the unofficial Slashdot digest


  1. US President Biden Announces He Will Not Seek Reelection
  2. What Can We Learn from the Computers of 1966?
  3. ‘Are You Serious?’ Hawaii Island Mayor in Disbelief after Third Vehicle Drives Straight Into Harbor
  4. After 12 Years, Mars Rover Curiosity Makes ‘Most Unusual Find to Date’
  5. Who Wrote the Code for Windows’ ‘Blue Screen of Death’?
  6. Should Kids Still Learn to Code in the Age of AI?
  7. China Is Installing Renewables Equivalent to Five Large Nuclear Plants Per Week
  8. Former Anonymous Spokesperson’s Memoir Called ‘Deranged, Hyperbolic, and True’
  9. CNN Investigates ‘Airbnb’s Hidden Camera Problem’
  10. Does the Crowdstrike Outage Prove the Dangers of a Cashless Society?
  11. In SolarWinds Case, US Judge Rejects SEC Oversight of Cybersecurity Controls
  12. Persian Gulf Experiences Record (and Life-Threatening) Heat Index
  13. Are There Gaps in Training for Secure Software Development?
  14. Netflix is Axing Its Cheapest Ad-Free Plan in the US
  15. Southwest Airlines Avoids Cloudstrike Issues - Thanks to Windows 3.1?

Alterslash picks up to the best 5 comments from each of the day’s Slashdot stories, and presents them on a single page for easy reading.

US President Biden Announces He Will Not Seek Reelection

Posted by EditorDavid View on SlashDot Skip
“It has been the greatest honor of my life to serve as your President,” U.S. President Joe Biden announced today. " And while it has been my intention to seek reelection, I believe it is in the best interest of my party and the country for me to stand down and to focus solely on fulfilling my duties as President for the remainder of my term.”

In an announcement posted on X.Com, Biden thanked the American people. (“Together, we overcame a once in a century pandemic and the worst economic crisis since the Great Depression.”) The short statement also said he would “speak to the Nation later this week in more detail.”

The Associated Press reports that “His wife, first lady Jill Biden, responded by reposting the president’s letter announcing his decision and adding red heart emojis.”

In a subsequent X post, he endorsed Vice President Kamala Harris to be the Democratic party’s nominee for president.

What Can We Learn from the Computers of 1966?

Posted by EditorDavid View on SlashDot Skip
Harry R. Lewis has been a Harvard CS professor — teaching both Bill Gates and Mark Zuckerberg — and the dean of Harvard college. Born in 1947, Lewis remembers flipping the 18 toggle switches on Harvard’s PDP-4 back in 1966 — up (“click!”) or down (“CLACK”). And he thinks there’s a lesson for today from a time when “Computers were experienced as physical things.”

[T]he machine had a personality because it had a body you could feel and listen to. You could tell whether it was running smoothly by the way it sounded…

Unlike the unreliable mechanical contraptions of yore, today’s computers — uninteresting though they may be to look at if you can find them at all — mostly don’t break down, so we have fewer reasons to remember their physicality. Does it matter that the line between humans and the machines we have created has so blurred? Of course it does. We have known for a long time that we would eventually lose the calculation game to our creations; it has happened. We are likely to lose Turing’s “Imitation Game” too, in which a computer program, communicating with a human via typed text, tries to fool the user into confusing it with a human at another keyboard. (ChatGPT and its ilk are disturbingly convincing conversationalists already.)

Our challenge, in the presence of ubiquitous, invisible, superior intelligent agents, will be to make sure that we, and our heirs and successors, remember what makes us human… All computers can do is pretend to be human. They can be, in the language of the late philosopher Daniel Dennett ‘63, counterfeit humans… The first error is suggesting that computers can be digitally trained to be superior versions of human intellects. And the second is inferring that human judgment will not be needed once computers get smart enough…

[N]o AI system can be divorced from the judgments of the humans who created it… Only hubristic humans could think that their counterfeits might completely substitute for human companionship, wisdom, curiosity, and judgment.â
Even back in 1966, Lewis says he learned two lessons that “have stood the test of time. Be careful what you ask them for. And it can be hard to tell what they are doing.”

One example? “In those pre-miniaturization days, the ordinary operation of the central processor generated so much radiation that you would put a transistor radio on the console and tune it in between AM stations. From the other side of the room, the tone of the static indicated whether the machine had crashed or not.”

‘Are You Serious?’ Hawaii Island Mayor in Disbelief after Third Vehicle Drives Straight Into Harbor

Posted by EditorDavid View on SlashDot Skip
Last year two different tourists — following GPS directions — drove their cars straight into the same harbor in Hawaii.

And then last weekend — at the same harbor — it happened again. “This time it was different,” reports a local news station. “The driver was a local…”
Multiple witnesses say the Prius was actually parked at the top of the ramp and that an enforcement officer with the Department of Land and Natural Resources told the owner she had to move it. Witnesses also said that the woman had an issue getting the car started. Eventually, she was able to start the vehicle and called out that the car was running.

Then the car went down the ramp....
More from Hawaii News Now:
This follows another viral incident, captured on video in May of last year, showing another SUV sinking in the water with its passengers inside. “The GPS led them into the water,” said one witness. Then, a few weeks later, it happened again. Witnesses say the driver, also an out-of-state visitor, was following their GPS directions.

“The first time I heard it, the thought in my head was, you got to be joking,” said Hawaii County Mayor Mitch Roth. “The third was — are you serious? This is just another form of people not paying attention to what they’re doing.”
The news outlet reached out to the Department of Land and Natural Resources — and specifically to its Division of Boating & Ocean Recreation, to ask whether the harbor’s boat ramp had adequate lighting and signage.

They responded that a boat ramp descending into the waters of the Pacific ocean is “hard to miss” — and called the recent incidents “operator error.”

Meanwhile in Wyoming, SFGate reports that “an SUV with five people inside plunged about 9 feet deep into a 105-degree geyser at Yellowstone National Park after it ‘inadvertently drove off the roadway’ last Thursday, National Park Service officials said.”

Google maps is never wrong

By UnknowingFool • Score: 3 Thread
They should have used Google Maps as they are never wrong. Just remember to bring fire.

That’s why we can’t have flying cars.

By mmell • Score: 3 Thread
(although it would - briefly - be hilarious)

and people are worried about self-driving cars

By v1 • Score: 5, Insightful Thread

The media never reports on cars that don’t do anything interesting - we only hear about it when it’s unusual. So you can’t rely on the media to get an accurate idea of how things are going, they only report the extremes.

The only reason the public is concerned about the safety of self-driving cars is that’s the only time the media reports on them is when they have a problem. But right here we can see that people also have some pretty extreme driving problems too. (and probably more than self-driving cars)


By backslashdot • Score: 4, Funny Thread

This is why we need to not use GPS, or any type of computer. I only use a computer cause I’m addicted, it’s not my fault. I’m not responsible.

Same situation

By gnasher719 • Score: 3 Thread
I ran into the same situation at the Herrenchiemsee, South Germany. Nice lake with an astonishing castle in the middle. There is a road that leads straight into the lake; you would only use it to go on a ferry. We arrived there at daytime. GPS wanted us to drive straight into the lake the water, which would have been obviously stupid, so I turned around to a car park 200m away.

If you arrived there in the dark I wouldn’t be surprised if someone drove in the lake. It was a pretty good trap. An intelligent person, with no sign that the road ends there, could easily end up there.

After 12 Years, Mars Rover Curiosity Makes ‘Most Unusual Find to Date’

Posted by EditorDavid View on SlashDot Skip
12 years on Mars — and NASA’s Curiosity rover “has made its most unusual find to date,” reports CNN — rocks made of pure sulfur.

