Forgot your password?
typodupeerror

Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

Communications

Black Hat Researchers Actively Trying To Deanonymize Tor Users 72

Posted by Soulskill
from the good-research-vs-bad-research dept.
An anonymous reader writes: Last week, we discussed news that a presentation had been canceled for the upcoming Black Hat security conference that involved the Tor Project. The researchers involved hadn't made much of an effort to disclose the vulnerability, and the Tor Project was scrambling to implement a fix. Now, the project says it's likely these researchers were actively attacking Tor users and trying to deanonymize them. "On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks. ...We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service." They also provide a technical description of the attack, and the steps they're taking to block such attacks in the future.
Networking

Ask Slashdot: Is Running Mission-Critical Servers Without a Firewall Common? 296

Posted by Soulskill
from the common-enough-to-make-you-sad dept.
An anonymous reader writes: I do some contract work on the side, and am helping a client set up a new point-of-sale system. For the time being, it's pretty simple: selling products, keeping track of employee time, managing inventory and the like. However, it requires a small network because there are two clients, and one of the clients feeds off of a small SQL Express database from the first. During the setup, the vendor disabled the local firewall, and in a number of emails back and forth since (with me getting more and more aggravated) they went from suggesting that there's no need for a firewall, to outright telling me that's just how they do it and the contract dictates that's how we need to run it. This isn't a tremendous deal today, but with how things are going, odds are there will be e-Commerce worked into it, and probably credit card transactions... which worries the bejesus out of me.

So my question to the Slashdot masses: is this common? In my admittedly limited networking experience, it's been drilled into my head fairly well that not running a firewall is lazy (if not simply negligent), and to open the appropriate ports and call it a day. However, I've seen forum posts here and there with people admitting they run their clients without firewalls, believing that the firewall on their incoming internet connection is good enough, and that their client security will pick up the pieces. I'm curious how many real professionals do this, or if the forum posts I'm seeing (along with the vendor in question) are just a bunch of clowns.
Wikipedia

An Accidental Wikipedia Hoax 137

Posted by Soulskill
from the isaac-newton-invented-the-apple dept.
Andreas Kolbe writes: The Daily Dot's EJ Dickson reports how she accidentally discovered that a hoax factoid she added over five years ago as a stoned sophomore to the Wikipedia article on "Amelia Bedelia, the protagonist of the eponymous children's book series about a 'literal-minded housekeeper' who misunderstands her employer's orders," had not just remained on Wikipedia all this time, but come to be cited by a Taiwanese English professor, in "innumerable blog posts and book reports", as well as a book on Jews and Jesus. It's a cautionary tale about the fundamental unreliability of Wikipedia. And as Wikipedia ages, more and more such stories are coming to light.
Businesses

Comcast Confessions 217

Posted by Soulskill
from the beancounters-shouldn't-run-the-show dept.
An anonymous reader writes: We heard a couple weeks ago about an incredibly pushy Comcast customer service representative who turned a quick cancellation into an ordeal you wouldn't wish on your enemies. To try and find out what could cause such behavior, The Verge reached out to Comcast employees, hoping a few of them would explain training practices and management directives. They got more than they bargained for — over 100 employees responded, and they painted a picture of a corporation overrun by the neverending quest for greater profit. From the article: 'These employees told us the same stories over and over again: customer service has been replaced by an obsession with sales, technicians are understaffed and tech support is poorly trained, and the massive company is hobbled by internal fragmentation. ... Brian Van Horn, a billing specialist who worked at Comcast for 10 years, says the sales pitch gradually got more aggressive. "They were starting off with, 'just ask," he says. "Then instead of 'just ask,' it was 'just ask again,' then 'engage the customer in a conversation,' then 'overcome their objections.'" He was even pressured to pitch new services to a customer who was 55 days late on her bill, he says.'
Education

Reglue: Opening Up the World To Deserving Kids With Linux Computers 78

Posted by Soulskill
from the never-too-early-for-your-first-tux dept.
jrepin writes: Today, a child without access to a computer (and the Internet) at home is at a disadvantage before he or she ever sets foot in a classroom. The unfortunate reality is that in an age where computer skills are no longer optional, far too many families don't possess the resources to have a computer at home. Linux Journal recently had the opportunity to talk with Ken Starks about his organization, Reglue (Recycled Electronics and Gnu/Linux Used for Education) and its efforts to bridge this digital divide.
The Internet

