Alterslash

the unofficial Slashdot digest for 2018-Jul-10 today archive

Contents

  1. In a Bid To Curtail Spread of Misinformation, Facebook's WhatsApp Now Tells Users When a Message Has Been Forwarded
  2. Supreme Court Nominee Brett Kavanaugh Opposes Net Neutrality
  3. Orlando Police Decide To Keep Testing Controversial Amazon Facial Recognition Program
  4. Nearly 1,000 Paintings/Drawings By Vincent Van Gogh Now Digitized, Released Online
  5. Malware Found in Arch Linux AUR Package Repository
  6. Ex-Apple Worker Charged With Stealing Self-Driving Car Trade Secrets
  7. PayPal Told Customer Her Death Breached Its Rules
  8. DOJ Reaches Settlement On Publication of Files About 3D Printed Firearms
  9. Apple's China-Friendly Censorship Caused An iPhone-Crashing Bug
  10. DOD Seeks Classification 'Clippy' To Help Classify Data, Control Access
  11. Researchers Devise AI System To Reduce Noise in Photos
  12. Hacker Breaches Chrome Extension of Popular VPN Service Hola, Directs Users To Compromised Cryptocurrency Website
  13. Is iOS 11.4 Draining Your iPhone's Battery? You're Not Alone
  14. With So Many Eyeballs, Is Open Source Security Better?
  15. Apple To Deploy 1Password To All 123,000 Employees; In Talks To Acquire Password Manager's Parent-Firm AgileBits: Report
  16. BlackTech Threat Group Steals D-Link Certificates To Spread Backdoor Malware
  17. In World First, Danish Court Rules Stream-Ripping Site Illegal
  18. YouTube Is Fighting Conspiracy Theories With 'Authoritative' Context and Outside Links
  19. China Internet Report 2018
  20. Half of ICOs Die Within Four Months After Token Sales Finalized
  21. Scientists Discover the World's Oldest Colors
  22. Nitrogen Is In Liquid Metal Form Inside Earth's Core

Alterslash picks the best 5 comments from each of the day’s Slashdot stories, and presents them on a single page for easy reading.

In a Bid To Curtail Spread of Misinformation, Facebook's WhatsApp Now Tells Users When a Message Has Been Forwarded

Posted by msmashView on SlashDotShareable Link
In a bid to fight spread of misinformation on its platform, Facebook-owned WhatsApp announced on Tuesday that it is launching a new feature globally that will highlight when a message has been forwarded versus composed by the sender. At the centre of the issue is high-volume sharing of misleading and false information, often arching political and religious sentiments, that is tricking a significant number of WhatsApp users. (WhatsApp is used by more than a billion users worldwide.) From a report: From now on, WhatsApp will put a "forwarded" label on these messages. "This extra context will help make one-on-one and group chats easier to follow. It will also help you determine if your friend or relative wrote the message they sent or if it came from someone else," the company said in a note. "WhatsApp cares deeply about your safety. We encourage you to think before sharing forwarded messages. As a reminder, you can report spam or block a contact in one tap and always reach out to WhatsApp directly for help," it added. To see this new forwarded label, users are required to have the newest supported version of WhatsApp on their phones. Additionally, this week the company relaunched a campaign in India as part of which it is running full-page ads on several newspapers in the country to create awareness about the issue.

Slippery Slope to Total Censorship

By Anonymous Coward • Score: 3, Interesting • Thread

This is just a step in the direction of making us think that it is the big mega-corporation's job to censor what what we read.

Stop using anything from Facebook, please. Make them a small corporation again. Let them thrive in China where censorship will help them make money. But get them the heck out of my free United States democracy. They are dangerous.

Not really.

By Gravis Zero • Score: 5, Insightful • Thread

This is just a step in the direction of making us think that it is the big mega-corporation's job to censor what what we read.

Actually, It's one mega-corp trying to stop efforts from people who are deliberately misinforming you on their platform. They have no control of information you get elsewhere.

Let them thrive in China where censorship will help them make money. But get them the heck out of my free United States democracy. They are dangerous.

What's more dangerous is people that get their information from the internet without checking the credibility of the source. Facebook is full of these kind of people and they are doing real damage to our democracies.

Stop using anything from Facebook

I agree, social media has done far more harm to the world than good.

WhatsApp Flags Forwarded Messages

By grep -v '.*' * • Score: 3 • Thread

highlight when a message has been forwarded versus composed by the sender

So I suppose it'll also tag a copy/paste sequence directly from another message? That's just as hard (easy) as forwarding. (Actually, it's ever-so-slightly harder, but not really.)

What if I dictate it verbally? (if nothing else, split screen or 2nd screen.)

What if I paraphrase it?

So all they're actually doing is highlighting the FORWARD indicator. Like that's going to stop anyone from forwarding the message to start with? I really don't get this. (I really don't get Facebook / Twitter either, but that's another matter and just me.)

Supreme Court Nominee Brett Kavanaugh Opposes Net Neutrality

Posted by BeauHDView on SlashDotShareable Link
Beardydog writes: An article currently on Ars Technica examines comments about net neutrality issues by recent Supreme Court nominee Brett Kavanaugh. Kavanaugh not only rejects the FCC's reclassification of ISPs under Title II, but seems to also support a broad First Amendment right to "editorial control," allowing ISPs to selectively block, filter, or modify transmitted data.

Kavanaugh compares ISPs to cable TV operators, rather than phone companies. "Deciding whether and how to transmit ESPN and deciding whether and how to transmit ESPN.com are not meaningfully different for First Amendment purposes."
Here's what Ars Technica had to say about Kavanaugh's argument, which did not address the business differences between cable TV and internet service: "Cable TV providers generally have to pay programmers for the right to carry their channels, and cable TV providers have to fit all the channels they carry into a limited amount of bandwidth. At least for now, major internet providers don't offer a set package of websites -- they just route users to whichever sites the users are requesting. ISPs also don't have to pay those websites for the right to 'transmit' them, but ISPs have argued that they should be able to demand fees from websites."

The report also mentions Kavanaugh's support of NSA surveillance: "In November 2015, Kavanaugh was part of a unanimous decision when the DC Circuit denied a petition to rehear a challenge to the NSA's bulk collection of telephone metadata. Kavanaugh was the only judge to issue a written statement, which said that '[t]he Government's collection of telephony metadata from a third party such as a telecommunications service provider is not considered a search under the Fourth Amendment.' Even if this form of surveillance constituted a search, it wouldn't be an 'unreasonable' search and therefore it would be legal, Kavanaugh also wrote."

Re: Judges, not legislators

By e3m4n • Score: 5, Insightful • Thread

How is this any different than Facebook deciding what sort of comments they are going to allow? They claim the right to decide that 90% of religious groups are 'hate speech' and ban them constantly while managing to do very little about FBLive live streams of gang rapes and beheadings. Or Youtube's decision to de-monitize every single gun-related channel, even if that content is merely about target shooting, safety, or even proper care and cleaning; despite it being completely legal and constitutionally protected. If Facebook is legally allowed to decide, for themselves, what sort of 'dialog' they want to allow in their GroupThink project, or Youtube decides who they want to punish for not fitting into their views; What right do you have telling another company (ie ATT) what they can or cannot restrict? Maybe we need to expand the 14th amendment, that guarantees equal treatment, to more than just race and gender.

This is the paramount problem with 'Net Neutrality'. They used the word Neutrality but its total bullshit. The net result is they forced carriers to absorb the cost of companies like Netflix. It is literally another example of government setting up a billion dollar empire. They use far-fetched examples of ATT blocking access to Netflix because it competes with HBO. But all they did was allow Netflix to exploit this and reduce their operating costs and saddle that burden on the carriers. There is nothing Neutral about it. If you want real neutrality then everyone gets a bandwidth meter and they pay by the byte, just like electricity. Nobody said it had to be prohibitively expensive, just uniformly metered to every occupant. Any world where ATT is told they cannot restrict the flow of data, or block the flow of data, should apply EQUALLY to content providers of Social Media. Instead of congress telling FB they need to do a better job policing they users, maybe FB needs to say 'you tell ME which users to sanction based on a system of Due Process' to congress and claim Neutrality otherwise. After all, should it not be the courts the decide when and if someone's 1st amendment rights can and should be censored? You can't have a bias'd and untrained bunch of tech flunkies like FB deciding for themselves, without true system of legal court system appeals, who is and who is not entitled to their constitutionally protected rights. Not so long as you believe your right to bandwidth and accessing the internet is beyond the rights of those paying to maintain and provide it to you.

If you want Neutrality then you best be ready to fuck over the content providers equally as much as you fuck over those just delivering said content.

Re:Judges, not legislators

By lhunath • Score: 5, Insightful • Thread

Hey you, you seem frustrated. You also seem to be railing against something you clearly take issue with but wasn't in the comment you replied to.

I think you're frustrated with people hijacking the term "net neutrality" as whatever regulation is necessary to protect their own world-view. Did I get that right?

Net neutrality is not about leftist or rightist values. It is not about feminism, porn, fake news, or hate speech.

