SlashDot

Subscribe to SlashDot feed SlashDot
News for nerds, stuff that matters
Updated: 1 hour 11 min ago

Kansas Towns 'Rebel' Against Zuckerberg-Funded School Programs

3 hours 38 min ago
"I want to just take my Chromebook back and tell them I'm not doing it anymore," said Kallee Forslund, 16, a 10th grader in Wellington. The New York Times reports on a "rebellion" that started in Kansas against an online "personalized learning" program funded by Mark Zuckerberg and his wife, and developed by Facebook engineers -- including a classroom walk-out, a sit-in, and parent protests at public school board meetings. Read the Times' pay-walled original article or this free alternate version. Some highlights: Eight months earlier, public schools near Wichita had rolled out a web-based platform and curriculum from Summit Learning... Many families in the Kansas towns, which have grappled with underfunded public schools and deteriorating test scores, initially embraced the change. Under Summit's program, students spend much of the day on their laptops and go online for lesson plans and quizzes, which they complete at their own pace. Teachers assist students with the work, hold mentoring sessions and lead special projects. The system is free to schools. The laptops are typically bought separately. Then, students started coming home with headaches and hand cramps. Some said they felt more anxious. One child began having a recurrence of seizures. Another asked to bring her dad's hunting earmuffs to class to block out classmates because work was now done largely alone. "We're allowing the computers to teach and the kids all looked like zombies," said Tyson Koenig, a factory supervisor in McPherson, who visited his son's fourth-grade class. In October, he pulled the 10-year-old out of the school. In a school district survey of McPherson middle school parents released this month, 77 percent of respondents said they preferred their child not be in a classroom that uses Summit. More than 80 percent said their children had expressed concerns about the platform... The resistance in Kansas is part of mounting nationwide opposition to Summit, which began trials of its system in public schools four years ago and is now in around 380 schools and used by 74,000 students. In Brooklyn, high school students walked out in November after their school started using Summit's platform. In Indiana, Pa., after a survey by Indiana University of Pennsylvania found 70 percent of students wanted Summit dropped or made optional, the school board scaled it back and then voted this month to terminate it. And in Cheshire, Conn., the program was cut after protests in 2017... By [this] winter, many McPherson and Wellington students were fed up. While Summit's program asks schools to commit to having students meet weekly in person with teachers for at least 10 minutes, some children said the sessions lasted around two minutes or did not happen. The Parent Coalition for Student Privacy says the program also "demands an extraordinary amount of personal information about each student and plans to track them through college and beyond." But the real concern is whether the programs are effective. The Times also spoke to a senior scientist at the RAND corporation who's studied digital customized learning programs, who acknowledges "There has not been enough research." And a Wellington city councilman told them that 12 parents actually pulled their children out of the school system after this year's first semester -- and nearly 40 more plan to do so by summer vacation. One church secretary (with two school-age children) even coined a pithy slogan for her yard sign: "Don't Plummet With Summit."

Read more of this story at Slashdot.

The Incredibly Stupid Plot To Hijack a Domain By Breaking Into Its Owner's House With A Gun

Sun, 04/21/2019 - 11:39pm
CNN tells the story of 24-year-old "social media influencer" Rossi Lorathio Adams II who'd wanted his domain to be the slogan of his social media sites (which at one point had over a million followers on Snapchat, Instagram and Twitter). Unfortunately, that domain was already owned by another man in Iowa -- but Adams came up with a solution: In June 2017, Adams enlisted his cousin to break into the domain owner's home and force him to transfer it. The cousin drove to the domain owner's house and provided a demand note [which contained "a series of directions on how to change an Internet domain name from the domain owner's GoDaddy account to one of Adams' GoDaddy accounts."] After entering the home, the intruder grabbed the victim's arm and ordered him to connect his computer to the internet. He put the firearm against the victim's head and ordered him to follow the instructions. "Fearing for his life, the victim quickly turned to move the gun away from his head. The victim then managed to gain control of the gun," court records show. The victim shot the intruder multiple times and called the police. The intruder, Adams' cousin Sherman Hopkins Jr., was sentenced to 20 years in prison last year. Now it's Adams' turn. He will remain in custody pending sentencing. He faces a maximum 20 years in prison, a $250,000 fine and three years of supervised release.

Read more of this story at Slashdot.

Are We Sacrificing Too Much For Automation?

