Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

Microsoft Patents A User-Monitoring AI That Improves Search Results (hothardware.com) 15

Slashdot reader MojoKid quotes a HotHardware article about Microsoft's new patent filing for an OS "mediation component": This is Microsoft's all-seeing-eye that monitors all textual input within apps to intelligently decipher what the user is trying to accomplish. All of this information could be gathered from apps like Word, Skype, or even Notepad by the Mediator and processed. So when the user goes to, for example, the Edge web browser to further research a topic, those contextual concepts are automatically fed into a search query.

The search engine (e.g., Bing and Cortana) uses contextual rankers to adjust the ranking of the default suggested queries to produce more relevant [results]. The operating system...tracks all textual data displayed to the user by any application, and then performs clustering to determine the user intent (contextually).

The article argues this feels "creepy and big brother-esque," and while Microsoft talks of defining a "task continuum," suggests the patent's process "would in essence keep track of everything you type and interact with in the OS and stockpile it in real-time to data-dump into Bing."
Open Source

Ask Slashdot: Who's Building The Open Source Version of Siri? (upon2020.com) 68

We're moving to a world of voice interactions processed by AI. Now Long-time Slashdot reader jernst asks, "Will we ever be able to do that without going through somebody's proprietary silo like Amazon's or Apple's?" A decade ago, we in the free and open-source community could build our own versions of pretty much any proprietary software system out there, and we did... But is this still true...? Where are the free and/or open-source versions of Siri, Alexa and so forth?

The trouble, of course, is not so much the code, but in the training. The best speech recognition code isn't going to be competitive unless it has been trained with about as many millions of hours of example speech as the closed engines from Apple, Google and so forth have been. How can we do that? The same problem exists with AI. There's plenty of open-source AI code, but how good is it unless it gets training and retraining with gigantic data sets?

And even with that data, Siri gets trained with a massive farm of GPUs running 24/7 -- but how can the open source community replicate that? "Who has a plan, and where can I sign up to it?" asks jernst. So leave your best answers in the comments. Who's building the open source version of Siri?
Censorship

Krebs Is Back Online Thanks To Google's Project Shield (krebsonsecurity.com) 58

"After the massive 600gbps DDOS attack on KrebsOnSecurity.com that forced Akamai to withdraw their (pro-bono) DDOS protection, krebsonsecurity.com is now back online, hosted by Google," reports Slashdot reader Gumbercules!!.

"I am happy to report that the site is back up -- this time under Project Shield, a free program run by Google to help protect journalists from online censorship," Brian Krebs wrote today, adding "The economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists...anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor." [T]he Internet can't route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the "The Democratization of Censorship...." [E]vents of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach...

Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company's paying customers, they explained that the choice to let my site go was a business decision, pure and simple... In an interview with The Boston Globe, Akamai executives said the attack -- if sustained -- likely would have cost the company millions of dollars.

One site told Krebs that Akamai-style protection would cost him $150,000 a year. "Ask yourself how many independent journalists could possibly afford that kind of protection money?" He suspects the attack was a botnet of enslaved IoT devices -- mainly cameras, DVRs, and routers -- but says the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks... the biggest offenders will continue to fly under the radar of public attention unless and until more pressure is applied by hardware and software makers, as well as ISPs that are doing the right thing... What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale."
Government

California Launches Mandatory Data Collection For Police Use-of-Force (seattletimes.com) 46

An anonymous Slashdot reader quotes the AP: All 800 police departments in California must begin using a new online tool launched Thursday to report and help track every time officers use force that causes serious injuries... The tool, named URSUS for the bear on California's flag, includes fields for the race of those injured and the officers involved, how their interaction began and why force was deemed necessary.

"It's sort of like TurboTax for use-of-force incidents," said Justin Erlich, a special assistant attorney general overseeing the data collection and analysis. Departments must report the data under a new state law passed last November. Though some departments already tracked such data on their own, many did not... "As a country, we must engage in an honest, transparent, and data-driven conversation about police use of force," California Attorney General Kamala Harris said in a news release.

