×
IBM

IBM Bans Staff From Using Removable Storage Devices (theregister.co.uk) 167

An anonymous reader shares a report: In an advisory to employees, IBM global chief Information security officer Shamla Naidoo said the company "is expanding the practise of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive)." The advisory stated some pockets of IBM have had this policy for a while, but "over the next few weeks we are implementing this policy worldwide." Big Blue's doing this because "the possible financial and reputational damage from misplaced, lost or misused removable portable storage devices must be minimised." IBMers are advised to use Big Blue's preferred sync 'n' share service to move data around.
Data Storage

Engineers Devise a Technique To Fight Counterfeit or Recycled Smartphone Memory (ieee.org) 52

Flash is designed to last a decade or more of use. A lot of the gadgets that rely on it, however, are not. Shady recyclers have spotted opportunity in that mismatch, stripping out used chips and selling them as new. But fret not, there is something that can be done to address the issue. From a report: Engineers at the University of Alabama have come up with a straightforward electronic examination that can tell if a flash chip is new or recycled, even if that chip has only seen 5 percent or less of its life. And the technique is so straightforward that a smartphone app could run it on its own memory. [...] A flash memory cell is like an ordinary transistor, it has a source and a drain and a channel through which current flows under the control of voltage on the gate electrode. The difference is that the gate is split into several layers -- the control gate, the blocking oxide, the floating gate, and the tunneling oxide.

[...] Voltage on the control gate causes electrons to tunnel through that bottom oxide and get stuck inside the floating gate. This charge or its absence is the stored bit. It alters how much voltage you need to turn the transistor on in a way that you can easily measure. Erasing the bit is done by reversing the voltage and driving the charge out of the floating gate. Ray and his team took advantage of the rather high voltages -- about plus or minus 20 volts -- needed to program and erase flash. The more you program and erase a cell, the more defects will accumulate in the oxide, he explains.

Bitcoin

Telegram's Billion-Dollar ICO Has Become a Mess (amazon.com) 34

Jon Russell and Mike Butcher from TechCrunch report of the mess that is Telegram's billion-dollar initial coin offering (ICO): Telegram's ICO was supposed to be a record-breaker to develop a platform that brings the decentralized internet to life. Instead, it has become a mess with the tightly controlled fundraising process in disarray as early backers sell their tokens for handsome returns. The company recently canceled the public sale piece of its ICO, the Wall Street Journal reported this week, after it raised $1.7 billion from private sale investors, according to SEC filings. But the issues date back further.

Telegram's grand vision is to build the TON (Telegram Open Network), a blockchain-based platform that extends its messaging app, which counts 200 million active users, into a range of services that include payments, file storage, censorship-proof browsing and decentralized apps hosted on the platform. According to the original whitepaper, the plan was to raise $1.2 billion using both invite-only private investors and an open sale to the public. Telegram later extended the raise to $1.7 billion before it canceled the public sale altogether. That's almost certainly because it had already raised enough money to develop TON without the risk of running into the SEC's ongoing ICO probe by soliciting money from the public. The result is that the ordinary people can't buy Telegram's Gram crypto token until it is released on exchanges. There's currently no timeline for that. But, with massive demand for the messaging app and deep discounts for early backers, a secondary market for buying and selling tokens early has emerged -- with huge returns already realized by some.

Power

California To Become First US State Mandating Solar On New Homes (ocregister.com) 305

OCRegister reports that "The California Energy Commission is scheduled to vote Wednesday, May 9, on new energy standards mandating most new homes have solar panels starting in 2020." From the report: Just 15 percent to 20 percent of new single-family homes built include solar, according to Bob Raymer, technical director for the California Building Industry Association. The proposed new rules would deviate slightly from another much-heralded objective: Requiring all new homes be "net-zero," meaning they would produce enough solar power to offset all electricity and natural gas consumed over the course of a year. New thinking has made that goal obsolete, state officials say. True "zero-net-energy" homes still rely on the electric power grid at night, they explained, a time when more generating plants come online using fossil fuels to generate power. In addition to widespread adoption of solar power, the new provisions include a push to increase battery storage and increase reliance on electricity over natural gas.
Data Storage

