DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Businesses

Should Banks Let Ancient Programming Language COBOL Die? (thenextweb.com) 277

COBOL is a programming language invented by Hopper from 1959 to 1961, and while it is several decades old, it's still largely used by the financial sector, major corporations and part of the federal government. Mar Masson Maack from The Next Web interviews Daniel Doderlein, CEO of Auka, who explains why banks don't have to actively kill COBOL and how they can modernize and "minimize the new platforms' connections to the old systems so that COBOL can be switched out in a safe and cheap manner." From the report: According to [Doderlein], COBOL-based systems still function properly but they're faced with a more human problem: "This extremely critical part of the economic infrastructure of the planet is run on a very old piece of technology -- which in itself is fine -- if it weren't for the fact that the people servicing that technology are a dying race." And Doderlein literally means dying. Despite the fact that three trillion dollars run through COBOL systems every single day they are mostly maintained by retired programming veterans. There are almost no new COBOL programmers available so as retirees start passing away, then so does the maintenance for software written in the ancient programming language. Doderlein says that banks have three options when it comes to deciding how to deal with this emerging crisis. First off, they can simply ignore the problem and hope for the best. Software written in COBOL is still good for some functions, but ignoring the problem won't fix how impractical it is for making new consumer-centric products. Option number two is replacing everything, creating completely new core banking platforms written in more recent programming languages. The downside is that it can cost hundreds of millions and it's highly risky changing the entire system all at once. The third option, however, is the cheapest and probably easiest. Instead of trying to completely revamp the entire system, Doderlein suggests that banks take a closer look at the current consumer problems. Basically, Doderlein suggests making light-weight add-ons in more current programming languages that only rely on COBOL for the core feature of the old systems.
Privacy

'World's Most Secure' Email Service Is Easily Hackable (vice.com) 76

Nomx, a startup that offers an email client by the same name, bills itself as the maker of the "world's most secure email service." The startup goes on to suggest that "everything else is insecure." So it was only a matter of time before someone decided to spend some time on assessing how valid Nomx's claims are. Very misleading, it turns out. From a report on Motherboard: Nomx sells a $199 device that essentially helps you set up your own email server in an attempt to keep your emails away from mail exchange (or MX) -- hence the brand name -- servers, which the company claims to be inherently "vulnerable." Security researcher Scott Helme took apart the device and tried to figure out how it really works. According to his detailed blog post, what he found is that the box is actually just a Raspberry Pi with outdated software on it, and several bugs. So many, in fact, that Helme wrote Nomx's "code is riddled with bad examples of how to do things." The worst issue, Helme explained, is that the Nomx's web application had a vulnerability that allowed anyone to take full control of the device remotely just by tricking someone to visit a malicious website. "I could read emails, send emails, and delete emails. I could even create my own email address," Helme told Motherboard in an online chat. A report on BBC adds: Nomx said the threat posed by the attack detailed by Mr Helme was "non-existent for our users." Following weeks of correspondence with Mr Helme and the BBC Click Team, he said the firm no longer shipped versions that used the Raspberry Pi. Instead, he said, future devices would be built around different chips that would also be able to encrypt messages as they travelled. "The large cloud providers and email providers, like AOL, Yahoo, Gmail, Hotmail - they've already been proven that they are under attack millions of times daily," he said. "Why we invented Nomx was for the security of keeping your data off those large cloud providers. To date, no Nomx accounts have been compromised."
Security

Hackers Exploited Word Flaw For Months While Microsoft Investigated (reuters.com) 45

An anonymous reader writes: To understand why it is so difficult to defend computers from even moderately capable hackers, consider the case of the security flaw officially known as CVE-2017-0199. The bug was unusually dangerous but of a common genre: it was in Microsoft software, could allow a hacker to seize control of a personal computer with little trace, and was fixed April 11 in Microsoft's regular monthly security update. But it had traveled a rocky, nine-month journey from discovery to resolution, which cyber security experts say is an unusually long time. Google's security researchers, for example, give vendors just 90 days' warning before publishing flaws they find. Microsoft declined to say how long it usually takes to patch a flaw. While Microsoft investigated, hackers found the flaw and manipulated the software to spy on unknown Russian speakers, possibly in Ukraine. And a group of thieves used it to bolster their efforts to steal from millions of online bank accounts in Australia and other countries.
The Almighty Buck

