DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Operating Systems

NSA's DoublePulsar Kernel Exploit a 'Bloodbath' (threatpost.com) 37

msm1267 quotes a report from Threatpost: A little more than two weeks after the latest ShadowBrokers leak of NSA hacking tools, experts are certain that the DoublePulsar post-exploitation Windows kernel attack will have similar staying power to the Conficker bug, and that pen-testers will be finding servers exposed to the flaws patched in MS17-010 for years to come. MS17-010 was released in March and it closes a number of holes in Windows SMB Server exploited by the NSA. Exploits such as EternalBlue, EternalChampion, EternalSynergy and EternalRomance that are part of the Fuzzbunch exploit platform all drop DoublePulsar onto compromised hosts. DoublePulsar is a sophisticated memory-based kernel payload that hooks onto x86 and 64-bit systems and allows an attacker to execute any raw shellcode payload they wish. "This is a full ring0 payload that gives you full control over the system and you can do what you want to it," said Sean Dillon, senior security analyst at RiskSense. Dillon was the first to reverse-engineer a DoublePulsar payload, and published his analysis last Friday. "This is going to be on networks for years to come. The last major vulnerability of this class was MS08-067, and it's still found in a lot of places," Dillon said. "I find it everywhere. This is the most critical Windows patch since that vulnerability." Dan Tentler, founder and CEO of Phobos Group, said internet-net wide scans he's running have found about 3.1 percent of vulnerable machines are already infected (between 62,000 and 65,000 so far), and that percentage is likely to go up as scans continue. "This is easily describable as a bloodbath," Tentler said.
The Internet

Verizon's $70 Gigabit Internet Is Half the Price of Older 750Mbps Tier (arstechnica.com) 48

An anonymous reader quotes a report from Ars Technica: Verizon is now selling what it calls "FiOS Gigabit Connection" for $69.99 a month in a change that boosts top broadband speeds and makes lower prices available to many Internet subscribers. Actual bandwidth will be a bit lower than a gigabit per second, with "downloads as fast as 940Mbps and uploads as fast as 880Mbps," Verizon's announcement today said. The gigabit service is available in most of Verizon's FiOS territory, specifically to "over 8 million homes in parts of the New York, New Jersey, Philadelphia, Richmond, Va., Hampton Roads, Va., Boston, Providence and Washington, D.C. areas," Verizon said. Just three months ago, Verizon boosted its top speeds from 500Mbps to 750Mbps. The standalone 750Mbps Internet service cost $150 a month, more than twice the price of the new gigabit tier. Existing customers who bought that 750Mbps plan "will automatically receive FiOS Gigabit Connection and will see their bills lowered," Verizon said. It's not clear whether they will get their price lowered all the way to $70. It's important to note that the $70 price is only available to new customers, and it's a promotional rate that will "increase after promo period." Additionally, Verizon will charge you a $10 per month router charge unless you pay $150 for the Verizon router, plus other taxes and fees.
The Internet

The Linux Foundation Launches IoT-focused Open Source EdgeX Foundry (betanews.com) 26

Reader BrianFagioli writes: Today, The Linux Foundation launches the open source EdgeX Foundry -- an attempt to unify and simplify the Internet of Things. The Linux Foundation says, "EdgeX Foundry is unifying the marketplace around a common open framework and building an ecosystem of companies offering interoperable plug-and-play components. Designed to run on any hardware or operating system and with any combination of application environments, EdgeX can quickly and easily deliver interoperability between connected devices, applications, and services, across a wide range of use cases. Interoperability between community-developed software will be maintained through a certification program."
Social Networks

Some of the Biggest Economies Aren't a Big User Of Social Media (axios.com) 61

From a report: Only 37 percent of Germans use social media, according to a new Pew survey, a surprising figure given the fact that Germany is the world's fourth-largest economy by GDP, according to the World Economic Forum. Similar patterns follow for Japan, France and Italy, ranked 3rd, 6th and 8th in largest economy by GDP.
AI

Billionaire Jack Ma Says CEOs Could Be Robots in 30 Years, Warns of Decades of 'Pain' From AI (cnbc.com) 226

