An anonymous reader writes: The Register reports that upcoming OpenSSL versions 1.0.2d and 1.0.1p are claimed to fix a single security defect classified as "high" severity. It is not yet known what this mysterious vulnerability is — that would give the game away to attackers hoping to exploit the hole before the patch is released to the public. Some OpenSSL's examples of "high severity" vulnerabilities are a server denial-of-service, a significant leak of server memory, and remote code execution. If you are a system administrator, get ready to patch your systems this week. The defect does not affect the 1.0.0 or 0.9.8 versions of the library.
Percentage of others that also voted for:
You have already voted on this poll.
An anonymous reader writes: Swiss Post has beat Amazon, Alibaba and other researchers into drone-based delivery by launching practical drops using a Matternet four-rotored drone this month. However the company says that five years of testing and negotiation with regulators lie ahead before it will be able to offer a commercial drone-based delivery service. Like Google's Project Wing, the Matternet drone in question is mooted as a potential lifeline in post-disaster situations, but from a business point of view the release notes its potential for 'express delivery of goods' — a further indicator that the future of postal drone delivery may be an exclusive and expensive one.
loid_void writes with a link to a New York Times report about some of the world's best-known cryptography experts, who have prepared a report which concludes that there is no viable technical solution which "would allow the American and British governments to gain "exceptional access" to encrypted communications without putting the world's most confidential data and critical infrastructure in danger." From the article: [T]he government’s plans could affect the technology used to lock financial institutions and medical data, and poke a hole in mobile devices and the countless other critical systems — including pipelines, nuclear facilities, the power grid — that are moving online rapidly. ... “The problems now are much worse than they were in 1997,” said Peter G. Neumann, a co-author of both the 1997 report and the new paper, who is a computer security pioneer at SRI International, the Silicon Valley research laboratory. “There are more vulnerabilities than ever, more ways to exploit them than ever, and now the government wants to dumb everything down further.” The authors include Neumann, Harold Abelson, Susan Landau, and Bruce Schneier.
1sockchuck writes: Parachuting a container full of IT gear into a war zone is challenging enough. In the mountains of Afghanistan, helicopters had to deliver modular data centers in three minutes or less, lest the choppers be targeted by Taliban rockets. UK vendor Cannon recently spoke with DataCenterDynamics, sharing some of the extreme challenges and lessons learned from deploying portable data centers for military units in deserts and mountains. The same lessons (except, hopefully, with a lower chance of being shot) would apply in lots of other extreme enviroments, too.
cold fjord writes with the report at Yahoo that Former Attorney General Eric Holder said today that a "possibility exists" for the Justice Department to cut a deal with ... Edward Snowden that would allow him to return to the United States ... Holder said "we are in a different place as a result of the Snowden disclosures" and that "his actions spurred a necessary debate" that prompted President Obama and Congress to change policies ... "I certainly think there could be a basis for a resolution that everybody could ultimately be satisfied with. I think the possibility exists." A representative of current Attorney General Loretta Lynch, though, said that there has been no change in the government's position ("This is an ongoing case so I am not going to get into specific details but I can say our position regarding bringing Edward Snowden back to the United States to face charges has not changed."), Holder's musings aside. As the article points out, too, "any suggestion of leniency toward Snowden would likely run into strong political opposition in Congress as well as fierce resistance from hard-liners in the intelligence community."
An anonymous reader writes: Who hacked Hacking Team, the Milan-based company selling intrusion and surveillance software to governments, law enforcement agencies and (as it turns out) companies? A hacker who goes by "Phineas Fisher" claims it was him (her? them?). In the meantime, Hacking Team is scrambling to minimize the damage this hack and data leak is doing to the company. They sent out emails to all its customers, requesting them to shut down all deployments of its Remote Control System software ("Galileo") — even though it seems they could do that themselves, as the customer software apparently has secret backdoors. Perhaps they chose the first route because they hoped to keep that fact hidden from the customers? And because every copy of Hacking Team's Galileo software is secretly watermarked, the leaked information could allow researchers to link a certain backdoor to a specific customer.
HughPickens.com writes: Ever notice at your high school reunions how some classmates look ten years older than everybody else — and some look ten years younger. Now BBC reports that a study of people born within a year of each other has uncovered a huge gulf in the speed at which human bodies bodies age. The report tracked traits such as weight, kidney function and gum health and found that some of the 38-year-olds in the study were aging so badly that their "biological age" was on the cusp of retirement. "They look rough, they look lacking in vitality," says Prof Terrie Moffitt. The study says some people had almost stopped aging during the period of the study, while others were gaining nearly three years of biological age for every twelve months that passed. "Any area of life where we currently use chronological age is faulty, if we knew more about biological age we could be more fair and egalitarian," says Moffitt. The researchers studied aging in 954 young humans, the Dunedin Study birth cohort, tracking multiple biomarkers across three time points spanning their third and fourth decades of life. They developed and validated two methods by which aging can be measured in young adults, one cross-sectional and one longitudinal. According to Moffit the science of healthspan extension may be focused on the wrong end of the lifespan; rather than only studying old humans, geroscience should also study the young. "Eventually if we really want to slow the process of ageing to prevent the onset of disease we're going to have to intervene with young people."
