OpenIndiana Hipster 2015.10: Keeping an Open-Source Solaris Going 40

An anonymous reader writes: It's been five years since Oracle killed off OpenSolaris while the community of developers are letting it live on with the new OpenIndiana "Hipster" 15.10 release. OpenIndiana 15.10 improves its Python-based text installer as it looks to drop its GUI installer, switches out the Oracle JDK/JRE for OpenJDK, and updates its vast package set. However, there are still a number of outdated packages on the system like Firefox 24 and X.Org Server 1.14 while the default office suite is a broken OpenOffice build, due to various obstacles in maintaining open-source software support for Solaris while being challenged by limited contributors. Download links are available via the OpenIndiana.org release notes. There's also a page for getting involved if wishing to improve the state of open-source Solaris.

DHS Detains Mayor of Stockton, CA, Forces Him To Hand Over His Passwords 340

schwit1 writes: Anthony Silva, the mayor of Stockton, California, recently went to China for a mayor's conference. On his return to San Francisco airport he was detained by Homeland Security, and then had his two laptops and his mobile phone confiscated. They refused to show him any sort of warrant (of course) and then refused to let him leave until he agreed to hand over his password.
GNU is Not Unix

FLIF: Free Lossless Image Format 296

nickweller sends a link to an informational post about FLIF, the Free, Lossless Image Format. It claims to outperform PNG, lossless WebP, and other popular formats on any kind of image. "On photographs, PNG performs poorly while WebP, BPG and JPEG 2000 compress well (see plot on the left). On medical images, PNG and WebP perform relatively poorly while BPG and JPEG 2000 work well (see middle plot). On geographical maps, BPG and JPEG 2000 perform (extremely) poorly while while PNG and WebP work well (see plot on the right). In each of these three examples, FLIF performs well — even better than any of the others." FLIF uses progressive decoding to provide fully-formed lossy images from partial downloads in bandwidth-constrained situations. Best of all, FLIF is free software, released under the GNU GPLv3.

NASA Targets Venus, Asteroids With Potential Missions 47

coondoggie writes: NASA this week picked five possible contenders for a relatively low-cost robotic mission to space. The five candidates from a batch of 27 –include Venus, near-Earth object and asteroid operations – will ultimately be whittled down to one or two that will cost approximately $500 million, not including launch vehicle or post-launch operations, NASA stated. The DAVINCI probe would "study the chemical composition of Venus' atmosphere during a 63-minute descent. It would answer scientific questions that have been considered high priorities for many years, such as whether there are volcanoes active today on the surface of Venus and how the surface interacts with the atmosphere of the planet." A longer-range spacecraft called Lucy would "perform the first reconnaissance of the Jupiter Trojan asteroids, objects thought to hold vital clues to deciphering the history of the solar system."

500 Million Users At Risk of Compromise Via Unpatched WinRAR Bug 129

An anonymous reader writes: A critical vulnerability has been found in the latest version of WinRAR, the popular file archiver and compressor utility for Windows, and can be exploited by remote attackers to compromise a machine on which the software is installed. "The issue is located in the 'Text and Icon' function of the 'Text to display in SFX window' module," Vulnerability Lab explained in a post on on the Full Disclosure mailing list. "Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise."

(Over-)Measuring the Working Man 165

HughPickens.com writes: Tyler Cowen writes in MIT Technology Review that the improved measurement of worker performance through information technology is beginning to allow employers to measure value fairly precisely and as we get better at measuring who produces what, the pay gap between those who make more and those who make less grows. Insofar as workers type at a computer, everything they do is logged, recorded, and measured. Surveillance of workers continues to increase, and statistical analysis of large data sets makes it increasingly easy to evaluate individual productivity, even if the employer has a fairly noisy data set about what is going on in the workplace. Consider journalism. In the "good old days," no one knew how many people were reading an article, or an individual columnist. Today a digital media company knows exactly how many people are reading which articles for how long, and also whether they click through to other links. The result is that many journalists turn out to be not so valuable at all. Their wages fall or they lose their jobs, while the superstar journalists attract more Web traffic and become their own global brands.

According to Cowen, the upside is that measuring value tends to boost productivity, as has been the case since the very beginning of management science. We're simply able to do it much better now, and so employers can assign the most productive workers to the most suitable tasks. The downsides are several. Individuals don't in fact enjoy being evaluated all the time, especially when the results are not always stellar: for most people, one piece of negative feedback outweighs five pieces of positive feedback.
United States

Raytheon Wins US Civilian Cyber Contract Worth $1 Billion 62

Tokolosh writes: Raytheon is a company well-known in military-industrial and political circles, but not so much for software, networking and cybersecurity. That has not stopped the DHS awarding it a $1 billion, five year contract to help more than 100 civilian agencies manage their computer security. Raytheon said DHS selected it to be the prime contractor and systems integrator for the agency's Network Security Deployment (NSD) division, and its National Cybersecurity Protection System (NCPS). The contract runs for five years, but some orders could be extended for up to an additional 24 months, it said. Dave Wajsgras, president of Raytheon Intelligence, Information and Services, said the company had invested over $3.5 billion in recent years to expand its cybersecurity capabilities. He said cybersecurity incidents had increased an average of 66 percent a year worldwide between 2009 and 2014. As you might expect, Raytheon spends heavily on political contributions and lobbying.

