Slashdot Mirror

itwbennett writes: Last year, Facebook appealed a court decision requiring it to hand over data, including photos and private messages, relating to 381 user accounts. (Google, Microsoft, and Twitter, among other companies backed Facebook in the dispute). On Tuesday, Judge Dianne Renwick of the New York State Supreme Court ruled against Facebook, saying that Facebook has no legal standing to challenge the constitutionality of search warrants served on its users.

itwbennett writes: OpenSSH servers with keyboard-interactive authentication enabled, which is the default setting on many systems, including FreeBSD ones, can be tricked to allow many authentication retries over a single connection, according to a security researcher who uses the online alias Kingcope, who disclosed the issue on his blog last week. According to a discussion on Reddit, setting PasswordAuthentication to 'no' in the OpenSSH configuration and using public-key authentication does not prevent this attack, because keyboard-interactive authentication is a different subsystem that also relies on passwords.

itwbennett writes: Sometimes it's a matter of 'if it ain't broke, don't fix it,' sometimes corporate inertia is to blame, but perhaps even more often what keeps old technology plugging away in businesses large and small is the sense that it does a single, specific job the way that someone wants it done. George R.R. Martin's preference for using a DOS computer running WordStar 4 to write his Song of Ice and Fire series is one such example, but so is the hospital computer whose sole job was to search and print medical images, however badly or slowly it may have done the job. We all have such stories of obsolete tech we've had to use at one point or another. What's yours?

jfruh writes: The front desk is staffed by a female android in a white tunic. The bellhop is a mechanical velociraptor. A giant robot arm put luggage into cubbyholes. It's the Henn-na Hotel in Nagasaki and it's opening this Friday, and it's a place where 'basically guests will see only robots, not humans,' according to general manager Masahiko Hayasaka.

jfruh writes: TripAdvisor had been fined half a million euros in Italy for publishing "misleading" information in its reviews. But now an Italian court has thrown out that punishment, saying that the site clearly states that the reviews are user-submitted and that TripAdvisor can't confirm all details. In a statement the company said the court's decision, "confirmed what we always knew: that TripAdvisor is a hugely valuable and reliable resource.”

jfruh writes: Most Slashdotters rightfully roll their eyes when people panic about the "radiation" put out by cell phone. But there is a germ of truth to some of the nervous talk: when the FCC assesses how much radio-frequency radiation a phone user will absorb, they work on the assumption you'll be wearing it in a belt clip, rather than putting it in your pocket as most people do. With the size of some recent phones, I think assuming use of a backpack might be just as realistic.

jfruh writes: When Google opened up its Maps to user edits, a lot of useful information got added — along with plenty of spam and outright abuse, some of it obscene, which led to the program being shut down. Now the company is planning to reopen things to user input, recruiting local mappers that they're calling "regional leads" to filter out problematic content.

itwbennett writes: That was one of the findings of a survey of 50,000 U.S. college students and recent graduates by Looksharp, a marketplace for internships and entry-level jobs. For general findings across all majors, check out the State of College Hiring Report 2015. But the company shared some more computer science-specific findings with Phil Johnson. Among them: "Of all majors, students studying in CS had the highest average starting salary, $66,161." And, what's more, they know the value of their degree: "On average, they expected a starting salary of $68,120, slightly above the actual average starting salary of $66,161."

itwbennett writes: The hacker group, which security researchers from Kaspersky Lab and Symantec call Wild Neutron or Morpho, has broken into the networks of over 45 large companies since 2012. After the 2013 attacks against Twitter, Facebook, Apple and Microsoft were highly publicized, the group went underground and temporarily halted its activity. However, its attacks resumed in 2014 and have since intensified, according to separate reports released Wednesday by Kaspersky Lab and Symantec.

itwbennett writes: The hacker group, which security researchers from Kaspersky Lab and Symantec call Wild Neutron or Morpho, has broken into the networks of over 45 large companies since 2012. After the 2013 attacks against Twitter, Facebook, Apple and Microsoft were highly publicized, the group went underground and temporarily halted its activity. However, its attacks resumed in 2014 and have since intensified, according to separate reports released Wednesday by Kaspersky Lab and Symantec.