Sun, 04/21/2019 - 9:43pm
Fast Company shares an essay from an anthropologist who researches human agency, algorithms, AI, and automation in the context of social systems: With the advent of computational tools for quantitative measurement and metrics, and the development of machine learning based on the big data developed by those metrics, organizations, Amazon among them, started to transition through a period of what I refer to as "extreme data analysis," whereby anything and anyone that can be measured, is. This is a problem. Using counting, metrics, and implementation of outcomes from extreme data analysis to inform policies for humans is a threat to our well-being, and results in the stories we are hearing about in the warehouse, and in other areas of our lives, where humans are too often forfeiting their agency to algorithms and machines. Unfortunately, after decades of building this quantitative scaffolding, a company such as Amazon has pretty much baked it into their infrastructure and their culture.... As the world continues to automate things, processes, and services, humans are put in positions where we must constantly adapt, since at the moment, automation cannot, and does not, cooperate with us outside of its pre-programmed repertoire. Thus, in many instances we must do the yielding of our agency and our choices, to the algorithms or robots, to reach the cooperative outcomes we require.... If every process is eventually automated and restricts human agency, while simultaneously requiring our servitude to function, we will be pinned to the wall with no choices, nothing left to give, and no alternatives for coping with it. One example provided was the Amazon worker who complained the warehouse temperatures were always kept too hot -- to accommodate the needs of Amazon's robots. But the article argues we also forfeit agency "Every time we use a computer, or any computationally based device... "We do this by sitting or standing to use a keyboard, by typing, clicking, scrolling, checking boxes, pulling down menus, and filling in data in a way that the machine can understand."

Read more of this story at Slashdot.

Why Modern C++ Still Isn't As Safe As Memory-Safe Languages Like Rust and Swift

Sun, 04/21/2019 - 7:34pm
Alex Gaynor is a software engineer at Mozilla working on Firefox, after previously serving as a director of both the Python Software Foundation and the Django Software Foundation. In a new blog post today, he argues that memory unsafe languages, "principally C and C++," induce an exceptional number of security vulnerabilities, and that the industry needs to migrate to memory-safe languages like Rust and Swift by default. One of the responses I frequently receive is that the problem isn't C and C++ themselves, developers are simply holding them wrong. In particular, I often receive defenses of C++ of the form, "C++ is safe if you don't use any of the functionality inherited from C" or similarly that if you use modern C++ types and idioms you will be immune from the memory corruption vulnerabilities that plague other projects. I would like to credit C++'s smart pointer types, because they do significantly help. Unfortunately, my experience working on large C++ projects which use modern idioms is that these are not nearly sufficient to stop the flood of vulnerabilities... Modern C++ idioms introduce many changes which have the potential to improve security: smart pointers better express expected lifetimes, std::span ensures you always have a correct length handy, std::variant provides a safer abstraction for unions. However modern C++ also introduces some incredible new sources of vulnerabilities: lambda capture use-after-free, uninitialized-value optionals, and un-bounds-checked span. My professional experience writing relatively modern C++, and auditing Rust code (including Rust code that makes significant use of unsafe) is that the safety of modern C++ is simply no match for memory safe by default languages like Rust and Swift (or Python and JavaScript, though I find it rare in life to have a program that makes sense to write in either Python or C++). There are significant challenges to migrating existing, large, C and C++ codebases to a different language -- no one can deny this. Nonetheless, the question simply must be how we can accomplish it, rather than if we should try. The post highlights what he describes as "completely modern C++ idioms which produce vulnerabilities" -- including an example of dangling pointers "despite our meticulous use of smart pointers throughout..." "Even with the most modern C++ idioms available, the evidence is clear that, at scale, it's simply not possible to hold C++ right."

Read more of this story at Slashdot.

