Default Action: directlink
Default Link Follow: nofollow
Default Link Target: newtab
Default Link Color is defined : #006666
Feed Title: Slashdot
"We have identified a large-scale security breach..." the official announcement begins. CNBC reports: Hackers have taken $196 million from crypto trading platform BitMart, a security firm said Saturday. BitMart confirmed the hack in an official statement Saturday night, calling it "a large-scale security breach" and writing that hackers withdrew about $150 million in assets. However, blockchain security and data analytics firm Peckshield estimates that the loss is closer to $200 million. BitMart added in a statement that all withdrawals had been temporarily suspended until further notice and said a thorough security review was underway. Peckshield was the first to notice the breach on Saturday, noting that one of BitMart's addresses showed a steady outflow of tens of millions of dollars to an address which [Ethereum analytics platform] Etherscan referred to as the "BitMart Hacker." Peckshield estimated that BitMart lost around $100 million in various cryptocurrencies on the ethereum blockchain and another $96 million from coins on the binance smart chain. The hackers made off with a mix of more than 20 tokens, including binance coin, safemoon, and shiba inu. This comes on the heels of a $120 million cryptocurrency heist from BadgerDAO. Read more of this story at Slashdot.
NBC News tells the hair-raising tale of Black Oxygen Organics (or "BOO" for short). Put more simply, the product is dirt — four-and-a-half ounces of it, sealed in a sleek black plastic baggie and sold for $110 plus shipping. Visitors to the Black Oxygen Organics website, recently taken offline, were greeted with a pair of white hands cradling cups of dirt like an offering. "A gift from the Ground," it reads. "Drink it. Wear it. Bathe in it." BOO, which "can be taken by anyone at any age, as well as animals," according to the company, claims many benefits and uses, including improved brain function and heart health, and ridding the body of so-called toxins that include heavy metals, pesticides and parasites. By the end of the summer, online ads for BOO had made their way to millions of people within the internet subcultures that embrace fringe supplements, including the mixed martial arts community, anti-vaccine and Covid-denier groups, and finally more general alternative health and fake cure spaces.... "Who would have thought drinking dirt would make me feel so so good?" one person in a 27,000-member private Facebook group posted, her face nuzzling a jar of black liquid.... Teams of sellers in these private Facebook groups claim that, beyond cosmetic applications, BOO can cure everything from autism to cancer to Alzheimer's disease.... But there may be an incentive for the hyperbole... Participation in multi-level marketing (MLM) boomed during the pandemic with 7.7 million Americans working for one in 2020, a 13 percent increase over the previous year, according to the Direct Selling Association, the trade and lobbying group for the MLM industry. Wellness products make up the majority of MLM products, and, as the Federal Trade Commission noted, some direct sellers took advantage of a rush toward so-called natural remedies during the pandemic to boost sales. More than 99 percent of MLM sellers lose money, according to the Consumer Awareness Institute, an industry watchdog group... The secret to dealing dirt seems to be Facebook, where sellers have created dozens of individual groups that have attracted a hodgepodge of hundreds of thousands of members. NBC News had a bag analyzed by a professor of soil and environmental science at Ohio State University. It found two doses per day "exceeded Health Canada's limit for lead, and three doses for daily arsenic amounts." Growing concern among BOO sellers about the product — precipitated by an anti-MLM activist who noticed on Google Earth that the bog that sourced BOO's peat appeared to share a border with a landfill — pushed several to take matters into their own hands, sending bags of BOO to labs for testing. The results of three of these tests, viewed by NBC News and confirmed as seemingly reliable by two soil scientists at U.S. universities, again showed elevated levels of lead and arsenic. Those results are the backbone of a federal lawsuit seeking class action status filed in November in Georgia's Northern District court. The complaint, filed on behalf of four Georgia residents who purchased BOO, claims that the company negligently sold a product with "dangerously high levels of toxic heavy metals," which led to physical and economic harm. Black Oxygen Organics did not respond to requests for comment concerning the complaint. The anti-MLM forces also formed Facebook groups, monitoring Facebook's pro-Boo sales groups and even documenting sales and company meetings — then filed official complaints with Amreica's product-regulating Federal Trade Commission and the Food and Drug Administration. And it all ended badly for Boo... According to BOO President Carlo Garibaldi, they had weathered the FTC complaints, the FDA seizures, the Health Canada recalls and the online mob. But the "fatal blow" came when their online merchant dropped them as clients.... Members of anti-BOO groups celebrated. "WE DID IT!!!!!!" Ceara Manchester, the group administrator, posted to the "Boo is Woo" Facebook group. "I hope this is proof positive that if the anti-MLM community bans together we can take these companies down. We won't stop with just BOO. A new age of anti-MLM activism has just begun." In a separate Zoom meeting unattended by executives and shared with NBC News, lower-rung sellers grappled with the sudden closure and the reality that they were out hundreds or thousands of dollars. Read more of this story at Slashdot.
