Alterslash

the unofficial Slashdot digest for 2017-Sep-12 today archive

Contents

  1. Department of Energy Invests $50 Million To Improve Critical Energy Infrastructure Security
  2. Why Bats Crash Into Windows
  3. Researchers Catch Microsoft Zero-Day Used To Install Government Spyware
  4. J.J. Abrams To Direct Star Wars: Episode IX; Premiere Date Pushed To December 2019
  5. Intel Cuts Cord On Its Current Cord-Cutting WiGig Products
  6. Apple Is Releasing macOS High Sierra On September 25
  7. 'Operational Limitations' In Tesla Model S Played a 'Major Role' In Autopilot Crash, Says NTSB
  8. BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices
  9. A New Way to Learn Economics
  10. Equifax Lobbied For Easier Regulation Before Data Breach
  11. Boffins Fear We Might Be Running Out of Ideas
  12. Apple Announces iPhone X With Edge-To-Edge Display, Wireless Charging and No Home Button
  13. Are Top US Startups Really Startups?
  14. The New Apple Watch Series 3 Has Cellular Built-In
  15. The Only Safe Email is Text-Only Email
  16. Why Must You Pay Sales People Commissions?
  17. Rotten Tomatoes Scores Don't Correlate To Box Office Success or Woes, Research Shows
  18. Google Rival Yelp Claims Search Giant Broke Promise Made to Regulators
  19. Android Always Beats the iPhone To New Features, Qualcomm Says
  20. Equifax's App Has Disappeared From Apple's App Store and Google Play
  21. Amazon's Whole Foods Price Cuts Brought 25 Percent Jump In Shoppers
  22. Chatbot Lets You Sue Equifax For Up To $25,000 Without a Lawyer
  23. Google Publicly Releases Internal Developer Documentation Style Guide
  24. Virginia Scraps Electronic Voting Machines Hackers Destroyed At DefCon

Alterslash picks the best 5 comments from each of the day’s Slashdot stories, and presents them on a single page for easy reading.

Department of Energy Invests $50 Million To Improve Critical Energy Infrastructure Security

Posted by BeauHDView on SlashDotShareable Link
Orome1 shares a report from Help Net Security: Today, the Department of Energy (DOE) is announcing awards of up to $50 million to DOE's National Laboratories to support early stage research and development of next-generation tools and technologies to further improve the resilience of the Nation's critical energy infrastructure, including the electric grid and oil and natural gas infrastructure. The electricity system must continue to evolve to address a variety of challenges and opportunities such as severe weather and the cyber threat, a changing mix of types of electric generation, the ability for consumers to participate in electricity markets, the growth of the Internet of Things, and the aging of the electricity infrastructure. The seven Resilient Distribution Systems projects awarded through DOE's Grid Modernization Laboratory Consortium (GMLC) will develop and validate innovative approaches to enhance the resilience of distribution systems -- including microgrids -- with high penetration of clean distributed energy resources (DER) and emerging grid technologies at regional scale. The project results are expected to deliver credible information on technical and economic viability of the solutions. The projects will also demonstrate viability to key stakeholders who are ultimately responsible for approving and investing in grid modernization activities. In addition, the Department of Energy "is also announcing 20 cybersecurity projects that will enhance the reliability and resilience of the Nation's electric grid and oil and natural gas infrastructure through innovative, scalable, and cost-effective research and development of cybersecurity solutions."

$50 million?

By PopeRatzo • Score: 5, Insightful • Thread

They better add a few zeroes to that.

Coronal Mass Ejection for Life On Earth, Alex...

By GerryGilmore • Score: 5, Funny • Thread
Seriously - The Economist magazine recently had a great article (https://www.economist.com/news/world-if/21724908-huge-potential-impact-rich-countries-prolonged-loss-electricity-disaster) highlighting A) the catastrophic effect on civilized life and B) the ridiculously low cost of preventive measures and C) as always, the lack of political will, coupled with a lack of technical knowledge across broad swaths of our populace and - especially! - politicians married with a "gubmint regulations are bad, M'Kay!" mentality and you have potential disaster looming. Don' worry, though, the latest version of Apple's iPhone will have an app to fix that! :-)

Well

By buss_error • Score: 5, Interesting • Thread

I'm all for that. But how expensive is it to block port 23 and changing the BIOS of SCADA systems so that the first thing to be configured is a password?

I have seen power, water, sewer, and traffic systems put into production with an internet gateway that had telnet open, with default admin credentials that are well known.

I have a few "go to" things for the rare occasions I'll take a consulting gig on.

1. nmap the device. Secure the open ports.
2. No default passwords, and it's best if you can change the admin account name to something non-standard.
3. patch patch patch
4. Secure SSH so that only ssh key access is allowed. No username/password.
5. Create a key for each device. Best if you create the key with a password - I usually use the serial number of the device obfuscated. So if the serial number is 123, then the password for that key would be zyx or some simple transposition. I usually use a 10 letter word whose letters don't repeat. INTRODUCES, BLOCKHEADS, CORNFLAKES - and I usually say order them so it doesn't spell a word. EG: BLOCKHEADS to ABCDEHKLOS. And change the key based on the third or second to last number.
6 firewalls, firewalls firewalls. Limit port access to only those IP's you know and control.
7. Trust nothing completely. Defense in depth.
8. Construct "alarm" data and configure deep packet inspection to look for those alarm data and trigger an alert.
9. Ensure you have a panic button to shut down the network.

There are other things, a bit more subtle to go into.

Re:I'll take 10 million

By Bob the Super Hamste • Score: 4, Informative • Thread
I see someone has no idea of what they are talking about in this regard. Here is the current standard that grid operators have to comply with. Also here is what is currently being asked of suppliers by the grid operators when getting a new system. Add in that the systems be benchmarked against these or these is also becoming written into the contracts now. I would assume that operators in the oil and gas industry either have similar things or are at least smart enough to re-purpose the above as the effort to do so would be minimal. A lot of the security efforts for securing the grid are not to protect it from the general internet, they are already separated and if not the company fucked up really bad and if NERC finds out the company will be paying some huge fines so let NERC know. Instead the security is to protect the control system from stupid users who find a USB rubber ducky in the parking lot, connects their corporate laptop to the control network, someone doing malicious things out at some remote substation that then gets into the main control system, or malicious insider. The people going after the grid are professionals and more often than not state actors not little Timmy from down the street who just found out about Low Orbit Ion Cannon or Armitage.

Why Bats Crash Into Windows

Posted by BeauHDView on SlashDotShareable Link
According to a new report published in the journal Science, Bats slam into vertical structures such as steel and glass buildings because they appear invisible to bats' echolocation system. Nature reports: Bats rely on echolocation to navigate in the dark. They locate and identify objects by sending out shrill calls and listening to the echoes that bounce back. Greif and his colleagues tested the echolocation of 21 wild-caught greater mouse-eared bats (Myotis myotis) in the lab. The researchers placed a featureless metal plate on a side wall at the end of a flight tunnel. The bats interpreted the smooth surface -- but not the adjacent, felt-covered walls -- as a clear flight path. Over an an average of around 20 trials for each bat, 19 of them crashed into the panel at least once. The researchers also put up smooth, vertical plates near wild bat colonies, and saw similar results. The animals became confused owing to a property of smooth surfaces called "acoustic mirroring." Whereas rough objects bounce some echoes back towards the bat, says Greif, a smooth surface reflects all echolocation calls away from the source. This makes a smooth wall appear as empty space to the bats, until they are directly in front of it. Only once a bat is facing the surface are their perpendicular echoes reflected back, which alerts the bat to its mistake. This explains why some bats attempted to swerve out of harm's way at the last second -- but often too late.

Re: OMG

By lucm • Score: 4, Funny • Thread

Let's see how many comments on this story will NOT be jokes about Microsoft Windows or Batman

Re:Birds also crash into large glass walls

By wickerprints • Score: 5, Interesting • Thread

Indeed. And the underlying physical principle is similar, except instead of sound waves in the case of bats, it is light waves in the case of birds. For example, if the sky is reflected in glass, a bird can fail to see the obstacle.

Few natural structures exhibit the kind of macroscopic reflectivity of man-made walls or glass windows. Bats and birds did not evolve sensory mechanisms to avoid collisions with these.

Re: stealth uses this same function

By Immerman • Score: 5, Interesting • Thread

The tighter the curvature, the more likely some portion of the surface will be pointed towards the bat, and thus generate a return signal for them to hear.

Think of it like firing an air-cannon of tennis balls in front of you in the dark (while deaf) - if the expanding cone of tennis balls hits a smooth wall at anything other than almost dead on, all the balls will bounce away from you. On the other hand, if there's any substantial curvature to the wall then some of the balls will probably bounce back at you. When you get hit by the returning balls, you know there's something in front of you,

that's evil

By Cederic • Score: 3 • Thread

The researchers also put up smooth, vertical plates near wild bat colonies

The bastards!

It's easy

By The123king • Score: 3 • Thread
@echo off
:crash
start
goto crash

Save that as a .bat, then run as administrator. Anyone can make a bat crash Windows!

Researchers Catch Microsoft Zero-Day Used To Install Government Spyware

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from Motherboard: Government hackers were using a previously-unknown vulnerability in Microsoft's .NET Framework, a development platform for building apps, to hack targets and infect them with spyware, according to security firm FireEye. The firm revealed the espionage campaign on Tuesday, on the same day Microsoft patched the vulnerability. According to FireEye, the bug, which until today was a zero-day, was being used by a customer of FinFisher, a company that sells surveillance and hacking technologies to governments around the world. The hackers sent a malicious Word RTF document to a "Russian speaker," according to Ben Read, FireEye's manager of cyber espionage research. The document was programmed to take advantage of the recently-patched vulnerability to install FinSpy, spyware designed by FinFisher. The spyware masqueraded as an image file called "left.jpg," according to FireEye.

The dark covenant

By lucm • Score: 3 • Thread

Those guys are playing with evil forces.

FireEye analyzed a Microsoft Word document where attackers used the arbitrary code injection to download and execute a Visual Basic script that contained PowerShell commands.

RTF -> VBScript -> PowerShell -> Chtulhu awakens

Re:NORTH KOREA or THE NSA

By Ol Olsoc • Score: 4, Insightful • Thread

This is pretty much why I can't help but snicker every time someone says "But the Russians...". The harm "the Russians" can do to you are minimal compared to what your very own government can.

I wonder if we might be able to concentrate on more than one issue at a time.

What Brian LaMacchia said about .NET security

By Anonymous Coward • Score: 5, Interesting • Thread

Brian Malacchia was one of the authors of .NET. I had the pleasant experience of hearing him speak at MIT about the upcoming "Trusted Computing" software. What made it fun was that Richard Stallman was in the room, which Brian was *not* expecting, and proceeded to call into question the entire "Microsoft holds the private keys, and revolcation keys for all your hardware and software" security model. Brian pointed out that if Microsoft ever did the pernicious tricks Richard Stallman was worried about, that he and ethical engineers like him would resign.

I managed to rivet the room by pointing out "just like you resigned from the .NET project for their violations of basic security"? The fact that he hopped from security from .NET to Trusted Computing, and .NET *had government backdoors built in*, is precisely why we should trust neither project. He *knew* it was flawed, and instead of resigning he just went to the next security project that has nothing to do with actual user security. It's about digital rights management, at every single level, and about giving Microsoft access to user's private keys in their own private and uncontrolled escrow storage.

Re:The dark covenant

By Mal-2 • Score: 4, Interesting • Thread

Why is it that Windows & Linux are always getting hacked but you never hear about exploits for the Mac huh? What gives!?

