Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Communications

Facebook Is Testing Autoplaying Video With Sound (thenextweb.com) 38

An anonymous reader writes: Facebook is testing a "feature" that autoplays video clips on your feed with sound. It's not a very big test, but there's a possibility the company could roll it out to a larger group of users. The Next Web reports: "The company is currently trying two methods of getting people to watch video with sound in Australia: the aforementioned autoplaying, and an unmute button on the lower right corner of videos, like Vine videos on a desktop. The latter certainly sounds more reasonable; the last thing you want is to be checking Facebook quickly during a meeting or class, and suddenly have your phone blaring out an advert because you happened to stop on a video. Thankfully, you can disable the 'feature' from your settings, but the point is there's nothing wrong with the current opt-in approach, especially considering how many companies are embracing video captioning, and that Facebook even has its own auto-caption tool for advertisers." "We're running a small test in News Feed where people can choose whether they want to watch videos with sound on from the start," a Facebook spokesperson told Mashable Australia. "For people in this test who do not want sound to play, they can switch it off in Settings or directly on the video itself. This is one of several tests we're running as we work to improve the video experience for people on Facebook."
Programming

20% of Scientific Papers On Genes Contain Conversion Errors Caused By Excel, Says Report (winbeta.org) 203

An anonymous reader writes from a report via WinBeta: A new report from scientists Mark Ziemann, Yotam Eren, and Assam El-Osta says that 20% of scientific papers on genes contain gene name conversion errors caused by Excel. In the scientific article, titled "Gene name errors are widespread in the scientific literature," article's abstract section, the scientists explain: "The spreadsheet software Microsoft Excel, when used with default settings, is known to convert gene names to dates and floating-point numbers. A programmatic scan of leading genomics journals reveals that approximately one-fifth of papers with supplementary Excel gene lists contain erroneous gene name conversions."

It's easy to see why Excel might have problems with certain gene names when you see the "gene symbols" that the scientists use as examples: "For example, gene symbols such as SEPT2 (Septin 2) and MARCH1 [Membrane-Associated Ring Finger (C3HC4) 1, E3 Ubiquitin Protein Ligase] are converted by default to '2-Sep' and '1-Mar', respectively. Furthermore, RIKEN identifiers were described to be automatically converted to floating point numbers (i.e. from accession '2310009E13' to '2.31E+13'). Since that report, we have uncovered further instances where gene symbols were converted to dates in supplementary data of recently published papers (e.g. 'SEPT2' converted to '2006/09/02'). This suggests that gene name errors continue to be a problem in supplementary files accompanying articles. Inadvertent gene symbol conversion is problematic because these supplementary files are an important resource in the genomics community that are frequently reused. Our aim here is to raise awareness of the problem."
You can view the scientific paper in its entirety here.
Canada

Ashley Madison Security Protocols Violated Canada, Austrialia Privacy Laws (www.cbc.ca) 24

The Office of the Privacy Commissioner of Canada said Tuesday that the Canada-based online dating and social networking service Ashely Madison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs. CBC.ca reports: "In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers. The hack stole correspondence, identifying details and even credit card information from millions of the site's users. The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts. Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn't do enough to guard against being hacked. The company even adorned its website with the logo of a 'trusted security award' -- a claim the company admits it fabricated." The report found that "poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company" and that "much of the company's efforts to monitor its own security were 'focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data.'" What's more is that Ashley Madison continued to store personal information of its users even after some of which had deleted or deactivated their account(s). These people then had their information included in databases published online after the hack.
Security

BHU's 'Tiger Will Power' Wi-Fi Router May Be The Most Insecure Router Ever Made (softpedia.com) 59

An anonymous reader writes from a report via Softpedia: A Wi-Fi router manufactured and sold only in China can easily run for the title of "most insecure router ever made." The BHU router, whose name translates to "Tiger Will Power," has a long list of security problems that include: four authentication bypass flaws (one of which is just hilarious); a built-in backdoor root account that gets created on every boot-up sequence; the fact that it opens the SSH port for external connections after every boot (somebody has to use that root backdoor account right?); a built-in proxy server that re-routes all traffic; an ad injection system that adds adverts to all the sites you visit; and a backup JS file embedded in the router firmware if the ad script fails to load from its server. For techies, there's a long technical write-up, which gets funnier and scarier at the same time as you read through it. "An attacker authenticating on the router can use a hardcoded session ID (SID) value of 700000000000000 to gain admin privileges," reports Softpedia. "If he misspells the SID and drops a zero, that's no problem. The BHU router will accept any value and still grant the user admin rights."
Businesses

