DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Social Networks

Reddit To Transform Into a Social Network With New Profile Pages (digitaljournal.com) 130

An anonymous reader quotes a report from Digital Journal: Reddit has announced it has begun trialling a radical new profile page design that's reminiscent of Facebook and Twitter. It will evolve the discussion board site towards being a social network by enabling users to post directly to their new profile page. At present, posts on Reddit have to be directed into a specific sub-Reddit community. You can't simply write a post and have it appear across the network which can make it difficult to get your voice heard. Unless you've got some reputation in a relevant sub-Reddit, your posts may end up going unnoticed. That could soon change. Last night, Reddit announced it's working on a drastic revision of its user profile page experience. The site has commenced testing of an early version of the design. According to a report from Reuters, just three "high-profile" users currently have access to the feature. When the new pages are eventually opened up to all, they'll showcase the user's profile picture and description. Below the header, posts from the user will be publicly displayed. The user will be able to add new posts to their page, without submitting to a sub-Reddit. Users will be able to follow each other to stay informed of new posts, effectively creating a social network atmosphere above the discussion boards.
Medicine

Satellite Navigation 'Switches Off' Parts of Brain Used For Navigation, Study Finds (scientificamerican.com) 156

A new study published today in the journal Nature Communications reveals some of the drawbacks of using satellite navigation (SatNav) technology. After scanning the brains of 24 volunteers as they explored a simulation through the streets of London's Soho district, researchers from the University of London found that listening to a satellite navigation's instructions "switches off" activity in parts of the brain used for navigation. Scientific American reports: The researchers found that a brain structure called the hippocampus, which is involved in both memory and spatial navigation, appears to encode two different maps of the environment: One tracks the distance to the final destination as the crow flies and is encoded by the frontal region of the hippocampus, the other tracks the "true path" to the goal and is encoded by its rear region. During the navigation tasks, the hippocampus acts like a flexible guidance system, flipping between these two maps according to changing demands. Activity in the hippocampal rear region acts like a homing signal, increasing as the goal gets closer. Analysis of the brain-scanning data revealed activity in the rear right of the hippocampus increased whenever the participants entered a new street while navigating. It also varied with the number of new path options available. The more alternatives there were, the greater the brain activity. The researchers also found that activity in the front of the hippocampus was associated with a property called centrality, defined by the proximity of each new street to the center of the network. Further, they observed activity in the participants' prefrontal cortices when they were forced to make a detour and had to replan their route -- and this, too, increased in relation to the number of options available. Intriguingly, when participants followed SatNav instructions, however, brain activity in these regions "switched off." Together, the new findings suggest the rear portion of the hippocampus reactivates spatial memories of possible navigation paths, with more available paths evoking more activity, and that the prefrontal cortex may contribute to path-planning by searching though different route options and selecting the best one.
Businesses

Walmart Unveils 'Store No. 8' Tech Incubator In Silicon Valley (bloomberg.com) 64

An anonymous reader quotes a report from Bloomberg: Wal-Mart Stores Inc. is creating a technology-startup incubator in Silicon Valley to identify changes that will reshape the retail experience, including virtual reality, autonomous vehicle and drone delivery and personalized shopping. The incubator will be called Store No. 8, a reference to a Wal-Mart location where the company experimented with new store layouts. Marc Lore, chief executive officer of Wal-Mart's e-commerce operations, announced the incubator Monday at the ShopTalk conference in Las Vegas. The world's biggest retailer has been overhauling its online team to better challenge Amazon.com Inc. with greater selection and lower prices. Lore founded Jet.com, which Wal-Mart purchased in September for about $3.3 billion in pursuit of Amazon in the e-commerce race. Lore said Wal-Mart has an advantage over "pure play" e-commerce companies because of its large network of stores that attract shoppers for such items as fresh food. The incubator will partner with startups, venture capitalists and academics to promote innovation in robotics, virtual and augmented reality, machine learning and artificial intelligence, according to Wal-Mart. The goal is to have a fast-moving, separate entity to identify emerging technologies that can be developed and used across Wal-Mart.
Google