Because you're not paying attention.
https://www.exploit-db.com/exploits/36692/

Re:NORTH KOREA or THE NSA

By Plus1Entropy • Score: 4, Informative • Thread

I think that's a bit disingenuous. Both things are threats to our liberty, in different ways and to different degrees. Just because I am concerned about Russia interfering in our elections doesn't mean that I am not concerned about the rise of the surveillance state.

J.J. Abrams To Direct Star Wars: Episode IX; Premiere Date Pushed To December 2019

Posted by msmashView on SlashDotShareable Link
A week after Jurassic World's Colin Trevorrow was ousted from the Star Wars: Episode IX director's chair, a familiar face has stepped in to replace him: J.J. Abrams, the man responsible for successfully rebooting the new trilogy in 2015 with Star Wars: The Force Awakens. From a report: Disney just pushed back the release of Star Wars: Episode IX from May 2019 to December 2019, Deadline reports. The news comes after an announcement today that J.J. Abrams is taking over from Colin Trevorrow as director of the movie. Episode IX, originally slated to premiere on May 24th, 2019, was supposed to be a return to May release dates for the Star Wars franchise. Back in 2015, The Force Awakens was also originally supposed to be released in the summer, but was moved to a December release after Abrams took over screenwriting duties with Lawrence Kasdan (The Empire Strikes Back, Return of the Jedi) and needed more time.

Jar Jar Abrahams again!?!? Noooooo!!!!!!

By williamyf • Score: 3 • Thread

If his first star wars movie (or his second star trek one) is any indication of Jar Jar Abraham's ingenuity, I guess that Star Wars Ep. IX will go something like this:

In Ep VIII, Flinn was captured by some evildoer, so Rey goes to the bad guy's lair and pretends to be taken prisoner in order to free him with her Jedi Might, Cleansing the lair in the process by killing most of the evildoers and even making some of them be eaten by mighty giant lifeform.

Then we move to a new threat from the new order, a new spherical object of doom orbiting a sacred-forest-planet where a station is beaming a shield to protect it. A party composed of Flynn and pilot guy go there to deactivate the shield, and fins some utterly cute merchandiseable lifeform opressed by the new order, which help them deactivate said shield (and blow the unfinished evil spherical object of doom to smithereens), while Kylo Ren takes Rey to Face Snooke, resulting in redemption for Kylo and death for snooke...

If we are goin to recycle: Can I propose a better recycled idea for Ep IX?
Here it is:

While traveling throught the galaxy, the rebels encounter a planet, were they are attacked by a hermaphrodite local, are forced to kill this local using the force, orphaning his/her child named Fallom. They take Fallom with them.

After traveling some more, and arriving to a small planet with a single moon, RtwoDtwO speaks, not with beeps, but with a voice, reveals that his initials are RDO, that he is a telepathic robot created eons ago by Roj Nemennuh Sarton and Han Fastolfe, that he has been guiding the Galaxy behind the scenes, and that, since his positronic brain is failing, he needs to merge his consciousness with Fallom in order to continue guiding the Galaxy like a father figure, as he always has.

I mean, is at the same level of imagination as what Jar Jar Abrahams did in Episode 7!

Re:Not convinced this is a good idea

By SvnLyrBrto • Score: 4, Insightful • Thread

Screw all that.

I'm still a bit annoyed that Nero bothered with the "revenge against Vulcan and Earth" thing at all; instead of flying off to Romulus and having a nice little chat with the Praetor:

"Hi there. I'm Nero. Like my ship? See how impressive it is and how it out-classes anything you, the Klingons, or the Federation have, even though it's really just a mining ship? Well, I'm from the future. More proof? Well, according to the copy of 'Grays Sports Almanac, Romulan Empire Edition' in my ship's computer, the Remans are going to win tonight's grav-ball game, 63-61. Let's chat tomorrow."

"Hi. Good morning. I'm still Nero. Did you enjoy the grab-ball game? Yeah, a real shocker. I bet everyone in the empire thought that Romulus was going to win, right up until the last pentameter. So yeah... Do you believe me about the whole 'being from the future' thing now? Great. Let's do lunch."

"Wow, I haven't had grilled trait that tender in ages. So hey... you know that red giant star over there, just a couple light-years away from Romulus, across the sector border? Yes, that's the one. You know how your neutrino detectors show that fusion has nearly stopped in its core? Well, that star's going to be a problem. It's going to go supernova in exactly 102 years 4 days 3 hours and 42 minutes. Woah! I must have a little bit of Vulcan in me. But anyway, since I'm from the future, I know that. When it explodes, the Vulcans are going to try to keep it from destroying Romulus by using something called red matter. It doesn't make any sense. But they're going to fail. So you should probably see about evacuating the planet. The more than a century of heads-up I just gave you should be more than enough time; especially seeing as I have this giant spaceship here filled with technology from your future."

"Hi. I'm still Nero. So... can anyone recommend a good tattoo-removal place?"

Re: Yay... Abrams

By thegarbz • Score: 5, Insightful • Thread

But it's cool when Luke does the same thing.

Rei: Goes from no powers to mind control followed by using the force to fling things around before even getting off the planet they were fleeing, proceeds to kill a Kylo Ren who had been perfecting his powers for years under a Sith master.

Luke: Unable to sense bolt blasters for an entire space flight. Soon after being taught by the best Jedi master in the universe and spitting the dummy when unable to lift simple stones. Even after a few weeks of training his skill level is still basic. He then proceeds to get his arse kicked.

Yeah totally the same thing.

Re: Yay... Abrams

By AmiMoJo • Score: 4, Insightful • Thread

While Rey's development is a bit rushed, it was probably a consequence of Mark Hamil getting old more than anything. If he were younger the central character would probably have been Luke fighting a resurgence of the Sith/Empire.

Having said that, what extraordinary abilities does she actually demonstrate during that film? She manages to pilot the Falcon reasonably well, and barely escape a fight with Kylo Ren without really beating him, and of course Ren's abilities are nothing like as developed as Vader's were - even his light sabre is a crude imitation, unable to produce the smooth, controlled beam that well made ones could. The "guard" actually seems to be an exhaust of some sort for the poorly controlled power supply.

Hopefully the next film will explain a lot more about who Rey is and why she has strong force powers. My guess would be that she is related to Luke somehow, or maybe Kylo.

Re: Yay... Abrams

By AmiMoJo • Score: 4, Insightful • Thread

Rei: Goes from no powers to mind control followed by using the force to fling things around before even getting off the planet they were fleeing, proceeds to kill a Kylo Ren who had been perfecting his powers for years under a Sith master.

Your argument would be more convincing if you managed to get basic details about the movie correct.

Rei's mind control powers only emerged after Kylo Ren had demonstrated them to her when trying to interrogate her. At the time she was strapped to an interrogation table waiting to be tortured, implying that the stress pushed her to use force powers. That's consistent with how force powers manifested for other users, e.g. Luke when he needs to make that critical shot, or contact his sister to be rescued after losing to Vader. It's well established that stress and powerful emotions like anger interact with force abilities.

Rei also failed to kill Kylo Ren. The battle ended in something of a stalemate, and Ren started out carrying an injury.

Ren's force powers seem to be relatively weak. He doesn't demonstrate anything like the power that other trained users did, and none of the typical dark side stuff like lightning or force-choking. His light sabre is also pretty poor quality, unable to form a solid steady beam. It's not clear how much training he has had, that hasn't been revealed yet, he seems to lack the discipline that Vader and other Sith had, being prone to emotional outbursts and still struggling with links to his family (which is why killing Han is so important).

Even after a few weeks of training his skill level is still basic. He then proceeds to get his arse kicked.

Right, because he didn't have enough training. After that he trains by himself, with no guidance, for an unspecified period of time but it only seems to be a year at most between ESB and ROTJ. At that point he has got good enough not only to beat Vader but the Emperor as well, at the same time.

Maybe, as every DBZ fan eventually realizes, power levels are bullshit.

Intel Cuts Cord On Its Current Cord-Cutting WiGig Products

Posted by msmashView on SlashDotShareable Link
An anonymous reader shares a ZDNet report, which also has some clarification from Intel: It looks like you can add WiGig wireless docking to Intel's dustbin (along with IoT products axed earlier this summer), as the company has discontinued existing products using the 802.11ad wireless standard, according to Anandtech. [Since publishing this report, we've received a statement from Intel clarifying its WiGig support: "We continue to offer current versions of our 802.11ad products, such as the Intel Tri-band Wireless AC 18265 and Gigabit Wireless 10101R antenna module. We remain committed to WiGig and think it has exciting potential for a number of applications, including enabling VR to become wireless, mesh networking and as part of Intel's leading products for 5G."] WiGig was developed several years ago with faster speeds than then-current Wi-Fi standards, but because it relied on the 60GHz channel, its high throughput could only travel over short distances. As a result, it eventually became marketed as a feature for wireless laptop docking stations, and while it received some support from enterprise laptop manufactures like Dell and Lenovo, the technology didn't make a big dent against standard wired laptop docks.

Heh

By scdeimos • Score: 3 • Thread

As a result, it eventually became marketed as a feature for wireless laptop docking stations, and while it received some support from enterprise laptop manufactures like Dell and Lenovo, the technology didn't make a big dent against standard wired laptop docks.

I can't help but chuckle whenever I see "support" and "Lenovo" in the same sentence.

Apple Is Releasing macOS High Sierra On September 25

Posted by BeauHDView on SlashDotShareable Link
After updating its website for the iPhone launch event, Apple has confirmed that macOS High Sierra will be released on September 25th. TechCrunch provides a brief rundown of the major changes, most of which are under the hood: The Photos app is still receiving some new features to keep it up to date with the iOS version. There are more editing tools, you can reorganize the toolbar and you can filter your photos by type. If you're a Safari user, my favorite change is that there is a new feature in the settings that lets you automatically block autoplaying videos around the web. Many websites have abused autoplaying video, it's time to stop it. And then, there's a new file system that should make your Mac snappier if you're using an SSD. Mail is compressing messages, Metal 2 should take better advantage of your GPU, Spotlight knows about your flight status, etc. The free update to macOS High Sierra will be available in the Mac App Store.

Re:AFS?

By tlhIngan • Score: 4, Insightful • Thread

You are missing the point. Changing the file system 'in-situ' without offering an opt-out is flat out fucking stupid on Apple's part. It should be offered as an option, not jammed down your throat on production systems.

Well, if you're so worried, then you shouldn't upgrade ot High Sierra then on your production systems. Which is never a bad idea since the bugs on a .0 release of an OS are huge. You can hold off until .1 or .2 is released which should fix a bunch of the biggest issues.

Apple will retain support for the previous version of the OS until at least the next version of the OS is released, so you can hold off and wait for the bad news.

And Apple has nice backup tools for you too - Time Machine will be useful enough to handle a pre-upgrade backup.

Re:AFS?

By TheRaven64 • Score: 4, Informative • Thread

there's nothing special about SSDs that makes APFS any more attractive than on a spinning disk

Yes there is, APFS is a copy-on-write filesystem. This means that you end up with a lot of fragmentation for frequently modified files. This doesn't matter for SSDs, because random reads are not much more expensive than sequential, but it can really hurt performance on spinning rust.