Black Hole Photo Used Supercomputers and Cloud Computing To Prove Einstein Right

Sun, 04/21/2019 - 6:32pm
An anonymous reader quotes The Next Web: As stunning and ground-breaking as it is, the EHT project is not just about taking on a challenge. It's an unprecedented test of whether Einstein's ideas about the very nature of space and time hold up in extreme circumstances, and looks closer than ever before at the role of black holes in the universe. To cut a long story short: Einstein was right.... His general theory of relativity has passed two serious tests from the universe's most extreme conditions in the last few years. Here, Einstein's theory predicted the observations from M87 with unerring accuracy, and is seemingly the correct description of the nature of space, time, and gravity. The measurements of the speeds of matter around the center of the black hole are consistent with being near the speed of light. The advanced computing research center at the University of Texas at Austin says the data for the photo "was collected during a 2017 global campaign, after decades of scientific, engineering, and computational research and preparation." And their own facility played a role in the finished photo, according to an article shared by aarondubrow: Helping to lay the groundwork for the black hole imaging, and providing the theoretical underpinnings that enabled the researchers to interpret the mass, underlying structure, and orientations of the black hole and its environment, were supercomputers at The University of Texas at Austin's Texas Advanced Computing Center (TACC) -- Stampede1, Stampede2 and Jetstream -- all three of which were supported by grants from the National Science Foundation (NSF), which also provided key funding for the EHT... "We are doing finite difference, three-dimensional simulations with not just gas dynamics, but also magnetic fields," said Harvard University professor and EHT researcher Ramesh Narayan. "That includes radiation and what is called two-temperature physics in a general relativistic framework. For these, we really do need the TACC's Stampede system with lots of cores and lots of hours.... The simulations are computationally very expensive and supercomputers are definitely needed...." Alongside the simulation and modeling effort, another group of researchers from the University of Arizona (UA) were using Jetstream -- a large-scale cloud environment for research located both at TACC and Indiana University -- to develop cloud-based data analysis pipelines that proved crucial for combining huge amounts of data taken from the geographically-distributed observatories, and sharing the data with researchers around the world. "New technologies such as cloud computing are essential to support international collaborations like this," said Chi-kwan Chan, leader of the EHT Computations and Software Working Group and an assistant astronomer at UA. "The production run was actually carried out on Google Cloud, but much of the early development was on Jetstream. Without Jetstream, it is unclear that we would have a cloud-based pipeline at all."

Read more of this story at Slashdot.

Red Hat Takes Over Maintenance of OpenJDK 8 and OpenJDK 11 From Oracle

Sun, 04/21/2019 - 5:20pm
"Red Hat is taking over maintenance responsibilities for OpenJDK 8 and OpenJDK 11 from Oracle," reports InfoWorld: Red Hat will now oversee bug fixes and security patches for the two older releases, which serve as the basis for two long-term support releases of Java. Red Hat's updates will feed into releases of Java from Oracle, Red Hat, and other providers... Previously, Red Hat led the OpenJDK 6 and OpenJDK 7 projects. Red Hat is not taking over OpenJDK 9 or OpenJDK 10, which were short-term releases with a six-month support window.

Read more of this story at Slashdot.

Bluecherry Open Sources Its Entire Linux Surveillance Server

Sun, 04/21/2019 - 4:44pm
"Big changes are here," writes the official blog for Bluecherry: In 2010 we released our multi-port MPEG4 video capture card with an open source driver (solo6x10) and in 2011 updated the driver to support our multi-port H.264 capture cards. Later, this open source driver was later added into the mainline Linux kernel. In 2013 we released our multi-platform surveillance application client with an open source (GPL) license. We are proud to announce that Effective April 18, 2019 we have released the entire Bluecherry software application open source with a GPL license. An anonymous reader writes: This includes the Linux based server application and the Windows / Linux / OS X client. Bluecherry's GitHub repo is now open for public viewing.

Read more of this story at Slashdot.

Linux 5.2 Will Introduce The Fieldbus Subsystem

Sun, 04/21/2019 - 4:14pm
"The new Fieldbus system has been deemed ready to be released into the staging area of the Linux kernel," writes jwhyche (Slashdot reader #6,192). Phoronix reports: This newest subsystem for the Linux kernel benefits industrial systems. Fieldbus is a set of network protocols for real-time distributed control of automated industrial systems. Fieldbus is used for connecting different systems/components/instruments within industrial environments. Fieldbus is used for connecting facilities ranging from manufacturing plants up to nuclear energy facilities. The Fieldbus specification has been around for decades while now seeing a formal subsystem within the Linux kernel. The subsystem allows for devices to exchange data over a Fieldbus whether it be Profinet, FLNet, or one of the other implementations. The subsystem provides a generic framework for exposing switches, lights, actuators, motors, and other hardware... The Linux kernel's Fieldbus subsystem has gone through over ten rounds of public revisions in recent months and has been deemed ready to premiere with Linux 5.2 [which] should debut in July.

Read more of this story at Slashdot.