Self-made billionaire, Alibaba chairman Jack Ma warned on Monday that society could see decades of pain thanks to disruption caused by the internet and new technologies to different areas of the economy. From a report: In a speech at a China Entrepreneur Club event, the billionaire urged governments to bring in education reform and outlined how humans need to work with machines. "In the coming 30 years, the world's pain will be much more than happiness, because there are many more problems that we have come across," Ma said in Chinese, speaking about potential job disruptions caused by technology. [...] Ma also spoke about the rise of robots and artificial intelligence (AI) and said that this technology will be needed to process the large amount of data being generated today, something that a human brain can't do. But machines shouldn't replace what humans can do, Ma said, but instead the technology community needs to look at making machines do what humans cannot. This would make the machine a "human partner" rather than an opponent.
GNU is Not Unix

Richard Stallman Interviewed By Bryan Lunduke (youtube.com) 150

Many Slashdot readers know Bryan Lunduke as the creator of the humorous "Linux Sucks" presentations at the annual Southern California Linux Exposition. He's now also a member of the OpenSUSE project board and an all-around open source guy. (In September, he released every one of his books, videos and comics under a Creative Commons license, while his Patreon page offers a tip jar and premiums for monthly patrons). But now he's also got a new "daily computing/nerd show" on YouTube, and last week -- using nothing but free software -- he interviewed the 64-year-old founder of the Free Software Foundation, Richard Stallman. "We talk about everything from the W3C's stance on DRM to opinions on the movie Galaxy Quest," Lunduke explains in the show's notes.

Click through to read some of the highlights.
Social Networks

Is Social Media Making Us Hate Each Other? (bostonglobe.com) 273

Nicholas Carr's book The Shallows: What the Internet Is Doing to Our Brains was a finalist for the 2011 Pulitzer Prize. Now an anonymous Slashdot reader reports on Carr's newest warning: It seems obvious: The more we learn about other people, the more we'll come to like them. The assumption underpins our deep-seated belief that communication networks, from the telephone system to Facebook, will help create social harmony. But what if the opposite is true? In a Boston Globe article, Nicholas Carr presents evidence showing that as we get more information about other people, we tend to like them less, not more. Through a phenomenon called "dissimilarity cascades," we place greater stress on personal and cultural differences than on similarities, and the bias strengthens as information accumulates. "Proximity makes differences stand out," he writes. The phenomenon intensifies online, where people are rewarded for sharing endless information about themselves. What the research indicates, warns Carr, is that the spread of social media is more likely to create social strife than social harmony.
The article concludes by opposing the idea that "If we get the engineering right, our better angels will triumph. It's a pleasant thought, but it's a fantasy... Technology is an amplifier. It magnifies our best traits, and it magnifies our worst. What it doesn't do is make us better people. That's a job we can't offload on machines."
The Internet

America's Most-Hated ISP Is Now Hated By Fewer People (oregonlive.com) 95

"Comcast's customer service may actually be improving," writes an Oregon newspaper. An anonymous reader quotes their report: In the second year of Comcast's broad customer service overhaul, complaints to Oregon cable regulators are down 25%. They've also declined 40% since 2014. Complaints are falling nationally, too, according to the highly regarded American Customer Satisfaction Index. Its most recent report showed a surge in Comcast subscriber satisfaction... Two years ago, Comcast made Oregon the test bed for its customer service push, responding both to disparaging headlines and the prospect of growing competition from other telecom companies and from streaming video services.

The company is adding Apple-style retail stores around the metro area and introduced innovations to help consumers understand what they're paying for and when technicians will arrive for service calls. It's rolling out new tools nationally to help them improve their home Wi-Fi, and diagnosing problems before customers call to complain... For example, if several subscribers in the same neighborhood use the company's tool for testing internet speeds, that triggers an alert at Comcast to look for a problem in the local network. The company redesigned its bills to make it clearer what customers subscribe to, and what it costs, in hopes of reducing confusion and calls. And Comcast has a robust social media presence, fielding complaints on Twitter.

