Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Data Storage

Kingston HyperX Predator SSD Takes Gumstick M.2 PCIe Drives To 1.4GB/sec 37

Posted by timothy
from the sure-hope-those-drives-appreciated-it dept.
MojoKid writes Kingston recently launched their HyperX Predator PCIe SSD that is targeted at performance-minded PC enthusiasts but is much less expensive than enterprise-class PCIe offerings that are currently in market. Kits are available in a couple of capacities and form factors at 240GB and 480GB. All of the drives adhere to the 80mm M.2 2280 "gumstick" form factor and have PCIe 2.0 x4 connections, but are sold both with and without a half-height, half-length adapter card, if you'd like to drop it into a standard PCI Express slot. At the heart of the Kingston HyperX Predator is Marvell's latest 88SS9293 controller. The Marvell 88SS9293 is paired to a gigabyte of DDR3 memory and Toshiba A19 Toggle NAND. The drives are rated for read speeds up to 1.4GB/s and writes of 1GB/s and 130 – 160K random 4K IOPS. In the benchmarks, the 480GB model put up strong numbers. At roughly $1 per GiB, the HyperX Predator is about on par with Intel's faster SSD 750, but unlike Intel's new NVMe solution, the Kingston drive will work in all legacy platforms as well, not just Z97 and X99 boards with a compatible UEFI BIOS.
Space

Incorrectly Built SLS Welding Machine To Be Rebuilt 130

Posted by timothy
from the but-in-a-crash-you'd-be-totally-safe dept.
schwit1 writes A giant welding machine, built for NASA's multi-billion dollar Space Launch System (SLS), has to be taken apart and rebuilt because the contractor failed to reinforce the floor, as required, prior to construction: "Sweden's ESAB Welding & Cutting, which has its North American headquarters in Florence, South Carolina, built the the roughly 50-meter tall Vertical Assembly Center as a subcontractor to SLS contractor Boeing at NASA's Michoud Assembly Facility in New Orleans.

ESAB was supposed to reinforce Michoud's floor before installing the welding tool, but did not, NASA SLS Program Manager Todd May told SpaceNews after an April 15 panel session during the 31st Space Symposium here. As a result, the enormous machine leaned ever so slightly, cocking the rails that guide massive rings used to lift parts of the 8.4-meter-diameter SLS stages The rings wound up 0.06 degrees out of alignment, which may not sound like much, "but when you're talking about something that's 217 feet [66.14 meters] tall, that adds up," May said.

Asked why ESAB did not reinforce the foundation as it was supposed to, May said only it was a result of "a miscommunication between two [Boeing] subcontractors and ESAB."

It is baffling how everyone at NASA, Boeing, and ESAB could have forgotten to do the reinforcing, even though it was specified in the contract. It also suggests that the quality control in the SLS rocket program has some serious problems.
Security

Exploit For Crashing Minecraft Servers Made Public 111

Posted by timothy
from the hey-fellas-door's-unlocked dept.
An anonymous reader writes "After nearly two years of waiting for Mojang to fix a security vulnerability that can be used to crash Minecraft servers, programmer Ammar Askar has released a proof of concept exploit for the flaw in the hopes that this will force them to do something about it. "Mojang is no longer a small indie company making a little indie game, their software is used by thousands of servers, hundreds of thousands people play on servers running their software at any given time. They have a responsibility to fix and properly work out problems like this," he noted." Here is Askar's own post on the exploit, and his frustration with the response he's gotten to disclosing it to the developers.
Microsoft

Microsoft Open Technologies Is Closing: Good Or Bad News For Open Source? 108

Posted by timothy
from the sea-change-or-see-no-change dept.
BrianFagioli writes When Microsoft Open Technologies was founded as a subsidiary of Microsoft — under Steve Ballmer's reign — many in the open source community hailed it as a major win, and it was. Today, however, the subsidiary is shutting down and being folded into Microsoft. While some will view this as a loss for open source, I disagree; Microsoft has evolved so much under Satya Nadella, that a separate subsidiary is simply no longer needed. Microsoft could easily be the world's biggest vendor of open source software, which is probably one reason some people don't like the term.
Security

FBI Accuses Researcher of Hacking Plane, Seizes Equipment 257

Posted by Soulskill
from the security-theater dept.
chicksdaddy writes: The Feds are listening, and they really can't take a joke. That's the apparent moral of security researcher Chris Roberts' legal odyssey on Wednesday, which saw him escorted off a plane in Syracuse by two FBI agents and questioned for four hours over a humorous tweet Roberts posted about his ability to hack into the cabin control systems of the Boeing 737 he was flying. Roberts (aka @sidragon1) joked that he could "start playing with EICAS messages," a reference to the Engine Indicating and Crew Alerting System.

