'Dirty Servers': The Untold Story of The Great Twitch Breach of 2014 Slashdotby EditorDavid on security at January 1, 1970, 1:00 am (cached at October 17, 2021, 11:35 pm)

A 2014 breach at Twitch "was so bad that Twitch essentially had to rebuild much of its code infrastructure because the company eventually decided to assume most of its servers were compromised," reports Vice. "They figured it would be easier to just label them 'dirty,' and slowly migrate them to new servers, according to three former employees who saw and worked with these servers." Slashdot reader em1ly shares Vice's report (which Vice based on interviews with seven former Twitch employees who'd worked there when the breach happened): The discovery of the suspicious logs kicked off an intense investigation that pulled nearly all Twitch employees on deck. One former employee said they worked 20 hours a day for two months, another said he worked "three weeks straight." Other employees said they worked long hours for weeks on end; some who lived far from the office slept in hotel rooms booked by the company. At the time, Twitch had few, if any, dedicated cybersecurity engineers, so developers and engineers from other teams were pulled into the effort, working together in meeting rooms with glass windows covered, frantically trying to figure out just how bad the hack was, according to five former Twitch employees who were at the company at the time... Twitch's users would only find out about the breach six months after its discovery, on March 23, 2015, when the company published a short blog post that explained "there may have been unauthorized access to some Twitch user account information," but did not let on nearly how damaging the hack was to Twitch internally.... When Twitch finally disclosed the hack in March of 2015, security engineers at Twitch and Amazon, who had come to help with the incident response, concluded that the hack had started at least eight months before the discovery in October of 2014, though they had no idea if the hackers had actually broken in even earlier than that, according to the former employee. "That was long enough for them to learn entirely how our whole system worked and the attacks they launched demonstrated that knowledge," the former employee said... For months after the discovery and public announcement, several servers and services were internally labeled as "dirty," as a way to tell all developers and engineers to be careful when interacting with them, and to make sure they'd get cleaned up eventually. This meant that they were still live and in use, but engineers had put restrictions on them in the event that they were still compromised, according to three former employees. "The plan apparently was just to rebuild the entire infra[structure] from known-good code and deprecate the old 'dirty' environment. We still, years later, had a split between 'dirty' services (servers or other things that were running when the hack took place) and 'clean' services, which were fired up after," one of the former employees said. "We celebrated office-wide the day we took down the last dirty service!" Another former employees tells Vice that the breach came as a surprise, even though the company hadn't invested in keeping itself secure. "Security efforts kept getting cancelled or deprioritized with the argument that 'everyone loves Twitch; no one wants to hack us.'" The Twitch engineer who'd first stumbled onto the breach described his reaction to Vice. " 'Oh fuck.' But I remember thinking that there was so much 'I told you so' here." One former employee added later that a more recent incident just this month "demonstrates that they didn't learn anything from the incident in 2014." But not everyone agrees. Other former employees, however, said that the damage of this new data breach appears to be less severe than the 2014 hack. And that it's likely thanks to Twitch taking security more seriously since then.

Read more of this story at Slashdot.

New Study Finds Ridesharing Actually Increases Pollution, Congestion Slashdotby EditorDavid on transportation at January 1, 1970, 1:00 am (cached at October 17, 2021, 10:35 pm)

