Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Amid Major Internet Outages, Affected Websites Have Lessons To Learn ( 131

Earlier today, Dyn, an internet infrastructure company, was hit by several DDoS attacks, which interestingly affected several popular websites including The New York Times, Reddit, Spotify, and Twitter that were directly or indirectly using Dyn's services. The attack is mostly visible across the US eastern seaboard with rest of the world noticing a few things broken here and there. Dyn says it's currently investigating a second round of DDoS attacks, though the severity of the outage is understandably less now. In the meantime, the Homeland Security said that it is aware of the attack and is investigating "all potential causes." Much of who is behind these attacks is unknown for now, and it is unlikely that we will know all the details until at least a few days. The attacks however have revealed how unprepared many websites are when their primary DNS provider goes down. ZDNet adds: The elephant in the room is that this probably shouldn't have happened. At very least there's a lot to learn already about the frailty of the internet DNS system, and the lack of failsafes and backups for websites and tech companies that rely on outsourced DNS service providers. "It's also a reminder of one risk of relying on multi-tenant service providers, be they DNS, or a variety of many other managed cloud service providers," said Steve Grobman, chief technology officer at Intel Security. Grobman warned that because this attack worked, it can be exploited again. "Given how much of our connected world must increasingly rely upon such cloud service providers, we should expect more such disruptions," he said. "We must place a premium of service providers that can present backup, failover, and enhance security capabilities allowing them to sustain and deflect such attacks." And that's key, because even though Dyn is under attack, it's the sites and services that rely on its infrastructure who should rethink their own "in case of emergency" failsafes. It may only be the east coast affected but lost traffic means lost revenue. Carl Levine, senior technical evangelist for NS1, another major managed DNS provider, said that the size and scale of recent attacks "has far exceeded what the industry thought was the upper end of the spectrum." "Large companies need to constantly upgrade their flood defenses. Some approaches that worked just a few years ago are now basically useless," said Kevin Curran, senior member with IEEE.We also recommend reading security reporter Brian Krebs's take on this.

iPhone 7 Plus Qualcomm LTE Modem Significantly Outperforms Intel LTE Modem, Study Finds ( 44

An anonymous reader quotes a report from Mac Rumors: With the iPhone 7 and the iPhone 7 Plus, Apple elected to use LTE modems from two different sources, Qualcomm and Intel. The A1778 and A1784 iPhone models use a GSM-only Intel XMM7360 modem while the A1660 and 1661 iPhone models use a GSM/CDMA-compatible Qualcomm MDM9645M modem. Apple's decision has already caused some disappointment among customers because the GSM-only Intel modem is not compatible with as many carrier networks as the GSM/CDMA Qualcomm modem, and now independent testing conducted by Cellular Insights suggests there are some significant performance differences between the two modems, with the Qualcomm modem outperforming the Intel modem. Using an RS TS7124 RF Shielded Box, two RS CMW500, one RS CMWC controller, and four Vivaldi antennas, Cellular Insights created a setup to simulate LTE performance at different distances from a cellular tower using two iPhone 7 Plus devices, one with an Intel modem and one with a Qualcomm modem. The goal of the test was to measure the highest achievable LTE throughput starting at a Reference Signal Received Quality of -85dBm (a strong signal) and gradually reducing the power level to simulate moving away from a cellular tower where signal is weaker. Three LTE bands were tested: Band 12, Band 4 (the most common band in North America), and Band 7. In all three tests, both the iPhone 7 Plus models offered similar performance in ideal conditions, but as power levels decreased, Cellular Insights saw "unexplainable sharp dips in performance" in the Intel modem, finding a gap "north of 30%" in favor of the Qualcomm iPhone 7 Plus. In the charts, the Qualcomm modem maintains noticeably higher throughput speeds than the Intel modem as signal strength decreases. According to Cellular Insights, in every single test, the iPhone 7 Plus with a Qualcomm modem "had a significant performance edge" over the iPhone 7 Plus with an Intel modem.
Operating Systems

