N e w s - F e e d s

[ Reuters | Slashdot | BBC News ]
[ Image Archive ]

Slashdot

    - 357 Amazon Employees Launch Mass Defiance of the Company's Communications Policy
    357 Amazon employees have now "violated the e-commerce giant's communications policy Sunday in an unprecedented public display of support for colleagues who were warned that they could be fired for speaking out to criticize the company's climate practices," reports the Washington Post: Amazon Employees for Climate Justice, a group of workers concerned about the company's business with the oil and gas industry as well as its carbon footprint, published quotes from the workers in a post on Medium. The comments, all of which are attributed to Amazon workers by name, are a mass defiance of company rules that bar workers from commenting publicly on its business without corporate justification and approval from executives... "Solidarity to the workers facing retaliation for standing up!" wrote Charlie LaBarge, a software engineer... Amazon encourages workers to advocate for causes they believe in but wants them to pursue those convictions when related to the company's business internally, spokesman Drew Herdener said in a statement. Workers can submit questions to executives during all-hands meetings, and they can join internal interest groups, such as ones that focus on sustainability. Employees can also attend lunch sessions with Amazon leaders to discuss the issues, as long as they are willing to keep matters raised in those sessions confidential. "While all employees are welcome to engage constructively with any of the many teams inside Amazon that work on sustainability and other topics, we do enforce our external communications policy and will not allow employees to publicly disparage or misrepresent the company or the hard work of their colleagues who are developing solutions to these hard problems," Herdener said. Ironically, the Washington Post...is owned by Amazon.

    Read more of this story at Slashdot.



    - 20 US States Want to Stop the Posting of Blueprints For 3D-Printed Guns
    An anonymous reader quotes the Associated Press: Attorneys general in 20 states and the District of Columbia filed a lawsuit Thursday challenging a federal regulation that could allow blueprints for making guns on 3D printers to be posted on the internet. New York Attorney General Tish James, who helped lead the coalition of state attorneys general, argued that posting the blueprints would allow anyone to go online and use the downloadable files to create unregistered and untraceable assault-style weapons that could be difficult to detect... Proponents have argued there is a constitutional right to publish the material, but critics counter that making the blueprints readily accessible online could lead to an increase in gun violence and put weapons in the hands of criminals who are legally prohibited from owning them... For years, law enforcement officials have been trying to draw attention to the dangers posed by the so-called ghost guns, which contain no registration numbers that could be used to trace them.

    Read more of this story at Slashdot.



    - Theranos' Elizabeth Holmes Represents Herself at Trial After Lawyers Say She Stiffed Them
    McGruber quotes the Mercury News: In her regular attendance at the San Jose federal courthouse for hearings in her high-stakes criminal fraud case, Theranos founder Elizabeth Holmes has been flanked by expensive lawyers. But in an Arizona civil case, she took part in a hearing this week representing herself, and by phone, according to a report Friday. Holmes has seven lawyers preparing for the August trial start in her criminal case in U.S. District Court, and fighting federal prosecutors over evidence. In the Arizona case — a lawsuit filed by blood-testing customers against Holmes, the defunct Palo Alto startup Theranos, and drug store chain Walgreens — court records earlier this month indicated she had two lawyers defending her. That was after three attorneys representing her in that case quit in the fall, saying she hadn't paid them for more than a year and probably never would. Now, the court docket shows Holmes representing herself in the civil case. And, according to a Bloomberg report, she didn't appear at a hearing in that case Thursday, instead calling in to the courtroom via an audio feed. She told the judge she wouldn't make any arguments, but would rely on arguments made by lawyers for the other defendants in the case, Bloomberg reported Friday, citing an unnamed lawyer said to be present at the proceedings. Legal experts say Holmes faces considerable financial peril from the legal actions against her, with legal fees on top of possible restitution for investors, fines and a prison sentence.

    Read more of this story at Slashdot.