'Operational Limitations' In Tesla Model S Played a 'Major Role' In Autopilot Crash, Says NTSB

Posted by BeauHDView on SlashDotShareable Link
Mr D from 63 writes from a report via Reuters: The chairman of the U.S. National Transportation Safety Board (NTSB) said on Tuesday "operational limitations" in the Tesla Model S played a "major role" in a May 2016 crash that killed a driver using the vehicle's semi-autonomous "Autopilot" system. Reuters reported on Monday that the NTSB is expected to find that the system was a contributing factor because it allows drivers to avoid steering or watching the road for lengthy periods of time. The NTSB is also expected to find that Tesla Inc could have taken additional steps to prevent the system's misuse and will fault the driver for not paying attention. "Today's automation systems augment, rather than replace human drivers. Drivers must always be prepared to take the wheel or apply the brakes," NTSB Chairman Robert Sumalt said. The system could not reliably detect cross traffic and "did little to constrain the use of autopilot to roadways for which it was designed," the board said. Monitoring driver attention by measuring the driver's touching of the steering wheel "was a poor surrogate for monitored driving engagement." At a public hearing Tuesday on the crash involving Brown, NTSB said the truck driver and the Tesla driver "had at least 10 seconds to observe and respond to each other."

Re:Anybody know what this means?

By BasilBrush • Score: 4, Interesting • Thread

Yes, eye tracking is the obvious way. And the Tesla Model 3 has a camera in the rear view mirror area that faces back towards the inside of the car. AFAIK it's not used yet, but it's obvious use case is monitoring driver attention. They could deliver that in a future software update.

Re:Anybody know what this means?

By Anonymous Coward • Score: 5, Insightful • Thread

...unless the chainsaw company names it the Jugglesaw 9000 and markets it with commercials starring chainsaw jugglers.

Re:Anybody know what this means?

By MightyYar • Score: 4, Informative • Thread

Cadillac uses eye tracking to monitor the driver's attentiveness.

Re:This is dumb

By Richard_at_work • Score: 4, Informative • Thread

The issue is the duration in which the Tesla system gives warnings - the industry standard recommended timespan between inattentive-driver prompts is 15 seconds, while in this case, there were no inattentive-driver prompts from Autopilot for the two minutes leading up to the accident.

This is the issue when you call something "Autopilot" and give it to a consumer base that is used to being spoonfed fictitious understandings of such systems from superficial TV shows - they are led to believe it does something that it most certainly does not.

Yes, Tesla put all sorts of warnings in their manuals about this, but theres absolutely no requirement to read those manuals before jumping into the car, hitting the highway and engaging the system. Thats where the disconnect from reality and theory occurs - in theory, everyone reads the manual and understands the intimate details of the vehicle before setting off, while in practice people jump into new cars all the time and try things out.

Who here has been the person sat in their rental car for 30 minutes reading the manual before driving off for the first time? I bet the number of people who response affirmatively to that question is .... low.

Thats the issue Tesla need to solve.

Re: Anybody know what this means?

By gravewax • Score: 4, Informative • Thread
cruise control doesn't remove the requirement for you to be paying 100% attention on the road at all times, it only removes the requirement to constantly glance down to verify you are going the correct speed.

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from Bleeping Computer: Security researchers have discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars. Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company's network or even across the world. "These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email. "Previously identified flaws found in Bluetooth were primarily at the protocol level," he added. "These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device." Consumers are recommended to disable Bluetooth unless you need to use it, but then turn it off immediately. When a patch or update is issued and installed on your device, you should be able to turn Bluetooth back on and leave it on safely. The BlueBorne Android App on the Google Play Store will be able to determine if a user's Android device is vulnerable. A technical report on the BlueBorne flaws is available here (PDF).

Mainstream linux has it patched already

By deviated_prevert • Score: 5, Informative • Thread
Redhat had it covered first. Debian now has it patched. I would imagine that MS Server, Win7 and Win10 might not be too far behind considering that the real danger of this exploit is access to corporate networks that use bluetooth devices. Fortunately most thin clients do not have bluetooth built in otherwise this could become another update nightmare for MS admins. Either way I don't think this will effect the Microsoft servers users too much. What I do foresee is a rapid removal of bluetooth mice and a server side disabling of the usb bluetooth stack happening in major business until Microsoft patches the windows bluetooth stack.

I have a prediction

By viperidaenz • Score: 3 • Thread

Lenovo won't release a security update for the Moto X 2014
It's still on August 2016 patch level, 13 months old now...

Re:Does one really need the BlueBorne app?

By Trax3001BBS • Score: 5, Informative • Thread

Looks like the vulnerabilities that impact Android are in the BlueZ bluetooth stack.
Nothing to do with the MAC address of your Bluetooth/Wifi, of if Bluetooth and WiFi are contained in the same piece of hardware (I doubt any phone has a separate Bluetooth chip anyway, it would require a separate bluetooth antenna, cost more and take up more space)

From PDF in summery
"If the device generates no Bluetooth traffic, and is only listening, it is still possible to “guess” the
BDADDR, by sniffing its WiFi traffic. This is viable since WiFi MAC addresses appear unencrypted
over the air and due to the widely accepted norm of OEMs and hardware manufacturers that the
MACs of internal Bluetooth/WiFi adapters are either the same, or only differ in the last digit (one
being +1 of the other"

I can see a legit use for it

By menkhaura • Score: 3 • Thread

I can see a legitimate use for this vulnerability: disable mobiles of drivers who insist on texting while driving. With a little sophistication, it can be done automatically, with your own phone safely in your pocket.

the actual problem is : a buffer overflow...

By johnjones • Score: 4, Informative • Thread

so yes its basically like wifi, cables are reliable

there is a buffer overflow in some versions of windows/linux/iOS

this has been patched in recent versions of all the OS's
its not a replicating worm per se unless you count all the people who have downloaded an "app" to check if they are vulnerable...

the videos and documentation on their website give absolutely no details and completely pointless, this is what happens when you let a media company deal with a buffer overflow

Actual information :

Background Information
The Logical Link Control and Adaptation Layer Protocol (L2CAP) works at the data link layer in the Bluetooth stack. It provides services such as connection multiplexing, segmentation and reassembly of packets for upper layer protocols such as Bluetooth. It facilitates higher level protocols to transmit and receive L2CAP data packets to and from clients.

A stack buffer overflow issue was found in various systems Bluetooth subsystem processing the pending configuration packets received from a client. As a result, a client could send arbitrary L2CAP configuration parameters which were stored in a stack buffer object. These parameters could exceed the buffer length, overwriting the adjacent kernel stack contents. This exchange occurs, prior to any authentication, when establishing a Bluetooth connection. An unauthenticated user, who is able to connect to a system via Bluetooth, could use this flaw to crash the system or potentially execute arbitrary code on the system if not secured correctly. if the Linux kernel stack protection feature (CONFIG_CC_STACKPROTECTOR=y) is on then your not going to be vulnerable.

Not impressed with the press release at all I'm afraid

It does show which vendors of equipment pay attention, develop patches and deserve respect

Regards

John Jones

A New Way to Learn Economics

Posted by msmashView on SlashDotShareable Link
John Cassidy, writing for The New Yorker: With the new school year starting, there is good news for incoming students of economics -- and anybody else who wants to learn about issues like inequality, globalization, and the most efficient ways to tackle climate change. A group of economists from both sides of the Atlantic, part of a project called CORE Econ, has put together a new introductory economics curriculum, one that is modern, comprehensive, and freely available online. In this country, many colleges encourage Econ 101 students to buy (or rent) expensive textbooks, which can cost up to three hundred dollars, or even more for some hardcover editions. The project is a collaborative effort that emerged after the world financial crisis of 2008-9, and the ensuing Great Recession, when many students (and teachers) complained that existing textbooks didn't do a good job of explaining what was happening. In many countries, groups of students demanded an overhaul in how economics was taught, with less emphasis on free-market doctrines and more emphasis on real-world problems.

Re:Leftist

By HornWumpus • Score: 5, Insightful • Thread

Marxism is more specific than 'Socialist'. If 'The means of production' are in private hands, it's not Marxist.

The scandinavian countries are, generally speaking 'capitalist welfare states'.

Re:An ideolog's wet dream

By BlueStrat • Score: 4, Insightful • Thread

So, instead of a year or three of depression and then a return to a healthier market

If anyone seriously believed that would be the case, they wouldn't have voted for the bailouts.

LOLwut? These were bought-and-paid-for politicians doing what their masters wanted, which was a bailout at taxpayer expense and with little change to how they do business, which was enabled by the same corrupt politicians to begin with.

This is where in the past private charity stepped in

Citation needed because people are still dying because they can't afford medication.

It used to be that churches, benevolent organizations, and private charities filled the role of healthcare safety net before the massive expansion of government entitlement programs as regular people could afford to give to charities because they were not being taxed to the edge of insolvency to pay for bloated, corrupt, and hugely wasteful government entitlement programs and the massive bureaucracy that goes hand-in hand with them.

Yeah, it was terrible in Houston with all those people who brought boats from across the US demanding cash payments up front and abandoning those who couldn't pay to die...oh, wait....

Exactly my point, the free-market ideology wasn't there.

People voluntarily & freely gave of their money, time, and resources. It was the most "free market" possible.

People give more when they aren't forced under threat of deadly force or imprisonment as government "charity" is.

Yeah, those roving bands of private-prison guards snatching people off the street and throwing them in prison must stop...oh, wait....

Congratulation on knowing jack shit about the problem.

The basic idea of privatization is sound from an economic standpoint, the problem is with trying to implement such a system within a bloated, corrupt government that has grown far too large & powerful as the US government has.

You're confusing and/or conflating capitalism with crony corruption,

I believe the words you meant to write was crony capitalism. Why do you think the free-market ideology is somehow independent?

I wrote what I meant. Crony corruption occurs in every form of government. There is 'crony-capitalism', 'crony-communism', 'crony-socialism', etc etc etc. As I stated in my previous post, it occurs when any government becomes too large & powerful. It is not endemic to capitalism, it is endemic to governments which have grown too large & powerful. "Free market" or not is irrelevant.

It's just that at least with capitalism, there probably aren't automated machine gun turrets, concrete walls, moats, and barbed wire to prevent leaving.

Nobody has those, so what's your point?

Well, not too long ago East Germany had this little tourist attraction called the "Berlin Wall". Maybe you've heard of it? I don't recall East Germany building it while they were a capitalist nation.

Selective memory, much?

Strat

Re:Adam Smith Good

By argStyopa • Score: 4, Informative • Thread

Smith was quite clear on the role of government actively working in markets to ensure they remained level playing fields where monopolies and cartels wouldn't be able to close the market to new startups. Further, he talked about government management of infrastructure and education in ways which promoted commerce.

Mainly, however, it's that his emphasis was on LIMITED government, such that its actions didn't distort the market through protectionism and bias.

I know your point is "right wingers are stupid" but most of the conservatives I know are not anarchist libertarians. They're not even anti-tax; they're perfectly fine with government as long as it's limited in its role - a federal government whose primary function is the 'fair' redistribution of wealth and social justice would indeed make Smith spin in his grave.

Relevent Reading

By jimbrooking • Score: 3 • Thread

I just finished Nancy MacLean's "Democracy in Chains". (https://history.duke.edu/book/democracy-chains) I recommend it highly to anyone who thinks the "free market" is the be-all and end-all of economics and economic politics. It is a heavily researched and footnoted, yet very readable account of how the "economic freedom" crowd is incrementally taking over the USA using diabolical strategies hatched over the past 70 years or so. My reading staple lies in the genre of mysteries, horror and the like, but I will say that MacLean's book is the scariest thing I have ever seen.

Hey y'all frogs: enjoy the warm bath!

Re:Leftist

By ArmoredDragon • Score: 4, Informative • Thread

The Scandinavian socialist countries (Denmark, Sweden, etc.) seem to be doing quite well for themselves. And there are plenty of capitalist countries where you wouldn't want to live there unless you were among the ruling elite.

This is false (or at least misleading) because those countries are capitalist in every sense of the word. For that sentence to make sense, you have to understand the difference between free market, welfare, and socialism.

Capitalism first and foremost means that the means of production is owned by private individuals, and they are sold on a free market.

