Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - How many servers does it take to deliver Netflix to the world? This many (

Wave723 writes: For the first time, a team of researchers has mapped the entire content delivery network that brings Netflix to the world, including the number and location of every server that the company uses to distribute its films. They also independently analyzed traffic volumes handled by each of those servers. Their work allows experts to compare Netflix's distribution approach to those of other content-rich companies such as Google, Akamai and Limelight.

To do this, IEEE Spectrum reports that the group reverse-engineered Netflix's domain name system for the company's servers, and then created a crawler that used publicly available information to find every possible server name within its network through the common address In doing so, they were able to determine the total number of servers the company users, where those servers are located, and whether the servers were housed within Internet exchange points or with Internet service providers, revealing stark differences in Netflix's strategy between countries.

One of their most interesting findings was that two Netflix servers appear to be deployed within Verizon's U.S. network, which one researcher speculates could indicate that the companies are pursuing an early pilot or trial.

Submission + - Was St. Jude Medical Device Hack Report Just Armchair Engineering? (

chicksdaddy writes: The battle of words over warnings from a Wall Street trader about serious security flaws in implantable medical devices ( continued on Tuesday, as researchers from The University of Michigan joined St. Jude itself in raising doubts about research that was used by the investment firm Muddy Waters to bet against ( or “short”) the stock of St. Jude Medical, a major medical device maker, The Security Ledger reports (

In a statement released on Tuesday, Kevin Fu and Thomas Crawford of the Archimedes Center for Medical Device Research did not directly challenge the findings of the report by Muddy Waters and the firm MedSec, but did suggest that, rather than being evidence of a successful attack, the output observed by the researchers may have been typical for a home-monitored implantable cardiac defibrillator (ICD) device being tested while not properly connected to a patient.

“The U-M team reproduced error messages the report cites as evidence of a successful ‘crash attack’ but the messages are the same set of errors that display if the device isn’t properly plugged in,” the University said in a statement.

“We’re not saying the report is false. We’re saying it’s inconclusive because the evidence does not support their conclusions,” said Fu, U-M associate professor of computer science and engineering and director of the Archimedes Center for Medical Device Security. Fu is also co-founder of medical device security startup Virta Labs.

In a separate blog post, Kevin Fu of the University of Michigan said the research that informed the Muddy Waters report may be an example of 'armchair engineering.' (

The conflict may come down to how different viewers interpret the same events. The behavior witnessed by the MedSec researchers and described in their report may not have been a security issue, but simply evidence of the device acting as designed, Fu and his colleagues say.

A defibrillator’s electrodes are connected to heart tissue via wires that are woven through blood vessels the wires are used both for sensing operations and to send shocks to the heart, if necessary. No surprise, when the defibrillator is not connected to a human host, the data transmitted by the device is quite different.

“When these wires are disconnected, the device generates a series of error messages: two indicate high impedance, and a third indicates that the pacemaker is interfering with itself,” said Denis Foo Kune, former U-M postdoctoral researcher and co-founder of Virta Labs” in a statement.

That behavior is very similar to what is described in the Muddy Waters report on St. Jude as evidence of a successful attack.

While medical knowledge isn’t necessary to find vulnerabilities in a medical device or even hack them, it is critical to understanding the clinical implications of any software flaws and whether there is the possibility of causing harm to patients, Fu said.

Submission + - Michigan court rules against civil forfeiture

schwit1 writes: The Michigan Court of Appeals has ruled that civil forfeiture denies citizens their due process rights under the Constitution. As the court wrote:

“Because of her indigency and inability to pay the required bond, [Kinnon] was excluded ‘from the only forum effectively empowered to settle [her] dispute.’ Ultimately, Michigan’s civil asset forfeiture scheme operated to deprive [Kinnon] of a significant property interest without according her the opportunity for a hearing, contrary to the requirements of the Due Process Clause.”

This shouldn’t be rocket science, as the language and intent of the Fifth Amendment to the Constitution is quite plain.

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

The problem today is that this has become rocket science. Too many people either don’t know this plain language, or work dishonestly to distort it to empower government to oppress us.

Submission + - 1 bit RAM made from transistors (

An anonymous reader writes: I made 1 bit of RAM from transistors and I made a tutorial on it. if your interested. I am building an entire 8 bit computer on it and I post as often as I can, usually once a week with updates and new tutorial on it.

Submission + - Fukushima to get "ice walls" to stop ground and sea water contamination (

KindMind writes: The New York Times reports that Japan is freezing the ground around the Fukushima nuclear plant to stop the flow of groundwater and seawater contamination. From the article: "Built by the central government at a cost of 35 billion yen, or some $320 million, the ice wall is intended to seal off the reactor buildings within a vast, rectangular-shaped barrier of man-made permafrost. If it becomes successfully operational as soon as this autumn, the frozen soil will act as a dam to block new groundwater from entering the buildings."

