You are here

Feed aggregator

30-Year-Old Operating System 'PC-MOS/386' Finally Open Sourced

Slashdot - Sun, 10/22/2017 - 21:40
PC-MOS/386 "was a multi-user, computer multitasking operating system...announced at COMDEX in November 1986," remembers Wikipedia, saying it runs many MS-DOS titles (though it's optimized for the Intel 80386 processor). Today Slashdot user Roeland Jansen writes: After some tracking, racing and other stuff...PC-MOS/386 v5.01 is open source under GPLv3. Back in May he'd posted to a virtualization site that "I still have the source tapes. I want(ed) to make it GPL and while I got an OK on it, I haven't had time nor managed to get it legalized. E.g. lift the NDA and be able to publish." 1987 magazine ads described it as "the gateway to the latest technology...and your networking future," and 30 years later its release on GitHub includes sources and executables. "In concert with Gary Robertson and Rod Roark it has been decided to place all under GPL v3."

Read more of this story at Slashdot.

Categories: Tech/Science News

Could Cryptocurrency Mining Kill Online Advertising?

Slashdot - Sun, 10/22/2017 - 20:40
"Could it turn out users actually prefer to trade a little CPU time to website owners in favor of them not showing ads?" writes phonewebcam, a long-time Slashdot reader. Slashdot covered the downside [of in-browser cryptocurrency mining] recently, with even [Portuguese professional sportsballer] Cristiano Ronaldo's official site falling victim, but that may not be the full story. This could be an ideal win-win situation, except for one huge downside -- the current gang of online advertisers. By "current gang of online advertisers," he means Google, according to a longer essay at LinkedIn: Naturally, the world's largest ad broker, which runs the world most popular browser (desktop and mobile) is keen to see how this plays out, and is also uniquely placed to be able to heavily influence it, too... As it happens, Chrome users can already do something about it via extensions, for example AntiMiner... If cryptocurrencies have a future - and that's a big if (look at China's Bitcoin ban) - it could well turn out that their role just took an unexpected turn.

Read more of this story at Slashdot.

Categories: Tech/Science News

Tesla Plans Factory In China, Discounts Insurance For Self-Driving US Cars

Slashdot - Sun, 10/22/2017 - 19:29
Business Insider reports: Tesla has created a customized insurance package, InsureMyTesla, that is cheaper than traditional plans because it factors in the vehicles' Autopilot safety features and maintenance costs. InsureMyTesla has been available in 20 countries, but Tesla just recently partnered with Liberty Mutual to make the plan available in the U.S. InsureMyTesla shows how the insurance industry is bound for disruption as cars get safer with self-driving tech. Electrek reports: There have been several false alarms over the past few years about Tesla building a factory in China. Earlier this year, Tesla finally confirmed working with the Shanghai government to establish a manufacturing facility in the region and promised an announcement by the end of the year. Now the Wall Street Journal reports that they have come to an agreement with the local authorities on a "wholly owned" factory in the region... China is already the biggest market for electric vehicles, or any vehicles for that matter, and Tesla profited from the demand by tripling its sales to over $1 billion in the country in 2016. Tesla continues to have strong sales in the country this year, where it leads foreign electric car sales with no close second.

Read more of this story at Slashdot.

Categories: Tech/Science News

Security Upgraded For NetBSD-amd64 with Kernel ASLR Support

Slashdot - Sun, 10/22/2017 - 18:24
24 years after its release, NetBSD is getting a security upgrade -- specifically, Address Space Layout Randomization (ASLR). An anonymous reader writes: Support for Kernel ASLR was added on NetBSD-amd64 a few weeks ago. KASLR basically randomizes the address of the kernel, and makes it harder to exploit several classes of vulnerabilities [including privilege escalations and remote code execution]. It is still a work-in-progress, but it's already fully functional, and can be used following the instructions on this post from the NetBSD blog. It will be available starting from NetBSD 9, but may be backported to NetBSD 8 once it is stabilized. NetBSD says they're the first BSD system to support ASLR.

Read more of this story at Slashdot.

