Are virtual machines (VM) more secure than containers? You may think you know the answer, but IBM Research has found containers can be as secure, or more secure, than VMs. From a report: James Bottomley, an IBM Research Distinguished Engineer and top Linux kernel developer, writes: "One of the biggest problems with the current debate about Container vs Hypervisor security is that no-one has actually developed a way of measuring security, so the debate is all in qualitative terms (hypervisors 'feel' more secure than containers because of the interface breadth) but no-one actually has done a quantitative comparison." To meet this need, Bottomley created Horizontal Attack Profile (HAP), designed to describe system security in a way that it can be objectively measured. Bottomley has discovered that "a Docker container with a well crafted seccomp profile (which blocks unexpected system calls) provides roughly equivalent security to a hypervisor."

Read more of this story at Slashdot.

An anonymous reader shares a report: While the legal status of the Moon as a "global commons" accessible to all countries on peaceful missions did not meet any substantial resistance or challenge, the Outer Space Treaty left further details unsettled. Contrary to the very optimistic assumptions made at the time, so far humankind has not returned to the moon since 1972, making lunar land rights largely theoretical. That is, until a few years ago when several new plans were hatched to go back to the moon. In addition at least two U.S. companies, Planetary Resources and Deep Space Industries, which have serious financial backing, have started targeting asteroids for the purpose of mining their mineral resources. Geek note: Under the aforementioned Outer Space Treaty, the moon and other celestial bodies such as asteroids, legally speaking, belong in the same basket. None of them can become the "territory" of one sovereign state or another. The very fundamental prohibition under the Outer Space Treaty to acquire new state territory, by planting a flag or by any other means, failed to address the commercial exploitation of natural resources on the moon and other celestial bodies. This is a major debate currently raging in the international community, with no unequivocally accepted solution in sight yet. Roughly, there are two general interpretations possible.

Read more of this story at Slashdot.

The Trump administration wants to weaken the landmark protection law. What species are under threat?

New law makes it possible to grant amnesty for crimes against the constitution and involvement in armed struggle.

Catalin Cimpanu, writing for BleepingComputer: For the past year, Android malware authors have been increasingly relying on a solid trick for bypassing Google's security scans and sneaking malicious apps into the official Play Store. The trick relies on the use of a technique that's quite common in desktop-based malware, but which in the last year is also becoming popular on the Android market. The technique involves the usage of "droppers," a term denoting a dual or multiple-stage infection process in which the first stage malware is often a simplistic threat with limited capabilities, and its main role is to gain a foothold on a device in order to download more potent threats. But while on desktop environments droppers aren't particularly efficient, as the widespread use of antivirus software detects them and their second-stage payloads, the technique is quite effective on the mobile scene.

Read more of this story at Slashdot.

It is another summer of discontent as violent protests in the south spread north all the way to the capital, Baghdad.

Canonical announced on Friday that Microsoft's PowerShell Core is now available on Linux platform as a Snap. From a report: If you aren't familiar, a Snap is essentially a packaged version of a program that can be easily installed on many Linux distributions. Many see it as the future of Linux, as it has the potential to reduce fragmentation. "Built on the .NET Framework, PowerShell is an open source task-based command-line shell and scripting language with the goal of being the ubiquitous language for managing hybrid cloud assets. It is designed specifically for system administrators and power-users to rapidly automate the administration of multiple operating systems and the processes related to the applications that run on those operating systems," says Canonical.

Read more of this story at Slashdot.

I love the Daily podcast, but it may be because I'm a neophyte in most of what they cover. But when they cover Facebook, and other tech industry topics, they are the neophytes, and they once again, imho, have missed the story in today's podcast.

The story is Facebook's attempts to regulate the virality of lies. They're not trying to eliminate the lies, because as Zuckerberg states, we all make mistakes, and if they banned people or organizations that told lies, they'd be banning a lot of valuable interactions and people. Instead, when a story starts going viral, that's when their judgment kicks in, and they tell the algorithm to ignore its popularity. To me, someone with a fair amount of experience managing online communties, though not at the scale of Facebook, that seems to be a clever and wise solution.

The Times reporter wants them to do more. He says Zuckerberg will have to use his power. He has no obligation to be fair, applying the standards of a western democracy to speech on Facebook. He could do what the NYT would like him to do, to ban Infowars, Breitbart and Gateway Pundit, and keep the NYT and Washington Post. But this isn't what Facebook wants.