Computer Program Prevents 116-Year-Old Woman From Getting Pension (theguardian.com) 205

Bruce66423 quotes a report from The Guardian: Born at the turn of the past century, Maria Felix is old enough to remember the Mexican Revolution -- but too old to get the bank card needed to collect her monthly 1,200 pesos ($63) welfare payment. Felix turns 117 in July, according to her birth certificate, which local authorities recognize as authentic. She went three months without state support for poor elderly Mexicans after she was turned away from a branch of Citibanamex in the city of Guadalajara for being too old, said Miguel Castro, development secretary for the state of Jalisco. Welfare beneficiaries now need individual bank accounts because of new transparency rules, Castro said. "They told me the limit was 110 years," Felix said with a smile in the plant-filled courtyard of her small house in Guadalajara. In an emailed statement, Citibanamex, a unit of Citigroup Inc, said Felix's age exceeded the "calibration limits" of its system and it was working to get her the bank card as soon as possible. It said it was adjusting its systems to avoid a repeat of the situation.
Businesses

LinkedIn Testing 1970's-Style No-CS-Degree-Required Software Apprenticeships (mercurynews.com) 185

theodp writes: The Mercury News reports on REACH, a new software apprenticeship program that LinkedIn's engineering team started piloting this month, which offers people without Computer Science degrees an opportunity to get a foot in the door, as Microsoft-owned LinkedIn searches for ways to help diversify its workforce. For now, the 29 REACH participants are paid, but are only short-term LinkedIn employees (for the duration of the 6-month program). LinkedIn indicated it hopes to learn if tech internships could eventually be made part of the regular hiring process, perhaps unaware that no-CS-degree-required hiring for entry-level permanent positions in software development was standard practice in the 70's and 80's, back when women made up almost 40% of those working as programmers and in software-related fields, nearly double the percentage of women in LinkedIn's global 2016 tech workforce. Hey, even in tech hiring, everything old is new again!
Security

Hacking Group Is Charging German Companies $275 For 'DDoS Tests' (bleepingcomputer.com) 29

An anonymous reader writes: "A group calling itself XMR Squad has spent all last week launching DDoS attacks against German businesses and then contacting the same companies to inform them they had to pay $275 for 'testing their DDoS protection systems,' reports Bleeping Computer. Attacks were reported against DHL, Hermes, AldiTalk, Freenet, Snipes.com, the State Bureau of Investigation Lower Saxony, and the website of the state of North Rhine-Westphalia. The attack against DHL Germany was particularly effective as it shut down the company's business customer portal and all APIs, prompting eBay Germany to issue an alert regarding possible issues with packages sent via DHL. While the group advertised on Twitter that their location was in Russia, a German reporter who spoke with the group via telephone said "the caller had a slight accent, but spoke perfect German." Following the attention they got in Germany after the attacks, the group had its website and Twitter account taken down. Many mocked the group for failing to extract any payments from their targets. DDoS extortionists have been particularly active in Germany, among any other countries. Previously, groups named Stealth Ravens and Kadyrovtsy have also extorted German companies, using the same tactics perfected by groups like DD4BC and Armada Collective.
Software

Ask Slashdot: Are Accurate Software Development Time Predictions a Myth? (medium.com) 214

New submitter DuroSoft writes: For myself and the vast majority of people I have talked to, this is the case. Any attempts we make to estimate the amount of time software development tasks will take inevitably end in folly. Do you find you can make accurate estimates, or is it really the case, as the author, DuroSoft Technologies' CTO/Co-CEO Sam Johnson, suggests via Hacker Noon, that "writing and maintaining code can be seen as a fundamentally chaotic activity, subject to sudden, unpredictable gotchas that take up an inordinate amount of time" and that therefore attempting to make predictions in the first place is itself a waste of our valuable time?
Bug