jfruh writes: Renee James, Intel's president and head of the company's software group has departed, supposedly to "pursue other opportunities." But a high-profile heir apparent doesn't just leave voluntarily, and it seems likely that she is in part taking the fall for Intel's acquisition of McAfee, the promised synergies of which have failed to materialize. Intel is a traditionally very stable company, but there's been a lot of churn in the upper ranks lately.

jfruh writes: Renee James, Intel's president and head of the company's software group has departed, supposedly to "pursue other opportunities." But a high-profile heir apparent doesn't just leave voluntarily, and it seems likely that she is in part taking the fall for Intel's acquisition of McAfee, the promised synergies of which have failed to materialize. Intel is a traditionally very stable company, but there's been a lot of churn in the upper ranks lately.

jfruh writes: Artificial intelligence typically requires heavy computing power, which can only help manufacturers of specialized chip manufacturers like NVIDIA. That's why the company is pushing its Digits software, which helps users design and experiment with neural networks. Version 2 of digits moves out of the command line and comes with a GUI interface in an attempt to move interest beyond the current academic market; it also makes programming for multichip configurations possible.

itwbennett writes: Back in May, former Goldman Sachs programmer Sergey Aleynikov was convicted by a jury for stealing 32MB of code for Goldman's high-frequency trading system, code that Aleynikov maintained he copied for intellectual pursuits and was, in fact, open-source. On Monday, Judge Daniel P. Conviser of New York's State Supreme Court dismissed the conviction, saying that Aleynikov acted wrongfully by taking the code, but his actions did not meet the standard under the law in which he was charged. "The evidence did not prove he intended to appropriate all or a major portion of the code's economic value," Conviser wrote.

jfruh writes: Kotver is in many ways a typical clickfraud trojan: it hijacks the user's browser process to create false clicks on banner ads, defrauding advertisers and ad networks. But one aspect of it is unusual: it updates the victim's installation of Flash to the most recent version, ensuring that similar malware can't get in.

jfruh writes: Japan may have just lost the Women's World Cup to the U.S., but the country is hoping for a comeback in another competition: a battle between giant robots. Suidobashi Heavy Industry has agreed to a challenge from Boston-based MegaBots that would involve titanic armored robots developed by each startup, the first of its kind involving piloted machines that are roughly 4 meters tall. "We can't let another country win this," Kogoro Kurata, who is CEO of Suidobashi, said in a video posted to YouTube. "Giant robots are Japanese culture."

itwbennett writes: Faithful Slashdot readers may recall the story of Adam Wulf, who spent two weeks live-streaming himself writing a mobile app. The phenomenon has quickly become thing, by which we mean a business. Twitch.TV, Watch People Code (which is an offshoot of the subreddit by the same name), Ludum Dare, and, of course, YouTube, are bursting with live or archived streams of lots of people writing lots of code for lots of different things. And just this week, Y Combinator-backed startup Livecoding.TV launched. The site has signed up 40,000 users since its beta went live in February, but unlike the other sites in this space what it doesn't have (and doesn't have plans for) is advertising. As co-founder Jamie Green told ITworld: 'We have some different ideas around monetisation in the pipeline, but for now we are just focussed on building a community around live education.'

jfruh writes: While most Slashdot readers probably enjoy the latest and greatest smartphones and heavy-use data plans, millions of Americans use low-cost, prepaid featurephones, and many of those are sold under various brand names owned by TracFone. Today, after much pressure from the FCC, TracFone admitted that its customers also have the right to an unlocked phone that they can port to a different provider, including those low-income customers who participate in the government-subsidized Lifeline program, widely (though incorrectly) known as "Obamaphone".