Greg Bensinger of the New York Times editorial board argues ridesharing companies haven't delivered on their promises of well-paying driver jobs with less traffic congestion (let alone their predictions of an end to car ownership — or even of a sustainable, profitable, business model). And he adds that now a new study "is punching a hole in another of Uber and Lyft's promised benefits: curtailing pollution." The companies have long insisted their services are a boon to the environment in part because they reduce the need for short trips, can pool riders heading in roughly the same direction and cut unnecessary miles by, for instance, eliminating the need to look for street parking. It turns out that Uber rides do spare the air from the high amount of pollutants emitted from starting up a cold vehicle, when it is operating less efficiently, researchers from Carnegie Mellon University found. But that gain is wiped out by the need for drivers to circle around waiting for or fetching their next passenger, known as deadheading. Deadheading, Lyft and Uber estimated in 2019, is equal to about 40 percent of rideshare miles driven in six American cities. The researchers at Carnegie Mellon estimated that driving without a passenger leads to a roughly 20 percent overall increase in fuel consumption and greenhouse gas emissions compared with trips made by personal vehicles. The researchers also found that switching from a private car to on-demand rides, like an Uber or Lyft, increased the external costs of a typical trip by 30 percent to 35 percent, or roughly 35 cents on average, because of the added congestion, collisions and noise from ridesharing services. "This burden is not carried by the individual user, but rather impacts the surrounding community," reads a summary of the research conducted by Jacob Ward, Jeremy Michalek and Constantine Samaras. "Society as a whole currently shoulders these external costs in the form of increased mortality risks, damage to vehicles and infrastructure, climate impacts and increased traffic congestion."

Read more of this story at Slashdot.

[no title] Scripting News(cached at October 17, 2021, 10:02 pm)

In the back of my mind is the question of could we get a Linux version of Frontier going. That would send this project into the stratosphere, imho. Even after a year's work, Drummer is still a shadow of Frontier, which I use as my development platform for all of this. That's how I'm so productive. Invest as much time in tools as you do in product, and some years, invest all your time in tools. BTW, when I say a Linux version -- I mean an exact clone. The benchmark is whether it runs my software, not that it's a cool project. With these things it's the base of apps that matters. I think the language designers at big companies have lost the tune. The apps are what matters. That's why I program in JavaScript -- it's where all the code is. And that's why projects like Deno (A different arrangement of N O D and E) are such a bad idea. And deprecating the request verb? Only the most commonly called function the whole fricking language. Deprecated!! Someone has lost their sense of what matters. It's as if one day they decided the new Tappan Zee Bridge is too cool to drive cars over, so we'll require people to convert their cars so that the wheels are inside and the seats are outside. Always going backward is a good way to never get anywhere. BTW the Tappan Zee Bridge Is a beautiful bridge. It carries exactly the same traffic the old one did.
[no title] Scripting News(cached at October 17, 2021, 10:02 pm)

I think you have to be very young and very healthy to be medication-averse. There are some people who make it to old age without needing medical care. My mother was one of those people, she didn't get sick until she was in her 80s. Me, on the other hand, I would have died before I was 10 if it wasn't for health care and antibiotics. I had a ruptured appendix, mis-diagnosed by a doctor as a stomach ache. Okay so medicine fucks up, a lot. I have limited vision because two eye doctors gave me bad advice and did surgery, the first fucked my left eye and the second made it worse. My hearing is blown in my left ear, because a doctor used a device to clear out earwax that damaged my eardrum. So now loud noise, including loud music, makes my head vibrate in an unpleasant way. Too bad, I used to love loud music. But I am alive. My life having been saved twice by medicine now. So when medicine says "take this vaccine it'll make you safer against a horrible disease" -- I take it. Gladly. Why? Because I get how medicine works to an extent and am appreciative for the life I would not have had were it not for medicine.
The Moon Will Soon Have Its Own Internet Slashdotby EditorDavid on moon at January 1, 1970, 1:00 am (cached at October 17, 2021, 9:35 pm)

"Humanity will return to the lunar surface in 2024 as part of the Artemis program," writes the Auto Evolution site. "However, before NASA begins shuttling people to our natural satellite, it has to build a network there that will go beyond Earth's low orbit and connect space to Earth in a sort of Internet connection..." The network's name? LunaNet: Astronauts will be able to use the LunaNet via numerous nodes and communicate with the crew on and around the Moon in the same manner that we use Wi-Fi here on Earth. In addition, missions using the network will have access to position and time signals, allowing astronauts and rovers to navigate the rugged lunar terrain and return to their base. LunaNet will also use space-weather instruments to identify potentially dangerous solar activity, such as flares that erupt from the Sun and send harsh radiation towards the astronauts. With this new connectivity, the crew can be directly alerted. This will cut down the time it takes for network management on Earth to do so. These warnings will be comparable to the ones we receive on our phones when there is hazardous weather. The architecture's capabilities will also include a lunar search and rescue capability... Researchers could also use LunaNet antennas to peer into deep space and search for radio signals from distant celestial objects. Altogether, the architecture's capabilities will give scientists a new platform to test space theories, allowing them to extend their scientific knowledge. Recently, NASA released the "Draft LunaNet Interoperability Specification" in order to kickstart the development of this new "lunar internet." Technical discussions among industry experts from around the world are expected to follow.