Free market means that when you trade something, its price is determined by the forces of supply and demand, as opposed to a governing entity requiring otherwise. There are many schools of thought on just how unencumbered a market can to still be considered free, as even things like price ceilings or wage floors can still be considered free market, but that is another topic that is highly debatable with many valid arguments on all sides.

Welfare means that a governing entity is paying money to a private party on your behalf so that you can obtain something. For example in food stamps, the government is giving the merchant money so that they give you food.

Socialism means that the means of production (i.e. factories, farms, infrastructure) is owned by the government, and the people who do the producing (i.e. workers) are also employed by the government, and the government sets prices. This is also called a planned economy. If you look up the definition of socialism, you'll see exactly this, though it may also say that the means of production is communally owned, which in practice when a community sets rules and laws, the community is in fact a government.

Now, back to Scandinavian countries: They are, in fact, capitalist, with a strong welfare component, which again fits within capitalism without being socialism at all. However, just like all western countries, they do have a few socialized (read: government owned) industries. Examples include road construction, water utilities, power utilities, trash collection, etc. In some western countries (namely England) the health care industry is also government owned. In others, the health care system is still privatized but is entirely welfare driven (Australia for example.)

Equifax Lobbied For Easier Regulation Before Data Breach

Posted by msmashView on SlashDotShareable Link
WSJ reports: Equifax was lobbying lawmakers and federal agencies to ease up on regulation of credit-reporting companies in the months before its massive data breach. Equifax spent at least $500,000 on lobbying Congress and federal regulators in the first half of 2017, according to its congressional lobbying-disclosure reports. Among the issues on which it lobbied was limiting the legal liability of credit-reporting companies. That issue is the subject of a bill that a panel of the House Financial Services Committee, which oversees the industry, discussed the same day Equifax disclosed the cyberattack that exposed personal financial data of as many as 143 million Americans. Equifax has also lobbied Congress and regulatory agencies on issues around "data security and breach notification" and "cybersecurity threat information sharing," according to its lobbying disclosures. The amount Equifax spent in the first half of this year appears to be in line with previous spending. In 2016 and 2015, the company's reports show it spent $1.1 million and $1.02 million, respectively, on lobbying activities. While the company had broadly similar lobbying issues in those years, the liability matter was new in 2017.

Re:regulation is always bad for business

By HiThere • Score: 4, Insightful • Thread

It's normally good for the public until regulatory capture happens. Then it continues to be slightly less bad for the public...but often only slightly.

Regulators need to be forbidden to accept payments from the groups they regulate not only while in office, but also after leaving. And that includes jobs.

Re:Just think...

By tlhIngan • Score: 5, Interesting • Thread

Actually, according to the summary, they spent at least $2.6 MILLION dollars in just the last 2.75 years, alone. Imagine how much that money COULD have done if they had used it to hire a few good security engineers and made meaningful changes.

You guys are looking at it the wrong way. You're looking at it as a victim, you should look at it as what it brought them.

With this one breach, that $2.6M is now completely wasted - in fact, it's even worse since it's now achieving the opposite effect - instead of trying to buy reduced scrutiny, their failure to spend on security is working against their campaigning. Even worse, it's brought government scrutiny on all the credit reporting agencies, with increased regulation likely the result.

By failing to spend on security, Equifax has basically made life in their industry much harder for everyone. Ezperian and TransUnion should be applying peer pressure for making it much more expensive to do business now.because any law that comes down, any scrutiny that happens will apply equally to all three of them.

And financial institutions HATE government oversight.; When "too big to fail" banks started having government oversight as required by their bailout packages, they couldn't get rid of them fast enough.

That's how you're supposed to frame it. Protecting your data? You're not worth that much to them. But ensuring their future is free of government oversight and extra regulation? That's something that does affect them directly and the cost of doing business

Re:They knew

By MickyTheIdiot • Score: 5, Insightful • Thread

The executives and management should be held personally responsible

Though I agree in this case, this is a dangerous line of thinking — not entirely unlike blaming a rape victim for wearing too short a skirt...

This is the worst simile I have EVER seen on Slashdot. That's saying a lot.

The corporate CxOs are NOT the victim in this scenario. The corporate worshipers on /. and the Internet love to tell us that the executives deserve huge pay packets because they are responsible. However in *every case* when something happens that hurts thousands of people they are always don't know what happened. Executives hold responsibility and deserve what they are paid or they don't know what is going on and they are overpaid. You can't have it both ways.

The CxOs were the benefactors of the malfeasance. Calling them rape victim is idiotic.

Well duh!

By Ol Olsoc • Score: 3 • Thread
Regulations are bad and regressive! Business always self polices itself better, and the invisible hand of the free market is never wrong, and always self correcting.

If there were no regulations, this would never have happened, and we would all enjoy perfect internet security.

Re:They knew

By muecksteiner • Score: 4 • Thread

You would be surprised how fast people start to care a lot more about the performance and character of the CxOs of the companies they have in their 401k accounts once a total, sudden loss due to criminal activity on part of said CxOs becomes a reality.

Boffins Fear We Might Be Running Out of Ideas

Posted by msmashView on SlashDotShareable Link
Innovation, fetishized by Silicon Valley companies and celebrated by business boosters, no longer provides the economic jolt it once did. From a report: In order to maintain Moore's Law -- by which transistor density doubles every two years or so -- it now takes 18 times as many scientists as it did in the 1970s. That means each researcher's output today is 18 times less effective in terms of generating economic value than it was several decades ago. On an annual basis, research productivity is declining at a rate of about 6.8 percent per year in the semiconductor industry. In other words, we're running out of ideas. That's the conclusion of economic researchers from Stanford University and the Massachusetts Institute of Technology. In a paper published this week through the National Bureau of Economic Research, "Are Ideas Getting Harder to Find?", economics professors Nicholas Bloom, Charles Jones, and John Van Reenen, and PhD candidate Michael Webb, defy Betteridge's Law of Headlines by concluding that an idea drought has indeed taken hold. "Across a broad range of case studies ... we find that ideas -- and in particular the exponential growth they imply -- are getting harder and harder to find," the authors declare in their paper.

Faulty Conclusion

By slapout • Score: 3 • Thread

"In order to maintain Moore's Law -- by which transistor density doubles every two years or so -- it now takes 18 times as many scientists as it did in the 1970s."

That doesn't mean that "each researcher's output today is 18 times less effective in terms of generating economic value than it was several decades ago".

Ignorance suppresses constructive debate.

By coastwalker • Score: 5, Insightful • Thread

Cretin. It has nothing to do with political fetishes about leftism or the stupidity of modern Americans because of the lack of investment in education. The reason for the reduced progress in semiconductor technology is because we are running out of physics. The physical dimensions are now so small that leakage currents and power dissipation are reaching the limits of what is possible with the available materials. Lots of clever and difficult manufacturing processes and material configurations have been developed to make today's silicon chips. The factories that make the latest and most powerful chips cost in the region of $10 Billion because it has become so hard to make them. The problem is not a shortage of ideas, the problem is that it has become 18 times more difficult to make advances in chip performance. Of course both a right wing political expert and a bunch of media reporters choose to misrepresent academic research that measures this slow down in progress as 'political defects in society' and a 'lack of creativity' because, hey screw facts, we have irrelevant opinions and random talking points to argue about. What this demonstrates in fact is that general society is almost completely ignorant about where its technological marvels come from.

I await with interest the response to CRISPR/Cas 9 and Genetic Medicine which will be a mainstream technology marvel of the coming 50 years. You folk are probably too dumb to know what to do with it let alone recognize its potential benefits. For goodness sake learn a bit more about how the science and the world works before ranting about your prejudices and politics.

Re:Worse engineers

By Oswald McWeany • Score: 4, Insightful • Thread

i work at university, and the general competency of the students gets lower every couple years.

No i'm not a grumpy old man, just a really depressed educator who looks at his class and asks "whats the point none of them will ever go anywhere"

Once upon a time only certain jobs needed a degree. Now you almost need a college degree for everything. Once upon a time only smart people went to university, now everyone does.

It's not that people are getting stupider, it's just you're seeing a more even cross-section of humanity now, not just the smart people.

Re:Worse engineers

By losfromla • Score: 4, Insightful • Thread

Ideas are easy. The hard work is implementing them.

Re:Rise of leftism has suppressed original thought

By David_Hart • Score: 5, Interesting • Thread

This gave me a good chuckle. It's always amusing when people from the left or right try and explain the other side and get it completely wrong.

Newsflash to every extremist on either side: no political ideology is completely wrong or completely right. They all get somethings right and somethings wrong, and the same ideology doesn't always work in every situation and every society.

Get over yourselves. As with most things, the best solution is often somewhere in the between what the extremists from either side espouse. Stop demonizing or regaling people based on their political preferences.

Hey, if I give up my extremist views then the middle will no longer be the middle, it will be somewhere on THEIR side of the line.... No way am I giving up ground to THEM....

At least, that's how I imagine the extremists view things. Being fiscally conservative and socially liberal, I'm fairly close to the center. My problem is that none of the political parties are fiscally conservative. They all want to spend money and are just arguing over the pile...

Apple Announces iPhone X With Edge-To-Edge Display, Wireless Charging and No Home Button

Posted by BeauHDView on SlashDotShareable Link
At its event in Cupertino, California today, Apple unveiled the iPhone X to mark the 10th anniversary of the iPhone. It brings several new features including an edge-to-edge screen, Qi wireless charging, and Face ID. The Verge reports: Because of its edge-to-edge display, the iPhone has no place for a conventional home button, relying instead on a complex facial recognition system to unlock the phone. Called FaceID, the new system will replace TouchID, the home button sensor that's enabled fingerprint logins since 2013's iPhone 5S. Users can wake the phone by swiping up from the button instead of hitting the button. The same gesture will open the control panel once the phone is awake. The updated iPhone 8 will continue unchanged, including both the home button and TouchID. Apple also unveiled the iPhone 8 and 8 Plus, which are updated versions of the iPhone 7 and 7 Plus released last year. These new devices feature glass backs with support for wireless charging. The Verge provides some additional specs and features in its report: Apple has improved the display on the iPhone 8 line, adding the same True Tone technology it offers on the 10.5-inch iPad Pro to automatically adjust the screen based on the ambient light in the room to offer more accurate colors. Internally, Apple has upgraded the processor from the A10 Fusion found in the 7 to the A11 Bionic. It's a six-core chip with two performance cores that are 25 percent faster than the A10, and four performance cores that the company says are 70 percent faster that the old model. There's also a new Apple-designed GPU that's 30 percent faster, with the same performance as the A10 at half the power. On the camera front, there's a new 12-megapixel sensor on the iPhone 8 that is larger, faster, and finally has optical image stabilization. The iPhone 8 Plus also has new sensors, and offers f/1.8 and f/2.8 apertures now. The dual cameras on the 8 Plus also have a new "Portrait Lighting" feature to adjust the lighting for portrait shots. And Apple says that the improvements apply to video, too, with Apple executive Phil Schiller claiming that the new devices have the "highest quality video capture ever in a smartphone," with support for 4K/60fps video. Slow motion videos now support up to 1080p resolution at 240fps, doubling the the iPhone 7's 120fps option. The iPhone 8 will start at $699 for a 64GB model, while the 8 Plus will start at $799 for 64GB of storage. You can preorder these devices starting Friday, September 15th, and they will be released a week later on September 22nd.

UPDATE 9/12/17: The iPhone X will be priced starting at $999 for the 64GB variant. Pre-order will be available October 27th with shipments starting November 3rd.

Re:Nope Not True Edge to Edge

By dgatwood • Score: 4, Interesting • Thread

If it were much smaller, you couldn't use it with a case, which most iPhone users do (87% according to one survey).

