Geeky Stuff

Pakistan Province May Block SIM Cards of Citizens Who Didn't Get Covid-19 Vaccines

Slashdot - Sun, 13/06/2021 - 21:48
The government in Pakistan's largest province, Punjab, has decided to block SIM cards of unvaccinated citizens, reports the Hindustan Times (one of the largest newspapers in India), citing reports from news agency ANI. Dr. Rashid, the provincial health minister in Pakistan's Punjab, said that there has been a "considerable decrease" in Covid-19 cases in the province due to mass vaccinations. However, a report compiled by the Punjab primary health department shows that the province still failed to achieve its set target for Covid-19 vaccination, reports ARY News, adding that around 300,000 recipients of the first dose of the vaccine never returned for the second dose since the start of Pakistan's mass inoculation drive on February 2.

Read more of this story at Slashdot.

Categories: Geeky Stuff

SumTotal's 'ToolBook' (Older RAD/Content Authoring Tool) Is Approaching Its End-of-Life

Slashdot - Sun, 13/06/2021 - 21:05
Long-time Slashdot reader thegreatbob writes: The old RAD/content authoring system, ToolBook, appears to be entering the final phase of its EOL process. Sumtotal/Skillsoft (the current owner, under which meaningful development effectively ceased) 'may' refuse software activations after the end of 2021, and does not provide a format-compatible replacement. Similarly, they are halting their support services, and will not allow contracts to be renewed. This may have significant ramifications for the education/training sector, and I have reason to believe that the body of the work dependent on this software is significantly larger than one might expect out of a wayward VisualBasic competitor from the 90s. The software, which was offered for sale until relatively recently (I'm unsure of the date of cutoff), has not received an update since 2014, nor a major version update since 2011. As such, I'd like to increase the visibility of this particular EOL, in the hopes that interested parties will take notice and have an opportunity to begin the process of moving their courseware out of this format... If one has never encountered this software before, it is "interesting", to say the least, as is the history of Asymetrix (one of Paul Allen's ventures) and later Sumtotal Systems, through 90s and early 2000s. If one does not care to look into it, it can be thought of as some sort of bizarro-world amalgam of features from Visual Basic and HyperCard.

Read more of this story at Slashdot.

Categories: Geeky Stuff

Also Leaving Freenode: FSF, GNU, plus Linux and Python support channels

Slashdot - Sun, 13/06/2021 - 20:34
Freenode's Linux support channel has an official web page at freenode.linux.community, which now bears this announcement: 22+ year old ##linux on freenode has been seized by freenode staff The community's (multi-platform) site reminds visitors of the alternative channels #linux on Libera and Linux.Chat on Discord. But they're not the only ones making changes. "[T]he FSF and GNU have decided to relocate our IRC channels to Libera.Chat," reads an official announcement on the FSF blog. "Effective immediately, Libera is the official home of our channels, which include but are not limited to all those in the #fsf, #gnu, and #libreplanet namespaces." As we have had nearly twenty years of positive experiences with the Freenode staff, most of whom now comprise the staff of the Libera network, we are confident in their technical and interpersonal expertise, as well as their ability to make the network as long-lasting and integral to the free software community as they made Freenode. We look forward to joining the large number of free software and free culture projects who have already made Libera.Chat their home, and hope to stay there for many years to come. Also making a move: freenode's #Python channel. Software developer Ned Batchelder, one of the channel's operators (and also an architect at edX), shared a recent experience in a new blog post this morning. When they'd decided to move #python to the new Libera.chat network (run by former Freenode staffers), they also stayed in Freenode's channel "to let people know where everyone had gone." Yesterday, after a heated debate in the Freenode channel where I was accused of splitting the community, I got k-lined (banned entirely from Freenode). The reason given was "spamming", because of my recurring message about the move to Libera. Then the entire Freenode #python channel was closed... Was it malice or was it mistake? Does it matter? It's not a good way to run a network. After the channel was closed, people asking staff about what happened were banned from asking. That wasn't a mistake... [T]he new staff seems to be using force to silence people asking questions. It's clear that transparency is not a strong value for them. Setting aside network drama, the big picture here is that the Freenode #python community isn't split: it's alive and well. It's just not on Freenode anymore, it's on Libera. Freenode was a good thing. But the domain name of the server was the least important part of it, just a piece of technical trivia. There's no reason to stick with Freenode just because it is called Freenode. As with any way of bringing people together, the important part is the people. If all of the people go someplace else, follow them there, and continue. See you on Libera.