Read more of this story at Slashdot.

[no title] Scripting News(cached at October 17, 2021, 9:32 pm)

The old Tappan Zee Bridge and the new one.
5G Lobbyist Argues It May Be a Long Time Before Autonomous Vehicles Reach Cities Slashdotby EditorDavid on ai at January 1, 1970, 1:00 am (cached at October 17, 2021, 8:35 pm)

Slashdot reader dkatana shares IoT Times interview with Dr. Johannes Springer, Director General for the 5G Automotive Association, an EU lobbying group pushing for the inclusion of short-range 5G wireless technology in autonomous vehicles for vehicle-to-vehicle communications. Springer describes some of the services already being tested (like in Hamburg, Germany, where even traffic lights can communicate with vehicles for "optimal speed advisories" for avoiding red lights): We have, for instance, an initiative in Europe called a European Data Task Force, or data task force for world safety. And in this activity, millions of vehicles are already sharing safety-related data between the different car manufacturers. Of course, this data sharing exists via cellular networks. One vehicle that detects, for instance, a black ice warning, or produces a black ice warning, sends this warning via the cellular networks to other vehicles. And this consensus, the data sharing via the cellular networks, creates a lot of benefits for other traffic participants, not, by the way, just the vehicles, but also to other vulnerable road users, cyclists, pedestrians, and so on... But they also discuss the prospects for automous vehicles beyond highway/intercity driving — and the idea of restricting them in cities to dedicated "safe corridors": Of course, the whole thing starts on a broad scale with restricted areas... And also, the private car industry is going heavily in this direction. If you take, for instance, the example of valet parking, automated parking. So, the automated driving task is restricted to a parking spot, to a parking garage: you can leave your car in front of the parking garage, and the car finds the free parking space by itself. And the same upon returning the vehicle. So this is something which takes place in the city but within a restricted area. Suppose it goes, for instance, to buses or something like that. In that case, you can also see two examples during the ITS World Congress, two different, let's say, technical setups, where automated driving buses happen in the city. One is in a, let's say, non-controlled environment, and the vehicle drives entirely on its own, yeah? So this is shown by Easy Drive, part of Continental, a company that produces these types of systems. Of course, there is still the need to have a backup driver in the bus, which directly destroys the business case for the bus operator. And secondly, the driving speed is relatively low; I think 30 kilometers per hour or something like that. The second example is, which is shown by Siemens, called the Heat Project, where the whole environment is completely controlled by roadside infrastructure. You have cameras and all these things equipped at the road to assess the situation and things around the bus. Personally, I don't believe that it can happen in cities or other open urban areas. Maybe, of course, if you have an airport, it might be different. But we cannot afford the necessary infrastructure, let's say, for monitoring the situation around the vehicle in real-time, whether it's a bus or another vehicle. No city is willing to pay for such an infrastructure just for the benefit of autonomous driving. So I'm pretty sure that this will not happen. In the comments on the original submission, long-time Slashdot reader Gravis Zero discounts this as the opinion of a lobbying group advocating for specific 5G technologies (rather than using WiFi for direct vehicle-to-vehicle and vehicle-to-infrastructure communication). But for what it's worth, the IoT Times interviewer also says "I've been talking to some experts in smart cities and some vehicle manufacturers... They say that certain types of autonomous driving have been going around for some time... But they are mainly focusing on motorways and intercity driving. We still have many problems allowing full autonomous driving in cities because of the number of different things that can happen."

Read more of this story at Slashdot.

