Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Critical Zen Cart Vulnerability Could Spell Black Friday Disaster For Shoppers ( 11

Mark Wilson writes: It's around this time of year, with Black Friday looming and Christmas just around the corner, that online sales boom. Today security firm High-Tech Bridge has issued a warning to retailers and shoppers about a critical vulnerability in the popular Zen Cart shopping management system. High-Tech Bridge has provided Zen Cart with full details of the security flaw which could allow remote attackers to infiltrate web servers and gain access to customer data. Servers running Zen Cart are also at risk of malware, meaning that hundreds of thousands of ecommerce sites pose a potential danger. Technical details of the vulnerability are not yet being made public, but having notified Zen Cart of the issue High-Tech Bridge says the date of full public disclosure is 16 December.

Why Car Salesmen Don't Want To Sell Electric Cars 145 writes: Matt Richtel writes in the NYT that one big reason there are only about 330,000 electric vehicles on the road is that car dealers show little enthusiasm for putting consumers into electric cars. Industry insiders say that electric vehicles do not offer dealers the same profits as gas-powered cars, they take more time to sell because of the explaining required, and electric vehicles may require less maintenance, undermining the biggest source of dealer profits — their service departments. Some electric car buyers have said they felt as if they were the ones doing the selling. Chelsea Dell made an appointment to test-drive a used Volt but when she arrived, she said, a salesman told her that the car hadn't been washed, and that he had instead readied a less expensive, gas-powered car. "I was ready to pull the trigger, and they were trying to muscle me into a Chevy Sonic," says Dell. "The thing I was baffled at was that the Volt was a lot more expensive." Marc Deutsch, Nissan's business development manager for electric vehicles says some salespeople just can't rationalize the time it takes to sell the cars. A salesperson "can sell two gas burners in less than it takes to sell a Leaf," Deutsch says. "It's a lot of work for a little pay."

Jared Allen says that service is crucial to dealer profits and that dealers didn't want to push consumers into electric cars that might make them less inclined to return for service. Maybe that helps explains the experience of Robert Kast, who last year leased a Volkswagen e-Golf from a local dealer. He said the salesman offered him a $15-per-month maintenance package that included service for oil changes, belt repair and water pumps. "I said: 'You know it doesn't have any of those things,'" Mr. Kast recalled. He said the salesman excused himself to go confirm this with his manager. Of the whole experience, Mr. Kast, 61, said: "I knew a whole lot more about the car than anyone in the building." "Until selling a plug-in electric car is as quick and easy as selling any other vehicle that nets the dealer the same profit, many dealers will avoid them, for very logical and understandable reasons," says John Voelker. "That means that the appropriate question should be directed to makers of electric cars: What are you doing to make selling electric cars as profitable and painless for your dealers as selling gasoline or diesel vehicles?"

Scientists Produce Graphene 100 Times Cheaper Than Ever Before ( 35

Zothecula writes that researchers at the University of Glasgow have found a way to produce large sheets of graphene 100 times more cheaply than previous methods. Gizmag reports: "Since first being synthesized by Andre Geim and Kostya Novoselov at the University of Manchester in 2004, there has been an extensive effort to exploit the extraordinary properties of graphene. However the cost of graphene in comparison to more traditional electronic materials has meant that its uptake in electronic manufacturing has been slow. Now researchers at the University of Glasgow have discovered a way to create large sheets of graphene using the same type of cheap copper used to manufacture lithium-ion batteries."
The Courts

Insurer Refuses To Cover Cox In Massive Piracy Lawsuit ( 58

An anonymous reader writes with news that Cox Communications' insurer, Lloyds Of London underwriter Beazley, is refusing to cover legal costs and any liabilities from the case brought against it by BMG and Round Hill Music. TorrentFreak reports: "Trouble continues for one of the largest Internet providers in the United States, with a Lloyds underwriter now suing Cox Communications over an insurance dispute. The insurer is refusing to cover legal fees and potential piracy damages in Cox's case against BMG Rights Management and Round Hill Music. Following a ruling from a Virginia federal court that Cox is not protected by the safe-harbor provisions of the DMCA, the Internet provider must now deal with another setback. Following a ruling from a Virginia federal court that Cox is not protected by the safe-harbor provisions of the DMCA, the Internet provider must now deal with another setback."

New Wearable Tech Translates Sign Language Into Text ( 22

An anonymous reader writes: A new wearable technology developed by a team of biomedical engineers at Texas A&M University seeks to aid seamless communication between deaf people who use sign language and those who do not understand it. The arm device contains a network of sensors which track hand movements, as well as the electromyography (EMG) signals generated by the muscles in the wrist, and process and translate the different signals into text in real-time.The prototype currently uses Bluetooth to translate the sign language to a computer or smartphone.

