Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment lower infosec budgets will INCREASE hacking damage (Score 3, Insightful) 177

This report looks at a lot of data, but (as noted in the Limitations section) it's only what was publicly available. Lots of breaches, especially w.r.t. ransomware, go unreported. Lots of breaches go undetected and/or aren't as easily measured as money (e.g. a rival company steals your un-patented trade secrets).

However, my biggest issue with this analysis is that its conclusion makes no sense. It says that the cost of cyber breaches is roughly equal to the cost of maintaining a defense. This paper fails to account for how money spent on cyber-defense reduces the money lost to cyber-attacks. If you're advocating for a radical reduction in InfoSec, this is the (only!) figure that matters.

Information Security is important, and there is good work being done here and more work needed. Cutting the InfoSec teams down will correlate to an increase in attacks that get through. This paper seems to be suggesting that reduced InfoSec budgets will somehow also limit the damage they combat. That makes no sense.


Stephen Hawking Wants To Find Aliens Before They Find Us (cnet.com) 275

Stephen Hawking is again reminding people that perhaps shouting about our existence to aliens is not the right way to go about it, especially if those aliens are more technologically advanced. In his new half-hour program dubbed, Stephen Hawking's Favorite Places, the theoretical physicist and cosmologist said (via CNET):"If intelligent life has evolved (on Gliese 832c), we should be able to hear it," he says while hovering over the exoplanet in the animated "U.S.S. Hawking." "One day we might receive a signal from a planet like this, but we should be wary of answering back. Meeting an advanced civilization could be like Native Americans encountering Columbus. That didn't turn out so well." Hawking manages to be both worried about exposing our civilization to aliens and excited about finding them. He supports not only Breakthrough: Listen, but also Breakthrough: Starshot, another initiative that aims to send tiny nanocraft to our closest neighboring star system, which was recently found to have an Earth-like planet.

Lenovo Denies Claims It Plotted With Microsoft To Block Linux Installs (theregister.co.uk) 180

Reader kruug writes: Several users noted certain new Lenovo machines' SSDs are locked in a RAID mode, with AHCI removed from the BIOS. Windows is able to see the SSD while in RAID mode due to a proprietary driver, but the SSD is hidden from Linux installations -- for which such a driver is unavailable. Speaking to The Register today, a Lenovo spokesperson claimed the Chinese giant "does not intentionally block customers using other operating systems on its devices and is fully committed to providing Linux certifications and installation guidance on a wide range of products."
Complaints on Lenovo's forums suggest that users have been unable to install GNU/Linux operating systems on models from the Yoga 900S to the Ideapad 710S, with one 19-page thread going into detail about the BIOS issue and users' attempts to work around it.


Microsoft Signature PC Requirements Now Blocks Linux Installation: Reports 467

Reader sombragris writes: According to a well-documented forum thread, the Signature PC program by Microsoft now requires to lock down PCs. This user found out that his Lenovo Yoga 900 ISK2 UltraBook has the SSD in a proprietary RAID mode which Linux does not understand and the BIOS is also locked down so it could not be turned off. When he complained that he was unable to install Linux, the answer he got was: "This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft."
Even worse, as the original poster said, "[t]he Yoga 900 ISK2 at Best Buy is not labeled as a Signature Edition PC, but apparently it is one, and Lenovo's agreement with Microsoft includes making sure Linux can't be installed." As some commenter said: "If you buy a computer with this level of lockdown you should be told."

There is also a report on ZDNet which looks very understanding towards Lenovo, but the fact remains: the SSD is locked down in a proprietary RAID mode that cannot be turned off.

Kindergarteners Today Get Little Time To Play, and It's Stunting Their Development (qz.com) 227

Christopher Brown Associate professor, University of Texas at Austin, writes:Researchers have demonstrated that five-year-olds are spending more time engaged in teacher-led academic learning activities than play-based learning opportunities that facilitate child-initiated investigations and foster social development among peers.During his research and investigation, Brown found that a typical kindergarten classroom sees kids and one teacher with them almost the entire school day. During this period, they engage in about 15 different academic activities, which include "decoding word drills, practicing sight words, reading to themselves and then to a buddy, counting up to 100 by ones, fives and tens, practicing simple addition, counting money, completing science activities about living things, and writing in journals on multiple occasions." Recess did not occur until the last hour of the day, and only lasted for about 15 minutes. He adds:For children between the ages of five and six, this is a tremendous amount of work. Teachers too are under pressure to cover the material. When I asked the teacher, who I interviewed for the short film, why she covered so much material in a few hours, she stated, "There's pressure on me and the kids to perform at a higher level academically." So even though the teacher admitted that the workload on kindergartners was an awful lot, she also said she was unable to do anything about changing it.