    - 'Rocket League' To Drop Linux and Mac Support
    Long-time Slashdot reader Motor writes: Rocket League — a very popular multiplayer game — will no longer "be patched" for Linux and the Mac after March — say the publisher, Psyonix... The publishers say it's motivated by the need to support unspecified "new technologies". Thanks Psyonix. The announcement says their final patch "will disable online functionality (such as in-game purchases) for players on macOS and Linux, but offline features including Local Matches, and splitscreen play will still be accessible." "Players on Mac can try running Rocket League on Windows with Apple's Boot Camp tool," explains a support page, while adding in the next sentence that "Boot Camp is not something Psyonix officially supports." And if you play Rocket League on Linux, "you can try Steam's Proton app or Wine. These tools are not officially supported by Psyonix." The support page also includes instructions on how to request a refund.

    Read more of this story at Slashdot.



    - The Doomsday Clock Is Now Closer to Midnight Than It's Ever Been
    Long-time Slashdot reader Drakster writes: The Doomsday Clock, run by the Bulletin of the Atomic Scientists, has moved forward to only 100 seconds to midnight, the closest it has ever been since its launch in 1947. The lack of action on climate change and increasing threats of nuclear war were the primary reasoning for the move. They cite the weakening of several major arms control treaties in the last year -- and wrote Thursday that the lack of concrete international action on climate change "came during a year when the effects of manmade climate change were manifested by one of the warmest years on record, extensive wildfires, and quicker-than-expected melting of glacial ice...." But those threats are "compounded by a threat multiplier, cyber-enabled information warfare, that undercuts society's ability to respond. The international security situation is dire, not just because these threats exist, but because world leaders have allowed the international political infrastructure for managing them to erode..." "By undermining cooperative, science- and law-based approaches to managing the most urgent threats to humanity, these leaders have helped to create a situation that will, if unaddressed, lead to catastrophe, sooner rather than later... [B]oard members are explicitly warning leaders and citizens around the world that the international security situation is now more dangerous than it has ever been, even at the height of the Cold War."

    Read more of this story at Slashdot.



    - Do Proof-of-Concept Exploits Do More Harm Than Good?
    secwatcher writes: When it comes to the release of proof-of-concept (PoC) exploits, more security experts agree that the positives outweigh the negatives, according to a recent and informal Threatpost poll. In fact, almost 60 percent of 230 security pundits thought it was a "good idea" to publish PoC code for zero days. Up to 38 percent of respondents, meanwhile, argued it wasn't a good idea. Dr. Richard Gold, head of security engineering at Digital Shadows, told Threatpost that PoC code makes it easier for security teams to do penetration testing: "Rather than having to rely on vendor notifications or software version number comparisons, a PoC allows the direct verification of whether a particular system is exploitable," Gold told Threatpost. "This ability to independently verify an issue allows organizations to better understand their exposure and make more informed decisions about remediation." In fact, up to 85 percent of respondents said that the release of PoC code acts as an "effective motivator" to push companies to patch. Seventy-nine percent say that the disclosure of a PoC exploit has been "instrumental" in preventing an attack. And, 85 percent of respondents said that a PoC code release is acceptable if a vendor won't fix a bug in a timely manner... On the flip-side of the argument, many argue that the release of the Citrix PoC exploits were a bad idea. They say attacks attempting to exploit the vulnerability skyrocketed as bad actors rushed to exploit the vulnerabilities before they are patched... Matt Thaxton, senior consultant at Crypsis Group, thinks that the "ultimate function of a PoC is to lower the bar for others to begin making use of the exploit... In many cases, PoC's are put out largely for the notoriety/fame of the publisher and for the developer to 'flex' their abilities...." This issue of a PoC exploit timeline also brings up important questions around patch management for companies dealing with the fallout of publicly-released code. Some, like Thaxton, say that PoC exploit advocates fail to recognize the complexity of patching large environments: "I believe the release of PoC code functions more like an implied threat to anyone that doesn't patch: 'You'd better patch . . . or else,'" he said "This kind of threat would likely be unacceptable outside of the infosec world. This is even more obvious when PoCs are released before or alongside a patch for the vulnerability." And Joseph Carson, chief security scientist at Thycotic, tells them "Let's be realistic, once a zero-day is known, it is only a matter of time before nation states and cybercriminals are abusing them."

    Read more of this story at Slashdot.



