A 14-Year-Old Asks: When Should I Get a VPN?

“One of my students sent me this letter,” writes Slashdot reader Hasaf. “I have a good idea how I will answer, but I wanted to put it before the Slashdot community.” The letter reads:
Right now I am 14 years old, I was wondering when I should get a VPN… I was thinking about getting the yearly deal. But right now I really have no need for a VPN at the moment. I was thinking of getting a VPN when I’m in 11th grade or maybe in college. What do you think?
Of course, the larger question is what factors go into deciding whether your need to be using a VPN. So leave your best answers in the comments. When should you get your first VPN?

Read more of this story at Slashdot.



Source: Slashdot – A 14-Year-Old Asks: When Should I Get a VPN?

Microsoft Chastises Google Over Chrome Security

An anonymous reader quotes PCMag:
In a Wednesday blog post, Redmond examined Google’s browser security and took the opportunity to throw some shade at Chrome’s security philosophy, while also touting the benefits of its own Edge browser. The post, written by Microsoft security team member Jordan Rabet, noted that Google’s Chrome browser uses “sandboxing” and isolation techniques designed to contain any malicious code. Nevertheless, Microsoft still managed to find a security hole in Chrome that could be used to execute malicious code on the browser.

The bug involved a Javascript engine in Chrome. Microsoft notified Google about the problem, which was patched last month. The company even received a $7,500 reward for finding the flaw. However, Microsoft made sure to point out that its own Edge browser was protected from the same kind of security threat. It also criticized Google for the way it handled the patching process. Prior to the patch’s official rollout, the source code for the fix was made public on GitHub, a software collaboration site that hosts computer code. That meant attentive hackers could have learned about the vulnerability before the patch was pushed out to customers, Microsoft claimed. “In this specific case, the stable channel of Chrome remained vulnerable for nearly a month,” the blog post said. “That is more than enough time for an attacker to exploit it.”
In the past Google has also disclosed vulnerabilities found in Microsoft products — including Edge.

Read more of this story at Slashdot.



Source: Slashdot – Microsoft Chastises Google Over Chrome Security

For Under $1,000, Mobile Ads Can Track Your Location

“Researchers were able to use GPS data from an ad network to track a user to their actual location, and trace movements through town,” writes phantomfive. Mashable reports:

The idea is straightforward: Associate a series of ads with a specific individual as well as predetermined GPS coordinates. When those ads are served to a smartphone app, you know where that individual has been… It’s a surprisingly simple technique, and the researchers say you can pull it off for “$1,000 or less.” The relatively low cost means that digitally tracking a target in this manner isn’t just for corporations, governments, or criminal enterprises. Rather, the stalker next door can have a go at it as well… Refusing to click on the popups isn’t enough, as the person being surveilled doesn’t need to do so for this to work — simply being served the advertisements is all it takes.

It’s “an industry-wide issue,” according to the researchers, while Mashable labels it “digital surveillance, made available to any and all with money on hand, brought to the masses by your friendly neighborhood Silicon Valley disrupters.”

Read more of this story at Slashdot.



Source: Slashdot – For Under ,000, Mobile Ads Can Track Your Location

US Government Warns Of 'Ongoing' Hacks Targeting Nuclear and Power Industries

An anonymous reader quotes Reuters:
The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure. The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May. The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage. The objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets, the report said.
According to the report, the Department of Homeland Security “has confidence that this campaign is still ongoing and threat actors are actively pursuing their objectives over a long-term campaign.”

Read more of this story at Slashdot.



Source: Slashdot – US Government Warns Of ‘Ongoing’ Hacks Targeting Nuclear and Power Industries

NYT Op-Ed Argues Amazon 'Took Seattle's Soul'

New York Times columnist Timothy Egan was part of the paper’s Pulitzer Prize-winning team in 2001. Now he’s written an op-ed arguing Amazon “took Seattle’s soul.” An anonymous reader writes:
Since Amazon arrived “we’ve been overwhelmed by a future we never had any say over,” Egan writes, with a message for cities competing to be the site of Amazon’s next headquarters. Amazon now owns as much office space as Seattle’s next 40 biggest employers combined, according to an analysis by the Seattle Times, “a mind-boggling 19 percent of all prime office space in the city, the most for any employer in a major U.S. city…more than twice as large as any other company in any other big U.S. city.”

