Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Comment Open Source commercial (Score 1) 144

And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.

And thanks to the LGPL license of GnuTLS, all the users have the possibility to upgrade their systems, independently of whether Red Hat, Debian, Ubuntu, Apple, Microsoft believe that maintaining those systems is still commercially convenient or not. GPLv3 would be better, as it would give the users the warranty of being able to actually install the updated code into their devices, which is important for non-PCs.
Sony

Blender Foundation Video Taken Down On YouTube For Copyright Violation 306

Posted by timothy from the now-it's-ours dept.
An anonymous reader writes "As if the automated take downs on Youtube weren't already bad enough, today fans of the popular open source 3D software Blender were greeted by a copyright take down notice for their third open movie, Sintel, despite it being released under a Creative Commons license: 'This video contains content from Sony Pictures Movies & Shows, who has blocked it on copyright grounds.' It is believed that the takedown was a result of Sony Electronics adding Sintel to their official 4k demo pool."
Windows

Microsoft's Security Products Will Block Adware By Default Starting On July 1 177

Posted by timothy from the why-not-sooner dept.
An anonymous reader writes "Microsoft [Thursday] announced a change to how it handles adware, a form of malware that pushes unwanted advertisements to the user. As of July 1, the company's security products will immediately stop any adware they detect and notify the user, who can then restore the program if they wish. Currently, when any of Microsoft's security products (including Microsoft Security Essentials and Microsoft Forefront) detects a program as adware, it will alert the user and offer them a recommended action. If the user doesn't do anything, the security product will let the program continue to run until the user makes a decision." If adware is malware, why wait until July?
United Kingdom

UK Government Pays Microsoft £5.5M For Extended Support of Windows XP 341

Posted by timothy from the ok-but-only-if-you-pay-nicely dept.
whoever57 (658626) writes "The UK Government has signed a contract worth £5.5M (almost $9M) for extended support and security updates for Windows XP for 12 months after April 8. The deal covers XP, Exchange 2003 and Office 2003 for users in central and local government, schools and the National Health Service. The NHS is in need of this deal because it was estimated last September that 85% of the NHS's 800,000 computers were running XP."
Security

TCP/IP Might Have Been Secure From the Start If Not For the NSA 149

Posted by Soulskill from the another-lash-for-the-whipping-boy dept.
chicksdaddy writes: "The pervasiveness of the NSA's spying operation has turned it into a kind of bugaboo — the monster lurking behind every locked networking closet and the invisible hand behind every flawed crypto implementation. Those inclined to don the tinfoil cap won't be reassured by Vint Cerf's offhand observation in a Google Hangout on Wednesday that, back in the mid 1970s, the world's favorite intelligence agency may have also stood in the way of stronger network layer security being a part of the original specification for TCP/IP. (Video with time code.) Researchers at the time were working on just such a lightweight cryptosystem. On Stanford's campus, Cerf noted that Whit Diffie and Martin Hellman had researched and published a paper that described the functioning of a public key cryptography system. But they didn't yet have the algorithms to make it practical. (Ron Rivest, Adi Shamir and Leonard Adleman published the RSA algorithm in 1977). As it turns out, however, Cerf did have access to some really bleeding edge cryptographic technology back then that might have been used to implement strong, protocol-level security into the earliest specifications of TCP/IP. Why weren't they used? The crypto tools were part of a classified NSA project he was working on at Stanford in the mid 1970s to build a secure, classified Internet. 'At the time I couldn't share that with my friends,' Cerf said."
Open Source

Linus Torvalds Suspends Key Linux Developer 641

Posted by Soulskill from the arguing-about-penguins dept.
alphadogg writes: "An argument between developers of some of the most basic parts of Linux turned heated this week, resulting in a prominent Red Hat employee and code contributor being banned from working on the Linux kernel. Kay Sievers, a well-known open-source software engineer, is a key developer of systemd, a system management framework for Linux-based operating systems. Systemd is currently used by several prominent Linux distributions, including two of the most prominent enterprise distros, Red Hat and SUSE. It was recently announced that Ubuntu would adopt systemd in future versions as well. Sievers was banned by kernel maintainer Linus Torvalds on Wednesday for failing to address an issue that caused systemd to interact with the Linux kernel in negative ways."
United States

