Slashdot

Slashdot

Chinese Hackers Used Mesh of Home Routers To Disguise Attacks

Posted: 31 Jul 2021 06:34 PM PDT

An anonymous reader quotes The Record: A Chinese cyber-espionage group known as APT31 (or Zirconium) has been seen hijacking home routers to form a proxy mesh around its server infrastructure in order to relay and disguise the origins of their attacks. In a security alert, the French National Cybersecurity Agency, also known as ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information), published a list of 161 IP addresses that have been hijacked by APT31 in recent attacks against French organizations. French officials said that APT31's proxy botnet was used to perform both reconnaissance operations against their targets, but also to carry out the attacks themselves. The attacks started at the beginning of 2021 and are still ongoing... The Record understands that APT31 used proxy meshes made of home routers as a way to scan the internet and then launch and disguise its attacks against Exchange email servers earlier this year; however, the technique was also used for other operations as well.

Read more of this story at Slashdot.

Free Software Foundation Will Fund Papers on Issues Around Microsoft's 'GitHub Copilot'

Posted: 31 Jul 2021 03:34 PM PDT

GitHub's new "Copilot" tool (created by Microsoft and OpenAI) shares the autocompletion suggestions of an AI trained on code repositories. But can that violate the original coder's license? Now the Free Software Foundation (FSF) is calling for a closer look at these and many other issues... "We already know that Copilot as it stands is unacceptable and unjust, from our perspective," they wrote in a blog post this week, arguing that Copilot "requires running software that is not free/libre (Visual Studio, or parts of Visual Studio Code), and Copilot is Service as a Software Substitute. These are settled questions as far as we are concerned." "However, Copilot raises many other questions which require deeper examination..." The Free Software Foundation has received numerous inquiries about our position on these questions. We can see that Copilot's use of freely licensed software has many implications for an incredibly large portion of the free software community. Developers want to know whether training a neural network on their software can really be considered fair use. Others who may be interested in using Copilot wonder if the code snippets and other elements copied from GitHub-hosted repositories could result in copyright infringement. And even if everything might be legally copacetic, activists wonder if there isn't something fundamentally unfair about a proprietary software company building a service off their work. With all these questions, many of them with legal implications that at first glance may have not been previously tested in a court of law, there aren't many simple answers. To get the answers the community needs, and to identify the best opportunities for defending user freedom in this space, the FSF is announcing a funded call for white papers to address Copilot, copyright, machine learning, and free software. We will read the submitted white papers, and we will publish ones that we think help elucidate the problem. We will provide a monetary reward of $500 for the papers we publish. They add that the following questions are of particular interest: Is Copilot's training on public repositories infringing copyright? Is it fair use? How likely is the output of Copilot to generate actionable claims of violations on GPL-licensed works? How can developers ensure that any code to which they hold the copyright is protected against violations generated by Copilot? Is there a way for developers using Copilot to comply with free software licenses like the GPL? If Copilot learns from AGPL-covered code, is Copilot infringing the AGPL? If Copilot generates code which does give rise to a violation of a free software licensed work, how can this violation be discovered by the copyright holder on the underlying work? Is a trained artificial intelligence (AI) / machine learning (ML) model resulting from machine learning a compiled version of the training data, or is it something else, like source code that users can modify by doing further training? Is the Copilot trained AI/ML model copyrighted? If so, who holds that copyright? Should ethical advocacy organizations like the FSF argue for change in copyright law relevant to these questions?

Read more of this story at Slashdot.

