Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

IOS

iOS Trojan Targets Hong Kong Protestors 61

Posted by samzenpus
from the protect-ya-neck dept.
First time accepted submitter Kexel writes Security researchers have claimed to discover the first Apple iOS Trojan attack in a move to thwart the communications of pro-democracy Hong Kong activists. From the article: "The malicious software, known as Xsser, is capable of stealing text messages, photos, call logs, passwords and other data from Apple mobile devices, researchers with Lacoon Mobile Security said on Tuesday. They uncovered the spyware while investigating similar malware for Google Inc's Android operating system last week that also targeted Hong Kong protesters. Anonymous attackers spread the Android spyware via WhatsApp, sending malicious links to download the program, according to Lacoon. It is unclear how iOS devices get infected with Xsser, which is not disguised as an app."
Businesses

Ask Slashdot: Multimedia-Based Wiki For Learning and Business Procedures? 97

Posted by samzenpus
from the a-little-help-please dept.
kyle11 writes I'm scratching my head at how to develop a decent wiki for a large organization I work in. We support multiple technologies, across multiple locations, and have ways of doing things that become exponentially convoluted. I give IT training to many of these users for a particular technology, and other people do for other stuff as well. Now, I hate wikis because everyone who did one before failed and gave them a bad name. If it starts wrong, it is doomed to failure and irrelevance.

What I'm looking for would be something like a Wiki with YouTube built in — make a playlist of videos with embedded links for certain job based tasks. And reuse and recycle those videos in other playlists of other tasks as they may be applicable. It would go beyond the actual IT we work with and would include things like, "Welcome to working in this department. Here are 20 videos detailing stupid procedures you need to go through to request access to customers' systems/networks/databases to even think about doing your job." I tried MediaWiki and Xwiki, and maybe I'm doing it wrong, but I can't seem to find a way to tweak them to YouTube-level simplicity for anyone to contribute to without giving up on the thing because its' a pain in the butt.

My only real requirement is that it not be cloud-based because it will contain certain sensitive information and I'd like it all to live on one virtual machine if at all possible. I can't be the only one with this problem of enabling many people to contribute and sort their knowledge without knowing how an HTML tag works, or copying files into something more complicated than a web browser. What approaches have any of you out there taken to trying to solve a similar problem?
Businesses

Ask Slashdot: Software Issue Tracking Transparency - Good Or Bad? 158

Posted by samzenpus
from the to-show-them-or-not-to-show-them dept.
First time accepted submitter Mike Sheen writes I'm the lead developer for an Australian ERP software outfit. For the last 10 years or so we've been using Bugzilla as our issue tracking system. I made this publicly available to the degree than anyone could search and view bugs. Our software is designed to be extensible and as such we have a number of 3rd party developers making customization and integrating with our core product.

We've been pumping out builds and publishing them as "Development Stream (Experimental / Unstable" and "Release Stream (Stable)", and this is visible on our support site to all. We had been also providing a link next to each build with the text showing the number of bugs fixed and the number of enhancements introduced, and the URL would take them to the Bugzilla list of issues for that milestone which were of type bug or enhancement.

This had been appreciated by our support and developer community, as they can readily see what issues are addressed and what new features have been introduced. Prior to us exposing our Bugzilla database publicly we produced a sanitized list of changes — which was time consuming to produce and I decided was unnecessary given we could just expose the "truth" with simple links to the Bugzilla search related to that milestone.

The sales and marketing team didn't like this. Their argument is that competitors use this against us to paint us as producers of buggy software. I argue that transparency is good, and beneficial — and whilst our competitors don't publish such information — but if we were to follow our competitors practices we simply follow them in the race to the bottom in terms of software quality and opaqueness.

In my opinion, transparency of software issues provides:

Identification of which release or build a certain issue is fixed.
Recognition that we are actively developing the software.
Incentive to improve quality controls as our "dirty laundry" is on display.
Information critical to 3rd party developers.
A projection of integrity and honesty.

