Slashdot Mirror

hackingbear writes: A suit filed by Huawei in Texas, where an American subsidy is located, this week is the latest maneuver in the Chinese telecommunications giant's global offensive against American pressure and persistent criticisms that it poses a national security risk. The company's lawsuit contends that the law which bans Huawei equipment without evidence and trial is a violation of the U.S. Constitution. The U.S. also argues that Huawei poses an unacceptable security risk due to its tie with the Chinese government, though a 2003 due diligence by Motorola in a merger talk found Huawei was independent (Warning: source paywalled) of Chinese government or military (the merger failed after Motorola board thought the $7.5 billion price tag for Huawei was too high.) In the lawsuit announcement, Huawei Chairman Guo Ping also accused U.S. agencies of hacking Huawei servers and stealing emails and source code. In a similar case, China's Sanyi sued the Obama administration and forced CFIUS to determine that the the company's acquisitions "have not raised national security objections."

"2019 just might be the Year of Linux -- the year in which Linux is fully recognized as the powerhouse it has become," writes Network World's "Unix dweeb." The fact is that most people today are using Linux without ever knowing it -- whether on their phones, online when using Google, Facebook, Twitter, GPS devices, and maybe even in their cars, or when using cloud storage for personal or business use. While the presence of Linux on all of these systems may go largely unnoticed by consumers, the role that Linux plays in this market is a sign of how critical it has become. Most IoT and embedded devices -- those small, limited functionality devices that require good security and a small footprint and fill so many niches in our technology-driven lives -- run some variety of Linux, and this isn't likely to change. Instead, we'll just be seeing more devices and a continued reliance on open source to drive them.

According to the Cloud Industry Forum, for the first time, businesses are spending more on cloud than on internal infrastructure. The cloud is taking over the role that data centers used to play, and it's largely Linux that's making the transition so advantageous. Even on Microsoft's Azure, the most popular operating system is Linux. In its first Voice of the Enterprise survey, 451 Research predicted that 60 percent of nearly 1,000 IT leaders surveyed plan to run the majority of their IT off premises by 2019. That equates to a lot of IT efforts relying on Linux. Gartner states that 80 percent of internally developed software is now either cloud-enabled or cloud-native.
The article also cites Linux's use in AI, data lakes, and in the Sierra supercomputer that monitors America's nuclear stockpile, concluding that "In its domination of IoT, cloud technology, supercomputing and AI, Linux is heading into 2019 with a lot of momentum."

And there's even a long list of upcoming Linux conferences...

coondoggie shares a report: In a few months, the internet will be a more secure place. That's because the Internet Corporation for Assigned Names and Numbers (ICANN) has voted to go ahead with the first-ever changing of the cryptographic key that helps protect the internet's address book -- the Domain Name System (DNS). The ICANN Board at its meeting in Belgium this week, decided to proceed with its plans to change or "roll" the key for the DNS root on Oct. 11, 2018. It will mark the first time the key has been changed since it was first put in place in 2010. During its meeting ICANN spelled out the driving forces behind the need for improved DNS security that the rollover will bring. For example, the continued evolution of Internet technologies and facilities, and deployment of IoT devices and increased capacity of networks all over the world, coupled with the unfortunate lack of sufficient security in those devices and networks, attackers have increasing power to cripple Internet infrastructure, ICANN stated.

"Specifically, the growth in attack capacity risks outstripping the ability of the root server operator community to expand defensive capacity. While it remains necessary to continue to expand defensive capacity in the near-term, the long-term outlook for the traditional approach appears bleak," ICANN stated. The KSK rollover means generating a new cryptographic public and private key pair and distributing the new public component to parties who operate validating resolvers, according to ICANN. Such resolvers run software that converts typical addresses like networkworld.com into IP network addresses. Resolvers include: internet service providers, enterprise network administrators and other DNS resolver operators, DNS resolver software developers; system integrators, and hardware and software distributors who install or ship the root's "trust anchor," ICANN said.

A major virus infection forced the closure of Taiwan Semiconductor Manufacturing Company (TSMC) factories last weekend..." writes Slashdot reader Mark Wilson, noting that it's the largest semiconductor manufacturer in the world, selling chips to Apple, Nvidia, AMD, Qualcomm, and Broadcom, and "responsible for producing iPhone processors."

Now Network World reports: The infection struck on Friday, August 3, and affected a number of unpatched Windows 7 computer systems and fab tools over two days. TSMC said it was all back to normal by Monday, August 6. TSMC did not say it was WannaCry, aka WannaCrypt, in its updates, but reportedly blamed WannaCry in follow-up conference calls with the press.... The company said this incident would cause shipment delays and additional costs estimated at 3 percent of third quarter revenue. The company had previously forecast revenues of $8.45 billion to $8.55 billion for its September quarter. A 3 percent loss would mean $250 million, though actual losses may come out lower than that. Still, that's a painful hit. TSMC also said no customer data was compromised....

TSMC isn't directly to blame here; someone [an infected production tool provided by an unidentified vendor] brought WannaCry into their offices and behind their firewall, but TSMC is still culpable because it left systems unpatched more than a year after WannaCry hit.

An anonymous reader writes: A long-time Unix sys-admin is suggesting 18 different New Year's resolutions for Linux systems adminstrators. And #1 is to automate more of your boring stuff. "There are several good reasons to turn tedious tasks into scripts. The first is to make them less annoying. The second is to make them less error-prone. And the last is to make them easier to turn over to new team members who haven't been around long enough to be bored. Add a small dose of meaningful comments to your scripts and you have a better chance of passing on some of your wisdom about how things should be done."

Along with that, they suggest learning a new scripting language. "It's easy to keep using the same tools you've been using for decades (I should know), but you might have more fun and more relevance in the long run if you teach yourself a new scripting language. If you've got bash and Perl down pat, consider adding Python or Ruby or some other new language to your mix of skills."

Other suggestions include trying a new distro -- many of which can now be run in "live mode" on a USB drive -- and investigating the security procedures of cloud services (described in the article as "trusting an outside organization with our data").

"And don't forget... There are now only 20 years until 2038 -- The Unix/Linux clockpocalypse."