US Justice Department Says Russians Hacked Its Federal Prosecutors

Posted: 31 Jul 2021 02:34 PM PDT

In January America's federal Justice Department said there was no evidence that Russian hackers behind the massive SolarWinds breach had accessed classified systems, remembers the Associated Press. But today? The department said 80% of Microsoft email accounts used by employees in the four U.S. attorney offices in New York were breached. All told, the Justice Department said 27 U.S. Attorney offices had at least one employee's email account compromised during the hacking campaign. The Justice Department said in a statement that it believes the accounts were compromised from May 7 to Dec. 27, 2020. Such a timeframe is notable because the SolarWinds campaign, which infiltrated dozens of private-sector companies and think tanks as well as at least nine U.S. government agencies, was first discovered and publicized in mid-December... Jennifer Rodgers, a lecturer at Columbia Law School, said office emails frequently contained all sorts of sensitive information, including case strategy discussions and names of confidential informants, when she was a federal prosecutor in New York. "I don't remember ever having someone bring me a document instead of emailing it to me because of security concerns," she said, noting exceptions for classified materials... The Associated Press previously reported that SolarWinds hackers had gained access to email accounts belonging to the then-acting Homeland Security Secretary Chad Wolf and members of the department's cybersecurity staff...

Read more of this story at Slashdot.

Nobel Winner Steven Weinberg, Who Unified Two of Physics' Fundamental Forces, Has Died

Posted: 31 Jul 2021 01:34 PM PDT

Long-time Slashdot reader Mogster quotes : Steven Weinberg, a Nobel-prize winning physicist whose work helped link two of the four fundamental forces, has died at the age of 88, the University of Texas at Austin (UT Austin) announced Saturday (July 24). HIs work was foundational to the Standard Model, the overarching physics theory that describes how subatomic particles behave. His seminal work was a slim, three-page paper published in 1967 in the journal Physical Review Letters and entitled "A Model of Leptons." In it, he predicted how subatomic particles known as W, Z and the famous Higgs boson should behave — years before those particles were detected experimentally, according to a statement from UT Austin. The paper also helped unify the electromagnetic force and the weak force and predicted that so-called "neutral weak currents" governed how particles would interact, according to the statement. In 1979, Weinberg and physicists Sheldon Glashow and Abdus Salam earned the Nobel Prize in physics for this work. Throughout his life, Weinberg would continue his search for a unified theory that would unite all four forces, according to the statement. Weinberg also wrote a book called "The First Three Minutes: A Modern View of the Origin of the Universe" — in 1977.

Read more of this story at Slashdot.

Tech Companies Praised for 'Pandemic Leadership', Vaccine Mandates

Posted: 31 Jul 2021 12:34 PM PDT

"America reported 122,000 new COVID-19 cases on Friday, the highest single-day spike since February," reports Business Insider. But when it comes to anti-Covid measures like vaccine mandates, America's technology companies have been "decisive trend setters," according to the New York Times' On Tech newsletter. (Alternate URL) Last year, some high-profile tech companies were relatively early to close their corporate offices as coronavirus outbreaks started in the United States, and they continued to pay many hourly workers who couldn't do their jobs remotely. Those actions from companies including Microsoft, Salesforce, Facebook, Google, Apple and Twitter probably helped save lives in the Bay Area and perhaps beyond. Now many of the same tech companies — along with schools and universities, health care institutions and some government employers in the United States — have started to announce vaccine mandates for staff, the resumption of requirements to wear masks, delayed reopenings of offices or on-site workplace vaccinations to help slow the latest wave of infections. America's tech companies, which deserve criticism for misusing their power, also should get credit for using their power to take decisive action in response to virus risks. Those steps helped make it palatable for other organizations to follow. And in some cases, tech companies have acted more quickly in response to health threats and communicated about them more effectively than federal or local government leaders. Disney, the world's largest entertainment company, is also requiring all salaried and nonunion hourly employees in the U.S. to be fully vaccinated, according to the Washington Post. Walmart, the nation's largest private employer at almost 1.6 million employees, announced all of its corporate staff members and regional managers would need to be fully vaccinated by Oct. 4. Though the mandate does not apply to store and warehouse staffers, which make up the bulk of the company's workforce, Walmart is offering a $150 bonus as incentive for those unvaccinated employees to get inoculated... While companies are pushing for vaccinations, they must contend with employees who are seeking exceptions for medical or religious reasons. Walmart said in a statement that while a "small percentage" of employees are unable to be vaccinated due to such reasons, those workers "must follow all social distancing standards, wear a mask while working, and receive weekly Covid-19 testing provided by Walmart...." The news comes after corporate giants Google, Facebook and Uber announced their own vaccine mandates for employees this week. Companies such as Apple, Twitter, Lyft and the New York Times said they are delaying their return to the office due to the rising cases. More examples from CNN: BlackRock the world's largest asset manager, is currently allowing only vaccinated employees to return to the office Morgan Stanley's New York office is banning all unvaccinated staff and clients from entering its headquarters. Luxury department store chain Saks Fifth Avenue is requiring that all employees be vaccinated. All new hires and current employees of the Washington Post will be required to demonstrate proof of full Covid-19 vaccinations. As of August 2, all employees working in Lyft's offices are required to be vaccinated If Uber employees want to come back to the office, they must be fully vaccinated