Categories: Tech/Science News

Canadian Government Teams With Facebook To Protect Election Integrity

Slashdot - Sun, 10/22/2017 - 17:19
An anonymous reader quotes Motherboard: There are nearly as many Canadians who use Facebook daily as there are people in this country who are registered to vote -- which is why the federal government is working with Facebook to protect its next federal election... Facebook is now facing perhaps its biggest test as it looks to curb foreign electoral interference and the rampant disinformation on its platform, both of which undermine the nature of democracy. Facebook Canada's election integrity project includes a partnership with a local digital news media literacy organization MediaSmarts, as well as a "cyberhygiene guide" that highlights particular vulnerabilities such as phishing and page-admin authentication. Facebook also has a crisis email line to help politicians and parties with hacking concerns... Kevin Chan, Facebook Canada's head of public policy, said the social media company is working on preventing bad actors from interfering with the democratic process. "At Facebook we take our responsibilities seriously," Chan said. "We don't want anyone to use our tools to undermine democracy." At the launch of "the Canadian Election Integrity Initiative," Canada's Minister of Democratic Institutions argued that social media sites "must begin to view themselves as actors in shaping the democratic discourse." The article points out Facebook "has promised to hire thousands of workers globally to help review flagged and suspicious content, as well as use machine learning to identify suspicious patterns of behavior on its platform."

Read more of this story at Slashdot.

Categories: Tech/Science News

With Rising Database Breaches, Two-Factor Authentication Also At Risk

Slashdot - Sun, 10/22/2017 - 16:14
Two-factor authentication "protects from an attacker listening in right now," writes Slashdot reader szczys, "but in many case a database breach will negate the protections of two-factor." Hackaday reports: To fake an app-based 2FA query, someone has to know your TOTP password. That's all, and that's relatively easy. And in the event that the TOTP-key database gets compromised, the bad hackers will know everyone's TOTP keys. How did this come to pass? In the old days, there was a physical dongle made by RSA that generated pseudorandom numbers in hardware. The secret key was stored in the dongle's flash memory, and the device was shipped with it installed. This was pretty plausibly "something you had" even though it was based on a secret number embedded in silicon. (More like "something you don't know?") The app authenticators are doing something very similar, even though it's all on your computer and the secret is stored somewhere on your hard drive or in your cell phone. The ease of finding this secret pushes it across the plausibility border into "something I know", at least for me. The original submission calls two-factor authentication "an enhancement to password security, but good password practices are far and away still the most important of security protocols." (Meaning complex and frequently-changed passwords.)

Read more of this story at Slashdot.

Categories: Tech/Science News

A 14-Year-Old Asks: When Should I Get a VPN?

Slashdot - Sun, 10/22/2017 - 14:09
"One of my students sent me this letter," writes Slashdot reader Hasaf. "I have a good idea how I will answer, but I wanted to put it before the Slashdot community." The letter reads: Right now I am 14 years old, I was wondering when I should get a VPN... I was thinking about getting the yearly deal. But right now I really have no need for a VPN at the moment. I was thinking of getting a VPN when I'm in 11th grade or maybe in college. What do you think? Of course, the larger question is what factors go into deciding whether your need to be using a VPN. So leave your best answers in the comments. When should you get your first VPN?

Read more of this story at Slashdot.

Categories: Tech/Science News

Microsoft Chastises Google Over Chrome Security

Slashdot - Sun, 10/22/2017 - 09:04
An anonymous reader quotes PCMag: In a Wednesday blog post, Redmond examined Google's browser security and took the opportunity to throw some shade at Chrome's security philosophy, while also touting the benefits of its own Edge browser. The post, written by Microsoft security team member Jordan Rabet, noted that Google's Chrome browser uses "sandboxing" and isolation techniques designed to contain any malicious code. Nevertheless, Microsoft still managed to find a security hole in Chrome that could be used to execute malicious code on the browser. The bug involved a Javascript engine in Chrome. Microsoft notified Google about the problem, which was patched last month. The company even received a $7,500 reward for finding the flaw. However, Microsoft made sure to point out that its own Edge browser was protected from the same kind of security threat. It also criticized Google for the way it handled the patching process. Prior to the patch's official rollout, the source code for the fix was made public on GitHub, a software collaboration site that hosts computer code. That meant attentive hackers could have learned about the vulnerability before the patch was pushed out to customers, Microsoft claimed. "In this specific case, the stable channel of Chrome remained vulnerable for nearly a month," the blog post said. "That is more than enough time for an attacker to exploit it." In the past Google has also disclosed vulnerabilities found in Microsoft products -- including Edge.

Read more of this story at Slashdot.

