Alterslash

the unofficial Slashdot digest for 2018-Jan-12 today archive

Contents

  1. Why the World Only Has Two Words For Tea
  2. Snapchat's Big Redesign Bashed In 83 Percent of User Reviews
  3. Ask Slashdot: How Would You Use Computers To Make Elections Better?
  4. Americans Still Deeply Skeptical About Driverless Cars, Says Poll
  5. Apple's China iCloud Data Migration Sweeps Up International User Accounts
  6. Researcher Finds Another Security Flaw In Intel Management Firmware
  7. Google Pulls 60 Apps From Play Store After Malware Exposes Kids To Porn
  8. US Supreme Court Will Revisit Ruling On Collecting Internet Sales Tax
  9. PC Market Still Showing Few Signs of Life
  10. GM Will Make an Autonomous Car Without Steering Wheel or Pedals By 2019
  11. Intel's Chip Bug Fixes Have Bugs of Their Own
  12. Apparently, People Say 'Thank You' To Self-Driving Pizza Delivery Vehicles
  13. Studios Sue Dragon Box in Latest Crackdown on Streaming Devices
  14. Apple's Indirect Presence Fades from CES
  15. Will Cape Town be the First City To Run Out of Water?
  16. Ex-Google Employee's Memo Says Executives Shut Down Pro-Diversity Discussions
  17. Cisco Can Now Sniff Out Malware Inside Encrypted Traffic
  18. Facebook Overhauls News Feed in Favor of 'Meaningful Social Interactions'
  19. AMD Is Releasing Spectre Firmware Updates To Fix CPU Vulnerabilities
  20. Sea Turtles Under Threat As Climate Change Turns Most Babies Female
  21. Ecuador Grants Citizenship To WikiLeaks Founder Julian Assange
  22. Ice Cliffs Spotted On Mars

Alterslash picks the best 5 comments from each of the day’s Slashdot stories, and presents them on a single page for easy reading.

Why the World Only Has Two Words For Tea

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from Quartz: With a few minor exceptions, there are really only two ways to say "tea" in the world. One is like the English term -- te in Spanish and tee in Afrikaans are two examples. The other is some variation of cha, like chay in Hindi. Both versions come from China. How they spread around the world offers a clear picture of how globalization worked before "globalization" was a term anybody used. The words that sound like "cha" spread across land, along the Silk Road. The "tea"-like phrasings spread over water, by Dutch traders bringing the novel leaves back to Europe.

The term cha is "Sinitic," meaning it is common to many varieties of Chinese. It began in China and made its way through central Asia, eventually becoming "chay" in Persian. That is no doubt due to the trade routes of the Silk Road, along which, according to a recent discovery, tea was traded over 2,000 years ago. This form spread beyond Persia, becoming chay in Urdu, shay in Arabic, and chay in Russian, among others. It even it made its way to sub-Saharan Africa, where it became chai in Swahili. The Japanese and Korean terms for tea are also based on the Chinese cha, though those languages likely adopted the word even before its westward spread into Persian. But that doesn't account for "tea." The te form used in coastal-Chinese languages spread to Europe via the Dutch, who became the primary traders of tea between Europe and Asia in the 17th century, as explained in the World Atlas of Language Structures. The main Dutch ports in east Asia were in Fujian and Taiwan, both places where people used the te pronunciation. The Dutch East India Company's expansive tea importation into Europe gave us the French the, the German Tee, and the English tea.

Re:Polish...

By nadaou • Score: 4, Funny • Thread

Polish language is an interesting exception -- "herbata" = "tea".

And of course "atabreh" in reverse Polish.

Re:seriously?

By thegarbz • Score: 5, Funny • Thread

basic entomology one can look up online in 5 seconds

I'd like to file a bug report on your post.

Re:Polish...

By SPopulisQR • Score: 5, Insightful • Thread
Polish language is not exception but merely another iteration in evolution. Polish "Herbata" is derived from latin "Herba thea", which means plant tea in which "thea" is latin version "chay". Entire word was shortened to Herbata.

Re:And?

By demonlapin • Score: 5, Insightful • Thread
All linguists are nerds.

Re:Only two for "Telephone"

By Carewolf • Score: 4, Funny • Thread

your teacher must have learned German before the Second World War. The young probably wouldn't even know what a `Fernsprecher` is. They'd assume that's a person doing something. And older Germans would be slightly amused by someone using this ancient term. It's a `Telefon` in proper German.

But the term for mobile phone is peculiar, here you're exactly right, the official word is `Mobiltelefon` (so a mobile phone), but basically everyone calls it a `Handy`, which is an artificial word derived from bullshitized English. Actually, you'll encounter a lot of Germans who'll ask you for your handy number, referring to your cell.

Funnier is table football, which in American English is known as Fussball from bullshitized German, and in German is known as Kicker from bullshitized English.

Snapchat's Big Redesign Bashed In 83 Percent of User Reviews

Posted by BeauHDView on SlashDotShareable Link
The new Snapchat redesign that jams Stories in between private messages is not receiving a whole lot of praise. "In the few countries including the U.K., Australia, and Canada where the redesign is widely available, 83 percent of App Store reviews (1,941) for the update are negative with one or two stars, according to data by mobile analytics firm Sensor Tower," reports TechCrunch. "Just 17 percent, or 391 of the reviews, give it three to five stars." From the report: The most referenced keywords in the negative reviews include "new update," "Stories," and "please fix." Meanwhile, Snapchat's Support Twitter account has been busy replying to people who hate the update and are asking to uninstall it, noting "It's not possible to revert to a previous version of Snapchat," and trying to explain where Stories are to confused users. Hopes were that the redesign could boost Snapchat's soggy revenue, which fell short of Wall Street earnings expectations in Q3 and led to a loss of $443 million. The redesign mixes Stories, where Snapchat shows ads but which have seen stagnation in sharing rates amidst competition from Instagram Stories, into the more popular messaging inbox, where Snapchat's ephemeral messaging is more differentiated and entrenched.

Re:Remember Slashdot beta?

By Anonymous Coward • Score: 4, Insightful • Thread

It is always the same story. Someone thinks the site needs to be refreshed, but users do not like change for the sake of it, especially about user interfaces.

I don't care if the UI changes, but it needs to change to something usable.

That Slashdot beta was so bad that I stopped visiting Slashdot altogether.
It took me six months to realize they had reverted the beta, and that was because I accidentally followed a link.

Re:Remember Slashdot beta?

By Anonymous Coward • Score: 5, Interesting • Thread

Ever notice how Amazon has basically had the same Dotcom 1.0 aesthetics forever? And how Jeff Bezos is the richest man on the planet? Maybe ridiculous interface refreshes with the latest hipster look and feel are not so good after all.

Any UI change you implement needs to pass the test

By Opportunist • Score: 5, Insightful • Thread

Mostly the test of the user of "enhanced experience" against the discomfort of having to move his ass. Any change is first met with resistance. It could be the best, most intuitive UI in the history of UIs and the user will first meet it with hostility. It's different, it ain't what he is used to and most of all using it without having to use half a brain cell, i.e. what he was used to if it was a tool he used every day for hours, is no longer an option. He has to learn again. People do not like that.

So whenever you do something like this, you HAVE TO give the user something he really, really, REALLY wants to compensate and overcome that reluctance. It needn't even be anything great. Not even anything useful. Any kind of convenience goodie may well do the trick.

Without, your UI is doomed.

Chekov died because of this crap

By Jody Bruchon • Score: 3 • Thread
I'd just like to point out that user interface design changes for no good reason other than change's sake resulted in the death of Chekov's actor, Anton Yelchin. While Snapchat's UI is unlikely to result in death, the point remains the same: once users buy into an interface and grow the skill set to use it well, you can't shake it up in any major way without causing serious problems and pissing off a lot of people. Microsoft made a major change in Office 2007 with the "ribbon" that user testing indicated was necessary and was successful in reducing hunting and whatnot, yet that stupid ass ribbon and the shuffling of formatting options to hidden places without decent discoverability is still an enormous pain in the ass for me to use even today. It used to be that I could right-click on text and get paragraph and character formatting boxes with everything but the kitchen sink in them organized into wonderfully neat hierarchical tabs. Now every time I want to do something that doesn't start with B/I/U I have to go on an Easter egg hunt.

Changing user interfaces willy-nilly kills well-known actors and pisses off millions of teenagers. Don't do it.

Re:Remember Slashdot beta?

By dfm3 • Score: 5, Insightful • Thread
GP wasn't talking about the flashy sliding stuff, but about the content layout. Things you'll still see on Amazon's website, that many other websites have eliminated in favor of "streamlining" the "user experience":

- No hamburger menus. They still dare to hide their menus behind descriptive words.
- Long lists actually have page numbers at the bottom, instead of infinitely scrolling.
- Everything's black text on white, with blue links, and prices in dark red. Lots of bold text everywhere. Virtually no pale thin fonts on pastel backgrounds.
- Not one, but TWO site maps at the bottom of the page!
- Minimal white space. By modern "UX" design, most pages are actually considered cluttered. Not quite "Yahoo 1996" cluttered, but still very information dense.

And you know what? It works. I can usually get from where I am to where I want to be with no more than a couple clicks, and I spend longer on each page because there's so much info to digest. That means I'm more likely to notice all the other "impulse buy" items on the sidebar, which is probably their goal.

Ask Slashdot: How Would You Use Computers To Make Elections Better?

Posted by BeauHDView on SlashDotShareable Link
shanen writes: Regarding politics, is there anything that Americans agree on? If so, it's probably something negative like "The system is broken," or "The leading candidates are terrible," or even "Your state is a shithole." With all our fancy technology, what's going wrong? Our computers are creating problems, not solutions. For example, gerrymandering relies on fancy computers to rig the maps. Negative campaigning increasingly relies on computers to target the attacks on specific voters. Even international attacks exploit the internet to intrude into elections around the world. Here are three of my suggested solutions, though I can't imagine any of today's politicians would ever support anything along these lines:

(1) Guest voting: If you hate your district, you could vote in a neighboring district. The more they gerrymander, the less predictable the election results.
(2) Results-based weighting: The winning candidates get more voting power in the legislature, reflecting how many people actually voted for them. If you win a boring and uncontested election where few people vote, then part of your vote in the legislature would be transferred to the winners who also had more real votes.
(3) Negative voting: A voter could use an electronic ballot to make it explicit that the vote is negative, not positive. The candidate with the most positive or fewest negative votes still wins, but if the election has too many negative votes, then that "winner" would be penalized, perhaps with a half term rather than a full term.

What wild and crazy ideas do you have for using computers to make elections better, not worse?

Re: Simple

By dskoll • Score: 4, Insightful • Thread
Really? You ever try to rig a paper ballot election? You'll find it almost impossible to commit massive fraud, something that's trivial with computer voting.