"It is much too easy to connect devices and industrial equipment to the internet," writes an anonymous Slashdot reader. But what's the solution -- and who's to blame for the abundance of insecure IoT devices? Network World examined the conclusions in a paper titled "The Internet of Hackable Things" [PDF]. The authors say the IoT security problem is not a technological one; it's cultural... "A security culture is nearly non-existent in our society... developers must be educated to adopt the best practices for securing their IoT devices within the particular application domain; the general public must be educated to take security seriously, too, which among other things will fix the problem of not changing default password."
The anonymous reader who submitted this story argued that "IoT product makers do not need a deeply skilled team because component makers have made it so easy to connect anything to the internet. Maybe the responsibility for strong security should rest with chip makers like Intel, Freescale and Qualcomm." Leave your own opinions in the comments. Who is ultimately responsible for IoT security?

An anonymous reader writes: If you work at Apple's One Infinite Loop headquarters in Cupertino as a computer programmer on an H-1B visa, you can can be paid as little as $52,229. That's peanuts in Silicon Valley. Average wages for a programmer in Santa Clara County are more than $93,000 a year, according to the U.S. Bureau of Labor Statistics. However, the U.S. government will approve visa applications for Silicon Valley programmers at $52,229 -- and, in fact, did so for hundreds of potential visa holders at Apple alone. To be clear, this doesn't mean there are hundreds of programmers at Apple working for that paltry sum. Apple submitted a form to the U.S. saying it was planning on hiring 150 computer programmers beginning June 14 at this wage. But it's not doing that. Instead, this is a paperwork exercise by immigration attorneys to give an employer -- in this case, Apple -- maximum latitude with the H-1B laws. The forms-submittal process doesn't always reflect actual hiring goals or wage levels. Apple didn't want to comment for the story, but it did confirm some things. It says it hires on the basis on qualifications and that all employees -- visa holders and U.S. workers alike -- are paid equitably and it conducts internal studies to back this up. There are bonuses on top of base pay. Apple may not be paying low wages to H-1B workers, but it can pay low wages to visa workers if it wanted. This fact is at the heart of the H-1B battle.

New submitter Michelle Davidson writes: After John Oliver urged viewers of HBO's Last Week Tonight to fight again for net neutrality and post comments in support of it, people hit a wall — the FCC's site essentially crashed. Originally, it was believed that the number of people trying to access the site caused the problem, but then the FCC released a statement saying "multiple" DDoS attacks -- occurring at the same time Oliver sent viewers to the site -- caused the site to crash: "These were deliberate attempts by external actors to bombard the FCC's comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC." The group Fight for the Future doesn't buy it, though, and wants proof. It says the FCC should release the logs: "The FCC should immediately release its logs to an independent security analyst or major news outlet to verify exactly what happened last night. The public deserves to know, and the FCC has a responsibility to maintain a functioning website and ensure that every member of the public who wants to submit a comment about net neutrality has the ability to do so. Anything less is a subversion of our democracy." No word yet from the FCC on whether it will release its logs, leading the interwebs to speculate about whether it was actually an attack to prevent commenting or if the FCC is ill-prepared to handle large amounts of traffic and blamed DDoS attacks to cover their inabilities. People are even questioning whether the FCC's tech team knows what a DDoS attack is.

The National Center for Health Statistics has released a report that says, for the first time in history, U.S. households with landlines are now in the minority. Network World reports: The second 6 months of 2016 was the first time that a majority of American homes had only wireless telephones. Preliminary results from the July-December 2016 National Health Interview Survey (NHIS) indicate that 50.8% of American homes did not have a landline telephone but did have at least one wireless telephone (also known as cellular telephones, cell phones, or mobile phones) -- an increase of 2.5 percentage points since the second 6 months of 2015. Young adults (25-34) and those who rent are most likely to live wireless-only, as 70 percent of that demographic lives with a landline.

"We have decided to close down our email business," Verizon has announced -- in a move which affects 4.5 million accounts. Slashdot reader tomservo84 writes: Strangely enough, I didn't find out about this from Verizon, itself, but SiriusXM, who sent me an email saying that since I have a Verizon.net email address on file, I'd have to update it because they were getting rid of their email service. I thought it was a bad phishing attempt at first...
Network World reports that customers are being notified "on a rolling basis... Once customers are notified, they are presented with a personal take-action date that is 30 days from the original notification." But even after that date, verizon.net email addresses can be revived using AOL Mail. "Over the years we've realized that there are more capable email platforms out there," Verizon concedes.

"Migration is going well," a Verizon spokesperson told Network World. "I don't have any stats to share, but customers seem to appreciate that they have several choices, including an option that keeps their Verizon.net email address intact."

coondoggie quotes a report from Network World: IBM said that it has patented a machine learning technology that defines how to shift control of an autonomous vehicle between a human driver and a vehicle control processor in the event of a potential emergency. Basically the patented IBM system employs onboard sensors and artificial intelligence to determine potential safety concerns and control whether self-driving vehicles are operated autonomously or by surrendering control to a human driver. The idea is that if a self-driving vehicle experiences an operational glitch like a faulty braking system, a burned-out headlight, poor visibility, bad road conditions, it could decide whether the on-board self-driving vehicle control processor or a human driver is in a better position to handle that anomaly. If the comparison determines that the vehicle control processor is better able to handle the anomaly, the vehicle is placed in autonomous mode," IBM stated. "The technology would be a smart wingman for both the human and the self-driving vehicle," said James Kozloski, manager, Computational Neuroscience and Multiscale Brain Modeling, IBM Research and co-inventor on the patent.

"A zero-day attack called Double Agent can take over antivirus software on Windows machines," Network World reported Wednesday. wiredmikey writes: The attack involves the Microsoft Application Verifier, a runtime verification tool for unmanaged code that helps developers find subtle programming errors in their applications... [The exploit] allows a piece of malware executed by a privileged user to register a malicious DLL for a process associated with an antivirus or other endpoint security product, and hijack its agent.
Patches were released by Malwarebytes, AVG, and Trend Micro, the security researchers told BleepingComputer earlier this week. Kaspersky Lab told ZDNet "that measures to detect and block the malicious scenario have now been added to all its products," while Norton downplayed the exploit, saying the attack "would require physical access to the machine and admin privileges to be successful," with their spokesperson "adding that it has deployed additional detection and blocking protections in the unlikely event users are targeted."

