Feed aggregator

German ICO Savedroid Pulls Exit Scam After Raising $50 Million

Slashdot -

German company Savedroid has pulled a classic exit scam after raising $50 million in ICO and direct funding. The site is currently displaying a South Park meme with the caption "Aannnd it's gone." The founder, Dr. Yassin Hankir, has posted a tweet thanking investors and saying "Over and out." TechCrunch reports: A reverse image search found Hankir's photo on this page for Founder Institute, and he has pitched his product at multiple events, including this one in German. Savedroid was originally supposed to use AI to manage user investments and promised a crypto-backed credit card, a claim that CCN notes is popular with scam ICOs. It ran for a number of months and was clearly well-managed as the group was able to open an office and appear at multiple events.

Read more of this story at Slashdot.

Google Is Shuttering Domain Fronting, Creating a Big Problem For Anti-Censorship Tools

Slashdot -

"The Google App Engine is discontinuing a practice called domain fronting, which lets services use Google's network to get around state-level internet blocks," reports The Verge. While the move makes sense from a cybersecurity perspective as domain fronting is widely used by malware to evade network-based detection, it will likely frustrate app developers who use it to get around internet censorship. From the report: First spotted by Tor developers on April 13th, the change has been rolling out across Google services and threatens to disrupt services for a number of anti-censorship tools, including Signal, GreatFire.org and Psiphon's VPN services. Reached by The Verge, Google said the changes were the result of a long-planned network update. "Domain fronting has never been a supported feature at Google," a company representative said, "but until recently it worked because of a quirk of our software stack. We're constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don't have any plans to offer it as a feature." Domain-fronting allowed developers to use Google as a proxy, forwarding traffic to their own servers through a Google.com domain. That was particularly important for evading state-level censorship, which might try to block all the traffic sent to a given service. As long as the service was using domain-fronting, all the in-country data requests would appear as if they were headed for Google.com, with encryption preventing censors from digging any deeper. We do not yet know exactly why and when Google is shutting down the practice, but will update this post once we learn more.

Read more of this story at Slashdot.

'Login With Facebook' Data Hijacked By JavaScript Trackers

Slashdot -

An anonymous reader quotes a report from TechCrunch: Facebook confirms to TechCrunch that it's investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user's data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It's unclear what these trackers do with the data, but many of their parent companies including Tealium, AudienceStream, Lytics, and ProPS sell publisher monetization services based on collected user data. The abusive scripts were found on 434 of the top 1 million websites including freelancer site Fiverr.com, camera seller B&H Photo And Video, and cloud database provider MongoDB. That's according to Steven Englehardt and his colleagues at Freedom To Tinker, which is hosted by Princeton's Center For Information Technology Policy.

Read more of this story at Slashdot.

SpaceX Launches NASA's Planet-Hunting Satellite, Successfully Lands Its Falcon 9 Rocket

Slashdot -

SpaceX launched NASA's TESS spacecraft Wednesday evening from Cape Canaveral, Florida, and successfully landed its Falcon 9 rocket on a drone ship following takeoff. This marks 24 successful landings for SpaceX now, notes The Verge. We will update this post once TESS is deployed into orbit. From the report: TESS is NASA's newest exoplanet hunter. The probe is tasked with staring at stars tens to hundreds of light-years from Earth, watching to see if they blink. When a planet passes in front of a distant star, it dims the star's light ever so slightly. TESS will measure these twinkles from a 13.7-day orbit that extends as far out as the distance of the Moon. The satellite won't get to its final orbit on this launch. Instead, the Falcon 9 will put TESS into a highly elliptical path around Earth first. From there, TESS will slowly adjust its orbit over the next couple of months by igniting its onboard engine multiple times. The spacecraft will even do a flyby of the Moon next month, getting a gravitational boost that will help get the vehicle to its final path around Earth. Overall, it will take about 60 days after launch for TESS to get to its intended orbit; science observations are scheduled to begin in June.

Read more of this story at Slashdot.