Bennett Haselton

By drafalski • Score: 5, Funny • Thread

Has anyone asked Bennett Haselton? I'll wager he has an idea or three...

That would be good, not bad

By raymorris • Score: 5, Insightful • Thread

Over half of Americans don't know who the vice president is. That's how interested many of us are in policy and the political process. A supermajority can't distinguish the Republican platform from the Democrat platform when it is handed to them with the party name redacted.

I don't have my car fixed by someone who doesn't know what an "engine" is, I don't have dental cavities filled by someone who can't point to my bicuspids, and I don't want national policy decided by people who don't recognize the name "Mike Pence", nor know how many senators there are.

> I think it's clear that if you want representative democracy to work and be considered legitimate, you need fewer barriers to voting, even if people like you think a DMV visit is reasonable.

And that's the reason the founders created a republic, not a democracy. The federal budget isn't American Idol. If you're not interested enough in participating in society to either have a driver's license or swing by and pick up a (free) ID, maybe you're not the person who should be deciding federal law and other national policy, based on "I heard he was born in Africa"or "because she's a woman". Maybe the decisions of national policy SHOULD be made by people who have enough interest to do more than "text your vote to 1-800-bumper-sticker".

Re:Ranked voting

By swillden • Score: 5, Interesting • Thread

Computers would make this easier but are not required.

https://en.wikipedia.org/wiki/Ranked_voting http://www.fairvote.org/rcv

I used to be big fan of ranked voting, especially with Condorcet evaluation with Schwarz Sequential Dropping. Then I tried to explain it to a few people and changed my mind. Instant-runoff is a little simpler, but still pretty complicated -- and actually a bit tricky to execute correctly since it's inherently multi-pass (Condorcet is simpler to execute). Simplicity matters because what's just as important as having a fair election, is having a fair election that voters can understand and trust.

I think the best scheme overall is approval voting. The mathematical properties of approval voting are almost as good as the best ranked voting schemes. It's a little more vulnerable to strategic voting (which is when voters might have reason to vote other than their true preferences, as is the norm in plurality-rules schemes), but really not very much. In theory it also doesn't capture quite as much nuance of voter intent since it doesn't allow one to express a preference between two acceptable candidates. But it does allow voters to express another important element of intent which ranked ballots don't allow: acceptability. And it's brain-dead simple to understand.

If you don't know how it works, here you go: An approval voting ballot has all of the candidates listed. You mark all of those that are acceptable to you. The candidate with the most marks wins.

Such a system eliminates the strong two-party bias that plurality-rules systems have (Duverger's Law, that bias is called). In very few cases does it ever make sense to vote other than your true preferences. And it encourages parties to field broadly-acceptable candidates.

Tallying is a single-pass process and counts can be provided by sub-regions for totalling (unlike IRV, where the runoff phases require reinterpretation of the ballots at each runoff). If it's desired, you can even specify a minimum win threshold -- if no candidate gets, say, 50% approval then no one wins and you re-run the election with a new slate of candidates. There's an obvious risk of never getting a winner here, so such a system should probably progressively lower the required approval level to be sure that someone eventually wins, but the flip side is that such a system would mean that the 2016 US presidential election would never have put either Hillary Clinton or Donald Trump on the ballot; both (all) parties would be looking for someone with broader appeal.

However, approval voting can be done with or without computers, so it's not really relevant here. IRV can also be done without computers, though it's kind of tedious without them.

Re:Simple

By mridoni • Score: 4, Interesting • Thread

Paper is pretty secure here, where most anyone and especially members of all parties, can watch the whole process.

Yes, that's pretty much it. There are scams you can use with paper ballots, but they're harder to get it to scale

That's important, but there's more: with paper ballots, literally anyone, on a small scale, even without any formal education at all, can understand the principles involved and monitor the process, before or afterwards. With electronic voting, you need people with experience (and very possibly degrees) in cryptography and security. Not only this severely restricts the number of people who are able to assess if the process is rigged, but also it makes the process "less democratic", given that the greater part of the population, in practice, is hindered from exercising their right to check that the election process was really fair.

Americans Still Deeply Skeptical About Driverless Cars, Says Poll

Posted by BeauHDView on SlashDotShareable Link
A new poll was released today that basically repeats data we've seen in previous surveys: Americans still don't trust self-driving cars, and are nervous about the coming onslaught. The Verge reports: Asked how concerned they'd be to share the road with a driverless car, 31 percent said they'd be "very concerned," while 33 percent said "somewhat concerned," according to the poll which was just released by Advocates for Highway and Auto Safety. A majority (63 percent) said they would not support "mass exemptions" from federal motor vehicle safety standards for self-driving cars, and were not comfortable (75 percent) with automakers having the power to remotely disable vehicle controls, such as the steering wheel, and brake and gas pedals, when the autonomous vehicle is being operated by the computer. And people overwhelmingly support (75 percent) the U.S. Department of Transportation developing new standards related to driverless vehicles. The poll surveyed 1,005 adults between December 7-10th, 2017, with a margin of error of +/- 3.09 percent.

I would like a driverless car

By Rosco P. Coltrane • Score: 3 • Thread

I just don't want one that's powered by software from evil companies like Google. Since internet-free, advertising-free, non-privacy-invading driverless car software will never happen, I'll pass.

Is there anyone who isn't?

By rsilvergun • Score: 3 • Thread
Unproven tech, several thousand pounds of steel. No shit Sherlock we don't trust them.

Re:Well...

By JMZero • Score: 5, Interesting • Thread

I think you're right that "car ownership" would become less accessible over time, but I think "transportation by car" is likely to get very cheap. I think we'll see ubiquitous "Driverless Uber" style services pop up everywhere (in a variety of flavors), and that's how the non-wealthy get around (at least in urban settings).

But I also think the transition will take a while, especially in rural areas - enough so that I don't think the transition will be too brutal for most people economically. If anything, some may benefit from cheaper human driven cars as they're essentially discarded. But yeah, further out in time it will definitely not be good for people who like driving - just as it's currently very expensive/awkward to maintain and use a horse drawn carriage.

I think some people are jumping the gun a bit right now, but once driverless cars are reliable they're going to go from niche to everywhere very quickly.

Re:Safer than humans

By Hadlock • Score: 5, Informative • Thread

When I think hyper paranoid, I'm thinking of a very specific incident.
 
I'm on castro street, which is the main resturaunt drag in Mountain View, about 6pm, peak hour. Getting ready to cross the street at the crosswalk to go to the train station. I'm standing on the sidewalk, about 2' from the curb, facing away from the street talking to them. We decide it's time to go, so I spin around on my heel so that I am facing towards the crosswalk/street. At this exact moment there's a break in traffic and the next car is one of the "cute" white waymo electric cars. I hear the tires chirp, and there's a surprised expression on the attendant's face. At this point the car has come to a complete stop, about 15-20' (one car length) ahead of the crosswalk. I hadn't started to walk in to the street/crosswalk yet, just spun in place.
 
Now, this tells me a few things
1. The car knew I was there. I've almost been run over IN that same crosswalk by inattentive drivers in the span of 18 months.
2. The car was tracking my motion and making assumptions about my intent
3. The car decided my motion passed a certain threshold and decided to take evasive action.
 
Keep in mind this is a very busy intersection, it's a 3-way T car intersection, plus a crosswalk, and no less than four outdoor seating areas for resturaunts, plus rush hour sidewalk traffic. Easily 100+ people in a 50' radius around the car. I was partially obscured by no less than two other tall people on the sidewalk.
 
But the car saw me moving what it thought was erratically, made the call and stopped, rather than risk slowly bumping in to me.
 
  That might seem unremarkable, but I've had two human-driven cars back in to me while walking through a parking lot, I've been turning left at a stop sign, and a (Very exhausted) hospital nurse came to a stop, then drove in to me in the intersection, I've had cars not see me in the crosswalk and drive in to me when their light turns green. I was a good 15' away in this instance and the car chose to stop rather than risk any contact with me. Yes, that's hyper-paranoid, but didn't delay anyone getting to their resturaunt, nobody was late getting home and more importantly nobody died that day (even if this would have been minor at worst).
 
So yeah, I'm pretty happy with how they've designed these things, sure they're a bit more careful than the average human, but what I've seen at that intersection previously, humans are awful at piloting cars, especially when tired/hungry/distracted.

When a SJW software team deranks your new car?

By AHuxley • Score: 3 • Thread
What happens when the same kinds of people who now derank search results and ban links get into car data?
Attend the wrong political meeting and their car has terms of service issues?
Use the wrong words in their car and get locked out?
Look at the wrong web sites and their car wont start?

Apple's China iCloud Data Migration Sweeps Up International User Accounts

Posted by BeauHDView on SlashDotShareable Link
Yesterday, it was reported that Apple's iCloud services in mainland China will be operated by a Chinese company from next month. What wasn't reported was the fact that Apple has included iCloud accounts that were opened in the U.S., are paid for using U.S. dollars and/or are connected to U.S.-based App Store accounts in the data that will be handled by local partner Guizhou-Cloud Big Data (GCBD) from February 28. TechCrunch reports: Apple has given China-based users the option to delete their data, but there is no opt out that allows them to have it stored elsewhere. That has concerned some users who are uneasy that the data migration is a sign of closer ties with the Chinese government, particularly since GCBD is owned by the Guizhou provincial government. When asked for comment, Apple pointed TechCrunch to its terms and conditions site which explains that it is migrating iCloud accounts based on their location: "The operation of iCloud services associated with Apple IDs that have China in their country or region setting will be subject to this transition. You will be notified of this transition via email and notifications on your devices. You don't need to take any further action and can keep using iCloud in China. After February 28, 2018, you will need to agree to the terms and conditions of iCloud operated by GCBD to keep using iCloud in China."

However, TechCrunch found instances of iCloud accounts registered overseas that were part of the migration. One user did find an apparent opt-out. That requires the user switching their iCloud account back to China, then signing out of all devices. They then switch their phone and iCloud settings to the U.S. and then, upon signing back into iCloud, their account will (seemingly) not be part of the migration. Opting out might be a wise-move, as onlookers voice concern that a government-owned company is directly involved in storing user data.

Seriously?

By Mike Van Pelt • Score: 5, Insightful • Thread

"We won't let the FBI see the iPhones of people who commit mass murder in the US, but the Secret Police of Communist China gets whatever they want."

I'm sure glad I don't use Apple, for multiple other reasons.

Re:Seriously?

By tlhIngan • Score: 4, Interesting • Thread

"We won't let the FBI see the iPhones of people who commit mass murder in the US, but the Secret Police of Communist China gets whatever they want."

I'm sure glad I don't use Apple, for multiple other reasons.

Nope. This only affects iCloud. And you can opt out of using iCloud too.