That said, I really don't get the appeal of bezel-less design on cell phones. It seems completely backwards to me. I hold a phone in my hand. The bezel provides a grip surface. Making that surface smaller is an undesirable feature. Yet if the technology is possible in a phone, it should also be possible in a laptop, which I don't hold in my hand, which therefore does not need a bezel. Why didn't the technology get used there first (or, for that matter, exclusively)?

Worse, when the menu bar is white or when watching videos, these bezel-less designs look ugly. That huge gap at the top where the camera goes means that you can't really watch videos on the entire screen, or else you lose part of the image and it looks ridiculous. So app developers will end up adding a zoom mode like they did for the 4:3 iPads so that the unusable area is avoided. And if they don't want it to look ridiculously lopsided, they'll probably trim the other end, too, and effectively we bring back the bezel, just without the convenience of an actual home button.

I just don't get it. What about this is supposed to be an improvement?

Edge

By fluffernutter • Score: 3 • Thread
With all these edge to edge displays, I hope they have technology that can prevent my phone from doing totally unpredictable things when I pick it up. Is that too much to ask for? This is a problem with my regular bezel edge phone, can't imagine what it will be like with an edge to edge phone.

Re:Not want

By MachineShedFred • Score: 4, Insightful • Thread

Because I'm sure they don't have the tried-and-true PIN entry available still, just like OMG WHAT IF I'M WEARING GLOVES AND IT CAN'T READ MY FINGERPRINT?!

It's not like it takes a room full of PhDs to figure that one out...

Is that really a display with a bite out of it?

By istartedi • Score: 3 • Thread

Is that really display surface with a bite out of it on the X? What are you supposed to do with the two little devil-horns at the top? Ads I guess. Yeah, nevermind. Devil-horn advertising will be the hot new trend.

ComeFace

By seoras • Score: 3 • Thread

"Set your Apple Face ID to your comeface, so that if someone mugs you for your phone they at least have to wank you off first" - Frankie Boyle.

Are Top US Startups Really Startups?

Posted by msmashView on SlashDotShareable Link
Veteran technology reporter and columnist Om Malik writes: Pitchbook, a data research company has come up with a list of top 14 most valuable startups in the United States. There are no real surprises -- they are all ranked by valuation and they all are valued at north of $4 billion. They are all household names -- barring Outcome Health and Samumed. And they have been around forever. They have thousands of employees and many have billions in revenue. What they are not is liquid on public markets. They have not IPO'd. In a different Silicon Valley, they will all be public companies and they won't be deemed startups. Revenue, growth, relative size, market share -- pick a metric (except for lack of profits in many cases) and you know they aren't really startups. So can we stop calling them startups -- and instead maybe call them VC-backed private companies -- otherwise the label startup loses its meaning.

What's an IPO got to do with it?

By mcmonkey • Score: 3, Insightful • Thread

There are many large private companies that could in no way be considered start-ups.

Is Mars (the candy people) considered a start-up? Bechtel? LEGO?

PitchBook doesn't seem to state their criteria for a "startup" (and I looked), but it seems whatever measure they use is off.

Re:Taking bids

By Nidi62 • Score: 4, Funny • Thread

My 15 year old "startup" isn't publicly traded and definitely doesn't make a profit.

Offers above $4 Billion please

Only if it leverages a blockchain to enable an IoT device to sync to the cloud, thereby allowing you to monetize big data utilizing a crowdsourced, "self-employed"(gig) workforce.

Re:Taking bids

By courteaudotbiz • Score: 4, Informative • Thread
You forgot the hashtags to make sure your overhyped keywords are well publicized

Only if it leverages a #blockchain to enable an #IoT device to sync to the #cloud, thereby allowing you to #monetize #bigdata utilizing a #crowdsourced, "self-employed"(#gig) workforce.

FTFY

Now I am the one getting rich! XD

Proper link to the top 14 list

By Walking The Walk • Score: 5, Informative • Thread

Pitchbook, a data research company has come up with a list of top 14 most valuable startups in the United States[om.co].

Here is a link to the actual list by Pitchbook, rather than linking to the reporter's own article on the subject. msmash, it would probably be good to update the summary to use that url for the first link, since that's where people will expect it to go.

Startup == focused on growth

By steveha • Score: 3 • Thread

I work for a company that is making a ton of money and serving a lot of customers and has been around for years, but it still considers itself a startup. I wondered about this.

The CFO explained it in an internal meeting: his definition is that a startup is a company that is still focused on growth above all else. And it's true, the company I work for is plowing a lot of revenue into expansion opportunities, going for growth rather than profits.

When a company has a stable position in its market and starts focusing on making lots of money and/or paying out good dividends on its stock, at that point it is definitely no longer a startup.

I don't know how universal this definition of "startup" is but it makes sense to me, and it nicely handles some of the corner cases discussed in the previous threads here today.

The New Apple Watch Series 3 Has Cellular Built-In

Posted by BeauHDView on SlashDotShareable Link
The first big product unveiling at Apple's Event at the Steve Jobs Theater in Cupertino, California was the Apple Watch Series 3 with built-in support for cellular. TechCrunch reports: Wireless cellular LTE connectivity provided by a built-in chip means the new Apple Watch will be able to stay connected even when it's not tethered to an iPhone, which is a huge step forward in terms of making it an independent mobile device. Pricing for the Series 3 Cellular starts at $399, and a version without cellular starts at $329. Pre-orders begin on September 15, and they'll be available on September 22. The new Apple Watch is visually quite similar to the existing version, with backwards compatibility with existing straps and bands. There's a new Blush Gold color to match the new iPhone color option, and a new ceramic Dark Gray for the higher-end models that joins the existing white. Plus, the cellular version sports that red crown for an extra bit of visual flare. The non-cellular version doesn't have the new red crown.

Inside, it has a new dual-core processor with 70 percent better performance, as well as a new W2 chip that improves Bluetooth and wireless connectivity and power efficiency. The cellular antenna is actually the display itself, and there's an electronic SIM card inside for connectivity. The device is the same physical size as the Series 2, despite adding everything needed for cellular and LTE connectivity -- though the back crystal is extended 0.25 mm, which is incredibly thin. It's still got GPS like Series 2, and it's swimproof, plus it packs in all-day battery life still.

Still no battery life

By ranton • Score: 4, Insightful • Thread

Until these smart watches have a few days of battery life or wireless charging from ten feet away, I'll be going without. I'm sure there are plenty of people who are more diligent about charging their devices every night without fail, but I'm not one of them.

Oblig

By fiannaFailMan • Score: 4, Funny • Thread

No wireless. Less space than a Nomad. Lame.

samsung S2 had this years ago, rarely use it

By ganjadude • Score: 3 • Thread
i got one for free with my S7 and while it was kind of cool, the battery life when in use was cut in half, and it costs an extra 5 or 10 bucks a month from verizon at least. I wonder how much battery life has come in 2 years because thats the biggest dealbreaker against LTE on the watch right now

Obligatory Dick Tracy Watch Comment

By Nova Express • Score: 3 • Thread

Kids, ask your parents who "Dick Tracy" was.

No, not the guy banging Madonna.

Er, kids, ask your grandparents who Dick Tracy was.

Also: Get the hell off my lawn!

The Apple Watch is replacing the Home Button

By no1nose • Score: 3, Informative • Thread

I heard that in order to bring us larger screens, thinner phones and battery life, Apple is removing the Home Button from the iPhone 8 and using the Apple Watch as it's replacement. They did something like this last year, but with the headphone jack and did not offer a replacement.

The Only Safe Email is Text-Only Email

Posted by msmashView on SlashDotShareable Link
Sergey Bratus, Research Associate Professor of Computer Science, Dartmouth College, and Anna Shubina, Post-doctoral Associate in Computer Science, Dartmouth College write: The real issue is that today's web-based email systems are electronic minefields filled with demands and enticements to click and engage in an increasingly responsive and interactive online experience. It's not just Gmail, Yahoo mail and similar services: Desktop-computer-based email programs like Outlook display messages in the same unsafe way. Simply put, safe email is plain-text email -- showing only the plain words of the message exactly as they arrived, without embedded links or images. Webmail is convenient for advertisers (and lets you write good-looking emails with images and nice fonts), but carries with it unnecessary -- and serious -- danger, because a webpage (or an email) can easily show one thing but do another. Returning email to its origins in plain text may seem radical, but it provides radically better security. Even the federal government's top cybersecurity experts have come to the startling, but important, conclusion that any person, organization or government serious about web security should return to plain-text email (PDF).

Re:RTF email

By Obfuscant • Score: 4, Interesting • Thread

The only time people run into issues is when a Microsoft Word document (.doc or .docx) is renamed to .rtf and loaded erroneously.

No, consider the wonderful "winmail.dat", which MS claims exists solely to protect RTF formatting for email. (It's actually what all poorly configured MS email clients send when they do attachments -- a tautology.)

And it's what poorly educated people send even after they've been told that their attachment is unreadable. It can't be THEIR fault, THEY can read it.

I've now officially given up on trying to get the information out of someone who sends winmail.dat attachments. I had one two days ago where I had to extract the attachment, copy it to a Linux system, install "tnef" (a package to deal with such crap), decode the winmail.dat, and then copy the resulting .doc file to another system where it could be read. And it turned out to be one page of text. A complete waste of time.

Myself I'd rather have the sender render and encode a highresolution bitmap file which compresses bilevel images very well allowing for high resolution (like DjVu format).

How about if you can't say it without red flashing italic large fonts you just don't bother saying it at all? Simple text conveys a lot of information simply. You don't need a .doc or .pdf to convey one page of text.

And tag the image with a plain-text section for screen readers, search and OCR to deal with.

Once you've devolved into drawing pictures instead of using words, it is very hard to convey in words what the picture does. A "plain text section" that says "a diagram of what I'm talking about" is pretty meaningless. I've had to deal with this kind of thing for years on a website that I run. It has tons of images, all generated automatically. The "alt text" links cannot be generated that way, so they are all "an image".

Short story: if you can encapsulate the content of your image in a "plain-text section", JUST SEND THE PLAIN TEXT. You don't need the image after all, now do you?

Re:Then why is it so unpopular?

By Obfuscant • Score: 4, Insightful • Thread

At the same time, plaintext e-mail has its faults, too. The color separation makes it clear when you've cleared the 'new message' in the thread, as does the stylized header.

You have no clue what you're saying here. The "new message" flag is a function of the gui or text client, not the email itself. Alpine shows an "N" next to new messages, and that's pretty clear. Evolution uses bold to show new messages, in the message list.

Inline image embedding is abused by marketers, but it makes it far easier to send tutorials or support requests via screenshot sequences.

Images do not have to be inline to be useful.

Yes, clickable links are a security risk, but that's how password reset e-mails work now.

"Because some idiots who don't know good programming and security practices do it this way, it must be good."

News flash: there are mail systems that actually connect to anything in a message that looks like a URL as a way of testing for malmail. I sent someone an email with a link to a website I run and almost instantly I saw "them" access that link in the logs. Not them, the mail server that was scanning their incoming email. Any "one time reset" link sent to that user is not going to work, ever, because the server will have exhausted the "one time" access.

Do you really expect users to copy the complete URL into the address bar without an issue? If there's a line break in there, you're really screwed.

Yes, and of course not. I do it all the time. "Line breaks" in the URL are not a problem. Firefox handles them just fine.

All of that hasn't even begun to address attachments, because technically it is possible for mail attachments to count as both a part of plaintext e-mails and not.

If you don't know what you are talking about, please don't comment on technical things. Attachments are attachments. They are not part of the plain-text body.

