DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Crime

Debian Developer Imprisoned In Russia Over Alleged Role In Riots (itwire.com) 67

An anonymous reader writes: "Dmitry Bogatov, Debian developer and Tor node admin, is still being held in a Moscow jail," tweeted the EFF Saturday. IT Wire reports that the 25-year-old math teacher was arrested earlier this month "on suspicion of organizing riots," and is expected to be held in custody until June 8. "The panel investigating the protests claims Bogatov posted several incitory messages on the sysadmin.ru forum; for example, one claim said he was asking people to bring 'bottles, fabric, gasoline, turpentine, foam plastic' to Red Square, according to a post at Hacker News. The messages were sent in the name of one Airat Bashirov and happened to be transmitted through the Tor node that Bogatov was running. The Hacker News post said Bogatov's lawyer had produced surveillance video footage to show that he was elsewhere at the time when the messages were posted.
"After Dmitry's arrest," reports the Free Bogatov site, "Airat Bashirov continue to post messages. News outlets 'Open Russia' and 'Mediazona' even got a chance to speak with him."

Earlier this month the Debian GNU/Linux project also posted a message of support, noting Dmitry maintains several packages for command line and system tools, and saying their group "honours his good work and strong dedication to Debian and Free Software... we hope he is back as soon as possible to his endeavours... In the meantime, the Debian Project has taken measures to secure its systems by removing Dmitry's keys in the case that they are compromised."
Data Storage

Developer Shares A Recoverable Container Format That's File System Agnostic (github.com) 97

Long-time Slashdot reader MarcoPon writes: I created a thing: SeqBox. It's an archive/container format (and corresponding suite of tools) with some interesting and unique features. Basically an SBX file is composed of a series of sector-sized blocks with a small header with a recognizable signature, integrity check, info about the file they belong to, and a sequence number. The results of this encoding is the ability to recover an SBX container even if the file system is corrupted, completely lost or just unknown, no matter how much the file is fragmented.
Government

Airbnb Gives In To Regulator's Demand To Test For Racial Discrimination By Hosts (theguardian.com) 220

As part of an agreement with California regulators, Airbnb will allow the government to test for racial discrimination by hosts. The Guardian reports: The California Department of Fair Employment and Housing (DFEH) announced Thursday that it had resolved a complaint it filed against Airbnb with an agreement that forces the company to permit the state to conduct "fair housing testing" of certain hosts. That means that for the first time the San Francisco-based company is giving a regulatory body permission to conduct the kind of racial discrimination audits that officials have long used to enforce fair housing laws against traditional landlords. The DFEH's original complaint -- which had not previously been disclosed -- was based on research and a growing number of reports suggesting that hosts regularly refuse to rent to guests due to their race, a problem exposed last year under the hashtag #AirbnbWhileBlack.
Transportation

Apple, Tesla Ask California To Change Its Proposed Policies On Self-Driving Car Testing (reuters.com) 29

Tesla and Apple have asked the state of California to change its proposed policies on self-driving cars to allow companies to test vehicles without traditional steering wheels and controls or human back-up drivers, among other things. Reuters reports: In a letter made public Friday, Apple made a series of suggested changes to the policy that is under development and said it looks forward to working with California and others "so that rapid technology development may be realized while ensuring the safety of the traveling public." Waymo, the self-driving car unit of Google parent company Alphabet Inc, Ford Motor Co, Uber Technologies Inc, Toyota Motor Corp, Tesla Motors Inc and others also filed comments suggesting changes. Apple said California should revise how companies report self-driving system "disengagements." California currently requires companies to report how many times the self-driving system was deactivated and control handed back to humans because of a system failure or a traffic, weather or road situation that required human intervention. Apple said California's rules for development vehicles used only in testing could "restrict both the design and equipment that can be used in test vehicles." Tesla said California should not bar testing of autonomous vehicles that are 10,000 pounds (4,535 kg) or more. Tesla also said California should not prohibit the sale of non-self-driving vehicles previously used for autonomous vehicle testing.
Privacy

