Earth

Russia Detects a Significant Radiation Spike In Mountains Close To Soviet-Era Nuclear Plant (nytimes.com) 118

According to a report via The New York Times, Russia said that it had detected a significant radiation spike in the Ural Mountains, close to a sprawling Soviet-era nuclear plant still remembered as the site of an accident 60 years ago. Russia did however reject suggestions that it was the source of a radioactive cloud that hovered over Europe. From the report: The location of the spike -- in the Chelyabinsk region near the border with Kazakhstan -- has been identified by French and German nuclear safety institutions as a potential source for a concentration of a radioactive isotope called ruthenium 106 detected in the air in late September above several European countries. But nuclear energy authorities in Moscow insisted Monday that still-higher levels of atmospheric contamination had been detected outside Russia, in southeastern Europe. Reports of the elevated radiation levels over Western Europe raised alarms, but nuclear safety authorities in France and Germany said there was no threat to human health or to the environment -- an assurance repeated on Tuesday by Moscow. The Russian state weather service Roshydromet said it had found what the Russian news media described as "extremely high pollution" at two monitoring facilities within a 62-mile radius of the Mayak nuclear reprocessing and isotope production plant. A weather station in the town of Argayash recorded ruthenium 106 levels that were 986 times higher than a month earlier, the state weather agency said. A second station at Novogorny detected levels 440 times higher. Ruthenium 106, which does not occur naturally and has a half-life of about a year, is used for medical purposes.

For weeks, Russian officials had denied the French and German accusations. Citing the results of its own air monitoring on European territory, Moscow pointed to high radiation levels over Romania, Italy and Ukraine, insisting that there had been only a negligible presence of ruthenium 106 on Russian territory. On Tuesday, even after the Russian agency acknowledged the radiation spike in the Urals, Maxim Yakovenko, the head of Roshydromet, said in a statement that higher levels of contamination had been detected in Romania than in Russia. "The published data is not sufficient to establish the location of the pollution source," he said. The authorities at Mayak denied in a news release on Tuesday that the plant had contributed to the increased levels of ruthenium 106 and insisted that there was no threat to human beings.

Graphics

Google Cloud Platform Cuts the Price of GPUs By Up To 36 Percent (techcrunch.com) 28

In a blog post, Google's Product Manager, Chris Kleban, announced that the company is cutting the price of using Nvidia's Tesla GPUs through its Compute Engine by up to 36 percent. The older K80 GPUs will now cost $0.45 per hour while the more powerful P100 machines will cost $1.46 per minute (all with per-second billing). TechCrunch reports: The company is also dropping the prices for preemptible local SSDs by almost 40 percent. "Preemptible local SSDs" refers to local SSDs attached to Google's preemptible VMs. You can't attach GPUs to preemptible instances, though, so this is a nice little bonus announcement -- but it isn't going to directly benefit GPU users. As for the new GPU pricing, it's clear that Google is aiming this feature at developers who want to run their own machine learning workloads on its cloud, though there also are a number of other applications -- including physical simulations and molecular modeling -- that greatly benefit from the hundreds of cores that are now available on these GPUs. The P100, which is officially still in beta on the Google Cloud Platform, features 3594 cores, for example. Developers can attach up to four P100 and eight K80 dies to each instance. Like regular VMs, GPU users will also receive sustained-use discounts, though most users probably don't keep their GPUs running for a full month.
Cloud

Amazon Launches a Cloud Service For US Intelligence Agencies (cnbc.com) 55

Amazon Web Services on Monday introduced cloud service for the CIA and other members of the U.S. intelligence community. From a report: The launch of the so-called AWS Secret Region comes six years after AWS introduced GovCloud, its first data center region for public sector customers. AWS has since announced plans to expand GovCloud. The new Secret Region signals interest in using AWS from specific parts of the U.S. government. In 2013 news outlets reported on a $600 million contract between AWS and the CIA. That event singlehandledly helped Amazon in its effort to sign up large companies to use its cloud, whose core services have been available since 2006.
Cloud

Cringely: Amazon Is Starting To Act Like 'Bad Microsoft' (cringely.com) 95

An anonymous reader quotes Cringely.com: My last column was about the recent tipping point signifying that cloud computing is guaranteed to replace personal computing over the next three years. This column is about the slugfest to determine what company's public cloud is most likely to prevail. I reckon it is Amazon's and I'll go further to claim that Amazon will shortly be the new Microsoft. What I mean by The New Microsoft is that Amazon is starting to act a lot like the old Microsoft of the 1990s. You remember -- the Bad Microsoft...