Egan notes Amazon is offering 50,000 high-paying jobs and $5 billion worth of investments, “a once-in-a-century, destiny-shaping event,” but “You think you can shape Amazon? Not a chance. It will shape you… What comes with the title of being the fastest growing big city in the country, with having the nation’s hottest real estate market, is that the city no longer works for some people. For many others, the pace of change, not to mention the traffic, has been disorienting… [M]edian home prices have doubled in five years, to $700,000. This is not a good thing in a place where teachers and cops used to be able to afford a house with a water view… As a Seattle native, I miss the old city, the lack of pretense, and dinner parties that didn’t turn into discussions of real estate porn.

Wages have risen faster in Amazon’s Seattle than anywhere else in America, and while Amazon changed the city’s character, it also poured $38 billion into the city’s economy. (Besides Amazon’s own 40,000 employees, it also attracted another 50,000 new jobs.) “To the next Amazon lottery winner I would say, enjoy the boom,” Egan concludes, “but be careful what you wish for.”

Read more of this story at Slashdot.



Source: Slashdot – NYT Op-Ed Argues Amazon ‘Took Seattle’s Soul’

Amazon Patents Drones That Recharge Electric Vehicles

slash.jit shared an article from Futurism:
Amazon has been granted a patent for an ambitious new method of maintaining a charge in electric vehicles. The company wants to use drones to allow drivers to top up their vehicles without having to visit a charging station. Drivers would request a top up from a central server, which would dispatch a charging drone to their location. The drone would then dock with the vehicle and start transferring power, without the car ever needing to come to a stop. This solution isn’t meant to administer a full charge to the car’s battery, it would only supply enough power to get the driver to a charging station, which are still in somewhat limited supply.

“Amazon first applied for this patent back in June 2014,” reports CNET, noting it was finally granted this month. “Like many other patents, there’s no guarantee that Amazon will actually create a product based on the design. It could merely be an attempt to stop competitors from doing so.”

Read more of this story at Slashdot.



Source: Slashdot – Amazon Patents Drones That Recharge Electric Vehicles

See Giant Robots Fight. US vs Japan Match On YouTube

AmiMoJo writes: Suidobashi Heavy Industries and MegaBots agreed to test their piloted giant robots in combat a few years back, and the content is finally available on YouTube. It ended in a draw, with Japan decisively winning the first bout with a single punch and the US team winning the second thanks to a chainsaw weapon. There have been some complaints that the whole event felt scripted, but it’s early days yet. ITMedia has a nice gallery of photos from the event.
“The MegaBots team expressed hope for a formal fighting robot league in the future,” reports CNBC.

Read more of this story at Slashdot.



Source: Slashdot – See Giant Robots Fight. US vs Japan Match On YouTube

YouTube Suspends Account of Popular Chinese Dissident

schwit1 brings news about an exiled Chinese billionaire with 500,000 followers on YouTube. The Washington Free Beacon reports:YouTube has suspended the video account of popular Chinese dissident Guo Wengui amid a mounting pressure from the Beijing government to silence one of its critics. According to a person familiar with the action, YouTube issued what the company calls a ‘strike’ against Guo, who since the beginning of the year has created an online sensation by posting lengthy videos in which he reveals details of corruption by senior Chinese officials. The suspension involves a 90-day block on any new live-stream postings of videos and was the result of a complaint made against a recent Guo video for alleged harassment. The identity of the person or institution who issued the complaint could not be learned… Other videos by Guo posted prior to the suspension remain accessible.
The suspension coincides with this week’s once-every-five-years congress of the Chinese Communist party to reveal which top officials will serve President Xi Jinping, according to Financial Times, adding that “China’s choreographed politics is not designed for public participation or questioning.”

