Subscribe: Slashdot: DevelopersSearch Slashdot
http://developers.slashdot.org/developers.rss
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
aadhaar  add  algorithms  code  data  google  new  read story  read  report  slashdot  software  story slashdot  story  year 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Slashdot: DevelopersSearch Slashdot

Slashdot: DevelopersSearch Slashdot



News for nerds, stuff that mattersSearch Slashdot stories



Published: 2017-02-25T03:04:23+00:00

 



Security Lapse Exposed New York Airport's Critical Servers For a Year

2017-02-24T22:00:00+00:00

An anonymous reader quotes a report from ZDNet: A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found. The internet-connected storage drive contained several backup images of servers used by Stewart International Airport, but neither the backup drive nor the disk images were password protected, allowing anyone to access their contents. Since April last year, the airport had been inadvertently leaking its own highly-sensitive files as a result of the drive's misconfiguration. Vickery, who also posted an analysis of his findings, said the drive "was, in essence, acting as a public web server" because the airport was backing up unprotected copies of its systems to a Buffalo-branded drive, installed by a contract third-party IT specialist. When contacted Thursday, the contractor dismissed the claims and would not comment further. Though the listing still appears on Shodan, the search engine for unprotected devices and databases, the drive has since been secured. The files contained eleven disk images, accounting for hundreds of gigabytes of files and folders, which when mounted included dozens of airport staff email accounts, sensitive human resources files, interoffice memos, payroll data, and what appears to be a large financial tracking database. Many of the files we reviewed include "confidential" internal airport documents, which contain schematics and details of other core infrastructure.

Read more of this story at Slashdot.

(image)



Cloudflare Leaks Sensitive User Data Across the Web

2017-02-24T10:00:00+00:00

ShaunC writes: In a bug that's been christened "Cloudbleed," Cloudflare disclosed today that some of their products accidentally exposed private user information from a number of websites. Similar to 2014's Heartbleed, Cloudflare's problem involved a buffer overrun that allowed uninitialized memory contents to leak into normal web traffic. Tavis Ormandy, of Google's Project Zero, discovered the flaw last week. Affected sites include Uber, Fitbit, and OK Cupid, as well as unnamed services for hotel booking and password management. Cloudflare says the bug has been fixed, and Google has purged affected pages from its search index and cache. Further reading: The Register, Ars Technica

Read more of this story at Slashdot.

(image)



Microsoft Research Developing An AI To Put Coders Out of a Job

2017-02-23T13:00:00+00:00

jmcbain writes: Are you a software programmer who voted in a recent Slashdot poll that a robot/AI would never take your job? Unfortunately, you're wrong. Microsoft, in collaboration with the University of Cambridge, is developing such an AI. This software "can turn your descriptions into working code in seconds," reports MSPoweruser. "Called DeepCoder, the software can take requirements by the developer, search through a massive database of code snippets and deliver working code in seconds, a significant advance in the state of the art in program synthesis." New Scientist describes program synthesis as "creating new programs by piecing together lines of code taken from existing software -- just like a programmer might. Given a list of inputs and outputs for each code fragment, DeepCoder learned which pieces of code were needed to achieve the desired result overall." The original research paper can be read here.

Read more of this story at Slashdot.

(image)



PHP Becomes First Programming Language To Add 'Modern' Cryptography Library In Its Core

2017-02-21T22:00:00+00:00

An anonymous reader writes from a report via BleepingComputer: The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default. Developers approved a proposal with a vote of 37 to 0 and decided that Libsodium will be added to the upcoming PHP 7.2 release that will be launched towards the end of 2017. Scott Arciszewski, the cryptography expert who made the proposal, says that by supporting modern crypto in the PHP core, the PHP team will force the WordPress team to implement better security in its CMS, something they avoided until now. Additionally, it will allow PHP and CMS developers to add advanced cryptography features to their apps that run on shared hosting providers, where until now they weren't able to install custom PHP extensions to support modern cryptography. Other reasons on why he made the proposal are detailed here. Arciszewski also says that PHP is actually "the first" programming language to support a "modern" cryptography library in its core, despite Erlang and Go including similar libraries, which he claims are not as powerful and up-to-date as PHP's upcoming Libsodium implementation.

