Linux fréttir

Image board cesspit will be back in one way or another

Cloudflare has yanked its services from 8chan, the "lawless" 4chan spinoff forum favoured by far-right nuts and paedophiles, after two mass shootings in the US over the weekend left nearly 30 people dead.…

Because it's America, it's 2019, and after more mass shootings, let alone Mandalay Bay, no one's taking chances

Black Hat If you're heading off the Black Hat and DEF CON security conferences in Las Vegas, USA, this week, be prepared to have your hotel room searched if - for any reason - you shoo maid service away and stop staff from cleaning your room.…

Code libraries, calculators, that advert and MSDN Magazine gives a final death rattle

Roundup While many prepared for a well-earned August holiday, the Microsoft purses were a-flapping and keyboards a-clacking last week. Join us for a round-up of the stories that you might have missed.…

"Lyft's Wednesday move to pull all its black and pink electric bikes from the East Bay, San Francisco and San Jose came after flammable battery packs or vandalism caused at least four bikes to catch fire," reports the Bay Area Newsgroup: San Jose city officials are encouraged by the fact no one was injured when a bike caught fire there on Tuesday, said Colin Heyne, a spokesman for the Department of Transportation... "They have no intention of re-introducing the bikes until they know what the problem is and have fixed it," Heyne said. "We'll work with them to get a full picture of what they are doing to investigate these batteries and what they will go through for safety testing before they relaunch the bikes...." Representatives from Lyft reached out to the city on Wednesday after two fires were reported in San Francisco over the past week, he said, and told them it would deactivate the e-bikes until it could remove them from its fleet... Lyft spokeswoman Julie Wood declined to answer questions about the incidents, other than to say no one was injured.... Wood on Thursday didn't respond to repeated questions from this news organization about whether there were any fires involving the e-bikes outside of San Francisco. Lyft told the paper at least one of the fires was causd by vandalism (and not a malfunctioning battery) but acknowledged they weren't sure what caused the next two bike fires. One frequent cycler wondered why Lyft didn't simply offer their customers regular (non-electric) bicycles? He told the newspaper that the disruption in service was frustrating -- though "I understand the safety concern and I don't want there to be a battery exploding between my legs when I'm riding the bike around." The paper also notes reports that Lyft "pulled its black electric assist bikes in April after problems with the brakes caused some riders to careen over the handlebars."

Read more of this story at Slashdot.

Or: yet more uses for CD trays in racked servers

Who, Me? The weekend is over, but for some, the knuckle-chewing over a decades-old event still goes on. Welcome to Who, Me?, The Register's confessional for misdeeds and mishaps in the IT world.…

Save £100s with our early-bird tickets, get a wealth of advice from our line-up of experts

Event If you’re considering what your organisation could do with serverless or function-based computing, join us in November for three days of practical advice and deep dives – and save now with our early-bird ticket offer.…

Plus, Cisco patches up router pwnage vulnerability

Roundup Here is a quick roundup of the recent happenings in the world of computer security beyond what we've already reported.…