BetaNews reports that the researchers "say that it is very easy for antivirus producers to implement a method of protection against this zero-day, but it is simply not being done. 'Microsoft has provided a new design concept for antivirus vendors called Protected Processes...specially designed for antivirus services...the protected process infrastructure only allows trusted, signed code to load and has built-in defense against code injection attacks.'"

An anonymous reader quotes Network World's report about new statistics from analytics vendor Net Applications: From March 2015 to February 2017, the use of Microsoft's IE and Edge on Windows personal computers plummeted. Two years ago, the browsers were run by 62% of Windows PC owners; last month, the figure had fallen by more than half, to just 27%. Simultaneous with the decline of IE has been the rise of Chrome. The user share of Google's browser -- its share of all browsers on all operating systems -- more than doubled in the last two years, jumping from 25% in March 2015 to 59.5% last month. Along the way, Chrome supplanted IE to become the world's most-used browser...

In the last 24 months, Mozilla's Firefox -- the other major browser alternative to Chrome for macOS users -- has barely budged, losing just two-tenths of a percentage point in user share. [And] in March 2015, an estimated 69% of all Mac owners used Safari to go online. But by last month, that number had dropped to 56%, a drop of 13 percentage points -- representing a decline of nearly a fifth of the share of two years prior.

SAP's licensing fees "apply even to related applications that only offer users indirect visibility of SAP data," according to a Thursday ruling by a U.K. judge. Slashdot reader ahbond quotes Network World: The consequences could be far-reaching for businesses that have integrated their customer-facing systems with an SAP database, potentially leaving them liable for license fees for every customer that accesses their online store. "If any SAP systems are being indirectly triggered, even if incidentally, and from anywhere in the world, then there are uncategorized and unpriced costs stacking up in the background," warned Robin Fry, a director at software licensing consultancy Cerno Professional Services, who has been following the case...

What's in dispute was whether the SAP PI license fee alone is sufficient to allow Diageo's sales staff and customers to access the SAP data store via the Salesforce apps, or whether, as SAP claims, those staff and customers had to be named as users and a corresponding license fee paid. On Thursday, the judge sided with SAP on that question.

netbuzz quotes a report from Network World: In March 2015, RSA Conference organizers made news by contractually insisting that vendors pitch their security wares without the help of "booth babes," a first such ban for the technology industry. Next week's event will be third under the new rules. With the use of "booth babes" long a source of contention -- and some would say embarrassment -- implementation of the ban has gone smoothly, according to RSA. "Overall I would say this has been received well by our exhibitors," says Sandra Toms, vice president and curator of the conference. "Several have thanked us for having a policy." If you compare the policy's contract language in 2015 with the language now used by Toms, you'll notice how much it has evolved and how it has been accepted by various stake-holders. Here's an excerpt from the "short Q&A" between Paul McNamara, news editor for Network World, and Toms: Has there been any need to enforce the code or have all exhibitors complied? "Enforce" always makes it sound like armed guards have come into play and dragged someone off the show floor. We share these guidelines with our exhibitors and we're clear that this is a policy that is expected to be acknowledged and complied with. We take our attendee experience seriously and expect our exhibitors to do the same. If we receive a complaint about a particular exhibitor, we will send someone over to the booth and examine the situation. If the attire matches our dress code, then they can proceed and we can explain to the attendee why that form of dress is allowed. If they are clearly in violation, we will ask them to change. This policy is equally applied to both men and women -- from Sumo wrestlers to scantily clad models.

JustAnotherOldGuy writes from a report via Network World: If you're dependent upon an embedded medical device, the device that helps keep you alive may also be used to incriminate you in a crime. Ross Compton, a 59-year-old homeowner in Ohio called 911 in September 2016 to say that his house was on fire, however there were many irregularities to the blaze that investigators found suspicious, such as contradictory statements from Compton and the way that the fire had started. In the ensuing investigation, the police secured a warrant for the logs from his pacemaker, specifically, "Compton's heart rate, pacer demand and cardiac rhythms before, during and after the fire." They subsequently filed charges of felony aggravated arson and insurance fraud. Middletown Police said this was the first time it had used data from a heart device to make an arrest, but the pacemaker data proved to be an "excellent investigative tool"; the data from the pacemaker didn't correspond with Compton's version of what happened. The retrieved data was used to help indict Compton. Lt. Jimmy Cunningham stated, "It was one of the key pieces of evidence that allowed us to charge him."

Friday Avaya's Corporate Treasurer explained why they're filing for a chapter 11 "restructuring." After examining their debt, "we decided it was a critical next step in our transformation from a hardware company to a software and services company and the best path forward for our customers, partners and employees." skidv writes: ZDNet breaks down the deal... "Avaya noted that its foreign affiliates aren't included in the filing and will operate as normal. Avaya said the $725 million in debtor-in-possession financing, via Citibank, is enough to minimize disruption and continue business operations." Not surprising, Avaya has canceled the planned IPO.
PC World reports that Avaya "emerged from Lucent Technologies in 2000 with a focus on phone switches, enterprise networking gear, and call-center systems. But with the shift toward mobile phones and cloud-based tools for communication, and a tight market for enterprise network equipment, the company has been changing its focus... Like much of the networking and collaboration industry, Avaya is looking toward software-defined networking, IoT, and cloud-based platforms that work on many different devices and the web."

Friday Avaya's Corporate Treasurer explained why they're filing for a chapter 11 "restructuring." After examining their debt, "we decided it was a critical next step in our transformation from a hardware company to a software and services company and the best path forward for our customers, partners and employees." skidv writes: ZDNet breaks down the deal... "Avaya noted that its foreign affiliates aren't included in the filing and will operate as normal. Avaya said the $725 million in debtor-in-possession financing, via Citibank, is enough to minimize disruption and continue business operations." Not surprising, Avaya has canceled the planned IPO.
PC World reports that Avaya "emerged from Lucent Technologies in 2000 with a focus on phone switches, enterprise networking gear, and call-center systems. But with the shift toward mobile phones and cloud-based tools for communication, and a tight market for enterprise network equipment, the company has been changing its focus... Like much of the networking and collaboration industry, Avaya is looking toward software-defined networking, IoT, and cloud-based platforms that work on many different devices and the web."

alphadogg quotes Network World: The Free Software Foundation Tuesday announced a major rethinking of the software projects that it supports, putting top priority on a free mobile operating system, accessibility, and driver development, among other areas. The foundation has maintained the High Priority Projects list since 2005, when it contained just four free software projects. [That rose to 12 projects by 2008, though the changelog shows at least seven projects have since been removed.] Today's version mostly identifies priority areas, along with a few specific projects in key areas.
The new list shows the FSF will continue financially supporting Replicant, their free version of Android, and they're also still supporting projects to create a free software replacement for Skype with real-time voice and video capabilities. But they're now also prioritizing various projects to replace Siri, Google Now, Alexa, and Cortana with a free-software personal assistant, which they view as "crucial to preserving users' control over their technology and data while still giving them the benefits such software has for many."

