Alterslash

the unofficial Slashdot digest for 2017-Mar-19 today archive

Apple Paid $0 In Taxes To New Zealand, Despite Sales of $4.2 Billion

Posted by EditorDavidView on SlashDotShareable Link
Apple paid no income tax to New Zealand's Inland Revenue Department for the last 10 years, according to an article shared by sit1963nz, prompting calls for the company to "do the right thing" even from some American-based Apple users. From the New Zealand Herald: Bryan Chaffin of The Mac Observer, an Apple community blog site founded in 1998...wrote that Apple was the largest taxpayer in the United States, but 'pays next to nothing in most parts of the world... [L]ocal taxes matter. Roads matter. Schools matter. Housing authorities matter. Health care matters. Regulation enforcement matters. All of the things that support civil society matter. Apple's profits are made possible by that civil society, and the company should contribute its fair share.'"
Apple's accounts "show apparent income tax payments of $37 million," according to an earlier article, "but a close reading shows this sum was actually sent abroad to the Australian Tax Office, an arrangement that has been in place since at least 2007. Had Apple reported the same healthy profit margin in New Zealand as it did for its operations globally it would have paid $356 million in taxes over the period."

"It is absolutely extraordinary that they are able to get away with paying zero tax in this country," said Green Party co-leader James Shaw. "I really like Apple products -- they're incredibly innovative -- but it looks like their tax department is even more innovative than their product designers."

Re: That's their job

By Pieroxy • Score: 4, Informative • Thread

Apparently you don't know how VAT works. Hint: corporations don't pay VAT, they merely collect it. Besides, only the last retailer in the chain collects VAT, it doesn't apply in B2B transactions.

It doesn't matter who pays the tax. It's the end user in all cases. Whether Apple sells it's phone $1000 and pays the govt $150 or sells its phone $850 and the user pays the govt $150 makes no difference other than semantically.

Re:That's their job

By drinkypoo • Score: 4, Interesting • Thread

and pisses away of tax money in "foreign aid" at a time when there is a budgetary deficit in our own country.

Maybe you should look up the ROI on foreign aid sometime. It's money we spend to stop problems from developing into larger problems which would actually cost us more money. I bet you're one of these people who wants to keep out the refugees. Well, guess what foreign aid is for? Yeah, that's right. Creating less refugees.

If you want to talk about pissing away money, there is only one discussion to be had at this time: The F-35. Every other pissing away money story is just pissing into the wind.

Tax incidence vs competition

By sjbe • Score: 5, Informative • Thread

It doesn't matter who pays the tax. It's the end user in all cases. Whether Apple sells it's phone $1000 and pays the govt $150 or sells its phone $850 and the user pays the govt $150 makes no difference other than semantically.

You are talking about tax incidence. But you forgot about an important detail. Companies cannot always simply pass on any taxes. Just because the government assigns a particular tax rate to my company doesn't necessarily mean I can raise prices to compensate. The reasons for this vary but usually it is because of competitive pressures. So in many cases the company ends up eating some percentage of the cost and their profits are lower. It's unclear if this would apply in Apple's case but it is clear that Apple cannot simply charge any amount they want. At some point the price gets high enough that people will seek out alternatives which is why Android has huge market share despite modest profits. In the long run (years) all prices are variable but for shorter periods of time there often are constraints on pricing power.

But if a company can manage to (legally) dodge all taxes that can be a huge competitive advantage in pricing power. It allows them to sell a product for less money than would otherwise be possible, even if it is a premium product with a fat margin.

Income isn't the only tax

By jbmartin6 • Score: 3 • Thread
There are plenty of other taxes aside from income tax. It's a bit frustrating to see how quickly "no income tax" gets transmuted to "no tax". Surely Apple is paying a lot of other taxes in NZ besides income tax. Not sales tax, as already discussed, except on purchases made by Apple in NZ. Property tax, etc.

Re:They do contribute

By Pete Smoot • Score: 4, Funny • Thread

Oh that's a wonderful deal! So any company that produces fabulous products at prices customers are very willing to pay is now exempt of tax? Please tell that to every other company, because it looks as if only Apple is taking advantage of this New Zealand law.

Actually, yeah I'd prefer we eliminated all corporate taxes and only taxed individuals. I think taxing corporations obscures who is actually paying the tax.

The more I think about it, taxes ultimately fall on people. You and I have to decide we're not going to spend money on things we'd prefer because some of our cash went to a government. Some of that was channeled through higher prices at the store, some was carved off our income, some was lower returns on our investments. But in the end, you and I feel the effects of the tax, not a company. I think it would be clearer and more honest to avoid the middle man.

O'Reilly Site Lists 165 Things Every Programmer Should Know

Posted by EditorDavidView on SlashDotShareable Link
97 Things Every Programmer Should Know was published seven years ago by O'Reilly Media, and was described as "pearls of wisdom for programmers collected from leading practitioners." Today an anonymous reader writes: All 97 are available online for free (and licensed under a Creative Commons Attribution 3), including an essay by "Uncle Bob" on taking personal responsibility and "Unix Tools Are Your Friend" by Athens-based professor Diomidis Spinellis, who writes that the Unix tool chest can be more useful than an IDE.

But the book's official site is also still accepting new submissions, and now points to 68 additional "edited contributions" (plus another seven "contributions in progress"), including "Be Stupid and Lazy" by Swiss-based Java programmer Mario Fusco, and "Decouple That UI" by tech trainer George Brooke.