How Reliable Are 10TB and 12TB Hard Drives? Backblaze Publishes Q1 2018 Hard Drive Reliability (zdnet.com) 123

Wolfrider writes: Backblaze's hard drive report for the first quarter 2018 makes very interesting reading for anyone who is interested in hard drive performance and reliability. As of March 31, 2018, the company had 100,110 hard drives working for it, made up of 1,922 boot drives and 98,188 data drives, ranging from 3TB WDC WD30EFRX drives all the way up to 10TB and 12TB Seagate ST10000NM0086 and ST12000NM0007 drives, along with 10 Samsung 850 EVO SSDs. [...] The overall Annualized Failure Rate (AFR) for Q1 sat at just 1.2 percent, well below the Q4 2017 AFR of 1.65 percent. Some drives had an AFR of 0 percent (in other words, no drives failed during the period), while the 4TB Seagate ST4000DM000 had the highest AFR of 2.3 percent (out of 30,941 drives the company had in service, 178 failed during the Q1 period).
China

Chinese Government Admits Collection of Deleted WeChat Messages (techcrunch.com) 39

The South China Morning Post reported over the weekend that Chinese authorities have the capability of retrieving deleted messages from the WeChat app. The newspaper noted that an anti-corruption commission in Hefei province posted Saturday to social media that it has "retrieved a series of deleted WeChat conversations from a subject" as part of an investigation. TechCrunch reports: The post was deleted Sunday, but not before many had seen it and understood the ramifications. Tencent, which operates the WeChat service used by nearly a billion people (including myself), explained in a statement that "WeChat does not store any chat histories -- they are only stored on users' phones and computers." The technical details of this storage were not disclosed, but it seems clear from the commission's post that they are accessible in some way to interested authorities, as many have suspected for years. The app does, of course, comply with other government requirements, such as censoring certain topics.
Operating Systems

Ubuntu 18.04 Focuses On Security and AI Improvements (sdtimes.com) 89

Canonical has announced the release of its open-source Linux operating system, Ubuntu 18.04, which features security, multi-cloud, containers, and AI improvements. From a report: "Multi-cloud operations are the new normal," said Mark Shuttleworth, CEO of Canonical and founder of Ubuntu, in a statement. "Boot-time and performance-optimized images of Ubuntu 18.04 LTS on every major public cloud make it the fastest and most efficient OS for cloud computing, especially for storage and compute intensive tasks like machine learning." On-premises and on-cloud AI development within Ubuntu will be improved by the integration of Kubeflow and a range of CI/CD tools into Canonical Kubernetes. Kubeflow is a machine learning library built on Kubernetes.
Microsoft

Microsoft Plans Version of Windows 10 For Devices With Limited Storage (engadget.com) 142

An anonymous reader shares a report: A smaller, more pared down version of Windows 10 was spotted in the latest Redstone 5 preview build. Microsoft is calling it Windows 10 Lean and it's 2GB smaller in size than standard editions of Windows 10 once installed. Missing from this version are the Registry Editor, Internet Explorer, wallpaper, Microsoft Management Console and drivers for CD and DVD drives, and Windows Central notes that the lighter Windows 10 might be designed to ensure tablets and laptops with little internal storage can install Windows 10 feature updates. Additionally, the Redstone 5 preview also features phone-related APIs that support functions like dialing, blocking withheld numbers, video calling, Bluetooth headset support and speakerphone mode, stoking those persistent Andromeda rumors.
Security

Hackers Built a 'Master Key' For Millions of Hotel Rooms (zdnet.com) 126

An anonymous reader writes: Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building. The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties in 166 countries, amounting to millions of hotel rooms -- as well as garages and storage units. These electronic lock systems are commonplace in hotels, used by staff to provide granular controls over where a person can go in a hotel -- such as their room -- and even restricting the floor that the elevator stops at. And these keys can be wiped and reused when guests check-out.

It turns out these key cards aren't as secure as first thought. F-Secure's Tomi Tuominen and Timo Hirvonen, who carried out the work, said they could create a master key 'basically out of thin air.' Any key card will do. Even old and expired, or discarded keys retain enough residual data to be used in the attack. Using a handheld device running custom software, the researchers can steal data off of a key card -- either using wireless radio-frequency identification (RFID) or the magnetic stripe. That device then manipulates the stolen key data, which identifies the hotel, to produce an access token with the highest level of privileges, effectively serving as a master key to every room in the building.

