United States

EPA Says Higher Radiation Levels Pose 'No Harmful Health Effect' (bloomberg.com) 107

Readers share a report: In the event of a dirty bomb or a nuclear meltdown, emergency responders can safely tolerate radiation levels equivalent to thousands of chest X-rays, the Environmental Protection Agency said in new guidelines that ease off on established safety levels. The EPA's determination sets a level ten times the drinking water standard for radiation recommended under President Barack Obama. It could lead to the administration of President Donald Trump weakening radiation safety levels, watchdog groups critical of the move say. "It's really a huge amount of radiation they are saying is safe," said Daniel Hirsch, the retired director of the University of California, Santa Cruz's program on environmental and nuclear policy. "The position taken could readily unravel all radiation protection rules." The change was included as part of EPA "guidance" on messaging and communications in the event of a nuclear power plant meltdown or dirty bomb attack. The FAQ document, dated September 2017, is part of a broader planning document for nuclear emergencies, and does not carry the weight of federal standards or law.
United States

Leave It To the Heat to Dull Autumn's Glory (wsj.com) 91

It's autumn. Somebody tell the trees. From a report: Ordinarily, two signals alert deciduous trees that it's time to relinquish the green hues of summer in favor of autumn's yellows, oranges and reds. First, the days begin to grow shorter. Second, the temperature begins to drop. But this year, unseasonably warm weather across most of the U.S. has tricked trees into delaying the onset of fall's color extravaganza. Temperatures in the eastern half of the country have been as much as 15 degrees above normal since mid-September, and the warmth is expected to persist through the end of October. The unfortunate result for leaf peepers is a lackluster fall. Two kinds of pigments produce the season's liveliest foliage. Carotenoid, responsible for yellows and oranges, is always present in leaves but is usually masked by chlorophyll. The initial trigger for its appearance is shorter days. Anthocyanin, responsible for reds and deep purples, is different. Not all deciduous trees have this pigment, and those that do manufacture it from scratch in the fall. The primary trigger for its appearance is lower temperatures. Without that cooling cue, the colors of maple and other species that generally ignite New England with brilliant reds this time of year are likely to fizzle.
Microsoft

US Supreme Court To Decide Microsoft Email Privacy Dispute (reuters.com) 57

The U.S. Supreme Court on Monday agreed to resolve a major privacy dispute between the Justice Department and Microsoft Corp over whether prosecutors should get access to emails stored on company servers overseas. From a report: The justices will hear the Trump administration's appeal of a lower court's ruling last year preventing federal prosecutors from obtaining emails stored in Microsoft computer servers in Dublin, Ireland in a drug trafficking investigation. That decision by the New York-based 2nd U.S. Court of Appeals marked a victory for privacy advocates and technology companies that increasingly offer cloud computing services in which data is stored remotely. Microsoft, which has 100 data centers in 40 countries, was the first U.S. company to challenge a domestic search warrant seeking data held outside the country. There have been several similar challenges, most brought by Google.
The Military

Pentagon Turns To High-Speed Traders To Fortify Markets Against Cyberattack (wsj.com) 58

Slashdot reader Templer421 quotes the Wall Street Journal's report [non-paywalled version here] on DARPA's "Financial Markets Vulnerabilities Project": Dozens of high-speed traders and others from Wall Street are helping the Pentagon study how hackers could unleash chaos in the U.S. financial system. The Department of Defense's research arm over the past year and a half has consulted executives at high-frequency trading firms and quantitative hedge funds, and people from exchanges and other financial companies, participants in the discussions said. Officials described the effort as an early-stage pilot project aimed at identifying market vulnerabilities... Participants described meetings as informal sessions in which attendees brainstorm about how hackers might try to bring down U.S. markets, then rank the ideas by feasibility.

Among the potential scenarios: Hackers could cripple a widely used payroll system; they could inject false information into stock-data feeds, sending trading algorithms out of whack; or they could flood the stock market with fake sell orders and trigger a market crash... "We started thinking a couple years ago what it would be like if a malicious actor wanted to cause havoc on our financial markets," said Wade Shen, who researched artificial intelligence at the Massachusetts Institute of Technology before joining Darpa as a program manager in 2014.