Earthshot Prize: William and Kate joined by stars for awards ceremony BBC News | Science/Nature | UK Edition(cached at October 17, 2021, 8:30 pm)

The first Earthshot Prize ceremony is being held in London, with five winners set to get £1m each.
Is the Comic Book Industry Dying or Thriving? Slashdotby EditorDavid on anime at January 1, 1970, 1:00 am (cached at October 17, 2021, 7:35 pm)

Somewhere on Yahoo, one writer asks "Is the comic book industry dying or thriving?" There was a time when comic books were sold at newsstands alongside mainstream publications, according to Forbes, but that changed in the early 1980s when periodical comics all but disappeared from newsstands. From then on, the vast majority of comic books were sold through independently owned retail comic shops. But GamesRadar+ notes a boom started in the 1990s — when comic books became an investment: Long story short, folks outside of regular comic book readers discovered that, in some cases, key comic book issues (such as those that debuted popular characters or titles) could be worth significant amounts of money on the secondary market, leading to some fans buying dozens of copies of a single issue in the hopes of someday capitalizing on their monetary value... Someone should've explained supply and demand — the bubble burst because when everyone is buying and meticulously preserving a million copies of a comic book, there is no rarity to drive up the value to the level of less well-preserved comic books from earlier eras. Their article also points out that this era saw the dawn of lucrative "variant covers". But the '90s also saw a rebellion of top Marvel artists who left to found Image comics, "the first major third-party publisher to challenge Marvel and DC's reign over the industry in years," which led to "a rise in independent and creator-owned comic books, both large and small, and helped the rising tide of indie publishers gain a solid foothold as an overall industry presence." (Presumably this "rising tide" would also include publishers of manga and anime-derived titles.) So where are we now? The article on Yahoo notes the vast popularity of comic book movies, and also argues that "The billion-dollar comic business continues to boom." According to Publisher's Weekly, sales of comic books and graphic novels topped $1.28 billion in 2020, an all-time high. It's no fluke. With a few exceptions — sales fell a little in 2017, for example — comic book sales have been rising consistently for decades. But who's actually reading comic books? Is it teenagers? Nostalgic adults? Investing collectors? People who saw the movies first? (If you're 12 years old, are you going to read some comic book, or watch The Avengers?) Comic books now also have to compete with incredibly immersive videogames, virtual reality, and a gazillion cellphone apps — not to mention social media, and even online fan fiction. So I'd be interested to hear the experiences of Slashdot's readers. It seems like we'd be a reasonably good cross section of geek culture — but can we solve the riddle of the state of the comic book industry today? Share your own thoughts in the comments. Is the comic book industry dying or thriving?

Read more of this story at Slashdot.

Surprising US Intelligence, China Tested a Hypersonic Missile Slashdotby EditorDavid on china at January 1, 1970, 1:00 am (cached at October 17, 2021, 6:35 pm)

"China tested a nuclear-capable hypersonic missile in August," reports Reuters, "showing a capability that caught U.S. intelligence by surprise, the Financial Times reported, citing five unnamed sources." AFP explains what's uniquely threatening about hypersonic missiles: Ballistic missiles fly high into space in an arc to reach their target, while a hypersonic flies on a trajectory low in the atmosphere, potentially reaching a target more quickly. Crucially, a hypersonic missile is maneuverable (like the much slower, often subsonic cruise missile), making it harder to track and defend against. While countries like the United States have developed systems designed to defend against cruise and ballistic missiles, the ability to track and take down a hypersonic missile remains a question. Business Insider highlights this assessment from the North American Aerospace Defense Command (NORAD), the US/Canada organization providing North America's aerospace warnings: In August, General Glen VanHerck, head of NORAD, said that China's advanced hypersonic capability would "provide significant challenges to my Norad capability to provide threat warning and attack assessment," the Financial Times said... Sources also told the paper that the Chinese weapon could theoretically fly over the South Pole, another cause for concern for the US military, whose missile systems focus on the northern polar route. Bloomberg reports that the missile missed its target (by over 32 kilometers — about 20 miles), "and the test doesn't necessarily mean China will deploy such a weapon, the Financial Times said..." They also point out that "Along with China, the United States, Russia and at least five other countries are working on hypersonic technology." (Reuters adds that "last month North Korea said it had test-fired a newly-developed hypersonic missile.")