NSA Infiltrated RSA Deeper Than Imagined 168

Posted by samzenpus from the bad-to-worse dept.
Rambo Tribble (1273454) writes "Reuters is reporting that the U.S. National Security Agency managed to have security firm RSA adopt not just one, but two security tools, further facilitating NSA eavesdropping on Internet communications. The newly discovered software is dubbed 'Extended Random', and is intended to facilitate the use of the already known 'Dual Elliptic Curve' encryption software's back door. Researchers from several U.S. universities discovered Extended Random and assert it could help crack Dual Elliptic Curve encrypted communications 'tens of thousands of times faster'."
Businesses

Apple, Google Go On Trial For Wage Fixing On May 27 148

Posted by Soulskill from the get-your-tickets-now dept.
theodp writes: "PandoDaily's Mark Ames reports that U.S. District Judge Lucy Koh has denied the final attempt by Apple, Google, Intel, and Adobe to have the class action lawsuit over hiring collusion practices tossed. The wage fixing trial is slated to begin on May 27. 'It's clearly in the defendants' interests to have this case shut down before more damaging revelations come out,' writes Ames. (Pixar, Intuit and LucasFilm have already settled.) The wage fixing cartel, which allegedly involved dozens of companies and affected one million employees, also reportedly affected innovation. 'One the most interesting misconceptions I've heard about the "Techtopus" conspiracy,' writes Ames of Google's agreement to cancel plans for an engineering center in Paris after Jobs expressed disapproval, 'is that, while these secret deals to fix recruiting were bad (and illegal), they were also needed to protect innovation by keeping teams together while avoiding spiraling costs.' Ames adds, 'In a field as critical and competitive as smartphones, Google's R&D strategy was being dictated, not by the company's board, or by its shareholders, but by a desire not to anger the CEO of a rival company.'"
Transportation

Security Evaluation of the Tesla Model S 93

Posted by Soulskill from the fob-it-off-on-somebody-else dept.
An anonymous reader writes: "Nitesh Dhanjani has written a paper outlining the security mechanisms surrounding the Tesla Model S, as well as its shortcomings, titled 'Cursory Evaluation of the Tesla Model S: We Can't Protect Our Cars Like We Protect Our Workstations.' Dhanjani says users are required to set up an account secured by a six-character password when they order the car. This password is used to unlock a mobile phone app and to gain access to the user's online Tesla account. The freely available mobile app can locate and unlock the car remotely, as well as control and monitor other functions.

The password is vulnerable to several kinds of attacks similar to those used to gain access to a computer or online account. An attacker might guess the password via a Tesla website, which Dhanjani says does not restrict the number of incorrect login attempts. Dhanjani said there is also evidence that Tesla support staff can unlock cars remotely, leaving car owners vulnerable to attackers impersonating them, and raising questions about the apparent power of such employees to locate and unlock any car with or without the owner's knowledge or permission. In his paper, Dhanjani also describes the issue of Tesla's REST APIs being used by third parties without Tesla's permission, causing Tesla owners' credentials to be sent to those third parties, who could misuse the information to locate and unlock cars."

Comment Weasel words (Score 4, Insightful) 155

by peppepz (#46586655) Attached to: Canonical's Troubles With the Free Software Community
Just some days ago we were already told that the Free Software Community hates Canonical. Then again, who is this Free Software Community? I've been using free software since before it was fashionable to call it thus, so I think that I use lots of software coming from the Free Software Community. Today I happen to use some pieces of free software from Canonical. Of the works by some of the persons spotted in TFA as speakers for the "Free Software Community", I use nothing, so I see more contribution to the Free Software Community from Canonical than from them.