The article points out that Comcast's satisfaction scores are still below-average for cable TV providers, "and well below the median among internet service providers. And that's a low bar -- the telecom sector is among the most complained about under ACSI's rankings." Their figures show that the only ISPs in America with a lower score for customer satisfaction are Cox Communications, Time Warner Cable, and MediaCom.
Education

Slashdot Asks: What Was Your First Programming Language? (stanforddaily.com) 613

This question was inspired by news that Stanford's computer science professor Eric Roberts will try JavaScript instead of Java in a new version of the college's introductory computer programming course. The Stanford Daily reports: When Roberts came to Stanford in 1990, CS106A was still taught in Pascal, a programming language he described as not "clean." The department adopted the C language in 1992. When Java came out in 1995, the computer science faculty was excited to transition to the new language. Roberts wrote the textbooks, worked with other faculty members to restructure the course and assignments and introduced Java at Stanford in 2002... "Java had stabilized," Roberts said. "It was clear that many universities were going in that direction. It's 2017 now, and Java is showing its age." According to Roberts, Java was intended early on as "the language of the Internet". But now, more than a decade after the transition to Java, Javascript has taken its place as a web language.
In 2014 Python and Java were the two most commonly-taught languages at America's top universities, according to an analysis published by the Communications of the ACM. And Java still remains the most-commonly taught language in a university setting, according to a poll by the Special Interest Group on Computer Science Education. In a spreadsheet compiling the results, "Python appears 60 times, C++ 54 times, Java 84 times, and JavaScript 28 times," writes a computing professor at the Georgia Institute of Technology, adding "if Java is dying (or "showing its age"...) it's going out as the reigning champ."

I'm guessing Slashdot's readers have their own opinions about this, so share your educational experiences in the comments. What was your first programming language?
The Internet

Should Archive.org Ignore Robots.txt Directives And Cache Everything? (archive.org) 170

Archive.org argues robots.txt files are geared toward search engines, and now plans instead to represent the web "as it really was, and is, from a user's perspective." We have also seen an upsurge of the use of robots.txt files to remove entire domains from search engines when they transition from a live web site into a parked domain, which has historically also removed the entire domain from view in the Wayback Machine... We receive inquiries and complaints on these "disappeared" sites almost daily."
In response, Slashdot reader Lauren Weinstein writes: We can stipulate at the outset that the venerable Internet Archive and its associated systems like Wayback Machine have done a lot of good for many years -- for example by providing chronological archives of websites who have chosen to participate in their efforts. But now, it appears that the Internet Archive has joined the dark side of the Internet, by announcing that they will no longer honor the access control requests of any websites.
He's wondering what will happen when "a flood of other players decide that they must emulate the Internet Archive's dismal reasoning to remain competitive," adding that if sys-admins start blocking spiders with web server configuration directives, other unrelated sites could become "collateral damage."

But BoingBoing is calling it "an excellent decision... a splendid reminder that nothing published on the web is ever meaningfully private, and will always go on your permanent record." So what do Slashdot's readers think? Should Archive.org ignore robots.txt directives and cache everything?
America Online

Verizon.net 'Gets Out Of The Email Business' (networkworld.com) 71

"We have decided to close down our email business," Verizon has announced -- in a move which affects 4.5 million accounts. Slashdot reader tomservo84 writes: Strangely enough, I didn't find out about this from Verizon, itself, but SiriusXM, who sent me an email saying that since I have a Verizon.net email address on file, I'd have to update it because they were getting rid of their email service. I thought it was a bad phishing attempt at first...
Network World reports that customers are being notified "on a rolling basis... Once customers are notified, they are presented with a personal take-action date that is 30 days from the original notification." But even after that date, verizon.net email addresses can be revived using AOL Mail. "Over the years we've realized that there are more capable email platforms out there," Verizon concedes.

"Migration is going well," a Verizon spokesperson told Network World. "I don't have any stats to share, but customers seem to appreciate that they have several choices, including an option that keeps their Verizon.net email address intact."
Programming

Stack Overflow Reveals Which Programming Languages Are Most Used At Night (stackoverflow.blog) 95

Stack Overflow data scientist David Robinson recently calculated when people visit the popular programming question-and-answer site, but then also calculated whether those results differed by programming language. Quoting his results:
  • "C# programmers start and stop their day earlier, and tend to use the language less in the evenings. This might be because C# is often used at finance and enterprise software companies, which often start earlier and have rigid schedules."
  • "C programmers start the day a bit later, keep using the language in the evening, and stay up the longest. This suggests C may be particularly popular among hobbyist programmers who code during their free time (or perhaps among summer school students doing homework)."
  • "Python and Javascript are somewhere in between: Python and Javascript developers start and end the day a little later than C# users, and are a little less likely than C programmers to work in the evening."

