BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×
Programming

More Than Half of GitHub Is Duplicate Code, Researchers Find (theregister.co.uk) 50

Richard Chirgwin, writing for The Register: Given that code sharing is a big part of the GitHub mission, it should come at no surprise that the platform stores a lot of duplicated code: 70 per cent, a study has found. An international team of eight researchers didn't set out to measure GitHub duplication. Their original aim was to try and define the "granularity" of copying -- that is, how much files changed between different clones -- but along the way, they turned up a "staggering rate of file-level duplication" that made them change direction. Presented at this year's OOPSLA (part of the late-October Association of Computing Machinery) SPLASH conference in Vancouver, the University of California at Irvine-led research found that out of 428 million files on GitHub, only 85 million are unique. Before readers say "so what?", the reason for this study was to improve other researchers' work. Anybody studying software using GitHub probably seeks random samples, and the authors of this study argued duplication needs to be taken into account.
Math

Devs Working To Stop Go Math Error Bugging Crypto Software (theregister.co.uk) 48

Richard Chirgwin, writing for The Register: Consider this an item for the watch-list, rather than a reason to hit the panic button: a math error in the Go language could potentially affect cryptographic libraries. Security researcher Guido Vranken (who earlier this year fuzzed up some bugs in OpenVPN) found an exponentiation error in the Go math/big package. Big numbers -- particularly big primes -- are the foundation of cryptography. Vranken posted to the oss-sec mailing list that he found the potential issue during testing of a fuzzer he wrote that "compares the results of mathematical operations (addition, subtraction, multiplication, ...) across multiple bignum libraries." Vranken and Go developer Russ Cox agreed that the bug needs specific conditions to be manifest: "it only affects the case e = 1 with m != nil and a pre-allocated non-zero receiver."
Google

Google Wipes 786 Pirate Sites From Search Results (torrentfreak.com) 83

Google and several leading Russian search engines have completely wiped 786 "pirate" sites from their search results. That's according to telecoms watch Rozcomnadzor, which reports that the search providers delisted the sites after ISPs were ordered by a Moscow court to permanently block them. TorrentFreak reports: Late July, President Vladimir Putin signed a new law which requires local telecoms watchdog Rozcomnadzor to maintain a list of banned domains while identifying sites, services, and software that provide access to them. [...] Nevertheless, on October 1 the new law ("On Information, Information Technologies and Information Protection") came into effect and it appears that Russia's major search engines have been very busy in its wake. According to a report from Rozcomnadzor, search providers Google, Yandex, Mail.ru, Rambler, and Sputnik have stopped presenting information in results for sites that have been permanently blocked by ISPs following a decision by the Moscow City Court. "To date, search engines have stopped access to 786 pirate sites listed in the register of Internet resources which contain content distributed in violation of intellectual property rights," the watchdog reports. The domains aren't being named by Rozcomnadzor or the search engines but are almost definitely those sites that have had complaints filed against them at the City Court on multiple occasions but have failed to take remedial action. Also included will be mirror and proxy sites which either replicate or facilitate access to these blocked and apparently defiant domains.
Android

Samsung's Galaxy S9 Will Appear At CES In January, Says Report (venturebeat.com) 41

According to VentureBeat, Samsung is planning to show off its next-generation Galaxy S9 and S9+ smartphones at January's Consumer Electronics Show in Las Vegas. Some of the information about the devices will be shared at CES, but Samsung is still apparently holding an official launch event in March, as it did this past year for the Galaxy S8 and S8+. From the report: Codenamed Star 1 and Star 2 -- and going by model numbers SM-G960 and SM-G965 -- the S9 and S9+ will feature the same 5.8-inch and 6.2-inch curved-edge Super AMOLED "Infinity" displays, respectively, as their predecessors. While no specific processor was mentioned, it is said to employ 10-nanometer fabrication techniques, which is highly suggestive of the upcoming Snapdragon 845 from Qualcomm (and likely a similar Exynos model for some regions). Besides a bigger screen, the S9+ will reportedly offer more RAM (6GB versus 4GB) and a second rear camera, similar to the Note8. Both models pack 64GB of internal storage, supplemented by a microSD slot, and both leave the 3.5-millimeter headphone jack intact. Regardless of rear camera configuration, both phones orient the elements on the back of the device vertically -- with the fingerprint sensor on the bottom, in acknowledgement of one of the most frequent complaints about all three of Samsung's 2017 flagship handsets. Another change that's sure to be well-received is the addition of AKG stereo speakers. Finally, Samsung plans to introduce a backward-compatible DeX docking station that situates the phones flat and utilizes the screens as either a touchpad or a virtual keyboard.
Wine