Net neutrality is nothing more than "my internet is the same internet as your internet".
The idea that the Internet is a domain of its own, and any gatekeeper that provides access to the Internet should treat it as-it-is, and not try to change what the Internet looks like to fit their personal beliefs or commercial interests. Whether that Internet has things on it that I like or dislike does not matter. What matters is that it's the same and stays the same. The ISP should be neutral, not biased. The ISP should show the picture as-is, not color it blue or red, censor it or favor it.

And here's the crux: for an ISP to treat the internet as neutral, you need regulation. If there is no regulation, every ISP will treat the Internet as biassed. Leftist ISPs will treat it leftist, rightist ISPs will treat it rightist and all ISPs will treat it in whatever way makes them more money. If you want your Internet to be the same as my Internet, your Internet speech to be unadulterated and free, you need to tell ISPs everywhere that they are not allowed to censor your speech, they are not allowed to change your Internet to look or act different.

Re:I should add

By Green Mountain Bot • Score: 4, Interesting • Thread

The Trump Administration's intentional acts to undermine Obamacare are responsible for skyrocketing costs and a massive shrinking of services.

Fixed it for you.

Re: Judges, not legislators

By Rob Y. • Score: 5, Insightful • Thread

Facebook is not an ISP. Sure, they can control what's on Facebook. But Verizon should not be allowed to control whether you can access Facebook. Is it really so hard to understand that distinction?

Re: Judges, not legislators

By e3m4n • Score: 5, Insightful • Thread

blocking content is blocking content. the word Net Neutrality, and its support by the populace is that no provider (not limited to just isp) should have the right to censor or restrict access to what you want to access.

How is saying we are going to censor content on our hard drives any different than saying we are going to censor content on our switches? If Verizon decided to restrict all content related to gay rights, its a violation. But Facebook wouldn't be in violation if they did the exact same thing? The word is NET NEUTRALITY, not ISP Neutrality. Facebook is on the fucking internet isnt it? They provide content don't they? This is why the policy was thrown out in the first place. It was never applied equally and uniformly.

Such policies are always troublesome and eventually always fail. Come up with a policy that applies to every single person and corporation across the board. The same fucking law that some states passed that says a cake baker cannot refuse to make a cake for a gay couple should apply the same way to Facebook, regardless if Facebook is censoring content based on LGBT or gun rights, it shouldn't fucking matter. I have yet to see any state take FB to court for refusing to let people talk about gun rights btw, despite the exact wording of the laws requiring store owners to sell cakes to gay couples being worded in such a way that actual puts FB in violation of the same law. No pun intended but these half-baked laws are bullshit. The reason there is so much polarization in this country right now is exactly for reasons JUST LIKE THIS. We pass laws to punish those we disagree with and do nothing about those we do agree with violating the same spirit of the law. Make laws that will apply to everyone in such a way that NOBODY gets a free pass. 2 things will happen. We will make less damn laws, and people will make sure the laws they DO pass are not unjust as they will have to live by them too.

Orlando Police Decide To Keep Testing Controversial Amazon Facial Recognition Program

Posted by BeauHDView on SlashDotShareable Link
Despite previous reports that the program has been ended, the Orlando Police Department in Florida is planning to continue its test of Amazon's real-time facial recognition system. "News of OPD supposedly ending its use of Rekognition on footage captured by a number of CCTV cameras came just a day after the ACLU sent a letter to Orlando Mayor Buddy Dyer regarding the face recognition program," reports Gizmodo. "But the end date for the initial pilot period had already been selected -- it just happened to coincide with the ACLU's report and the ensuing backlash from civil rights groups." From the report: While the original test period ended, the OPD will soon sit down with Amazon representatives to outline the new pilot, the police department told the Orlando Sentinel. "It's really to prevent the next tragedy," Orlando Police Chief John Mina said. Now, with the program set to continue, Dyer says the practice is not as dystopian as it seems.

Details on the new pilot are sparse. OPD confirmed it will test Rekognition on at least eight cameras, as it did before, though their location isn't known. In the previous trial program, five Rekognition-enabled cameras captured footage at OPD headquarters, while three additional cameras were positioned in downtown Orlando. During its initial testing phase, Rekognition will scan officers' faces against a face database made up of volunteers. The plan, the OPD memo explains, is for officers themselves to walk in front of the cameras and record how accurately the technology recognizes them from different angles, with different clothes, or other variables. It's not known how long this initial testing phase will last, though the city plans to draft proposed regulations before any public rollout begins. It's worth noting that pilot itself requires no public approval and Dyer has wholeheartedly supported Rekognition. "No images of the public will be used for any testing," OPD said in a statement.

Think of it as

By AHuxley • Score: 3 • Thread
An instant real time visual "DNA test" for criminal people.
Feed the system with people who do crime and wait for them to wonder around out in the community.
People who have stayed in the USA past their allowed date on their visa.
Non citizens who are illegal migrants.
Illegal immigrants. Illegal immigrants who trying to use gov services.
Criminals. Non-violent and violent trying to get ready to do more crime.
Criminals from another part of the USA.
Groups of people who then riot. Their local support structure that allowed them to riot.
Criminals trying to use a new set of photo ID to get more services. Services that they are not able to get and are not entitled to.
Policing can then be used on actual communities who need surveilling as that location has a lot of crime.
Tracking of criminals and who they meet, who is now with them, new faces.

With todays advanced software and computer power that can be a photograph face from decades of police records.
Passport images, images of people in the USA illegally, CCTV images from a crime.
People doing the kind of repeated health related, disorder, drug use and property damage that needs real time support.

Think of the ability to map crime, respond to crime and discover people who need support.
To really get police down into communities that hide and support criminals, illegal migrants.
Criminals, illegal migrants, wanted people who only have a CCTV image of their past crime.

With much less crime, no dumping of trash on clean streets, no parked RV, no tent cities any city can then attract new jobs and investment.

Nearly 1,000 Paintings/Drawings By Vincent Van Gogh Now Digitized, Released Online

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from Open Culture: Every artist explores dimensions of space and place, orienting themselves and their works in the world, and orienting their audiences. Then there are artists like Vincent van Gogh, who make space and place a primary subject. [...] The opportunity to see all of Van Gogh's bedroom paintings in one place may have passed us by for now -- an exhibit in Chicago brought them together in 2016. But we can see the original bedroom at the yellow house in Arles in a virtual space, along with almost 1,000 more Van Gogh paintings and drawings, at the Van Gogh Museum in Amsterdam's site. The digitized collection showcases a vast amount of Van Gogh's work -- including not only landscapes, but also his many portraits, self-portraits, drawings, city scenes, and still-lifes.

The Van Gogh Museum houses the largest collection of the artist's work in the world. On their website you can read essays about his life and work, plan a visit, or shop at the online store. But most importantly, you can experience the stunning breadth of his art through your screen -- no replacement for the physical spaces of galleries, but a worthy means nonetheless of communing with Van Gogh's vision.

Digitising isn't enough

By Anonymous Coward • Score: 4, Interesting • Thread

Living in the Netherlands I've been at the Van Gogh museum a couple times. Just like any museum visit, enjoyable little outings with family, looking at the art and ddiscussing, well, often the art and stuff around it, sometimes entirely different topics.

Some painters produce positively 3d work, like some of Rietveld's works have definite height differences in them, done in wood. Others do the same thing in blobs of paint. Van Gogh, not so much, but the work isn't quite entirely flat either. Meaning that just putting a digitiser in front and measuring hue for every pixel isn't enough. And that's just the straight cold physical measurement part of it. A good artist produces work with a certain je ne sais quoi that can be very noticeable in its absence when dealing with a reproduction.

So, good work digitising this stuff, actually, but it is no substitute for the real thing, because it cannot be.

Finally a good

By AHuxley • Score: 4, Interesting • Thread
use of the internet. Art and culture.

Malware Found in Arch Linux AUR Package Repository

Posted by msmashView on SlashDotShareable Link
An anonymous reader shares a report: Malware has been discovered in at least three Arch Linux packages available on AUR (Arch User Repository), the official Arch Linux repository of user-submitted packages. The malicious code has been removed thanks to the quick intervention of the AUR team. The incident happened because AUR allows anyone to take over "orphaned" repositories that have been abandoned by their original authors. On Saturday, a user going by the pseudonym of "xeactor" took over one such orphaned package named "acroread" that allows Arch Linux users to view PDF files. According to a Git commit to the packag's source code, xeactor added malicious code that would download a file named "~x" from ptpb [dot] pw, a lightweight site mimicking Pastebin that allows users to share small pieces of texts.

A rare photo of a malware author being born.

By AlanObject • Score: 4, Interesting • Thread

From the looks of it the bad actor xeactor didn't have any expectation beyond finding out if his little trick would work or not.

On the other side this could be a case study about the immune system that open source provides.

Caught within 1-3 hours. Phone apps stay for month

By raymorris • Score: 5, Insightful • Thread

He was caught within a few hours, because all changes all public:

https://aur.archlinux.org/cgit...

