You are here

Feed aggregator

Sonos To Launch a Wireless Speaker That Would Support Multiple Voice Assistants

Slashdot - 1 hour 5 min ago
Sonos, a mid- to high-end speaker manufacturer, released an updated privacy policy for its speakers that almost certainly confirms that the company will release a speaker with Amazon's Alexa voice assistant built into the device in the near term. From a report: Though many devices that integrate with Alexa have been announced and are starting to come to market, this is one of the higher-profile examples and could be instructive for smart-speaker designers. The company first announced its intention to add voice-assistant integration to its speakers over a year ago, but didn't give any specific time frame for that step. And an FCC filing from the company that surfaced a few weeks ago showed that it is looking into systems that would support multiple voice assistants, so a user could potentially have the option to choose between Amazon's Alexa or Google's Assistant, depending on what other devices they own and what platform they prefer.

Read more of this story at Slashdot.

Categories: Tech/Science News

Developer Marco Arment Shares Thoughts On iPhone X's Notch

Slashdot - 1 hour 42 min ago
Developer Marco Arment writes about the infamous notch on the iPhone X, which Apple has told developers to embrace rather than ignore: This is the new shape of the iPhone. As long as the notch is clearly present and of approximately these proportions, it's unique, simple, and recognizable. It's probably not going to significantly change for a long time, and Apple needs to make sure that the entire world recognizes it as well as we could recognize previous iPhones. That's why Apple has made no effort to hide the notch in software, and why app developers are being told to embrace it in our designs. That's why the HomePod software leak depicted the iPhone X like this: it's the new basic, recognizable form of the iPhone. Apple just completely changed the fundamental shape of the most important, most successful, and most recognizable tech product that the world has ever seen.

Read more of this story at Slashdot.

Categories: Tech/Science News

Results of the Ubuntu Desktop Applications Survey

Slashdot - 2 hours 28 min ago
Ubuntu Product and Strategy head at Canonical, dustinkirkland writes: A few months ago, Slashdot readers were asked for feedback on the Ubuntu Desktop default applications. This blog post, by the author of that post (hi, it's me again), provides the aggregated and processed results of that survey.

Read more of this story at Slashdot.

Categories: Tech/Science News

Google Chrome Most Resilient Against Attacks, Researchers Find

Slashdot - 3 hours 8 min ago
Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.

Read more of this story at Slashdot.

Categories: Tech/Science News

Why You Shouldn't Use Texts For Two-Factor Authentication

Slashdot - 4 hours 8 min ago
An anonymous reader quotes a report from The Verge: A demonstration video posted by Positive Technologies (and first reported by Forbes) shows how easy it is to hack into a bitcoin wallet by intercepting text messages in transit. The group targeted a Coinbase account protected by two-factor authentication, which was registered to a Gmail account also protected by two-factor. By exploiting known flaws in the cell network, the group was able to intercept all text messages sent to the number for a set period of time. That was enough to reset the password to the Gmail account and then take control of the Coinbase wallet. All the group needed was the name, surname and phone number of the targeted Bitcoin user. These were security researchers rather than criminals, so they didn't actually steal anyone's bitcoin, although that would have been an easy step to take. At a glance, this looks like a Coinbase vulnerability, but the real weakness is in the cellular system itself. Positive Technologies was able to hijack the text messages using its own research tool, which exploits weaknesses in the cellular network to intercept text messages in transit. Known as the SS7 network, that network is shared by every telecom to manage calls and texts between phone numbers. There are a number of known SS7 vulnerabilities, and while access to the SS7 network is theoretically restricted to telecom companies, hijacking services are frequently available on criminal marketplaces. The report notes of several ways you can protect yourself from this sort of attack: "On some services, you can revoke the option for SMS two-factor and account recovery entirely, which you should do as soon as you've got a more secure app-based method established. Google, for instance, will let you manage two-factor and account recovery here and here; just set up Authenticator or a recovery code, then go to the SMS option for each and click 'Remove Phone.'"