Researchers Bypass ASLR Protection On Intel Haswell CPUs ( 71

An anonymous reader writes: "A team of scientists from two U.S. universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures, including Intel Haswell CPUs, the processor they used for tests in their research," reports Softpedia. The researchers discovered that by blasting the BTB with random data, they could run a successful collision attack that reveals the memory locations where apps execute code in the computer's memory -- the very thing that ASLR protection was meant to hide. While during their tests they used a Linux PC with a Intel Haswell CPU, researchers said the attack can be ported to other CPU architectures and operating systems where ASLR is deployed, such as Android, iOS, macOS, and Windows. From start to finish, the collision attack only takes 60 milliseconds, meaning it can be embedded with malware or any other digital forensics tool and run without needing hours of intense CPU processing. You can read the research paper, titled "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR," here.
Desktops (Apple)

Apple Announces a Mac Event On October 27, Says 'Hello Again' 82

Apple announced on Wednesday that it will be holding an event on October 27. The tagline of the invite is, "hello again." This suggests that the rumors are true and that the company will indeed announce a fleet of new Mac products. The original Mac was introduced with the word "hello" in 1984. People have waited for years now for Apple to refresh its Macbooks -- some of the products in Mac line haven't received an update in 1000 days. Many expert even said earlier that Apple should stop selling the old MacBooks. The new MacBooks are expected to ship with Intel Skylake processor and a contextual keyboard. Not long ago, the company was also exploring the idea of a MacBook without a 3.5mm audio jack.

'Cultlike' Devotion: Apple Once Refused To Join Open Compute Project, So Their Entire Networking Team Quit ( 234

mattydread23 writes: Great story about the Open Compute Project from Business Insider's Julie Bort here, including this fun tidbit: "'OCP has a cultlike following,' one person with knowledge of the situation told Business Insider. 'The whole industry, internet companies, vendors, and enterprises are monitoring OCP.' OCP aims to do for computer hardware what the Linux operating system did for software: make it 'open source' so anyone can take the designs for free and modify them, with contract manufacturers standing by to build them. In its six years, OCP has grown into a global entity, with board members from Facebook, Goldman Sachs, Intel, and Microsoft. In fact, there's a well-known story among OCP insiders that demonstrates this cultlike phenom. It involves Apple's networking team. This team was responsible for building a network at Apple that was so reliable, it never goes down. Not rarely -- never. Building a 100% reliable network to meet Apple's exacting standards was no easy task. So, instead of going it alone under Apple's secrecy, the Apple networking team wanted to participate in the revolution, contributing and receiving help. But when the Apple team asked to join OCP, Apple said 'no.' 'The whole team quit the same week,' this person told us."

Top Democrats Request FBI Investigation of Trump Campaign Ties To Russia Over Hacking ( 491

As the Trump campaign refuses to point blame at Russia for the DNC hacks, top democrats on four House committees are questioning possible connections between Donald Trump's presidential campaign and Russia. They have formally asked the FBI to investigate the matter, citing new comments from a Trump confidant. Politico reports: "Troubling new evidence appears to show that the Trump campaign not only was aware of cyber attacks against Secretary [Hillary] Clinton's campaign chairman, but was openly bragging about it as far back as August," said Reps. Elijah Cummings from Government Affairs, John Conyers from Judiciary, Eliot Engel from Foreign Affairs and Bennie Thompson from Homeland Security. "For months, we have been asking the FBI to examine links between the Trump campaign and illegal Russian efforts to affect our election, including interviewing Trump advisor Roger Stone," they said. "In light of this new evidence -- and these exceptional circumstances -- we call on the FBI to fully investigate and explain to the American people what steps it is taking to disrupt this ongoing criminal activity." Earlier this week Stone said that "I do have a back-channel communication with Assange," referring to WikiLeaks founder Julian Assange, whose organization has been dropping documents online from Hillary Clinton campaign chairman John Podesta, and has been unloading documents from other Democrats as well. U.S. intelligence agencies last week declared that a connection exists between Russia and allegedly hacked documents leaked by WikiLeaks and others.
The Almighty Buck