GE Fixing Bug in Software After Warning About Power Grid Hacks (reuters.com) 38

General Electric said on Wednesday it is fixing a bug in software used to control the flow of electricity in a utility's power systems after researchers found that hackers could shut down parts of an electric grid. From a report: The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to "disconnect sectors of the power grid at will," according to an abstract posted late last week on the Black Hat security conference website. Protection relays are circuit breakers that utilities program to open and halt power transmission when dangerous conditions surface.
Windows

Windows is Bloated, Thanks to Adobe's Extensible Metadata Platform (bit.ly) 133

An anonymous reader shares a report: Over the weekend, I put together a little tool that scans executable files for PNG images containing useless Adobe Extensible Metadata Platform (XMP) metadata. I ran it against a vanilla Windows 10 image and was surprised that Windows contains a lot of this stuff. Adobe XMP, generally speaking, is an Adobe technology that serializes metadata like titles, internal identifiers, GPS coordinates, and color information into XML and jams it into things, like images. This data can be extremely valuable in some cases but Windows doesn't need or use this stuff. It just eats up disk space and CPU cycles. Thanks to horrible Adobe Photoshop defaults, it's very easy to unknowingly include this metadata in your final image assets. So easy, almost all the images on this site are chock full of it. But you can appreciate my surprise when a bunch of important Windows binaries showed up in my tool.
The Almighty Buck

Suicide of an Uber Engineer: Widow Blames Job Stress (sfchronicle.com) 270

An anonymous reader shares a report: Joseph Thomas thought he had it made when he landed a $170,000 job as a software engineer at Uber's San Francisco headquarters last year. [...] But his time at Uber turned into a personal tragedy, one that will compel the ride-hailing company to answer questions before a judge about its aggressive work culture. Always adept with computers, Joseph Thomas worked his way up the ladder at tech jobs in his native Atlanta, then at LinkedIn in Mountain View, where he was a senior site reliability engineer. He turned down an offer from Apple to go to Uber, because he felt he could grow more with the younger company and was excited about the chance to profit from stock options when it went public. But at Uber, Thomas struggled in a way he'd never experienced in over a decade in technology. He worked long hours. He told his father and his wife that he felt immense pressure and stress at work, and was scared he'd lose his job. [...] One day in late August, Zecole (the wife) came home from dropping their boys off at school. Joseph was sitting in his car in the garage. She got into the passenger seat to talk to him. Then she saw the blood. Joseph had shot himself. [...] Uber declined to comment on the legal dispute and said Thomas never complained to the company of extreme stress or racial discrimination.
Databases

Five Years Later, Legal Megaupload Data Is Still Trapped On Dead Servers (arstechnica.com) 82

An anonymous reader quotes a report from Ars Technica: It's been more than five years since the government accused Megaupload and its founder Kim Dotcom of criminal copyright infringement. While Dotcom himself was arrested in New Zealand, U.S. government agents executed search warrants and grabbed a group of more than 1,000 servers owned by Carpathia Hosting. That meant that a lot of users with gigabytes of perfectly legal content lost access to it. Two months after the Dotcom raid and arrest, the Electronic Frontier Foundation filed a motion in court asking to get back data belonging to one of those users, Kyle Goodwin, whom the EFF took on as a client. Years have passed. The U.S. criminal prosecution of Dotcom and other Megaupload executives is on hold while New Zealand continues with years of extradition hearings. Meanwhile, Carpathia's servers were powered down and are kept in storage by QTS Realty Trust, which acquired Carpathia in 2015. Now the EFF has taken the extraordinary step of asking an appeals court to step in and effectively force the hand of the district court judge. Yesterday, Goodwin's lawyers filed a petition for a writ of mandamus (PDF) with the U.S. Court of Appeals for the 4th Circuit, which oversees Virginia federal courts. "We've been asking the court for help since 2012," said EFF attorney Mitch Stolz in a statement about the petition. "It's deeply unfair for him to still be in limbo after all this time."
The Internet