Windows

E-Waste Innovator Will Go To Jail For Making Windows Restore Disks That Only Worked With Valid Licenses (gizmodo.com) 426

An anonymous reader quotes a report from The Washington Post: California man Eric Lundgren, an electronic waste entrepreneur who produced tens of thousands of Windows restore disks intended to extend the lifespan of aging computers, lost a federal appeals court case in Miami after it ruled "he had infringed Microsoft's products to the tune of $700,000," the Washington Post reported on Tuesday. Per the Post, the appeals court ruled Lundgren's original sentence of 15 months in prison and a $50,000 fine would stay, despite the software being freely available online and only compatible with valid Windows licenses: "The appeals court upheld a federal district judge's ruling that the disks made by Eric Lundgren to restore Microsoft operating systems had a value of $25 apiece, even though they could be downloaded free and could be used only on computers with a valid Microsoft license. The U.S. Court of Appeals for the 11th Circuit initially granted Lundgren an emergency stay of his prison sentence, shortly before he was to surrender, but then affirmed his original 15-month sentence and $50,000 fine without hearing oral argument in a ruling issued April 11." All told, the court valued 28,000 restore disks he produced at $700,000, despite testimony from software expert Glenn Weadock that they were worth essentially zero.
Data Storage

Samsung Announces 970 PRO and 970 EVO NVMe SSDs (anandtech.com) 51

hyperclocker shares a report from AnandTech: Samsung has announced the third generation of their high-end consumer NVMe SSDs. The new 970 PRO and 970 EVO M.2 NVMe SSDs use a newer controller and Samsung's latest 64-layer 3D NAND flash memory. The outgoing 960 PRO and 960 EVO were first announced in September 2016 and shipped that fall, so they have had a fairly long run as Samsung's flagship consumer SSDs. Compared to its predecessor, the 970 EVO promises a small improvement in sequential read speed, and a more substantial boost to sequential write speed for all but the smallest 250GB model. Peak random access performance is also substantially improved, but again the 250GB model gets left out, and is actually rated as slower than the 960 EVO 250GB. The warranty on the EVO has been extended from three years to five years, and the write endurance ratings have been increased by 50% to retain almost the same drive writes per day rating.

The 970 PRO's performance specs aren't too different from the 970 EVO. Many of the ratings are the same, and the ones that differ are mostly better by just 3-11% for the PRO. There are just two major exceptions to this. First, the PRO doesn't rely on SLC write caching so it can maintain its write speed far longer than the EVO. Second, the rated write endurance of the 970 PRO is twice that of the EVO, going from just over 0.3 Drive Writes Per Day to 0.6 DWPD. Neither of these are an important factor for ordinary consumer use cases, but they help the 970 PRO retain some shine as a premium product.

Businesses

SmugMug Buys Flickr, Vows To Revitalize the Photo Service (usatoday.com) 61

On Friday, Silicon Valley photo-sharing and storage company SmugMug announced it had acquired Flickr, the photo-sharing site created in 2004 by Ludicorp and acquired in 2005 by Yahoo. SmugMug CEO Don MacAskill told USA TODAY he's committed to revitalizing the faded social networking site, which hosted photos and videos long before it became trendy. Flickr will reportedly continue to operate separately, and SmugMug and Flickr accounts will "remain separate and independent for the foreseeable future." From the report: He declined to disclose the terms of the deal, which closed this week. "Flickr is an amazing community, full of some of the world's most passionate photographers. It's a fantastic product and a beloved brand, supplying tens of billions of photos to hundreds of millions of people around the world," MacAskill said. "Flickr has survived through thick-and-thin and is core to the entire fabric of the Internet." The surprise deal ends months of uncertainty for Flickr, whose fate had been up in the air since last year when Yahoo was bought by Verizon for $4.5 billion and joined with AOL in Verizon's Oath subsidiary.
Power

Can Tesla's Batteries Power Puerto Rico? (electrek.co) 88

An anonymous reader quotes Electrek: Almost 1 million ratepayers of the Puerto Rican Electric Power Authority on the island of Puerto Rico were reportedly without power Wednesday during an island-wide blackout. But a few hundred locations with Tesla Energy storage systems were able to keep the lights on, according to CEO Elon Musk... Some of those locations include very critical services. For example, Tesla deployed a series of Powerpack systems on the Puerto Rican islands of Vieques and Culebra for a sanitary sewer treatment plant, the Arcadia water pumping station, the Ciudad Dorada elderly community, the Susan Centeno hospital, and the Boys and Girls Club of Vieques. Furthermore, the automaker's energy division also deployed a solar+battery system at a hospital in Puerto Rico...

