Slashdot Mirror

"Lab tests carried out by Dutch scientists have shown that some of today's 'smart' electrical meters may give out false readings that in some cases can be 582% higher than actual energy consumption," reports BleepingComputer. An anonymous reader quotes their report: The study involved several tests conducted on nine different brands of "smart" meters, also referred to in the industry as "static energy meters." Researchers also used one electromechanical meter for reference... Experiments went on for six months, with individual tests lasting at least one week, and sometimes several weeks. Test results varied wildly, with some meters reporting errors way above their disclosed range, going from -32% to +582%...

The results of the study also matched numbers posted on an online forum by a disgruntled Dutchman complaining about high energy bills... Researchers blamed all the issues on the design of some smart meters, and, ironically, electrical devices with energy-saving features. The latter devices, researchers say, introduced a large amount of noise in electrical current waveforms, which disrupt the smart meter sensors tasked with recording power consumption...
Long-time Slashdot reader ClarkMills points out the researchers estimate that "potentially inaccurate meters have been installed in the meter cabinets of at least 750,000 Dutch households," while the article suggests that worldwide, "the numbers of possibly faulty smart meters could be in the millions,especially after some governments, especially in the EU, have pushed for smart meters to replace classic electromechanical (rotating disk) meters."

New submitter ricardinho writes: Research done at the University of Twente, in the Netherlands, shows that paying thousands of dollars for a professional drone does not guarantee that the device will be hack proof. These professional drones are commonly used across various industries to perform daily critical operations, such as surveillance and recon missions by law enforcement authorities. During his research, student Nils Rodday discovered that a professional drone could be compromised in multiple ways (PDF). One of these attack vectors investigated by the student is much more sophisticated than those used to compromise recreational drones that cost few hundreds of dollars and are not expected to be strongly secured. By reverse engineering the drone's operation and firmware, the student found ways to obtain key information that is used to validate the communication on the telemetry link between the drone and its remote controllers. This allowed for a Man-in-the-Middle attack in which the hacker could take full control of the attacked drone from a distance of up to 2 km. Manufacturers of professional drones are blindly trusting XBee chips for the communication between devices. These chips however are not meant to be used in sensitive devices and this flaw can compromise any sort of operation that the drones are deployed for. In addition, the solution is not simple since a firmware update patch cannot be simply released, but manufacturers have to actually recall the devices for in-house upgrades. Perhaps even more surprising is the cost of the described attack: 40 dollars is enough for an attacker to take full control of a $30,000 drone. Nils will explain and demonstrate his hacking into a professional drone during talks at RSA conference in San Francisco and Black Hat Asia in Singapore.

An anonymous reader writes "Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the spamming IP addresses — and some ISPs have more than 60% of compromised hosts, mostly in Asia. Phishing Bad Neighborhoods, on the other hand, are mostly in the U.S. Also, there is a silent ticking 'spam' bomb in BRIC countries: if India would have the same Internet penetration rate as the United States while keeping its current ratio of malicious IP addresses, we would observe 200% more spamming IP addresses worldwide. These are just few of the striking results of an extensive study from the University of Twente, in The Netherlands, which scrutinizes the Internet Bad Neighborhoods to develop next-generation algorithms and solutions to better secure networks."

First time accepted submitter core_tripper writes "Students at the University of Twente have stolen thirty laptops from various members of the university's staff. They were not prosecuted for this, so they could just get on with their studies. Indeed, these students even received ECTS credits for these thefts. UT researcher Trajce Dimkov asked the students to steal the machines as part of a scientific experiment. Stealing these laptops turned out to be a pretty simple matter."

We've sometimes seen malware sources broken down by country; now a Dutch study attempts to increase the resolution of that information. An anonymous reader writes with some bits gleaned from the recently published study (PDF): "Seoul is the most criminal city on the Internet, followed by Taipei and Beijing. When the population of the top 20 cities is taking into account, Chelyabinsk , in Russia, tops the list, followed by Buenos Aires and Kuala Lampur. These results were found by researchers from the from the University of Twente and Quarantainenet, a security company from the Netherlands. The researchers also found that analyzing attacks' origin at the city level [Original, in Dutch] instead of country level reveals interesting findings. For example, the U.S. ranked #3 in the list of the most criminal countries for the reporting period, while no major U.S. city was found among the most evil ones, while only one European city was listed among the top 20 cities, but 8 EU countries were among the most criminal. It was also observed that the list of criminal cities remains stable over a period time and that when the attack type is taken into account, 50% of the most evil cities remains the same."