I've yielded to the sales and marketing demands such that we no longer display the links next to each build for fixes and enhancements, and now publish "Development Stream (Experimental / Unstable" as simply "Development Stream") but I know what is coming next — a request to no longer make our Bugzilla database publicly accessible. I still have the Bugzilla database publicly exposed, but there is now only no longer the "click this link to see what we did in this build".

A compromise may be to make the Bugzilla database only visible to vetted resellers and developers — but I'm resistant to making a closed "exclusive" culture. I value transparency and recognize the benefits. The sales team are insistent that exposing such detail is a bad thing for sales.

I know by posting in a community like Slashdot that I'm going to get a lot of support for my views, but I'm also interested in what people think about the viewpoint that such transparency could be bad thing.
Cellphones

When Everything Works Like Your Cell Phone 173

Posted by Soulskill
from the looking-forward-to-jailbreaking-my-breadmaker dept.
The Atlantic is running an article about how "smart" devices are starting to see everyday use in many people's home. The authors say this will fundamentally change the concept of what it means to own and control your possessions. Using smartphones as an example, they extrapolate this out to a future where many household items are dependent on software. Quoting: These phones come with all kinds of restrictions on their possible physical capabilities. You may not take them apart. Depending on the plan, not all software can be downloaded onto them, not every device can be tethered to them, and not every cell phone network can be tapped. "Owning" a phone is much more complex than owning a plunger. And if the big tech players building the wearable future, the Internet of things, self-driving cars, and anything else that links physical stuff to the network get their way, our relationship to ownership is about to undergo a wild transformation. They also suggest that planned obsolescence will become much more common. For example, take watches: a quality dumbwatch can last decades, but a smartwatch will be obsolete in a few years.
ISS

Expedition 42 ISS Crew Embraces Douglas Adams 39

Posted by Soulskill
from the then,-after-a-second-or-so,-nothing-continued-to-happen dept.
SchrodingerZ writes: In November of this year, the 42nd Expedition to the International Space Station will launch, and the crew has decided to embrace their infamous number. NASA has released an image of the crew mimicking the movie poster for The Hitchhikers Guide to the Galaxy, a film released in 2005, based on a book with the same name by Douglas Adams. Commander Butch Wilmore stands in the center as protagonist Arthur Dent, flight engineer Elena Serova as hitchhiker Ford Prefect, flight engineer Alexander Samokutyayev as antagonist Humma Kavula, astronaut Samantha Cristoforetti as Trillian, and flight engineers Terry Virts and Anton Shkaplerov as two-headed galactic president Zaphod Beeblebrox. The robotic "Robonaut 2" also stands in the picture as Marvin the depressed android. Cristoforetti, ecstatic to be part of this mission stated, "Enjoy, don't panic and always know where your towel is!" Wilmore, Serova and Samokutyayev blasted off September 25th for Expedition 41, the rest of Expedition 42 will launch November 23rd.
Earth

Study Links Pacific Coastal Warming To Changing Winds 207

Posted by Soulskill
from the any-way-the-wind-blows dept.
tranquilidad writes: In a paper published by the Proceedings of the National Academy of Sciences, two authors ascribe the majority of northeast pacific coastal warming to natural atmospheric circulation and not to anthropogenic forcing. In AP's reporting, Ken Caldeira, an atmospheric scientist with the Carnegie Institution for Science, says the paper's authors, "...have not established the causes of these atmospheric pressure variations. Thus, claims that the observed temperature increases are due primarily to 'natural' processes are suspect and premature, at best." The paper's authors, on the other hand, state, "...clearly, there are other factors stronger than the greenhouse forcing that is affecting...temperatures," and that there is a "surprising degree to which the winds can explain all the wiggles in the temperature curve."
Education

How Our Botched Understanding of "Science" Ruins Everything 794

Posted by samzenpus
from the you-keep-using-that-word-I-do-not-think-it-means-what-you-think-it-means dept.
An anonymous reader writes "Pascal-Emmanuel Gobry writes at The Week, "If you ask most people what science is, they will give you an answer that looks a lot like Aristotelian 'science' — i.e., the exact opposite of what modern science actually is. Capital-S Science is the pursuit of capital-T Truth. And science is something that cannot possibly be understood by mere mortals. It delivers wonders. It has high priests. It has an ideology that must be obeyed. This leads us astray. ... Countless academic disciplines have been wrecked by professors' urges to look 'more scientific' by, like a cargo cult, adopting the externals of Baconian science (math, impenetrable jargon, peer-reviewed journals) without the substance and hoping it will produce better knowledge. ... This is how you get people asserting that 'science' commands this or that public policy decision, even though with very few exceptions, almost none of the policy options we as a polity have have been tested through experiment (or can be). People think that a study that uses statistical wizardry to show correlations between two things is 'scientific' because it uses high school math and was done by someone in a university building, except that, correctly speaking, it is not. ... This is how you get the phenomenon ... thinking science has made God irrelevant, even though, by definition, religion concerns the ultimate causes of things and, again, by definition, science cannot tell you about them. ... It also means that for all our bleating about 'science' we live in an astonishingly unscientific and anti-scientific society. We have plenty of anti-science people, but most of our 'pro-science' people are really pro-magic (and therefore anti-science). "
China

Why a Chinese Company Is the Biggest IPO Ever In the US 191

Posted by timothy
from the visible-from-space dept.
An anonymous reader writes The Chinese e-commerce giant Alibaba has made headlines lately in US financial news. At the closing of its Initial Public Offering (IPO) on Friday, it had raised $21.8 billion on the New York Stock Exchange, larger even than Visa's ($17.9 billion), Facebook's ($16 billion), and General Motors ($15.8 billion) IPOs. Some critics do say that Alibaba's share price will plummet from its current value of $93.60 in the same way that Facebook's and Twitter's plummeted dramatically after initial offerings. Before we speculate, however, we should take note of what Alibaba is exactly. Beyond the likes of Amazon and eBay, Alibaba apparently links average consumers directly to manufacturers, which is handy for an economy ripe for change. Approximately half of Alibaba's shares "were sold to 25 investment firms", and "most of the shares went to US investors."
Security

eBay Redirect Attack Puts Buyers' Credentials At Risk 37

Posted by samzenpus
from the steal-it-now dept.
mrspoonsi points out this BBC story about an eBay breach that was directing users to a spoof site. "eBay has been compromised so that people who clicked on some of its links were automatically diverted to a site designed to steal their credentials. The spoof site had been set up to look like the online marketplace's welcome page. The firm was alerted to the hack on Wednesday night but removed the listings only after a follow-up call from the BBC more than 12 hours later. One security expert said he was surprised by the length of time taken. 'EBay is a large company and it should have a 24/7 response team to deal with this — and this case is unambiguously bad,' said Dr Steven Murdoch from University College London's Information Security Research Group. The security researcher was able to analyze the listing involved before eBay removed it. He said that the technique used was known as a cross-site scripting (XSS) attack."
Open Source

New Release of MINIX 3 For x86 and ARM Is NetBSD Compatible 93

Posted by timothy
from the big-and-fancy dept.
An anonymous reader writes MINIX 3 is a small POSIX-compliant operating system aimed at high reliability (embedded) applications. A major new version of MINIX 3 (3.3.0) is now available for download at www.minix3.org. In addition to the x86, the ARM Cortex A8 is now supported, with ports to the BeagleBoard and BeagleBones available. Finally, the entire userland has been redone in 3.3.0 to make it NetBSD compatible, with thousands of NetBSD packages available out of the box. MINIX 3 is based on a tiny (13 KLoC) microkernel with the operating system running as a set of protected user-mode processes. Each device driver is also a separate process. If a driver fails, it is automatically and transparently restarted without rebooting and without applications even noticing, making the system self-healing. The full announcement, with links to the release notes and notes on installation, can be found at the Minix Google Groups page.
Security

Malware Distributed Through Twitch Chat Is Hijacking Steam Accounts 53

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes If you use Twitch don't click on any suspicious links in the video streaming platform's chat feature. Twitch Support's official Twitter account issued a security warning telling users not to click the "csgoprize" link in chat. According to f-secure, the link leads to a Java program that asks for your name and email. If you provide the info it will install a file on your computer that's able to take out any money you have in your Steam wallet, as well as sell or trade items in your inventory. "This malware, which we call Eskimo, is able to wipe your Steam wallet, armory, and inventory dry," says F-Secure. "It even dumps your items for a discount in the Steam Community Market. Previous variants were selling items with a 12 percent discount, but a recent sample showed that they changed it to 35 percent discount. Perhaps to be able to sell the items faster."
Google

German Court: Google Must Stop Ignoring Customer E-mails 290

Posted by samzenpus
from the I-won't-be-ignored dept.
jfruh writes If you send an email to support-de@google.com, Google's German support address, you'll receive an automatic reply informing you that Google will not respond to or even read your message, due to the large number of emails received at that address. Now a German court has ruled (PDF) that this is an unacceptable response, based on a German law saying that companies must provide a means for customers to communicate with them. Update: 09/12 15:47 GMT by S : Updated to fix the links.
Censorship

MetaFilter Founder Says Vacation Firm Forged Court Docs To Scotch Review 116

Posted by timothy
from the but-such-a-nice-film-festival dept.
IonOtter (629215) writes Matt Haughey, founder of MetaFilter, has challenged a Cease & Desist letter from Sundance Vacations, a seller of time-shares with a reputation for aggressive sales tactics and suppression of criticism. Only this time, it seems that the plaintiff may have forged court documents ordering Mr. Haughey, Facebook, Google, Yahoo, Bing and other search engines to remove any and all mentions of the links and posts in question. Legal blog Popehat has picked this up as well, prompting Ken White to wryly note, "...Sundance Vacations is about to learn about the Streisand Effect." The story is gaining traction, and being picked up by Boing-Boing, as well as hitting the first page of search results on Google.
Graphics

Ask Slashdot: the State of Free Video Editing Tools? 163

Posted by timothy
from the what-are-you-happy-with? dept.
New submitter Shadow99_1 writes I used to do a lot of video editing (a few years ago, at an earlier job) and at that time I used Adobe Premiere. Now a few years later I'm looking to start doing some video editing for my own personal use, but I have a limited budget that pretty well excludes even thinking about buying a copy of Adobe Premiere. So I ask slashdot: What is the state of free (as in beer or as in open source) video editing tools? In my case... I support a windows environment at work and so it's primarily what I use at home. I am also using a camcorder that uses flash cards to record onto, so for me I need a platform that supports reading flash cards. So that is my focus but feel free to discuss video editing on all platforms. I've been looking forward to the Kickstarted upgrade to OpenShot; based on the project's latest update, early versions of an installer should start appearing soon. Video editing is a big endeavor, though, and ambitious announcements and slipped schedules both seem to be the norm: an open-source version of Lightworks was announced back in 2010. Some lighter open-source options include Pitivi (raising funds to get to version 1.0) and Kdenlive, also in active development (most recent release was in mid-May). Pitiviti's site links to a sobering illustration about many of the shorter- and longer-lived projects in this area.
Businesses

Uber Has a Playbook For Sabotaging Lyft, Says Report 182

Posted by timothy
from the ethics-schmethics dept.
Nerval's Lobster (2598977) writes The folks over at The Verge claim that "Uber is arming teams of independent contractors with burner phones and credit cards as part of its sophisticated effort to undermine Lyft and other competitors." Interviews and documents apparently show Uber reps ordering and canceling Lyft rides by the thousands, following a playbook with advice designed to prevent Lyft from flagging their accounts. 'Uber appears to be replicating its program across the country. One email obtained by The Verge links to an online form for requesting burner phones, credit cards, and driver kits — everything an Uber driver needs to get started, which recruiters often carry with them.' Is this an example of legal-but-hard-hitting business tactics, or is Uber overstepping its bounds? The so-called sharing economy seems just as cutthroat — if not more so — than any other industry out there.
Facebook

Facebook Cleans Up News Feed By Reducing Click-Bait Headlines 61

Posted by samzenpus
from the 20-shocking-reasons-this-won't-work dept.
An anonymous reader writes "Facebook today announced further plans to clean up the News Feed by reducing stories with click-bait headlines as well as stories that have links shared in the captions of photos or within status updates. The move comes just four months after the social network reduced Like-baiting posts, repeated content, and spammy links."
Censorship

Put A Red Cross PSA In Front Of the ISIS Beheading Video 300

Posted by samzenpus
from the for-the-greater-good dept.
Bennett Haselton writes After footage of James Foley's beheading by ISIS terrorists was posted online on Tuesday, Twitter and Youtube elected to remove any footage or links to the footage posted by users. Obviously this reduces the incentive for terrorist groups to post such content, by shrinking their audience, but it also reduces the public's access to information. Would it be ethical to make the content available, if it was preceded by an advertisement for a cause that runs counter to everything ISIS stands for? Read below to see what Bennett has to say.
Facebook

Facebook Experimenting With Blu-ray As a Storage Medium 193

Posted by timothy
from the what-do-you-trust-with-your-selfies dept.
s122604 links to CNN's explanation of what may be the future of cold (or at least lukewarm) storage at Facebook, which is experimenting with massive arrays of Blu-Ray discs for seldom-accessed user files. Says the report: The discs are held in groups of 12 in locked cartridges and are extracted by a robotic arm whenever they're needed. One rack contains 10,000 discs, and is capable of storing a petabyte of data, or one million gigabytes. Blu-ray discs offer a number of advantages versus hard drives. For one thing, the discs are more resilient: they're water- and dust-resistant, and better able to withstand temperature swings. Their data can be restored more quickly, and they're easier to transport. Most important, though, is cost. Because the Blu-ray system doesn't need to be powered when the discs aren't in use, it uses 80% less power than the hard-drive arrangement, cutting overall costs in half.
Transportation

It's Easy To Hack Traffic Lights 144

Posted by Soulskill
from the looking-forward-to-the-mobile-app dept.
An anonymous reader notes coverage of research from the University of Michigan into the ease with which attackers can hack traffic lights. From the article: As is typical in large urban areas, the traffic lights in the subject city are networked in a tree-type topology, allowing them to pass information to and receive instruction from a central management point. The network is IP-based, with all the nodes (intersections and management computers) on a single subnet. In order to save on installation costs and increase flexibility, the traffic light system uses wireless radios rather than dedicated physical networking links for its communication infrastructure—and that’s the hole the research team exploited. ... The 5.8GHz network has no password and uses no encryption; with a proper radio in hand, joining is trivial. ... The research team quickly discovered that the debug port was open on the live controllers and could directly "read and write arbitrary memory locations, kill tasks, and even reboot the device (PDF)." Debug access to the system also let the researchers look at how the controller communicates to its attached devices—the traffic lights and intersection cameras. They quickly discovered that the control system’s communication was totally non-obfuscated and easy to understand—and easy to subvert.
Open Source

At Home with Tim O'Reilly (Videos 5 and 6 of 6) 6

Posted by Roblimo
from the original-members-of-the-open-source-movement dept.
Today's videos are parts five and six of our casual interview with Tim O'Reilly, founder of O'Reilly Media and one of the most influential open source boosters around. (You supplied the questions. He supplied the answers.) We had a lot more to say about Tim Tuesday when we ran parts one and two of our video interview with him. Yesterday we ran parts three and four. (Today's alternate Video Links: Video 5 ~ Video 6.)

"It is better to have tried and failed than to have failed to try, but the result's the same." - Mike Dennison

Working...