Submission + - Linux Servers Hit With FairWare Ransomware – Or Is It Just A Scam? (

An anonymous reader writes: Users posting on Bleeping Computer’s forums have alerted the world to a new threat targeting Linux server admins: the FairWare ransomware. Whether the ransomware actually exists or not is still up for debate, as we only have the attackers’ claim that they are using it. It’s perfectly possible that they managed to compromise servers – apparently, through a brute-force SSH attack – and simply deleted the data they claim to have stolen. Victims of the attack find their web folder deleted, and in its place a ransom note pointing them to an online paste.

Submission + - State Of Public Bug Reporting (

thisNameNotTaken writes: Story...

I'm using OpenSUSE Tumbleweed SUSE, and it is useful, for testing an audio application. While doing this I found a bug in the "arecord" program. It seem that the authors have not trapped the user input and one can run? arbitrary commands.

So, I went to the OpenSUSE bug tracker. I found an old account and logged in. They don't want bugs reported! This was evident as I had NO access to a reporting page.

So feel free to run, in OpenSUSE Tumbleweed, the following: arecord -v "and insert your command here".

How lame. There should be a price for a companies failure to fix bugs.

If you go the the URL, note with interest the general desire to add a lot of signals to not report a bug. By the way, SUSE, the Gnome editor bug I reported 5 years ago is still open.

Submission + - Here's why airport security takes so long (

An anonymous reader writes: With the number of passengers vastly outweighing the number of TSA agents, the situation is only getting worse. It's so bad that the TSA is now warning travelers at some airports, like Chicago O'Hare and Midway, to show up at their departure airport up to three hours before their flight leaves — all because there aren't enough staff to man the security posts.

Submission + - Why employers want open source contributors

An anonymous reader writes: The Linux Foundation's annual open source jobs survey found that demand for open source skills and related certifications are at an all-time high. But why is that? In an article on, tech recruiter Lindsey Thorne writes:

Solid tech recruiters understand the technologies and roles they're recruiting for, and they're going to assess your skills accordingly. But I'll admit that many of us have found that the best candidates we've come across have a tendency to be involved in open source, so we often just start our search there. Recruiters provide value to clients when they find candidates who are motivated to work on a team to create something awesome, because that's basically the description of a top-performing employee. It makes sense to me: When you take really smart people and give them the chance to be collaborative—for the sake of making something that works really well or may change the landscape of our everyday lives—it creates an energy that can be addictive.

Submission + - iOS App Detecting Phones Jailbroken By Malware Booted From App Store (

An anonymous reader writes: The System and Security Info iOS app by German IT security outfit SektionEins has been pulled from Apple’s App Store less than a week after it was made available. The app shows detailed information about the device it is installed – info on CPU, memory and disk usage – and also shows if the device has been jailbroken (e.g. by malware), inspects running apps (SHA1 hash, signature, entitlements), detects malware and security anomalies, and lists running process on iOS9.

Submission + - US Veterans Affairs Department Wants to Scan the Dark Web for Leaked Data (

An anonymous reader writes: The US Veterans Affairs Department (VA) has filed documents this past Thursday revealing it was looking for software that can scan the Dark Web for leaked VA information. The software must include a GUI (well duuh), must run on existing infrastructure (no custom servers), must be secure (no apps put together overnight), must use file hashes (third-parties can't access VA data), and must be able to distinguish from VA data leaked from other hacks (like the OPM). Full documents here.

Submission + - ZFS for Linux Finally Lands in Debian GNU/Linux

prisoninmate writes: It took the Debian developers many years to finally be able to ship a working version of ZFS for Linux on Debian GNU/Linux. For those not in the known, ZFS on Linux is the official OpenZFS implementation for Linux, which promises to offer native ZFS filesystem support for any Linux kernel-based operating system, currently supporting Arch Linux, Ubuntu, Fedora, Gentoo, Red Hat Enterprise Linux, CentOS, openSUSE, and now Debian. And it looks like their ZFS for Linux implementation borrows a lot of patches from Ubuntu, at least according to the changelog for zfs-linux, the version that is now available in the unstable channel for Debian users to install and test.

Submission + - Sen. Blumenthal demands lifting of IT 'gag' order (

dcblogs writes: U.S. Sen. Richard Blumenthal (D-Conn.) is asking the U.S. Department of Justice to investigate the layoff and replacement of IT workers by foreign workers at a state energy utility. But he is also demanding that the utility, Eversource Energy, drop a particularly restrictive non-disparagement clause that laid off employees had to sign to receive their severance. This clause bars discussion "that would tend to disparage or discredit" the utility. [emphasis added] He wants the employees, who had to train foreign replacements, to be able to state "honestly what happened to them."

Submission + - Loanbase Hacked Via WordPress Hole, Funds Stolen

An anonymous reader writes: Popular international Bitcoin crowd-lending platform Loanbase has suffered a security breach, and is currently offline. The breach was discovered on Saturday and made public on Sunday. So far four user accounts have been confirmed to have been compromised, and none of them had two-factor authentication enabled. The attackers did not gain access to the Bitcoin wallets, but did access the company's SQL database, which contains user information such as e-mail addresses, phone numbers, names, etc.

Slashdot Top Deals

Algol-60 surely must be regarded as the most important programming language yet developed. -- T. Cheatham