Burglars Can Easily Make Google Nest Security Cameras Stop Recording (helpnetsecurity.com) 69

Orome1 quotes a report from Help Net Security: Google Nest's Dropcam, Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor security cameras can be easily disabled by an attacker that's in their Bluetooth range. The vulnerabilities are present in the latest firmware version running on the devices (v5.2.1). They were discovered by researcher Jason Doyle last fall, and their existence responsibly disclosed to Google, but have still not been patched. The first two flaws can be triggered and lead to a buffer overflow condition if the attacker sends to the camera a too-long Wi-Fi SSID parameter or a long encrypted password parameter, respectively. Triggering one of these flaws will make the devices crash and reboot. The third flaw is a bit more serious, as it allows the attacker to force the camera to temporarily disconnect from the wireless network to which it is connected by supplying it a new SSID to connect to. If that particular SSID does not exist, the camera drops its attempt to associate with it and return to the original Wi-Fi network, but the whole process can last from 60 to 90 seconds, during which the camera won't be recording. Nest has apparently already prepared a patch but hasn't pushed it out yet. (It should be rolling out "in the coming days.")
IBM

IBM Unveils Blockchain As a Service Based On Open Source Hyperledger Fabric Technology (techcrunch.com) 42

IBM has unveiled its "Blockchain as a Service," which is based on the open source Hyperledger Fabric, version 1.0 from The Linux Foundation. "IBM Blockchain is a public cloud service that customers can use to build secure blockchain networks," TechCrunch reports, noting that it's "the first ready-for-primetime implementation built using that technology." From the report: Although the blockchain piece is based on the open source Hyperledger Fabric project of which IBM is a participating member, it has added a set of security services to make it more palatable for enterprise customers, while offering it as a cloud service helps simplify a complex set of technologies, making it more accessible than trying to do this alone in a private datacenter. The Hyperledger Fabric project was born around the end of 2015 to facilitate this, and includes other industry heavyweights such as State Street Bank, Accenture, Fujitsu, Intel and others as members. While the work these companies have done to safeguard blockchain networks, including setting up a network, inviting members and offering encrypted credentials, was done under the guise of building extra safe networks, IBM believes it can make them even safer by offering an additional set of security services inside the IBM cloud. While Jerry Cuomo, VP of blockchain technology at IBM, acknowledges that he can't guarantee that IBM's blockchain service is unbreachable, he says the company has taken some serious safeguards to protect it. This includes isolating the ledger from the general cloud computing environment, building a security container for the ledger to prevent unauthorized access, and offering tamper-responsive hardware, which can actually shut itself down if it detects someone trying to hack a ledger. What's more, IBM claims their blockchain product is built in a highly auditable way to track all of the activity that happens within a network, giving administrators an audit trail in the event something did go awry.
Google

After Years Waiting For Google Fiber, KC Residents Get Cancellation Emails (arstechnica.com) 64

An anonymous reader quotes a report from Ars Technica: Some Kansas City residents who have been waiting years for Google Fiber to install service at their homes recently received e-mails canceling their installations, with no word on whether they'll ever get Internet service from the company. KSHB 41 Action News in Kansas City, Missouri, "spoke to several people, living in different parts of the metro, all who have recently received cancellation e-mails," the station reported last week. "The e-mails do not provide a specific reason for the cancellations. Instead they say the company was 'unable to build our network to connect your home or business at this time.'" While Google Fiber refuses to say how many installations have been canceled, KSHB said, "there is speculation the number of cancellations in the metro is as high as 2,700." "The company says it has slowed down in some areas to experiment with new techniques," such as wireless technology, the report also said. Google Fiber is still hooking up fiber for some new customers in parts of the Kansas City area. One resident who had his installation canceled is Larry Meurer, who was seeing multiple Google Fiber trucks in his neighborhood nearly two years ago, in the spring of 2015. "I'm left wondering what's going on," he told KSHB after getting the cancellation e-mail. Meurer lives in Olathe, Kansas, one of the largest cities in the Kansas City metro area. Residents only five houses away and around the corner have Google Fiber service, the report said. But Meurer said he and several neighbors who never got service were "terminated."
Security

