Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Android Device's Pattern Lock Can Be Cracked Within Five Attempts, Researchers Show (phys.org) 18

The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts -- and more complicated patterns are the easiest to crack, security experts reveal. From a research paper: Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 percent of Android device owners. In order to access a device's functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked. New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software. By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy café for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner's fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.
Google

More People Than Ever Are Using DuckDuckGo; Site Says It Observed 14M Searches in One Day This Month (betanews.com) 44

An anonymous reader shares a BetaNews article: A lot of people are more privacy aware than they have been in the past, and are wary of entrusting everything they search for to Google. That's where privacy-focused sites like DuckDuckGo come in. Its growth since it launched 8 years ago has been nothing short of staggering, with the number of searches skyrocketing since 2013, when Edward Snowden first revealed how the US government was spying on its people. The search site says it has to date served up over 10 billion anonymous searches, with 4 billion of those occurring in the last year alone, and the company says it is growing faster than ever. On January 10 2017, the site received in excess of 14 million private searches.
Chrome

Every Upcoming Chromebook Will Run Android Apps (laptopmag.com) 32

Google announced last year that it will be bringing Android apps to Chromebooks. The company has now announced that moving forward all the new Chromebooks will have access to the Google Play Store, the marquee store for Android apps. From a report: The news comes from a single line of text in Google's list of Chromebooks that can support the programs: "All Chromebooks launching in 2017 and after as well as the Chromebooks listed below will work with Android apps in the coming future." We knew this would eventually come, and now isn't terribly surprising timing. There are more Chromebooks with touchscreens than ever, including the Asus Chromebook Flip C302CA and Samsung's upcoming Chromebook Plus and Pro, all of which were announced at CES in Las Vegas.
Businesses

Sprint Purchases 33 Percent Stake in Tidal For $200 Million (billboard.com) 43

Sprint has acquired a 33 percent stake in Jay Z's music streaming service Tidal, the two companies announced today. From a report: A source familiar with the matter tells Billboard that the purchase was for $200 million and that Jay and each of the company's two dozen artist-owners will remain part owners. As part of the deal, Tidal will become available to Sprint's 45 million retail customers, while the companies will partner for exclusives from its artists, according to a press release.
Android

Samsung Answers Burning Note 7 Questions, Vows Better Batteries (cnet.com) 44

From a report on CNET: During a press conference Sunday, Samsung said two separate battery defects caused both the original batch of Galaxy Note 7 phones and the replacement units to overheat. The first battery, it said, suffered from a design flaw. The battery's external casing was too small for the components inside, causing it to short-circuit and ignite. The second battery, which came from another supplier, didn't have the same flaw, Justin Denison, head of product strategy and marketing for Samsung's US arm, said in an interview ahead of the press conference. In the rush to pump out enough batteries for the replacement units, though, the supplier introduced a manufacturing defect that led to the same result, he said. The explanation puts to rest the mystery behind the exploding Note 7, but it kicks off a new challenge for the embattled company: winning back your trust after a disastrous several months that included two recalls and the decision to kill the critically acclaimed phone. The Sunday press conference marked the start of a Samsung campaign to rebuild company credibility, which will include the upcoming launch of the flagship Galaxy S8 phone, as well as another Note later in the year.
Crime

Western Union Pays $586M Fine Over Wire Fraud Charges (reuters.com) 80

The head of the FTC says Western Union "facilitated scammers and rip-offs," while the company "looked the other way." An anonymous reader quotes Reuters: The world's biggest money-transfer company agreed to pay $586 million and admitted to turning a blind eye as criminals used its service for money laundering and fraud, U.S. authorities said on Thursday. Western Union, which has over half a million locations in more than 200 countries, admitted "to aiding and abetting wire fraud" by allowing scammers to process transactions, even when the company realized its agents were helping scammers avoid detection, the U.S. Department of Justice and the Federal Trade Commission said in statements...

Fraudsters offering fake prizes and job opportunities swindled tens of thousands of U.S. consumers, giving Western Union agents a cut in return for processing the payments, authorities said. Between 2004 and 2012, the Colorado-based company knew of fraudulent transactions but failed to take steps that would have resulted in disciplining of 2,000 agents, authorities said... Between 2004 and 2015 Western Union collected 550,928 complaints about fraud, with 80 percent of them coming from the United States where it has some 50,000 locations, the government complaint said. The average consumer complaint was for $1,148, the government said.