Ask Slashdot: What Are Your Greatest Successes and Weaknesses With Wine (Software)? 236

wjcofkc writes: As a distraction, I decided to get the video-editing software Filmora up and running on my Ubuntu box. After some tinkering, I was able to get it installed, only to have the first stage vaporize on launch. This got me reflecting on my many hits and misses with Wine (software) over the years. Before ditching private employment, my last job was with a software company. They were pretty open minded when I came marching in with my System76 laptop, and totally cool with me using Linux as my daily driver after quickly getting the Windows version of their software up and running without a hitch. They had me write extensive documentation on the process. It was only two or three paragraphs, but I consider that another Wine win since to that end I scored points at work. Past that, open source filled in the blanks. That was the only time I ever actually needed (arguably) for it to work. Truth be told, I mostly tinker around with it a couple times a year just to see what does and does not run. Wine has been around for quite awhile now, and while it will never be perfect, the project is not without merit. So Slashdot community, what have been your greatest successes and failures with Wine over the years?
Software

Apple Scientists Disclose Self-Driving Car Research (reuters.com) 34

Apple's first publicly disclosed paper on autonomous vehicles has been posted online by the company's computer scientists. The research describes a new software approach called "VoxelNet" that helps computers detect three-dimensional objects like cyclists and pedestrians while using fewer sensors. Reuters reports: The paper by Yin Zhou and Oncel Tuzel, submitted on Nov. 17 to independent online journal arXiv, is significant because Apple's famed corporate secrecy around future products has been seen as a drawback among artificial intelligence and machine learning researchers. The scientists proposed a new software approach called "VoxelNet" for helping computers detect three-dimensional objects.

Self-driving cars often use a combination of normal two-dimensional cameras and depth-sensing "LiDAR" units to recognize the world around them. While the units supply depth information, their low resolution makes it hard to detect small, faraway objects without help from a normal camera linked to it in real time. But with new software, the Apple researchers said they were able to get "highly encouraging results" in spotting pedestrians and cyclists with just LiDAR data. They also wrote they were able to beat other approaches for detecting three-dimensional objects that use only LiDAR. The experiments were computer simulations and did not involve road tests.

Medicine

The Feds Are Officially Cracking Down on Basement Biohackers (gizmodo.com) 206

Kristen Brown, reporting for Gizmodo: The Food and Drug Agency has issued a stern warning to anyone who might be crazy enough to undertake gene therapy in the do-it-yourself fashion. Definitely don't do this at home, a statement released on Tuesday implies. And if you do, we'll throw every law we can at you. The FDA's deterrent comes on the heels of a brazen DIY gene therapy experiment, in which a 27-year-old software engineer injected himself with an unprove gene therapy for HIV designed by three biohacker friends. The first injection was streamed live on Facebook in October, and went viral after it was covered by Gizmodo. "You can't stop it, you can't regulate these things," patient zero, Tristan Roberts, told Gizmodo at the time. Apparently the FDA begs to differ.
Microsoft

Stop Using Excel, Finance Chiefs Tell Staffs (wsj.com) 257

Tatyana Shumsky, reporting for WSJ: Adobe's finance chief Mark Garrett says his team struggles keeping track of which jobs have been filled at the software company. The process can take days and requires finance staff to pull data from disparate systems that house financial and human-resources information into Microsoft's Excel spreadsheets. From there they can see which groups are hiring and how salary spending affects the budget. "I don't want financial planning people spending their time importing and exporting and manipulating data, I want them to focus on what is the data telling us," Mr. Garrett said. He is working on cutting Excel out of this process, he said. CFOs at companies including P.F. Chang's China Bistro, ABM Industries and Wintrust Financial are on a similar drive to reduce how much their finance teams use Excel for financial planning, analysis and reporting (Editor's note: the link could be paywalled; an alternative source wasn't immediately available). Finance chiefs say the ubiquitous spreadsheet software that revolutionized accounting in the 1980s hasn't kept up with the demands of contemporary corporate finance units. Errors can bloom because data in Excel is separated from other systems and isn't automatically updated.
Privacy

How a Wi-Fi Pineapple Can Steal Your Data (And How To Protect Yourself From It) (vice.com) 45

An anonymous reader writes: The Wi-Fi Pineapple is a cheap modified wireless router enables anyone to execute sophisticated exploits on Wi-Fi networks with little to no networking expertise. A report in Motherboard explains how it can be used to run a Wall of Sheep and execute a man-in-the-middle attack, as well as how you can protect yourself from Pineapple exploits when you're connected to public Wi-Fi. "... it's important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to 'forget' that network. This way your device won't be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple," reports Motherboard. "Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the 'Manage Network' tab of the phone's settings. Another simple solution is to turn off your Wi-Fi functionality when you're not using it -- though that isn't as easy to do on some devices anymore -- and don't allow your device to connect to automatically connect to open Wi-Fi networks."
Windows