itwbennett writes: We all have some favorite workarounds that right a perceived wrong (like getting around the Wall Street Journal paywall) or make something work the way we think it ought to. From turning off annoying features in your Prius to getting around sanctions in Crimea and convincing your Android phone you're somewhere you're not, workarounds are a point of pride, showing off our ingenuity and resourcefulness. And sometimes artful workarounds can even keep businesses operating in times of crisis. Take, for example, the Sony employees, who, in the wake of the Great Hack of 2014 when the company's servers went down, dug out old company BlackBerrys that, while they had been abandoned, had never had their plans deactivated. Because BlackBerrys used RIM's email servers instead of Sony's, they could still communicate with one another, and employees with BlackBerrys became the company's lifeline as it slowly put itself back together. What hacks and workarounds keep your life sane?

jfruh writes: In the 1980s and 1990s, thousands of young people who had grown up tinkering with PCs hit college and dove into curricula designed around the vague notion that they might want to "do something with computers." Today, computer science education is a lot more practical — though in many ways that's just going back to the discipline's roots. As Christopher Mims put it in the Wall Street Journal, "we've entered an age in which demanding that every programmer has a degree is like asking every bricklayer to have a background in architectural engineering."

itwbennett writes: Proponents of Mob programming, an offshoot of Pair programming in which the whole team works together on the same computer, say that it increases both quality and productivity, but also acknowledge that the productivity gains might not be readily apparent. "If you measure by features or other classic development productivity metrics, Mobbing looks like it's achieving only 75 to 85 percent of individual or Pair output for, say, a team of six or seven working for a week," says Paul Massey, whose company Bluefruit Software is a heavy user of the Mob approach. So, where does the productivity come from? Matthew Dodkins, a software architect at Bluefruit says the biggest gains are in code merges. "In a day spent using traditional collaboration, you would have to first spend time agreeing on tasks, common goals, deciding who's doing what... and then going away to do that, write code, and come back and merge it, resolve problems," says Dodkins. By bringing everyone into the same room, "we try to merge frequently, and try to do almost continuous integration." Matt Schartman, whose company Appfolio also uses Mobbing and wrote about his experience, gave Mobbing high marks for producing a quality product, but didn't find that it improved productivity in any measurable way.

itwbennett writes: For years now, Foxconn has been talking up plans to replace pesky humans with robot workers in its factories. Back in February, CEO Terry Gou said he expected the automation to account for 70 percent of his company's assembly line work in three years. But in the company's shareholder meeting Thursday, Gou said he had been misquoted and that "it should be that in five years, the robots will take over 30 percent of the manpower."

jfruh writes: For many, the idea of storing sensitive financial and other data in the cloud seems insane, especially considering the regulatory aspects that mandate how that data is protected. But more and more organizations are doing so as cloud providers start presenting offerings that fulfill regulatory needs — and people realize that information is more likely to be accidentally emailed out to the wrong address than hacked.

itwbennett writes: Despite the high demand for tech workers of pretty much all stripes, the hiring process is still rather drawn out, with the average time-to-hire for Software Engineers taking 35 days. That's one of the findings of a new study from career site Glassdoor. The study, led by Glassdoor's Chief Economist Dr. Andrew Chamberlain, analyzed over 340,000 interview reviews, covering 74,000 unique job titles, submitted to the site from February 2009 through February 2015. Glassdoor found that the average time-to-hire for all jobs has increased 80% (from 12.6 days to 22.9 days) since 2010. The biggest reason for this jump: The increased reliance on screening tests of various sorts, from background checks and skills tests to drug tests and personality tests, among others.

itwbennett writes: At the company's shareholder meeting on Wednesday, Yahoo CEO Marissa Mayer announced a partnership with Oracle that could result in Yahoo becoming your default search provider in your browser. Starting this month, when users are prompted to update to the next version of Java, they'll be asked to make Yahoo their default search engine on Chrome (and Internet Explorer, for what it's worth). And, according to a Wall Street Journal report, the button will be checked by default, so if you aren't looking out for it, you might unwittingly find yourself a Yahoo user.

jfruh writes: Tech writer Andy Patrizio suffered his most catastrophic hard drive failure in 25 years of computing recently, which prompted him to delve into the questions of which hard drives fail and when. One intriguing theory behind some failure rates involve a crisis in the industry that arose from the massive 2011 floods in Thailand, home to the global hard drive industry.

