Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
The Courts

Federal Court Overturns Ruling That NSA Metadata Collection Was Illegal 138

New submitter captnjohnny1618 writes: NPR is reporting that an appeals court has overturned the decision that found the NSA's bulk data collection to be illegal. "Judges for the District of Columbia court of appeals found that the man who brought the case, conservative lawyer Larry Klayman, could not prove that his particular cellphone records had been swept up in NSA dragnets." The article clarifies that due to the recent passage of new laws governing how metadata is collected, this is of less significance than it would have otherwise been: "If you remember, after a fierce battle, both houses of Congress voted in favor of a law that lets phone companies keep that database, but still allows the government to query it for specific data. The three-judge panel of the United States Court of Appeals for the District of Columbia still decided to take on the case, because that new program doesn't begin until 180 days after the date that law was enacted (June 2, 2015.)" On top of that, the injunction from the earlier ruling never actually went into effect. Still, it seems like an important ruling to me: a government agency was willfully and directly violating the rights of the Americans (and international citizens as well) and now it's just going to get shrugged off?
Your Rights Online

Analysis Reveals Almost No Real Women On Ashley Madison 440

gurps_npc writes: Ashley Madison claimed to have about 31 million men and 5.5 million woman enrolled. Those odds are not good for the men, 6:1. But unfortunately, most of those 'women' were fake. This researcher analyzed the data and found only 12,000 actual, real women using Ashley Madison. That means for every 7750 men, there were 3 women. There are reports that Ashley Madison paid people to create fake female profiles. Their website admits that 'some of the users may be there for "entertainment purposes."' The article itself is well written, including a description of the analysis. A charitable person would say that Ashley Madison was selling a fantasy, not reality. But a realist would say Ashley Madison is just a thief stealing money from lonely, unhappy men.
Software

Ask Slashdot: Maintaining Continuity In Your Creative Works? 95

imac.usr writes: I recently rewatched the Stonecutters episode of The Simpsons and laughed as always at the scene where Homer pulls into his parking space — right next to his house. It's such a great little comic moment. This time, though, it occurred to me that someone probably wrote in to complain that the power plant was normally in a completely different part of town, no doubt adding "I really hope somebody got fired for that blunder." And that got me to wondering: how do creators of serial media — books, web comics, TV shows, even movie serials — record their various continuities? Is there a story bible with the information, or a database of people/places/things, or even something scribbled on a 3x5 card. I know Slashdot is full of artists who must deal with this issue on a regular basis, so I'd be interested in hearing any perspectives on how (or even if) you manage it.
Canada

Extortionists Begin Targeting AshleyMadison Users, Demand Bitcoin 286

tsu doh nimh writes: It was bound to happen: Brian Krebs reports that extortionists have begun emailing people whose information is included in the leaked Ashleymadison.com user database, threatening to find and contact the target's spouse and alert them if the recipient fails to cough up 1 Bitcoin. Krebs interviews one guy who got such a demand, a user who admits to having had an affair after meeting a woman on the site and who is now worried about the fallout, which he said could endanger his happily married life with his wife and kids. Perhaps inevitable: two Canadian law firms have filed a class action lawsuit against the company, seeking more than half a billion dollars in damages.
Advertising

New Rules Say UK Video Bloggers Must Be Clearer About Paid Endorsements 36

AmiMoJo writes: New guidelines for video bloggers who enter marketing relationships with brands have been published. Earlier this year the Advertising Standards Authority (ASA) ruled that paid endorsements for Oreo biscuits on YouTube were not marked clearly enough. The new rules outline several scenarios where content must be clearly marked as an advertisement. One note from the linked article: However, the guidelines noted that when free items are sent to vloggers without any editorial or content control over videos exerted by the brand in question, there is no need for them to follow the Cap code.
Security