"The U.S. military has gone on the offensive against ransomware groups," reports CNET, "as U.S. companies increasingly become targets of malware attacks, the nation's top cyber defender acknowledged on Saturday." Up until about nine months ago, reining in ransomware attacks was seen as the responsibility of law enforcement agencies, Gen. Paul M. Nakasone, the head of U.S. Cyber Command and director of the National Security Agency, told the New York Times. But attacks like the ones on Colonial Pipeline and JBS beef plants have been "impacting our critical infrastructure," Nakasone said, leading federal agencies to ramp up the gathering and sharing of intelligence on ransomware groups.... Nakasone didn't describe the action taken or identify the groups targeted, but said one of the goals is to "impose costs" for ransomware groups. "Before, during and since, with a number of elements of our government, we have taken actions and we have imposed costs," Nakasone said. "That's an important piece that we should always be mindful of." Read more of this story at Slashdot.
"Fueled largely by millenial hipsters under the age of 35, the old, outdated format has risen from the dead," argues the Hustle: In the 1970s, vinyl sales peaked at 530 million units per year and accounted for 66% of all music format revenues... [B]y the '90s, vinyl sales dipped to less than 10 million units — a mere 0.1% of market share. In recent years, though, something odd has happened: Vinyl has made a small but mighty comeback... In an age of fleeting digital pleasures, vinyl has quenched a thirst for tangible assets. For each of the past 15 years, sales of new vinyl have gradually increased. In the first half of 2021 alone, 17 million albums were sold — an 86% jump from 2020. In an extremely rare twist, an old technology came back to surpass a newer one. Last year, for the first time since 1986, vinyl records outranked CDs in annual sales. This year, they're on pace to more than double CD revenue... These figures don't even include the millions of used records sold through online marketplaces like Discogs (9 million active listings) and eBay (3.5 million), or at the 1,400 local record stores peppered throughout the U.S. Per Forbes, used vinyl sales are likely 1.5 times those of new records, or about 50 million units based on 2021 projections. 84% of the music industry's revenue now comes from sreaming, the article acknowledges. (And a vinyl record creates 12 times as many greenhouse gas emissions as other music formats.) But for artists, the economics are undeniable. Even though the price of polyvinyl chloride has quadrupled since 2020, "A band would have to amass 450,000 streams on Spotify to match the profit of 100 vinyl sales." Read more of this story at Slashdot.