Categories: Tech/Science News

For Under $1,000, Mobile Ads Can Track Your Location

Slashdot - Sun, 10/22/2017 - 06:59
"Researchers were able to use GPS data from an ad network to track a user to their actual location, and trace movements through town," writes phantomfive. Mashable reports: The idea is straightforward: Associate a series of ads with a specific individual as well as predetermined GPS coordinates. When those ads are served to a smartphone app, you know where that individual has been... It's a surprisingly simple technique, and the researchers say you can pull it off for "$1,000 or less." The relatively low cost means that digitally tracking a target in this manner isn't just for corporations, governments, or criminal enterprises. Rather, the stalker next door can have a go at it as well... Refusing to click on the popups isn't enough, as the person being surveilled doesn't need to do so for this to work -- simply being served the advertisements is all it takes. It's "an industry-wide issue," according to the researchers, while Mashable labels it "digital surveillance, made available to any and all with money on hand, brought to the masses by your friendly neighborhood Silicon Valley disrupters."

Read more of this story at Slashdot.

Categories: Tech/Science News

US Government Warns Of 'Ongoing' Hacks Targeting Nuclear and Power Industries

Slashdot - Sun, 10/22/2017 - 03:54
An anonymous reader quotes Reuters: The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure. The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May. The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage. The objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets, the report said. According to the report, the Department of Homeland Security "has confidence that this campaign is still ongoing and threat actors are actively pursuing their objectives over a long-term campaign."

Read more of this story at Slashdot.

Categories: Tech/Science News

NYT Op-Ed Argues Amazon 'Took Seattle's Soul'

Slashdot - Sun, 10/22/2017 - 01:49
New York Times columnist Timothy Egan was part of the paper's Pulitzer Prize-winning team in 2001. Now he's written an op-ed arguing Amazon "took Seattle's soul." An anonymous reader writes: Since Amazon arrived "we've been overwhelmed by a future we never had any say over," Egan writes, with a message for cities competing to be the site of Amazon's next headquarters. Amazon now owns as much office space as Seattle's next 40 biggest employers combined, according to an analysis by the Seattle Times, "a mind-boggling 19 percent of all prime office space in the city, the most for any employer in a major U.S. city...more than twice as large as any other company in any other big U.S. city." Egan notes Amazon is offering 50,000 high-paying jobs and $5 billion worth of investments, "a once-in-a-century, destiny-shaping event," but "You think you can shape Amazon? Not a chance. It will shape you... What comes with the title of being the fastest growing big city in the country, with having the nation's hottest real estate market, is that the city no longer works for some people. For many others, the pace of change, not to mention the traffic, has been disorienting... [M]edian home prices have doubled in five years, to $700,000. This is not a good thing in a place where teachers and cops used to be able to afford a house with a water view... As a Seattle native, I miss the old city, the lack of pretense, and dinner parties that didn't turn into discussions of real estate porn. Wages have risen faster in Amazon's Seattle than anywhere else in America, and while Amazon changed the city's character, it also poured $38 billion into the city's economy. (Besides Amazon's own 40,000 employees, it also attracted another 50,000 new jobs.) "To the next Amazon lottery winner I would say, enjoy the boom," Egan concludes, "but be careful what you wish for."

Read more of this story at Slashdot.

Categories: Tech/Science News

Amazon Patents Drones That Recharge Electric Vehicles

Slashdot - Sun, 10/22/2017 - 00:44
slash.jit shared an article from Futurism: Amazon has been granted a patent for an ambitious new method of maintaining a charge in electric vehicles. The company wants to use drones to allow drivers to top up their vehicles without having to visit a charging station. Drivers would request a top up from a central server, which would dispatch a charging drone to their location. The drone would then dock with the vehicle and start transferring power, without the car ever needing to come to a stop. This solution isn't meant to administer a full charge to the car's battery, it would only supply enough power to get the driver to a charging station, which are still in somewhat limited supply. "Amazon first applied for this patent back in June 2014," reports CNET, noting it was finally granted this month. "Like many other patents, there's no guarantee that Amazon will actually create a product based on the design. It could merely be an attempt to stop competitors from doing so."

Read more of this story at Slashdot.

Categories: Tech/Science News

See Giant Robots Fight. US vs Japan Match On YouTube

Slashdot - Sat, 10/21/2017 - 23:39
AmiMoJo writes: Suidobashi Heavy Industries and MegaBots agreed to test their piloted giant robots in combat a few years back, and the content is finally available on YouTube. It ended in a draw, with Japan decisively winning the first bout with a single punch and the US team winning the second thanks to a chainsaw weapon. There have been some complaints that the whole event felt scripted, but it's early days yet. ITMedia has a nice gallery of photos from the event. "The MegaBots team expressed hope for a formal fighting robot league in the future," reports CNBC.

