Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Education

The 32-Bit Dog Ate 16 Million Kids' CS Homework (code.org) 20

"Any student progress from 9:19 to 10:33 a.m. on Friday was not saved..." explained the embarrassed CTO of the educational non-profit Code.org, "and unfortunately cannot be recovered." Slashdot reader theodp writes: Code.org CTO Jeremy Stone gave the kids an impromptu lesson on the powers of two with his explanation of why The Cloud ate their homework. "The way we store student coding activity is in a table that until today had a 32-bit index... The database table could only store 4 billion rows of coding activity information [and] we didn't realize we were running up to the limit, and the table got full. We have now made a new student activity table that is storing progress by students. With the new table, we are switching to a 64-bit index which will hold up to 18 quintillion rows of information.
The issue also took the site offline, temporarily making the work of 16 million K-12 students who have used the nonprofit's Code Studio disappear. "On the plus side, this new table will be able to store student coding information for millions of years," explains the site's CTO. But besides Friday's missing saves, "On the down side, until we've moved everything over to the new table, some students' code from before today may temporarily not appear, so please be patient with us as we fix it."
Medicine

Tiny New Robots Perform Eye Surgery (technologyreview.com) 29

A tiny new Robotic Retinal Dissection Device -- nicknamed "R2D2" -- can crawl into an incision in the eye and lift a membrane no more than a hundredth of a millimeter. "The cables that enable the robot to navigate are each 110 microns across, a little over the diameter of a human hair," reports the MIT Technology Review. The robot is controlled by a joystick (while providing a live camera feed to the ophthalmologist). In September an Oxford professor used it to perform the first operation inside the human eye, and since then five more patients have undergone robot-assisted operations at an Oxford hospital. In one procedure, a gene-therapy virus that stops retinal degeneration "was planted on the retina itself, a procedure only made possible by R2D2's unprecedented precision."
Robotic surgery is already happening. The article points out that Da Vinci, an elephant-sized surgical robot that repairs heart valves, "has operated on more than three million patients around the world." But the Oxford professor believes these tiny eye robots "will open the door to new operations for which the human hand does not have the necessary control and precision."
Bug

Army Bug Bounty Researcher Compromises US Defense Department's Internal Network (threatpost.com) 21

Thursday the U.S. Army shared some surprising results from its first bug bounty program -- a three-week trial in which they invite 371 security researchers "trained in figuring out how to break into computer networks they're not supposed to." An anonymous reader quotes Threatpost: The Army said it received more than 400 bug reports, 118 of which were unique and actionable. Participants who found and reported unique bugs that were fixed were paid upwards of $100,000... The Army also shared high-level details on one issue that was uncovered through the bounty by a researcher who discovered that two vulnerabilities on the goarmy.com website could be chained together to access, without authentication, an internal Department of Defense website.

"They got there through an open proxy, meaning the routing wasn't shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system," said a post published on HackerOne, which managed the two bounty programs on its platform. "On its own, neither vulnerability is particularly interesting, but when you pair them together, it's actually very serious."

United States

Is The Tech Industry Driving Families Out of San Francisco? (nytimes.com) 151

Why does San Francisco now have fewer children per capita than any of America's largest 100 cities? An anonymous reader writes: A move to the suburbs began in the 1970s, but "The tech boom now reinforces the notion that San Francisco is a place for the young, single and rich," according to the New York Times. "When we imagine having kids, we think of somewhere else," one software engineer tells the paper. The article describes "neighborhoods where employees of Google, Twitter and so many other technology companies live or work" where the sidewalks make it seem "as if life started at 22 and ended somewhere around 40."

Or is San Francisco just part of a larger trend? "California, which has one of the world's 10 largest economies, recently released data showing the lowest birthrate since the Great Depression. And the Los Angeles Times argues California's experience may just be following national trends. The drop "likely stems from the recession, a drop in teenage pregnancies and an increase in people attending college and taking longer to graduate, therefore putting off having children, said Walter Schwarm, a demographer at the Department of Finance."

