Recruiters Are Still Complaining About No-Shows At Interviews
it - Posted On:2018-08-19 03:44:58 Source: slashdot
An anonymous reader quotes CNN Money: Chandra Kill had scheduled face-to-face interviews with 21 candidates to fill some job openings at her employment screening firm. Only 11 showed up. "About half flaked out," said Kill.... "A year or two ago it wasn't like this." With the U.S. unemployment rate at its lowest in 18 years, and more job openings than there are people looking for work, candidates are bailing on scheduled interviews. In some cases, new hires are not showing up for their first day of work.... While there's nothing wrong with accepting another job offer, bailing on an employer without notice could have lasting effects. "The world is small," said Johnny Taylor, president and CEO of the Society for Human Resource Management.... He added that he's heard of a candidate being flown out for a job interview only to skip that part of the trip. "I expect that if I send you a plane ticket and block off two hours to meet with you, you will show up." As a result, he said some companies are having candidates agree to reimburse for travel costs if they take the trip but flake on the interview. In an effort to curb the problem, recruiters have been changing their tactics and moving through the hiring process faster. If they have a qualified candidate that seems like a good fit, they work to get them in for an interview the next day. Inc. magazine once blamed the problem of no-shows on the low unemployment rate and "the effects technology have had on the communication style of younger generations." But leave your own thoughts in the comments. And have you ever been a no-show for a job interview? Read more of this story at Slashdot.
New VORACLE Attack Can Recover HTTP Data From Some VPN Connections
it - Posted On:2018-08-18 16:45:00 Source: slashdot
"A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions," reports Bleeping Computer, citing research presented last week at the Black Hat and DEF CON security conferences. An anonymous reader writes: The conditions are that the VPN service/client uses the OpenVPN protocol and that the VPN app compresses the HTTP traffic before it encrypts it using TLS. To make matters worse, the OpenVPN protocol compresses all data by default before sending it via the VPN tunnel. At least one VPN provider, TunnelBear, has now updated its client to turn off the compression. [UPDATE: ExpressVPN has since also disabled compression to prevent VORACLE attacks.] HTTPS traffic is safe, and only HTTP data sent via the VPN under these conditions can be recovered. Users can also stay safe by switching to another VPN protocol if their VPN client suppports multiple tunneling technologies. In response to the security researcher's report, the OpenVPN project "has decided to add a more explicit warning in its documentation regarding the dangers of using pre-encryption compression." Read more of this story at Slashdot.
Linux Study Argues Monolithic OS Design Leads To Critical Exploits
it - Posted On:2018-08-18 15:45:00 Source: slashdot
Long-time Slashdot reader Mike Bouma shares a paper (via OS News) making the case for "a small microkernel as the core of the trusted computing base, with OS services separated into mutually-protected components (servers) -- in contrast to 'monolithic' designs such as Linux, Windows or MacOS." While intuitive, the benefits of the small trusted computing base have not been quantified to date. We address this by a study of critical Linux CVEs [PDF] where we examine whether they would be prevented or mitigated by a microkernel-based design. We find that almost all exploits are at least mitigated to less than critical severity, and 40% completely eliminated by an OS design based on a verified microkernel, such as seL4.... Our results provide very strong evidence that operating system structure has a strong effect on security. 96% of critical Linux exploits would not reach critical severity in a microkernel-based system, 57% would be reduced to low severity, the majority of which would be eliminated altogether if the system was based on a verified microkernel. Even without verification, a microkernel-based design alone would completely prevent 29% of exploits... The conclusion is inevitable: From the security point of view, the monolithic OS design is flawed and a root cause of the majority of compromises. It is time for the world to move to an OS structure appropriate for 21st century security requirements. Read more of this story at Slashdot.