Hackers Publish Cheating Site's Stolen Data 319

pdclarry notes that many news outlets are reporting that 9.7 GB of data stolen from cheating website AshleyMadison.com has been published online. "The dump contains files with titles including 'aminno_member_dump.gz,' 'aminno_member_email.dump.gz,' 'CreditCardTransactions7z,' and 'member_details.dump.gz,' an indication that the download could contain highly personal details." Brian Krebs questioned the way this has been reported without confirmation, but added that he's been contacted by several people who found their own accurate details within the data dump. Many of the reports note this detail: "Assuming the download turns out to be authentic, people should remember that it was possible for anyone to create an account using the name and e-mail address of other individuals."
Government

Virginia Ditches 'America's Worst Voting Machines' 393

Geoffrey.landis writes: Computerized voting machines are bad news in general, but the WINVote machines used in Virginia might just have earned their reputation as the most insecure voting machine in America. They feature Wi-Fi that can't be turned off (protected, however, with a WEP password of "abcde"), an unencrypted database, and administrative access with a hardcoded password of "admin." According to security researcher Jeremy Epstein, if the machines weren't hacked in past elections, "it was because nobody tried." But with no paper trail, we'll never know.

Well, after ignoring the well-documented problems for over a decade, Virginia finally decided to decommission the machines... after the governor had problems with the machines last election and demanded an investigation. Quoting: "In total, the vulnerabilities investigators found were so severe and so trivial to exploit, Epstein noted that 'anyone with even a modicum of training could have succeeded' in hacking them. An attacker wouldn't have needed to be inside a polling place either to subvert an election... someone 'within a half mile with a rudimentary antenna built using a Pringles can could also have attacked them.'"
Security

One Petabyte of Data Exposed Via Insecure Big Data Systems 50

chicksdaddy writes: Behind every big data deployment is a range of supporting technologies like databases and memory caching systems that are used to store and analyze massive data sets at lightning speeds. A new report from security research firm Binaryedge suggests that many of the organizations using these powerful data storage and analysis tools are not taking adequate steps to secure them. The result is that more than a petabyte of stored data is accessible to anyone online with the knowledge of where and how to look for it.

In a blog post on Thursday, the firm reported the results of research that found close to 200,000 such systems that were publicly addressable. Binaryedge said it found 39,000 MongoDB servers that were publicly addressable and that "didn't have any type of authentication." In all, the exposed MongoDB systems contained more than 600 terabytes of data stored in databases with names like "local," "admin," and "db." Other platforms that were found to be publicly addressable and unsecured included the open source Redis key-value cache and store technology (35,000 publicly addressable instances holding 13TB of data) and 9,000 instances of ElasticSearch, a commonly used search engine based on Lucene, that exposed another 531 terabytes of data.
Oracle

Oracle Exec: Stop Sending Vulnerability Reports 229

florin writes: Oracle chief security officer Mary Ann Davidson published a most curious rant on the company's corporate blog yesterday, addressing and reprimanding some pesky customers that just will not stop bothering her. As Mary put it: "Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it." She goes on to describe how the company deals with such shameful activities, namely that "We send a letter to the sinning customer, and a different letter to the sinning consultant-acting-on-customer's behalf — reminding them of the terms of the Oracle license agreement that preclude reverse engineering, So Please Stop It Already."

Later on, in a section intended to highlight how great a job Oracle itself was doing at finding vulnerabilities, the CSO accidentally revealed that customers are in fact contributing a rather significant 1 out of every 10 vulnerabilities: "Ah, well, we find 87 percent of security vulnerabilities ourselves, security researchers find about 3 percent and the rest are found by customers." Unsurprisingly, this revealing insight into the company's regard for its customers was removed later. But not before being saved for posterity.
AI

Microsoft Creates an AI That Can Spot a Joke In a New Yorker Cartoon 66

An anonymous reader writes: For over a decade Bob Mankoff, the cartoon editor at the New Yorker, and his assistants have gone through 5,000 cartoon entries for the magazine's caption contest each week. Needless to say, the burnout rate of his assistants is quite high, "The process of looking at 5,000 caption entries a week usually destroys their mind in about two years, and then I get a new one," Mankoff says. But now thanks to a collaboration with Microsoft, Bob may finally have found the perfect helper. Researchers have been working on an artificial intelligence project to teach a computer what's funny. Fortune reports: "Dafna Shahaf, a researcher at Microsoft, used the database of cartoons to train the program to understand commonalities and differences in the millions of cartoons, which lets the AI run through the entries the New Yorker receives each week for its back-of-magazine cartoon caption contest. About 55.8% of the time the humans agree with the captions the AI selects, which is a pretty good percentage."
Businesses

