Polls on the front page of Slashdot? Is the world coming to an end?! Nope; read more about it. ×
Security

New SOHO Router Security Audit Uncovers Over 60 Flaws In 22 Models 21

Posted by Soulskill
from the my-god,-it's-full-of-flaws dept.
Home and small-office routers have become a hotbed for security research lately, with vulnerabilities and poor security practices becoming the rule, rather than the exception. A new security audit by researchers from Universidad Europea de Madrid only adds to that list, finding 60 distinct flaws in 22 different device models. They posted details of their research on the Full Disclosure mailing list, and the affected brands include D-Link, Belkin, Linksys, Huawei, and others. Many of the models they examined had been distributed to internet customers across Spain by their ISPs. About half of the flaws involve Cross Site Scripting and Cross Site Request Forgery capabilities, though there is at least one backdoor with a hard-coded password. Several routers allow external attackers to delete files on USB storage devices, and others facilitate DDoS attacks.
DRM

The Bizarre Process Used For Approving Exemptions To the DMCA 15

Posted by Soulskill
from the assume-a-spherical-librarian dept.
harrymcc writes: The Digital Millennium Copyright Act imposes severe penalties on those who overcome copy-protection technologies. It allows for exemptions for a variety of purposes — but in a weird proviso, those exemptions must be re-approved by the Librarian of Congress every three years. Over at Fast Company, Glenn Fleishman takes a look at this broken system and why it's so bad for our rights as consumers. "The Librarian has opted to require one or more 'champions' or proponents of a carefully defined category, like "Audiovisual works – educational uses – colleges and universities," to file a brief. His office also opens the floor to rebuttals from opponents. Further, the Librarian sunsets every exemption every three years—something not required by the law, and which requires champions to arise again to launch a new defense. The office also doesn't propose its own examples of circumvention that should be permitted, even though the law permits it to do so."
Privacy

Senate Passes USA Freedom Act 96

Posted by Soulskill
from the agreeing-to-disagree-about-agreeing dept.
schwit1 points out that the U.S. Senate has passed the USA Freedom Act by a vote of 67-32, sending it on to President Obama, who is expected to sign it into law. The bill removes mass metadata collection powers from the NSA, but also grants a new set of surveillance powers to replace them. Telecoms now hang on to that data, and the government can access it if they suspect the target is part of a terrorism investigation and one of the call's participants is overseas. "The second provision revived Tuesday concerns roving wiretaps. Spies may tap a terror suspect's communications without getting a renewed FISA Court warrant, even as a suspect jumps from one device to the next. The FISA Court need not be told who is being targeted when issuing a warrant. The third spy tool renewed is called "lone wolf" in spy jargon. It allows for roving wiretaps. However, the target of wiretaps does not have to be linked to a foreign power or terrorism."
Hardware

Fabs Now Manufacturing Carbon Nanotube Memory, Which Could Replace NAND and DRAM 35

Posted by Soulskill
from the still-waiting-on-my-isolinear-chips dept.
Lucas123 writes: Nantero, the company that invented carbon nanotube-based non-volatile memory in 2001 and has been developing it since, has announced that seven chip fabrication plants are now manufacturing its Nano-RAM (NRAM) wafers and test chips. The company also announced aerospace giant Lockheed Martin and Schlumberger Ltd., the world's largest gas and oil exploration and drilling company, as customers seeking to use its chip technology. The memory, which can withstand 300 degrees Celsius temperatures for years without losing data, is natively thousands of times faster than NAND flash and has virtually infinite read/write resilience. Nantero plans on creating gum sticks SSDs using DDR4 interfaces. NRAM has the potential to create memory that is vastly more dense that NAND flash, as its transistors can shrink to below 5 nanometers in size, three times more dense than today's densest NAND flash. At the same time, NRAM is up against a robust field of new memory technologies that are expected to challenge NAND flash in speed, endurance and capacity, such as Phase-Change Memory and Ferroelectric RAM (FRAM).
Microsoft