Twitter Is 'Rethinking' Its Service, and Suspending 1M Accounts Each Day
technology - Posted On:2018-08-18 14:45:00 Source: slashdot
Twitter's CEO told the Washington Post he's "rethinking" core parts of Twitter: Dorsey said he was experimenting with features that would promote alternative viewpoints in Twitter's timeline to address misinformation and reduce "echo chambers." He also expressed openness to labeling bots -- automated accounts that sometimes pose as human users -- and redesigning key elements of the social network, including the "like" button and the way Twitter displays users' follower counts. "The most important thing that we can do is we look at the incentives that we're building into our product," Dorsey said. "Because they do express a point of view of what we want people to do -- and I don't think they are correct anymore." Dorsey's openness to broad changes shows how Silicon Valley leaders are increasingly reexamining the most fundamental aspects of the technologies that have made these companies so powerful and profitable. At Facebook, for example, CEO Mark Zuckerberg has commissioned a full review of his company's products to emphasize safety and trust, from mobile payments to event listings.... In recent months, Twitter has made several changes to promote safety and trust. It has introduced new machine learning software to monitor account behavior and is suspending over a million problematic accounts a day.... Dorsey said Twitter hasn't changed its incentives, which were originally designed to nudge people to interact and keep them engaged, in the 12 years since Twitter was founded. Read more of this story at Slashdot.
Wifi Could Be Used To Detect Guns and Bombs, Researchers Say
it - Posted On:2018-08-18 13:45:00 Source: slashdot
An anonymous reader quotes the BBC: Ordinary wi-fi could be used to detect weapons and explosives in public places, according to a study led by the Rutgers University in New Jersey. Wireless signals can penetrate bags to measure the dimensions of metal objects or estimate the volume of liquids, researchers claim. Initial tests appeared to show that the system was at least 95% accurate. It could provide a low-cost alternative to airport-style security, researchers said. The system works by analysing what happens when wireless signals penetrate and bounce off objects and materials. Read more of this story at Slashdot.
H-1B Visa Use Soared Last Year At Major Tech Firms
it - Posted On:2018-08-18 12:45:00 Source: slashdot
"Even as the White House began cracking down on U.S. work visas, major Silicon Valley technology firms last year dramatically ramped up hiring of workers under the controversial H-1B visa program," reports the Mercury News. Menlo Park-based Facebook in 2017 received 720 H-1B approvals, a 53 percent increase over 2016, according to the National Foundation for American Policy, which obtained federal government data. Mountain View's Google received 1,213 H-1B approvals, a 31 percent increase. The number of H-1B approvals at Intel in Santa Clara rose 19 percent and Cupertino-based Apple received 673, a 7 percent increase.... [E]xperts say the data doesn't show how many additional H-1B contractors tech companies may get from staffing agencies or outsourcing companies. In response to this news organization's inquiries, Facebook said it does not publicly discuss its use of H-1B workers or contractors. Google, Apple and Intel did not respond to requests for information about their use of H-1B workers or contractors.... Amazon chalked up the largest increase in H-1B approvals, with 2,515 in 2017, a 78 percent leap. Microsoft received 1,479 approvals, an increase of 29 percent. Neither company responded to a request for comment. A distinguished fellow at Carnegie Mellon's School of Engineering at Silicon Valley believes that the threat of a U.S. crackdown on H-1B visas may simply have prompted companies to secure as many visas as possible while they could. Read more of this story at Slashdot.
Encrypt NFSv4 with TLS Encryption Using Stunnel
it - Posted On:2018-08-18 11:45:00 Source: slashdot
The systems and database administrator for a Fortune 500 company notes that while NFS is "decades old and predating Linux...the most obvious feature missing from NFSv4 is native, standalone encryption." emil (Slashdot reader #695) summarizes this article from Linux Journal: NFS is the most popular remote file system in the Linux, UNIX, and greater POSIX community. The NFS protocol pushes file traffic over cleartext connections in the default configuration, which is poison to sensitive information. TLS can wrap this traffic, finally bringing wire security to files vulnerable to compromise in transit. Before using a cloud provider's toolset, review NFS usage and encrypt where necessary. The article's author complains that Google Cloud "makes no mention of data security in its documented procedures," though "the performance penalty for tunneling NFS over stunnel is surprisingly small...." "While the crusade against telnet may have been largely won, Linux and the greater UNIX community still have areas of willful blindness. NFS should have been secured long ago, and it is objectionable that a workaround with stunnel is even necessary." Read more of this story at Slashdot.