So is this part of a larger trend -- or something unique about San Francisco? The New York Times also quotes Richard Florida, author of The Rise of the Creative Class, who believes technology workers are putting off families when they move to the Silicon Valley area because they anticipate long working hours. There's also complaints about San Francisco's public school system -- 30% of its children now attend private schools, the highest percentage of any large American city. But according to the article, Peter Thiel believes that San Francisco is just "structurally hostile to families."
Australia

Humans, Not Climate Change, Wiped Out Australian Megafauna (phys.org) 63

"New evidence involving the ancient poop of some of the huge and astonishing creatures that once roamed Australia indicates the primary cause of their extinction around 45,000 years ago was likely a result of humans, not climate change," reports Phys.org. schwit1 quotes their report on new analysis of a prehistoric sediment core from the Indian Ocean off the coast of Australia. The core contains chronological layers of material blown and washed into the ocean, including dust, pollen, ash and spores from a fungus called Sporormiella that thrived on the dung of plant-eating mammals, said CU Boulder Professor Gifford Miller, who participated in the study... Fungal spores from plant-eating mammal dung were abundant in the sediment core layers from 150,000 years ago to about 45,000 years ago, when they went into a nosedive, said Miller... "The abundance of these spores is good evidence for a lot of large mammals on the southwestern Australian landscape up until about 45,000 years ago," he said. "Then, in a window of time lasting just a few thousand years, the megafauna population collapsed."

The Australian collection of megafauna some 50,000 years ago included 1,000-pound kangaroos, 2-ton wombats, 25-foot-long lizards, 400-pound flightless birds, 300-pound marsupial lions and Volkswagen-sized tortoises. More than 85 percent of Australia's mammals, birds and reptiles weighing over 100 pounds went extinct shortly after the arrival of the first humans, said Miller... "There is no evidence of significant climate change during the time of the megafauna extinction."

The article adds that last year Miller also identified the first direct evidence that humans preyed on Australian megafauna -- burned eggshells from a 400-pound bird.
NASA

NASA Names an Asteroid After 'Star Trek' Actor Wil Wheaton (cnet.com) 69

"An asteroid going boldly through the universe now carries a new name that honors actor Will Wheaton, who played Wesley Crusher on Star Trek: The Next Generation," reports CNET. An anonymous reader quotes their article. The announcement showed up on Twitter Wednesday from NASA's Ron Baalke, who describes himself as a "space explorer at the Jet Propulsion Laboratory". Wheaton is in good company with other Star Trek alumni. Asteroid 7307 Takei is named for Sulu actor George Takei and 68410 Nichols gets its name from Nichelle Nichols, who played Uhura. There's also asteroid 4659 Roddenberry for Star Trek creator Gene Roddenberry.
"Today, I found out that I kind of get to be in space and live right here on Earth..." Wheaton wrote on his blog Wednesday, describing his life-long interest in space exploration. "As soon as it gets dark here, I'm going to walk out into my backyard, look up into the sky, just a little above Sirius, and know that, even though I can't see it with my naked eye, it's out there, and it's named after me."
AI

An AI Is Finally Trouncing The World's Best Poker Players (cmu.edu) 115

Halfway through the "Brains vs. AI" poker competition, an AI named Libratus is trouncing its human opponents, who are four of the world's top professional players. One of the pros, Jimmy Chou, said he and his colleagues initially underestimated Libratus, but have come to regard it as one tough player. "The bot gets better and better every day," Chou said. "It's like a tougher version of us"... Chou said he and the other pros have shared notes and tips each day, looking for weaknesses they can each exploit. "The first couple of days, we had high hopes," Chou said. "But every time we find a weakness, it learns from us and the weakness disappears the next day."
By Saturday, the AI had amassed a lead of $693,531 after 56,732 hands in the 120,000-hand match (which is being livestreamed by the Rivers Casino on Twitch). "I'm feeling good," said Tuomas Sandholm, the computer science professor at Carnegie Mellon who co-created the AI. "The algorithms are performing great. They're better at solving strategy ahead of time, better at driving strategy during play and better at improving strategy on the fly."
Crime

Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) 242

An anonymous reader quotes Hot Hardware: Stu Gale, who just so happens to be a computer security expert, had the misfortune of having his laptop stolen from his car overnight. However, Gale did have remote software installed on the device which allowed him to track whenever it came online. So, he was quite delighted to see that a notification popped up on one of his other machines alerting him that his stolen laptop was active. Gale took the opportunity to remote into the laptop, only to find that the not-too-bright thief was using his laptop to login to her Facebook account.

The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.

In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow.

Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."
Open Source

Free Software Foundation Shakes Up Its List of Priority Projects (networkworld.com) 78

alphadogg quotes Network World: The Free Software Foundation Tuesday announced a major rethinking of the software projects that it supports, putting top priority on a free mobile operating system, accessibility, and driver development, among other areas. The foundation has maintained the High Priority Projects list since 2005, when it contained just four free software projects. [That rose to 12 projects by 2008, though the changelog shows at least seven projects have since been removed.] Today's version mostly identifies priority areas, along with a few specific projects in key areas.
The new list shows the FSF will continue financially supporting Replicant, their free version of Android, and they're also still supporting projects to create a free software replacement for Skype with real-time voice and video capabilities. But they're now also prioritizing various projects to replace Siri, Google Now, Alexa, and Cortana with a free-software personal assistant, which they view as "crucial to preserving users' control over their technology and data while still giving them the benefits such software has for many."

And other priorities now include internationalization, accessibility, decentralization and self-hosting, and encouraging governments to adopt free software.
Programming

Knuth Previews New Math Section For 'The Art of Computer Programming' (stanford.edu) 141

In 1962, 24-year-old Donald Knuth began writing The Art of Computer Programming -- and 55 years later, he's still working on it. An anonymous reader quotes Knuth's web site at Stanford: Volume 4B will begin with a special section called 'Mathematical Preliminaries Redux', which extends the 'Mathematical Preliminaries' of Section 1.2 in Volume 1 to things that I didn't know about in the 1960s. Most of this new material deals with probabilities and expectations of random events; there's also an introduction to the theory of martingales.

You can have a sneak preview by looking at the current draft of pre-fascicle 5a (52 pages), last updated 18 January 2017. As usual, rewards will be given to whoever is first to find and report errors or to make valuable suggestions. I'm particularly interested in receiving feedback about the exercises (of which there are 125) and their answers (of which there are 125).

Over the years Knuth gave out over $20,000 in rewards, though most people didn't cash his highly-coveted "hexadecimal checks", and in 2008 Knuth switched to honorary "hexadecimal certificates". In 2014 Knuth complained about the "dumbing down" of computer science history, and his standards remain high. In his most-recent update, 79-year-old Knuth reminds readers that "There's stuff in here that isn't in Wikipedia yet!"
Power

New Wyoming Bill Penalizes Utilities Using Renewable Energy (csmonitor.com) 384

An anonymous reader quotes a Christian Science Monitor report on "a bill that would essentially ban large-scale renewable energy" in Wyoming. The new Wyoming bill would forbid utilities from using solar or wind sources for their electricity by 2019, according to Inside Climate News... The bill would require utilities to use "eligible resources" to meet 95 percent of Wyoming's electricity needs in 2018, and all of its electricity needs in 2019. Those "eligible resources" are defined solely as coal, hydroelectric, natural gas, nuclear, oil, and individual net metering... Utility-scale wind and solar farms are not included in the bill's list of "eligible resources," making it illegal for Wyoming utilities to use them in any way if the legislation passes. The bill calls for a fine of $10 per megawatt-hour of electricity from a renewable source to be slapped on Wyoming utilities that provide power from unapproved sources to in-state customers.
The bill also prohibits utilities from raising rates to cover the cost of those penalties, though utilities wouldn't be penalized if they exported that energy to other states. But one local activist described it as 'talking-point' legislation, and even the bill's sponsor gives it only a 50% chance of passing.
Firefox

The SHA-1 End Times Have Arrived (threatpost.com) 42

"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain." Threatpost reports: Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"...

Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant.
The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and Cloudflare
Open Source

Raspberry Pi Gets Competitors (hackaday.com) 98

Hackaday reports that Asus has "quietly released their Tinker board that follows the Pi form factor very closely, and packs a 1.8 GHz quad-core ARM Cortes A17 alongside an impressive spec At £55 (about $68) where this is being written it's more expensive than the Pi, but Asus go to great lengths to demonstrate that it is significantly faster."

And though the Raspberry Pi foundation upgraded their Compute Module, Pine64 has just unveiled their new SOPINE A64 64-bit computing module, a smaller version of the $15 Pine64 computer. An anonymous reader quotes ComputerWorld: At $29, the SOPINE A64 roughly matches the price of the Raspberry Pi Compute Module 3, which ranges from $25 to $30. The new SOPINE will ship in February, according to the website. The SOPINE A64 can't operate as a standalone computer like the Pine64. It needs to be plugged in as a memory slot inside a computer. But if you want a full-blown computer, Pine64 also sells the $15 SOPINE Baseboard Model-A, which "complements the SOPINE A64 Compute Module and turns it into a full single board computer," according to the company...

The original Pine64 was crowdsourced and also became popular for its high-end components like a 64-bit chip and DDR3 memory... It has 2GB RAM, which is twice that of Raspberry Pi's compute module. SOPINE also has faster DDR3 memory, superior to DDR2 memory in Raspberry Pi Compute Module 3 board.

AI

Newest Tesla Autopilot Data Shows A 40% Drop in Crashes (bloomberg.com) 139

There's a surprise in the data from an investigation into Tesla safety by the U.S. National Highway Traffic Safety Administration. An anonymous reader quotes Bloomberg: [W]hile all Tesla vehicles come with the hardware necessary for Autopilot, you need a software upgrade that costs thousands of dollars to make it work. Since buyers can add Autopilot features after purchase, this provides a perfect before-and-after comparison. It turns out that, according to the data Tesla gave investigators, installing Autopilot prevents crashes -- by an astonishing 40 percent...

Now -- thanks to an investigation that initially hurt the company -- there is finally some real data, and it's good news for Tesla... As the software matures to match the new hardware, Musk said on Thursday via a Tweet, Tesla is targeting a 90 percent reduction in car crashes.

Java

Oracle to Block JAR Files Signed with MD5 Starting In April (bleepingcomputer.com) 54

An anonymous reader quotes BleepingComputer: Oracle says that starting with April 18, 2017, Java (JRE) will treat all JAR files signed with the MD5 algorithm as unsigned, meaning they'll be considered insecure and blocked from running. Oracle originally planned MD5's deprecation for the current Critical Patch Update, released this week, which included a whopping 270 security fixes, one of the biggest security updates to date. The company decided to give developers and companies more time to prepare and delayed MD5's deprecation for the release of Oracle Java SE 8u131 and the next Java CPU, scheduled for release in April...

Oracle removed MD5 as a default code signing option from Java SE 6, released in 2006. Despite this, there will be thousands of Java apps that will never be resigned. For this, Oracle will allow system administrators to set up custom deployment rule sets and exception site lists to allow Java applets and Java Web Start applications signed with MD5 to run. Sometimes in the second half of 2017, Oracle also plans to change the minimum key length for Diffie-Hellman algorithms to 1024 bits. These updates are part of Oracle's long-standing plan for changes to the security algorithms in the Oracle Java Runtime Environment and Java SE Development Kit.