“And it all began when the 1-ton rover happened to drive over a rock and crack it open, revealing yellowish-green crystals never spotted before on the red planet.”
“I think it’s the strangest find of the whole mission and the most unexpected,” said Ashwin Vasavada, Curiosity project scientist at NASA’s Jet Propulsion Laboratory in Pasadena, California. “I have to say, there’s a lot of luck involved here. Not every rock has something interesting inside....” White stones had been visible in the distance, and the mission scientists wanted a closer look. The rover drivers at JPL, who send instructions to Curiosity, did a 90-degree turn to put the robotic explorer in the right position for its cameras to capture a mosaic of the surrounding landscape. On the morning of May 30, Vasavada and his team looked at Curiosity’s mosaic and saw a crushed rock lying amid the rover’s wheel tracks. A closer picture of the rock made clear the “mind-blowing” find, he said…

“No one had pure sulfur on their bingo card,” Vasavada said…

Members of the team were stunned twice — once when they saw the “gorgeous texture and color inside” the rock and then when they used Curiosity’s instruments to analyze the rock and received data indicating it was pure sulfur, Vasavada said.
Vasavada also was grateful for the original landing site where Curiosity began methodically exploring back in 2012.

“I’m glad we chose something that was 12 years’ worth of science.”

Entrance to hell found

By TheNameOfNick • Score: 3 Thread

Send Doomguy.

Found them 2x in one week

By chuckugly • Score: 3 Thread

The amazing thing is that Curiosity found the same rocks again.

12 years and still driving

By quonset • Score: 4, Interesting Thread

The original mission was two years, then extended. The designers figured the wheel drive motors would fail at about five or six years. The power source was only supposed to last one Martian year, 687 days.

Here we are at 12 years and Curiosity is still kicking up a storm (figuratively speaking). Either someone’s calculations were off by a significant margin, or they overengineered Curiosity to the point of absurdity.


By newcastlejon • Score: 3 Thread

Here follows a proclamation from K’Breel, Emperor of Mars, Steward of the Holy Red Sands and Puissant Father to the Multitude.
Citizens, attend!

Loyal subjects, it has come to our attention that the robotic servants of our hated mammalian neighbours from the third planet have once again desecrated our beloved Mother Mars. Worry not as their punishment will exceed their insult tenfold!

It has been reported that samples of the Holy Secretions of the legendary All-Mother have at last been discovered, albeit with the appendages of our hated enemy. However, following consultations with the remnants of Her Holy Fellowship of Caretakers, We are pleased to report that the taint of the stinking bipeds of Earth cannot be transmitted by their robotic metal servants. Those who would dare doubt the representatives of Her Holy Fellowship or cast aspersions on their venerable [*UNTRANSLATED*] will find themselves more agreeable after they are gelded.

We are currently planning a planet-wide expedition to recover such fossilised fragments of Her Holy Secretions as may still remain on the surface. Out of respect and adoration for the Blessed All-Mother, candidates for this vital quest will be determined by the game commonly referred to as “Rock, [*UNTRANSLATED*], Blade, Crawler, [*UNTRANSLATED, POSSIBLY PROPER NOUN*]". It is Our hope that this gesture will bring good fortune to the endeavour. Those whom the Fates deem unworthy in the games will be sent to the Arena for Our amusement and the entertainment of the masses.

It should not need to be stated that this mission is of vital importance to the continuation of the Race, for without the Holy Secretions no new members of the [*UNTRANSLATED*] caste can be spawned. A Mars without the superior caste is patently unthinkable! With their progeny we may finally replenish our warrior legions and raze the hated mammals’ cities to the ground!
All hail Mother Mars!

Those with questions may direct them to K’Breel, assistant speaker to the Council, who will be more than happy to direct such disloyal [*UNTRANSLATED, POSSIBLY INVECTIVE*] to the protein digesters.

K’Breel, Emperor of Mars, Steward of the Holy Red Sands, etc., etc.

Who Wrote the Code for Windows’ ‘Blue Screen of Death’?

Posted by EditorDavid View on SlashDot Skip
Who wrote the code for Windows’ notorious "Blue Screen of Death? It’s “been a source of some contention,” writes SFGate:
A Microsoft developer blog post from Raymond Chen in 2014 said that former Microsoft CEO Steve Ballmer wrote the text for the Ctrl+Alt+Del dialog in Windows 3.1. That very benign post led to countless stories from tech media claiming Ballmer was the inventor of the “Blue Screen of Death.” That, in turn, prompted a follow-up developer blog post from Chen titled "Steve Ballmer did not write the text for the blue screen of death....”

Chen then later tried to claim he was responsible for the “Blue Screen of Death,” saying he coded it into Windows 95. Problem is, it already existed in previous iterations of Windows, and 95 simply removed it. Chen added it back in, which he sort of cops to, saying: “And I’m the one who wrote it. Or at least modified it last.” No one challenged Chen’s 2014 self-attribution, until 2021, when former Microsoft developer Dave Plummer stepped in. According to Plummer, the “Blue Screen of Death” was actually the work of Microsoft developer John Vert, whom logs revealed to be the father of the modern Windows blue screen way back in version 3.1.
Plummer spoke directly with Vert, according to Vert, who’d remembered that he got the idea because there was already a blue screen with white text in both his machine at the time (a MIPS RISC box) and this text editor (SlickEdit)…

Why change this?

By cascadingstylesheet • Score: 3 Thread

/. summary:

Plummer spoke directly with Vert, according to Vert, who’d remembered that he got the idea because there was already a blue screen with white text in both his machine at the time (a MIPS RISC box) and this text editor (SlickEdit)…


According to Plummer (who spoke directly with Vert), the machine Vert used (a MIPS RISC box) and his favorite editor at the time (SlickEdit) both had white text on a blue screen and “using the same color led to a more consistent experience.”

“Summary” doesn’t usually mean “not even shorter, and also incomprehensible”.

Maybe “this text editor” was an auto correction of “his”?

Be that as it may…

By msauve • Score: 3 Thread
What we do know for sure is that it’s General Protection’s fault.

I don’t care ‘bout that

By kaoshin • Score: 4, Insightful Thread
The only ever good thing that was included with Windows was that Weezer song that came on the Windows 95 install CD. Although Fonzie didn’t actually jump over a shark in that one, Microsoft really went to crap after that. This article wasting brain cells over the attribution of the BSOD is metaphorical for Microsoft’s focus on the things that matter least.

Should Kids Still Learn to Code in the Age of AI?

Posted by EditorDavid View on SlashDot Skip
This week the Computer Science Teachers Association conference kicked off Tuesday in Las Vegas, writes long-time Slashdot reader theodp.

And the “TeachAI” education initiative teamed with the Computer Science Teachers Association to release three briefs “arguing that K-12 computer science education is more important than ever in an age of AI.”
From the press release: “As AI becomes increasingly present in the classroom, educators are understandably concerned about how it might disrupt the teaching of core CS skills like programming. With these briefs, TeachAI and CSTA hope to reinforce the idea that learning to program is the cornerstone of computational thinking and an important gateway to the problem-solving, critical thinking, and creative thinking skills necessary to thrive in today’s digitally driven world. The rise of AI only makes CS education more important.”

To help drive home the point to educators, the 39-page Guidance on the Future of Computer Science Education in an Age of AI (penned by five authors from nonprofits CSTA and includes a pretty grim comic entitled Learn to Program or Follow Commands. In the panel, two high school students who scoff at the idea of having to learn to code and instead use GenAI to create their Python apps wind up getting stuck in miserable warehouse jobs several years later as a result where they’re ordered about by an AI robot.
“The rise of AI only makes CS education more important,” according to the group’s press release, “with early research showing that people with a greater grasp of underlying computing concepts are able to use AI tools more effectively than those without.” A survey by the group also found that 80% of teachers “agree that core concepts in CS education should be updated to emphasize topics that better support learning about AI.”

But I’d be curious to hear what Slashdot’s readers think. Share your thoughts and opinions in the comments.

Should children still be taught to code in the age of AI?

Check your work

By drinkypoo • Score: 5, Insightful Thread

If you don’t know how to check work then you don’t know how to use AI for coding.

If you can’t check your own work, you can’t check AI’s work either.

Re:Kids never should have been told to code

By Mascot • Score: 5, Insightful Thread

I think what you’re saying is “not every kid needs to know how to program.” Would that be correct? Because it makes no sense for you to think people can’t both spend half an hour learning to change a tire (considering most new cars no longer come with a spare, I’d argue it no longer really qualifies as all that useful in daily life, but that’s another topic I suppose), and any number of other “basic life skills”, as well as something more time consuming like programming.