Submission + - What Happens When Judges Pull the Plug on Rural America (backchannel.com)

mirandakatz writes: After the Sixth Circuit Court of Appeals ruled in favor of restrictive state laws that prevent municipalities from setting up their own networks, Pinetops, North Carolina had its internet cut off. And that's just the tip of the iceberg: as Susan Crawford points out at Backchannel, the court decision is likely to spur the introduction of even more restrictive laws, making it increasingly difficult to ensure that we move the entire country over to fiber-plus-advanced-wireless, not leaving pockets of rural America without 21st century connectivity. For too long, local heroes have been fighting this fight—but Crawford argues that this needs to be a focus of the next president of the United States.

Submission + - Anonymous hacker explains his attack on Boston Children's Hospital (huffingtonpost.com)

Okian Warrior writes: Martin Gottesfeld of Anonymous was arrested in connection with the spring/2014 attacks on a number of health care and treatment facilities in the Boston area. The attacks were in response/defense of a patient there named Justina Pelletier.

Gottesfeld now explains why he did what he did, in a statement provided to The Huffington Post.


FBI Director James Comey: Cover Up Your Webcam (thehill.com) 168

An anonymous reader quotes a report from The Hill: The head of the FBI on Wednesday defended putting a piece of tape over his personal laptop's webcam, claiming the security step was a common sense one that most should take. "There's some sensible things you should be doing, and that's one of them," Director James Comey said during a conference at the Center for Strategic and International Studies. "You go into any government office and we all have the little camera things that sit on top of the screen," he added. "They all have a little lid that closes down on them. "You do that so that people who don't have authority don't look at you. I think that's a good thing." Comey was pilloried online earlier this year, after he revealed that he puts a piece of tap over his laptop camera to keep away prying eyes. The precaution is a common one among security advocates, given the relative ease of hacking laptop cameras. But many found it ironic for Comey, who this year launched a high profile battle against Apple to gain access to data locked inside of the iPhone used by one of the San Bernardino, Calif., terrorists. Many viewed that fight as a referendum on digital privacy.

None of Your Pixelated or Blurred Information Will Stay Safe On The Internet (qz.com) 139

The University of Texas at Austin and Cornell University are saying blurred or pixelated images are not as safe as they may seem. As machine learning technology improves, the methods used to hide sensitive information become less secure. Quartz reports: Using simple deep learning tools, the three-person team was able to identify obfuscated faces and numbers with alarming accuracy. On an industry standard dataset where humans had 0.19% chance of identifying a face, the algorithm had 71% accuracy (or 83% if allowed to guess five times). The algorithm doesn't produce a deblurred image -- it simply identifies what it sees in the obscured photo, based on information it already knows. The approach works with blurred and pixelated images, as well as P3, a type of JPEG encryption pitched as a secure way to hide information. The attack uses Torch (an open-source deep learning library), Torch templates for neural networks, and standard open-source data. To build the attacks that identified faces in YouTube videos, researchers took publicly-available pictures and blurred the faces with YouTube's video tool. They then fed the algorithm both sets of images, so it could learn how to correlate blur patterns to the unobscured faces. When given different images of the same people, the algorithm could determine their identity with 57% accuracy, or 85% percent when given five chances. The report mentions Max Planck Institute's work on identifying people in blurred Facebook photos. The difference between the two research is that UT and Cornell's research is much more simple, and "shows how weak these privacy methods really are."

Submission + - The YouTube Demonetization of 2016 (dailydot.com)

Striek writes:

On Wednesday, several YouTube creators posted videos that voiced concerns over the platform’s process of demonetizing videos for not being friendly to advertisers.

Many YouTube creators have similar concerns — that no, this isn't censorship in the strictest sense, but that YouTube owes its users a better commitment to free speech than most private companies due to its dominant marketplace position. Its criteria for videos being "advertiser-friendly" are also incredibly vague or restrictive, or both:

Content that is considered inappropriate for advertising includes:

Sexually suggestive content, including partial nudity and sexual humor
Violence, including display of serious injury and events related to violent extremism
Inappropriate language, including harassment, profanity and vulgar language
Promotion of drugs and regulated substances, including selling, use and abuse of such items
Controversial or sensitive subjects and events, including subjects related to war, political conflicts, natural disasters and tragedies, even if graphic imagery is not shown

You read that right — any YouTube video covering any war or natural disaster is considered inappropriate for advertising — which essentially includes all news and current events shows. This might not seem like a big deal to many people, but it would be, if you made your living creating YouTube videos. So while technically not censorship, many people are arguing YouTube has gone a few steps too far with this, and are likewise worried that this will be too selectively enforced.