"There is no overarching narrative," writes the site's editor Kevlin Henney (who also wrote the original book). "The collection is intended simply to contain multiple and varied perspectives on what it is that contributors to the project feel programmers should know...anything from code-focused advice to culture, from algorithm usage to agile thinking, from implementation know-how to professionalism, from style to substance..."

Production server

By nasch • Score: 5, Informative • Thread

Under no circumstances — ever, at all — should a developer have access to a production server.

I'm one of two developers on a five person team. The other people are: CEO/sales, marketing/customer support, and QA. If I didn't manage the production server, there would be no releases. Perhaps this would be more accurate:

Under no circumstances — that I've personally experienced — should a developer have access to a production server.

Re:Picking one at random

By ath1901 • Score: 5, Insightful • Thread

You are responsible for reading and learning. You are responsible for staying up-to-date with the industry and the technology. Too many programmers feel that it is their employer's job to train them. Sorry, this is just dead wrong. Do you think doctors behave that way?

I just can't stop thinking about the stupidity of this.

Doctor: Hey, patient, would you like to try some new meds I read about on the internet yesterday while my kids were screaming? I haven't tried them or read any scientific studies and I am unsure about the use-case compared to existing drugs but they are very popular in some facebook groups.

Navy Officer: Hey, we're getting a new aircraft carrier next year so I expect all of you to go home and read up on it and start practicing at home. We'll call you when there is a war and your skills are needed. You'd better be self-trained experts by then!

University head: What's all this "research" I keep hearing about? Take some responsibility for your own careers and stay up to date in your spare time! Now, go back to work. We need more folded napkins!
     

Re:Lots of links to articles, phfft

By grep -v '.*' * • Score: 4, Funny • Thread

Anyone wanna summarize the list so I don't have to read 160 articles to see if I agree/disagree with them?

1. THE ROBOTS ARE COMING -- find a different job.

Re:Production server

By coofercat • Score: 4, Insightful • Thread

The real advice is that "while working in the role of Developer, do not have access to the prod servers". If you additionally have the role of "sysadmin" from time to time, then so be it, but don't abuse your development power, nor your sysadmin power.

In my experience of big companies, small companies and a few in between this really does work best. People talk of 'creating high walls' and whatnot, but by forcing devs to mould their output into something system-friendly results in a far superior product and far less maintenance overhead. It appears to take longer to get things into production, hence the 'high walls' comments, but the alternative is almost always worse in the long run.

Re:Lots of links to articles, phfft

By angel'o'sphere • Score: 4, Insightful • Thread

Indeed, the point several of us are trying to make is that exactly the opposite may be true: breaking everything down into very small functions
That is a strawman. Nobody said very small. They simply should be small enough, that is all.

the number of potential relationships between them grows exponentially, and those relationships may not be as transparent once you've broken everything down into tiny pieces.
Then you are doing it wrong.
By "definition" a function only works their arguments and returns a result. Usually, if it is a method in a class, it does not even manipulate the attributes of its associated object.
The only relation functions have to each other is their call hierarchy, which is easy to figure and in an IDE trivial. Worst case use the debugger.

Maryland Legislator Wants To Keep State University Patents Away From Trolls

Posted by EditorDavidView on SlashDotShareable Link
The EFF's " Reclaim Invention" campaign provided the template for a patent troll-fighting bill recently introduced in the Maryland legislature to guide public universities. An anonymous reader writes: The bill would "void any agreement by the university to license or transfer a patent to a patent assertion entity (or patent troll)," according to the EFF, requiring universities to manage their patent portfolios in the public interest. James Love, the director of the nonprofit Knowledge Ecology International, argues this would prevent assigning patents to "organizations who are just suing people for infringement," which is especially important for publicly-funded colleges. "You don't want public sector patents to be used in a way that's a weapon against the public." Yarden Katz, a fellow at Harvard's Berkman Klein Center for Internet amd Society, says the Maryland legislation would "set an example for other states by adopting a framework for academic research that puts public interests front and center."
The EFF has created a web page where you can encourage your own legislators to pass similar bills, and to urge universities to pledge "not to knowingly license or sell the rights of inventions, research, or innovation...to patent assertion entities, or patent trolls."

Violating contracts is a dangerous idea

By reemul • Score: 3 • Thread

I strongly oppose patent trolls, but retroactively breaking valid contracts and nullifying sales of patents because you don't like who the patent was sold to is a truly horrible idea. If you don't want patent trolls to have university patents, don't sell them to them. And fire everyone at the university involved if they do sell them. Letting the university enter into a contract and then back out with no consequence because the purchaser is engaged in a vile but legal practice does damage to our legal system that far outweighs any possible benefit. This is just a bad idea generally. The EFF should spend their time trying to get patent trolling itself banned, not damaging the sanctity of contracts generally with cheap stunts because they like some of the short term outcomes.

America's Most Affordable Cities For Tech Workers: Seattle, Austin, and Pittsburgh

Posted by EditorDavidView on SlashDotShareable Link
"Seattle tech workers who own their homes can expect to have about $2,000 more in disposable income each month than tech workers in the Bay Area," according to a new study from LinkedIn and Zillow. An anonymous reader writes: "For technology workers who rent, Seattle, Austin and Pittsburgh, Pennsylvania came out on top among the housing markets analyzed, with the Bay Area at #4..." the two companies reported. "Salaries for other industries don't hold up as well in the San Francisco area, though. Even highly-paid finance workers keep only about 32 percent of their incomes after paying for housing and taxes. In Charlotte or Chicago, they can pocket a median of 61 percent."