Good Economy? Tech Layoffs Are Up 293

Nerval's Lobster writes: If you look at the broad numbers produced by the U.S. Bureau of Labor Statistics, the economy seems great, especially for the tech industry: The unemployment rate for tech pros currently stands at 2.1 percent, down from 2.3 percent in the first quarter. However, that dip isn't uniform for all sectors: The unemployment rate for Web developers climbed from 2.1 percent to 3.1 percent. Computer support specialists, network and systems administrators, computer & information systems managers, and database administrators also saw their respective unemployment rates rising slightly. Layoffs and discharges for the tech industry as a whole rose slightly in April and May (the latest months for which the BLS had numbers), to an average of 441,500 employees per month. That's higher than the first quarter, when layoffs and discharges averaged 424,300 per month. That's not to say we're on the verge of a collapse, bubble, or other economic shock, but it's definitely not great times for everybody.
Oracle

U.K. Government Seeking To End Reliance On Oracle 190

jfruh writes: The U.K. Cabinet Office has reportedly asked government departments and agencies to try to find ways to end their reliance on Oracle software, a move motivated by the truly shocking number of Oracle licenses currently being paid for by the British taxpayer. The Department for Environment, Food and Rural Affairs alone has paid £1.3 million (US$2 million) per year for some 2 million Oracle licenses, or about 200 licenses per staff member.
Databases

Oracle To Debut Low-Cost SPARC Chip Next Month 92

jfruh writes: Of the many things Oracle acquired when it absorbed Sun, the SPARC processors have not exactly been making headlines. But that may change next month when the company debuts a new, lower-cost chip that will compete with Intel's Xeon. "Debut," in this case, means only an introduction, though -- not a marketplace debut. From the article: [T]he Sparc M7 will have technologies for encryption acceleration and memory protection built into the chip. It will also include coprocessors to accelerate database performance. "The idea of Sonoma is to take exactly those same technologies and bring them down to very low cost points, so that people can use them in cloud computing and for smaller applications, and even for smaller companies who need a lower entry point," [Oracle head of systems John] Fowler said. ... [Fowler] didn’t talk about prices or say how much cheaper the new Sparc systems will be, and it could potentially be years before Sonoma comes to market—Oracle isn’t yet saying. Its engineers are due to discuss Sonoma at the Hot Chips conference in Silicon Valley at the end of the month, so we might learn more then.
China

What Federal Employees Really Need To Worry About After the Chinese Hack 123

HughPickens.com writes: Lisa Rein writes in the Washington Post that a new government review of what the Chinese hack of sensitive security clearance files of 21 million people means for national security is in — and some of the implications are quite grave. According to the Congressional Research Service, covert intelligence officers and their operations could be exposed and high-resolution fingerprints could be copied by criminals. Some suspect that the Chinese government may build a database of U.S. government employees that could help identify U.S. officials and their roles or that could help target individuals to gain access to additional systems or information. National security concerns include whether hackers could have obtained information that could help them identify clandestine and covert officers and operations (PDF).

CRS says that if the fingerprints in the background investigation files are of high enough quality, "depending on whose hands the fingerprints come into, they could be used for criminal or counterintelligence purposes." Fingerprints also could be trafficked on the black market for profit — or used to blow the covers of spies and other covert and clandestine officers, the research service found. And if they're compromised, fingerprints can't be reissued like a new credit card, the report says, making "recovery from the breach more challenging for some."
vivaoporto Also points out that these same hackers are believed to be responsible for hacking United Airlines.
Graphics