And other priorities now include internationalization, accessibility, decentralization and self-hosting, and encouraging governments to adopt free software.

JG0LD quotes a report from Network World: Microsoft announced today that it has added support for the Intel-backed Clear Linux distribution in instances for its Azure public cloud platform. It's the latest in a lengthy string of Linux distributions to become available on the company's Azure cloud. BrianFagioli adds from BetaNews: In other words, users of the company's cloud platform can set up a virtual machine using this distribution in addition to existing Linux-based operating systems. "Today, we're excited to announce the availability of Clear Linux OS for Intel Architecture in Azure Marketplace. Clear Linux OS is a free, open-source Linux distribution built from the ground up for cloud and data center environments and tuned to maximize the performance and value of Intel architecture. Microsoft Azure is the first public cloud provider to offer Clear Linux, and we're really excited about what it means for Linux users in the cloud and the community at large," says Jose Miguel Parrella, Open Source Product Manager, Microsoft.

An anonymous reader quotes a report from Network World: The Orange County Weekly reports that Best Buy's "Geek Squad" repair technicians routinely search devices brought in for repair for files that could earn them $500 reward as FBI informants. This revelation came out in a court case, United States of America v. Mark A. Rettenmaier. Rettenmaier is a prominent Orange County physician and surgeon who took his laptop to the Mission Viejo Best Buy in November 2011 after he was unable to start it. According to court records, Geek Squad technician John "Trey" Westphal found an image of "a fully nude, white prepubescent female on her hands and knees on a bed, with a brown choker-type collar around her neck." Westphal notified his boss, who was also an FBI informant, who alerted another FBI informant -- as well as the FBI itself. The FBI has pretty much guaranteed the case will be thrown out by its behavior, this illegal search aside. According to Rettenmaier's defense attorney, agents conducted two additional searches of the computer without obtaining necessary warrants, lied to trick a federal magistrate judge into authorizing a search warrant for his home, then tried to cover up their misdeeds by initially hiding records. Plus, the file was found in the unallocated "trash" space, meaning it could only be retrieved by "carving" with sophisticated forensics tools. Carving (or file carving) is defined as searching for files or other kinds of objects based on content, rather than on metadata. It's used to recover old files that have been deleted or damaged. To prove child pornography, you have to prove the possessor knew what he had was indeed child porn. There has been a court case where files found on unallocated space did not constitute knowing possession because it's impossible to determine who put the file there and how, since it's not accessible to the user under normal circumstances.

Reader coondoggie writes: The Federal Trade Commission has filed a complaint against network equipment vendor D-Link saying inadequate security in the company's wireless routers and Internet cameras left consumers open to hackers and privacy violations. The FTC, in a complaint filed in the Northern District of California charged that "D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras." For its part, D-Link Systems said it "is aware of the complaint filed by the FTC." According to the FTC's complaint, D-Link promoted the security of its routers on the company's website, which included materials headlined "Easy to secure" and "Advance network security." But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws such as "hard-coded" login credentials integrated into D-Link camera software -- such as the username âoeguestâ and the password âoeguestâ -- that could allow unauthorized access to the cameras' live feed, etc.

In response to the California Department of Motor Vehicles ordering Uber's autonomous vehicles off the roads in San Francisco due to a lack of a permit, Florida state Sen. Jeff Brandes said he welcomes the company with open arms. Brandes tweeted: "Hey @Uber, unlike California we in Florida welcome driverless cars -- no permit required. #OpenForBusiness #FlaPol." PolitiFact reports: Several car companies are developing fully autonomous or self-driving cars operated by computers and testing them in some states. But it could be several years before they are broadly publicly available due to the cost, questions about liability and the technology and as state government officials grapple with oversight. While California's law requires a permit, that's not the case in Florida. "Florida has the least restrictive active state laws for the operation of autonomous vehicles," said John Terwilleger, an attorney at Gunster, Yoakley -- Stewart in West Palm Beach. Terwilleger represents a company that is involved in developing and using autonomous vehicles in Florida. In 2012, the Florida Legislature passed a law co-sponsored by Brandes that allowed a person with a valid driver's license to operate an autonomous vehicle. Before companies could test autonomous cars, they had to submit proof that they had $5 million in insurance. But in 2016, the Florida Legislature passed new rules that eliminated some of the previous requirements, including the $5 million in insurance. The new law also got rid of the requirement that a human operator be present in the vehicle, as long as an operator can be alerted in case of technology failure and stop the vehicle. Since there is no permit for autonomous vehicles, the state has no information regarding how many Floridians own one, said Beth Frady, spokeswoman for the Florida Department of Highway Safety and Motor Vehicles. Florida law treats an autonomous vehicle in the same manner as any other motor vehicle operating on our roads, said Chris Spencer, a spokesman for Brandes. "There are no requirements for additional permitting, licensing, or approval from any state or local government body to operate an autonomous vehicle on our roads," he said. That's still the case, even though Florida was the location of the first fatality involving a self-driving car. In May, Joshua Brown, was killed when his Tesla while on autopilot crashed into a tractor-trailer in Williston.