It was also reported that the Puerto Rican government was considering Tesla's plan for a series of microgrids to help bring back power on a larger scale. The government has confirmed that they "presented several projects in remote areas that would allow entire communities to be more independent" and they also "presented a proposal to the Authority for Public-Private Partnerships for the deployment of a large-scale battery system designed to help stabilize the entire Puerto Rico electricity network."

The proposal, involving de-centralized local solar farms, "should prove more resilient to natural disaster," Electrek reported earlier, adding " and of course, it would be a lot cleaner than their currently mostly fossil fuel-based power generation." Already Tesla batteries are "live and delivering power" at 662 locations, Elon Musk tweeted Wednesday.

Meanwhile, CNN reports that one Puerto Rico resident spent three weeks building his own solar power system using $7,500 in parts -- which will ultimately prove cheaper than the $350 a month he was spending to run a gas generator (and waiting as long as six hours in the long gas lines).

They're not revealing his name "because he's concerned someone may try to steal his new system."
AI

AI Will Wipe Out Half the Banking Jobs In a Decade, Experts Say 111

Experts in the industry say that current advances in artificial intelligence and automation could replace as many as half the nation's financial services workers over the next decade, though it will take a big investment to make that happen. The Mercury News reports: "Unless banks deal with the performance issues that AI will cause for ultra-large databases, they will not be able to take the money gained by eliminating positions and spend it on the new services and products they will need in order to stay competitive," James D'Arezzo, CEO of Glendale-based Condusiv Technologies, said. Intensive hardware upgrades are often cited as an answer to the problem, but D'Arezzo said that's prohibitively expensive.

Speaking to an audience last year in Frankfurt, Germany, Deutsche Bank CEO John Cryan predicted a "bonfire" of industry jobs as automation moves forward. "In our bank we have people doing work like robots," he said. "Tomorrow we will have robots behaving like people. It doesn't matter if we as a bank will participate in these changes or not, it is going to happen." Increased processing power, cloud storage and other developments are making many tasks possible that once were considered too complex for automation, according to Cryan. D'Arezzo, whose company works to improve existing software performance, said the financial industry is being swamped by "a tsunami of data," including new compliance requirements for customer privacy and constantly changing bank regulations.
Bhagwan Chowdhry, a professor of finance and economics at the UCLA Anderson School of Management, offers a less bleak view of the future. "Technology will eliminate some jobs that are repetitive and require less human judgment," he said, "But I think they will get replaced by other jobs that humans are better at. Anything that requires judgment is something humans will continue to do. We are not good at multiplying 16-digit numbers, but we're good at judging people and detecting if someone is telling the truth."
Data Storage

Loud Sound From Fire Alarm System Shuts Down Nasdaq's Scandinavian Data Center (bleepingcomputer.com) 114

Catalin Cimpanu, writing for BleepingComputer: A loud sound emitted by a fire alarm system has destroyed the hard drives of a Swedish data center, downing Nasdaq operations across Northern Europe. The incident took place in the early hours of Wednesday, April 19, and was caused by a gas-based fire alarm system that are typically deployed in data centers because of their ability to put out fires without destroying non-burnt equipment. These systems work by releasing inert gas at high speeds, a mechanism usually accompanied by a loud whistle-like sound. With non-calibrated systems, this sound can get very loud, a big no-no in data centers, where loud sounds are known to affect performance, shut down, or even destroy hard drives.
Security

Data Firm Leaks 48 Million User Profiles it Scraped From Facebook, LinkedIn, Others (zdnet.com) 56

Zack Whittaker, reporting for ZDNet: A little-known data firm was able to build 48 million personal profiles, combining data from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow, among others -- without the users' knowledge or consent. Localblox, a Bellevue, Wash.-based firm, says it "automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks." Since its founding in 2010, the company has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow to name a few, to produce profiles.