Read more of this story at Slashdot.

Categories: Geeky Stuff

Apple Repair Tech Posted Woman's Explicit iPhone Photos to Facebook

Slashdot - Sun, 13/06/2021 - 19:34
"Apple paid a multimillion dollar settlement to a woman after iPhone repair techs posted risque pictures from her phone to Facebook," reports the Washington Post, citing legal documents obtained by the Telegraph. An unnamed Oregon college student "sent her phone to Apple for repairs after it stopped working" in 2016, and the iPhone ended up at Apple-approved repair contractor Pegatron... Two iPhone repair technicians in Sacramento, uploaded "10 photos of her in various stages of undress and a sex video" to her Facebook account, resulting in "severe emotional distress" for the young woman, according to the Telegraph's review of legal records. Pegatron, a major Apple manufacturer with facilities across the globe, had to reimburse Apple for the settlement and face insurers who didn't want to pay for it, according to the news outlet... The settlement isn't the first time Apple has had to handle the misdeeds of employees. In 2019, a California woman alleged that an Apple store employee had texted a private picture on her phone to himself. That employee was no longer working for the company after Apple conducted its investigation. Apple store employees at a Brisbane, Australia, location were fired in 2016 for taking candid pictures of female employees and customers' bodies and stealing photos from consumers' phones to rank their bodies. "Apple keeps a firm grip on the repair of its devices, arguing that allowing only approved retailers and vendors to repair its products ensures the privacy of its customers," the article points out. "The revelation of the lawsuit pokes holes in the company's stance that only authorized retailers can keep customer information secure."

Read more of this story at Slashdot.

Categories: Geeky Stuff

A Massive Underwater Avalanche Lasted Two Days

Slashdot - Sun, 13/06/2021 - 18:34
Slashdot reader SysEngineer shares this report from the BBC: Scientists are reporting what they say is the longest sediment avalanche yet measured in action. It occurred underwater off West Africa, in a deep canyon leading away from the mouth of the Congo River. Something in excess of a cubic kilometre of sand and mud descended into the deep. This colossal flow kept moving for two whole days and ran out for more than 1,100km across the floor of the Atlantic Ocean. The event would have gone unrecorded were it not for the fact that the slide broke two submarine telecommunications cables, slowing the internet and other data traffic between Nigeria and South Africa in the process. And also because of the prescient action of researchers who had lined the length of the Congo Canyon with instruments capable of measuring current and sediment velocities.

Read more of this story at Slashdot.

Categories: Geeky Stuff

Capcom Sued By Photographer Claiming They Used 80 of Her Photos Without Licensing

Slashdot - Sun, 13/06/2021 - 17:34
Long-time Slashdot reader UnknowingFool summarizes a report from Polygon: Photographer Judy Jurasek has sued Capcom for copyright infringement of at least 80 of her photographs in their recent game, Resident Evil: Devil May Cry and other games. Jurasek claims the textures in the video game where copied from her 1996 book Surfaces which contained 1,200 images of surfaces and textures. The book was sold with a CD-ROM with digital copies of the images. Jurasek's damages could total $12M from Devil May Cry alone. Jurasek claims that Capcom never licensed the images for use in their video games. The initial filing is over 100 pages with many detailed photographic examples of her claims. Part of her evidence comes from Capcom's 2020 data breach. The data breach leaked among other things files and filenames of images used by Capcom. At least one filename appears to match those found in the CD-ROM from Surfaces. Jurasek is also seeking additional damages of $2,500 to $25,000 for each used photograph for "false copyright management and removal of copyright management," according to Polygon's report, which says she's alleging her photos were used for "everything from marbled textures to ornate sculptural details that are recognizable and abundant in Capcom games," and even the shattered glass texture used in the Resident Evil 4 logo. A Capcom representative told Polygon that the company is "aware of the lawsuit" and has "no further comment."

Read more of this story at Slashdot.