Read more of this story at Slashdot.

The Ups and Downs of Bitcoin's First Month in El Salvador Slashdotby EditorDavid on money at January 1, 1970, 1:00 am (cached at October 17, 2021, 5:35 pm)

One month ago El Salvador made bitcoin legal tender in the country. The Motley Fool looks at how it's playing out: Even before the launch, President Bukele's push for Bitcoin was not popular at home or abroad. The IMF refused to help fund the rollout, warning of "macroeconomic, financial, and legal issues." And Salvadorians took to the streets to protest the Bitcoin project before and after the launch. One Central American University survey showed that 68% of people did not agree with the move. The first stumbling block in El Salvador's Bitcoin experiment was that the price of Bitcoin fell 11% on the first day, and further in the days that followed. Crypto investors may be familiar with Bitcoin's volatility. But for many El Salvadorians, who'd each been given $30 worth of Bitcoin (about 0.00065 BTC) only to see its value tumble, it was another matter... In the U.S., Bitcoin is widely seen as a store of value — an investment that people hope will appreciate over time. But El Salvador is using it as a currency. And as a currency, Bitcoin's volatility is problematic, especially in a low-income country. According to Bloomberg, 1 in 4 Salvadorians make less than $5.50 per day. Even in a higher-income country, it would be difficult for a company to accept payments in a currency that might rapidly shrink in value in a matter of weeks. Unless the business could transfer the money immediately into dollars (which is what happens with many crypto payments), it would play havoc with things like payroll, rent, and other obligations. This is exponentially harder to manage for a family with little cash to spare. El Salvador also experienced technical glitches in both its bitcoin ATMs and the state-run wallet, according to the article. "It is a real shame that the El Salvadorian government rushed into launching Bitcoin as legal tender without first building the technical infrastructure and popular support that would have helped its ambitious scheme. "Nonetheless, if we check in again in a year's time, there's still a chance we'll see a different story."

Read more of this story at Slashdot.

[no title] Scripting News(cached at October 17, 2021, 5:32 pm)

Car drivers suck. I usually ride my bike on the right edge of the road, making it easy for cars to pass. But if I have to make a left, I move left, and if a car approaches behind me, they have to momentarily slow. They always honk. I never carry a gun, but sometimes I wish I did (not really).
[no title] Scripting News(cached at October 17, 2021, 5:32 pm)

BTW, when I say a Linux version -- I mean an exact clone. The benchmark is whether it runs my software, not that it's a cool project. With these things it's the base of apps that matters. I think the language designers at big companies have lost the tune. The apps are what matters. That's why I program in JavaScript -- it's where all the code is. And that's why projects like Deno (A different arrangement of N O D and E) are such a bad idea. And deprecating the request verb? Only the most commonly called function the whole fricking language. Deprecated!! Someone has lost their sense of what matters. It's as if one day they decided the new Tappan Zee Bridge is too cool to drive cars over, so we'll require people to convert their cars so that the wheels are inside and the seats are outside. Always going backward is a good way to never get anywhere. BTW the Tappan Zee Bridge Is a beautiful bridge. It carries exactly the same traffic the old one did.
[no title] Scripting News(cached at October 17, 2021, 5:32 pm)

I'm doing most of my writing these days in Drummer Land, but it's nice to remember that things I want to write about that don't belong there, still have a home, here.
[no title] Scripting News(cached at October 17, 2021, 5:32 pm)

Drummer is really going. I'm trying to scope out in my mind now where I want it to go. With all the programmers around now, and maybe more on the way, I'm thinking bigger in terms of open source projects that could spin out of Drummer. In the back of my mind is the question of could we get a Linux version of Frontier going. That would send this project into the stratosphere, imho. Even after a year's work, Drummer is still a shadow of Frontier, which I use as my development platform for all of this. That's how I'm so productive. Invest as much time in tools as you do in product, and some years, invest all your time in tools.