Read more of this story at Slashdot.

Categories: Tech/Science News

Poor Shoe

The Daily WTF - 6 hours 38 min ago

"So there's this developer who is the end-all, be-all try-hard of the year. We call him Shoe. He's the kind of over-engineering idiot that should never be allowed near code. And, to boot, he's super controlling."

Sometimes, you'll be talking to a friend, or reading a submission, and they'll launch into a story of some crappy thing that happened to them. You expect to sympathize. You expect to agree, to tell them how much the other guy sucks. But as the tale unfolds, something starts to feel amiss.

They start telling you about the guy's stand-up desk, how it makes him such a loser, such a nerd. And you laugh nervously, recalling the article you read just the other day about the health benefits of stand-up desks. But sure, they're pretty nerdy. Why not?

"But then, get this. So we gave Shoe the task to minify a bunch of JavaScript files, right?"

You start to feel relieved. Surely this is more fertile ground. There's a ton of bad ways to minify and concatenate files on the server-side, to save bandwidth on the way out. Is this a premature optimization story? A story of an idiot writing code that just doesn't work? An over-engineered monstrosity?

"So he fires up gulp.js and gets to work."

Probably over-engineered. Gulp.js lets you write arbitrary JavaScript to do your processing. It has the advantage of being the same language as the code being minified, so you don't have to switch contexts when reading it, but the disadvantage of being JavaScript and thus impossible to read.

"He asks how to concat JavaScript, and the room tells him the right answer: find javascripts/ -name '*.js' -exec cat {} \; > main.js"

Wait, what? You blink. Surely that's not how Gulp.js is meant to work. Just piping out to shell commands? But you've never used it. Maybe that's the right answer; you don't know. So you nod along, making a sympathetic noise.

"Of course, this moron can't just take the advice. Shoe has to understand how it works. So he starts googling on the Internet, and when he doesn't find a better answer, he starts writing a shell script he can commit to the repo for his 'jay es minifications.'"

That nagging feeling is growing stronger. But maybe the punchline is good. There's gotta be a payoff here, right?

"This guy, right? Get this: he discovers that most people install gulp via npm.js. So he starts shrieking, 'This is a dependency of mah script!' and adds node.js and npm installation to the shell script!"

Stronger and stronger the feeling grows, refusing to be shut out. You swallow nervously, looking for an excuse to flee the conversation.

"We told him, just put it in the damn readme and move on! Don't install anything on anyone else's machines! But he doesn't like this solution, either, so he finally just echoes out in the shell script, requires npm. Can you believe it? What a n00b!"

That's it? That's the punchline? That's why your friend has worked himself into a lather, foaming and frothing at the mouth? Try as you might to justify it, the facts are inescapable: your friend is TRWTF.

code { font-family: Consolas, monospace; } [Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!
Categories: Fun/Other

Bacteria In Tumors Can Inactivate Common Chemotherapy Drugs, Study Suggests

Slashdot - 7 hours 8 min ago
Researchers caught the bacteria Mycoplasma hyorhinis hiding out among cancer cells, thwarting chemotherapy drugs intended to treat the tumors they reside in. The findings have been published this week in Science. Ars Technica reports: Drug resistance among cancers is a "foremost challenge," according to the study's authors, led by Ravid Straussman at the Weizmann Institute of Science. Yet the new data suggest that certain types of drug-resistant cancers could be defeated with a simple dollop of antibiotics alongside a chemotherapy regimen. Dr. Straussman and his colleagues got a hunch to look for the bacteria after noticing that, when they grew certain types of human cancer cells together in lab, the cells all became more resistant to a chemotherapy drug called gemcitabine. This is a drug used to treat pancreatic, lung, breast, and bladder cancers and is often sold under the brand name Gemzar. The researchers suspected that some of the cells may secrete a drug-busting molecule. So they tried filtering the cell cultures to see if they could catch it. Instead, they found that the cell cultures lost their resistance after their liquid broth passed through a pretty large filter -- 0.45 micrometers. This would catch large particles -- like bacteria -- but not small molecules, as the researchers were expecting. Looking closer, the researchers noticed that some of their cancer cells were contaminated with M. hyorhinis. And these bacteria could metabolize gemcitabine, rendering the drug useless. When the researchers transplanted treatable cancer cells into the flanks of mice -- some with and some without M. hyorhinis -- the bacteria-toting tumors were resistant to gemcitabine treatment.