We've sometimes seen malware sources broken down by country; now a Dutch study attempts to increase the resolution of that information. An anonymous reader writes with some bits gleaned from the recently published study (PDF): "Seoul is the most criminal city on the Internet, followed by Taipei and Beijing. When the population of the top 20 cities is taking into account, Chelyabinsk , in Russia, tops the list, followed by Buenos Aires and Kuala Lampur. These results were found by researchers from the from the University of Twente and Quarantainenet, a security company from the Netherlands. The researchers also found that analyzing attacks' origin at the city level [Original, in Dutch] instead of country level reveals interesting findings. For example, the U.S. ranked #3 in the list of the most criminal countries for the reporting period, while no major U.S. city was found among the most evil ones, while only one European city was listed among the top 20 cities, but 8 EU countries were among the most criminal. It was also observed that the list of criminal cities remains stable over a period time and that when the attack type is taken into account, 50% of the most evil cities remains the same."

We've sometimes seen malware sources broken down by country; now a Dutch study attempts to increase the resolution of that information. An anonymous reader writes with some bits gleaned from the recently published study (PDF): "Seoul is the most criminal city on the Internet, followed by Taipei and Beijing. When the population of the top 20 cities is taking into account, Chelyabinsk , in Russia, tops the list, followed by Buenos Aires and Kuala Lampur. These results were found by researchers from the from the University of Twente and Quarantainenet, a security company from the Netherlands. The researchers also found that analyzing attacks' origin at the city level [Original, in Dutch] instead of country level reveals interesting findings. For example, the U.S. ranked #3 in the list of the most criminal countries for the reporting period, while no major U.S. city was found among the most evil ones, while only one European city was listed among the top 20 cities, but 8 EU countries were among the most criminal. It was also observed that the list of criminal cities remains stable over a period time and that when the attack type is taken into account, 50% of the most evil cities remains the same."

Giovane Moura writes "For a number of days the websites of MasterCard, Visa, PayPal and others are attacked by a group of WikiLeaks supporters (hacktivists). Although the group calls itself 'Anonymous,' researchers at the DACS group of the University of Twente (UT), the Netherlands, discovered that these hacktivists are easy traceable (PDF), and therefore anything but anonymous. The LOIC (Low Orbit Ion Cannon) software, which is used by the hacktivists, was analyzed by UT researchers, who concluded that the attacks generated by this tool are relatively simple and unveil the identity of the attacker. If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted. In the tools no sophisticated techniques are used, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems.

Giovane Moura writes "For a number of days the websites of MasterCard, Visa, PayPal and others are attacked by a group of WikiLeaks supporters (hacktivists). Although the group calls itself 'Anonymous,' researchers at the DACS group of the University of Twente (UT), the Netherlands, discovered that these hacktivists are easy traceable (PDF), and therefore anything but anonymous. The LOIC (Low Orbit Ion Cannon) software, which is used by the hacktivists, was analyzed by UT researchers, who concluded that the attacks generated by this tool are relatively simple and unveil the identity of the attacker. If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted. In the tools no sophisticated techniques are used, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems.

Roland Piquepaille writes "Today, Ileana Buhan, a Romanian computer scientist, is presenting her PhD Thesis at the University of Twente in the Netherlands. She is using biometrics to protect confidential information when it is exchanged between two mobile devices. This is a very innovative approach to security. Buhan's biometric application will generate almost unbreakable passwords from photos taken by the connected users. Here is how it works. 'To do this, two users need to save their own photos on their PDAs. They then take photos of each other. The PDA compares the two photos and generates a security code for making a safe connection.'"

John H. Doe writes "This student was bored one day, so he decided to see what the world looked like from the bottom of his optical mouse. He jury rigged a few wires to his parallel port and wrote a program to take a look. And seeing as how one thing a mouse does is to detect motion, made it into a ghetto b&w handscanner. "

ozy writes "With all the fuss about searching and Spotlight and WinFS, check out the Database File System a completely different interface for your files, implemented in KDE. There is actually a request for developers to join a project to implement this under GNOME and leave how we use the desktop today behind."

ozy writes "With all the fuss about searching and Spotlight and WinFS, check out the Database File System a completely different interface for your files, implemented in KDE. There is actually a request for developers to join a project to implement this under GNOME and leave how we use the desktop today behind."

Read on below for tonight's edition of Slashback, with followups to several previous Slashdot stories, including the Linux-in-Munich saga, Harlan Ellison's feud with AOL, Hotmail's response to the growing space for webmail, and more. Read on for the details.

Please don't link "here": case in point. Kent Brewster writes "As previously mentioned here(1), here(2), and here(3), national treasure Harlan Ellison has been fighting a drawn-out battle with AOL over alt.binaries.e-book. Looks like a settlement has been reached; details (such as they are) are on AOL."

Papa Legba adds a link to an informative page on the suit's progress, with lots of informative links.