Reuters seemed to suggest that nearly one out of every thousand transactions was fraudulent, reporting that Western Union "said consumer fraud accounts for less than one-tenth of 1 percent of consumer-to-consumer transactions."
Programming

Slashdot's Interview With Swift Creator Chris Lattner 50

You asked, he answered! The creator of Apple's Swift programming language (and a self-described "long-time reader/fan of Slashdot") stopped by on his way to a new job at Tesla just to field questions from Slashdot readers. Read on for Chris's answers...
Electronic Frontier Foundation

Three States Propose DMCA-Countering 'Right To Repair' Laws (ifixit.org) 150

Automakers are using the Digital Millennium Copyright Act to shut down tools used by car mechanics -- but three states are trying to stop them. An anonymous reader quotes IFixIt.Org: in 2014, Ford sued Autel for making a tool that diagnoses car trouble and tells you what part fixes it. Autel decrypted a list of Ford car parts, which wound up in their diagnostic tool. Ford claimed that the parts list was protected under copyright (even though data isn't creative work) -- and cracking the encryption violated the DMCA. The case is still making its way through the courts. But this much is clear: Ford didn't like Autel's competing tool, and they don't mind wielding the DMCA to shut the company down...

Thankfully, voters are stepping up to protect American jobs. Just last week, at the behest of constituents, three states -- Nebraska, Minnesota, and New York -- introduced Right to Repair legislation (more states will follow). These 'Fair Repair' laws would require manufacturers to provide service information and sell repair parts to owners and independent repair shops.

Activist groups like the EFF and Repair.org want to "ensure that repair people aren't marked as criminals under the DMCA," according to the site, arguing that we're heading towards a future with many more gadgets to fix. "But we'll have to fix copyright law first."
Transportation

'IT Issue' Grounded All United Airlines Flights In The US (nbcnews.com) 96

For two and a half hours -- no take-offs. An anonymous reader quotes NBC News: All of United Airlines' domestic flights were grounded Sunday night because of a computer outage, the Federal Aviation Administration said as scores of angry travelers sounded off on social media... U.S. officials told NBC News that the Aircraft Communications Addressing and Reporting System, or ACARS, had issues with low bandwidth. No further explanation was immediately available for what United described only as "an IT issue."
An hour ago United tweeted that they'd finally lifted the stop and were "working to get flights on their way." 66 flights were cancelled just at Chicago's O'Hare Airport, the Chicago Department of Aviation told the Associated Press, and though the article doesn't identify the total number of flights affected, "Chicago-based United Airlines and United Express operate more than 4,500 flights a day to 339 airports across five continents."
Businesses

Ask Slashdot: Should Commercial Software Prices Be Pegged To a Country's GDP? 231

Here's a bright idea from dryriver Why don't software makers look at the average income level in a given country -- per capita GDP for example -- and adjust their software prices in these countries accordingly? Most software makers in the U.S. and EU currently insist on charging the full U.S. or EU price in much poorer countries. "Rampant piracy" and "low sales" is often the result in these countries. Why not change this by charging lower software prices in less wealthy countries?
This presupposes the continuing existence of closed-source software businesses -- but is there a way to make that pricing more fair? Leave your best suggestions in the comments. should commercial software prices be pegged to a country's GDP?
Programming

C++ Creator Wants To Solve 35-Year-Old Generic Programming Issues With Concepts (cio.com) 218

C++ creator Bjarne Stroustrup is arguing that we can improve code by grounding generic programming in concepts -- what's required by a template's arguments. An anonymous reader quotes Paul Krill's report on a new paper by Stroustrup: In concepts, Stroustrup sees the solution to the interface specification problem that has long dogged C++, the language he founded more than 35 years ago. "The way we write generic code today is simply too different from the way we write other code," Stroustrup says... Currently an ISO technical specification, concepts provide well-specified interfaces to templates without runtime overhead. Concepts, Stroustrup writes, are intended to complete C++'s support for generic programming as initially envisioned. "The purpose of concepts is to fundamentally simplify and improve design. This leads to fewer bugs and clearer -- often shorter -- code"...