Tech companies behave this way because most employees are young and haven't worked anywhere else and because the behavior reflects the character of the founder. If the boss tells you to beat up customers and partners and it's your first job out of college, then you beat up customers and partners because that's the only world you know. At Microsoft this approach was driven by Bill Gates's belief that dominance could be lost in a single product cycle leaving no room for playing nice. At Amazon, Jeff Bezos is a believer in moving fast, making quick decisions and never looking back. The market has long rewarded this audacity so Amazon will continue to play hard until -- like Microsoft in the 90s -- they are punished for it.

Cringely points out most startups are already usings AWS -- and so are all 17 US intelligence agencies ("taking 350,000 PCs out of places like the CIA.")

Bonus link: 17 years ago Cringely answered questions from Slashdot readers.
Transportation

DJI Threatens Researcher Who Reported Exposed Cert Key, Credentials, and Customer Data (arstechnica.com) 81

An anonymous reader quotes Ars Technica: DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.

Finisterre found the security error after beginning to probe DJI's systems under DJI's bug bounty program, which was announced in August. But as Finisterre worked to document the bug with the company, he got increasing pushback -- including a threat of charges under the Computer Fraud and Abuse Act. DJI refused to offer any protection against legal action in the company's "final offer" for the data. So Finisterre dropped out of the program and published his findings publicly yesterday, along with a narrative entitled, "Why I walked away from $30,000 of DJI bounty money."

The company says they're now investigating "unauthorized access of one of DJI's servers containing personal information," adding that "the hacker in question" refused to agree to their terms and shared "confidential communications with DJI employees."
IBM

Tech Companies Try Apprenticeships To Fill The Tech Skills Gap (thehill.com) 123

Slashdot reader jonyen writes: For generations, apprenticeships have been the way of working life; master craftsmen taking apprentices under their wing, teaching them the tools of the trade. This declined during the Industrial Revolution as the advent of the assembly line enabled mass employment for unskilled laborers. The master-apprentice model went further out of focus as higher education and formal training became increasingly more valuable.

Fast forward to the 21st century, where employers are turning back the page to apprenticeships in an effort to fill a growing skills gap in the labor force in the digital age. Code.org estimates there will be a million unfulfilled tech jobs by 2020.

jonyen shared this article by IBM's Vice President of Talent:IBM is committed to addressing this shortage and recently launched an apprenticeship program registered with the US Department of Labor, with a plan to have 100 apprentices in 2018. ... Other firms have taken up the apprenticeship challenge as well. Salesforce CEO Marc Benioff, for example, has called for creating 5 million American apprentices in the next five years.

An apprenticeship offers the chance for Americans to get the formal education they need, whether through a traditional university, a community college or a trade school, while getting something else: On-the-job experience and an income... Right now, there are more than 6 million jobs in the U.S. that are going unfilled because employers can't find candidates with the right skills, according to the Labor Department.

IBM says their apprentices "are on their way to becoming software developers in our Cloud business and mainframe administrators for technologies like Blockchain, and we will add new apprenticeships in data analytics and cybersecurity as we replicate the program across the U.S."

"Ninety-one percent of apprentices in the U.S. find employment after completing their program, and their average starting wage is above $60,000."
The Military

Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets (theregister.co.uk) 84

An anonymous reader quotes a report from The Register: Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages -- all scraped from around the world by the U.S. military to identify and profile persons of interest. The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive. CENTCOM is the common abbreviation for the U.S. Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for U.S. Pacific Command, covering the rest of southern Asia, China and Australasia.

"For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate." Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens. The databases also reveal some interesting clues as to what this information is being used for. Documents make reference to the fact that the archive was collected as part of the U.S. government's Outpost program, which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism.

Security

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera (wired.com) 106

Security researchers claim to have discovered a flaw in Amazon's Key Service, which if exploited, could let a driver re-enter your house after dropping off a delivery. From a report: When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery. Security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled, but frozen. A viewer watching its live or recorded stream sees only a closed door, even as their actual door is opened and someone slips inside. That attack would potentially enable rogue delivery people to stealthily steal from Amazon customers, or otherwise invade their inner sanctum. And while the threat of a camera-hacking courier seems an unlikely way for your house to be burgled, the researchers argue it potentially strips away a key safeguard in Amazon's security system. When WIRED brought the research to Amazon's attention, the company responded that it plans to send out an automatic software update to address the issue later this week.
The Internet

Ask Slashdot: Which Software/Devices Are Unusable Without Connecting to the Internet? (techdirt.com) 201