Microsoft To Support SSH In Windows and Contribute To OpenSSH 150

Posted by Soulskill
from the headlines-you-probably-didn't-expect dept.
An anonymous reader writes: Microsoft has announced plans for native support for SSH in Windows. "A popular request the PowerShell team has received is to use Secure Shell protocol and Shell session (aka SSH) to interoperate between Windows and Linux – both Linux connecting to and managing Windows via SSH and, vice versa, Windows connecting to and managing Linux via SSH. Thus, the combination of PowerShell and SSH will deliver a robust and secure solution to automate and to remotely manage Linux and Windows systems." Based on the work from this new direction, they also plan to contribute back to the OpenSSH project as well.
Perl

Perl 5.22 Released 57

Posted by Soulskill
from the onward-and-upward dept.
kthreadd writes: Version 5.22 of the Perl programming language has just been released. A major new feature in this release is the double diamond operator; like the regular diamond operator it allows you to quickly read through files specified on the command line but does this in a much safer way by not evaluating special characters in the file names. Other new features include hexadecimal floating point numbers, improved variable aliasing and a nicer syntax for repetition in list assignment. Also, historical Perl modules CGI.pm and Module::Build are removed from the core distribution.
Media

Cable Companies Hate Cord-Cutting, but It's Not Going Away (Video) 106

Posted by Roblimo
from the parting-with-a-cable-company-is-such-sweet-sorrow dept.
On May 29, Steven J. Vaughan Nichols (known far and wide as SJVN) wrote an article for ZDNet headlined, Now more than ever, the Internet belongs to cord-cutters. A few days before that, he wrote another one headlined, Mary Meeker's Internet report: User growth slowing, but disruption full speed ahead. And last December he wrote one titled, Reports show it's becoming a cord cutter's world. SJVN obviously sees a trend here. So do a lot of other people, including cable TV and local TV executives who are biting their nails and asking themselves, "Whatever shall we do?" So far, says SJVN, the answers they've come up with are not encouraging.

NOTE from Roblimo: We're trying something different with this video, namely keeping it down to about 4 minutes but running a text transcript that covers our 20+ minute conversation with SJVN. Is this is a good idea? Please let us know.
Privacy

FBI Is Behind Mysterious Flights Over US Cities 114

Posted by Soulskill
from the no-such-bureau dept.
New submitter kaizendojo sends a report from the Associated Press indicating the FBI has a small fleet of planes that fly across the U.S. carrying surveillance equipment. The planes are registered with fictitious companies to hide their association with the U.S. government. The FBI says they're only used for investigations that are "specific" and "ongoing," but they're often used without getting permission from a judge beforehand. "Some of the aircraft can also be equipped with technology that can identify thousands of people below through the cellphones they carry, even if they're not making a call or in public. Officials said that practice, which mimics cell towers and gets phones to reveal basic subscriber information, is rare." The AP identified at least 50 FBI-controlled planes, which have done over 100 flights since late April. The AP adds that they've seen the planes "orbiting large, enclosed buildings for extended periods where aerial photography would be less effective than electronic signals collection."
Hardware Hacking

Ask Slashdot: Your Most Unusual Hardware Hack? 173

Posted by timothy
from the my-water-into-wine-machine dept.
An anonymous reader writes: Another Slashdotter recently asked what kind of things someone can power with an external USB battery. I have a followup along those lines: what kind of modifications have you made to your gadgets to do things that they were never meant to do? Consider old routers, cell phones, monitors, etc. that have absolutely no use or value anymore in their intended form. What can you do with them?
Businesses

GameStop Swoops In To Buy ThinkGeek For $140 Million 75

Posted by Soulskill
from the will-pay-you-8-cents-for-used-annoy-a-trons dept.
Lirodon writes: Remember a few days ago, when Slashdot's former parent company was the subject of a $122 million takeover bid by Hot Topic? Well, another geeky retailer entered the fray in the battle for ThinkGeek, and won. GameStop will be acquiring Geeknet for $140 million. The video game retailer has promised synergies, such as in-store pickup and integration with its rewards program.
Security