"We just sent notice that we are terminating 8chan as a customer effective at midnight tonight Pacific Time," writes Cloudflare CEO Matthew Prince. "The rationale is simple: they have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit." We do not take this decision lightly. Cloudflare is a network provider. In pursuit of our goal of helping build a better internet, we've considered it important to provide our security services broadly to make sure as many users as possible are secure, and thereby making cyberattacks less attractive -- regardless of the content of those websites. Many of our customers run platforms of their own on top of our network. If our policies are more conservative than theirs it effectively undercuts their ability to run their services and set their own policies. We reluctantly tolerate content that we find reprehensible, but we draw the line at platforms that have demonstrated they directly inspire tragic events and are lawless by design. 8chan has crossed that line. It will therefore no longer be allowed to use our services. Unfortunately, we have seen this situation before and so we have a good sense of what will play out. Almost exactly two years ago we made the determination to kick another disgusting site off Cloudflare's network: the Daily Stormer. That caused a brief interruption in the site's operations but they quickly came back online using a Cloudflare competitor. That competitor at the time promoted as a feature the fact that they didn't respond to legal process. Today, the Daily Stormer is still available and still disgusting. They have bragged that they have more readers than ever. They are no longer Cloudflare's problem, but they remain the Internet's problem. I have little doubt we'll see the same happen with 8chan. Prince adds that since terminating the Daily Stormer they've been "engaging" with law enforcement and civil society organizations to "try and find solutions," which include "cooperating around monitoring potential hate sites on our network and notifying law enforcement when there was content that contained an indication of potential violence." Earlier today Prince had used this argument in defense of Cloudflare's hosting of the 8chan, telling the Guardian "There are lots of competitors to Cloudflare that are not nearly as law abiding as we have always been." He added in today's blog post that "We believe this is our responsibility and, given Cloudflare's scale and reach, we are hopeful we will continue to make progress toward solving the deeper problem." "We continue to feel incredibly uncomfortable about playing the role of content arbiter and do not plan to exercise it often.... Cloudflare is not a government. While we've been successful as a company, that does not give us the political legitimacy to make determinations on what content is good and bad. Nor should it. Questions around content are real societal issues that need politically legitimate solutions..." "What's hard is defining the policy that we can enforce transparently and consistently going forward. We, and other technology companies like us that enable the great parts of the Internet, have an obligation to help propose solutions to deal with the parts we're not proud of. That's our obligation and we're committed to it."

Read more of this story at Slashdot.

Is Google making the wrong response to the DataSpii report on a "catastrophic data leak"? The EFF writes: In response to questions about DataSpii from Ars Technica, Google officials pointed out that they have "announced technical changes to how extensions work that will mitigate or prevent this behavior." Here, Google is referring to its controversial set of proposed changes to curtail extension capabilities, known as Manifest V3. As both security experts and the developers of extensions that will be greatly harmed by Manifest V3, we're here to tell you: Google's statement just isn't true. Manifest V3 is a blunt instrument that will do little to improve security while severely limiting future innovation... The only part of Manifest V3 that goes directly to the heart of stopping DataSpii-like abuses is banning remotely hosted code. You can't ensure extensions are what they appear to be if you give them the ability to download new instructions after they're installed. But you don't need the rest of Google's proposed API changes to stop this narrow form of bad extension behavior. What Manifest V3 does do is stifle innovation... The EFF makes the following arguments Google's proposal: Manifest V3 will still allow extensions to observe the same data as before, including what URLs users visit and the contents of pages users visitManifest V3 won't change anything about how "content scripts" work...another way to extract user browsing data.Chrome will still allow users to give extensions permission to run on all sites. In response Google argued to Forbes that the EFF "fails to account for the proposed changes to how permissions work. It is the combination of these two changes, along with others included in the proposal, that would have prevented or significantly mitigated incidents such as this one." But the EFF's technology projects director also gave Forbes their response. "We agree that Google isn't killing ad-blockers. But they are killing a wide range of security and privacy enhancing extensions, and so far they haven't justified why that's necessary." And in the same article, security researcher Sean Wright added that Google's proposed change "appears to do little to prevent rogue extensions from obtaining information from loaded sites, which is certainly a privacy issue and it looks as if the V3 changes don't help." The EFF suggests Google just do a better job of reviewing extensions.

Read more of this story at Slashdot.

Long-time Slashdot reader shanen remembers the days of one-time software purchases, before companies began nudging customers to a subscription-based "software as a service" model: New bugs and security vulnerabilities keep being discovered, which means the product cannot EVER be regarded as completed. Whatever the original cost, no matter what the software was supposed to do, it needs unending support. Right now I'm unable to see any other solution than SaaS! Not limited to Microsoft, of course. Perhaps Apple was the original source of the approach... Slashdot reader dryriver sees a dire trend: Current computing younglings may never know a future where you can actually run software locally on a PC you own, and/or not pay for it as SaaS. All perpetual software licenses may go away in the next six years. Autodesk and Adobe have already moved to SaaS-only. But is there a case to made for ongoing payments to fund ongoing support? Or is SaaS just an exploitative business model that's bad for customers but good for software vendors? Share your own thoughts in the comments. And do you prefer one-time purchases or SaaS subscriptions?