itwbennett writes: Back in May, former Goldman Sachs programmer Sergey Aleynikov was convicted by a jury for stealing 32MB of code for Goldman's high-frequency trading system, code that Aleynikov maintained he copied for intellectual pursuits and was, in fact, open-source. On Monday, Judge Daniel P. Conviser of New York's State Supreme Court dismissed the conviction, saying that Aleynikov acted wrongfully by taking the code, but his actions did not meet the standard under the law in which he was charged. "The evidence did not prove he intended to appropriate all or a major portion of the code's economic value," Conviser wrote.
theodp writes: "A few months ago," writes Steph Rhee, "I was at a dinner with a dozen students and a 60-year-old entrepreneur who made himself a fortune on Wall Street. At the time, I was a junior at Yale and the only person at the table studying a computer-related major. We went around saying what our big dreams were. When I said that I'm studying computer science because I want to be a software engineer and hope to start my own company one day, he said, 'Why waste so many years learning how to code? Why not just pay someone else to build your idea?'" But Rhee isn't buying into the idea of the look-Ma-no-tech-skills "idea person." "We must not neglect the merits of technical skills in the conception of the 'idea person,'" she argues. "What the 60-year old entrepreneur and others of his generation — the people in control of the education we receive — don't realize is this: for college students dreaming of becoming unicorns in Silicon Valley, being an 'idea person' is not liberating at all. Being able to design and develop is liberating because that lets you make stuff. This should be a part of what we see in the 'idea person' today and what it means to be 'right' when designing an undergraduate curriculum."
jez9999 writes: I'm a software developer in the UK, and I've found that it's very rare (maybe 5% of the time) to find an employer that will even consider any working from home, let alone for the majority of the time. I see it as a win-win; you're able to work in the home environment you are most productive in, and you can use the time you would've been commuting to work a bit longer for the employer. Not only that, but you're not adding to road congestion either. Skype, etc. make communication with coworkers a snap these days. So how do you go about finding homeworking jobs? Is it better to demand it from the get-go, or wait a few months and then ask for it? Is it more common than 5% of jobs in the US (in which case I guess it's a cultural thing the UK needs to catch up with)?
An anonymous reader writes: Mozilla is reexamining and revamping the way it builds, communicates, and decides features for its browser. In short, big changes are coming to Firefox. Dave Camp, Firefox's director of engineering, sent out two lengthy emails, just three minutes apart: Three Pillars and Revisiting how we build Firefox. Both offer a lot more detail into what Mozilla is hoping to achieve.
ErnieKey writes: The 3D printed extreme reduction gearing device, created by long-time puzzle maker M. Oskar van Deventer, may leave you puzzled for its obvious applications, but the coaxial cranking mechanism offers potential in a variety of real-world applications with multi-colored gears that move in opposite directions at a ratio of 11,373,076 : 1. This 3D printed reduction gearing device is compact and multi-colored, and looks deceivingly simple at first glance. Developed through a complex algorithm, it could possibly offer potential as parts for machines like 3D printers, aerospace and automotive components, as well as perhaps robotics and a variety of motors.
jfruh writes: Kotver is in many ways a typical clickfraud trojan: it hijacks the user's browser process to create false clicks on banner ads, defrauding advertisers and ad networks. But one aspect of it is unusual: it updates the victim's installation of Flash to the most recent version, ensuring that similar malware can't get in.
Lauren Weinstein writes: A couple of months ago, in "Seeking Anecdotes Regarding 'Older' Persons' Use of Web Services," I asked for stories and comments regarding experiences that older users have had with modern Web systems, with an emphasis on possible problems and frustrations. I purposely did not define "older" — with the result that responses arrived from users (or regarding users) self-identifying as ages ranging from their 30s to well into their 90s (suggesting that "older" is largely a point of view rather than an absolute). Before I began the survey I had some preconceived notions of how the results would appear. Some of these were proven correct, but overall the responses also contained many surprises, often both depressing and tragic in scope. The frustration of caregivers in these contexts was palpable. They'd teach an older user how to use a key service like Web-based mail to communicate with their loved ones, only to discover that a sudden UI change caused them to give up in frustration and not want to try again. When the caregiver isn't local the situation is even worse. While remote access software has proven a great boon in such situations, they're often too complex for the user to set up or fix by themselves when something goes wrong, remaining cut off until the caregiver is back in their physical presence.