itwbennett writes: The Navy relies on a number of legacy applications and programs that are reliant on legacy Windows products,' said Steven Davis, a spokesman for the Space and Naval Warfare Systems Command in San Diego. And that reliance on obsolete technology is costing taxpayers a pretty penny. The Space and Naval Warfare Systems Command, which runs the Navy's communications and information networks, signed a $9.1 million contract earlier this month for continued access to security patches for Windows XP, Office 2003, Exchange 2003 and Windows Server 2003.

itwbennett writes: While the alleged hacking of in-flight systems has been much discussed recently, "there are many more areas of vulnerability to address in the aviation industry," says Tim Erlin of security firm Tripwire. "Like most industries today, aviation relies on a wide variety of interconnected systems, from air traffic control to reservations systems." Case in point: LOT Polish Airlines was forced to cancel 10 flights scheduled to depart from Warsaw's Chopin airport on Sunday after hackers attacked its ground computer systems.

jfruh writes: In the mid-'00s, as Google scaled up its data centers to meet increasing demand, "we could not buy, for any price, a data-center network that would meet the requirements of our distributed systems," says Amin Vahdat, the company's networking technical lead. So they had to build their own software-defined networks inside what were essentially vast warehouse-sized computers. And now the company is starting to tell the world how they did it.

sfcrazy writes: It's an event of historical magnitude: One of the most popular Open Source projects, LibreOffice, is now available directly from Apple's Mac App Store. You can get LibreOffice on OSX with automatic updates, long-term maintenance, and optional professional support, for the first time. There are two editions of LibreOffice available on the Mac App Store: LibreOffice from Collabora and LibreOffice Vanilla. While the Vanilla edition can be downloaded free of cost, LO from Collabora has a price tag of $10. "Free through the App store" is an implicit endorsement that plain old "free" can't beat, even taking open-source licensing out of the picture.

jfruh writes: You can't enter a password into an Apple Watch; the software doesn't allow it, and the UI would make doing so difficult even if it did. As we enter the brave new world of wearable and embeddable devices and omnipresent 'headless' computers, we may be seeing the end of the password as we know it. What will replace it? Well, as anyone who's ever unlocked car door just by reaching for its handle with a key in their pocket knows, the answer may be the embeddable devices themselves.

itwbennett writes: GitHub, the most popular Git hosting site, is reportedly seeking $200 million in an upcoming private funding round that values the company as high as $2 billion. "GitHub is an interesting company," said analyst Frank Scavo, president of Computer Economics. "It is partly a hosting service for developers and partly a social media site." And it's a great place to recruit developers. But company-specific factors aside, there's also a lot of money in the market "looking for homes," said Rob Enderle, principal analyst with Enderle Group.

itwbennett writes: The problem isn't new, but a report released Tuesday by Sonatype, the company that manages one of the largest repositories of open-source Java components, sheds some light on poor inventory practices that are all-too-common in software development. To wit: 'Sonatype has determined that over 6 percent of the download requests from the Central Repository in 2014 were for component versions that included known vulnerabilities and the company's review of over 1,500 applications showed that by the time they were developed and released each of them had an average of 24 severe or critical flaws inherited from their components.'

jfruh writes: Facebook [on Monday] announced Moments, a new mobile app that uses Facebook's facial recognition technology to let you sync up photos only with friends who are in those photos with you. Somewhat unusually for a new app, the bulk of it is built in the venerable C++ language, which turned out to be easier for building a cross-platform mobile app than other more "modern" languages.

jfruh writes: Ten times over four separate nights in the past year, telecom cables have been mysteriously cut in various locations around the San Francisco Bay Area. Now the FBI is investigating the incidents as potential sabotage. ITWorld reports: "In the past year, there were 10 instances on four separate nights when telecom cables were intentionally cut in Fremont, Walnut Creek, Alamo, Berkeley and San Jose, the agency said Monday. FBI Special Agent Greg Wuthrich said it's unclear if the incidents are unrelated or the work of a single person or group, but the FBI is keen to hear from anyone who may have witnessed anything suspicious."