The FBI has full access to iCloud data, just like China will too (for Chinese accounts). This is due to Chinese law saying Chinese users of cloud services must have the data stored within China.

Chinese government only has access to those servers now, and you can opt-out like you always could of iCloud services - the iPhone is not tied to it in any way other than user convenience.

Data stored on phones only (and there's a lot that Apple isn't storing to the cloud, including passwords) remain stored on phones and the Chinese government will have to crack them same way the FBI does.

Re:Seriously?

By AHuxley • Score: 4, Insightful • Thread
Re "What makes you think they don't let the FBI see it?"
The FBI want people to keep using their live mic, camera, GPS, file system copy system with confidence over every generation of big brand product.

What could convince many interesting people to still trust a big US brand not be working with US law enforcement?
If interesting people see all the phones been used as part of evidence they will just stop using the phones. The free domestic voice print collection goes dark.
The real issue is how many criminals/spies in the USA have the security clearance connections to see the real time voice print results of domestic collection?
In the FBI? Telco workers? Police? City/state Internal affairs? Mil contractors? Cult/faith members working for a gov/contractor in secure legal and telco areas with a top security clearance? Lawyers? The mil support teams? Other agency staff?
The people who work on the LETC upgrades to law enforcement front company aircraft?
How many people need to be in on nation wide domestic voice and data collection if the junk encryption keeps collection wide open over every generation of big brand product?
Is domestic collection all out sourced to some part of the EU?
A trusted set of contractors in a "France" does the US domestic sorting so no other level of law enforcement/mil/gov in the USA can ever find their own files in any FBI database? Nobody interesting in the US would then have to know?
The secret is not that all US big brand encryption is junk. The place outside the USA where the real time results are sorted and kept away from US telco workers, cults, criminals, city/state police would be the secret to keep.
No US spy under federal suspicion would be able to find results in any US database by searching domestically. Domestic parallel construction hidden out side the USA for safe keeping.

Any criminal/faith group/corrupt police looking deep into FBI files would only find pictures of people with convictions, all US drivers license images, DNA and finger prints. All the usual data any advanced national police force has on convicted people. The domestically collected voice prints do not get stored in the USA? So the trust stays as the criminals and faith groups are sure nothing is collected from their secure big brand phone in real time. Yet the LETC flights circle a city for hours. What is getting collecting domestically if the big brands products are so secure and the results are still protected with secure encryption?

Researcher Finds Another Security Flaw In Intel Management Firmware

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from Ars Technica: Meltdown and Spectre are not the only security problems Intel is facing these days. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware -- remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. [T]he latest vulnerability -- discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post -- is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer -- even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords -- by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel's Management Engine BIOS Extension (MEBx).

If MEBx hasn't been configured by the user or by their organization's IT department, the attacker can log into the configuration settings using Intel's default password of "admin." The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time. "Now the attacker can gain access to the system remotely," F-Secure's release noted, "as long as they're able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."

Re:So, the flaw is the user forgot to set the lock

By CanHasDIY • Score: 5, Interesting • Thread

I've worked in the IT field for 15 years - in academia, for financial institutions, for Fortune 500 companies, and at small, locally owned businesses.

You would balk if you saw how many of the "top companies in America" don't give 2 shits about security, outside of whatever the latest CNN scare story is. I personally find it amazing how some of these corporations will spend tens of thousands of dollars on fancy security equipment.... that they never bother to actually configure.

You can show your C-levels the lock and hand them the key, but you can't make them set the latch.

Re:AMD

By Qzukk • Score: 4, Insightful • Thread

Getting to the point where I'm going to have to dig out my old VIA-powered Wal-Mart PC to do my banking and such on to ensure security from hackers dropping javascript into my browser.

At the very least, the slow speed means I'll realize pretty quickly when someone is trying to use it to mine cryptocurrencies.

Re:So, the flaw is the user forgot to set the lock

By eddeye • Score: 4, Insightful • Thread

So, the "flaw" is that the user forgot to set the lock? I am stunned that this is considered a vulnerability/flaw. I mean, when I buy a new gun safe or document safe for my home or office, it comes from the factory with a default combination. I have to set it to one of my choosing. If I choose to not change the default combination, then that is on me.

Bad analogy. The difference here is once the attacker turns on remote monitoring, it occurs silently. There's no indication that it's happened and no way to recover. If you forget the combination to your safe, then 1) it's obvious and 2) you can still retrieve the contents in other ways.

This is not just a case of "stupid user". It's a poor design on Intel's part. Intel handed them a loaded shotgun with a hair trigger pointed directly at their foot.

"by only -"

By sheramil • Score: 3 • Thread

can be compromised in moments by someone with physical access to the computer -- even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords -- by rebooting the computer, entering its BIOS boot menu...

How do you bypass the BIOS password if you can't get to the BIOS boot menu, because you don't have the BIOS password? I don't think "brief physical access" covers "opening the case and pulling the CMOS battery".

Obligatory: Intel CPU Backdoor Report (Jan 1 2018)

By Anonymous Coward • Score: 4, Interesting • Thread

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleanerme_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.
CVE-2017-5689: An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs
CVE-2017-5705: Multiple buffer overflows in kernel in Intel Manageability Engine Firmware
CVE-2017-5706: Multiple buffer overflows in kernel in Intel Server Platform Services Firmware
CVE-2017-5707: Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware
CVE-2017-5708: Multiple privilege escalations in kernel in Intel Manageability Engine Firmware
CVE-2017-5709: Multiple privilege escalations in kernel in Intel Server Platform Services Firmware
CVE-2017-5710: Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware
CVE-2017-5711: Multiple buffer overflows in Active Management Technology (AMT)
CVE-2017-5712: Buffer overflow in Active Management Technology (AMT)

Useful links (Added 2017):
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored.

ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include "ME Ignition" firmware that performs some hardware initialization and power management. If the ME's boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.

Quotes on Intel backdoors:

A message from RMS
by Richard Stallman on Dec 29, 2016 09:45 AM

The current generation of Intel and AMD processor chips are designed with vicious back doors that users cannot shut off. (In Intel processors, it's the "management engine".)

No users should trust those processors.

2. The backdoor is next to impossible to decode and reverse engineer:

Due to multiple instruction sets + custom compression algorithm.

The Trouble With Intel's Management Engine

While most of the firmware for the ME also resides in the Flash chip used by the BIOS, the firmware isn't readily readable; some common functions are in an on-chip ROM and cannot be found by simply dumping the data from the Flash chip.

This means that if you're trying to figure out the ME, a lot of the code is seemingly missing. Adding to the problem, a lot of the code itself is compressed with either LZMA or Huffman encoding. There are multiple versions of the Intel ME, as well, all using completely different instruction sets: ARC, ARCompact, and SPARC V8. In short, it's a reverse-engineer's worst nightmare.

To break the Management Engine, though, this code will have to be reverse engineered, and figuring out the custom compression scheme that's used in the firmware remains an unsolved problem.

But unsolved doesn't mean that people aren't working on it. There are efforts to break the ME's Huffman algorithm. Of course, deciphering the code we have would lead to another road block: there is still the code on the inaccessible on-chip ROM. Nothing short of industrial espionage or decapping the chip and looking at the silicon will allow anyone to read the ROM code. While researchers do have some idea what this code does by inferring the functions, there is no way to read and audit it. So the ME remains a black box for now.

3. The backdoor is active even when the machine is powered off:

Intel rolled out something horrible

The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we can't even look at the code.

Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine

4. Onboard ethernet and WiFi is part of the backdoor:

The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system

If your CPU has Intel Anti-Theft Technology enabled, it is also possible to directly access the backdoor from cell towers using 3G.

5. The backdoor uses encrypted communication:

https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Using_Intel_AMT

AMT version 4.0 and higher can establish a secure communication tunnel between a wired PC and an IT console outside the corporate firewall. In this scheme, a management presence server (Intel calls this a "vPro-enabled gateway") authenticates the PC, opens a secure TLS tunnel between the IT console and the PC

6. Recent backdoors run Java applets

*3 billion devices run Java* because everyone's motherboard is running it.

https://en.wikipedia.org/wiki/Intel_Active_Management_Technology

Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System.

7. Possible attack vectors from Intel/CIA/NSA (who holds the certificate):

Cross-Device Attack Vectors:
1. Obtain CA Cert trusted by ME > Broadcast DHCP announcement with domain name matching the certificate > Ethernet-Port > CPU backdoor (No exploits required, still works when system is turned off)

2. Insecure mobile > Broadcast wireless magic packet (CA cert broadcast) > On-Chip-Wifi/On-Chip-Intel-Wireless-Display > CPU backdoor (Only a backdoored mobile is required)

Other Attack Vectors:
3. Cell tower broadcast > Intel Anti-theft technology (On-Chip 3G receiver) > CPU backdoor

4. Zero day browser exploit > Powershell > Intel AMT > CPU backdoor

8. Backdoor inside a backdoor

For years Intel acted as if they weren't simply selling spy gears for the US government, but the Vault 7 leak forced them to come out in the open. On May 1st 2017, Intel released a "Critical" security bulletin INTEL-SA-00075, admitting Intel Core CPU from 1st gen to 7th gen (2006-2017) all share the same critical vulnerability:

CVE Name: CVE-2017-5689
Impact of vulnerability: Elevation of Privilege
Severity rating: Critical
Original release: May 01, 2017

There is an escalation of privilege vulnerability in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products.

Intel created a backdoor in the ME built-in web server authentication by using strncmp() to compare password, anyone sending an empty string as password with a length of 0 can get straight into the system, with no access log on both Intel ME and the OS:

Intel AMT vulnerability: Silent Bob is Silent

The hijacking flaw that lurked in Intel chips is worse than anyone thought

The bug was in the code to compare the two passwords. It used the strncmp function that compares the first N characters of two strings:
strncmp(string1, string2, N)

Sending an empty password, the compare code does this:
strncmp("6629fae49393a05397450978507c4ef1","",0)

Which is equivalent to:
strncmp("","",0)

And always return true.

Many vulnerable systems were found exposed to the internet:

The hijacking flaw that lurked in Intel chips is worse than anyone thought

A query of the Shodan security search engine found over 8,500 systems with the AMT interface exposed to the Internet, with over 2,000 in the United States alone.