Read more of this story at Slashdot.



Source: Slashdot – YouTube Suspends Account of Popular Chinese Dissident

2 Million IoT Devices Enslaved By Fast-Growing BotNet

An anonymous reader writes: Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper, researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, routers, network-attached storage (NAS) devices, network video recorders (NVRs), and digital video recorders (DVRs), primarily from vendors such as Netgear, D-Link, Linksys, GoAhead, JAWS, Vacron, AVTECH, MicroTik, TP-Link, and Synology. The botnet reuses some Mirai source code, but it’s unique in its own right. Unlike Mirai, which relied on scanning for devices with weak or default passwords, this botnet was put together using exploits for unpatched vulnerabilities. The botnet’s author is still struggling to control his botnet, as researchers spotted over two million infected devices sitting in the botnet’s C&C servers’ queue, waiting to be processed. As of now, the botnet has not been used in live DDoS attacks, but the capability is in there.
Today is the one-year anniversary of the Dyn DDoS attack, the article points out, adding that “This week both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online.”

Read more of this story at Slashdot.



Source: Slashdot – 2 Million IoT Devices Enslaved By Fast-Growing BotNet

Data Science Meets Sports Gambling: How Researchers Beat the Bookies

“A trio of data scientists developed a betting strategy to beat bookmakers at football games,” writes austro. [The game Americans call soccer.] New Scientist reports:

The team studied 10 years’ worth of data on nearly half a million football matches and the associated odds offered by 32 bookmakers between January 2005 and June 2015. When they applied their strategy in a simulation, they made a return of 3.5 per cent. Making bets randomly resulted in a loss of 3.32 per cent. Then the team decided to try betting for real. They developed an online tool that would apply their odds-averaging formula to upcoming football matches. When a favorable opportunity arose, a member of the team would email Kaunitz and his wife, one of whom then placed a bet. They kept this up for five months, placing $50 bets around 30 times a week. And they were winning. After five months the team had made a profit of $957.50 — a return of 8.5 per cent. But their streak was cut short. Following a series of several small wins, the trio were surprised to find that their accounts had been limited, restricting how much they could bet to as little as $1.25. The gambling industry has long restricted players who appear to show an edge over the house, says Mark Griffiths at Nottingham Trent University, UK.

The paper “illustrates how the sports gambling industry compensates market inefficiencies with discriminatory practices against successful clients,” adds austro, noting that the researchers posted a paper explaining their methodology on arxiv last week. “They also made the dataset and source code available on github. And best of all, they made an online publicly available dashboard that shows a live list of bet recommendations on football matches based on their strategy here or here for anyone to try.”

Read more of this story at Slashdot.



Source: Slashdot – Data Science Meets Sports Gambling: How Researchers Beat the Bookies

Google Offers $1,000 Bounties For Hacking Dropbox, Tinder, Snapchat, and Others

An anonymous reader quotes Mashable:
Google, in collaboration with bug bounty platform HackerOne, has launched the Google Play Security Reward Program, which promises $1,000 to anyone who can identify security vulnerabilities in participating Google Play apps. Thirteen apps are currently participating, including Tinder, Duolingo, Dropbox, Snapchat, and Headspace… If you find a security vulnerability in one of the participating apps, you can report that vulnerability to the developer, and work with them to fix it. When the problem has been resolved, the Android Security team will pay you $1,000 as a reward, on top of any reward you get from the app developer. Google will be collecting data on the vulnerabilities and sharing it (anonymized) with other developers who may be exposed to the same problems. For HackerOne, it’s about attracting more and better participants in bounty programs.

Read more of this story at Slashdot.



Source: Slashdot – Google Offers ,000 Bounties For Hacking Dropbox, Tinder, Snapchat, and Others

Why Are We Still Using Passwords?

