Electronic Frontier Foundation

EFF: Accessing Publicly Available Information On the Internet Is Not a Crime (eff.org) 46

An anonymous reader quotes a report from EFF: EFF is fighting another attempt by a giant corporation to take advantage of our poorly drafted federal computer crime statute for commercial advantage -- without any regard for the impact on the rest of us. This time the culprit is LinkedIn. The social networking giant wants violations of its corporate policy against using automated scripts to access public information on its website to count as felony "hacking" under the Computer Fraud and Abuse Act, a 1986 federal law meant to criminalize breaking into private computer systems to access non-public information.

EFF, together with our friends DuckDuckGo and the Internet Archive, have urged the Ninth Circuit Court of Appeals to reject LinkedIn's request to transform the CFAA from a law meant to target "hacking" into a tool for enforcing its computer use policies. Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use. LinkedIn would have the court believe that all "bots" are bad, but they're actually a common and necessary part of the Internet. "Good bots" were responsible for 23 percent of Web traffic in 2016. Using them to access publicly available information on the open Internet should not be punishable by years in federal prison. LinkedIn's position would undermine open access to information online, a hallmark of today's Internet, and threaten socially valuable bots that journalists, researchers, and Internet users around the world rely on every day -- all in the name of preserving LinkedIn's advantage over a competing service. The Ninth Circuit should make sure that doesn't happen.

Software

T-Mobile Is Becoming a Cable Company (engadget.com) 89

T-Mobile has revealed that it's launching a TV service in 2018, and that is has acquired Layer3 TV (a company that integrates TV, streaming and social networking) to make this happen. The company thinks people are ditching cable due to the providers, not TV itself. Engadget reports: It claims that it can "uncarrier" TV the way it did with wireless service, and has already targeted a few areas it thinks it can fix: it doesn't like the years-long contracts, bloated bundles, outdated tech and poor customer service that are staples of TV service in the U.S. T-Mobile hasn't gone into detail about the functionality of the service yet. How will it be delivered? How much will it cost? Where will it be available? And will this affect the company's free Netflix offer? This is more a declaration of intent than a concrete roadmap, so it's far from certain that the company will live up to its promises. Ultimately, the move represents a big bet on T-Mobile's part: that people like TV and are cutting the cord based on a disdain for the companies, not the service. There's a degree of truth to that when many Americans are all too familiar with paying ever-increasing rates to get hundreds of channels they don't watch. However, there's no guarantee that it'll work in an era when many people (particularly younger people) are more likely to use Netflix, YouTube or a streaming TV service like Sling TV.
China

German Intelligence Warns of Increased Chinese Cyberspying (apnews.com) 74

The head of Germany's domestic intelligence agency has warned that China allegedly is using social networks to try to cultivate lawmakers and other officials as sources. From a report: Hans-Georg Maassen said his agency, known by its German acronym BfV, believes more than 10,000 Germans have been targeted by Chinese intelligence agents posing as consultants, headhunters or researchers, primarily on the social networking site LinkedIn. "This is a broad-based attempt to infiltrate in particular parliaments, ministries and government agencies," Maassen said.
Networking

Ask Slashdot: What's the Best Way to Retrain Old IT Workers? 343

A medium-sized company just hired a new IT manager who wants advice from the Slashdot community about their two remaining IT "gofers": These people have literally been here their entire "careers" and are now near retirement. Quite honestly, they do not have any experience other than reinstalling Windows, binding something to the domain and the occasional driver installation -- and are more than willing to admit this. Given many people are now using Macs and most servers/workstations are running Linux, they have literally lost complete control over the company, with most of these machines sitting around completely unmanaged.

Firing these people is nearly impossible. (They have a lot of goodwill within other departments, and they have quite literally worked there for more than 60 years combined.) So I've been tasked with attempting to retrain these people in the next six months. Given they still have to do work (imaging computers and fixing basic issues), what are the best ways of retraining them into basic network, Windows, Mac, Linux, and "cloud" first-level help desk support?

Monster_user had some suggestions -- for example, "Don't overtrain. Select and target areas where they will be able to provide a strong impact." Any other good advice?