Read more of this story at Slashdot.

Kant (Slashdot reader #67,320) shared this story from the photovoltaics news site PV Magazine: Scientists at Rice University in Texas have developed a device which converts heat into light by squeezing it into a smaller bandgap. The 'hyperbolic thermal emitter' could be combined with a PV system to convert energy otherwise wasted as heat -- a development the researchers say could drastically increase efficiency... "Any hot surface emits light as thermal radiation," said Gururaj Naik, assistant professor of electrical and computer engineering at Rice. "The problem is that thermal radiation is broadband while the conversion of light to electricity is efficient only if the emission is in a narrow band." The team worked to create a device that could squeeze the photons emitted as heat into a narrower band that could be absorbed by a solar cell... The next step for the research will be to combine the 'hyperbolic thermal emitter' device with a solar cell. "By squeezing all the wasted thermal energy into a small spectral region we can turn it into electricity very efficiently," said Naik, "the theoretical prediction is that we can get 80% efficiency."

Read more of this story at Slashdot.

The Guardian learned that the suspected mass shooter at an El Paso, Texas Walmart "is believed to also have posted a white nationalist rant on 8chan" -- then interviewed the CEO of the company hosting it. If the connection between the 21-year-old suspect in Saturday's massacre and the 8chan document is confirmed -- and law enforcement sources told NBC News that they are "reasonably confident" that they are linked -- then the El Paso attack will mark the third mass shooting in less than six months that was announced in advance on the message board... Throughout the day on Saturday, 8chan users discussed the massacre and the suspect, with many referring to the alleged shooter as "our guy" and praising the number of people killed... "If I could wave a magic wand and make all of the bad things that are on the internet go away -- and I personally would put the Daily Stormer and 8chan in that category of bad things -- I would wave that magic wand tomorrow," [Cloudflare CEO Matthew] Prince said. "It would be the easiest thing in the world and it would feel incredibly good for us to kick 8chan off our network, but I think it would step away from the obligation that we have and cause that community to still exist and be more lawless over time." Prince argued that keeping "bad" sites within Cloudflare's network means that the company is able to help monitor activity and flag illegal content to law enforcement. While he would not comment on specifics, he said that Cloudflare receives "regular requests" from law enforcement not to ban certain sites. "There are lots of competitors to Cloudflare that are not nearly as law abiding as we have always been," he said. "The minute that someone isn't on our network, they're going to be on someone else's network...." Prince also rejected any implication that Cloudflare's position is self-interested. "The right answer from a pure business perspective is just to kick them off," he said of 8chan. "Of the 2 million-plus Cloudflare customers, they don't matter, and the pain that they cause is well beyond anything else." Keeping 8chan within its network is a "moral obligation", he said, adding: "We, as well as all tech companies, have an obligation to think about how we solve real problems of real human suffering and death. What happened in El Paso is abhorrent in every possible way, and it's ugly, and I hate that there's any association between us and that... For us the question is which is the worse evil? Is the worse evil that we kick the can down the road and don't take responsibility? Or do we get on the phone with people like you and say we need to own up to the fact that the internet is home to many amazing things and many terrible things and we have an absolute moral obligation to deal with that."

Read more of this story at Slashdot.

"Facebook still can't avoid widespread outages, it seems," writes Engadget: Numerous reports have surfaced of Facebook, Instagram and WhatsApp being unavailable to various degrees on the morning of August 4th. The failure doesn't appear to have been as dramatic as it was in July, when image services were out for several hours (we had at least some success visiting them ourselves). Still, it likely wasn't what you were hoping for if you wanted to catch up on your social feeds on a lazy Sunday morning. UPI has more information: Some Instagram users could not log into their accounts while Facebook users globally could not use sharing features, upload photos and comment, The Mirror reported. Others received messages stating that the site needed maintenance and would be up again soon. The Express said that the outage monitoring website Down Detector logged more than 7,000 reports issues on Facebook. Down Detector said that Facebook started having problems about 9:30 a.m., Eastern time. About 34 percent of the complaints said they faced "total blackout." Another 33 percent of the complainants said there were issues with its newsfeed while 32 percent said they could not log in. CNet.com reported that users across the United States, Canada, Australia and parts of Asia claimed that had lack of access Sunday morning

Read more of this story at Slashdot.