Roberts was traveling to Syracuse to give a presentation. He said local law enforcement and FBI agents boarded the plane on the tarmac and escorted him off. He was questioned for four hours, with officers alleging they had evidence he had tampered with in-flight systems on an earlier leg of his flight from Colorado to Chicago. Roberts said the agents questioned him about his tweet and whether he tampered with the systems on the United flight -something he denies doing. Roberts had been approached earlier by the Denver office of the FBI which warned him away from further research on airplanes. The FBI was also looking to approach airplane makers Boeing and Airbus and wanted him to rebuild a virtualized environment he built to test airplane vulnerabilities to verify what he was saying.

Roberts refused, and the FBI seized his encrypted laptop and storage devices and has yet to return them, he said. The agents said they wished to do a forensic analysis of his laptop. Roberts said he declined to provide that information and requested a warrant to search his equipment. As of Friday, Roberts said he has not received a warrant.
Stats

IT Worker's Lawsuit Accuses Tata of Discrimination 291

Posted by timothy
from the not-all-discrimination-is-invidious dept.
dcblogs writes An IT worker is accusing Tata Consultancy Services (TCS) of discriminating against American workers and favoring "South Asians" in hiring and promotion. It's backing up its complaint, in part, with numbers. The lawsuit, filed this week in federal court in San Francisco, claims that 95% of the 14,000 people Tata employs in the U.S. are South Asian or mostly Indian. It says this practice has created a "grossly disproportionate workforce." India-based Tata achieves its "discriminatory goals" in at least three ways, the lawsuit alleges. First, the company hires large numbers of H-1B workers. Over from 2011 to 2013, Tata sponsored nearly 21,000 new H-1B visas, all primarily Indian workers, according to the lawsuit's count. Second, when Tata hires locally, "such persons are still disproportionately South Asian," and, third, for the "relatively few non-South Asians workers that Tata hires," it disfavors them in placement, promotion and termination decisions.
Security

Calling Out a GAO Report That Says In-Flight Wi-Fi Lets Hackers Access Avionics 113

Posted by timothy
from the this-postcard-is-just-an-atom-bomb dept.
An anonymous reader writes A new report from the U.S. Government Accountability Office (GAO) warns that in-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and take over navigation. At the same time, a cyber expert and pilot called the report "deceiving" and said that "To imply that because IP is used for in-flight WiFi and also on the avionics networks means that you can automatically take over the avionics network makes about as much sense as saying you can take over the jet engines because they breathe air like the passengers and there is no air gap between passengers who touch the plane and the engines which are attached to the plane."
GUI

KDE Plasma 5.3 Beta Brings Lot of Improvements 62

Posted by timothy
from the gui-not-gooey dept.
jones_supa writes: The KDE project today announced the release of KDE Plasma 5.3 beta. It brings better power management, improved Bluetooth support, improved widgets, Wayland support, new media center, and nearly 350 bugfixes. The power management improvements include settings that can be independently configured per activity, there is a new energy usage monitor available in KInfoCenter, and a battery applet identifies applications that hog power. Bluetooth applet brings added support for blocking and unblocking devices. New touchpad module has been added as well. The combined window manager and compositor KWin is now able to start a nested XWayland server, which acts as a bridge between the old X11 and the new Wayland world.
Cloud

Google Sunsetting Old Version of Google Maps 201

Posted by timothy
from the nothing-beats-mapblast's-vector-directions dept.
New submitter Robertgilberts writes with word that Google is dropping the old version of Maps. The new version of Google Maps came out of preview back in February 2014 and was in beta for several months before that. The only way to access the old version of Google Maps was via a special URL or if you had a very old browser that did not support the new version of Google Maps. Consolation prize: There will still be a lighter-weight version, which "drops out many of the neat Google Maps features in exchange for speed and compatibility."
Security