Which Is Better, Adblock Or Adblock Plus? 316

Posted by Soulskill
from the who-blacklists-the-blacklisters dept.
An anonymous reader writes: Wladimir Palant is the creator of the Adblock Plus browser extension, but he often gets asked how it compares to a similar extension for Chrome called Adblock. In the past, he's told people the two extensions achieve largely the same end, but in slightly different ways. However, recent changes to the Adblock project have him worried. "AdBlock covertly moved from an open development model towards hiding changes from its users. Users were neither informed about that decision nor the reasons behind it." He goes through the changelog and highlights some updates that call into question the integrity of Adblock. For example, from an update on June 6th: "Calling home functionality has been extended. It now sends user's locale in addition to the unique user ID, AdBlock version, operating system and whether Google Search ads are being allowed. Also, AdBlock will tell getadblock.com (or any other website if asked nicely) whether AdBlock has just been installed or has been used for a while — again, in addition to the unique user ID." Of course, Palant has skin in this game, and Adblock Plus has dealt with fallout from their "acceptable ads policy," but at least it's still developed in the open.
Government

Senate Bill Would Ban Most Bulk Surveillance 173

Posted by Soulskill
from the assuming-they-can-pass-anything dept.
An anonymous reader writes: Today Senator Patrick Leahy (D-VT) introduced a bill that would ban bulk collection of telephone records and internet data for U.S. citizens. This is a stronger version of the legislation that passed the U.S. House in May, and it has support from the executive branch as well. "The bill, called the USA Freedom Act, would prohibit the government from collecting all information from a particular service provider or a broad geographic area, such as a city or area code, according to a release from Leahy's office. It would expand government and company reporting to the public and reform the Foreign Intelligence Surveillance Court, which reviews NSA intelligence activities. Both House and Senate measures would keep information out of NSA computers, but the Senate bill would impose stricter limits on how much data the spy agency could seek."
Stats

OKCupid Experiments on Users Too 160

Posted by Unknown Lamer
from the statistics-are-only-skin-deep dept.
With recent news that Facebook altered users' feeds as part of a psychology experiment, OKCupid has jumped in and noted that they too have altered their algorithms and experimented with their users (some unintentional) and "if you use the Internet, you’re the subject of hundreds of experiments at any given time, on every site. That’s how websites work." Findings include that removing pictures from profiles resulted in deeper conversations, but as soon as the pictures returned appearance took over; personality ratings are highly correlated with appearance ratings (profiles with attractive pictures and no other information still scored as having a great personality); and that suggesting a bad match is a good match causes people to converse nearly as much as ideal matches would.
The Internet

The Misleading Fliers Comcast Used To Kill Off a Local Internet Competitor 247

Posted by Unknown Lamer
from the muni-broadband-madness! dept.
Jason Koebler (3528235) writes In the months and weeks leading up to a referendum vote that would have established a locally owned fiber network in three small Illinois cities, Comcast and SBC (now AT&T) bombarded residents and city council members with disinformation, exaggerations, and outright lies to ensure the measure failed. The series of two-sided postcards painted municipal broadband as a foolhardy endeavor unfit for adults, responsible people, and perhaps as not something a smart woman would do. Municipal fiber was a gamble, a high-wire act, a game, something as "SCARY" as a ghost. Why build a municipal fiber network, one asked, when "internet service [is] already offered by two respectable private businesses?" In the corner, in tiny print, each postcard said "paid for by SBC" or "paid for by Comcast." The postcards are pretty absurd and worth a look.
Cellphones

Lots Of People Really Want Slideout-Keyboard Phones: Where Are They? 530

Posted by timothy
from the could-be-anywhere-really dept.
Bennett Haselton writes: I can't stand switching from a slideout-keyboard phone to a touchscreen phone, and my own informal online survey found a slight majority of people who prefer slideout keyboards even more than I do. Why will no carrier make them available, at any price, except occasionally as the crummiest low-end phones in the store? Bennett's been asking around, of store managers and users, and arrives at even more perplexing questions. Read on, below.
The Internet