I do think kids should be taught *about* coding, even if not *to* code. I think it’s useful to have some general idea of how the software, that is now fundamental to all of modern society, is created. Exposing kids to that also allows the nerds in the group to discover an interest, which I think schools should really focus more on. People’s brains have different aptitudes and need to be exposed to a lot of variety to discover what appeals to them, so they can make informed choices for higher education or professions.

I would agree that coding is not a basic skill all should be forced to learn.

Yes and no, but AI doesn’t change the answer

By Tony Isaac • Score: 5, Insightful Thread

No, not every kid should learn to code, not a decade ago, not now. Learning to code is like learning to sing or paint. Kids should be exposed to it, but we should recognize that not everyone can sing well, paint well, or code well, regardless of how many classes you put them through. I’m a terrible painter, and I’ve taken quite a few art classes. It’s not my thing. But coding, that I can do. And further, I’ve learned to make art with my code.

Despite the hype, AI doesn’t change any of this. I use GitHub Copilot frequently. It’s an interesting and useful tool. It cuts my coding time significantly. But it’s nowhere near good enough to release me from the need to know how to code. For example, if I tell it to revise a function, it might duplicate it instead of revising it. Or it might insert the revised function inside the existing one, in such a way that it won’t even compile. I still get a lot of time savings, because I know how to fix what it breaks, because I know how to code.

kids should learn all sorts of things

By OrangeTide • Score: 5, Insightful Thread

Kids should have the broadest possible set of experience we can give them.

Re:Kids never should have been told to code

By JaredOfEuropa • Score: 5, Insightful Thread
Changing a flat used to be a fairly common occurrence, but between better tyres, mandatory inspections, and roads that are kept clean, I don’t think I’ve even seen anyone change a tyre in the past 30 years or so. Your kid’s changes of ever writing a line of code (if she knows how) are better than her having to change a tyre. Not saying that you shouldn’t teach her that, teach her everything you know!

Coding teaches how to break down a problem and translate it into an algorithm, and it teaches troubleshooting; an immensely useful skill in many endeavors. I think a bit of CS in high school is a good thing, teaching coding as well as other computer-related subjects. NOT with the goal of creating coders; the same way we teach children languages and arithmetic, without the ambition of turning out linguists and mathematicians. Teach the basics and hopefully spark an interest.

Turns out that many employers are shocked at the deplorable state of computer literacy amongst Gen Z employees. They grew up with tech but never had to seriously mess with it or troubleshoot anything… until they enter the workplace. Knowing a little bit about how computers work and how they fail is a useful skill for a technology-filled world, and coding teaches that skill like nothing else.

China Is Installing Renewables Equivalent to Five Large Nuclear Plants Per Week

Posted by EditorDavid View on SlashDot Skip
The pace of China’s clean energy transition “is roughly the equivalent of installing five large-scale nuclear power plants worth of renewables every week,” according to a report from Australia’s national public broadcaster ABC (shared by long-time Slashdot reader AmiMoJo):
A report by Sydney-based think tank Climate Energy Finance (CEF) said China was installing renewables so rapidly it would meet its end-of-2030 target by the end of this month — or 6.5 years early.

It’s installing at least 10 gigawatts of wind and solar generation capacity every fortnight…

China accounts for about a third of the world’s greenhouse gas emissions. A recent drop in emissions (the first since relaxing COVID-19 restrictions), combined with the decarbonisation of the power grid, may mean the country’s emissions have peaked. “With the power sector going green, emissions are set to plateau and then progressively fall towards 2030 and beyond,” CEF China energy policy analyst Xuyang Dong said… [In China] the world’s largest solar and wind farms are being built on the western edge of the country and connected to the east via the world’s longest high-voltage transmission lines…

Somewhat counterintuitively, China has built dozens of coal-fired power stations alongside its renewable energy zones, to maintain the pace of its clean energy transition. China was responsible for 95 per cent of the world’s new coal power construction activity last year. The new plants are partly needed to meet demand for electricity, which has gone up as more energy-hungry sectors of the economy, like transport, are electrified. The coal-fired plants are also being used, like the batteries and pumped hydro, to provide a stable supply of power down the transmission lines from renewable energy zones, balancing out the intermittent solar and wind.

Despite these new coal plants, coal’s share of total electricity generation in the country is falling. The China Energy Council estimated renewables generation would overtake coal by the end of this year.
CEF director Tim Buckley tells the site that China installed just 1GW of nuclear power last year — compared to 300GW of solar and wind. “They had grand plans for nuclear to be massive but they’re behind on nuclear by a decade and five years ahead of schedule on solar and wind.” Last year China accounted for 16% of the world’s nuclear-generated power — but also more than half the world’s coal-fired power generation, according to this year’s analysis from the long-running International Energy Agency. The IEA estimated that in 2023, China’s electricity demand rose by 6.4%, and they’re predicting that by 2026 the country will see an increase “more than half of the EU’s current annual electricity consumption.”

And yet in China “the rapid expansion of renewable energy sources is expected to meet all additional electricity demand…” according to the IEA analysis. “Coal-fired generation in China is currently on course to experience a slow structural decline, driven by the strong expansion of renewables and growing nuclear generation, as well as moderating economic growth.”

There’s also some interesting stats on the “CO2 intensity” of power generation around the world. “The EU is expected to record the highest rate of progress in reducing emissions intensity, averaging an improvement of 13% per year. This is followed by China, with annual improvements forecast at 6%, and the United States at 5%.”

Long-time Slashdot reader Uncle_Meataxe shares a related article from Electrek

Part of the story

By sonlas • Score: 5, Interesting Thread

China also added 37 nuclear reactors in the last decade. With 250 in operation planned for 2035.

The global picture here is that a huge share of renewables is good, but needs to be complemented with a stable supply of electricity: ideally hydro, then preferably nuclear, and in last resort gas/coal.

This is also exactly what we are seeing happening in Germany, with the share of coal/gas somewhat steady at 25-30%.

TL;DR: a working electricity mix is a diversified mix (with solar/wind/hydro/nuclear being the best one to decarbonize an electricity grid).

Re:Part of the story

By Eunomion • Score: 4, Interesting Thread
Nuclear does have absurd externalities. One, the entire supply and waste chain has to be security-hardened to some degree, and nothing else has that problem. Two, its costs continue decades to centuries after its benefits have been expended. While you can hand-wavily claim that the rare metals in solar panels technically have a continuing environmental cost, it’s obviously not the same ballpark.

The reason I make a point of this is that nuclear is a greenwashing locus, for the political segment that sees the writing on the wall but doesn’t want to give up the kind of centralized control that fossil fuels allow. It’s not the most important thing to criticize, but it’s worthwhile to call out lobbyist sleight-of-hand.

Re: It’s easy when you’re a psuedo-dictatorship.

By echo123 • Score: 5, Informative Thread

And then, the USA will be installing every week coal plants equivalent to ten nuclear reactors. YAY!

“I promise my administration is putting an end to the war on coal. We’re gonna have clean coal, really clean coal.” ~former US President, and 34x convicted felon Donald Trump, (with almost 60 more indictments still on the docket).

Re:Oil lobby

By Samare • Score: 5, Informative Thread

“Unlike the US, Europe is close to fully dependent on fossil fuels imported from unstable regions and countries, making it more vulnerable to geopolitical shocks. The war in Ukraine, and subsequent energy crisis, was a wake-up call. In response – seeing that electrification and renewable energy are the best ways to reduce energy dependence, and also that nations with more renewables have been able to reduce the high price of electricity – EU countries decided to accelerate the energy transition.” https://www.wemeanbusinesscoal…

“Tofu dregs”?

By jenningsthecat • Score: 4, Interesting Thread

I sincerely hope that all of this electrical capacity is built to far better standards than the buildings, bridges, roads, and other civil infrastructure in their cities. Everything I’ve read and seen strongly suggests that Chinese construction is rife with corruption, and taking disastrous and sometimes lethal shortcuts is the rule rather than the exception. I’ve seen a lot of video of buildings and bridges falling apart and down, wet and dry fire fighting risers not working, etc.