Facebook To Design Its Own Processors For Hardware Devices, AI Software, and Servers

Slashdot -

Facebook is the latest technology company to design its own semiconductors, reports Bloomberg. "The social media company is seeking to hire a manager to build an 'end-to-end SoC/ASIC, firmware and driver development organization,' according to a job listing on its corporate website, indicating the effort is still in its early stages." From the report: Facebook could use such chips to power hardware devices, artificial intelligence software and servers in its data centers. Next month, the company will launch the Oculus Go, a $200 standalone virtual-reality headset that runs on a Qualcomm processor. Facebook is also working on a slew of smart speakers. Future generations of those devices could be improved by custom chipsets. By using its own processors, the company would have finer control over product development and would be able to better tune its software and hardware together. The postings didn't make it clear what kind of use Facebook wants to put the chips to other than the broad umbrella of artificial intelligence. A job listing references "expertise to build custom solutions targeted at multiple verticals including AI/ML," indicating that the chip work could focus on a processor for artificial intelligence tasks. Facebook AI researcher Yann LeCun tweeted about some of the job postings on Wednesday, asking for candidates interested in designing chips for AI.

Read more of this story at Slashdot.

Amazon Employee Explains the Poor Working Conditions of An Amazon Warehouse

Slashdot -

Earlier this week, James Bloodworth, a former UK Amazon employee that worked undercover in the "fulfillment center" for six-months, released a book detailing the mistreatment of warehouse employees at the commerce company. He described the work culture as a prison after discovering that Amazon warehouse staff were peeing in bottles to avoid taking too many breaks. Since the report first broke, many Amazon employees have come out to share their thoughts on the working conditions, including one Reddit user who claims that "the post is pretty spot on": They don't monitor bathroom breaks, but [your] individual rate (or production goal) [doesn't] account for bathroom breaks, or... let's say there is a problem like you need [two] of something and there's only one left, well you have to put on your "andon"... wait for someone to come "fix" for you, all the while your rate is dropping. The [two] most common reasons [people] get fired are not hitting rate, and attendance. They don't really try to help you hit rate, they just fire and replace. My first week there [two] [people] collapsed from dehydration. It's so [commonplace] to see someone collapse that nobody is even shocked anymore. You'll just hear a manager complain that he has to do some report now, while a couple of new [people] try to help the guy (veterans won't risk helping [because] it drips rate). No sitting allowed, and there's nowhere to sit anywhere except the break rooms. Before the robots (they call them kivas) pickers would regularly walk 10-15 miles a day, now it's just stand for 10-12 hours a day. [People] complain about the heat all the time but we just get told 80 degrees (Fahrenheit obviously) is a safe working temp. [Sometimes] they will pull out a thermometer, but even when it hits 85 they just say it's fine. There's been deaths, at least one in my building... Amazon likes to keep it all hush hush. Heard about others, you can find the stories if you search for it, but Amazon does a good job burying it... Amazon has denied the allegations, saying: "Amazon ensures all of its associates have easy access to toilet facilities which are just a short walk from where they are working. Amazon provides a safe and positive workplace for thousands of people across the UK with competitive pay and benefits from day one. We have not been provided with confirmation that the people who completed the survey worked at Amazon and we don't recognize these allegations as an accurate portrayal of activities in our buildings."

Read more of this story at Slashdot.

myDropWizard.com: Security Vulnerabilities Affect Your Dev Sites Too

Drupal Planet -

When Drupalgeddon 2 (SA-CORE-2018-002) happened a few weeks back, we saw plenty of buzz from agencies and other organizations throughout the community who were having patching parties.

Yay for patching! But were you left vulnerable by not updating all of your installations?

If you didn’t update development and staging sites, you may be at risk!

Due to the nature of the vulnerability, from the largest of enterprise applications to the smallest of brochure or hobbyist site builds, all Drupal sites were affected. This includes any testing or staging versions of your site. Depending on how you manage your local development sites, even those may have been exposed too!

Still not convinced? Read more to find out why you need to update ALL sites!

