Oggi e' 22.04.2019
Sei qui: Home arrow Slashdot
Slashdot
Slashdot
News for nerds, stuff that matters

Slashdot
  • The Incredibly Stupid Plot To Hijack a Domain By Breaking Into Its Owner's House With A Gun
    CNN tells the story of 24-year-old "social media influencer" Rossi Lorathio Adams II who'd wanted his domain to be the slogan of his social media sites (which at one point had over a million followers on Snapchat, Instagram and Twitter). Unfortunately, that domain was already owned by another man in Iowa -- but Adams came up with a solution: In June 2017, Adams enlisted his cousin to break into the domain owner's home and force him to transfer it. The cousin drove to the domain owner's house and provided a demand note [which contained "a series of directions on how to change an Internet domain name from the domain owner's GoDaddy account to one of Adams' GoDaddy accounts."] After entering the home, the intruder grabbed the victim's arm and ordered him to connect his computer to the internet. He put the firearm against the victim's head and ordered him to follow the instructions. "Fearing for his life, the victim quickly turned to move the gun away from his head. The victim then managed to gain control of the gun," court records show. The victim shot the intruder multiple times and called the police. The intruder, Adams' cousin Sherman Hopkins Jr., was sentenced to 20 years in prison last year. Now it's Adams' turn. He will remain in custody pending sentencing. He faces a maximum 20 years in prison, a $250,000 fine and three years of supervised release.

    Read more of this story at Slashdot.



  • Are We Sacrificing Too Much For Automation?
    Fast Company shares an essay from an anthropologist who researches human agency, algorithms, AI, and automation in the context of social systems: With the advent of computational tools for quantitative measurement and metrics, and the development of machine learning based on the big data developed by those metrics, organizations, Amazon among them, started to transition through a period of what I refer to as "extreme data analysis," whereby anything and anyone that can be measured, is. This is a problem. Using counting, metrics, and implementation of outcomes from extreme data analysis to inform policies for humans is a threat to our well-being, and results in the stories we are hearing about in the warehouse, and in other areas of our lives, where humans are too often forfeiting their agency to algorithms and machines. Unfortunately, after decades of building this quantitative scaffolding, a company such as Amazon has pretty much baked it into their infrastructure and their culture.... As the world continues to automate things, processes, and services, humans are put in positions where we must constantly adapt, since at the moment, automation cannot, and does not, cooperate with us outside of its pre-programmed repertoire. Thus, in many instances we must do the yielding of our agency and our choices, to the algorithms or robots, to reach the cooperative outcomes we require.... If every process is eventually automated and restricts human agency, while simultaneously requiring our servitude to function, we will be pinned to the wall with no choices, nothing left to give, and no alternatives for coping with it. One example provided was the Amazon worker who complained the warehouse temperatures were always kept too hot -- to accommodate the needs of Amazon's robots. But the article argues we also forfeit agency "Every time we use a computer, or any computationally based device... "We do this by sitting or standing to use a keyboard, by typing, clicking, scrolling, checking boxes, pulling down menus, and filling in data in a way that the machine can understand."

    Read more of this story at Slashdot.



  • Why Modern C++ Still Isn't As Safe As Memory-Safe Languages Like Rust and Swift
    Alex Gaynor is a software engineer at Mozilla working on Firefox, after previously serving as a director of both the Python Software Foundation and the Django Software Foundation. In a new blog post today, he argues that memory unsafe languages, "principally C and C++," induce an exceptional number of security vulnerabilities, and that the industry needs to migrate to memory-safe languages like Rust and Swift by default. One of the responses I frequently receive is that the problem isn't C and C++ themselves, developers are simply holding them wrong. In particular, I often receive defenses of C++ of the form, "C++ is safe if you don't use any of the functionality inherited from C" or similarly that if you use modern C++ types and idioms you will be immune from the memory corruption vulnerabilities that plague other projects. I would like to credit C++'s smart pointer types, because they do significantly help. Unfortunately, my experience working on large C++ projects which use modern idioms is that these are not nearly sufficient to stop the flood of vulnerabilities... Modern C++ idioms introduce many changes which have the potential to improve security: smart pointers better express expected lifetimes, std::span ensures you always have a correct length handy, std::variant provides a safer abstraction for unions. However modern C++ also introduces some incredible new sources of vulnerabilities: lambda capture use-after-free, uninitialized-value optionals, and un-bounds-checked span. My professional experience writing relatively modern C++, and auditing Rust code (including Rust code that makes significant use of unsafe) is that the safety of modern C++ is simply no match for memory safe by default languages like Rust and Swift (or Python and JavaScript, though I find it rare in life to have a program that makes sense to write in either Python or C++). There are significant challenges to migrating existing, large, C and C++ codebases to a different language -- no one can deny this. Nonetheless, the question simply must be how we can accomplish it, rather than if we should try. The post highlights what he describes as "completely modern C++ idioms which produce vulnerabilities" -- including an example of dangling pointers "despite our meticulous use of smart pointers throughout..." "Even with the most modern C++ idioms available, the evidence is clear that, at scale, it's simply not possible to hold C++ right."