The Bay Area's high housing prices are apparently offset by the high salaries paid there to tech workers, according to the study. Even so, both home owners and renters pay roughly half the median income for housing on the west coast, "while a rental in the middle of the country costs more like 25 percent of the median income."

The report also identified the best cities for health workers -- Phoenix, Indianapolis, and Boston -- as well as for finance workers, who do best in Charlotte, Chicago and Dallas. The top 15 cities for tech workers also included those same cities except Chicago and Phoenix, while also including known tech hotspots like Denver, Atlanta, and Washington, D.C. But surprisingly the top 15 best cities for tech workers also included Detroit, Nashville, St. Paul (Minnesota) and Tampa, Florida.

Re:Q: How many Austinites...

By mattwarden • Score: 5, Informative • Thread

That's Amarillo. I've been to that steakhouse. Quite a spectacle

Re:Wrong about Austin

By mattwarden • Score: 5, Insightful • Thread

Thank you. I forgot to mention that one. Don't move here unless you want to be slaughtered by the state government.

how about just about any Midwestern city?

By cascadingstylesheet • Score: 4, Insightful • Thread
Oh ... by "tech workers" you meant "people who work for big name tech companies".

Re:Wrong about Austin

By buss_error • Score: 5, Funny • Thread

All kidding aside, I had to drive through Austin during SXSW... Took almost 4 hours. A family member lives in Austin, about 2 miles from the grocery store. It takes an hour each way by car on days of "normal" traffic, longer if there's a traffic jam. Much faster to walk to the store. And this is Texas. We don't walk up the isle to get married - we drive.

Optimally

By kilodelta • Score: 3 • Thread
I work in Boston, live in Providence. Best of both worlds - salaries higher, costs lower in home city.

WikiLeaks Won't Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met

Posted by EditorDavidView on SlashDotShareable Link
"WikiLeaks has made initial contact with us via secure@microsoft.com," a Microsoft spokesperson told Motherboard -- but then things apparently stalled. An anonymous reader quotes Fortune: Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security "zero days" and other surveillance methods in the possession of the Central Intelligence Agency... Wikileaks' demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard's sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.
Julian Assange announced Friday that Mozilla had already received information after agreeing to their "industry standard responsible disclosure plan," then added that "most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies... such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA." Assange suggested users "may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves."

Is receiving information a crime?

By manu0601 • Score: 3 • Thread
We talk about leaked classified material that remains classified. Does it qualify as a federal crime to accept it?

Re:This is extortion

By poity • Score: 5, Insightful • Thread

Wikileaks: I need guarantees that you will use this information to the benefit of your users rather than the government
Microsoft: We'll get back to you on that
Media: Wikileaks isn't helping Microsoft unless demands are met
Media Consumers: WTF I HATE WIKILEAKS

Why secret?

By CanEHdian • Score: 4, Interesting • Thread
Anyone able to explain why these agreements/demands are SECRET? There should be ("industry standard"?) nothing stopping WL from publishing them. In the interest of transparancy.

Re:Fuck Wikileaks

By drinkypoo • Score: 5, Insightful • Thread

You might as well complain that the firefighters were assholes while they saved your house

If the firefighters are refusing to save my house from burning unless I commit to rebuilding it out of nonflammable materials within ninety days, then they are assholes.

Re: After firing most of their QA team, Microsoft.

By drinkypoo • Score: 4, Interesting • Thread

Heard this lie before from you dude. Why are you trying so hard?

Well, who do you think Microsoft is firing?

NY Bill Would Require Removal of Inaccurate, Irrelevant Or Excessive Statements

Posted by EditorDavidView on SlashDotShareable Link
schwit1 writes: In a bill aimed at securing a "right to be forgotten," introduced by Assemblyman David I. Weprin and (as Senate Bill 4561 by state Sen. Tony Avella), New York politicians would require people to remove "inaccurate," "irrelevant," "inadequate" or "excessive" statements about others... Failure to comply would make the search engines or speakers liable for, at least, statutory damages of $250/day plus attorney fees.
The Washington Post reports the bill's provisions would be as follows: Within 30 days of a "request from an individual, all search engines [and online speakers] shall remove...content about such individual, and links or indexes to any of the same, that is 'inaccurate', 'irrelevant', 'inadequate' or 'excessive,' and without replacing such removed...content with any disclaimer [or] takedown notice.... [I]naccurate', 'irrelevant', 'inadequate', or 'excessive' shall mean content, which after a significant lapse in time from its first publication, is no longer material to current public debate or discourse, especially when considered in light of the financial, reputational and/or demonstrable other harm that the information...is causing to the requester's professional, financial, reputational or other interest, with the exception of content related to convicted felonies, legal matters relating to violence, or a matter that is of significant current public interest, and as to which the requester's role with regard to the matter is central and substantial."

Re:Next!

By quonset • Score: 5, Insightful • Thread

It could put CNN out of business

You mean Breitbart who literally, in the truest sense of the word, has put up false and fake information (it can't be called news). Even Bannon has called them out for posting fake information.

It's why companies have ditched advertising on the fake site.

But let me guess, "alternative facts"? Or is it a camera in a microwave?

Re: Next!

By ArmoredDragon • Score: 4, Insightful • Thread

There's a difference between preventing peaceful protest and preventing people from blocking highways that are used for emergency vehicles.

But this article you linked doesn't bother to mention that.

Sounds like a great idea

By Solandri • Score: 5, Funny • Thread
As a test, I propose the law first be applied to statements made by the bill's authors and supporters through the next election cycle.