Google Pulls 60 Apps From Play Store After Malware Exposes Kids To Porn

Posted by BeauHDView on SlashDotShareable Link
Cyberthreat intelligence firm Check Point on Friday disclosed the existence of malicious code buried inside dozens of apps that displays pornographic images to users. Many of the apps are games reportedly geared toward young children. As a result, Google quickly removed the roughly 60 apps said to be affected from its Play Store. Gizmodo reports: While they appeared as such, the pornographic images displayed were not actually Google ads. Google supposedly maintains tight controls on all ads that appear in what it calls "Designed for Family" apps. The company also maintains a white-list of advertisers deemed safe for children under the ages of 13. None of the affected apps were part of Google's "Family Link" program, which is the category of recognized kid-friendly apps available across Google's platforms. The malware, dubbed AdultSwine, is said to have displayed the highly inappropriate images while also attempting to trick users into installing a fake-security app, or "scareware." After the fake "ads" were delivered, users would've received a "Remove Virus Now" notification, or something similar, designed to provoke users into downloading the scareware. The affected gaming apps included at least one which may have had up to 5,000,000 downloads -- Five Nights Survival Craft -- as well as many others which had between 50,000 and 500,000 downloads.

Easiest Solution: Kids Do Not Need Smart Phones

By DatbeDank • Score: 5, Insightful • Thread

Children do not need phones, let alone smartphones.

I commonly see this weak excuse from parents claiming they, "want to know where their children are."
Seriously? You're that bad of a parent that you haven't the foggiest idea where your kids are? Here was what my kid was like back in the late 90s and early 2000s.

Wake up - take the bus to school - school - sports practice - ride home with family friends - home.

Here's what a non-busy day looked like: wake up - bus- school - bus- home.

Wow! It's like somehow I was in the immediate vicinity of a responsible adult at all times and my parents knew my safety was ok. Mind-blowing isn't it?

And to think, flip phones were a thing at this time too. I didn't get my first phone until I got my first driver's license which at that time makes intelligent sense.

Phones cost excessive amounts of money on top of a monthly contract. Why should I pay extra cash each month to have my kid screw around on social media and have easy accessibility to porn at my expense? I had to work to see porn when I was a teen. Today it's too darn easy!

Parents these days are weak. Tell little Timmy and Tia no you're not getting a phone. It's that easy! If you really want to know where they are (going against my entire thesis here), get them a cheap flip phone. Yes, they still make them.

My kid the other day (he's 7) asked for me an iPhone and I laughed at him. I said back to him, "How are you going to pay for it?"
Ended that question really quick.

Re:Easiest Solution: Kids Do Not Need Smart Phones

By jeff4747 • Score: 4, Insightful • Thread

Back when I was a kid, my parents made sure I had enough change to use a payphone so that I could call them if I needed their help (picked up from random location, got lost, etc). Of course, we were also allowed to go places on our own instead of your "only school and home" model. I intend to let my kids have that freedom instead of chaining them to an adult at all times.

Back then, payphones were pretty common. So they were an extremely workable option for a kid to summon mom and dad if needed. Payphones are basically gone now, so another option is required.

My kid's getting a phone not to track them or other dumb shit like that. They're getting a phone because I'm not willing to make them rely only on the goodness of strangers if they need help.

I can either go buy a flip phone for them to use, or I can hand them my already-paid-for smartphone when I decide to upgrade. Not exactly a difficult decision, since one requires leaving the house and the other requires saying "here ya go".

As for porn and social media, why the hell are you on slashdot if you're unable to work the easily-available parental controls on the phone and your wireless account? You'll also be missing out on the "I'm proud but I have to punish you" moment when they break those controls.

Kids are lucky these days

By jwhyche • Score: 4 • Thread

Kids have it so easy these days. I remember we had to wait till the end of the month then go dumpster diving in the middle of the night when I was a kid to get our porn. That was when the gas station down the road would throw out all its unsold playboys and hustlers.

Now all they have to do is download the crappy app and get bonus porn. Kids are so lucky these days.

US Supreme Court Will Revisit Ruling On Collecting Internet Sales Tax

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from Bloomberg: The U.S. Supreme Court will consider freeing state and local governments to collect billions of dollars in sales taxes from online retailers, agreeing to revisit a 26-year-old ruling that has made much of the internet a tax-free zone. Heeding calls from traditional retailers and dozens of states, the justices said they'll hear South Dakota's contention that the 1992 ruling is obsolete in the e-commerce era and should be overturned. State and local governments could have collected up to $13 billion more in 2017 if they'd been allowed to require sales tax payments from online merchants and other remote sellers, according to a report from the Government Accountability Office, Congress's non-partisan audit and research agency. Other estimates are even higher. All but five states impose sales taxes.

The high court's 1992 Quill v. North Dakota ruling, which involved a mail-order company, said retailers can be forced to collect taxes only in states where the company has a "physical presence." The court invoked the so-called dormant commerce clause, a judge-created legal doctrine that bars states from interfering with interstate commerce unless authorized by Congress. South Dakota passed its law in 2016 with an eye toward overturning the Quill decision. It requires retailers with more than $100,000 in annual sales in the state to pay a 4.5 percent tax on purchases. Soon after enacting the law, the state filed suit and asked the courts to declare the measure constitutional.

Re:huh?

By DarkOx • Score: 5, Informative • Thread

Not quote right. Some states and localities have sales tax some states have "use tax" they are not the same. In the case of a sales tax, the sale is taxed, in the case of a use tax the receipt is taxed. You cannot be required to pay a sales tax on a purchase made across state lines by anyone but the feds, it would violate interstate commerce. You can be required to pay a use tax to your own state or municipality.

Re:it needs to be easy.

By Attila Dimedici • Score: 4, Informative • Thread
Sales by zip code will not work, because zip codes do not follow municipal lines. The U.S. Post Office determines the zip code for a particular address based on the particular post office which they believe it will be most convenient to deliver the mail from. This has no relationship to what local municipality that address is in. In order for this to work it would be necessary for there to be a database which contains the taxing jurisdiction for EVERY address in the United States.

Re:tax me tax me tax me

By Anonymous Coward • Score: 4, Insightful • Thread

nah, this is just trump using the gop-led scotus to attack Bezos, who has the temerity to publish stories that, while true, are not within trump's ability to admit

Umm, you have that backwards. (Why doesn't that surprise me?)

Amazon is likely behind this push since they have a physical presence in just about every US state so they're already collecting and paying sales taxes.

Amazon also has the resources to determine what the sales tax for every political jurisdiction in the US happens to be, along with the resources to figure out which jurisdiction a customer actually resides in.

Many of Amazon's competitors don't have that physical presence so aren't required to collect sales taxes. And they won't have the resources to determine the proper sales tax.

This is quite likely Amazon trying to horse-fuck its competitors.

Not a Constitutional issue

By eddeye • Score: 4, Insightful • Thread

You cannot be required to pay a sales tax on a purchase made across state lines by anyone but the feds, it would violate interstate commerce.

The root problem is not a Constitutional one. The question is this: with an internet (or snail mail) retailer, where does the transaction take place? Purchaser lives CA, seller lives in NV, billing address is in CA, shipping address is in CA. If this is considered a NV sale, CA can't collect sales tax. If it's considered a CA sale, they can.

By all rights, it should be a CA sale. The purchaser never crossed state lines, he had the goods sent to him in CA. It's no different than if he buys the item at the local Best Buy, who had it delivered to them from a distributor in NV. By all rights the sale should count as CA sale.

However courts created this legal fiction that it counts as a NV sale. In the snail mail days, they didn't want to burden catalog retailers with figuring out sales tax rules all over the country and remitting payments to hundreds of municipalities. So they devised a test based on a business's contacts and physical presence in a state to determine if they had to follow that state's tax laws.

Pop quiz: two internet retailers are located in TX. One has a warehouse in NJ, the other in VA. If you live in NJ, you have to pay sales tax on items bought from the first retailer but not the second - even if in both cases your item actually ships from TX. How does that make logical sense? Answer: it doesn't. It's just a convenient legal fiction for establishing jurisdiction.

What made sense in the snail mail days may not make sense anymore. Electronic tracking of sales tax rates indexed by shipping address makes it much simpler to handle these days.

The point is, designating the "location" of the sale is a court-created doctrine that is free of Constitutional issues. Once it's a NV sale, the commerce clause is in effect. However if the court decides to declare it a CA sale instead, then the commerce clause is irrelevant. It's all about how the court decides jurisdiction.

Now changing the test for jurisdiction isn't easy. I don't expect the court to go that way. I'm just pointing out that the issue does not inherently raise Constitutional implications. Yes IAAL.

Re:huh?

By sexconker • Score: 5, Insightful • Thread

Not so. The states have a right to collect taxes on things you buy if you buy them in the state. Where you receive them is where you "buy" them. What is up for debate here is whether or not they collect the taxes from the merchant or the purchaser.

They have no such right or power.

What's happening here is someone is buying something from in another state, and thus not paying sales tax.
States cannot collect sales tax in this matter. States don't get to dip into interstate commerce. That's a big fucking no-no. yes, some awful states force it anyway, illegally.

States can ask its citizens to pay a use tax on things used in the state by the person that were not already tapped for sales tax. States just set the use tax to be identical to sales tax. But states abuse this shit. New Yorkers often get screwed and pay sales tax twice, or paying taxes on things billed to New York but delivered (and used) elsewhere.

States just want more tax dollars. Squeezing online sales illegally for out of state sales tax in lieu of enforcing their use tax is bullshit. If you want the money and people aren't reporting it, audit some people and collect it. States don't have the authority to do anything else. The constitution expressly forbids it.

PC Market Still Showing Few Signs of Life

Posted by msmashView on SlashDotShareable Link
An anonymous reader writes: It was another rough quarter for the global PC market, as fourth quarter unit sales dropped 2%, according to preliminary results from Gartner. In the U.S. things were even bleaker, with sales down 8%. HP was the only big name maker to post a sales increase in the U.S. and globally. It also passed Lenovo to grab the top spot globally and increased its lead in the U.S. over Dell. Apple saw Mac sales globally up 1.4%, but in the U.S. sales were down 1.6%. Dell gained less than 1% globally but fell more than 12% in the U.S. Lenovo sales dipped slightly globally, but its market share increased slightly, to 22% of the worldwide market.

New Laptop on Hold

By Hrrrg • Score: 5, Insightful • Thread

I was planning to upgrade my laptop. But now with the Meltdown and Spectre issues? No thanks - I can wait a couple of years for them to design new chips.

Re: Is this unexpected?

By sdinfoserv • Score: 4, Insightful • Thread
Here's what I find to be the practical demarcation:
Consumers - those who consume tech services; read email, surf/browse, watch video, have a specialized app.... etc. work just fine on a tablet.
Producers - programmers, CAD operators, AV content creators, critical office document users (word/excel/powerpoint), use PC's/MAC's/laptops.
Security - need secure environments controlled by active directory and group policies. BYOD not acceptable. Governments, security organizations -all use PC's.
Sure there are "inbetweens" like a writer who can get by with a tablet, but that's infrequent.

The IPAD has been out almost 8 years. That's a life time in tech and they just a fraction of the corporate work space - like 3%. And Yes, a ton of tablets have been sold, but sales are slowing as saturation is close.