2016 Has Been an Ugly Year For Tech Layoffs, and It's Going To Get Worse, Says Analyst ( 272

IEEE Spectrum writer Tekla Perry writes: Early this year, analyst Trip Chowdhry from Global Equities Research predicted that the tech world was going to see big layoffs in 2016 -- some 330,000 in all at major tech companies. At the time, these numbers seemed way over the top. Then IBM started slashing jobs in March -- and continued to wield the ax over and over as the year progressed. Yahoo began layoffs of some 15 percent of its employees in February. Intel announced in April that it would lay off 12,000 this year. So, was Chowdhry right? "Yes," he told me when I asked him this week. "The layoffs I predicted have been occurring." And worse, he says, these laid-off workers are never again going to find tech jobs: "They will always remain unemployed," at least in tech, he said. "Their skills will be obsolete." Some of these layoffs are due to a sea change in the industry, as it transforms to the world of mobile and cloud. But some are signs of a bubble about to pop. It's all going to get worse in 2017, he predicts, because that's when the tech bubble will burst. Chowdhry, someone who has never been reluctant to go out on a limb, is predicting that'll happen in March.

Senator Wants Nationwide, All-Mail Voting To Counter Election Hacks ( 454

An anonymous reader quotes a report from Ars Technica: In the wake of the Obama administration's announcement that the Russian government directed hacks on the Democratic National Committee and other institutions to influence U.S. elections, a senator from Oregon says the nation should conduct its elections like his home state does: all-mail voting. In an e-mail, Sen. Ron Wyden, a Democrat, told Ars: "We should not underestimate how dangerous... attacks on election systems could be. If a foreign state were to eliminate registration records for a particular group of Americans immediately before an election, they could very likely disenfranchise those Americans and swing the results of an election. Recent efforts by some states to make it more difficult to vote only serves to increase the danger of such attacks. This is why I have proposed taking Oregon's unique vote-by-mail system nationwide to protect our democratic process against foreign and domestic attacks." The only states to hold all elections entirely by mail are Oregon, Washington, and Colorado, according to the National Conference of State Legislatures. More than a dozen others have various provisions for mail voting. The National Conference of State Legislatures has a breakdown here on how Americans cast their votes across the union. Wyden co-sponsored the Vote By Mail Act in July, and he did so for reasons at the time that were unconnected to cybersecurity. Instead, the measure was originally proposed to help minorities and others cast ballots. The plan requires the U.S. Postal Service to deliver ballots to all registered voters. Voters could also register to vote when applying for driver's licenses, too. The measure fell on deaf ears this year and didn't even get a committee vote. A Wyden spokesperson said the proposal will have a "better chance" next year if Democrats win a majority of Senate seats.

White House Vows 'Proportional' Response For Russian DNC Hack ( 396

After the Director of National Intelligence and Department of Homeland Security publicly blamed Russia for stealing and publishing archived emails from the Democratic National Committee on Friday, White House Press Secretary Josh Earnest said today that President Obama will consider a "proportional" response. ABC News reports: "We obviously will ensure that a U.S. response is proportional. It is unlikely that our response would be announced in advanced. It's certainly possible that the president could choose response options that we never announce," Earnest told reporters aboard Air Force One. "The president has talked before about the significant capabilities that the U.S. government has to both defend our systems in the United States but also carry out offensive operations in other countries," he added. "There are a range of responses that are available to the president and he will consider a response that's proportional." The Wall Street Journal report mentions several different ways to response to Russia. The U.S. could impose economic sanctions against Moscow, punish Russia diplomatically, opt to allow the Justice Department to simply prosecute the hacks as a criminal case, and/or launch a U.S. cyberattack targeting Russia's election process. Of course, each response has its pros and cons. "They could escalate into a more adversarial conflict between both countries," writes Carol E. Lee for the Wall Street Journal. "But the absence of a response could signal that such behavior will be tolerated in the future."

UK Is Banning Apple Watch From Cabinet Meetings Over Russian Hacking Fears ( 106

Mickeycaskill quotes a report from TechWeekEurope UK: Ministers have been forbidden to wear the Apple Watch during cabinet meetings due to the risk they could be hacked by Russian agents, according to a report. Prime minister Theresa May imposed the new rules following several high-profile hacks that have been blamed on Russia. Several cabinet ministers previously wore the Apple Watch, including former Justice Secretary Michael Gove. Mobile phones have already been banned due to similar concerns. Politically motivated hackers have caused disruption in several recent incidents, including the hack of the Democratic National Committee, which resulted in the release of a large cache of internal emails. One of the paper's sources said: "The Russians are trying to hack everything."