It's an open source tool developed by Bayes Impact, and California plans to share the code with other interested law enforcement agencies across the country. Only three other states currently require their police departments to track data about use-of-force incidents, "but their systems aren't digital, and in Colorado's case, only capture shootings."
United States

Kentucky's Shotgun 'Drone Slayer' Gets Sued Again (yahoo.com) 185

"Technology has surpassed the law..." argues a Kentucky man who fired a shotgun at a drone last year. An anonymous Slashdot reader reports: The drone's owner has now filed for damages in Federal Court over the loss of his $1,800 drone, arguing that the shotgun blast was unjustified because his drone wasn't actually trespassing or invading anyone's privacy. The defendant -- who has dubbed himself 'the Drone Slayer' -- said the aerial vehicle was over his garden and his daughter, and the verdict could ultimately set a new precedent in U.S. law: who owns the air?

"Operators need to know where they can fly," argued the drone pilot's lawyer, "and owners must know when they can reasonably expect privacy and be free of prying eyes." He estimates a drone is shot from he skies about once a month, and "What happens typically is that law enforcement doesn't know what to do and civil suits are uncommon as most people don't want to get involved due to the costs."

The Drone Slayer was originally charged with felony counts of wanton endangerment and criminal mischief. But all of those charges were dismissed in October when a district judge ruled he "had a right to shoot at the aircraft."
Microsoft

Tuesday Was Microsoft's Last Non-Cumulative Patch (helpnetsecurity.com) 164

There was something unique about this week's Patch Tuesday. An anonymous Slashdot reader quotes HelpNetSecurity: It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new 'monthly update packs' will be combined, so for instance, the November update will include all the patches from October as well.
Last month a Slashdot reader asked for suggestions on how to handle the new 'cumulative' updates -- although the most common response was "I run Linux."
Security

97% of the Top Companies Have Leaked Credentials Online (onthewire.io) 21

Apparently lots of people have been use both their work email address and work password on third-party sites -- suggesting a huge vulnerability. Trailrunner7 quotes On The Wire: The last few years have seen a number of large-scale breaches at popular sites and companies, including LinkedIn, Adobe, MySpace, and Ashley Madison, and many of the credentials stolen during those incidents have ended up online in various places... [R]esearch from Digital Shadows found that the most significant breach for the global 1,000 companies it looked at was the LinkedIn incident... Digital Shadows found more than 1.6 million credentials online for the 1,000 companies it studied. Adobe's breach was next on the list, with more than 1.3 million credentials.
"For Ashley Madison alone, there were more than 200,000 leaked credentials from the top 1,000 global companies," the researchers report, noting they also found many leaked credentials from breaches at other dating and gaming sites, as well as Myspace. Their conclusion? "The vast majority of organizations have credentials exposed online..."
Space

Cisco Blamed A Router Bug On 'Cosmic Radiation' (networkworld.com) 127

Network World's news editor contacted Slashdot with this report: A Cisco bug report addressing "partial data traffic loss" on the company's ASR 9000 Series routers contended that a "possible trigger is cosmic radiation causing SEU [single-event upset] soft errors." Not everyone is buying: "It IS possible for bits to be flipped in memory by stray background radiation. However it's mostly impossible to detect the reason as to WHERE or WHEN this happens," writes a Redditor identifying himself as a former [technical assistance center] engineer...
"While we can't speak to this particular case," Cisco wrote in a follow-up, "Cisco has conducted extensive research, dating back to 2001, on the effects cosmic radiation can have on our service provider networking hardware, system architectures and software designs. Despite being rare, as electronics operate at faster speeds and the density of silicon chips increases, it becomes more likely that a stray bit of energy could cause problems that affect the performance of a router or switch."

Friday a commenter claiming to be Xander Thuijs, Cisco's principal engineer on the ASR 9000 router, posted below the article, "apologies for the detail provided and the 'concept' of cosmic radiation. This is not the type of explanation I would like to see presented to the respected users of our products. We have made some updates to the DDTS [defect-tracking report] in question with a more substantial data and explanation. The issue is something that we can likely address with an FPD update on the 2x100 or 1x100G Typhoon-based linecard."
Security

Malware Evades Detection By Counting Word Documents (threatpost.com) 63

"Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher's test environment," reports Threatpost, The Kaspersky Lab security news service. Slashdot reader writes: Once a computer is compromised, the malware will count the number of Word documents stored on the local drive; if it's more than two, the malware executes. Otherwise, it figures it's landed in a virtual environment or is executing in a sandbox and stays dormant.

A typical test environment consists of a fresh Windows computer image loaded into a VM. The OS image usually lacks documents and other telltale signs of real world use [according to SentinelOne researcher Caleb Fenton]. If no Microsoft Word documents are found, the VBA macro's code execution terminates, shielding the malware from automated analysis and detection. Alternately, if more than two Word documents are found on the targeted system, the macro will download and install the malware payload.