Possibly bad guys would rather add trojans to iPhone and Android apps, which may stay in the store for months without detection. You can't tell what changes have been made to compiled apps you download on iPhone, Android, or Windows.

Affected Packages

By Philotomy • Score: 5, Informative • Thread

According to posts on aur-general, the known affected packages are:

  • acroread 9.5.5-8
  • balz 1.20-3
  • minergate 8.1-2

According to comments on the AUR acroread package, the script the compromised package installed (to upload system details) contained an error and wouldn't function properly. The script also installed a systemd timer, and the comments advise checking your system for:

  • /usr/lib/xeactor
  • /usr/lib/systemd/system/xeactor.timer
  • /usr/lib/systemd/system/xeactor.service

As a side-comment, for those unfamiliar with Arch, these compromised packages are not part of the official Arch repositories. The AUR is a "user repository": a collection of user-supplied packages which require deliberate download and installation. AUR packages should [i]always[/i] be reviewed before installing them, and not installed if you don't trust the package. As the AUR documentation explains, "Warning: Carefully check all files. Carefully check the PKGBUILD and any .install file for malicious commands. PKGBUILDs are bash scripts containing functions to be executed by makepkg: these functions can contain any valid commands or Bash syntax, so it is totally possible for a PKGBUILD to contain dangerous commands through malice or ignorance on the part of the author. Since makepkg uses fakeroot (and should never be run as root), there is some level of protection but you should never count on it. If in doubt, do not build the package and seek advice on the forums or mailing list."

AUR is not secure by design, but that's fine

By damaki • Score: 3 • Thread
It is written basically everywhere in the AUR official documentation: do not trust AUR packages, verify everything before install! AUR packages are like Ubuntu PPAs, there is no security policy and no patch policy. But that is totally fine! It is entirely the point of AUR; anybody can contribute to it. For AUR packages security, you are on your own and you should check the sources thoroughly when you install an AUR package!

Re:It's a matter of trust

By aquabat • Score: 4, Funny • Thread

I think the whole system is screwed up.

It could be just your keyboard driver. If you think you've been infected, maybe check that one.

Ex-Apple Worker Charged With Stealing Self-Driving Car Trade Secrets

Posted by msmashView on SlashDotShareable Link
U.S. authorities on Monday charged a former Apple employee with theft of trade secrets, alleging that the person downloaded a secret blueprint related to a self-driving car to a personal laptop and later trying to flee the country, according to a criminal complaint filed in federal court. From a report: The complaint said that the former employee, Xiaolang Zhang, disclosed intentions to work for a Chinese self-driving car startup and booked a last-minute flight to China after downloading the plan for a circuit board for the self-driving car. Authorities arrested Zhang on July 7 at the San Jose airport after he passed through a security checkpoint. "Apple takes confidentiality and the protection of our intellectual property very seriously," Apple said in a statement. "We're working with authorities on this matter and will do everything possible to make sure this individual and any other individuals involved are held accountable for their actions."

Can we just name this?

By Prien715 • Score: 5, Interesting • Thread

He was just trying to pull a Levandowski. All he has to do now is found a new self-driving car company. in China.
Or maybe this act was done on Levandowski's behalf....

Re:PCB design

By tsqr • Score: 4, Interesting • Thread

"Plan for a circuit board" doesn't necessarily mean "PCB design"; it could include pretty much anything from a schematic diagram to a bill of materials to FPGA design files.

PayPal Told Customer Her Death Breached Its Rules

Posted by BeauHDView on SlashDotShareable Link
dryriver shares a report from the BBC: PayPal wrote to a woman who had died of cancer saying her death had breached its rules and that it might take legal action as a consequence. The firm has since acknowledged that the letter was "insensitive," apologized to her widower, and begun an inquiry into how it came to be sent.

Lindsay Durdle died on May 31 aged 37. She had been first diagnosed with breast cancer about a year-and-a-half earlier. The disease had later spread to her lungs and brain. PayPal was informed of Mrs Durdle's death three weeks ago by her husband Howard Durdle. He provided the online payments service with copies of her death certificate, her will and his ID, as requested. He has now received a letter addressed in her name, sent to his home in Bucklebury, West Berkshire. It was headlined: "Important: You should read this notice carefully." It said that Mrs Durdle owed the company about 3,200 pounds (~$4,200) and went on to say: "You are in breach of condition 15.4(c) of your agreement with PayPal Credit as we have received notice that you are deceased... this breach is not capable of remedy."
According to a PayPal staff member, there were three possible explanations for how the letter was sent: a bug, a bad letter template, or human error. PayPal is continuing to work with Mr Durdle and has written off the debt in the meantime.

Re: Luckily, he's not in Germany ...

By bursch-X • Score: 5, Funny • Thread
In Japan mortgage loans comes with a life (actually death) insurance, so if I die before my loan is paid back, my wife gets the house, without paying a penny back. And no, she has no plans of killing me. The house isn't that great.

The universe is insensitive by default

By pem • Score: 4, Interesting • Thread
Sensitivity requires removal of entropy. This has to be done company-by-company, person-by-person, and it may not stick, because entropy is always being added.

Even worse are the carpetbaggers who thrive on misery. When a loved one dies, be as prepared as you can for this sort of thing -- letters commiserating with you at this terrible occasion, and offering to buy your house immediately for cash. Half of these letters will be addressed to the deceased.

In general (at least around here), the carpetbaggers are not breaking any laws, and the most you can do is write to them or call them, and ask "Does your mother know what you do for a living?" Not that that does any good with those illegitimate sons of crack whores, but it might temporarily make you feel better.

The big companies are sometimes somewhat trainable, and I comment Mr. Durdle for attempting to train Paypal. I myself have attempted to train a few companies, such as Netflix. After trying multiple times to get their customer service people to do the right thing, I finally sent an email to their general counsel:

From: Netflix <info@mailer.netflix.com>
To: xxxx@zzzz.com
Subject: xxxx, come back today to more TV shows & movies.

More TV Shows & Movies to Love

A lot has changed since you left. Come back to Netflix and enjoy newly added TV shows & movies. There's something for everyone to enjoy and we're always adding more, including Netflix original series and movies.

(ad copy, buttons, etc.)

From: yyyy <yyyy@zzzz.com>
To: David Hyman <dhyman@netflix.com>
Subject: Re: Fwd: xxxx, come back today to more TV shows & movies.

Dear Mr. Hyman:

It would be great if xxxx would come back. She could watch all the netflix she wanted and I wouldn't mind.

But she's not coming back.

(link to obituary)

I canceled her account two months ago; somehow I managed to explain the situation to one of your people. But that's not good enough; now, in order to get your system to stop sending her email, I either need to provide information I don't have (a credit card number from a bank account which I closed), or I need to get a code so I can log into her netflix account.

This is apparently done in the name of PCI compliance. Like SOX, or ISO-9000, those things done in the name of PCI compliance often don't actually help and may actually harm. E.g. I want to give her privacy, and absolutely do not want to log into her netflix account.

I have fulfilled my responsibilities here; it is up to your company to insure that you stop sending advertising to my dead wife.

It would also be great if you could empower your people enough so that issues like this could be taken care of with a single phone call, but that no longer seems to be the American way.

Thank you for your prompt attention to this matter.

Best regards,
yyyy

Re: Luckily, he's not in Germany ...

By jpaine619 • Score: 4, Interesting • Thread

You are over simplifying. The law does not apply to all cancelled debts. It _mostly_ applies to debt that is a result of borrowing. i.e. you borrow $10,000 from a bank.. You never pay it back and eventually the bank writes it off (cancels it). You have effectively been paid $10,000. Thus it's income (sort of).

Now, you rack up $10,000 in long distance phone charges and AT&T cancels the debt. You do not owe the IRS a dime. You were never given money. Although, you certainly don't get to write off the $10K bill from AT&T since you never paid it, and this may push you up to a higher tax bracket...

That is, this law mostly applies to debt that involves the exchange of monies, from what I can tell. As with all things IRS, it's not crystal clear and you have to be a lawyer / CPA to be damn sure... But, your statement is demonstratively false, according to the IRS's own convoluted documentation.

Re:Luckily, he's not in Germany ...

By jpaine619 • Score: 5, Insightful • Thread

If you are serious, you are a fucking retard. I don't care how much you dislike Trump, to equate him with a philosophy that killed tens of millions of people is insulting to both groups.

Trump may be a giant asshole, but he's not rounding up Jews and gassing them.

I don't know which is worse.. The fact you imply Trump is as evil as Nazis or the fact that you make Nazis out to be less evil than they really were, by reducing them to the level of Trump.

Actually wrong

By aepervius • Score: 4, Informative • Thread
You can always refuse an inheritance, the trick is , you have to refuse it *wholesale*. Meaning you can't pick and chose. Furthermore if the debt was cosigned by *both* spouse then in some cases the other signatory still continue to hold the debt.