Professional Russian Trolling Exposed 219

Posted by timothy
from the in-ex-soviet-russia dept.
An anonymous reader writes: Today the New York Times published a stunning exposé revealing the strategies used by one of the Web's greatest enemies: professional, government-backed "internet trolls." These well-paid agent provocateurs are dedicated to destroying the value of the Internet as an organizing and political tool. The trolling attacks described within are mind-boggling -- they sound like the basis of a Neal Stephenson novel as much as they do real life -- but they all rely on the usual, inevitable suspects of imperfect security and human credulity.
Intel

Intel Adopts USB-C Connector For 40Gbps Thunderbolt 3, Supports USB 3.1, DP 1.2 147

Posted by timothy
from the ok-that's-pretty-cool dept.
MojoKid writes: The high speed Thunderbolt interface standard, which is used for everything from hyper-fast external storage solutions to external graphics cards, has been slow to take off. You can blame the high-priced Thunderbolt peripherals and the uber-expensive cables (at least when compared to your garden-variety USB cables). For most people, USB 3.0 is "good enough" and making a huge investment into the Thunderbolt ecosystem has been reserved for those in the professional video editing arena. However, Intel is looking to change all of that with Thunderbolt 3. Thunderbolt 3 once again doubles the maximum bandwidth, this time jumping from 20Gbps to a whopping 40Gbps. While that is impressive in its own right, the truly big news is that Thunderbolt 3 is moving away from the Mini DisplayPort connector and is instead adopting the USB-C connector. As a result Thunderbolt will also support USB 3.1 (which is currently spec'd at 10Gbps) and can optionally provide up to 100W of power (in compliance with the USB Power Delivery spec) to charge devices via USB-C (like the recently introduced 12-inch Apple MacBook).
Power

Mercedes-Benz Copies Tesla, Plans To Offer Home Energy Storage 80

Posted by timothy
from the germans-sure-know-their-zeitgeist dept.
cartechboy writes: It's like a game of follow the leader. First, Tesla announced its Powerwall Batteries, and now Mercedes-Benz plans to follow suit by entering the energy-storage business as well. A division of parent company Daimler has been testing battery packs that can power houses, and plans to launch commercially in September. Supposedly a battery pack for "light industrial, commercial, and private" use is being tested with sizes ranging from 2.5 kWh to 5.9 kWh. While Tesla's building a massive Gigafactory to make all its batteries for its Powerwall and electric cars, it's unclear exactly how Daimler plans to produce its batteries in a larger-scale energy-storage operation.
Android

LG Arbitrarily Denying Android Lollipop Update To the G2 In Canada? 106

Posted by timothy
from the arbitrary-lines dept.
Lirodon writes: Its funky rear-mounted buttons may have left critics divided, but the LG G2 is still a pretty capable Android device. While it has gotten an update to Android 5.0 "Lollipop" in some major markets (including the United States, of course), one major holdout is Canada. Reports are surfacing that LG's Canadian subsidiary has decided not to release the update for unknown reasons. But, what about custom ROMs? Well, they handled that too: they have refused to release Lollipop kernel source for the Canadian variant of the device. It is arbitrary actions like this that cause Android's fragmentation problems. A curious note, LG has not specifically made reference to the bugs other users have been having with the update.
The Courts

Blackberry Defeats Typo In Court, Typo To Discontinue Sales of Keyboard 63

Posted by timothy
from the one-way-or-another-it's-over dept.
New submitter juniorkindergarten writes: Blackberry and Typo have reached a final settlement that effectively ends Typo selling its iPhone keyboard accessory. Blackberry took Typo to court for twice for patent infringement over the copying of Blackberry's keyboard design. Blackberry and Typo first battled it out in court, with Typo losing for copying the Blackberry Q10 keyboard design. Typo redesigned its keyboard, and again Blackberry sued them for patent infringement. The final result is that Typo cannot sell keyboards for screens less than 7.9", but can still sell keyboards for the iPad and iPad air. Exact terms were not disclosed.
Graphics