Microsoft Confirms Surface Book 2 Can't Stay Charged During Gaming Sessions (engadget.com) 136

The Verge mentioned in their review that the Surface Book 2's power supply can't charge the battery fast enough to prevent it from draining in some cases. Microsoft has since confirmed that "in some intense, prolonged gaming scenarios with Power Mode Slider set to 'best performance' the battery may discharge while connected to the power supply." Engadget reports: To let you choose between performance and battery life, the Surface Book has a range of power settings. If you're doing video editing or other GPU intensive tasks, you can crank it up to "best performance" to activate the NVIDIA GPU and get more speed. Battery drain is normally not an issue with graphics apps because the chip only kicks in when needed. You'll also need the "best performance" setting for GPU-intensive games, as they'll slow down or drop frames otherwise. The problem is that select titles like Destiny 2 use the NVIDIA chip nearly continuously, pulling up to 70 watts of power on top of the 35 watt CPU. Unfortunately, the Surface Book comes with a 102-watt charger, and only about 95 watts of that reaches the device, the Verge points out. Microsoft says that the power management system will prevent the battery from draining completely, even during intense gaming, but it would certainly mess up your Destiny 2 session. It also notes that the machine is intended for designers, developers and engineers, with the subtext that it's not exactly marketed as a gaming rig.
Bitcoin

$31 Million In Tokens Stolen From Dollar-Pegged Cryptocurrency Tether 59

Mark Wilson shares a report from BetaNews: All eyes may be on the meteoric rise of Bitcoin at the moment, but it's far from being the only cryptocurrency on the block. Startup Tether issued a critical announcement after it was discovered that "malicious action by an external attacker" had led to the theft of nearly $31 million worth of tokens. Tether is a dollar-pegged cryptocurrency formerly known as Realcoin, and it says that $30,950,010 was stolen from a treasury wallet. The company says it is doing what it can to ensure exchanges do not process these tokens, including temporarily suspending its backend wallet service. Tether knows the address used by the attacker to make the theft, but is not aware of either who the attacker is, or how the attack took place. The company is releasing a new version of its Omni Core software client in what it says is "effectively a temporary hard fork to the Omni Layer."
Security

Ask Slashdot: How Are So Many Security Vulnerabilities Possible? 347

dryriver writes: It seems like not a day goes by on Slashdot and elsewhere on the intertubes that you don't read a story headline reading "Company_Name Product_Name Has Critical Vulnerability That Allows Hackers To Description_Of_Bad_Things_Vulnerability_Allows_To_Happen." A lot of it is big brand products as well. How, in the 21st century, is this possible, and with such frequency? Is software running on electronic hardware invariably open to hacking if someone just tries long and hard enough? Or are the product manufacturers simply careless or cutting corners in their product designs? If you create something that communicates with other things electronically, is there no way at all to ensure that the device is practically unhackable?
Security

Sacramento Regional Transit Systems Hit By Hacker (cbslocal.com) 35

Zorro shares a report from CBS Local: Sacramento Regional Transit is the one being taken for a ride on this night, by a computer hacker. That hacker forced RT to halt its operating systems that take credit card payments, and assigns buses and trains to their routes. The local transit agency alerted federal agents following an attack on their computers that riders may not have noticed Monday. "We actually had the hackers get into our system, and systematically start erasing programs and data," Deputy General Manager Mark Lonergan. Inside RT's headquarters, computer systems were taken down after the hacker deleted 30 million files. The hacker also demanded a ransom in bitcoin, and left a message on the RT website reading "I'm sorry to modify the home page, I'm good hacker, I just want to help you fix these vulnerability."
Privacy

Uber Concealed Cyberattack That Exposed 57 Million People's Data (bloomberg.com) 31

According to Bloomberg, hackers stole the personal data of 57 million customers and drivers from Uber. The massive breach was reportedly concealed by the company for more than a year. From the report: Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers were accessed as well, including some 600,000 U.S. driver's license numbers. No Social Security numbers, credit card details, trip location info or other data were taken, Uber said. At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