Read more of this story at Slashdot.

Categories: Tech/Science News

Ethereum Will Match Visa In Scale In a 'Couple of Years,' Says Founder

Slashdot - 10 hours 8 min ago
Ethereum's founder, Vitalik Buterin, believes that his cryptocurrency has the potential to replace things like credit card networks and gaming servers. He even goes as far to say that Ethereum will replace Visa in "a couple of years," though he later clarified that "ethereum *will have Visa-scale tx capacity*, not that it will 'replace Visa.'" TechCrunch reports: "There's the average person who's already heard of bitcoin and the average person who hasn't," he said. His project itself builds upon that notion by adding more utility to the blockchain, thereby creating something everyone will want to hear about. "Where Ethereum comes from is basically you take the idea of crypto economics and the kinds of economic incentives that keeps things like bitcoin going to create decentralized networks with memory for a whole bunch of applications," he said. "A good blockchain application is something that needs decentralization and some kind of shared memory." That's what he's building and hopes others will build on the Ethereum network. Right now the network is a bit too slow for most mainstream applications. "Bitcoin is processing a bit less than 3 transactions per second," he said. "Ethereum is doing five a second. Uber gives 12 rides a second. It will take a couple of years for the blockchain to replace Visa." Buterin doesn't think everything should run on the blockchain but many things can. As the technology expands it can grow to replace many services that require parallelization -- that is programs that should run at the same time.

Read more of this story at Slashdot.

Categories: Tech/Science News

T-Mobile To Increase Deprioritization Threshold To 50GB This Week

Slashdot - 11 hours 53 min ago
After raising its deprioritization threshold to 32GB in May, it looks like T-Mobile will bump it up to 50GB on September 20th, according to a TmoNews source. The move will widen the gap between T-Mobile and its competition. For comparison, Sprint's deprioritization threshold is currently 23GB, while AT&T and Verizon's are both 22GB. TmoNews reports: It's said that this 50GB threshold won't change every quarter and no longer involves a specific percentage of data users. As with the current 32GB threshold, customers that exceed this new 50GB deprioritization threshold in a single month may experience reduced speeds in areas where the network is congested. T-Mobile hasn't issued an announcement regarding this news, but the official @TMobileHelp account recently tweeted "Starting 9/20, the limit will be increased!" in response to a question about this news.

Read more of this story at Slashdot.

Categories: Tech/Science News

Diesel Cars Contribute To 5,000 Premature Deaths a Year In Europe, Says Study

Slashdot - 13 hours 38 min ago
An anonymous reader quotes a report from Phys.Org: Emissions from diesel cars rigged to appear eco-friendly may be responsible for 5,000 air pollution deaths per year in Europe alone, according to a study published on Monday. The numbers are in line with previous assessments of deaths due to the so-called "Dieselgate" scandal, which erupted when carmaker Volkswagen admitted in 2015 to cheating on vehicle emissions tests. Many other carmakers have since fallen under suspicion. The researchers from Norway, Austria, Sweden and the Netherlands calculated that about 10,000 deaths in Europe per year can be attributed to small particle pollution from light duty diesel vehicles (LDDVs). Almost half of these would have been avoided if emissions of nitrogen oxides (NOx) from diesel cars on the road had matched levels measured in the lab. If diesel cars emitted as little NOx as petrol ones, almost 4,000 of the 5,000 premature deaths would have been avoided, said the authors. The countries with the heaviest burden are Italy, Germany, and France, the team added, "resulting from their large populations and high share of diesel cars in their national fleets." Touted as less polluting, the share of diesel cars in Europe rose fast compared to petrol since the 1990s, and now comprise about half the fleet. There are more than 100 million diesel cars in Europe today, twice as many as in the rest of the world together, said the study authors. Diesel engines emit less planet-warming carbon dioxide than petrol ones, but significantly more NOx. The study has been published in the journal Environmental Research Letters.

