DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Technology

AMD Confirms It's Issuing a Fix To Stop New Ryzen Processors From Crashing Desktops (digitaltrends.com) 112

AMD says the company has been able to figure out why FMA3 code is causing system hangs on PCs using a new Ryzen desktop processor. From a report: Although AMD didn't provide a detailed report on the problem's root cause, the company said that BIOS changes will be distributed to motherboard manufacturers to resolve the issue. Customers are encouraged to keep an eye on their motherboard vendor's website for an update. "We are aware of select instances where FMA code can result in a system hang," the company said. "We have identified the root cause." AMD released three Ryzen-branded desktop processors at the beginning of March that plug into motherboards based on AMD's new AM4 socket. The trio of processors include the Ryzen 7 1800X, the Ryzen 7 1700X, and the Ryzen 7 1700. However, all three reportedly cause a hard system lock when running certain FMA3 workloads. The problem was replicated across all three processors and a variety of motherboards.
Microsoft

Microsoft Outlook, Skype, OneDrive Hit By Another Authentication Issue (zdnet.com) 48

Two weeks after a widespread authentication issue hit Outlook, Skype, OneDrive, Xbox and other Microsoft services, it's happening again. From a report: On March 21, users across the world began reporting via Twitter that they couldn't sign into Outlook.com, OneDrive and Skype, (and possibly more). I, myself, am unable to sign into Outlook.com, OneDrive or Skype at 2:30 pm ET today, but my Office 365 Mail account is working fine. (Knock wood.) I believe the issue started about an hour ago, or 1:30 p.m. ET or so. MSA is Microsoft's single sign-on service which authenticates users so they can log into their various Microsoft services. As happened two weeks ago, Skype Heartbeat site, has posted a message noting that users may be experiencing problems sending messages and signing in.
Twitter

Twitter Suspended Hundreds of Thousands of Accounts Amid 'Violent Extremism' (fortune.com) 199

Twitter said on Tuesday it had suspended more than half a million accounts since the middle of 2015 as the company steps up efforts to tackle "violent extremism" on its microblogging platform. From a report: The company shut down a total of 376,890 accounts in the last six months of 2016, Twitter said in its latest transparency report.
Security

New Technology Combines Lip Motion and Passwords For User Authentication (bleepingcomputer.com) 54

An anonymous reader writes: "Scientists from the Hong Kong Baptist University (HKBU) have developed a new user authentication system that relies on reading lip motions while the user speaks a password out loud," reports BleepingComputer. Called "lip password" the system combines the best parts of classic password-based systems with the good parts of biometrics. The system relies on the uniqueness of someone's lips, such as shape, texture, and lip motions, but also allows someone to change the lip motion (password), in case the system ever gets compromised. Other biometric solutions, such as fingerprints, iris scans, and facial features, become eternally useless once compromised.
IBM

IBM Unveils Blockchain As a Service Based On Open Source Hyperledger Fabric Technology (techcrunch.com) 42

IBM has unveiled its "Blockchain as a Service," which is based on the open source Hyperledger Fabric, version 1.0 from The Linux Foundation. "IBM Blockchain is a public cloud service that customers can use to build secure blockchain networks," TechCrunch reports, noting that it's "the first ready-for-primetime implementation built using that technology." From the report: Although the blockchain piece is based on the open source Hyperledger Fabric project of which IBM is a participating member, it has added a set of security services to make it more palatable for enterprise customers, while offering it as a cloud service helps simplify a complex set of technologies, making it more accessible than trying to do this alone in a private datacenter. The Hyperledger Fabric project was born around the end of 2015 to facilitate this, and includes other industry heavyweights such as State Street Bank, Accenture, Fujitsu, Intel and others as members. While the work these companies have done to safeguard blockchain networks, including setting up a network, inviting members and offering encrypted credentials, was done under the guise of building extra safe networks, IBM believes it can make them even safer by offering an additional set of security services inside the IBM cloud. While Jerry Cuomo, VP of blockchain technology at IBM, acknowledges that he can't guarantee that IBM's blockchain service is unbreachable, he says the company has taken some serious safeguards to protect it. This includes isolating the ledger from the general cloud computing environment, building a security container for the ledger to prevent unauthorized access, and offering tamper-responsive hardware, which can actually shut itself down if it detects someone trying to hack a ledger. What's more, IBM claims their blockchain product is built in a highly auditable way to track all of the activity that happens within a network, giving administrators an audit trail in the event something did go awry.
United States