Here’s some surprising news from the Akamia Edge conference. chicksdaddy writes:
[E]xecutives at some of the U.S.’s leading corporations agreed that the much maligned password won’t be abandoned any time soon, even as data breaches and follow-on attacks make passwords more susceptible than ever to abuse, the Security Ledger reports. “We reached the end of needing passwords maybe seven years ago, but we still use them,” said Steve Winterfeld, Director of Cybersecurity, at clothing retailer Nordstrom. “They’re still the primary layer of defense.”
“It’s hard to kill them,” noted Shalini Mayor, who is a Senior Director at Visa Inc. “The question is what to replace them with.” This, even though the cost of using passwords is high and getting higher, as sophisticated attacks attempt to compromise legitimate accounts using so-called “credential stuffing” techniques, which use automated password guessing attacks against web-based applications… Stronger and more reliable alternatives to passwords already exist, but the obstacles to using them are often prohibitive. Shalani Mayor said Visa is “looking at” biometric technologies like Apple’s TouchID as a tool for making payments securely. Such technologies — from fingerprint scans to facial and retinal scans — promise more secure and reliable factors than alphanumeric passwords, the executives agreed. But customers often resist the technologies or find them error prone or too difficult to use.

Read more of this story at Slashdot.



Source: Slashdot – Why Are We Still Using Passwords?

Code Bootcamp Fined $375K Over Employment Claims and Licensing Issues

An anonymous reader quotes Ars Technica:
[O]ne of the most prominent institutions, New York’s Flatiron School, will be shelling out $375,000 to settle charges brought by New York Attorney General Eric Schneiderman’s office. The AG said the school operated for a period without the proper educational license, and it improperly marketed both its job placement rates and the salaries of its graduates. New York regulators didn’t find any inaccuracies in Flatiron’s “outcomes report,” a document the company is proud of. However, the Attorney General’s office found that certain statements made on Flatiron’s website didn’t constitute “clear and conspicuous” disclosure.

For instance, Flatiron claimed that 98.5 percent of graduates were employed within 180 days of graduation. However, only by carefully reading the outcomes report would one find that the rate included not just full-time employees, but apprentices, contract workers, and freelancers. Some of the freelancers worked for less than 12 weeks. The school also reported an average salary of $74,447 but didn’t mention on its website that the average salary claim only applied to graduates who achieved full-time employment. That group comprised only 58 percent of classroom graduates and 39 percent of those who took online courses.

The school’s courses last 12 to 16 weeks, and cost between $12,000 and $15,000, according to a statement from the attorney general’s office [PDF]. (Or $1,500 a month for an onine coding class). Eligible graduate can claim their share of the $375,000 by filing a complaint within the next thee months.

Read more of this story at Slashdot.



Source: Slashdot – Code Bootcamp Fined 5K Over Employment Claims and Licensing Issues

Code School Fined $375K Over Employment Claims and Licensing Issues

An anonymous reader quotes Ars Technica:
[O]ne of the most prominent institutions, New York’s Flatiron School, will be shelling out $375,000 to settle charges brought by New York Attorney General Eric Schneiderman’s office. The AG said the school operated for a period without the proper educational license, and it improperly marketed both its job placement rates and the salaries of its graduates. New York regulators didn’t find any inaccuracies in Flatiron’s “outcomes report,” a document the company is proud of. However, the Attorney General’s office found that certain statements made on Flatiron’s website didn’t constitute “clear and conspicuous” disclosure.

For instance, Flatiron claimed that 98.5 percent of graduates were employed within 180 days of graduation. However, only by carefully reading the outcomes report would one find that the rate included not just full-time employees, but apprentices, contract workers, and freelancers. Some of the freelancers worked for less than 12 weeks. The school also reported an average salary of $74,447 but didn’t mention on its website that the average salary claim only applied to graduates who achieved full-time employment. That group comprised only 58 percent of classroom graduates and 39 percent of those who took online courses.

The school’s courses last 12 to 16 weeks, and cost between $12,000 and $15,000, according to a statement from the attorney general’s office [PDF]. (Or $1,500 a month for an onine coding class). Eligible graduate can claim their share of the $375,000 by filing a complaint within the next thee months.

