Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
Canadian Agency Drops Cases Rather Than Deal With New Requirements For ISP Info
An anonymous reader points out this story about what has happened since the Supreme Court of Canada's ruling on the warrantless disclosure of subscriber information to law enforcement from ISPs. "A funny thing happens when courts start requiring more information from law enforcement: law enforcers suddenly seem less interested in zealously enforcing the law. Back in June of this year, Canada's Supreme Court delivered its decision in R. v. Spencer, which brought law enforcement's warrantless access of ISP subscriber info to an end. 'In a unanimous decision written by (Harper appointee) Justice Thomas Cromwell, the court issued a strong endorsement of Internet privacy, emphasizing the privacy importance of subscriber information, the right to anonymity, and the need for police to obtain a warrant for subscriber information except in exigent circumstances or under a reasonable law.' The effects of this ruling are beginning to be felt. Michael Geist points to a Winnipeg Free Press article that details the halcyon days of the Royal Canadian Mounted Police's warrantless access. 'Prior to the court decision, the RCMP and border agency estimate, it took about five minutes to complete the less than one page of documentation needed to ask for subscriber information, and the company usually turned it over immediately or within one day.'" -
Neglecting the Lessons of Cypherpunk History
Nicola Hahn writes Over the course of the Snowden revelations there have been a number of high profile figures who've praised the merits of encryption as a remedy to the quandary of mass interception. Companies like Google and Apple have been quick to publicize their adoption of cryptographic countermeasures in an effort to maintain quarterly earnings. This marketing campaign has even convinced less credulous onlookers like Glenn Greenwald. For example, in a recent Intercept piece, Greenwald claimed:
"It is well-established that, prior to the Snowden reporting, Silicon Valley companies were secret, eager and vital participants in the growing Surveillance State. Once their role was revealed, and they perceived those disclosures threatening to their future profit-making, they instantly adopted a PR tactic of presenting themselves as Guardians of Privacy. Much of that is simply self-serving re-branding, but some of it, as I described last week, are genuine improvements in the technological means of protecting user privacy, such as the encryption products now being offered by Apple and Google, motivated by the belief that, post-Snowden, parading around as privacy protectors is necessary to stay competitive."
So, while he concedes the role of public relations in the ongoing cyber security push, Greenwald concurrently believes encryption is a "genuine" countermeasure. In other words, what we're seeing is mostly marketing hype... except for the part about strong encryption.
With regard to the promise of encryption as a privacy cure-all, history tells a markedly different story. Guarantees of security through encryption have often proven illusory, a magic act. Seeking refuge in a technical quick fix can be hazardous for a number of reasons. -
Neglecting the Lessons of Cypherpunk History
Nicola Hahn writes Over the course of the Snowden revelations there have been a number of high profile figures who've praised the merits of encryption as a remedy to the quandary of mass interception. Companies like Google and Apple have been quick to publicize their adoption of cryptographic countermeasures in an effort to maintain quarterly earnings. This marketing campaign has even convinced less credulous onlookers like Glenn Greenwald. For example, in a recent Intercept piece, Greenwald claimed:
"It is well-established that, prior to the Snowden reporting, Silicon Valley companies were secret, eager and vital participants in the growing Surveillance State. Once their role was revealed, and they perceived those disclosures threatening to their future profit-making, they instantly adopted a PR tactic of presenting themselves as Guardians of Privacy. Much of that is simply self-serving re-branding, but some of it, as I described last week, are genuine improvements in the technological means of protecting user privacy, such as the encryption products now being offered by Apple and Google, motivated by the belief that, post-Snowden, parading around as privacy protectors is necessary to stay competitive."
So, while he concedes the role of public relations in the ongoing cyber security push, Greenwald concurrently believes encryption is a "genuine" countermeasure. In other words, what we're seeing is mostly marketing hype... except for the part about strong encryption.
With regard to the promise of encryption as a privacy cure-all, history tells a markedly different story. Guarantees of security through encryption have often proven illusory, a magic act. Seeking refuge in a technical quick fix can be hazardous for a number of reasons. -
Sony Employees Receive Email Threat From Hackers: 'Your Family Will Be In Danger
MojoKid writes: Things are going from bad to worse when it comes to the recent Sony Pictures Entertainment breach. Not only has sensitive financial information been released — including the salaries of high-ranking Sony executives — but more damaging personal information including 47,000 Social Security numbers of employees and actors have been leaked to the internet. We're now learning some even more disturbing details, unfortunately. Guardians of Peace (GOP), the hackers claiming responsibility for infiltrating Sony's computer network, are now threatening to harm the families of Sony employees. GOP reportedly sent Sony employees an email, which just so happened to be riddled with spelling and grammatical errors, that read in part, "your family will be in danger." -
Make a Kids' Power Wheel Toy Awesome for $500 (Video)
You can spend less than $500 if you like. That's the maximum amount allowed if you're competing in the Power Racing Series. Interviewee Josh Lee is a member of the Southern Polytechnic State University Electric Vehicle Team. The modified electric 'ride on' toy they showed off and raced at Maker Faire Atlanta (where this video was made) is just one of their many projects. And, obviously, they're just one of many 'slightly deranged' teams involved in learning about and building electric vehicles. (Alternate Video Link) -
Consumer-Grade SSDs Survive Two Petabytes of Writes
crookedvulture writes The SSD Endurance Experiment previously covered on Slashdot has reached another big milestone: two freaking petabytes of writes. That's an astounding total for consumer-grade drives rated to survive no more than a few hundred terabytes. Only two of the initial six subjects made it to 2PB. The Kingston HyperX 3K, Intel 335 Series, and Samsung 840 Series expired on the road to 1PB, while the Corsair Neutron GTX faltered at 1.2PB. The Samsung 840 Pro continues despite logging thousands of reallocated sectors. It has remained completely error-free throughout the experiment, unlike a second HyperX, which has suffered a couple of uncorrectable errors. The second HyperX is mostly intact otherwise, though its built-in compression tech has reduced the 2PB of host writes to just 1.4PB of flash writes. Even accounting for compression, the flash in the second HyperX has proven to be far more robust than in the first. That difference highlights the impact normal manufacturing variances can have on flash wear. It also illustrates why the experiment's sample size is too small to draw definitive conclusions about the durability of specific models. However, the fact that all the drives far exceeded their endurance specifications bodes well for the endurance of consumer-grade SSDs in general. -
Technical Hitches Delay Orion Capsule's First Launch
According to NBC news, "A series of delays held up the maiden launch of NASA's Orion capsule on Thursday, adding some extra suspense to the first test of a spacecraft that's designed to take humans farther than they've ever gone — including to Mars." The much-anticipated launch, which had been scheduled for launch 7:05 a.m. Florida time, is to boost into orbit — empty — an instance of the Orion crew capsule intended to be part of a manned mission to Mars. As of shortly after 9 a.m. eastern time, troubleshooting has been in progress on the Alliance Delta 4 launch vehicle's hydrogen fill and drain valves in attempt to make the launch within today's launch window, which extends to 9:44 a.m. Besides the technical problem with those valves, the launch was delayed by wind, as well as by a boat that strayed into a restricted area. (Shades of the stray-boat delay in October for Orbital Science's ISS delivery launch.) Friday and Saturday have been designated as backup dates. Update: 12/04 15:03 GMT by T : The launch has been scrubbed. -
Kiva Systems Co-Founder: Drone Delivery Could Be As Low As 20 Cents Per Package
Hallie Siegel writes A year ago, Amazon announced its plans for Prime Air — a drone delivery service. Recently Amazon has been posting job ads, saying they are looking for drone pilots. Whatever the regulatory issues, is drone delivery financially feasible? ETH Zurich professor Raffaello D'Andrea thinks it is economically feasible to deliver small packages by drone. D'Andrea is responsible for the Flying Machine Arena ("a space where flying robots live and learn") and is co-founder of Kiva Systems, the company acquired by Amazon for $775 million in cash that innovated the robotic fulfillment system that Amazon is now implementing in many of its warehouse facilities. -
Twitter Should Use Random Sample Voting For Abuse Reports
Bennett Haselton writes: Twitter has announced new protocols for filing and handling abuse reports, making it easier to flag specific types of content (e.g. violence or suicide threats). But with the volume of abusive tweets being reported to the company every day, the internal review process will always be a bottleneck. The company could handle more abuse reports properly by recruiting public volunteers. Read what Bennett thinks below.In August, Twitter user Kristin Puhl made public the fact that another Twitter user had tweeted at her:
f@#king die feminist moron i'm coming after u and raping u.
and when Puhl filed an abuse complaint with Twitter, Twitter responded after two days:
We've investigated the account and reported Tweets for violent threats and abusive behavior, and have found that it's currently not violating the Twitter Rules (https://twitter.com/rules).