Plainly unconstitutional

By JohnFen • Score: 3 • Thread

Reading the bill, it is clear to me that this is plainly and clearly unconstitutional. They didn't even try to hide it. If it passes, it wouldn't survive the the courts.

The Left aren't the "underdog"

By mi • Score: 3 • Thread

Gone are the days of:

sticks and stones may break my bones, but words will never hurt me

The Illiberal Left's War on Speech continues and we've almost lost it... Major positions have been surrendered without or with little fight:

  • "Safe spaces" on campuses have been weaponized and are used to suppress opinions, that make others "uncomfortable";
  • The nonsense of "gender-neutral pronouns" and "transgenderism" in general came out of nowhere — a pregnant woman coming to a hospital to give birth claims to be a man, and is offended, when referred to as "mommy" by the nurses.
  • Though one can not (yet!) be arrested for making others "uncomfortable" with one's opinion, one may already be fired for same.
  • "Hate speech" is already illegal in many Western countries — with movement afoot to bring the same oppression into the US.
  • Though the Bill of Rights is still, supposedly, the law of the land, its treatment has changed:

    “This isn’t really the ’60s anymore [...] people can’t really protest like that anymore.”

  • The "right to be forgotten", having never existed before, is suddenly "a thing". Can't wait to discuss the court-ordered memory-erasures on SlashDot...

Your Hotel Room Photos Could Help Catch Sex Traffickers

Posted by EditorDavidView on SlashDotShareable Link
100,000 people people have already downloaded an app that helps fight human trafficking. dryriver summarizes a report from CNN: Police find an ad for paid sex online. It's an illegally trafficked underage girl posing provocatively in a hotel room. But police don't know where this hotel room is -- what city, what neighborhood, what hotel or hotel room. This is where the TraffickCam phone app comes in. When you're staying at a hotel, you take pictures of your room... The app logs the GPS data (location of the hotel) and also analyzes what's in the picture -- the furniture, bed sheets, carpet and other visual features. This makes the hotel room identifiable. Now when police come across a sex trafficking picture online, there is a database of images that may reveal which hotel room the picture was taken in.
"Technology drives everything we do nowadays, and this is just one more tool that law enforcement can use to make our job a little safer and a little bit easier," says Sergeant Adam Kavanaugh, supervisor of the St. Louis County Multi-Jurisdictional Human Trafficking Task Force. "Right now we're just beta testing the St. Louis area, and we're getting positive hits," he says (meaning ads that match hotel-room photos in the database). But the app's creators hope to make it available to all U.S. law enforcement within the next few months, and eventually globally, so their app is already collecting photographs from hotel rooms around the world to be stored for future use.

Re:Neat idea with one problem...

By thegarbz • Score: 4, Interesting • Thread

Even chains often differ significantly.

The trick is that traffickers must limit themselves to the very specific chains like Motel 6, and then hope they are in one which hasn't recently had an update that makes it different to all the others.

But then even the clue that traffickers prefer a given chain narrows down search results dramatically.

Try this

By dabadab • Score: 4, Insightful • Thread

"Police find an ad for paid sex online"

Police calls phone number in the ad.

Sign me up!

By Anonymous Coward • Score: 4, Insightful • Thread

just one more tool that law enforcement can use to make our job a little safer and a little bit easier

Sure! I'd love to work for the police state! And for free!

"We have over 100,000 people using the app right now, and we're hoping that more will join us to take action and fight this fight,"

I think a more productive use of everyone's time will be to monitor and document police activity. After all, police lie. They are corrupt and can't be trusted.

Re:What do you expect?

By plover • Score: 4, Insightful • Thread

Just think about how many movies have come out in the last 20 years, and even RECENT TV shows/Movies whose plots break down immediately if a true Panopticon/Big Brother society exists.

CallerID would have wrecked 25% of Columbo episodes if it had existed back then. "Won't somebody please think of the screenwriters" is an unusual take on technology changes!

I recently rewatched the original Day of the Jackal from 1973. The entire movie was the suspense of the police chasing him via a paper trail of hotel registrations and phone calls, and I couldn't help but think that the whole movie would have been over in about three minutes if SQL existed.

Re:Bullshit.

By TroII • Score: 5, Interesting • Thread

As for the "boy", he was 17 years old, with a history of selling himself for sex/drugs.

And as for the Senator, he's married with children and has a history of pushing anti-gay and anti-marijuana legislation. Then he gets caught in a motel with an underage boy and marijuana. It's just another example of the incredible projection and hypocrisy that infects the Republican party to its core. Anytime a conservative starts yelling about outlawing something, look closely because he's probably doing a lot of that thing himself.

The First Practical Use For Quantum Computers: Chemistry

Posted by EditorDavidView on SlashDotShareable Link
"The first quantum computer to start paying its way with useful work in the real world looks likely to do so by helping chemists," writes MIT Technology Review, "trying to do things like improve batteries or electronics." An anonymous reader quotes their report: So far, simulating molecules and reactions is the use case for early, small quantum computers sketched out in most detail by researchers developing the new kind of algorithms needed for such machines... "From the point of view of what is theoretically proven, chemistry is ahead," says Scott Crowder, chief technology officer for the IBM division that today sells hardware including supercomputers and hopes to add cloud-hosted quantum computers to its product line-up in the next few years...