Crime

Pizza Hut Leaks Credit Card Info On 60,000 Customers (kentucky.com) 75

An anonymous reader quotes McClatchy: Pizza Hut told customers by email on Saturday that some of their personal information may have been compromised. Some of those customers are angry that it took almost two weeks for the fast food chain to notify them. According to a customer notice emailed from the pizza chain, those who placed an order on its website or mobile app between the morning of Oct. 1 and midday Oct. 2 might have had their information exposed. The "temporary security intrusion" lasted for about 28 hours, the notice said, and it's believed that names, billing ZIP codes, delivery addresses, email addresses and payment card information -- meaning account number, expiration date and CVV number -- were compromised... A call center operator told McClatchy that about 60,000 people across the U.S. were affected.
"[W]e estimate that less than one percent of the visits to our website over the course of the relevant week were affected," read a customer notice sent only to those affected, offering them a free year of credit monitoring. But that hasn't stopped sarcastic tweets like this from the breach's angry victims.

"Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it."
The Almighty Buck

In a Cashless World, You'd Better Pray the Power Never Goes Out (mises.org) 418

schwit1 quotes the Mises Institue: When Hurricane Maria knocked out power in Puerto Rico, residents there realized they were going to need physical cash — and a lot of it. Bloomberg reported that the Fed was forced to fly a planeload of cash to the Island to help avert disaster. "William Dudley, the New York Fed president, put the word out within minutes, and ultimately a jet loaded with an undisclosed amount of cash landed on the stricken island. [Business executives in Puerto Rico] described corporate clients' urgent requests for hundreds of thousands in cash to meet payrolls, and the challenge of finding enough armored cars to satisfy endless demand at ATMs... As early as the day after the storm, the Fed began working to get money onto the island."

For a time, unless one had a hoard of cash stored up in ones home, it was impossible to get cash at all. 85 percent of Puerto Rico is still without power... Bloomberg continues: "When some generator-powered ATMs finally opened, lines stretched hours long, with people camping out in beach chairs and holding umbrellas against the sun." In an earlier article from September 25, Bloomberg noted how, without cash, necessities were simply unavailable:

"Cash only," said Abraham Lebron, the store manager standing guard at Supermax, a supermarket in San Juan's Plaza de las Armas. He was in a well-policed area, but admitted feeling like a sitting duck with so many bills on hand. "The system is down, so we can't process the cards. It's tough, but one finds a way to make it work."


Open Source

How Open Source Software Helps The Federal Reserve Bank of New York (hpe.com) 24

Long-time Slashdot reader Esther Schindler quotes Hewlett Packard Enterprise: When you handle trillions of dollars a year in transactions and manage the largest known vault of gold in the world, security and efficiency are top priorities. Open source reusable software components are key to the New York Fed's successful operation, explains Colin Wynd, vice president and head of the bank's Common Service Organization... The nearly 2,000 developers across the Federal Reserve System used to have a disparate set of developer tools. Now, they benefit from a standard toolset and architecture, which also places limits on which applications the bank will consider using. "We don't want a third-party application that isn't compatible with our common architecture," said Wynd.

One less obvious advantage to open source adoption is in career satisfaction and advancement. It gives developers opportunities to work on more interesting applications, said Wynd. Developers can now take on projects or switch jobs more easily across Federal Reserve banks because the New York Fed uses a lot of common open source components and a standard tool set, meaning retraining is minimal if needed at all."

Providing training in-house also creates a more consistent use of best practices. "Our biggest headache is to prove to groups that an application is secure, because we have to defend against nation state attacks."
China

Why China is Winning the Clean Energy Race (axios.com) 212

An anonymous reader shares a report: U.S. politicians have been warning for years that America couldn't let China win the clean energy race. That's exactly what has happened, with the trends most stark in electric cars, solar and nuclear energy. Why it matters: Building for the last decade, these trends have accelerated in the last couple of years. Politicians and business leaders said America's dominance in this space would bring jobs to the U.S. and security to our clean-energy resources, and now both of those goals are at risk. Why China is doing this: It needs to literally energize its 1.4 billion people, both how they travel and how they power their homes. Its leadership feels compelled to do it in a cleaner way than the U.S. did. Air pollution is at dangerously high levels across many of China's cities. People are seeing and feeling health repercussions of China's dependence on fossil fuel-fired cars and power plants in an acute way. Traditional air pollution, not climate change, is a big driver.
Communications