Read more of this story at Slashdot.



Source: Slashdot – Code School Fined 5K Over Employment Claims and Licensing Issues

Friendlier GPL-Enforcement Permission Proposed By Linux Kernel Developers

The former Executive Director of the Free Software Foundation — and Slashdot user #41121 — contacted Slashdot with this announcement. bkuhn — now president of the Software Freedom Conservancy —
writes: Software Freedom Conservancy, home of the GPL Compliance Project for Linux Developers, publicly applauded today the proposal of the Linux Kernel Enforcement Statement, which adds a per-copyright-holder-opt-in additional permission to the termination provisions of Linux’s GPLv2-only license.

It apparently addresses a developer who “made claims based on ambiguities in the GPL-2.0 that no one in our community has ever considered part of compliance,” according to a statement from some of the kernel developers who drafted the statement.
While the kernel community has always supported enforcement efforts to bring companies into compliance, we have never even considered enforcement for the purpose of extracting monetary gain… [W]e are aware of activity that has resulted in payments of at least a few million Euros. We are also aware that these actions, which have continued for at least four years, have threatened the confidence in our ecosystem. Because of this, and to help clarify what the majority of Linux kernel community members feel is the correct way to enforce our license, the Technical Advisory Board of the Linux Foundation has worked together with lawyers in our community, individual developers, and many companies that participate in the development of, and rely on Linux, to draft a Kernel Enforcement Statement to help address both this specific issue we are facing today, and to help prevent any future issues like this from happening again. It adopts the same termination provisions we are all familiar with from GPL-3.0 as an Additional Permission giving companies confidence that they will have time to come into compliance if a failure is identified.

Read more of this story at Slashdot.



Source: Slashdot – Friendlier GPL-Enforcement Permission Proposed By Linux Kernel Developers

Tech Companies To Lobby For Immigrant 'Dreamers' To Remain In US

An anonymous reader quotes a report from Reuters: Nearly two dozen major companies in technology and other industries are planning to launch a coalition to demand legislation that would allow young, illegal immigrants a path to permanent residency, according to documents seen by Reuters. The Coalition for the American Dream intends to ask Congress to pass bipartisan legislation this year that would allow these immigrants, often referred to as “Dreamers,” to continue working in the United States, the documents said. Alphabet Inc’s Google, Microsoft Corp, Amazon.com Inc, Facebook Inc, Intel Corp, Uber Technologies Inc, IBM Corp, Marriott International Inc and other top U.S. companies are listed as members, one of the documents shows. The push for this legislation comes after President Donald Trump’s September decision to allow the Deferred Action for Childhood Arrivals (DACA) program to expire in March. That program, established by former President Barack Obama in 2012, allows approximately 900,000 illegal immigrants to obtain work permits. Some 800 companies signed a letter to Congressional leaders after Trump’s decision, calling for legislation protecting Dreamers. That effort was spearheaded by a pro-immigration reform group Facebook Chief Executive Mark Zuckerberg co-founded in 2013 called FWD.us.

Read more of this story at Slashdot.



Source: Slashdot – Tech Companies To Lobby For Immigrant ‘Dreamers’ To Remain In US

Tim Cook Confirms the Mac Mini Isn't Dead

Apple has refreshed just about every Mac product within the last couple of years — except for the Mac Mini. Naturally, this has left many analysts questioning whether or not the company would be phasing out the Mini to focus more on its mobile devices. A MacRumors reader decided to email Apple CEO Tim Cook to get an update on the Mac mini and he received a response. Cook said it was “not time to share any details,” but he confirmed that the Mac mini will be an important part of the company’s product lineup in the future. MacRumors reports: Cook’s response echoes a similar statement from Apple marketing chief Phil Schiller, who commented on the Mac mini when Apple’s plans for a new Mac Pro were unveiled. “The Mac mini is an important product in our lineup and we weren’t bringing it up because it’s more of a mix of consumer with some pro use,” he said. Positioned as a “bring your own peripherals” machine that comes without a mouse, keyboard, or display, the Mac mini is Apple’s most affordable desktop machine. The current version is woefully outdated though, and continues to use Haswell processors and integrated Intel HD 5000/Intel Iris Graphics. It’s not clear when Apple will introduce a new Mac mini, and aside from a single rumor hinting at a new high-end Mac mini with a redesign that “won’t be so mini anymore,” we’ve heard no rumors about work on a possible Mac mini refresh.

