Businesses

DMCA Notices Remove 8,268 Projects On Github In 2015 (torrentfreak.com) 116

An anonymous reader writes: Github's transparency report for 2015 shows that the site received many DMCA notices that removed more than 8,200 projects. "In 2015, we received significantly more takedown notices, and took down significantly more content, than we did in 2014," Github reports. For comparison, the company received only 258 DMCA notices in 2014, 17 of which responded with a counter-notice or retraction. In 2015, they received 505 takedown notices, 62 of which were the subject of counters or withdrawals. TorrentFreak reports: "Copyright holders are not limited to reporting one URL or location per DMCA notice. In fact, each notice filed can target tens, hundreds, or even thousands of allegedly infringing locations." September was a particularly active month as it took down nearly 5,834 projects. "Usually, the DMCA reports we receive are from people or organizations reporting a single potentially infringing repository. However, every now and then we receive a single notice asking us to take down many repositories," Github explains. They are called 'Mass Removals' when more than 100 repositories are asked to be removed. "In all, fewer than twenty individual notice senders requested removal of over 90% of the content GitHub took down in 2015."
Businesses

Clinton Tech Plan Reads Like Silicon Valley Wish List (usatoday.com) 355

theodp writes from a report via USA Today: "If there was any lingering doubt as to tech's favored presidential candidate," writes USA Today's Jon Swartz, "Hillary Clinton put an end to that Tuesday with a tech plan that reads like a Silicon Valley wish list. It calls for connecting every U.S. household to high-speed internet by 2020, reducing regulatory barriers and supporting Net neutrality rules, [which ban internet providers from blocking or slowing content.] It proposes investments in computer science and engineering education ("engage the private sector and nonprofits to train up to 50,000 computer science teachers in the next decade"), expansion of 5G mobile data, making inexpensive Wi-Fi available at more airports and train stations, and attaching a green card to the diplomas of foreign-born students earning STEM degrees." dcblogs shares with us a report from Computerworld that specifically discusses Clinton's support of green cards for foreign students who earn STEM degrees: As president, Hillary Clinton will support automatic green cards, or permanent residency, for foreign students who earn advanced STEM degrees. Clinton, the presumptive Democratic presidential candidate, wants the U.S. to "staple" green cards on the diplomas of STEM (science, technology, engineering, math) masters and PhD graduates "from accredited institutions." Clinton outlined her plan in a broader tech policy agenda released today. Clinton's "staple" idea isn't new. It's what Mitt Romney, the GOP presidential candidate in 2012, supported. It has had bipartisan support in Congress. But the staple idea is controversial. Critics will say this provision will be hard to control, will foster age discrimination, and put pressure on IT wages.
AI

AI Downs 'Top Gun' Pilot In Dogfights (dailymail.co.uk) 441

schwit1 writes from a report via Daily Mail: [Daily Mail reports:] "The Artificial intelligence (AI) developed by a University of Cincinnati doctoral graduate was recently assessed by retired USAF Colonel Gene Lee -- who holds extensive aerial combat experience as an instructor and Air Battle Manager with considerable fighter aircraft expertise. He took on the software in a simulator. Lee was not able to score a kill after repeated attempts. He was shot out of the air every time during protracted engagements, and according to Lee, is 'the most aggressive, responsive, dynamic and credible AI I've seen to date.'" And why is the US still throwing money at the F35, unless it can be flown without pilots. The AI, dubbed ALPHA, features a genetic fuzzy tree decision-making system, which is a subtype of fuzzy logic algorithms. The system breaks larger tasks into smaller tasks, which include high-level tactics, firing, evasion, and defensiveness. It can calculate the best maneuvers in various, changing environments over 250 times faster than its human opponent can blink. Lee says, "I was surprised at how aware and reactive it was. It seemed to be aware of my intentions and reacting instantly to my changes in flight and my missile deployment. It knew how to defeat the shot I was taking. It moved instantly between defensive and offensive actions as needed."
Earth