New submitter AlejandroTejadaC writes: Currently, most commercial software and hardware manufactures rely on an internet connection for registering or activating their products and providing additional functionality. In an ideal world this works fine, but in our real world the buyer could lose access to internet for months -- such as in emergency situations like the aftermath of hurricane Maria -- and their products will refuse to work because they need an internet connection. Which companies are using their internet servers as replacements for hardware dongles? I want to see a complete list of software and devices that become completely unusable without a live internet connection. Just remember the infamous case of the Razer Synapse.
China

China Overtakes US In Latest Top 500 Supercomputer List (enterprisecloudnews.com) 110

An anonymous reader quotes a report from Enterprise Cloud News: The release of the semiannual Top 500 Supercomputer List is a chance to gauge the who's who of countries that are pushing the boundaries of high-performance computing. The most recent list, released Monday, shows that China is now in a class by itself. China now claims 202 systems within the Top 500, while the United States -- once the dominant player -- tumbles to second place with 143 systems represented on the list. Only a few months ago, the U.S. had 169 systems within the Top 500 compared to China's 160. The growth of China and the decline of the United States within the Top 500 has prompted the U.S. Department of Energy to doll out $258 million in grants to several tech companies to develop exascale systems, the next great leap in HPC. These systems can handle a billion billion calculations a second, or 1 exaflop. However, even as these physical machines grow more and more powerful, a good portion of supercomputing power is moving to the cloud, where it can be accessed by more researchers and scientists, making the technology more democratic.
Businesses

Here Comes the World's Biggest Shopping Spree -- Again (bloomberg.com) 38

A reader shares a report: On Nov. 11, China celebrates Singles Day, a holiday dedicated to the nation's unattached. It's also the world's largest shopping festival -- and a bonanza for internet giant Alibaba Group. Up to 500 million consumers will visit sites run by the company searching for discounts on items including Bordeaux wine, UGG boots, SUVs, and high-end Japanese toilets. Citigroup estimates that Alibaba's sales during this year's event could reach 158 billion yuan ($23.8 billion). For Alibaba, Singles Day will also be a demonstration of how far its cloud business has come in eight years. At the peak of activity, Alibaba's servers may be tasked with processing 175,000 transactions a second from its own sites. "It's the day when the largest amount of computing power is needed in China," says He Yunfei, a senior product manager for Alibaba Cloud. [...] Alibaba dominates the Chinese cloud -- in part because local regulators won't issue data center operating licenses to foreign companies, curtailing the China ambitions of Amazon.com and Microsoft, the No. 1 and No. 2 cloud providers globally.
IBM

IBM Raises the Bar with a 50-Qubit Quantum Computer (technologyreview.com) 69

IBM said on Friday it has created a prototype 50 qubit quantum computer as it further increases the pressure on Google in the battle to commercialize quantum computing technology. The company is also making a 20-qubit system available through its cloud computing platform, it said. From a report: The announcement does not mean quantum computing is ready for common use. The system IBM has developed is still extremely finicky and challenging to use, as are those being built by others. In both the 50- and the 20-qubit systems, the quantum state is preserved for 90 microseconds -- a record for the industry, but still an extremely short period of time. Nonetheless, 50 qubits is a significant landmark in progress toward practical quantum computers. Other systems built so far have had limited capabilities and could perform only calculations that could also be done on a conventional supercomputer. A 50-qubit machine can do things that are extremely difficult to simulate without quantum technology. Whereas normal computers store information as either a 1 or a 0, quantum computers exploit two phenomena -- entanglement and superposition -- to process information differently.
Businesses

Qualcomm Eyes Intel With Centriq 2400 Arm Server Chip (eweek.com) 23

Qualcomm is now challenging rival Intel in the rapidly changing data center market. From a report: The company is now selling its long-awaited Centriq 2400 Arm-based server processor that is aimed at the fast-growing cloud market and that Qualcomm officials say beats Intel in such crucial areas as power efficiency and cost. Officials from Arm and its manufacturing partners have for several years talked about pushing the Arm architecture into the data center as an alternative to Intel, and some manufacturers like Cavium and Applied Micro in recent years have rolled out systems-on-a-chip (SoCs) based on the 64-bit Armv8-A design. However, Qualcomm represents the most significant Arm chip maker in terms of scale and resources to challenge Intel, which holds more than 90 percent of the global server chip market. Qualcomm's Centriq chips offer up to 48 single-threaded cores running up to 2.6GHz and are manufactured on Samsung's 10-nanometer FinFET process. The processors sport a bidirectional segmented ring bus with as much as 250G bps of aggregate bandwidth to avoid performance bottlenecks, 512KB of shared L2 cache for every two cores and 60MB of unified L3 cache. There also are six channels of DDR4 memory and support for up to 768GB of total DRAM with 32 PCIe Gen 3 lanes and six PCIe controllers. They also support Arm's TrustZone security technology and hypervisors for virtualization.
Microsoft