Read more of this story at Slashdot.

Categories: Tech/Science News

AI Just Made Guessing Your Password a Whole Lot Easier

Slashdot - 15 hours 43 min ago
sciencehabit shares a report from Science Magazine: The Equifax breach is reason for concern, of course, but if a hacker wants to access your online data by simply guessing your password, you're probably toast in less than an hour. Now, there's more bad news: Scientists have harnessed the power of artificial intelligence (AI) to create a program that, combined with existing tools, figured more than a quarter of the passwords from a set of more than 43 million LinkedIn profiles. Researchers at Stevens Institute of Technology in Hoboken, New Jersey, started with a so-called generative adversarial network, or GAN, which comprises two artificial neural networks. A âoegeneratorâ attempts to produce artificial outputs (like images) that resemble real examples (actual photos), while a âoediscriminatorâ tries to detect real from fake. They help refine each other until the generator becomes a skilled counterfeiter. The Stevens team created a GAN it called PassGAN and compared it with two versions of hashCat and one version of John the Ripper. The scientists fed each tool tens of millions of leaked passwords from a gaming site called RockYou, and asked them to generate hundreds of millions of new passwords on their own. Then they counted how many of these new passwords matched a set of leaked passwords from LinkedIn, as a measure of how successful theyâ(TM)d be at cracking them. On its own, PassGAN generated 12% of the passwords in the LinkedIn set, whereas its three competitors generated between 6% and 23%. But the best performance came from combining PassGAN and hashCat. Together, they were able to crack 27% of passwords in the LinkedIn set, the researchers reported this month in a draft paper posted on arXiv. Even failed passwords from PassGAN seemed pretty realistic: saddracula, santazone, coolarse18.

Read more of this story at Slashdot.

Categories: Tech/Science News

Jeweler Forged Judge's Signature To Force Google To Kill Negative Reviews

Slashdot - 16 hours 23 min ago
A sapphire salesman is facing jail time for forging a judge's signature in a case involving Google. Kelly Weill from The Daily Beast reports: Michael Arnstein is the third-generation owner of the Natural Sapphire Company, a Manhattan-based jewelry business. After a falling-out with a former business partner, Arnstein's company amassed dozens of negative reviews, which featured prominently in the Natural Sapphire Company's Google search results. Arnstein sued the former business partner in 2011, accusing him of writing defamatory negative reviews, and a judge ordered the partner to delete 54 of the negative comments. But some negative reviews remained, even after the court order. So Arnstein copied the judge's signature and forged new court orders of his own, demanding that Google scrub negative reviews from his company's search results, Arnstein admitted in a guilty plea on Friday.

Read more of this story at Slashdot.

Categories: Tech/Science News

Navy Plans To Use Xbox 360 Controllers For New Periscope Systems Aboard Its Submarines

Slashdot - 17 hours 3 min ago
According to ABC News, the U.S. Navy is planning to use Xbox 360 controllers to operate periscopes aboard its most advanced submarines. High-resolution cameras and large monitors are replacing the traditional rotating periscope in the Navy's Virginia-class subs. While they can be controlled by a helicopter-style stick, the Navy plans to integrate an Xbox controller into the system because they're more familiar to younger sailors and require less training. They are also considerably cheaper. The controller typically costs less than $30 compared to the $38,000 cost of a photonic mast handgrip and imaging control panel. The Xbox controller will be included as part of the integrated imaging system for Virginia-class subs beginning with the future USS Colorado. It is supposed to be commissioned by November.