DOJ Reaches Settlement On Publication of Files About 3D Printed Firearms

Posted by BeauHDView on SlashDotShareable Link
He Who Has No Name writes: Those who remember Cody Wilson and Defense Distributed -- the self-described cryptoanarchist and his organization that published plans for 3D printable firearm parts, respectively -- also remember that not long after the plans for the printable Liberator single-shot pistol hit the web, the Department of State seized the Defense Distributed website and prohibited Wilson from publishing 3D printable firearm plans, claiming violations of ITAR -- the International Traffic in Arms Regulation, a U.S. law taxing and restricting the distribution of a wide variety of physical goods listed as having military value. Slashdot covered the website seizure here (the Department of Defense was initially misreported in sources to have been the agency responsible).

In both a First and Second Amendment win, the Second Amendment Foundation has settled with the Department of State after suing on behalf of Defense Distributed. Slashdot reader schwit1 shares an excerpt from the report: "Under terms of the settlement, the government has agreed to waive its prior restraint against the plaintiffs, allowing them to freely publish the 3-D files and other information at issue. The government has also agreed to pay a significant portion of the plaintiffs' attorney's fees, and to return $10,000 in State Department registration dues paid by Defense Distributed as a result of the prior restraint. Significantly, the government expressly acknowledges that non-automatic firearms up to .50-caliber -- including modern semi-auto sporting rifles such as the popular AR-15 and similar firearms -- are not inherently military."

Re:Woot!

By Alypius • Score: 4, Informative • Thread
I use mine for 3-gun competitions but I also do Civilian Marksmanship Program competitions...trying to get on a Navy shooting team to go to the national competition in Camp Perry, Ohio.

Re:Lockdown

By Alypius • Score: 4, Informative • Thread
Reaching back a bit, but Korean shopowners used them very effectively to defend their shops/homes during the Rodney King riots.

Re:He's just a troll

By blindseer • Score: 4, Interesting • Thread

It's videos like that which demonstrate the lie that is the "assault weapon". The gun grabbers say they want to take those "evil weapons of war" from the public but leave us with our hunting rifles. That's a lie and if they know anything about rifles or hunting then they know it's a lie. So either they are ignorant or they assume the people are ignorant.

Oh, and an "assault rifle" is a real thing. An assault rifle is a weapon capable of switching between single shot with each trigger pull (semi-automatic) and multiple shots per trigger pull (burst or fully-automatic). To the DOJ anything that is capable of firing more than one cartridge with a pull of a trigger is a "machine gun". A shotgun fires multiple projectiles with each pull of the trigger but that does not make it a machine gun so long as all the projectiles are in a single cartridge. There are air guns that can fire multiple projectiles but since the projectiles are not contained in a cartridge that is also not a machine gun. State laws vary on this such as my own where any "dangerous weapon" is categorized along with firearms, so even pepper spray or a taser needs a permit to carry concealed.

The definition of an assault weapon varies by state. There was a big deal made about some insane person murdering schoolchildren with an "assault weapon" which was a lie. Assault weapons, by their definition, are banned and so no one has committed a mass murder in a school with an assault weapon as defined in that state. Now that we've seen a handful of murders done with handguns and pump action shotguns it seems, to me at least, the concept of the "assault weapon" is fading. Banning shotguns will not go over well, and finally people are discussing things that will actually stop murders such as armed guards at schools.

Re:Lockdown

By Highdude702 • Score: 4, Insightful • Thread

most of the murders are committed in areas which have harsh gun laws. like Chicago for example. Oh and don't forget LA.

Deterrent for Invasion that will never happen

By skam240 • Score: 4, Insightful • Thread

Oh good, if America is so well protected we should be able to redirect the billions in defense spending to more productive use.

Apple's China-Friendly Censorship Caused An iPhone-Crashing Bug

Posted by BeauHDView on SlashDotShareable Link
Security researcher Patrick Wardle helped Apple fix a bug that would crash apps displaying the word "Taiwan" or the Taiwanese flag emoji. Some iPhones could be remotely crashed by something as simple as receiving a text message with the Taiwanese flag. Apple confirmed the fix in a security update Monday. Wired reports: "Basically Apple added some code to iOS with the goal that phones in China wouldn't display a Taiwanese flag," Wardle says, "and there was a bug in that code." Since at least early 2017, iOS has included that Chinese censorship function: Switch your iPhone's location setting to China, and the Taiwanese flag emoji essentially disappears from your phone, evaporating from its library of emojis and appearing as a "missing" emoji in any text that appears on the screen. That code likely represents a favor from Apple to the Chinese government, which for the last 70 years has maintained that Taiwan is a part of China and has no legitimate independent government.

But Wardle found that in some edge cases, a bug in the Taiwan-censorship code meant that instead of treating the Taiwan emoji as missing from the phone's library, it instead considered it an invalid input. That caused phones to crash altogether, resulting in what hackers call a "denial of service" attack that would let anyone crash a vulnerable device on command. Wardle's still not sure how many devices are affected, or what caused that bug to be triggered only in some iOS devices and not others, but he believes it has something to do with the phone's location and language settings.
Wardle has more details of the bug on his blog.

Disgusting

By hcs_$reboot • Score: 4, Insightful • Thread
If Apple is keen on implementing that level of censorship [ which has been made public ] who knows what else stagnates in the code ready to break privacy?

China vs China

By manu0601 • Score: 4, Informative • Thread

the [People Republic of China] government, which for the last 70 years has maintained that Taiwan is a part of China and has no legitimate independent government.

And Taiwan's government has the exact same opposite position, maintaining that they are the only legitimate government of China. Both government consider there is only one China, and that its territory contains mainland and Taiwan island.

Re:Cupertino city flag

By Actually, I do RTFA • Score: 5, Informative • Thread

The Taiwanese Flag is also the Chinese National Flag... pre-Communist revolution. The Taiwanese government claims continuity with the pre-Communist government. Hence, to mainland China, it is very much like Delaware wanted to keep flying the Union Jack in 1830.

Re:China vs China

By LostInTaiwan • Score: 5, Informative • Thread

However, Taiwan is a democracy with protection for basic human rights. You can freely fly the Chinese flag and openly advocate Taiwan is a part of China. Try doing the reverse in China will most likely result in imprisonment. That is the biggest difference between Taiwan and China.

Oh', that China vs China argument is a Chinese construct. The Chinese position is, if Taiwan renounces its Chinese territorial claim then that's justification for invasion; if Taiwan continues its Chinese territorial claim, that too is justification for invasion.

I am in Xiamen now...

By LynnwoodRooster • Score: 3 • Thread
Let me open my browser (Chrome, Samsung Galaxy Note 8), pop open Bing, type in Taiwan. Works fine here! Same with texting the word to my wife. Even downloaded a picture of the Taiwanese flag. Yep - seems to work on Android at least. I guess Google doesn't want to bow so deeply to Beijing!

DOD Seeks Classification 'Clippy' To Help Classify Data, Control Access

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from Ars Technica: The DOD has issued a request for information (RFI) from industry in a quest for technology that will prevent the mislabeling and accidental (or deliberate) access and sharing of sensitive documents and data. In an announcement posted in May by the Defense Information Systems Agency (DISA), the Pentagon stated that the DOD CIO's office -- part of the Office of the Secretary of Defense -- is "investigating the use of commercial solutions for labeling and controlling access to sensitive information." Defense IT officials are seeking software that "must be able to make real-time decisions about the classification level of the information and an individual's ability to access, change, delete, receive, or forward the information based on the credentials of the sending and/or receiving individual, facility, and system."

In other words, the DOD is looking for a classification Clippy. In a response to questions regarding the RFI issued in late June, DOD officials said that the system should be able to ideally protect "any file type on a Microsoft operating system (OS) file system and active directory domain."

it's all in who does it

By liquid_schwartz • Score: 3 • Thread
After all, if you're connected well enough 'no reasonable prosecutor' would bring a case against you regardless of how many documents you mishandle. If you're just a lowly sailor then they will throw the book at you even for minor infractions. Until justice is evenly applied then it's all a rather obvious scam.

Researchers Devise AI System To Reduce Noise in Photos

Posted by msmashView on SlashDotShareable Link
Researchers from Nvidia, MIT, and Aalto University are using artificial intelligence to reduce noise in photos. The team used 50,000 images from the ImageNet dataset to train its AI system for reconstructing photos, and the system is able to remove noise from an image even though it has never seen the image without noise. VentureBeat: Named Noise2Noise, the AI system was created using deep learning and draws its intelligence from 50,000 images from the ImageNet database. Each came as a clean, high-quality image without noise but was manipulated to add randomized noise. Computer-generated images and MRI scans were also used to train Noise2Noise. Denoising or noise reduction methods have been around for a long time now, but methods that utilize deep learning are a more recent phenomenon.

Computer!

By Pete Smoot • Score: 4, Funny • Thread

Magnify and enhance sector A5.

Once again, life imitates science fiction.

Tired of AI This and AI That

By Marlin Schwanke • Score: 5, Funny • Thread
I wish they'd quit with the AI and Artificial Intelligence monikers being applied to everything in tech these days. The day one of these AI's tells me that, no, it won't brew my coffee this morning because it is taking the day off is the day I might buy in to this nonsense.