Royal Jordanian Airlines Bans Use of Electronics After US Voices Security 'Concerns' (theverge.com) 108

An anonymous reader quotes a report from The Verge: Royal Jordanian airlines banned the use of electronics on flights servicing the U.S. after government officials here expressed concerns. Details are scant, but CNN is reporting that other carriers based on the Middle East and Africa may be affected as well. The news broke when Royal Jordanian, a state-owned airline that operates around 500 flights a week, posted this cryptic notice on its Twitter feed. The ban, which includes laptops, tablets, and video games, but does not include smartphones or medical devices, is effective for Royal Jordanian flights servicing New York, Chicago, Detroit, and Montreal. A spokesperson for Royal Jordanian was not immediately available for clarification. Meanwhile, CNN is reporting that Royal Jordanian may not be the only carrier affected by these new security provisions. Jon Ostrower, the network's aviation editor, just tweeted that as many as 12 airlines based in the Middle East and Africa could be impacted. A Saudi executive also tweeted that "directives by U.S. authorities" could affect passengers traveling from 13 countries, with the new measure set to go into effect over the next 96 hours.
Crime

Company's Former IT Admin Accused of Accessing Backdoor Account 700+ Times (bleepingcomputer.com) 63

An anonymous reader writes: "An Oregon sportswear company is suing its former IT administrator, alleging he left backdoor accounts on their network and used them more than 700 times to search for information for the benefit of its new employer," reports BleepingComputer. Court papers reveal the IT admin left to be the CTO at one of the sportswear company's IT suppliers after working for 14 years at his previous employer. For more than two years, he's [allegedly] been using an account he created before he left to access his former colleagues' emails and gather information about the IT services they might need in the future. The IT admin was fired from his CTO job after his new employer found out what he was doing.
One backdoor, which enabled both VPN and VDI connections to the company's network, granted access to a "jmanming" account for a non-existent employee named Jeff Manning...
Encryption

Ask Slashdot: How Would You Implement Site-Wide File Encryption? 151

Recently-leaked CIA documents prove that encryption works, according to the Associated Press. But how should sys-admins implement site-wide file encryption? Very-long-time Slashdot reader Pig Hogger writes: If you decide to implement server-level encryption across all your servers, how do you manage the necessary keys/passwords/passphrases to insure that you have both maximum uptime (you can access your data if you need to reboot your servers), yet that the keys cannot be compromised... What are established practices to address this issue?
Keep in mind that you can't change your password once the server's been seized, bringing up the issue of how many people know that password. Or is there a better solution? Share you suggestions and experiences in the comments. How would you implement site-wide file encryption?
Botnet

Bruce Schneier Calls for IoT Legislation, Argues The Internet Is Becoming One Giant Robot (linux.com) 84

"We're building a world-size robot, and we don't even realize it," security expert Bruce Schneier warned the Open Source Leadership Summit. As mobile computing and always-on devices combine with the various network-connected sensors, actuators, and cloud-based AI processing, "We are building an internet that senses, thinks, and acts." An anonymous reader quotes Linux.com: You can think of it, he says, as an Internet that affects the world in a direct physical manner. This means Internet security becomes everything security. And, as the Internet physically affects our world, the threats become greater. "It's the same computers, it could be the same operating systems, the same apps, the same vulnerability, but there's a fundamental difference between when your spreadsheet crashes, and you lose your data, and when your car crashes and you lose your life," Schneier said...

"I have 20 IoT-security best-practices documents from various organizations. But the primary barriers here are economic; these low-cost devices just don't have the dedicated security teams and patching/upgrade paths that our phones and computers do. This is why we also need regulation to force IoT companies to take security seriously from the beginning. I know regulation is a dirty word in our industry, but when people start dying, governments will take action. I see it as a choice not between government regulation and no government regulation, but between smart government regulation and stupid government regulation."