Read more of this story at Slashdot.

Texas Instruments' New Calculator Will Run Programs Written in Python

Posted: 31 Jul 2021 11:34 AM PDT

"Dallas-based Texas Instruments' latest generation of calculators is getting a modern-day update with the addition of programming language Python," reports the Dallas Morning News: The goal is to expand students' ability to explore science, technology, engineering and math through the device that's all-but-required in the nation's high schools and colleges... Though most of the company's $14 billion in annual revenue comes from semiconductors, its graphing calculator remains its most recognized consumer product. This latest TI-84 model, priced between $120 to $160 depending on the retailer, was made to accommodate the increasing importance of programming in the modern world. Judging by photos in their press release, an "alpha" key maps the calculator's keys to the letters of the alphabet (indicated with yellow letters above each key). One page on its web site also mentions "Menu selections" that "help students with discovery and syntax." (And the site confirms the calculator will "display expressions, symbols and fractions just as you write them.") There's even a file manager that "gives quick access to Python programs you have saved on your calculator. From here, you can create, edit, run and manage your files." And one page also mentions something called TI Connect CE software application, which "connects your computer and graphing calculator so they can talk to each other. Use it to transfer data, update your operating system, download calculator software applications or take screenshots of your graphing calculator." I'm sure Slashdot's readers have some fond memories of their first calculator. But these new models have a full-color screen and a rechargeable battery that can last up to a month on a single charge. And Texas Instruments seems to think they could even replace computers in the classroom. "By adding Python to the calculators many students are already familiar with and use in class, we are making programming more accessible and approachable for all students," their press release argues, "eliminating the need for teachers to reserve separate computer labs to teach these important skills.

Read more of this story at Slashdot.

Rocket Lab Successfully Carries a US Military Satellite Into Orbit

Posted: 31 Jul 2021 10:34 AM PDT

"Resuming launches after a mission failure two months ago, Rocket Lab successfully placed a small U.S. military research and development satellite into orbit Thursday following a fiery liftoff from New Zealand..." reports Spaceflight Now: Heading east from Mahia, the rocket's first stage burned its nine engines for about two-and-a-half minutes, followed by a six-minute firing of the second stage engine to reach a preliminary parking orbit. A kick stage deployed from the the Electron rocket's second stage... Rocket Lab, a California-based company founded in New Zealand, confirmed a good deployment of the U.S. military's small experimental Monolith spacecraft about 52 minutes after liftoff. "Payload deployed, flawless launch and mission by the team!" tweeted Peter Beck, Rocket Lab's founder and CEO. The mission was the 21st flight of a Rocket Lab Electron launch vehicle since 2017, and the eighth to carry a payload for a U.S. military or intelligence agency customer. It was also the first Rocket Lab mission since May 15, when an Electron rocket failed before reaching orbit with two commercial BlackSky Earth-imaging satellites... The May 15 mission was the third time an Electron rocket failed to reach orbit on 20 attempts since 2017.

Read more of this story at Slashdot.