The Voting Machine Anyone Can Hack 104

Posted by samzenpus
from the vote-now-vote-often dept.
Presto Vivace writes about a study published by the Virginia Information Technology Agency outlining just how bad the security of the AVS WINVote machine is. "Virginia election officials have decertified an electronic voting system after determining that it was possible for even unskilled people to surreptitiously hack into it and tamper with vote counts. The AVS WINVote, made by Advanced Voting Solutions, passed necessary voting systems standards and has been used in Virginia and, until recently, in Pennsylvania and Mississippi. It used the easy-to-crack passwords of 'admin,' 'abcde,' and 'shoup' to lock down its Windows administrator account, Wi-Fi network, and voting results database respectively, according to a scathing security review published Tuesday by the Virginia Information Technologies Agency. The agency conducted the audit after one Virginia precinct reported that some of the devices displayed errors that interfered with vote counting during last November's elections."
United States

Gyro-Copter Lands On West Lawn of US Capitol, Pilot Arrested 320

Posted by samzenpus
from the just-mail-your-taxes-next-time dept.
An anonymous reader writes that Doug Hughes, 61, a mailman from Ruskin, Florida was arrested for landing a gyro-copter on the West Lawn of the U.S. Capitol. "A 61-year-old Florida mailman was arrested Wednesday after he landed a gyrocopter on the U.S. Capitol west lawn. The gyrocopter was carrying the pilot and 535 stamped letters for members of Congress urging 'real reform' to campaign finance laws. Doug Hughes told the Tampa Bay Times ahead of the afternoon stunt that he notified authorities 'well over an hour in advance of getting to the no-fly zone, so they know who I am and what I'm doing.' Capitol police sent dogs and a bomb squad to the scene. Nothing hazardous was found. A city block from the Capitol had been cordoned off."
Security

Why "Designed For Security" Is a Dubious Designation 58

Posted by samzenpus
from the protect-ya-neck dept.
itwbennett writes The list of products designed to be security enhanced that turned out to be anything but seems to get longer by the day. In just the latest instance, reported by Wired last week, the crowd-funded privacy-enhancing home router Anonabox had to be recalled after an independent researcher discovered serious security flaws in the product. But security experts caution that the real problem may be bigger than vulnerabilities hidden in application code: "Designed for security products don't just have to be good. They have to be beyond reproach," explains John Dickson, a Principal at the Denim Group. "All it takes is one guy with a grudge to undo you."
Transportation

GAO Warns FAA of Hacking Threat To Airliners 78

Posted by Soulskill
from the not-agile-enough-to-respond dept.
chicksdaddy writes: A report from the Government Accountability Office (GAO) warns that the U.S. Federal Aviation Administration may be failing to address cyber security vulnerabilities that could allow remote attacks on avionics systems needed to keep the plane airborne. In a report issued Tuesday (PDF), the GAO said, "significant security-control weaknesses remain that threaten the agency's ability to ensure the safe and uninterrupted operation of the national airspace system." Among those: a lack of clear certification for aircraft airworthy readiness that encompasses cyber security protections. That lapse could allow planes to fly with remotely exploitable vulnerabilities that could affect aircraft controls and guidance systems.

The GAO report did not provide details of any specific vulnerability affecting any specific aircraft. Rather, GAO cited FAA personnel and experts, saying that the possibility exists that "unauthorized individuals might access and compromise aircraft avionics systems," in part by moving between Internet-connected in-flight entertainment systems and critical avionics systems in the aircraft cabin.

Security researchers have long warned that hackers could jump from in-flight entertainment systems in the passenger cabin to cockpit avionics systems if airlines did not take proper precautions, such as so-called "air gapping" the networks. At last year's Black Hat Briefings, researcher Ruben Santamarta of IOActive demonstrated a method of hacking the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems.
Windows

Remote Code Execution Vulnerability Found In Windows HTTP Stack 118

Posted by Soulskill
from the another-day,-another-vuln dept.
jones_supa writes: A remote code execution vulnerability exists in the Windows HTTP stack that is caused when HTTP.SYS parses specially-crafted HTTP requests. An attacker who has successfully exploited this vulnerability could execute arbitrary code under the SYSTEM context. Details of the bug are withheld, but exploit code is floating around. Microsoft describes the issue in security bulletin MS15-034. An update (KB3042553) is already available for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. As a workaround, Microsoft offers disabling IIS kernel caching.
Data Storage

New Samsung SSD 840 EVO Read Performance Fix Coming Later This Month 72

Posted by Soulskill
from the slower-than-fastest-but-faster-than-slowest dept.
An anonymous reader writes: The Samsung SSD 840 EVO read performance bug has been on the table for over six months now. Initially Samsung acknowledged the issue fairly quickly and provided a fix only a month after the news hit the mainstream tech media, but reports of read performance degradation surfaced again a few weeks after the fix had been released, making it clear that the first fix didn't solve the issue for all users. Two months ago Samsung announced that a new fix is in the works and last week Samsung sent out the new firmware along with Magician 4.6 for testing, which will be available to the public later this month.
Security