Article needs image diffs

By Ichijo • Score: 3, Interesting • Thread

It would be interesting to see a visual diff between the denoised result and the source image before the random noise was added, in order to see what kinds of artifacts were generated during the denoising process. For example, did it add any leaves to the image of the koala?

Re:Tired of AI This and AI That

By yaznaz • Score: 5, Informative • Thread
Did you even check the paper at: https://arxiv.org/pdf/1803.041...

The abstract states "We apply basic statistical reasoning to signal reconstruction by machine learning — learning to map corrupted observations to clean signals — with a simple and powerful conclusion: under certain common circumstances, it is possible to learn to restore signals without ever observing clean ones , at performance close or equal to training using clean exemplars."

The results show dramatic improvements that are very close to original image (before random noise is introduced to generate the input)- a level of improvement that is simply not possible with conventional image processing/denoising filters.

If this is not AI, I don't know what else would be.

blind source separation?

By pz • Score: 3 • Thread

While the images they have shown as examples are really pretty impressive, given that they're using a training set of Image A versus Image A Plus Noise, the problem is akin to blind source separation (BSS). There's been quite a lot of work done on BSS, much of which is very impressive (and based on neural nets).

The critical issue is to see what happens when they take a real photograph that has not been adulterated to add noise, and improve that. Will their model of a noiseless source image with additive noise still hold? The article doesn't touch upon that critical test, unfortunately.

The results they show are very, very cool, though. And if they hold up for MRI work, it would be a game-changer in the medical field. The article shows an MRI adulterated with noise, their recovered image, and the noiseless ground truth. A better test would be to take an MRI that was scanned for too short a time (and thus is noisy), and compare their extraction against an MRI with identical scanning parameters, except for normal imaging time. MRI magnet time is expensive; if it can be reduced by 50% and get equivalent image quality, that's a huge advance.

Hacker Breaches Chrome Extension of Popular VPN Service Hola, Directs Users To Compromised Cryptocurrency Website

Posted by msmashView on SlashDotShareable Link
Catalin Cimpanu, reporting for BleepingComputer: A hacker has breached a Hola VPN developer account and has replaced the official Chrome extension with one that redirected users of the MyEtherWallet.com website to a phishing page controlled by the attacker. The compromise took place yesterday and only lasted for five hours the MyEtherWallet (MEW) team said in a tweet. The Hola VPN team admitted to the hack. "The attack was programmed to inject a JavaScript tag in to the MEW site to 'phish' information about MEW accounts that are logging in without being in 'incognito mode', by re-directing the MEW users to the hacker's website," the Hola VPN team said.

That's rare!

By Vintermann • Score: 3 • Thread

Cryptocurrency being stolen with old fashioned stuff like actual hacking and phishing, rather than by saying "we got hacked" and running away with your users' bits.

TIL: People still use Hola

By wardrich86 • Score: 3 • Thread
Hola has been shat on for a number of issues over the years. Anybody still using it pretty much deserves to have this happen to them.

Is iOS 11.4 Draining Your iPhone's Battery? You're Not Alone

Posted by msmashView on SlashDotShareable Link
If you've noticed that the battery life on your iPhone is not what it used to be, it's likely that the problem isn't with your iPhone or some setting or app, but a bug in iOS 11.4. From a report: Apple's support forum has been blowing up with complaints from users that battery life has been seriously curtailed since installing iOS 11.4. The problems seems to be reasonably widespread and affects the iPhone line up across the board. I've seen this issue on the iPhones that I use. It seems to be accompanied by the device running unusually hot.

Upgrade drains battery, no?

By pz • Score: 5, Informative • Thread

From what I recall reading on Slashdot, this issue is raised nearly every time there's an upgrade to iOS and the reason is that while the basic upgrade happens right away to ensure usability as quickly as possible, there's a ton of stuff that happens in the background for some time to come. It's the background activity that appears to shorten the battery usability. Once the background activity is done, back to normal, more-or-less.

Or so I've read. Personally, I don't own an Apple device of any sort so I can neither confirm nor dispute. Don't blame the messenger.

Re:Really? Is this something new?

By hcs_$reboot • Score: 5, Informative • Thread
Based on my own experience, iPhones are not born equal. Anyway I'd check the "background app refresh" settings and unset most of them...

There’s an easy fix ...

By ddtmm • Score: 5, Funny • Thread
Couldn’t they just slow the phone down a bit so it doesn’t use as much battery power? This is a no-brainer.

Re:I have an idea

By TheFakeTimCook • Score: 5, Funny • Thread

This is the 100th time Apple has released a patch that screwed up certain models. They're incompetent. I see a pattern here. They're going to keep doing it! BUY A DIFFERENT BRAND, YOU IDIOTS!

While Android wisely avoids the problem by almost never having Updates at all...

Re:iOS 11.4 is draining my battery

By DontBeAMoran • Score: 5, Insightful • Thread

iOS 11.4 is draining my battery, and I have an iPhone 4. That's how bad iOS 11.4 is!

With So Many Eyeballs, Is Open Source Security Better?

Posted by msmashView on SlashDotShareable Link
Sean Michael Kerner, writing for eSecurity Planet: Back in 1999, Eric Raymond coined the term "Linus' Law," which stipulates that given enough eyeballs, all bugs are shallow. Linus' Law, named in honor of Linux creator Linus Torvalds, has for nearly two decades been used by some as a doctrine to explain why open source software should have better security. In recent years, open source projects and code have experienced multiple security issues, but does that mean Linus' Law isn't valid?

According to Dirk Hohndel, VP and Chief Open Source Officer at VMware, Linus' Law still works, but there are larger software development issues that impact both open source as well as closed source code that are of equal or greater importance. "I think that in every development model, security is always a challenge," Hohndel said. Hohndel said developers are typically motivated by innovation and figuring out how to make something work, and security isn't always the priority that it should be. "I think security is not something we should think of as an open source versus closed source concept, but as an industry," Hohndel said.

Re:Visibility is always better than invisibility

By Solandri • Score: 5, Insightful • Thread
Whether the eyeballs are paid is irrelevant. One of the interesting findings from the investigation of the Space Shuttle Challenger disaster was that NASA triple-checked components. But it turned out the three (paid) inspectors often assumed the other two were doing their job, and regularly skipped inspections on more-difficult-to-access parts. Since all three were biased to skip the same parts, those parts frequently went uninspected before launch. So in that particular case, having more eyeballs actually led to less security, than having a single inspector who knew the entire burden of security was resting on his/her shoulders.

People are lazy.

Complex Question

By ytene • Score: 3 • Thread
I think there are a couple of aspects to this that might be a bit off the beaten track of threads posted so far...

The first is that we need to think about like-for-like comparisons. When these observations were initially made, 20 years ago, how many projects [either closed source or open source] were using automated source code scanning solutions? i.e. technology specifically written to parse code for flaws?

In other words, 20 years ago the "landscape" was likely to be close to "even". Today, however, many commercial software development shops use vulnerability scanning solutions and/or routinely conduct binary scans of resultant code. Today, many commercial development shops use automated test harnesses for load testing and regression testing. It is fantastic that they do. They do this because they can afford to and because the rapid advancement of this sort of technology has made it possible. Twenty years ago? Not so much.

This would suggest that we might start to see a difference in post-production bugs between Open Source and Commercial/Closed Source software where the development environments differ between these two operating models.

The second observation would be far more tenuous. In the same 20 year period, we have seen many different programming languages "come and go". Obviously the more established platforms (COBOL, C, C++, JAVA) continue to be popular, but this, too, brings differences in bug reports. The longer a language has been in existence, the more mature development becomes, the more libraries become available, the more skilled developers become in preventing even the more obscure bugs.

I don't have access to the data [and wouldn't know where to look for it, tbh] but I think it would be easy to graph out "average number of vulnerabilities per thousand lines of code" - i.e. defect density - over a 5, 10 or even 20-year period of language use. It would be reassuring to see if that trended down - but even more interesting [and worrying] if it didn't.

A while back I went looking to see if there were any "big rules" about different programming languages being more or less prone to vulnerabilities than others. I had read [maybe 25 years ago] that Ada was once thought of being a language with very few bugs. The theory was that it's compiler was so strict that if you could get your code to compile, it would probably run just fine. I was really surprised to learn that although there had been a few studies, there didn't seem to be any emergent evidence to suggest that there were differences between languages. I was surprised because my ignorance had suggested to me that helpful and/or heavily typed languages would be less bug-prone that more relaxed ones - i.e. that JAVA would have a lower defect density than C. Apparently [and I'd be happy for anyone to correct me] the evidence does not support this.

Sorry that this is trending away from the original question, but I think that context is absolutely crucial to get to a good answer to the original post - and that we would find that, like forecasting the weather, it would be pretty hard to do...

Start by posting your idea

By raymorris • Score: 5, Interesting • Thread

Your experiences remind me of something I learned about open source development. I now start by posting about what I intend to do. I've received these responses:

John is working on that and expects to release it next week.