Interviews: Ask Raspberry Pi Founder and CEO Eben Upton a Question 127

It's been roughly five years since we last interviewed the founder and CEO of Raspberry Pi (Trading) Ltd., Eben Upton. Eben currently serves as a technical director and ASIC architect for Broadcom. He founded the Raspberry Pi Foundation in 2009 to develop and market a $25 microcomputer for education. He has also founded two successful mobile games and middleware companies, Ideaworks 3d Ltd. and Podfun Ltd., and served a Director of Studies for computer science at St. John's College, Cambridge. Ebon has agreed to take some time out of his busy schedule and answer some of your questions.

You may ask Eben as many questions as you'd like, but please, one per comment. We'll pick the very best questions and forward them to Eben Upton himself. (Feel free to leave your suggestions for who Slashdot should interview next.)

Go on, don't be shy!
Education

Four Code Bootcamps Are Now Eligible For Government Financial Aid (hackeducation.com) 85

Long-time Slashdot reader theodp notes a pilot program for improving computer science education which includes financial aid for students at four code bootcamps: In this week's Hack Education Weekly News, Audrey Watters writes, "The US Department of Education has selected eight higher ed institutions and eight 'non-traditional providers' that will work as partners to pilot the DoE's new EQUIP experiment, meaning that students will be able to receive federal financial aid for coding bootcamps, MOOCs, and the like...

"Good thing there haven't been any problems with for-profit higher ed and exploitation of financial aid, otherwise this would all seem like a terrible idea."

The original submission has more details on the participants (including the four code bootcamps). Ultimately the program involves pairing "non-traditional" providers with higher education institutions -- and then monitoring their results with a third-party "quality assurance entity" -- to improve the ways we measure a school's performance, but also testing new ways to fund training for computer careers. (I'm curious how Slashdot's readers feel about government loans for attendees at code bootcamps...)
First Person Shooters (Games)

100 Unofficial Mods Released for 'No Man's Sky' (vice.com) 72

Eleven days after its release, No Man's Sky already has over 100 unofficial mods by fans intent on improving the game. "We don't have time to wait for official dev tools to fix what can be fixed by us," one modder told Motherboard. "We definitely want the official tools ASAP but honestly, the players need a game that actually launches and plays at decent FPS first." An anonymous Slashdot reader quotes the article: In an email to one customer, Hello Games revealed that it will be releasing patches this week and next which will "help to improve the experience further for players" but it is unlikely that the promised official modding tools will be released in the near future...

Among the [unofficial] mods available for anyone to download are ones to...replace the system font with one from Star Trek, disable annoying audio warnings, and replace a "Units Received" alert with "the Rick 'Wubba Lubba Dub Dub' sound bite from Rick and Morty"... The Instagram Filter Remover mod is among the most popular on the No Man's Sky Mods website promising to remove "the stupid Instagram filter from the game"...making everything sharper and clearer.

That last mod has been downloaded 17,655 times so far, and by Friday the site had almost 800,000 views and 60,000 downloads. There's two other mods that add Dr. Who sound clips into the game, and the article notes fans are clamoring for more, "including one request to replace all the voice lines in the game with William Shatner quotes."
GUI

Fedora 25 To Run Wayland By Default Instead Of X.Org Server (phoronix.com) 151

An anonymous reader writes: Fedora 25 will finally be the first release for this Linux distribution -- and the first tier-one desktop Linux OS at large -- that is going ahead and using Wayland by default. Wayland has been talked about for years as a replacement to the xorg-server and finally with the upcoming Fedora 25 release this is expected to become a reality. The X.Org Server will still be present on Fedora systems for those running into driver problems or other common issues.
Fedora's steering committee agreed to the change provided the release notes "are clear about how to switch back to X11 if needed." In addition, according to the Fedora Project's wiki, "The code will automatically fall back to Xorg in cases where Wayland is unavailable (like NVIDIA)."
Oracle