Microsoft To Integrate 3rd-party Security Info Into Its Windows Defender Advanced Threat Protection Service (zdnet.com) 26

Microsoft is partnering with other security vendors to integrate their macOS, Linux, iOS, and Android security wares with its Windows Defender Advanced Threat Protection (ATP) service From a report: Microsoft has announced the first three such partners: Bitdefender, Lookoutm and Ziften. These companies will feed any threats detected into the single Windows Defender ATP console. With Defender ATP, every device has its own timeline with event history dating back up to six months. According to Microsoft, no additional infrastructure is needed to onboard events from macOS, Linux, iOS and/or Android devices. Integration with Bitdefender's GravityZone Cloud -- which allows users to get macOS and Linux threat intelligence on malware and suspicious files -- is in public preview as of today. A trial version is available now. Integration with Lookout's Mobile Endpoint Security for iOS and Android and Ziften's Zenith systems and security operations platform for macOS and Linux will be in public preview "soon," Microsoft's blog post says.
Cloud

Logitech To Shut Down 'Service and Support' For Harmony Link Devices In 2018 (arstechnica.com) 131

Logitech recently informed customers that it will be discontinuing service for its popular Harmony Link remote system, which allows users to control home theater and sound equipment from a mobile app. "Customers received an email explaining that Logitech will 'discontinue service and support' for the Harmony Link as of March 16, 2018, adding that Harmony Link devices 'will no longer function after this date,'" reports Ars Technica. From the report: While Logitech is offering a one-time, 35-percent discount on its Harmony Hub to affected customers that are out of warranty, that's not enough for Harmony Link users who are expressing their dissatisfaction on Logitech support forums and Reddit. Users have not experienced major problems with the Harmony Link system that would indicate they are approaching end of life. Harmony Link customers do not pay a subscription or service fee to use the device, either. The only reason provided comes from a Logitech employee with the username Logi_WillWong, who explains in a response post from September 8, 2017 that Logitech will not be renewing a "technology certificate license" that expires in March. No details were provided about how this certificate license allows the Harmony Link to function, but it appears that without it, those devices will not work as promised. "The certificate will not be renewed as we are focusing resources on our current app-based remote, the Harmony Hub," Logi_WillWong added, which seems to indicate that the shutting down of the Harmony Link system is a way to get more customers on the newer Harmony Hub system.
Encryption

Flaw Crippling Millions of Crypto Keys Is Worse Than First Disclosed (arstechnica.com) 76

An anonymous reader quotes a report from Ars Technica: A crippling flaw affecting millions -- and possibly hundreds of millions -- of encryption keys used in some of the highest-stakes security settings is considerably easier to exploit than originally reported, cryptographers declared over the weekend. The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents. The critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. When researchers first disclosed the flaw three weeks ago, they estimated it would cost an attacker renting time on a commercial cloud service an average of $38 and 25 minutes to break a vulnerable 1024-bit key and $20,000 and nine days for a 2048-bit key. Organizations known to use keys vulnerable to ROCA—named for the Return of the Coppersmith Attack the factorization method is based on—have largely downplayed the severity of the weakness.

On Sunday, researchers Daniel J. Bernstein and Tanja Lange reported they developed an attack that was 25 percent more efficient than the one created by original ROCA researchers. The new attack was solely the result of Bernstein and Lange based only on the public disclosure information from October 16, which at the time omitted specifics of the factorization attack in an attempt to increase the time hackers would need to carry out real-world attacks. After creating their more efficient attack, they submitted it to the original researchers. The release last week of the original attack may help to improve attacks further and to stoke additional improvements from other researchers as well.