NSA Cracked Open Encrypted Networks of Russian Airlines, Al Jazeera, and Other 'High Potential' Targets
it - Posted On:2018-08-17 16:45:00 Source: slashdot
An anonymous reader quotes a report from The Intercept: The National Security Agency successfully broke the encryption on a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems, according to a March 2006 NSA document. The fact that the NSA spied on Al Jazeera's communications was reported by the German newsmagazine Der Spiegel in 2013, but that reporting did not mention that the spying was accomplished through the NSA's compromise of Al Jazeera's VPN. During the Bush administration, high-ranking U.S. officials criticized Al Jazeera, accusing the Qatar-based news organization of having an anti-American bias, including because it broadcasted taped messages from Osama bin Laden. According to the document, contained in the cache of materials provided by NSA whistleblower Edward Snowden, the NSA also compromised VPNs used by airline reservation systems Iran Air, "Paraguayan SABRE," Russian airline Aeroflot, and "Russian Galileo." Sabre and Galileo are both privately operated, centralized computer systems that facilitate travel transactions like booking airline tickets. Collectively, they are used by hundreds of airlines around the world. In Iraq, the NSA compromised VPNs at the Ministries of Defense and the Interior; the Ministry of Defense had been established by the U.S. in 2004 after the prior iteration was dissolved. Exploitation against the ministries' VPNs appears to have occurred at roughly the same time as a broader "all-out campaign to penetrate Iraqi networks," described by an NSA staffer in 2005. Read more of this story at Slashdot.
SuperProf Private Tutor Site Fails Password Test, Makes Accounts Super Easy To Hack
technology - Posted On:2018-08-17 13:30:00 Source: slashdot
Superprof, which claims to be "the world's largest tutoring network," has made its newest members' passwords utterly predictable... leaving them wide open to hackers. From a report: SuperProf is a website that helps you find a private tutor -- either online via webcam, or face-to-face. The site claims to have over three million tutors on its books, helping people learn languages, how to play musical instruments, or giving kids extra lessons in tricky subjects. It's not the only site which offers these kind of services. For instance, SuperProf has just taken over UK-based The Tutor Pages, and -- to the surprise of many Tutor Pages teachers -- migrated them to SuperProf. And, sadly, that account migration has been utterly incompetent from the security point of view. In an email that SuperProf sent Tutor Pages teachers last night, it shared details of how they can login to their new SuperProf account. If a tutor's name is Barbara, her new SuperProf-provided password is "superbarbara". Clarinetist Lisa's new SuperProf-supplied password is "superlisa." Read more of this story at Slashdot.
This Company Embeds Microchips in Its Employees, and They Love It
technology - Posted On:2018-08-17 12:45:00 Source: slashdot
Last August, 50 employees at Three Square Market got RFID chips in their hands. Now 80 have them. From a report: The idea came about in early 2017, president of Three Square Market Patrick McMullan says, when he was on a business trip to Sweden -- a country where some people are getting subcutaneous microchips to do things like enter secure buildings or book train tickets. It's one of very few places where chip implants, which have been around for quite a while, have taken off in some fashion. The chips he and his employees got are about the size of a very large grain of rice. They're intended to make it a little easier to do things like get into the office, log on to computers, and buy food and drinks in the company cafeteria. Like many RFID chips, they are passive -- they don't have batteries, and instead get their power from an RFID reader when it requests data from the chip. A year into their experiment, McMullan and a few employees say they are still using the chips regularly at work for all the activities they started out with last summer. Since then, an additional 30 employees have gotten the chips, which means that roughly 80 of the company's now 250 employees, or nearly a third, are walking, talking cyborgs. "You get used to it; it's easy," McMullan says. As far as he knows, just two Three Square Market employees have had their chips removed -- and that was when they left the company. Read more of this story at Slashdot.