Categories: Geeky Stuff

New Study: Only 33% Would Opt For Immortality

Slashdot - Sun, 13/06/2021 - 16:34
Captain Kirk once said "The trouble with immortality is it's boring." But how many people agree with him? Long-time Slashdot reader tinkers shares one answer. University of Texas scientists surveyed more than 900 adults living in the U.S. — and discovered that only 33% of them would be willing to take an immortality pill if one existed. But then they broke down the results into different age groups. From The Independent: One group was younger people, between the ages of 18 and 29, another group of senior citizens whose average age was 72, and a third group made up of individuals whose average age was 88. Each of the groups reached a majority consensus that they would not want to live forever. However, among the youngest group and oldest group there were differences in what age they would prefer to be "frozen" at by a theoretical immortality pill. The younger group chose the age of 23, while the oldest group picked 42... The youngest group had the largest number of individuals saying they would want to live forever, with 34% saying they would take an immortality pill. Another 40% said they would not take one, and 26% said they were unsure. The middle group saw slightly fewer people willing to live forever, with 32% saying they would take the pill, and 43% saying they would not. A quarter of the the respondents said they were unsure. The oldest group saw the fewest number of those interested in eternal life, with only 24% saying they would agree to take the pill. More than half — 59% — said they would not take it, with only 17% saying they were unsure.... Differences in responses emerged along gender lines as well, with more men saying they would take the pill than women.

Read more of this story at Slashdot.

Categories: Geeky Stuff

Is Bitcoin More Traceable Than Cash?

Slashdot - Sun, 13/06/2021 - 13:34
The New York Times argues that this week changed Bitcoin's reputation as "secure, decentralized and anonymous" (adding "Criminals, often operating in hidden reaches of the internet, flocked to Bitcoin to do illicit business without revealing their names or locations. The digital currency quickly became as popular with drug dealers and tax evaders as it was with contrarian libertarians.") "But this week's revelation that federal officials had recovered most of the Bitcoin ransom paid in the recent Colonial Pipeline ransomware attack exposed a fundamental misconception about cryptocurrencies: They are not as hard to track as cybercriminals think..." [F]or the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators had tracked the ransom as it moved through at least 23 different electronic accounts belonging to DarkSide, the hacking collective, before accessing one account showed that law enforcement was growing along with the industry... The Bitcoin ledger can be viewed by anyone who is plugged into the blockchain. "It is digital bread crumbs," said Kathryn Haun, a former federal prosecutor and investor at venture-capital firm Andreessen Horowitz. "There's a trail law enforcement can follow rather nicely." Haun added that the speed with which the Justice Department seized most of the ransom was "groundbreaking" precisely because of the hackers' use of cryptocurrency. In contrast, she said, getting records from banks often requires months or years of navigating paperwork and bureaucracy, especially when those banks are overseas... Tracking down a user's transaction history was a matter of figuring out which public key they controlled, authorities said. Seizing the assets then required obtaining the private key, which is more difficult. It's unclear how federal agents were able to get DarkSide's private key. Justice Department spokesman Marc Raimondi declined to say more about how the F.B.I. seized DarkSide's private key. According to court documents, investigators accessed the password for one of the hackers' Bitcoin wallets, though they did not detail how. The F.B.I. did not appear to rely on any underlying vulnerability in blockchain technology, cryptocurrency experts said. The likelier culprit was good old-fashioned police work. Federal agents could have seized DarkSide's private keys by planting a human spy inside DarkSide's network, hacking the computers where their private keys and passwords were stored, or compelling the service that holds their private wallet to turn them over via search warrant or other means. "If they can get their hands on the keys, it's seizable," said Jesse Proudman, founder of Makara, a cryptocurrency investment site. "Just putting it on a blockchain doesn't absolve that fact...." The F.B.I. has partnered with several companies that specialize in tracking cryptocurrencies across digital accounts, according to officials, court documents and the companies. Start-ups with names like TRM Labs, Elliptic and Chainalysis that trace cryptocurrency payments and flag possible criminal activity have blossomed as law enforcement agencies and banks try to get ahead of financial crime. Their technology traces blockchains looking for patterns that suggest illegal activity... "Cryptocurrency allows us to use these tools to trace funds and financial flows along the blockchain in ways that we could never do with cash," said Ari Redbord, the head of legal affairs at TRM Labs, a blockchain intelligence company that sells its analytic software to law enforcement and banks. He was previously a senior adviser on financial intelligence and terrorism at the Treasury Department. The story includes three intriguing quotes: Justice Department spokesman Marc Raimondi said the Colonial Pipeline ransom seizure was only the latest of "many seizures, in the hundreds of millions of dollars, from unhosted cryptocurrency wallets" used for criminal activity.Hunter Horsley, chief executive of cryptocurrency investment company Bitwise Asset Management, said "The public is slowly being shown, in case after case, that Bitcoin is good for law enforcement and bad for crime — the opposite of what many historically believed."A spokesperson for Chainalysis, a start-up that traces cryptocurrency payments, tells the Times that in the end, "cryptocurrencies are actually more transparent than most other forms of value transfer. Certainly more transparent than cash."