Early Virus Sequences 'Mysteriously' Deleted Have Been Not-So-Mysteriously Undeleted

Posted: 31 Jul 2021 09:34 AM PDT

"A batch of early coronavirus data that went missing for a year has emerged from hiding," reports the New York Times. (Jesse Bloom, a virologist at the Fred Hutchinson Cancer Center in Seattle, had found copies of 13 of the deleted sequences on Google Cloud.) Though their deletion raised some suspicions, "An odd explanation has emerged, stemming from an editorial oversight by a scientific journal," reports the Times. "And the sequences have been uploaded into a different database, overseen by the Chinese government." The Times also notes that the researchers had already posted their early findings online in March 2020: That month, they also uploaded the sequences to an online database called the Sequence Read Archive, which is maintained by the National Institutes of Health, and submitted a paper describing their results to a scientific journal called Small. The paper was published in June 2020... [A] spokeswoman for the N.I.H. said that the authors of the study had requested in June 2020 that the sequences be withdrawn from the database. The authors informed the agency that the sequences were being updated and would be added to a different database... On July 5, more than a year after the researchers withdrew the sequences from the Sequence Read Archive and two weeks after Dr. Bloom's report was published online, the sequences were quietly uploaded to a database maintained by China National Center for Bioinformation by Ben Hu, a researcher at Wuhan University and a co-author of the Small paper. On July 21, the disappearance of the sequences was brought up during a news conference in Beijing... According to a translation of the news conference by a journalist at the state-controlled Xinhua News Agency, the vice minister of China's National Health Commission, Dr. Zeng Yixin, said that the trouble arose when editors at Small deleted a paragraph in which the scientists described the sequences in the Sequence Read Archive. "Therefore, the researchers thought it was no longer necessary to store the data in the N.C.B.I. database," Dr. Zeng said, referring to the Sequence Read Archive, which is run by the N.I.H. An editor at Small, which specializes in science at the micro and nano scale and is based in Germany, confirmed his account. "The data availability statement was mistakenly deleted," the editor, Plamena Dogandzhiyski, wrote in an email. "We will issue a correction very shortly, which will clarify the error and include a link to the depository where the data is now hosted." The journal posted a formal correction to that effect on Thursday. While the researchers' first report had described their sequences as coming from patients "early in the epidemic," thus provoking intense curiosity, the sequences were, as promised, updated, to include a more specific date after they were published in the database, according to the Times. "They were taken from Renmin Hospital of Wuhan University on January 30 — almost two months after the earliest reports of Covid-19 in China."

Read more of this story at Slashdot.

A Pilot Reported Another 'Possible Jet Pack Man' Near Los Angeles

Posted: 31 Jul 2021 08:34 AM PDT

ABC News reports: A Boeing 747 pilot near Los Angeles reported Wednesday night another "possible jet pack man in sight." It's the latest in a string of mysterious jet pack sightings near the City of Angels since last year. "A Boeing 747 pilot reported seeing an object that might have resembled a jet pack 15 miles east of LAX at 5,000 feet altitude around 6:12 p.m. Wednesday," a spokesperson for the Federal Aviation Administration told ABC News. "Out of an abundance of caution, air traffic controllers alerted other pilots in the vicinity." Air traffic controllers could be heard directing pilots in the area to "use caution towards the jet pack." The FAA spokesperson said there were no "unusual objects" that had appeared on the radar around LAX around that time on Wednesday. "We were looking but we did not see Iron Man," one person said on the air traffic recording. "Unauthorized operators flying around airplanes, helicopters and airports is illegal and may be subject to fines and criminal charges, including jail time, the FAA says..."

Read more of this story at Slashdot.