WikiLeaks Reveals the 'Snowden Stopper': CIA Tool To Track Whistleblowers (zerohedge.com) 89

schwit1 quotes a report from Zero Hedge: As the latest installment of it's "Vault 7" series, WikiLeaks has just dropped a user manual describing a CIA project known as "Scribbles" (a.k.a. the "Snowden Stopper"), a piece of software purportedly designed to allow the embedding of "web beacon" tags into documents "likely to be stolen." The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon's creator without being detected. Per WikiLeaks' press release. But, the "Scribbles" user guide notes there is just one small problem with the program: it only works with Microsoft Office products. So, if end users use other programs such as OpenOffice of LibreOffice then the CIA's watermarks become visible to the end user and their cover is blown.
AI

Amazon's Alexa Can Now Whisper, Bleep Out Swear Words, and Change Its Pitch (theverge.com) 34

An anonymous reader quotes a report from The Verge: Amazon is trying to make its Alexa voice assistant sound more humanlike. Up until now, the female-sounding voice maintained an even, monotone cadence whenever speaking, but with Amazon's new Speech Synthesis Markup Language that the company introduced this week, Alexa can whisper, vary its speaking speed, and bleep out words. Developers can also add pauses, change the pronunciation of a word, spell a word out, add audio snippets, and insert special words and phrases into their skill. The Verge notes that "the language markups are [only] available to developers in the U.S., U.K. and Germany." Amazon will also be hosting a webinar on May 18th on the new code.
The Almighty Buck

Slashdot Asks: Should an Employee Be Fired For Working On Personal Side Projects During Office Hours? (quora.com) 386

An anonymous reader writes: I found this article that talks about whether an engineer should be fired if s/he is working on a side project. Several people who have commented in the thread say that the employer should first talk to the person and understand why they are working on personal projects during the office hours. One reason, as many suggested, could be that the employee might not have been fairly compensated despite being exceptionally good at the job. In which case, the problem resides somewhere in the management who has failed to live up to the expectations. What do you folks think? Let's not just focus on engineers, per se. It could be an IT guy (who might have a lot of free time in hand), or a programmer.
Businesses

Should Banks Let Ancient Programming Language COBOL Die? (thenextweb.com) 371

COBOL is a programming language invented by Hopper from 1959 to 1961, and while it is several decades old, it's still largely used by the financial sector, major corporations and part of the federal government. Mar Masson Maack from The Next Web interviews Daniel Doderlein, CEO of Auka, who explains why banks don't have to actively kill COBOL and how they can modernize and "minimize the new platforms' connections to the old systems so that COBOL can be switched out in a safe and cheap manner." From the report: According to [Doderlein], COBOL-based systems still function properly but they're faced with a more human problem: "This extremely critical part of the economic infrastructure of the planet is run on a very old piece of technology -- which in itself is fine -- if it weren't for the fact that the people servicing that technology are a dying race." And Doderlein literally means dying. Despite the fact that three trillion dollars run through COBOL systems every single day they are mostly maintained by retired programming veterans. There are almost no new COBOL programmers available so as retirees start passing away, then so does the maintenance for software written in the ancient programming language. Doderlein says that banks have three options when it comes to deciding how to deal with this emerging crisis. First off, they can simply ignore the problem and hope for the best. Software written in COBOL is still good for some functions, but ignoring the problem won't fix how impractical it is for making new consumer-centric products. Option number two is replacing everything, creating completely new core banking platforms written in more recent programming languages. The downside is that it can cost hundreds of millions and it's highly risky changing the entire system all at once. The third option, however, is the cheapest and probably easiest. Instead of trying to completely revamp the entire system, Doderlein suggests that banks take a closer look at the current consumer problems. Basically, Doderlein suggests making light-weight add-ons in more current programming languages that only rely on COBOL for the core feature of the old systems.
Privacy