Read more of this story at Slashdot.

Categories: Geeky Stuff

NASA Finally Shows Off Assembled 'Space Launch System' Megarocket

Slashdot - Sun, 13/06/2021 - 11:34
Slashdot reader ytene writes: The BBC are showing the first set of images of NASA's now-assembled "Space Launch System" (SLS) vehicle, noting that NASA intends to use it to launch a human crew back to the moon later this decade. Testing will take place before astronauts are expected to ride the vehicle to space some time in 2023. It's enormous. From the BBC's report: On Friday, engineers at Florida's Kennedy Space Center finished lowering the 65m (212ft) -tall core stage in-between two smaller booster rockets... Nasa plans to launch the SLS on its maiden flight later this year. During this mission, known as Artemis-1, the SLS will carry Orion — America's next-generation crew vehicle — towards the Moon. However, no astronauts will be aboard... The SLS consists of the giant core stage, which houses propellant tanks and four powerful engines, flanked by two 54m (177ft) -long solid rocket boosters. In early 2020 the BBC reported that "Some in the space community believe it would be better to launch deep space missions on commercial rockets. But supporters of the programme say that NASA needs its own heavy-lift launch capability... "The SLS was designed to re-use technology originally developed for the space shuttle programme, which ran from 1981-2011."

Read more of this story at Slashdot.

Categories: Geeky Stuff

China's 'Zhurong' Rover Takes a Selfie on Mars

Slashdot - Sun, 13/06/2021 - 09:34
The BBC reports: China's Zhurong rover has sent back a batch of new images from Mars — including a "selfie". The robot, which landed in May, positioned a wireless camera on the ground and then rolled back a short distance to take the snap. To Zhurong's right is the rocket-powered platform that brought the six-wheeled vehicle to a soft touchdown. Both display prominent Chinese flags... It weighs some 240kg. A tall mast carries cameras to take pictures and aid navigation; five additional instruments will investigate the mineralogy of local rocks and the general nature of the environment, including the weather. Like the current American rovers (Curiosity and Perseverance), Zhurong has a laser tool to zap rocks to assess their chemistry. It also has a radar to look for sub-surface water-ice - a capability it shares with Perseverance. Slashdot reader InfiniteZero writes that the mission's "full resolution images including a 360 panoramic view of the landing site, can be found at the official CNSA website."

Read more of this story at Slashdot.

Categories: Geeky Stuff

4+ Years in Prison for Home Security Worker Who Accessed Security Cameras to Spy on Women

Slashdot - Sun, 13/06/2021 - 06:34
A security camera installation worker for ADT was sentenced Wednesday to a little more than four years in federal prison for illegally accessing the security cameras of more than 200 North Texas customers, reports the Dallas Morning News: Telesforo Aviles, age 35, faced a maximum of five years in prison for computer fraud under the terms of his plea agreement, in which he admitted to accessing customer accounts over 9,600 times since 2015. He was cuffed and taken into custody to begin serving his sentence after the hearing. The quiet and introverted technician, a senior supervisor with 17 years at ADT, was caught last year after the company was alerted by a customer to suspicious activity, said his lawyer, Tom Pappas. Aviles, who is married with five children, turned himself in when he was asked to, Pappas said. "He's mortified by what he did," Pappas said. "He sees what he did as a betrayal of himself, too." Of the nearly 10,000 images Aviles accessed, about 40 were "sexual in nature" and none involved children, Pappas said. An ADT spokesman said the company had no comment. Assistant U.S. Attorney Sid Mody had asked Starr to give Aviles the maximum sentence, saying that while 217 accounts were accessed, the total number of victims is much higher given that each household had multiple family members. That violation, he said, destroyed "in the worst way" their sense of feeling safe and secure at home... Starr said he considered Aviles' cooperation with authorities and lack of a criminal history as well as the fact that the conduct involved a "lengthy period of time." Aviles noted the homes that had "attractive women" and repeatedly logged into their accounts to view the footage, prosecutors said... ADT has since been hit with class-action lawsuits from customers over the breach. The article also notes the story of one woman who filed a federal lawsuit last month against ADT. She'd told the court Aviles persuaded her to install cameras in her bedrooms after she'd specifically questioned whether it was truly necessary. "Aviles told her that it was necessary because a burglar could enter the house through the bedroom windows, and the cameras would monitor that," her lawsuit says. "Of course, Aviles' placement of the cameras had nothing to do with potential burglars." In a statement filed with the court, one female homeowner reportedly wrote that "This deliberate and calculated invasion of privacy is arguably more harmful than if I had installed no security system and my house had been burglarized."

