New LTE Attacks Can Snoop On Messages, Track Locations, and Spoof Emergency Alerts ( 28

An anonymous reader quotes a report from ZDNet: A slew of newly discovered vulnerabilities can wreak havoc on 4G LTE network users by eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts. Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. Those flaws can allow authentication relay attacks that can allow an adversary to connect to a 4G LTE network by impersonating an existing user -- such as a phone number. Although authentication relay attacks aren't new, this latest research shows that they can be used to intercept message, track a user's location, and stop a phone from connecting to the network. By using common software-defined radio devices and open source 4G LTE protocol software, anyone can build the tool to carry out attacks for as little as $1,300 to $3,900, making the cost low enough for most adversaries. The researchers aren't releasing the proof-of-concept code until the flaws are fixed, however.

Ask Slashdot: Best To-Do/Task List Software? 278

Albanach writes: Despite searching, I have not identified a good solution for managing to-do lists, a problem that can't be unique or unusual. For a variety of reasons, I need something I host myself, which allows me to organize tasks, give them due dates and/or priorities and to easily reorganize. I'd prefer a web interface so that I can access my list from home/work/mobile. My searches generally turned up hosted solutions that don't work for privacy reasons, or very old software that has shown no sign of updates in years. What are other Slashdotters using to manage their real-world task list?

Bad iPhone Notches Are Happening To Good Android Phones ( 260

The Verge's Vlad Savov argues that Android smartphone manufacturers are copying the iPhone's design (specifically, the iPhone X's notch) with more speed and cynicism than ever before: I've been coming to Mobile World Congress for close to a decade now, and I've never seen the iPhone copied quite so blatantly and cynically as I witnessed during this year's show. MWC 2018 will go down in history as the launch platform for a mass of iPhone X notch copycats, each of them more hastily and sloppily assembled than the next. No effort is being made to emulate the complex Face ID system that resides inside Apple's notch; companies like Noa and Ulefone are in such a hurry to get their iPhone lookalike on the market that they haven't even customized their software to account for the new shape of the screen. More than one of these notched handsets at MWC had the clock occluded by the curved corner of the display. Asus is one of the biggest consumer electronics companies in the world, and yet its copycat notch is probably the most galling of them all. The Zenfone 5 looks and feels like a promising phone, featuring loud speakers, the latest Sony imaging sensor with larger-than-average pixels, and a price somewhere south of $499. I should be celebrating it right now, but instead I'm turning away in disgust as Asus leans into its copying by calling Apple a "Fruit Company" repeatedly. If you're going to copy the iPhone, at least have the decency to avoid trying to mock it.

It would be stating the obvious to say that this trend is not a good one. I'm absolutely of the belief that everyone, Apple included, copies or borrows ideas from everyone else in the mobile industry. This is a great way to see technical improvements disseminated across the market. But the problem with these notched screens on Android phones is that they're purely cosmetic. Apple's notch at the top of the iPhone X allows the company to have a nearly borderless screen everywhere else, plus it accommodates the earpiece and TrueDepth camera for Face ID. Asus et al have a sizeable "chin" at the bottom of their phones, so the cutouts at the top are self-evidently motivated by the desire to just look -- not function, look -- like an iPhone X.


Google's Slack Competitor 'Hangouts Chat' Comes Out of Beta ( 52

Frederic Lardinois reports via TechCrunch: Hangouts Chat, Google's take on modern workplace communication, is now generally available and is becoming a core part of G Suite. Hangouts Chat was first announced at Google Cloud Next 2017, together with Hangouts Meet. While Meet went right into public availability, though, Chat went into an invite-only preview. Now, Google is rolling Chat out to all G Suite users over the course of the next seven days (so if you don't see it yet, don't despair). For all intents and purposes, Hangouts Chat is Google's take on Slack, Microsoft Teams and similar projects. Since Google first announced this project, Atlassian also joined the fray with the launch of Stride. Like its competitors, Chat is available on iOS, Android and the web.

Chat currently supports 28 languages and each room can have up to 8,000 members. What's maybe just as important, though, is that Google has already built an ecosystem of partners that are integrating with Chat by offering their own bots. They include the likes of Xero, RingCentral, UberConference, Salesforce, Zenefits,, Jira, Trello, Wrike and Kayak. There's even a Giphy bot. Developers can also build their own bots and integrate their own services with Chat.