Microsoft Ports Edge Anti-Phishing Technology To Google Chrome

Slashdot -

An anonymous reader writes: Microsoft has released a Chrome extension named "Windows Defender Browser Protection" that ports Windows Defender's -- and inherently Edge's -- anti-phishing technology to Google Chrome. The extension works by showing bright red-colored pages whenever users are tricked into accessing malicious links. The warnings are eerily similar to the ones that Chrome natively shows via the Safe Browsing API, but are powered by Microsoft's database of malicious links —also known as the SmartScreen API. Chrome users should be genuinely happy that they can now use both APIs for detecting phishing and malware-hosting URLs. The SmartScreen API isn't as known as Google's more famous Safe Browsing API, but works in the same way, and possibly even better. An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.

Read more of this story at Slashdot.

Robots Ride To the Rescue Where Workers Can't Be Found

Slashdot -

Fast-growing economies in Eastern Europe have led to severe labor shortages, so companies are calling in the machines [Editor's note: the link may be paywalled]. From a report: In many major economies, companies are experimenting with replacing factory workers, truck drivers and even lawyers with artificial intelligence, raising the specter of a mass displacement of jobs. But in Eastern Europe, robots are being enlisted as the solution for a shortage of workers. Often they are helping to create new types of jobs as businesses in the Czech Republic, Hungary, Slovakia and Poland try to stay agile and competitive. Growth in these countries, which became low-cost manufacturing hubs for Europe after the fall of Communism, has averaged 5 percent in recent years, buoyed by the global recovery. Few are riding higher than the Czech Republic, where plants roll out cars for the likes of Toyota and consumer electronics for Dell, while smaller companies produce specialty goods to sell around the world. A roaring economy has slashed the jobless rate to just 2.4 percent, the lowest in the European Union. The dearth of manpower, however, has limited the ability of Czech companies to expand. Nearly a third of them have started to turn away orders, according to the Czech Confederation of Industry, a trade group.

Read more of this story at Slashdot.

100 Top Colleges Vow To Enroll More Low-Income Students

Slashdot -

Research shows that just 3 percent of high-achieving, low-income students attend America's most selective colleges. And, it's not that these students just aren't there -- every year tens of thousands of top students who don't come from wealthy families never even apply to elite colleges. Universities are taking note -- and banding together under something called the American Talent Initiative -- a network backed by Bloomberg Philanthropies, the Aspen Institute and the research firm Ithaka S+R. To join the club, schools have to graduate 70 percent of their students in six years -- a qualification that leaves just under 300 schools in the U.S. eligible. Nearly a third of those schools -- exactly 100 -- have signed on. Their goal? Enroll 50,000 additional low- and moderate-income students by 2025. From a report: Each school has its own goals, too -- many want to increase the number of Pell Grant students on campus, others aim to improve graduation rates -- but they're all on board to share strategies, learn from each other's missteps and provide data to monitor their progress.

Read more of this story at Slashdot.

A Florida Man Has been Accused of Making 97 Million Robocalls

Slashdot -

A Florida man accused of flooding consumers with 97 million phone calls touting fake travel deals appeared Wednesday before lawmakers to explain how robocalls work and to say, "I am not the kingpin of robocalling that is alleged." From a report: Adrian Abramovich, of Miami, who is fighting a proposed $120 million fine, told senators that open-source software lets operators make thousands of phone calls with the click of a button, in combination with cloud-based computing and "the right long distance company." "Clearly regulation needs to address the carriers and providers and require the major carriers to detect robocalls activity," Abramovich said in testimony submitted in advance to the Senate Commerce Committee. He has asked the Federal Communications Commission to reduce the fine proposed last year, calling it disproportionate, in part because most calls went unanswered or resulted in a quick hang-up by consumers. The panel's chairman, Senator John Thune, a South Dakota Republican, called Abamovich and officials from the FCC and other agencies to discuss ways to stop abusive calls.

Read more of this story at Slashdot.