Microsoft

Farmers In India Are Using AI To Increase Crop Yields (microsoft.com) 50

Reader joshtops shares an incredible story about how thousands of farmers in India are making use of AI and other technologies provided by Microsoft to ensure that they plow the field and sow the seeds at the right time. Prior to this, they were relying on their traditional instincts, which many of them say, had failed them in the recent years. From the story: The fields had been freshly plowed. The furrows ran straight and deep. Yet, thousands of farmers across Indian states of Andhra Pradesh (AP) and Karnataka waited to get a text message before they sowed the seeds. The SMS, which was delivered in Telugu and Kannada, their native languages, told them when to sow their groundnut crops. In a few dozen villages in Telengana, Maharashtra and Madhya Pradesh, farmers are receiving automated voice calls that tell them whether their cotton crops are at risk of a pest attack, based on weather conditions and crop stage. Meanwhile in Karnataka, the state government can get price forecasts for essential commodities such as tur (split red gram) three months in advance for planning for the Minimum Support Price (MSP). Welcome to digital agriculture, where technologies such as Artificial Intelligence (AI), Cloud Machine Learning, Satellite Imagery and advanced analytics are empowering small-holder farmers to increase their income through higher crop yield and greater price control. "Sowing date as such is very critical to ensure that farmers harvest a good crop. And if it fails, it results in loss as a lot of costs are incurred for seeds, as well as the fertilizer applications," says Dr. Suhas P. Wani, Director, Asia Region, of the International Crop Research Institute for the Semi-Arid Tropics (ICRISAT), a non-profit, non-political organization that conducts agricultural research for development in Asia and sub-Saharan Africa with a wide array of partners throughout the world. Microsoft in collaboration with ICRISAT, developed an AI Sowing App powered by Microsoft Cortana Intelligence Suite including Machine Learning and Power BI. The app sends sowing advisories to participating farmers on the optimal date to sow. The best part -- the farmers don't need to install any sensors in their fields or incur any capital expenditure. All they need is a feature phone capable of receiving text messages.
Cloud

Are You OK With Google Reading Your Data? (infoworld.com) 154

Remember when Google randomly flagged files in Google Docs for violating its terms of service? An anonymous reader quotes InfoWorld: Many people worried that Google was scanning users' documents in real time to determine if they're being mean or somehow bad. You actually agree to such oversight in Google G Suite's terms of service. Those terms include personal conduct stipulations and copyright protection, as well as adhering to "program policies"... Even though this is spelled out in the terms of service, it's uncomfortably Big Brother-ish, and raises anew questions about how confidential and secure corporate information really is in the cloud.

So, do SaaS, IaaS, and PaaS providers make it their business to go through your data? If you read their privacy policies (as I have), the good news is that most don't seem to. But have you actually read through them to know who, like Google, does have the right to scan and act on your data? Most enterprises do a good legal review for enterprise-level agreements, but much of the use of cloud services is by individuals or departments who don't get such IT or legal review. Enterprises need to be proactive about reading the terms of service for cloud services used in their company, including those set up directly by individuals and departments. It's still your data, after all, and you should know how it is being used and could be used...

The article argues that "Chances are you or your employees have signed similar terms in the many agreements that people accept without reading."
Bug

Google Explains Tuesday's Drive, Docs Bug That Marked Some Files As Violating Terms of Service (9to5google.com) 97

On Tuesday, Google's cloud-based word processing software was randomly flagging files for supposedly "violating" Google's Terms of Service, resulting in some users not being able to access or share their files. Google today explained the issue and addressed concerns that arose. 9to5Google reports: Several users on Tuesday morning reported no longer being able to open certain files they were working on in Docs, while others were locked out mid-edit. "On Tuesday, October 31, we mistakenly blocked access to some of our users' files, including Google Docs," Google said in a blog post. "This was due to a short-lived bug that incorrectly flagged some files as violating our terms of service (TOS)." Afterwards, Google provided a comment to Gizmodo noting that a code push made earlier that morning was at fault and that full access had been restored to users hours after the bug first arose. Today's clarification goes on to explain how that error on Tuesday caused Drive to "misinterpret" responses from the antivirus system designed to protect against malware, phishing, and spam. As a result, Docs "erroneously mark[ed] some files as TOS violations, thus causing access denials for users of those files."
Businesses

Vendor Tracks LinkedIn Profile Changes To Alert Client Employers (techtarget.com) 101

dcblogs shares a report from TechTarget: IT managers have long had the ability and right to monitor employee behavior on internal networks. Now, HR managers are getting similar capabilities thanks to cloud-based services -- but for tracking employee activity outside of their employer's network. A controversy and court fight is swelling over its potential impact on employee privacy. A San Francisco-based startup, hiQ Labs Inc., offers products based on its analysis of publicly available LinkedIn data. One is Keeper, which identifies employees at risk of being recruited away, and another is Skill Mapper, which analyzes employee skills. The profile data is collected by software bots. The clients of hiQ's service may learn whether a LinkedIn member is a flight risk thanks to an individual risk score: high (red), medium (yellow) or low (green), according to court papers. LinkedIn is in court fighting this, but so far it's losing. A federal judge recently took exception to the use of the CFAA in this case "to punish hiQ for accessing publicly available data." The judge warned such an interpretation "could profoundly impact open access to the internet."

Slashdot Top Deals