パスワードを忘れた? アカウント作成

今週も投票をしましたか?

13983608 feed

Slashdot: US Navy Tests WWII-ERA Messaging Tech: Dropping Bean Bags Onto Ships

フィード by slashdotorg-feed
Long-time Slashdot reader davidwr writes: In World War II, pilots would air-drop messages onto ships using bean-bags. Just as with sextants a few years ago, the Navy is bringing back old tech, because it works. Just as during the Doolittle Raid of Tokyo, the purpose is to prevent eavesdropping. You can read more about the modern bean-bag-drop on Military.com or Popular Mechanics. There's a video about the Doolittle Raid hosted at archive.org with bean-bag-drops at 2:39 and 5:19 into the video. I wonder how many high-density SSD drives fit in a standard Navy bean-bag? "In a future conflict with a tech-savvy opponent, the U.S. military could discover even its most advanced, secure communications penetrated by the enemy," notes Popular Mechanics. "Secure digital messaging, voice communications, video conferencing, and even chats could be intercepted and decrypted for its intelligence value. "This could give enemy forces an unimaginable advantage, seemingly predicting the moves and actions of the fleets at sea with uncanny accuracy."

Read more of this story at Slashdot.


情報元へのリンク
13983605 feed

Slashdot: Can JPEG XL Become the Next Free and Open Image Format?

フィード by slashdotorg-feed
"JPEG XL looks very promising as a next gen replacement for JPEG, PNG and GIF," writes icknay (Slashdot reader #96,963): JPEG was incredibly successful by solving a real problem with a free and open format. Other formats have tried to replace it, notably HEIF which will never by universal due to its patent licensing. JPEG XL combines all the modern features, replacing JPEG PNG and GIF and has free and open licensing. The linked slides from Jon Sneyers review the many other attempts at replacing JPEG plus the obligatory XKCD standards joke.

Read more of this story at Slashdot.


情報元へのリンク
13983603 submission
医療

米疾病管理予防センターが米陸軍感染症医学研究所(USAMRIID)に対し研究中止命令

タレコミ by Anonymous Coward
13983600 feed

Slashdot: Google Criticized For Vulnerability That Can Trick Its AI Into Deactivating Acco

フィード by slashdotorg-feed
In July Google was sued by Tulsi Gabbard, one of 23 Democrats running for president, after Google mistakenly suspended her advertising account. "I believe I can provide assistance on where to focus your discovery efforts," posted former YouTube/Google senior software engineer Zach Vorhies (now a harsh critic of Google's alleged bias against conservatives). He says he witnessed the deactivation of another high-profile Google account triggered by a malicious third party. I had the opportunity to inspect the bug report as a full-time employee. What I found was that Google had a technical vulnerability that, when exploited, would take any gmail account down. Certain unknown 3rd party actors are aware of this secret vulnerability and exploit it. This is how it worked: Take a target email address, change exactly one letter in that email address, and then create a new account with that changed email address. Malicious actors repeated this process over and over again until a network of spoof accounts for Jordan B. Peterson existed. Then these spoof accounts started generating spam emails. These email-spam blasts caught the attention of an AI system which fixed the problem by deactivating the spam accounts... and then ALSO the original account belonging to Jordan B. Peterson! To my knowledge, this bug has never been fixed. "Gabbard, however, claims the suspension was based on her criticism of Google and other major tech companies," reports the Verge. But they also quote the campaign as saying that Gmail "sends communications from Tulsi into people's Spam folders at a disproportionately high rate." "Google may blame this on automated systems, but the reality is that there is no transparency whatsoever, which makes it difficult to determine the truth."

Read more of this story at Slashdot.


情報元へのリンク
13983595 feed

Slashdot: Dreams of Offshore Servers Haunt The Ocean-Based Micronation of 'Sealand'