Leave your best answers in the comments. What's the best way to retrain old IT workers?
Programming

What Mistakes Can Stall An IT Career? (cio.com) 207

Quoting snydeq: "In the fast-paced world of technology, complacency can be a career killer," Paul Heltzel writes in an article on 20 ways to kill your IT career without knowing it. "So too can any number of hidden hazards that quietly put your career on shaky ground -- from not knowing your true worth to thinking you've finally made it. Learning new tech skills and networking are obvious ways to solidify your career. But what about accidental ways that could put your career in a slide? Hidden hazards -- silent career killers? Some tech pitfalls may not be obvious."
CIO's reporter "talked to a number of IT pros, recruiters, and developers about how to build a bulletproof career and avoid lesser-known pitfalls," citing hazards like burning bridges and skipping social events. But it also warns of the dangers of staying in your comfort zone too long instead of asking for "stretch" assignments and accepting training opporunities.

The original submission puts the same question to Slashdot readers. "What silent career killers have you witnessed (or fallen prey to) in your years in IT?"
Hardware

Nvidia Announces 'Nvidia Titan V' Video Card: GV100 for $3000 (anandtech.com) 51

Nvidia has announced the Titan V, the "world's most powerful PC GPU." It's based on Nvidia's Volta, the same architecture as the Nvidia Tesla V100 GPUs behind Amazon Web Service's recently launched top-end P3 instances, which are dedicated to artificial-intelligence applications. From a report: A mere 7 months after Volta was announced with the Tesla V100 accelerator and the GV100 GPU inside it, Nvidia continues its breakneck pace by releasing the GV100-powered Titan V, available for sale today. Aimed at a decidedly more compute-oriented market than ever before, the 815 mm2 behemoth die that is GV100 is now available to the broader public. [...] The Titan V, by extension, sees the Titan lineup finally switch loyalties and start using Nvidia's high-end compute-focused GPUs, in this case the Volta architecture based V100. The end result is that rather than being Nvidia's top prosumer card, the Titan V is decidedly more focused on compute, particularly due to the combination of the price tag and the unique feature set that comes from using the GV100 GPU. Which isn't to say that you can't do graphics on the card -- this is still very much a video card, outputs and all -- but Nvidia is first and foremost promoting it as a workstation-level AI compute card, and by extension focusing on the GV100 GPU's unique tensor cores and the massive neural networking performance advantages they offer over earlier Nvidia cards.
Businesses

Facebook Tops List of Best Places To Work -- Again (cnet.com) 102

From a report: If you work at Facebook, count yourself pretty lucky. And not just for the free meals, on-site health care or new-parent benefits. But those things probably factor into the social-networking giant being named the best place to work in 2018 by jobs site Glassdoor. And it's probably been a good experience for a while, seeing how this is the third year in a row Facebook has been atop Glassdoor's list of 100 best places to work. If you don't work at Facebook, there might still be hope for you. Glassdoor said there were 40 newcomers on this year's list, including video game maker Blizzard Entertainment (at No. 28 on the list) and wireless carrier T-Mobile (No. 79). There are also three veterans that have made the list every year since it was introduced 10 years ago, including management-consulting firm Bain & Company (No. 2), search giant Google (No. 5) and Apple (No. 84).
The Internet

PSA: Comcast Doesn't Really Support Net Neutrality (slate.com) 144

An anonymous reader quotes a report from Slate: Anyone who has ever paid a bill to or waited for customer service from Comcast knows why it is one of America's most detested companies, its recent efforts to improve its image notwithstanding. While Comcast says its customers will "enjoy strong net neutrality protections," it hasn't explicitly said it won't offer paid prioritization, which is how the company would most likely monetize its new ability to legally muck with internet traffic. In other words, Comcast might not choke or slow service to any website, but it could speed access to destinations that pay for the priority service. The company's promises should sound familiar. As Jon Brodkin pointed out in Ars Technica on Monday, back when the FCC was crafting the network neutrality rules in 2014, Comcast said it had no plans to enact paid prioritization, either. "We don't prioritize Internet traffic or have paid fast lanes, and have no plans to do so," a Comcast executive wrote in a blog post that year.

But Comcast's line has changed in an important way. In a comment to the FCC from earlier this year, the company said it is time for the FCC to adopt a "more flexible" approach to paid prioritization, and noted in a blog post at the time that the FCC should consider net neutrality principles that prevent "no anticompetitive paid prioritization." In other words, not necessarily all paid prioritization. The inclusion of "anti-competitive" could signal that the company does in fact hope to offer fast-lane service, but at the same price for all. And it might be a price that say, Fox News and the New York Times can afford, but one that smaller outlets can't. That Comcast's language is changing is one reason to distrust its promises regarding net neutrality, but its track record is an even bigger one. The company has been caught red-handed lying about its traffic discrimination in the past. In 2007, for example, when Comcast was found intermittently blocking users' ability to use BitTorrent, the company made numerous false claims about its network interference before finally admitting its bad behavior and halting the disruptions.