Researchers have long used simulations of molecules and chemical reactions to aid research into things like new materials, drugs, or industrial catalysts. The tactic can reduce time spent on physical experiments and scientific dead ends, and it accounts for a significant proportion of the workload of the world's supercomputers. Yet the payoffs are limited because even the most powerful supercomputers cannot perfectly re-create all the complex quantum behaviors of atoms and electrons in even relatively small molecules, says Alan Aspuru-Guzik, a chemistry professor at Harvard. He's looking forward to the day simulations on quantum computers can accelerate his research group's efforts to find new light-emitting molecules for displays, for example, and batteries suitable for grid-scale energy storage.

Microsoft is already focusing on chemistry and materials science in its quantum algorithm effort, saying a hybrid system combining conventional computers with a small quantum computer "has great promise for studying molecules." Meanwhile, the article argues that breaking encryption, "although a genuine threat, is one of the most distant applications of the technology, because the algorithms involved would require an extremely large quantum processor."

So... we use a quantum computer to simulate...

By cpotoso • Score: 3 • Thread
So... we use a quantum computer to simulate... a quantum computer? LOL

Always happy to hear about hardware progress

By quax • Score: 3 • Thread

But nothing report here is particularly new. It has been known for quite some time now that breaking encryption takes a lot of qubits, whereas quantum chemistry can be accelerated with relative modest qubits amounts, assuming they can implement universal QC gate model operations.

Re: So... we use a quantum computer to simulate..

By newcastlejon • Score: 4, Informative • Thread
Physics is a superset of chemistry.

1.6 Billion-Year-Old Plant Fossil Found In India

Posted by EditorDavidView on SlashDotShareable Link
Complex multicellular life began 400 million years earlier than we thought, according to a Phys.org article shared by Slashdot reader William Robinson: Scientists found two kinds of fossils resembling red algae in uniquely well-preserved sedimentary rocks at Chitrakoot in central India. One type is thread-like, the other one consists of fleshy colonies. The scientists were able to see distinct inner cell structures and so-called cell fountains, the bundles of packed and splaying filaments that form the body of the fleshy forms and are characteristic of red algae... The oldest known red algae before the present discovery are 1.2 billion years old. The Indian fossils, 400 million years older and by far the oldest plant-like fossils ever found, suggest that the early branches of the tree of life need to be recalibrated.

Re:FAKE NEWS

By RotateLeftByte • Score: 4, Insightful • Thread

"TheRealDonaldTrump" would never say this. He'd say something like

"We are gonna make them pay for this. It will be Fantastic, Tremendous and I'm the most intelligent man on the planet."

Remarkable How Our Assumptions Are Often Wrong

By dryriver • Score: 4, Insightful • Thread
I love the way in the 21st Century we keep reading news headlines that end in "... than previously thought". Its always science news, too. Something or the other is always ..................... than previously thought. =) Of course updating what we "know" according to new data is a good thing. But its striking how often ".... than previously thought" appears in the news.

1.6 Billion-Year-Old Plant Fossil Found In India

By Hognoxious • Score: 3 • Thread

On its resume, claims to have 2.4 billion years of experience with photosynthesis 2.0.

Re:FAKE NEWS

By MightyMartian • Score: 4, Insightful • Thread

What I find interesting is why anyone puts stock in religious or mythical beliefs that really ultimately were just, at best, wild conjecture, and likely just as often just good old fashioned fabrication. We didn't really begin to have a good scientifically-based notion that the Earth was very old until the 18th century as the science of geology began to form.

I love reading ancient myths, whether they be the Bible or the Vedas. They give us an extraordinary window on ancient cultures, on their structures, on their worldview and their aspirations. The one thing such works are not very good for is determining the age of the Earth, of the Universe, or how life formed and evolved. In many cases, ancient myth-writers had such flawed views of the natural world that their writings weren't even wrong. I can forgive them, they lived before any kind of reliable naturalistic methodologies existed. I can't really forgive modern Creationists, however. Embracing some silly Bronze Age person's notion of the universe and rejecting modern science is just plain idiotic.

Re:FAKE NEWS

By 140Mandak262Jamuna • Score: 4, Informative • Thread
Hindus have a very relaxed view of the scriptures. For example the important avatars of God Vishnu are, in order, fish (matsya), turtle (koorma), pig (varaha), man-lion (nara-simha), dwarf-man (vaamana), axe-man (parasu-raman), perfect-man (Raman), imperfect-man (Krishnan) and the eagerly awaited apocalypse-inducer (kalki). Now many are stretching this as an adumberation of the theory of evolution.

If the printing press has not arrested the evolution of Hindu scriptures in 18th century, by this time we would have established Jesus and Mohammad as avatars of Vishnu, and Darwin as a recent saint. There is one version of Brahmandapurana which has the entire old testament geneology, the story of genesis and most of European history up the Queen Victoria. It is typically disregarded as an interpolation done at the behest of the evil British. But it does show there were enough collaborators to the evil British who knew enough Sanskrit to write in the old style and do the interpolation.

Company's Former IT Admin Accused of Accessing Backdoor Account 700+ Times

Posted by EditorDavidView on SlashDotShareable Link
An anonymous reader writes: "An Oregon sportswear company is suing its former IT administrator, alleging he left backdoor accounts on their network and used them more than 700 times to search for information for the benefit of its new employer," reports BleepingComputer. Court papers reveal the IT admin left to be the CTO at one of the sportswear company's IT suppliers after working for 14 years at his previous employer. For more than two years, he's [allegedly] been using an account he created before he left to access his former colleagues' emails and gather information about the IT services they might need in the future. The IT admin was fired from his CTO job after his new employer found out what he was doing.
One backdoor, which enabled both VPN and VDI connections to the company's network, granted access to a "jmanming" account for a non-existent employee named Jeff Manning...