Why Linus Torvalds Prefers x86 Over ARM ( 150

Linus Torvalds answered a question about his favorite chip architecture at the Linaro Connect conference. An anonymous Slashdot reader quotes PCWorld: People are too fixated with the instruction set and the CPU core, Torvalds said. But ultimately "what matters is all the infrastructure around the instruction set, and x86 has all that infrastructure... at a lot of different levels. It's open in a way that no other architecture is... Being compatible just wasn't as big of a deal for the ARM ecosystem as it has been traditionally for the x86 ecosystem... I've been personally pretty disappointed with ARM as a hardware platform, not as an instruction set, though I've had my issues there, too. As a hardware platform, it is still not very pleasant to deal with."
You can watch the whole half-hour conversation on YouTube. My favorite part is where Linus candidly acknowledges that "sometimes my grumpiness makes more news than my being nice... 99% of the time I'm a very happy manager, and I mentally pat people on the head all the time. That maybe then highlights the times when things don't work so well a bit more."
Open Source

After 22 Years, 386BSD Gets An Update ( 83

386BSD was last released back in 1994 with a series of articles in Dr. Dobb's Journal -- but then developers for this BSD-based operating system started migrating to both FreeBSD and NetBSD. An anonymous Slashdot reader writes: The last known public release was version 0.1. Until Wednesday, when Lynne Jolitz, one of the co-authors of 386BSD, released the source code to version 1.0 as well as 2.0 on Github.

386BSD takes us back to the days when you could count every file in your Unix distribution and more importantly, read and understand all of your OS source code. 386BSD is also the missing link between BSD and Linux. One can find fragments of Linus Torvalds's math emulation code in the source code of 386BSD. To quote Linus: "If 386BSD had been available when I started on Linux, Linux would probably never had happened."

Though it was designed for Intel 80386 microprocessors, there's already instructions for launching it on the hosted hardware virtualization service Qemu.

US Intel Officially Blames the Russian Government For Hacking DNC ( 287

It's official, the Director of National Intelligence and Department of Homeland Security has blamed Russia for stealing and publishing archived emails from the Democratic National Committee in July. Wikileaks released over 19,000 emails and more than 8,000 attachments from the DNC in what was "part one of [their] new Hillary Leaks series." The Verge reports: "The recent disclosures of alleged hacked e-mails on sites like and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts," the statement reads. "We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities." The release also mentions recent reports of attempted intrusions into voting systems in 20 different states, but says there is not yet enough evidence to attribute those attacks to the Russian government. Despite the acknowledged threat, the DNI says digital attacks are unlikely to directly alter election results. "It would be extremely difficult for someone, including a nation-state actor, to alter actual ballot counts or election results by cyber attack or intrusion," the statement reads. "This assessment is based on the decentralized nature of our election system in this country and the number of protections state and local election officials have in place." "Nevertheless," it continues, "DHS continues to urge state and local election officials to be vigilant."