Calling it "the next revolution in roadway safety," the U.S. Department of Transportation hopes to standardize "vehicle communications" technology. Slashdot reader coondoggie writes: The idea is to enable a multitude of new crash-avoidance applications that could save lives by preventing "hundreds of thousands of crashes every year by helping vehicles 'talk' to each other," the DOT stated... [D]evices would use the dedicated short range communications to transmit data, such as location, direction and speed, to nearby vehicles. That data would be updated and broadcast up to 10 times per second to nearby vehicles, and using that information, V2V-equipped vehicles can identify risks and provide warnings to drivers to avoid imminent crashes.
Self-driving cars (and human drivers) could be informed when it's safe to enter the passing lane (or when cars move into a vehicle's blind spot), for example, and "often in situations in which the driver and on-board sensors alone cannot detect the threat." Federal agencies estimate it will cost just $350 per vehicle by 2020 (and dropping over the decades to come), and they've also already issued guidelines about securing these systems from unauthorized access.

An anonymous reader quotes a report from Network World: Some 2.7 million ATT customers will share $88 million in compensation for having had unauthorized third-party charges added to their mobile bills, the Federal Trade Commission announced this morning. The latest shot in the federal government's years-long battle against such abuses, these refunds will represent the most money ever recouped by victims of what is known as "mobile cramming," according to the FTC. From an FTC press release: "Through the FTC's refund program, nearly 2.5 million current ATT customers will receive a credit on their bill within the next 75 days, and more than 300,000 former customers will receive a check. The average refund amount is $31. [...] According to the FTC's complaint, ATT placed unauthorized third-party charges on its customers' phone bills, usually in amounts of $9.99 per month, for ringtones and text message subscriptions containing love tips, horoscopes, and 'fun facts.' The FTC alleged that ATT kept at least 35 percent of the charges it imposed on its customers." The matter with ATT was originally made public in 2014 and also involved two companies that actually applied the unauthorized charges, Tatto and Acquinity.

Does Ethernet need new features like "stream reservation" and time synchronization to make sure time-sensitive data isn't delayed on the network? coondoggie quotes Network World: The demand from Internet of Things, automotive networking and video applications are driving changes to Ethernet technology that will make it more time-sensitive. Key to those changes are a number of developing standards but also a push this week from the University of New Hampshire InterOperability Laboratory to set up three new industry specific Ethernet Time-Sensitive Networking consortiums -- Automotive Networking, Industrial Networking, and ProAV Networking aimed at developing deterministic performance within standard Ethernet for real-time, mission critical applications. "Standards-based precise time, guaranteed bandwidth, and guaranteed worst-case latency in a converged Ethernet network is a game-changer to many industries," said Bob Noseworthy, Chief Engineer, UNH-IOL.
The article also acknowledges the work of the Avnu Alliance, which is also trying to build an ecosystem of "low-latency, time-synchronized, highly reliable synchronized networked devices using open standards through certification."

Tuesday Microsoft updated their open source Microsoft Cognitive Toolkit (CNTK), adding support for both C++ and Python. "This announcement is more than a point release..." argues Network World. "It's the recognition of AI and machine learning as the next big platform after mobile." This announcement represents a shift in Microsoft's customer focus from research to implementation... The toolkit is a supervised machine learning system in the same category of other open-source projects such as Tensorflow, Caffe and Torch. Microsoft is one of the leading investors in and contributors to the open machine learning software and research community. A glance at the Neural Information Processing Systems conference reveals that there are just four major technology companies committed to moving the field of neural networks forward: Microsoft, Google, Facebook and IBM.
A Microsoft engineer described CNTK as "democratizing AI," according to Microsoft's announcement, which also notes that their toolkit "has been optimized to best take advantage of the NVIDIA hardware and Azure networking capabilities that are part of the Azure offering."

An anonymous reader quotes a report from Network World: As Phil Schiller explained during today's event, Apple's new MacBook Pros feature four Thunderbolt 3 USB Type-C ports, and conveniently, each of these can be used to charge the machine. Now, USB-C is incredibly versatile, and Apple will use the advanced port for power charging, HDMI and much more. However, with USB-C the only game in town, you might reasonably be wondering: How in the world do I connect my iPhone to my sleek new MacBook Pro? The frustrating answer is that you won't be able to do so out of the box. Instead, you'll have to buy a dongle. This is especially frustrating because many people use their notebooks for a) charging purposes when an outlet isn't necessarily handy and b) for transferring photos and other data. Now, you might reasonably state that you can just rely upon the cloud for items like data transfer, but there's no getting around the fact that Apple's efforts in the cloud still leave much to be desired. How much will it cost to connect your iPhone to your brand new MacBook Pro? Well, Apple sells a USB-C to Lightning cable on its website for $25. While this is undoubtedly frustrating, we can't say that it's entirely unexpected given Apple gave us a preview of its preference for USB-C when it released its 12-in. MacBook last year. Still, it's a funky design choice for a decidedly Pro-oriented device where the last thing a prospective consumer would want to do is spend some extra cash for a dongle after spending upwards of $2,399. Lastly, while we're on the topic of ports, it's worth noting that the new MacBook Pros also do away with the beloved MagSafe connector.

An anonymous reader quotes a report from Network World: President Barack Obama today issued an Executive Order that defines what the nation's response should be to a catastrophic space weather event that takes out large portions of the electrical power grid, resulting in cascading failures that would affect key services such as water supply, healthcare, and transportation. The Executive Order ideally will coordinate the responses across government agencies such as NASA, the Departments of Homeland Security, Energy and others to help minimize economic loss and save lives by enhancing national security, identifying successful mitigation technologies, and ordering the creation of nationwide response and recovery plans and procedures, the White House stated. Further, the Executive Order will enhance the scientific and technical capabilities of the United States, including improved prediction of space-weather events and their effects on infrastructure systems and services. By this action, the Federal Government will lead by example and help motivate State and local governments, and other nations, to create communities that are more resilient to the hazards of space weather. The Executive Order reinforces the formal National Space Weather Strategy and accompanying Action Plan which were announced last year. It also bolsters other work such as the replacement of aging satellites that monitor and help forecast space weather, proposing space-weather standards for both the national and international air space, development of regulations to ensure the continued operation of the electric grid during an extreme space weather event, proposing a new option for replacing crucial Extra High Voltage (EHV) transformers damaged by space weather, and developing domestic production sources for EHV transformers, the White House wrote.