'Sorry, I've Forgotten My Decryption Password' is Contempt Of Court, Pal - US Appeal Judges (theregister.co.uk) 516

Thomas Claburn, reporting for The Register: The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court opted not to address a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant (referred to in court documents as "John Doe" because his case is partially under seal) in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer. The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus had been seized as part of a child pornography investigation.
Security

Royal Jordanian Airlines Bans Use of Electronics After US Voices Security 'Concerns' (theverge.com) 108

An anonymous reader quotes a report from The Verge: Royal Jordanian airlines banned the use of electronics on flights servicing the U.S. after government officials here expressed concerns. Details are scant, but CNN is reporting that other carriers based on the Middle East and Africa may be affected as well. The news broke when Royal Jordanian, a state-owned airline that operates around 500 flights a week, posted this cryptic notice on its Twitter feed. The ban, which includes laptops, tablets, and video games, but does not include smartphones or medical devices, is effective for Royal Jordanian flights servicing New York, Chicago, Detroit, and Montreal. A spokesperson for Royal Jordanian was not immediately available for clarification. Meanwhile, CNN is reporting that Royal Jordanian may not be the only carrier affected by these new security provisions. Jon Ostrower, the network's aviation editor, just tweeted that as many as 12 airlines based in the Middle East and Africa could be impacted. A Saudi executive also tweeted that "directives by U.S. authorities" could affect passengers traveling from 13 countries, with the new measure set to go into effect over the next 96 hours.
Communications

Hundreds of Cisco Switches Vulnerable To Flaw Found in WikiLeaks Files (zdnet.com) 76

Zack Whittaker, writing for ZDNet: Cisco is warning that the software used in hundreds of its products are vulnerable to a "critical"-rated security flaw, which can be easily and remotely exploited with a simple command. The vulnerability can allow an attacker to remotely gain access and take over an affected device. More than 300 switches are affected by the vulnerability, Cisco said in an advisory. According to the advisory, the bug is found in the cluster management protocol code in Cisco's IOS and IOS XE software, which the company installs on the routers and switches it sells. An attacker can exploit the vulnerability by sending a malformed protocol-specific Telnet command while establishing a connection to the affected device, because of a flaw in how the protocol fails to properly process some commands. Cisco said that there are "no workarounds" to address the vulnerability, but it said that disabling Telnet would "eliminate" some risks.
Government

FBI Director Comey Confirms Investigation Into Trump Campaign (reuters.com) 522

FBI Director James Comey confirmed during testimony before Congress Monday that the FBI is investigating whether the Trump campaign colluded with a covert Russian campaign to interfere with the election. From a report on Reuters: Comey told a congressional hearing on Russian activities that the probe "includes investigating the nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia's efforts. Because it is an open, ongoing investigation and is classified, I cannot say more about what we are doing and whose conduct we are examining," Comey said. Earlier, the chairman of the U.S. House of Representatives Intelligence Committee, Republican Representative Devin Nunes, told the same hearing that the panel had seen no evidence of collusion between Russia and Trump's 2016 campaign. Nunes also denied an unsubstantiated claim from Trump that there had been a wiretap on his Trump Tower in New York but said it was possible other surveillance was used against the Republican.
Microsoft

Windows 10 Will Download Some Updates Even Over a Metered Connection (winsupersite.com) 320

Reader AmiMoJo writes: Until now Windows 10 has allowed users to avoid downloading updates over metered (pay-per-byte) connections, to avoid racking up huge bills. Some users were setting their ethernet/wifi connections as metered in order to prevent Windows 10 from downloading and installing updates without their permission. In its latest preview version of the OS, Microsoft is now forcing some updates necessary for "smooth operation" to download even on these connections. As well as irritating users who want to control when updates download and install, users of expensive pay-per-byte connections could face massive bills.
Books

O'Reilly Site Lists 165 Things Every Programmer Should Know (oreilly.com) 231

97 Things Every Programmer Should Know was published seven years ago by O'Reilly Media, and was described as "pearls of wisdom for programmers collected from leading practitioners." Today an anonymous reader writes: All 97 are available online for free (and licensed under a Creative Commons Attribution 3), including an essay by "Uncle Bob" on taking personal responsibility and "Unix Tools Are Your Friend" by Athens-based professor Diomidis Spinellis, who writes that the Unix tool chest can be more useful than an IDE.