Say the name

By sjbe • Score: 3 • Thread

An Oregon sportswear company...

Why the generic descriptor? Say the name of the company - Columbia in this case. It's not as if no one has ever heard of them or they need their identity protected. Plus the company is named in the article.

Re:Say the name

By 110010001000 • Score: 4, Insightful • Thread
Clickbait tactic. People were probably thinking "Nike".

Re:Poor Governance

By mindwhip • Score: 4, Insightful • Thread

He didn't access his own account. He set up a "fake" account for a 'fake' employee that didn't exist which could be done even using the HR link if he he had access to add records to that database. Or he could have set up additional access on some other employee (say a driver) who rarely used the wider computer systems and wouldn't notice the extra access.

But HR links like that don't really work in the real world anyway. It doesn't allow for most large corporate set-ups where mainframe needs to talk to linux box that needs to talk to an oracleDB that needs to be accessible by a java batch job that needs to write output to the windows domain server file system so a human can check it before uploading it to an SFTP gateway box for an external customer to collect.

You don't just have accounts that are pure user accounts. You need mechanisms and accounts to allow system to system communications and logins for moving data between automated systems and for a large company it would be easy for an admin with sufficient privileges to hide a back-door amongst all these inter-system communication accounts (or even just hijack one or two legitimate ones, having copied passwords and other keys).

Illuminati Online "Hardened" Network Services

By pepsikid • Score: 5, Informative • Thread

I'll just leave this here:
http://io.fondoo.net/

"Fun fact: you could telnet to password.io.com from anywhere in the world, and log on as guest. Lynx, a text-only web browser, was configured as the shell, and you would then be presented with a sparse version of the web-based customer account tools found at http://password.io.com/. This was so customers could reset their own password, update their address, set their PLAN file, etc.

IO forgot to disable browsing the filesystem (press g, period, enter). Also, IO never enforced uniform file and directory permissions or audited active accounts. As a result, through 2004, after IO was taken over by Prismnet (or later), you could roam around and directly view many customer's private files, email, and IO's sensitive system areas. You could also open the Lynx config to define a custom "editor" and thus actually edit files, or run executables. This was a direct back-door into everything! This continued a full two years after IOCOM "hardened" their network to sell network security services."

Company should have been watching more

By ErichTheRed • Score: 3 • Thread

Even in large companies, many sysadmins have full access to everything, especially those involved in any sort of identity management. In most WIndows environments and projects I've worked on, I've either had or had the ability to gain domain admin access, which is basically as good as having full access. Since we're not licensed professionals, most of us don't learn anything about ethics or the way to responsibly manage your access. I do want to keep my reputation somewhat intact, so whenever I leave an employer or get assigned to another project where I don't need the access, I'm very careful to give it up completely. I take the time to ensure everyone involved knows I've disabled accounts and handed access over to the next person. I've had a couple times where an employer has asked me to come back and help the new guy for a couple hours, and I make sure they create new accounts and remove them immediately. It makes sense -- you wouldn't let an employee you fired keep his badge and keys regardless of the situation.

Of course, this situation sounds like the person was planning from the outset to set up his own backdoor and use it. As much as I hate the idea of malpractice insurance, I think it might be time for something similar in the IT world. Computers and access to them are more important than ever and having someone do something like this can damage a company's results and reputation.

The US Army Finally Gets The World's Largest Laser Weapon System

Posted by EditorDavidView on SlashDotShareable Link
It's been successfully tested on trucks, as well as UAVs and small rockets, according to a video from Lockheed Martin, which is now shipping the first 60kW-class "beam combined" fiber laser for use by the U.S. Army. An anonymous reader quotes the Puget Sound Business Journal: Lockheed successfully developed and tested the 58 kW laser beam earlier this year, setting a world record for this type of laser. The company is now preparing to ship the laser system to the U.S. Army Space and Missile Defense Command/Army Forces Strategic Command in Huntsville, Alabama [according to Robert Afzal, senior fellow for Lockheed's Laser and Sensor Systems in Bothell]. "We have shown that a powerful directed energy laser is now sufficiently light-weight, low volume and reliable enough to be deployed on tactical vehicles for defensive applications on land, at sea and in the air..." Laser weapons, which complement traditional kinetic weapons in the battlefield, will one day protect against threats such as "swarms of drones" or a flurry of rockets and mortars, Lockheed said.

Nukes

By Anonymous Coward • Score: 3, Funny • Thread

I hope a system like this will one day make nukes obsolete so that we can start having big wars again....

No mention of sharks?

By Anonymous Coward • Score: 4, Funny • Thread

"We have shown that a powerful directed energy laser is now sufficiently light-weight, low volume and reliable enough to be deployed on tactical vehicles for defensive applications on land, at sea and in the air..."

No mention of sharks.

What is the energy efficiency?

By mykepredko • Score: 3 • Thread

How much energy goes into the laser to get the 58kW out? 58kW is just over 78 horsepower, so it's not a huge amount of energy coming out and, at 100% efficiency, it could be driven by a fairly small power source.

Are we talking efficiency on the order of 10%, 1%, 0.1% less?

The question comes down to, can the beam be powered by a couple of car batteries or do we need a nuclear power plant?

Re: Nukes

By TuballoyThunder • Score: 5, Funny • Thread
To end the scourge of people who like to override the default font.

Re:Chrome

By Crispy Critters • Score: 4, Informative • Thread
Maybe a better way to put it is to think of three ranges: At low enough power, a coating isn't needed. At high enough power, any practical coating will be burned through. The in-between range where a reflective coating can make a difference is surprising narrow, not much more than a factor of 10 in power, because really good wide-spectrum reflectivities will be less than 99%.