AI Cheats at Old Atari Games By Finding Unknown Bugs in the Code ( 45

An anonymous reader shares a report: AI research and video games are a match made in heaven. Researchers get a ready-made virtual environment with predefined goals they can control completely, and the AI agent gets to romp around without doing any damage. Sometimes, though, they do break things. Case in point is a paper published this week by a trio of machine learning researchers from the University of Freiburg in Germany. They were exploring a particular method of teaching AI agents to navigate video games (in this case, desktop ports of old Atari titles from the 1980s) when they discovered something odd. The software they were testing discovered a bug in the port of the retro video game Q*bert that allowed it to rack up near infinite points. As the trio describe in the paper, published on pre-print server arXiv, the agent was learning how to play Q*bert when it discovered an "interesting solution." Normally, in Q*bert, players jump from cube to cube, with this action changing the platforms' colors. Change all the colors (and dispatch some enemies), and you're rewarded with points and sent to the next level. The AI found a better way, though: "First, it completes the first level and then starts to jump from platform to platform in what seems to be a random manner. For a reason unknown to us, the game does not advance to the second round but the platforms start to blink and the agent quickly gains a huge amount of points (close to 1 million for our episode time limit)."

IBM's Watson Is Going To Space ( 59

Yesterday, IBM announced it would be providing the AI brain for a robot being built by Airbus to accompany astronauts aboard the International Space Station (ISS). "The robot, which looks like a flying volleyball with a low-resolution face, is being deployed with Germany astronaut Alexander Gerst in June for a six month mission," reports The Next Web. "It's called CIMON, an acronym for Crew Interactive Mobile Companion, and it's headed to space to do science stuff." From the report: It'll help crew members conduct medical experiments, study crystals, and play with a Rubix cube. Best of all, just like "Wilson," the other volleyball with a face and Tom Hanks' costar in the movie Castaway, CIMON can be the astronauts' friend. According to an IBM blog post: "CIMON's digital face, voice and use of artificial intelligence make it a 'colleague' to the crew members. This collegial 'working relationship' facilitates how astronauts work through their prescribed checklists of experiments, now entering into a genuine dialogue with their interactive assistant."

ESRB Introducing 'In-Game Purchases' Label in Response To Loot Box Controversy ( 97

The Entertainment Software Rating Board will begin labeling video games that contain in-game purchases, a response to lawmakers who have noticed the outcry over so-called loot crate systems and have signaled a willingness to legislate them. From a report: The labeling will "be applied to games with in-game offers to purchase digital goods or premiums with real world currency," the ESRB said in a news release this morning, "including but not limited to bonus levels, skins, surprise items (such as item packs, loot boxes, mystery awards), music, virtual coins and other forms of in-game currency, subscriptions, season passes and upgrades (e.g., to disable ads)." The label will appear separate from the familiar ESRB rating label (T-for-Teen, M-for-Mature, etc.) and not inside it. Additionally, the ESRB has begun an awareness campaign meant to highlight the controls available to parents whose households have a video game console.

Microsoft Updates Guideline on Windows Driver Security ( 17

An anonymous reader shares a report: Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws. The new guide -- also available as a one-document PDF -- is authored by Microsoft's Don Marshall and comes to replace an older help page. [...] While the driver security checklist is a must-read for any software developer and not just driver authors, the guide on assessing "threat modeling for drivers" is also something that software engineers should take a peek at.

Microsoft Starts Selling Lumia Windows Phones Again ( 111

After removing its Lumia devices back in June, Microsoft has started selling them again at the company's online retail store. According to Windows Latest, Microsoft U.S. Store is selling the Lumia 950 for $399, Lumia 950 XL for $499, Lumia 550 and Lumia 650 for $139 and $199 respectively. From the report: A Microsoft Store sales agent confirmed to us that Lumia phones are back in the store on February 4 after a long gap. "They are recently back this early February. Specifically, on February 4th 2018," Microsoft sales team told us. Rumor had it that Microsoft wanted to sell as many Lumias as possible until stores ran out of stock, but it looks like the plans have changed or the company is selling the remaining stock which they recently discovered.
The Courts