Recently a New York Times headlined asked "Is the four-day work week finally within our grasp?" Kickstarter, Shake Shack and Unilever's New Zealand unit are among those that have experimented with the four-day workweek, or have announced plans to. And after an experiment in Iceland supported the idea that the system improves worker well-being without reducing overall output, a majority of the country's workers have now moved to shorter workweeks, or will gain the right to... Roughly 1% of Iceland's working population was involved in its trials of shorter workweeks for equal pay, which ran for several years starting in 2015. "The trials were successful," concluded a recent research report on the experiment. "Participating workers took on fewer hours and enjoyed greater well-being, improved work-life balance and a better cooperative spirit in the workplace — all while maintaining existing standards of performance and productivity...." And the extra day off means fewer commuting days, which saves time and reduces environmental impact.... Proponents of four-day weeks say the key is to rein in meetings. "You have better discipline around meetings. You're a lot more thoughtful in how you use technology," said Alex Soojung-Kim Pang, author of "Shorter," a book about the four-day workweek. He also said that a shorter week requires workers to set aside time for focused work and refrain from email or other communications during that time. "To paraphrase William Gibson, the four-day week is already here for most companies," said Pang, an organizational strategy consultant in Menlo Park, California. "It's buried under a whole bunch of rubble of outmoded practices and bad meetings. Once you clear that stuff away, then it turns out the four-day week is well within your grasp." And now one commentator in Newsweek reports that 83% of U.S. workers favor a shorter work week. But there's also a business case for the change, since a Microsoft experiment with a four-day work week in Japan "led to a 40 percent improvement in productivity, as measured by sales per employee...." The strongest argument for a shorter work week is that it doesn't actually require a sacrifice. Although the average American works 8.8 hours a day, not much of this time is actually spent working. If a worker is in the office but isn't working, what is the purpose of them being there? Minutes spent chatting by the water cooler, checking social media and making snacks compound into hours that could be better spent elsewhere. As noted by the historian C. Northcote Parkinson, famous for "Parkinson's Law," work "expands so as to fill the time available for its completion." I think he's right. Deadlines focus work, and focused work is better work. It's the quality, and not the quantity, of our work that matters.... As we near the post-COVID juncture, I believe it's time to refocus our sights on the forgotten promise of the industrial revolution — to finally help employees find a better work-life balance and actually increase business' productivity and bottom line at the same time. Four great work days are always better than five average days. It's happening. "The coronavirus pandemic has sped up a transition into more flexible and diverse working hours around the world, opening up ways of working that were unthinkable just a few years ago," reports Reuters. (The traditional model of how we work has been broken," Meghana Reddy, vice president of video messaging service Loom, told the Reuters Next conference.") And an article in Forbes reminds us that last month Britain's Atom Bank adopted a four-day week for most of its 430 employees, reducing working hours to 34 hours per week from 37.5 hours without reducing pay. "There's even talk at the congressional level: U.S. Rep. Mark Takano, a Democrat from California, introduced a bill in July to reduce the standard work week from 40 hours to 32. The bill has 13 co-sponsors...." The four-day work week will take hold because it embodies the spirit of our times, because workers demand it, and because businesses that implement it will thrive... Years from now we will look back on our pre-pandemic work habits and lifestyles and wonder why we worked the way we did. We will cringe to recall how we sacrificed evenings and weekends and friendships and family to work all the time. We will ponder how we allowed ourselves to sink beneath relentless professional demands and digital distractions without even noticing we were drowning. The four-day work week is just one of the corporate experiments that will define the life-work revolution and ultimately the future of work. Read more of this story at Slashdot.