'World's Most Secure' Email Service Is Easily Hackable (vice.com) 77

Nomx, a startup that offers an email client by the same name, bills itself as the maker of the "world's most secure email service." The startup goes on to suggest that "everything else is insecure." So it was only a matter of time before someone decided to spend some time on assessing how valid Nomx's claims are. Very misleading, it turns out. From a report on Motherboard: Nomx sells a $199 device that essentially helps you set up your own email server in an attempt to keep your emails away from mail exchange (or MX) -- hence the brand name -- servers, which the company claims to be inherently "vulnerable." Security researcher Scott Helme took apart the device and tried to figure out how it really works. According to his detailed blog post, what he found is that the box is actually just a Raspberry Pi with outdated software on it, and several bugs. So many, in fact, that Helme wrote Nomx's "code is riddled with bad examples of how to do things." The worst issue, Helme explained, is that the Nomx's web application had a vulnerability that allowed anyone to take full control of the device remotely just by tricking someone to visit a malicious website. "I could read emails, send emails, and delete emails. I could even create my own email address," Helme told Motherboard in an online chat. A report on BBC adds: Nomx said the threat posed by the attack detailed by Mr Helme was "non-existent for our users." Following weeks of correspondence with Mr Helme and the BBC Click Team, he said the firm no longer shipped versions that used the Raspberry Pi. Instead, he said, future devices would be built around different chips that would also be able to encrypt messages as they travelled. "The large cloud providers and email providers, like AOL, Yahoo, Gmail, Hotmail - they've already been proven that they are under attack millions of times daily," he said. "Why we invented Nomx was for the security of keeping your data off those large cloud providers. To date, no Nomx accounts have been compromised."
Security

Hackers Exploited Word Flaw For Months While Microsoft Investigated (reuters.com) 46

An anonymous reader writes: To understand why it is so difficult to defend computers from even moderately capable hackers, consider the case of the security flaw officially known as CVE-2017-0199. The bug was unusually dangerous but of a common genre: it was in Microsoft software, could allow a hacker to seize control of a personal computer with little trace, and was fixed April 11 in Microsoft's regular monthly security update. But it had traveled a rocky, nine-month journey from discovery to resolution, which cyber security experts say is an unusually long time. Google's security researchers, for example, give vendors just 90 days' warning before publishing flaws they find. Microsoft declined to say how long it usually takes to patch a flaw. While Microsoft investigated, hackers found the flaw and manipulated the software to spy on unknown Russian speakers, possibly in Ukraine. And a group of thieves used it to bolster their efforts to steal from millions of online bank accounts in Australia and other countries.
The Almighty Buck

Computer Program Prevents 116-Year-Old Woman From Getting Pension (theguardian.com) 214

Bruce66423 quotes a report from The Guardian: Born at the turn of the past century, Maria Felix is old enough to remember the Mexican Revolution -- but too old to get the bank card needed to collect her monthly 1,200 pesos ($63) welfare payment. Felix turns 117 in July, according to her birth certificate, which local authorities recognize as authentic. She went three months without state support for poor elderly Mexicans after she was turned away from a branch of Citibanamex in the city of Guadalajara for being too old, said Miguel Castro, development secretary for the state of Jalisco. Welfare beneficiaries now need individual bank accounts because of new transparency rules, Castro said. "They told me the limit was 110 years," Felix said with a smile in the plant-filled courtyard of her small house in Guadalajara. In an emailed statement, Citibanamex, a unit of Citigroup Inc, said Felix's age exceeded the "calibration limits" of its system and it was working to get her the bank card as soon as possible. It said it was adjusting its systems to avoid a repeat of the situation.
Businesses

LinkedIn Testing 1970's-Style No-CS-Degree-Required Software Apprenticeships (mercurynews.com) 198

theodp writes: The Mercury News reports on REACH, a new software apprenticeship program that LinkedIn's engineering team started piloting this month, which offers people without Computer Science degrees an opportunity to get a foot in the door, as Microsoft-owned LinkedIn searches for ways to help diversify its workforce. For now, the 29 REACH participants are paid, but are only short-term LinkedIn employees (for the duration of the 6-month program). LinkedIn indicated it hopes to learn if tech internships could eventually be made part of the regular hiring process, perhaps unaware that no-CS-degree-required hiring for entry-level permanent positions in software development was standard practice in the 70's and 80's, back when women made up almost 40% of those working as programmers and in software-related fields, nearly double the percentage of women in LinkedIn's global 2016 tech workforce. Hey, even in tech hiring, everything old is new again!
Security