    - Cisco Warns: Patch This Critical Firewall Bug in Firepower Management Center
    "Cisco is urging customers to update its Firepower Management Center software," ZDNet reported Thursday, "after users informed it of a critical bug that attackers could exploit over the internet." Like many Cisco bugs, the flaw was found in the web-based management interface of its software. The bug has a severity rating of 9.8 out of a possible 10 and means admins should patch sooner rather than later. The vulnerability is caused by a glitch in the way Cisco's software handles Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. Remote attackers could exploit the flaw by sending specially crafted HTTP requests to the device. Devices are vulnerable if they've been configured to authenticate users of the web interface through an external LDAP server... How customers should remediate the issue will depend on which release of Firepower Management Center (FMC) they're running. There is no workaround, but hotfix patches are available for several new releases of FMC, and maintenance releases that address the flaw are scheduled for later this year. "Customers may install a fix either by upgrading to a fixed release or by installing a hotfix patch," Cisco notes... Cisco also disclosed seven high-severity flaws and 19 medium-severity security issues. This FMC critical flaw follows updates made available earlier this month for three critical flaws affecting Cisco's Data Center Network Manager software. The researcher who reported the flaw has released proof-of-concept exploit code, but Cisco says it is not aware of any malicious use of the flaws.

    Read more of this story at Slashdot.



    - Is PHP Still a Worthwhile Language To Learn?
    mbadolato (Slashdot reader #105,588) shares this post from Belgium-based programmer Brent Roose: It's no secret among web developers and programmers in general: PHP doesn't have the best reputation. Despite still being one of the most used languages to build web applications; over the years PHP has managed to get itself a reputation of messy codebases, inexperienced developers, insecure code, an inconsistent core library, and what not. While many of the arguments against PHP still stand today, there's also a bright side: you can write clean and maintainable, fast and reliable applications in PHP. In this post, I want to look at this bright side of PHP development. I want to show you that, despite its many shortcomings, PHP is a worthwhile language to learn. I want you to know that the PHP 5 era is coming to an end. That, if you want to, you can write modern and clean PHP code, and leave behind much of the mess it was 10 years ago. The article notes PHP's opt-in type system and performance-enhancing rewrites (including the ability to store compiled chunks of PHP code in memory). And it argues that PHP "is still evolving today," with a package repository averaging over 25 million downloads a day. There's also PHP web application frameworks (as well as asynchronous frameworks), so "PHP isn't just WordPress anymore." And in keeping with the core team's yearly release cycle, PHP 8 is expected at the end of 2020, which will include a JIT compiler, "allowing PHP to enter new areas besides web development..."

    Read more of this story at Slashdot.



    - Waze Mistakenly Directed Hundreds of Drivers to a Remote Wildlife Preserve
    "No, the luxurious Borgata Hotel, Casino and Spa isn't located in a central New Jersey wildlife preserve," reports a local news team in New York. But an ad for the casino in Waze was apparently tagged with the wrong geographical coordinates, CNN reports, and.... The Jackson township Police Department's public information officer Lt. Christopher Parise said the police department found out about the error when one his officers was out assisting a stranded car. The driver told the officer they were headed for the Borgata but wound up at the 12,000 acre wildlife area through unpaved roads after using Waze for directions... "My department towed 10 cars in 5 days that were stuck," Parise said. "A Waze response to the error report stated 249 others reported the same location error in the past couple days, so hundreds have been misled back there." Police complained of a "tremendous increase" in disabled motor vehicles -- one driver found themselves at least 10 minutes away from any paved roads. Long-time Slashdot reader Newer Guy tipped us off to the story, though Waze told CNN that after being made aware of it, they'd fixed the issue "within hours". But the casino is still urging future visitors "to check the route before they begin driving" to make sure they're actually being routed to Atlantic City. And the folks in Jackson Township (population 54,856) had a real good laugh, posting over 100 comments on the police department's Facebook page. "You can take the people out of the city but you can't take the city out of the people..." "who the hell is going on unpaved roads thinking it'll lead them to a casino?" "You would think when they go down a dirt road common sense would kick in..." "This must be a short cut to Atlantic City, just keep going. Ha ha ha..." "This is why you need to learn how to read a map!" "I keep picturing in my head these people driving into the woods thinking its Atlantic City..." "We could just put a couple of slot machines and poker tables out there.... " "I knew people were stupid but this is ridiculous." "Don't blame the app, Blame the morons driving." "How stupid do you have to be to not realize that you are nowhere near the ocean??!!" "So natural selection is going high tech?" "I was wondering how this lovely couple ended up way back by the lake when I was hunting there last week. They flagged me down and pleaded with me to show them the way out. "They must've thought they were in the middle of Deliverance."