The basement dwellers burrow deeper. kevin_conaway writes "Accoring to this article on Tech Target, the DNS outage at Akamai was caused by a massive DDOS attack on Akamai's servers. Akamai Technologies Inc. said a 'sophisticated, large-scale distributed denial of service attack' on its domain name service bogged down several of its clients' Web sites yesterday morning, and that it's investigating the incident with federal authorities."

Time to quit your Winin' marmoset writes "As a followup to this story, Dave Winer has posted information about transitioning weblogs.com sites. Rogers Cadenhead and Steve Kirks pitched in to help. The plan includes a 90-day free evaluation period, during which the affected users will be able to make local copies of their data, sign up for paid hosting, or move to another hosting solution."

Pay up, Pal. ack154 writes "Following up from a previous slashdot story, PayPal may have reached a preliminary settlement in the class action lawsuit brought against them in 2002. The lawsuit was regarding the freezing of suspected fraud accounts and communication of limits on accounts. Limited details are available right now, but the eBay announcement states that anyone who signed up for a PayPal account between Oct 1999 and Jan 2004 may be eligible."

Forkenbrock points to this USAToday today article which says that "Ebay's Paypal will pay a total of 9.25 million dollars to its users (businesses and individuals)."

What about Java vs. T++? Stefan de Bruijn was one of several readers who reacted to the benchmarks cited in the Slashdot post titled 'Java faster than C++'.

He writes "I took the liberty to re-write a major piece of the C++ part of the benchmark. Furthermore, the Intel compiler has been tested as well. The Java code was assumed 'correct.'

The results are quite different than the former posting. Here, C++ appears to be a winner for the vast majority of programs; where Java scored better with (recursive) algorithms and the use of file IO (where it must be remarked that the C++ code uses iostreams)." joekaylor writes "I did a similar study 6-months ago to the study sited recently here on Slashdot, and I did it with java jdk 1.4.x. Java performance has been underestimated for QUITE some time. It's not the best tool every time, but it is not considered often enough and for the wrong reasons."

And an anonymous reader writes "This article by USC graphics researchers surveys a number of good (mostly numeric) benchmarks and then explains the theory of why maybe java should be faster than C++. It also raises the (unanswered) question of why geeks (ostensibly intelligent and scientifically-minded people) continue to believe some ideas (for example, 'garbage collection is slow') despite strong evidence to the contrary that has been available for many years."

Well, it's sort of like a gigabyte. helloanand writes "So, a day after yahoo relaunched their email service with 100 MB space, hotmail also expanded their offering to 25 MB. Just logged into my hotmail account and saw the space bumped up. The thing that I noticed is that MSN/Hotmail didn't make a big splash about it. Its actually a good thing for the users. Gmail started this trend by coming up with 1 GB (yes! gigabyte) worth of space. Then yahoo joined the party with their own 100 MB version and now the latest to join in bill gates & co (aka MSN Hotmail). Lets see what other changes does Gmail stimulate to the email service. Also the thing to note is that Google's gmail is being closely observed by the established players like MSN and Yahoo."

Each city represents a star system; players alternate by country. Wudbaer writes "The Munich city council has finally OK'ed the multi-step 30 Million Euro project to migrate the Munich city council to Linux, as heise news reports (German text). The planned high-profile migration of the administration of one of the largest cities in Germany has already created a lot of interest both in pro and anti-OSS camps, and was rumored to have run into substantial problems at the beginning of the year which might have endangered the council's final OK for the project. But now apparently the road is open for the project. Go Tux !"

Marcus links to this announcement on the city government's web page, and suggests that you put it through Google.

securitas writes "Hot on the heels of Munich's decision to go with Linux, the City of Bergen, Norway will replace its Unix and Windows core infrastructure with SUSE Linux Enterprise Server 8. The second part of the implementation will migrate the city's educational network - with 100 schools and 32,000 users - from 100 Windows application servers to 20 Linux IBM eServer BladeCenters. Bergen is Norway's second-largest city. ZDNet UK's Michael Parsons discusses the choice in an interview with Bergen CTO Ole Bjoern Tuftedal."

Making less of a mess. HishamMuhammad writes "The GoboLinux story featured recently on /. got the project some publicity, but again a number of misconceptions showed up, from people who think we are "just another user-friendly distro", because of our verbose pathnames like /System/Settings. Here is an article I wrote in order to explain the principles behind the design of GoboLinux (also in PDF), which tells our side of the story."

A reader writes: "If you run Freenet and have noticed that you practically can't access anything on the network, you are not alone; a group of Freenet users has organized a Freenet Revolt by forming a separate network running an old, proven build of Freenet, and things have been heating up on the freenet-devel mailing list with a scary declaration by project leader Ian Clarke that Freenet is a research project and has always been, which scared some list members, since Freenet has been actively promoted as a production network and has a sensitive userbase, including Chinese dissidents. Some people are already moving to similar networks like GNUnet and Entropy. " Of course, that does sound different then what has been said before.

Lars writes "A 26-year old man from Hengelo has admitted to deliberately setting fire to the Network Operations Centre of University of Twente, last Wednesday. The fire gutted two wings of the building and devastated one of the fastest networks in Europe. The arsonist is an employee of the University, which must come as quite a shock to those involved. The University released a short statement to the press. It mentions that the total damage caused is roughly 40-50 million euros (about the same in dollars) and that the guy was caught last Friday, when he tried to set fire to one of the faculty buildings."

UncleH writes "University of Twente is back online again, after the University NOC burned to ashes on wednesday. This also means that the much discussed University Campus network is also fully available again. The university already had internet access through a masquerading box in the network of their neighbours. Big hurrah for the network engineers of the University, large applause for the network engineers of SURFnet for restoring the 10Gbps Point of Presence within 36 hours after the fire."

It's been a long time coming, so lets start off the quickies with some acts of senseless damage. Old Wolf sent us a link to a bunch of pictures of someone Defrosting a Freezer in the best way ever, and an anonymous reader sent in a site that shows what happens if you put a CD in Microwave. Don't use AOL CDs., send them to this lady who collects them (from gr8fulnded). On to the sex! An anonymous reader submitted a story about the Robot Pet Vibrator which is I guess AIBO gone wrong. elkm discovered Computerized Contraception. And with all this digital doin' it going on, its good know that MITs Erotic Computation Group is here to research it (thanks Chris Moon) The world is full of strangeness, but little of it is as scary as MissNachos's link to the Hello Kitty laptop, srini's link to the Single Pixel Webcam, and aneanti's link to a collection of the strangest canned foods you'll ever see. Finally, since it is the holidays, check out mrv's link to LED Christmas Lights which sure beats the hell out of finding the broken bulb.

Leto writes: "Eight years ago, at HEU'93 we stressed the importance of Internet for the masses. Four years ago, at HIP'97, we pointed out the emerging security problems. This year, it is time to sound the alarms about decaying privacy and emerging security problems. What do you get when you gather the Dutch Hacktic veterans, The German CCC, The Bay Area Cypherpunks, The 2600 people, The EFF and the cryptography and security experts from all over the world? A Hackers At Large 2001." (More announcement follows.)

"HAL2001 is a camping event on campus of the University of Twente in the Netherlands. Connected with 15km UTP, 2km fiber, 50 wireless base stations and a 1GB uplink, we're providing 3000 people with probably the most stable hostile network ever.

"Talk to the experts on IPsec, IPv6, Multicast, and be part of the largest public deployment of IPsec and DNSSEC. There will be talks and workshops about GSM security, AI, Lawful and unlawful interception, digital safes, bank security, copy protection, biometrics, IP allocation, intellectual property and anonymity and even an RSI workshop.

"If you can truly celebrate the Internet and embrace new technologies, without forgetting your responsibility to tell others that new technologies come with new risks to the individual and to society as a whole, then this is the place to be this summer."

LightSaber writes: "Here we go again. This time it is computers and hard disks with nuclear weapons data that are missing from the lab vaults. This is really becoming pretty much a regular feature by now." Similarly, bapya writes: "CNN reports a secret nuclear information leak from Los Alamos lab. Apparently, the disappearance of the records was reported on June 1. One official said part of the problem in tracking down the missing data is that the record keeping is so unorganized it is difficult to tell who had access to the lab and who could have legitimately signed out the material. How can we manage our critical information???" Oscarfish points out coverage of same on Excite News.

There have been a spate of reports about the usefulness of FreeBSD's Linux ABI recently. First off, Daeron wrote in with the news that VMWare now runs on FreeBSD, thanks to the efforts of Vladimir Silyaev. Vladimir has a page up with instructions and caveats. Secondly, Jacob Hart has confirmed that the Unreal Tournament Demo works flawlessly. Finally, Mark van Woerkom has created FreeBSD ports skeletons for Linux Quake 3 Test.

papason with the news that Windowmaker is out, and alternative downloading can be found here " From the site itself, it talks about the major changes include more Theme related configuarability in WPrefs, better international support, and more-check the ChangeLog.

Rumor - Michael Chisari writes "Something I've been looking forward to is the BeOS dropping the proprietary PEF format, and according to Be Leading Edge, they just might be headed towards using ELF format, along with making both GCC and Metrowerks Codewarrior their prime development environments. " If you ask me, the more Be embraces free software and its developers, the more successful it will be. Unfortunatley, it looks as though the OS itself will be proprietary software for quite some time. Maybe they will contribute to gcc.