Google Login Bug Allows Credential Theft (onthewire.io) 43

Trailrunner7 writes from a report via On the Wire: Attackers can add an arbitrary page to the end of a Google login flow that can steal users' credentials, or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it, but Google officials said they don't consider it a security issue. The bug results from the fact that the Google login page will take a specific, weak GET parameter. Using this bug, an attacker could add an extra step to the end of the login flow that could steal a user's credentials. For example, the page could mimic an incorrect password dialog and ask the user to re-enter the password. [Aidan Woods, the researcher who discovered the bug,] said an attacker also could send an arbitrary file to the target's browser any time the login form is submitted. In an email interview, Woods said exploiting the bug is a simple matter. "Attacker would not need to intercept traffic to exploit -- they only need to get the user to click a link that they have crafted to exploit the bug in the continue parameter," Woods said. Google told Woods they don't consider this a security issue.

Comment Ranked voting, please! (Score 1) 599

This might require considerable effort to get the GUI usable, but I think it'd be highly worthwhile to migrate polls to a non-plurality system involving ranking each item. Ideally, this would involve drag-and-drop of items into a final ranked list (favorite at the top, least favorite at the bottom) and then use a Condorcet method such as the Schulze method (as used by Debian, Ubuntu, Gentoo, FSFe, ...).

I think this would strongly benefit even polls like this one, where it's not as much "preference" as it is choosing what is most representative of your computing. Doubly if the poll's options were designed with that in mind. So, keeping it limited at 8 options (which seems like a sane number to me, btw), the current {BSD, deb, rpm, os x, solaris, win7+, older win, other} might become {deb, rpm, other free *nix, non-free *nix (OS X, solaris), win7+, older win, other free, other nonfree}, allowing people to better bucketize their responses, e.g. a Mint user might say deb, other free *nix, rpm, other free, non-free *nix, and then some arrangement of the remaining options.

This brings us to the question of how to deal with equals. Condorcet methods like Schulze don't facilitate such things (they need a winner for each pair of options for each voter), but it might be too much to ask people who e.g. don't care about non-free OSes to actually rank them; maybe they can just be randomized? You'll want a randomized listing of the options anyway (regardless of whether you have ranked voting, randomized poll options are essential for ensuring a sound experimental design ... though this may screw with polls designed to be read in a particular order, insert shed tear for CowboyNeal here), so if a user's less desired options are just left in whatever order they remain in after dragging the preferred options to the top, you get this by default, without any hidden randomization.

Let's come back to this poll and its groups; Win7+ is winning at 33%, but deb (27%) + rpm (7%) is tied at 32% (I assume ~2% error). If this were a ranked vote, even the simpler instant runoff format, we'd probably see Linux "win" unless there are enough flamers out there that e.g. despise RPM enough to promote Windows higher.

I'd particularly like to see what slashdotters would do with a ranked vote of the US presidential candidates (to compare with the plurality version run last month), though I also think that about most polls here (even e.g. vi/emacs/other given how many "others" there are).

(See also this older proposal for ranked voting and this example of the flaws in each voting method, which has a toy election in which each candidate wins with a different voting method.)


Belgians Are Hunting Books, Instead Of Pokemon (reuters.com) 38

An anonymous reader shares a Reuters report:Inspired by the success of Pokemon Go, a Belgian primary school headmaster has developed an online game for people to search for books instead of cartoon monsters, attracting tens of thousands of players in weeks. While with Pokemon Go, players use a mobile device's GPS and camera to track virtual creatures around town, Aveline Gregoire's version is played through a Facebook group called "Chasseurs de livres" ("Book hunters"). Players post pictures and hints about where they have hidden a book and others go to hunt them down. Once someone has finished reading a book, they "release" it back into the wild. "While I was arranging my library, I realized I didn't have enough space for all my books. Having played Pokemon Go with my kids, I had the idea of releasing the books into nature," Gregoire told Reuters. Though it was only set up a few weeks ago, more than 40,000 people are already signed up to Gregoire's Facebook group.

Facebook Knows Your Political Preferences (businessinsider.com) 183

Facebook knows a lot more about its users than they think. For instance, the New York Times reports, the company is categorizing its users as liberal, conservative, or moderate. These details are valuable for advertisers and campaign managers, especially ahead of the election season. From a BusinessInsider report: For some, Facebook is able to come to conclusions about your political leanings easily, if you mention a political party on your page. For those that are less open about politics on social media, Facebook makes assumptions based on pages you like. As The New York Times explained, if you like Ben and Jerry's Facebook page and most of the other people that like that page identify as liberal, Facebook might assume you too are liberal.

Slashdot Top Deals

Real Users are afraid they'll break the machine -- but they're never afraid to break your face.