AT&T

DirecTV Admits Screwing Up Regional Sports Fees, Starts Issuing Credits (arstechnica.com) 15

An anonymous reader quotes a report from Ars Technica: AT&T this week acknowledged that DirecTV has been charging the wrong regional sports fees to some customers and is now issuing bill credits to those who paid more because of the mistake. "We have identified a small percentage of customers who are receiving some inaccurate bills for regional sports network fees," an AT&T spokesperson told Ars yesterday. "We are working as quickly as possible to notify those customers and issue credits. We apologize for the error." AT&T bought DirecTV, the nation's largest satellite TV provider with about 21 million customers, in 2015. The mistake affects bills going back to late January. Customers will not have to do anything to get the credit, as it will be issued automatically. The billing problem came to light last week when Consumerist published a report detailing how the regional sports network fees vary by ZIP code in ways that simply didn't make sense. It wouldn't be surprising to see different fees in different metro areas and states, since different local sports networks and teams are broadcast in different areas. But there were numerous cases in which people in adjacent ZIP codes were charged very different amounts to watch the same exact networks and teams. Some customers were charged no sports fee, while others were charged amounts of $2.47, $5.83, or $7.29 a month.
Social Networks

The Last Days of Club Penguin (theoutline.com) 75

Club Penguin, a decade-old tween-focused social network by Disney is shutting down. From a report on The Outline: Club Penguin, which launched in 2005, will shutter on March 29, ending an 11-year run that at its peak drew 200 million users to the site. While the traffic has reportedly been in decline over the past few years -- the OG Club Penguin kids have mostly aged out (most of the site's user are 8-13), and there's growing competition from other social networking games, like the new LEGO Life -- fans both young and old are reacting to the news with emotions that run the Kubler-Ross gamut. Some have been reduced to shell-like human embodiments of the Loudly Crying Face emoji. James Charles, the beauty-obsessed 17-year-old Instagram star who was recently announced as the first male face of CoverGirl, tweeted, "my entire childhood is going down the drain wow I'm gonna cry RIP greendude50." Others are lashing out, attempting speedruns or willfully disobeying chat rules in the hopes of getting booted in an act of you-can't-fire-me-I-quit defiance. And of course, plenty are soaking up the last days, taking part in the community-wide "Waddle On" celebration that's essentially a G-rated version of an end-of-days rager.
Education

Ask Slashdot: How To Teach Generic Engineers Coding, Networking, and Computing? 196

davegravy writes: I work at a small but quickly growing acoustic consulting engineering firm, consisting of a mix of mechanical, electrical, civil, and other engineering backgrounds. When I joined almost 10 years ago I was in good company with peers who were very computer literate -- able to develop their own complex excel macros, be their own IT tech support, diagnose issues communicating with or operating instrumentation, and generally dive into any technology-related problem to help themselves. In 2017, these skills and tendencies are more essential than they were 10 years ago; our instruments run on modern OS's and are network/internet-capable, the heavy data processing and analysis we need to do is python-based (SciPy, NumPy) and runs on AWS EC2 instances, and some projects require engineers to interface various data-acquisition hardware and software together in unique ways. The younger generation, while bright in their respective engineering disciplines, seems to rely on senior staff to a concerning degree when it comes to tech challenges, and we're stuck in a situation where we've provided procedures to get results but inevitably the procedures don't cover the vast array of scenarios faced day-to-day. Being a small company we don't have dedicated IT specialists. I believe I gathered my skills and knowledge through insatiable curiosity of all things technology as a child, self-teaching things like Pascal, building and experimenting with my own home LAN, and assembling computers from discrete components. Technology was a fringe thing back then, which I think drew me in. I doubt I'd be nearly as curious about it growing up today given its ubiquity, so I sort of understand why interest might be less common in today's youth.

