Web
Analytics Made Easy - StatCounter

SlashDot: Stories

Slashdot News for nerds, stuff that matters

  • Essential Products, Startup From Android Creator Andy Rubin, Lays Off 30 Percent of Staff
    by BeauHD on October 18, 2018 at 1:30 am

    Essential Products, a startup founded in 2015 by Android creator Andy Rubin, was started to create a smartphone with high-end design features that wasn't associated with a particular operating-system maker. Unfortunately, reaching that goal has been harder than anticipated as the company has laid off about 30 percent of its staff. Fortune reports: Cuts were particularly deep in hardware and marketing. The company's website indicates it has about 120 employees. A company spokesperson didn't confirm the extent of layoffs, but said that the decision was difficult for the firm to make and, "We are confident that our sharpened product focus will help us deliver a truly game changing consumer product." The firm was Rubin's first startup after leaving Google in 2014, which had acquired his co-founded firm, Android, in 2005. Essential's first phone came out in August 2017, a few weeks later than initially promised. It received mixed reviews, with most critics citing its lower quality and missing features relative to competing smartphones, such as a lack of waterproofing and poor resiliency to damage. The company dropped the price from an initial $699 within weeks to $499, and offered it on Black Monday in November 2017 for $399. Read more of this story at Slashdot. […]

  • Trivial Authentication Bypass In Libssh Leaves Servers Wide Open
    by BeauHD on October 18, 2018 at 12:50 am

    Ars Technica reports of "a four-year-old bug in the Secure Shell implementation known as libssh that makes it trivial for just about anyone to gain unfettered administrative control of a vulnerable server." It's not clear how many sites or devices may be vulnerable since neither the widely used OpenSSH nor Github's implementation of libssh was affected. From the report: The vulnerability, which was introduced in libssh version 0.6 released in 2014, makes it possible to log in by presenting a server with a SSH2_MSG_USERAUTH_SUCCESS message rather than the SSH2_MSG_USERAUTH_REQUEST message the server was expecting, according to an advisory published Tuesday. Exploits are the hacking equivalent of a Jedi mind trick, in which an adversary uses the Force to influence or confuse weaker-minded opponents. The last time the world saw an authentication-bypass bug with such serious consequences and requiring so little effort was 11 months ago, when Apple's macOS let people log in as admin without entering a password. On the brighter side, there were no immediate signs of any big-name sites being bitten by the bug, which is indexed as CVE-2018-10933. While Github uses libssh, the site officials said on Twitter that "GitHub.com and GitHub Enterprise are unaffected by CVE-2018-10933 due to how we use the library." In a follow-up tweet, GitHub security officials said they use a customized version of libssh that implements an authentication mechanism separate from the one provided by the library. Out of an abundance of caution, GitHub has installed a patch released with Tuesday's advisory. Another limitation: only vulnerable versions of libssh running in server mode are vulnerable, while the client mode is unaffected. Peter Winter-Smith, a researcher at security firm NCC who discovered the bug and privately reported it to libssh developers, told Ars the vulnerability is the result of libssh using the same machine state to authenticate clients and servers. Because exploits involve behavior that's safe in the client but unsafe in the server context, only servers are affected. Read more of this story at Slashdot. […]

  • Researchers 3D Print Custom-Sized Lithium-Ion Batteries
    by BeauHD on October 18, 2018 at 12:10 am

    An anonymous reader quotes a report from Engadget: [N]ew research published in ACS Applied Energy Materials shows that it's possible to 3D-print lithium-ion batteries into whatever shape you need. The problem that has stood in the way of 3D-printed lithium-ion batteries (at least, until now) is that the polymers traditionally used in this kind of printing aren't ionic conductors. The goal was to find a way to print custom-sized lithium-ion batteries in a cost-effective way using a regular, widely available 3D printer. In order to make the batteries conductive, the team led by Christopher Reyes and Benjamin Wiley infused the polylactic acid (PLA) usually used in 3D printing with an electrolyte solution. The researchers also incorporated graphene and carbon nanotubes into the design of the case to help increase conductivity. After these design modifications, the team was able to 3D print an LED bracelet, complete with a custom-sized lithium-ion battery. The battery was only able to power the bracelet for about 60 seconds, but the researchers have ideas for how to improve the capacity. For those interested, Engadget has a short video on the subject. Read more of this story at Slashdot. […]

  • Ask Slashdot: Should Open-Source Developer Teams Hire Professional UI/UX Designers?
    by BeauHD on October 17, 2018 at 11:30 pm