Historic 'Summit' with the Creators of Python, Java, TypeScript, and Perl

Sun, 04/21/2019 - 3:07pm
"At the first annual charity event conducted by Puget Sound Programming Python on April 2, four legendary language creators came together to discuss the past and future of language design," reports PacktPub. - Guido van Rossum, the creator of Python - James Gosling, the founder, and lead designer behind the Java programming language - Anders Hejlsberg, the original author of Turbo Pascal who has also worked on the development of C# and TypeScript - Larry Wall, the creator of Perl You can watch the video here -- the speaker introductions start about 50 minutes into the video-- or read PacktPub's summary of the event: Guido van Rossum said designing a programming language is very similar to the way JK Rowling writes her books, the Harry Potter series... He says JK Rowling is a genius in the way that some details that she mentioned in her first Harry Potter book ended up playing an important plot point in part six and seven... When designing a language we start with committing to certain details like the keywords we want to use, the style of coding we want to follow, etc. But, whatever we decide on we are stuck with them and in the future, we need to find new ways to use those details, just like Rowling... When James Gosling was asked how Java came into existence and what were the design principles he abided by, he simply said, "it didn't come out of like a personal passion project or something. It was actually from trying to build a prototype.... It started out as kind of doing better C and then it got out of control that the rest of the project really ended up just providing the context." In the end, the only thing out of that project survived was Java... Larry Wall wanted to create a language that was more like a natural language. Explaining through an example, he said, "Instead of putting people in a university campus and deciding where they go we're just gonna see where people want to walk and then put shortcuts in all those places." A basic principle behind creating Perl was to provide APIs to everything. It was aimed to be both a good text processing language linguistically but also a glue language.... Similar to the views of Guido van Rossum, Anders Hejlsberg adds that any decision that you make when designing a language you have to live with it. When designing a language you need to be very careful about reasoning over what "not" to introduce in the language. There was also some discussion of types -- Gosling believes they help improve performance, while Hejlsberg said types are also useful when building coding tools. "It turns out that you can actually be more productive by adding types if you do it in a non-intrusive manner and if you work hard on doing good type inference and so forth." In fact, Hejlsberg told the audience that the TypeScript project was inspired by massive "write-only" JavaScript code bases, while a semantic understanding (including a type system) makes refactoring easier. Guido van Rossum acknowledged that TypeScript "is actually incredibly useful and so we're adding a very similar idea to Python. We are adding it in a slightly different way because we have a different context.... I've learned a painful lesson, that for small programs dynamic typing is great. For large programs, you have to have a more disciplined approach. And it helps if the language actually gives you that discipline, rather than telling you, 'Well, you can do whatever you want.'" In the video Larry Wall says the Perl 6 team had also noticed the limitations of loose typing, and added a robust type system to Perl 6 to "help with programming in the large." This was the first annual benefit for CSforALL, a group promoting high-quality computer science classes at every grade level.

Read more of this story at Slashdot.

More Than 23 Million People Use the Password '123456'

Sun, 04/21/2019 - 1:45pm
Bearhouse shares a new study from the UK's "National Cyber Security Centre," which advises the public on computer security, about the world's most-frequently cracked passwords. It's probably no surprise to the Slashdot readership: people use bad passwords. A recent study of publicly-available "hacked" accounts -- by the UK National Cyber Security Centre -- reveals "123456" was top, followed by the much more secure "123456789" and hard-to-guess "qwerty". If you're a soccer (football) fan, then try "Liverpool" or "Chelsea" -- they'll work in more than half a million cases. Finally, for musicians, Metallica gets beaten down by 50cent, 140k to 190k respectively. The most common fictional names used as passwords were "superman" (333,139 users), "naruto" (242,749), "tigger" (237,290), "pokemon" (226,947), and "batman" (203,116). The organization recommends instead choosing three random words as a password -- and also checking "password blacklists" that show passwords that have already been found in past data breaches. (Developers and sysadmins are also advised to implement these checks as part of their rules for which user passwords will be allowed.) The organization also released a file from the "Have I Been Pwned" site containing the top 100,000 passwords. So what are the top ten most-frequently used passwords? 123456123456789qwertypassword11111112345678abc1231234567password112345

Read more of this story at Slashdot.