Is a lot of that anti-Chinese propaganda? Quite possibly. But is it being faked? I don’t think so - a lot of it is cell-phone footage with audio that I don’t think even the best of today’s “AI” could produce. So I’m very wary regarding the construction standards of these new power installations - especially so given the rapid pace of construction.

Former Anonymous Spokesperson’s Memoir Called ‘Deranged, Hyperbolic, and True’

Posted by EditorDavid View on SlashDot Skip
Slashdot covered Barrett Brown back in 2011 and 2012. The New York Times calls him “an activist associated with the hacker group Anonymous, and a political prisoner recently denied asylum in Britain, all of which sounds a bit dreary until we hear tell of it through Brown’s unhinged self-regard.”

They’re reviewing Brown’s “extraordinary” new memoir, My Glorious Defeats: Hacktivist, Narcissist, Anonymous," a book they call “deranged, hyperbolic, and true.”
A “machine” that focuses attention on little-known social issues, Anonymous has gone after the Church of Scientology, Koch Industries, websites hosting child pornography and the Westboro Baptist Church. The public tends to be confused by nebulous digital activities, so it was, in the collective’s heyday, helpful to have Brown act as a translator between the hackers and mainstream journalists. “The year 2011 ended as it began,” he writes, “with a sophisticated hack on a state-affiliated corporation that ostensibly dealt in straightforward security and analysis while secretly engaging in black ops campaigns against activists who’d proven troublesome to powerful clients.”

This particular corporation was Stratfor, a company that spied on activists for the government… Brown waited for the feds to come back and drag him to jail. He also says he tried to get off suboxone in order to avoid the painful possibility of prison withdrawal, and stopped taking Paxil, inducing a manic state, all of which is given as explanation for his regrettable next move, which was to set up a camera and start talking. The feds had threatened his mother, he told the internet, and in response he was threatening Robert Smith, the lead agent on his case. He found himself in custody the same night.

Brown was then subjected to the kind of nonsense the Department of Justice is prone to inflicting on those involved in shadowy internet activities that, in fact, almost no one in the legal process understands. He was charged with participating in the hack of Stratfor, though he was not really involved and cannot code, and although the whole thing was organized by an F.B.I. informant. Brown had also retweeted a Fox News host’s call to murder Julian Assange; the prosecution presented this as if he were himself calling for the murder of Assange. But generally, Brown’s primary victim is himself. “My thirst for glory and hatred for the state,” he writes, “were incompatible with an orthodox criminal defense, in which the limiting of one’s sentence is the sole objective.”

In his cell, with an eraser-less pencil he needs a compliant guard to repeatedly sharpen, he writes “The Barrett Brown Review of Arts and Letters and Jail.” His mother types it up; The Intercept publishes. He develops the character he will play in his memoir: a self-aware narcissist and addict. He wins a National Magazine Award, and is especially pleased that his column “Please Stop Sending Me Jonathan Franzen Novels,” wins while Franzen is in attendance.
“The state is an afterthought here — a litany of absurdist horrors too stupid to appall…” the review concludes.

“We’re left with a man who refuses to look away from the deep structure of the world, an unstable position from which there is no sanctuary. My Glorious Defeats is deranged, hyperbolic and as true a work as I have read in a very long time.”

https://arstechnica.coAnonymous never impressed me

By Rosco P. Coltrane • Score: 4, Interesting Thread

They are (or were - people grow older and wiser usually) for the most part a bunch of script kiddies with a delusion of grandeur, announcing major “operations” against whichever enemies du jour and ending up merely defacing their websites.

Case in point: in 2011, they announced Operation Cartel in which they declared their intention to “go to war” with the notoriously ultra-violent Mexican Zetas cartel.

The Zetas lost no time, and in an unprecendented act of kindness - for them anyway - reminded Anonymous that shit can get real real fast by kidapping an anonymous member and threatening to kill a lot more of them if the nonsense didn’t stop. So Anonymous quickly stopped the nonsense.

Incidentally, after the kidnapped Anonymous member got released by the Zetas (truly out of character for them to let someone live, this guy was the luckiest guy in Mexico that day…), Barrett Brown doubled-down on the stupid and announced that OpCartel was still on.

The prompt cancellation of the “war” when stuff got a little hot wasn’t a glorious moment for Anonymous, but saying “Hey wait! The war is back on!” hours after the release of the dude was even more lame. So lame in fact that the Zetas plain lost interest at that point, because they knew the Anonymous members with half a brain - not Barrett Brown obviously - got the message loud and clear.

So yeah… Crazy mofo spokesman for a bunch of lame internet SJWs…

little known social issues

By phantomfive • Score: 3 Thread

A “machine” that focuses attention on little-known social issues, Anonymous has gone after the Church of Scientology, Koch Industries, websites hosting child pornography and the Westboro Baptist Church

Were those little known social issues?

CNN Investigates ‘Airbnb’s Hidden Camera Problem’

Posted by EditorDavid View on SlashDot Skip
2017 Slashdot headline: "People Keep Finding Hidden Cameras in Their Airbnbs.”

Nearly seven years later, CNN launched their own investigation of "Airbnb’s hidden camera problem".
CNN: “Across North America, police have seized thousands of images from hidden cameras at Airbnb rentals, including people’s most intimate moments… It’s more than just a few reported cases. And Airbnb knows it’s a problem. In this deposition reviewed by CNN, an Airbnb rep said 35,000 customer support tickets about security cameras or recording devices had been documented over a decade. [The deposition estimates “about” 35,000 tickets “within the scope of the security camera and recording devices policy.”]

Airbnb told CNN a single complaint can involve multiple tickets.
CNN actually obtained the audio recording of an Airbnb host in Maine admitting to police that he’d photographed a couple having sex using a camera hidden in a clock — and also photographed other couples. And one Airbnb guest told CNN he’d only learned he’d been recorded “because police called him, months later, after another guest found the camera” — with police discovering cameras in every single room in the house, concealed inside smoke detectors. “Part of the challenge is that the technology has gotten so advanced, with these cameras so small that you can’t even see them,” CNN says.

But even though recording someone without consent is illegal in every state, CNN also found that in this case and others, Airbnb “does not contact law enforcement once hidden cameras are discovered — even if children are involved.” Their reporter argues that Airbnb “not only fails to protect its guests — it works to keep complaints out of the courts and away from the public.”

They spoke to two Florida attorneys who said trying to sue Airbnb if something goes wrong is extremely difficult — since its Terms of Service require users to assume every risk themselves. “The person going to rent the property agrees that if something happens while they’re staying at this accommodation, they’re actually prohibited from suing Airbnb,” says one of the attorneys. “They must go a different route, which is a binding arbitration.” (When CNN asked if this was about controlling publicity, the two lawyers answered “absolutely” and “100%".) And when claims are settled, CNN adds, “Airbnb has required guests to sign confidentiality agreements — which CNN obtained — that keep some details of legal cases private.”

Responding to the story, Airbnb seemed to acknowledge guests have been secretly recorded by hosts, by calling such occurrences “exceptionally rare… When we do receive an allegation, we take appropriate, swift action, which can include removing hosts and listings that violate the policy.

“Airbnb’s trust and safety policies lead the vacation rental industry…”

Re:Why would you sue Airbnb?!

By SeaFox • Score: 5, Interesting Thread

Why would you sue the company? Ah, to get money, yes, of course…

I think part of the problem is these platforms have become too involved in the whole process. The lines between “listing platform” and “provider” have gotten blurred to the point people are mistaken about what AirBNB really is.

Think of the old days when folks used to shop for a used car from the classified in the local paper. The info’s written by the seller, you call them directly on the phone (or email them), you arrange to see it, get a check up, etc. You’re dealing with the person. If you got a car from one of those ads no one in their right mind would try to sue the newspaper if it turned out to be a lemon. That’s between you and the seller. Or even Craigslist. If I found a “room to rent” from there am I going to hold CL accountable for what’s at the home? No. But when you’re on AirBNB you’re seeing all these listing together in uniform presentation, pricing and terms laid out, you’re paying through the app, you make reviews on the app, and raise concerns of the app for their staff. You start to get a notion that AirBNB is vetting these people in some way, and is putting their personal seal-of-approval on them for showing their listings. It’s not some random Joe Schmo’s place you’re renting. You’re “getting an AirBNB” — so yeah, this is AirBNB’s thing to be responsible for. That’s how they think.