How do we instill a desire to learn the fundamentals of networking, computing, and coding, so that the younger generation can be self-sufficient and confident working with the modern technology and tools they need to perform -- and be innovative in -- their jobs? I believe that the most effective learning occurs when there's a clearly useful purpose or application, so I'm hesitant to build a training program that consists solely of throwing some online courses at staff. That said, online courses may be a good place to get some background that can be built upon, however most that I've come across are intended for people pursuing careers in computer science, web development, software engineering, etc. Are there any good resources that approach these topics from a more general purpose angle?
The Courts

Hacking Victim Can't Sue Foreign Government For Hacking Him On US Soil, Says Court (vice.com) 102

According to Motherboard, a court of appeals in Washington D.C. ruled that an American citizen can't sue the Ethiopian government for hacking into his computer and monitoring him with spyware. "The decision on Tuesday is a blow to anti-surveillance and digital rights activists who were hoping to establish an important precedent in a widely documented case of illegitimate government-sponsored hacking." From the report: In late 2012, the Ethiopian government allegedly hacked the victim, an Ethiopian-born man who goes by the pseudonym Kidane for fear for government reprisals. Ethiopian government spies from the Information Network Security Agency (INSA) allegedly used software known as FinSpy to break into Kidane's computer, and secretly record his Skype conversations and steal his emails. FinSpy was made by the infamous FinFisher, a company that has sold malware to several governments around the world, according to researchers at Citizen Lab, a digital watchdog group at the University of Toronto's Munk School of Global Affairs, who studied the malware that infected Kidane's computer. The U.S. Court of Appeals for the District of Columbia Circuit ruled that Kidane didn't have jurisdiction to sue the Ethiopian government in the United States. Kidane and his lawyers invoked an exception to the Foreign Sovereign Immunities Act (FSIA), which says foreign governments can be sued in the U.S. as long as the entire tort on which the lawsuit is based occurred on American soil. According to the court, however, the hacking in this case didn't occur entirely in the U.S. "Ethiopia's placement of the FinSpy virus on Kidane's computer, although completed in the United States when Kidane opened the infected email attachment, began outside the United States," the decision read. "[It] gives foreign governments carte blanche to do whatever they want to Americans in America so long as they do it by remote control," Nate Cardozo, a staff attorney at the Electronic Frontier Foundation, a digital rights group who represented Kidane in this first-of-its-kind lawsuit, told Motherboard.
Security

Questions Linger After ISP Blocks TeamViewer Over Fraud Fears (sophos.com) 87

Last Wednesday, for no apparent reason, the TeamViewer remote desktop application stopped working on the network of one of the UK's largest ISPs, TalkTalk. The apparent reason, as the investigation has found, are some scammers in India who have been abusing the application to make money. An anonymous reader shares a report: It's a popular application with remote support professionals and power users alike and so support forums soon filled with complaints from perplexed users who noticed that access was possible with 4G and some TalkTalk business connections but not home broadband. By Thursday, journalists dragged the truth out of the company that it had "blocked a number of applications including TeamViewer," which led to a joint statement confirming this on TeamViewer's website: TeamViewer and TalkTalk are in extensive talks to find a comprehensive joint solution to better address this scamming issue. We now know (as some suspected at the time) that the block was connected to abuse of TeamViewer by criminals based in India who had been using it as part of a tech support scam targeting TalkTalk customers. The BBC reported on this two days before the block, including the disturbing claim that the criminals had been able to quote stolen customer account data to make scam calls sound more convincing.
The Courts

NYC Sues Verizon For Breaking Promise To Make FiOS Available To All Residents (washingtonpost.com) 73

New submitter erickessler writes: 1 million NYC homes can't get Verizon FiOS, so the city just sued Verizon. Verizon wants another four years to cover remaining 1 million households. Washington Post reports: "New York City has sued Verizon, saying the phone giant broke its 2008 promise (PDF) to make its Fios cable service available to all city residents. The city said in a lawsuit (PDF) Monday that Verizon missed a 2014 deadline to extend wire by every home or apartment building in the city -- in technical parlance, "passing" the home. The city also argues that Verizon hasn't installed service for thousands who requested it. Verizon disagrees with the city's definition of "passing" a home and says it has done its job. Spokesman Ray McConville said Monday that Verizon sees "passed" as meaning that it can reach every home, provided a landlord gives permission. Verizon wants to reach some buildings through other buildings. In a letter to the city Friday, Verizon says 2.2 million households have access to Fios, a phone, cable and high-speed internet network. Verizon said Monday that it is committed to expanding Fios availability to the city's remaining 1 million households."
Data Storage