The site also released an interactive app which lets users see how the results for other languages compared to C#, JavaScript, Python, and C, though of those four, "C# would count as the 'most nine-to-five,' and C as the least."

And they've also calculated the technologies used most between 9 to 5 (which "include many Microsoft technologies, such as SQL Server, Excel, VBA, and Internet Explorer, as well as technologies like SVN and Oracle that are frequently used at enterprise software companies.") Meanwhile, the technologies most often used outside the 9-5 workday "include web frameworks like Firebase, Meteor, and Express, as well as graphics libraries like OpenGL and Unity. The functional language Haskell is the tag most visited outside of the workday; only half of its visits happen between 9 and 5."


Botnet

Developer of BrickerBot Malware Claims He Destroyed Over Two Million Devices (bleepingcomputer.com) 88

An anonymous reader writes: In an interview today, the author of BrickerBot, a malware that bricks IoT and networking devices, claimed he destroyed over 2 million devices, but he never intended to do so in the first place. His intentions were to fight the rising number of IoT botnets that were used to launch DDoS attacks last year, such as Gafgyt and Mirai. He says he created BrickerBot with 84 routines that try to secure devices so they can't be taken over by Mirai and other malware. Nevertheless, he realized that some devices are so badly designed that he could never protect them. He says that for these, he created a "Plan B," which meant deleting the device's storage, effectively bricking the device. His identity was revealed after a reporter received an anonymous tip about a HackForum users claiming he was destroying IoT devices since last November, just after BrickerBot appeared. When contacted, BrickerBot's author revealed that the malware is a personal project which he calls "Internet Chemotherapy" and he's "the doctor" who will kill all the cancerous unsecured IoT devices.
The Internet

Apple Hires Top Google Satellite Executives For New Hardware Team (theverge.com) 12

An anonymous reader quotes a report from The Verge: The iPhone maker has recruited a pair of top Google satellite executives for a new hardware team, according to people familiar with the matter. John Fenwick, who led Google's spacecraft operations, and Michael Trela, head of satellite engineering, left Alphabet Inc.'s Google for Apple in recent weeks, the people said. They report to Greg Duffy, co-founder of camera maker Dropcam, who joined Apple earlier this year, the people said. With the recruits, Apple is bringing into its ranks two experts in the demanding, expensive field of satellite design and operation. At the moment, these endeavors typically fall into two fields: satellites for collecting images and those for communications. In a regulatory filing last year, Boeing Co. detailed a plan to provide broadband access through more than 1,000 satellites in low-earth orbit. The aerospace company has talked with Apple about the technology company being an investor-partner in the project, a person familiar with the situation said. It's unclear if those talks will result in a deal. At the annual Satellite 2017 conference in Washington D.C. last month, industry insiders said Boeing's project was being funded by Apple, Tim Farrar, a satellite and telecom consultant at TMF Associates Inc., wrote in a recent blog. A Boeing spokesman declined to comment.
Software

Ask Slashdot: How Do You Explain 'Don't Improve My Software Syndrome' Or DIMSS? 380

dryriver writes: I am someone who likes to post improvement suggestions for different software tools I use on the internet. If I see a function in a software that doesn't work well for me or could work better for everyone else, I immediately post suggestions as to how that function could be improved and made to work better for everybody. A striking phenomenon I have come across in posting such suggestions is the sheer number of "why would you want that at all" or "nobody needs that" or "the software is fine as it is" type responses from software users. What is particularly puzzling is that its not the developers of the software rejecting the suggestions -- its users of the software that often react sourly to improvement suggestions that could, if implemented well, benefit a lot of people using the software in question. I have observed this happening online for years even for really good software feature/function improvement ideas that actually wound up being implemented. My question is -- what causes this behavior of software users on the internet? Why would a software user see a suggestion that would very likely benefit many other users of the software and object loudly to that suggestion, or even pretend that "the suggestion is a bad one?"
Crime