Google's Satellite Map Gets a 700-Trillion-Pixel Makeover (theatlantic.com) 70

An anonymous reader writes: On Monday, Google Maps has received a makeover with 700 trillion pixels of new data added to the service. The Atlantic reports: "The new map, which activates this week for all users of Google Maps and Google Earth, consists of orbital imagery that is newer, more detailed, and of higher contrast than the previous version. Most importantly, this new map contains fewer clouds than before -- only the second time Google has unveiled a "cloudless" map. Google had not updated its low- and medium- resolution satellite map in three years. The new version of the map includes data from Landsat 8, the newer version of the same satellite (Landsat 7, the U.S. government satellite which supplied the older map's imagery data), letting Google clear the ugly artifacts. Google's new update doesn't include imagery at the highest zoom levels, like the kind needed to closely inspect an individual house, pool, or baseball field. Those pictures do not come from Landsat at all, but from a mix of other public and private aerial and space-based cameras, including DigitalGlobe's high-resolution satellites. The image processing for this most recent map was completed entirely in Google Earth Engine, the company's geospatial-focused cloud infrastructure. In fact, the entire algorithm to create the cloudless map was written in Javascript in the Earth Engine development interface."
Education

Google Launches 'Project Bloks' Toys To Teach Kids To Code (thenextweb.com) 54

An anonymous reader writes: Google has launched a hardware project dubbed 'Project Bloks' to help teach kids how to code. There are three components to the learning experience: Brain Board, Base Boards, and Pucks. The Brain Board features a processing unit that is based off of Raspberry Pi Zero, which controls and provides power to the rest of the connected components. It does also interact with Wi-Fi and Bluetooth devices. The Base Boards are connective units that let users design instruction flows. Finally, the Pucks are the components you interact with. They're shaped with switches, arrows, buttons, dials and more, and can be programmed to turn things on or off, move avatars, play music, and more. What's neat is you can record instructions from multiple pucks into a single one. Some of them can be made with simple, inexpensive materials like paper with conductive ink. You can watch the official introduction video on YouTube. Google did release a subsequent video about the project called "Developing on Project Bloks."
IOS

.NET Core 1.0 Released, Now Officially Supported By Red Hat (arstechnica.com) 123

Microsoft on Monday announced the release of .NET Core, the open source .NET runtime platform. Finally! (It was first announced in 2014). The company also released ASP.NET Core 1.0, the open-source version of Microsoft's Web development stack. ArsTechnica reports:Microsoft picked an unusual venue to announce the release: the Red Hat Summit. One of the purposes of .NET Core was to make Linux and OS X into first-class supported platforms, with .NET developers able to reach Windows, OS X, Linux, and (with Xamarin) iOS and Android, too. At the summit today, Red Hat announced that this release would be actively supported by the company on Red Hat Enterprise Linux.
Programming

New C++ Features Voted In By C++17 Standards Committee (reddit.com) 286

New submitter lefticus writes: The upcoming C++17 standard has reached Committee Draft stage, having been voted on in the standards committee meeting in Oulu, Finland this Saturday. This makes C++17 now feature complete, with many new interesting features such as if initializers and structured bindings having been voted in at this meeting.

An [audio] interview with the C++ committee chair, Herb Sutter, about the status of C++17 has also been posted.

Programming

ECMAScript 2016: New Version of JavaScript Language Released (softpedia.com) 165

An anonymous Slashdot reader writes: Ecma International, the organization in charge of managing the ECMAScript standard, has published the most recent version of the JavaScript language. ECMAScript 2016 (ES7 or JavaScript 7th Edition in the old naming scheme) comes with very few new features. The most important is that JavaScript developers will finally get a "raise to the power" operator, which was mysteriously left out of the standard for 20 years. The operator is **...
It will also become much easier to search for data in a JavaScript array with Array.prototype.includes(), but support for async functions (initially announced for ES2016), has been deferred until next year's release. "From now on, expect smaller changelogs from the ECMAScript team," reports Softpedia, "since this was the plan set out last year. Fewer breaking changes means more time to migrate code, instead of having to rewrite entire applications, as developers did when the mammoth ES6 release came out last year."
Crime

Why Are Hackers Increasingly Targeting the Healthcare Industry? (helpnetsecurity.com) 111

Slashdot reader Orome1 shares an article by Bitdefender's senior "e-threat analyst," warning about an increasing number of attacks on healthcare providers: In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identity theft. This personal data often contains information regarding a patient's medical history, which could be used in targeted spear-phishing attacks...and hackers are able to access this data via network-connected medical devices, now standard in high-tech hospitals. This is opening up new possibilities for attackers to breach a hospital or a pharmaceutical company's perimeter defenses.