Volkswagen Settles Diesel Emissions Lawsuit Right Before Trial Set To Begin ( 74

Volkswagen settled a major diesel emissions class action lawsuit brought by hundreds of vehicle owners right before the case was set to go to trial. "The German auto giant's U.S. division settled the lawsuit brought by a North Carolina man and over 300 other owners of diesel cars who allege fraud and unfair trade practices," reports The Verge. From the report: The trial could have featured testimony from current and former VW executives and would likely have caused a spate of bad press for the automaker regarding the Dieselgate scandal. Since it first broke in 2015, the controversy has led to the resignation of VW's CEO, seen a handful of executives sentenced to jail, and resulted in billions of dollars in fines and settlements. VW is being sued by some consumers after it admitted to using software to cheat on diesel emissions tests, sparking the biggest scandal to hit the auto industry in decades. David Doar, the North Carolina man along with more than 300 other U.S. VW diesel owners, rejected settlement offers from a 2016 class action that would have reimbursed them for the value of their vehicles. Nearly all U.S. owners of affected VW vehicles agreed to take part in a $25 billion settlement in 2016, which included buyback offers and additional compensation for about 500,000 owners. But according to Reuters, some 2,000 owners have opted out, and most are pursuing separate claims seeking additional compensation.

Airbus, Delta, and Sprint Are on a Quest for In-Flight Wi-fi That Actually Works ( 48

It's 2018, so why is it still seemingly impossible to get a decent wi-fi on an airplane? From a report: Well, a lot of reasons, it turns out. The Wall Street Journal recently enumerated them: hardware, software, government regulation, aviation regulation, and rivalries between wireless and satellite companies. Despite the obstacles, a new alliance between Airbus, Delta Air Lines, Sprint, and two U.S. satellite companies is trying to find a way to provide faster Internet and a better user experience. Japan's SoftBank, which owns 80% of Sprint, and India's Bharti Airtel are also reportedly supporting the project. The group, which calls itself Seamless Air Alliance, envisions a world where a variety of devices could easily connect to the Internet while in flight at industry-leading speeds, rivaling cable and 5G. The businesses that are either involved in or backing the alliance pack a punch: they already serve about 150 million airline passengers and 450 million mobile users around the globe.

Vulkan Graphics is Coming To macOS and iOS, Will Enable Faster Games and Apps ( 94

The Khronos Group, a consortium of hardware and software companies, has announced that the Vulkan graphics technology is coming to Apple's platforms, allowing games and apps to run at faster performance levels on Macs and iOS devices. From a report: In collaboration with Valve, LunarG, and The Brenwill Workshop, this free open-source collection includes the full 1.0 release of the previously-commercial MoltenVK, a library for translating Vulkan API calls to Apple's Metal 1 and 2 calls, as well LunarG's new Vulkan SDK for macOS. Funding the costs of open-sourcing, Valve has been utilizing these tools on their applications, noting performance gains over native OpenGL drivers with Vulkan DOTA 2 on macOS as a production-load example. Altogether, this forms the next step in Khronos' Vulkan Portability Initiative, which was first announced at GDC 2017 as their "3D Portability Initiative," and later refined as the "Vulkan Portability Initiative" last summer. Spurred by industry demand, Khronos is striving for a cross-platform API portability solution, where an appropriate subset of Vulkan can act as a 'meta-API'-esque layer to map to DirectX 12 and Metal; the holy grail being that developers can craft a single Vulkan portable application or engine that can be seamlessly deployed across Vulkan, DX12, and Metal supporting platforms.
United States

The American Midwest Is Quickly Becoming a Blue-Collar Version of Silicon Valley ( 171

An anonymous reader quotes a report from Quartz: The economic engine of Silicon Valley seems to have driven right by the midwest. America's urban coastal cities have enjoyed an explosion in their technology sectors. New York's Silicon Alley and Boston's biotech corridor are world-class incubators of talent and startups. Austin (Texas), Seattle (Washington), Washington, D.C, and even Miami Beach claim a piece of the digital economy (and Silicon-something monikers). But what about Columbus and Indianapolis and Kansas City? After years in the doldrums, their fortunes are rising. Venture capital firms are setting up shop. Startups are clustering in old industrial strongholds. But the region's tech sectors look different than their coastal cousins. The midwest is seeing the rise of "mid-tech."

