Newsfeed

The Verge reports: On Wednesday night, someone drained funds from multiple cryptocurrency wallets connected to the decentralized finance platform BadgerDAO. According to the blockchain security and data analytics Peckshield, which is working with Badger to investigate the heist, the various tokens stolen in the attack are worth about $120 million. While the investigation is still ongoing, members of the Badger team have told users that they believe the issue came from someone inserting a malicious script in the UI of their website. For any users who interacted with the site when the script was active, it would intercept Web3 transactions and insert a request to transfer the victim's tokens to the attacker's chosen address. Because of the transparent nature of the transactions, we can see what happened once the attackers pounced. PeckShield points out one transfer that yanked 896 Bitcoin into the attacker's coffers, worth more than $50 million. According to the team, the malicious code appeared as early as November 10th, as the attackers ran it at seemingly random intervals to avoid detection.... One of the things Badger is investigating is how the attacker apparently accessed Cloudflare via an API key that should've been protected by two-factor authentication...

Read more of this story at Slashdot.

There are delays in the area

An Essex-based hen which has more than 2,000 Instagran followers will feature in a special charity calendar.

An Essex-based hen which has more than 2,000 Instagran followers will feature in a special charity calendar.

The cases are linked to travel to Southern Africa

For 32 years a human named Andy Chanley has been a radio announcer (now working afternoon's at Southern California's 88.5 KCSN), Reuters reports. But now.... "I may be a robot, but I still love to rock," says the robot DJ named ANDY, derived from Artificial Neural Disk-JockeY, in Chanley's voice, during a demonstration for Reuters where the voice was hard to distinguish from a human disc jockey. Our phones, speakers and rice cookers have been talking to us for years, but their voices have been robotic. Seattle-based AI startup WellSaid Labs says it has finessed the technology to create over 50 real human voice avatars like ANDY so far, where the producer just needs to type in text to create the narration.... Martín Ramírez, head of growth at WellSaid, said once the voice avatars are created, WellSaid manages the commercial agreements according to the voice owner's requests. WellSaid voice avatars are doing more than DJ work. They are used in corporate training material or even to read audiobooks, said Ramirez. The article points out that while (human) announcer Andy Chanley was recording his voice, he discovered he has Stage 2 lymphoma. While he eventually recovered, Chanley liked knowing that there was also another way that the sound of his voice could still be supporting his family — and that his grandchildren could hear the sound of his voice.

Read more of this story at Slashdot.

EVERYONE has a right to feel safe in their home.

Ever wondered if you have royal roots running through your family?

EVERYONE has a right to feel safe in their home.

Ever wondered if you have royal roots running through your family?

If you've always wanted to run your own business, there are some commercial properties on sale in Essex as we speak.

If you've always wanted to run your own business, there are some commercial properties on sale in Essex as we speak.

SMALL businesses are set to be helped through a virtual event run by three of the UK’s biggest airports.

HERE are the death notices published in the Braintree and Witham Times this week: 

"Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them," reports Bleeping Computer, "even when running the latest firmware." Slashdot reader joshuark shared their report: The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people... Researchers at IoT Inspector carried out the security tests in collaboration with CHIP magazine, focusing on models used mainly by small firms and home users. "For Chip's router evaluation, vendors provided them with current models, which were upgraded to the latest firmware version," Florian Lukavsky, CTO & Founder at IoT Inspector, told BleepingComputer via email. "The firmware versions were automatically analyzed by IoT Inspector and checked for more than 5,000 CVEs and other security issues...." While not all flaws carried the same risk, the team found some common problems that affected most of the tested models: - Outdated Linux kernel in the firmware - Outdated multimedia and VPN functions - Over-reliance on older versions of BusyBox - Use of weak default passwords like "admin" - Presence of hardcoded credentials in plain text form.... All of the affected manufacturers responded to the researchers' findings and released firmware patches. The researchers demonstrated one exploit they found on one of the routers that extracted the AES key used for the firmware encryption, letting malicious firmware image updates pass verification checks on the device — and thus potentially planting malware on the router. jd (Slashdot reader #1,658) shares another perspective on the same study from Security Week: Not all of the identified weaknesses are considered real security flaws, and for some bugs it is unclear whether exploitation is even possible. However, many of the identified vulnerabilities (ranging from 2 in AVM devices to nearly a dozen in other routers) were classified as high- and medium-severity.