AMD Catalyst Linux Driver Performs Wildly Different Based On Program's Name 114

An anonymous reader writes: In past years the AMD Catalyst Linux driver has yielded better performance if naming the executable "doom3.x86" or "compiz" (among other choices), but these days this application profile concept is made more absurd with more games coming to Linux but AMD not maintaining well their Linux application profile database. The latest example is by getting ~40% better performance by renaming Counter-Strike: Global Offensive on Linux. If renaming the "csgo_linux" binary to "hl2_linux" for Half-Life 2 within Steam, the frame-rates suddenly increase across the board, this is with the latest Catalyst 15.7 Linux driver while CS:GO has been on Linux for nearly one year. Should driver developers re-evaluate their optimization practices for Linux?
Programming

MUMPS, the Programming Language For Healthcare 166

citadrianne writes: An ICU patient is monitored and assessed according to 12 different variables. These include such measurements as body temperature, heart rate, blood oxygenation, blood pH, and others. Together, they're used to formulate a quantitative answer to the question, "How bad is it, doc?" Many of these physiological signs are measured in real-time via electrodes and like a billion different varieties of catheter. Add to it barrages of lab tests done multiple times per day per patient and the need for 20 or so clinicians (per patient) to have access to all of this data, and the result is very a deep data problem. Multiply that data problem by hundreds of thousands of patients.

This is the fundamental problem that the programming language MUMPS (sometimes called just "M"), or the Massachusetts General Hospital Utility Multi-Programming System, aims to solve. To its proponents, MUMPS allows for a one of a kind synthesis of programming and database management, while to to its detractors, it's a bizarre anachronism with little connection to the evolution and innovation taking place elsewhere in programming. Probably to most people that do things with computers, MUMPS/M is poorly understood, at best, and more likely to be completely unknown.
The Media

Ask Slashdot: Which Expert Bloggers Do You Read? 203

An anonymous reader writes: The crush of news sites today is almost overwhelming. For true bits of news — bare facts and alerts that something has happened — it doesn't really matter which site you read it on. Some tiny, no-name website can tell me $company1 bought $company2 just as well as Reuters, CNN, or the NY Times. When it comes to opinion pieces and analysis, though, it's a different story. One of the generalist tech bloggers at the NY Times probably isn't going to have many worthwhile posts comparing database sorting algorithms or explaining the Cassini spacecraft's orbital path or providing soldering techniques for fixing a busted monitor. An example most of us are familiar with: Bruce Schneier generally provides good advice on security and encryption. So: what expert bloggers do you keep tabs on? I'm not looking for any particular posting frequency. This type of person I'm thinking of is probably not a journalist, and may not post very often at all — posting frequency matters far less than the signal-to-noise ratio. My goal is to build a big list of smart people who write interesting things — mainly for topics you'd expect to see on Slashdot, but I'm open to other subjects, as well.
The Internet

North America Runs Out of IPv4 Addresses 307

DW100 writes: The American Registry for Internet Numbers (ARIN) has been forced to reject a request for more IPv4 addresses for the first time as its stock of remaining address reaches exhaustion. The lack of IPv4 addresses has led to renewed calls for the take-up of IPv6 addresses in order to start embracing the next era of the internet.
Businesses

Exploring the Relationships Between Tech Skills (Visualization) 65

Nerval's Lobster writes: Simon Hughes, Dice's Chief Data Scientist, has put together an experimental visualization that explores how tech skills relate to one another. In the visualization, every circle or node represents a particular skill; colors designate communities that coalesce around skills. Try clicking "Java", for example, and notice how many other skills accompany it (a high-degree node, as graph theory would call it). As a popular skill, it appears to be present in many communities: Big Data, Oracle Database, System Administration, Automation/Testing, and (of course) Web and Software Development. You may or may not agree with some relationships, but keep in mind, it was all generated in an automatic way by computer code, untouched by a human. Building it started with Gephi, an open-source network analysis and visualization software package, by importing a pair-wise comma-separated list of skills and their similarity scores (as Simon describes in his article) and running a number of analyses: Force Atlas layout to draw a force-directed graph, Avg. Path Length to calculate the Betweenness Centrality that determines the size of a node, and finally Modularity to detect communities of skills (again, color-coded in the visualization). The graph was then exported as an XML graph file (GEXF) and converted to JSON format with two sets of elements: Nodes and Links. "We would love to hear your feedback and questions," Simon says.