Read more of this story at Slashdot.

Categories: Tech/Science News

YouTube Suspends Account of Popular Chinese Dissident

Slashdot - Sat, 10/21/2017 - 22:34
schwit1 brings news about an exiled Chinese billionaire with 500,000 followers on YouTube. The Washington Free Beacon reports:YouTube has suspended the video account of popular Chinese dissident Guo Wengui amid a mounting pressure from the Beijing government to silence one of its critics. According to a person familiar with the action, YouTube issued what the company calls a 'strike' against Guo, who since the beginning of the year has created an online sensation by posting lengthy videos in which he reveals details of corruption by senior Chinese officials. The suspension involves a 90-day block on any new live-stream postings of videos and was the result of a complaint made against a recent Guo video for alleged harassment. The identity of the person or institution who issued the complaint could not be learned... Other videos by Guo posted prior to the suspension remain accessible. The suspension coincides with this week's once-every-five-years congress of the Chinese Communist party to reveal which top officials will serve President Xi Jinping, according to Financial Times, adding that "China's choreographed politics is not designed for public participation or questioning."

Read more of this story at Slashdot.

Categories: Tech/Science News

2 Million IoT Devices Enslaved By Fast-Growing BotNet

Slashdot - Sat, 10/21/2017 - 21:34
An anonymous reader writes: Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper, researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, routers, network-attached storage (NAS) devices, network video recorders (NVRs), and digital video recorders (DVRs), primarily from vendors such as Netgear, D-Link, Linksys, GoAhead, JAWS, Vacron, AVTECH, MicroTik, TP-Link, and Synology. The botnet reuses some Mirai source code, but it's unique in its own right. Unlike Mirai, which relied on scanning for devices with weak or default passwords, this botnet was put together using exploits for unpatched vulnerabilities. The botnet's author is still struggling to control his botnet, as researchers spotted over two million infected devices sitting in the botnet's C&C servers' queue, waiting to be processed. As of now, the botnet has not been used in live DDoS attacks, but the capability is in there. Today is the one-year anniversary of the Dyn DDoS attack, the article points out, adding that "This week both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online."

Read more of this story at Slashdot.

Categories: Tech/Science News

Data Science Meets Sports Gambling: How Researchers Beat the Bookies

Slashdot - Sat, 10/21/2017 - 20:34
"A trio of data scientists developed a betting strategy to beat bookmakers at football games," writes austro. [The game Americans call soccer.] New Scientist reports: The team studied 10 years' worth of data on nearly half a million football matches and the associated odds offered by 32 bookmakers between January 2005 and June 2015. When they applied their strategy in a simulation, they made a return of 3.5 per cent. Making bets randomly resulted in a loss of 3.32 per cent. Then the team decided to try betting for real. They developed an online tool that would apply their odds-averaging formula to upcoming football matches. When a favorable opportunity arose, a member of the team would email Kaunitz and his wife, one of whom then placed a bet. They kept this up for five months, placing $50 bets around 30 times a week. And they were winning. After five months the team had made a profit of $957.50 -- a return of 8.5 per cent. But their streak was cut short. Following a series of several small wins, the trio were surprised to find that their accounts had been limited, restricting how much they could bet to as little as $1.25. The gambling industry has long restricted players who appear to show an edge over the house, says Mark Griffiths at Nottingham Trent University, UK. The paper "illustrates how the sports gambling industry compensates market inefficiencies with discriminatory practices against successful clients," adds austro, noting that the researchers posted a paper explaining their methodology on arxiv last week. "They also made the dataset and source code available on github. And best of all, they made an online publicly available dashboard that shows a live list of bet recommendations on football matches based on their strategy here or here for anyone to try."

Read more of this story at Slashdot.

Categories: Tech/Science News

Google Offers $1,000 Bounties For Hacking Dropbox, Tinder, Snapchat, and Others

Slashdot - Sat, 10/21/2017 - 19:34
An anonymous reader quotes Mashable: Google, in collaboration with bug bounty platform HackerOne, has launched the Google Play Security Reward Program, which promises $1,000 to anyone who can identify security vulnerabilities in participating Google Play apps. Thirteen apps are currently participating, including Tinder, Duolingo, Dropbox, Snapchat, and Headspace... If you find a security vulnerability in one of the participating apps, you can report that vulnerability to the developer, and work with them to fix it. When the problem has been resolved, the Android Security team will pay you $1,000 as a reward, on top of any reward you get from the app developer. Google will be collecting data on the vulnerabilities and sharing it (anonymized) with other developers who may be exposed to the same problems. For HackerOne, it's about attracting more and better participants in bounty programs.