フィード by slashdotorg-feed
Late Christmas Eve, 1966, a retired British army major named Paddy Roy Bates piloted a motorboat seven miles off the coast of England to an abandoned anti-aircraft platform "and declared it conquered," writes Pulitzer Prize-winning author Ian Urbina. Bates used it as a pirate radio station, sometimes spending several months there while living on tins of corned beef, rice pudding, flour, and scotch. But then he declared it to be the world's tiniest maritime nation, writes Urbina, adding that in the half-century to come, "Sealand" was destined to become "a thumb in the eye of international law." Though no country formally recognizes Sealand, its sovereignty has been hard to deny. Half a dozen times, the British government and assorted other groups, backed by mercenaries, have tried and failed to take over the platform by force. In virtually every instance, the Bates family scared them off by firing rifles in their direction, tossing gasoline bombs, dropping cinder blocks onto their boats, or pushing their ladders into the sea. Britain once controlled a vast empire over which the sun never set, but it's been unable to control a rogue micronation barely bigger than the main ballroom in Buckingham Palace.... In recent years, its permanent citizenry has dwindled to one person: a full-time guard named Michael Barrington... In the decades since its establishment, Sealand has been the site of coups and countercoups, hostage crises, a planned floating casino, a digital haven for organized crime, a prospective base for WikiLeaks, and myriad techno-fantasies, none brought successfully to fruition, many powered by libertarian dreams of an ocean-based nation beyond the reach of government regulation, and by the mythmaking creativity of its founding family. I had to go there. The article also acknowledges the Seasteading Institute founded by Google software engineer Patri Friedman and backed by Peter Thiel -- as well as the idea of offshore-but-online services in Neal Stephenson's Cryptonomicon and Google's real-world plans for offshore data centers cooling their servers with seawater. Urbina also tells the story of HavenCo, a grand plan for a Sealand-based data empire which ultimately had trouble powering their servers, alienating their gambling-industry customers with frequent outages. And in addition, one of the Bates' family says that "we also didn't see eye to eye with the computer guys about what sort of clients we were willing to host" -- and they objected to plans to illegally rebroadcast DVDs. "For all their daring, the Bates family was wary of antagonizing the British and upsetting their delicately balanced claim to sovereignty." The article is adapted from Urbina's upcoming book The Outlaw Ocean: Journeys Across the Last Untamed Frontier (to be released Tuesday).

Read more of this story at Slashdot.


情報元へのリンク
13983580 feed

Slashdot: 'Futurefon' Crowdfunded on Indiegogo Was Part Of a Multimillion-dollar Scam

フィード by slashdotorg-feed
"The crowdfunded phone of the future was a multimillion-dollar scam," reports the Verge: In 2014, Jeffrey Tschiltsch opened an email from Indiegogo and saw the future of computing. The email showed something called the "Dragonfly Futurefon," a kind of computer-phone hybrid. The Futurefon's page showed a sleek, palm-sized touchscreen that slotted into a laptop dock, then folded flat and flipped open again, revealing a second screen and a full-sized laptop keyboard. It could run both Windows and Android, and its creator, a startup called IdealFuture, promised to replace your phone, laptop, and tablet at an incredible price of $799. Dubious but intrigued, Tschiltsch put down a $200 deposit. Five years later, Tschiltsch still wouldn't have a Futurefon. Instead, he'd be sitting in an Illinois courthouse testifying at the behest of the FBI, which claimed the device was the last step in a decade-long fraud operation that cost victims nearly $6 million. "I always thought it was ambitious," Tschiltsch says now. "It didn't occur to me that the guy had just taken the money." Tschiltsch is just one of many angry Indiegogo backers who say Futurefon creator Jeff Batio strung them along with lies, excuses, and faked product updates. But the backers aren't just angry with Batio. They're frustrated by how easily a scammer could flourish in the high-risk world of gadget crowdfunding -- and how poorly Indiegogo was equipped to deal with it. The Futurefon raised hundreds of thousands of dollars, the article reports, adding that Batio also apparently raised $5 million for another dual-screen project. Unfortunately, investors later found out that Batio "had been indicted on fraud charges that spanned 13 years..." Nobody ever got a Futurefon, and "A jury convicted Batio of 12 mail and wire fraud counts, each carrying a maximum sentence of 20 years in prison."

Read more of this story at Slashdot.


情報元へのリンク
13983576 submission
医療

Black Hat USA 2019参加者、麻疹ウイルス曝露の可能性

タレコミ by headless
headless 曰く、
8月3日~8日に米国・ラスベガスで開催されたBlack Hat USA 2019だが、参加者は麻疹ウイルス曝露の可能性があるようだ(Mashableの記事Southern Nevada Health Districtの発表)。

Southern Nevada Health Districtの発表によると、麻疹感染が確認された人物が8月1日~6日にBlack Hat会場付近を訪れており、3日夜と5日夜にはBlack Hat会場となったMandalay Bay内のレストランを利用している。Black Hat会場からは少し離れているが、DEF CON 27などのイベントも同時期にラスベガスで開催されており、参加者に注意が呼びかけられている。
13983572 feed

Slashdot: June Windows Security Patch Broke Many EMF Files

フィード by slashdotorg-feed
reg (Slashdot user #5,428) writes: A Windows security patch in June broke the display of many Windows Metafile graphics across all supported versions of Windows, resulting in many old PowerPoint files and Word documents not displaying figures, and graphics from some popular applications not displaying, including at least some ESRI GIS products and files created using the devEMF driver in R. This likely also impacts EMF files created with Open Source Office suites. While the problem can be fixed by recreating the files using a newer set of options, or resorting to using bitmaps, it means that presentations or documents that used to display perfectly no longer do. Microsoft promised a fix in July, but there is still no news of when it will be available.