Microsoft Drops OneNote From Office, Pushes Users To Windows 10 Version

Slashdot -

An anonymous reader writes: Microsoft is making big changes to OneNote for Windows: The desktop app will no longer be included in Microsoft Office. Instead, OneNote for Windows 10, the UWP app, will be the default OneNote experience for both Office 365 and Office 2019. OneNote for Mac, Android, iOS, and the web are unaffected. The move shouldn't be a huge surprise for those paying close attention to OneNote's development. Back in February 2015, Microsoft made OneNote for Windows completely free by removing all feature restrictions. This untethering of OneNote from Office meant users could download OneNote 2013 for Windows 7 and Windows 8 without having to pay for Office 2013.

Read more of this story at Slashdot.

Richard Stallman On Facebook's Privacy Scandal: We Need a Law. There's No Reason We Should Let Them Exist if the Price is Knowing Everything About Us

Slashdot -

From a wide-ranging interview of Richard Stallman by New York Magazine: New York Magazine: Why do you think these companies feel justified in collecting that data? Richard Stallman: Oh, well, I think you can trace it to the general plutocratic neoliberal ideology that has controlled the U.S. for more than two decades. A study established that since 1998 or so, the public opinion in general has no influence on political decisions. They're controlled by the desires of the rich and of special interests connected with whatever issue it is. So the companies that wanted to collect data about people could take advantage of this general misguided ideology to get away with whatever they might have wanted to do. Which happened to be collecting data about people. But I think they shouldn't be allowed to collect data about people. We need a law. Fuck them -- there's no reason we should let them exist if the price is knowing everything about us. Let them disappear. They're not important -- our human rights are important. No company is so important that its existence justifies setting up a police state. And a police state is what we're heading toward. Most non-free software has malicious functionalities. And they include spying on people, restricting people -- that's called digital restrictions management, back doors, censorship. Empirically, basically, if a program is not free software, it probably has one of these malicious functionalities. So imagine a driverless car, controlled of course by software, and it will probably be proprietary software, meaning not-free software, not controlled by the users but rather by the company that makes the car, or some other company. Well imagine if that has a back door, which enables somebody to send a command saying, "Ignore what the passenger said, and go there." Imagine what that would do. You can be quite sure that China will use that functionality to drive people toward the places they're going to be disappeared or punished. But can you be sure that the U.S. won't?

Read more of this story at Slashdot.

Sooper Drupal Themes: Web Forms In Drupal 8 With Contact Module And Webform Module | 8 Days To Drupal 8 | Day 3

Drupal Planet -

We're counting down the days to the official SooperThemes Drupal 8 Release! Count with us as we will be writing a Drupal 8 related blog post every day for the next 8 days.

Drupal 8 web forms and drag and drop forms video tutorial

view on sooperthemes.com if you can't see the video

This tutorial is aimed at people who just need a contact form or some other kind of user input form. We'll cover deciding between the core contact module and the popular webform module. We won't cover using the Drupal API to program complex forms that integrate with external applications.

Drupal 8 Core Contact Module

Whereas the Drupal 7 core contact module was not very useful due to a total lack of flexibility, the Drupal 8 version is much nicer. It's nicer because you can add fields to it. You're no longer limited to just the name, email, subject and message fields that were baked into the Drupal 7 version. 

Not only does the new contact form allow for custom text fields, it even supports file uploads, entity references, date fields, and other Field API fields.This simple yet powerful form builder module is not limited to just contact forms; you can use it to create questionnaires, gather user feedback, etc.  

Drupal 8 Contact module customized form

Better Together: Contact Module + Contact Storage Module

One major inconvenience of the Contact module is that is doesn't store any messages that are sent. Your only option is to send the message via email and afterwards there is no copy of the message in your Drupal site. The contact storage module will store your messages as entities. It lets you administer the messages and provides integration with the views module. Since the messages are stored as Drupal entities you also gain interoperability with other modules in the Drupal ecosystem. This will allow you to do even more, for example exporting messages as CSV, searching messages, and pushing messages to your CRM.