Smithsonian magazine explores the many Mars simulation facilities around the world, including the Mars Desert Research Station — which is located in Utah, four hours south of Salt Lake City, "but everyone spoke and acted as though they were actually on Mars." A group of six people lived in a two-story cylindrical building. The commander, a former member of the Army National Guard, kept the participants on a strict schedule of fixing electrical systems, taking inventory, tidying up the facilities and sampling the soil. Everyone was assigned a special role: [photographer] Klos' was to prepare reports to share with the public. The health safety officer kept tabs on the crew's well-being, and the engineer monitored levels of carbon dioxide and solar power. Before stepping outside in a spacesuit, Klos and the others had to get permission from mission control back on "Earth" (actually a coordinator stationed in a nearby town). That person would send information about the winds and weather, and determine how long each person could stay outside the base. Sometimes dust storms rolled in, cutting off the solar power supply just as they would on Mars... There are about a dozen such habitats around the globe, hosting simulations that run anywhere from two weeks to a full year. One of these is run by NASA's Human Research Program at the Johnson Space Center in Houston. But other facilities are funded by private organizations. The Mars Society, established by Brooklyn-born aerospace engineer Robert Zubrin, operates the habitat in Utah, where Klos returned for another mission in 2017, and another in the Canadian Arctic. Klos also took part in a mission at the Hawaii Space Exploration Analog and Simulation, or HI-SEAS. The facility is run by the International MoonBase Alliance, a group founded by the Dutch entrepreneur Henk Rogers. HI-SEAS is located on Hawaii's big island at 8,200 feet above sea level, on top of the active volcano Mauna Loa. NASA's Goddard Space Flight Center is collaborating with the facility to gather information about volcanic caves and the microbes that live in those Mars-like conditions. HI-SEAS is also studying the limitations of doing that kind of work while wearing heavy spacesuits. It's hard enough for astronauts to hold a screwdriver in a gloved hand while repairing the International Space Station, but if people are going to be clambering on Martian rocks looking for microbes, they'll need the right gear. The article notes these missions "are open to people who have no background in science, engineering or astronaut training. After all, the goal is to send ordinary folks into space, so it's worth finding out whether ordinary folks can coexist in Mars-like conditions here on Earth." (Some are even recruited off the internet.) "Sometimes people make the critique that we're role-playing too much," the photographer tells the magazine. "But the goal is to really live the way people are going to live on Mars so scientists can figure out how to make it work when we get there." And the article also points out that "The data we're gathering now about surviving on solar power, conserving water and growing plants in arid conditions could be useful here at home as our climate changes." Read more of this story at Slashdot.
InfoWorld reports reveals this year's highest-paying software developer roles according to Robert Half's 2022 Salary Guide (which uses research conducted this summer on America's average salary range for the 50th and 75th percentile of applicants): The highest paying non-C-suite role in 2021 is the cloud architect. Organizations are looking for talented engineers to guide their digital transformation efforts. Cloud/network architect: $153,750-$180,500 Applications architect: $150,500-$180,250 Software developer job titles have proliferated in recent years, and there is a clear need for mobile and applications developers, who get paid on average far better than their colleagues still working on mainframes. Software and applications manager: $142,500-$166,250 Mobile applications developer: $137,250-$163,750 Senior software engineer: $135,250-$162,250 Software engineer: $124,500-$147,250 Software developer: $122,250-$142,750 Developer/programmer analyst: $112,500-$133,750 Developers responsible solely for web applications get paid on a slightly different scale than standard software developer job titles. Senior web developer: $128,750-$151,000 Web developer: $111,000-$131,500 Front-end developer: $93,250-$107,750 The salary guide's web page also offers a search form that lets you adjust salaries to a selected cities (also showing what the lower salaries would be in the 25th percentile for applications new to the role and still acquiring relevant skills). The page calls tech-sector recruiting "especially active," with employers hiring tech professionals "at or beyond pre-pandemic levels." In fact, 52% of tech employers said they were adding new positions, with 49% offering signing bonuses to new employees, and hiring is especially strong in areas like cloud services, AI/machine learning, and data analysis. One perk being offered more frequently by tech-oriented businesses: unlimited time off. Read more of this story at Slashdot.