Flight-Simulator Enthusiasts Confident of Real-World Skills
technology - Posted On:2018-08-17 12:15:00 Source: slashdot
Two anonymous readers share a report: When the ground-services employee who stole a turboprop airliner last week declined air-traffic controllers' piloting advice, saying he had played videogames, it was no surprise to some devotees of intricate home flight-simulation programs [Editor's note: the link may be paywalled; an alternative source wasn't immediately available.]. Such software can mimic many phases of aircraft operations, including takeoffs, as well as how to respond to heavy weather and emergencies, pilots and software makers say. The simulators are also more affordable than pursuing a pilot's license and can help satisfy a lifelong obsession with flying. Last year, two million units of vehicle-simulation games for PCs and consoles were sold world-wide, the most common being flight simulators, according to the market-research firm NPD Group. Home programs have evolved over more than three decades. They can represent all types of aircraft, from wartime bombers to modern-day passenger airliners. A setup can cost a few dozen dollars for a videogame to thousands for software with intricate renderings of cockpits and real-world environments. A new conference called FlightSimExpo held in Las Vegas in June drew around 1,100 people, its organizers said. FlightSimCon held its sixth annual gathering in Dallas in June, according to its website. Many hobbyists say they don't think of simulators in the same vein as traditional videogames, because they aren't trying to rack up points or compete. They simply focus on flying. Read more of this story at Slashdot.
The Ampex Sign Is Coming Down
technology - Posted On:2018-08-17 06:14:57 Source: slashdot
harrymcc writes: If you ever watched anything on videotape, you have Silicon Valley pioneer Ampex -- which invented the technology -- to thank. And for years, the company's vintage sign has stood alongside Highway 101 as a tribute to its historical significance. But Stanford University, which owns the land the sign sits on, is in the process of dismantling it -- an act which Redwood City could have prevented but didn't. I wrote about this dismaying example of cultural shortsightedness at Fast Company. Read more of this story at Slashdot.
The Man Who Jailbreaks Teslas
technology - Posted On:2018-08-16 21:29:59 Source: slashdot
harrymcc writes: Normally, a totaled Tesla is worth so little that they sell for peanuts at salvage auctions. But Berkeley, California engineer Phil Sadow buys trashed Tesla cars and gets them up and running again -- a feat which has required him to figure out how to root their software so he can run diagnostics normally unavailable to a tinkerer such as himself. Over at Fast Company, Daniel Terdiman tells the story of Sadow's work, which Tesla is apparently nonplussed about but has not tried to prevent. Slashdot reader Ingineerix also submitted the story, sharing an excerpt from the report: In a cramped warehouse in an industrial neighborhood in Berkeley, California, a Tesla Model 3 is ready to go. It's powered up, its display screen is on, and it's pumping out data. But there are some strange error messages. For one, the passenger door window is uncalibrated. For another, the autopilot electronic control unit is missing. These would be troubling signals for most Tesla owners. For Phil Sadow, though, they make perfect sense. After all, his Model 3 is lacking some very important components: its windows, its wheels, and the entire body frame. For the last three years, Sadow, a 49-year-old electrical engineer who also goes by the moniker Ingineer, has been rebuilding and selling salvaged Teslas. He's also taught a global community of fellow enthusiasts to do the same, charging an hourly rate as a consultant on other tinkerers' repair projects. All told, he says, he's rebuilt -- or helped other people rebuild -- almost 400 vehicles over the last three years. Read more of this story at Slashdot.
Kroger Launches Autonomous Grocery Delivery Service In Arizona
technology - Posted On:2018-08-16 19:29:59 Source: slashdot
Residents of Scottsdale, Arizona will be able to receive autonomous grocery deliveries from Kroger-owned Fry's Food Stores. The technology required to make this all possible is supplied by Nuro, a self-driving vehicle startup founded by two veterans of Google's self-driving car project. Ars Technica reports: Kroger says that deliveries will have a flat $5.95 delivery fee, and customers can schedule same-day or next-day deliveries. Initially, the deliveries will be made by Nuro's fleet of modified Toyota Priuses with a safety driver behind the wheel. But Kroger expects to start using Nuro's production model -- which doesn't even have space for a driver -- this fall. That vehicle, known as the R1, is significantly smaller and lighter than a conventional passenger car. When we talked to Nuro cofounder Dave Ferguson back in May, he argued that the R1's design had significant safety benefits. A smaller, lighter vehicle would do less damage if it ever ran into something. The vehicle's maximum speed of 25 miles per hour also makes serious injuries less likely. And the fact that the car is dramatically narrower than a traditional car gives it significant safety benefits, Ferguson argued. Read more of this story at Slashdot.