The best reflectivity is fragile. A 10 W laser can burn a crater in a beautiful lab-grade mirror. (Flaw in the coating? minuscule deterioration? speck of dust?)

This can be translated into time instead. So if the laser damages the target in a microsecond, no coating will help. But if the beam has to be held on target for tens of seconds, some reflectivity will turn this into minutes and may make a difference.

Ask Slashdot: How Would You Implement Site-Wide File Encryption?

Posted by EditorDavidView on SlashDotShareable Link
Recently-leaked CIA documents prove that encryption works, according to the Associated Press. But how should sys-admins implement site-wide file encryption? Very-long-time Slashdot reader Pig Hogger writes: If you decide to implement server-level encryption across all your servers, how do you manage the necessary keys/passwords/passphrases to insure that you have both maximum uptime (you can access your data if you need to reboot your servers), yet that the keys cannot be compromised... What are established practices to address this issue?
Keep in mind that you can't change your password once the server's been seized, bringing up the issue of how many people know that password. Or is there a better solution? Share you suggestions and experiences in the comments. How would you implement site-wide file encryption?

It depends what you mean by 'site wide'

By Assmasher • Score: 3 • Thread

If you want your files encrypted 'at rest' so that if someone comes and pulls your HDD (or software equivalent) then you can implement a strategy similar to:

(a)Encrypt all content with individual symmetric keys (one key per piece of content) - prefix each piece of content with a key ID (for key lookup on exit) - there are many ways to associate content with a key - prefixing is just the simplest
(b)Encrypt those keys (which you'll need stored locally for performance reasons) with a randomly generated one-time pad stored on a removable hardware device (HSM/USB for example)
(c)Decrypt files as appropriate as they exit your webserver - observe the key ID of the content, ask a process on your machine to give you the symmetric key for that ID, decrypt the content, send it back to the requesting connection.

Don't store the master key and/or one time pad locally, simply have a daemon/service/long running process on your web server require (at startup) you to plugin your hardware device (e.g. read a file from a mount that is only there when you plug the thing in.) This means that stealing the content doesn't do them much good (if they crack a key it's only for that particular piece of content, they'll have to crack lots of keys), and if they get the locally stored symmetric key file it doesn't do them much good either because you're protecting that with a VERY strong key and/or cipher which is stored air-gapped - they'd have to not only steal all the files involved, they'd have to inject into the service/daemon that issues symmetric keys.

This type of approach has performance implications of course, and to make it truly close to unbreakable requires more specifics (process injection prevention, signing and impersonation attack prevention, both on the key request side and the service/daemon unlocking scheme, et cetera) - this would be quite a discouraging system to attempt to break.

My $0.02, YMMV

Re: Virtual Private Raid

By flargleblarg • Score: 4 • Thread

But the chance of losing your data is triple.

I was about to say, "That's not how probability works!" but it turns out that you are actually correct.

If each site has a 1% chance of being seized, then it means each site has a 99% chance of not being seized. Multiplying these probabilities together gives .99^3 = .970299 or about a 97.03% chance that no site will be seized — which means that you've got about a 3% chance of having one or more site seized.

The key here is that 1 – (1 – x)^3 is very close to 3x for small x.

Re:Virtual Private Raid

By Anonymous Coward • Score: 4, Informative • Thread

I wish that someone would develop a version of raid for use with servers. Have 3 VPSs in Switzerland, Russia and Holland and each one gets only a 3rd of each file. The chances of any government seizing all 3 is zero.

GlusterFS supports striping across volumes that can be hosted on different servers: https://gluster.readthedocs.io/en/latest/Quick-Start-Guide/Architecture/

hire someone

By ooloorie • Score: 4, Insightful • Thread

How Would You Implement Site-Wide File Encryption?

Hire someone who knows what they are doing. Seriously, if this is for a business, there are lots of complex issues with compliance and audits in addition to availability and the possibility of sabotage. And this causes enough work that you'll probably need to hire someone anyway, so it might as well be someone who knows this stuff.

Dealing with those requires experience. And the very first thing you need to come to terms with is: what risks are you actually trying to protect against? What tradeoffs are you willing to make and what risks (mainly of data loss) are you willing to accept? How much are you willing to spend on this?

Re:Virtual Private Raid

By GameboyRMH • Score: 4, Informative • Thread

Sounds like Tahoe-LAFS.

Edge, VMWare, Safari, And Ubuntu Linux Hacked at Pwn2Own 2017

Posted by EditorDavidView on SlashDotShareable Link
The 10th annual Pwn2Own hacking competition ended Friday in Vancouver. Some of the highlights:
  • Ars Technica reports one team "compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in... by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware."
  • Digital Trends reports "Samuel Grob and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro, [and] impressed onlookers even more by adding a custom message to the Touch Bar which read: "pwned by niklasb and saelo."
  • Ubuntu 16.10 Linux was also successfully attacked by exploiting a flaw in the Linux 4.8 kernel, "triggered by a researcher who only had basic user access but was able to elevate privileges with the vulnerability to become the root administrative account user..." reports eWeek. "Chaitin Security Research Lab didn't stop after successfully exploiting Ubuntu. It was also able to successfully demonstrate a chain of six bugs in Apple Safari, gaining root access on macOS."
  • Another attacker "leveraged two separate use-after-free bugs in Microsoft Edge and then escalated to SYSTEM using a buffer overflow in the Windows kernel."