Recordings of the Sounds Heard In the Cuban US Embassy Attacks Released (apnews.com) 299

New submitter chrissfoot shares a report from The Associated Press: The Associated Press has obtained a recording of what some U.S. Embassy workers heard in Havana in a series of unnerving incidents later deemed to be deliberate attacks. The recording, released Thursday by the AP, is the first disseminated publicly of the many taken in Cuba of mysterious sounds that led investigators initially to suspect a sonic weapon. The recordings themselves are not believed to be dangerous to those who listen. Sound experts and physicians say they know of no sound that can cause physical damage when played for short durations at normal levels through standard equipment like a cellphone or computer. What device produced the original sound remains unknown. Americans affected in Havana reported the sounds hit them at extreme volumes. You can listen to the "Dangerous Sound" here via YouTube.
Security

US Weapons Data Stolen During Raid of Australian Defense Contractor's Computers (wsj.com) 78

phalse phace writes: Another day, another report of a major breach of sensitive U.S. military and intelligence data. According to a report by The Wall Street Journal (Warning: source may be paywalled; alternative source), "A cyberattacker nicknamed 'Alf' gained access to an Australian defense contractor's computers and began a four-month raid that snared data on sophisticated U.S. weapons systems. Using the simple combinations of login names and passwords 'admin; admin' and 'guest; guest' and exploiting a vulnerability in the company's help-desk portal, the attacker roved the firm's network for four months. The identity and affiliation of the hackers in the Australian attack weren't disclosed, but officials with knowledge of the intrusion said the attack was thought to have originated in China."

The article goes on to state that "Alf obtained around 30 gigabytes of data on Australia's planned purchase of up to 100 F-35 fighters made by Lockheed Martin, as well as information on new warships and Boeing-built P-8 Poseidon maritime-surveillance aircraft, in the July 2016 breach." The stolen data also included details of the C-130 Hercules transport aircraft and guided bombs used by the U.S. and Australian militaries as well as design information "down to the captain's chair" on new warships for Australia's navy.

Space

SpaceX Successfully Landed the 12th Falcon 9 Rocket of 2017 (theverge.com) 117

Shortly after launching from Cape Canaveral, Florida, SpaceX's Falcon 9 rocket successfully landed on one of the company's drone ships in the ocean. "It marks the 12th time SpaceX has successfully landed the first stage of a Falcon 9 rocket this year, the 18th overall, and the second this week," reports The Verge. "It was also the third time that the company has successfully launched and landed a rocket that had already flown." From the report: The vehicle for this mission has flown before: once back in February, when it lofted cargo to the International Space Station and then landed at SpaceX's ground-based Landing Zone 1. Going up on this flight is a hybrid satellite that will be used by two companies, SES and EchoStar. Called EchoStar 105/SES-11, the satellite will sit in a high orbit 22,000 miles above Earth, providing high-definition broadcasts to the U.S. and other parts of North America. While this is the first time EchoStar is flying a payload on a used Falcon 9, this is familiar territory for SES. The company's SES-10 satellite went up on the first "re-flight" in March. And SES has made it very clear that it is eager to fly its satellites on previously flown boosters.
Google

Google Will Hit 100 Percent Renewable Energy This Year (inverse.com) 130

An anonymous reader quotes a report from Inverse: Google has announced that after 10 years a carbon-neutral company, it will be able to brag running on entirely renewable energy at the end of 2017. That means that all of the electricity the company consumes in both its data centers and offices are provided by wind and solar energy. Announced in Google's 2017 environmental report, Google says it has created "new energy purchasing models that others can follow" and that "we've helped drive wide-scale global adoption of clean energy." In addition to being an obvious PR boon, the company says its mission of full sustainability fits in with its larger mission. (It also makes the fact that as recently as 2015 Google alone reportedly consumed as much energy as the entire city of San Francisco in a year way more palatable.)