What would happen if Facebook banned Infowars and Breitbart and other lie-spreading make-believe news orgs? They'd start their own Facebook. You might think it's not possible, but Facebook knows how many followers they have, and how hard the technology is. "Facebook is a business," he said. And as a business he has to think about growth, and protecting what they have.

The last thing he wants is to give the right-wing infowarriors a reason to move their users off Facebook and onto a right-wing-approved social network. I am sure that's coming, btw. I'm sure he's sure as well. And he wants to put that out as far in the distance as he can.

Bike riding pro tip. If you want to ride faster, be sure your tires are fully inflated.

Facebook has always nudged truant users back to its platform though emails and notifications. But recently, those prods have evolved beyond comments related to activity on your own profile. From a report: Now Facebook will nag you when an acquaintance comments on someone else's photo, or when a distant family member updates their status. The spamming has even extended to those who sign up for two-factor authentication -- which is a great way to turn people off to that extra layer of security. "The part of it that bugs me is that two-factor authentication is something [Facebook] should be encouraging people to use, but instead the way this is working here is that they're driving people away from two-factor and making people less secure," says Matt Green, a professor at the Johns Hopkins University Information Security Institute, who has done contracted security work for Facebook in the past. "It's abusive, people's attention is deliberately tweaked by what looks like a two-factor authentication message." Green says he's received near-daily SMS messages from Facebook since January alerting him that one of his friends performed some action on the platform. Before he started receiving the messages, Green says he hadn't logged into Facebook for a long time and had actually forgotten his password. The weirdest part about the SMS notifications is what happens if you reply to them. If you respond, your message is posted to your own profile. Further reading: Facebook Really Wants You To Come Back, Facebook Is Spamming Users Via Their 2FA Phone Numbers, and Facebook Makes Moves On Instagram's Users.

Read more of this story at Slashdot.

An anonymous reader writes: Six times per week, an empty plane used to fly from London's Heathrow Airport to Cardiff, Wales. The next day, the plane would make the return trip without a single passenger. Half As Interesting, the second channel from Planelopnik-approved Wendover Productions, details why ghost flights like this sometimes operate from Britain's biggest airport in his new video. Despite being one of the most crowded airports in the world, Heathrow operates with only two runways. As a result, it's extremely difficult to get a "slot pair" -- rights for airlines to land and take off at a certain time. Only 650 slot pairs exist per day, so airlines are prepared to drop massive cash in order to get prime slot pairs. And they can trade and sell them, too. [...] Should an airline fail to use their slot at least 80 percent of the time, Heathrow will reassign it to the next company on the waiting list.

Read more of this story at Slashdot.

Andrew Sullivan explains, convincingly, that the idea of appealing to the conscience of Repubs is misguided. They've made it very clear that to the extent they have such things, they will have no influence on what they do. This piece is required reading, imho. And the business-as-usual approach of Bernie Sanders et al is unsupportable. We need to close ranks. Stop trying to optimize and just focus on getting the Repubs out of our government, asap.

Cyber attackers steal information from the database of SingHealth, the country's largest group of healthcare providers.

Venmo, the mobile payments app, won't say why it exposes users' data to the world whenever they make a transaction. ZDNet: Hang Do Thi Duc, a Berlin-based privacy researcher found that every time someone sent or received money using the PayPal-owned mobile app (which had over seven million users in 2017), the transaction was "public" by default and was broadcast on Venmo's API. In other words, everyone can see your transactions -- even without the app. The company did not respond to ZDNet's queries, but in a blanket statement said it takes privacy of users seriously. Further reading: People Are Using Venmo To Spy On Cheating Spouses.

Read more of this story at Slashdot.

Commenting on the record $5 billion fine on Google by the European Commission, privacy focused search engine DuckDuckGo said this week it welcomes the decision as it has "felt [Google's] effects first hand for many years and has led directly to us having less market share on Android vs iOS and in general mobile vs desktop." The company said: Up until just last year, it was impossible to add DuckDuckGo to Chrome on Android, and it is still impossible on Chrome on iOS. We are also not included in the default list of search options like we are in Safari, even though we are among the top search engines in many countries. The Google search widget is featured prominently on most Android builds and is impossible to change the search provider. For a long time it was also impossible to even remove this widget without installing a launcher that effectively changed the whole way the OS works. Their anti-competitive search behavior isn't limited to Android. Every time we update our Chrome browser extension, all of our users are faced with an official-looking dialogue asking them if they'd like to revert their search settings and disable the entire extension. Google also owns http://duck.com and points it directly at Google search, which consistently confuses DuckDuckGo users. "If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is google," wrote security researcher Mikko Hypponen, summing up the story.

Read more of this story at Slashdot.