Slashdot reader Artem S. Tashkinov writes: Mathy Vanhoef and Eyal Ronen have recently disclosed two new additional bugs impacting WPA3. The security researched duo found the new bugs in the security recommendations the WiFi Alliance created for equipment vendors in order to mitigate the initial Dragonblood attacks [found by the same two security researchers]. "Just like the original Dragonblood vulnerabilities from April, these two new ones allow attackers to leak information from WPA3 cryptographic operations and brute-force a WiFi network's password," reports ZDNet. More from ZDNet: "[The] Wi-Fi standard is now being updated with proper defenses, which might lead to WPA3.1," Vanhoef said. "Although this update is not backwards-compatible with current deployments of WPA3, it does prevent most of our attacks," the researchers said. But besides just disclosing the two new Dragonblood vulnerabilities, the two researchers also took the chance to criticize the WiFi Alliance again for its closed standards development process that doesn't allow for the open-source community to contribute and prevent big vulnerabilities from making it into the standard in the first place. "This demonstrates that implementing Dragonfly and WPA3 without side-channel leaks is surprisingly hard," the researchers said. "It also, once again, shows that privately creating security recommendations and standards is at best irresponsible and at worst inept." While these type of feedback might be ignored when coming from other researchers, it means more when it comes from Vanhoef. The Belgian researchers is the one who discovered the KRACK attack that broke the WPA2 WiFi authentication standard and forced the WiFi Alliance to develop the WPA3 standard, which it launched in June 2018.

Read more of this story at Slashdot.

PolygamousRanchKid quotes CNN: French inventor Franky Zapata has successfully crossed the Channel on a jet-powered hoverboard for the first time, after a failed attempt last month. Zapata took off from Sangatte, northern France early on Sunday morning and landed in St. Margarets Bay, near Dover in England. The journey took just over 20 minutes, according to Reuters news agency... In an interview after he completed his journey across the Channel, Zapata said that for his next challenge he was working on a flying car and had signed contracts, but for now he "was tired" and "wants a vacation," he told BFMTV. The inventor captured the world's imagination when he took to the skies above Paris at Bastille Day parade in July with the board that can reach an altitude of nearly 500 feet — with the potential to go much higher -- and a speed of 87mph. Zapata has worked with the US and French militaries, with the French investing $1.4 million to pay for tests of the board. French special forces are interested in the flying board for several uses, including as a possible assault device, said Armed Forces Minister Florence Parly, according to CNN affiliate BFMTV.

Read more of this story at Slashdot.

An anonymous reader quotes The Verge: Cybersecurity stock images are predictable at this point: a hooded man with a shadowy face in front of a keyboard or a mysterious person in front of binary code. A design firm called OpenIDEO thinks these images can be better, so it's hosting a contest to entice visual creators to make images that are eye-catching, informative, and clear. "Cybersecurity," which could mean data breaches, hacks, or policy changes, is a difficult concept to visually represent, so OpenIDEO is going to reward creators for their work. The group, in association with a private organization called the William and Flora Hewlett Foundation, issued an open call late last month for cybersecurity-related image submissions with plans to award $7,000 to up to five people. The contest rules specify they're not looking for "Overused, stereotypical, fear-inducing images of cybersecurity. These create personal misperceptions and aversions, and may lead to a series of repercussions regarding public understanding of cybersecurity and data safety." And there's even a helpful collection of images providing examples of "What we're not looking for." The deadline for submissions in August 16th, and all finalists must agree to using a Creative Commons license. "We believe that this type of licensing helps ensure your work reaches the widest possible audience..."