Southwest Airlines Says They'll Purchase 'Hundreds' More Boeing 737 Max Aircraft

Sun, 04/21/2019 - 12:34pm
Inc. magazine describes as "stunning" announcement from Southwest Airlines, "by far the biggest 737 Max customer in the United States, with 34 of the planes among its fleet, and plans for many more. " Speaking at a chamber of commerce event in Dallas, Southwest chairman and CEO Gary Kelly said Southwest has no plans to abandon the 737 Max. In fact, he said it will purchase "hundreds" more 737 Max aircraft. "It's a very good airplane, but Boeing has acknowledged that they've got some things they need to address with the software in that airplane," Kelly said, according to the Dallas Business Journal. "It seems like it's a relatively straight-forward modification. We're obviously anxious to get the airplane back in service." That's it: all-in on the 737 Max. Or at least close to it... By flying just one aircraft, Southwest knows that almost any of its pilots can fly any of its planes. Its scheduling and maintenance tasks become a lot easier than for airlines with multiple types of aircraft. But it also means that ultimately, Southwest's brand and its overall success are tied up with Boeing and the 737 in a way that few other airlines are. Marketwatch adds that in fact, major airlines "are hungry for fuel-efficient single-aisle aircraft such as the Max, and there's a long backlog for the jet's closest competitor, Airbus SE, analysts at Oxford Economics said in a note Thursday. "That will shield Boeing from a mass cancellation of orders," the analysts said.

Read more of this story at Slashdot.

Fortnite World Cup: More than 1,200 Accounts Banned For Cheating

Sun, 04/21/2019 - 11:34am
"Epic Games gave bans to more than 1,200 Fortnite accounts and revoked cash prizes that more than 200 players had won following Epic's investigations of cheating in the first week of Fortnite's World Cup Online Open," reports Polygon: That cheater (whom Epic did not name) used the cheat software during the tournament's semifinals. The account involved had played "for less than five minutes" before being discovered and banned, Epic said. The great majority of the other accounts sanctioned received two-week bans for their misconduct. Of them, 196 players forfeited their winnings after they were caught circumventing region locks to play in several regions. Epic said that will change the prize payouts for others in the tournament, but their improved finishes won't be reflected on Fortnite's in-game leaderboard. Nine prize winners lost their money for sharing accounts, and one winner's earnings were vacated for teaming. Epic Games said it has added a "real-time teaming detection algorithm" to its competitive play. Teaming, in which players in a solo mode work cooperatively and create a competitive disadvantage for others, can get players banned even in competitive non-tournament play.

Read more of this story at Slashdot.

How Facebook Mis-Captioned the Launch of a NASA Supply Rocket

Sun, 04/21/2019 - 10:34am
An anonymous reader quotes Ars Technica: An Antares rocket built by Northrop Grumman launched on Wednesday afternoon, boosting a Cygnus spacecraft with 3.4 tons of cargo toward the International Space Station. The launch from Wallops Island, Virginia, went flawlessly, and the spacecraft arrived at the station on Friday. However, when NASA's International Space Station program posted the launch video to its Facebook page on Thursday, there was a problem. Apparently the agency's caption service hadn't gotten to this video clip yet, so viewers with captions enabled were treated not just to the glory of a rocket launch, but the glory of Facebook's automatically generated crazywords... Some of the captions are just hilariously bad. For example, when the announcer triumphantly declares, "And we have liftoff of the Antares NG-11 mission to the ISS," the automatically generated caption service helpfully says, "And we have liftoff of the guitarist G 11 mission to the ice sets." There's more examples in the photos at the top of their article -- for example, a caption stating that the uncrewed launch "had a phenomenal displaced people at 60 seconds," and translating the phrase "TVC is nominal" to "phenomenal." While the lift-off announcer does use what may be unfamiliar names for the rockets, along with other technical jargon, the article points out that YouTube's auto-captioning of the same launch "seemed to have no problem with those bits of space argot."

Read more of this story at Slashdot.

A Secret Server For the Dead MMO 'City of Heroes' Has Players In an Uproar

Sun, 04/21/2019 - 9:34am
eatmorekix quotes Vice: In 2012, Paragon Studios announced it was shutting down City of Heroes, a massively multiplayer online game where a community of players created their own superheroes, went on adventures together, and formed lasting friendships. The news was crushing to the game's devoted community because they could no longer play and hang out in the virtual space they loved, and today, years after the game's shutdown, the community is in an uproar again. As Massivelyop first reported, a group of City of Heroes players called the Secret Cabal of Reverse Engineers (SCORE) had created their own, private server where they could continue to play the game for the last six years, but kept it relatively secret. "I like the rest of you have been lied to," Reddit user avoca wrote in a thread titled "BE ANGRY" on the City of Heroes subreddit. "I have been told City of Heroes has been shutdown. Today, I learn I have been mistaken. For all of these years, City of Heroes has lived on. In secret. For every passing day and every withdrawal symptom, a person is playing on this secret server, and they are gaining xp, leveling up, performing task forces and forming supergroups." In 2004 the game's lead designer answered questions from Slashdot's reader. 15 years, a member of the emulator team tells Massivelyop that they'd tried to keep their City of Heroes server a secret for over six years because they were worried about getting a cease and desist notice from the game's publishers.