Read more of this story at Slashdot.

Long-time Slashdot reader mtaht writes: Comcast fully deployed bufferbloat fixes across their entire network over the past year, demonstrating 90% improvements in working latency and jitter — which is described in this article by by Comcast Vice President of Technology Policy & Standards. (The article's Cumulative Distribution Function chart is to die for...) But: did anybody notice? Did any other ISPs adopt AQM tech? How many of y'all out there are running smart queue management (sch_cake in linux) nowadays? But wait — it gets even more interesting... The Comcast official anticipates even less latency with the newest Wi-Fi 6E standard. (And for home users, the article links to a page recommending "a router whose manufacturer understands the principles of bufferbloat, and has updated the firmware to use one of the Smart Queue Management algorithms such as cake, fq_codel, PIE.") But then the Comcast VP looks to the future, and where all of this is leading: Currently under discussion at the IETF in the Transport Area Working Group is a proposal for Low Latency, Low Loss Scalable Throughput. This potential approach to achieve very low latency may result in working latencies of roughly one millisecond (though perhaps 1-5 milliseconds initially). As the IETF sorts out the best technical path forward through experimentation and consensus-building (including debate of alternatives), in a few years we may see the beginning of a shift to sub-5 millisecond working latency. This seems likely to not only improve the quality of experience of existing applications but also create a network foundation on which entirely new classes of applications will be built. While we can certainly think of usable augmented and virtual reality (AR and VR), these are applications we know about today. But what happens when the time to access resources on the Internet is the same, or close to the time to access local compute or storage resources? What if the core assumption that developers make about networks — that there is an unpredictable and variable delay — goes away? This is a central assumption embedded into the design of more or less all existing applications. So, if that assumption changes, then we can potentially rethink the design of many applications and all sorts of new applications will become possible. That is a big deal and exciting to think about the possibilities! In a few years, when most people have 1 Gbps, 10 Gbps, or eventually 100 Gbps connections in their home, it is perhaps easy to imagine that connection speed is not the only key factor in your performance. We're perhaps entering an era where consistently low working latency will become the next big thing that differentiates various Internet access services and application services/platforms. Beyond that, factors likely exceptionally high uptime, proactive/adaptive security, dynamic privacy protection, and other new things will likely also play a role. But keep an eye on working latency — there's a lot of exciting things happening!

Read more of this story at Slashdot.

Both drink and drug driving carry a minimum one-year driving ban, as well as an unlimited fine and a prison sentence of up to six months

"Videos and GIFs of cute animals — usually cats — have gone viral online for almost as long as the internet has been around..." writes the New York Times. "Now, it is becoming increasingly clear how widely the old-school internet trick is being used by people and organizations peddling false information online, misinformation researchers say." The posts with the animals do not directly spread false information. But they can draw a huge audience that can be redirected to a publication or site spreading false information about election fraud, unproven coronavirus cures and other baseless conspiracy theories entirely unrelated to the videos. Sometimes, following a feed of cute animals on Facebook unknowingly signs users up as subscribers to misleading posts from the same publisher. Melissa Ryan, chief executive of Card Strategies, a consulting firm that researches disinformation, said this kind of "engagement bait" helped misinformation actors generate clicks on their pages, which can make them more prominent in users' feeds in the future. That prominence can drive a broader audience to content with inaccurate or misleading information, she said. "The strategy works because the platforms continue to reward engagement over everything else," Ms. Ryan said, "even when that engagement comes from" publications that also publish false or misleading content.

Read more of this story at Slashdot.