Reader coondoggie writes: As expected the IEEE has ratified a new Ethernet specification -- IEEE P802.3bz -- that defines 2.5GBASE-T and 5GBASE-T, boosting the current top speed of traditional Ethernet five-times without requiring the tearing out of current cabling. The Ethernet Alliance wrote that the IEEE 802.3bz Standard for Ethernet Amendment sets Media Access Control Parameters, Physical Layers and Management Parameters for 2.5G and 5Gbps Operation lets access layer bandwidth evolve incrementally beyond 1Gbps, it will help address emerging needs in a variety of settings and applications, including enterprise, wireless networks. Indeed, the wireless component may be the most significant implication of the standard as 2.5G and 5G Ethernet will allow connectivity to 802.11ac Wave 2 Access Points, considered by many to be the real driving force behind bringing up the speed of traditional NBase-T products.

Network World's news editor contacted Slashdot with this report: A Cisco bug report addressing "partial data traffic loss" on the company's ASR 9000 Series routers contended that a "possible trigger is cosmic radiation causing SEU [single-event upset] soft errors." Not everyone is buying: "It IS possible for bits to be flipped in memory by stray background radiation. However it's mostly impossible to detect the reason as to WHERE or WHEN this happens," writes a Redditor identifying himself as a former [technical assistance center] engineer...
"While we can't speak to this particular case," Cisco wrote in a follow-up, "Cisco has conducted extensive research, dating back to 2001, on the effects cosmic radiation can have on our service provider networking hardware, system architectures and software designs. Despite being rare, as electronics operate at faster speeds and the density of silicon chips increases, it becomes more likely that a stray bit of energy could cause problems that affect the performance of a router or switch."

Friday a commenter claiming to be Xander Thuijs, Cisco's principal engineer on the ASR 9000 router, posted below the article, "apologies for the detail provided and the 'concept' of cosmic radiation. This is not the type of explanation I would like to see presented to the respected users of our products. We have made some updates to the DDTS [defect-tracking report] in question with a more substantial data and explanation. The issue is something that we can likely address with an FPD update on the 2x100 or 1x100G Typhoon-based linecard."

Long-time Slashdot reader coondoggie quotes Network World: Spam is back in a big way -- levels that have not been seen since 2010 in fact. That's according to a blog post from Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet... "Many of the host IPs sending Necurs' spam have been infected for more than two years.

"To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions... This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again."
Before this year, the SpamCop Block List was under 200,000 IP addresses, but surged to over 450,000 addresses by the end of August. Interestingly, Proofpoint reported that between June and July, Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.

It can be a nonfiction book, or a fictional narrative where technology plays a key role. I recently started to read 'The Rise of the Robots' by Martin Ford. It talks about how robots are threatening mass unemployment more than they ever did before. I also found Andrew Blum's 'Tubes: A Journey to the Center of the Internet' quite insightful. I would like to read 'The Victorian Internet: The Remarkable Story of the Telegraph and the Nineteenth Century's On-line Pioneers'.

What are some of your favorite tech-centric books? And which book are you currently reading, or recently finished?

More than a dozen IT professionals said they've disabled the LEDs on wireless access points, according to a Network World article shared by Slashdot reader alphadogg: Some users don't want a beacon shining in their eyes as they try to get to sleep and others worry about the health effects of a blue light glowing all night. Some even resort to unplugging the gear when they're not using it.... "It seems when you are sick and laying in a hospital bed and have trouble sleeping, the single LED shining in your eyes is an issue," [says the wireless network staff specialist for Penn State College of Medicine]. "I get it and understand it..."

Network pros say they have begun asking vendors such as Cisco if they can provide an easier way to dim, rather than turn off the lights on the access points entirely, via wireless controllers. And some would like to see more granular control, such that the power light could be left on to comfort end users that the device is working, but blinking lights could be turned off or dimmed to avoid bothering them.
End users have tried "all sorts of makeshift fixes -- from Post-it notes to bandages to condom wrappers," but one network architect complains that when they disable the LEDs altogether, "I invariably get a ticket (or more) that the access point is offline and wireless is broken because there are no lights on..." On the plus side, when they then re-enable the LED lghts, "magically the wireless performance and coverage is perfect!"

"Europe and South America are the biggest hotspots for open-source use in government," reports Network World, while Bulgaria requires all software written for the government to be FOSS. Slashdot reader alphadogg quotes their report: It's become increasingly common over the past decade or so to see laws being passed to either mandate the use of open-source software or, at the very least, encourage people in government who make procurement decisions to do so. Here's a map of the status of open-source laws around the world.

coondoggie quotes a report from Network World: A 17.5 foot long, 5.5 foot wide and 1.5 foot tall the 3D printed aircraft design tool has earned the title of largest solid 3D printed item by Guinness World Records. The 1,650 lb. apparatus known as a trim-and-drill tool is comparable in length to a large sport utility vehicle and will ultimately be tested for use in building the Boeing 777X passenger jet. Basically the tool will be used to secure the jet's composite wing skin for drilling and machining before assembly, according to researchers at the Department of Energy's Oak Ridge National Laboratory (ONRL) who developed the tool. "The existing, more expensive metallic tooling option we currently use comes from a supplier and typically takes three months to manufacture using conventional techniques," said Leo Christodoulou, Boeing's director of structures and materials in a statement. "Additively manufactured tools, such as the 777X wing trim tool, will save energy, time, labor and production cost and are part of our overall strategy to apply 3D printing technology in key production areas."

Long-time Slashdot reader coondoggie quotes an article from Network World: The FBI today said it released a new application making it easier for the public -- as well as financial institutions, law enforcement agencies, and others -- to view photos and information about bank robberies in different geographic areas of the country.
The FBI's new "Bank Robbers" application runs on both Android and iOS, according to the article, "and lets users sort bank robberies by the date they occurred, the category they fall under (i.e., armed serial bank robber), the FBI field office working the case, or the state where the robbery occurred." The app ties into BankRobbers.fbi.gov, which overlays FBI information about bank robberies onto Google Maps.

The app's users "can also select push notifications to be informed when a bank robbery has taken place near their location," according to the FBI's site, which adds innocently that "If the location services on your device are enabled, you can view a map that shows the relevant bank robberies that took place in your geographic area..."