None of the attendees registered to attempt an attack on the Apache Web Server on Ubuntu 16.10 Linux, according to eWeek, but the contest's blog reports that "We saw a record 51 bugs come through the program. We paid contestants $833,000 USD in addition to the dozen laptops we handed out to winners. And, we awarded a total of 196 Master of Pwn points."


Breaking out of VMware

By rene2 • Score: 5, Interesting • Thread

is the most impressive. Heads up for that achievements!

The Edge of Karma

By EditDistance • Score: 5, Funny • Thread
Only yesterday, Microsoft was shoving advertisements for Edge in my face and proudly proclaiming it was the most secure browser... This claims look ridiculous this morning. Looks like an epic hack, seriously cool.

Great!

By Gravis Zero • Score: 4 • Thread

I love that people are exposing exploits in Linux (new or old versions) because it means we all get fixes and a little more safety from the bad guys. :)

Re:use-after-free bugs in Microsoft Edge

By Behrooz Amoozad • Score: 5, Informative • Thread
In a single AppDomain with one single thread and no lazy references, sure. If you write anything complex it can go straight to hell if you don't know exactly what you're doing.
This includes every little messy detail on the multi-threaded multi-domain marking garbage collector with 3 lists and 5 heaps that traverses stacks of all threads on each collect, type inheritance with type casting direction, native calls with auto marshaling between managed and native types, AppDomains that should read eachothers' memory but not write it, etc.
Source: C# developer since 2k3

Re: Have fun with those Pwn points!

By valdezjuan • Score: 4, Insightful • Thread
That's not 100% true. Look at Gates and Buffet, they are getting richer but they are donating billions to charities and research, they are also not alone in doing that.

RedMonk Identifies 2017's Most Popular Languages: JavaScript, Java, And Python

Posted by EditorDavidView on SlashDotShareable Link
Twice a year the tech analysts at RedMonk attempt to gauge adoption trends for programing languages based on data from both GitHub and Stack Overflow. Here's their top 10 list for 2017: JavaScript, Java, Python, and PHP, followed by a two-way tie between C# and C++, a two-way tie between Ruby and CSS, and then C at #9, and Objective-C at #10. But their GitHub data now counts the number of pull requests rather than the number of repositories. An anonymous reader quotes their report: Swift was a major beneficiary of the new GitHub process, jumping eight spots from 24 to 16 on our GitHub rankings. While the language appears to be entering something of a trough of disillusionment from a market perception standpoint, with major hype giving way to skepticism in many quarters, its statistical performance according to the observable metrics we track remains strong. Swift has reached a Top 15 ranking faster than any other language we have tracked since we've been performing these rankings. Its strong performance from a GitHub perspective suggests that the wider, multi-platform approach taken by the language is paying benefits...

Of all of the top tier languages, none jumped more than TypeScript on our GitHub rankings, as the JavaScript superset moved up 17 points.... PowerShell moved from 36 within the GitHub rankings to 19 to match TypeScript's 17 point jump, and that was enough to nudge it into the Top 20 overall from its prior ranking of 25... One of the biggest overall gainers of any of the measured languages, Rust leaped from 47 on our board to 26 â" one spot behind Visual Basic.

Swift and Scala and Shell all just missed out on the top 10, clustering in a three-way tie at the #11 spot.

Re:Counts sharing, not use. Javascript always shar

By Gravis Zero • Score: 4, Insightful • Thread

You won't find Linux or Apache on Github, for example...

Linux kernel
Apache HTTPD Server

I'm not saying you're wrong, but your examples are wrong.

This is getting old

By Anonymous Coward • Score: 3 • Thread

Every couple of days some random guy who measured programming language popularity by pissing against the wind while spelling the name of the language backwards pretends to have figured out how he future of software development will look like. And every damn time this garbage is getting posted on /.

That's how these things always go

By Sycraft-fu • Score: 4, Insightful • Thread

Whenever there's a "language popularity" thing online they always do their research by looking at what people are doing online. Either what they are talking about, what they are sharing, etc. Somehow none of them ever consider how horribly skewed this is.

The simplest counterexample to something like this is embedded software. It is unarguable that there's a lot of development of that going on. Everything today gets controlled with a micro-controller or small CPU. Actual custom designed ASICs/circuits are reserved for only a few applications, most things get a more general purpose device and do it in code. Your car, your cable modem, your microwave, your TV, etc all of them run code.

Well guess what? That embedded code isn't done in Javascript or Ruby or any of these other trendy languages. Often as not it is done in C/C++ (and sometimes partially or all assembly). It just isn't the sort of things that gets posted about online. First the code is almost always proprietary, so the project itself isn't going to get posted as it is property of the company that paid to have it written and second it is professionals working in teams doing it, not people who are getting started out or playing around. They are likely to get help internally, not talk about it on the Internet.

So if you want to look at Github to see what is popular on Github, that's cool, but when people try to generalize that to development overall, it is false. To get a feeling for what is really popular in software development you'd have to poll programmers working at a variety of big companies since that's where a lot of the code is being generated.

Re:I thought it was Rust.

By DrXym • Score: 4, Insightful • Thread
Exactly. Java, C++ and C are not going to go anywhere for a long time. Even if Rust is better for a whole raft of systems programming tasks it's not like anyone is going to go out and rewrite code that already works. More likely usage for Rust will grow with IoT since code needs to be performant, reliable and secure and C / C++ really aren't suitable for that task.

Python

By fluffernutter • Score: 5, Insightful • Thread
I just want to say. Good for Python. I know a lot of people hate it but once you get past the static indents there is a lot to like about the language.