But earlier this year, the company left a massive store of profile data on a public but unlisted Amazon S3 storage bucket without a password, allowing anyone to download its contents. The bucket, labeled "lbdumps," contained a file that unpacked to a single file over 1.2 terabytes in size. The file listed 48 million individual records, scraped from public profiles, consolidated, then stitched together.

Canada

19-Year-Old Archivist Charged For Downloading Freedom-of-Information Releases (www.cbc.ca) 422

Ichijo writes: According to CBC News, a Canadian teen "has been charged with 'unauthorized use of a computer,' which carries a possible 10-year prison sentence, for downloading approximately 7,000 freedom-of-information releases. The provincial government says about 250 of those contain Nova Scotians' sensitive personal information."

"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests."
The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
Red Hat Software

Red Hat Enterprise Linux Version 7.5 Released (redhat.com) 64

On Tuesday Red Hat announced the general availability of Red Hat Enterprise Linux version 7.5. An anonymous reader writes: Serving as a consistent foundation for hybrid cloud environments, Red Hat Enterprise Linux 7.5 provides enhanced security and compliance controls, tools to reduce storage costs, and improved usability, as well as further integration with Microsoft Windows infrastructure both on-premise and in Microsoft Azure.

New features include a large combination of Ansible Automation with OpenSCAP, and LUKS-encrypted removable storage devices can be now automatically unlocked using NBDE. The Gnome shell has been re-based to version 3.26, the Kernel version is 3.10.0-862, and the kernel-alt packages include kernel version 4.14 with support for 64-bit ARM, IBM POWER9 (little endian), and IBM z Systems, while KVM virtualization is now supported on IBM POWER8/POWER9 systems.

See the detailed release notes here.
Security

Uber's 2016 Breach Affected More Than 20 Million US Users (bloomberg.com) 6

An anonymous reader quotes a report from Bloomberg: A data breach in 2016 exposed the names, phone numbers and email addresses of more than 20 million people who use Uber's service in the U.S., authorities said on Thursday, as they chastised the ride-hailing company for not revealing the lapse earlier. The Federal Trade Commission said Uber failed to disclose the leak last year as the agency investigated and sanctioned the company for a similar data breach that happened in 2014. "After misleading consumers about its privacy and security practices, Uber compounded its misconduct," said Maureen Ohlhausen, the acting FTC chairman. She announced an expansion of last year's settlement with the company and said the new agreement was "designed to ensure that Uber does not engage in similar misconduct in the future."

In the 2016 breach, intruders in a data-storage service run by Amazon.com Inc. obtained unencrypted consumer personal information relating to U.S. riders and drivers, including 25.6 million names and email addresses, 22.1 million names and mobile phone numbers, and 607,000 names and driver's license numbers, the FTC said in a complaint. Under the revised settlement, Uber could be subject to civil penalties if it fails to notify the FTC of future incidents, and it must submit audits of its data security, the agency said.

Operating Systems

'Fuchsia Is Not Linux': Google Publishes Documentation Explaining Their New OS (xda-developers.com) 245

An anonymous reader quotes a report from XDA Developers: You've probably seen mentions of the Fuchsia operating system here and there since it has been in development for almost 2 years. It's Google's not-so-secretive operating system which many speculate will eventually replace Android. We've seen it grow from a barely functional mock-up UI in an app form to a version that actually boots on existing hardware. We've seen how much importance Google places on the project as veteran Android project managers are starting to work on it. But after all of this time, we've never once had either an official announcement from Google about the project or any documentation about it -- all of the information thus far has come as a result of people digging into the source code.

Now, that appears to be changing as Google has published a documentation page called "The Book." The page aims to explain what Fuchsia, the "modular, capability-based operating system" is and is not. The most prominent text on that page is a large section explaining that Fuchsia is NOT Linux, in case that wasn't clear already. Above that are several readme pages explaining Fuchsia's file systems, boot sequence, core libraries, sandboxing, and more. The rest of the page has sections explaining what the Zircon micro-kernel is and how the framework, storage, networking, graphics, media, user interface, and more are implemented.

Slashdot Top Deals