Read more of this story at Slashdot.

Categories: Geeky Stuff

Seat On Jeff Bezos' Space Trip Sells For $28 Million

Slashdot - Sun, 13/06/2021 - 03:34
The auction has ended for a seat with Jeff Bezos and his brother on their first Blue Origin flight into space next month. Slashdot reader ytene writes that a live-streamed auction for the seat "lasted less than 10 minutes after opening at $4.8 million." The Hill reports: That came after nearly 7,600 people from 159 countries had registered to bid on a seat for the July 20 space flight by the time registration closed Thursday, according to ABC News... Blue Origin said the $28 million would be donated to Club for the Future, Blue Origin's 501(c)(3) nonprofit with a mission to "inspire future generations to pursue careers in STEM and to help invent the future of life in space," according to its website... Blue Origin said the fourth and final crew member of the mission will also be announced when the identity of the auction winner is revealed. Today CNN ran a story headlined "Jeff Bezos is going to space for 11 minutes. Here's how risky that is." (Or how safe?) They'll be going up and coming right back down, and they'll be doing it in less time — about 11 minutes — than it takes most people to get to work. Suborbital flights differ greatly from orbital flights of the type most of us think of when we think of spaceflight. Blue Origin's New Shepard flights will be brief, up-and-down trips, though they will go more than 62 miles above Earth, which is widely considered to be the edge of outer space. Orbital rockets need to drum up enough power to hit at least 17,000 miles per hour, or what's known as orbital velocity, essentially giving a spacecraft enough energy to continue whipping around the Earth rather than being dragged immediately back down by gravity. Suborbital flights require far less power and speed. That means less time the rocket is required to burn, lower temperatures scorching the outside of the spacecraft, less force and compression ripping at the spacecraft, and generally fewer opportunities for something to go very wrong. New Shepard's suborbital fights hit about about three times the speed of sound — roughly 2,300 miles per hour — and fly directly upward until the rocket expends most of its fuel. The crew capsule will then separate from the rocket at the top of the trajectory and briefly continue upward before the capsule almost hovers at the top of its flight path, giving the passengers a few minutes of weightlessness. It works sort of like an extended version of the weightlessness you experience when you reach the peak of a roller coaster hill, just before gravity brings your cart — or, in Bezos' case, your space capsule — screaming back down toward the ground. The New Shepard capsule then deploys a large plume of parachutes to slow its descent to less than 20 miles per hour before it hits the ground... Blue Origin's New Shepard capsule, which is fully autonomous and does not require a pilot, has never had an explosive mishap in 15 test flights. And the nature of Bezos' flight means it comes with some inherently lower risks than more ambitious space travel attempts. But that doesn't mean the risk is zero, either.

Read more of this story at Slashdot.