But the book's official site is also still accepting new submissions, and now points to 68 additional "edited contributions" (plus another seven "contributions in progress"), including "Be Stupid and Lazy" by Swiss-based Java programmer Mario Fusco, and "Decouple That UI" by tech trainer George Brooke.

"There is no overarching narrative," writes the site's editor Kevlin Henney (who also wrote the original book). "The collection is intended simply to contain multiple and varied perspectives on what it is that contributors to the project feel programmers should know...anything from code-focused advice to culture, from algorithm usage to agile thinking, from implementation know-how to professionalism, from style to substance..."
Stats

America's Most Affordable Cities For Tech Workers: Seattle, Austin, and Pittsburgh (prnewswire.com) 125

"Seattle tech workers who own their homes can expect to have about $2,000 more in disposable income each month than tech workers in the Bay Area," according to a new study from LinkedIn and Zillow. An anonymous reader writes: "For technology workers who rent, Seattle, Austin and Pittsburgh, Pennsylvania came out on top among the housing markets analyzed, with the Bay Area at #4..." the two companies reported. "Salaries for other industries don't hold up as well in the San Francisco area, though. Even highly-paid finance workers keep only about 32 percent of their incomes after paying for housing and taxes. In Charlotte or Chicago, they can pocket a median of 61 percent."

The Bay Area's high housing prices are apparently offset by the high salaries paid there to tech workers, according to the study. Even so, both home owners and renters pay roughly half the median income for housing on the west coast, "while a rental in the middle of the country costs more like 25 percent of the median income."

The report also identified the best cities for health workers -- Phoenix, Indianapolis, and Boston -- as well as for finance workers, who do best in Charlotte, Chicago and Dallas. The top 15 cities for tech workers also included those same cities except Chicago and Phoenix, while also including known tech hotspots like Denver, Atlanta, and Washington, D.C. But surprisingly the top 15 best cities for tech workers also included Detroit, Nashville, St. Paul (Minnesota) and Tampa, Florida.
Microsoft

WikiLeaks Won't Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met (fortune.com) 227

"WikiLeaks has made initial contact with us via secure@microsoft.com," a Microsoft spokesperson told Motherboard -- but then things apparently stalled. An anonymous reader quotes Fortune: Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security "zero days" and other surveillance methods in the possession of the Central Intelligence Agency... Wikileaks' demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard's sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.
Julian Assange announced Friday that Mozilla had already received information after agreeing to their "industry standard responsible disclosure plan," then added that "most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies... such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA." Assange suggested users "may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves."
Crime

Company's Former IT Admin Accused of Accessing Backdoor Account 700+ Times (bleepingcomputer.com) 63

An anonymous reader writes: "An Oregon sportswear company is suing its former IT administrator, alleging he left backdoor accounts on their network and used them more than 700 times to search for information for the benefit of its new employer," reports BleepingComputer. Court papers reveal the IT admin left to be the CTO at one of the sportswear company's IT suppliers after working for 14 years at his previous employer. For more than two years, he's [allegedly] been using an account he created before he left to access his former colleagues' emails and gather information about the IT services they might need in the future. The IT admin was fired from his CTO job after his new employer found out what he was doing.
One backdoor, which enabled both VPN and VDI connections to the company's network, granted access to a "jmanming" account for a non-existent employee named Jeff Manning...
Encryption

Ask Slashdot: How Would You Implement Site-Wide File Encryption? 151

Recently-leaked CIA documents prove that encryption works, according to the Associated Press. But how should sys-admins implement site-wide file encryption? Very-long-time Slashdot reader Pig Hogger writes: If you decide to implement server-level encryption across all your servers, how do you manage the necessary keys/passwords/passphrases to insure that you have both maximum uptime (you can access your data if you need to reboot your servers), yet that the keys cannot be compromised... What are established practices to address this issue?
Keep in mind that you can't change your password once the server's been seized, bringing up the issue of how many people know that password. Or is there a better solution? Share you suggestions and experiences in the comments. How would you implement site-wide file encryption?

Slashdot Top Deals