USB-IF Publishes Audio Over USB Type-C Specifications ( 135

An anonymous reader quotes a report from AnandTech: The USB Implementers Forum this week published the USB Audio Device Class 3.0 (direct download) specification, which standardizes audio over USB Type-C interface. The new spec enables hardware makers to eliminate traditional 3.5mm mini-jacks from their devices and use USB-C ports to connect headsets and other audio equipment. Makers of peripherals can also build their audio solutions, which use USB-C instead of traditional analog connectors. Developers of the standard hope that elimination of mini-jacks will help to make devices slimmer, smarter and less power hungry. As reported, the USB Audio Device Class 3.0 specification supports both analog and digital audio. Analog audio is easy to implement and it does not impact data transfers and other functionality of USB-C cables since it uses the two secondary bus (SBU) pins. The USB ADC 3.0 defines minimum interoperability across analog and digital devices in order to avoid confusion of end-users because of incompatibility. In fact, all ADC 3.0-compliant hosts should support the so-called headset adapter devices, which allow to connect analog headsets to USB-C. However, digital audio is one of the primary reasons why companies like Intel wanted to develop the USB-C audio tech on the first place, hence, expect them to promote it. According to the USB ADC 3.0 standard, digital USB-C headphones will feature special multi-function processing units (MPUs), which will, to a large degree, define the feature set and quality of headsets. The MPUs will handle host and sink synchronization (this is a key challenge for digital USB audio), digital-to-analog conversion, low-latency active noise cancellation, acoustic echo canceling, equalization, microphone automatic gain control, volume control and others. Such chips will also contain programmable amplifiers and pre-amplifiers, which are currently located inside devices. Besides, USB ADC 3.0-compatible MPUs will also support USB Audio Type-III and Type-IV formats (the latest compressed formats), but will retain compatibility with formats supported by ADC 1.0 and 2.0. Finally, among the mandated things set to be supported by USB-C Audio devices are new Power Domains (allows devices to put certain domains in sleep mode when not in use) as well as BADD (basic audio device definition) 3.0 features for saving power and simplified discovery and management of various audio equipment (each type of devices has its own BADD profile).

Facebook, Amazon, Google, IBM, and Microsoft Come Together To Create Historic Partnership On AI ( 87

An anonymous reader quotes a report from TechCrunch: In an act of self-governance, Facebook, Amazon, Alphabet, IBM, and Microsoft came together today to announce the launch the new Partnership on AI. The group is tasked with conducting research and promoting best practices. Practically, this means that the group of tech companies will come together frequently to discuss advancements in artificial intelligence. The group also opens up a formal structure for communication across company lines. It's important to remember that on a day to day basis, these teams are in constant competition with each other to develop the best products and services powered by machine intelligence. Financial support will be coming from the initial tech companies who are members of the group, but in the future membership and involvement is expected to increase. User activists, non-profits, ethicists, and other stakeholders will be joining the discussion in the coming weeks. The organizational structure has been designed to allow non-corporate groups to have equal leadership side-by-side with large tech companies. As of today's launch, companies like Apple, Twitter, Intel and Baidu are missing from the group. Though Apple is said to be enthusiastic about the project, their absence is still notable because the company has fallen behind in artificial intelligence when compared to its rivals -- many of whom are part of this new group. The new organization really seems to be about promoting change by example. Rather than preach to the tech world, it wants to use a standard open license to publish research on topics including ethics, inclusivity, and privacy.

Google Is Planning a 'Pixel 3' Laptop Running 'Andromeda' OS For Release in Q3 2017 ( 56

Google plans to launch a laptop next year with Pixel branding which will run 'Andromeda' operating system, reports AndroidPolice, citing sources. Andromeda is a hybrid of Android and Chrome OS, the report adds. Pixel, Chrome OS and Android teams have been working on this project, dubbed Bison, for years, apparently. From the report: Bison is planned as an ultra-thin laptop with a 12.3" display, but Google also wants it to support a "tablet" mode. It's unclear to us if this means Bison will be a Lenovo Yoga-style convertible device, or a detachable like Microsoft's Surface Book, but I'm personally leaning on the former given how thin it is. Powering it will be either an Intel m3 or i5 Core processor with 32 or 128GB of storage and 8 or 16GB of RAM. This seems to suggest there will be two models. It will also feature a fingerprint scanner, two USB-C ports, a 3.5mm jack (!), a host of sensors, stylus support (a Wacom pen will be sold separately), stereo speakers, quad microphones, and a battery that will last around 10 hours. The keyboard will be backlit, and the glass trackpad will use haptic and force detection similar to the MacBook. Google plans to fit all of this in a form factor under 10mm in thickness, notably thinner than the aforementioned Apple ultraportable.The report, however, adds that it is likely that Google might revise the specifications by the time of its launch, which is slated to happen sometime in Q3 2017.