Intel Releases Broadwell Desktop CPUs: Core i7-5775C and i5-5675C 99

Posted by timothy
from the chips-and-chips dept.
edxwelch writes: Intel has finally released their Broadwell desktop processors. Featuring Iris Pro Graphics 6200, they take the integrated graphics crown from AMD (albeit costing three times as much). However, they are not as fast as current Haswell flagship processors and they will be soon superseded by Skylake, to be released later this year. Tom's Hardware and Anandtech have the first reviews of the Core i7-5775C and i5-5675C.
GUI

Cinnamon 2.6: a Massive Update Loaded With Performance Improvements 131

Posted by timothy
from the also-delicious dept.
jones_supa writes: The Linux Mint team has just announced that Cinnamon 2.6 desktop environment is considered stable and ready to download. It is a big update. The load times have been greatly improved and unnecessary calculations in the window management part are dropped, leading to a 40% reduction in the number of CPU wakes per second. Other improvements include a screensaver that does more than just lock the screen, panels that can be removed or added individually, a much better System Settings panel that should make things much clearer, a cool new effect for windows, and a brand new plugin manager for Nemo. Linux Mint users will receive the new Cinnamon as an update by the end of the month.
Transportation

US Airport Screeners Missed 95% of Weapons, Explosives In Undercover Tests 306

Posted by samzenpus
from the security-theater dept.
An anonymous reader writes: An internal investigation by the TSA found that 95% of agents testing airport checkpoints were able to bring weapons through. In one case, an alarm sounded, but during the pat down, the screener failed to detect a fake plastic explosive taped to the undercover agent's back. ABC reports: "Homeland Security Secretary Jeh Johnson was apparently so frustrated by the findings he sought a detailed briefing on them last week at TSA headquarters in Arlington, Virginia, according to sources. U.S. officials insisted changes have already been made at airports to address vulnerabilities identified by the latest tests. 'Upon learning the initial findings of the Office of Inspector General's report, Secretary Johnson immediately directed TSA to implement a series of actions, several of which are now in place, to address the issues raised in the report,' the DHS said in a written statement to ABC News."
Facebook

Facebook Now Supports PGP To Send You Encrypted Emails 133

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes: You can now have Facebook encrypt email it sends to you by adding your PGP key to your profile. The PGP feature is "experimental" and will be rolled out slowly. The announcement reads in part: "...today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to 'end-to-end' encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications."
The Almighty Buck

Cool Tool: The Nuclear Fuel Cycle Cost Calculator 144

Posted by samzenpus
from the breaking-it-down dept.
Lasrick writes: The Bulletin of the Atomic Scientists has launched a very cool new tool that will excite anyone interested in understanding the per kilowatt cost of nuclear energy. Developed over the last two years in a partnership between the Bulletin and the University of Chicago, the Nuclear Fuel Cycle Cost Calculator estimates the cost of electricity produced by three configurations of the nuclear fuel cycle:

1. The once-through fuel cycle used in most US nuclear power plants, in which uranium fuel is used once and then stored for later disposal.
2. A limited-recycle mode in which a mix of uranium and plutonium (that is, mixed oxide, or MOX) is used to fuel a light water reactor.
3. A full-recycle system, which uses a fast neutron spectrum reactor that can be configured to 'breed' plutonium that can subsequently be used as either nuclear fuel or weapons material.

This online tool lets users test how sensitive the price of electricity is to a full range of components—more than 60 parameters that can be adjusted for the three configurations of the nuclear fuel cycle considered. The results provide nuanced cost assessments for the reprocessing of nuclear fuel and can serve as the basis for discussions among government officials, industry leaders, and public interest groups.