Read more of this story at Slashdot.

Categories: Tech/Science News

Why Are We Still Using Passwords?

Slashdot - Sat, 10/21/2017 - 18:34
Here's some surprising news from the Akamia Edge conference. chicksdaddy writes: [E]xecutives at some of the U.S.'s leading corporations agreed that the much maligned password won't be abandoned any time soon, even as data breaches and follow-on attacks make passwords more susceptible than ever to abuse, the Security Ledger reports. "We reached the end of needing passwords maybe seven years ago, but we still use them," said Steve Winterfeld, Director of Cybersecurity, at clothing retailer Nordstrom. "They're still the primary layer of defense." "It's hard to kill them," noted Shalini Mayor, who is a Senior Director at Visa Inc. "The question is what to replace them with." This, even though the cost of using passwords is high and getting higher, as sophisticated attacks attempt to compromise legitimate accounts using so-called "credential stuffing" techniques, which use automated password guessing attacks against web-based applications... Stronger and more reliable alternatives to passwords already exist, but the obstacles to using them are often prohibitive. Shalani Mayor said Visa is "looking at" biometric technologies like Apple's TouchID as a tool for making payments securely. Such technologies -- from fingerprint scans to facial and retinal scans -- promise more secure and reliable factors than alphanumeric passwords, the executives agreed. But customers often resist the technologies or find them error prone or too difficult to use.

Read more of this story at Slashdot.

Categories: Tech/Science News

Code Bootcamp Fined $375K Over Employment Claims and Licensing Issues

Slashdot - Sat, 10/21/2017 - 17:34
An anonymous reader quotes Ars Technica: [O]ne of the most prominent institutions, New York's Flatiron School, will be shelling out $375,000 to settle charges brought by New York Attorney General Eric Schneiderman's office. The AG said the school operated for a period without the proper educational license, and it improperly marketed both its job placement rates and the salaries of its graduates. New York regulators didn't find any inaccuracies in Flatiron's "outcomes report," a document the company is proud of. However, the Attorney General's office found that certain statements made on Flatiron's website didn't constitute "clear and conspicuous" disclosure. For instance, Flatiron claimed that 98.5 percent of graduates were employed within 180 days of graduation. However, only by carefully reading the outcomes report would one find that the rate included not just full-time employees, but apprentices, contract workers, and freelancers. Some of the freelancers worked for less than 12 weeks. The school also reported an average salary of $74,447 but didn't mention on its website that the average salary claim only applied to graduates who achieved full-time employment. That group comprised only 58 percent of classroom graduates and 39 percent of those who took online courses. The school's courses last 12 to 16 weeks, and cost between $12,000 and $15,000, according to a statement from the attorney general's office [PDF]. (Or $1,500 a month for an onine coding class). Eligible graduate can claim their share of the $375,000 by filing a complaint within the next thee months.

Read more of this story at Slashdot.

Categories: Tech/Science News

Code School Fined $375K Over Employment Claims and Licensing Issues

Slashdot - Sat, 10/21/2017 - 17:34
An anonymous reader quotes Ars Technica: [O]ne of the most prominent institutions, New York's Flatiron School, will be shelling out $375,000 to settle charges brought by New York Attorney General Eric Schneiderman's office. The AG said the school operated for a period without the proper educational license, and it improperly marketed both its job placement rates and the salaries of its graduates. New York regulators didn't find any inaccuracies in Flatiron's "outcomes report," a document the company is proud of. However, the Attorney General's office found that certain statements made on Flatiron's website didn't constitute "clear and conspicuous" disclosure. For instance, Flatiron claimed that 98.5 percent of graduates were employed within 180 days of graduation. However, only by carefully reading the outcomes report would one find that the rate included not just full-time employees, but apprentices, contract workers, and freelancers. Some of the freelancers worked for less than 12 weeks. The school also reported an average salary of $74,447 but didn't mention on its website that the average salary claim only applied to graduates who achieved full-time employment. That group comprised only 58 percent of classroom graduates and 39 percent of those who took online courses. The school's courses last 12 to 16 weeks, and cost between $12,000 and $15,000, according to a statement from the attorney general's office [PDF]. (Or $1,500 a month for an onine coding class). Eligible graduate can claim their share of the $375,000 by filing a complaint within the next thee months.

Read more of this story at Slashdot.

Categories: Tech/Science News

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer