Slashdot Mirror

The Office of the Privacy Commissioner of Canada said Tuesday that the Canada-based online dating and social networking service Ashely Madison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs. CBC.ca reports: "In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers. The hack stole correspondence, identifying details and even credit card information from millions of the site's users. The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts. Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn't do enough to guard against being hacked. The company even adorned its website with the logo of a 'trusted security award' -- a claim the company admits it fabricated." The report found that "poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company" and that "much of the company's efforts to monitor its own security were 'focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data.'" What's more is that Ashley Madison continued to store personal information of its users even after some of which had deleted or deactivated their account(s). These people then had their information included in databases published online after the hack.

An anonymous Slashdot reader writes: "This is one of the coolest tickets I've seen on GitHub," writes Ubuntu developer Adolfo Jayme Barrientos, adding "this kind of surreal compatibility between platforms is now enabled...the fact that you can execute and use Linux window managers there, without virtual machines, is simply mind-blowing."

"The Windows 10 Anniversary Update coming in August includes an unusual feature aimed at developers: an Ubuntu sub-system that lets you run Linux software using a command-line interface," explains Liliputing.com "Preview versions have been available since April, and while Microsoft and Canonical worked together to bring support for the Bash terminal to Windows 10, it didn't take long for some users to figure out that they could get some desktop Linux apps to run in Windows. Now it looks like you can even load Ubuntu's Unity desktop environment, making windows 10 look like Ubuntu.

An anonymous reader shares a report by The Verge:HP today announced the Chromebook 11 G5, the first of the company's Chrome OS laptops in the 11-inch range to include a touchscreen display. The new Chromebook starts at $189 and will go on sale through HP's channel partners in July. It will be more widely available in stores this October. The base model of the Chromebook 11 G5 has a 11.6-inch screen with a sub-HD display (there will be an option for an HD IPS touchscreen panel with Gorilla Glass), weighs 2.51 pounds, and comes with a 1.6gHz Intel Celeron N3060 -- a somewhat common processor for low- to mid-range Chromebooks. HP claims it will be powerful enough to handle video calls and playback, and that it "speeds through spreadsheets," which is the most amazingly modest goal I can imagine for a Chromebook. Of course that limited performance, coupled with Chrome OS's limited feature set, gives the Chromebook 11 G5 up to 11 solid hours of battery life, according to HP.

HughPickens.com shares an article from The Verge: Bill Gates' philanthropic efforts are usually greeted with near-universal praise, but a recent attempt by the US billionaire to donate 100,000 chickens ruffled some feathers. The leftist government of Bolivia...has refused the donation, describing Gates' gift as "offensive." "He does not know Bolivia's reality to think we are living 500 years ago, in the middle of the jungle not knowing how to produce," said Cesar Cocarico [Bolivia's minister of land and rural development]... "Respectfully, he should stop talking about Bolivia, and once he knows more, apologize to us."
Gates' "Coop Dreams" initiative partnered with Heifer International, a group which fights poverty by delivering livestock and agricultural training, to deliver 100,000 chickens around the world, mostly to sub-Saharan Africa, as a way to improve the lives of people making $2 a day. In a blog post Gates noted that chickens are cheap and easy to take care, while selling flocks of chickens can be a profitable business, and raising chickens offers other benefits to children and families. "Our foundation is betting on chickens..." Gates writes, adding "if I were in their shoes, that's what I would do -- I would raise chickens."

An anonymous reader writes: According to an Electronic Frontier Foundation (EFF) investigation, the FBI is working to create software with government researchers that will allow law enforcement to sort and identify people based off their tattoos. The advanced tattoo recognition technology aims to determine "affiliation to gangs, sub-cultures, religious or ritualistic beliefs, or political ideology" and decipher tattoos that "contain intelligence, messages, meaning and motivation." Such research first originated at the National Institute for Standards and Technology (NIST) in 2014, and used a database of prisoner's tattoos. The technology developed by NIST would "map connections between people with similarly themed tattoos or make inferences about people from their tattoos," the EFF reports. What some may view as even more unnerving is that the EFF investigation claims the researchers disregarded basic ethical government research standards, especially those relating specifically to prisoners. The obtained documents reveal NIST researchers sought permission from supervisors only after they had conducted their initial research. The EFF argues that a database that sorts citizens based on their tattoos may or may not reflect their religious or political beliefs, social affiliations, or interests.

The UK's 200 Million Euro polar research ship won't be called Boaty McBoatface. Instead, the new ship will be called RRS (Royal Research Ship) Sir David Attenborough. The Natural Environment Research Council (NERC) had originally planned to name the new ship via an online poll. In all fairness, RRS Sir David Attenborough did pick up a few votes, though in terms of popularity nothing came close to Boaty McBoatface (it earned over 124,000 votes). "We want a name that lasts longer than a social-media news cycle and reflects the serious nature of the science it will be doing," said Jo Johnson, the U.K. Science minister. BBC reports: While the polar ship itself will not be named Boaty McBoatface, one of its remotely operated sub-sea vehicles will be named Boaty in recognition of the vote. James Hand, who first suggested the flippant moniker, said he was pleased the name would "live on."

Google Chrome is now the most widely used desktop browser. According to the latest figures from marketing and research firm Net Applications (which looked into data from over 40,000 websites), in April, Chrome captured 41.66 percent of the market, surpassing Internet Explorer which now sits at 41.35 percent. Brad Sams writes:This growth by Chrome should not be too surprising as Microsoft has left Internet Explorer behind for Edge but unfortunately, the Edge browser available to the vast majority of Windows 10 users is a sub-par experience as it lacks basic features like extensions. This is a big milestone for Google as their browser faced and uphill battle against Internet Explorer when it was introduced back in 2008.Also read: Windows Desktop Market Share Drops Below 90%

Reader Mickeycaskill writes: The USB 3.0 Promoter Group, of which HP, Intel and Microsoft are members, has developed authentication protocols for USB-C and will offer free software to detect faulty or malicious cables.This tool will alert users if they are using a non-authenticated cable. It has been suggested that hardware manufacturers could ship devices with an authentication system already installed. It is hoped that the specification will help end a number of recent incidents where sub-standard cables have either ripped off buyers or damaged devices. Most recently, Amazon said it would be adding USB-C cables and adapters that do not comply with standard regulations to its list of prohibited electronics items.

KingofGnG writes: The developers of ScummVM have announced a new version for the virtual machine preferred by graphic adventure fans: also known as "Lost with Sherlock," ScummVM 1.8.0 is hailed as one of the heftiest releases ever prepared by the team, with the addition of many games and game engines, the substantial update of graphics and sound sub-systems and the availability of new conversions for minor platforms.

The Linux Foundation is announcing FD.io ("Fido"), a Linux Foundation Project. FD.io is an open source project to provide an IO services framework for the next wave of network and storage software. Early support for FD.io comes from founding members 6WIND, Brocade, Cavium, Cisco, Comcast, Ericsson, Huawei, Inocybe Technologies, Intel Corporation, Mesophere, Metaswitch Networks (Project Calico), PLUMgrid and Red Hat.

Architected as a collection of sub-projects, FD.io provides a modular, extensible user space IO services framework that supports rapid development of high-throughput, low-latency and resource-efficient IO services. The design of FD.io is hardware, kernel, and deployment (bare metal, VM, container) agnostic.

Mark.JUK writes: A team of researchers working in the Optical Networks Group at the University College London in England claim to have achieved the "greatest information rate ever recorded using a single [coherent optical] receiver", which was able to handle a record data speed of 1.125 Terabits per second (Tbps). The result, which required a 15 sub-carrier 8GBd DP-256QAM super-channel (15 channels of data) and total bandwidth of 121.5GHz, represents an increase of 12.5% relative to the previous record (1Tbps). Now they just need to test it using some long fibre optic cable because optical signals tend to become distorted when they travel over thousands of kilometers.

An anonymous reader writes: OPNsense, the open-source firewall project powered by FreeBSD that began as a fork of pfSense, is out with a new release. OPNsense 16.1 was developed over the past half-year and is a big update. OPNsense 16.1 has upgraded to using a FreeBSD 10.2 base, support for a high-speed IPS mode, a redesigned captive portal, firewall improvements, and a wide range of other work.

An anonymous reader sends word about the latest telcos to join Facebook's Open Compute Project. The Stack reports: "A new wave of communications companies has joined Facebook's non-profit Open Compute Project (OCP), including AT&T, Verizon, Deutsche Telekom and South Korea's SK Telecom, as the movement seeks to share innovative hardware designs and drive down costs in the telecom arena. An OCP sub-section focused entirely on telecom requirements has been set up to look into servers and networking efficiency in the field. As one of the largest hardware buyers, telcos will provide a significant new market for the project, alongside its successful data center efforts.

occamboy writes: Perhaps the ultimate conundrum!

I've taken over a software project in an extremely specialized area that needs remediation in months, so it'll be tough to build an internal team quickly enough. The good news is that there are outside software engineering groups that have exactly the right experience and good reputations. The bad news is that my management is worried about letting source code out of the building. Seems to me that unless I convince the suits otherwise, my options are to:

1) have all contractors work on our premises — a pain for everyone, and they might not want to do it at all

2) have them remote in to virtual desktops running on our premises — much of our software is sub-millisecond-response real-time systems on headless hardware, so they'll need to at least run executables locally, and giving access to executables but not sources seems like it will have challenges. And if the desktop environment goes down, more than a dozen people are frozen waiting for a fix. Also, I'd imagine that if a remote person really wanted the sources, they could video the sources as they scrolls by.

I'll bet there are n better ways to do this, and I'm hoping that there are some smart Slashdotters who'll let me know what they are; please help!

HughPickens.com writes: Nobel Prizes are given for making important — preferably fundamental — breakthroughs in the realm of ideas. That's just what Satoshi Nakamoto has done, according to Bhagwan Chowdhry, a professor of finance at UCLA. Chowdhry has nominated Satoshi Nakamoto, the creator of Bitcoin, for a Nobel prize in economics. The Prize Committee for the Sveriges Riksbank Prize in Economic Sciences in Memory of Alfred Nobel, popularly known as the Nobel Prize in Economic Sciences, has invited Chowdhry to nominate someone for the 2016 Prize. He started thinking about whose ideas are likely to have a disruptive influence in the twenty first century: "The invention of bitcoin — a digital currency — is nothing short of revolutionary," says Chowdhry. "It offers many advantages over both physical and paper currencies. It is secure, relying on almost unbreakable cryptographic code, can be divided into millions of smaller sub-units, and can be transferred securely and nearly instantaneously from one person to any other person in the world with access to internet bypassing governments, central banks and financial intermediaries." Satoshi Nakamoto's Bitcoin Protocol has also spawned exciting innovations in the FinTech space by showing how financial contracts — not just currencies — can be digitized, securely verified and stored, and transferred instantaneously from one party to another.

There's only one problem. Who is Satoshi Nakamoto? Suppose the Nobel Committee is convinced that Satoshi Nakamoto deserves the Prize. Now the problem it will face is how to contact him to announce that he has won the Prize. According to Chowdhry, Nakamoto can be informed by contacting him online just the same way people have communicated with him in the past. He has anonymously communicated with the computer science and cryptography community. If he accepts the award, he can verifiably communicate his acceptance. Finally, there is the issue of the Prize money. Nakamoto is already in possession of several hundred million U.S. dollars worth of bitcoins so the additional prize money may not mean much to him. "Only if he wants, the committee could also transfer the prize money to my bitcoin address, 165sAHBpLHujHbHx2zSjC898oXEz25Awtj," concludes Chowdhry. "Mr Nakamoto and I will settle later."

An anonymous reader writes with this Daily Dot story about an accidental leak of user info from Cryptome. Cryptome, the Internet's oldest document-exposure site, inadvertently leaked months worth of its own IP logs and other server information, potentially exposing details about its privacy-conscious users. The data, which specifically came from the Cartome sub-directory on Cryptome.org, according to Cryptome co-creator John Young, made their way into the wild when the site logs were included on a pair of USB sticks sent out to a supporter.

Mark.JUK writes: Global Chinese ICT firm Huawei and Japanese mobile giant NTT DOCOMO today claim to have conducted the world's first large-scale field trial of future 5th generation (5G) mobile broadband technology, which was able to deliver a peak speed of 3.6Gbps (Gigabits per second). Previous trials have used significantly higher frequency bands (e.g. 20-80GHz), which struggle with coverage and penetration through physical objects. By comparison Huawei's network operates in the sub-6GHz frequency band and made use of several new technologies, such as Multi-User MIMO (concurrent connectivity of 24 user devices in the macro-cell environment), Sparse Code Multiple Access (SCMA) and Filtered OFDM (F-OFDM). Assuming all goes well then Huawei hopes to begin a proper pilot in 2018, with interoperability testing being completed during 2019 and then a commercial launch to follow in 2020. But of course they're not the only team trying to develop a 5G solution.

An anonymous reader writes: An advisory from CERT warns that all web-browsers, including the latest versions of Chrome, Firefox, Safari and Opera, have 'implementation weaknesses' which facilitate attacks on secure (HTTPS) sites via the use of cookies, and that implementing HSTS will not secure the vulnerability until browsers stop accepting cookies from sub-domains of the target domain. This attack is possible because although cookies can be specified as being HTTPS-specific, there is no mechanism to determine where they were set in the first place. Without this chain of custody, attackers can 'invent' cookies during man-in-the-middle (MITM) attacks in order to gain access to confidential session data.

urdak writes: At Cassandra Summit opening today, Avi Kivity and Dor Laor (who had previously written KVM and OSv) announced ScyllaDB — an open-source C++ rewrite of Cassandra, the popular NoSQL database. ScyllaDB claims to achieve a whopping 10 times more throughput per node than the original Java code, with sub-millisecond 99%ile latency. They even measured 1 million transactions per second on a single node. The performance of the new code is attributed to writing it in Seastar — a C++ framework for writing complex asynchronous applications with optimal performance on modern hardware.

An anonymous reader writes: When the shipping deadline was approaching for The Witcher 3, designer Matthew Steinke knew there was a big part of the game still missing: its economy. A game's economy is one of the things that can make or break immersion — you want collection and rewards to feel progressive and meaningful. Making items too expensive gives the game a grindy feel, while making them too cheap makes progression trivial. At the Game Developers Conference underway in Germany, Steinke explained his solution.

"Steinke created a formula that calculated attributes like how much damage, defense, or healing that each item provided, and he placed them into an overall combat rating could be used to rank other items in the system. ... Steinke set about blending the sub-categories into nine generalized categories, allowing him to determine the final weighting for damage and the range of prices for each item. To test if it all worked, he used polynomial least squares (a form of mathematical statistics) to chart each category's price progression. The resultant curve (pictured below) showed the rate at which spending was increasing as the quality of each item approached the category's ceiling value."