Google AdSense Click Fraud Made Possible By Uncloaking Advertisers' Sites 50

An anonymous reader writes: A Spanish researcher claims to have uncovered a vulnerability in the security procedures of Google's AdSense program which would allow a third party to manipulate clicks on Google's syndicated ad service by 'de-cloaking' the obfuscated advertiser URLs that Google AdSense placements provide as links. He has also provided downloadable PHP files to show the exploit in action.

How Can NASA's Road To Mars Be Made More Affordable? 211

MarkWhittington writes: The Houston Chronicle's Eric Berger published a piece that touched on one of the most vexing issues surrounding NASA's "road to Mars," that being that of cost. How does one design a deep space exploration program that "the nation can afford," to coin a phrase uttered by the old NASA hand interviewed for the article? The phrase is somewhat misleading since one of the truisms of federal budgeting is that the nation can afford quite a bit. A more accurate phrase might be, "that the nation is willing to spend."

Stop Taking All the Fun Out of Science 246

HughPickens.com writes: Heidi Stevens writes in the Chicago Tribune that according to NASA astronaut Mae Jemison schools treat science like the class where fun goes to die. "Kids come out of the chute liking science. They ask, 'How come? Why? What's this?' They pick up stuff to examine it. We might not call that science, but it's discovering the world around us," says Jemison. "Once we get them in school, we turn science from discovery and hands-on to something you're supposed to do through rote memorization." But science doesn't have to be that way says Jemison. Especially in the elementary school years. "When you have teachers saying, 'I don't have enough time for hands-on activities,' we need to rethink the way we do education," says Jemison. "The drills we do, where you're telling kids to memorize things, don't actually work. What works is engaging them and letting them do things and discover things." Jemison has teamed up with Bayer to advance science literacy across the United States by emphasizing the importance of hands-on, inquiry-based learning opportunities in public schools. Bayer announced recently that it will provide 1 million hands-on science experiences for kids by 2020. "Science is around us everywhere," says Jemison. Farming is science. Cooking is science. Even styling hair involves science. "When we go to the hairdresser, we want her to know something about pH balance," says Jemison with a laugh. "Boy, do we ever want her to know something about pH balance!"

Misusing Ethernet To Kill Computer Infrastructure Dead 303

Some attacks on computers and networks are subtle; think Stuxnet. An anonymous reader writes with a report at Net Security of researcher Grigorios Fragkos's much more direct approach to compromising a network: zap the hardware from an unattended ethernet port with a jolt of electricity. Fragkos, noticing that many networks include links to scattered and unattended ethernet ports, started wondering whether those ports could be used to disrupt the active parts of the network. Turns out they can, and not just the ports they connect to directly: with some experimentation, he came up with a easily carried network zapping device powerful enough to send a spark to other attached devices, too, but not so powerful -- at least in his testing -- to set the building on fire. As he explains: I set up a network switch, and over a 5 meters Ethernet cable I connected an old working laptop. Over a 3 meters cable I connected a network HDD and over a 100 meters cable I connected my “deathray” device. I decided to switch on the device and apply current for exactly 2 seconds. The result was scary and interesting as well. The network switch was burned instantly with a little “tsaf” noise. There was also a buzzing noise coming from the devices plugged-in to the network switch, for a less than a second. There was a tiny flash from the network HDD and the laptop stopped working. It is not the cheapest thing in the world to test this, as it took all of my old hardware I had in my attic to run these experiments. I believe the threat from such a high-voltage attack against a computer infrastructure is real and should be dealt with.

Nintendo Joins Khronos Group 46

jones_supa writes: Gamasutra reports that Nintendo has quietly joined Khronos Group, the consortium managing the OpenGL and Vulkan graphics APIs. The news was brought to Gamasutra's attention by a NeoGaf post, which notes that Nintendo's name was added to the list of Khronos Group contributing members earlier this month. As a Khronos Group contributor Nintendo has full voting rights and is empowered to participate in the group's API development, but it doesn't have a seat on the Khronos Group board and can't participate in the final ratification process of new API specifications.

Number of XcodeGhost-Infected iOS Apps Rises 169

An anonymous reader writes: As the list of apps infected with the XcodeGhost malware keeps expanding, Apple, Amazon and Baidu are doing their best to purge their online properties of affected apps, malicious Xcode installers, and C&C servers used by the attackers to gather the stolen information and control the infected apps/devices. China-based jailbreaking Pangu Team claims that the number of infected app is higher than 3,400, and have offered for download a free app that apparently detects the Trojanized apps.