US ISP Goes Down As Two Malware Families Go To War Over Its Modems (bleepingcomputer.com) 93

An anonymous reader writes from a report via Bleeping Computer: Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month, on April 10. The attack, which the company claimed was a "malicious hacking event," was the work of BrickerBot, an IoT malware family that bricks unsecured IoT and networking devices. "BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told Bleeping Computer in an email, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity." The crook, going by Janit0r, tried to pin some of the blame on Mirai, but all the clues point to BrickerBot, as Sierra Tel had to replace bricked modems altogether, or ask customers to bring in their modems at their offices to have them reset and reinstalled. Mirai brought down over 900,000 Deutsche Telekom modems last year, but that outage was fixed within hours with a firmware update. All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.
Facebook

Facebook Shows Related Articles and Fact Checkers Before You Open Links (techcrunch.com) 117

An anonymous reader quotes a report from TechCrunch: Facebook wants you to think about whether a headline is true and see other perspectives on the topic before you even read the article. In its next step against fake news, Facebook today begins testing a different version of its Related Articles widget that normally appears when you return to the News Feed after opening a link. Now Facebook will also show Related Articles including third-party fact checkers before you read an article about a topic that many people are discussing. If you saw a link saying "Chocolate cures cancer!" from a little-known blog, the Related Article box might appear before you click to show links from the New York Times or a medical journal noting that while chocolate has antioxidants that can lower your risk for cancer, it's not a cure. If an outside fact checker like Snopes had debunked the original post, that could appear in Related Articles too. Facebook says this is just a test, so it won't necessarily roll out to everyone unless it proves useful. It notes that Facebook Pages should not see a significant change in the reach of their News Feed posts. There will be no ads surfaced in Related Articles.
Crime

Murdered Woman's Fitbit Nails Cheating Husband (nydailynews.com) 130

BarbaraHudson writes: A murdered woman's Fitbit data shows she was still alive an hour after her husband claims she was murdered and he was tied up, contradicting her husband's description of events. New York Daily News reports: "Richard Dabate, 40, was charged this month with felony murder, tampering with physical evidence and making false statements following his wife Connie's December 2015 death at their home in Ellington, Tolland County. Dabate called 911 reporting that his wife was the victim of a home invasion, alleging that she was shot dead by a 'tall, obese man' with a deep voice like actor Vin Diesel's, sporting 'camouflage and a mask,' according to an arrest warrant. Dabate alleged her death took place more than an hour before her Fitbit-tracked movements revealed."
EU

EU Lawmakers Include Spotify and iTunes In Geoblocking Ban (reuters.com) 68

An anonymous reader quotes a report from Reuters: European Union lawmakers voted on Tuesday to ban online retailers from treating consumers differently depending on where they live and expanded their proposed law to include music streaming services such as Spotify and Apple's iTunes. Ending so-called geoblocking is a priority for the European Commission as it tries to create a single market for digital services across the 28-nation bloc, but many industries argue that they tailor their prices to specific domestic markets. The proposal, which will apply to e-commerce websites such as Amazon, Zalando and eBay, as well as for services provided in a specific location like car rental, forbids online retailers from automatically re-routing customers to their domestic website without their consent. In a blow for the book publishing and music industries, European Parliament members voted to include copyright-protected content such as music, games, software and e-books in the law. That would mean music streaming services such as Spotify and iTunes would not be able to prevent, for example, a French customer buying a cheaper subscription in Croatia, if they have the required rights.
The Courts

Uber Gets Sued Over Alleged 'Hell' Program To Track Lyft Drivers (techcrunch.com) 36