Read more of this story at Slashdot.

Did Google Sabotage Firefox and IE?

Sun, 04/21/2019 - 6:34am
Firefox's former VP accused Google of sabotaging Firefox -- for example, when Gmail and Google Docs "started to experience selective performance issues and bugs on Firefox" and demo sites "would falsely block Firefox as 'incompatible'... There were dozens of oopses. Hundreds maybe... [W]hen you see a sustained pattern of 'oops' and delays from this organization -- you're being outfoxed." Now Nightingale's accusations have stirred up some follow-up from technology reporters. An anonymous reader shares a blog post by ZDNet security reporter Catalin Cimpanu: Nightingale is not the first Firefox team member to come forward and make such accusations. In July 2018, Mozilla Program Manager Chris Peterson accused Google of intentionally slowing down YouTube performance on Firefox. He revealed that both Firefox and Edge were superior when loading YouTube content when compared to Chrome, and in order to counteract this performance issue, Google switched to using a JavaScript library for YouTube that they knew wasn't supported by Firefox. At this point, it's very hard not to believe or take Nightingale's comments seriously. Slowly but surely, Google is becoming the new Microsoft, and Chrome is slowly turning into the new IE, an opinion that more and more users are starting to share. On Twitter, a senior editor at the Verge added "Google did a lot of 'oops' accidents to Windows Phone, too. Same pattern of behavior with its services and Edge. Oopsy this, oopsy that." The site MSPowerUser also shares a similar story from former Microsoft Edge intern, Joshua Bakita. "I very recently worked on the Edge team, and one of the reasons we decided to end EdgeHTML was because Google kept making changes to its sites that broke other browsers, and we couldn't keep up." Meanwhile, Computerworld argues that data "backs up Nightingale's admission, to a point." [I]f Google monkey business contributed to Firefox's fall, it must have really damaged Microsoft's IE. During the time it took Chrome to replace Firefox as the No. 2 browser, Firefox lost just 9% of its user share, while IE shed 22%. And Chrome's most explosive growth - which began in early 2016 - didn't come at Firefox's expense; instead, it first hollowed out IE, then suppressed any potential enthusiasm for the follow-on Edge. Chrome didn't reach its current place -- last month capturing nearly 68% of all browser activity -- by raiding Firefox. It did it by destroying IE. Oops.

Read more of this story at Slashdot.

Bitcoin Couldn't Hide Russia's Operatives From Mueller's Investigation

Sun, 04/21/2019 - 3:34am
"Russian operatives used cryptocurrency at almost every stage in their online efforts to interfere in the 2016 U.S. presidential election, according to Special Counsel Robert Mueller's final report on his investigation." So says CNN, adding that "Systems used in the hacking of the Democratic Party were paid for using Bitcoin, as were online hosting services that supported websites which published hacked materials and were used in the targeting of disinformation at American voters." The Russian operatives (a.k.a. the Fancy Bear team) withdrew funds from both the CEX.io and BTC-e.com cryptocurrency exchanges to fund domain purchases, server rentals, and VPN services, reports Draconi, Slashdot reader #38,078. He's correlated the Mueller report with the Bitcoin blockchain addresses referenced (indirectly) in two indictments brought by America's Department of Justice -- one for interference in the 2016 U.S. Presidential Election, and one for the public leak of Olympic drug-testing results -- and shared the results of his investigation with CNN. CNN reports: Russian agents, including those from the GRU, Russia's military intelligence agency, had sought to, as the Mueller indictment of GRU agents last July outlined, "capitalize on the perceived anonymity of cryptocurrencies." But while Bitcoin allowed Russians to "avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds," according to the same indictment, it wasn't enough to evade Mueller's investigation. Tim Cotten, a blockchain developer and security researcher who has done extensive work in tracking Russian Bitcoin accounts unearthed by Mueller's team, noted in an interview with CNN Business that trading Bitcoins on exchanges usually requires users to set up Bitcoin wallets that are tied to an email address. Federal investigators were able to access at least some of the email accounts used in the operation, which, Cotten says, would have made tracing Bitcoin transactions a lot easier. Investigators' access to the "the other side of the blockchain equation," as he described it, was important because, "Rather than having to search the blockchain for clues, they already had all of the receipts demonstrating which accounts were under the GRU's control." The Russians used stolen and false identities in setting up some of these accounts, according to Mueller's team, but had used some of the same accounts to purchase servers and website domains involved in the hacking of the Democratic Party and the publishing of the hacked materials, Mueller's indictment outlines. That, Cotten said, would have made it easier for investigators to tie the case together. "The purchase trails are fully exposed in the Bitcoin blockchain as funds are used, consolidated, and deposited into secondary online wallets such as SpectroCoin.com and Xapo.com," Cotten writes on his site. "Anyone can follow along and trace the payment chains to see exactly how the Russians were spending their money, when, and on what."