(The "rules" linked in the message include the clause "You may not publish or post direct, specific threats of violence against others.") Twitter must have changed their mind eventually, because the account of the user who sent the message is now gone, but why didn't they close it the first time?
Twitter can't effectively adjudicate all the abuse complaints that they get, but I don't blame them. I don't think they publicize numbers for how many abuse complaints they receive every day, but I'm sure that it's more than an internal review panel could handle fairly. Twitter should not be faulted for that. They've created a world-changing tool, and they shouldn't have had to stifle the growth of their platform just because it grew faster than their ability to handle the abuse reports.
But now that they're publicizing their latest tools for handling online harassment, it's fair to ask more of them. And while the tools may streamline the process of categorizing incoming abuse reports, there's always going to be a human review bottleneck, which will get tighter as the Twitter platform continues to grow.
So I'd suggest the same solution that I suggested for Facebook abuse reports: recruit a pool of volunteers from the general public to review "abuse reports". (You would need a "critical mass" of at least tens of thousands of reviewers for my idea to work, but Twitter shouldn't have trouble amassing that many people for a special program.) Then when an abuse report comes in, do the following:
- Some small number of reviewers -- say, ten -- are randomly recruited from the pool of volunteers.
- Each of them looks at the reported content and the category of abuse that it was reported under, and votes Yes or No as to whether the content meets the criteria for abuse.
- If some threshold of users (say, eight) vote that it does, then the report gets bumped up to a higher-level review. This "higher-level review" could mean having a new, larger pool of users (say, twenty) look at the content and vote on it, in case the original eight-out-of-ten vote was a statistical fluke. Or it could mean forwarding the reported tweet to some human review panel at Twitter -- which now has far fewer abuse cases to review, because it only has to look at the reported tweets that cleared the hurdle of getting eight out of ten votes for violating the guidelines.
These numbers are just guesses. I might be over-optimistic about how many reviewers would even respond when Twitter asked them to vote on whether some content was abusive (even though that's what the reviewers signed up to do) -- it might turn out that to get even ten responses, Twitter would have to nag 50 people to come and vote on a piece of content. And the size of the voting initial voting panel should be large enough to avoid statistical flukes most of the time -- if a tweet is inoffensive enough that only 10% of the reviewer population would consider it "abusive", you'd have to be really unlucky to convene a panel of 10 users where 7 out of 10 voted to label the tweet as "abuse".
As long as the size of the reviewer population grows in proportion with the Twitter user base (or, more precisely, as long as it grows in proportion with the volume of abuse reports coming in), this system scales as much as you want it to. (Well, unless the "higher-level review" involves review by an internal panel at Twitter, which still creates a bottleneck.)
Because the voting panel is randomly selected from among the entire pool of volunteers, that means you can't "game the system" by forming a mob with dozens of your friends so that everyone can file an abuse report about the same content at once. As long as your mob only comprises a tiny proportion of the 100,000+ reviewers in the system, there's virtually no change that a randomly selected panel would contain enough of you to swing the vote.
This could also potentially result in an almost-instant turnaround time for handling abuse cases (a matter of reassurance for victims of normal harassment, and a matter of life and death in the case of suicide threats or threats of violence). Twitter could restrict their random sample to only those users who happen to be signed in at the present moment, and who have a minute or two to review a piece of content and vote on whether it violates the guidelines.
Tweets are by definition public, so there wouldn't be any potential privacy violation in taking someone's tweet, putting it before a panel of 10 volunteer reviewers, and asking them to determine if it violated the terms of service. Direct Messages sent via Twitter, on the other hand, are intended only for the recipient, and are not public by default. If a recipient wanted to flag a Direct Message as abusive, they would have to specify whether they want the content to be reviewable by a panel of randomly selected public volunteers. So in the case of the tweet received by Kristin Puhl -- "fucking die feminist moron i'm coming after u and raping u" -- even if she had received it as a Direct Message from someone she was following (you can only receive DMs from someone if you're following them), presumably she would have been OK with showing the tweet to a panel of volunteers, who probably would have voted that it was in fact abusive. On the other hand, sometimes a user might receive abusive DMs where they want to report the abuse, but the DMs might contain sensitive information that they don't want publicized to randomly selected volunteers. So those abuse reports might have to be handled the old-fashioned way at Twitter, by internal review, which still creates a bottleneck. But hopefully the abuse reports about Direct Messages comprise only a small minority of abuse reports that Twitter receives, since most talk about abuse on Twitter comes in the form of public tweets. (If someone is "abusing" you via DMs, you can just unfollow them.)
Twitter could even be completely transparent about the entire voting process: "Your complaint has been reviewed by 10 people. 8 of them agreed that the tweet in question violated our guidelines. This is above our minimum threshold of 7 that triggers a higher-level review of this content." (Twitter presumably wouldn't want to tell the complainer who the voters on the panel were, since the complainer might harass the individual voters if the voting panel as a whole rejected the complaint. But there's no reason not to be transparent about the actual numbers.)
Why would someone sign up to volunteer to review abusive content? Maybe for the glimpse into strangers' lives. Maybe hoping to save copies of some of the porn contained in the tweets that get reported for abuse. (Of course, there are easier ways to get porn online, but maybe they get off on the fact that some particular pornographic image made someone angry and upset enough to report it.) Maybe they altruistically believe it's part of their civic duty towards the Twitter community. Maybe because they're bored.
Whatever people's myriad motivations for signing up, the important thing is that there's still a statistically significant difference between the number of "yes" votes received when content truly is abusive, and when it's not. Even if you have people signing up as reviewers for all kinds of weird reasons, a tweet like "fucking die feminist moron i'm coming after u and raping u" is still going to receive, on average, more "yes" votes than a tweet like "I respectfully disagree, so let's go our separate ways".
If Twitter were nervous about rolling out a system like this, ceding control of the abuse-report-handling process to a pool of volunteers, they could always do their own random sampling of the random-sample-voting system, to see how it was working. An internal auditor could pull 100 of the abuse report cases that have been handled by the random-sample-voting system recently, decide in each case whether the tweet did in fact violate the abuse guidelines, and then look to see if the voting system reached the same answer. As a control in the experiment, look at some abuse reports that were routed to the old-fashioned internal review panel during the same period, see how they handled the reports, and see how they fared in comparison. I would confidently bet money that the random sample voting system would handle the abuse reports more accurately, and faster, as well.
This won't do much to deter abusers who create an endless series of throwaway accounts for harassment purposes, which makes it futile to block or report any particular account. But it would at least get step zero right, which is to correctly adjudicate whether a tweet is abusive or not. And it would do it in a way that is scalable, non-gameable, and transparent. Plus a few volunteers would get an interesting story to tell at dinner.
-
Interviews: Malcolm Gladwell Answers Your Questions
A few weeks ago, you had a chance to ask Malcolm Gladwell about his writing and social science research. Below you'll find his answers to your questions. Genetics
by Anonymous Coward
Today, your continued belief in the Tabula Rasa myth seems increasingly outdated and contradicted by a wide variety of research from many notable evolutionary psychologists and genetics researchers. How do you continue to believe that intelligence and ability is not significantly genetic despite overwhelming evidence to the contrary?
Gladwell: I'm not sure where you got the idea that I'm a "Tabula Rasa" believer. believe me: as a life-long competitive runner, I'm only too aware of the large contribution innate differences make to performance. I guess I would just say that I find the environmental piece of the equation more interesting, from an analytical perspective, because its the portion that we, as a society, can do something about. In looking at things like the 10,000 rule, I've always been interested in the interaction between nature and nature--as in, what kind of effort and resources are necessary to express native ability?
How
by werepants
You have made a career out of writing books that popularize scientific findings - it seems like this is a task fraught with potential dangers, in terms of representing something that your readers misinterpret and misapply, or perhaps taking a published study and drawing an unwarranted conclusion yourself that attracts the ire of the original researchers. Certainly, much science journalism lately can be criticized for sensationalizing scientific results in the pursuit of better headlines, sometimes at the cost of being deliberately misleading. Can you expound a bit on the issues you've run into as a purveyor of scientific results, and explain how you balance the need for a faithful presentation of the source material with the desire to find something relatable and compelling enough to write a book about?