Categories: Geeky Stuff

Linus Torvalds Tells Anti-Vaxxer To Shut Up On Linux Mailing List

Slashdot - Sun, 13/06/2021 - 00:34
Linus Torvalds was "clearly unamused" by a "humanoid conspiracy theory, and also on its discussion in a Linux kernel topic thread," reports Neowin. They add that Torvalds "weighed in quite heavily with some very strong language, mixed with some biology lessons..." Here's an excerpt from Torvalds' response (as shared by Slashdot reader Hmmmmmm): Please keep your insane and technically incorrect anti-vax comments to yourself. You don't know what you are talking about, you don't know what mRNA is, and you're spreading idiotic lies. Maybe you do so unwittingly, because of bad education. Maybe you do so because you've talked to "experts" or watched youtube videos by charlatans that don't know what they are talking about. But dammit, regardless of where you have gotten your mis-information from, any Linux kernel discussion list isn't going to have your idiotic drivel pass uncontested from me. Vaccines have saved the lives of literally tens of millions of people. Just for your edification in case you are actually willing to be educated: mRNA doesn't change your genetic sequence in any way. It is the exact same intermediate - and temporary - kind of material that your cells generate internally all the time as part of your normal cell processes, and all that the mRNA vaccines do is to add a dose their own specialized sequence that then makes your normal cell machinery generate that spike protein so that your body learns how to recognize it. The half-life of mRNA is a few hours. Any injected mRNA will be all gone from your body in a day or two. It doesn't change anything long-term, except for that natural "your body now knows how to recognize and fight off a new foreign protein" (which then tends to fade over time too, but lasts a lot longer than a few days). And yes, while your body learns to fight off that foreign material, you may feel like shit for a while. That's normal, and it's your natural response to your cells spending resources on learning how to deal with the new threat. And of the vaccines, the mRNA ones are the most modern, and the most targeted - exactly because they do *not* need to have any of the other genetic material that you traditionally have in a vaccine (ie no need for basically the whole - if weakened - bacterial or virus genetic material). So the mRNA vaccines actually have *less* of that foreign material in them than traditional vaccines do. And a *lot* less than the very real and actual COVID-19 virus that is spreading in your neighborhood. Honestly, anybody who has told you differently, and who has told you that it changes your genetic material, is simply uneducated. You need to stop believing the anti-vax lies, and you need to start protecting your family and the people around you. Get vaccinated... Get vaccinated. Stop believing the anti-vax lies. And if you insist on believing in the crazy conspiracy theories, at least SHUT THE HELL UP about it on Linux kernel discussion lists.

Read more of this story at Slashdot.

Categories: Geeky Stuff

Dartmouth Abandons Controversial Online Cheating Investigation at Medical School

Slashdot - Sat, 12/06/2021 - 23:34
Dartmouth's Geisel medical school is dropping its investigation into alleged online cheating, the New York Times reports: In March, Dartmouth charged 17 students with cheating based on a review of certain online-activity data on Canvas — a popular learning-management system where professors post assignments and students submit their work — during remote exams. The school quickly dropped seven of the cases after at least two students argued that administrators had mistaken automated Canvas activity for human cheating. Now Dartmouth is also dropping allegations against the remaining 10 students, some of whom faced expulsion, suspension, course failures and misconduct marks on their academic records that could have derailed their medical careers. "I have decided to dismiss all the honor code charges," Duane Compton, dean of the medical school, said in an email to the Geisel community Wednesday evening, adding that the students' academic records would not be affected. "I have apologized to the students for what they have been through." Dartmouth's decision to dismiss the charges followed a software review by The New York Times, which found that students' devices could automatically generate Canvas activity data even when no one was using them. Dartmouth's practices were condemned by some alumni along with some faculty at other medical schools. A Dartmouth spokesman said the school could not comment further on the dropping of the charges for privacy reasons. "The moral of the current story is clear," argued the Times reporter on Twitter. "Colleges that use surveillance tech can end up erroneously accusing some of their best students."

Read more of this story at Slashdot.

Categories: Geeky Stuff

Patch Released for 7-Year-Old Privilege Escalation Bug In Linux Service Polkit

Slashdot - Sat, 12/06/2021 - 22:34
Long-time Slashdot reader wildstoo writes: In a blog post on Thursday, GitHub security researcher Kevin Backhouse announced that Polkit, a Linux system service included in several modern Linux distros that provides an organized way for non-privileged processes to communicate with privileged ones, has been harbouring a major security bug for seven years. The bug, assigned (CVE-2021-3560) allows a non-privileged user to gain administrative shell access with a handful of standard command line tools. The bug was fixed on June 3, 2021 in a coordinated disclosure. "It's used by systemd," GitHub's blog post points out, "so any Linux distribution that uses systemd also uses polkit..." "It's very simple and quick to exploit, so it's important that you update your Linux installations as soon as possible. Any system that has polkit version 0.113 (or later) installed is vulnerable. That includes popular distributions such as RHEL 8 and Ubuntu 20.04."

Read more of this story at Slashdot.

