everything in the universe is moving away from us (and from everything else) at a faster and faster pace. Now, it turns out that the unknown forces behind the rate of this accelerating expansion—a mathematical value called the cosmological constant—may play a previously unexplored role in creating the right conditions for life. That’s the conclusion of a group of physicists who studied the effects of massive cosmic explosions, called gamma ray bursts, on planets. They found that when it comes to growing life, it’s better to be far away from your neighbors—and the cosmological constant helps thin out the neighborhood.

Submission + - Google Self-Driving Car Might Have Caused First Crash in Autonomous Mode (

An anonymous reader writes: While driving in autonomous mode, a Google self-driving car was involved in an accident with a public bus in California on Valentine’s Day, according to an accident report filed with the California DMV.

The accident report, signed by Chris Urmson, says the Google self-driving car was trying to get around some sandbags on a street when its left front struck the bus’ right side. The car was going 2 mph, while the bus was going 15 mph.

Google said its car’s safety driver thought the bus would yield. No injuries were reported.
If it’s determined the Google self-driving car was at fault, it would be the first time one of its cars caused an accident while in autonomous mode.

Slashdot Top Deals

"Take that, you hostile sons-of-bitches!" -- James Coburn, in the finale of _The_President's_Analyst_