If AirBNB wasn’t involved in the processing of payment at all, and you were having to hand cash over to the actual host, I think people would be approaching this whole system differently.

Re:Why would you sue Airbnb?!

By Kernel Kurtz • Score: 5, Insightful Thread

If you’re genuinely outraged by illegal activity, then it is the perp, who should be prosecuted — criminally.

Yes. And if Airbnb is aware of criminal activity they should report it to the appropriate authorities. Sure sounds like they are protecting the makers of kiddie porn to protect their reputation.

If this is the case they should die in a fire.

Re:Why would you sue Airbnb?!

By evil_aaronm • Score: 5, Insightful Thread
If Airbnb is somehow covering up illegal acts - particularly child pornography - shouldn’t they be held accountable? At the very least, if they’re not reporting the child pornography, they’re liable.

Do their lawyers know about this?

By AlanObject • Score: 4, Insightful Thread

Airbnb “does not contact law enforcement once hidden cameras are discovered — even if children are involved.” Their reporter argues that Airbnb “not only fails to protect its guests — it works to keep complaints out of the courts and away from the public.”

Just how would this not be considered accessory after the fact?

If a victim reported an incident like this to law enforcement, if they did not pursue it I would suspect they had been bribed.

Re:I’d feel better if it were some other three let

By tlhIngan • Score: 5, Insightful Thread

Therein lies the problem. Most of the time, it is the journalists who are the first to know about a problem, and they’re the ones to be first to make it public,

Once it’s public, its only the anger of the crowd that gets the government to actually start “doing something”.

It’s why the constitution makes full note of “the press” because they are the invisible fourth branch of government whose purpose is to keep the other 3 in check.

And it’s there because the press shouldn’t be an arm of the government - it needs to be an independent branch.

You may not like CNN - there are very many good reasons to dislike them - but this is their purpose to bring awareness of the issue to the public. Only once awareness happens can the public get rightfully angry and demand action.

Otherwise you might get action from individual states but not always.

Does the Crowdstrike Outage Prove the Dangers of a Cashless Society?

Posted by EditorDavid View on SlashDot Skip
“If there is no alternative, then the whole thing can collapse around you,” says Ron Delnevo. He’s the chair of The Payment Choice Alliance, “which campaigns against the move towards a cashless society.”

He’s part of those arguing “the chaos caused by the global IT outage last week underlines the risk of moving towards a cashless society,” writes the Observer:
Authorities in China and the US have fined businesses for not accepting cash. Delnevo said the U.K. should have a law requiring all businesses to take cash. Martin Quinn, campaign director for the PCA, said using cash allowed for anonymity. “I don’t want my data sold on, and I don’t want banks, credit card companies and even online retailers to know every facet of my life,” he said. Budgeting by using cash is also easier for some, he added.
The article includes some interesting statistics from a U.K. bank trade association. “The number of people who never use cash, or use it less than once a month, reached 23.1 million in 2021, but declined to 21.6m last year.”
The GMB [general trade] Union said the outage reinforced what it had been saying for years: that “cash is a vital part of how our communities operate”. “When you take cash out of the system, people have nothing to fall back on, impacting on how they do the everyday basics.”


By PPH • Score: 5, Insightful Thread

Not really

By Burdell • Score: 5, Informative Thread

Lots of modern stores are dependent on the computer systems for more than just taking payments. Items don’t have price tags, there’s no price sheet (big-box stores couldn’t reasonably have such anyway), so if there’s an issue with the point-of-sale systems, they just close the store.

Re:Not really

By jenningsthecat • Score: 5, Insightful Thread

Maybe not just a monoculture, but a culture of complacency towards those who supply the software. Perhaps that is a result of pushing everything to the cloud, where you have no choice but to trust the provider.

I’d say that the cloud has amplified and entrenched a complacency which has existed since business started to use Windows in large-scale enterprises. At some point the “everybody else is doing it” factor, along with the cost of changing OS, reached critical mass.

Where I worked 20 years ago, it would have been unthinkable to automatically push updates for Windows and other software to critical systems, or even workstations.

My first thought when I heard about the CrowdStrike debacle was along similar lines. I wondered “How could this happen to any company with an inkling of a clue?” I would think that they’d line up the update to be pushed, then push it to a small local test network before the official update and confirm correct functioning. Then, using the same servers and files, start pushing it to customers.

It seems to me that it would have been very easy and laughably cheap to prevent this disaster with a tiny bit of common sense.

Re:Cash is king

By backslashdot • Score: 5, Informative Thread

I get it’s better to tip in cash, but we need to move away froma tip-based society ASAP. A society that relies on tipped workers faces several disadvantages and negative effects, both for the workers and the broader society. These include:

Income Instability:

Unpredictable Earnings: Tipped workers often face significant income variability, depending on customer generosity, shift timing, and economic conditions.
Financial Insecurity: This unpredictability can lead to financial insecurity, making it difficult for workers to budget, save, and plan for the future.
Low Base Wages:

Subminimum Wage: In many places, tipped workers are paid below the standard minimum wage, relying on tips to make up the difference. If tips are insufficient, their total income can fall below a livable wage.
Wage Theft: Employers may engage in wage theft by failing to properly account for tips or not ensuring workers receive the legal minimum wage when tips are low.
Dependence on Customer Satisfaction:

Pressure to Please: Workers may feel compelled to tolerate inappropriate behavior or harassment from customers to secure tips, as their income depends on customer satisfaction.
Emotional Labor: The need to maintain a pleasant demeanor and cater to customers’ needs, regardless of personal feelings or treatment, can be emotionally taxing.
Inequity and Discrimination:

Bias and Discrimination: Tips can be influenced by customers’ biases, leading to disparities based on race, gender, appearance, and other factors. Studies show that minority workers often receive lower tips than their white counterparts.
Favoritism: Employers may give more favorable shifts or tables to employees they believe will generate higher tips, creating inequality among workers.
Lack of Benefits and Protections:

Limited Access to Benefits: Tipped workers often do not receive benefits such as health insurance, paid leave, or retirement plans, exacerbating their financial and health vulnerabilities.
Legal Vulnerabilities: They may also be less likely to report workplace issues, such as harassment or unsafe conditions, fearing retaliation or loss of income.
Economic Inefficiency:

Consumer Burden: Tipping shifts the responsibility for ensuring fair wages from employers to consumers, who may feel pressured to subsidize workers’ incomes.
Business Practices: Employers might underinvest in worker training and development, relying on tips to incentivize good service rather than creating robust management and operational practices.
Social and Cultural Implications:

Cultural Norms: The expectation of tipping can create social pressure and awkwardness, with varying norms and expectations leading to confusion for customers, especially tourists or individuals from non-tipping cultures.
Devaluation of Service Work: The practice of tipping can contribute to the undervaluation of service work, perpetuating the notion that these jobs are less worthy of fair, stable wages.
These disadvantages highlight the complexities and challenges faced by societies that rely heavily on tipping as a compensation model for service workers. Addressing these issues often involves policy changes, such as raising the minimum wage for tipped workers and ensuring they have access to essential benefits and protections.

Re:This is naive, cash does not scale

By Beeftopia • Score: 5, Insightful Thread

You think want a cash based society, but you really, really don’t.

A cash-based society keeps a cashless society honest.

I mean that if excesses start to occur in the cashless society, with extravagant fees, excessive downtime, excessive permission limitations - people can switch to cash. The cash-based society acts as a brake on those problems.

In SolarWinds Case, US Judge Rejects SEC Oversight of Cybersecurity Controls

Posted by EditorDavid View on SlashDot Skip
SolarWinds still faces some legal action over its infamous 2020 breach, reports But a U.S. federal judge has dismissed most of the claims from America’s Securities and Exchange Commission, which “alleged the company defrauded investors because it deliberately hid knowledge of cyber vulnerabilities in its systems ahead of a major security breach discovered in 2020.”