New 'USG' Firewalls Protect USB Drives From Malicious Attacks (zdnet.com) 67

A developer has created the USG, "a small, portable hardware USB firewall...to prevent malicious USB sticks and devices laden with malware from infecting your computer." An anonymous reader quotes ZDNet: The problem is that most computers automatically trust every USB device that's plugged in, which means malicious code can run without warning... Cars, cash registers, and some ATMs also come with USB ports, all of which can be vulnerable to cyberattacks from a single USB stick. That's where the USG firewall comes in...a simple hardware serial link that only accepts a very few select number of safe commands, which prevents the device from executing system commands or intercepting network traffic. That means the data can flow from the USB device, but [it] effectively blocks other USB exploits.
The firmware has been open sourced, and the technical specifications have also been released online "to allow anyone to build their own from readily available development boards."
AMD

Message For AMD: Open PSP Will Improve Security, Hinder Intel 52

futuristicrabbit writes: AMD has faced calls from Edward Snowden, Libreboot and the Reddit community to release the source code to the AMD Secure Processor (PSP), a network-capable co-processor which some believe has the capacity to act as a backdoor. Opening the PSP would not only have security benefits, but would provide AMD with a competitive advantage against rival chipmaker Intel. Lisa Su, the CEO of AMD, is reportedly seriously considering the change, and the community is working hard to make sure she makes the right decision. In an AMD AMA post via Reddit, user 1n5aN1aC provided several arguments for why the company should release the PSP source code to the Coreboot / Libreboot project (or publicly). The arguments center around security, economic incentives, advertising, brand perception, and mindshare. AMD replied: "Thanks for the inquiry. Currently we do not have plans to release source code but you make a good argument for reasons to do so. We will evaluate and find a way to work with security vendors and the community to everyone's benefit." The product manager for AMD, AMD_james, continued in response to a follow-up comment that claims AMD is "not considering it all but only want to appease the potential buyers." AMD_james replied: "Thanks for the feedback. Please believe me that this has CEO level attention and AMD is investigating the steps and resources necessary to support this. It is not the work of a minute, so please bear with us as we define what we can do." What are your arguments for (or against) the idea of AMD releasing the source code to the AMD Secure Processor?
Google

Alphabet's Waymo Asks Judge To Block Uber From Using Self-Driving Car Secrets (theverge.com) 82

Waymo, Alphabet's self-driving spinoff from Google, is formally asking a judge to block Uber from operating its autonomous vehicles, according to new documents filed in Waymo's lawsuit against Uber. From a report on The Verge: The lawsuit, which was filed last month, alleges that Uber stole key elements of its self-driving car technology from Google. Uber has called the accusations "baseless." Today in federal court, Waymo filed the sworn testimony of Gary Brown, a forensic security engineer with Google since 2013. Citing logs from Google's secure network, Brown claims that Anthony Levandowski, a former Google engineer who now runs Uber's self-driving car program, downloaded 14,000 files from a Google repository that contain design files, schematics, and other confidential information pertaining to its self-driving car project. Levandowski used his personal laptop to download the files, a fact that Brown says made it easy to track.
Power

Elon Musk: I Can Fix South Australia Power Network in 100 Days Or It's Free (theguardian.com) 274

An anonymous reader shares a report on The Guardian: Elon Musk, the billionaire founder of electric car giant Tesla, has thrown down a challenge to the South Australian and federal governments, saying he can solve the state's energy woes within 100 days -- or he'll deliver the 100MW battery storage system for free. On Thursday, Lyndon Rive, Tesla's vice-president for energy products, told the AFR the company could install the 100-300 megawatt hours of battery storage that would be required to prevent the power shortages that have been causing price spikes and blackouts in the state. Thanks to stepped-up production out of Tesla's new Gigafactory in Nevada, he said it could be achieved within 100 days. Mike Cannon-Brookes, the Australian co-founder of Silicon Valley startup Atlassian, on Friday tweeted Elon Musk, asking if Tesla was serious about being able to install the capacity. Musk replied that the company could do it in 100 days of the contract being signed, or else provide it free, adding: "That serious enough for you?"

Slashdot Top Deals