Categories: Geeky Stuff

Cryptocurrency Miners Force Changes to Free Tiers at Docker

Slashdot - Sat, 12/06/2021 - 21:34
From today's edition of Mike Melanson's "This Week in Programming" column: This week, Docker announced some changes to Docker Hub Autobuilds — the primary one of interest being that autobuilds would no longer be available to free tier users — and much of the internet let out a collective groan to the tune of "this is why we can't have nice things...!" "As many of you are aware, it has been a difficult period for companies offering free cloud compute," wrote Shaun Mulligan, principal product manager at Docker in the company's blog post, citing an article that explores how crypto-mining gangs are running amok on free cloud computing platforms. Mulligan goes on to explain that Docker has "seen a massive growth in the number of bad actors," noting that it not only costs them money, but also degrades performance for their paying customers. And so, after seven years of free access to their autobuild feature, wherein even all of you non-paying Docker users could set up continuous integration for your containerized projects, gratis, the end is nigh. Like, really, really nigh, as in next week — June 18. While Docker offered that they already tried to correct the issue by removing around 10,000 accounts, they say that the miners returned the next week in droves, and so they "made the hard choice to remove Autobuilds...." For its part, Docker has tried to again stave off the criticism, offering users a discount on subscriptions, and offering members of its open source program the ability to continue to use autobuilds for free... Docker says they've also changed Autobuild "to take advantage of BuildKit by default for improved build performance," increased the number of parallel builds for subscribers, and increased the build instance types, "so you get a beefier machine to build on!" While the changes were apparently inspired by their struggles with cryptocurrency miners, "All of these improvements should see a faster and more stable build experience with lower queue times..." "We really appreciate your support and the community's understanding as the whole industry battles against these abusive few."

Read more of this story at Slashdot.

Categories: Geeky Stuff

Nearly $1 Billion in Funding Restored for California Bullet Train

Slashdot - Sat, 12/06/2021 - 20:34
Back in 2009, then-governor of California Arnold Schwarzenegger requested $4.7 billion in federal stimulus money to help build an 800-mile bullet train system from San Diego to San Francisco. "We're traveling on our trains at the same speed as 100 years ago," the governor said. "That is inexcusable. America must catch up." Nearly 12 years later, "a $929-million federal grant for the California bullet train project was restored Thursday," reports the Los Angeles Times, "reversing a decision by the Trump administration to terminate the funding." But their story (shared by Slashdot reader schwit1) notes this grant has a very long history: The grant was originally made in 2010 after other states backed out of high-speed rail projects and declined to take the federal support. The California project already had won another $2.5-billion grant from the Obama administration's stimulus program, known as the American Recovery and Reinvestment Act. The Trump action to take back the money was highly controversial, and federal grant experts said such terminations were rare in cases that did not involve fraud but were merely behind schedule. Ronald Batory, then chief of the Federal Railroad Administration, cited California's multiple failures to forecast accurate schedules, among other problems, in taking the action. Along with House Republicans from California, Trump officials were highly critical of the California project, with former Transportation Secretary Elaine Chao calling it a "bait and switch" on promises made to taxpayers. Chao and Trump had issued an even bigger threat, to claw back the much larger $2.5-billion grant that had already been spent. Despite such rhetoric, the Trump administration never made an attempt to get back the funds. The $929 million is part of a planned $22.8-billion effort aimed at building a 171-mile partial operating system between Bakersfield and Merced [part of the route between San Francisco and Los Angeles], as well as completing environmental planning and making some high-speed rail investments in Southern California and the Bay Area. In a statement, America's Federal Rail Agency said the settlement "reflects the federal government's ongoing partnership in the development of high-speed rail." And they called their restoration of funding "an important step in advancing an economically transformational project in California." The Times adds that "Some bullet train advocates believe $10 billion or more from the state and federal government could be added to the project, allowing an expansion of the current construction. But even that much money would not close a roughly $80-billion shortfall needed to connect Los Angeles to San Francisco."

Read more of this story at Slashdot.

Categories: Geeky Stuff

Microsoft's GitHub Releases 'Visual Studio Code' Extension Allowing Editing Without Cloning Repositories