Gladwell: Its a good question. there is always a tension between specificity and accessibility. If you are writing for an elite audience--as an academic does--the line gets shaded to one end; if you are writing for a popular audience--as I do--the line gets shaded to the other end. There is no simply or easy solution as to how those two conditions ought to be balanced. Those who pretend that you can do both simultaneously--that is, represent the full complexity of an issue and also render it comprehensible to a mass audience--are smoking crack.
Sharpshooter fallacy
by i kan reed
The areas you work in focus on very small sample sizes: software billionaires, major cultural shifts, and cases where the most improbable result happened.
Within these areas, you've developed mental frameworks off of shared elements between each. This runs into a problem, the Texas Sharpshoot fallacy. You pick out some characteristics that are shared by the things you're looking at, and then the only available data to confirm your hypothesis is the data you extracted your predictions from.
How did you address this when researching your books?
Gladwell: Story-telling is an exercise in learning from case studies. Anthropology and field sociology are, for example, exercises in extrapolating from the specific. Economics, say, or experimental psychology are exercises in drawing conclusions from group observations. I think you need both approaches. I would never say that my books should be the last word on any subject. At the same time, however, anyone who tries to construct a world view entirely from collections of empirical data will miss something crucial about the human experience.
Opinion On Basic Income
by Scottingham
I'm curious to know what your take is on a basic income for all US citizens versus our current 'conditional' welfare system. What do you think short term and long term outcome would be? Would the increased tax burden on the upper classes result in a total collapse rendering a basic income useless? My personal opinion is that it is necessary given the increasing rate of job automation coupled with our increasing population size (not to mention aging). Am I delusional? If so, why?
Gladwell: I haven't studied this issue, I'm afraid. But you've piqued my interest!
Left-Right dichotomy vs Compass
by FreedomFirstThenPeac
As a statistician, I am seriously annoyed with the usual Left-Right dichotomy we see in most press articles. While I like the Political Compass I am a bit nervous of their clustering algorithm, and the questions they use to feed the analytics. Even more interesting is Johathan Haidt who has achieved some TED Talk fame describing a five-dimensional feature space (though he does try to reduce to two clusters - liberals and conservatives). So I pose a two part question, (1) do you think the public discourse is hampered by the popular press always reducing politicians and voters to "liberals" and "conservatives"? And if you are concerned, (2) what can we do to push back against such simplifications, especially here on Slashdot?
Gladwell: Great question! As an immigrant to the United States (from Canada) I've always been amazed at the extent to which Americans love to exaggerate their differences: that is, they dwell on the left/right distinction well past the point that that particular division serves as a useful descriptor. For example, I would be labeled, in American terminology, as well left-of-center. But when I have conversations with self-styled Republicans or Libertarians, I find myself with far greater areas of agreement with them than disagreement.
Long term effects of filter bubbles/silos
by An dochasac
There is a positive feedback between human confirmation bias and reliance on information sources which increasingly give us what we want (e.g. Google/Facebook "filter bubbles", Amazon "if you like this... you'll like that." Do you expect this to create more social balkanization and extremism or other social effects? Is there anything we can do to stop or slow this process?
Gladwell: I'm suspicious of those kinds of filters that claim to give us what we want based on what we previously wanted. the things that most interest me and capture my imagination are invariably those that depart--often dramatically--from my previous patterns of experience. Filter bubbles assume we are consistent in our beliefs and wants. But what is particular about humans, surely, is our capacity for inspired and radical inconsistency. Gorbachev reached a deal with Ronald Reagan; protestants in Northern Ireland made peace with the IRA. Are these the aspects of human experience that matter the most?
Recent religious topics
by werepants
I imagine that the different circles you run in might have dramatically different responses to the religious emphasis in your recent work. What kind of reactions (wanted and unwanted) have you gotten from your recent move towards Christianity?
Gladwell: A very small amount of cynicism. A very large amount of genuine and heart-warming support.
Increasing automation
by werepants
We've got dramatic and sudden changes forecasted in the use of automation in various industries. The trucking industry alone could change in a few short years with the advent of self-driving vehicles, leaving millions out of work. What kind of social impact do you foresee with these developments - do you think this kind of automation will be a fundamentally different kind of technological advance than our society has previously dealt with?
Gladwell: I'm a skeptic. We've been replacing human labor with machines for getting on to 200 years now. Someone needs to convince me why the current automation revolution is any different from the numerous automation revolutions that have come before. A lot of the scare mongering that occurs over this issue seems to me to come from people who aren't reading their history.
Writing & Research Methods
by Sonetta
Elaborate on what ways have technological advances altered or impacted your craft. In terms of research I imagine that you must have begun as a Journalist at the end of the card catalog era. Many research studies and books are available via internet yet you continue to frequent libraries, perhaps due to the types of items and information you find within the library. Further, first person interviews are a basis to your books. Explain the significance of the face-to-face or one-on-one and the technological tools which assist you with those interviews. Also, do you ever utilize pen and paper and notebooks? Gracias!
Gladwell: I'm old school. I still go to the library. I still use paper and pencil, as well as a computer. I still love the face to face interview. Then again, I don't believe that the tools a writer uses ultimately make that much of a difference. Its your effort and the quality of your thinking that matter!
Reduced lead leading to reduced crime?
by Paul Fernhout
In The Tipping Point you advance the argument that it was better policing against minor infractions that reduced crime. "Economist Steven Levitt and Malcolm Gladwell have a running dispute about whether the fall in New York City's crime rate can be attributed to the actions of the police department and "Fixing Broken Windows" (as claimed in The Tipping Point). In Freakonomics, Levitt attributes the decrease in crime to two primary factors: 1) a drastic increase in the number of police officers trained and deployed on the streets and hiring Raymond W. Kelly as police commissioner (thanks to the efforts of former mayor David Dinkins) and 2) a decrease in the number of unwanted children made possible by Roe v. Wade, causing crime to drop nationally in all major cities -- "[e]ven in Los Angeles, a city notorious for bad policing"."
However, it looks like the drop in crime is most closely correlated with the fall in environmental lead (mostly from reducing the used of leaded gasoline). Since other places have seen their crime rate fall without drastic changes in policing, what do you think of the lead and crime connection?
Gladwell: Yes. I find a lot of the lead arguments very convincing. If I were rewriting The Tipping Point today, I think I'd definitely add a discussion of the lead question to my consideration of the decrease in crime in the mid-1990's. That's the problem with a 15-year old book! -
Valve Rolls Out Game Broadcasting Service For Steam
An anonymous reader writes: Streaming live video game footage has become increasingly popular over the past several years — popular enough that Amazon was willing to shell out $970 million for Twitch.tv. Now, Valve has announced a rival: Steam Broadcasting. Users signing up for the beta test have the option to broadcast the game they're playing. They have several options about who can see their stream: invite-only, friends only, and publicly visible. Viewing a stream is currently supported by the Steam client itself, Google Chrome, and Apple Safari. It only works on Windows 7 and 8 at this point, but Valve promises support on Linux, OS X, and Windows Vista in the future. -
The Moment of Truth For BICEP2
StartsWithABang writes: Earlier this year, the BICEP2 team shook up the world by announcing the discovery of primordial gravitational waves: a signal from the earliest stages of the Universe, going all the way back to before the Big Bang! By looking at the photon polarization data, they claimed to have surpassed the gold "5 Sigma" standard for announcing a discovery in physics. But recently, that's been walked back, as there could have been a systematic error at play: simple emission from our own Milky Way. Later this month, the Planck team will release their results, and either confirm or refute BICEP2. Here's where we stand on the eve of that announcement. -
The Moment of Truth For BICEP2
StartsWithABang writes: Earlier this year, the BICEP2 team shook up the world by announcing the discovery of primordial gravitational waves: a signal from the earliest stages of the Universe, going all the way back to before the Big Bang! By looking at the photon polarization data, they claimed to have surpassed the gold "5 Sigma" standard for announcing a discovery in physics. But recently, that's been walked back, as there could have been a systematic error at play: simple emission from our own Milky Way. Later this month, the Planck team will release their results, and either confirm or refute BICEP2. Here's where we stand on the eve of that announcement. -
FBI Seizes Los Angeles Schools' iPad Documents
An anonymous reader writes: The Los Angeles Unified School District had a bold (and expensive) plan to outfit its students with top-of-the-line technology: its 650,000 students will be given Apple iPads to use for school work. The cost? $1 billion. Unfortunately for them, the project has been plagued with problems. Now, the FBI has seized 20 boxes of documents regarding the district's procurement practices and confirmed an investigation. "Hundreds of students initially given the iPads last school year found ways to bypass security installations, downloading games and freely surfing the Web. Teachers complained they were not properly trained to instruct students with the new technology. And questions were raised after emails were disclosed showing that then-Superintendent John Deasy had been in communication with vendors Apple and Pearson before the contracts were put to bid." -
FBI Seizes Los Angeles Schools' iPad Documents
An anonymous reader writes: The Los Angeles Unified School District had a bold (and expensive) plan to outfit its students with top-of-the-line technology: its 650,000 students will be given Apple iPads to use for school work. The cost? $1 billion. Unfortunately for them, the project has been plagued with problems. Now, the FBI has seized 20 boxes of documents regarding the district's procurement practices and confirmed an investigation. "Hundreds of students initially given the iPads last school year found ways to bypass security installations, downloading games and freely surfing the Web. Teachers complained they were not properly trained to instruct students with the new technology. And questions were raised after emails were disclosed showing that then-Superintendent John Deasy had been in communication with vendors Apple and Pearson before the contracts were put to bid." -
Ben Harris Shows off the Electric Vehicle Challenge Simulator (Video)
EVChallenge is a high school student project that converts gas cars to electric. This isn't a "someday" thing. It's already happening, and Ben has worked hard to make it so in N. Carolina. There are other people around the world doing EVChallenge, and Ben does a number of things besides EVChallenge. His Kickstarter project, for instance, was called Help Bring Back Quality Science Kits (STEM Education). It closed on October 17 after 119 backers came through with $6523, which was a lot more than Ben's modest $3500 goal. This takes us to Ben's EVChallenge simulator itself, which is a simple "breadboard" simulation of the circuitry that drives an electric car so students can learn EV (electric vehicle) principles before they work on the real thing.