Long-time Slashdot reader destinyland writes: Mystery Science Theatre 3000 will be coming back in 2022 with thirteen new episodes, plus 12 additional shorts and 12 monthly live events. "And this time, we're doing it without a network," explains the web page for their successful comeback campaign on Kickstarter. "Season 13 will be released exclusively in MST3K's new online virtual theatre, THE GIZMOPLEX." 36,581 backers pledged $6,519,019 to fund their own dedicated MST3K venue online, and most contributors to their 2021 Kickstarter campaign received 2022 passes to the online theatre as a thank-you. Now through December, fans who want to buy or gift a 2022 pass can get them discounted to $95. (Normally'll they cost $120.) Starting on March 4, 2022, assorted MST3K zanies and their puppet robots will be watching (and heckling) 12 carefully-chosen weird movies, including one 1970 Gamera movie that they haven't gotten to yet, a 1968 Italian movie about a professional wrestler called The Batwoman, and Jack Palance's 1979 film, HG Wells' The Shape of Things to Come. And series creator Joel Hodgson will return when they all watch the 2014 movie The Christmas Dragon. The Den of Geek site has all the details on the 13 movies (gleaned from last week's traditional "Turkey Day marathon" of fan-favorite episodes — this year broadcast on YouTube, Twitch, and various web pages and streaming apps). But in addition there's also a live touring show that will take them all across America. Next week fans can catch shows in the midwestern U.S. — specifically Youngstown Ohio, Nashville Indiana, Madison Wisconsin, and Chicago — before the crew moves on to Salt Lake City, Reno, and Seattle. Then it's on to California — San Francisco, Los Angeles, and San Diego — and then dozens of other major cities in the U.S. (Portland! Denver! Austin! Atlanta! Durham! Worcester! New York City!) "We know that many of you are understandably concerned about COVID and the Delta variant. We are too," explains a special announcement on the tour's web site, promising the tour "will adhere to the same standards as touring Broadway shows in effect at the time of your performance... [E]very theater on the tour will have its own policies." In 2008 the show's creator Joel Hodgson answered questions from Slashdot readers. Read more of this story at Slashdot.
The Verge reports: On Wednesday night, someone drained funds from multiple cryptocurrency wallets connected to the decentralized finance platform BadgerDAO. According to the blockchain security and data analytics Peckshield, which is working with Badger to investigate the heist, the various tokens stolen in the attack are worth about $120 million. While the investigation is still ongoing, members of the Badger team have told users that they believe the issue came from someone inserting a malicious script in the UI of their website. For any users who interacted with the site when the script was active, it would intercept Web3 transactions and insert a request to transfer the victim's tokens to the attacker's chosen address. Because of the transparent nature of the transactions, we can see what happened once the attackers pounced. PeckShield points out one transfer that yanked 896 Bitcoin into the attacker's coffers, worth more than $50 million. According to the team, the malicious code appeared as early as November 10th, as the attackers ran it at seemingly random intervals to avoid detection.... One of the things Badger is investigating is how the attacker apparently accessed Cloudflare via an API key that should've been protected by two-factor authentication... Read more of this story at Slashdot.
For 32 years a human named Andy Chanley has been a radio announcer (now working afternoon's at Southern California's 88.5 KCSN), Reuters reports. But now.... "I may be a robot, but I still love to rock," says the robot DJ named ANDY, derived from Artificial Neural Disk-JockeY, in Chanley's voice, during a demonstration for Reuters where the voice was hard to distinguish from a human disc jockey. Our phones, speakers and rice cookers have been talking to us for years, but their voices have been robotic. Seattle-based AI startup WellSaid Labs says it has finessed the technology to create over 50 real human voice avatars like ANDY so far, where the producer just needs to type in text to create the narration.... Martín Ramírez, head of growth at WellSaid, said once the voice avatars are created, WellSaid manages the commercial agreements according to the voice owner's requests. WellSaid voice avatars are doing more than DJ work. They are used in corporate training material or even to read audiobooks, said Ramirez. The article points out that while (human) announcer Andy Chanley was recording his voice, he discovered he has Stage 2 lymphoma. While he eventually recovered, Chanley liked knowing that there was also another way that the sound of his voice could still be supporting his family — and that his grandchildren could hear the sound of his voice. Read more of this story at Slashdot.
"Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them," reports Bleeping Computer, "even when running the latest firmware." Slashdot reader joshuark shared their report: The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people... Researchers at IoT Inspector carried out the security tests in collaboration with CHIP magazine, focusing on models used mainly by small firms and home users. "For Chip's router evaluation, vendors provided them with current models, which were upgraded to the latest firmware version," Florian Lukavsky, CTO & Founder at IoT Inspector, told BleepingComputer via email. "The firmware versions were automatically analyzed by IoT Inspector and checked for more than 5,000 CVEs and other security issues...." While not all flaws carried the same risk, the team found some common problems that affected most of the tested models: - Outdated Linux kernel in the firmware - Outdated multimedia and VPN functions - Over-reliance on older versions of BusyBox - Use of weak default passwords like "admin" - Presence of hardcoded credentials in plain text form.... All of the affected manufacturers responded to the researchers' findings and released firmware patches. The researchers demonstrated one exploit they found on one of the routers that extracted the AES key used for the firmware encryption, letting malicious firmware image updates pass verification checks on the device — and thus potentially planting malware on the router. jd (Slashdot reader #1,658) shares another perspective on the same study from Security Week: Not all of the identified weaknesses are considered real security flaws, and for some bugs it is unclear whether exploitation is even possible. However, many of the identified vulnerabilities (ranging from 2 in AVM devices to nearly a dozen in other routers) were classified as high- and medium-severity. Read more of this story at Slashdot.