Hacking Group Is Charging German Companies $275 For 'DDoS Tests' (bleepingcomputer.com) 29

An anonymous reader writes: "A group calling itself XMR Squad has spent all last week launching DDoS attacks against German businesses and then contacting the same companies to inform them they had to pay $275 for 'testing their DDoS protection systems,' reports Bleeping Computer. Attacks were reported against DHL, Hermes, AldiTalk, Freenet, Snipes.com, the State Bureau of Investigation Lower Saxony, and the website of the state of North Rhine-Westphalia. The attack against DHL Germany was particularly effective as it shut down the company's business customer portal and all APIs, prompting eBay Germany to issue an alert regarding possible issues with packages sent via DHL. While the group advertised on Twitter that their location was in Russia, a German reporter who spoke with the group via telephone said "the caller had a slight accent, but spoke perfect German." Following the attention they got in Germany after the attacks, the group had its website and Twitter account taken down. Many mocked the group for failing to extract any payments from their targets. DDoS extortionists have been particularly active in Germany, among any other countries. Previously, groups named Stealth Ravens and Kadyrovtsy have also extorted German companies, using the same tactics perfected by groups like DD4BC and Armada Collective.
Software

Ask Slashdot: Are Accurate Software Development Time Predictions a Myth? (medium.com) 220

New submitter DuroSoft writes: For myself and the vast majority of people I have talked to, this is the case. Any attempts we make to estimate the amount of time software development tasks will take inevitably end in folly. Do you find you can make accurate estimates, or is it really the case, as the author, DuroSoft Technologies' CTO/Co-CEO Sam Johnson, suggests via Hacker Noon, that "writing and maintaining code can be seen as a fundamentally chaotic activity, subject to sudden, unpredictable gotchas that take up an inordinate amount of time" and that therefore attempting to make predictions in the first place is itself a waste of our valuable time?
Bug

GE Fixing Bug in Software After Warning About Power Grid Hacks (reuters.com) 38

General Electric said on Wednesday it is fixing a bug in software used to control the flow of electricity in a utility's power systems after researchers found that hackers could shut down parts of an electric grid. From a report: The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to "disconnect sectors of the power grid at will," according to an abstract posted late last week on the Black Hat security conference website. Protection relays are circuit breakers that utilities program to open and halt power transmission when dangerous conditions surface.
Windows

Windows is Bloated, Thanks to Adobe's Extensible Metadata Platform (bit.ly) 134

An anonymous reader shares a report: Over the weekend, I put together a little tool that scans executable files for PNG images containing useless Adobe Extensible Metadata Platform (XMP) metadata. I ran it against a vanilla Windows 10 image and was surprised that Windows contains a lot of this stuff. Adobe XMP, generally speaking, is an Adobe technology that serializes metadata like titles, internal identifiers, GPS coordinates, and color information into XML and jams it into things, like images. This data can be extremely valuable in some cases but Windows doesn't need or use this stuff. It just eats up disk space and CPU cycles. Thanks to horrible Adobe Photoshop defaults, it's very easy to unknowingly include this metadata in your final image assets. So easy, almost all the images on this site are chock full of it. But you can appreciate my surprise when a bunch of important Windows binaries showed up in my tool.
The Almighty Buck