Slashdot - Sat, 12/06/2021 - 19:34
A new extension for Microsoft's code-editing tool, Visual Studio Code, "allows you to open, edit, and commit back to source-control repos without having to clone them on your local machine," explains a new video. A Microsoft blog post calls it "a new experience that we've been building in partnership with our friends at GitHub to enable working with source code repositories quickly and safely inside VS Code." In VS Code, we've offered integrated support for Git from the very beginning, and we've been supporting many other source control management (SCM) providers through extensions. This has allowed developers to clone and work with repositories directly within VS Code. However, a large part of what developers do every day involves reading other people's code: reviewing pull requests, browsing open-source repositories, experimenting with new technologies or projects, inspecting upstream dependencies to debug applications, etc. What all of these have in common is that as a first step, you usually clone the repository locally and then open the code in your favorite code editor (which we hope is VS Code!). Yet, cloning a repository takes time, may lead you to review an outdated version of the repo if you forget to pull, and can sometimes be a security risk if you're unfamiliar with the code. The new Remote Repositories extension, published by GitHub, makes the experience of opening source code repositories in VS Code instant and safe. With this, you can quickly browse, search, edit, and commit to any remote GitHub repository (and soon, Azure Repos) directly from within VS Code, no clone necessary! You can work on as many repos as you like without having to save any source code on your machine. Remote Repositories saves you time and local disk space and empowers you to stay entirely within VS Code for all your source control tasks.

Read more of this story at Slashdot.

Categories: Geeky Stuff

McDonalds Faces Potential Class Action Lawsuit Over Automated Drive-Thru

Slashdot - Sat, 12/06/2021 - 18:34
McDonald's equiped 10 of its restaurants in Chicago with automated speech-recognition for their drive-through windows. Now they're facing a potential class-action lawsuit. Long-time Slashdot reader KindMind shares this report from the Register: McDonald's has been accused of illegally collecting and processing customers' voice recordings without their consent in the U.S. state of Illinois... The state has some of the strictest data privacy laws; its Biometric Information Privacy Act (BIPA) states: "No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information." unless it receives written consent. Shannon Carpenter, a resident of Illinois, sued [PDF] McDonald's in April on behalf of himself and all other affected state residents. He claimed the fast-chow biz has broken BIPA by not obtaining written consent from its customers to collect and process their voice data, nor has it explained in its privacy policy how or if the data is stored or deleted. His lawsuit also stated that McDonald's has been experimenting with AI software taking orders at its drive thrus since last year. "Plaintiff, like the other class members, to this day does not know the whereabouts of his voiceprint biometrics which defendant obtained," Carpenter's lawsuit stated. Under the BIPA, people can receive up to $5,000 in damages from private entities for each violation committed "intentionally or recklessly," or $1,000 if each violation was from negligence instead. The suit also claimed the machine-learning software built by McD Tech Labs doesn't just transcribe speech into text, it processes audio samples to glean all sorts of personal information to predict a customer's "age, gender, accent, nationality, and national origin."

Read more of this story at Slashdot.

Categories: Geeky Stuff

Why the Music Industry Doesn't Hate YouTube Any More

Slashdot - Sat, 12/06/2021 - 17:34
Today is Record Store Day, an annual event celebrating the culture of independently-owned record stores. And music industry players have said they actually got more money from the sale of vinyl records than they do from YouTube. But is that changing? The New York Times reports those figures are from a time when YouTube was only selling ads on (or beside) music videos and then sharing that cash with the record labels and performs: Fast forward to last week, when YouTube disclosed that it paid music companies, musicians and songwriters more than $4 billion in the prior year. That came from advertising money and something that the industry has wanted forever and is now getting — a cut of YouTube's surprisingly large subscription business. (YouTube subscriptions include an ad-free version of the site and a Spotify-like service to watch music videos without any ads.) The significance of YouTube's dollar figure is that it's not far from the $5 billion that the streaming king Spotify pays to music industry participants from a portion of its subscriptions. (A reminder: The industry mostly loves Spotify's money, but some musicians ïsay that they're shortchanged by the payouts.) Subscriptions will always be a hobby for YouTube, but the numbers show that even a side gig for the company can be huge. And it has bought peace by raining some of those riches on those behind the music. Record labels and other industry powers "still don't looooove YouTube," Lucas Shaw, a Bloomberg News reporter, wrote this week. "But they don't hate it anymore." The YouTube turnabout may also show that complaining works. The music industry has a fairly successful track record of picking a public enemy No. 1 — Pandora for awhile, Spotify, YouTube, and more recently apps like TikTok and Twitch — and publicly browbeating it or playing one rich company against another to get more money or something else they wanted. While the article cites concerns that YouTube is still paying too little (and failing to stop piracy), "just maybe, YouTube has shown that it's possible for digital companies to both upend an industry and make it stronger."

Read more of this story at Slashdot.

Categories: Geeky Stuff
Syndicate content