Networking

There's A Cluster of 750 Raspberry Pi's at Los Alamos National Lab (insidehpc.com) 128

Slashdot reader overheardinpdx shares a video from the SC17 supercomputing conference where Bruce Tulloch from BitScope "describes a low-cost Rasberry Pi cluster that Los Alamos National Lab is using to simulate large-scale supercomputers." Slashdot reader mspohr describes them as "five rack-mount Bitscope Cluster Modules, each with 150 Raspberry Pi boards with integrated network switches." With each of the 750 chips packing four cores, it offers a 3,000-core highly parallelizable platform that emulates an ARM-based supercomputer, allowing researchers to test development code without requiring a power-hungry machine at significant cost to the taxpayer. The full 750-node cluster, running 2-3 W per processor, runs at 1000W idle, 3000W at typical and 4000W at peak (with the switches) and is substantially cheaper, if also computationally a lot slower. After development using the Pi clusters, frameworks can then be ported to the larger scale supercomputers available at Los Alamos National Lab, such as Trinity and Crossroads.
BitScope's Tulloch points out the cluster is fully integrated with the network switching infrastructure at Los Alamos National Lab, and applauds the Raspberry Bi cluster as "affordable, scalable, highly parallel testbed for high-performance-computing system-software developers."
The Internet

Taking The Profit Out Of Killing 'Net Neutrality' (cringely.com) 257

Robert Cringely has a plan to ensure that internet providers will never profit from the end of net neutrality: We are being depended upon to act like sheep -- Internet browsing sheep, if such exist -- and without a plan that's exactly what we'll be. The key to my plan is that this is a rare instance where consumers are not alone. There are just as many or more huge companies that would prefer to keep Net Neutrality as those that oppose it... Those companies in favor of Net Neutrality obviously include the big streamers like Amazon, Hulu, Netflix, YouTube and a bunch of others. They also includes nearly every big Internet concern including Google, Facebook, Apple, and Microsoft. Those are some pretty big friends to have on your side -- our side...

So I suggest we all join ZeroTier (ZT), a thriving networking startup operating in Irvine, California. There are other companies like it but I just think ZeroTier is presently the best. ZeroTier is a very sophisticated Virtual Private Network (VPN) company that has created a Software Defined Network that goes beyond what normal VPNs are capable of. To your computer or almost any other networked device (even your smart phone), ZT looks like an Ethernet port, whether your device has Ethernet or not. Through that virtual Ethernet port you connect to a virtual IPv6 Local Area Network that's as big as the Internet itself, though the only users on this overlay network are ZT members.

The trick is to get all those big companies that are pro-Net Neutrality to join ZT. The most it will cost even Netflix is $750 per month, which is probably less than the company spends on salad bars in their Los Gatos HQ. Embracing ZT doesn't mean rejecting the regular Internet. Netflix can still be reached the old fashion way. I just want them to add a presence on ZT, too... What the ISPs won't like about this plan is that ZT traffic can't be read to determine what rules or pricing to apply. They could throttle it all down, but throttling that much traffic isn't really practical.

Privacy

How a Wi-Fi Pineapple Can Steal Your Data (And How To Protect Yourself From It) (vice.com) 46

An anonymous reader writes: The Wi-Fi Pineapple is a cheap modified wireless router enables anyone to execute sophisticated exploits on Wi-Fi networks with little to no networking expertise. A report in Motherboard explains how it can be used to run a Wall of Sheep and execute a man-in-the-middle attack, as well as how you can protect yourself from Pineapple exploits when you're connected to public Wi-Fi. "... it's important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to 'forget' that network. This way your device won't be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple," reports Motherboard. "Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the 'Manage Network' tab of the phone's settings. Another simple solution is to turn off your Wi-Fi functionality when you're not using it -- though that isn't as easy to do on some devices anymore -- and don't allow your device to connect to automatically connect to open Wi-Fi networks."
Businesses

HP Enterprise CEO Meg Whitman To Step Down (reuters.com) 101

Hewlett Packard Enterprise's Meg Whitman is stepping down as chief executive officer. Reuters reports: Whitman engineered the biggest breakup in corporate history during her 6 year tenure at the helm, creating HPE and PC-and-printer business HP Inc from parent Hewlett Packard Co in 2015. Whitman will be succeeded by the company's president, Antonio Neri, who takes over from Feb. 1. "Now is the right time for Antonio and a new generation of leaders to take the reins of HPE," Whitman said in a statement. Whitman, who will continue as a board member, had been steering the company towards areas such as networking, storage and technology services.
Security