Read more of this story at Slashdot.

Categories: Tech/Science News

Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed

Slashdot - 17 hours 48 min ago
Bloomberg is reporting that Equifax, the credit reporting company that recently reported a cybersecurity incident impacting roughly 143 million U.S. consumers, learned about a breach of its computer systems in March -- almost five months before the date it has publicly disclosed. The company said the March breach was unrelated to the recent hack involving millions of U.S. consumers, but one of the people familiar with the situation said the breaches involve the same intruders. From the report: Equifax hired the security firm Mandiant on both occasions and may have believed it had the initial breach under control, only to have to bring the investigators back when it detected suspicious activity again on July 29, two of the people said. Equifax's hiring of Mandiant the first time was unrelated to the July 29 incident, the company spokesperson said. The revelation of a March breach will complicate the company's efforts to explain a series of unusual stock sales by Equifax executives. If it's shown that those executives did so with the knowledge that either or both breaches could damage the company, they could be vulnerable to charges of insider trading. The U.S. Justice Department has opened a criminal investigation into the stock sales, according to people familiar with the probe. In early March, they said, Equifax began notifying a small number of outsiders and banking customers that it had suffered a breach and was bringing in a security firm to help investigate. The company's outside counsel, Atlanta-based law firm King & Spalding, first engaged Mandiant at about that time. While it's not clear how long the Mandiant and Equifax security teams conducted that probe, one person said there are indications it began to wrap up in May. Equifax has yet to disclose that March breach to the public.

Read more of this story at Slashdot.

Categories: Tech/Science News

Slashdot Asks: Which IT Hiring Trends Are Hot, and Which Ones Are Going Cold?

Slashdot - 18 hours 28 min ago
snydeq writes: Recruiting and retaining tech talent remains IT's biggest challenge today, writes Paul Heltzel, in an article on what trends are heating up and what's cooling off when it comes to IT staffing. "One thing hasn't changed this year: Recruiting top talent is still difficult for most firms, and demand greatly outstrips supply," writes Heltzel. "That's influencing many of the areas we looked at, including compensation and retention. Whether you're looking to expand your team or job searching yourself, read on to see which IT hiring practices are trending and which ones are falling out of favor." What are you seeing companies favoring in the hiring market these days?

Read more of this story at Slashdot.

Categories: Tech/Science News

Samsung Finally Lets You Disable the Bixby Button Without a Third-Party App

Slashdot - 19 hours 8 min ago
Samsung has released an update to allow you to disable Bixby on the Galaxy S8, S8+ and Note 8. The only problem is you can only disable the button and can't point it to another app. Android Police reports: As you're probably aware, there are two parts to Bixby -- Bixby Home and Bixby Voice. The main change here is to the Bixby Home shortcut; press the button and Bixby appears. After updating, a toggle is available under the settings gear at the top of Bixby home. Turn it off, and Bixby Home will no longer pop up when you tap the button (there's also a "Bixby Key" menu in the settings). Bixby Voice can be shut off in the settings as well, so the button will become completely inert. What if you want Bixby Home back? If you still have Bixby Voice turned on, pressing and holding the button will trigger Bixby on top of your current screen. You can open full screen mode and access your Bixby settings to turn Bixby Home back on at any time. Okay, but what if you also have Bixby Voice turned off in the Bixby settings? It seems at first like you've locked yourself out of Bixby, which might not be a problem for some people. However, you can access the Bixby settings by going into your main system settings -- Apps -- Bixby Home -- Mobile Data -- View app settings. That opens the Bixby settings without opening Bixby first.

Read more of this story at Slashdot.