Read more of this story at Slashdot.

'Pi VizuWall' Is a Beowulf Cluster Built With Raspberry Pi's

Sun, 04/21/2019 - 12:34am
Why would someone build their own Beowulf cluster -- a high-performance parallel computing prototype -- using 12 Raspberry Pi boards? It's using the standard Beowulf cluster architecture found in about 88% of the world's largest parallel computing systems, with an MPI (Message Passing Interface) system that distributes the load over all the nodes. Matt Trask, a long-time computer engineer now completing his undergraduate degree at Florida Atlantic University, explains how it grew out of his work on "virtual mainframes": In the world of parallel supercomputers (branded 'high-performance computing', or HPC), system manufacturers are motivated to sell their HPC products to industry, but industry has pushed back due to what they call the "Ninja Gap". MPI programming is hard. It is usually not learned until the programmer is in grad school at the earliest, and given that it takes a couple of years to achieve mastery of any particular discipline, most of the proficient MPI programmers are PhDs. And this, is the Ninja Gap -- industry understands that the academic system cannot and will not be able to generate enough 'ninjas' to meet the needs of industry if industry were to adopt HPC technology. As part of my research into parallel computing systems, I have studied the process of learning to program with MPI and have found that almost all current practitioners are self-taught, coming from disciplines other than computer science. Actual undergraduate CS programs rarely offer MPI programming. Thus my motivation for building a low-cost cluster system with Raspberry Pis, in order to drive down the entry-level costs. This parallel computing system, with a cost of under $1000, could be deployed at any college or community college rather than just at elite research institutions, as is done [for parallel computing systems] today. The system is entirely open source, using only standard Raspberry Pi 3B+ boards and Raspbian Linux. The version of MPI that is used is called MPICH, another open-source technology that is readily available. But there's an added visual flourish, explains long-time Slashdot reader iamacat. "To visualize computing, each node is equipped with a servo motor to position itself according to its current load -- lying flat when fully idle, standing up 90 degrees when fully utilized." Its data comes from the /proc filesystem, and the necessary hinges for this prototype were all generated with a 3D printer. "The first lesson is to use CNC'd aluminum for the motor housings instead of 3D-printed plastic," writes Trask. "We've seen some minor distortion of the printed plastic from the heat generated in the servos."

Read more of this story at Slashdot.

'How the Boeing 737 Max Disaster Looks to a Software Developer'

Sat, 04/20/2019 - 9:34pm
Slashdot reader omfglearntoplay shared this article from IEEE's Spectrum. In "How the Boeing 737 Max Disaster Looks to a Software Developer," pilot (and software executive) Gregory Travis argues Boeing tried to avoid costly hardware changes to their 737s with a flawed software fix -- specifically, the Maneuvering Characteristics Augmentation System (or MCAS): It is astounding that no one who wrote the MCAS software for the 737 Max seems even to have raised the possibility of using multiple inputs, including the opposite angle-of-attack sensor, in the computer's determination of an impending stall. As a lifetime member of the software development fraternity, I don't know what toxic combination of inexperience, hubris, or lack of cultural understanding led to this mistake. But I do know that it's indicative of a much deeper problem. The people who wrote the code for the original MCAS system were obviously terribly far out of their league and did not know it. So Boeing produced a dynamically unstable airframe, the 737 Max. That is big strike No. 1. Boeing then tried to mask the 737's dynamic instability with a software system. Big strike No. 2. Finally, the software relied on systems known for their propensity to fail (angle-of-attack indicators) and did not appear to include even rudimentary provisions to cross-check the outputs of the angle-of-attack sensor against other sensors, or even the other angle-of-attack sensor. Big strike No. 3... None of the above should have passed muster. None of the above should have passed the "OK" pencil of the most junior engineering staff... That's not a big strike. That's a political, social, economic, and technical sin... The 737 Max saga teaches us not only about the limits of technology and the risks of complexity, it teaches us about our real priorities. Today, safety doesn't come first -- money comes first, and safety's only utility in that regard is in helping to keep the money coming. The problem is getting worse because our devices are increasingly dominated by something that's all too easy to manipulate: software.... I believe the relative ease -- not to mention the lack of tangible cost -- of software updates has created a cultural laziness within the software engineering community. Moreover, because more and more of the hardware that we create is monitored and controlled by software, that cultural laziness is now creeping into hardware engineering -- like building airliners. Less thought is now given to getting a design correct and simple up front because it's so easy to fix what you didn't get right later. The article also points out that "not letting the pilot regain control by pulling back on the column was an explicit design decision. Because if the pilots could pull up the nose when MCAS said it should go down, why have MCAS at all? "MCAS is implemented in the flight management computer, even at times when the autopilot is turned off, when the pilots think they are flying the plane."