Cloud

A New Programming Language Expands on Google's Go (infoworld.com) 156

"One sure sign your language is successful: When people build other languages that transpile into it." An anonymous Slashdot reader quotes a report from InfoWorld: The Have project uses Go's toolchain, but sports a different syntax and makes key additions to the language... Previously, a language named Oden worked with Go's toolchain to add features that Go didn't support. Now Polish developer Marcin Wrochniak has introduced Have, a language that transpiles to and expands on Go.

In the blog post that introduces the project to Go developers, Wrochniak describes Have as a hobby project, with the goal of becoming a "companion" to Go that addresses some of its common "landmines"... Go uses curly braces in the manner of C/C++, while Have uses block indents, like Python... The way that variable declaration, structs, and interfaces work have all been modified in Have to be more consistent with each other and to avoid internal inconsistencies that Wrochniak feels are a common source of bugs.

Botnet

Spam Hits Its Highest Level Since 2010 (networkworld.com) 41

Long-time Slashdot reader coondoggie quotes Network World: Spam is back in a big way -- levels that have not been seen since 2010 in fact. That's according to a blog post from Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet... "Many of the host IPs sending Necurs' spam have been infected for more than two years.

"To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions... This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again."

Before this year, the SpamCop Block List was under 200,000 IP addresses, but surged to over 450,000 addresses by the end of August. Interestingly, Proofpoint reported that between June and July, Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.
Media

Snapchat's 10-Second-Video Glasses Are Real And Cost $130 Bucks (techcrunch.com) 86

Long-time Slashdot reader bheerssen writes that Snapchat "announced a new product yesterday, Spectacles, which are sunglasses with a camera built into the frame." TechCrunch reports: Snapchat's long-rumored camera glasses are actually real. The startup's first foray into hardware will be a pair of glasses called "Spectacles" and will go on sale this fall for $129.99, according to the WSJ... To start recording you tap a button on the side of the glasses. Video capture will mimic Snapchat's app, meaning you can only capture 10 seconds of video at once. This video will sync wirelessly to your phone, presumably making it available to share as a snap.
The cameras will be using a circular 115-degree lens to mimic the human eye's natural field of vision, and in the Journal's article, Snap CEO Evan Spiegel remembers his first test of the product in 2015. "I could see my own memory, through my own eyes -- it was unbelievable... It was the closest I'd ever come to feeling like I was there again." The camera glasses will enter "limited distribution" sometime within the next three months, which TechCrunch believes "could end up being like Google Glass when it first launched -- officially on sale to the public but pretty hard to come by."
United States

U.S. Funds Challenges To North Korea's 'Information Shield' (freekorea.us) 86

The U.S. State Department is pursuing "a detailed plan for making unrestricted, unmonitored, and inexpensive electronic mass communications available to the people of North Korea." Slashdot reader Greg Jones reports: Plenty of government-designed "information" flows out of North Korea. At One Free Korea Joshua Stanton reports that the U.S. State Department just announced a new grant program for information technology solutions to punch through the wall that prevents the free flow of information into North Korea.
"Those of us who wrote and negotiated the [North Korea Sanctions and Policy Enhancement Act] were equally concerned with direct engagement of the North Korean people..." Stanton writes on his blog, reporting that there's now grants available to fund multiple projects. "If you have the technical knowledge to make this a reality, or know a place online where people with those talents congregate, please share and repost this solicitation and help spread the word."
Communications

The Verge's Deputy Editor Chris Ziegler Was Secretly Working For Apple For Two Months (gizmodo.com) 74