Slashdot reader krakman shares this report from the Washington Post:
“The SEC’s rationale, under which the statute must be construed to broadly cover all systems public companies use to safeguard their valuable assets, would have sweeping ramifications,” [judge] Engelmayer wrote in a 107-page decision. “It could empower the agency to regulate background checks used in hiring nighttime security guards, the selection of padlocks for storage sheds, safety measures at water parks on whose reliability the asset of customer goodwill depended, and the lengths and configurations of passwords required to access company computers,” he wrote. The federal judge also dismissed SEC claims that SolarWinds’ disclosures after it learned its customers had been affected improperly covered up the gravity of the breach…

In an era when deeply damaging hacking campaigns have become commonplace, the suit alarmed business leaders, some security executives and even former government officials, as expressed in friend-of-the-court briefs asking that it be thrown out. They argued that adding liability for misstatements would discourage hacking victims from sharing what they know with customers, investors and safety authorities. Austin-based SolarWinds said it was pleased that the judge “largely granted our motion to dismiss the SEC’s claims,” adding in a statement that it was “grateful for the support we have received thus far across the industry, from our customers, from cybersecurity professionals, and from veteran government officials who echoed our concerns.”
The article notes that as far back as 2018, “an engineer warned in an internal presentation that a hacker could use the company’s virtual private network from an unauthorized device and upload malicious code. Brown did not pass that information along to top executives, the judge wrote, and hackers later used that exact technique.”
Engelmayer did not dismiss the case entirely, allowing the SEC to try to show that SolarWinds and top security executive Timothy Brown committed securities fraud by not warning in a public “security statement” before the hack that it knew it was highly vulnerable to attacks.

The SEC “plausibly alleges that SolarWinds and Brown made sustained public misrepresentations, indeed many amounting to flat falsehoods, in the Security Statement about the adequacy of its access controls,” Engelmayer wrote. “Given the centrality of cybersecurity to SolarWinds’ business model as a company pitching sophisticated software products to customers for whom computer security was paramount, these misrepresentations were undeniably material.”

SolarWinds Orion == CrowdStrike Falcon :== Crapwar

By JakFrost • Score: 5, Informative Thread

In the organization that I still currently work at, we use both sets of products and they are a complete and utter disaster when it comes to patches, updates, and security vulnerabilities. We have constant problems with these two products. You might as well throw in Carbon Black antivirus in there as the shitty trio of products.

I do development and integration work for thise platforms and it is a complete shit show. You should see the crap with self-signed certificates even to this date being pushed on every patch update for the SolarWinds Orion platform that overrides the default https kernel based service offload bound certificates under Microsoft Windows.

In addition, high availability and redundancy features hardly ever work and whenever you try to do an update using the vendors provided update tools, it has a tendency of screwing up halfway through and then you have to manually update the polling engines to get everything updated the same. Can’t trust the vendors tools.

Also, the solar winds middleware is completely crab because it keeps locking up the database with all these database locks and when they fix one set of problems they create another set of problems. Like multiple edits on nodes fails most of the time they fix the problem and then it shows up 6 months later after they change something else in their middleware. Their database is at least nicely organized, but there’s a bunch of non-normalized fields in there, especially when it comes to the alert table and that f**** everybody up after a node is renamed.

CrowdStrike Falcon Sensor Crap

The CrowdStrike Falcon Sensor CSagent.sys that loads itself into kernel mode is a piece of crap along with all the other hundreds of system service files in the same folder that get loaded up and they are tiny. None of them are digitally signed and none of them have a file info footer on them so you have no clue what the hell they are. They look like virus droppers and act the same way because they all look very inappropriate.

Yeah, the Securities and Exchange Commission should go after both of these companies and their executives along with everybody down the line. Even to the low-level developers should be dragged in front of Congress, and made to answer some really tough questions. Under the penalty of perjury.

Somebody technical should be sitting there on the goddamn bench as an advisor or an expert witness and call these guys out because it’ll be full of perjuries so they could get sanctioned and put in jail for the craft they’re about answer for.

Rebuilding Servers

We had to rebuild our entire solar winds Orion environment including all the web servers and the polling engines of which we have dozens after they got hacked because we could not trust any of the software that we had. And that took a long time because we couldn’t get a clean version from the vendor that we could trust .

This is our Chief monitoring solution for our multi-operating system and multi-Device and network device monitoring and we were out of commission for quite a while to get everything rebuilt.

Fixing Servers After CSagent.sys But checks

And I just spent 12 hours straight at my keyboard working. Getting all of the Windows servers in our environment fixed and online after the crowdstrike Falcon sensor channel system update screwed us and cost the water service to start going down right around midnight. And we were up till about noon the next day and after that we had to take an account of how wide the outage was to our organization which is a major player here in the region that I live.

VMware Lucky

As much as I hate broadcom and what’s happened to VMware getting separated from Dell which has also started to suck with all their layoffs and brain drain they had in the last half a decade .

We were very lucky that our environment was running on a VMware vsphere environment and I was able to write a complicated script in Powershell using the VMware PowerCLI and Microsoft’s storage modules to automatically pull in the vmdk files to utility VM servers and be able to rename the damaged crowdstrike Falcon sensor channel files. C-291 and then get the servers back up and running quickly.

At least now I have a script that I can use to get our virtual environment back on track the next time this happens or the next time servers become unbootable .

Without the script our old 2008 servers would have been a little screwed because they do not have an automatic option to boot into recovery mode with command prompt. And we still have a few dozen of those that we need to migrate off from, but the script saved our ass.

Expect more of this

By gtall • Score: 3, Insightful Thread

This judgement is the result of the Supreme Court declaring judges are better able to interpret rules than the Fed. Agencies. And the judges are not going to give up this power willingly, no matter how badly they screw up.

A recent supreme Court ruling

By rsilvergun • Score: 3, Insightful Thread
Basically just legalized pump and dumb schemes. A YouTuber named Patrick Boyle has a good video on it. The supreme Court has effectively ruled that unless you can directly tie your financial loss to the person defrauding you as in they sold you the worthless stock then it’s not a pump and dumb scheme and it’s perfectly legal.

The case will be appealed but God only knows what this insane supreme Court is going to do to it.

Now I know a bunch of the right wingers around here are thinking why should I care because I’m a smart investor and I won’t fall for pump and dump. But ignoring the fact that age-related cognitive decline can strike any of us these kind of schemes being legalized means less intelligent investors are going to lose huge amounts of money which will negatively impact the economy. Your economy.

Like it or not it is absolutely crucial that we reign in this absolutely bat shit insane court and that means this November Donald Trump cannot be allowed to put more people on it. I don’t know what anyone here on this forum thinks they get in exchange for voting for Trump but whatever it is it’s not going to be worth the economic collapse that’s coming. To say nothing of the $300 to $500 a month he’s going to raise your taxes.

Elections have consequences and insane courts continuously allowing large companies and wealthy individuals to defraud people is one of them. And even if you’re smart enough to avoid getting defrauded you still have to live in the same country as all those people who are getting ripped off and they’re going to cause problems for you

Persian Gulf Experiences Record (and Life-Threatening) Heat Index

Posted by EditorDavid View on SlashDot Skip
Parts of the Persian Gulf “have seen the heat index, or how it feels when factoring in the humidity, reach 140 to 150 degrees Fahrenheit (60 to 65 Celsius),” reports the Washington Post, “fueled by an intense heat dome, the warmest water temperatures in the world and the influence of human-caused climate change.”
Temperatures at the Persian Gulf International Airport in Asaluyeh, Iran, climbed to 108 (42 C) on Wednesday and 106 (41 C) on Thursday, with both days recording a peak heat index of 149 (65 C). In Dubai, the temperature topped out at 113 (45 C) on Tuesday and the heat index soared to 144 (62 C). Other extreme heat indexes in recent days include 141 (61 C) in Abu Dhabi and 136 (58 C) at Khasab Air Base in Oman.

Last August, this same region experienced even more extreme heat indexes, climbing as high as 158 degrees (70 C).

The maximum air temperatures this week — generally between 105 and 115 (41 and 46 C) — have only been somewhat above normal. But the dew points — which are a measure of humidity — have been excessive, climbing well into the 80s (27 to 32 C). In the United States, any dew point over 70 degrees (21 C) is considered uncomfortably humid. It’s the very high dew points that have propelled heat indexes up to 30 degrees (16 C) above actual air temperatures. The extreme humidity levels are tied to bathtub-like water temperatures in the Persian Gulf, the warmest in the world. According to National Oceanic and Atmospheric Administration data, sea surface temperatures are as warm as 95 degrees (35 C).