No need to do all that, just use setting Xyx and skip the last part.

That seemed like a good idea, but when we looked into it we noticed this trap.

We decided we want Betaflight to focus on LOS. Your idea fits better with the iNav fork, which already does most of that.

Hey that's a good idea. Can you also allow multiples? That would be useful for me. I can help test.

The Many Eyeballs is BS

By SwashbucklingCowboy • Score: 3 • Thread

It's pure BS. Yeah, you *can* look at the code, but how many do? And how many have the requisite knowledge to recognize it when something is wrong?

As noted on Slashdot over 10 years ago (https://it.slashdot.org/story/08/05/11/1339228/the-25-year-old-bsd-bug) it took 25 years to fix a bug in some commonly used open source. My understanding is that the Samba team even coded around the bug instead of looking at the code and getting it fixed.

Is open source security better than closed source? Sometimes yes; sometimes no. Depends on the developers, the projects and the companies involved. Security is about process and there's a lot more to the process than having access to the source code.

Re:More eyes

By Let's All Be Chinese • Score: 4, Interesting • Thread

It's not that the patterns themselves have failed, just that their use has fizzled due to failure to live up to the claimed benefits of using them. I've never actually even read the book, but I took a gander at the "antipatterns" book (only thing in category available at the library at that time) and it immediately struck me as "middle management trying to program", or something in a similar vein.

Now, there's indubitably a lot of "code grinders" Out There for whom this sort of thing is actually a boon. The best and brightest among us tend to scoff at such people, or more specifically at their stumbling and crutches, with all sorts of plausible-sounding but not actually helpful counters like "good people know what their code does", conveniently forgetting that most programmers aren't very good at all. So perhaps "patterns" are a useful crutch to keeping a lid on the damage from the inevitable Dunning-Kruger effects in business programming. I don't know, maybe.

But it was only until very much later that I found this writeup and my take-away is that this sort of thing, I think including touting lists of "patterns" as fix-alls for programming trouble, are attempts at taking an inherently mapping mode thing into something suitable for packers to use. The better approach is to knock such people into mapping mode, but that's much harder to sustain. And could well count as cruel and unusual.

Apple To Deploy 1Password To All 123,000 Employees; In Talks To Acquire Password Manager's Parent-Firm AgileBits: Report

Posted by msmashView on SlashDotShareable Link
Jonathan S. Geller, reporting for BGR: Apple acquires an average of 15 to 20 companies a year, according to CEO Tim Cook. Of that number, we only hear about a couple, as most of these acquisitions or aqcui-hires are not consumer-facing, nor disclosed. However, we have exclusively learned that Apple is planning an interesting partnership and a potential acquisition of AgileBits, maker of the popular password manager 1Password.

According to our source, after many months of planning, Apple plans to deploy 1Password internally to all 123,000 employees. This includes not just employees in Cupertino, but extends all the way to retail, too. Furthermore, the company is said to have carved out a deal that includes family plans, giving up to 5 family members of each employee a free license for 1Password. With more and more emphasis on security in general, and especially at Apple, there are a number of reasons this deal makes sense. We're told that 100 Apple employees will start using 1Password through this initiative starting this week, with the full 123,000+ users expected to be activated within the next one to two months.
Update: In a statement, 1Password said rumors of its acquisition were " completely false."

Apple to deploy 1 password to 123,000 employees...

By Oswald McWeany • Score: 5, Funny • Thread

Why not give them each their own password instead?

Re:Why?

By XXeR • Score: 4, Insightful • Thread

The point is not having secure passwords, the point is having different passwords for your services.

Agreed.

Your password security is only as secure as where you are using them.

I disagree. If I use Keepass and store my DB locally, then I'd argue that's more secure than anything stored in the cloud. At the very least, it's up to me to ensure it's secure, rather than hoping someone else is doing so for me.

With cloud stored passwords, you can have auto generated arbitrary passwords, each different for each service so in case of a leak, your other services aren't compromised.

This doesn't require cloud storage of passwords.

Just make sure the password vault is encrypted client side and it should be reasonable secure for "random online stuff".

Or, store it COMPLETELY client side...and encrypt it.

For banking or high secure requirements, then no. Something involving keys would probably be better.

So you propose using a cloud storage service for passwords, unless you're banking?

Re:Or on a computer

By Average • Score: 5, Informative • Thread

My team's preferred password management is basically doing that right now.

We use the standard 'zx2c4' pass program (passwordstore.org). Which is a readable set of BASH wrapper scripts around GPG and Git.

Our GPG private keys are on Yubikeys. Where the crypto processing does happen on the smartcard/dongle as you suggest. There's a step there where it's in memory, but that's inevitable (even with mooltipass emulating a keyboard).

This even works over NFC on Android (Password Store and OpenKeychain).

iow, it's baked... we've been doing this for like three years now.

iCloud already has this functionality...

By Graymalkin • Score: 3 • Thread

Why would Apple bother buying 1Password when iCloud already does the same thing and is integrated into all their platforms? Do people making shit up just use MadLibs and go with whatever? Are the clicks really worth that much?

Re:Thank goodness

By caution live frogs • Score: 5, Informative • Thread

1Password is actually fine as far as 3rd party concerns go. You can use their internal cloud to store your password archive, or one of many other cloud services, or even keep the archive in local storage and NOT in the cloud. The password archive is a file. You can put it anywhere you put any other file. The trust for this location is entirely up to you. If you trust Apple, put the archive into iCloud and you're solid.

I've been using the program for several years. I'm quite happy to see Apple using it. They could choose from any password tool on the market. I'm sure they extensively vetted the alternatives before picking 1Password. If it's secure enough for Apple, I feel safe trusting it as well.

BlackTech Threat Group Steals D-Link Certificates To Spread Backdoor Malware

Posted by msmashView on SlashDotShareable Link
Security researchers have discovered a new malicious campaign that utilizes stolen D-Link certificates to sign malware. From a report: A lesser-known cyber-espionage group known as BlackTech was caught earlier this month using a stolen D-Link certificate to sign malware deployed in a recent campaign. "The exact same certificate had been used to sign [official] D-Link software; therefore, the certificate was likely stolen," says Anton Cherepanov, a security researcher for Slovak antivirus company ESET, and the one who discovered the stolen cert. Cherepanov says BlackTech operators used the stolen cert to sign two malware payloads -- the first is the PLEAD backdoor, while the second is a nondescript password stealer. According to a 2017 Trend Micro report, the BlackTech group has used the PLEAD malware in the past. Just like in previous attacks, the group's targets for these most recent attacks were again located in East Asia, particularly in Taiwan. The password stealer isn't anything special, being capable of extracting passwords from only four apps -- Internet Explorer, Google Chrome, Mozilla Firefox, and Microsoft Outlook.

In World First, Danish Court Rules Stream-Ripping Site Illegal

Posted by msmashView on SlashDotShareable Link
An anonymous reader shares a report: Convert2MP3 is a site that allows users to download audio from platforms including YouTube. Following legal action carried out by Rights Alliance on behalf of music industry group IFPI, Convert2MP3 has been declared unlawful by a Danish court which has now ordered ISPs to block it. It's the first time worldwide that a so-called stream-ripping site has been declared illegal.

Re:Conversion not allowed in my country since a mo

By houghi • Score: 4, Informative • Thread

Just download one of the many rippers available. For Linux there is youtube-dl
And here is the code you can use:
youtube-dl --extract-audio --audio-format mp3

Most ripping sites where just a shell arround youtube-dl anyway and as such limited the program to just a few options.

As you now have the source, you will be able to build your own website that does the same. With little ingenuity, you can have a bookmark in your browser and when you click it when you are on YouTube, it will start downloading to the directory of your choice.

Editing of MP3 can then be done with any MP3 editing program you desire,

You are on /. Behave like it. Now get of my lawn.

Re:Weird

By elgaard • Score: 4, Informative • Thread

This is from the Frederiksberg court.
It is not final. But most likely the alliance won because the people behind Convert2mp3 did not bother to show up in a Danish court. And they probable also will not appeal. The transcripts from the court is not made public yet as far is I know.

For those that disagree

By houghi • Score: 3 • Thread

You canb take action now. You are on /. so you have some Internet knowledge.

Build a website around https://rg3.github.io/youtube-dl/. Not that hard to do. Should be up and running in around an hour.

Having the cake and eating it too

By Misagon • Score: 4, Insightful • Thread

Meanwhile, Denmark has its "båndkopi" (tape copy) fee on practically all storage media -- whether it is being used for music or not -- to compensate for copying.
The collected money is distributed to a select number of rights holders through some scheme by the industry organisation Copydan.

The "båndkopi" fee was created once upon a time because the music industry complained that people could copy music to tapes from records and the radio ...
And now that Youtube and other streaming services are basically serving the same function that radio did, things are different?

Re:Conversion not allowed in my country since a mo

By BlueStrat • Score: 4, Funny • Thread

Ah, but the SGAE in Spain does not really want to forbid things. They want to be able to extort money from everybody.

Nobody expects the Spanish Requisition!