This Gizmo Knows Your Amex Card Number Before You've Received It ( 52

itwbennett writes: A small device built by legendary hacker Samy Kamkar can predict what new American Express card numbers will be and trick point-of-sale devices into accepting cards without a security microchip. Because American Express appears to have used a weak algorithm to generate new card numbers, the device, called MagSpoof, can predict what a new American Express card number will be based on a canceled card's number. The new expiration date can also be predicted based on when the replacement card was requested.

Will You Be Able To Run a Modern Desktop Environment In 2016 Without Systemd? 377

New submitter yeupou writes: Early this year, David Edmundson from KDE, concluded that "In many cases [systemd] allows us to throw away large amounts of code whilst at the same time providing a better user experience. Adding it [systemd] as an optional extra defeats the main benefit". A perfectly sensible explanation. But, then, one might wonder to which point KDE would remain usable without systemd?

Recently, on one Devuan box, I noticed that KDE power management (Powerdevil) no longer supported suspend and hibernate. Since pm-utils was still there, for a while, I resorted to call pm-suspend directly, hoping it would get fixed at some point. But it did not. So I wrote a report myself. I was not expecting much. But neither was I expecting it to be immediately marked as RESOLVED and DOWNSTREAM, with a comment accusing the "Debian fork" I'm using to "ripe out" systemd without "coming with any of the supported solutions Plasma provides". I searched beforehand about the issue so I knew that the problem also occurred on some other Debian-based systems and that the bug seemed entirely tied to upower, an upstream software used by Powerdevil. So if anything, at least this bug should have been marked as UPSTREAM.

While no one dares (yet) to claim to write software only for systemd based operating system, it is obvious that it is now getting quite hard to get support otherwise. At the same time, bricks that worked for years without now just get ruined, since, as pointed out by Edmunson, adding systemd as "optional extra defeats its main benefit". So, is it likely that we'll still have in 2016 a modern desktop environment, without recent regressions, running without systemd?

The Quest For the Ultimate Vacuum Tube ( 79

An anonymous reader writes: IEEE Spectrum reports on progress in the development of vacuum tube technology, which remains surprisingly relevant in 2015. "In the six decades since vacuum tubes lost out to solid-state devices in computers, receivers, and power supplies, vacuum technology has continued to evolve and branch out into new terrain, sustaining a small but skilled corps of engineers and scientists around the world, as well as a multibillion-dollar industry. That's because the traveling-wave tube and other vacuum devices continue to serve one purpose extremely well: as powerful sources of microwave, millimeter-wave, and submillimeter-wave radiation. And now, ongoing research into a new and potentially revolutionary kind of traveling-wave tube—the ultracompact and ultraefficient cold-cathode TWT—looks poised to deliver the first practical device by the end of this decade."

Neil deGrasse Tyson Touches Off Debate With Remarks On Commercial Space ( 254

MarkWhittington writes: In an interview published in The Verge, celebrity astrophysicist and media personality Neil deGrasse Tyson touched off a firestorm when he suggested that commercial space was not going to lead the way to open up the high frontier. Tyson has started a live show that he calls "Delusions of Space Enthusiasts" in which he touched on, among other things, why the Apollo program did not lead to greater things in space exploration such as going to Mars. Tyson repeats conventional wisdom about Apollo and the Cold War. In any case, it is his remarks on commercial space that has caused the most irritation.

What Is the Future of the Television? ( 179

An anonymous reader writes: Benedict Evans has an interesting post about where television hardware is headed. In the 1990s and early 2000s, the tech industry made a huge push to invade the living room, trying to make the internet mesh with traditional TV broadcasts. As we all know, their efforts failed. Now, we periodically see new waves of devices to attach to the TV, but none have been particularly ambitious. The most successful devices of the recent wave, like the Chromecast and Apple TV, are simply turning the TV into a dumb screen for streamed content. Meanwhile, consumption of all types of video content is growing on smaller screens — tablets, phones, etc. Even game consoles are starting to see their market eroded by boxes like the Steam Link, which acts as a pipe for a game being played elsewhere on a PC. It raises an intriguing question: where is the television headed? What uses and functions does one giant screen serve that can't be cleverly redistributed to smaller screens? Evans concludes, "The web's open, permissionless innovation beat the closed, top-down visions of interactive TV and the information superhighway."
The Military