This is all part of the Harris Educational effort to make science teaching fun and interesting, not just with electric cars and simulations of their circuitry, but with other kits and even training services. As Ben's Training Services page says, "Harris Educational can provide face-to-face or online training for individuals, small groups, or companies. We can also help you design and implement your own training programs." So besides the video interview here, please look at Ben's pages, this article about his work, and check some of the videos on his assorted pages. It's good stuff, especially if you have (or plan to have) kids in high school. (Alternate Video Link) -
FBI: Wiper Malware Has Korean Language Packs, Hard Coded Targets
chicksdaddy sends news that the FBI has issued a warning to U.S. businesses over a "destructive" malware campaign using advanced tools. They don't name specific targets, but the information fits with the details from last week's attack on Sony Pictures, which led to the leak of several unreleased movies. A copy of the FBI's recent five-page FLASH alert reveals that the malware alleged to have wiped out systems at Sony Pictures Entertainment deployed a number of malicious modules, including a version of a commercial disk wiping tool on target systems. Samples of the malware obtained by the FBI were also found to contain configuration files created on systems configured with Korean language packs. The use of Korean could strengthen theories that the destructive cyber attacks have links to North Korea, though it is hardly conclusive. It does appear that the attack was targeted at a specific organization. The malware analyzed by the FBI contained a hard coded list of IP addresses and computer host names. -
Obama Offers Funding For 50,000 Police Body Cameras
An anonymous reader writes: Today President Obama announced $263 million worth of funding for law enforcement agencies around the country to outfit officers with body cameras and improve training. The money requires matching funds from state and local authorities, and the $75 million dedicated to body-cams should buy about 50,000 of them. This is in response to the recent events in Ferguson, Missouri. "Obama also plans to overhaul how the federal government disperses military equipment to local police departments, the White House said Monday. ... The Ferguson police department deployed officers wearing gas masks, military fatigues, stun guns and rubber bullets during the initial protests. Studies show the procurement of military equipment by police departments has been on the rise as law enforcement has been allowed to cheaply purchase gear originally deployed in Iraq and Afghanistan." -
Firefox 34 Arrives With Video Chat, Yahoo Search As Default
An anonymous reader writes: Mozilla today launched Firefox 34 for Windows, Mac, Linux, and Android. Major additions to the browser include a built-in video chat feature, a revamped search bar, and tab mirroring from Android to Chromecast. This release also makes Yahoo Search the default in North America, in place of Google. Full changelogs: desktop and Android." -
Interviews: Adora Svitak Answers Your Questions
Recently, you had a chance to ask child prodigy, author and activist, Adora Svitak, about education and women In STEM and politics. Below you'll find her answers to your questions. Question
by phantomfive
In your talk you said that kids deserve high expectations. What help do you have to reach your high expectations? What should kids do who don't have the same help?
Adora: A lot of people will say things like "kids this young aren't mature enough to handle this kind of content," with "this kind of content" meaning anything serious or controversial. Since I was a young age, my parents didn't tolerate that kind of closed-mindedness about what their daughters could or couldn't "handle"; they invited us to sit at the "adults' table," and we had the opportunity to discuss current events with family friends. They expected that our age wouldn't preclude us from developing opinions and having causes we believed in. Kids in families with more conservative definitions of what it means to be a child should find high expectations from other places--teachers, mentors, role models--and give those high expectations in turn to peers.
Child prodigies
by Anonymous Coward
To what extent do you believe child prodigies are merely products of their environment?
Adora: To clarify, I've never thought of myself as a child prodigy (contrary to how my Wikipedia page might describe me). I think that everyone's a little bit a product of their environment. My environment happened to be saturated in good literature; I remember having many, many more books than clothes. My parents and babysitters read to my sister and me all the time. I loved writing and found it to be intuitive. In that sense I credit a lot of the development of my abilities to my environment.
Microaggressions
by Kohath
Do you believe in microaggressions? Why or why not? Is a belief in microaggressions helpful or harmful? To whom is it helpful? Who should worry about microaggressions? Who shouldn't? How can someone be certain they are innocent of committing microaggressions? If someone is accused of something like committing microaggressions, are there two sides that must be considered, or only one?
Adora: I never heard of microaggressions as something to be "believed" in or not, I take it fairly for granted that they exist (particularly since I've seen them). There's a great video on YouTube called If Asians Said the Stuff White People Say that does an excellent job of outlining some of the ones folks hear every day. As someone who's half-white, half-Asian (and looks predominantly Asian) I often hear questions like "where are you from? Like, where are your parents from?" Knowing about microaggressions is very helpful, because it allows us to avoid accidentally perpetuating racist or sexist commentary. If someone is accused of committing microaggressions, it's entirely possible that there intentions were good and something hurtful was said accidentally, but that doesn't negate their responsibility to hear the offended party's response so they know how to avoid microaggressions next time.
I Don't Get It
by Tablizer
After seeing my development job outsourced to India in the early 2000's during an IT slump, I have no compulsion to steer my daughter into STEM. I hope she finds a career that she grows into and does well, STEM or not. STEM is in demand at this spot in history, but I've learned the hard way it's subject to fads, bubbles, age discrimination, H1B's, and outsourcing. Please tell me, why push women into such risk? I suspect it's lobbyists trying to get cheaper IT labor for their plutocrat bosses by flooding the market. Feel welcome to convince me otherwise.
Adora: STEM (science, technology, engineering, and math) is an extraordinarily broad set of disciplines, and like any set of disciplines, has some areas with more job opportunities and some with less. It's not inherently more risky than any other group of fields to study. Women are no less equipped to handle the "risk" that comes with STEM.
What can be done to get more women into CS?
by squisher
Hi, I'm the "typical" white male in CS gradschool. My subjective view is that CS has one of the lowest number of women compared to other STEM disciplines. I'd estimate that typically there are about 5% tops in classes or at conferences. For various reasons I think that this situation is a shame for the community and society as a whole. What do you think can be done to improve this? Thanks!
Adora: The low numbers of women in STEM should be considered a national shame. One huge problem that prevents more women from either going into CS or continuing with it is "brogramming" culture, especially in Silicon Valley startups, that promotes a macho, objectifying attitude toward women that puts "bros before hoes" (see: ousting of Whitney Wolfe from Tinder after she was harassed by another co-founder there, or Uber's CEO threatening a female journalist) and creates toxic workplace cultures. We need more programs like Girls Who Code and Black Girls Code to give young women a leg up in a supportive environment.
Happy thoughts
by Anonymous Coward
Hi Adora! Looking through any debate on gender issues is somewhat demoralizing, as there seems to be little focus on resolving the underlying issues. What do you think could be done to help people cooperate rather than yelling at each other?
Adora: Creating more opportunities for traditionally underrepresented groups to have their voices heard is incredibly important. Another thing I really like is the idea of "safe space," where groups can talk freely in the knowledge that what they say will not be used against them in any way.
Did TV make us do it?
by mrex
How much credence to you give to the theory recently put forward in a recent NPR Planet Money piece, ascribing the absence of women specifically in the computing industry to 1980s media representation of geeks and computer worker lifestyles?