If a device is connected to the internet and left vulnerable to attack, an attacker could remotely connect to it and use it as gateways for attacking network security... The majority of healthcare organizations have often been shown to fail basic security practices, such as disabling concurrent login to multiple devices, enforcing strong authentication and even isolating critical devices and medical data storing servers from a direct internet connection.

The article suggests the possibility of attackers tampering with the equipment that dispenses prescription medications, in which case "it is likely that future cyber-attacks could lead to the loss of human life."
Programming

Java, PHP, NodeJS, and Ruby Tools Compromised By Severe Swagger Vulnerability (threatpost.com) 97

"Researchers have discovered a vulnerability within the Swagger specification which may place tools based on NodeJS, PHP, Ruby, and Java at risk of exploit," warns ZDNet's blog Zero Day, adding "the severe flaw allows attackers to remotely execute code." Slashdot reader msm1267 writes: A serious parameter injection vulnerability exists in the Swagger Code Generator that could allow an attacker to embed executable code in a Swagger JSON file. The flaw affects NodeJS, Ruby, PHP, Java and likely other programming languages. Researchers at Rapid7 who found the flaw disclosed details...as well as a Metasploit module and a proposed patch for the specification. The matter was privately disclosed in April, but Rapid7 said it never heard a response from Swagger's maintainers.

Swagger produces and consumes RESTful web services APIs; Swagger docs can be consumed to automatically generate client-server code. As of January 1, the Swagger specification was donated to the Open API Initiative and became the foundation for the OpenAPI Specification. The vulnerability lies in the Swagger Code Generator, and specifically in that parsers for Swagger documents (written in JSON) don't properly sanitize input. Therefore, an attacker can abuse a developer's trust in Swagger to include executable code that will run once it's in the development environment.

DRM

Oculus Ditches DRM Hurdle, Allows HTC Vive Games On Rift Again (venturebeat.com) 37

An anonymous reader writes: After changing its DRM to exclude ReVive last month, Oculus has changed its mind again and is now allowing HTC Vive games to play on the Oculus Rift. "We continually revise our entitlement and anti-piracy systems, and in the June update we've removed the check for Rift hardware from the entitlement check. We won't use hardware checks as part of DRM on PC in the future," Oculus VR said. "We believe protecting developer content is critical to the long-term success of the VR industry, and we'll continue taking steps in the future to ensure that VR developers can keep investing in ground-breaking new VR content." VentureBeat reports: "ReVive developers have acted quickly following the removal of the check. An update to the software has been posted on GitHub to bring it back in line, meaning you'll now be able to access the games that were previously available without jumping through extra hoops. Perhaps even more games might work going forward. CrossVR, one of the system's developers, took to Reddit to thank Oculus for the decision. 'I'm delighted to see this change and I hope it can generate a lot of goodwill for Oculus.' CrossVR said."
Advertising

HTML5 Ads Aren't That Safe Compared To Flash, Experts Say (softpedia.com) 108

An anonymous reader writes: [Softpedia reports:] "A study from GeoEdge (PDF), an ad scanning vendor, reveals that Flash has been wrongly accused as the root cause of today's malvertising campaigns, but in reality, switching to HTML5 ads won't safeguard users from attacks because the vulnerabilities are in the ad platforms and advertising standards themselves. The company argues that for video ads, the primary root of malvertising is the VAST and VPAID advertising standards. VAST and VPAID are the rules of the game when it comes to online video advertising, defining the road an ad needs to take from the ad's creator to the user's browser. Even if the ad is Flash or HTML5, there are critical points in this ad delivery path where ad creators can alter the ad via JavaScript injections. These same critical points are also there so advertisers or ad networks can feed JavaScript code that fingerprints and tracks users." The real culprit is the ability to send JavaScript code at runtime, and not if the ad is a Flash object, an image or a block of HTML(5) code.
Google