jfruh writes: As part of a new user agreement created in preparation for its spinoff from eBay as an independent company, PayPal told users that the only way to avoid advertising robocalls from PayPal and its 'partners' was to stop using the service. This caused something of a firestorm, and now the FCC is saying the policy may violate Federal law, which requires an explicit opt-in to receive such messages.

itwbennett writes: Yes, it was just a matter of time before voicemail, the old office relic, the technology The Guardian's Chitra Ramaswamy called "as pointless as a pigeon with a pager," finally followed the fax machine into obscurity. Last week JPMorgan Chase announced it was turning off voicemail service for tens of thousands of workers (a move that CocaCola made last December). And if Bloomberg's Ramy Inocencio has the numbers right, the cost savings are significant: JPMorgan, for example, will save $3.2 million by cutting voicemail for about 136,000. As great as this sounds, David Lazarus, writing in the LA Times, warns that customer service will suffer.

jfruh writes: Trojan spyware has been running on computers in the German parliament for over four weeks, sending data to an unknown destination; and despite best efforts, nobody's been able to remove it. The German government is seriously considering replacing all hardware and software to get rid of it. From the ITWorld article: "After the attack, part of the parliament’s traffic was routed over the federal government’s more secure data network by the Federal Office For Information Security, Der Spiegel reported. Some Germans suspect that the Russian foreign intelligence service SVR is behind the attack. On Thursday, the parliament will discuss how to address the situation."

itwbennett writes: Steve Casselman at Seeking Alpha was among the first to suggest that Xilinx should buy AMD because, among other reasons, it 'would let Xilinx get in on the x86 + FPGA fabric tsunami.' The trouble with this, however, is that 'AMD's server position is minuscule.... While x86 has 73% of the server market, Intel owns virtually all of it,' writes Andy Patrizio. At the same time, 'once Intel is in possession of the Altera product line, it will be able to cheaply produce the chip and drop the price, drastically undercutting Xilinx,' says Patrizio. And, he adds, buying AMD wouldn't give Xilinx the same sort of advantage 'since AMD is fabless.'

itwbennett writes: At Apple's WWDC 2015 event yesterday, Craig Federighi, Apple's senior vice president of software engineering, announced that the company planned to open source the Swift language. Reaction to this announcement so far has sounded more or less like this: Deafening applause with undertones of "we'll see." As a commenter on this Ars Technica story points out, "Their [Apple's] previous open-source efforts (Darwin, WebKit, etc) have generally tended to be far more towards the Google style of closed development followed by a public source dump." Simon Phipps, the former director of OSI, also expressed some reservations, saying, "While every additional piece of open source software extends the opportunities for software freedom, the critical question for a programming language is less whether it is itself open source and more whether it's feasible to make open source software with it. Programming languages are glue for SDKs, APIs and libraries. The real value of Swift will be whether it can realistically be used anywhere but Apple's walled garden."

itwbennett writes: Although it 'believes the action has no merit,' HP today announced it will pay $100 million in a settlement with PGGM Vermogensbeheer B.V., the lead plaintiff in the securities class action arising from the impairment charge taken by HP following its acquisition of Autonomy. This is just the latest episode in the fallout from HP's Autonomy acquisition.

jfruh writes: Poltical party caucuses are one of the quirkier aspects of American political life: local party members gather in small rooms across the state, discuss their preferences, and send a report of how many delegates for each candidate will attend later county and statewide caucuses to ultimately choose delegates to the national convention. It's also a system with a lot of room for error in reporting, as local precinct leaders have traditionally sent in reports of votes via telephone touch-tone menus and paper mail. In 2016, Microsoft will help both Democrats and Republicans streamline the process in a fashion that will hopefully avoid the embarrassing result from 2012, when Mitt Romney was declared the winner on caucus night only for Rick Santorum to emerge as the true victor when all votes were counted weeks later.

itwbennett writes: Microsoft has agreed to let European governments review the source code of its products to ensure that they don't contain security backdoors, at a transparency center in Brussels. The second of its kind, the new center follows on the heels of the first, built last June in Redmond, Washington. Part of Microsoft's Government Security Program, the company hopes the centers will create trust with governments that want to use Microsoft products. "Today's opening in Brussels will give governments in Europe, the Middle East and Africa a convenient location to experience our commitment to transparency and delivering products and services that are secure by principle and by design," said Matt Thomlinson, Vice President of Microsoft Security.