Internet Census 2012 Data Examined: Authentic, But Chaotic and Unethical 30

Posted by timothy
from the could-have-been-worse dept.
An anonymous reader writes "A team of researchers at the TU Berlin and RWTH Aachen presented an analysis of the Internet Census 2012 data set (here's the PDF) in the July edition of the ACM Sigcomm Computer Communication Review journal. After its release on March 17, 2013 by an anonymous author, the Internet Census data created an immediate media buzz, mainly due to its unethical data collection methodology that exploited default passwords to form the Carna botnet. The now published analysis suggests that the released data set is authentic and not faked, but also reveals a rather chaotic picture. The Census suffers from a number of methodological flaws and also lacks meta-data information, which renders the data unusable for many further analyses. As a result, the researchers have not been able to verify several claims that the anonymous author(s) made in the published Internet Census report. The researchers also point to similar but legal efforts measuring the Internet and remark that the illegally measured Internet Census 2012 is not only unethical but might have been overrated by the press."
NASA

Off the Florida Coast, Astronauts Train For Asteroid Mission 81

Posted by timothy
from the in-space-no-one-can-hear-you-access-facebook dept.
Space.com gives an overview of the training that four astronauts are undergoing over 9 days submerged off the coast of Florida near Key Largo. The training mission, dubbed NEEMO 18, is one step toward a proposed (mid-2020s) mission to actually visit a captured asteroid in lunar orbit. In addition to the complications of working outside their school-bus sized habitat while awkwardly suited up in a low-gravity (or at least high buoyancy) environment, their mission also includes a 10-minute communications delay, to simulate the high-latency communications with mission control that would be inevitable for an actual asteroid mission. The experiments astronauts are doing during the mission, which began Monday (July 21), range from the physical to the behavioral. For example, each of the crew members sports a sensor that records how close the crew members work with each other inside the school-bus-size habitat. ... Communications with NEEMO Mission Control is usually constant, and there is the ability to send items to and from the habitat as needed. Also living inside the habitat are two support staff who are assisting with Aquarius maintenance and systems, as required. The crew members also have Internet and phone service to talk with family and friends.
The Internet

In France, Most Comments on Gaza Conflict Yanked From Mainstream News Sites 500

Posted by timothy
from the national-brotherhood-week dept.
An anonymous reader writes with an unpleasant statistic from France, quoting David Corchia, who heads a service employed by large French news organizations to sift through and moderate comments made on their sites. Quoting YNet News: Corchia says that as an online moderator, generally 25% to 40% of comments are banned. Moderators are assigned with the task of filtering comments in accordance with France's legal system, including those that are racist, anti-Semitic or discriminatory. Regarding the war between the Israelis and Hamas, however, Corchia notes that some 95% of online comments made by French users are removed. "There are three times as many comments than normal, all linked to the Israeli-Palestinian conflict," added Jeremie Mani, head of another moderation company Netino. "We see racist or anti-Semitic messages, very violent, that also take aim at politicians and the media, sometimes by giving journalists' contact details," he added. "This sickening content is peculiar to this conflict. The war in Syria does not trigger these kinds of comments."
Cellphones

Greenpeace: Amazon Fire Burns More Coal and Gas Than It Should 287

Posted by timothy
from the not-enough-greenwashing dept.
Jason Koebler (3528235) writes "The biggest thing that sets the Amazon Fire Phone apart from its Android and Apple competitors probably isn't the clean interface or the unlimited photo storage—it's the dirty power behind it. When Fire users upload their photos and data to Amazon's cloud, they'll be creating a lot more pollution than iPhone owners, Greenpeace says. Apple has made a commitment to running its iCloud on 100 percent clean energy. Amazon, meanwhile, operates the dirtiest servers of any major tech giant that operates its own servers—only 15 percent of its energy comes from clean sources, which is about the default national average." Greenpeace's jaundiced eye is on Amazon more generally; the company's new phone is just an example. Maybe Amazon or some other provider could take a page from some local utilities and let users signal their own preferences with a (surcharged) "clean energy" option.
Media

Enraged Verizon FiOS Customer Seemingly Demonstrates Netflix Throttling 394

Posted by timothy
from the choking-hard dept.
MojoKid (1002251) writes The ongoing battle between Netflix and ISPs that can't seem to handle the streaming video service's traffic, boiled over to an infuriating level for Colin Nederkoon, a startup CEO who resides in New York City. Rather than accept excuses and finger pointing from either side, Nederkoon did a little investigating into why he was receiving such slow Netflix streams on his Verizon FiOS connection. What he discovered is that there appears to be a clear culprit. Nederkoon pays for Internet service that promises 75Mbps downstream and 35Mbps upstream through his FiOS connection. However, his Netflix video streams were limping along at just 375kbps (0.375mbps), equivalent to 0.5 percent of the speed he's paying for. On a hunch, he decided to connect to a VPN service, which in theory should actually make things slower since it's adding extra hops. Speeds didn't get slower, they got much faster. After connecting to VyprVPN, his Netflix connection suddenly jumped to 3000kbps, the fastest the streaming service allows and around 10 times faster than when connecting directly with Verizon. Verizon may have a different explanation as to why Nederkoon's Netflix streams suddenly sped up, but in the meantime, it would appear that throttling shenanigans are taking place. It seems that by using a VPN, Verizon simply doesn't know which packets to throttle, hence the gross disparity in speed.
Australia

