Submission + - Vulnerability in Font Processing Library Affects Linux, OpenOffice, Firefox (softpedia.com)

An anonymous reader writes: If an application can embed fonts with special characters, then it's probably using the Graphite font processing library. This library has several security issues which an attacker can leverage to take control of your OS via remote code execution scenarios. The simple attack would be to deliver a malicious font via a Web page's CSS. The malformed font loads in Firefox, triggers the RCE exploit, and voila, your PC has a hole inside through which malware can creep in.

Submission + - Brown CS Department Hiring Student Diversity, Inclusion Advocates

theodp writes: Brown University's Department of Computer Science is seeking to hire student advocates for diversity and inclusion as part of its new action plan to increase diversity. The new hires, who will also serve as members of the CS Diversity Committee, will support students, plan inclusion activities, and educate TAs on issues of diversity. Also on the diversity front, Brown touted last weekend's Hack@Brown, the school's annual student hackathon, as being "unlike any other hackathon — welcoming, inclusive, and inviting to students of all experience levels." A cynic might point out that Hack@Brown's tech giant sponsors boast track records that are quite the opposite. By the way, Brown@Hackathon certainly upped the ante on conference Codes of Conduct, warning that those anonymously-charged with making others feel uncomfortable on the basis of "gender, age, sexual orientation, disability, physical appearance, body size, race, or religion (or lack thereof)" will be "expelled from the event without travel reimbursement at the discretion of the event organisers." Brown explained that travel reimbursements were provided to promote "economic diversity", ensuring that students who couldn't otherwise afford to get to and from Providence could attend the Ivy League event. Hey, what "economically diverse" kid wouldn't want to go to a conference where rubbing someone the wrong way could leave them stranded in Rhode Island!

Submission + - New app turns smartphones into worldwide seismic network

Saeed al-Sahaf writes: UC Berkeley wants your phone to help detect earthquakes. The school has released an Android app, MyShake, that uses your phone's motion sensors to detect the telltale signs of tremors and combine that with the data from every other user. Essentially you become part of a crowdsourced seismic station network. Once enough people are using it and the bugs are worked out, however, UC Berkeley seismologists plan to use the data to warn people miles from ground zero that shaking is rumbling their way. An iPhone app is also planned.

Submission + - Authorities reportedly question McAfee's ex-girlfriend (networkworld.com)

netbuzz writes: While antivirus software pioneer John McAfee is in the media spotlight here for his long-shot Libertarian presidential run, law enforcement authorities in Belize and the FBI have just this week reportedly questioned one of his ex-girlfriend’s as they continue to investigate the 2012 murder of McAfee’s American neighbor. That probe prompted McAfee to flee Belize and eventually land back in the United States. McAfee has steadfastly denied any involvement in the murder.

Submission + - Steam Uses Out-of-Date Chromium Browser with Security Feature Disabled (softpedia.com)

An anonymous reader writes: The latest version of the Steam gaming client is using an outdated version of the Chromium browser (the Chromium Embedded Framework actually) that also ships with the --no-sandbox flag, which is considered a must-have security measure to prevent security exploits from trickling down to the underlying OS. Similar security issues with Chromium-based browsers where discovered in Avast (Avastium) and the Comodo (Chromodo).

Submission + - IOS devices have their own Y2K problem

RockDoctor writes: The Guardian is reporting that there is a bug in some versions of IOS handling of date and time : it can hang the machines.
If you set the date back to 1 Jan 1970 — the infamous Unix year zero — many versions will then hang, requiring at least shop repair, if not actually bricking the device.

Submission + - Sci-Hub, a site with open and pirated scientific papers 1

lpress writes: Sci-Hub is a Russian site that seeks to remove barriers to science by providing access to pirated copies of scientific papers. It was established in 2011 by Russian neuroscientist Alexandra Elbakyan, who could not afford papers she needed for her research and it now claims to have links to 48 million pirated and open papers. I tried it out and found some papers and not others, but it provides an alternative for researchers who cannot afford access to paid journals. After visiting this site, one cannot help thinking of the case of Aaron Swartz, who committed suicide as a result of prosecution for his attempt to free scientific literature.