Here's the highlight reel from the DARPA-sponsored "Cyber Grand Challenge" competition. Slashdot reader alphadogg writes: Cyber-reasoning platform Mayhem pulled down the $2 million first prize in a competition...that pitted entrants against each other in the classic hacking game Capture the Flag, never before played by programs running on supercomputers. A team from Carnegie Mellon University spin-out All Secure entered Mayhem in the competition against six other programs played in front of thousands in the ballroom of the Paris hotel in Las Vegas. Most of the spectators were in town for the DEF CON hacker conference starting Friday at the same site.
The Electronic Frontier Foundation wrote "We think that this initiative by DARPA is very cool, very innovative, and could have been a little dangerous." Sharing their blog post about automated security research, the EFF's staff technologist Peter Eckersley writes: EFF is asking, does research like that need a safety protocol?

coondoggie quotes a report from Network World: The Federal Aviation Administration this week granted permission to a privately-held space firm to launch a robotic spacecraft to the moon. Moon Express expects to launch its MX-1 spacecraft on a two-week mission to the lunar surface in 2017. The MX-1, which is about as large as a suitcase will include instruments and a camera to explore the moon's surface. Moon Express has a contract with Rocket Lab USA for 3 lunar missions between 2017 and 2020. They are the first private company to receive permission to go to the moon. "Moon Express applauds efforts underway by the U.S. Congress and Executive Branch to establish a permanent regulatory framework to authorize commercial activities beyond Earth orbit," said Moon Express cofounder and CEO Bob Richards. "Our 'Mission Approval' process is an interim arrangement that can be implemented quickly enough for our 2017 launch requirements, allowing us to continue to execute on our business plans under U.S. law while ensuring our activities are consistent with U.S. obligations under the Outer Space Treaty."

An anonymous reader quotes Network World: U.K.-based technology analyst firm RedMonk just released the latest version of its biannual rankings of programming languages, and once again JavaScript tops the list, followed by Java and PHP. Those are same three languages that topped RedMonk's list in January. In fact, the entire top 10 remains the same as it was it was six months ago...
Python ranked #4 on RedMonk's list, while the survey found a three-way tie for fifth place between Ruby, C#, and C++, with C coming in at #9 (ranking just below CSS). Network World argues that while change comes slowly, "if you go back deeper into RedMonk's rankings, you can see slow, ongoing ascents from languages such as Go, Swift and even TypeScript."

Interestingly, an earlier ranking by the IEEE declared C to be the top programming language of 2016, followed by Java, Python, C++, and R. But RedMonk's methodology involves studying the prevalence of each language on both Stack Overflow and GitHub, a correlation which "we believe to be predictive of future use, hence their value."

Ransomware is "generating huge profits," says Cisco. Slashdot reader coondoggie shares this report from Network World: Enterprise-targeting cyber enemies are deploying vast amounts of potent ransomware to generate revenue and huge profits -- nearly $34 million annually, according to Cisco's Mid-Year Cybersecurity Report out this week. Ransomware, Cisco wrote, has become a particularly effective moneymaker, and enterprise users appear to be the preferred target.
Many of the victims were slow to patch their systems, according to the article. One study of Cisco devices running on fundamental infrastructure discovered that 23% had vulnerabilities dating back to 2011, and 16% even had vulnerabilities dating back to 2009. Popular attack vectors included vulnerabilities in JBoss and Adobe Flash, which was responsible for 80% of the successful attacks for one exploit kit. The article also reports that attackers are now hiding their activities better using HTTPS and TLS, with some even using a variant of Tor.

New submitter Miche67 writes: As part of the July 2016 update to Office 365, Microsoft is adding several features across the board to Word, PowerPoint and Outlook. Word, however, is getting the biggest new features -- Researcher and Editor -- to improve your writing. "As its name implies, Researcher is designed to help the user find reliable sources of information by using the Bing Knowledge Graph to search for sources, and it will properly cite them in the Word document," reports Network World. "[Editor] builds on the already-existing spellchecker and thesaurus to offer suggestions on how to improve your overall writing. In addition to the wavy red line under a misspelled word and the wavy blue line under bad grammar, there will be a gold line for writing style." The new features are expected to be available later this year. In addition to the two new features added to PowerPoint last year -- Designer and Morph, Microsoft is offering Zoom, a feature that lets you easily create "interactive, non-linear presentations." "Instead of the 1-2-3-4 linear method of presenting slides, forcing you to place them all in the order you wish to display, presenters will be able to show their slides in any order they want at any time," reports Network World. "This way you can change your presentation order as needed without having to stop PowerPoint or interrupt the display." As for Outlook, Focused Inbox is coming to Office 365. Focused Inbox separates your inbox into two tabs. The "Focused" tab is where all of your high-priority emails will be found, while everything else will be in the "Other" tab. Outlook will learn from your behavior over time and sort your mail accordingly. In addition, @mentions are coming to Outlook 365 and Outlook for PC and Mac, "making it easy to identify emails that need your attention, as well as flag actions for others."

netbuzz writes: [Network World reports:] "Golfer Jordan Spieth announced this morning that he will not play in the Olympics, citing Zika, meaning the world's top four players in his sport have now opted out of going to Brazil. They're self-employed and answer to no one. But what of the rank-and-file employees who work for major technology companies sending large contingents to Brazil? Are they being asked -- or compelled -- to ignore the risks? Conversely, could women of child-bearing age be denied the opportunity to go at an employer's discretion?" Major vendors like Cisco and GE say they're not making anyone go, though at least one expert says that doing so wouldn't necessarily be a violation of employment law. When asked if anyone declined to go, a Cisco spokesperson said via email: "We're not in a position to confirm whether employees have opted out (that is between them and their manager), but we provide for that option." GE provided a similar response, saying, "No GE employees have opted out of going, but GE employees are free to opt out at any time." Patricia Pryor, an attorney at Jackson Lewis P.C. in Cincinnati who has addressed these issues in a piece for The National Law Review earlier this year, was asked by Network World as well. She says: "Employers are wise to be flexible with travel requirements to Zika-infested areas when they can and when doing so is reasonable. However, there are some jobs where the purpose of the job/or the essential functions of the job require travel to these areas. If it is not reasonable or possible to delay travel to the area, an employer generally can require employees to travel."