    Read more of this story at Slashdot.



    - Help NASA Choose the Name For Its Next Mars Rover
    Slashdot reader DevNull127 writes: NASA will launch a new rover to Mars this July — and 28,000 American schoolchildren wrote essays with suggestions for what NASA should name it. NASA has now selected the top nine finalists, which they'll let the public vote on through Monday on a special web page where they're also displaying the schoolchildren's essays. "Scientists are tenacious," wrote one student who suggested the name Tenacity. "It is what keeps them thinking and experimenting... When scientists make mistakes they see what they did wrong and then try again. "If they didn't have tenacity, Mars rovers wouldn't be a thing." The new rover will also be carrying the names of 10,932,295 earthlings, etched onto a microchip. Bloomberg points out that because Mars and Earth are unusually close in July and August -- a mere 39 million miles -- another rover will also be launched by the international ExoMars programme (led by the European Space Agency and the Russian Roscosmos State Corporation), while the United Arab Emirates will also try sending an orbiter to Mars, and China will deploy "an orbiter to circle the planet and a rover to land on it."

    Read more of this story at Slashdot.



    - Former US Regulator and Accenture Exploring Digital Currency for US Central Banks
    A former chair of America's Commodity Futures Trading Commission is working with Accenture to explore what Computerworld calls "a U.S. Central Bank Digital Currency" -- a cash-backed stablecoin, issued and controlled by America's central bank, where one token represents one dollar. Long-time Slashdot reader Lucas123 writes: A cryptocurrency based on a blockchain ledger would be a cheaper, faster and more inclusive global financial system than today's analog-based reserve currency that can take two or more days to clear, according to their Digital Dollar Project. The race to integrate cryptocurrency into global banking is speeding up as public sector projects are already driving interest in fiat-backed digital tokens by central and regional banks around the globe but primarily in Europe and Asia. Accenture already has "experience working with central banks on digital currency and related initiatives," Computerworld points out, and quotes the former CFTC chair as saying that "The digital 21st century is underserved by an analogue reserve currency. "A digital dollar would help future-proof the greenback and allow individuals and global enterprises to make payments in dollars irrespective of space and time."

    Read more of this story at Slashdot.



    - Some Vendors Are Already Releasing Chipsets That Support 6 GHz Wifi
    Long-time Slashdot reader gabebear writes: The FCC hasn't officially cleared 6 GHz for WiFi, but chipsets that support 6 GHz are starting to be released. 6 GHz opens up a several times more bandwidth than what is currently available with WiFi, although it doesn't penetrate walls as well as 2.4 GHz. Celeno has their press release and Broadcom has their press release. Still no news from Intel or Qualcomm on chipsets that support 6 GHz.

    Read more of this story at Slashdot.



    - JetBrains to Reimagine IntelliJ as Text Editor, Add Machine Learning
    From a report: JetBrains has added further destinations to the IntelliJ-based roadmap it sketched out last year, promising more localization, machine learning and Git integration amongst a range of other goodies for the Java IDE... The Prague-based firm's CTO Dimitry Jemerov said users had long asked to be able to use its IDEs for "general purpose text editing". While this is possible to some degree currently, in some situations it created a temporary project file, leading to disk clutter and "other inconveniences". However, recent performance improvements mean "the possibility of using our IDEs as lightweight text editors has become more plausible, so we're now building a dedicated mode for editing non-project files. In this mode, the IDE will work more like a simple text editor." This will be faster, he promised, but the feature set will be very limited and "you'll be able to easily switch to the full project mode if you need to use features such as refactoring or debugging... Other upcoming features include more machine learning. Jemerov said this was already being used to improve code completion, but would now be rolled out for other completion features. "We're teaching ML completion to make better use of the context for ranking completion suggestions and to generate completion variants that go beyond a single identifier (full-line completion)". That might take a while, he said, but was a "major area where we are investing our efforts."