'Lazy' Hackers Exploit Microsoft RDP To Install Ransomware (sophos.com) 72

An anonymous reader writes: An investigation by Sophos has uncovered a new, lazy but effective ransomware attack where hackers brute force passwords on computers with [Microsoft's] Remote Desktop Protocol enabled, use off-the-shelf privilege escalation exploits to make themselves admins, turn off security software and then manually run fusty old versions of ransomware.
They even delete the recovery files created by Windows Live backup -- and make sure they can also scramble the database. "Because they've used their sysadmin powers to rig the system to be as insecure as they can, they can often use older versions of ransomware, perhaps even variants that other crooks have given up on and that are now floating around the internet 'for free'."

Most of the attacks hit small-to-medium companies with 30 or fewer employees, since "with small scale comes a dependence on external IT suppliers or 'jack-of-all-trades' IT generalists trying to manage cybersecurity along with many other responsibilities. In one case a victim was attacked repeatedly, because of a weak password used by a third-party application that demanded 24-hour administrator access for its support staff."
Facebook

Facebook Open Sources Its Network Routing Platform Open/R (techcrunch.com) 28

Facebook will open source its modular network routing software Open/R, currently used in its backbone and data center networks, which "provides a platform to disseminate state across the network and allows new applications to be built on top of it." An anonymous reader quotes TechCrunch: Facebook obviously has unique scale needs when it comes to running a network. It has billions of users doing real-time messaging and streaming content at a constant clip. As with so many things, Facebook found that running the network traffic using traditional protocols had its limits and it needed a new way to route traffic that didn't rely on the protocols of the past, Omar Baldonado, Engineering Director at Facebook explained... While it was originally developed for Facebook's Terragraph wireless backhaul network, the company soon recognized it could work on other networks too including the Facebook network backbone, and even in the middle of Facebook network, he said. Given the company's extreme traffic requirements where the conditions were changing so rapidly and was at such scale, they needed a new way to route traffic on the network. "We wanted to find per application, the best path, taking into account dynamic traffic conditions throughout the network," Baldonado said.

But Facebook also recognized that it could only take this so far internally, and if they could work with partners and other network operators and hardware manufacturers, they could extend the capabilities of this tool. They are in fact working with other companies in this endeavor including Juniper and Arista networks, but by open sourcing the software, it allows developers to do things with it that Facebook might not have considered, and their engineering team finds that prospect both exciting and valuable.

"Most protocols were initially designed based on constrained hardware and software environment assumptions from decades ago," Facebook said in its announcement. "To continue delivering rich, real-time, and highly engaging user experiences over networks, it's important to accelerate innovation in the routing domain."
Encryption

How Cloudflare Uses Lava Lamps To Encrypt the Internet (zdnet.com) 110

YouTuber Tom Scott was invited to visit Cloudflare's San Francisco headquarters to check out the company's wall of lava lamps. These decorative novelty items -- while neat to look at -- serve a special purpose for the internet security company. Cloudflare takes pictures and video of the lava lamps to turn them into "a stream of random, unpredictable bytes," which is used to help create the keys that encrypt the traffic that flow through Cloudflare's network. ZDNet reports: Cloudflare is a DNS service which also offers distributed denial-of-service (DDoS) attack protection, security, free SSL, encryption, and domain name services. Cloudflare is known for providing good standards of encryption, but it seems the secret is out -- this reputation is built in part on lava lamps. Roughly 10 percent of the Internet's traffic passes through Cloudflare, and as the firm deals with so much encrypted traffic, many random numbers are required. According to Nick Sullivan, Cloudfare's head of cryptography, this is where the lava lamps shine. Instead of relying on code to generate these numbers for cryptographic purposes, the lava lamps and the random lights, swirling blobs and movements are recorded and photographs are taken. The information is then fed into a data center and Linux kernels which then seed random number generators used to create keys to encrypt traffic. "Every time you take a picture with a camera there's going to be some sort of static, some sort of noise," Sullivan said. "So it's not only just where the bubbles are flowing through the lava lamp; it is the state of the air, the ambient light -- every tiny change impacts the stream of data." Cloudflare also reportedly uses a "chaotic pendulum" in its London office to generate randomness, and in Singapore, they use a radioactive source.
Intel