Here's how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

OS X

New Windows Search Interface Borrows Heavily From MacOS (arstechnica.com) 84

An anonymous reader quotes a report from Ars Technica: Press clover-space on a Mac (aka apple-space or command-space to Apple users) and you get a search box slap bang in the middle of the screen; type things into it and it'll show you all the things it can find that match. On Windows, you can do the same kind of thing -- hit the Windows key and then start typing -- but the results are shown in the bottom left of your screen, in the Start menu or Cortana pane. The latest insider build of Windows, build 17040 from last week, has a secret new search interface that looks a lot more Mac-like. Discovered by Italian blog Aggiornamenti Lumia, set a particular registry key and the search box appears in the middle of the screen. The registry key calls it "ImmersiveSearch" -- hit the dedicated key, and it shows a simple Fluent-designed search box and results. This solution looks and feels a lot like Spotlight on macOS.
Microsoft

Microsoft Offering Free Windows 10 Development Environment VM for a Limited Time (bleepingcomputer.com) 81

An anonymous reader shares a report: Microsoft is providing a free virtual machine that comes preloaded with Windows 10 Enterprise, Visual Studio 2017, and various utilities in order to promote the development of Universal Windows Platform apps. Before you get too excited about a free version of Windows 10 Enterprise, this Virtual Machine will expire on January 15th 2018. When downloading the development environment, you can choose either a VMware, VirtualBox, Hyper-V, or Parallels virtual machine depending on what virtual machine software you use. Each of these images are about 17-20GB when extracted from the downloaded archive and include almost everything you need to develop Universal Windows Platform apps.
Privacy

Over 400 of the World's Most Popular Websites Record Your Every Keystroke (vice.com) 259

An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn't new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled "No Boundaries," three researchers from Princeton's Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world's most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers' findings. If you accidentally paste something into a form that was copied to your clipboard, it's also recorded. These scripts, or bits of code that websites run, are called "session replay" scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don't just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don't run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can't "reasonably be expected to be kept anonymous," according to the researchers.
Transportation

Uber Expands Driverless-Car Push With Deal For 24,000 Volvos (bloomberg.com) 174

Uber agreed to buy 24,000 sport utility vehicles from Volvo to form a fleet of driverless autos. According to Bloomberg, "The XC90s, priced from $46,900 at U.S. dealers, will be delivered from 2019 to 2021 in the first commercial purchase by a ride-hailing provider." Uber will add its own sensors and software to permit pilot-less driving. From the report: Uber's order steps up efforts to replace human drivers, the biggest cost in its on-demand taxi service. The autonomous fleet is small compared with the more than 2 million people who drive for Uber but reflects dedication to the company's strategy of developing self-driving cars. "This new agreement puts us on a path toward mass-produced, self-driving vehicles at scale," Jeff Miller, Uber's head of auto alliances, told Bloomberg News. "The more people working on the problem, we'll get there faster and with better, safer, more reliable systems."
iMac

iMac Pro Will Have An A10 Fusion Coprocessor For 'Hey, Siri' Support and More Secure Booting, Says Report (theverge.com) 164

According to Apple firmware gurus Steven Troughton-Smith and Guilherme Rambo, the upcoming iMac Pro will feature an A10 Fusion coprocessor to enable two interesting new features. "The first is the ability for the iMac Pro to feature always-on 'Hey, Siri' voice command support, similar to what's currently available on more recent iPhone devices," reports The Verge. "[T]he bigger implication of the A10 Fusion is for a less user-facing function, with Apple likely to use the coprocessor to enable SecureBoot on the iMac Pro." From the report: In more practical terms, it means that Apple will be using the A10 Fusion chip to handle the initial boot process and confirm that software checks out, before passing things off to the regular x86 Intel processor in your Mac. It's not something that will likely change how you use your computer too much, like the addition of "Hey, Siri" support will, but it's a move toward Apple experimenting with an increased level of control over its software going forward.
Software

Google Is Working On Fuchsia OS Support For Apple's Swift Programming Language (androidpolice.com) 54

An anonymous reader shares a report from Android Police: Google's in-development operating system, named "Fuchsia," first appeared over a year ago. It's quite different from Android and Chrome OS, as it runs on top of the real-time "Magenta" kernel instead of Linux. According to recent code commits, Google is working on Fuchsia OS support for the Swift programming language. If you're not familiar with it, Swift is a programming language developed by Apple, which can be used to create iOS/macOS/tvOS/watchOS applications (it can also compile to Linux). Apple calls it "Objective-C without the C," and on the company's own platforms, it can be mixed with existing C/Objective-C/C++ code (similar to how apps on Android can use both Kotlin and Java in the same codebase). We already know that Fuchsia will support apps written in Dart, a C-like language developed by Google, but it looks like Swift could also be supported. On Swift's GitHub repository, a pull request was created by a Google employee that adds Fuchsia OS support to the compiler. At the time of writing, there are discussions about splitting it into several smaller pull requests to make reviewing the code changes easier.

Slashdot Top Deals