Oracle Is Funding a New Anti-Google Group (fortune.com) 153

An anonymous reader writes from a report via Fortune: Oracle says it is funding a new non-profit called "Campaign for Accountability," which consists of a campaign called "The Google Transparency Project" that claims to expose criminal behavior carried out by Google. "Oracle is absolutely a contributor (one of many) to the Transparency Project. This is important information for the public to know. It is 100 percent public records and accurate," said Ken Glueck, Senior Vice President of Oracle. Fortune reports: "Oracle's hidden hand is not a huge surprise since the company has a history of sneaky PR tactics, and is still embroiled in a bitter intellectual property lawsuit with Google." One would think Microsoft may be another contributor, but the company said it is not. Daniel Stevens, the deputy director of the CfA, declined to name the group's other donors, or to explain why it does not disclose its funders. Why does this matter? "When wealthy companies or individuals pose as a grass-roots group like the so-called 'campaign for accountability' project, [it] can confuse news and public relations, and foster public cynicism," writes Jeff John Roberts via Fortune.
Programming

The $5 Onion Omega2 Gives Raspberry Pi a Run For Its Money (dailydot.com) 124

An anonymous reader writes from a report via The Daily Dot: Onion's Omega2 computer may give the Raspberry Pi a run for its money if the success of the Kickstarter campaign is any indication. The Daily Dot reports: "With an initial goal of just $15,000, over 11,560 backers have pledged the company $446,792 in hopes of getting their hands on this little wonder board. So why are thousands of people losing their minds? Simple; the Omega2 packs a ton of power into a $5 package. Billed as the world's smallest Linux server, complete with built-in Wi-Fi, the Omega2 is perfect for building simple computers or the web connected project of your dreams. The tiny machine is roughly the size of a cherry, before expansions, and runs a full Linux operating system. For $5 you get a 580MHz CPU, 64MB memory, 16MB storage, built-in Wi-Fi and a USB 2.0 port. A $9 model is also available with 128MB of memory, 32MB of storage, and a MircoSD slot. The similarly priced Raspberry Pi Zero comes with a 1GHz Arm processor, 512MB of memory, a MicroSD slot, no onboard storage, and no built-in Wi-Fi. Omega2 supports the Ruby, C++, Python, PHP, Perl, JavaScript (Node.js), and Bash programming languages, so no matter your background in coding you should be able to figure something out." You can also add Bluetooth, GPS, and 2G/3G support via add-ons or expansions. It looks promising, though it is a Kickstarter campaign and the product may not come into fruition.
Security

People Ignore Software Security Warnings Up To 90% of the Time, Says Study (phys.org) 124

An anonymous reader quotes a report from Phys.Org: A new study from BYU, in collaboration with Google Chrome engineers, finds the status quo of warning messages appearing haphazardly -- while people are typing, watching a video, uploading files, etc. -- results in up to 90 percent of users disregarding them. Researchers found these times are less effective because of "dual task interference," a neural limitation where even simple tasks can't be simultaneously performed without significant performance loss. Or, in human terms, multitasking. For example, 74 percent of people in the study ignored security messages that popped up while they were on the way to close a web page window. Another 79 percent ignored the messages if they were watching a video. And a whopping 87 percent disregarded the messages while they were transferring information, in this case, a confirmation code. For example, Jenkins, Vance and BYU colleagues Bonnie Anderson and Brock Kirwan found that people pay the most attention to security messages when they pop up in lower dual task times such as: after watching a video, waiting for a page to load, or after interacting with a website. For part of the study, researchers had participants complete computer tasks while an fMRI scanner measured their brain activity. The experiment showed neural activity was substantially reduced when security messages interrupted a task, as compared to when a user responded to the security message itself. The BYU researchers used the functional MRI data as they collaborated with a team of Google Chrome security engineers to identify better times to display security messages during the browsing experience.
Firefox

Mozilla To Add Screenshot Sharing Feature To Firefox Test Pilot Program (softpedia.com) 75