Largely because of the high humidity, nighttime minimum temperatures have also remained exceptionally warm, in many cases staying above 85 (29 C). Temperatures in Iranshar, Iran, only dropped to 97 (36 C) on Wednesday night, its hottest July night on record.
"Researchers have identified the Persian Gulf among the regions most likely to regularly exceed life-threatening heat thresholds during the next 30 to 50 years,” the article adds. And it also cites new heat records reported for the region by weather historian Maximiliano Herrera. “The United Arab Emirates saw a scorching high temperature of 123 while Adrar, Algeria, tied its record of 122 (50 C). Cities in both Kuwait and Iraq reached 126 (52 C), and Al Ahsa, Saudi Arabia, notched a record of 124 (51 C)…

“The same heat dome that’s in the Persian Gulf region has spread record heat northward into Eastern Europe, westward into northern Africa, and eastward into India, Pakistan and Indonesia. In Eastern Europe, high temperatures surpassed 104 (40 C), with some locations staying above 85 degrees (29 C) at night.”

The consequences of our own actions!

By locater16 • Score: 5, Insightful Thread
It’s a good thing that those who disproportionately benefit from these actions can’t trivially escape their consequences while everyone else suffers.

Back home I’d just find a shady spot…

By drew_92123 • Score: 5, Interesting Thread

…and dig a shallow hole and lie in it when it was really hot(we were poor and didn’t have air conditioning).

I learned this little trick when I was a kid by watching rabbits do this.

I used to do this under a big tree in the back yard near the rabbit burrow during the summer when it was well over 100F in SoCal.

It works very well, in fact it worked so well that if I fell asleep for an hour or two I’d wake up cold kind of like falling asleep in the tub.

The best part was that the rabbits would come over and lick the sweat off of me… if you’ve never had a rabbit lick you you’re missing out.

Sounds about right

By RitchCraft • Score: 5, Informative Thread

I was stationed in southern Bahrain during Desert Shield/Storm back in ‘90-‘91 during my time in the Corps. During the day the temps would regularly get above 110F with uncomfortable but manageable humidity levels and at night no lower than 85F with damn near 95% humidity. It’s was brutal and miserable to say the least while living in a tent the entire time. I actually went water skiing in the Persian Gulf a few months after I got there and the water was very warm, much warmer than Lake Erie where I grew up, and Erie can reach as high as 82 during warm summers. Sounds to me like conditions have not changed all that much. Fun fact, the aircraft I worked on would get so hot during the day that we couldn’t work on them for fear of blistering our hands. We did most of our maintenance at night.

You must be an ostrich.

By mmell • Score: 4, Informative Thread
What’s happening now was predicted with exquisite accuracy clear back in the 1970’s. I was there. I remember.

Re: You must be an ostrich.

By q_e_t • Score: 4, Informative Thread…,

One of the first projections of future warming came from John Sawyer at the UK’s Met Office in 1973. In a paper published in Nature in 1973, he hypothesised that the world would warm 0.6C between 1969 and 2000, and that atmospheric CO2 would increase by 25%. Sawyer argued for a climate sensitivity – how much long-term warming will occur per doubling of atmospheric CO2 levels – of 2.4C, which is not too far off the best estimate of 3C used by the Intergovernmental Panel on Climate Change (IPCC) today.

Unlike the other projections examined in this article, Sawyer did not provide an estimated warming for each year, just an expected 2000 value. His warming estimate of 0.6C was nearly spot on – the observed warming over that period was between 0.51C and 0.56C. He overestimated the year 2000’s atmospheric CO2 concentrations, however, assuming that they would be 375-400ppm – compared to the actual value of 370ppm.

He only predicted it to 2000 (a convenient year) but note that the overall estimate of sensitivity was broadly correct. If he had been able to estimate CO2 levels in 2024 and had continued to have projected to that date, his estimates would have been close. Thus, the contention by the previous poster that this was predicted in the 1970s is pretty accurate.

Are There Gaps in Training for Secure Software Development?

Posted by EditorDavid View on SlashDot Skip
A new report “explores the current state of secure software development,” according to an announcement from the Linux Foundation, “and underscores the urgent need for formalized industry education and training programs,” noting that many developers “lack the essential knowledge and skills to effectively implement secure software development.”

The report analyzes a survey of nearly 400 software development professionals performed by and the Open Source Security Foundation (OpenSSF) and Linux Foundation Research:
Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment — system operations, software developers, committers, and maintainers — self-report feeling unfamiliar with secure software development practices. This is of particular concern as they are the ones at the forefront of creating and maintaining the code that runs a company’s applications and systems.

“Time and again we’ve seen the exploitation of software vulnerabilities lead to catastrophic consequences, highlighting the critical need for developers at all levels to be armed with adequate knowledge and skills to write secure code,” said David A. Wheeler, director of open source supply chain security for the Linux Foundation. “Our research found that a key challenge is the lack of education in secure software development. Practitioners are unsure where to start and instead are learning as they go. It is clear that an industry-wide effort to bring secure development education to the forefront must be a priority.” OpenSSF offers a free course on developing secure software (LFD121) and encourages developers to start with this course.

Survey results indicate that the lack of security awareness is likely due to most current educational programs prioritizing functionality and efficiency while often neglecting essential security training. Additionally, most professionals (69%) rely on on-the-job experience as a main learning resource, yet it takes at least five years of such experience to achieve a minimum level of security familiarity.
“The top reason (44%) for not taking a course on secure software development is lack of knowledge about a good course on the topic,” according to the announcement — which includes this follow-up quote from Intel’s Christopher Robinson (co-chair of the OpenSSF Education SIG).

“Based on these findings, OpenSSF will create a new course on security architecture which will be available later this year which will help promote a ‘security by design’ approach to software developer education.”

The primary gap is in hiring.

By Narcocide • Score: 5, Insightful Thread

Sure, you have to understand the fundamentals and how to properly evaluate and configure solutions and mitigate risk, but the primary responsibility of an already competent security engineer is telling people “no.” Invariably, these are people who don’t understand technology or security even the tiniest bit and don’t care about it either, outrank you in the corporate hierarchy, and in general in business and in life aren’t used to getting told “no.” So, of course at the first opportunity to outsource the responsibility to a 3rd party that says “yes” to everything and claims they can 100% automate the task with no gatekeepers involved, they’re gonna lay off all those pesky argumentative nerds and jump right on the no-responsibilities-ever bandwagon. And that’s what leads to a situation like what happened yesterday.


By The Cat • Score: 4, Informative Thread

What training? There hasn’t been any “training” in the workplace for decades.

See yesterday’s headlines for an example.

Devil’s advocate — who pays for it?

By ctilsie242 • Score: 5, Interesting Thread

One of the things I’ve encountered when in the “real world”, is that people will tell developers, “security has no ROI”, or “the only one that profits from a lock is the lock maker”. To the point where at the standup meeting, someone delayed on a deliverable will be excoriated because they are “wasting time” on doing security “right” other than just doing the bare minimum.

This also shows with companies as well. If a security breach happens, it may hurt their stock, but it will be back where it was next quarter. For example, CrowdStrike may take a hit today, but if one looks how it is doing, YoY, it is doing quite well, even with the hit on Friday. This likely will just be a blip and things will be back to normal in a month, as contracts signed means that they will be getting revenue no matter how loud the outcry is, and by mid-August, this all will all but be forgotten about other than a year from now when it pops up in Facebook Memories.

For the most part, companies don’t care about security. Right now, not even features. They get their customers on a subscription, do next to nothing other than maintain the existing code base and do exponential price hikes, and they are Wall Street darlings.

The exceptions are relatively few. Government comes to mind, because they might actually demand an audit, or even yank an ATO (authority to operate). Hollywood is arguably the most secure, where if someone screws up even in the slightest with regard to rules spelled out by the MPA, that contractor will be tossed off the set immediately, no appeals, no wrist-slaps. A divulging of a movie ending can lose megabucks (or even worse, full res footage hitting torrents), so they actually take security seriously when it comes to film production. Other than those two, pretty much, if a company is big enough, they can provide lip service and get away with things without consequence.