One step the company has recently taken in marrying its ethos of sustainability with its products is a new initiative to equip Google Street View vehicles with air quality sensors. In addition to its goal of being run by renewable energy, Google is also working on achieving zero waste to landfill. Nearly half of the company's 14 data centers have already reached this goal, according to Google executive Urs Holzle's 2017 Google Environmental report released on Tuesday.

Privacy

US Government Has 'No Right To Rummage' Through Anti-Trump Protest Website Logs, Says Judge (theregister.co.uk) 276

A Washington D.C. judge has told the U.S. Department of Justice it "does not have the right to rummage" through the files of an anti-Trump protest website -- and has ordered the dot-org site's hosting company to protect the identities of its users. The Register reports: Chief Judge Robert E. Morin issued the revised order [PDF] Tuesday following a high-profile back and forth between the site's hosting biz DreamHost and prosecutors over what details Uncle Sam was entitled to with respect to the disruptj20.org website. "As previously observed, courts around the country have acknowledged that, in searches for electronically stored information, evidence of criminal activity will likely be intermingled with communications and other records not within the scope of the search warrant," he noted in his ruling. "Because of the potential breadth of the government's review in this case, the warrant in its execution may implicate otherwise innocuous and constitutionally protected activity. As the Court has previously stated, while the government has the right to execute its Warrant, it does not have the right to rummage through the information contained on DreamHost's website and discover the identity of, or access communications by, individuals not participating in alleged criminal activity, particularly those persons who were engaging in protected First Amendment activities." The order then lists a series of protocols designed to protect netizens "to comply with First Amendment and Fourth Amendment considerations, and to prevent the government from obtaining any identifying information of innocent persons."
Transportation

California DMV Changes Rules To Allow Testing and Use of Fully Autonomous Vehicles (techcrunch.com) 117

The California Department of Motor Vehicles is changing its rules to allow companies to test autonomous vehicles without a driver behind the wheel -- and to let the public use autonomous vehicles. From a report: The DMV released a revised version of its regulations and has started a 15-day public comment period, ending October 25, 2017. California law requires the DMV to work on regulations to cover testing and public use of autonomous vehicles, and the regulator said that this is the first step. "We are excited to take the next step in furthering the development of this potentially life-saving technology in California," the state's Transportation Secretary, Brian Kelly, said in a statement. California's DMV took pains in its announcement to highlight that it wasn't trying to overstep the National Highway Traffic Safety Administration, which has the final say on developing and enforcing compliance with Federal Motor Vehicle Safety Standards. Rather, the California regulations, are going to require manufacturers to certify that they've met federal safety standards before their cars become (driverlessly) street legal. And manufacturers still have to obey the state traffic laws written for California.
Encryption

Justice Department To Be More Aggressive In Seeking Encrypted Data From Tech Companies (wsj.com) 204

An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): The Justice Department signaled Tuesday it intends to take a more aggressive posture in seeking access to encrypted information from technology companies, setting the stage for another round of clashes in the tug of war between privacy and public safety. Deputy Attorney General Rod Rosenstein issued the warning in a speech in Annapolis, Md., saying that negotiating with technology companies hasn't worked. "Warrant-proof encryption is not just a law enforcement problem," Mr. Rosenstein said at a conference at the U.S. Naval Academy. "The public bears the cost. When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost." Mr. Rosenstein didn't say what precise steps the Justice Department or Trump administration would take. Measures could include seeking court orders to compel companies to cooperate or a push for legislation. A Justice Department official said no specific plans were in the works and Mr. Rosenstein's speech was intended to spur public awareness and discussion of the issue because companies "have no incentive to address this on their own."
Software

Symantec CEO: Source Code Reviews Pose Unacceptable Risk (reuters.com) 172

In an exclusive report from Reuters, Symantec's CEO says it is no longer allowing governments to review the source code of its software because of fears the agreements would compromise the security of its products. From the report: Tech companies have been under increasing pressure to allow the Russian government to examine source code, the closely guarded inner workings of software, in exchange for approvals to sell products in Russia. Symantec's decision highlights a growing tension for U.S. technology companies that must weigh their role as protectors of U.S. cybersecurity as they pursue business with some of Washington's adversaries, including Russia and China, according to security experts. While Symantec once allowed the reviews, Clark said that he now sees the security threats as too great. At a time of increased nation-state hacking, Symantec concluded the risk of losing customer confidence by allowing reviews was not worth the business the company could win, he said.
Communications