Google Employees Protest Secret Work On Censored Search Engine For China
technology - Posted On:2018-08-16 18:44:59 Source: slashdot
According to The New York Times, "Hundreds of Google employees, upset at the company's decision to secretly build a censored version of its search engine for China, have signed a letter demanding more transparency to understand the ethical consequences of their work (Warning: source may be paywalled; alternative source)." In the letter, the employees wrote that the project and Google's apparent willingness to abide by China's censorship requirements "raise urgent moral and ethical issues." They added, "Currently we do not have the information required to make ethically-informed decisions about our work, our projects, and our employment." From the report: The letter is circulating on Google's internal communication systems and is signed by about 1,000 employees, according to two people familiar with the document, who were not authorized to speak publicly. The letter also called on Google to allow employees to participate in ethical reviews of the company's products, to appoint external representatives to ensure transparency and to publish an ethical assessment of controversial projects. The document referred to the situation as a "code yellow," a process used in engineering to address critical problems that impact several teams. Read more of this story at Slashdot.
Twitter's Relationship With Third-Party Apps is Messy -- But It's Not Over
technology - Posted On:2018-08-16 17:29:59 Source: slashdot
It's a day that developers of some of the most high-profile Twitter third-party apps have dreaded, though it's one they've long-known was coming: Twitter is finally shutting off some of the developer tools that popular apps like Tweetbot and Twitterific have heavily relied on. From a report: With the change, many third-party Twitter apps will lose some functionality, like the ability to instantly refresh users' Twitter feeds and send push notifications. It won't make these apps unusable -- in some cases the apps' users may not even immediately notice the changes -- but it's a drastic enough change that developers have mounted a public campaign against the decision. Now, Twitter is finally weighing in on the changes, after months of publicly declining to comment on the state of third-party Twitter clients. The verdict, unsurprisingly, is complicated. The company is adamant that its goal isn't to single out these developers. The company is retiring these APIs out of necessity, it says, as it's no longer feasible to support them."We are sunsetting very old, legacy software that we don't have an ability to keep supporting for practical reasons," says Ian Caims, group product manager at Twitter. At the same time, though, the company has also made a conscious decision not to create new APIs with the same functionality. Here's how Twitter's senior director of product management Rob Johnson explains the move: "It is now time to make the hard decision to end support for these legacy APIs -- acknowledging that some aspects of these apps would be degraded as a result. Today, we are facing technical and business constraints we can't ignore. The User Streams and Site Streams APIs that serve core functions of many of these clients have been in a 'beta' state for more than 9 years, and are built on a technology stack we no longer support. Read more of this story at Slashdot.
Return of the Bubble Car?
technology - Posted On:2018-08-16 16:14:59 Source: slashdot
mikeebbbd writes: Back in the 1950s, many European carmakers (some of which are still in operation such as BMW) made tiny cars for one or 2 people that ran on tiny amount of gas. The remaining examples of bubble cars have become sort of a fetish. Now two Swiss brothers, according to Reuters, are trying to resurrect one of the more iconic designs -- the BMW Isetta. One wonders how it could meet any kind of safety standards, but a prototype is shown in the article. Perhaps it might be registered as a Neighborhood Electric Vehicle, which gets it by a few standards? Oliver and Merlin Ouboter have more than 7,200 orders for their Microlino, a modern version of the Isetta which swaps the old single-cylinder petrol engine for a 20 horsepower electric motor but keeps the famous front-opening door. The brothers, whose father Wim made millions from modernized kick-scooters, plan to launch the car in December. "The average modern car is way too big for normal use," said Oliver, the project's 24-year-old operations chief. Read more of this story at Slashdot.