I Programmer writes: December 1st is much anticipated among those who like programming puzzles. It is time to start collecting stars by solving small puzzles on the Advent of Code website with the goal of amassing 50 stars by Christmas Day, December 25th. Raku has also opened its advent calendar and there's a brand new Bekk Christmas blog with informational content on multiple topics... At the time of writing we are only 10.5 hours into Advent of Code's Day 1, almost 50,000 users have completed both puzzles and another 8,484 have completed the first. [Some programmers are even livestreaming their progress on Twitch, or sharing their thoughts (and some particuarly creative solutions) in the Advent of Code subreddit.] We can credit Perl with pioneering the idea of a programming advent calendar with daily articles with a festive theme and the Raku Advent Calendar now continues the tradition. Now in its 13th year, but only the third with its new name this year's first advent post solves a problem faced by Santa of creating thumbnails of approaching 2 billion images... Smashing magazine has pulled together its own exhaustive list of additional geek-themed advent calendars. Some of the other highlights: The beloved site "24 Pull Requests" has relaunched for 2021, daring participants to make 24 pull requests before December 24th. (The site's tagline is "giving back to open source for the holidays.") Over the years 26,465 contributors (as well as 25,738 organizations) have already participated through the site. The Advent of JavaScript and Advent of CSS sites promise 24 puzzles delivered by email (though you'll have to pay if you also want them to email you the solutions!) This year also saw daily challenges from the sixth annual Code Security advent calendar being announced on Twitter, while TryHackMe.com has its own set of cybersecurity puzzles (and even a few prizes).

Read more of this story at Slashdot.

On Monday JetBrains (creators of the Kotlin programming language and makers of the integrated development environment IntelliJ IDEA) made an announcement: a preview for a lightweight new multi-language IDE called Fleet using IntelliJ's code-processing engine with a distributed IDE architecture and a reimagined UI. By Friday they'd received an "overwhelming" number of requests, and announced the preview program had stopped accepting new requests. ("To subscribe for updates and the public preview announcement at jetbrains.com/fleet or follow @JetBrains_Fleet on Twitter.") They'd received 80,000 requests in just the first 30 hours, reports Visual Studio magazine: Although JetBrains didn't even mention VS Code in its Nov. 28 announcement, many media pundits immediately characterized it along the lines of an "answer to Visual Studio Code," a "response to Visual Studio Code," a "competitor to Visual Studio Code" and so on... "When you first launch Fleet, it starts up as a full-fledged editor that provides syntax highlighting, simple code completion, and all the things you'd expect from an editor," JetBrains said. "But wait, there's more! Fleet is also a fully functional IDE bringing smart completion, refactorings, navigation, debugging, and everything else that you're used to having in an IDE — all with a single button click." "It starts up in an instant so you can begin working immediately..." boasts the Fleet web page, adding that Fleet "is designed to automatically detect your project configuration from the source code, maximizing the value you get from its smart code-processing engine while minimizing the need to configure the project in the IDE." And it also offers "project and context aware code completion, navigation to definitions and usages, on-the-fly code quality checks, and quick-fixes..." Fleet also offers a collaborative environment allowing developers to work together — not just sharing the editor, but also terminals and debugging sessions. (There's even a diff view for reviewing changes.) "Others can connect to a collaboration session you initiate on your machine, or everyone can connect to a shared remote dev environment," explains Fleet's web page. "It supports a number of remote work scenarios and can be run locally on the developer's computer, in the cloud, or on a remote server," reports SD Times. (And Fleet's home page says soon it will even run in Docker containers configured with an appropriate environment for your project.) SD Times adds that Fleet "currently supports Java, Kotlin, Go, Python, Rust, and JavaScript. The company plans to extend support to cover PHP, C++, C#, and HTML, which are the remaining languages that have IntelliJ IDEs." It's multi-platform — running on Linux, MacOS, or Windows — and Fleet's web page promises "a familiar and consistent user experience" offering one IDE for the many different technologies you might end up using. And yes, there's a dark theme.

Read more of this story at Slashdot.