The attachment file types themselves, however, are a mess. Outlook cries wolf at *every* attachment,

Say no more, I now understand why you think the way you do. Outlook is a piece of shit created by Microsoft that goes out of its way to avoid the existing standards for email, and is the source of the abomination known as "winmail.dat". If you think Outlook is some baseline to which good email practices should be compared, then you are ... well, enough said. The rest of your rant is thus made moot.

Global warming

By eminencja • Score: 4, Interesting • Thread
Rendering plain text email is so much simpler and uses so much less CPU time/power that it could easily have a measurable effect on the global warming.

The first thing that needs to change

By Baron_Yam • Score: 3 • Thread

Email needs to be 'notify and pull' not 'push'.

My mail server should be deciding if it wants to accept mail, and it should require an outbound connection attempt using DNS to do so. Spoofed sender addresses won't work so well if my server can't look up the domain MX record, or if the listed mail server doesn't know anything about the email I think it has for me.

Just that basic change would kill a lot of crap right off the bat.

Re:Oh the irony

By nine-times • Score: 4, Insightful • Thread

It seems to me that these things, in that we could really use a display format that can't actively do anything. For example, it should be possible to develop a safe subset of HTML that allows some basic formatting, but doesn't provide features that can create security holes. Similarly with PDF, we should be able to create a safe PDF format, and then set PDF viewers to only allow that form of PDF.

But no, that's not good enough. We need PDFs can can run Javascript and embed movies. For some reason.

Why Must You Pay Sales People Commissions?

Posted by msmashView on SlashDotShareable Link
An anonymous reader shares an article: Sales is highly competitive work. That word -- "competitive" -- is the key to a high-performing sales organization. In order to be great at sales, you must outsell the competition. The competition might be a product from another company; it might be an internal project at the target company; or it might be the undying desire of the target customer to do absolutely nothing, which is often the toughest competitor of them all. At the end of the day, it's all a fight. And how do you get the most fight out of an organization? By offering a prize. As the old boxing saying goes, "This is prize fighting. No prize, no fight." Prizes and competition are critical to building a healthy sales culture. So what's an unhealthy sales culture? One that's governed by politics. Sales people must sell into highly political environments to succeed and that's why they don't want to live in one. If you do not evaluate and pay on what sales people sell, then what do you evaluate and pay on? Getting along with others? Kissing the boss' butt? Talking a big game but delivering nothing? Sounds like politics and sales people instinctively know it. When a CEO says, "we're going to evaluate you on things consistent with the culture" the sales person hears: "we are going to toss out objective financial metrics for the subjective will of the king." Great entrepreneurs are great innovators, and innovators love to innovate. But before you innovate on sales compensation, make sure you understand the strengths of the old system.

Even a "Sale" means different things, complicated

By Faizdog • Score: 5, Interesting • Thread

I once worked at a medical diagnostics startup where I got a really interesting view into the world of sales. I was the technical individual responsible for training the sales team ( I knew the tech and was good at explaining it in laymans terms). I also went out with them on sales calls. Very different from what my real job was, but I learned a lot about a different world.

In any case, these observations are obviously limited to that particular experience, but I think can generalize.

The sales people had territories. There was also always fighting about what was in which territory, if you had a major cancer center in your area, you had more chance to be successful.

Now a "sale" was when a doctor ordered our medical test. The sales people had commissions on those sales, and the plans changed over the years, but usually there were tiers, 0-X tests, commission is one number, X-Y tests sold, different (I think higher but forget) commission, etc.

Now what does it mean for a test to be sold. Is it simply that the doctor ordered the test and their staff sent in the form to our lab?

We were trying to get reimbursement with insurance companies worked out. What if we didn't get reimbursed on that test? It's a loss for the company, but the sales person sold it, their job is done, reimbursement is a separate departement. What if though the reason we couldn't get reimbursed is because the test is not very useful clinically for the patient, but the doctor ordered anyway because they were friends with the sales person, or she was very pretty? Now it's a potentially bogus sale.

What if it's a legit sale, and clinically valid, but the patient's sample due to some wetlab processing issues can't have our assay run on it, so we don't make money?

What if we get the order form for a "sale" but never the actual specimen? Is it still a sale?

We spent months and years dealing with these and other issues. It was always very complicated, especially since we were a startup in a somewhat new area, so all the rules or "industry standards" were defined.

Again, very specific to our situation, but provides an example of how a "sale" has different definitions, and sales people want their commissions.

For another, say software product, a sales person may sell, but there is a 3 month evaluation window. They could argue hey I got the foot in the door, I did my job. You make a sucky product and the client won't keep it, or our customer reps can't improve service. For the company, that's not a true "sold" product bringing in revenue, but the sales person did the job they had.

At the end, our startup went out of the business, partially due to the fact we spent A LOT of money on sales commissions for orders, some which were invalid or our reimbursement team couldn't get insurance to pay for.

Re:Because they see the money

By szy • Score: 4, Insightful • Thread

A good product almost sells itself.

A product that almost sells itself is simply priced too cheap ;)

Greed is King

By crashumbc • Score: 5, Insightful • Thread

Sales commissions are used to breakdown moral conventions using greed. A person might not be willing to normally lie to a client or sell them some shit they don't need. But once they get used to the bonuses, they'll do anything to keep them coming in.

Getting paid for being good at your job

By Anonymous Coward • Score: 5, Insightful • Thread

Most jobs give zero benefits for being good at what you do. Lousy or amazing, your monthly paycheck is identical.

“Peter Gibbons: The thing is, Bob, it's not that I'm lazy, it's that I just don't care.
Bob Porter: Don't... don't care?
Peter Gibbons: It's a problem of motivation, all right? Now if I work my ass off and Initech ships a few extra units, I don't see another dime; so where's the motivation? And here's something else, Bob: I have eight different bosses right now.
Bob Slydell: I beg your pardon?
Peter Gibbons: Eight bosses.
Bob Slydell: Eight?
Peter Gibbons: Eight, Bob. So that means that when I make a mistake, I have eight different people coming by to tell me about it. That's my only real motivation is not to be hassled; that, and the fear of losing my job. But you know, Bob, that will only make someone work just hard enough not to get fired. ”

"Heathy Sales Culture"?

By idontgno • Score: 5, Insightful • Thread

I've got your "healthy sales culture" right here. Quantified. Metrics-based. Competitive. The textbook case!

Maybe we can compete to sell the anonymous submitter a fire to die in.

Rotten Tomatoes Scores Don't Correlate To Box Office Success or Woes, Research Shows

Posted by msmashView on SlashDotShareable Link
Depending on who you ask, Rotten Tomatoes is the reason some movies don't perform at the box office. From a report: Countless movie executives, including producers, have told Deadline and the New York Times that the number atop a movie's page on Rotten Tomatoes signifying whether the majority of critics enjoyed or disliked a movie rules the box office. Director Brett Ratner was quoted as saying "I think it's the destruction of our business" while others have called for its demise. According to research conducted by Yves Bergquist, director of the Data & Analytics Project at USC's Entertainment Technology Center, that's not correct. Bergquist collected data from 150 movies this year that made more than $1 million at the box office. Using those Box Office Mojo numbers and comparing them to the critic and audience score on Rotten Tomatoes, Bergquist then "looked at [the] correlation between scores and financial performance" to determine if there was a linear line that could be drawn between low scores and bad box office performance. Or, more simply, did a lower "rotten" rating on Rotten Tomatoes equate to box office woes? The short answer is no, it didn't. Bergquist's findings confirmed that of the 150 movies surveyed, there was only a 12 percent correlation between a movie receiving a bad score and not performing well at the box office. Summer films saw even less of a correlation, with seven percent of lower-scored movies not performing at the box office.

Unscientific

By freeze128 • Score: 3 • Thread
I don't think you can count Rotten Tomotoes ratings as scientific. There is no validation that the reviewer actually SAW the movie. Also, people who SAW the movie, and liked it, aren't forced to review it. Finally, not every moviegoer uses Rotten Tomotoes ratings to determine if they want to see a movie or not.

So, for Hollywood to base its entire success on RT ratings, is stupid.

Doesn't correlate with my enjoyment either

By Crashmarik • Score: 3 • Thread

So not really surprised on this one.

The public's ratings are cool

By ToasterTester • Score: 3 • Thread

The professional reviews are usually way off base loving or hating a film. I go by the public's reviews for a better idea if movie is worth my money. Even then you have to factor in the fanboy effect that will sway the numbers for the first day or even first weekend. Fanboy's are worse than the critics they like anything by . For fanboys its a competition more than if it's good or not like whole Marvel vs DC crowd the Star War fans versus the masses.

I say ignore the professional critics check the reviews of the masses, but factor in if they have a fanboy following.

Re:Hunh?

By Lab Rat Jason • Score: 4, Interesting • Thread

Alternative interpretation: People will eat shit when shit is the only thing available to eat. People will still spend money on a mediocre film if there is nothing else to watch. This is why all the foreign films and artsy stuff steers clear of summer releases... otherwise they'd get trounced by DC, Marvel, et al. I'm pretty confident that if you control for the season of the release date, and the other films you compete with on release, you'd find the correlation you are looking for.

Especially in recent year

By Lucas123 • Score: 3 • Thread
Rotten Tomatoes seems to get it wrong -- at least from the professional reviewer's standpoint. The audience rating is something entirely different, though. That said, I've also had to question that as well over the past year or so.

Google Rival Yelp Claims Search Giant Broke Promise Made to Regulators

Posted by msmashView on SlashDotShareable Link
Online-reviews firm Yelp alleged that Google is breaking a promise it made as part of a 2012 regulatory settlement to not scrape content from certain third-party sites including Yelp, escalating its yearslong battle against the search giant. Yelp said in a letter late Sunday to Federal Trade Commission Chairwoman Maureen Ohlhausen that Google is using Yelp photos for local-business listings in its search results, despite Yelp's formal request that Google not pull such content from its site. From a report: As part of a December 2012 settlement to end an FTC investigation into Google, the tech giant agreed to not use content, including photos and user reviews, from third-party sites that opted out of such scraping. Google's commitment lasts through 2017 and applies to a variety of its products, including its local-business listings. "This is a flagrant violation of Google's promises to the FTC, and the FTC should reopen the Google case immediately," said Luther Lowe, Yelp's public-policy chief. Yelp has emerged as a leading critic of Google because the site believes the search giant unfairly uses its influence to stifle competitors.

Non paywalled link

By Albanach • Score: 4, Informative • Thread

Same topic from a non-paywalled site. For the four /. readers that read the summary and the article.

In other words

By 93 Escort Wagon • Score: 3 • Thread

Website known for behaving unethically complains (legitimately) about other website behaving unethically.

Re: How about a robots.txt file?

By TheSunborn • Score: 4, Informative • Thread

According to the rfc (http://www.robotstxt.org/norobots-rfc.txt) That would be something like

Disallow: *.png
Disallow: *.jpg

which google does support last time i checked. (Which is more then a year ago, but still).

How to de-google the planet?

By wjcofkc • Score: 3 • Thread
I remember when Google was the coolest thing. It was apparent that they would one day rule our lives. Most people, including myself, could not wait. Now that it is here, it sucks. I fell for it. I got duped by them like a few billion others. To their credit, Google did advance technology and our lives in many ways. In many ways we would not have leapt as far as fast as we have over the last decade and half without them. Now it is time for Google to step aside. It is time for Google to fail, and maybe even die. I think of all the "to big to fail" tech giants that have fallen flat on their face over the last 20 years. Google destroyed them all. Now that Google is too big to fail, I suspect their evil ways will be their own demise.

Eventually a smartphone/device/whatever will come along and whack Google over the head. This type of change none of us see coming until it happens.