An anonymous reader writes: [Softpedia reports:] "Mozilla plans to include a webpage screenshot sharing feature to Firefox as part of the Test Pilot program, a spokesperson confirmed to Softpedia. The new feature is called Page Shot, and will initially roll out on Firefox Test Pilot in late-Q3 of this year. The Firefox Test Pilot program allows users to test experimental Firefox features using a special add-on. Based on user feedback, those features will end up as built-in Firefox features, or self-standing add-ons." The pageshot.net website is now offline as Mozilla prepares to launch the add-on via Test Pilot, but Softpedia has the screenshots. You can view the screenshots here.
Google

Oracle Says Trial Wasn't Fair, It Should Have Known About Google Play For Chrome (arstechnica.com) 181

Two and a half months after a federal jury concluded that Google's Android operating system does not infringe Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use," Oracle's attorney says her client missed a crucial detail in the trial, adding that this detail could change everything. ArsTechnica reports: Oracle lawyers argued in federal court today that their copyright trial loss against Google should be thrown out because they were denied key evidence in discovery. Oracle attorney Annette Hurst said that the launch of Google Play on Chrome OS, which happened in the middle of the trial, showed that Google was trying to break into the market for Java SE on desktops. In her view, that move dramatically changes the amount of market harm that Oracle experienced, and the evidence should have been shared with the jury. "This is a game-changer," Hurst told U.S. District Judge William Alsup, who oversaw the trial. "The whole foundation for their case is gone. [Android] isn't 'transformative'; it's on desktops and laptops." Google argued that its use of Java APIs was "fair use" for several reasons, including the fact that Android, which was built for smartphones, didn't compete with Java SE, which is used on desktops and laptops. During the post-trial hearing today, Hurst argued that it's clear that Google intends to use Android smartphones as a "leading wedge" and has plans to "suck in the entire Java SE market. [...] Android is doing this using Java code," said Hurst. "That's outrageous, under copyright law. This verdict is tainted by the jury's inability to hear this evidence. Viewing the smartphone in isolation is a Google-gerrymandered story."In the meanwhile, Google attorney said Oracle was aware of Google's intentions of porting Android to laptops and desktops, and that if Oracle wanted to use this piece of information, it could have.
Intel

Intel Unveils Project Alloy 'Merged Reality' Wireless Headset (hothardware.com) 43

MojoKid writes: Intel CEO Bryan Krzanich took to the stage at the Moscone Center in San Francisco today to kick off this year's Intel Developers Forum. Kyrzanich unveiled a number of new projects and products including a product code-named "Project Alloy." The device is an un-tethered, merged reality Head Mounted Device (HMD) that combines compute, graphics, multiple RealSense modules, various sensors, and batteries into a self-contained headset that offers a full six degrees of freedom. Unlike the Oculus Rift and HTC Vive, Project Alloy does not need to be wired to a PC or other device and it does not require externally mounted sensors to define a virtual space. Instead, it uses RealSense cameras to map the actual physical world you're in while wearing the HMD. The RealSense cameras also allow the device to bring real-world objects into the virtual world, or vice versa. The cameras and sensors used in Project Alloy offer full depth sensing, so obstacles can be mapped, and people and objects within camera range -- like your hand, for example -- can be brought into the virtual world and accurately tracked. During a live, on-stage demo performed by Intel's Craig Raymond, Craig's hand was tracked and all five digits, complete with accurate bones and joint locations, were brought into the the VR/AR experience. Project Alloy will be supported by Microsoft's Windows Holographics Shell framework.
Businesses

Twitch Acquires Curse, Its Sites, Tools For Gamers, and Databases (venturebeat.com) 25

An anonymous reader writes from a report via VentureBeat: The Amazon-owned, game-streaming site Twitch has announced today that it has acquired Curse, a company that creates programs like voice clients, databases, and mod managers for PC games for some 30 million users. Twitch did not disclose how much they paid for Curse. VentureBeat reports: "Twitch has more than 100 million users a month, and it has helped to popularize new trends gaming like esports and the rise of influencers and personalities who create fanbases that watch them (and donate money to them) while they play. Curse has over 30 million users a month across its website, social media channels, and desktop applications. The company hosts popular websites for hit PC games like Hearthpwn for Hearthstone: Heroes of Warcraft and MMO Champion for World of Warcraft. Outside of its site, Twitch hasn't made many services for gamers. It could use this acquisition to extend a reach into that field."
Security