T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number (vice.com) 62

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Until last week, a bug on a T-Mobile website let hackers access personal data such as email address, a customer's T-Mobile account number, and the phone's IMSI, a standardized unique number that identifies subscribers. On Friday, a day after Motherboard asked T-Mobile about the issue, the company fixed the bug. The flaw, which was discovered by security researcher Karan Saini, allowed malicious hackers who knew -- or guessed -- your phone number to obtain data that could've been used for social engineering attacks, or perhaps even to hijack victim's numbers. "T-Mobile has 76 million customers, and an attacker could have run a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users," Saini, who is the founder of startup Secure7, told Motherboard in an online chat. "That would effectively be classified as a very critical data breach, making every T-Mobile cell phone owner a victim," he added.
Earth

EPA Announces Repeal of Major Obama-Era Carbon Emissions Rule (nytimes.com) 314

An anonymous reader quotes a report from The New York Times (Warning: source may be paywalled; alternative source: The Trump administration announced Monday that it would take formal steps to repeal President Barack Obama's signature policy to curb greenhouse gas emissions from power plants, setting up a bitter fight over the future of America's efforts to tackle global warming. At an event in eastern Kentucky, Scott Pruitt, the head of the Environmental Protection Agency, said that his predecessors had departed from regulatory norms in crafting the Clean Power Plan, which was finalized in 2015 and would have pushed states to move away from coal in favor of sources of electricity that produce fewer carbon emissions. The repeal proposal, which will be filed in the Federal Register on Tuesday, fulfills a promise President Trump made to eradicate his predecessor's environmental legacy. Eliminating the Clean Power Plan makes it less likely the United States can fulfill its promise as part of the Paris climate agreement to ratchet down emissions that are warming the planet and contributing to heat waves and sea-level rise. Mr. Trump has vowed to abandon that international accord.

In announcing the repeal, Mr. Pruitt made many of the same arguments that he had made for years to Congress and in lawsuits: that the Obama administration exceeded its legal authority in an effort to limit greenhouse gas emissions from power plants. (Last year, the Supreme Court blocked the rule from taking effect while courts assessed those lawsuits.) A leaked draft of the repeal proposal asserts that the country would save $33 billion by not complying with the regulation and rejects the health benefits the Obama administration had calculated from the original rule.

Advertising

Google Uncovers Russia-Bought Ads On YouTube, Gmail and Other Platforms (reuters.com) 345

An anonymous reader quotes a report from Reuters: Google has discovered Russian operatives spent tens of thousands of dollars on ads on its YouTube, Gmail and Google Search products in an effort to meddle in the 2016 U.S. presidential election, a person briefed on the company's probe told Reuters on Monday. The ads do not appear to be from the same Kremlin-affiliated entity that bought ads on Facebook, but may indicate a broader Russian online disinformation effort, according to the source, who was not authorized to discuss details of Google's confidential investigation. The revelation is likely to fuel further scrutiny of the role that Silicon Valley technology giants may have unwittingly played during last year's election. U.S. intelligence agencies have concluded that Moscow's goal was to help elect Donald Trump. Google has uncovered less than $100,000 in ad spending potentially linked to Russian actors, the source said.
Businesses

How Comcast is Shortchanging Customers In Vermont (wired.com) 144

New submitter mirandakatz writes: Comcast is suing Vermont's Public Utility Commission, claiming -- among many other things -- that its First Amendment rights have been violated. But as Susan Crawford argues at Backchannel, there are far too many holes in that argument. Crawford writes that 'Comcast, which Wall Street knows is essentially an unregulated public utility for high-speed internet access in the areas it covers, has unlimited resources to fight off this public-spirited regulator...[And] although there are many efforts in Vermont to provide fiber (including ECFiber), they're still small: Comcast isn't feeling any pressure to upgrade its lines to fiber. And, as [Craig] Moffett has reported, Comcast from now on will be growing through price hikes, not through building new lines. It's done with building new lines. The whole thing is dispiriting.'

Slashdot Top Deals