Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Also happens in CS research (Score 1) 43

I have seen quite a bit of it and know of several CS PhDs that are based on bogus results. The tragedy is that people doing their research properly will take significantly longer and have much diminished chances at an academic career. And this effect propagates: First PhD students advance on bogus results, then they become professors on fraud and finally the whole research field is broken.

The Almighty Buck

Accenture Patents a Blockchain-Editing Tool (techweekeurope.co.uk) 59

A blockchain "produces a permanent ledger of transactions with which no one can tamper," reports TechWeekEurope. "Until now." Slashdot reader Mickeycaskill quotes their report: One of the core principles of Blockchain technology has potentially been undermined by the creation of an editing tool. The company responsible however, Accenture, says edits would only be carried out "under extraordinary circumstances to resolve human errors, accommodate legal and regulatory requirements, and address mischief and other issues, while preserving key cryptographic features..."

Accenture's move to create an editing system will no doubt be viewed by some technology observers as a betrayal of what blockchain technology is all about. But the company insisted it is needed, especially in the financial services industry... "The prototype represents a significant breakthrough for enterprise uses of blockchain technology particularly in banking, insurance and capital markets," said Accenture.

They're envisioning "permissioned" blockchain systems, "managed by designated administrators under agreed governance rules," while acknowledging that cyptocurrency remains a different environment where "immutable" record-keeping would still be essential.

Comment Re:Wait a minute.. (Score 1) 179

It is pretty unlikely this attack needed source spoofing. Far more likely each insecure IoT device only contributed a trickle, and that with a legitimate IP address.

What is needed instead is to make manufacturers of these crappy, insecure devices liable for the full damage caused. They can then try to get that money back from the attackers (good luck with that...).

Security

Why the Silencing of KrebsOnSecurity Opens a Troubling Chapter For the Internet (arstechnica.com) 179

An anonymous reader quotes a report from Ars Technica: For the better part of a day, KrebsOnSecurity, arguably the world's most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn't like a recent series of exposes reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here. On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours' notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it's twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn't rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease. The attackers used Internet-of-things devices since they're always-connected and easy to "remotely commandeer by people who turn them into digital cannons that spray the internet with shrapnel." "The biggest threats as far as I'm concerned in terms of censorship come from these ginormous weapons these guys are building," Krebs said. "The idea that tools that used to be exclusively in the hands of nation states are now in the hands of individual actors, it's kind of like the specter of a James Bond movie." While Krebs could retain a DDoS mitigation service, it would cost him between $100,000 and $200,000 per year for the type of protection he needs, which is more than he can afford. What's especially troubling is that this attack can happen to many other websites, not just KrebsOnSecurity.
Iphone

People Are Drilling Holes Into Their iPhone 7 To 'Make a Headphone Jack' (craveonline.com) 184

TechRax -- a popular YouTuber who destroys technology for fame and riches -- has uploaded a video where he drills a hole into an iPhone 7, claiming it to be a "secret hack" to reinstall a headphone jack in the device. The only problem is that he didn't tell people it was a joke, and of course, some people fell for it. Crave Online reports: The YouTube video has amassed over 7.5 million views since being posted online last week, with it attracting 81,000 dislikes in the process. The comments section is currently torn between people who are in on the joke, people who criticize TechRax for damaging his iPhone 7, and most unfortunately, people who have tried the "hack" out for themselves. Although this is YouTube so you can never be quite sure of whether or not these folks are trolling, parsing the comments section reveals some pretty convincing complaints lobbed in TechRax's direction. It's also firmly believable that there are people dumb enough to attempt drilling a hole into their iPhone 7, which is unfortunate but that's the way the world is in 2016. You can read the comments under the YouTube video for more "convincing complaints." But as if the report didn't make it clear enough already, the video is a joke. Apple removed the headphone jack and there's no way to get it back, unless you use an adapter.

Comment Re:So basically ... the attack wins? (Score 1) 192

Akamai was hosting him for free. Of couse, a smarter move would have been to say "We are Akamai, sites hosted by us do not go down" and exploit this for all its PR value. Of course, that takes management with a vision, MBA bean-counters do not need to apply.

Comment Re:Why compare to the pi? (Score 2) 200

Indeed. While there are plenty of devices in the same price range than the Pi that are massively better designed (the RPi design team is both incompetent and using inferior components because of their tie with Broadcom, see, e.g., the bad networking and USB and missing SATA), this one here is not even in the competition.