Re:Is this unexpected?

By Anne Thwacks • Score: 4, Interesting • Thread
Meltdown and Spectre will have made second hand machines completely worthless unless there is a clear path to a fixed CPU. Sure you would stick with the one you have with a performance cut, but you are not going to spend real money on a system you know is duff if you can hang on and see how this mess pans out.

While Intel are compensating us, they can compensate us for killing the second hand value too.

Re:Is this unexpected?

By ilsaloving • Score: 5, Insightful • Thread

I think it's worse than it ought to be, and Microsoft is to blame.

Generally, people have only really upgraded their machines when they needed to. Why replace what isn't broken?

But thanks to Microsoft screwing the pooch on every single version of Windows after Windows 7, people are now actively averse to upgrading, because they will be forced to use whatever shit-tastic Windows Microsoft forces upon people.

Needlessly modified UIs, OS-level spyware, updates that you cannot stop and have better than even odds of hosing your computer. IMO Microsoft is directly responsible for the collapse of the PC market.

You'll notice that Apple is basically stable. And that's despite their bad press and questionable hardware design choices.

If I had to buy a new machine right now, I would get Mac. As much as Apple pisses me off, I can at least mitigate their poor design choices with a couple of additional purchases. A frustrating hit to the pocketbook, sure. But a consumer has NO way to mitigate what Microsoft is doing without permanently disconnecting your computer from the network, so you pay for that lower price tag by needing to be eternally vigilant and having to constantly worry about whether you computer will still boot the next time you turn it on, through no fault of your own.

Windows 10

By hambone142 • Score: 4, Insightful • Thread

I'd love to buy new hardware but I WILL NOT buy a PC that runs Windows 10 or similar spyware OS's.

I'm going to stay on Win7 and if Microsoft persists on collecting data on users with their OS, I will migrate to Linux.

Game over unless Microsoft cleans up their act and I suspect they won't.

That's one reason PCs aren't selling.

GM Will Make an Autonomous Car Without Steering Wheel or Pedals By 2019

Posted by msmashView on SlashDotShareable Link
General Motors plans to mass-produce self-driving cars that lack traditional controls like steering wheels and pedals by 2019, the company announced today. From a report: It's a bold declaration for the future of driving from one of the country's Big Three automakers, and one that is sure to shake things up for the industry as the annual Detroit Auto Show kicks off next week. The car will be the fourth generation of its driverless, all-electric Chevy Bolts, which are currently being tested on public roads in San Francisco and Phoenix. And when they roll off the assembly line of GM's manufacturing plant in Orion, Michigan, they'll be deployed as ride-hailing vehicles in a number of cities. "It's a pretty exciting moment in the history of the path to wide scale [autonomous vehicle] deployment and having the first production car with no driver controls," GM President Dan Ammann told The Verge. "And it's an interesting thing to share with everybody."

Re:Yeah, right

By BasilBrush • Score: 5, Informative • Thread

Answers:

GPS doesn't go out.
If any critical sensor fails, it's slow down and move to the side of the road.
The launch will be in a limited geographical area, so they'll have ensured the map is completely up to date and keep it that way.
It's a ride-hailing service (taxi) so micromanaging where it moves or parks is none of your business.

Re:Within 2 years?!

By slew • Score: 4, Interesting • Thread

(including end of 2019)
I think they overestimate their chances!

Don't underestimate Detroit's ability to produce a car without a steering wheel, they've done it before...

Re:Yeah, right

By Known Nutter • Score: 5, Insightful • Thread

What happens if I'm going someplace without mapped roads? Like my cabin.

I'd like to take a Boeing 737 to my cabin. Guess what? That mode of transportation isn't available to my cabin. Maybe I'd like to go off-roading in a Corvette. There are probably better options.

It seems that every time autonomous vehicles come up for discussion, every single possible use-case must be addressed. And when one oddly-specific use-case cannot be filled, the entire idea is garbage and without merit.

It's pretty simple. You don't get to take your autonomous vehicle to your cabin in the woods. Not yet.

Re:I welcome this

By Pascal Sartoretti • Score: 5, Insightful • Thread

Autoautomobiles will be a life changer for those with disabilities.

And for those who can't drive anymore (eldery people).

And for those who can't drive yet (children under 18).

And for those who fail the licence exam.

And when you are drunk.

Etc...

When you add all these niches, you have a market.

Re:Yeah, right

By JaredOfEuropa • Score: 4, Interesting • Thread
The real game changer here is convenient car rentals. As in: book a car when you need it, have it pull up by itself 30 minutes later, use it, and send it on its way when you are done with it (instead of having to go to the depot for pickup and dropoff, and navigate 5 billion insurance options with the guy at the desk). So when you buy your next car, maybe you will select that smaller electric (self driving or otherwise) that covers 95% of your driving needs, and rent a truck, van, 4x4 or large sedan for the other 5%. Access to convenient rental cars could mean a lot of families owning fewer cars, or selecting more economical ones.

Intel's Chip Bug Fixes Have Bugs of Their Own

Posted by msmashView on SlashDotShareable Link
From a report: Intel said late Thursday it is investigating an issue with Broadwell and Haswell CPUs after customers reported higher system reboot rates when they installed firmware updates for fixing the Spectre flaw. The hardware vendor said these systems are both home computers and data center servers. "We are working quickly with these customers to understand, diagnose and address this reboot issue," said Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel Corporation. "If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue," Shenoy added. The Intel exec said users shouldn't feel discouraged by these snags and continue to install updates from OS makers and OEMs.

Reminds me of the 2009 flu pandemic

By Hal_Porter • Score: 5, Informative • Thread

In both cases there was a lot of worry about the threat. An countermeasure was rushed out, and it seems like the countermeasure may have some side effects.

https://en.wikipedia.org/wiki/...

You have to wonder in each case if there's an element of overreaction going on.

In the Meltdown/Spectre case it the browser vendors are going to fuzz the timing functions to make side channel timing attacks harder to pull off

E.g.

http://news.softpedia.com/news...

Just like Microsoft and Mozilla, Google Chrome 64 will disable SharedArrayBuffer by default and modify the behavior of performance.now() by reducing precision from 5us to 20us in order to block exploits attempting to take advantage of the security vulnerabilities.

Also you can block third party scripts using uBlock Origin.

https://github.com/gorhill/uBl...

There is a better fix available.

By Gravis Zero • Score: 3, Informative • Thread

Use AMD chips because they actually are immune to Meltdown and have already mitigated Spectre at the Microcode and OS level with a negligible impact on performance. Intel has yet to get their shit together and it's performance impact is growing with every new patch.

Re:Reminds me of the 2009 flu pandemic

By sjames • Score: 4, Interesting • Thread

It doesn't help that Intel spread some confusion. Meltdown is very serious and really does need a quick fix. Spectre needs addressing but isn't as urgent since it is quite hard to exploit successfully. Meltdown workarounds should NOT be deployed on AMD systems.

As best as I can tell, the microcode updates (BIOS) are for spectre, not meltdown.

99 Little bugs in the code

By corychristison • Score: 3 • Thread

99 little bugs in the code
Take one down and patch it around
127 little bugs in the code.

Apparently, People Say 'Thank You' To Self-Driving Pizza Delivery Vehicles

Posted by msmashView on SlashDotShareable Link
An anonymous reader shares a report: Last summer, Ford worked with Domino's Pizza on a test in Ann Arbor, Michigan, where it delivered pizza to randomly chosen customers in a self-driving Ford Fusion hybrid. An operator was inside the car, and a regular human-driven car trailed behind, videotaping the drive. Customers had to approach the car and enter a number on a touch screen on the side of the vehicle to get their pizza. Speaking at CES, the annual consumer electronics show, in Las Vegas this week, Jim Farley, Fordâ(TM)s executive vice president, acknowledged that the idea sounds silly, "but we learned so freaking much," he said. Apparently, most people say "thank you" to the car after getting their pizza.

Re:Car Was Occupied

By jdschulteis • Score: 4, Informative • Thread
The operators were not readily visible:

During the testing phase, an engineer and a driver will be in the car -- but the windows will be heavily tinted so customers can't see them. And both have been instructed not to interact with people at all. Domino's wants to see how well customers deal with coming out and getting their own pie from what is, basically, a pizza ATM built into the car.

This is tit-for-tat run amok.

By 140Mandak262Jamuna • Score: 4, Interesting • Thread
One of the most difficult challenge for the Theory of Evolution is the emergence of altruism. (Eye? easily explained, if find someone claiming evolution can no explain eye or flagellum motor you just found a creationist).

How can evolution, that pits individuals of the species one against another foster anything other than selfishness? The seminal breakthrough came in 1970s and 1980s when it became possible to simulate in a computer model interactions. The well known iterated prisoner's dilemma problem, the tournament of strategies found nice strategies at the correct level of pay off, can create conditions that foster altruism. The most famous and most successful strategy was tit-for-tat (Dont be the first one to be nasty, always be nasty to nasty people and always be nice to nice people, don't be jealous when falling behind in point count, forgive historical slights instantly)

But tit-for-tat is not a evolutionarily stable strategy. Once it takes hold and drives out all the nasty people, it is no different from "always be nice" strategy. Without punishment and reprisals, mutant nasty players gain an advantage. That is what is happening here, in the West people are so used to being nice to one another, they are nice to even machines.

Even More So

By Kunedog • Score: 4, Insightful • Thread
Thank you, that's useful info.

During the testing phase, an engineer and a driver will be in the car -- but the windows will be heavily tinted so customers can't see them. And both have been instructed not to interact with people at all.

So with the current facts, it appears absolutely certain that the customers assumed they were talking to (at least) the car's driver (a real human). This looks like a complete non-story.

Nothing new about this

By Solandri • Score: 3 • Thread
People applaud at the end of a good movie too, even though nobody who helped make the movie can hear them. (What's more interesting is that I see this behavior in movie theaters, but not when watching at home.)

Re:Why not?

By Cajun Hell • Score: 5, Funny • Thread

how much like the real thing is the flesh light?

Not very much; it's a total rip off. I tried everything from AAs to Ds in the battery compartment and nothing seemed to make proper contact. I think it was designed for some kind of weird proprietary cell. D cells seemed to work the best, but unless it was just totally defective, the best thing I can say about it, is that it is many fewer lumens. There have been some reports of users somehow getting .. blinded? So maybe its like is actually pretty strong but in IR or UV, beyond vision. If true, I bet those stories are also rooted in confusion about what to put in the battery compartment.