Read more of this story at Slashdot.

(image)



Slashdot Asks: Are Remote Software Teams More Productive?

2017-02-19T04:34:00+00:00

A recruiter with 20 years of experience recently reported on the research into whether remote software teams perform better. One study of 10,000 coding sessions concluded it takes 10-15 minutes for a programmer to resume work after an interruption. Another study actually suggests unsupervised workers are more productive, and the founders of the collaboration tool Basecamp argue the bigger danger is burnout when motivated employees overwork themselves. mikeatTB shares his favorite part of the article: One interesting take on the issues is raised by ThoughtWorks' Martin Fowler: Individuals are more productive in a co-located environment, but remote teams are often more productive than co-located teams. This is because a remote team has the advantage of hiring without geographic boundaries, and that enables employers to assemble world-class groups. The article shares some interesting anecdotes from remote workers, but I'd be interested to hear from Slashdot's readers. Leave your own experiences in the comments, and tell us what you think. Are remote software teams more productive?

Read more of this story at Slashdot.

(image)



Mozilla Will Deprecate XUL Add-ons Before the End of 2017

2017-02-17T16:40:00+00:00

Artem Tashkinov writes: Mozilla has published a plan of add-ons deprecation in future Firefox releases. Firefox 53 will run in multi process mode by default for all users with some exceptions. Most add ons will continue to function, however certain add ons have already ceased to function because they don't expect multi user mode under the hood. Firefox 54-56 will introduce even more changes which will ultimately break even more addons. Firefox 57, which will be preliminarily released on the 28th of Novermber, 2017, will only run WebExtensions: which means no XUL (overlay) add ons, no bootstrapped extensions, no SDK extensions and no Embedded WebExtensions. In other words by this date the chromification of Firefox will have been completed. If you depend on XUL add ons your only choice past this date will be Pale Moon.

Read more of this story at Slashdot.

(image)



Google Releases TensorFlow 1.0 With New Machine Learning Tools

2017-02-16T16:40:00+00:00

An anonymous reader shares a VentureBeat report: At Google's inaugural TensorFlow Dev Summit in Mountain View, California, today, Google announced the release of version 1.0 of its TensorFlow open source framework for deep learning, a trendy type of artificial intelligence. Google says the release is now production-ready by way of its application programing interface (API). But there are also new tools that will be part of the framework, which includes artificial neural networks that can be trained on data and can then make inferences about new data. Now there are more traditional machine learning tools, including K-means and support vector machines (SVMs), TensorFlow's engineering director, Rajat Monga, said at the conference. And there's an integration with the Python-based Keras library, which was originally meant to ease the use of the Theano deep learning framework. And there are now "canned estimators," or models, Monga said, including simple neural networks to start using quickly.

Read more of this story at Slashdot.

(image)



Apple Announces WWDC 2017, To Be Held in San Jose On June 5-9

2017-02-16T14:40:00+00:00

Apple said today it will kick off this year's Worldwide Developers Conference on June 5. Much like every year, the developer conference is the place where we can expect to see what's coming to iOS, macOS, watchOS, and tvOS later this year. This year, the event is being held in a different venue: the McEnery Convention Center in San Jose, the original home of WWDC. John Gruber, writing for DaringFireball: First, announcing early really helps people who have to travel long distances to attend, particularly those from outside the U.S. The San Jose Convention Center is the original home of WWDC -- that's where it was held from 1988 through 2002. (WWDC 2002 was the year Steve Jobs held a funeral for Mac OS 9 during the keynote.) San Jose is way closer to Apple headquarters. San Francisco is about an hour drive from 1 Infinite Loop. The San Jose Convention Center is only five minutes away from Apple's new campus. Schiller emphasized to me that this is a big deal: more Apple employees from more teams will be present, simply because they won't have to devote an entire day to being there. (This could be a particular boon to WWDC's developer labs, where attendees can get precious face time with Apple's engineers.)

Read more of this story at Slashdot.