Long-time Slashdot reader mtaht writes: Comcast fully deployed bufferbloat fixes across their entire network over the past year, demonstrating 90% improvements in working latency and jitter — which is described in this article by by Comcast Vice President of Technology Policy & Standards. (The article's Cumulative Distribution Function chart is to die for...) But: did anybody notice? Did any other ISPs adopt AQM tech? How many of y'all out there are running smart queue management (sch_cake in linux) nowadays? But wait — it gets even more interesting... The Comcast official anticipates even less latency with the newest Wi-Fi 6E standard. (And for home users, the article links to a page recommending "a router whose manufacturer understands the principles of bufferbloat, and has updated the firmware to use one of the Smart Queue Management algorithms such as cake, fq_codel, PIE.") But then the Comcast VP looks to the future, and where all of this is leading: Currently under discussion at the IETF in the Transport Area Working Group is a proposal for Low Latency, Low Loss Scalable Throughput. This potential approach to achieve very low latency may result in working latencies of roughly one millisecond (though perhaps 1-5 milliseconds initially). As the IETF sorts out the best technical path forward through experimentation and consensus-building (including debate of alternatives), in a few years we may see the beginning of a shift to sub-5 millisecond working latency. This seems likely to not only improve the quality of experience of existing applications but also create a network foundation on which entirely new classes of applications will be built. While we can certainly think of usable augmented and virtual reality (AR and VR), these are applications we know about today. But what happens when the time to access resources on the Internet is the same, or close to the time to access local compute or storage resources? What if the core assumption that developers make about networks — that there is an unpredictable and variable delay — goes away? This is a central assumption embedded into the design of more or less all existing applications. So, if that assumption changes, then we can potentially rethink the design of many applications and all sorts of new applications will become possible. That is a big deal and exciting to think about the possibilities! In a few years, when most people have 1 Gbps, 10 Gbps, or eventually 100 Gbps connections in their home, it is perhaps easy to imagine that connection speed is not the only key factor in your performance. We're perhaps entering an era where consistently low working latency will become the next big thing that differentiates various Internet access services and application services/platforms. Beyond that, factors likely exceptionally high uptime, proactive/adaptive security, dynamic privacy protection, and other new things will likely also play a role. But keep an eye on working latency — there's a lot of exciting things happening! Read more of this story at Slashdot.
"Videos and GIFs of cute animals — usually cats — have gone viral online for almost as long as the internet has been around..." writes the New York Times. "Now, it is becoming increasingly clear how widely the old-school internet trick is being used by people and organizations peddling false information online, misinformation researchers say." The posts with the animals do not directly spread false information. But they can draw a huge audience that can be redirected to a publication or site spreading false information about election fraud, unproven coronavirus cures and other baseless conspiracy theories entirely unrelated to the videos. Sometimes, following a feed of cute animals on Facebook unknowingly signs users up as subscribers to misleading posts from the same publisher. Melissa Ryan, chief executive of Card Strategies, a consulting firm that researches disinformation, said this kind of "engagement bait" helped misinformation actors generate clicks on their pages, which can make them more prominent in users' feeds in the future. That prominence can drive a broader audience to content with inaccurate or misleading information, she said. "The strategy works because the platforms continue to reward engagement over everything else," Ms. Ryan said, "even when that engagement comes from" publications that also publish false or misleading content. Read more of this story at Slashdot.