Studios Sue Dragon Box in Latest Crackdown on Streaming Devices

Posted by msmashView on SlashDotShareable Link
An anonymous reader shares a report: Netflix and Amazon joined with the major studios on Wednesday in a lawsuit against Dragon Box, as the studios continue their crackdown on streaming devices. The suit accuses Dragon Box of facilitating piracy by making it easy for customers to access illegal streams of movies and TV shows. Some of the films available are still in theaters, including Disney's "Coco," the suit alleges. Dragon Box has advertised the product as a means to avoid paying for authorized subscription services, the complaint alleges, quoting marketing material that encourages users to "Get rid of your premium channels ... [and] Stop paying for Netflix and Hulu." The same studios filed a similar complaint in October against TickBox, another device that enables users to watch streaming content. Both TickBox and Dragon Box make use of Kodi add-ons, a third-party software application.

Re:As someone who appreciates and pays for content

By JaredOfEuropa • Score: 4, Insightful • Thread
It's not Kodi but the plugins to access these streams that facilitate piracy. Kodi has legitimate use, it's what I use to get (legal) TV, movies and music around the house.

Thanks for the pointer

By OneHundredAndTen • Score: 5, Insightful • Thread
I had never heard of Dragon Box. Thanks for the pointer, major studios. And please become familiar with the Streisand Effect.

Re:Don't let Sony off the hook

By sirber • Score: 4, Funny • Thread
cds with rootkits

Dragon Box web site is hilarious...

By Kenja • Score: 5, Funny • Thread
It has a warning about buying a third party "dragon box" which would be using their proprietary Android implementation. So they don't want people pirating their stuff that they sell to people to pirate other peoples stuff.

Apple's Indirect Presence Fades from CES

Posted by msmashView on SlashDotShareable Link
Analyst Ben Bajarin writes: We would go to CES and remark at how Apple's dominance loomed over the show. Vendors of all shapes and sizes were rushing to be a part of the Apple ecosystem. Apple's ecosystem was front and center with everything from iOS apps, to accessories galore for iPhone and iPad, and even companies looking to copy Apple in many ways. The last year or so, things have dramatically changed, and that change is further evident at this year's CES. Gone are the days of Apple's presence, or observably "winning" of CES, even though they are not present. It was impossible to walk the show floor and not see a vast array of interesting innovations which touched the Apple ecosystem in some way. Now it is almost impossible to walk the floor and see any products that touch the Apple ecosystem in any way except for an app on the iOS App Store. The Apple ecosystem is no longer the star of CES but instead things like Amazon's Alexa voice platform, and now Google's assistant voice platform is the clear ecosystem winners of CES.

Re:Really?

By Lunix Nutcase • Score: 5, Informative • Thread

Apple had revenue of $52.5 billion and net profit of $10.7 billion in Q4 2017. Clearly they are on their last legs and destitute from lack of sales. LOL...

Re:Fading Apple Star

By Lunix Nutcase • Score: 4, Informative • Thread

Why would they lower the price while demand is equal or outstripping supply? It’s funny since people like you say this about Apple with every new model and yet they blow away previously sales records nearly ever year. Does it ever tire to be so wrong?

Tells you something...

By coofercat • Score: 5, Interesting • Thread

The Apple ecosystem is no longer the star of CES but instead things like Amazon's Alexa voice platform, and now Google's assistant voice platform is the clear ecosystem winners of CES.

This tells you something about how long Alexa/Google Home will be "stars" for, doesn't it?

Re:Fading Apple Star

By stabiesoft • Score: 5, Interesting • Thread

And yet when I bought my new phone(moto) from the T-Mo store in late december the manager said he had 20 iphone-x's in the vault. They were not selling, T-Mo had to buy them, apple does not let them discount, and apple does not take them back. I imagine T-Mo is not going to be very happy if they have to eat them. He did say it was quite unusual for an iphone not to sell, so I think the X may have finally hit the "priced too high" mark.

Re:FaceID is one

By QuietLagoon • Score: 5, Interesting • Thread

...However what is clearly one is FaceID. ...

FaceID is a product feature, not a feature product. FaceID is something that is added to other products. The iPod is a product. The iPhone is a product. Apple Watch is a product. FaceID is a feature of a product. But the fact that FaceID is the best you can come up with means you see the drought as well.

Will Cape Town be the First City To Run Out of Water?

Posted by msmashView on SlashDotShareable Link
Cape Town, home to Table Mountain, African penguins, sunshine and sea, is a world-renowned tourist destination. But soon it could also become famous for being the first major city in the world to run out of water. From a report: Most recent projections suggest that its water could run out as early as March. The crisis has been caused by three years of very low rainfall, coupled with increasing consumption by a growing population. The local government is racing to address the situation, with desalination plants to make sea water drinkable, groundwater collection projects, and water recycling programmes. Meanwhile Cape Town's four million residents are being urged to conserve water and use no more than 87 litres (19 gallons) a day. Car washing and filling up swimming pools has been banned.

Re:Non story

By aaarrrgggh • Score: 5, Interesting • Thread

Actually, California has fared reasonably well, and has a sustainable approach to water management in general. There are some things that still need to change, and much that needs to be hardened and reformed, but they are on their way to it. California's biggest water risk is really an earthquake damaging the aqueducts, pipelines, and reservoirs.

Desalinization is a last-resort for a seaside city. It is much more efficient to trade resources with a water-rich area to serve a water-poor area than it is to run desalinization. Ultimately, to make desal not kill the local environment you need zero brine discharge which requires huge evaporation ponds. If done right, this could help to add humidity and manage the problem longer term, but you end up with about 100 tons of waste salts per million gallons of sea water.

Re:Non story

By careysub • Score: 5, Interesting • Thread

They're not doing enough, quick-enough and what happens in Cape Town could be a model for what is inevitably going to hit California eventually if they don't start working on better solutions.

Some areas of California (Santa Barbara), which depend on local water supplies (like Cape Town) have faced this problem before (SB built a desalinization plant in the 1970s). Localities that depended on local ground water supplies have been hit by the drought, and required alternate supplies. But California is a big state. Scattered local problems do not add up to a general problem for California

In general California was plenty of water for its cities and towns, which only use 20% of the available water but produce 98% of its GDP. Agriculture, that use 80% of the water supplies only 2% of the GDP. So simply paying off farmers not to grow something can supply all of the urban water California will ever need.

The number one agricultural user of water (22% of all agricultural water usage) is a crop - alfalfa - that provides so little value that it often costs more to deliver the water than the alfalfa crop is worth (and 2/3 of that crop is simply exported to Asia), ancient water rights from the 19th century are the reason for this subsidy. Paying off all the alfalfa growers not to grow anything would only cost 0.1% of the state's GDP and double the amount of water available to the cities.

Re:19 Gal/day is not out

By v1 • Score: 5, Insightful • Thread

The shower is probably the best example of potential for reclamation. Most people would be very lucky to get 1/8c of actual suspended materials from that 17 gallons of shower water. (most of which is dead skin and hair) Compare that to the "super concentrated contaminants" of your morning #2, in just two gallons of water. Clearly the shower is going waaay too far in diluting things.

I'd agree though they could certainly take the filtering too far and not push enough water down the blackwater system, causing it to not flow efficiently. A single day's dishwasher, shower, and clothes washer could be over-concentrated into a pint or two of thick sludge that won't travel well.

And it's no different than those "low volume" flush toilets that you sometimes have to ring the handle a second (or third!) time to get them to empty the bowl properly. Even if you took that 17 gallon shower and only lightly concentrated it into one gallon of blackwater to (easily) go down the sewer, that's 16 gallons left to flush the toilet with. That right there will probably handle the average person's toilet use for the entire day, without placing any additional strain on the sewer system.

It's not only doable, it's actually not that difficult to do right.

Re:19 Gal/day is not out

By ShanghaiBill • Score: 4, Informative • Thread

Or 10 gallons if it's a Navy Shower.

10 gallons??? Listen sonny boy, back in my day we'd get NJP for wasting that much water.
Here is a "real" navy shower:
1. Turn water on and get wet
2. Turn off the water, and then soap up face, hands, and groin.
3. Turn water on and rinse.
4. Turn off the water and dry off.
5. Wait a week for your next shower rotation.
Even when the water was on, it wasn't much more than a trickle.
We'd use 3 gallons, tops. And this was on a gator. Submariners have it much worse. They can do it with one gallon, and would consider 3 gallons to be a "Hollywood shower".

Semper Fi.

Re:Non story

By MikeKD • Score: 4, Insightful • Thread

California sends half its fresh water directly out to the ocean without use other than scenic rivers and other environmental desires (like delta smelt) . Agriculture is second place, at 40%, and urban is about 10%. Reduce the scenic rivers demand, and we'd have plenty of fresh water.

Except that pretty much completely wrong. The outflow from the rivers keeps saltwater from intruding into ground water and pumping stations:

Due to the drought and very low snowmelt, there simply isn’t enough natural runoff from the Sierra Nevada to keep salinity out of the Delta. Controlling salinity is essential because the Delta provides fresh water to 23 million Californians and 3 million acres of farmland.

Although water deliveries from the Delta have been reduced to historic lows because of drought, officials want to keep salinity out of the Delta because, once it intrudes, the salty water can take weeks or months to flush out. As the summer wears on, sufficient water for that task in upstream reservoirs could run out.

Under state law, salinity also must be controlled to protect water quality for users who divert directly from the Delta. This includes farmers on Delta islands as well several urban water consumers.

Ex-Google Employee's Memo Says Executives Shut Down Pro-Diversity Discussions

Posted by msmashView on SlashDotShareable Link
An anonymous reader shares a report: A memo written by a former Google engineer claims that the company's human resources department and a senior vice president pressured him to stop discussing diversity initiatives on company forums, interactions that ultimately motivated him to leave the company. The document, which was written in 2016 and shared publicly this week, provides a striking counterpoint to allegations made by former Google employees James Damore and David Gudeman in a discrimination lawsuit filed against their former employer. Cory Altheide, the former employee who wrote the memo, began work as a security engineer at Google in 2010 and departed the company in January 2016. He recently published his account in a public Google document. Altheide posted several articles and comments to internal discussion groups that promoted diversity in the workplace and was chastised for doing so, he wrote.

Re:And yet...

By Cederic • Score: 4, Insightful • Thread

If you do the research you'll find that this definition is in fact a lie made up by racists to try and cover for their racist views and behaviour.

Re:And yet...

By dgatwood • Score: 5, Insightful • Thread

He actually states that the variations he discusses don't have a major effect, that the effect just causes that attaining the holy grail of a 50/50 split to not be quite possible to attain.

You don't need any magical discussion of human nature to prove that a 50/50 split between genders is impossible to attain, at least in the short to medium term. Fundamentally, it is not possible for an industry to hire more women than graduate with a degree in that field, ignoring the small percentage of self-taught programmers. On average, in the United States, women make up only about 16% of CS grads. So it is physically impossible for the industry average to be more even than 84/16 unless you deliberately leave a lot of men unemployed.