Adora: My answer to this question is strongly related to my answer to the previous question about bringing more women into CS. I feel that the stereotype of CS as the domain of pasty geeks sitting around laptops in basements is honestly less harmful to the future of women in CS than the implicit or explicit discouragement of young women from entering industry that happens because of insensitive/sexist comments by professors or folks in the work world. -
Google, National Parks Partner To Let Girls Program White House Xmas Tree Lights
theodp writes The Washington Post reports the White House holiday decor is going digital this year, with dog-bots and crowdsourced tree lights. "Thanks to Google's Made with Code initiative," reports a National Park Foundation press release, "girls across the country will experience the beauty of code by lighting up holiday trees in President's Park, one of America's 401 national parks and home to the White House." Beginning on December 2, explains the press release, girls can head over to Google's madewithcode.com (launched last June by U.S. CTO Megan Smith, then a Google X VP), to code a design for one of the 56 state and territory trees. Girls can select the shape, size, and color of the lights, and animate different patterns using introductory programming language and their designs will appear live on the trees. "Made with Code is a fun and easy way for millions of girls to try introductory code and see Computer Science as a foundation for their futures. We're thrilled that this holiday season families across the country will be able to try their hands at a fun programming project," said former Rep. Susan Molinari, who now heads Google's lobbying and policy office in Washington, DC. -
New Analysis Pushes Back Possible Origin For Antikythera Mechanism
We've mentioned several times over the years the Antikythera Mechanism, the astounding early analog computer recovered from a Greek shipwreck in shape good enough to allow modern recreations. The device has been attributed to different Greek mathemeticians and thinkers, such as Archimedes, Hipparchus, and Posidonius, but as reader puddingebola writes, "Current research suggests its origin may be much earlier, and its working based on Babylonian arithmetical methods rather than Greek Trigonometry, which did not exist at the time. Puddingebola excerpts from the NYT article: Writing this month in the journal Archive for History of Exact Sciences, Dr. Carman and Dr. Evans took a different tack. Starting with the ways the device's eclipse patterns fit Babylonian eclipse records, the two scientists used a process of elimination to reach a conclusion that the "epoch date," or starting point, of the Antikythera Mechanism's calendar was 50 years to a century earlier than had been generally believed. -
Intel Core M Notebooks Arrive, Lenovo Yoga 3 Pro Tested
MojoKid writes: Intel's 14nm Core M Broadwell architecture was announced a few months ago but to date, 2-in-1 hybrid devices and laptops have only trickled out to the market. Lenovo recently took the wraps off their Yoga 3 Pro 13-inch ultralight notebook and it's one of the few devices on the market right now that offers a glimpse of what Intel's Core M processor is capable of in performance and battery life testing. The 4.5 Watt TDP Core M 5Y70 actually keeps pace with 15-Watt previous generation Core i5 mobile chips in testing, but with significantly better battery life. It also enables very thin and light designs like the 2.6 pound Yoga 3 Pro, which is an interesting machine. Its watchband hinge allows it to contort into various positions for tablet, tent, stand and standard modes. The hinge is a "you love it or hate it" kind of thing, but does come with a 3200x1800 IPS display. -
Volcanic Eruption In Japan Disrupts Flights
An anonymous reader writes: A volcano in southern Japan erupted today, sending out chunks of magma and a kilometer-high plume of ash. Flights to and from the nearby city of Kumamoto were canceled, and a Japan Airlines spokesman said more could be disrupted if the eruption continues. "Mount Aso, whose huge caldera dominates the southwestern main island of Kyushu, rumbled into life on Tuesday. Meteorologists warned volcanic stones and ash could fall in a one-kilometer radius of the volcano. The eruption is Aso's first in 19 years and comes two months after Mount Ontake in central Nagano killed more than 60 hikers when it erupted without warning." -
Behind Apple's Sapphire Screen Debacle
Frankie70 (803801) writes Apple invested more than $1 billion in an effort to make sapphire one of iPhone 6's selling point. But the iPhone 6 was released without the sapphire screen. GT Advanced Technologies, the small company chosen to supply Apple with enormous quantities of cheap sapphire, declared bankruptcy a month later. Recent documents from GT's bankruptcy proceedings, and conversations with people familiar with operations at Apple and GT, provide several clues as to what went wrong. GT said that to save costs, Apple decided not to install backup power supplies, and multiple outages ruined whole batches of sapphire. The terms Apple negotiated committed GT to supplying a huge amount of sapphire, but put Apple under no obligation to buy it. In its bankruptcy documents, GT would later accuse Apple of using "bait-and-switch" tactics, and said the terms of the deal were "onerous and massively one-sided." -
Interviews: The Hampton Creek Team Answers Your Questions
A few days ago you had a chance to ask the people at Hampton Creek about about their products and the science of food. Below you'll find the answers to your questions from a number of Hampton Creek employees. Scrambled egg?
by Anonymous Coward
What's the status of the "egg beaters" type substitute? What's the nutritional profile - similar to egg? Is it cheaper to produce over normal eggs? I've been vegan for a while and find scrambled tofu with some spices (especially black salt) to be a tasty substitute.
Hampton Creek: We’re working on it! Just Scramble (the world’s first scrambled egg made from a plant) will hopefully be available to consumers by next summer.
Plant based evidence for environmental benefits
by Anonymous Coward
What evidence do you point to when making the case that a plant-based diet is less destructive to the environment compared to eating animals and animal products? The environmental impact of my food choices has been the major factor in switching to a plant-based diet, but I struggle to find concise, creditable data on the impact of my choices, specifically around the amount of energy, water, land, and green house emissions that are saved. Has Hampton Creek done anything to aggregate and present good research in this area? Can you make any specific claims or projections about the environmental impact of using your products?
Hampton Creek: We've done the math on this one! For every 30oz jar of Just Mayo you use, in comparison with Hellmann's, you save 278 qts of water, 4.3 sq ft of land, and 157 g of carbon emissions. For Just Cookies, we've even created a cookie calculator to measure the environmental impact! Check out justcookies for more info.
3D printing, food allergies, and shelf life...
by Anonymous Coward
There's a question I've always wanted to ask one of these food-science guys:
How far are we from being able to mass-produce foodstuffs, growing yeast or simple bacteria in a tank, converting it into a long-shelf-life shelf-stable package, and being able to print it out 3-D printer style to make lunch? Especially for those of us who cannot eat gluten, dairy, eggs, soy, peanuts, etc.. It seems like the holy grail of food technology. Food replicators, but running with milliliter (or larger) droplet sizes rather than nanoliter droplet sizes to rapidly print & cook food. Kind of like a microwave, with large (replaceable) ink-cartridge-like containers on the side where you just tell it what you want, wait, and boom dinner is created, cooked, & ready to serve.
Gosia Malgorzata, PhD: Even though it sounds like science fiction, there are prototypes to make food replicators. This one is limited to sugar containing food but in few years who knows.
high carb vrs low carb
by layabout
This article is one study in a long line of studies that show that a low (40g/day) carb diet is healthier than a high carb one. How does the future of food keep diets under 40 carbs per day and still supply enough calories? assume 1200 cals for a woman and 2000 for a man. 30 cals/carb and 50 cals/carb respectively.
Hampton Creek: We’re not focusing on the strict nutritional details at this time. Our mission is really to make it easier for regular folks to eat better. And better has to start somewhere, so even if it is a little healthier, (eg no cholesterol in your mayo) that is a start.
Here's a question
by ArcadeMan
Are your products available outside of the U.S.A.? Do you have any Canadian distributors/resellers?
Hampton Creek: Right now we’re national in various US chains, in Hong Kong’s GREAT stores, and will be in Metro locations in Canada by the end of the year, as well as in Tesco locations next February.
Disrupting the global egg industry
by Anonymous Coward
Why is "[your] research is particularly focused on disrupting the global egg industry"? Thanks for doing the interview.
Hampton Creek: Our research is primarily focused on finding ways of utilizing plants to improve food. It just so happens that one aspect of food we have focused on is the industrial chicken egg. And that is for a number of reasons: they’re not very sustainable, they’re not especially safe, they’re a huge allergen (33M Americans alone), they’re not humane, and they’re rising in cost.
Research and the daily grind
by Anonymous Coward
Could everyone describe how your day-to-day work and goals are? Answers from the R&D people would be especially appreciated.
Carla Li-Carillo, Research Scientist: Our goals are to identify and understand the world of plants. Given that there are about 5 million plants, we have a long way to go.
