Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror

Submission + - Ask Slashdot: What Note-Taking App Do You Use? 1

Submitted by Anonymous Coward
An anonymous reader writes: This column about a writer's struggle to find the perfect note-taking app resonated a lot with me. "A singular productivity tool that works for everyone is a unicorn — beautiful, perfect, and completely fictional. Still, there has to be some sort of middle ground between an unachievable fantasy and the current landscape. I would happily settle for two, maybe three apps. Honestly, less than 10 is all I’m asking for. Until then, my phone and laptop will be a cluttered mess of productivity apps that only do half their jobs," writes Victoria Song.

Over the years, I have tried Notion, Apple Notes, the good old Windows' Notepad, Roam Research, Obsidian, Google Keep, Google Docs, and OneNote among possible many more that I am unable to recall anymore. Some support Apple Pencil, which is one of the usecases I find useful. Roam Research did not even have a native app for mobile devices for the longest time. Some applications are good, but they don't support online syncing, or support syncing with only a particular storage service. Out of curiosity, and forget my usecases — as I admit I have not mentioned many — how do you maintain your notes for work and personal life. (I have been using physical notepads a lot more in recent months.)

Submission + - Giant diamonds may hold the key to superdeep earthquakes (sciencemag.org)

Submitted by sciencehabit
sciencehabit writes: Earthquakes shouldn’t occur more than 300 kilometers below Earth’s surface, according to most geophysical models. Yet they commonly do—a phenomenon that has mystified seismologists for decades. Now, researchers suggest water carried by tectonic plates shoved beneath continents could be triggering these deep temblors. The find may also explain another marvel: why a huge number of fist-size diamonds form at this depth.

Once rocks in tectonic slabs reach temperatures above 580C, they are less able to hold water. As that water floods out of the slab, it weakens the surrounding rocks and triggers quakes, the team reports. This water, typically chock-full of dissolved minerals, would also be available to fuel diamond formation.

Further work in both the lab and the field will be needed to fully understand the relationships between water released from sinking slabs and deep earthquakes. In the meantime, it’s clear that diamonds that form at those depths, imperfections and all, will be critical to teasing out the details of the story.

Submission + - Faulty software lands postmasters and postmistresses in prison. (bbc.co.uk)

Submitted by Martin S.
Martin S. writes: Today the UK will Court of Appeal will issue its ruling on A group of 42 sub-postmasters and postmistresses will learn later whether convictions for stealing money will be quashed amid a Post Office IT scandal.

This case has been rumbling on for over a decade Post Office scandal: What the Horizon saga is all about

As a software geek, the part I find most troubling is that blind faith that those in authority placed in the software without proper accounting. Accounting systems and Software are deterministic, well they should be. IFF the system/software worked correctly this missing money must have shown up somewhere. Software defects are always traceable. It might be expensive and time consuming but persistence will win in the end. Somebody somewhere is responsible for this and defacto framing of these people is criminal in principle, if not in law.

Submission + - Autopilot lie exposed by consumer reports. (arstechnica.com)

Submitted by Rei_is_a_dumbass
Rei_is_a_dumbass writes: Elon Musk has tweeted that "data logs recovered so far show Autopilot was not enabled." Tesla defenders also insisted that Autopilot couldn't have been active because the technology doesn't operate unless someone is in the driver's seat. Consumer Reports decided to test this latter claim by seeing if it could get Autopilot to activate without anyone in the driver's seat.

It turned out not to be very difficult.

Submission + - Latest Windows preview build adds support for Linux GUI apps (windows.com)

Submitted by jonesy16
jonesy16 writes: While users have long been able to run Linux GUI apps on Windows by installing a separate X Server, this marks the first time that native support is available through the Windows Subsystem for Linux (WSL). Audio support and hardware acceleration are also provided, seemingly enabling a limitless set of use cases for those wishing to live the dual OS life. The change is identified in the recent preview build release along with a more in-depth discussion of the graphical subsystem now called WSLg.

Submission + - Introducing Crowdsec: A Modernized, Collaborative Massively Multiplayer Firewall (linuxsecurity.com)

Submitted by b-dayyy
b-dayyy writes: CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool.

CrowdSec is free and open-source (under an MIT License), with the source code available on GitHub. It uses a behavior analysis system to qualify whether someone is trying to hack you, based on your logs. If your agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users sharing a similar technological profile to “immunize” them against this IP.

The goal is to leverage the power of the crowd to create a real-time IP reputation database. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate. Ultimately, CrowdSec leverages the power of the community to create an extremely accurate IP reputation system that benefits all its users.

It was clear to the founders that Open Source was going to be one of the main pillars of CrowdSec. The project's founders have been working on open-source projects for decades — they didn’t just jump on the train. Rather, they are strong Open Source believers. They believe that the crowd is key to the mass hacking plague we are experiencing, and that Open Source is the best lever to create a community and have people contribute their knowledge to the project, ultimately make it better and more secure.

The solution recently turned 1.x, introducing a major architectural change: the introduction of a local REST API.

Submission + - Brave privacy bug exposes Tor onion URLs to your DNS provider (bleepingcomputer.com)

Submitted by AmiMoJo
AmiMoJo writes: Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit. To access Tor onion URLs, Brave added a 'Private Window with Tor' mode that acts as a proxy to the Tor network. When you attempt to connect to an onion URL, your request is proxied through volunteer-run Tor nodes who make the request for you and send back the returned HTML. Due to this proxy implementation, Brave's Tor mode does not directly provide the same level of privacy as using the Tor Browser.