Alongside the traditional high-flying software jobs that are plentiful in Silicon Valley, mid-tech jobs, loosely defined as tech jobs requiring less than a college degree, are growing fast in the Midwest. While not an official designation, mid-tech jobs can be defined as skilled tech work that doesn't require a college degree: just intense, focused training on the job or in vocational programs like those of blue-collar trades of the industrial past. [...] Mid-tech jobs composed more than a quarter of all tech employment in major midwestern metropolitan areas, including Columbus, Ohio; Cincinnati, Ohio; St. Louis, Missouri; Detroit, Michigan; Nashville, Tennessee; and Minneapolis-St. Paul, Minnesota-Wisconsin. More than 100,000 people were employed in such jobs in these cities alone. That proportion never cracked 20% in Bay Area metropolises, the heart of Silicon Valley. While the analyses did not include all cities, it reveals the tech sector's evolution in the Midwest along different lines than Silicon Valley.
The findings come from the Brookings Institute, a nonprofit public policy research group, which crunched data from the Bureau of Labor Statistics. High and mid-tech jobs in midwestern cities also grew at an annual compounded rate of about 5%. What do these jobs look like? "In Kentucky, the technical skills once applied to things like calculating blast trajectories in mines are going into Javascript," reports Quartz. "The software firm Interapt has set up a training program in Eastern Kentucky to turn former coal miners and others with technical aptitude into software developers."
Data Storage

Dropbox Shows How It Manages Costs By Deleting Inactive Accounts ( 29

Dropbox employs a somewhat unusual technique to lower its costs, the cloud software company revealed on Friday in its filing to go public . From a report: In a process the company calls "infrastructure optimization," Dropbox said it deletes users' accounts if they don't sign in for a year and don't respond to emails. That keeps the company from incurring storage costs for inactive users, a tactic Yahoo has used in the past. Dropbox said that the costs of revenue dropped 6 percent in 2017 to $21.7 million, mostly due to a $35.1 million reduction "in our infrastructure costs." As it prepares to lure public market investors, Dropbox is paying particularly close attention to its expenses. The company operates in an intensively competitive market against vendors including Apple, Amazon, Box, Google and Microsoft. Once reliant on Amazon Web Services , Dropbox has moved away from public cloud in recent years and has been building its own data center infrastructure to store the majority of user data. Another way it's managed costs is by making sure that there weren't too many copies of users' files on third-party infrastructure.

Ask Slashdot: How Would You Teach 'Best Practices' For Programmers? 220

An anonymous reader writes: I've been asked to put together a half-day workshop whose title is "Thinking Like a Programmer." The idea behind this is that within my institution (a university), we have a vast number of self-taught programmers who have never been taught "best practices" or anything about software engineering. This workshop's intention is to address this lack of formal training.

The question is, what should be covered in this workshop? If you have an idea -- that also has an example of best practice -- please share!

It's really two questions -- what "thinking like a programmer" topics should be covered, but also what examples should be used to illustrate best practices for the material. So leave your best thoughts in the comments.

How would you teach best practices for programmers?

New Tech Industry Lobbying Group Argues 'Right to Repair' Laws Endanger Consumers ( 146

chicksdaddy brings this report from Security Ledger: The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers. The group released a survey last week warning of possible privacy and security risks should consumers have the right to repair their own devices. It counts powerful electronics and software industry organizations like CompTIA, CTIA, TechNet and the Consumer Technology Association as members... In an interview with The Security Ledger, Josh Zecher, the Executive Director of The Security Innovation Center, acknowledged that Security Innovation Center's main purpose is to push back on efforts to pass right to repair laws in the states.

He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks. Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves... Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety... "People say 'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."


Google's 'Bro Culture' Led To Harassment, Argues New Lawsuit By Software Engineer ( 290

An anonymous reader quotes the Mercury News: As a young, female software engineer at male-dominated Google, Loretta Lee was slapped, groped and even had a co-worker pop up from beneath her desk one night and tell her she'd never know what he'd been doing under there, according to a lawsuit filed against the Mountain View tech giant... Lee's lawsuit -- filed in Santa Clara County Superior Court -- alleges the company failed to to protect her, saying, "Google's bro-culture contributed to (Lee's) suffering frequent sexual harassment and gender discrimination, for which Google failed to take corrective action."