Security

Pwn2Own 2017 Offers Big Bounties For Linux, Browser, and Apache Exploits (eweek.com) 46

Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March. Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:
  • $100,000 for escaping a virtualization hypervisor
  • $80,000 for a Microsoft Edge or Google Chrome exploit
  • $50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint
  • $50,000 for an Apple Safari exploit
  • $30,000 for a Firefox exploit
  • $30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)
  • $200,000 for an Apache Web Server exploit

Power

Are Squirrels A Bigger Threat To Our Critical Infrastructure? (bbc.com) 135

"The real threat to global critical infrastructure is not enemy states or organizations but squirrels, according to one security expert." Long-time Slashdot reader randomErr quotes the BBC. Cris Thomas has been tracking power cuts caused by animals since 2013... His Cyber Squirrel 1 project was set up to counteract what he called the "ludicrousness of cyber-war claims by people at high levels in government and industry", he told the audience at the Shmoocon security conference in Washington. Squirrels topped the list with 879 "attacks", followed by birds with 434 attacks and then snakes at 83 attacks.
Those three animals -- along with rats -- have caused 1,700 different power cuts affecting nearly 5,000,000 people .
Google

Google Pressured 90,000 Android Developers Over Insecure Apps (pcworld.com) 48

An anonymous reader quotes PCWorld: Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps...

In the early days of the App Security Improvement program, developers only received notifications, but were under no pressure to do anything. That changed in 2015 when Google expanded the types of issues it scanned for and also started enforcing deadlines for fixing many of them... Google added checks for six new vulnerabilities in 2015, all of them with a patching deadline, and 17 in 2016, 12 of which had a time limit for fixes. These issues ranged from security flaws in third-party libraries, development frameworks and advertising SDKs to insecure implementations of Android Java classes and interfaces.

100,000 applications had been patched by April of 2016, but that number tripled over the next nine months, with 90,000 developers fixing flaws in over 275,000 apps.
Cellphones

FTC Dismantles Two Huge Robocall Organizations (onthewire.io) 114

Billions of robocalls came from two groups selling extended auto warranties, SEO services, and home security systems over the last seven years -- many to numbers on the "Do Not Call" list -- but this week the Federal Trade Commission took action. Trailrunner7 shares this report from OnTheWire: Continuing its campaign against phone fraud operations, the FTC has dismantled two major robocall organizations... They and many of their co-defendants have agreed to court-ordered bans on robocall activities and financial settlements... The FTC and the FCC both have been cracking down on illegal robocall operations recently. The FCC has formed a robocall strike force with the help of carriers and also has signed an agreement to cooperate with Canadian authorities to address the problem.
"The law is clear about robocalls," says one FTC executive. "If a telemarketer doesn't have consumers' written permission, it's illegal to make these calls."
Programming

New Release Of Nim Borrows From Python, Rust, Go, and Lisp (fossbytes.com) 181

An anonymous reader writes: "Nim compiles and runs fast, delivers tiny executables on several platforms, and borrows great ideas from numerous other languages," according to InfoWorld. After six years, they write, Nim is finally "making a case as a mix of the best of many worlds: The compilation speed and cross-platform targeting of Go, the safe-by-default behaviors of Rust, the readability and ease of development of Python, and even the metaprogramming facilities of the Lisp family..."

Fossbytes adds that Nim's syntax "might remind you of Python as it uses indented code blocks and similar syntax at some occasions. Just like Rust and Go, it uses strong types and first class functions... Talking about the benchmarks, it's comparable to C. Nim compiler produces C code by default. With the help of different compiler back-ends, one can also get JavaScript, C++, or Objective-C.

There's an improved output system in the newest release, and both its compiler and library are MIT licensed. Share your thoughts and opinions in the comments. Is anybody excited about writing code in Nim?

Slashdot Top Deals