When using Brave's Tor mode, it should forward all requests to the Tor proxies and not send any information to any non-Tor Internet devices to increase privacy. However, a bug in Brave's 'Private window with Tor' mode is causing the onion URL for any Tor address you visit to also be sent as a standard DNS query to your machine's configured DNS server. This bug was first reported in a Reddit post and later confirmed by James Kettle, the Director of Research at PortSwigger. BleepingComputer has also verified the claims by using Wireshark to view DNS traffic while using Brave's Tor mode.

Submission + - Flaws in Zoom's Keybase App Kept Chat Images From Being Deleted

Submitted by chicksdaddy
chicksdaddy writes: The Security Ledger reports (https://securityledger.com/2021/02/exclusive-flaws-in-zooms-keybase-app-kept-chat-images-from-being-deleted/ ) that a flaw in Zoom’s Keybase (https://keybase.io/blog/keybase-joins-zoom) secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted, according to researchers from the group Sakura Samurai. (https://sakurasamurai.pro/)

The flaw in the encrypted messaging application, CVE-2021-23827(https://johnjhacking.com/blog/cve-2021-23827/) does not expose Keybase users to remote compromise. However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a way to conduct conversations out of earshot of law enforcement or security services. It comes as millions of users have flocked to apps like Keybase, Signal and Telegram in recent months.

Sakura Samurai researchers Aubrey Cottle (@kirtaner), Robert Willis (@rej_ex) and Jackson Henry (@JacksonHHax) discovered an unencrypted directory, /Cache, associated with the Keybase client that contained a comprehensive record of images from encrypted chat sessions. The application used a custom extension to name the files, but they were easily viewable directly or simply by changing the custom file extension to the PNG image format, researcher John Jackson told Security Ledger.

In a statement, a Zoom spokesman said that the company appreciates the work of the researchers and takes privacy and security “very seriously.”

“We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates,” the spokesman said.

In most cases, the failure to remove files from cache after they were deleted would count as a “low priority” security flaw. However, in the context of an end-to-end encrypted communications application like Keybase, the failure takes on added weight, Jackson wrote.

“An attacker that gains access to a victim machine can potentially obtain sensitive data through gathered photos, especially if the user utilizes Keybase frequently. A user, believing that they are sending photos that can be cleared later, may not realize that sent photos are not cleared from the cache and may send photos of PII or other sensitive data to friends or colleagues.”

Submission + - Calls by college students for tuition refunds are growing louder. Here's why. (edsurge.com)

Submitted by jyosim
jyosim writes: Students want their money back since their classes have moved online. Or they want partial refunds, and their calls have been getting louder. Petition movements at more than 200 campuses are calling for partial refunds of tuition, typically asking for 50 percent back. And some student protesters are now even filing class-action lawsuits to try to force colleges to return part of the tuition money.

Whether colleges should give back money depends on how you think about what colleges are selling. Is it a straight service like any other, so if students get less they should pay less? Is the most important thing simply getting into college, in which case the degree is the main thing, and students are still getting that? Or are colleges responsible for social mobility and helping students during this time by reducing tuition?

And is online education even worse than, say, sitting in the back of a large lecture hall with 300 students?

Submission + - Large Chunks of a Chinese Rocket Missed NYC By About 15 Minutes (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: A week ago, China launched the newest version of its largest rocket, the Long March 5B, from its southernmost spaceport. The launch proceeded normally and represented another success for China as it seeks to build a robust human spaceflight program. Over the next few years, this rocket will launch components of a modular space station. Notably, because of this rocket's design, its large core stage reached orbit after the launch. Typically during a launch, a rocket's large first stage will provide the majority of thrust during the first minutes of launch and then drop away before reaching an orbital velocity, falling back into the ocean. Then, a smaller second stage takes over and pushes the rocket's payload into orbit. However, the Long March 5B rocket has no second stage. For last week's launch, then, four liquid-fueled strap-on boosters generated most of the thrust off the launch pad. After this, the core stage with two YF-77 main engines pushed an experimental spacecraft into orbit before the payload separated.

This left the large core stage, with a mass slightly in excess of 20 tons, in an orbit with an average altitude of about 260km above the Earth. Because the perigee of this orbit was only about 160km above the planet, the core stage was slowly drawn back toward the planet as it interacted with the planet's upper atmosphere. This is a rather large object to make an uncontrolled return to Earth. According to Jonathan McDowell, an astronomer at the Harvard-Smithsonian Center for Astrophysics and keen observer of satellites, this is the largest vehicle to make an uncontrolled reentry into Earth's atmosphere since 1991, when the Soviet Salyut 7 space station broke up over Argentina. [...] It is perhaps worth noting that before it entered Earth's atmosphere, the core stage track passed directly over New York City. Had it reentered the atmosphere only a little bit earlier, perhaps 15 to 20 minutes, the rocket's debris could have rained down on the largest metro area in the United States.

Comment Re:truth in advertising (Score 1) 503

"on the internet" matters when it's an issue of Bob lying to sell a widget on Amazon. If Bob was in a store selling widgets, the fraud is clear. If Bob is effectively anonymous and Amazon is the seller, with Bob's referral code, once the product arrives and the fraud is detected, taking action against Bob is almost impossible. It's not about "legal" but "enforceable". They are different, but related.

Not necessarily true. I had an issue with a seller that failed to deliver the product I paid for. I contacted Amazon and they made it right.

Slashdot Top Deals

All this wheeling and dealing around, why, it isn't for money, it's for fun. Money's just the way we keep score. -- Henry Tyroon

Close