DOJ: Russian 'Superhacker' Gets 27 Years In Prison (thedailybeast.com) 50

According to the Justice Department, a 32-year-old Russian "superhacker" has been sentenced to 27 years in prison for stealing and selling millions of credit-card numbers, causing more than $169 million worth of damages to business and financial institutions. The Daily Beast reports: Roman Valeryevich Seleznev, 32, aka Track2, son of a prominent Russian lawmaker, was convicted last year on 38 counts of computer intrusion and credit-card fraud. "This investigation, conviction and sentence demonstrates that the United States will bring the full force of the American justice system upon cybercriminals like Seleznev who victimize U.S. citizens and companies from afar," said Acting Assistant Attorney General Kenneth Blanco said in a statement. "And we will not tolerate the existence of safe havens for these crimes -- we will identify cybercriminals from the dark corners of the Internet and bring them to justice."
Microsoft

LinkedIn Apologizes For Trying To Connect Everyone In Real Life (vocativ.com) 71

LinkedIn has apologized for a vague new update that told some iPhone users its app would begin sharing their data with nearby users without further explanation. From a report: The update prompted outrage on Twitter after cybersecurity expert Rik Ferguson received a strange alert when he opened the resume app to read a new message: "LinkedIn would like to make data available to nearby Bluetooth devices even when you're not using the app." That gave Ferguson, vice president of research at the cybersecurity firm Trend Micro, a handful of concerns, he told Vocativ. Among them: "the lack of specificity, which data, when, under what conditions, to which devices, why does it need to happen when I'm not using the app, what are the benefits to me, where is the feature announcement and explanation, why wasn't it listed in the app update details." Reached for comment, LinkedIn said it's a mistake -- that some iPhone users were accidentally subject to undeveloped test feature the company is still working on.
Red Hat Software

Red Hat Suffers Massive Data Center Network Outage 84

An anonymous reader writes: According to multiple reports on Twitter, the Fedora Infrastructure Status page, and the #fedora-admin Freenode IRC channel, Red Hat is suffering a massive network outage at their primary data center. Details are sketchy at this point, but it looks to be impacting the Red Hat Customer Portal; as well as all their repositories (including Fedora, EPEL, Copr); their public build system, Koji; and a whole host of other popular services. There is no ETA for restoration of services at this point.
Google

In The First Months of Trump Era, Facebook And Apple Spent More On Lobbying Than They Ever Have (buzzfeed.com) 53

An anonymous reader shares a report: According to federal lobbying disclosures filed Thursday, Facebook and Apple set their all-time record high for spending in a single quarter. Facebook spent $3.2 million lobbying the federal government in the first months of the Trump era. During the same period last year, Facebook spent $2.8 million (about 15% less). The company lobbied both chambers of Congress, the White House, and six federal agencies on issues including high-tech worker visas, network neutrality, internet privacy, encryption, and international taxation. Facebook was the 12th-highest spender out of any company and second-highest in tech. [...] Apple spent $1.4 million, which is just $50,000 more than during the final months of the Obama presidency, when it set its previous record, but the most it has ever spent in a single quarter. Apple lobbied on issues including government requests for data, the regulation of mobile health apps, and self-driving cars. Google, once again, outspent every other technology company. It was 10th overall, tallying $3.5 million.
The Internet

Trump's FCC Votes To Allow Broadband Rate Hikes Will Deprive More Public Schools From Getting Internet Access (theoutline.com) 256

The FCC voted on Thursday to approve a controversial plan to deregulate the $45 billion market for business-to-business broadband, also known as Business Data Services (BDS), by eliminating price caps that make internet access more affordable for thousands of small businesses, schools, libraries and hospitals. The Outline adds: The price caps were designed to keep phone and, later, broadband, access cheap for community institutions like schools, hospitals, libraries, and small businesses. Now, there will be no limit. A spokesperson for the trade association Incompas, which advocates for competition among communications providers, told The Outline that the increase is expected to be at least 25 percent across the board. Low-income schools already don't have enough money; according to a report last year in The Atlantic, schools in high-poverty districts, where the property taxes are lower, spend 15.6 percent less per student than schools in low-poverty districts. If internet costs go up by 25 percent, it may make more sense to cut that budget item, or, for schools that still don't have internet, never add it at all. Add it to the list of things that well-funded schools in already-rich neighborhoods get that schools in low-income neighborhoods don't. New textbooks. Gyms. Advanced Placement classes that let students earn college credits. Computers. Internet access.

Slashdot Top Deals