Don't like software form Canonical? Don't use it. They're a commercial company, so they have to break even ultimately. I understand if, after listening to everyone, they make their own decision. Their Mir project is all about Ubuntu phones: should that platform be successful, they'll take the merit, should they fail, the Free Software Community will still have Android as their reference platform. Even if Google is a commercial company, too, and compared to them Canonical is Candy Candy.

Comment Re: What an open source baseband can be. (Score 1) 137

by peppepz (#46573523) Attached to: Ubuntu Phone Isn't Important Enough To Demand an Open Source Baseband
No matter how many internet comments you post, you still can't prevent other people from posting their own ones. A badly behaving radio will prevent all other radios working on the same frequency bands from operating correctly. It doesn't take a very powerful radio to cause massive denial of service. Also, a hacked radio could make use of frequencies that its owner hasn't paid to use.

Comment Re:Irrational open source fanboys (Score 2) 137

by peppepz (#46573461) Attached to: Ubuntu Phone Isn't Important Enough To Demand an Open Source Baseband

because they can't just hard code that right into the chip and never let you see it ...

No, because we would see either the software interfacing with the hard-coded backdoor, or some undocumented hardware means of communication coming out from the chip, and we'd start asking questions.

So if I just embed my code into the processor itself, you won't bitch.

Thats just silly.

Embedding code in (readonly or flash) ROMs is actually preferred from Stallman's point of view, because it allows the hardware to work out-of-the-box when using free software to control that hardware. Binary firmware is problematic for free software operating systems, not because free software enthusiasts have some maniac obsession about not running binaries that they haven't compiled themselves, but because the copyright holders of the firmware binary blobs often attach very restrictive licensing conditions to them, making them very hard or impossible to redistribute.

Comment Re:I dont get it (Score 1) 551

by peppepz (#46572979) Attached to: Russians Take Ukraine's Last Land Base In Crimea

Now name one that the UN left for the US to hop the bag on for over a decade instead of taking care of business

Then next time Russia or some other country you don't like "takes care of some business" without waiting for the U.N. don't act outraged. Principles can't be bent to one's convenience.
United States

White House To Propose Ending NSA Phone Records Collection 208

Posted by Unknown Lamer from the kind-of-sort-of dept.
The New York Times reported last night that the White House is planning to introduce a legislative package that would mostly end the NSA's bulk collection of phone records. Instead, phone companies would be required to hand over records up to "two hops" from a target number. Phone companies would be required to retain records for 18 months (already legally mandated) instead of the NSA storing records for five years. It does not appear that secret courts and secret orders from the court would be abolished, however. From the article: "The new type of surveillance court orders envisioned by the administration would require phone companies to swiftly provide records in a technologically compatible data format, including making available, on a continuing basis, data about any new calls placed or received after the order is received, the officials said ... The administration’s proposal would also include a provision clarifying whether Section 215 of the Patriot Act, due to expire next year unless Congress reauthorizes it, may in the future be legitimately interpreted as allowing bulk data collection of telephone data. ... The proposal would not, however, affect other forms of bulk collection under the same provision."

Comment Re:I dont get it (Score 1) 551

by peppepz (#46568403) Attached to: Russians Take Ukraine's Last Land Base In Crimea
Iraq was invaded without U.N. authorization because the U.S. had produced false evidence of weapon of mass destruction being stored inside Iraq. The satellite countries that agreed to take (a minor) part in the invasion stated officially that they were convinced by the U.S.' false evidence, in reality all they were after was them to partake into the feast of the war's aftermath - they gave so they could receive.

There are other countries that repeatedly defy the United Nations and the U.S. would never invade.

Which is not to say that Saddam Hussein was a nice guy and the U.S. are the empire of evil - I certainly am happier to live under the U.S.' influence rather than Russia's - but let's not paint conflicts of political interests with manicheism.

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close