Now that Cortana and Alexis are getting married, I would like to see Samsung get in on that with Tizen. A Microsoft\Amazon\Samsung phone sounds insane, but Microsoft (despite their mobile failing) and Samsung both have experience in mobile OS design. Meanwhile Amazon has... Well, Amazon has Amazon. It sounds like a train wreck, this is true, but I would like to believe something would come out of such a cooperation and be good. I can dream. Meanwhile, people who used to gush over Google - people like me - have been turning to Bing and Yandex in protest. Just a few years ago, I remember someone mentioning that they used Bing. Everyone in the room laughed at them. These days it's not so funny. With a company the size of Google, they should not have an average employee age of 29 - they do. And they are a bunch of fucking SJWs with forced "integration" policies that discriminate based on age, skin color, and gender. All in the most warped of ways. So yeah, this is a rant

If this post gets modded at all, it will be interesting to see which way it goes. A few years ago it would have been flamebait.

A tough choice

By taustin • Score: 3 • Thread

Who do I root for? This is like having to choose whether to live next door to a child molester or a telemarketer.

Android Always Beats the iPhone To New Features, Qualcomm Says

Posted by msmashView on SlashDotShareable Link
An anonymous reader shares a report: Qualcomm has published a somewhat self-congratulatory blog post that lauds the company and its Android partners for achieving a series of industry firsts that include wireless charging, dual-camera systems, OLED smartphone screens, edge-to-edge displays, and more -- features that the upcoming iPhone is expected to have. Apple and Qualcomm are currently embroiled in what's turning into a vicious, global patent licensing dispute. So the timing of this adulation for Android -- hours before Apple's big September event -- doesn't really strike me as coincidental. It can't be. Qualcomm never mentions Apple by name; the closest the company ever comes is with this line: Inventions from Qualcomm lay the foundation for so many technologies and experiences we value in our smartphones today -- on Android and other platforms.

Awww, someone's jelaous

By Imazalil • Score: 5, Insightful • Thread

What is the point of Qualcomm posting this? If they listed things they themselves "invented" then I can sort of understand, but this is just smells of teenage angst, jealousy, and desperation.

We all know Apple's new chips will spank Qualcomm once again, and this is not how your PR department responds? Sigh.

Re:Iphone

By JohnFen • Score: 5, Informative • Thread

Other than feature phones, then yes, only an Apple fan *can* say their phone is still working fine.

Pure BS. My Android phone is over four years old, and is working just fine.

That's a common misconception

By Solandri • Score: 4, Interesting • Thread
You do realize Apple doesn't actually make any of this stuff, right? They buy them from the same suppliers who make it for Android phones. They get their flash memory from Toshiba and Samsung (the Samsung memory is slightly faster). RAM is from SK Hynix. They get their LED screens from LG, and will get their OLED screens from Samsung. Their camera is sourced from Sony. The cellular and wireless chipsets are from Qualcomm. The much-hyped headphone jack-less audio is by Cirrus Logic. Same with virtually every component that goes into the iPhone.

The only things which are Apple's are the CPU (which they designed, although they use third party fabs to manufacture it - Samsung and TSMC), the fingerprint scanner (they bought the company which makes them back around 2012), and the software.

So the Apple fans who tell themselves that "Apple makes it best" are deluding themselves as a way to rationalize paying an exorbitant price for the same components which go into Android phones.

Is Qualcomm getting desperate?

By Midnight Thunder • Score: 3 • Thread

Qualcomm seems to be desperate for someone to notice them? They lost the CDMA market in favour of GSMA based communication, they complain that Apple is limiting the capability of their chips and now they want to put down Apple. Does it matter who gets to market first, especially if the technology is rushed to market? Sometimes waiting and getting the kinks sorted matters more.

Re:Who can suck the most?

By TheRaven64 • Score: 5, Insightful • Thread

iOS isn't even a serious option as long as it forces users to use Apple's repository

It doesn't. As an individual, you can install anything that you build yourself. As a company, you can set up your own internal distribution if you enrol in the iOS Developer Enterprise Programme.

Equifax's App Has Disappeared From Apple's App Store and Google Play

Posted by msmashView on SlashDotShareable Link
From a report: Equifax's mobile app has been removed from both the iOS and Google Play app stores. According to data from AppAnnie, the app was taken down the same day Equifax announced its massive security breach (September 7). Now customers no longer have access to Equifax Mobile. For example, when iOS users attempt to access the app, they receive a pop-up requiring them to update the program. The pop-up directs users to the App Store -- where they are informed the Equifax app is no longer available. We don't know why the app came down, though Fast Company has confirmed Apple was not involved with the decision to remove Equifax from the App Store.

Re:Probably winding up the company

By cant_get_a_good_nick • Score: 5, Interesting • Thread

What's this about trusting them? Did you ever fill out a form and say "please hold all my data?" Nope. You have no choice in the matter. It's not about consumer trust. Consumer trust has nothing to do with them making money. Only if their real customers (yes, you're the product) drop them will they have to change. This is a case only where losing money will effect change. But you and me will get a buck or two and only the lawyers will get rich.

Also, see Axciom. Another company with a huge amount of data about you, data they pull from various sources without you saying "please develop a profile on me to sell me new things". If they had a data breach, same thing - us normal folks would bitch and moan but no real change.

Or we can have the Trump administration have real laws protecting consu,......... nah, I couldn't even type the whole sentence out without laughing too hard to finish it.

the real problem there....

By Anonymous Coward • Score: 3, Insightful • Thread

The real problem isn't "the equifax app", whatever the fuck that is. The real problem is:

For example, when iOS users attempt to access the app, they receive a pop-up requiring them to update the program. The pop-up directs users to the App Store -- where they are informed the Equifax app is no longer available.

Do not allow ANY company that much control over your computing environment. If they don't abuse it today, they will tomorrow. Today it may be some stupid shit you don't care about. Tomorrow it will be something you do.

Personal computing used to be in the hands of its owners. If we all decide it's OK to give that control away and centralize all decision making, that is saying China has the right model about centralized control, and the model that existed from the dawn of the personal computing era in the 1970's that empowered users instead of companies was wrong.

Re:Probably winding up the company

By DarkOx • Score: 4, Insightful • Thread

See honestly its hard for me to see how they will be financially hurt by the breach.

A lot of noise has been made by execs selling stock. The thing is look at the pattern of these big breaches. All the major one have pretty much regained their market cap at some point. TJX, Target, Home Depot, PF Changs, the list goes on. Those are retail and by and would be pretty easy for consumers to avoid if they really cared to do so. They don't. The market has actually said breaches don't matter! There is a short term panic where everyone stays away and than they rapidly forget, and return to their old habits.

Equifax is better positioned then retail to weather this. I mean sure you can decide you are not paying to have you FICO score included on your annual free credit report! Wow that'll show'em! Its a tiny portion of their business. Otherwise their customers are not consumers but corporate lenders and large employers. In the end they care if the data they are getting on YOU is accurate, not how well its controlled. They will either go with the cheapest mostly reliable source or they are using multiple agencies and will probably continue to use Equifax.

Personally the CXOs that sold stock are probably smart, they know they can take profits today and probably buy it back cheaper next month sometime and ride it all the way back up to previous levels! Why because the fundamentals have not changed any so its almost a sure bet. Heck the moment I hear CONgress isnt going to do something crazy i'll probably buy too! Pretty much some kind of government intervention is the only thing that could actually hurt them as result of this.

Re:We'll see on this

By phalse phace • Score: 5, Informative • Thread

Frankly they have alot of friends in Washington (both parties) that they pay alot of money to - to buy off.

This is so true.

Equifax Lobbied for Easier Regulation Before Data Breach

Sept. 11, 2017

Equifax Inc. was lobbying lawmakers and federal agencies to ease up on regulation of credit-reporting companies in the months before its massive data breach.

Equifax spent at least $500,000 on lobbying Congress and federal regulators in the first half of 2017, according to its congressional lobbying-disclosure reports. Among the issues on which it lobbied was limiting the legal liability of credit-reporting companies.

The amount Equifax spent in the first half of this year appears to be in line with previous spending. In 2016 and 2015, the company’s reports show it spent $1.1 million and $1.02 million, respectively, on lobbying activities. While the company had broadly similar lobbying issues in those years, the liability matter was new in 2017.

Equifax’s political-action committee made contributions to 13 members of the Financial Services Committee during the 2016 election cycle, according to data from the Center for Responsive Politics. Among the recipients was Committee Chairman Rep. Jeb Hensarling (R., Texas), who received $1,000. Last Friday, he called for his committee’s hearing into the breach.

Rep. Blaine Luetkemeyer (R., Mo.), chairman of the Financial Institutions and Consumer Credit subcommittee that directly handles matters relating to the reporting companies, received $2,000. Also receiving $2,000 was Rep. Barry Loudermilk (R., Ga.), sponsor of the bill that would place a $500,000 cap on the statutory damages consumers could win in a lawsuit against the credit-reporting companies, as well as eliminate punitive damages against them entirely.

The Equifax PAC also gave two additional $1,000 donations to Rep. Luetkemeyer this year, in April and June, according to Federal Election Commission records. The April donation was eight days before Rep. Loudermilk’s bill was introduced.

At last week’s hearing into the liability limits bill and other regulatory overhaul measures, Chi Chi Wu, a staff attorney for the National Consumer Law Center, said the proposed legislation “drastically decreases the consequences for credit bureaus” when they violate the law.

Equifax has also lobbied on changes to rules governing companies that promise to “repair” consumers’ credit. A separate bill pending before the Financial Services Committee would allow credit-reporting companies to offer credit-education and identity-protection services without being subject to rules governing credit-repair companies.

Bet that the code that works with the apps was

By rtfa0987 • Score: 4, Interesting • Thread
Those apps were very powerful. Wanna bet that the code that works with the apps was the source of the breach? Equifax Places utilizes your GPS location to show you: * Equifax Credit Score : Average credit scores in your area * Fraud Index: The frequency of identity fraud in your area * Credit Rankings: How your credit measures up to others in your area Want more? With an eligible Equifax product, you can also: * Lock and unlock your Equifax credit file* * View alerts to key credit file changes * Check your Credit Score — anywhere, anytime * Get one stop protection if you ever lose your wallet http://www.equifax.com/mobile/

Amazon's Whole Foods Price Cuts Brought 25 Percent Jump In Shoppers

Posted by BeauHDView on SlashDotShareable Link
According to Foursquare Labs, which compiled location information from shoppers' mobile devices during the first two days after Amazon completed its acquisition of Whole Foods and compared the data with the same period a week earlier, the electronic commerce company boosted customer traffic to Whole Foods by 25 percent. Bloomberg reports: Amazon acquired the upscale chain last month for $13.7 billion, a move that has brought turmoil to the supermarket industry and sent shares of grocery rivals tumbling. The same day it completed the acquisition, the e-commerce giant cut prices by as much as 43 percent on a range of items. Organic fuji apples were marked down to $1.99 a pound from $3.49 a pound, for instance. Organic avocados dropped to $1.99 each from $2.79. The traffic data is an optimistic sign that Amazon can succeed in the brick-and-mortar world. In some areas, the jump in customers was dramatic. At stores in Chicago, 35 percent more shoppers visited Whole Foods stores, Foursquare found. It's not surprising that curious shoppers visited the stores immediately after the takeover, particularly after a bevy of media coverage, according to Jennifer Bartashus, an analyst at Bloomberg Intelligence. What's left to be seen is whether they will start consistently shopping more at Whole Foods stores.

Re:The Amazon mantra

By DontBeAMoran • Score: 5, Funny • Thread

They have a trick: their volume goes to 11.

Curious Shoppers?