Security is needed, and it is only a matter of time before a Warhol event happens that actually will get governments scrambling to actually pay attention to cyber security. Something like in the late 1990s/early 2000s, where viruses started destroying monitors and computers, and that made businesses actually take AV seriously, because they actually had skin in the game, rather than just paying a “consultant” company who is offshore the random + a fee, so ransomware actors get their money, as paying off ransomware is cheaper than a security focus.

Re: Devil’s advocate — who pays for it?

By djp2204 • Score: 4 Thread

Crowdstrike recently made a huge unforced error must likely due to a lack of QA. If anyone dies because they lost access to emergency services or healthcare was delayed, expect litigation that Crowdstrike would lose in court.

Not a good approach

By mukundajohnson • Score: 4, Insightful Thread

the critical need for developers at all levels to be armed with adequate knowledge and skills to write secure code

Firstly, many companies don’t see it as a critical need - see ctilsie242’s post. Given that many companies want to take advantage of your commitment to this trade for as little as money as possible, paying extra for security experts is a difficult decision. Exceptions apply.

Secondly, “teaching everyone” is not how you fix a problem. There are always going to be gaps. Teaching everyone sounds excessively tedious, up front and in the long run. Imagine a looming threat as a developer—especially a junior—because you need to constantly apply caution to not screw up.

What you need is competent developer leadership to make screwing up difficult. Personally I don’t think there are a lot of important rules for writing secure software, especially in modern languages and frameworks. Get yourself some experienced developers and:

1. Lay out some code guidelines to follow.
2. Code review as necessary.
3. Automated checks/tests - don’t skimp on these, especially if working in an uglier language. Figure out those static analyzers.

That said, see the first point. AT&T emailed me recently about me being affected by the recent breach, but do I care enough to start a fire? I’m part of the problem too.

If we are interested in increasing security for our country, we need to give companies a real reason. For example, in construction work, you have to follow building codes and have inspections/audits, especially to prevent fires. There are similar codes/controls for secure software, e.g., the FedRAMP/ATO program or SOC-2 audits, but many vendors don’t need to follow these to sell their product. I have seen many sketchy products being used in government systems.

Netflix is Axing Its Cheapest Ad-Free Plan in the US

Posted by EditorDavid View on SlashDot Skip
An anonymous reader shared this report from CNN:
Netflix will start phasing out its Basic plan, its cheapest advertising-free plan, which costs $11.99 per month in the United States, the company said on Thursday. The company had previously stopped accepting new sign-ups for the Basic plan, instead pushing customers to Netflix’s ad-supported plan, which costs $6.99 per month. However, existing users were allowed to keep the basic plan. In January, the company said it would retire its cheapest ad-free tier in Canada and the UK. On Thursday, the company said the US and France are next.

Basic users in the US who want an ad-free viewing experience on Netflix will now have two choices: Netflix’s Standard plan, which costs $15.49 per month, and its Premium plan, which costs $22.99 per month…

The company reported a record-high 277.65 million subscribers on its streaming platform Thursday, far outpacing streaming competitors like Disney+, Peacock and Max… Overall, Netflix added 8.05 million new subscribers in its second quarter. Netflix’s surge in new subscribers has been fueled in part by the company’s effort to push users who share passwords to create their own accounts.
The article adds that Netflix’s stock has climbed more than 35% in 2024.

Huge surprise

By OrangeTide • Score: 5, Funny Thread

Slashdot has only reported on this 3 times this month.
* https://entertainment.slashdot…
* (plus this time)

We have another 2 weeks this month, so I am hoping for a record 5 dup streak.

Won’t someone think of the actors?

By Powercntrl • Score: 3 Thread

Finn Wolfhard’s salary isn’t going to pay itself!

Slashfot has already removed..

By luvirini • Score: 3 Thread

.. the dupe free plan.

I have to wonder

By 93 Escort Wagon • Score: 4, Insightful Thread

I’d be (mildly) curious to know how many of these oft-reported “new” subscribers are people who used to keep a Netflix subscription 24/7/365, but (like me / my family) stopped that and now just sign up anew every year or so and binge for a month or two - like with other streaming services.

I’m sure this data is somewhere, but I’m not interested enough to do much work trying to find it,

Southwest Airlines Avoids Cloudstrike Issues - Thanks to Windows 3.1?

Posted by EditorDavid View on SlashDot
Slashdot reader Thelasko shared Friday’s article from Digital Trends:
Nearly every flight in the U.S. is grounded right now following a CrowdStrike system update error that’s affecting everything from travel to mobile ordering at Starbucks — but not Southwest Airlines flights. Southwest is still flying high, unaffected by the outage that’s plaguing the world today, and that’s apparently because it’s using Windows 3.1.

Yes, Windows 3.1 — an operating system that is 32 years old. Southwest, along with UPS and FedEx, haven’t had any issues with the CrowdStrike outage. In responses to CNN, Delta, American, Spirit, Frontier, United, and Allegiant all said they were having issues, but Southwest told the outlet that its operations are going off without a hitch. Some are attributing that to Windows 3.1. Major portions of Southwest’s systems are reportedly built on Windows 95 and Windows 3.1…
UPDATE: Reached for comment, Southwest “would not confirm” that’s it’s using Windows 3.1, reports SFGate. But they did get this quote from an airline analyst:

âoeWe believe that Southwest’s older technology kept it somewhat immune from the issues affecting other airlines today.”


By battingly • Score: 5, Insightful Thread
Unless Crowdstrike runs on Windows 3.1, which is highly unlikely, then the reason Southwest was unaffected was because they don’t use Crowdstrike, not because they run an ancient version of Windows. By the way, it’s called Crowdstrike, not Cloudstrike, so you might want to fix that title.

fake news / reading failure

By iwulinux • Score: 5, Informative Thread

I went two articles deep looking for the root-level citation. Here it is:
“Some systems even look historic like they were designed on Windows 95.”

Read that again. “Look historic like.” Not *are* Win95, or indeed Win3.1. Probably just VB6 applications with outdated controls.

But nobody bothered to read two articles deep, and then somebody tweeted authoritatively that they were running Win3.1, and now it’s a Known Fact. This shit pisses me off so much. Great example of how stories grow in the telling.

Only it’s a lie

By EvilSS • Score: 5, Informative Thread
Southwest does not run their shit on Windows 3.1. The article is based on a tweet the author admitted was a joke. He later dug up a quote about SkySolver comparing it to running your systems on Windows 3.1 in this day and age and misunderstood what was being said, thinking his joke turned out to be true. SkySolver does not run on 3.1, it’s just really fucking old. It’s also the software that caused those recent Southwest network meltdowns. Remember those. So not sure anyone should be bragging on it no matter it’s age.

So congrats, you all bought it hook, line, and sinker.

Re: Pretty crazy, but also smart

By vbdasc • Score: 5, Interesting Thread

Memory leaks were mostly a problem for Windows 3.1 if it ran in the 80386 Enhanced mode, due mainly to insufficiently polished virtual memory manager (WIN386.EXE) and VXDs. In the “80286 Standard mode” Windows 3.1 tended to be much more stable. In fact, Win9x systems contained a minimal Windows 3.1 install, known as FAILSAFE.DRV than ran in Standard mode, and was used for critical tasks that couldn’t be allowed to fail, such as the initial compression of the disk with DRVSPACE.


By UnknowingFool • Score: 5, Interesting Thread

I avoid Southwest because all the avionics in their planes runs on old TRS-80 Model I systems strapped under the dashboard with duck tape.

The avionics of the plane are dependent the age/model/certification of the plane. It is not like Southwest can just install a Ryzen 7900x with the latest avionics because they want to do that.

(Although there is one advantage: These machines can’t run MCAS.)

That is factually untrue: “When the grounding of all MAX aircraft was extended to the US on March 13, 2019, Southwest Airlines was significantly impacted as the largest operator of the MAX, with 34 grounded aircraft representing 4.5% of its fleet " Southwest was affected by the 737 groundings. Since 2019, Southwest still currently has the largest 737 MAX fleet of any airline.