South Korea's "Smart Sheriff" Nanny App Puts Children At Risk 54

Starting in April, the South Korean government required that cellphones sold to anyone below the age of 19 be equipped with approved monitoring software that would allow the user's parents to monitor their phone use, report their location, and more. Now, however, researchers have discovered that one of the most popular of the approved apps, called Smart Sheriff, may not actually be very smart to have on one's phone. Researchers from Citizen Lab and Cure53, at the request of the Open Technology Fund, have analyzed the code of Smart Sheriff, and found that it actually endangers, rather than protects, the users. Reports the Associated Press, in a story carried by the Houston Chronicle: Children's phone numbers, birth dates, web browsing history and other personal data were being sent across the Internet unencrypted, making them easy to intercept. Authentication weaknesses meant Smart Sheriff could easily be hijacked, turned off or tricked into sending bogus alerts to parents. Even worse, they found that many weaknesses could be exploited at scale, meaning that thousands or even all of the app's 380,000 users could be compromised at once.
Linux Business

Thanks To Valve, More Than 1,500 Games Are Now On Linux 281

An anonymous reader writes: The Steam Store crossed the threshold this morning of having 1,500 games natively available for Linux. Timberman, a 0.99$ video game was the 1,500th title, but while there are a lot of indie games available for Linux, in the past three years have been a number of high profile AAA Linux games too. What games (old or new, free or paid) would you like to see available for Linux systems?

AMD Confirms Vulkan Driver For Linux, But To Start Off As Closed-Source 47

An anonymous reader writes: AMD has finally revealed some basic details concerning their support of Vulkan on Linux. AMD has a Vulkan driver but it will begin its life as closed-source, reports Phoronix. In time the AMD Vulkan driver will transition to being open-source. This Vulkan driver is built to interface with their new AMDGPU kernel DRM driver that's part of their long talked about AMD open-source strategy for Linux. This closed-then-open Vulkan driver will be competing with Valve's Intel Vulkan driver that will be open from day one.

Linux 4.3 Bringing Stable Intel Skylake Support, Reworked NVIDIA Driver 93

An anonymous reader writes: Mr. Torvalds has released Linux 4.3-rc1 this weekend. He characterized the release as "not particularly small — pretty average in size, in fact. Everything looks fairly normal, in fact, with about 70% of the changes being drivers, 10% architecture updates, and the remaining 20% are spread out." There are a number of new user-facing features including stabilized Intel "Skylake" processor support, initial AMD R9 Fury graphics support, SMP scheduler optimizations, file-system fixes, a reworked open-source NVIDIA driver, and many Linux hardware driver updates.

OpenGL Library Mesa 11.0 Brings Open Source OpenGL 4 88

jj110888 writes: Mesa, the open source implementation of OpenGL, has just announced version 11.0. This adds support for the amdgpu driver, fixes for non-Windows platforms, new OpenGL ES extensions supported, and more. Most notable is the support for all extensions in OpenGL 4.1 by the radeonsi and nvc0 drivers, and support for extensions added in OpenGL 4.2 by the i965 driver. This brings the OpenGL version supported by core Mesa from 3.3 to 4.2, five and a half years after OpenGL 4 was released. Mesamatrix gives the status of which OpenGL extensions are supported by which open source driver. Vulkan, on the otherhand, will have an open source driver once the spec is released.
Open Source

Open Source Router Firmware OpenWRT 15.05 Released 94

aglider writes: The newest stable iteration of the famous and glorious OpenWRT has just been released in the wild for all the supported architectures. The latest version is 15.05, codenamed "Chaos Calmer" after a cocktail drink, just like all previous ones. Major changes from the official announcements: "Linux kernel updated to version 3.18. Improved Security Features. Rewritten package signing architecture based on ed25519. Added support for jails. Added support for hardened builds. Improved Networking Support. Platform and Driver Support." For the full details you are welcome on the forums while the firmware itself and extra packages are available from the distribution servers.

Close-Up Images Show Ceres' Bright Spots In Great Detail 43

New submitter Actual_Alien writes: Since the Dawn probe arrived at Ceres, everybody has been wondering about the mysterious bright spots on an otherwise dark dwarf planet. New images sent back recently show the spots in better detail than ever — 140 meters per pixel. NASA used composite imagery to get high-quality exposures of both the bright areas and the surrounding dark areas. We can now clearly see a wide, flat crater with a rim that's almost vertical in spots. The brightest area is right at the center, with other markings to the upper right in the image. Dawn's orbit around Ceres also allows scientists to look at the crater from other perspectives, and they've generated a pair of animations to illustrate better what it looks like. One of them highlights the bright spots, while the other shows color-coded topography.