By link-error • Score: 4, Insightful • Thread

How many of those people were just checking out what actually changed prices? Let me know those numbers again in a few months, then I'll be impressed.

Kiva Systems

By Idou • Score: 5, Informative • Thread
Now Amazon Robotics, was founded by former Webvan employees. Webvan failed because it could not get food to customers before it rotted. The plan was to build miles and miles of conveyor belts. The founders of Kiva Systems learned from those mistakes and built a better way.

Amazon's move to buy Whole Foods means the technology is now mature enough to lay waste to established grocery market players. Think this is an exaggeration? Make sure you check out some Kiva robots in action before coming to that conclusion.

Chatbot Lets You Sue Equifax For Up To $25,000 Without a Lawyer

Posted by BeauHDView on SlashDotShareable Link
Shannon Liao reports via The Verge: If you're one of the millions affected by the Equifax breach, a chatbot can now help you sue Equifax in small claims court, potentially letting you avoid hiring a lawyer for advice. Even if you want to be part of the class action lawsuit against Equifax, you can still sue Equifax for negligence in small claims court using the DoNotPay bot and demand maximum damages. Maximum damages range between $2,500 in states like Rhode Island and Kentucky to $25,000 in Tennessee. The bot, which launched in all 50 states in July, is mainly known for helping with parking tickets. But with this new update, its creator, Joshua Browder, who was one of the 143 million affected by the breach, is tackling a much bigger target, with larger aspirations to match. He says, "I hope that my product will replace lawyers, and, with enough success, bankrupt Equifax."

Not that the bot helps you do anything you can't already do yourself, which is filling out a bunch of forms -- you still have to serve them yourself. Unfortunately, the chatbot can't show up in court a few weeks later to argue your case for you either. To add to the headache, small claims court rules differ from state to state. For instance, in California, a person needs to demand payment from Equifax or explain why they haven't demanded payment before filing the form.

Re:Maximum Damages

By MiniMike • Score: 4, Informative • Thread

This is small claims court. If you want to claim more than the small claims maximum, get a lawyer and sue them in 'regular' court.

Re:You will never see the money if you win.

By fortfive • Score: 4, Funny • Thread

So what you're saying is we need chatbots in Congress?

Re:What a time to live in

By thegreatbob • Score: 4, Funny • Thread
A better, more efficient pure evil.

Re:hrn....

By parkinglot777 • Score: 5, Insightful • Thread

I assume that you cannot sue in small claims court if Equifax says your data/credit report/personal information wasn't affected in the hack?

To sue someone on a small claim court, you need to 1) have damages that can be quantify to an amount of money (not imaginary amount) and 2) can prove that the damages are done by their action (not circumstantial evidence or very likely to lose). If you are sure you have both, then go for it; otherwise, don't waste your time.

Ah, but can you collect?

By Anonymous Coward • Score: 4, Interesting • Thread

A friend got a summary judgment in small claims court against Dell years ago, but actually getting them to pay turned out to be incredibly difficult. They simply ignored legal documents that were mailed to them, and while the would likely piss off a real judge, the small claims court judge just kind of shrugged about it. He tried to file a seizing of assets to cover the debt - got a sheriff to look into seizing the computers and whatnot at a kiosk in a mall. Legally apparently Dell doesn't own that stuff, some franchisee does. He would need some mechanism to seize assets at Dell headquarters, and that wasn't happening. AFAIK, he never collected, and the judgment stands (and continues to accrue interest).

Google Publicly Releases Internal Developer Documentation Style Guide

Posted by BeauHDView on SlashDotShareable Link
BrianFagioli shares a report from BetaNews: The documentation aspect of any project is very important, as it can help people to both understand it and track changes. Unfortunately, many developers aren't very interested in documentation aspect, so it often gets neglected. Luckily, if you want to maintain proper documentation and stay organized, today, Google is releasing its internal developer documentation style guide. This can quite literally guide your documentation, giving you a great starting point and keeping things consistent.

Jed Hartman, Technical Writer, Google says, "For some years now, our technical writers at Google have used an internal-only editorial style guide for most of our developer documentation. In order to better support external contributors to our open source projects, such as Kubernetes, AMP, or Dart, and to allow for more consistency across developer documentation, we're now making that style guide public. If you contribute documentation to projects like those, you now have direct access to useful guidance about voice, tone, word choice, and other style considerations. It can be useful for general issues, like reminders to use second person, present tense, active voice, and the serial comma; it can also be great for checking very specific issues, like whether to write 'app' or 'application' when you want to be consistent with the Google Developers style."
You can access Google's style guide here.

Serial Comma?

By Comboman • Score: 4, Funny • Thread
I converted all my serial commas to USB long ago. If I need one I can always use a virtual serial comma.

Re:Documentation is part of design and implementat

By mveloso • Score: 5, Insightful • Thread

"This is one of the problems: sloppy commenters like to read ideas into statements that contradict those ideas."

No.

"Creating documentation is sharply distinct from design and implementation"

Uh, no. We can agree to disagree, but documentation on your code in my company is a deliverable. Code with no associated documentation is rejected. Developers who refuse to write documentation aren't hired.

"Something that works poorly will not work any better just because it comes with great documentation"

No, but it will allow someone else to figure out how you fucked up because your thinking is wrong. It will help the next person change the code because they will understand what you were trying to do so they can take your design and run with it.

Code only tells you what, but for any code that's useful the "why" is more important than "what."

Re: Good engineers write good documentation

By sjbe • Score: 5, Insightful • Thread

If you're spending more time on documentation than on design or implementation, you're either doing safety-critical work, or you're doing it wrong.

You have that backwards and you seem confused about my point. If something is documented properly then actually implementing it will generally take a minority of the time. Design and documentation go hand in hand - one can not exist without the other. Code can be a form of documentation but the most reliable software out there spends a LOT of time on documentation that is not code. This has nothing inherently to do with safety. Most software "engineering" is in reality badly lacking in process and the results show it. I'm not talking about writing the user manual (though that's important too) but rather the actual documentation that goes with making a product.

95% of software should use design elements that are familiar to the users in a way that makes it easy to discover how to do what they want.

Two points. A) Not all engineering is software. Stop looking at documentation through such a narrow lens. B) You completely missed my point. I'm not talking about the design of the solution or end users. I'm talking about documentation written by engineers primarily for other engineers or other individuals tasked with carrying out the solution. Furthermore if you do want to talk about user documentation, most of that sucks too. The notion that you can do non-trivial tasks without having substantial proper documentation is just absurd. Yes good design minimizes the need for it but to pretend that you can dispense with all documentation because you have delusions that your design is so elegant it doesn't need it.

Google's external documentation is awful

By peppepz • Score: 4, Insightful • Thread
...so I think they have very little to teach in that respect.

Moreover, what they are publishing is merely a style guide, and has nothing to with the fact that “many developers aren’t very interested in documentation aspect”. It is only useful to make the documentation from third-party contributors look like the one that Google have written themselves. It won’t help with the technical quality of anyone’s else documentation.

The bigger issue

By JohnFen • Score: 3 • Thread

The bigger issue is just getting developers to write documentation in the first place. That's a situation that's gotten even worse with the rise of "agile" methodologies.

Virginia Scraps Electronic Voting Machines Hackers Destroyed At DefCon

Posted by BeauHDView on SlashDotShareable Link
Following the DefCon demonstration in July that showed how quickly Direct Recording Electronic voting equipment could be hacked, Virginia's State Board of Elections has decided it wants to replace their electronic voting machines in time for the gubernatorial election due on November 7th, 2017. According to The Register, "The decision was announced in the minutes of the Board's September 8th meeting: 'The Department of Elections officially recommends that the State Board of Elections decertify all Direct Recording Electronic (DRE or touchscreen) voting equipment." From the report: With the DefCon bods showing some machines shared a single hard-coded password, Virginia directed the Virginia Information Technology Agency (VITA) to audit the machines in use in the state (the Accuvote TSX, the Patriot, and the AVC Advantage). None passed the test. VITA told the board "each device analyzed exhibited material risks to the integrity or availability of the election process," and the lack of a paper audit trail posed a significant risk of lost votes. Local outlet The News Leader notes that many precincts had either replaced their machines already, or are in the process of doing so. The election board's decision will force a change-over on the 140 precincts that haven't replaced their machines, covering 190,000 of Virginia's ~8.4m population.

Re:Let's face it

By Curunir_wolf • Score: 5, Insightful • Thread

The city of Richmond replaced all their touch-screen voting machines 3 years ago. The replacement? Paper ballots and scanners.

As an election officer, I prefer the paper ballots. Easy to track and easy to recount when necessary. I trust the system a lot more than the old touch screens. What's wrong with paper ballots? It's just as fast getting voters through and counting is actually easier.

Re:Let's face it

By Sique • Score: 5, Insightful • Thread
There is a fundamental problem with e-voting.

If we look at the conditions of a fair election, we have certain criteria to be met. Elections should be fair, meaning that voting should be no undue burden to each of the voters. Elections should be free, meaning no one should be able to force you to vote a certain way. Elections should be equal, meaning, that each vote counts the same, votes are not tampered with, and no additional votes should be added (e.g. ballot stuffing or changing invalid votes into valid ones).

The problem with e-voting is that it can't warrant free and equal at the same time. If voting is free, no one should be able to know how you have voted, and you should not be able to keep any proof how you voted. Because if you could prove your vote, a "voting enforcer" could either pay you if you provide proof to have voted correctly, or punish you for not having the proof. For e-voting that means that there should be no electronic or physic trail from a vote back to you. On the other hand, there has to be proof that all valid votes have been counted, no vote has been tampered with, and no additional votes have been added to ensure the equality of votes. How do you keep track of immaterial entities? You can't sign them with the voter's key, otherwise they aren't free anymore. If you sign them with another key, how do you ensure that this key is not used to add votes? And how do you ensure that the votes are really counted the way they were cast? And how do you watch the count? One important argument why to use computers in the first place is to speed up the counting process. I disagree. Counting should never be faster than the watchers can count.

It takes a team of specialists to go through the code of the voting application itself to ensure it does only what it is supposed to do. And the Underhanded C Contest shows how easy it is to hide side effects within code. And this only looks at the application itself. It doesn't even look at the operating system or hardware tampering. Who does audit the millions of lines of code for the operating system and the billions of transistors on today's processors and RAM chips?

Having people watching the sealing of the ballot box and people watching the ballot boxes during the voting process until the seal is broken and the votes are counted by hand, and then the resealing of the boxes and the transport to the central voting office together with the counting tabs, and then watching how the final tab is counted does not require any specialist knowledge.

Re:We had paper ballots here in Virginia Beach

By hey! • Score: 4, Informative • Thread

I have a theory why some districts may prefer voting machines to electronically scanned paper ballots. Voting machines make it possible to manipulate election results without actually hacking the machines themselves. You just have to hack the wait times in districts unfavorable to you. Lest that seem far-fetched, note that studies have shown that waits in minority-dominated precincts are on average almost twice that of white districts.

For the price of a single voting machine you can put up a dozen of those cheap pop-up voting booths. This means the marginal cost of scaling up an overloaded precinct's capacity is extremely low. I live in a state that uses scanned paper ballots, and the voting places have so many booths that in 45 years of voting I've never had to wait more than five minutes to vote -- and that's for checking in with the elderly volunteers. There's always free booths, no matter how heavy the turnout.

Re:Manual vote counting

By asifyoucare • Score: 4, Interesting • Thread

No real difference in scope / scale. Vote counting is inherently parallelisable.

More people > more polling stations > more vote counters.

Is fake news. Machines fine.

By mnemotronic • Score: 3 • Thread
Not possible to be hacking great American voting machines. Ignore fake news. Continue make use of wonderful machines.