Strat

YouTube Is Fighting Conspiracy Theories With 'Authoritative' Context and Outside Links

Posted by BeauHDView on SlashDotShareable Link
In an effort to reduce misinformation on YouTube, the video-sharing website will be adding "authoritative" context to search results about conspiracy-prone topics, as well as putting $25 million toward news outlets producing videos. YouTube made the announcement today as part of a new step in its Google News Initiative, a journalism-focused program that aims to help publishers earn revenue and combat fake news. The Verge reports: This update includes new features for breaking news updates and long-standing conspiracy theories. YouTube is implementing a change it announced in March, annotating conspiracy-related pages with text from "trusted sources like Wikipedia and Encyclopedia Britannica." And in the hours after a major news event, YouTube will supplement search results with links to news articles, reasoning that rigorous outlets often publish text before producing video.

YouTube is also funding a number of partnerships. It's establishing a working group that will provide input on how it handles news, and it's providing money for "sustainable" video operations across 20 markets across the world, in addition to expanding an internal support team for publishers.

Re:Why?

By Mashiki • Score: 4, Insightful • Thread

You mean bog him down as a troll tactic?

Skim their post history, they don't believe it's a troll tactic. They simply believe that anyone who disagrees with the progressive agenda in any form are white nationalists. If you want to see the face of extremism, it's right there. And that, is just plain sad.

Re:Why?

By Moryath • Score: 4, Insightful • Thread

Let me get this straight. An article about a monetary donation to a fact checking site and two opinion articles, and you're too media illiterate to check the bylines?

I'd laugh if it weren't so sad.

Re:Why?

By GameboyRMH • Score: 5, Informative • Thread

Exactly, and making perfect the enemy of good is just the tactic post-truth types love to use against fact-checking. Case in point: "Sometimes fresh news articles get corrected, therefore let's give batshit nutjobbery and Russian propaganda a head start (particularly on hot-button issues where I want to empower post-truth narratives) until things settle down."

Re:Why?

By PhrostyMcByte • Score: 5, Interesting • Thread

The person who won does not matter to my post. There is evidence showing that regardless of who you were voting for, you were being targeted. Some of it was more obvious than others, but people on all sides of the political spectrum -- me included -- failed to filter out some of the spin coming their way.

Stop jumping to conclusions with divisive outrage. It's what they wanted. There's no room for pride here.

Who watches the wingnuts?

By Uberbah • Score: 4, Informative • Thread

Dan Rather, anchor long time CBS anchor, forced to resign in disgrace for manufacturing anti-conservative news

Wrong wrong wrong. CBS did verify the memos for the accuracy of their content. If they were forged - which has never been proven - someone forged the truth.

And bitch, please, it's not as if every reporter, anchor and editor who repeated the outright lies on Iraq was castigated, much less suspended, much less fired for taking part in the very worst propaganda in modern times. Wingnuts have created this standard that applies to just one person, because it fits your biases.

NPR admitting press is biased

Yes, National Pentagon Radio is quite biased. Just 180 degrees from where you think it is.

China Internet Report 2018

Posted by msmashView on SlashDotShareable Link
At Rise Conference in Hong Kong on Tuesday, Abacus executive producer Ravi Hiranand, South China Morning Post technology editor Chua Kong Ho, and 500 Startups partner Edith Yeung presented China Internet Report 2018, highlighting the big names and wider trends shaping China's technology. The takeaway: China has nearly 3 times the number of internet users as the United States, and the gap will only widen: China has 772 million internet users, vastly more than the 292 million in the US. And there's still plenty of room to grow -- internet penetration is only at 55% in China, while in the US, it's 89%.

Beijing is China's unicorn capital: Some of China's biggest tech giants may have started in Shenzhen, but Beijing leads the way with 31 tech unicorns. (Shenzhen has just 11!)

China's internet giants are doing everything: From streaming video to self-driving cars, the big three (Baidu, Alibaba and Tencent) are present in almost every tech sector, either by investing in startups or by building it themselves.

Government policy continue to actively shape China's tech industry.

China's online shopping giants are going offline.

China loves short videos.

WeChat's mini-programs are cementing its place as China's virtual mobile operating system: Mini-programs, which are no bigger than 10 megabytes and running in the WeChat app are gaining ground -- WeChat now hosts 1 million mini-apps, and the number of people who use them daily is expected to reach 400 million.

China lags behind the US in AI, but the government wants to catch up -- soon.

China is making smart speakers but Chinese users aren't buying them: There are now over 100 smart speaker developers in the country (including all of the tech giants), but demand isn't there yet -- in 2017, only 350,000 smart speakers were sold in China, compared to 25 million in the US.

China is now the world's biggest gaming market: It accounts for more than aquarter of the world's total gaming revenue (the US is close behind in second). And it's dominated by two players: Tencent and NetEase, who jointly have over 60% market share in China.

Smart microphones

By CanEHdian • Score: 3 • Thread

China is making smart speakers but Chinese users aren't buying them: There are now over 100 smart speaker developers in the country (including all of the tech giants), but demand isn't there yet -- in 2017, only 350,000 smart speakers were sold in China, compared to 25 million in the US.

Maybe the Chinese term is Listens-all-the-time? We-hear-all-you-say? Or smart microphones? That is what we should start calling them, they will sell a lot less in North America too.

Chinese don't buy smart speakers

By Opportunist • Score: 5, Interesting • Thread

That makes sense. If you live in a country where you have known that everyone and their dog is eavesdropping on you 24/7, you are wary of such trojan horses.

Only in countries where the population isn't used to a government that makes it their business to spy on you the people could possibly be gullible enough to buy such crap.

Re: Smart microphones

By phantomfive • Score: 5, Informative • Thread
Tbh I don't understand why Americans buy them. When I've seen them in use, the use cases are narrow and the implementation frustrating.

Re:who cares about China

By Karmashock • Score: 4, Interesting • Thread

Do you know how much cheaper china is than the US at this point?

Its marginal.

First because labor costs are decreasing in relevance as we automate.

Second because chinese labor costs have gone up.

Third because various things in china other than labor are more expensive than in the US.

Fourth because there are often unaccounted costs to doing business in china such as forced tech transfers, IP theft, etc that ultimately can erase all gains.

There is more... but that makes the point that it is more complicated and the cost of doing business in china is not that much cheaper than in the US.

And because I won't be believed and no one uses a search engine to inform themselves absent it getting jammed in their faces:
http://fortune.com/2015/06/26/...

China is replaceable in the US supply chain. We only used them because we are making a lot of things in other countries in east asia and china was a reasonable place to assemble things. Totally replaceable.

I know I know... lots of either clueless or politically motivated asshats running around running their mouths saying X or Y must be and the status quo is forever.

Think for yourselves.

Note the UK is also cheaper than Germany. Add that to your thinking on the Brexit discussions. ;)

WeChat & miniprograms vs web & PWAs

By dwater • Score: 3 • Thread

> WeChat's mini-programs are cementing its place as China's virtual mobile operating system: Mini-programs, which are no bigger than 10 megabytes and running in the WeChat app are gaining ground -- WeChat now hosts 1 million mini-apps, and the number of people who use them daily is expected to reach 400 million.

The penetration of WeChat is quite worrying when considering the future of internet/web (in China, at least), but also these mini-programs seem to be a direct threat to PWAs (as well as native apps). Any entity that wants to get value from the internet in China needs to master these technologies. I see Tesla have already realised this:

"Tesla has a mini-program enabling users to locate charging stations, schedule a test-drive and share their experiences about driving a Tesla car"
https://walkthechat.com/wechat...

Half of ICOs Die Within Four Months After Token Sales Finalized

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from Bloomberg: About 56 percent of crypto startups that raise money through token sales die within four months of their initial coin offerings. That's the finding of a Boston College study that analyzed the intensity of tweets from the startups' Twitter accounts to infer signs of life. The researchers determined that only 44.2 percent of startups survive after 120 days from the end of their ICOs. The researchers, Hugo Benedetti and Leonard Kostovetsky, examined 2,390 ICOs that were completed before May.

Acquiring coins in an ICO and selling them on the first day is the safest investment strategy, Kostovetsky said in a phone interview. But many individual investors can't participate in ICOs, so this option isn't open to them. Still, all investors should probably sell their coins within the first six months, the study found. "What we find is that once you go beyond three months, at most six months, they don't outperform other cryptocurrencies," Kostovetsky said. "The strongest return is actually in the first month."
The Boston College study also found that ICO returns are declining, as startups have becoming savvier about pricing coin offerings and more people have jumped into ICO investing. According to Bloomberg, "Returns of people who sold tokens on the first day they were listed on an exchange have been declining by four percentage points a month, Kostovetsky said."

Looking back at this time will be interesting.

By ErichTheRed • Score: 3 • Thread

It seems like whenever there's an economic expansion of any kind, people are desperate to put their money in anything regardless of the chance of success. This particular time will be very interesting to look back on, because you basically have multiple different bubbles all going on at the same time and they all feed on each other. I feel old, but I really don't see cryptocurrency as anything more than a scam.

The mobile/app economy bubble is fed by the cloud bubble, which both feed the blockchain/cryptocurrency bubble, and all of them are sustained by The Cloud. Back in the 90s, if you wanted to sell bags of dogfood online and ship them for free to get eyeballs, getting started cost tons of money. You had to buy servers, colocate them in a data center, etc. and it cost millions to start up. Now, all you have to do is use the founder's credit card to buy AWS/Azure/GCP time and the money comes out much more slowly. This is why I think the bubble(s) are going to last a lot longer than the last one...there's way less pressure to IPO and topple the house of cards. Most of unicorn startups are being happily fed money by VCs rather than Grandma's pension fund buying into pets.com, and they need less every month.

My worry is that allowing these bubbles to live longer than they should will make them huge and cause an even bigger mess when everything comes crashing in. Look at Silicon Valley housing markets as an example. I live near NYC, so I'm not one to point fingers at crazy housing prices. But if i wanted to move there for a job, a similar house to mine, a similar distance to work would be 4 or 5 times the price of my already-expensive one here in suburban NY. Yet, people are happily buying/renting so they can cash in on the gold rush...no thanks.

Scam vs. Life Expectancy.

By geekmux • Score: 3 • Thread

"About 56 percent of crypto startups that raise money through token sales die within four months of their initial coin offerings."

Yeah, and 80 - 90% of start-ups die within the first 12 months, which leaves the obvious question; Are ICOs nothing more than scams, or is a four-month death essentially expected in this particular type of business?

Perhaps it's a bit early to really tell, but it's rather ironic that ICOs seem to have a success rate on par with damn near any other type of start-up (if not better), and yet we're questioning that activity worse than Al Capones tax auditor. All forms of investing are gambling at the end of the day.

Re:Investment?

By Alioth • Score: 4, Insightful • Thread

No, investing isn't gambling, it's not black and white like that.

There's more of a scale. At one end you have "gambling" and at the other you have "investing". At the far gambling end of the spectrum you have games of chance (e.g. roulette), binary options (which is gambling dressed up to look like investing), slot machines etc - basically all the types of things where the house always win. At the other end you have things like bonds, traditional long term buy and hold in blue chip companies etc. There's still some risk but on that end of the spectrum, it's not a zero sum game nor "the house always wins".

If you say all investing is gambling because there's some risk and can never be a sure thing, then you get to the reductio ad absurdum argument that absolutely everything is gambling, e.g keeping your money in a savings account is also gambling because that's not a sure thing either.

Scientists Discover the World's Oldest Colors

Posted by BeauHDView on SlashDotShareable Link
1.1 billion-year-old bright pink pigments extracted from rocks deep beneath the Sahara desert in Africa are the oldest colors on record. They were discovered by scientists from The Australian National University (ANU), with support from Geoscience Australia and researchers in the United States and Japan. Phys.Org reports: Dr. Nur Gueneli from ANU said the pigments taken from marine black shales of the Taoudeni Basin in Mauritania, West Africa, were more than half a billion years older than previous pigment discoveries. The fossils range from blood red to deep purple in their concentrated form, and bright pink when diluted. The researchers crushed the billion-year-old rocks to powder, before extracting and analyzing molecules of ancient organisms from them.

"The precise analysis of the ancient pigments confirmed that tiny cyanobacteria dominated the base of the food chain in the oceans a billion years ago, which helps to explain why animals did not exist at the time," Dr. Gueneli said. Senior lead researcher Associate Professor Jochen Brocks from ANU said that the emergence of large, active organisms was likely to have been restrained by a limited supply of larger food particles, such as algae. "Algae, although still microscopic, are a thousand times larger in volume than cyanobacteria, and are a much richer food source," said.
The study has been published in the journal PNAS.

Re:Silly headline

By Opportunist • Score: 5, Insightful • Thread

Only on Slashdot you could make a bad joke about the technological development of television and it gets modded "insightful".

Mods? What the fuck is wrong with you?

Older Rocks and even Older "Colour"

By Roger W Moore • Score: 5, Informative • Thread

Probably more correct to say "oldest rock color".

No, the oldest confirmed rock on Earth at 4.4 billion years old is a nice blue zircon.

However, the oldest "colour" in the Universe though is technically the Cosmic microwave background. Some of those photons used to be in the visible spectrum but are so old, dating from 300k years after the Big Bang, that the expansion of the universe stretched them into the microwave region. So, if anything, the oldest colour is what we now perceive as the black between the stars and galaxies.

Re:I think what's cooler is

By Oswald McWeany • Score: 4, Insightful • Thread

I just google "purple tree" and I'm thinking of how awesome it would be if all the trees were purple. I think that many science fiction writers (movies and books) often don't seem to have as much variation in terms of what could really be out there. It kind of bothers me when everyone looks like humans and every planet looks like earth. Some of them definitely get it better than others, but I think even in the ones that tend to have lots of variety don't really stretch it too far from what we find on earth.

There are two answers why they do this. One is for pulp-sci fi; and the other is for more indepth scifi.

Novelists don't have this excuse- but for pulp Sci Fi on TV it's a lot cheaper to have aliens that can be played by humans with bits of plastic stuck to their faces to form ridges and bumps than it is to have non-humanoid aliens. Also for world sets- if the plants look earthlike, it's a lot cheaper and realistic looking to make a set.

There is another dimension to this though. A lot of the better Science Fiction novels are really critiques on society. By taking an alien futuristic world and changing one or two things you can make a social commentary about OUR society by exaggerating one of it's features. Most (good) science fiction isn't REALLY about other planets- it's about us on our planet; if you change too much and make it too unrecognizable it's harder to make your point.

Re:Silly headline

By PPH • Score: 4, Funny • Thread

Color was invented 15 minutes after the start of The Wizard of Oz.

Re:Silly headline

By MightyYar • Score: 4, Insightful • Thread

It's a Calvin and Hobbes reference, as are the replies.

Nitrogen Is In Liquid Metal Form Inside Earth's Core

Posted by BeauHDView on SlashDotShareable Link
hackingbear writes: A team of scientists from China, the U.S., and U.K. successfully turned nitrogen, the dominant gas in Earth's atmosphere, into a metallic fluid by subjecting it to the extreme pressure and temperature conditions found deep inside the Earth and other planets. Their findings have been published in the journal Nature Communications .

"Our findings could inform the efforts to create forms of energetic nitrogen polymers as well as superconducting, metallic states of a sister diatomic molecule, hydrogen or H2, which could revolutionize the energy sector if reliably synthesized," according to team member Nicholas Holtgrewe. The project was funded by by the (U.S.) National Science Foundation, the (U.S.) Army Research Office, the National Natural Science Foundation of China, the Chinese Academy of Science, the British Council Researcher Links Program, and other sources.
According to EurekAlert, "The researchers found that the temperature at which nitrogen transitions from insulating to metallic decreases as the pressure increases -- starting at about 1,180,000 times normal atmospheric pressure (120 gigapascals) and 2,720 degrees Celsius (3,000 kelvin)." "This means that, theoretically, nitrogen would remain in its diatomic state in the Earth's mantle but would disassociate into a fluid metal in or just above the core, which potentially has implications for our understanding of the planet's deep nitrogen cycle," said team member Sergey Lobanov.

Energetic nitrogen polymers

By Anonymous Coward • Score: 4, Funny • Thread

"Energetic nitrogen polymers" - I'll bet this is going to merit a new entry in "Things I Won’t Work With".

It is unclear...

By DrTJ • Score: 3 • Thread

... whether they actually proved that there is metallic nitrogen within the Earth core. TFA says that the pressure and temperatures there are compatible with the existence of metallic nitrogen, but that isn't the same things as proving that there is metallic nitrogen at the core.

It is also unclear how this could revolutionize the "energy sector". Do they imply that metallic hydrogen at 100+ GPa and 3000K would be a practical means for energy distribution? First, metallic hydrogen has only (controversially) been achieved in a lab with in minute quantities and using a diamond anvil, and second, constructing a container capable of the those kinds of pressures and temperatures is quite difficult and highly impractical to handle, just from a pressure point of view.

The weight of a spherical pressure vessel is proportional to its maximum pressure. So, given a container capable of a specific volume and 100 bars, the corresponding 100 GPa vessel with the same volume would be 10 000 times heavier. A scuba tank capable of that would thus weigh around 200 tonnes.
Then we have valves, tubes, pressure regulators. I wonder what they would look like...

Just because the pressure and temp is right...

By Viol8 • Score: 4, Interesting • Thread

... doesn't mean it'll exist there. Who knows what sort of unusual chemical reactions would occur at those temperatures and pressures with the other elements also swilling around down there. Until someone put a representative mix of elements into a pressure vessel mimicking those conditions we simply have no idea what could be down there. It might even be something chemists and physicists haven't even dreamed of. And as for what is going on in the cores of the gas giants....

Liquid metal?!

By DontBeAMoran • Score: 4, Funny • Thread

Do you want to get a T-1000? Because that's how you get a T-1000.