Hardware

SolidRun x86 Braswell MicroSoM Runs Linux and Full Windows 10, Destroys Raspberry Pi (betanews.com) 200

BetaNews has a report today about a company called SolidRun, which has announced an Intel Braswell-based MicroSoM. Unlike the ARM-powered Raspberry Pi, this is x86 compatible, meaning it can run full Windows 10. Plus, if you install a Linux distro, there will be far more packages available, such as Google Chrome, which is not available for Pi. Heck, it can probably serve as a secondary desktop, Brian with the site writes. From the report: At 53mm by 40mm, these new MicroSoMs provide unheard of design flexibility while also eliminating the headache of having to design complicated power-delivery subsystems thanks to its single power input rail design. SolidRun's Braswell MicroSoM also offers flexibility in RAM options, ranging from 1GB to 8GB configurations, and offers on-board support of eMMC storage up to 128GB. Its robust design and unsurpassed HD Edge surveillance, event detection, and statistical data-extraction capabilities makes it the platform of choice for mission-critical applications requiring guaranteed reliability," says Solidrun.It starts at $117, the website has more details on specifications.
Hardware

SolidRun x86 Braswell MicroSoM Runs Linux and Full Windows 10, Destroys Raspberry Pi (betanews.com) 200

BetaNews has a report today about a company called SolidRun, which has announced an Intel Braswell-based MicroSoM. Unlike the ARM-powered Raspberry Pi, this is x86 compatible, meaning it can run full Windows 10. Plus, if you install a Linux distro, there will be far more packages available, such as Google Chrome, which is not available for Pi. Heck, it can probably serve as a secondary desktop, Brian with the site writes. From the report: At 53mm by 40mm, these new MicroSoMs provide unheard of design flexibility while also eliminating the headache of having to design complicated power-delivery subsystems thanks to its single power input rail design. SolidRun's Braswell MicroSoM also offers flexibility in RAM options, ranging from 1GB to 8GB configurations, and offers on-board support of eMMC storage up to 128GB. Its robust design and unsurpassed HD Edge surveillance, event detection, and statistical data-extraction capabilities makes it the platform of choice for mission-critical applications requiring guaranteed reliability," says Solidrun.It starts at $117, the website has more details on specifications.
Earth

Stephen Hawking Wants To Find Aliens Before They Find Us (cnet.com) 275

Stephen Hawking is again reminding people that perhaps shouting about our existence to aliens is not the right way to go about it, especially if those aliens are more technologically advanced. In his new half-hour program dubbed, Stephen Hawking's Favorite Places, the theoretical physicist and cosmologist said (via CNET):"If intelligent life has evolved (on Gliese 832c), we should be able to hear it," he says while hovering over the exoplanet in the animated "U.S.S. Hawking." "One day we might receive a signal from a planet like this, but we should be wary of answering back. Meeting an advanced civilization could be like Native Americans encountering Columbus. That didn't turn out so well." Hawking manages to be both worried about exposing our civilization to aliens and excited about finding them. He supports not only Breakthrough: Listen, but also Breakthrough: Starshot, another initiative that aims to send tiny nanocraft to our closest neighboring star system, which was recently found to have an Earth-like planet.

Comment Re:Serious question about this (Score 1) 169

The root-cause is almost universally greed and stupidity among the higher-ups, leading to

- IT security people that are overworked, unappreciated and came from the pool of "cheapest possible"
      (as a result, everybody hates them, because they do no good, but prevent people from doing their work)
- Lack of IT security people
- Developers of security-critical software being "cheapest possible" or outsources in the same quality-class
- System-administration being outsourced or overworked, and again "cheapest possible"
- Bad work environment, so anybody really good leaves and the rest stop caring about the company
- A culture where security must never stand in the way of earning money
- A policy of "shoot the messenger" often also contributes a lot.

If you think that Marissa messed this one up, then you are right on target. Of course she had help from the rest of the company "leaders" and Yahoo was in pretty bad shape even before she took over. Years back I had a domain with them, and 23 (!) different tech-support people did not understand what I meant when I wanted to run my own DNS servers. That was the last time ever I considered doing business with them.

Microsoft

Microsoft Signature PC Requirements Now Blocks Linux Installation: Reports 467

Reader sombragris writes: According to a well-documented forum thread, the Signature PC program by Microsoft now requires to lock down PCs. This user found out that his Lenovo Yoga 900 ISK2 UltraBook has the SSD in a proprietary RAID mode which Linux does not understand and the BIOS is also locked down so it could not be turned off. When he complained that he was unable to install Linux, the answer he got was: "This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft."
Even worse, as the original poster said, "[t]he Yoga 900 ISK2 at Best Buy is not labeled as a Signature Edition PC, but apparently it is one, and Lenovo's agreement with Microsoft includes making sure Linux can't be installed." As some commenter said: "If you buy a computer with this level of lockdown you should be told."

There is also a report on ZDNet which looks very understanding towards Lenovo, but the fact remains: the SSD is locked down in a proprietary RAID mode that cannot be turned off.

Slashdot Top Deals

Doubt is not a pleasant condition, but certainty is absurd. - Voltaire

Working...