Read more of this story at Slashdot.

schwit1 quotes Space News: SpaceX plans to build facilities at the Kennedy Space Center's Launch Complex 39A for launches and, eventually, landings of its next-generation launch vehicle, according to a newly released report. An environment assessment prepared by SpaceX, and released by NASA Aug. 1, discusses plans to develop additional facilities at LC-39A, which currently hosts Falcon 9 and Falcon Heavy launches, for use by the company's Starship vehicle and its Super Heavy booster. The plans outlined in the document call for the construction of a new launch mount at the complex near the existing one used by the Falcon 9 and Heavy. The modifications to the pad would also include a tank farm for the methane fuel used by the Raptor engines that power Starship and Super Heavy. The Super Heavy booster would land at a ship in the ocean downrange from the launch site, although the report noted that SpaceX may later have the booster return to land. The Starship upper stage would initially land at the company's existing Landing Zone 1 at Cape Canaveral Air Force Station, but the company plans to build a pad near the new launch mount at LC-39A for to support Starship landings at a future date. The facilities will be able to support up to 24 Starship/Super Heavy launches a year.

Read more of this story at Slashdot.

McGruber quotes UPI: NASA has cut down trees on more than 385 acres of Kennedy Space Center in Florida to allow a better view of launch pads where human spaceflight is set to return after a lull of many years. The last astronauts to launch into space from the site were aboard space shuttle Atlantis in 2011. Since then, trees have grown so thick that the view from the press site a few miles away is totally obstructed. [Last week] when the media arrived for a SpaceX launch, they noticed a change: a clear view of launch pads. "It looks like it did during the Apollo days, which is a great thing," said photographer Julian Leek, 65, a freelancer who has worked for such outlets as Ladies' Home Journal and the Miami Herald over the years. "Back then you could see the pads and the concrete, and now it's a gorgeous view again. Over the years, the vegetation has been growing and growing," Leek said.

Read more of this story at Slashdot.

Long-time Slashdot reader theodp writes: MIT Technology Review's Karen Hao reports on China's grand experiment in AI education that could reshape how the world learns. "While academics have puzzled over best practices, China hasn't waited around," Hao writes. "It's the world's biggest experiment on AI in education, and no one can predict the outcome." Profiled is Squirrel AI ("We Strive to Provide Every Student an AI Super Teacher!"), which has opened 2,000 learning centers in 200 cities and registered over a million students -- equal to New York City's entire public school system... Hao notes that the earliest efforts to "replicate" teachers date back to the 1970s, when computers first started being used in education. So, will AI-powered learning systems like Squirrel's deliver on the promise of PLATO's circa-1975 computer-assisted instruction? From the article: Squirrel's innovation is in its granularity and scale. For every course it offers, its engineering team works with a group of master teachers to subdivide the subject into the smallest possible conceptual pieces. Middle school math, for example, is broken into over 10,000 atomic elements, or "knowledge points," such as rational numbers, the properties of a triangle, and the Pythagorean theorem. The goal is to diagnose a student's gaps in understanding as precisely as possible. By comparison, a textbook might divide the same subject into 3,000 points; ALEKS, an adaptive learning platform developed by US-based McGraw-Hill, which inspired Squirrel's, divides it into roughly 1,000. Once the knowledge points are set, they are paired with video lectures, notes, worked examples, and practice problems. Their relationships -- how they build on each other and overlap -- are encoded in a "knowledge graph," also based on the master teachers' experience.

Read more of this story at Slashdot.

An anonymous reader writes: "The voter information of more than 14.3 million Chileans, which accounts to nearly 80% of the country's entire population, was left exposed and leaking on the internet inside an Elasticsearch database," reports ZDNet. "The database contained names, home addresses, gender, age, and tax ID numbers (RUT, or Rol Único Tributario) for 14,308,151 individuals...including many high-profile Chilean officials." A spokesperson for the Chile Electoral Service said the data appears to have been scraped without authorization from its website, from a section that allows users to update their voting data. Chile now joins countries as the US, Mexico, Turkey, and the Philippines, whose voter information was gathered in bulk and then published online in one big pile, easy to access for any crooks.

Read more of this story at Slashdot.