After YouTube-dl Incident, GitHub's DMCA Process Now Includes Free Legal Help

Posted: 31 Jul 2021 07:34 AM PDT

"GitHub has announced a partnership with the Stanford Law School to support developers facing takedown requests related to the Digital Millennium Copyright Act (DMCA)," reports VentureBeat: While the DMCA may be better known as a law for protecting copyrighted works such as movies and music, it also has provisions (17 U.S.C. 1201) that criminalize attempts to circumvent copyright-protection controls — this includes any software that might help anyone infringe DMCA regulations. However, as with the countless spurious takedown notices delivered to online content creators, open source coders too have often found themselves in the DMCA firing line with little option but to comply with the request even if they have done nothing wrong. The problem, ultimately, is that freelance coders or small developer teams often don't have the resources to fight DMCA requests, which puts the balance of power in the hands of deep-pocketed corporations that may wish to use DMCA to stifle innovation or competition. Thus, GitHub's new Developer Rights Fellowship — in conjunction with Stanford Law School's Juelsgaard Intellectual Property and Innovation Clinic — seeks to help developers put in such a position by offering them free legal support. The initiative follows some eight months after GitHub announced it was overhauling its Section 1201 claim review process in the wake of a takedown request made by the Recording Industry Association of America (RIAA), which had been widely criticized as an abuse of DMCA... [M]oving forward, whenever GitHub notifies a developer of a "valid takedown claim," it will present them with an option to request free independent legal counsel. The fellowship will also be charged with "researching, educating, and advocating on DMCA and other legal issues important for software innovation," GitHub's head of developer policy Mike Linksvayer said in a blog post, along with other related programs. Explaining their rationale, GitHub's blog post argues that currently "When developers looking to learn, tinker, or make beneficial tools face a takedown claim under Section 1201, it is often simpler and safer to just fold, removing code from public view and out of the common good. "At GitHub, we want to fix this."

Read more of this story at Slashdot.

Google Play Gets Mandatory App Privacy Labels In April 2022

Posted: 31 Jul 2021 06:00 AM PDT

An anonymous reader quotes a report from Ars Technica: In iOS 14, Apple added a "privacy" section to the app store, requiring app developers to list the data they collect and how they use it. Google -- which was one of the biggest targets of Apple's privacy nutrition labels and delayed app updates for months to avoid complying with the policy -- is now aping the feature for Google Play. Google posted a demo of what the Google Play "Data privacy & security" section will look like, and it contains everything you'd expect if you've looked at the App Store lately. There's information on what data apps collect, whether or not the apps share the data with third parties, and how the data is stored. Developers can also explain what the data is used for and if data collection is required to use the app. The section also lists whether or not the collected data is encrypted, if the user can delete the data, and if the app follows Google's "Families" policy (meaning all the usual COPPA stuff). Google Play's privacy section will be mandatory for all developers in April 2022, and starting in October, Google says developers can start populating information in the Google Play Console "for review." Google also says that in April, all apps will need to supply a privacy policy, even if they don't collect any data. Apps that don't have an "approved" privacy section by April may have their app updates rejected or their app removed. Google says, "Developers are responsible for providing accurate and complete information in their safety section." All of this information is basically just running on the honor system, and on iOS, developers have already been caught faking their privacy labels.

Read more of this story at Slashdot.

Someone Made a Playable Clone of Pokemon For the Pebble Smartwatch

Posted: 31 Jul 2021 03:00 AM PDT

Developer Harrison Allen has developed a playable clone of Pokemon for the Pebble smartwatch, which was officially discontinued in late 2016 after the company was sold to Fitbit. Gizmodo reports: According to the game's developer, Harrison Allen, Pebblemon uses a graphics library they created that replicates Pokémon Yellow, which was the first version of the popular game series to take advantage of the Game Boy Color's limited color palette. As a result, while Pebblemon appears to be playable using the Pebble smartwatch's buttons (the wearable lacked a touchscreen), it's a smaller version of the original game featuring "various areas within the Johto region" but players will still "Encounter all 251 Pokemon from the Game Boy Color games" and will still be able to find items to help them out during gameplay. Pebblemon is currently available through the Rebble.io repository, which was created shortly after the company died as a place to continue to allow users to maintain their smart wearables, and to give developers a way to distribute new apps. If you don't already use it, you'll have to jump through a few hoops to get it to play nice with your Pebble watch, but it doesn't appear terribly difficult. Alternately, Allen has provided all of his source code through GitHub, if you're in the mood to compile or adapt it into something else yourself. There are two things to keep in mind if you want to try Pebblemon out: it's only compatible with the Pebble Time, Pebble Time Round, and Pebble 2 models -- not the original version of the wearable -- and you're going to want to jump on this as soon as possible because there's a very good chance Nintendo's eager lawyers are already aware of the game, and are already working to wipe it off the face of the Earth.