Webform Module

Drupal's popular webform module is a massive framework that offers a ton of extra options that the contact module doesn't have. You should choose the webform module if these extra features are useful to you and you're prepared to learn the ropes around a more complex user interface. The webform module can be intimidating at first because there are so many elements and settings... but once you're familiar with the interface you can configure and design very powerful forms fairly easily. 

To see what the webform module offers it's really better for me to show than tell. Check out the youtube video above where I show you the interface of the webform module.

Drupal 8 Webform module form using the flexbox layout option

Contact Module vs Webform Module

Personally I choose the webform module for anything that is more complicated than just the standard contact form with a subject and message field. The contact module is powerful and extendable, but the webform module gives you everything you need in one place. It's a purpose-built single-purpose application within Drupal and once you get familiar with it it's really very powerful. 

It also lets met build multi-column form layouts, a feature that I use often.

A feature-base comparison of Contact and Module based on features that I think are important: Feature
  • Multi-column layouts
  • Control labels and placeholders
  • Control Submit Button Text
  • Route email with form options
  • Search in submissions
  • Export submissions
Contact
  • ✔ (can't remove Preview)
  • ✔ (needs additional modules)
  • ✔ (needs additional modules)
Webform
Placing Drupal 8 Forms With Our Visual Page Builder

We believe interoperability with the Drupal ecosystem is important for Glazed Builder. This is why we don't include a proprietary form builder in Glazed Builder and instead encourage you to create forms with Drupal's webform module. Currently Glazed Builder let's you place blocks created with the webform module anywhere in your drag and drop page. The contact module doesn't provide blocks that we can drag and drop natively, but you can install the contact_block module to fix that.

[$] Counting beans—and more—with Beancount

LWN Headlines -

It is normally the grumpy editor's job to look at accounting software; he does so with an eye toward getting the business off of the proprietary Quickbooks application and moving to something free. It may be that Beancount deserves a look of that nature before too long but, in the meantime, a slightly less grumpy editor has been messing with this text-based accounting tool for a variety of much smaller projects. It is an interesting system, with a lot of capabilities, but its reliance on hand-rolling for various pieces may scare some folks off.

Data Firm Leaks 48 Million User Profiles it Scraped From Facebook, LinkedIn, Others

Slashdot -

Zack Whittaker, reporting for ZDNet: A little-known data firm was able to build 48 million personal profiles, combining data from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow, among others -- without the users' knowledge or consent. Localblox, a Bellevue, Wash.-based firm, says it "automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks." Since its founding in 2010, the company has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow to name a few, to produce profiles. But earlier this year, the company left a massive store of profile data on a public but unlisted Amazon S3 storage bucket without a password, allowing anyone to download its contents. The bucket, labeled "lbdumps," contained a file that unpacked to a single file over 1.2 terabytes in size. The file listed 48 million individual records, scraped from public profiles, consolidated, then stitched together.

Read more of this story at Slashdot.

Pip 10.0 has been released

LWN Headlines -

The release of pip 10.0 has been announced. Some highlights of this release include the removal of Python 2.6 support, limited PEP 518 support (with more to come), a new "pip config" command, and other improvements.

Puerto Rico is Experiencing an Island-Wide Blackout

Slashdot -

An anonymous reader shares a report: Seven months after Hurricane Maria devastated the island of Puerto Rico, the power grid is still unstable. But progress was being made; according to CBS, less than 10 percent of the island was without power as of a month ago. But now, the Associated Press reports that the island is undergoing yet another full blackout. The power company is still investigating the cause and estimates it will take 24 to 36 hours for power to be restored. The saga of Puerto Rico's power grid has been an unhappy one. The US territory was already facing a financial crisis before the hurricane hit. The island only has one electric company, and prior to Maria, it was $9 billion in debt and utilizing outdated infrastructure and equipment.

Read more of this story at Slashdot.

New PyPI launched

LWN Headlines -

The new PyPI has been launched. Browser traffic and API calls (including "pip install") have been redirected from the old pypi.python.org to the new site. The old PyPI will shut down on April 30. LWN covered the new PyPI last week.

Pages

Subscribe to Heydon Consulting aggregator