Google Launches Android Programming Course For Absolute Beginners (zdnet.com) 98

If you're on the fence on whether or not should you spring for learning how to code, Google is willing to offer a helping hand. The company has partnered with Udacity to offer a "nanodegree" class designed for people with no programming experience at all. The program costs $199 per month. ZDNet reports:The course material, developed by Google, is hosted on learning platform Udacity and builds on earlier programs such as the Android Nanodegree for Beginners. The basics course takes around four weeks if the student commits six hours a week and upon completion they'll have created two basic apps built in Android Studio."Google, in partnership with Udacity, is making Android development accessible and understandable to everyone, so that regardless of your background, you can learn to build apps that improve the lives of people around you," Google announced on its developer blog.
Databases

154 Million Voter Records Exposed Due To Database Error (dailydot.com) 95

blottsie writes: Chris Vickery, a security researcher at MacKeeper, has uncovered a new voter database containing 154 million voter records, exposed as a result of a CouchDB installation error. The database includes names, addresses, Facebook profile URLs, gun ownership, and more. Who exposed the voter database? Vickery believes the suspect may be linked to L2, a company specializing in voter data utilization, after he noticed that the voter ID field was labeled "LALVOTERID." After calling the company, L2 said the database likely belongs to one of their clients, noting that there are very few clients big enough to have a national database like that. The database was secured within three hours of their phone call. L2's CEO Bruce Willsie said that the client told L2 that they were hacked and the firewall had been taken down. Their client is conducting their own research to figure out the extent of the incursion. The Daily Dot reports: "Why does this keep happening, and what is our government doing about it? No federal agency is enforcing data security in political organizations or non-profits, and so far, neither are state attorneys general."
Graphics

MSI and ASUS Accused of Sending Reviewers Overpowered Graphics Cards (theverge.com) 133

An anonymous reader writes from a report via The Verge: TechPowerUp discovered that the MSI GeForce GTX 1080 Gaming X card they were sent for review was running at faster GPU and memory clock speeds than the retail version. This was because the review card was set to operate in the OC (overclocking) mode out of the box, whereas the retail card runs in the more regular Gaming mode out of the box. This may result in an unobservant reviewer accidentally misrepresenting the OC performance numbers as the stock results from the card, lending MSI's product an unearned helping hand. The site found this was a recurring pattern with MSI stretching back for years. Fellow Taiwanese manufacturer ASUS, in spite of having better global name recognition and reputation, has also show itself guilty of preprogramming review cards with an extra overclocking boost. Needless to say, the only goal of such actions is to deceive -- both the consumer and the reviewer -- though perhaps some companies have felt compelled to follow suit after the trend was identified among competitors. The Verge notes that TechPowerUp revealed its finding on Thursday of last week, and has not received any official response from either MSI or ASUS. They did update their story to note that MSI addressed the matter, in a comment provided to HardOCP Editor-in-Chief Kyle Bennett, back in 2014.
Businesses

Indie Dev TinyBuild Lost $450K To Fraudulent Sales Facilitated By G2A (pastemagazine.com) 104

An anonymous reader quotes a report from Paste Magazine: Indie developer TinyBuild, the studio behind Punch Club, Party Hard and SpeedRunners, had thousands of their game codes stolen through fraudulent credit card purchases, which then wound up on G2A.com, a site that allows people to resell game codes. The basic idea behind G2A is straightforward and pretty harmless: with the amount of game codes sold through Steam, the Humble Store/Bundle, and more, the site gives consumers a place to sell unwanted game codes. However, in doing so, G2A has created a huge black market for game codes sales. As TinyBuild described in their blog post on the matter, the common practice for scammers is to "get ahold of a database of stolen credit cards on the dark web. Go to a bundle/3rd party key reseller and buy a ton of game keys. Put them up onto G2A and sell them at half the retail price." This allows scammers to make thousands of dollars while preventing any profit from reaching the game developers because, once the stolen credit cards are processed, the payments will be denied. G2A states that TinyBuild's retail partners are the ones selling the codes on G2A, not scammers, despite the thousands of codes they lost through their online store to fraudulent credit card purchases. In 2011, TinyBuild was in the news for uploading their own game, a platformer called No Time To Explain, to the Pirate Bay.
Democrats