Read more of this story at Slashdot.


情報元へのリンク
13983570 feed

Slashdot: Windows Update To Fix Critical 'Wormable' Flaws May Break VB Apps

フィード by slashdotorg-feed
"This week's Windows updates fix critical 'wormable' [Bluekeep] flaws but may also break Visual Basic apps, macros, and scripts," warns ZDNet: "After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an 'invalid procedure call error'," Microsoft says. The issue affects all supported versions of Windows 10, Windows 7, Windows 8.1, and their corresponding server versions. "Microsoft is presently investigating this issue and will provide an update when available," the company said. Microsoft didn't offer an explanation for the problem but it did flag earlier this month that it will move ahead with sunsetting VBScript, by disabling it in IE11 by default via an update in this week's patch. "The change to disable VBScript will take effect in the upcoming cumulative updates for Windows 7, 8, and 8.1 on August 13, 2019," Microsoft warned in a blog post. The change brought these versions of Windows in line with Windows 10. However, it's not clear that the issues under investigation are related to this measure. Regardless of the cause, the error could be a hassle for organizations that rely on Microsoft's various incarnations of Visual Basic... In a blog post shared by Slashdot reader CaptainDork, Microsoft warned that "any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction." "The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions."

Read more of this story at Slashdot.


情報元へのリンク
13983556 submission
アメリカ合衆国

米国はグリーンランドを購入できるか

タレコミ by headless
headless 曰く、
ドナルド・トランプ米大統領がデンマークからグリーンランドを買い取って米国領にする意向を示しているとWSJが報じたことに対し、グリーンランドが「売り物ではない」などとお返ししている(CBS Newsの記事[1][2]BBC Newsの記事Mashableの記事)。

トランプ大統領が本気なのか冗談なのか報道の内容だけではよくわからないが、WSJによるとトランプ大統領は真剣さの度合いは時によって異なるものの、グリーンランド買収への興味を繰り返し表明しているという。CBS Newsもトランプ大統領がグリーンランド買収の可能性について側近や大統領法律顧問に質問しているとの情報を得たと報じている。グリーンランドには米軍基地もあり、トランプ大統領はグリーンランドの戦略的・軍事的重要さに注目しているとのこと。

一方グリーンランド自治政府の外務省は、グリーンランドが資源豊富であり、アドベンチャーツーリズムの新たなフロンティアにもなっているとし、ビジネスは行なっているが売り物ではないとツイートした。このほか、グリーンランド/デンマークの政治家やジャーナリストなどからも反発の声が出ている。デンマークの国会議員ソアン・エスパーセン氏はむしろわれわれがカリフォルニアを買収すべきだと冗談を言ったそうだが、The New Yorkerの連載ジョーク記事「The Borowitz Report」では、デンマークによる米国買収計画(嘘)を取り上げている。記事ではデンマークが米国全土を買収すれば教育システムやヘルスケアシステムを与えることができ、巨大な土地を偉大な国に転換できるという話になっている。

米国によるグリーンランドの買収話は1867年と1946年にもあり、1946年にはトルーマン大統領が1億ドルをデンマークに提示したが、いずれも成立しなかった。
13983554 feed

Slashdot: 'Mining Bitcoin On a 1983 Apple II: a Highly Impractical Guide'

フィード by slashdotorg-feed
option8 ((Slashdot reader #16,509) writes: TL;DR: Mining Bitcoin on a 1MHz 8-bit processor will cost you more than the world's combined economies, and take roughly 256 trillion years. "But it could happen tomorrow. It's a lottery, after all," explains the blog post (describing this mad scientist as a hardware hacker and "self-taught maker", determined to mine bitcoin "in what must be the slowest possible way. I call it 8BITCOIN....") There's also a Twitch.TV stream, with some appropriate 8-bit music, and the blog post ends by including his own bitcoin address, "If you feel like you absolutely must throw some money at me and this project." "Upon doing some research, I found that, not only were other 8-bit platforms being put to the task, but other, even more obscure and outdated hardware. An IBM 1401 from the 1960s, a rebuilt Apollo Guidance Computer, and even one deranged individual who demonstrated the hashing algorithm by hand. It turns out, those examples all come from the same deranged individual, Ken Shirriff."

Read more of this story at Slashdot.