Read more of this story at Slashdot.

Government Denies Blue Origin's Challenge To NASA's Lunar Lander Program

Posted: 31 Jul 2021 12:00 AM PDT

The U.S. Government Accountability Office on Friday denied protests from companies affiliated with Jeff Bezos that NASA wrongly awarded a lucrative astronaut lunar lander contract solely to Elon Musk's SpaceX. CNBC reports: "NASA did not violate procurement law or regulation when it decided to make only one award ... the evaluation of all three proposals was reasonable, and consistent with applicable procurement law, regulation, and the announcement's terms," GAO managing associate general counsel Kenneth Patton wrote in a statement. The GAO ruling backs the space agency's surprise announcement in April that NASA awarded SpaceX with a contract worth about $2.9 billion. SpaceX was competing with Blue Origin and Dynetics for what was expected to be two contracts, before NASA only awarded a single contract due to a lower-than-expected allocation for the program from Congress. NASA, in a statement, said that the GAO decision will allow the agency "to establish a timeline for the first crewed landing on the Moon in more than 50 years." "As soon as possible, NASA will provide an update on the way ahead for Artemis, the human landing system, and humanity's return to the Moon. We will continue to work with the Biden Administration and Congress to ensure funding for a robust and sustainable approach for the nation's return to the Moon in a collaborative effort with U.S. commercial partners," the U.S. space agency said. A Blue Origin spokesperson told CNBC that the company still believes "there were fundamental issues with NASA's decision, but the GAO wasn't able to address them due to their limited jurisdiction." "We'll continue to advocate for two immediate providers as we believe it is the right solution," Blue Origin said. "The Human Landing System program needs to have competition now instead of later -- that's the best solution for NASA and the best solution for our country."

Read more of this story at Slashdot.

Comments

Post a Comment

Popular posts from this blog

Gizmodo

Image
Gizmodo Supergirl's Cinematic Supersuit Is Here In a Tiny New Flash Tease 14 of Rick and Morty's Most Excellent Season 4 Moments This Bot Clicking Ads on Climate Articles Shows the News Is Broken Get a Look Inside Star Wars: Queen’s Hope, as Padmé Makes a Tough Decision How the FBI Is Trying to Break Encryption Without Actually Breaking Encryption I Hate Recycling How My Robot Vacuum Got Me Through the Pandemic Updates From The Suicide Squad, John Wick: Chapter 4, and More Why Venus Is Soon to Be the Most Exciting Place in the Solar System The Best Android 12 Features We've Found So Far This Weird Air-Filtering Face Mask Picked the Worst Possible Time PornHub's Parent Company MindGeek Faces Lawsuit for Allegedly Hosting Nonconsensual Sex Videos Pickpockets in Brazil Are Reportedly Going After Smartphones to Clean Out Victims' Bank Accounts Congressman Introduc...
Read more

DZone.com Feed

DZone.com Feed Top IDEs in 2021 with Features and Prices Grow Professionally as a Backend Developer How to Find the Optimal Solution for Single Number LeetCode Problem? 5 Tips for Writing Accessible Code As a Software Engineer Implementing Google OAuth to Use Google API in Cloudflare Workers A Java developer's guide to Quarkus Creating Your Own Schema With the Adobe Document Generation Word Add-in Visualizing Sales Data With Arctype Dashboards Digging Out Data With Adobe PDF Extract API How Your Application Architecture Has Evolved Integrating Pub/Sub With MuleSoft The Key To a Good Start in Programming What Problems Are You Likely To Face When Adopting DevOps? Video Processing in AWS with Kinesis Video Streams A Complete Guide to Calculating Customer Acquisition Cost for SaaS Windows Management With Chocolatey Architecting Cloud Computing Solutions with Jav...
Read more