I work on our high throughput screening, which is highly miniaturized and effective. On a typical day I will either prepare the plants or I will screen our samples through our many assays for molecular characterization or functional properties. As things calm down at the end of the day, I will either analyze the day’s data, or read scientific papers to better understand our results or to continue developing more assays.
Frustrated with lack of scientific understanding?
by Anonymous Coward
As scientists, are you ever frustrated with lack of scientific understanding of the public?I'm a molecular biologist and am always frustrated with the negative perception of science as artificial/sterile/zombie-apocalypse-inducing/playing god in the public's eyes. Do you have any reservations about marketing towards this anti-GMO, "All natural flavor, nothing artificial" demographic in a way that caters to their anti-science perception?
Gosia Malgorzata, PhD: Well, on this one Our policy is to use what the world of plants has to offer, discover and use its natural potential to create nutritional food. We do not engineer the protein, synthesize and etc. so if you ask me I’m not frustrated :-)
Eggs = Good
by unixcorn
Eggs are one of the best sources of protein, are natural and can be produced easily in a back yard chicken house. I have also read that most of the rhetoric about eggs being unhealthy has been debunked. Unless you are producing specifically for people with allergies, what's the point of an eggs substitute.
Hampton Creek: As previously stated, it’s not about eggs for us, it’s about using plants to make food better. Yes, we are using them for eggs in a few products right now, but we’re looking at other things in food, too, like sugar, and even food dyes. And why eggs? They’re not very sustainable, they’re not especially safe, they’re a huge allergen (33M Americans alone), they’re not humane, and they’re rising in cost.
Why would I buy your product?
by future sheep
Your product offers no benefit in calorie intake compared to regular mayo and none of the nutritional benefits of mayo made with eggs. Eggs are one of the most nutritionally sound food items I can buy. As a component in other foods, they're low calorie, high protein, and chock full of vitamins, minerals, and amino acids addition. Just Mayo is also more expensive than real mayo. So tell me, why should I buy your product?
Hampton Creek: I’m sorry, what are the nutritional benefits of mayonnaises made with eggs? Also, most eggs don’t come from very good places. Yes, some come from nice, free range farms. But the reality is that most come from dirty, filthy, factory farmed facilities, that are bad for the environment, bad for our health (not just nutritionally speaking, but spread disease and allergens), and inhumane, too. And at most places, it isn’t more expensive. -
BlackBerry Will Buy Your iPhone For $550
mpicpp points out that BlackBerry is hoping to get iPhone owners to switch to Passport smartphones by promising up to $550 to trade in their phones. "The promotion, which starts Monday, promises as much as $550 to iPhone owners who trade in their handsets in favor of BlackBerry's Passport. The actual trade-in value depends on the iPhone, with the iPhone 4S worth up to $90 and the iPhone 6 worth up to $400. (The iPhone 6 Plus is not eligible.) BlackBerry then sweetens the deal by kicking in an additional $150 as a topper for each iPhone. The deal will run through February 13, but it's good only in North America. Customers must buy the $599 to $699 unlocked Passport phone through either BlackBerry's website or Amazon. The trade-in amount comes in the form of a Visa prepaid card." -
Fly With the Brooklyn Aerodrome (Video)
A bit of housing insulation material, a battery, a motor and propellor, a radio receiver and transmitter, and servos to control the motor and a pair of ailerons, and you're ready to fly the Brooklyn Aerodrome way. This isn't a tiny radio-controlled paper airplane, but a big bruiser with a 1:1 power to weight ratio (which means it can climb like a bat out of hell) and enough guts to fly in reasonably windy conditions while carrying a camera -- except we'd better not mention cameras, since Brooklyn Aerodrome creations, whether kits or plans, are obviously intended tohelp you build model airplanes, not drones. Timothy ran into project proponent Breck Baldwin at a maker faire near Atlanta, surrounded by a squadron of junior pilots who may someday become astronauts on the Moon - Mars run -- or at least delivery drone controllers for Amazon. (Alternate Video Link) -
Fly With the Brooklyn Aerodrome (Video)
A bit of housing insulation material, a battery, a motor and propellor, a radio receiver and transmitter, and servos to control the motor and a pair of ailerons, and you're ready to fly the Brooklyn Aerodrome way. This isn't a tiny radio-controlled paper airplane, but a big bruiser with a 1:1 power to weight ratio (which means it can climb like a bat out of hell) and enough guts to fly in reasonably windy conditions while carrying a camera -- except we'd better not mention cameras, since Brooklyn Aerodrome creations, whether kits or plans, are obviously intended tohelp you build model airplanes, not drones. Timothy ran into project proponent Breck Baldwin at a maker faire near Atlanta, surrounded by a squadron of junior pilots who may someday become astronauts on the Moon - Mars run -- or at least delivery drone controllers for Amazon. (Alternate Video Link) -
Former HP CEO Carly Fiorina Considering US Presidential Run
McGruber writes: Fired HP CEO and failed Republican Senate candidate Carly Fiorina is "actively exploring a 2016 presidential run." Fiorina has been "talking privately with potential donors, recruiting campaign staffers, courting grass-roots activists in early caucus and primary states, and planning trips to Iowa and New Hampshire starting next week." -
Canada's Ebola Vaccine Nets Millions For Tiny US Biotech Firm
Anita Hunt (lissnup) writes: Iowa-based NewLink Genetics has secured a US$50million deal with pharmaceutical giant Merck for the experimental Ebola vaccine developed by Canadian government scientists. NewLink bought the exclusive commercial licensing rights to Canada's VSV-EBOV in 2010 with a milestone payment of just US$205,000. This is an interesting new twist in a story we've discussed previously, and which continues to draw media attention. -
Firefox Will Soon Offer One-Click Buttons For Your Search Engines
An anonymous reader writes: Mozilla today unveiled some of the new search features coming to Firefox. The company says the new additions are "coming soon to a Firefox near you" but didn't give a more specific timeline. The news comes less than a week after Mozilla struck a deal with Yahoo to replace Google as the default search engine in its browser for U.S. users. At the time, the company said a new search experience was coming in December, so we're betting the search revamp will come with the release of Firefox 34, which is currently in beta. In the future release, when you type a search term into the Firefox search box, you will get a list of reorganized search suggestions from the default search provider. Better yet, a new array of buttons below these suggestions will let you pick which search engine you want to send the query to. -
A Toolbox That Helps Keep You From Losing Tools (Video)
Dan Mcculley, the interviewee in this video, works for Intel and claims they have "about 140" projects going on inside their fabs and factories, of which the Smart Toolbox is but one, and it's one some technicians came up with because Intel workers lose something like $35,000 worth of tools every year. This project is based on the same Galileo boards Intel has used to support some high-altitude balloon launches -- except this is an extremely simple, practical application. Open source? You bet! And Dan says the sensors and other parts are all off-the-shelf items anyone can buy. (Alternate Video Link) -
Conglomerate Rock From Mars: (Much) More Precious Than Gold
An anonymous reader writes It's the oldest rock on Earth--and it's from Mars. A 4.4-billion-year-old martian meteorite, found in a dozen pieces in the western Sahara, has ignited a frenzy among collectors and scientists; prices have reached $10,000 a gram, and museums and universities are vying for slivers of it. It is the only known martian meteorite made of sediment, a conglomerate of pebbles and other clumps of minerals from when the planet was warm, wet, and possibly habitable. The story of the discovery of the rock and its significance is fascinating, as well as the details presented about the economics of rare space materials. Apropos, this older story about missing moon rocks. -
Regin Malware In EU Attack Linked To US and British Intelligence Agencies
Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations. -
Google Chrome Will Block All NPAPI Plugins By Default In January
An anonymous reader writes Google today provided an update on its plan to remove Netscape Plugin Application Programming Interface (NPAPI) from Chrome, which the company says will improve the browser's security, speed, and stability, as well as reduce complexity in the code base. In short, the latest timeline is as follows: Block all plugins by default in January 2015, disable support in April 2015, and remove support completely in September 2015. For context, Google first announced in September 2013 that it was planning to drop NPAPI. At the time, Google said anonymous Chrome usage data showed just six NPAPI plugins were used by more than 5 percent of users, and the company was hoping to remove support from Chrome "before the end of 2014, but the exact timing will depend on usage and user feedback." -
Book Review: Bulletproof SSL and TLS
benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications author Ivan Ristic pages 530 publisher Feisty Duck rating 10/10 reviewer Ben Rothke ISBN 978-1907117046 summary Tremendous guide on how to correctly deploy TLS by one of the top experts in the field Ristic is the author of the SSL Labs web site; a site dedicated to everything SSL, including extensive documents and tools.