    Read more of this story at Slashdot.



    - Robert Cringely Attempts an Air-Launching Space Startup
    "How does a 67-year-old hack with three minor children recover from going blind, losing his home and business in a horrible fire (like 2,000 others, we are still fighting with insurance companies), while appeasing an angry crowd of Kickstarter supporters armed with pitchforks and shovels?" That crowd still wants long-time tech pundit Robert X. Cringely to deliver on his Kickstarter-funded project to create custom Minecraft servers. So in a new blog post this week, Cringely writes that "I went looking for venture money to recapitalize MineServer and I simultaneously started a satellite launch company to fund my eventual retirement. I am not making this up..." He's now found a Beverly Hills patron who wants to be a co-investor in the Minecraft servers, but "I will have to earn the matching money on my own, which is what I have been trying to do with my other startup, Eldorado Space." Eldorado will later this year begin launching into low earth orbit CubeSats up to 12 kilograms in weight. Doing a space startup may seem like the stupidest, highest-risk way to go about restarting a career, but I thought it would be fun and it has been. Fortunately, we found a visionary billionaire to be our seed investor. We will shortly close our Series A round with most of that money already committed... [F]or Eldorado, we (which means my co-founder Tomas Svitek -- a real rocket scientist who used to report directly to Jeff Bezos at Blue Origin -- seven engineers and me) pledged to invent nothing and to avoid liquid fuels if possible. We took 50-year-old ammonium perchlorate composite propellant (the same solid fuel used in the Space Shuttle's strap-on boosters) and improved it using modern materials, processes, and some common sense. NO 3D printing! The result is a cheaper rocket that can sit on the shelf for years then be launched as-needed within hours... [W]e've offered to launch on FOUR hours notice and then launch again every TWO hours after that until they tell us to stop. So if Bond villain Ernst Blofeld, for example, figured out a way to take down the GPS system, we could replace the whole constellation in less than a day, then do it all over again as often as needed. That would probably deter Dr. Evil from even trying his trick in the first place.... Richard Branson's Virgin Orbit drops its rocket horizontally from a Boeing 747 flying at 35,000 feet going Mach 0.7. We "toss" our rocket while flying in a 45-degree climb at 78,000 feet going Mach 2.2, which is much more exciting. You can see the curvature of the Earth. Launching higher, faster, and at the proper angle lets us use a smaller cheaper rocket on a smaller cheaper aircraft for a lower launch price. Virgin charges $12 million per launch while we charge $1 million for up to 12U into any orbit.... "But how do you protect your business if you aren't inventing anything? Where is your intellectual property? Where is your defensive moat?" There's actually plenty of clever IP inside Eldorado, but what mainly keeps another startup from just copying our work is the required fleet of Mach 2.2+ launch aircraft. We bought all of them, you see... all of them on the planet.

    Read more of this story at Slashdot.



    - Ask Slashdot: How Can You Refresh Your Linux and Sysadmin Skills?
    Slashdot reader PrimeGoat has used Linux for 20 years, "10 of which were during my career as a Linux sysadmin..." "However, there's more to being a sysadmin than just knowing how to use Linux." There are best practices that evolve, new methods of doing things and new software that constantly comes out and evolves. This is where my challenge comes. In 2012 I stopped my career as a Linux sysadmin... There's a lot of stuff that I missed out on. I'm wondering what I should do to refresh my skills and to catch up on what I've missed? An obvious solution would be to get a job as a sysadmin again, but this probably isn't going to happen, as I'm changing my trajectory. I'm currently training to become a fullstack web developer, but still have a need to update my sysadmin skills and keep them fresh... Any suggestions on what actions to take on my own to catch up and keep fresh? Leave your thoughts in the comments. What's the best way to refresh both your Linux and sysadmin skills?

    Read more of this story at Slashdot.





Old Board