She was fired in February 2016 for poor performance, according to the suit... Lee started at the company in 2008 in Los Angeles and later switched to the firm's Mountain View campus, according to the suit, which asserts that she "was considered a talented and rising star" who received consistently "excellent" performance reviews. Lee claims that the "severe and pervasive" sexual harassment she experienced included daily abuse and egregious incidents. In addition to making lewd comments to her and ogling her "constantly," Lee's male co-workers spiked her drinks with whiskey and laughed about it; and shot Nerf balls and darts at her "almost every day," the suit alleges. One male colleague sent her a text message asking if she wanted a "horizontal hug," while another showed up at her apartment with a bottle of liquor, offering to help her fix a problem with one of her devices, refusing to leave when she asked him to, she alleges. At a holiday party, Lee "was slapped in the face by an intoxicated male co-worker for no apparent reason," according to the suit.

Lee resisted reporting an employee who had grabbed her lanyard and grazed her breasts -- and was then written up for being uncooperative. But after filing a report, "HR found her claims 'unsubstantiated,' according to the suit. 'This emboldened her colleagues to continue their inappropriate behavior,' the suit says.

"Her fear of being ostracized was realized, she claims, with co-workers refusing to approve her code in spite of her diligent work on it. Not getting her code approved led to her being 'labeled as a poor performer,' the suit says."

'Computer History Museum' Honorees Include Python Creator Guido van Rossum ( 73

On Wednesday the Computer History Museum, "the world's leading institution exploring the history of computing and its transformational impact on society," proudly announced the three Fellow Award honorees for 2018:
  • Dov Frohman-Bentchkowsky -- "For the invention of the first commercial erasable programmable read-only memory (EPROM), which enabled rapid development of microprocessor-based systems."
  • Dame Stephanie Shirley CH -- "For a lifetime of entrepreneurship promoting the growth of the UK software industry and the advancement of women in computing."
  • Guido van Rossum -- "For the creation and evolution of the Python programming language, and for leadership of its community."

"We are delighted to induct these outstanding new Fellows with diverse contributions in hardware, in services, and in software," said Len Shustek, the Museum's board chairman. "They are true heroes of the Digital Age."


Ask Slashdot: Software To Visualize, Manage Homeowner's Association Projects? 115

New submitter jishak writes: I am a long time Slashdot reader who has been serving on an homeowner association (HOA) board for 7 years. Much of the job requires managing projects that happen around the community. For example, landscaping, plumbing, building maintenance, etc. Pretty much all the vendors work with paper or a management company scans the paper, giving us a digital version. I am looking for suggestions on tools to visualize and manage projects using maps/geolocation software to see where jobs are happening and track work, if that makes sense. I did a rudimentary search but didn't really find anything other than a couple of companies who make map software which is good for placing static items like a building on a map but not for ongoing work. There are tools like Visio or Autodesk, which are expensive and good for a single building, but they don't seem so practical for an entire community of 80 units with very little funds (I am a volunteer board member). The other software packages I have seen are more like general project management or CRM tools but they are of no use to track where trees are planted, which units have had termite inspections, etc.

I am looking for tools where I could see a map and add custom layers for different projects that can be enabled/disabled or show historical changes. If it is web based and can be shared for use among other board members, property managers, and vendors, or viewable on a phone or tablet, that would be a plus. I am not sure how to proceed and a quick search on Slashdot didn't really turn anything up. I can't be the first person to encounter this type of problem. Readers of Slashdot what do you recommend? If I go down the road of having to roll my own solution, can you offer ideas on how to implement it? I am open to suggestions.
Star Wars Prequels

How a Fight Over Star Wars Download Codes Could Reshape Copyright Law ( 96

An anonymous reader quotes a report from Ars Technica: A federal judge in California has rejected Disney's effort to stop Redbox from reselling download codes of popular Disney titles like Frozen, Beauty and the Beast, and the latest Star Wars movies. Judge Dean Pregerson's Tuesday ruling invoked the little-used doctrine of copyright misuse, which holds that a copyright holder loses the right to enforce a copyright if the copyright is being abused. Pregerson faulted Disney for tying digital download codes to physical ownership of discs, a practice that he argued ran afoul of copyright's first sale doctrine, which guarantees customers the right to resell used DVDs.

If the ruling were upheld on appeal, it would have sweeping implications. It could potentially force Hollywood studios to stop bundling digital download codes with physical DVDs and force video game companies to rethink their own practices. But James Grimmelmann, a copyright scholar at Cornell Law School, is skeptical that the ruling will survive an inevitable appeal from Disney. "I don't see this one sticking," Grimmelmann told Ars. Copyright misuse has such sweeping legal implications that an appeals court will be reluctant to apply it to a common movie industry practice.

Slashdot Top Deals