One would think that it's impossible to write an interesting book about a security protocol. But for those who use SSL or just want to understand what it's all about, the book is not only quite practical, but a very interesting read.
The book provides a good balance of overview, protocol details, summary of vulnerabilities and weaknesses, and a large chunk of practical deployment guidance.
The first three chapters provide an excellent overview to SSL, TLS, PKI and cryptography. While chapter 2 may be a bit dry, the introduction is thorough and comprehensive.
Chapter 4 is particularly interesting in that the author notes that while the cryptography behind SSL and PKI is fundamentally secure, there is an inherent flaw in how PKI operates, in that any CA (certificate authority) is able to issue a certificate for any name without have to seek approval from the domain name owner. This trust dependency creates numerous attack vectors that can be exploited.
The chapter details a number of significant incidents that arose from this flaw, from the 2001 code signing certificate mistake; where Verisign mistakenly issued Class 3 code signing certificates to someone claiming to be a Microsoft employee, to the Flame malware, which was signed with a bogus certificate that was seemingly signed by Microsoft, to a number of other issues.
In chapter 5, the book details a number of HTTP and browser issues, and related TLS threats. Attacks such as sidejacking, cookie stealing, cookie manipulation and more are detailed.
The author wisely notes that cookies suffer from two main problems: that they were poorly designed to being with, allowing behavior that encourages security weaknesses, and that they are not in sync with the main security mechanisms browsers use today, namely same-origin policy (SOP).
The chapter also details a significant TLS weakness in that that certificate warnings generated often leaves the clueless user to make the correct decision on how to proceed.
Ristic writes that if you receive an alert about an invalid TLS certificate, the right thing to do is immediately abandon the connection attempt. But the browser won't do that. Browser vendors decided not to enforce TLS connection security; rather they push the problem down to the user in the form of a certificate warning.
The problem is that when a user gets a certificate warning error, they simply don't know what to do to determine how big of an issue it really is, and will invariably choose to override the warning, and proceed to the website.
The challenge the user face is that these certificate warning errors are pervasive. In 2010, Ristic scanned about 119 million domain names (.com, .net and .org) searching for TLS enables sites. He found that over 22 million or 19% of the sites hosted in roughly 2 million IP addresses. But only about 720,000 had certificates whose names matches the intended hostname.
The chapter also details that the biggest problem with security indicators, similar to the certificate warnings, is that most users don't pay attention to them and possible don't even notice them.
As valuable as the first half of the book is, its significance really comes alive starting in chapter 8 on deployment issues. The level of security TLS offers only works when it is deployed correctly, and the book details how to do that. Given that OpenSSL, which is the most widely used SSL/TLS library, is notorious for being poorly documented and difficult to use, the deployment challenges are a significant endeavor.
Another issue with TLS, is that it can create performance issues and chapter 9 provides a lot of insight on performance optimization. The author quotes research from Google that SSL/TLS on their email systems account for less than 1% of the CPU load, less than 10kb of memory per connection, and less than 2% of the network overheard. The author writes that his goal is to enable the reader to get as close as possible to Google's performance numbers.
SSL/TLS has a reputation for being slow, but that is more a remnant of years ago when CPU's were much slower. With better CPU's and the optimization techniques the book shows, there is no reason not to use TLS.
For those that want an initial look, the table of contents, preface, and chapter 1 are available here. Once you get a taste of what this book has to offer, you will want to read the entire book.
As noted earlier, OpenSSL is poorly documented. In Bulletproof SSL and TLS, Ivan Ristic has done the opposite: he has written the most readable and insightful book about SSL/TLS to date. TLS is not so difficult to deploy, but incredibly easy to deploy incorrectly. Anyone who is serious about ensuring that their SSL/TLS deployment is effective should certainly read this book.
Reviewed by Ben Rothke.
You can purchase Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know. -
Book Review: Bulletproof SSL and TLS
benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications author Ivan Ristic pages 530 publisher Feisty Duck rating 10/10 reviewer Ben Rothke ISBN 978-1907117046 summary Tremendous guide on how to correctly deploy TLS by one of the top experts in the field Ristic is the author of the SSL Labs web site; a site dedicated to everything SSL, including extensive documents and tools.
One would think that it's impossible to write an interesting book about a security protocol. But for those who use SSL or just want to understand what it's all about, the book is not only quite practical, but a very interesting read.
The book provides a good balance of overview, protocol details, summary of vulnerabilities and weaknesses, and a large chunk of practical deployment guidance.
The first three chapters provide an excellent overview to SSL, TLS, PKI and cryptography. While chapter 2 may be a bit dry, the introduction is thorough and comprehensive.
Chapter 4 is particularly interesting in that the author notes that while the cryptography behind SSL and PKI is fundamentally secure, there is an inherent flaw in how PKI operates, in that any CA (certificate authority) is able to issue a certificate for any name without have to seek approval from the domain name owner. This trust dependency creates numerous attack vectors that can be exploited.
The chapter details a number of significant incidents that arose from this flaw, from the 2001 code signing certificate mistake; where Verisign mistakenly issued Class 3 code signing certificates to someone claiming to be a Microsoft employee, to the Flame malware, which was signed with a bogus certificate that was seemingly signed by Microsoft, to a number of other issues.
In chapter 5, the book details a number of HTTP and browser issues, and related TLS threats. Attacks such as sidejacking, cookie stealing, cookie manipulation and more are detailed.
The author wisely notes that cookies suffer from two main problems: that they were poorly designed to being with, allowing behavior that encourages security weaknesses, and that they are not in sync with the main security mechanisms browsers use today, namely same-origin policy (SOP).
The chapter also details a significant TLS weakness in that that certificate warnings generated often leaves the clueless user to make the correct decision on how to proceed.
Ristic writes that if you receive an alert about an invalid TLS certificate, the right thing to do is immediately abandon the connection attempt. But the browser won't do that. Browser vendors decided not to enforce TLS connection security; rather they push the problem down to the user in the form of a certificate warning.
The problem is that when a user gets a certificate warning error, they simply don't know what to do to determine how big of an issue it really is, and will invariably choose to override the warning, and proceed to the website.
The challenge the user face is that these certificate warning errors are pervasive. In 2010, Ristic scanned about 119 million domain names (.com, .net and .org) searching for TLS enables sites. He found that over 22 million or 19% of the sites hosted in roughly 2 million IP addresses. But only about 720,000 had certificates whose names matches the intended hostname.
The chapter also details that the biggest problem with security indicators, similar to the certificate warnings, is that most users don't pay attention to them and possible don't even notice them.
As valuable as the first half of the book is, its significance really comes alive starting in chapter 8 on deployment issues. The level of security TLS offers only works when it is deployed correctly, and the book details how to do that. Given that OpenSSL, which is the most widely used SSL/TLS library, is notorious for being poorly documented and difficult to use, the deployment challenges are a significant endeavor.
Another issue with TLS, is that it can create performance issues and chapter 9 provides a lot of insight on performance optimization. The author quotes research from Google that SSL/TLS on their email systems account for less than 1% of the CPU load, less than 10kb of memory per connection, and less than 2% of the network overheard. The author writes that his goal is to enable the reader to get as close as possible to Google's performance numbers.
SSL/TLS has a reputation for being slow, but that is more a remnant of years ago when CPU's were much slower. With better CPU's and the optimization techniques the book shows, there is no reason not to use TLS.
For those that want an initial look, the table of contents, preface, and chapter 1 are available here. Once you get a taste of what this book has to offer, you will want to read the entire book.
As noted earlier, OpenSSL is poorly documented. In Bulletproof SSL and TLS, Ivan Ristic has done the opposite: he has written the most readable and insightful book about SSL/TLS to date. TLS is not so difficult to deploy, but incredibly easy to deploy incorrectly. Anyone who is serious about ensuring that their SSL/TLS deployment is effective should certainly read this book.
Reviewed by Ben Rothke.