An anonymous reader quotes a report from Gizmodo: Late this afternoon, Nilay Patel, the editor-in-chief of The Verge, published a post detailing the circumstances around the departure of Chris Ziegler, a founding member of the site. As it turns out, according to Patel, Ziegler had been pulling double duty as an employee of both The Verge and Apple. "The circumstances of Chris' departure from The Verge raised ethical issues which are worth disclosing in the interests of transparency and respect for our audience," Patel wrote. "We're confident that there wasn't any material impact on our journalism from these issues, but they are still serious enough to merit disclosure." According to Patel, Ziegler, whose most recent post was published in July, began working for Apple in July but didn't disclose his new job; The Verge apparently didn't discover he'd been working there until early September. Patel noted that Ziegler continued to work for The Verge in July, but "was not in contact with us through most of August and into September." What's not clear is how The Verge leadership went six weeks without hearing from their deputy editor or taking serious action (like filing a missing person's report) to try to find him. Patel says they "made every effort to contact him and to offer him help if needed." Patel noted the obvious conflict of interest, and added that Ziegler was fired the same day they verified his employment at Apple. "Chris did not attempt to steer any coverage towards or away from Apple, and any particular decisions he helped make had the same outcomes they would have had absent his involvement," Patel wrote. However, it's still unclear how exactly the team at Vox Media, The Verge's parent company, ascertained there was no editorial consequences from the dual-employment. You can read Patel's full statement here. Vox Media's Fay Sliger followed up with a statement to Gizmodo: "Chris is no longer an employee of The Verge or Vox Media. Chris accepted a position with Apple, stopped communicating with The Verge's leadership, and his employment at The Verge was terminated. Vox Media's editorial director Lockhart Steele conducted an internal review of this conflict of interest, and after a thorough investigation, it was determined that there was no impact on editorial decisions or journalism produced at The Verge or elsewhere in Vox Media. We've shared details about this situation with The Verge's audience and will continue to be transparent should any new information come to light."
Earth

Our Atmosphere Is Leaking Oxygen and Scientists Don't Know Why (gizmodo.com) 152

The Earth's atmosphere has been leaking oxygen and scientists don't know why. Researchers discovered that over the past 800,000 years, atmospheric oxygen levels have dropped by 0.7 percent. How exactly did they discover the leak? By observing ice cores from Greenland and Antarctica, which contain trapped air bubbles representing snapshots of our atmosphere over the past million-odd years. Gizmodo reports: By examining the ratio of oxygen to nitrogen isotopes within these cores, the researchers were able to pull out a trend: oxygen levels have fallen by 0.7 percent over the past 800,000 years, meaning sinks are roughly 2 percent larger than sources. Writing today in Science, the researchers offer a few possible explanations. For one, erosion rates appear to have sped up in recent geologic history, causing more fresh sediment to be exposed and oxidized by the atmosphere, causing more oxygen to be consumed. Long-term climate change could also be responsible. Recent human-induced warming aside, our planet's average temperature had been declining a bit over the past few million years. [Princeton University geologist Daniel Stolper] added that there could be other explanations, too, and figuring out which is correct could prove quite challenging. But learning what controls the knobs in our planet's oxygen cycle is worth the effort. It could help us understand what makes a planet habitable at all -- something scientists are rather keen on, given recent exoplanet discoveries. Stolper's analysis excluded one very unusual part of the record: the last 200 years of industrial human society. "We are consuming O2 at a rate a factor of a thousand times faster than before," Stolper said. "Humankind has completely short-circuited the cycle by burning tons of carbon."
Security

Hacker Who Aided ISIS Gets 20 Years In Prison (softpedia.com) 124

An anonymous reader quotes a report from Softpedia: Ardit Ferizi, aka Th3Dir3ctorY, 20, a citizen of Kosovo, will spend 20 years in a U.S. prison for providing material support to ISIS hackers by handing over data for 1,351 U.S. government employees. Ferizi obtained the data by hacking into a U.S. retail company on June 13, 2015. The hacker then filtered the stolen information and put aside records related to government officials, which he later handed over to Junaid Hussain, the then leader of the Islamic State Hacking Division (ISHD). Hussain then uploaded this information online, asking fellow ISIS members to seek out these individuals and execute lone wolf attacks. Because of this leak, the U.S. Army targeted and killed Hussain in a drone strike in Syria in August 2015. Before helping ISIS, Ferizi had a prodigious hacking career as the leader of Kosova Hacker's Security (KHS) hacking crew. He was arrested on October 6, 2015, at the international airport in Kuala Lumpur, Malaysia, while trying to catch a flight back to Kosovo. Ferizi was in Kuala Lumpur studying computer science.
Yahoo!