ARM Makes Its CPU Roadmap Public, Challenges Intel in PCs With Deimos and Hercules Chips
technology - Posted On:2018-08-16 15:45:00 Source: slashdot
With PC makers like Asus and HP beginning to design laptops and tablets around ARM chips, ARM itself has decided to emerge from the shadows and unroll its roadmap to challenge Intel through at least 2020, PCWorld writes. From a report, which details ARM's announcement Thursday: ARM's now-public roadmap represents its first processors that are designed for the PC space. ARM, taking aim at the dominant player, claims its chips will equal and potentially even surpass Intel's in single-threaded performance. ARM is unveiling two new chip architectures: Deimos, a 7nm architecture to debut in 2019, and Hercules, a 5nm design for 2020. There's a catch, of course: Many Windows apps aren't natively written for the ARM instruction set, forcing them to pay a performance penalty via emulation. Comparing itself to Intel is a brightly-colored signpost that ARM remains committed to the PC market, however. ARM-powered PCs like the Asus NovaGo offer game-changing battery life -- but the performance suffers, for two reasons: One, because the computing power of ARM's cores has lagged behind those of the Intel Core family; and two, because any apps that the ARM chip can't process natively have to be emulated. ARM can't do much about Microsoft's development path, but it can increase its own performance. Finally, if you were concerned that ARM PCs will be a flash in the pan, the answer is no, apparently not. Further reading: ARM Reveals First Public CPU Roadmap - Targeting Intel Performance (PC Perspective); and ARM Unveils Client CPU Performance Roadmap Through 2020 - Taking Intel Head On (AnandTech). Read more of this story at Slashdot.
ARM Makes Its CPU Roadmap Public, Challenging Intel in PCs With Deimos and Hercules Chips
technology - Posted On:2018-08-16 15:29:59 Source: slashdot
With PC makers like Asus and HP beginning to design laptops and tablets around ARM chips, ARM itself has decided to emerge from the shadows and unroll its roadmap to challenge Intel through at least 2020, PCWorld writes. From a report, which details ARM's announcement Thursday: ARM's now-public roadmap represents its first processors that are designed for the PC space. ARM, taking aim at the dominant player, claims its chips will equal and potentially even surpass Intel's in single-threaded performance. ARM is unveiling two new chip architectures: Deimos, a 7nm architecture to debut in 2019, and Hercules, a 5nm design for 2020. There's a catch, of course: Many Windows apps aren't natively written for the ARM instruction set, forcing them to pay a performance penalty via emulation. Comparing itself to Intel is a brightly-colored signpost that ARM remains committed to the PC market, however. ARM-powered PCs like the Asus NovaGo offer game-changing battery life -- but the performance suffers, for two reasons: One, because the computing power of ARM's cores has lagged behind those of the Intel Core family; and two, because any apps that the ARM chip can't process natively have to be emulated. ARM can't do much about Microsoft's development path, but it can increase its own performance. Finally, if you were concerned that ARM PCs will be a flash in the pan, the answer is no, apparently not. Further reading: ARM Reveals First Public CPU Roadmap - Targeting Intel Performance (PC Perspective); and ARM Unveils Client CPU Performance Roadmap Through 2020 - Taking Intel Head On (AnandTech). Read more of this story at Slashdot.
Melbourne Teen Hacked Into Apple's Secure Computer Network, Court Told
it - Posted On:2018-08-16 12:15:01 Source: slashdot
A Melbourne private schoolboy who repeatedly broke into Apple's secure computer systems is facing criminal charges after the technology giant called in the FBI. From a report: The teen, who cannot be named for legal reasons, broke into Apple's mainframe from his suburban home on multiple occasions over a year because he was such a fan of the company, according to his lawyer. The Children's Court heard on Thursday that he had downloaded 90GB of secure files and accessed customer accounts. His offending from the age of 16 saw him develop computerized tunnels and online bypassing systems to hide his identity until a raid on his family home uncovered a litany of hacking files and instructions all saved in a folder titled "hacky hack hack." Read more of this story at Slashdot.