You can purchase Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know. -
Interviews: Ask the Hampton Creek Team About the Science and Future of Food
samzenpus writes Hampton Creek is a food technology company that makes food healthier by utilizing a specially made egg substitute in food products. The company was selected by Bill Gates to be featured on his website in a story called, The Future of Food, and has raised $30 million in funding. Hampton Creek's latest product is called, Just Cookies, which is an eggless chocolate chip cookie dough, but it is their eggless mayo that has been in the news lately. Unilever, which manufactures Hellmann's and Best Foods mayonnaise, is suing Hampton Creek claiming that the name Just Mayo is misleading to consumers. Named one of Entrepreneur Magazine's 100 Brilliant Companies and one of CNBC's Top 50 Disruptors, Hampton Creek has picked up some impressive talent including the former lead data scientist at Google Maps, Dan Zigmond. With Thanksgiving just around the corner, Dan and the Hampton Creek team have agreed to answer any questions you may have. As usual, ask as many as you'd like, but please, one per post. -
2014 Hour of Code: Do Ends Justify Disney Product Placement Means?
theodp writes "The purpose of product placement/product integration/branded entertainment," explains Disney in a job posting, "is to give a brand exposure outside of their traditional media buy." So, one imagines the folks in Disney Marketing must be thrilled that Disney Frozen princesses Anna and Elsa will be featured in the 'signature tutorial' for CSEdWeek's 2014 Hour of Code, which aims to introduce CS to 100 million schoolkids — including a sizable captive audience — in the weeks before Christmas. "Thanks to Disney Interactive," announced Code.org CEO Hadi Partovi, "Code.org's signature tutorial for the 2014 Hour of Code features Disney Infinity versions of Disney's 'Frozen' heroines Anna and Elsa!." Partovi adds, "The girl-power theme of the tutorial is a continuation of our efforts to expand diversity in computer science and broaden female participation in the field, starting with younger students." In the tutorial, reports the LA Times, "students will learn to write code to help Anna and Elsa draw snowflakes and snowmen, and perform magical 'ice craft.' Disney is also donating $100,000 to support Code.org's efforts to bring computer science education to after-school programs nationwide." -
Spaceport America Loses $1.7 Million Due To Virgin Galactic Delays
An anonymous reader writes "Officials of New Mexico's Spaceport Authority were grilled by lawmakers about the now vacant Spaceport America following the deadly crash of Virgin Galactic's SpaceShipTwo. The spaceport was built as a hub for commercial space flights. Its immediate future is uncertain since Virgin Galactic has indefinitely pushed back the launch date of its space tourism flights. From the article: "Christine Anderson, the authority's executive director, learned last week that she might have to do so one legislator at a time. Anderson was called out by Rep. Patricia Lundstrom, D-Gallup, for handing members of an interim legislative finance committee a presentation filled mostly with photographs. Lundstrom and other lawmakers wanted hard numbers and more details about what plan the authority has to get past the Virgin Galactic mishap and get the taxpayer-financed spaceport off the ground. 'It just made all of us look like idiots, like we don't do our homework,' Anderson said. 'That's not the case whatsoever.'" -
Samsung Seeking To Block Nvidia Chips From US Market
An anonymous reader writes: Bloomberg reports that Samsung has filed a complaint with the U.S. International Trade Commission asking them to block the import of Nvidia's graphics chips . This is part of Samsung's retaliation for a similar claim filed by Nvidia against Samsung and Qualcomm back in September. Both companies are wielding patents pertaining to the improved operation of graphics chips in cell phones and other mobile devices. -
Upgrading the Turing Test: Lovelace 2.0
mrspoonsi tips news of further research into updating the Turing test. As computer scientists have expanded their knowledge about the true domain of artificial intelligence, it has become clear that the Turing test is somewhat lacking. A replacement, the Lovelace test, was proposed in 2001 to strike a clearer line between true AI and an abundance of if-statements. Now, professor Mark Reidl of Georgia Tech has updated the test further (PDF). He said, "For the test, the artificial agent passes if it develops a creative artifact from a subset of artistic genres deemed to require human-level intelligence and the artifact meets certain creative constraints given by a human evaluator. Creativity is not unique to human intelligence, but it is one of the hallmarks of human intelligence." -
Another Hint For Kryptos
rastos1 writes Four years ago Jim Sanborn, the sculptor who created the wavy metal pane called Kryptos that sits in front of the CIA in Langley revealed a clue for breaking the last remaining part of the encrypted message on Kryptos. The clue was: BERLIN. But the puzzle resisted all all decryption efforts and is still unsolved. To honor the 25th anniversary of the Wall's demise and the artist's 69th birthday this year, Sanborn has decided to reveal a new clue to help solve his iconic and enigmatic artwork. It's only the second hint he's released since the sculpture was unveiled in 1990 and may finally help unlock the fourth and final section of the encrypted sculpture, which frustrated sleuths have been struggling to crack for more than two decades. The next word in the sequence is: "clock." -
Mozilla's 2013 Report: Revenue Up 1% To $314M; 90% From Google
An anonymous reader writes Mozilla has released its annual financial report for 2013, and the numbers hint as to why the organization signed a five-year deal with Yahoo, announced by the duo on November 19. Revenue increased just 1 percent, and the organization's reliance on Google stayed flat at 90 percent. The total revenue for the Mozilla Foundation and its subsidiaries in 2011 was $163 million, and it increased 90.2 percent to $311 million for 2012. Yet that growth all but disappeared last year, as the total revenue moved up less than 1 percent (0.995 percent to be more precise) to $311 million in 2013. 85 percent of Mozilla's revenue came from Google in 2011, and that figure increased to 90 percent in 2012. While the 90 percent number remained for 2013, it's still a massive proportion and shows Mozilla last year could not figure out a way to differentiate where its money comes from. -
Obama's Immigration Order To Give Tech Industry Some, Leave 'Em Wanting More
theodp writes: "The high-tech industry," reports the Washington Post's Nancy Scola, "will have at least two things to be happy about in President Obama's speech outlining executive actions he'll take on immigration. The president plans to grant the tech industry some, but not nearly all, of what it has been after in the immigration debate. The first is aimed at increasing the opportunity for foreign students and recent graduates from U.S. schools to work in high-tech jobs in the United States. And the second is aimed at making it easier for foreign-born entrepreneurs to set up shop in the United States. According to the White House, Obama will direct the Department of Homeland Security to help students in the so-called STEM fields — science, technology, engineering and mathematics — by proposing, per a White House fact sheet released Thursday night, to "expand and extend" the controversial Optional Practical Training program that now allows foreign-born STEM students and recent graduates remain in the United States for up to 29 months. The exact details of that expansion will be worked out by the Department of Homeland Security as it goes through a rulemaking process." -
Aereo Files For Bankruptcy
An anonymous reader writes: After losing its Supreme Court case in June and briefly attempting to transform itself into a cable company, Aereo is now filing for chapter 11 bankruptcy. Their service worked by letting people stream over-the-air television to their internet-connected devices. The content industry pushed back, and though Aereo argued its way through several lower courts, they say, "The U.S. Supreme Court decision effectively changed the laws that had governed Aereo's technology, creating regulatory and legal uncertainty. And while our team has focused its energies on exploring every path forward available to us, without that clarity, the challenges have proven too difficult to overcome." -
Aereo Files For Bankruptcy
An anonymous reader writes: After losing its Supreme Court case in June and briefly attempting to transform itself into a cable company, Aereo is now filing for chapter 11 bankruptcy. Their service worked by letting people stream over-the-air television to their internet-connected devices. The content industry pushed back, and though Aereo argued its way through several lower courts, they say, "The U.S. Supreme Court decision effectively changed the laws that had governed Aereo's technology, creating regulatory and legal uncertainty. And while our team has focused its energies on exploring every path forward available to us, without that clarity, the challenges have proven too difficult to overcome." -
Tracking a Bitcoin Thief, Part II: Illustrating the Issue of Trust In Altcoins
An anonymous reader writes The team over at the BITCOMSEC (Bitcoin Community Security) project released a second part to their 'Tracking a Bitcoin Thief' series in which they disclose what happened to a once-rising alternate crypto currency project that promised to place guaranteed value of its MidasCoins by backing it with actual Gold. Dealing with the reality of user compromise, the projects founder ups and runs away with all of the communities coins; cashing them out at an exchange for Bitcoins. A sobering tale of trust issues within the alternate crypto currency community. (The first part is interesting, too.) -
CMI Director Alex King Talks About Rare Earth Supplies (Video 2)
Yesterday we ran video #1 of 2 about the Critical Materials Institute (CMI) at the Iowa State Ames Laboratory in Ames, Iowa. They have partners from other national laboratories, universities, and industry, too. Obviously there is more than enough information on this subject that Dr. King can easily fill two 15-minute videos, not to mention so many Google links that instead of trying to list all of them, we're giving you one link to Google using the search term "rare earths." Yes, we know Rare Earth would be a great name for a rock band. But the mineral rare earths are important in the manufacture of items ranging from strong magnets to touch screens and rechargeable batteries, so please watch the video(s) or at least read the transcript(s). (Alternate Video Link)