    OpenSourceAllTheWay writes: There are many fantastic open-source tools out there for everything from scanning documents to making interactive music to creating 3D assets for games. Many of these tools have an Achilles heel though -- while the code quality is great and the tool is fully functional, the user interface (UI) and user experience (UX) are typically significantly inferior to what you get in competing commercial tools. In an nutshell, with open source, the code is great, the tool is free, there is no DRM/activation/telemetry bullshit involved in using the tool, but you very often get a weak UI/UX with the tool that -- unfortunately -- ultimately makes the tool far less of a joy to use daily than should be the case. A prime example would be the FOSS 3D tool Blender, which is great technically, but ultimately flops on its face because of a poorly designed UI that is a decade behind commercial 3D software. So here is the question: should open-source developer teams for larger FOSS projects include a professional UI/UX designer who does the UI for the project? There are many FOSS tools that would greatly benefit from a UI re-designed by a professional UI/UX designer. Read more of this story at Slashdot. […]

  • Facebook Lured Advertisers By Inflating Ad-watch Times Up To 900 Percent
    by BeauHD on October 17, 2018 at 10:50 pm

    Zorro shares a report from The Mercury News: Not only did Facebook inflate ad-watching metrics by up to 900 percent (Warning: source may be paywalled, alternative source), it knew for more than a year that its average-viewership estimates were wrong and kept quiet about it, a new legal filing claims. A group of small advertisers suing the Menlo Park social media titan alleged in the filing that Facebook "induced" advertisers to buy video ads on its platform because advertisers believed Facebook users were watching video ads for longer than they actually were. That "unethical, unscrupulous" behavior by Facebook constituted fraud because it was "likely to deceive" advertisers, the filing alleged. The latest allegations arose out of a lawsuit that the advertisers filed against Mark Zuckerberg-led Facebook in federal court in 2016 over alleged inflation of ad-watching metrics. "Suggestions that we in any way tried to hide this issue from our partners are false," the company told The Wall Street Journal. "We told our customers about the error when we discovered it -- and updated our help center to explain the issue." "The plaintiffs are seeking class-action status to bring other advertisers into the legal action, plus unspecified damages," reports The Mercury News. "They also want the court to order a third-party audit of Facebook's video-ad metrics." Read more of this story at Slashdot. […]

  • Amazon Doles Out Freebies To Juice Sales of Its Own Brands
    by msmash on October 17, 2018 at 10:11 pm

    An anonymous reader shares a report: Amazon cracked down on fake reviews two years ago by prohibiting shoppers from getting free products directly from merchants in exchange for writing reviews. It was a major turning point for the world's largest online retailer, which had previously seen "incentivized reviews" as a key way for consumers to discover new products. Amazon changed course because it realized some merchants were using such reviews to game its search algorithm, undermining faith in the customer feedback that helps drive e-commerce. Amazon instead used its "Vine" program, in which Amazon serves as a middleman between prolific Amazon reviewers and vendors eager for exposure. Amazon would still allow freebies in exchange for feedback so long as there was no direct contact between its retail partners and reviewers, theoretically lessening the chance of quid-pro-quo. Amazon would select shoppers eligible for the program, and Amazon vendors would pay a fee and provide free products to participate. But there was an important group excluded from the Vine program: independent merchants who supply about half the goods sold on the site. Now those excluded merchants and review watchdogs are alleging Amazon is guilty of the review manipulation the company said it was trying to prevent. Amazon uses Vine extensively to promote a fast-growing assortment of its own private-label products, distributing free samples to quickly accumulate the reviews needed to rise in search results and boost shopper faith in making a purchase. It gives Amazon a big advantage when introducing its own brands over third-party merchants who are more vulnerable to Amazon's private-label competition than prominent brands already in stores. Read more of this story at Slashdot. […]

  • Apple Launches Portal For US Users To Download Their Data
    by BeauHD on October 17, 2018 at 9:30 pm

    An anonymous reader quotes a report from Bloomberg: Apple on Wednesday began allowing users in the U.S. to download a copy of all of the data that they have stored with the company from a single online portal. U.S. users will be able to download data such as all of their address book contacts, calendar appointments, music streaming preferences and details about past Apple product repairs. Previously, customers could get their data by contacting Apple directly. In May, when Apple first launched the online privacy portal, it only allowed U.S. users to either correct their data or delete their Apple accounts. Read more of this story at Slashdot. […]

Related Articles

Check Also

Close
Close

Adblock Detected

Please consider supporting us by disabling your ad blocker