Australian Government Moving Forward With Anti-Piracy Mandate For ISPs 124

Posted by timothy
from the sniff-it-sniff-all-of-it dept.
angry tapir (1463043) writes Australia is moving closer to a regime under which ISPs will be forced to block access to websites whose "dominant purpose" is to facilitate copyright violations. A secret government discussion paper (PDF) has been leaked and proposes a system of website blocking and expanded liability for ISPs when it comes to "reasonable steps that can be taken ... to discourage or reduce online copyright infringement."
Businesses

Cable Companies: We're Afraid Netflix Will Demand Payment From ISPs 200

Posted by timothy
from the who-pays-whom-for-what dept.
Dega704 (1454673) writes While the network neutrality debate has focused primarily on whether ISPs should be able to charge companies like Netflix for faster access to consumers, cable companies are now arguing that it's really Netflix who holds the market power to charge them. This argument popped up in comments submitted to the FCC by Time Warner Cable and industry groups that represent cable companies. (National Journal writer Brendan Sasso pointed this out.) The National Cable & Telecommunications Association (NCTA), which represents many companies including Comcast, Time Warner Cable, Cablevision, Cox, and Charter wrote to the FCC:

"Even if broadband providers had an incentive to degrade their customers' online experience in some circumstances, they have no practical ability to act on such an incentive. Today's Internet ecosystem is dominated by a number of "hyper-giants" with growing power over key aspects of the Internet experience—including Google in search, Netflix and Google (YouTube) in online video, Amazon and eBay in e-commerce, and Facebook in social media. If a broadband provider were to approach one of these hyper-giants and threaten to block or degrade access to its site if it refused to pay a significant fee, such a strategy almost certainly would be self-defeating, in light of the immediately hostile reaction of consumers to such conduct. Indeed, it is more likely that these large edge providers would seek to extract payment from ISPs for delivery of video over last-mile networks."
Related: an article at Gizmodo explains that it takes surprisingly little hardware to replicate (at least most of) Netflix's current online catalog in a local data center.
The Internet

Two Cities Ask the FCC To Preempt State Laws Banning Municipal Fiber Internet 198

Posted by samzenpus
from the fighting-the-man dept.
Jason Koebler writes Two cities—Chattanooga, Tennessee, and Wilson, North Carolina—have officially asked the federal government to help them bypass state laws banning them from expanding their community owned, gigabit fiber internet connections. In states throughout the country, major cable and telecom companies have battled attempts to create community broadband networks, which they claim put them at a competitive disadvantage. The FCC will decide if its able to circumvent state laws that have been put in place restricting the practice.
Networking

Comcast Carrying 1Tbit/s of IPv6 Internet Traffic 144

Posted by Unknown Lamer
from the hurd-1.0-released dept.
New submitter Tim the Gecko (745081) writes Comcast has announced 1Tb/s of Internet facing, native IPv6 traffic, with more than 30% deployment to customers. With Facebook, Google/YouTube, and Wikipedia up to speed, it looks we are past the "chicken and egg" stage. IPv6 adoption by other carriers is looking better too with AT&T at 20% of their network IPv6 enabled, Time Warner at 10%, and Verizon Wireless at 50%. The World IPv6 Launch site has measurements of global IPv6 adoption.
Communications

FCC Reminds ISPs That They Can Be Fined For Lacking Transparency 38

Posted by Unknown Lamer
from the beware-the-$5-fine dept.
An anonymous reader writes The FCC issued a notice on Wednesday reminding ISPs that, according to the still-intact transparency rule of the 2010 Open Internet Order, they are required to be transparent about their services. "The FCC's transparency rule requires that consumers get the information they need to make informed choices about the broadband services they purchase." Applicable scenarios include "poorly worded service offers or inaccurate counts of data against a data cap...[as well as] blocking or slowing certain types of traffic without explaining that to the customer." The transparency rule gives the FCC the power to fine ISPs for non-compliance.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...