KGB Software Almost Triggered War In 1983 ( 134

An anonymous reader writes: Who here remembers WarGames? As it turns out, the film was a lot closer to reality than we knew. Newly-released documents show that the Soviet Union's KGB developed software to predict sneak attacks from the U.S. and other nations in the early 1980s. During a NATO wargame in November, 1983, that software met all conditions necessary to forecast the beginning of a nuclear war. "Many of these procedures and tactics were things the Soviets had never seen, and the whole exercise came after a series of feints by U.S. and NATO forces to size up Soviet defenses and the downing of Korean Air Lines Flight 007 on September 1, 1983. So as Soviet leaders monitored the exercise and considered the current climate, they put one and one together. Able Archer, according to Soviet leadership at least, must have been a cover for a genuine surprise attack planned by the U.S., then led by a president possibly insane enough to do it." Fortunately, when the military exercise ended, so did Soviet fears that an attack was imminent.

Even the Dumbest Ransomware Is Almost Unremovable On Smart TVs ( 138

An anonymous reader writes: Apparently even the easiest-to-remove ransomware is painfully hard to uninstall from smart TVs, if they're running on the Android TV platform, and many are. This didn't happen in a real-world scenario (yet), and was only a PoC test by Symantec. The researcher managed to remove the ransomware only because he enabled the Android ADB tool beforehand, knowing he would infect the TV with the ransomware. "Without this option enabled, and if I was less experienced user, I'd probably still be locked out of my smart TV, making it a large and expensive paper weight," said the researcher.

Engineers Nine Times More Likely Than Expected To Become Terrorists ( 433 writes: Henry Farrel writes in the Washington Post that there's a group of people who appear to be somewhat prone to violent extremism: Engineers. They are nine times more likely to be terrorists than you would expect by chance. In a forthcoming book, Engineers of Jihad, published by Princeton University Press, Diego Gambetta and Steffen Hertog provide a new theory explaining why engineers seem unusually prone to become involved in terrorist organizations. They say it's caused by the way engineers think about the world. Survey data indicates engineering faculty at universities are far more likely to be conservative than people with other degrees, and far more likely to be religious. They are seven times as likely to be both religious and conservative as social scientists. Gambetta and Hertog speculate that engineers combine these political predilections with a marked preference towards finding clearcut answers.

Gambetta and Hertog suggest that this mindset combines with frustrated expectations in many Middle Eastern and North African countries (PDF), and among many migrant populations, where people with engineering backgrounds have difficulty in realizing their ambitions for good and socially valued jobs. This explains why there are relatively few radical Islamists with engineering backgrounds in Saudi Arabia (where they can easily find good employment) and why engineers were more prone to become left-wing radicals in Turkey and Iran.

Some people might argue that terrorist groups want to recruit engineers because engineers have valuable technical skills that might be helpful, such as in making bombs. This seems plausible – but it doesn't seem to be true. Terrorist organizations don't seem to recruit people because of their technical skills, but because they seem trustworthy and they don't actually need many people with engineering skills. "Bomb-making and the technical stuff that is done in most groups is performed by very few people (PDF), so you don't need, if you have a large group, 40 or 50 percent engineers," says Hertog. "You just need a few guys to put together the bombs. So the scale of the overrepresentation, especially in the larger groups is not easily explained."


Another Giant xkcd Comics Experiment ( 46

Dave Knott writes: XKCD creator Randall Munroe has decided to celebrate the release of his new book, Thing Explainer, by creating a "small game" called Hoverboard. In actuality, it is a gigantic scrolling comic in the same style as his previous Click And Drag. However, this time there is a game element as one navigates the comic. Explore giant starships and volcanoes, or search for hidden lairs, all in the name of finding as many hidden gold coins as possible.

AMD's 'Crimson' Driver Software Released ( 47

An anonymous reader writes: Yesterday marked the launch of AMD's 'Crimson' driver software. It replaces the old Catalyst driver software, and represents a change in how AMD develops bug fixes, improves performance, and adds features. AnandTech took a detailed look at the new driver software. They say, "By focusing feature releases around the end of the year driver, AMD is able to cut down on what parts of the driver they change (and thereby can possibly break) at other times of the year, and try to knock out all of their feature-related bugs at once. At the same time it makes the annual driver release a significant event, as AMD releases a number of new features all at once. However on the other hand this means that AMD has few features launching any other time of the year, which can make it look like they're not heavily invested in feature development at those points." On a more positive note, the article adds, "Looking under the hood there's no single feature that's going to blow every Radeon user away at once, but overall there are a number of neat features here that should be welcomed by various user groups. ... Meanwhile AMD's radical overhaul of their control panel via the new Radeon Settings application will be quickly noticed by everyone."