Concepts, Stroustrup believes, will greatly ease engineers' ability to write efficient, reliable C++ code... The most obvious effect will be a massive improvement in the quality of error messages, but the most important long-term effect will be found in the flexibility and clarity of code, Stroustrup says. "In particular, having well-specified interfaces allows for simple, general and zero-overhead overloading of templates. That simplifies much generic code"

Concepts are already available in GNU C Compiler 6.2, and Stroustrup wants them to be included in C++ 20. "In my opinion, concepts should have been part of C++ 17, but the committee couldn't reach consensus on that."
Android

Do Android Users Still Use Custom Roms? (androidauthority.com) 184

"With all of the drama at CyanogenMod, Android Authority takes a look at the current state of custom ROM development," writes Slashdot reader Thelasko. From the article: The future of CyanogenMod appears uncertain, after the open source ROM was forced to fork under the name Lineage OS. Fortunately there are already other remixed versions of Android available, with some of the most popular being Paranoid Android, Resurrection Remix, and Dirty Unicorns... [But] with each new version of Android, the gap between Android and popular custom ROMs has shrunk, which begs an interesting question: Are custom ROMs even necessary anymore? To answer this, let's take a quick look at the state of custom ROM development as it exists today.
The article points out that mobile virtual reality is "on the verge of becoming mainstream and the wearable market has grown tremendously," asking whether custom firmware will also integrate these newer technologies. But the original submission also asks a question that's closer to home. What custom ROMs do Slashdot users have installed?
Databases

Database Attacks Spread To CouchDB, Hadoop, and ElasticSearch Servers (bleepingcomputer.com) 62

An anonymous reader writes: Two weeks after cybercriminal groups started to hijack and hold for ransom MongoDB servers, similar attacks are now taking place against CouchDB, Hadoop, and ElasticSearch servers. According to the latest tallies, the number of hijacked MongoDB servers is 34,000 (out of 69,000 available on Shodan), 4,681 ElasticSearch clusters (out of 33,000), 126 Hadoop datastores (out of 5,400), and 452 CouchDB databases (out of 4,600). Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
Mozilla

Mozilla Releases New Open Source 'Internet Health Report' (venturebeat.com) 62

Slashdot reader Krystalo shared this VentureBeat article: Fresh off its brand redesign, Mozilla has released The Internet Health Report, an open-source initiative to document the state of the internet, combining research and reporting from multiple sources... Mozilla's goal is to start a constructive discussion about the health of the internet by exploring what is currently healthy and unhealthy, as well as what lies ahead...

One notable statistic is the number of people who can't get online in the first place. The report shows that 57.8% of the world's population cannot afford broadband internet, and 39.5% cannot afford an internet connection on their mobile device. Other findings include the fact that there were 51 intentional internet shutdowns across 18 countries in the first 10 months of 2016; almost one-third of the world's population has no data protection rights; and 52% of all websites are in English, even though only 25% of the global population understands the language.

They're now gathering feedback and choosing which metrics to revisit every year, but five key topics include "decentralization: who controls the internet" and "open innovation: how open is it?" as well as security, web literacy, and digital inclusion. But Mozilla says their ultimate goal is very simple: to identify what's helping -- and what's hurting -- the internet.
Education

The 32-Bit Dog Ate 16 Million Kids' CS Homework (code.org) 141

"Any student progress from 9:19 to 10:33 a.m. on Friday was not saved..." explained the embarrassed CTO of the educational non-profit Code.org, "and unfortunately cannot be recovered." Slashdot reader theodp writes: Code.org CTO Jeremy Stone gave the kids an impromptu lesson on the powers of two with his explanation of why The Cloud ate their homework. "The way we store student coding activity is in a table that until today had a 32-bit index... The database table could only store 4 billion rows of coding activity information [and] we didn't realize we were running up to the limit, and the table got full. We have now made a new student activity table that is storing progress by students. With the new table, we are switching to a 64-bit index which will hold up to 18 quintillion rows of information.
The issue also took the site offline, temporarily making the work of 16 million K-12 students who have used the nonprofit's Code Studio disappear. "On the plus side, this new table will be able to store student coding information for millions of years," explains the site's CTO. But besides Friday's missing saves, "On the down side, until we've moved everything over to the new table, some students' code from before today may temporarily not appear, so please be patient with us as we fix it."

Slashdot Top Deals