More to the point, the only way you can achieve a 50/50 split is to leave more than two-thirds of all computer science grads completely idle, and about 81% of all male CS grads unemployed. If you tried to implement this, two things would happen. First, the computer industry would collapse immediately, because it wouldn't be able to hire enough people to meet the immediate demand. Second, the computer industry would collapse even further long-term, because no sane person goes to college for four years known that they have a one in three chance of ever working in the field, and a two in three chance of waiting tables or flipping burgers for the rest of their lives.

The only way to improve on the gender imbalance is to improve on the number of women graduating with CS majors. That, in turn, has to start early in the education process—ideally as early as primary school. Gender imbalance can't be fixed by changing hiring practices and hoping that somehow 12-year-old girls will see how much companies want women programmers, and based on that, will magically take an interest in sitting inside behind a computer screen all day, learning to code. It is something that can only be fixed by getting more women to start learning CS, which mostly happens before kids are even old enough to know what "gender bias" means.

What this means for the world is that we need to shift our focus from trying to get more women into software companies, towards getting women into CS teaching jobs in middle schools and high schools, where studies show that girls are more likely to take an interest in learning CS from women than from men. And we need to focus on getting CS into the curriculum in the first place. (Ironically, Trump is right, but for entirely the wrong reasons.)

Don't get me wrong, I like working at a company that tries hard to recruit women, because the gender balance is healthier, but it isn't doing the industry as a whole any favors, and might even be making things worse, because the pool of applicants is largely a zero-sum game. When one company succeeds, it does so to the detriment of all the other companies. If all the large companies (Google, Apple, Facebook, etc.) managed to reach 50%, you'd have thousands of other companies with zero women programmers. And because most programmers will work for those other companies, most programmers would then perceive computer science to be an even more male-dominated field than they do now.

Just food for thought. I don't have all of the answers for how to fix the diversity problem. I just have the nagging feeling that we aren't even asking the right questions yet.

Re:Good!

By religionofpeas • Score: 4, Insightful • Thread

So far you haven't pointed out why I would care whether more women enter the STEM fields

And why the focus on STEM fields ? There are lots of jobs that have unequal gender participation, but we don't hear nearly as many complaints about those. The elementary school that my kids went to had 15 female teachers and 1 male one. The only male teacher ended up leaving.

Re:Well, diversity sucks...

By computational super • Score: 5, Insightful • Thread
Funny how you don't have to talk to most social justice warriors for more than about 5 minutes to see that they're far less interested in achieving anything resembling justice than they are in just plain hurting white men.

Re:Well, diversity sucks...

By computational super • Score: 5, Insightful • Thread

It bothers me that Americans don't understand what the term freedom of speech implies

It bothers me that so many liberals (of all people) don't realize that there's the first amendment, which describes freedom of speech from a legal perspective, and freedom of speech as a general concept, and that the two things can be discussed completely independently.

Cisco Can Now Sniff Out Malware Inside Encrypted Traffic

Posted by msmashView on SlashDotShareable Link
Simon Sharwood, writing for The Register: Cisco has switched on latent features in its recent routers and switches, plus a cloud service, that together make it possible to detect the fingerprints of malware in encrypted traffic. Switchzilla has not made a dent in transport layer security (TLS) to make this possible. Instead, as we reported in July 2016, Cisco researchers found that malware leaves recognisable traces even in encrypted traffic. The company announced its intention to productise that research last year and this week exited trials to make the service -- now known as Encrypted Traffic Analytics (ETA) -- available to purchasers of its 4000 Series Integrated Service Routers, the 1000-series Aggregation Services Router and the model 1000V Cloud Services Router 1000V. Those devices can't do the job alone: users need to sign up for Cisco's StealthWatch service and let traffic from their kit flow to a cloud-based analytics service that inspects traffic and uses self-improving machine learning algorithms to spot dodgy traffic.

No they can't

By ByteSlicer • Score: 5, Informative • Thread

They can recognize traffic patterns in TLS streams, created by malware on IP connected devices.
They can't detect the malware itself in the stream.

Re:Not analyzing payload

By ugen • Score: 5, Insightful • Thread

The amount of bycatch will be nontrivial. This will inevitably result either in a lot of valid traffic being blocked, or no meaningful blocking of malware.

Except this time they slapped AI label on the service, so it's very modern and cool and costs more money.

We've seen this before.

smells like shit

By jm007 • Score: 3 • Thread
and this time it's not just my hygiene

"switched on latent features in its recent routers and switches"

and

"users need to sign up for Cisco's StealthWatch service and let traffic from their kit flow to a cloud-based analytics service that inspects traffic and uses self-improving machine learning algorithms to spot dodgy traffic"

it's what is NOT being revealed that truly is scary

Re:Not analyzing payload

By GameboyRMH • Score: 5, Interesting • Thread

Packet sizes and frequency, along with metadata. I saw a similar analysis of encrypted video streams being used to detect drone video:

https://www.wired.com/story/a-...

Looks like the next big thing in cryptography will be data padding...

Evil bit

By Errol backfiring • Score: 5, Funny • Thread
Well, probably the logical thing to do: they set the evil bit.

Facebook Overhauls News Feed in Favor of 'Meaningful Social Interactions'

Posted by msmashView on SlashDotShareable Link
Facebook said late Thursday it will begin to prioritize posts in the News Feed from friends and family over public content and posts from publishers. The company will also move away from using "time spent" on the platform as a metric of success and will instead focus on "engagement" with content, such as comments. From a report: The social media platform will de-prioritize videos, photos, and posts shared by businesses and media outlets, which Zuckerberg dubbed "public content," in favor of content produced by a user's friends and family. "The balance of what's in News Feed has shifted away from the most important thing Facebook can do -- help us connect with each other," Zuckerberg wrote in a Facebook post announcing the change. "We feel a responsibility to make sure our services aren't just fun to use, but also good for people's well-being."

All I want from the newsfeed is...

By QuietLagoon • Score: 5, Insightful • Thread
... a persistent Recent Posts First option, with a persistent option for family/friends only. I want facebook to stop messing with what I see because all they do is screw it up.

Good, if they actually do anything.

By dwillden • Score: 3 • Thread
This is great news, if they actually implement it. FB used to be keeping up with friends and family, now it's a small targeted group of friends or family that FB's algorithms have decided I want to follow while the others only pop into my feed occasionally. It's unending clickbait articles put onto my wall because a friend liked it or commented, not shared it with me but liked or commented on it. Supposedly FB was going to fight clickbait and fake news, but it still dominates the newsfeed.

But will they actually change anything? Of course not, they don't make money from me liking my a picture of my sister's dinner. No they make money when I click on a clickbait article they've managed to make me think a friend shared, when in fact the friend only reacted to that article. Or often just because the friend likes the page that paid FB for permission to spam it out. FB is not going to cut into their revenue stream.

Grrrr this makes me angry!

By jellomizer • Score: 5, Insightful • Thread

I think the main issue, is the public comments on the news.
A lot of news, while interesting and useful isn't very worthy of comments or reactions of people. However nearly anything that goes on there will be a number of people with a strong feelings towards it, but with the size of a population a small minority will make a lot of noise. So there is a lot of noise from these small groups making them seem like the larger community is more polarized then they really are. Then this unfortunately loops back on people instinct to belong to a group, so they will support the nut jobs that they will side with on that topic, and they will support your or my crazy ideas on the topics I feel strongly about. Then we isolate the other guys and push them away from supporting details on your side.

If you talk to a politically polarized person, about a problem that hasn't been politicized yet, they often would think of rather moderate solutions for an off the cuff problem. However once it has been politicized their stance will change to be inline with their team.

Why do you think we have Flat Earthers?
Evolution Deniers lead to Global Warming Deniers lead to Moon Landing Deniers to Flat Earthers. Because it became a competition on who is more Anti-Science enough to join the Anti-Science group.
There are many other types of group of people who seem to want to be the most of that group, despite going too far.

Re:not a /. Story

By sinij • Score: 4, Insightful • Thread

nobody posting here knows what meaningful social interaction means

Meaningful social interaction is when my cat greets me at the door when I get home after work.

Re:News from Facebook?

By 0100010001010011 • Score: 5, Insightful • Thread

You may not, I may not, but people do. Sadly.

Facebook 2004 was awesome. It was about meeting people around me in college. I'm trying to remember if we had pictures other than our profile photo.

These days it's a cesspool agglomeration of the Eternal September, forwards from grandma and AOL chat.

AMD Is Releasing Spectre Firmware Updates To Fix CPU Vulnerabilities

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from The Verge: AMD's initial response to the Meltdown and Spectre CPU flaws made it clear "there is a near zero risk to AMD processors." That zero risk doesn't mean zero impact, as we're starting to discover today. "We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat," says Mark Papermaster, AMD's chief technology officer. AMD is making firmware updates available for Ryzen and EPYC owners this week, and the company is planning to update older processors "over the coming weeks." Like Intel, these firmware updates will be provided to PC makers, and it will be up to suppliers to ensure customers receive these. AMD isn't saying whether there will be any performance impacts from applying these firmware updates, nor whether servers using EPYC processors will be greatly impacted or not. AMD is also revealing that its Radeon GPU architecture isn't impacted by Meltdown or Spectre, simply because those GPUs "do not use speculative execution and thus are not susceptible to these threats." AMD says it plans to issue further statements as it continues to develop security updates for its processors.

Re:Nice spin there Intel

By Chrisq • Score: 5, Informative • Thread

AMD never said there was a near zero risk for Spectre.

To be fair they did say that there is Near zero risk of exploitation of Spectre variant 2 (Branch Target Injection):

Variant Two Branch Target Injection
Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.

Why are we using the Verge as a source ?

By RedK • Score: 5, Informative • Thread

The Verge is obvioulsy a non-credible source. Or does that just apply to stories editors don't want to publish (*ahem* twitter *ahem) ?

What a terrible article. Here Slashdot editors, a better one from a no-name site that actually gets the facts right :

https://www.lowyat.net/2018/152301/amd-begin-distributing-firmware-updates-patch-spectre-vulnerability/

Or just use the damn primary source :

http://www.amd.com/en/corporate/speculative-execution

Firmware Patch Required as well

By Craig Cruden • Score: 4 • Thread
Your PC maker or motherboard maker should have a patch for firmware / microcode. To completely mitigate the vulnerability on Intel based computers - you will have to patch both the OS and the firmware. I believe the firmware patch is required as part of Spectre (probably 2nd variant). Without both, your computer will be still vulnerable. Unfortunately I believe there is a chance that the patch could fail silently - but there is a powerscript that will tell you the status of the vulnerability patches.

Re:NO! My Narrative!

By gweihir • Score: 5, Insightful • Thread

Also: Spectre: Pretty old news, just somebody made it more practical now.