(image)



JavaScript Attack Breaks ASLR On 22 CPU Architectures

2017-02-16T00:05:00+00:00

An anonymous reader quotes a report from BleepingComputer: Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. The attack, christened ASLRCache, or AnC, focuses on the memory management unit (MMU), a lesser known component of many CPU architectures, which is tasked with improving performance for cache management operations. What researchers discovered was that this component shares some of its cache with untrusted applications, including browsers. This meant that researchers could send malicious JavaScript that specifically targeted this shared memory space and attempted to read its content. In layman's terms, this means an AnC attack can break ASLR and allow the attacker to read portions of the computer's memory, which he could then use to launch more complex exploits and escalate access to the entire OS. Researchers have published two papers [1, 2] detailing the AnC attack, along with two videos[1, 2] showing the attack in action.

Read more of this story at Slashdot.

(image)



Google's Not-so-secret New OS

2017-02-15T15:20:00+00:00

According to reports late last year, Google is working on a new operating system called Andromeda. Much about it is still unknown, but according to the documentations Google has provided on its website, it's clear that the Fuchsia is the actual name of the operating system, and the kernel is called Magenta. A tech enthusiast dug around the documentations to share the followings: To my naive eyes, rather than saying Chrome OS is being merged into Android, it looks more like Android and Chrome OS are both being merged into Fuchsia. It's worth noting that these operating systems had previously already begun to merge together to an extent, such as when the Android team worked with the Chrome OS team in order to bring Update Engine to Nougat, which introduced A/B updates to the platform. Google is unsurprisingly bringing up Andromeda on a number of platforms, including the humble Intel NUC. ARM, x86, and MIPS bring-up is exactly what you would expect for an Android successor, and it also seems clear that this platform will run on Intel laptops. My best guess is that Android as an API and runtime will live on as a legacy environment within Andromeda. That's not to say that all development of Android would immediately stop, which seems extremely unlikely. But Google can't push two UI APIs as equal app frameworks over the long term: Mojo is clearly the future. Ah, but what is Mojo? Well it's the new API for writing Andromeda apps, and it comes from Chromium. Mojo was originally created to "extract a common platform out of Chrome's renderer and plugin processes that can support multiple types of sandboxed content."

Read more of this story at Slashdot.

(image)



How Algorithms May Affect You

2017-02-15T03:30:00+00:00

New submitter Muckluck shares an excerpt from a report via Phys.Org that provides "an interesting look at how algorithms may be shaping your life": When you browse online for a new pair of shoes, pick a movie to stream on Netflix or apply for a car loan, an algorithm likely has its word to say on the outcome. The complex mathematical formulas are playing a growing role in all walks of life: from detecting skin cancers to suggesting new Facebook friends, deciding who gets a job, how police resources are deployed, who gets insurance at what cost, or who is on a "no fly" list. Algorithms are being used -- experimentally -- to write news articles from raw data, while Donald Trump's presidential campaign was helped by behavioral marketers who used an algorithm to locate the highest concentrations of "persuadable voters." But while such automated tools can inject a measure of objectivity into erstwhile subjective decisions, fears are rising over the lack of transparency algorithms can entail, with pressure growing to apply standards of ethics or "accountability." Data scientist Cathy O'Neil cautions about "blindly trusting" formulas to determine a fair outcome. "Algorithms are not inherently fair, because the person who builds the model defines success," she said. Phys.Org cites O'Neil's 2016 book, "Weapons of Math Destruction," which provides some "troubling examples in the United States" of "nefarious" algorithms. "Her findings were echoed in a White House report last year warning that algorithmic systems 'are not infallible -- they rely on the imperfect inputs, logic, probability, and people who design them,'" reports Phys.Org. "The report noted that data systems can ideally help weed out human bias but warned against algorithms 'systematically disadvantaging certain groups.'"

Read more of this story at Slashdot.

(image)



Is IoT a Reason To Learn C?

2017-02-15T01:00:00+00:00

itwbennett writes: Whether or not beginning programmers should learn C is a question that has been roundly debated on Slashdot and elsewhere. The general consensus seems to be that learning it will make you a better programmer -- and it looks good on your resume. But now there might be another reason to learn C: the rapid growth of the internet of things (IoT) could cause a spike in demand for C skills, according to Gartner analyst Mark Driver. "For traditional workloads there is no need to be counting the bytes like there used to be. But when it comes to IoT applications there is that need once again..."