An anonymous reader quotes a report from TechCrunch: Uber has another lawsuit on its hands. This time, it's about Uber's alleged use of a program called "Hell." The plaintiff, Michael Gonzales, drove for Lyft during the time Uber allegedly used the software. He's seeking $5 million in a class action lawsuit. As the story goes, Uber allegedly tracked Lyft drivers using a secret software program internally referred to as "Hell." It allegedly let Uber see how many Lyft drivers were available to give rides, and what their prices were. Hell could allegedly also determine if people were driving for both Uber and Lyft. The lawsuit, filed in the U.S. District Court for the Northern District of California, alleges Uber broadly invaded the privacy of the Lyft drivers, specifically violated the California Invasion of Privacy Act and Federal Wiretap Act and engaged in unfair competition. Uber has not confirmed nor outright denied the claims.
Software

Lyrebird Claims It Can Recreate Anyone's Voice Based On Just a 1 Minute Sample (theverge.com) 120

Artem Tashkinov writes: Today, a Canadian artificial intelligence startup named Lyrebird unveiled its voice imitation deep learning algorithm that can mimic a person's voice and have it read any text with a given emotion, based on the analysis of just a few dozen seconds of audio recording. The website features samples using the recreated voices of Donald Trump, Barack Obama and Hillary Clinton. A similar technology was created by Adobe around a year ago but it requires over 20 minutes of recorded speech. The company sets to open its APIs to the public, while the computing for the task will be performed in the cloud.
Microsoft

Microsoft's Nadella Banks On LinkedIn Data To Challenge Salesforce (reuters.com) 34

Microsoft is rolling out upgrades to its sales software that integrates data from LinkedIn, an initiative that Microsoft CEO Satya Nadella told Reuters was central to the company's long-term strategy for building specialized business software. From the report: The improvements to Dynamics 365, as Microsoft's sales software is called, are a challenge to market leader Salesforce.com and represent the first major product initiative to spring from Microsoft's $26 billion acquisition of LinkedIn, the business-focused social network. The new features will comb through a salesperson's email, calendar and LinkedIn relationships to help gauge how warm their relationship is with a potential customer. The system will recommend ways to save an at-risk deal, like calling in a co-worker who is connected to the potential customer on LinkedIn. [...] The artificial intelligence, or AI, capabilities of the software would be central, Nadella said. "I want to be able to democratize AI so that any customer using these products is able to, in fact, take their own data and load it into AI for themselves," he said. On Monday, LinkedIn said it has surpassed 500 million members globally, one of the first big milestones for the business social network since its acquisition.
The Internet

The Linux Foundation Launches IoT-focused Open Source EdgeX Foundry (betanews.com) 33

Reader BrianFagioli writes: Today, The Linux Foundation launches the open source EdgeX Foundry -- an attempt to unify and simplify the Internet of Things. The Linux Foundation says, "EdgeX Foundry is unifying the marketplace around a common open framework and building an ecosystem of companies offering interoperable plug-and-play components. Designed to run on any hardware or operating system and with any combination of application environments, EdgeX can quickly and easily deliver interoperability between connected devices, applications, and services, across a wide range of use cases. Interoperability between community-developed software will be maintained through a certification program."
GNU is Not Unix

Richard Stallman Interviewed By Bryan Lunduke (youtube.com) 170

Many Slashdot readers know Bryan Lunduke as the creator of the humorous "Linux Sucks" presentations at the annual Southern California Linux Exposition. He's now also a member of the OpenSUSE project board and an all-around open source guy. (In September, he released every one of his books, videos and comics under a Creative Commons license, while his Patreon page offers a tip jar and premiums for monthly patrons). But now he's also got a new "daily computing/nerd show" on YouTube, and last week -- using nothing but free software -- he interviewed the 64-year-old founder of the Free Software Foundation, Richard Stallman. "We talk about everything from the W3C's stance on DRM to opinions on the movie Galaxy Quest," Lunduke explains in the show's notes.

Click through to read some of the highlights.

Slashdot Top Deals