The only reason Spectre is pushed in the news is that Intel is desperately trying to obscure the magnitude of their screw-up with Meltdown.

Microcode update, not "firmware"

By Gravis Zero • Score: 4, Insightful • Thread

This is an update to microcode which fundamentally modifies the behavior of the instructions within a processor. You could argue that it's just a specific type of firmware but if that's the case then call it by title it's been given! It's not like this is a website for non-technical people.

Sea Turtles Under Threat As Climate Change Turns Most Babies Female

Posted by BeauHDView on SlashDotShareable Link
A new study published in the journal Current Biology found that as much as 99 percent of baby green sea turtles in warm equatorial regions are being born female. "The study took a look at turtle populations at nesting sites at Raine Island and Moulter Cay in the northern Great Barrier Reef, an area plagued with unprecedented levels of coral bleaching from high temperatures," reports Futurism. "The researchers compared these populations with sea turtles living at sites in the cooler south." From the report: Using a new, non-invasive hormone test, the researchers from the U.S. National Oceanic and Atmospheric Administration (NOAA) Fisheries Department and the Queensland Department of Environment and Heritage Protection found that while 65 -69 percent of the turtles from the southern region were female, between 86.8 and 99.8 of turtles tested in the northern region were female, depending on age. The sex of green sea turtles, along with some other species of turtles, crocodiles, and alligators, is not regulated by the introduction of sex chromosomes at key points during early development, as seen in humans and other mammals. Their sex is actually influenced by the temperature at which the eggs are incubated, with warmer temperatures more likely to lead to females. The difference between predominately male and predominately female hatchlings is only a few degrees, such as that formerly found between the cool, damp bottom of a sandy sea turtle nest and the sun-warmed top. The ages of the female turtles in the north suggest that this population has experienced temperatures that cause this imbalance since at least the 1990s. Given that the warmer temperatures seen in northern Australia have been distributed around the globe, experts predict that other sea turtle populations in warm regions are also following the same trend.

Why is this a problem?

By drinkypoo • Score: 5, Insightful • Thread

The abstract does not mention why this might be a problem. It says "results show a moderate female sex bias (65%â"69% female) in turtles originating from the cooler southern GBR nesting beaches" which indicates that there are southern beaches which are cooler. So uh, more females born, more eggs laid, more offspring, turtles spawn where turtles can spawn, and the range where they spawn changes but... what else changes?

I'm willing to accept that this might lead to too few males for a viable population, if somehow turtles are different from basically any other animal on earth, and one male can't service many females. However, the paper also says "Although increased breeding frequency, as well as polygynous behavior of male turtles, may help mitigate skewing offspring sex ratio [39], it is unknown how many (or what minimum proportion of) males is sufficient to sustain sea turtle populations."

IOW, your headline is FUD. Slashdot as usual.

Won't this self correct?

By Chrisq • Score: 3 • Thread
Won't the males who do survive produce offspring more likely to be male in higher temperatures. I would expect a dip in pupulation (as 1% males can't fertilise all the females) but in the long run it would correct

Re:Yah, right

By TimothyHollins • Score: 4, Informative • Thread

Climate changes have never been even remotely as quick (i.e. destructive) as they are now. For evolutionary adaptation, multiple generations are needed, and the current changes are just too damn fast to adapt to. For a timeline reference, please see https://xkcd.com/1732/

Re-run the survey in 5 years; el Nino just ended

By davide marney • Score: 5, Insightful • Thread

A cyclic warm period in that exact location just ended. Re-run the study in 5 years and let's see what happens. You can't predict a trend from a single data point.

Re:Won't this self correct?

By Gilgaron • Score: 4, Interesting • Thread
Yes! But... fragmentation of populations and other stresses put on wild populations by human action make it harder for them. So, if the whole coast was fine to use, the turtles would surely adapt (they've made it through some rough times like the Cretaceous extinction, after all). With less coast to use due to humans, it is harder to be sure.

Ecuador Grants Citizenship To WikiLeaks Founder Julian Assange

Posted by BeauHDView on SlashDotShareable Link
hcs_$reboot writes: Ecuador has granted citizenship to Julian Assange, who has been holed up inside the Ecuadorian embassy in London for over five years. Quito, Ecuador, has said naturalization should provide Assange with another layer of protection. However, naturalization appeared to do little to help the Australian-born WikiLeaks founder's case, with the British foreign ministry stressing that the only way to resolve the issue was for "Assange to leave the embassy to face justice." Earlier on Thursday, Britain said that it had refused a request by Ecuador to grant Assange diplomatic status, which would have granted him special legal immunity and the right to safe passage under the Vienna Convention on Diplomatic Relations.

Re:Good

By drinkypoo • Score: 5, Insightful • Thread

This would have set an uncomfortable precedent of granting a wanted criminal the freedom to roam around the country he is wanted in.

Assange is only wanted for avoiding prosecution for an alleged crime for which the charges have been withdrawn.

Diplomatic immunity status shouldn't be able to be granted after a crime has been committed.

Former, withdrawn charges shouldn't be grounds for arrest. The British Empire is quite upset that Assange didn't respect their authority, and would like to make an example of him even though there are currently no other charges filed against him.

The supposed victims of his alleged crimes did not believe that he should be charged. The charges filed have been dropped, and the prosecutors who filed them passed up numerous opportunities to question him before doing so. But keep calling him a criminal. That's exactly what three governments want, and you wouldn't want to let them down, would you?

Re:Good

By drinkypoo • Score: 5, Informative • Thread

He still breached bail which in itself is a crime.

Yes, and the charges he breached bail on have been withdrawn by prosecutors who passed up multiple opportunities to question him, on the basis that they could not question him. How it is just to punish someone for skipping bail when the charges have been withdrawn? If the charges were legitimate, why did the prosecutors pass up multiple opportunities to question him?

Re:Assange is a traitor

By dwillden • Score: 4, Insightful • Thread
How is he a traitor? At no point did he ever have any allegiance to the US, nor any obligation to not publish the secrets Bradley Manning gave him? Funny how you leftists used to love him, until he published the proof of how corrupt your Designated Queen really is.

Just over a year ago and Assange was still a hero of the Left. The Moment Hillary conceded he became enemy #1 to the left.

But the political aspects aside, even if I agreed with you that Hillary should be President, Assange is still not a traitor/ Under no definition of the word does he qualify as such. He is not a US citizen and has no loyalty to it nor any obligation to keep anything he finds out about it secret.

Re: Unfair

By TheReaperD • Score: 4, Insightful • Thread

Hi lawyer has said multiple times that he'd be willing to face these charges if both countries would guarantee that Assange would not be extradited to the US (something they claim they have no intention of doing) and both countries have flat refused to make this guarantee, leading to the belief that that is exactly what they plan to do. And the moment he hits US soil, he'll be Gitmod, whether it's in Guantanamo or a US prison. Everyone involved knows it and so much money and many man hours spent on this shows that there is no other likely reasoning for this. Remember, officially this is over a non-consensual act during consensual sex that the girls went to the police to track him down, soley to get an STD test. The police, upon finding the importance of the individual accused, pressured the girls into pressing charges, which they have since withdrawn, and sent out an interpol alert reserved for the world's most dangerous and most wanted. Sound like your standard everyday secondary rape case, yes? (/sarcasm)

simple...Human DoS!

By higuita • Score: 4, Interesting • Thread

Just ask only for everyone to dress exactly the same way, cut the air the same way and look as much as possible as him... then everyone goes to the Ecuador embassy and leave all at same time. Do this several times, but only once of then Assange MAY really leave the embassy

The police could not track so many people and after several attempts, they will give up or agree in a valid solution... or he MAY leave in one of the attempts

Better yet, ask everyone to use a burka, that will be easier to hide as everyone is the same, be either men, women, white, ginger, black, asian, etc ... it may also requires women police (i do not really know how someone with burka is identified by a police)

Ice Cliffs Spotted On Mars

Posted by BeauHDView on SlashDotShareable Link
sciencehabit writes from a report via Science Magazine: Scientists have discovered eight cliffs of nearly pure water ice on Mars, some of which stand nearly 100 meters tall. The discovery points to large stores of underground ice buried only a meter or two below the surface at surprisingly low martian latitudes, in regions where ice had not yet been detected. Each cliff seems to be the naked face of a glacier, tantalizing scientists with the promise of a layer-cake record of past martian climates and space enthusiasts with a potential resource for future human bases. Scientists discovered the cliffs with a high-resolution camera on the Mars Reconnaissance Orbiter, revisiting the sites to show their subsequent retreat as a result of vaporization, and their persistence in the martian summer. The hunt should now be on, scientists say, for similar sites closer to the equator. The findings have been reported in this week's issue of Science.

Mars direct?

By AHuxley • Score: 4, Interesting • Thread
Is the ice in a good location to explore space from later?
Send humans to Mars.
Get them using the water with more space exploring supplies sent from earth.
A nuclear reactor and rocket fuel factory.
Extract water to create more rocket fuel.
A Project Iceworm for Mars? https://en.wikipedia.org/wiki/...

Core samples

By John.Banister • Score: 4, Interesting • Thread
A one meter by 50mm core sample would mass about 2 kg. The navy has railguns now that can accelerate 10 kg to about 2.4 km/sec. According to this Delta V map, delta v to reach low Mars orbit is about 3.8 km/sec. Considering that it wouldn't have to be built to withstand use in warfare, it might not be that much harder than what we've already achieved to build a railgun that could launch an ice core to low Mars orbit.

Re:Why Mars #1 Focus For Colonization?

By joh • Score: 5, Interesting • Thread

Because on the Moon the ice is at best in eternally shaded craters, buried as small crystal in the dust. Evidence even for this is inconclusive (there's hydrogen there, but it doesn't have to be water). Then the Moon has an unforgiving thermal environment with lots of sun and long dark nights. And then the Moon has no atmosphere, which means no protection against micrometeorites. And then Mars has an atmosphere of CO2 which gives you a source of easy accessible carbon. Also to land on the Moon you have to brake with engines and propellants all the way down while on Mars you have the atmosphere to do most of that for you. Also Mars is much more interesting to explore, since it had a wet and warmer past, so you can go and look for signs of past life instead of digging through dead dust on the Moon.

And nothing of this is in any way new.

Re:Core samples

By bjorniac • Score: 5, Informative • Thread

A single shot device like a railgun cannot launch something into orbit. You need a second impulse to alter the trajectory to achieve orbit. The reason is that orbits close - they're ellipses (or circles). So with a single shot device you either launch something to infinity, or you have it crash back into the planet as its orbit intersects the point of origin.

What you'd need in this scenario is either something to collect the sample already in low orbit, or a container with a thruster of some sort to force the trajectory into orbit. Either case increases the difficulty considerably.