Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Snake oil salesman (Score 1) 49

Ha ha. That's a common joke about the security industry. There is some truth to it.

What's great with bug bounty programs is that customers pay for results. You pay for valid and useful vulnerability reports. You don't pay for reports that are not useful. For hackers to make money (and the best ones make a lot of money), they must produce useful and relevant vulnerability reports.

That's a HUGE difference compared to traditional security products and services and it explains why bug bounty programs are becoming so popular. They are much more effective than any other method of finding vulns in live software.

Comment Re:70,000 white hat hackers? (Score 1) 49

Yep, 70,000 is a lot! The number keeps growing, and we hope to get to a million. To serve all companies and government organizations worldwide who will be needing bug bounty programs, we need a lot of excellent hackers.

It should also be noted that it takes a lot of hacking to find even a simple vulnerability. Of the 70,000 hacker accounts we have, about 1 in 6 have filed an actual vulnerability report. To help them get going, we have an ebook on hacking that we give to new hackers. Once new hackers get the hang of bug hunting they can advance fast, earning more and more reputation points. When you sign up at HackerOne, you start at 100 points. Our most prolific hackers have reached 10,000 points. You can do it, too!

Comment Re:Second coming of teams of ethical hackers (Score 1) 49

Yep this is true. It is also a common situation that humanity has dealt with successfully many times. To keep a ship afloat, you must find and fix every hole. Even one hole might sink it. To keep an aircraft safely flying, similarly every safety aspect must be in shape. Shipping and airlines have great safety track record these days.

To keep software secure, you must attempt to fix all serious vulnerabilities. You may never get to 100% vuln-free software, but the closer you get and the faster you can asymptotically move towards that goal, the more you reduce your cybersecurity risk.

Comment Re:Second coming of teams of ethical hackers (Score 2) 49

It has taken decades for the industry to get used to bug bounties. The first one was in 1981. Now it is starting to be very real. HackerOne has already paid out over $10,000 to hackers and researchers around the world. One hacker has made over half a million dollars. Another recently bought an apartment for his mother with the bounty money he had made. Still lots of work and education to do, but it is very much moving in the right direction. An example: the US DoD now committing $7m to vulnerability disclosure programs.

- Marten (HackerOne CEO)

Open Source

Dropbox Open Sources New Lossless Middle-Out Image Compression Algorithm ( 135

Dropbox announced on Thursday that it is releasing its image compression algorithm dubbed Lepton under an Apache open-source license on GitHub. Lepton, the company writes, can both compress and decompress files, and for the latter, it can work while streaming. Lepton offers a 22% savings reductions for existing JPEG images, and preserves the original file bit-for-bit perfectly. It compresses JPEG files at a rate of 5MB/s and decodes them back to the original bit at 15MB/s. The company says it has used Lepton to encode 16 billion images saved to Dropbox, and continues to utilize the technology to recode its older images. You can find more technical details here.

Ubuntu's Unity desktop environment can run in Windows ( 170

An anonymous Slashdot reader writes: "This is one of the coolest tickets I've seen on GitHub," writes Ubuntu developer Adolfo Jayme Barrientos, adding "this kind of surreal compatibility between platforms is now enabled...the fact that you can execute and use Linux window managers there, without virtual machines, is simply mind-blowing."

"The Windows 10 Anniversary Update coming in August includes an unusual feature aimed at developers: an Ubuntu sub-system that lets you run Linux software using a command-line interface," explains "Preview versions have been available since April, and while Microsoft and Canonical worked together to bring support for the Bash terminal to Windows 10, it didn't take long for some users to figure out that they could get some desktop Linux apps to run in Windows. Now it looks like you can even load Ubuntu's Unity desktop environment, making windows 10 look like Ubuntu.


California Researchers Build The World's First 1,000-Processor Chip ( 205

An anonymous reader quotes a report from the University of California, Davis about the world's first microchip with 1,000 independent programmable processors: The 1,000 processors can execute 115 billion instructions per second while dissipating only 0.7 Watts, low enough to be powered by a single AA battery...more than 100 times more efficiently than a modern laptop processor... The energy-efficient "KiloCore" chip has a maximum computation rate of 1.78 trillion instructions per second and contains 621 million transistors.
Programs get split across many processors (each running independently as needed with an average maximum clock frequency of 1.78 gigahertz), "and they transfer data directly to each other rather than using a pooled memory area that can become a bottleneck for data." Imagine how many mind-boggling things will become possible if this much processing power ultimately finds its way into new consumer technologies.

Submission + - 31 Ways to Know Your Project is Doomed

Esther Schindler writes: We've all been there: The project went horribly wrong. Nobody was happy with the application or product (if it ever did ship). And you're ashamed to let anyone know you had anything to do with it. Especially since, with hindsight, you realize that the Signs Of Doom were there all along, and you missed them. When THIS happened, you should have known....!

This article shares 31 project danger signs you should recognize, so you can decide if it's possible to fix them or bail. But oh, we can be so certain that there are plenty more to add...!

Submission + - Don't be fooled by Opera browser claim of 150% battery life (

richi writes: The Opera Web browser has a new 'power-saving' feature. Opera claims you can get 'up to' 50% more battery life — but is that likely? Uh, NO!

Yes, the actual software tweaks will make a difference, but the tests Opera's quoting are skewed, unscientific, and compare apples to oranges. But what do you expect from a company that's trying to get bought by a Chinese consortium for more than $1.2 billion?

Comment This isn't a victory for Behring-Breivik. (Score 3, Insightful) 491

Someone once pointed out that hoping a rapist gets raped in prison isn't a victory for his victim(s), because it somehow gives him what he had coming to him, but it's actually a victory for rape and violence. I wish I could remember who said that, because they are right. The score doesn't go Rapist: 1 World: 1. It goes Rape: 2.

What this man did is unspeakable, and he absolutely deserves to spend the rest of his life in prison. If he needs to be kept away from other prisoners as a safety issue, there are ways to do that without keeping him in solitary confinement, which has been shown conclusively to be profoundly cruel and harmful.

Putting him in solitary confinement, as a punitive measure, is not a victory for the good people in the world. It's a victory for inhumane treatment of human beings. This ruling is, in my opinion, very good and very strong for human rights, *precisely* because it was brought by such a despicable and horrible person. It affirms that all of us have basic human rights, even the absolute worst of us on this planet.

Open Source

Infographic: Ubuntu Linux Is Everywhere 185

prisoninmate writes: To celebrate the launch of Ubuntu 16.04 LTS, due for release later this month, on April 21, Canonical put together an interesting infographic, showing the world how popular Ubuntu is. From the infographic, it looks like there are over 60 million Ubuntu images launched by Docker users, 14 million Vagrant images of Ubuntu 14.04 LTS from HashiCorp, 20 million launches of Ubuntu instances during 2015 in public and private clouds, as well as bare metal, and 2 million new Ubuntu Cloud instances launched in November 2015. Ubuntu is used on the International Space Station, on the servers of popular online services like Netflix, Snapchat, Pinterest, Reddit, Dropbox, PayPal, Wikipedia, and Instagram, in Google, Tesla, George Hotz, and Uber cars. It is also employed at Bloomberg, Weta Digital and Walmart, at the Brigham Young University to control the Mars Rover, and it is even behind the largest supercomputer in the world.

Slashdot Top Deals

Earth is a beta site.