Slashdot reader alphadogg quotes an article from Network World: The new documentary about Stuxnet, "Zero Days", says the U.S. had a far larger cyber operation against Iran called Nitro Zeus that has compromised the country's infrastructure and could be used as a weapon in any future war. Quoting unnamed sources from inside the NSA and CIA, the movie says the Nitro Zeus program has infiltrated the systems controlling communications, power grids, transportation and financial systems, and is still ready to "disrupt, degrade and destroy" that infrastructure if a war should break out with Iran...

For the more technically inclined, the film contains some riveting interviews with researchers at Symantec who devoted their lives to unraveling the code line by line to figure out what it did, how it did it, who created it and what the target was. It was also a bit chilling in that after they figured out that governments were behind the worm they worried that the researchers themselves might be targeted to keep them silent. One Friday night, says Symantec researcher Eric Chien, he said to his research partner Liam O Murchu, "I'm not suicidal. If I should show up dead on Monday, it wasn't me."
In the film former NSA and CIA director Gen. Michael Hayden says "This stuff is hideously over classified."

Network World's Alan Zeichi recently argued "We need a better Private Browsing mode." Slashdot reader Miche67 writes: As this writer says, Chrome's Incognito Mode "doesn't offer strong protection at all." [Incognito mode "only prevents Chrome from saving your site visit activity. It won't stop other sources from seeing your browsing activity."] And Firefox's Private Browsing with Tracking Protection -- while stronger than Chrome -- is an all-or-nothing option. "You can't turn it off for sites you trust, but have it otherwise enabled by default."
The submission ends, "Every single link to non-trusted websites should open, by default, in a Private/Incognito window. C'mon, browser makers, get this done." This raises two questions. How do Slashdot's readers browse? And do you think we need a better private mode for web browsing?

Reader alphadogg writes: Researchers are adding bugs to experimental software code in order to ultimately wind up with programs that have fewer vulnerabilities. The idea is to insert a known quantity of vulnerabilities into code, then see how many of them are discovered by bug-finding tools. By analyzing the reasons bugs escape detection, developers can create more effective bug-finders, according to researchers at New York University in collaboration with others from MIT's Lincoln Laboratory and Northeastern University. They created large-scale automated vulnerability addition (LAVA), which is a low-cost technique that adds the vulnerabilities."The only way to evaluate a bug finder is to control the number of bugs in a program, which is exactly what we do with LAVA," says Brendan Dolan-Gavitt, a computer science and engineering professor at NYU's Tandon School of Engineering.

New submitter Miche67 writes: Two reports say Microsoft is working on an all-in-one (AIO) PC under the Surface brand. If that's true, it would put it in competition with HP and Dell, which have their own AIO lines, as well as put it in competition with Apple's iMac. Network World reports: "Both DigiTimes and Windows Central picked up on the story, each citing their own sources. DigiTimes, a Taiwan-based publication with connections to the PC industry over there (but also a very mixed record of accuracy) said the new devices would come in the third quarter of this year. Windows Central, which is a little better when it comes to rumors, said it did not have a solid release date." Business Insider was able to find a patent filing by Microsoft for a desktop PC that supports the rumored AIO design. "The device is evidently targeting a 'modern and elegant' design and is meant to be something akin to a premium appliance or furniture," Windows Central wrote. Intel's release date of the new Kaby Lake line of processors around Q3 of this year complicates things. While Kaby Lake is said to be more mobile-friendly with less power consumption and heat, they would make for a good choice for an AIO machine. However, it would be pushing it for Microsoft to release its AIO machines in the same quarter that Kaby Lake is due. On a semi-related note, a programmer at Building 88 recently confirmed that Microsoft will release Surface 5 devices next year powered by Kaby Lake processors. He posted pictures of four device holders marked "2017" on his Twitter account.

Business have lost over $3 billion because of compromised e-mail accounts, the FBI reports, citing "a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments." 22,143 business have been affected -- 14,302 within the U.S. -- with a total dollar loss of $3,086,250,090, representing an increase of 1,300% since January of 2015.

Using social engineering or "computer intrusion techniques," the attackers target employees responsible for wire transfers (or issuing checks) using five scenarios, which include bogus invoices or executive requests for a wire transfer of funds, with some attackers even impersonating a corporate law firm. "Victims report that IP addresses frequently trace back to free domain registrars," warns the FBI's Internet Crime Complaint Center, which also urges businesses to avoid free web-based e-mail accounts.

An anonymous reader quotes a report from Network World: Ahead of Apple's WWDC keynote this year, one of the more bizarre and sketchy rumors we saw take shape claimed that Apple was planning to deliver iMessage to Android. As is typically the case, the rumor mill took this somewhat ridiculous rumor and ran with it. The only problem is that some people were so busy trying to figure out the ramifications of iMessage hitting Android that they didn't take a step back and try and figure out if this is something Apple would even contemplate in the first place. Remember, every move Apple makes is strategic and geared towards making more money, either via device sales or software. That being the case, iMessage on Android would not only be a free app, but it would also eliminate a user-experience advantage of iOS. Interestingly enough, Walt Mossberg of The Verge asked a senior Apple executive about the rumor whereupon the nameless executive all but indicated that iMessage will never be coming to Android. Walt Mossberg writes: "First, he said, Apple considers its own user base of 1 billion active devices to provide a large enough data set for any possible AI learning the company is working on. And, second, having a superior messaging platform that only worked on Apple devices would help sales of those device -- the company's classic (and successful) rationale for years."

New submitter Miche67 writes: A recent Boing Boing blog post by Damien Zammit is stirring up fears, claiming Intel's x86 processors have a secret control mechanism that no one can audit or examine. And because of that, he says it could expose systems to undetectable rootkit attacks that cannot be killed.
Blogger Andy Patrizio, after talking with an Intel spokesperson, says the developer's argument has holes and he doesn't think Zammit will persuade Intel to replace the system with a free, open source option.

So, what we have is an open source crusader scaring the daylights out of people on a giant what-if scenario that even he admits couldn't happen in our lifetimes.

An Intel spokesperson told the publication: While the Intel Management Engine is proprietary and Intel does not share the source code, it is very secure. Intel has a defined set of policies and procedures, managed by a dedicated team, to actively monitor and respond to vulnerabilities identified in released products. In the case of the Intel Management Engine, there are mechanisms in place to address vulnerabilities should the need arise.