Read more of this story at Slashdot.



Source: Slashdot – Tim Cook Confirms the Mac Mini Isn’t Dead

The US Government Keeps Spectacularly Underestimating Solar Energy Installation

Michael J. Coren reports via Quartz: Every two years, the U.S. Energy Information Administration (EIA), America’s official source for energy statistics, issues 10-year projections about how much solar, wind and conventional energy the future holds for the U.S. Every two years, since the mid-1990s, the EIA’s projections turn out to be wrong. Last year, they proved spectacularly wrong. The Natural Resources Defense Council, an environmental advocacy group, and Statista recently teamed up to analyze the EIA’s predictions for energy usage and production. They found that the EIA’s 10-year estimates between 2006 to 2016 systematically understated the share of wind, solar and gas. Solar capacity, in particular, was a whopping 4,813% more in 2016 than the EIA had predicted in 2006 it would be. To be fair, there is a caveat here: The prediction in 2006 was that 10 years hence the U.S. would be generating just 0.8 gigawatts (GW) of solar energy. With such a low baseline figure, any increase will look huge in percentage terms. Nonetheless, there is an unmistakable trend in the data: The EIA regularly underestimates the growth in renewables but overestimates U.S. fossil-fuel consumption, which some critics see as an attempt to boost the oil and gas industry.

Read more of this story at Slashdot.



Source: Slashdot – The US Government Keeps Spectacularly Underestimating Solar Energy Installation

Body Camera Study Shows No Effect On Police Use of Force Or Citizen Complaints

An anonymous reader quotes a report from NPR: Having police officers wear little cameras seems to have no discernible impact on citizen complaints or officers’ use of force, at least in the nation’s capital. That’s the conclusion of a study performed as Washington, D.C., rolled out its huge camera program. The city has one of the largest forces in the country, with some 2,600 officers now wearing cameras on their collars or shirts. In the wake of high-profile shootings, many police departments have been rapidly adopting body-worn cameras, despite a dearth of solid research on how the technology can change policing. “We need science, rather than our speculations about it, to try to answer and understand what impacts the cameras are having,” says David Yokum, director of the Lab @ DC. His group worked with local police officials to make sure that cameras were handed out in a way that let the researchers carefully compare officers who were randomly assigned to get cameras with those who were not. The study ran from June 2015 to last December. It’s to be expected that these cameras might have little impact on the behavior of police officers in Washington, D.C., he says, because this particular force went through about a decade of federal oversight to help improve the department.

Read more of this story at Slashdot.



Source: Slashdot – Body Camera Study Shows No Effect On Police Use of Force Or Citizen Complaints

Software Developer Creates Personal Cryptocurrency

mirandakatz writes: If you want to pick Evan Prodromou’s brain — as many people often do — you’ll have to pay him. And not just a consulting fee: You’ll have to pay him in his own personal cryptocurrency, dubbed Evancoin. Currently, 20 days after his Initial Coin Offering, a single Evancoin is worth $45. As Prodromou tells Scott Rosenberg at Backchannel, “I’m not above a stunt! But in this case I’m really serious about exploring how cryptocurrency is changing what we can do with money and how we think about it. Money is this sort of consensual hallucination, and I wanted to experiment around that.” The story goes on to explain what, exactly, goes into creating a personal cryptocurrency, and whether Evancoin could becoming a phenomenon that spreads.

Read more of this story at Slashdot.



Source: Slashdot – Software Developer Creates Personal Cryptocurrency