情報元へのリンク
13983532 comment

shibuyaのコメント: Re:マウント=だいしゅきホールドでFA? (スコア 1) 5

by shibuya (#3670777) ネタ元: 2019.8.17(土)

40年弱ほど昔、雑誌『ぶ~け』に連載されてた『青になれ!』というマンガで
主人公たちのバスケチームのコーチになる人物が動物の研究を目指しているで
マーキングとかマウントといったそっち系の用語が彼のセリフに使われていた
ので「マウント」の用語は地上のケダモノ動物の生殖と結びつく印象が強い。

後に学んだUnixファイルシステムのマウント/アンマウントについても
そのイメージを損なわない程度の拡張程度にしか思えない程度に。

13983537 feed

Slashdot: Chrome and Firefox Changes Spark the End of 'Extended Validation' Certificates

フィード by slashdotorg-feed
"Upcoming changes in Google Chrome and Mozilla Firefox may finally spark the end for Extended Validation certificates as the browsers plan to do away with showing a company's name in the address bar," reports Bleeping Computer. When connecting to a secure web site, an installed SSL/TLS certificate will encrypt the communication between the browser and web server. These certificates come in a few different flavors, with some claiming to offer a more thorough verification process or extra perks. One certificate, called EV Certificates, are known for having a browser display the owner of the certificate directly in the browser's address bar. This allegedly makes the site feel more trustworthy to a visitor. In reality, the different types of SSL/TLS certificates all serve a single purpose and that is to encrypt the communication between a browser and web site. Anything extra is seen by many as just a marketing gimmick to charge customers for a more expensive "trustworthy" certificate. In numerous blog posts, security researcher Troy Hunt has stated that EV Certificates will soon be dead as more and more sites switch away from them, because they are much harder to manage due to extra verification times, and because people have become to associate a padlock with a secure site rather than a company name. With Safari already removing EV Certificate company info from the address bar, most mobile browsers not showing it, and Chrome and Mozilla desktop browsers soon to remove it, Hunt's predictions are coming true. EV Certificates will soon be dead. AmiMoJo shared this post from Google's Chromium blog: Through our own research as well as a survey of prior academic work, the Chrome Security UX team has determined that the EV UI does not protect users as intended. Users do not appear to make secure choices (such as not entering password or credit card information) when the UI is altered or removed, as would be necessary for EV UI to provide meaningful protection. Further, the EV badge takes up valuable screen real estate, can present actively confusing company names in prominent UI, and interferes with Chrome's product direction towards neutral, rather than positive, display for secure connections. Because of these problems and its limited utility, we believe it belongs better in Page Info.

Read more of this story at Slashdot.


情報元へのリンク
13983504 feed

Slashdot: US Set To Give Huawei Another 90 Days To Buy From American Suppliers

フィード by slashdotorg-feed
An anonymous reader quotes a report from Reuters: The U.S. Commerce Department is expected to extend a reprieve given to Huawei Technologies that permits the Chinese firm to buy supplies from U.S. companies so that it can service existing customers, two sources familiar with the situation said. The "temporary general license" will be extended for Huawei for 90 days, the sources said. Commerce initially allowed Huawei to purchase some American-made goods in May shortly after blacklisting the company in a move aimed at minimizing disruption for its customers, many of which operate networks in rural America. An extension will renew an agreement set to lapse on August 19, continuing the Chinese company's ability to maintain existing telecommunications networks and provide software updates to Huawei handsets. The situation surrounding the license, which has become a key bargaining chip for the United States in its trade negotiations with China, remains fluid and the decision to continue the Huawei reprieve could change ahead of the Monday deadline, the sources said.

Read more of this story at Slashdot.


情報元へのリンク
13983442 submission
プライバシ

WebKit、サードパーティーによるユーザー追跡を禁じる新ポリシーを発表

タレコミ by headless
headless 曰く、
WebKitは14日、ユーザー追跡防止に関する新ポリシー「WebKit Tracking Prevention Policy」を発表した(WebKitのアナウンスThe Registerの記事BetaNewsの記事)。

新ポリシーはMozillaの「Security/Anti tracking policy」に触発されたもので、サードパーティーWebサイトによるユーザー追跡をすべて禁止する。cookieなどデバイスのストレージを使用するユーザー追跡や、URLパラメーターなどを使用するナビゲーション時のユーザー追跡、フィンガープリンティングなどを防止する技術について、未実装のものは今後実装する計画だという。現在知られていないユーザー追跡技法についても、判明した時点で対象に加えていくとのこと。

WebKitのユーザー追跡防止技術は例外なく適用される。ある技術がユーザー追跡に転用可能な場合、WebKitでは正規の使用かどうか識別できないケースも多いが、その技術の使用禁止がユーザーに悪影響を与える場合は使用制限で対応することもある。使用制限でも悪影響がある場合は追跡の可能性があることをユーザーに告知するという。ユーザー追跡防止技術を迂回する行為は脆弱性を悪用する行為と同様に扱い、迂回しようとする者に対して事前に通知することなくさらなる制限を行なう可能性もあるとのことだ。
typodupeerror

計算機科学者とは、壊れていないものを修理する人々のことである

読み込み中...