DNC Hacker Releases Clinton Foundation Documents (washingtonexaminer.com) 156

An anonymous reader writes: Following a report that Russian hackers penetrated the DNC's database, a hacker, who identifies himself as "Guccifer 2.0" after a popular Romanian hacker who hacked various American political figures, most notably Hillary Clinton and her private server, has published documents on Tuesday that he says came from the party's digital files. The documents detail Clinton's weaknesses as a candidate, and include a collection of negative press clips about the Clinton Foundation and a list of defenses against attacks on her private email use. Washington Examiner reports: "Another document, titled '2016 Democrats Positions Cheat Sheet,' listed major policy issues and indicated where Clinton, Bernie Sanders, Martin O'Malley, Jim Webb, Lincoln Chaffee, Elizabeth Warren and Joe Biden -- all former or possible rivals for the Democratic nomination -- stood on each issue." The documents contain information ranging from how the Clinton Foundation and its allies should respond to criticisms of the Clinton Foundation's revenue sources to how Chelsea Clinton wasn't able to answer questions about Clinton Foundation donations and other instances in which Bill Clinton was called a "sexual predator" for his past indiscretions. Even though the cybersecurity breach was blamed on the Russian government, the Kremlin has denied any involvement. The DNC also has yet to confirm or deny the authenticity of the leaked documents.
AI

Elon Musk's Open Source OpenAI: We're Working On a Robot For Your Household Chores (zdnet.com) 64

An anonymous reader writes from a report via ZDNet: OpenAI, the artificial-intelligence non-profit backed by Elon Musk, Amazon Web Services, and others, is working on creating a physical robot that performs household chores. In a blog post Monday, OpenAI leaders said they don't want to manufacture the robot itself, but "enable a physical robot [...] to perform basic housework." The company says it is "inspired" by DeepMind's work in the deep learning and reinforcement learning field of AI, as displayed by its AlphaGo victory over human Go masters. OpenAI says it wants to "train an agent capable enough to solve any game," noting that significant advances in AI will be required in order for that to happen. In May, the company released a public beta of a new Open Source gym for computer programmers working on AI. They also have plans to build an agent that can understand natural language and seek clarification when following instructions to complete a task. OpenAI plans to build new algorithms that can advance this field. Finally, OpenAI wants to measure its progress across games, robotics, and language-based tasks, which is where OpenAI's Gym Beta will come into play.
Security

Slashdot Asks: Does Your Company Have A Breach Response Team? (helpnetsecurity.com) 47

This week HelpNetSecurity reported on a study that found that "the average data breach cost has grown to $4 million, representing a 29 percent increase since 2013.. 'The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently," said Caleb Barlow, Vice President, of IBM Security."

But the most stunning part of the study was that each compromised record costs a company $158 (on average), and up to $355 per record in more highly-regulated industries like healthcare, according to the study -- $100 more than in 2013. And yet it also found that having an "incident response team" greatly reduces the cost of a data breach. So I'd be curious how many Slashdot readers work for a company that actually has a team in place to handle data breaches. Leave your answers in the comments. Does your company have an incident response team ?
Classic Games (Games)

Mattel Sells Out Of 'Game Developer Barbie' (cnet.com) 224

Long-time Slashdot reader sandbagger writes: The Mattel people have released a new Barbie doll figurine touted as Game Developer Barbie. Dressed in jeans and a t-shirt, she was apparently designed by a game developer.
It's already sold out on Mattel's web site, with CNET saying it provides a better role model than a 2014 book In which "computer engineer" Barbie designed a cute game about puppies, then admitted "I'll need Steven's and Brian's help to turn it into a real game," before her laptop crashed with a virus. Mattel says that with this new doll, "young techies can play out the creative fun of this exciting profession," and the doll even comes with a laptop showing an IDE on the screen. Sandbagger's original submission ended with a question. Do Slashdot readers think this will inspire a new generation of programmers to stay up late writing code?

Slashdot Top Deals