Cracking Passwords With Statistics 136

Posted by Soulskill
from the statistics-is-the-most-powerful-tool-nobody-uses-correctly dept.
New submitter pjauregui writes: When users are asked to create a "secure" password, most sites simply demand things like "must contain 1 uppercase letter and one punctuation character." But those requirements often lead to users picking exactly 1 uppercase letter, and using it to begin their password. What was intended to increase randomness is instead creating structure that statistical analysis can exploit. This article starts by asking the reader, "Think like a hacker and ask yourself how fast your passwords might be able to be cracked based on their structure." The author then describes his method for cracking passwords at scale, efficiently, stating that many attackers approach this concept headfirst: They try any arbitrary password attack they feel like trying with little reasoning. His post is a discussion that demonstrates effective methodologies for password cracking and how statistical analysis of passwords can be used in conjunction with tools to create a time boxed approach to efficient and successful cracking.
Chrome

Chrome 42 Launches With Push Notifications 197

Posted by Soulskill
from the douglas-adams-edition dept.
An anonymous reader writes: Google today launched Chrome 42 for Windows, Mac, and Linux with new developer tools. Chrome 42 offers two new APIs (Push API and Notifications API) that together allow sites to send notifications to their users even after the given page is closed. While this can be quite an intrusive feature for a browser, Google promises the users have to first grant explicit permission before they receive such a message.
Businesses

IT Consultant Talks About 'Negotiating for Nerds' (Video) 61

Posted by Roblimo
from the paying-it-forward dept.
Matt Heusser did a Slashdot video interview back in 2013 titled How to Become an IT Expert Companies Seek Out and Pay Well. Despite noise from a few yammerheads about Matt getting 'free advertising' on Slashdot, which is unlikely since the vast majority of Slashdot users are more likely to compete with him than to hire him, most of the people who saw that video (or read the transcript) knew he was giving helpful advice to peers who might want to get out of the cubicle and work for themselves.

Today, Matt is with us again. This video is about 'Negotiating for Nerds.' Matt talks about negotiating a pay raise or consulting fee increase, starting with learning who has the actual power to negotiate with you. This is essential knowledge if you are employed (or self-employed) in IT and want to make sure you're getting all you are worth.
Television

In New Zealand, a Legal Battle Looms Over Streaming TV 104

Posted by timothy
from the why-consider-this-pen-your-honor dept.
SpacemanukBEJY.53u writes After a threat from a law firm, two New Zealand ISPs have withdrawn services that let their customers navigate to content sites outside the country that world normally be geo-blocked. Using VPNs or other services to access content restricted by region isn't specifically outlawed in either New Zealand or in neighboring Australia, but it appears the entertainment industry is prepared to go to court to try and argue that such services can violate copyright law. Intellectual property experts said the situation in New Zealand, if it goes to court, could result in the first test case over the legality of skirting regional restrictions.
Crime

Allegation: Lottery Official Hacked RNG To Score Winning Ticket 342

Posted by timothy
from the his-number-was-up dept.
SternisheFan writes with this excerpt from Ars Technica about what may be the most movie-worthy real-life crime story of the year so far: Eddie Raymond Tipton, 51, may have inserted a thumbdrive into a highly locked-down computer that's supposed to generate the random numbers used to determine lottery winners, The Des Moines Register reported, citing court documents filed by prosecutors. At the time, Tipton was the information security director of the Multi-State Lottery Association, and he was later videotaped purchasing a Hot Lotto ticket that went on to fetch the winning $14.3 million payout.

In court documents filed last week, prosecutors said there is evidence to support the theory Tipton used his privileged position inside the lottery association to enter a locked room that housed the random number generating computers and
infect them with software that allowed him to control the winning numbers. The room was enclosed in glass, could only be entered by two people at a time, and was monitored by a video camera. To prevent outside attacks, the computers aren't connected to the Internet. Prosecutors said Tipton entered the so-called draw room on November 20, 2010, ostensibly to change the time on the computers. The cameras on that date recorded only one second per minute rather than running continuously like normal.

"Four of the five individuals who have access to control the camera's settings will testify they did not change the cameras' recording instructions," prosecutors wrote. "The fifth person is defendant. It is a reasonable deduction to infer that defendant tampered with the camera equipment to have an opportunity to insert a thumbdrive into the RNG tower without detection."