Suicide of an Uber Engineer: Widow Blames Job Stress (sfchronicle.com) 286

An anonymous reader shares a report: Joseph Thomas thought he had it made when he landed a $170,000 job as a software engineer at Uber's San Francisco headquarters last year. [...] But his time at Uber turned into a personal tragedy, one that will compel the ride-hailing company to answer questions before a judge about its aggressive work culture. Always adept with computers, Joseph Thomas worked his way up the ladder at tech jobs in his native Atlanta, then at LinkedIn in Mountain View, where he was a senior site reliability engineer. He turned down an offer from Apple to go to Uber, because he felt he could grow more with the younger company and was excited about the chance to profit from stock options when it went public. But at Uber, Thomas struggled in a way he'd never experienced in over a decade in technology. He worked long hours. He told his father and his wife that he felt immense pressure and stress at work, and was scared he'd lose his job. [...] One day in late August, Zecole (the wife) came home from dropping their boys off at school. Joseph was sitting in his car in the garage. She got into the passenger seat to talk to him. Then she saw the blood. Joseph had shot himself. [...] Uber declined to comment on the legal dispute and said Thomas never complained to the company of extreme stress or racial discrimination.
Databases

Five Years Later, Legal Megaupload Data Is Still Trapped On Dead Servers (arstechnica.com) 82

An anonymous reader quotes a report from Ars Technica: It's been more than five years since the government accused Megaupload and its founder Kim Dotcom of criminal copyright infringement. While Dotcom himself was arrested in New Zealand, U.S. government agents executed search warrants and grabbed a group of more than 1,000 servers owned by Carpathia Hosting. That meant that a lot of users with gigabytes of perfectly legal content lost access to it. Two months after the Dotcom raid and arrest, the Electronic Frontier Foundation filed a motion in court asking to get back data belonging to one of those users, Kyle Goodwin, whom the EFF took on as a client. Years have passed. The U.S. criminal prosecution of Dotcom and other Megaupload executives is on hold while New Zealand continues with years of extradition hearings. Meanwhile, Carpathia's servers were powered down and are kept in storage by QTS Realty Trust, which acquired Carpathia in 2015. Now the EFF has taken the extraordinary step of asking an appeals court to step in and effectively force the hand of the district court judge. Yesterday, Goodwin's lawyers filed a petition for a writ of mandamus (PDF) with the U.S. Court of Appeals for the 4th Circuit, which oversees Virginia federal courts. "We've been asking the court for help since 2012," said EFF attorney Mitch Stolz in a statement about the petition. "It's deeply unfair for him to still be in limbo after all this time."
The Internet

US ISP Goes Down As Two Malware Families Go To War Over Its Modems (bleepingcomputer.com) 93

An anonymous reader writes from a report via Bleeping Computer: Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month, on April 10. The attack, which the company claimed was a "malicious hacking event," was the work of BrickerBot, an IoT malware family that bricks unsecured IoT and networking devices. "BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told Bleeping Computer in an email, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity." The crook, going by Janit0r, tried to pin some of the blame on Mirai, but all the clues point to BrickerBot, as Sierra Tel had to replace bricked modems altogether, or ask customers to bring in their modems at their offices to have them reset and reinstalled. Mirai brought down over 900,000 Deutsche Telekom modems last year, but that outage was fixed within hours with a firmware update. All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.
Facebook

Facebook Shows Related Articles and Fact Checkers Before You Open Links (techcrunch.com) 117

An anonymous reader quotes a report from TechCrunch: Facebook wants you to think about whether a headline is true and see other perspectives on the topic before you even read the article. In its next step against fake news, Facebook today begins testing a different version of its Related Articles widget that normally appears when you return to the News Feed after opening a link. Now Facebook will also show Related Articles including third-party fact checkers before you read an article about a topic that many people are discussing. If you saw a link saying "Chocolate cures cancer!" from a little-known blog, the Related Article box might appear before you click to show links from the New York Times or a medical journal noting that while chocolate has antioxidants that can lower your risk for cancer, it's not a cure. If an outside fact checker like Snopes had debunked the original post, that could appear in Related Articles too. Facebook says this is just a test, so it won't necessarily roll out to everyone unless it proves useful. It notes that Facebook Pages should not see a significant change in the reach of their News Feed posts. There will be no ads surfaced in Related Articles.

Slashdot Top Deals