Yahoo Sued For Gross Negligence Over Huge Hacking (reuters.com) 55

Yahoo apparently took two years to investigate and tell people that its service had been breached, and that over 500 million users were affected. Amid the announcement, a user is suing Yahoo, accusing the company of gross negligence. From a Reuters report: The lawsuit was filed in the federal court in San Jose, California, one day after Yahoo disclosed the hacking, unprecedented in size, by what it believed was a "state-sponsored actor." Ronald Schwartz, a New York resident, sued on behalf of all Yahoo users in the United States whose personal information was compromised. The lawsuit seeks class-action status and unspecified damages. A Yahoo spokeswoman said the Sunnyvale, California-based company does not discuss pending litigation. The attack could complicate Chief Executive Marissa Mayer's effort to shore up the website's flagging fortunes, two months after she agreed to a $4.8 billion sale of Yahoo's Internet business to Verizon Communications. Yahoo on Thursday said user information including names, email addresses, phone numbers, birth dates and encrypted passwords had been compromised in late 2014.
Security

Why the Silencing of KrebsOnSecurity Opens a Troubling Chapter For the Internet (arstechnica.com) 189

An anonymous reader quotes a report from Ars Technica: For the better part of a day, KrebsOnSecurity, arguably the world's most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn't like a recent series of exposes reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here. On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours' notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it's twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn't rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease. The attackers used Internet-of-things devices since they're always-connected and easy to "remotely commandeer by people who turn them into digital cannons that spray the internet with shrapnel." "The biggest threats as far as I'm concerned in terms of censorship come from these ginormous weapons these guys are building," Krebs said. "The idea that tools that used to be exclusively in the hands of nation states are now in the hands of individual actors, it's kind of like the specter of a James Bond movie." While Krebs could retain a DDoS mitigation service, it would cost him between $100,000 and $200,000 per year for the type of protection he needs, which is more than he can afford. What's especially troubling is that this attack can happen to many other websites, not just KrebsOnSecurity.
Security

40 Percent of Organizations Store Admin Passwords In Word Documents, Says Survey (esecurityplanet.com) 107

While the IT industry is making progress in securing information and communications systems from cyberattacks, a new survey from cybersecurity company CyberArk says several critical areas, such as privileged account security, third-party vendor access and cloud platforms are undermining them. An anonymous Slashdot reader shares with us the details of the report via eSecurity Planet: According to the results of a recent survey of 750 IT security decision makers worldwide, 40 percent of organizations store privileged and administrative passwords in a Word document or spreadsheet, while 28 percent use a shared server or USB stick. Still, the survey, sponsored by CyberArk and conducted by Vanson Bourne, also found that 55 percent of respondents said they have evolved processes for managing privileged accounts. Fully 79 percent of respondents said they have learned lessons from major cyberattacks and have taken appropriate action to improve security. Sixty-seven percent now believe their CEO and board of directors provide sound cybersecurity leadership, up from 57 percent in 2015. Three out of four IT decision makers now believe they can prevent attackers from breaking into their internal network, a huge increase from 44 percent in 2015 -- and 82 percent believe the security industry in general is making progress against cyberattackers. Still, 36 percent believe a cyberattacker is currently on their network or has been within the past 12 months, and 46 percent believe their organization was a victim of a ransomware attack over the past two years. And while 95 percent of organizations now have a cybersecurity emergency response plan, only 45 percent communicate and regularly test that plan with all IT staff. Sixty-eight percent of organizations cite losing customer data as one of their biggest concerns following a cyberattack, and 57 percent of organizations that store information in the cloud are not completely confident in their cloud provider's ability to protect their data.
Medicine

UPS Is Starting To Test Drone Deliveries In the US (qz.com) 44

An anonymous reader quotes a report from Quartz: UPS announced Sept. 23 that it has begun testing drone deliveries in the U.S. with drone manufacturer CyPhy Works. The two companies yesterday completed a test of delivering medicine from the coastal town of Beverly, Massachusetts, to Children's Island, a small island about three miles into the Atlantic Ocean. CyPhy's drone has night-vision capabilities, according to a release shared with Quartz. The test yesterday involved a trial situation where an asthmatic child urgently needed an inhaler, which was dispatched from the mainland to the island, arriving far more quickly than it would've taken a boat to get there. CyPhy's drone autonomously flew supplies over the ocean to a group waiting to receive them on the other end, although there was no actual child with asthma in danger. In May, UPS had announced that it was partnering with the drone company Zipline to deliver medical supplies to rural Rwanda, having invested nearly $1 million into the company. UPS has also invested an undisclosed amount in CyPhy. UPS told Quartz that the FAA was aware of its test, and Houston Mills, a commercial pilot with UPS for over a decade and the company's director of airline safety, was recently announced as a member of the FAA's Drone Advisory Committee. The committee is working with industry experts and companies to figure out how to safely integrate a network of commercial drones into U.S. airspace. You can watch the heroic footage of the trial run here.

Slashdot Top Deals