Categories: Tech/Science News

Equifax Stock Sales Are the Focus of US Criminal Probe

Slashdot - Mon, 09/18/2017 - 23:20
An anonymous reader quotes a report from Bloomberg: The U.S. Justice Department has opened a criminal investigation into whether top officials at Equifax Inc. violated insider trading laws when they sold stock before the company disclosed that it had been hacked, according to people familiar with the investigation. U.S. prosecutors in Atlanta, who the people said are looking into the share sales, said in a statement they are examining the breach and theft of people's personal information in conjunction with the Federal Bureau of Investigation. The Securities and Exchange Commission is working with prosecutors on the investigation into stock sales, according to another person familiar with the matter. Investigators are looking at the stock sales by Equifax's chief financial officer, John Gamble; its president of U.S. information solutions, Joseph Loughran; and its president of workforce solutions, Rodolfo Ploder, said two of the people, who asked not to be named because the probe is confidential. Equifax disclosed earlier this month that it discovered a security breach on July 29. The three executives sold shares worth almost $1.8 million in early August. The company has said the managers didn't know of the breach at the time they sold the shares. Regulatory filings don't show that the transactions were part of pre-scheduled trading plans.

Read more of this story at Slashdot.

Categories: Tech/Science News

Google Offers To Treat Rivals Equally Via Auction

Slashdot - Mon, 09/18/2017 - 22:40
Google has offered to display rival comparison shopping sites via an auction, as it aims to stave off further EU antitrust fines, four people familiar with the matter told Reuters. From a report: Google is under pressure to come up with a big initiative to level the playing field in comparison shopping, but its proposal was roundly criticized by competitors as inadequate, the sources said. EU enforcers see the antitrust case as a benchmark for investigations into other areas dominated by the U.S. search giant such as travel and online mapping. Google has already been fined a record 2.4 billion euros ($2.9 bln) by the European Commission for favoring its own service, and could face millions of euros in fresh fines if it fails to treat rivals and its own service equally.

Read more of this story at Slashdot.

Categories: Tech/Science News

Chrome To Force Domains Ending With Dev and Foo To HTTPS Via Preloaded HSTS

Slashdot - Mon, 09/18/2017 - 22:00
Developer Mattias Geniar writes (condensed and edited for clarity): One of the next versions of Chrome is going to force all domains ending with .dev and .foo to be redirected to HTTPs via a preloaded HTTP Strict Transport Security (HSTS) header. This very interesting commit just landed in Chromium: Preload HSTS for the .dev gTLD: This adds the following line to Chromium's preload lists: { "name": "dev", "include_subdomains": true, "mode": "force-https" }, { "name": "foo", "include_subdomains": true, "mode": "force-https" }, It forces any domain on the .dev gTLD to be HTTPs. What should we [developers] do? With .dev being an official gTLD, we're most likely better of changing our preferred local development suffix from .dev to something else. There's an excellent proposal to add the .localhost domain as a new standard, which would be more appropriate here. It would mean we no longer have site.dev, but site.localhost. And everything at *.localhost would automatically translate to 127.0.0.1, without /etc/hosts or dnsmasq workarounds.

Read more of this story at Slashdot.

Categories: Tech/Science News

HTML5 DRM Standard Is a Go

Slashdot - Mon, 09/18/2017 - 21:20
Artem Tashkinov writes: The World Wide Web Consortium (W3C), the industry body that oversees development of HTML and related Web standards, has today published the Encrypted Media Extensions (EME) specification as a Recommendation, marking its final blessing as an official Web standard. Final approval came after the W3C's members voted 58.4 percent to approve the spec, 30.8 percent to oppose, with 10.8 percent abstaining. EME provides a standard interface for DRM protection of media delivered through the browser. EME is not itself a DRM scheme; rather, it defines how Web content can work with third-party Content Decryption Modules (CDMs) that handle the proprietary decryption and rights-management portion. The principal groups favoring the development of EME have been streaming media companies such as Netflix and Microsoft, Google, and Apple, companies that both develop browsers and operate streaming media services. Following the announcement, EFF wrote a letter to W3C director, chief executive officer and team, in which it expressed its disappointment and said it was resignation from the W3C.

Read more of this story at Slashdot.

Categories: Tech/Science News

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer