Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Bug

Army Bug Bounty Researcher Compromises US Defense Department's Internal Network (threatpost.com) 5

Thursday the U.S. Army shared some surprising results from its first bug bounty program -- a three-week trial in which they invite 371 security researchers "trained in figuring out how to break into computer networks they're not supposed to." An anonymous reader quotes Threatpost: The Army said it received more than 400 bug reports, 118 of which were unique and actionable. Participants who found and reported unique bugs that were fixed were paid upwards of $100,000... The Army also shared high-level details on one issue that was uncovered through the bounty by a researcher who discovered that two vulnerabilities on the goarmy.com website could be chained together to access, without authentication, an internal Department of Defense website.

"They got there through an open proxy, meaning the routing wasn't shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system," said a post published on HackerOne, which managed the two bounty programs on its platform. "On its own, neither vulnerability is particularly interesting, but when you pair them together, it's actually very serious."

United States

Is The Tech Industry Driving Families Out of San Francisco? (nytimes.com) 83

Why does San Francisco now have fewer children per capita than any of America's largest 100 cities? An anonymous reader writes: A move to the suburbs began in the 1970s, but "The tech boom now reinforces the notion that San Francisco is a place for the young, single and rich," according to the New York Times. "When we imagine having kids, we think of somewhere else," one software engineer tells the paper. The article describes "neighborhoods where employees of Google, Twitter and so many other technology companies live or work" where the sidewalks make it seem "as if life started at 22 and ended somewhere around 40."

Or is San Francisco just part of a larger trend? "California, which has one of the world's 10 largest economies, recently released data showing the lowest birthrate since the Great Depression. And the Los Angeles Times argues California's experience may just be following national trends. The drop "likely stems from the recession, a drop in teenage pregnancies and an increase in people attending college and taking longer to graduate, therefore putting off having children, said Walter Schwarm, a demographer at the Department of Finance."

So is this part of a larger trend -- or something unique about San Francisco? The New York Times also quotes Richard Florida, author of The Rise of the Creative Class, who believes technology workers are putting off families when they move to the Silicon Valley area because they anticipate long working hours. There's also complaints about San Francisco's public school system -- 30% of its children now attend private schools, the highest percentage of any large American city. But according to the article, Peter Thiel believes that San Francisco is just "structurally hostile to families."
Australia

Humans, Not Climate Change, Wiped Out Australian Megafauna (phys.org) 47

"New evidence involving the ancient poop of some of the huge and astonishing creatures that once roamed Australia indicates the primary cause of their extinction around 45,000 years ago was likely a result of humans, not climate change," reports Phys.org. schwit1 quotes their report on new analysis of a prehistoric sediment core from the Indian Ocean off the coast of Australia. The core contains chronological layers of material blown and washed into the ocean, including dust, pollen, ash and spores from a fungus called Sporormiella that thrived on the dung of plant-eating mammals, said CU Boulder Professor Gifford Miller, who participated in the study... Fungal spores from plant-eating mammal dung were abundant in the sediment core layers from 150,000 years ago to about 45,000 years ago, when they went into a nosedive, said Miller... "The abundance of these spores is good evidence for a lot of large mammals on the southwestern Australian landscape up until about 45,000 years ago," he said. "Then, in a window of time lasting just a few thousand years, the megafauna population collapsed."

The Australian collection of megafauna some 50,000 years ago included 1,000-pound kangaroos, 2-ton wombats, 25-foot-long lizards, 400-pound flightless birds, 300-pound marsupial lions and Volkswagen-sized tortoises. More than 85 percent of Australia's mammals, birds and reptiles weighing over 100 pounds went extinct shortly after the arrival of the first humans, said Miller... "There is no evidence of significant climate change during the time of the megafauna extinction."

The article adds that last year Miller also identified the first direct evidence that humans preyed on Australian megafauna -- burned eggshells from a 400-pound bird.
Crime

Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) 202

An anonymous reader quotes Hot Hardware: Stu Gale, who just so happens to be a computer security expert, had the misfortune of having his laptop stolen from his car overnight. However, Gale did have remote software installed on the device which allowed him to track whenever it came online. So, he was quite delighted to see that a notification popped up on one of his other machines alerting him that his stolen laptop was active. Gale took the opportunity to remote into the laptop, only to find that the not-too-bright thief was using his laptop to login to her Facebook account.

The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.

In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow.

Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."
Open Source

Free Software Foundation Shakes Up Its List of Priority Projects (networkworld.com) 74

alphadogg quotes Network World: The Free Software Foundation Tuesday announced a major rethinking of the software projects that it supports, putting top priority on a free mobile operating system, accessibility, and driver development, among other areas. The foundation has maintained the High Priority Projects list since 2005, when it contained just four free software projects. [That rose to 12 projects by 2008, though the changelog shows at least seven projects have since been removed.] Today's version mostly identifies priority areas, along with a few specific projects in key areas.
The new list shows the FSF will continue financially supporting Replicant, their free version of Android, and they're also still supporting projects to create a free software replacement for Skype with real-time voice and video capabilities. But they're now also prioritizing various projects to replace Siri, Google Now, Alexa, and Cortana with a free-software personal assistant, which they view as "crucial to preserving users' control over their technology and data while still giving them the benefits such software has for many."

And other priorities now include internationalization, accessibility, decentralization and self-hosting, and encouraging governments to adopt free software.
Programming

Knuth Previews New Math Section For 'The Art of Computer Programming' (stanford.edu) 132

In 1962, 24-year-old Donald Knuth began writing The Art of Computer Programming -- and 55 years later, he's still working on it. An anonymous reader quotes Knuth's web site at Stanford: Volume 4B will begin with a special section called 'Mathematical Preliminaries Redux', which extends the 'Mathematical Preliminaries' of Section 1.2 in Volume 1 to things that I didn't know about in the 1960s. Most of this new material deals with probabilities and expectations of random events; there's also an introduction to the theory of martingales.

You can have a sneak preview by looking at the current draft of pre-fascicle 5a (52 pages), last updated 18 January 2017. As usual, rewards will be given to whoever is first to find and report errors or to make valuable suggestions. I'm particularly interested in receiving feedback about the exercises (of which there are 125) and their answers (of which there are 125).

Over the years Knuth gave out over $20,000 in rewards, though most people didn't cash his highly-coveted "hexadecimal checks", and in 2008 Knuth switched to honorary "hexadecimal certificates". In 2014 Knuth complained about the "dumbing down" of computer science history, and his standards remain high. In his most-recent update, 79-year-old Knuth reminds readers that "There's stuff in here that isn't in Wikipedia yet!"
Power

New Wyoming Bill Penalizes Utilities Using Renewable Energy (csmonitor.com) 366

An anonymous reader quotes a Christian Science Monitor report on "a bill that would essentially ban large-scale renewable energy" in Wyoming. The new Wyoming bill would forbid utilities from using solar or wind sources for their electricity by 2019, according to Inside Climate News... The bill would require utilities to use "eligible resources" to meet 95 percent of Wyoming's electricity needs in 2018, and all of its electricity needs in 2019. Those "eligible resources" are defined solely as coal, hydroelectric, natural gas, nuclear, oil, and individual net metering... Utility-scale wind and solar farms are not included in the bill's list of "eligible resources," making it illegal for Wyoming utilities to use them in any way if the legislation passes. The bill calls for a fine of $10 per megawatt-hour of electricity from a renewable source to be slapped on Wyoming utilities that provide power from unapproved sources to in-state customers.
The bill also prohibits utilities from raising rates to cover the cost of those penalties, though utilities wouldn't be penalized if they exported that energy to other states. But one local activist described it as 'talking-point' legislation, and even the bill's sponsor gives it only a 50% chance of passing.
Firefox

The SHA-1 End Times Have Arrived (threatpost.com) 41

"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain." Threatpost reports: Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"...

Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant.
The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and Cloudflare
Open Source

Raspberry Pi Gets Competitors (hackaday.com) 95

Hackaday reports that Asus has "quietly released their Tinker board that follows the Pi form factor very closely, and packs a 1.8 GHz quad-core ARM Cortes A17 alongside an impressive spec At £55 (about $68) where this is being written it's more expensive than the Pi, but Asus go to great lengths to demonstrate that it is significantly faster."

And though the Raspberry Pi foundation upgraded their Compute Module, Pine64 has just unveiled their new SOPINE A64 64-bit computing module, a smaller version of the $15 Pine64 computer. An anonymous reader quotes ComputerWorld: At $29, the SOPINE A64 roughly matches the price of the Raspberry Pi Compute Module 3, which ranges from $25 to $30. The new SOPINE will ship in February, according to the website. The SOPINE A64 can't operate as a standalone computer like the Pine64. It needs to be plugged in as a memory slot inside a computer. But if you want a full-blown computer, Pine64 also sells the $15 SOPINE Baseboard Model-A, which "complements the SOPINE A64 Compute Module and turns it into a full single board computer," according to the company...

The original Pine64 was crowdsourced and also became popular for its high-end components like a 64-bit chip and DDR3 memory... It has 2GB RAM, which is twice that of Raspberry Pi's compute module. SOPINE also has faster DDR3 memory, superior to DDR2 memory in Raspberry Pi Compute Module 3 board.

Security

Pwn2Own 2017 Offers Big Bounties For Linux, Browser, and Apache Exploits (eweek.com) 45

Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March. Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:
  • $100,000 for escaping a virtualization hypervisor
  • $80,000 for a Microsoft Edge or Google Chrome exploit
  • $50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint
  • $50,000 for an Apple Safari exploit
  • $30,000 for a Firefox exploit
  • $30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)
  • $200,000 for an Apache Web Server exploit

Mars

Scientists Enter Hawaii Dome In Eight-Month Mars Space Mission Study (reuters.com) 89

An anonymous reader quotes a report from Reuters: Six scientists have entered a dome perched atop a remote volcano in Hawaii where they will spend the next eight months in isolation to simulate life for astronauts traveling to Mars, the University of Hawaii said. The study is designed to help NASA better understand human behavior and performance during long space missions as the U.S. space agency explores plans for a manned mission to the Red Planet. The crew will perform geological field work and basic daily tasks in the 1,200-square-foot (365 m) dome, located in an abandoned quarry 8,000 feet (2.5 km) above sea level on the Mauna Loa volcano on Hawaii's Big Island. There is little vegetation and the scientists will have no contact with the outside world, said the university, which operates the dome. Communications with a mission control team will be time-delayed to match the 20-minute travel time of radio waves passing between Earth and Mars. "Daily routines include food preparation from only shelf-stable ingredients, exercise, research and fieldwork aligned with NASA's planetary exploration expectations," the university said. The project is intended to create guidelines for future missions to Mars, some 35 million miles (56 million km) away, a long-term goal of the U.S. human space program. The NASA-funded study, known as the Hawaii Space Exploration Analog and Simulation (Hi-SEAS), is the fifth of its kind.
NASA

NASA Is Planning Mission To An Asteroid Worth $10 Quintillion (usatoday.com) 290

New submitter kugo2006 writes: NASA announced a plan to research 16 Psyche, an asteroid potentially as large as Mars and primarily composed of Iron and Nickel. The rock is unique in that it has an exposed core, likely a result of a series of collisions, according to Lindy Elkins-Tanton, Psyche's principal investigator. The mission's spacecraft would launch in 2023 and arrive in 2030. According to Global News, Elkins-Tanton calculates that the iron in 16 Psyche would be worth $10,000 quadrillion ($10 quintillion).
The Almighty Buck

The Mind-Reading Gadget For Dogs That Got Funded, But Didn't Get Built (ieee.org) 62

the_newsbeagle writes: Crowdfunding campaigns that fail to deliver may be all too common, but some flameouts merit examination. Like this brain-scanning gadget for dogs, which promised to translate their barks into human language. It's not quite as goofy as it sounds: The campaigners planned to use standard EEG tech to record the dogs' brainwaves, and said they could correlate those electrical patterns with general states of mind like excitement, hunger, and curiosity. The campaign got a ton of attention in the press and raised twice the money it aimed for. But then the No More Woof team seemed to vanish, leaving backers furious. This article explains what went wrong with the campaign, and what it says about the state of neurotech gadgets for consumers.
Movies

CBS, Paramount Settle Lawsuit Over 'Star Trek' Fan Film (hollywoodreporter.com) 141

An anonymous reader quotes a report from Hollywood Reporter: Stand down from battle stations. Star Trek rights holders CBS and Paramount have seen the logic of settling a copyright suit against Alec Peters, who solicited money on crowdfunding sites and hired professionals to make a YouTube short and a script of a planned feature film focused on a fictional event -- a Starfleet captain's victory in a war with the Klingon Empire -- referenced in the original 1960s Gene Roddenberry television series. Thanks to the settlement, CBS and Paramount won't be going to trial on Stardate 47634.44, known to most as Jan. 31, 2017. According to a joint statement, "Paramount Pictures Corporation, CBS Studios Inc., Axanar Productions, Inc. and Alec Peters are pleased to announce that the litigation regarding Axanar's film Prelude to Axanar and its proposed film Axanar has been resolved. Axanar and Mr. Peters acknowledge that both films were not approved by Paramount or CBS, and that both works crossed boundaries acceptable to CBS and Paramount relating to copyright law." Peters' Axanar video and script, which feature such arguably copyrighted elements as Vulcan ears, the Klingon language and an obscure character from a 1969 episode, sparked a lawsuit in December 2015. The litigation then proceeded at warp speed with the case almost making it to trial in just 13 months, an amazingly brisk pace by typical standards. When Axanar comes out, it will look different. "Axanar and Mr. Peters have agreed to make substantial changes to Axanar to resolve this litigation, and have also assured the copyright holders that any future Star Trek fan films produced by Axanar or Mr. Peters will be in accordance with the 'Guidelines for Fan Films' distributed by CBS and Paramount in June 2016," states the parties' joint announcement of a settlement.
AT&T

Second Time In 9 Months: AT&T Raises Phone Activation Fee $5, Now Charges $25 (arstechnica.com) 64

For the second time in 9 months, ATT is raising its activation and upgrade fee. In April 2016, the fee for non-contract customers was raised from $15 to $20. Today, it has been raised another $5, from $20 to $25, according to PhoneScoop. Ars Technica reports: As the mobile carrier switched from contracts to device payment plans, ATT initially did not charge an activation and upgrade fee for customers who brought their own phone or bought one from ATT on an installment plan. But in July 2015, ATT started charging a $15 activation fee to customers who don't sign two-year contracts. (ATT also raised the activation/upgrade fee for contract customers from $40 to $45 in July 2015.) The $25 fee is charged for new activations or upgrades when customers purchase devices on installment agreements, ATT says. Customers who bring their own phone to the network are charged the $25 fee when they activate a new line of service, but not when they upgrade phones on an existing line. "We are making a minor adjustment to our activation and upgrade fees. The change is effective today," ATT told Ars. ATT also still charges the $45 activation and upgrade fee on two-year contracts, but those contracts are "available only on select devices."
Education

New Senate Bill Would Give US Grads Preference In Receiving H-1B Visas (computerworld.com) 216

dcblogs quotes a report from Computerworld: A new bill in Congress would give foreign students who graduate from U.S. schools priority in getting an H-1B visa. The legislation also "explicitly prohibits" the replacement of American workers by visa holders. This bill, the H-1B and L-1 Visa Reform Act, was announced Thursday by its co-sponsors, U.S. Senators Chuck Grassley (R-Iowa) and Sen. Dick Durbin (D-Ill.), longtime allies on H-1B reform. Grassley is chairman of the Senate Judiciary Committee, which gives this bill an immediate big leg up in the legislative process. This legislation would end the annual random distribution, via a lottery, of H-1B visas, and replace it with a system to give priority to certain types of students. Foreign nationals in the best position to get one of the 85,000 H-1B visas issued annually will have earned an advanced degree from a U.S. school, have a well-paying job offer, and have preferred skills. The specific skills weren't identified, but will likely be STEM-related. "Congress created these programs to complement America's high-skilled workforce, not replace it," said Grassley, in a statement. "Unfortunately, some companies are trying to exploit the programs by cutting American workers for cheaper labor."
AI

Elite Scientists Have Told the Pentagon That AI Won't Threaten Humanity (vice.com) 144

An anonymous reader quotes a report from Motherboard: A new report authored by a group of independent U.S. scientists advising the U.S. Dept. of Defense (DoD) on artificial intelligence (AI) claims that perceived existential threats to humanity posed by the technology, such as drones seen by the public as killer robots, are at best "uninformed." Still, the scientists acknowledge that AI will be integral to most future DoD systems and platforms, but AI that could act like a human "is at most a small part of AI's relevance to the DoD mission." Instead, a key application area of AI for the DoD is in augmenting human performance. Perspectives on Research in Artificial Intelligence and Artificial General Intelligence Relevant to DoD, first reported by Steven Aftergood at the Federation of American Scientists, has been researched and written by scientists belonging to JASON, the historically secretive organization that counsels the U.S. government on scientific matters. Outlining the potential use cases of AI for the DoD, the JASON scientists make sure to point out that the growing public suspicion of AI is "not always based on fact," especially when it comes to military technologies. Highlighting SpaceX boss Elon Musk's opinion that AI "is our biggest existential threat" as an example of this, the report argues that these purported threats "do not align with the most rapidly advancing current research directions of AI as a field, but rather spring from dire predictions about one small area of research within AI, Artificial General Intelligence (AGI)." AGI, as the report describes, is the pursuit of developing machines that are capable of long-term decision making and intent, i.e. thinking and acting like a real human. "On account of this specific goal, AGI has high visibility, disproportionate to its size or present level of success," the researchers say.
Businesses

Apple Sues Qualcomm For Roughly $1 Billion Over Royalties (cnbc.com) 52

An anonymous reader quotes a report from CNBC: Apple is suing Qualcomm for roughly $1 billion, saying Qualcomm has been "charging royalties for technologies they have nothing to do with." The suit follows the U.S. Federal Trade Commission's lawsuit against Qualcomm earlier this week over unfair patent licensing practices. Apple says that Qualcomm has taken "radical steps," including "withholding nearly $1 billion in payments from Apple as retaliation for responding truthfully to law enforcement agencies investigating them." Apple added, "Despite being just one of over a dozen companies who contributed to basic cellular standards, Qualcomm insists on charging Apple at least five times more in payments than all the other cellular patent licensors we have agreements with combined." Apple also alleges that once it began cooperating with Korean authorities' antitrust investigation of Qualcomm, the company withheld $1 billion in retaliation. Korean regulators fined Qualcomm $854 million for unfair trade practices in December.
AT&T

Despite Glitches, AT&T's DirecTV Now Hits 200,000 Subscribers in Its First Month (techcrunch.com) 25

AT&T's new live TV streaming service DirecTV Now has been off to a shaky start in terms of performance, but that hasn't stemmed the flow of sign-ups, AT&T reports. The company said the service added more than 200,000 subscribers in its first month of operations. From a report on TechCrunch: These details were included in an SEC filing for the quarter ending on December 31, 2016. DirecTV Now launched on November 30, 2016. The filing also notes the additions only include paying customers. To be clear, there's no free tier for DirecTV Now, but the company has been offering free trials so customers can kick the tires before committing to a subscription plan. Of course, it's not entirely surprising that DirecTV Now was able to gain so many customers in such a short period of time. On paper, at least, the service sounds compelling.
Democrats

Donald Trump Is Sworn In As the 45th US President (reuters.com) 1453

Donald Trump was sworn in as the 45th president of the United States on Friday, succeeding Barack Obama and taking control of a divided country in a transition of power that he has declared will lead to "America First" policies at home and abroad. Reuters reports: As scattered protests erupted elsewhere in Washington, Trump raised his right hand and put his left on a Bible used by Abraham Lincoln and repeated a 35-word oath of office from the U.S. Constitution, with U.S. Chief Justice John Roberts presiding.

Slashdot Top Deals