Windows UAC Bypass Permits Code Execution (threatpost.com) 79

msm1267 writes from a report via Threatpost: A Windows UAC bypass has been publicly disclosed that not only bypasses the security feature meant to prevent unauthorized installs, but can be used to run code on compromised machines without leaving a trace on the hard disk. The bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely. Researcher Matt Nelson said he figured out a way to use eventvwr to hijack a registry process, start Powershell and execute commands on Windows machines; he collaborated with fellow researcher Matt Graeber on a proof-of-concept exploit, which was tested against Windows 7 and 10. A report published today by Nelson said it would work against any version of the OS that implements UAC. An attacker would already need to be on the machine to use this technique, Nelson said. The attack allows an admin user to execute code in a high-integrity context without requiring the user to approve the administrative action via the UAC pop-up. Microsoft, the researcher said, does not consider UAC bypasses a security boundary worthy of a bulletin and patch. It's unclear how Microsoft will address this issue.
Intel

Intel's Joule is Its Most Powerful Dev Kit Yet (engadget.com) 55

Devindra Hardawar, writing for Engadget: We've seen plenty of unique dev kits from Intel, including the SD card-sized Edison, but not one as powerful as this. Intel announced Joule today, a tiny maker board that will allow developers to test RealSense-powered concepts and, hopefully, bring the to the market faster than before. The company says the tiny, low-powered Joule would be ideal for testing concepts in robotics, AR, VR, industrial IoT and a slew of other industries. And it also looks like it could be an interesting way for students to dabble in RealSense's depth-sensing technology in schools. There will be two Joule kits to choose from: the 550x, which includes a 1.5GHz quad-core Atom T5500 processor, 3GB of RAM and 8GB of storage; and the 570x, which packs in a 1.7Ghz quad-core Atom T5700 CPU (with burst speeds up to 2.4GHz), 4GB of RAM and 16GB of storage. Both models include "laptop-class" 802.11AC wireless, Intel graphics with 4K capture and display support, and a Linux-based OS.
Bug

FalseCONNECT Vulnerability Affects Software From Apple, Microsoft, Oracle, More (softpedia.com) 32

An anonymous reader writes from a report via Softpedia: "Researcher Jerry Decime revealed details about a security vulnerability that allows an attacker to gain a Man-in-the-Middle position and intercept HTTPS traffic thanks to flaws in the implementation of proxy authentication procedures in various products," reports Softpedia. The flaw can be used to collect user credentials by tricking victims into re-authenticating, sending data to a third-party. Multiple software vendors deploy applications that can handle proxy connections. Until now, Apple, Microsoft, Oracle, and Opera have acknowledged their products are affected. Lenovo said this bug does not impact its software. Other software vendors that are still evaluating the FalseCONNECT bug and may be affected include multiple Linux distros, Cisco, Google, HP, IBM, Juniper, Mozilla, Nokia, OpenBSD, SAP, Sony, and others.
Programming

Ask Slashdot: What Are Some Bad Programming Ideas That Work? (infoworld.com) 671

snydeq writes: Cheaper, faster, better side effects -- sometimes a bad idea in programming is better than just good enough, writes InfoWorld's Peter Wayner: "Some ideas, schemes, or architectures may truly stink, but they may also be the best choice for your project. They may be cheaper or faster, or maybe it's too hard to do things the right way. In other words, sometimes bad is simply good enough. There are also occasions when a bad idea comes with a silver lining. It may not be the best approach, but it has such good side-effects that it's the way to go. If we're stuck going down a suboptimal path to programming hell, we might as well make the most of whatever gems may be buried there." What bad programming ideas have you found useful enough to make work in your projects? Don't be shy or ashamed, we all want to hear your responses!
Australia

Internal 'Set Of Blunders' Crashed Australia's Census Site (cso.com.au) 92

Slashdot reader River Tam explains the crash of Australia's online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics "were offered DDoS prevention services from their upstream provider...and said they didn't need it." From an article on CSO: The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected... Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site's operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site.

In an unfortunate confluence of events, IBM's security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site's operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack...these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site...

Slashdot Top Deals