Senators Accuse Russia Of Disrupting US Election ( 199

An anonymous Slashdot reader quotes The Washington Post: Two senior Democratic lawmakers with access to classified intelligence on Thursday accused Russia of "making a serious and concerted effort to influence the U.S. election," a charge that appeared aimed at putting pressure on the Obama administration to confront Moscow... "At the least, this effort is intended to sow doubt about the security of our election and may well be intended to influence the outcomes," the statement said. "We believe that orders for the Russian intelligence agencies to conduct such actions could come only from very senior levels of the Russian government..."

White House officials have repeatedly insisted that they are awaiting the outcome of a formal FBI investigation, even though U.S. intelligence are said to have concluded with "high confidence" that Russia was responsible for the DNC breach and other attacks. The White House hesitation has become a source of frustration to critics, including senior members of Congress.

Meanwhile, U.S. intelligence officials are reportedly investigating whether Donald Trump's foreign policy adviser "opened up private communications with senior Russian officials -- including talks about the possible lifting of economic sanctions if the Republican nominee becomes president."

The Verge's Deputy Editor Chris Ziegler Was Secretly Working For Apple For Two Months ( 80

An anonymous reader quotes a report from Gizmodo: Late this afternoon, Nilay Patel, the editor-in-chief of The Verge, published a post detailing the circumstances around the departure of Chris Ziegler, a founding member of the site. As it turns out, according to Patel, Ziegler had been pulling double duty as an employee of both The Verge and Apple. "The circumstances of Chris' departure from The Verge raised ethical issues which are worth disclosing in the interests of transparency and respect for our audience," Patel wrote. "We're confident that there wasn't any material impact on our journalism from these issues, but they are still serious enough to merit disclosure." According to Patel, Ziegler, whose most recent post was published in July, began working for Apple in July but didn't disclose his new job; The Verge apparently didn't discover he'd been working there until early September. Patel noted that Ziegler continued to work for The Verge in July, but "was not in contact with us through most of August and into September." What's not clear is how The Verge leadership went six weeks without hearing from their deputy editor or taking serious action (like filing a missing person's report) to try to find him. Patel says they "made every effort to contact him and to offer him help if needed." Patel noted the obvious conflict of interest, and added that Ziegler was fired the same day they verified his employment at Apple. "Chris did not attempt to steer any coverage towards or away from Apple, and any particular decisions he helped make had the same outcomes they would have had absent his involvement," Patel wrote. However, it's still unclear how exactly the team at Vox Media, The Verge's parent company, ascertained there was no editorial consequences from the dual-employment. You can read Patel's full statement here. Vox Media's Fay Sliger followed up with a statement to Gizmodo: "Chris is no longer an employee of The Verge or Vox Media. Chris accepted a position with Apple, stopped communicating with The Verge's leadership, and his employment at The Verge was terminated. Vox Media's editorial director Lockhart Steele conducted an internal review of this conflict of interest, and after a thorough investigation, it was determined that there was no impact on editorial decisions or journalism produced at The Verge or elsewhere in Vox Media. We've shared details about this situation with The Verge's audience and will continue to be transparent should any new information come to light."

SolidRun x86 Braswell MicroSoM Runs Linux and Full Windows 10, Destroys Raspberry Pi ( 205

BetaNews has a report today about a company called SolidRun, which has announced an Intel Braswell-based MicroSoM. Unlike the ARM-powered Raspberry Pi, this is x86 compatible, meaning it can run full Windows 10. Plus, if you install a Linux distro, there will be far more packages available, such as Google Chrome, which is not available for Pi. Heck, it can probably serve as a secondary desktop, Brian with the site writes. From the report: At 53mm by 40mm, these new MicroSoMs provide unheard of design flexibility while also eliminating the headache of having to design complicated power-delivery subsystems thanks to its single power input rail design. SolidRun's Braswell MicroSoM also offers flexibility in RAM options, ranging from 1GB to 8GB configurations, and offers on-board support of eMMC storage up to 128GB. Its robust design and unsurpassed HD Edge surveillance, event detection, and statistical data-extraction capabilities makes it the platform of choice for mission-critical applications requiring guaranteed reliability," says Solidrun.It starts at $117, the website has more details on specifications.

Slashdot Top Deals