    Read more of this story at Slashdot.



  • Black Hole Photo Used Supercomputers and Cloud Computing To Prove Einstein Right
    An anonymous reader quotes The Next Web: As stunning and ground-breaking as it is, the EHT project is not just about taking on a challenge. It's an unprecedented test of whether Einstein's ideas about the very nature of space and time hold up in extreme circumstances, and looks closer than ever before at the role of black holes in the universe. To cut a long story short: Einstein was right.... His general theory of relativity has passed two serious tests from the universe's most extreme conditions in the last few years. Here, Einstein's theory predicted the observations from M87 with unerring accuracy, and is seemingly the correct description of the nature of space, time, and gravity. The measurements of the speeds of matter around the center of the black hole are consistent with being near the speed of light. The advanced computing research center at the University of Texas at Austin says the data for the photo "was collected during a 2017 global campaign, after decades of scientific, engineering, and computational research and preparation." And their own facility played a role in the finished photo, according to an article shared by aarondubrow: Helping to lay the groundwork for the black hole imaging, and providing the theoretical underpinnings that enabled the researchers to interpret the mass, underlying structure, and orientations of the black hole and its environment, were supercomputers at The University of Texas at Austin's Texas Advanced Computing Center (TACC) -- Stampede1, Stampede2 and Jetstream -- all three of which were supported by grants from the National Science Foundation (NSF), which also provided key funding for the EHT... "We are doing finite difference, three-dimensional simulations with not just gas dynamics, but also magnetic fields," said Harvard University professor and EHT researcher Ramesh Narayan. "That includes radiation and what is called two-temperature physics in a general relativistic framework. For these, we really do need the TACC's Stampede system with lots of cores and lots of hours.... The simulations are computationally very expensive and supercomputers are definitely needed...." Alongside the simulation and modeling effort, another group of researchers from the University of Arizona (UA) were using Jetstream -- a large-scale cloud environment for research located both at TACC and Indiana University -- to develop cloud-based data analysis pipelines that proved crucial for combining huge amounts of data taken from the geographically-distributed observatories, and sharing the data with researchers around the world. "New technologies such as cloud computing are essential to support international collaborations like this," said Chi-kwan Chan, leader of the EHT Computations and Software Working Group and an assistant astronomer at UA. "The production run was actually carried out on Google Cloud, but much of the early development was on Jetstream. Without Jetstream, it is unclear that we would have a cloud-based pipeline at all."

    Read more of this story at Slashdot.



  • Red Hat Takes Over Maintenance of OpenJDK 8 and OpenJDK 11 From Oracle
    "Red Hat is taking over maintenance responsibilities for OpenJDK 8 and OpenJDK 11 from Oracle," reports InfoWorld: Red Hat will now oversee bug fixes and security patches for the two older releases, which serve as the basis for two long-term support releases of Java. Red Hat's updates will feed into releases of Java from Oracle, Red Hat, and other providers... Previously, Red Hat led the OpenJDK 6 and OpenJDK 7 projects. Red Hat is not taking over OpenJDK 9 or OpenJDK 10, which were short-term releases with a six-month support window.

    Read more of this story at Slashdot.



  • Bluecherry Open Sources Its Entire Linux Surveillance Server
    "Big changes are here," writes the official blog for Bluecherry: In 2010 we released our multi-port MPEG4 video capture card with an open source driver (solo6x10) and in 2011 updated the driver to support our multi-port H.264 capture cards. Later, this open source driver was later added into the mainline Linux kernel. In 2013 we released our multi-platform surveillance application client with an open source (GPL) license. We are proud to announce that Effective April 18, 2019 we have released the entire Bluecherry software application open source with a GPL license. An anonymous reader writes: This includes the Linux based server application and the Windows / Linux / OS X client. Bluecherry's GitHub repo is now open for public viewing.

    Read more of this story at Slashdot.



  • Linux 5.2 Will Introduce The Fieldbus Subsystem
    "The new Fieldbus system has been deemed ready to be released into the staging area of the Linux kernel," writes jwhyche (Slashdot reader #6,192). Phoronix reports: This newest subsystem for the Linux kernel benefits industrial systems. Fieldbus is a set of network protocols for real-time distributed control of automated industrial systems. Fieldbus is used for connecting different systems/components/instruments within industrial environments. Fieldbus is used for connecting facilities ranging from manufacturing plants up to nuclear energy facilities. The Fieldbus specification has been around for decades while now seeing a formal subsystem within the Linux kernel. The subsystem allows for devices to exchange data over a Fieldbus whether it be Profinet, FLNet, or one of the other implementations. The subsystem provides a generic framework for exposing switches, lights, actuators, motors, and other hardware... The Linux kernel's Fieldbus subsystem has gone through over ten rounds of public revisions in recent months and has been deemed ready to premiere with Linux 5.2 [which] should debut in July.

    Read more of this story at Slashdot.