Lauren Weinstein writes: Finally! There's something that apparently virtually all governments around the world can actually agree upon. Unfortunately, it's on par conceptually with handing out hydrogen bombs as lottery prizes. If the drumbeat isn't actually coordinated, it might as well be. Around the world, in testimony before national legislatures and in countless interviews with media, government officials and their surrogates are proclaiming the immediate need to "do something" about encryption that law enforcement and other government agencies can't read on demand. Apropos: This IT World story (and the New York Times piece it draws from — also published today) about a newly disclosed NSA program through which the agency is "reportedly intercepting Internet communications from U.S. residents without getting court-ordered warrants."

itwbennett writes: Facebook has been sued in California by the non-profit organization Sikhs For Justice for blocking their page in India. The group has charged Facebook with engaging in 'a pattern of civil rights violation and blatant discriminatory conduct' by blocking its content in the whole of India. It has asked the court for a permanent injunction on further blocking of the page, access to Facebook's correspondence with the Indian government about the block, and an award of damages, besides other relief.

jfruh writes: Microsoft's acquisition of Nokia's handset business was mostly focused on gaining a hardware line that ran the company's Windows Phone OS; but in the process, Microsoft also gained ownership of some model lines that are classified as "feature phones" and some that are straight up dumb, and they're still coming out with new models, confusingly still bearing the "Nokia" brand. The $20 Nokia 105 as billed as "long-lasting backup device" and comes with an FM radio, while the $30 Nokia 215 is "Internet-ready" and comes with Facebook and Twitter apps.

itwbennett writes: Earlier this year, researcher Ben Cox collected the public SSH (Secure Shell) keys of users with access to GitHub-hosted repositories by using one of the platform's features. After an analysis, he found that the corresponding private keys could be easily recovered for many of them. The potentially vulnerable repositories include those of music streaming service Spotify, the Russian Internet company Yandex, the U.K. government and the Django Web application framework. GitHub revoked the keys, but it's not clear if they were ever abused by attackers.

vivaoporto writes: Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites insecure.org, nmap.org, seclists.org, and sectools.org) warns on the nmap development mailing list that he does not control the SourceForge nmap project.

According to him the old Nmap project page (located at http://sourceforge.net/projects/nmap/, screenshot) was changed to a blank page and its contents were moved to a new page (http://sourceforge.net/projects/nmap.mirror/, screenshot) which is controlled by sf-editor1 and sf-editor3, in a pattern mirroring the much discussed takeover of the GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week on Slashdot.

On Monday, Sourceforge promised to stop "presenting third party offers for unmaintained SourceForge projects," and to their credit Fyodor states, "So far they seem to be providing just the official Nmap files," but reiterates "that you should only download Nmap from our official SSL Nmap site: https://nmap.org/download.html." To browse the projects and mirrors currently controlled by SourceForge, you can look at these account pages: sf-editor1, sf-editor2, and sf-editor3.

Home and small-office routers have become a hotbed for security research lately, with vulnerabilities and poor security practices becoming the rule, rather than the exception. A new security audit by researchers from Universidad Europea de Madrid only adds to that list, finding 60 distinct flaws in 22 different device models. They posted details of their research on the Full Disclosure mailing list, and the affected brands include D-Link, Belkin, Linksys, Huawei, and others. Many of the models they examined had been distributed to internet customers across Spain by their ISPs. About half of the flaws involve Cross Site Scripting and Cross Site Request Forgery capabilities, though there is at least one backdoor with a hard-coded password. Several routers allow external attackers to delete files on USB storage devices, and others facilitate DDoS attacks.

jfruh writes: With Nokia's handset business now sold off to Microsoft, you might be wondering what the remainder of the company does, exactly. The company is trying to use its expertise at other end of its old business, offering data centers and virtualized infrastructure to wireless networking companies to make their businesses more efficient. Competitors include Ericsson, another mobile phone also-ran.