Read more of this story at Slashdot.

(image)



AI Software Juggles Probabilities To Learn From Less Data

2017-02-14T22:40:00+00:00

moon_unit2 quotes a report from MIT Technology Review: You can, for instance, train a deep-learning algorithm to recognize a cat with a cat-fancier's level of expertise, but you'll need to feed it tens or even hundreds of thousands of images of felines, capturing a huge amount of variation in size, shape, texture, lighting, and orientation. It would be lot more efficient if, a bit like a person, an algorithm could develop an idea about what makes a cat a cat from fewer examples. A Boston-based startup called Gamalon has developed technology that lets computers do this in some situations, and it is releasing two products Tuesday based on the approach. Gamalon uses a technique that it calls Bayesian program synthesis to build algorithms capable of learning from fewer examples. Bayesian probability, named after the 18th century mathematician Thomas Bayes, provides a mathematical framework for refining predictions about the world based on experience. Gamalon's system uses probabilistic programming -- or code that deals in probabilities rather than specific variables -- to build a predictive model that explains a particular data set. From just a few examples, a probabilistic program can determine, for instance, that it's highly probable that cats have ears, whiskers, and tails. As further examples are provided, the code behind the model is rewritten, and the probabilities tweaked. This provides an efficient way to learn the salient knowledge from the data.

Read more of this story at Slashdot.

(image)



Story Of a Country Which Has Built a Centralized Biometrics Database Of 1.1B People But Appears To Be Mishandling It Now

2017-02-14T14:00:00+00:00

In a bid to get more Indians to have a birth certificate or any sort of ID card, India announced Aadhaar project in 2009. At the time, there were more Indians without these ID cards than those with. As a result of this, much of the government funding for the citizens were disappearing before they could see them. But according to several security experts, lawyers, politicians and journalists, the government is using poor security practices, and this is exposing the biometrics data -- photo, name, address, fingerprint, iris info -- of people at risk. More than 1.1 billion people -- and 99 percent of all adults -- in India have enrolled themselves to the system. From a report: "There are two fundamental flaws in Aadhaar: it is poorly designed, and it is being poorly verified," Member of Parliament and privacy advocate, Rajeev Chandrasekhar told Mashable India. Another issue with Aadhaar is, Chandrasekhar explains, there is no firm legislation to safeguard the privacy and rights of the billion people who have enrolled into the system. There's little a person whose Aadhaar data has been compromised could do. [...] "Aadhaar is remote, covert, and non-consensual," he told Mashable India, adding the existence of a central database of any kind, but especially in the context of the Aadhaar, and at the scale it is working is appalling. Abraham said fingerprint and iris data of a person can be stolen with little effort -- a "gummy bear" which sells for a few cents, can store one's fingerprint, while a high-resolution camera can capture one's iris data. The report goes on to say that the Indian government is also not telling how the data is being shared with private companies. Experts cited in the story have expressed concerns that those companies (some of which are run by people who were previously members of the team which designed the framework of Aadhaar) can store and create a parallel database of their own. On top of that, the government is making Aadhaar mandatory for availing several things including registration for nation-wide examinations, but in the beginning it promised Aadhaar will be used only to help poor get grocery at subsidized prices. Read more of this story at Slashdot.[...]



H-1Bs Reduced Computer Programmer Employment By Up To 11%, Study Finds

2017-02-14T00:45:00+00:00

An anonymous reader quotes a report from MarketWatch: There would have been up to 11% more computer science jobs at wages up to 5% higher were it not for the immigration program that brings in foreign high-skilled employees, a new study finds. The paper -- by John Bound and Nicolas Morales of the University of Michigan and Gaurav Khanna of the University of California, San Diego -- was conducted by studying the economy between 1994 and 2001, during the internet boom. It was also a period where the recruitment of so-called H-1B labor was at or close to the cap and largely before the onset of the vibrant IT sector in India. In 2001, the number of U.S. computer scientists was between 6.1%-10.8% lower and wages were between 2.6% and 5.1% lower. Of course, there also were beneficiaries -- namely consumers and employers. Immigration lowered prices by between 1.9% and 2.4%, and profits increased as did the total number of IT firms.

Read more of this story at Slashdot.

(image)