MINIX: Intel's Hidden In-chip Operating System (zdnet.com) 271

Steven J. Vaughan-Nichols, writing for ZDNet: Matthew Garrett, the well-known Linux and security developer who works for Google, explained recently that, "Intel chipsets for some years have included a Management Engine [ME], a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT [Active Management Technology] is another piece of software running on the ME." [...] At a presentation at Embedded Linux Conference Europe, Ronald Minnich, a Google software engineer reported that systems using Intel chips that have AMT, are running MINIX. So, what's it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don't know exactly what version or how it's been modified since we don't have the source code. In addition, thanks to Minnich and his fellow researchers' work, MINIX is running on three separate x86 cores on modern chips. There, it's running: TCP/IP networking stacks (4 and 6), file systems, drivers (disk, net, USB, mouse), web servers. MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings. And, for even more fun, it "can implement self-modifying code that can persist across power cycles." So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in. How? MINIX can do all this because it runs at a fundamentally lower level. [...] According to Minnich, "there are big giant holes that people can drive exploits through." He continued, "Are you scared yet? If you're not scared yet, maybe I didn't explain it very well, because I sure am scared." Also read: Andrew S. Tanenbaum's (a professor of Computer Science at Vrije Universiteit) open letter to Intel.
Botnet

A Third of the Internet Experienced DoS Attacks in the Last Two Years (sciencedaily.com) 31

Long-time Slashdot reader doom writes: Over a two year period, a third of the IPv4 address space have experienced some sort of DoS attack, though the researchers who've ascertained this suspect this is an underestimate. This is from a story at Science Daily reporting on a study recently presented in London at the Internet Measurement Conference.

"As might be expected, more than a quarter of the targeted addresses in the study came in the United States, the nation with the most internet addresses in the world. Japan, with the third most internet addresses, ranks anywhere from 14th to 25th for the number of DoS attacks, indicating a relatively safe nation for DoS attacks..."

The study itself states, "On average, on a single day, about 3% of all Web sites were involved in attacks (i.e., by being hosted on targeted IP addresses)."

"Put another way," said the report's principal investigator, "during this recent two-year period under study, the internet was targeted by nearly 30,000 attacks per day."
Networking

PCIe 4.0 Specs Revealed: 16GTps Rate and Not Just For Graphics Cards Anymore (tomshardware.com) 62

Freshly Exhumed writes: PCI-SIG has released the specifications for version 4.0 of the PCIe (Peripheral Component Interconnect Express) bus, which, according to Chairman Al Yanes, promises data transfer rates of 16GTps, extended tags and credits for service devices, reduced system latency, lane margining, superior RAS capabilities, scalability for added lanes and bandwidth, improved I/O virtualization and platform integration. Tom's Hardware has posted a slide deck of the new version's specifications.
Open Source

30-Year-Old Operating System 'PC-MOS/386' Finally Open Sourced (github.com) 173

PC-MOS/386 "was a multi-user, computer multitasking operating system...announced at COMDEX in November 1986," remembers Wikipedia, saying it runs many MS-DOS titles (though it's optimized for the Intel 80386 processor).

Today Slashdot user Roeland Jansen writes: After some tracking, racing and other stuff...PC-MOS/386 v5.01 is open source under GPLv3. Back in May he'd posted to a virtualization site that "I still have the source tapes. I want(ed) to make it GPL and while I got an OK on it, I haven't had time nor managed to get it legalized. E.g. lift the NDA and be able to publish."

1987 magazine ads described it as "the gateway to the latest technology...and your networking future," and 30 years later its release on GitHub includes sources and executables. "In concert with Gary Robertson and Rod Roark it has been decided to place all under GPL v3."
Android

Failed Palo Alto Startup Pivots From Trying To Be an 'Android Killer' To Self-driving Tech (bizjournals.com) 71

A Palo Alto startup that stopped trying to be an "Android killer" last year after raising $185 million has apparently pivoted to developing autonomous vehicle technology. From a report: The company now known as Cyngn has changed its name from Cyanogen and recently got a permit to test its self-driving tech on California roads, according to a report Wednesday on Axios. It's being led by Lior Tal, the former chief operating officer who took over as CEO last fall when Kirt McMaster left. The rest of the startup's current team of about 30 people appear to have joined since the strategy shift, Axios reported, citing LinkedIn records. Some of them are former Facebook people, like Tal, and alumni of automakers who include Mercedes-Benz. No new funding has been disclosed for the reinvented company. It lists on its website investors who backed it before it pivoted, including Andreessen Horowitz, Benchmark Capital, Redpoint Ventures, Index Ventures, Qualcomm and Chinese social networking company Tencent. The company was the center of acquisition talk in 2014, when companies like Microsoft, Amazon, Samsung and Yahoo expressed interest in the company.

Slashdot Top Deals