Read more of this story at Slashdot.

'Some Cheers, A Few Sneers For Google's URL Solution For AMP'

Sat, 04/20/2019 - 7:34pm
The Verge explains what all the commotion is about: AMP stands for "Accelerated Mobile Pages," and you've probably noticed that those pages load super quickly and usually look much simpler than regular webpages. You may have also noticed that the URL at the top of your browser started with "www.google.com/somethingorother" instead of with the webpage you thought you were visiting. Google is trying to fix that by announcing support for something called "Signed Exchanges." What it should mean is that when you click on one of those links, your URL will be the original, correct URL for the story. Cloudflare is joining Google in supporting the standard for customers who use its services. In order for this thing to work, every step in the chain of technologies involved in loading the AMP format has to support Signed Exchanges, including your browser, the search engine, and the website that published the link. Right now, that means the URL will be fixed only when a Chrome browser loads a Google search link to a published article that has implemented support. Mozilla'a official position on signed exchanges is they're "harmful," arguing in a 51-page position paper that there's both security and privacy considerations. Pierre Far, a former Google employee, posted on Twitter that the change "breaks many assumptions about how the web works," and that in addition, "Google is acting too quickly. Other browsers and internet stakeholders have well-founded concerns, and the correct mechanism to address them is the standardization process. Google skipped all that. Naughty." Jeffrey Yaskin, from Chrome's web platform team, even acknowledged that criticism with a tweet of his own. "I think it's fair to say we're pushing it. The question is our motives, which I claim is to improve the web rather than to 'all your base' it, but I would say that either way." Search Engine Land cited both tweets, and shared some concerns of their own. "The compromise we have to consider before getting on board with Signed HTTP Exchanges is whether we're willing to allow a third party to serve up our content without users being able to tell the difference. "If we, as digital marketers, want to influence the conventions of our future work environment, we'll have to decide if the gains are enough to disrupt long-standing assumptions of how websites are delivered. If so, we'll also have to cede the ability to judge user intent over to Google and swallow the fact that it skipped over the standardization process to implement a process that one of its own created."

Read more of this story at Slashdot.

Smoke 'Seen For Miles' as SpaceX Crew Dragon Suffers Anomaly at Cape Canaveral

Sat, 04/20/2019 - 6:41pm
An anonymous reader quotes Florida Today: A SpaceX Crew Dragon capsule suffered an anomaly during a routine test fire at Cape Canaveral Air Force Station Saturday afternoon, the 45th Space Wing confirmed today. "On April 20, 2019, an anomaly occurred at Cape Canaveral Air Force Station during the Dragon 2 static test fire," Wing Spokesman Jim Williams told FLORIDA TODAY. "The anomaly was contained and there were no injuries." SpaceX's Crew Dragon, also referred to as Dragon 2, is designed to take humans to the International Space Station and successfully flew for the first time in March. The company was planning to launch a crewed version of the spacecraft no earlier than July, but was also planning an in-flight abort test, or a demonstration of its life-saving abort capabilities, sometime before then. That reporter has now also tweeted an official statement from SpaceX. "Earlier today, SpaceX conducted a series of engine tests on a Crew Dragon test vehicle on our test stand at Landing Zone 1 in Cape Canaveral. The initial tests completed successfully but the final test resulted in an anomaly on the test stand. "Ensuring that our systems meet rigorous safety standards and detecting anomalies like this prior to flight are the main reasons why we test. Our teams are investigating and working closely with our NASA partners."

Read more of this story at Slashdot.

Pages