Submission + - The graffiti inside Apollo 11

schwit1 writes: An effort to create a 3D model of the inside of the Apollo 11 capsule on display at the National Air & Space Museum has revealed previously undocumented notes and scribbles that the astronauts put on the capsule's walls.

Needell and his team also decided that they would provide access to the lower equipment bay, the area located below the astronauts' seats, which housed the ship's navigation sextant, telescope and computer. "No one from the Smithsonian, as far I knew — not as long as I've been the curator for 20 years, has ever been below there to document the conditions or any of the aspects of the lower equipment bay," said Needell. "We've been able to sort of see above the seats, but that's about all."

So, for the first time, the curators removed from the lower bay the large bag that held the Apollo 11 crew's pressure garment assemblies — in other words, their spacesuits — as well as several helmet bags and a checklist pocket that command module pilot Michael Collins used while orbiting the moon alone.

And then they saw it, the literal writing on the wall.

They have located at least one post-landing image that shows some of the writing, which indicates that in 1969 no one considered this important enough to note. Then the capsule was put on display, and no one was allowed in it for decades.

Submission + - First Time Ever: Ransomware Hits Website, Defaces Homepage

An anonymous reader writes: The website of the British Association for Counseling & Psychotherapy (bacp.co.uk) has been hit by a variant of the CTB-Locker ransomware. While the ransomware proclaims to be CTB-Locker, there are a ton of clues that reveal this may be a fake and this is actually the first ever ransomware family created to target websites and not computers.

Submission + - A Practitioner's Guide to Verifying a Distributed System (acm.org)

ChelleChelle2 writes: As Leslie Lamport once famously stated, "A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable." Given the complexity of distributed systems and the large set of possible failures, testing and verifying the systems you build is both difficult, yet incredibly important. Luckily Caitie McCaffrey, tech lead for observability at Twitter, has provided a useful practitioner’s guide to verifying a distributed system.

Submission + - Ubisoft Talks Splitscreen and The Division

SlappingOysters writes: Ubisoft's next entry in the Tom Clancy series is pushing at the boundaries of three genres, mixing the RPG, the squad-based shooter and the MMO into The Division. The game features drop-in, drop-out co-op in a near-future, post-pandemic New York that seamlessly allows players to transition from PvE to PvP environments without any menus or lobbies. However, despite its co-op gameplay, The Division does not support splitscreen. Finder.com.au recently ran an extensive hands-on with the game, as well as an interview with Ubisoft Massive's creative director Magnus Jansén regarding the decision to forgo splitscreen co-op.

Submission + - Researchers improve efficiency of plug-in hybrid electric vehicles by almost 12% (dispatchtribunal.com)

hypnosec writes: A new study has put forward claims that by working on and improving the energy management system (EMS) that decides when the switch from ‘all-electric’ mode to ‘hybrid’ mode in plug-in hybrid electric vehicles, efficiency of these vehicles can be improved by as much as 12 per cent. Researchers have shown in their lab tests that blended discharge strategies wherein power from the battery is used throughout the trip, have proven to be more efficient at minimizing fuel consumption and emissions.

Submission + - LinkedIn is Open Sourcing Their Testing Frameworks (github.io)

destinyland writes: LinkedIn is open sourcing their testing frameworks, and sharing details of their revamped development process after their latest app required a year and over 250 engineers. Their new paradigm? "Release three times per day, with no more than three hours between when code is committed and when that code is available to members," according to a senior engineer on LinkedIn's blog. This requires a three-hour pipeline where everything is automated, from committing code to releasing it into production, along with automated analyses and testing. "Holding ourselves to this constraint ensures we won’t revert to using manual validation to certify our releases."

Slashdot Top Deals