Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Bug

XP Systems Getting Emergency IE Zero Day Patch 179

Posted by timothy from the patches-galore dept.
msm1267 (2804139) writes "Microsoft announced it will release an out-of-band security update today to patch a zero-day vulnerability in Internet Explorer, and that the patch will also be made available for Windows XP machines through Automatic Update. At the same time, researchers said they are now seeing attacks specifically targeting XP users.

Microsoft no longer supports XP as of April 8, and that includes the development and availability of security updates. But the about-face today speaks to the seriousness of the vulnerability, which is being exploited in limited targeted attacks, Microsoft said. Researchers at FireEye, meanwhile, said multiple attackers are now using the exploit against XP machines, prompting the inclusion of XP systems in the patch."

Submission + - laser lit lunar eclipse (nasa.gov)

Submitted by Mister Liberty
Mister Liberty writes: Tom Murphy, astrophysicist at UCSD (https://physics.ucsd.edu/do-the-math/) writes:
While not related to Do the Math, I encourage you to check out this (http://apod.nasa.gov/apod/ap140418.html) stunning photo taken by Dan Long capturing our recent laser ranging efforts during the April 15 lunar eclipse. This is a real photo, taken through a C-11 telescope with a focal reducer (700 mm, f/2)—the outgoing laser beam has not been artificially superimposed. Normally it is really difficult to get a picture of our faint beam heading toward the Moon, because the Moon is so glaringly bright. The eclipse provided a great photo-op, and also a means to test the hypothesis of dusty reflectors. To me, this shot is just gorgeous. But I have more invested in it than the average Joe: this picture serves as a visual representation of a key focus in my life over the last 14 years—so of course I’m enamored."

Comment History repeats itself (Score 5, Insightful) 86

by ptaff (#46816157) Attached to: David Auerbach Explains the Inside Baseball of MSN Messenger vs. AIM

Yeah, those long forgotten chat-silo days when you needed an ICQ account, an AIM account, a MSN account, a Yahoo account to reach all your friends... fortunately XMPP/Jabber would solve all of this, and even Google would embrace the open standard with their new GTalk.

Oh! wait... it was a bait and switch.

Don't be evil does not mean be good.

Submission + - There's got to be more than the Standard Model

Submitted by StartsWithABang
StartsWithABang writes: The Standard Model of particle physics is perhaps the most successful physical theory of our Universe, and with the discovery and measurement of the Higgs boson, may be all there is as far as fundamental particles accessible through terrestrial accelerator physics. But there are at least five verified observations we've made, many in a variety of ways, that demonstrably show that the Standard Model cannot be all there is to the Universe. Here are the top 5 signs of new physics.

Comment Automate everything using chef/puppet (Score 1) 136

by ptaff (#46727457) Attached to: Seven Habits of Highly Effective Unix Admins

Using anything like puppet or chef under version control to do all server ops will not only leave you with a full timestamped documentation, but will allow you to easily horizontally scale servers, rebuild them should disaster strike and protect you from stupid upstream package updates that b0rk your config files.

Have a staging and production environment? pushing your chef/puppet scripts to production after they're proven to work insures you have the same changes applied on both sides, and avoid manual operations on production.

Submission + - Heartbleed OpenSSL Vulnerability: A Technical Remediation

Submitted by Anonymous Coward
An anonymous reader writes: Since the announcement, there has been buzz around the underground and malicious actors have been actively leaking software library data and using one of the several provided PoC code to attack the massive amount of services available on the internet. One of the more complicated issues is that the OpenSSL patches were not in-line with the upstream of large Linux flavors. We have had a opportunity to review the behavior of the exploit and have come up with the following IDS signatures to be deployed for detection.
Privacy

Dropbox's New Policy of Scanning Files For DMCA Issues 243

Posted by samzenpus from the lets-see-what-you-have-there dept.
Advocatus Diaboli (1627651) writes "This weekend a small corner of the Internet exploded with concern that Dropbox was going too far, actually scanning users' private and directly peer-shared files for potential copyright issues. What's actually going on is a little more complicated than that, but shows that sharing a file on Dropbox isn't always the same as sharing that file directly from your hard drive over something like e-mail or instant messenger. The whole kerfuffle started yesterday evening, when one Darrell Whitelaw tweeted a picture of an error he received when trying to share a link to a Dropbox file with a friend via IM. The Dropbox web page warned him and his friend that 'certain files in this folder can't be shared due to a takedown request in accordance with the DMCA.'"

Submission + - Microsoft reportedly plans to offer a free version of Windows 8.1 (ndtv.com)

Submitted by Anonymous Coward
An anonymous reader writes: According to reports, to Microsoft plans to announce a free version of Windows 8.1 in a bid to persuade customers to upgrade to the latest version.

Reports claim the new version, called 'Windows 8.1 with Bing', could be given away at a developers' conference in April, a version that would have key Microsoft apps and services.

According to media reports, "Microsoft is currently experimenting with a free version of Windows 8.1 that could boost the number of people using the operating system."
OS X

Apple Drops Snow Leopard Security Updates, Doesn't Tell Anyone 241

Posted by timothy from the they'll-figure-it-out-soon-enough dept.
Freshly Exhumed writes "As Apple issued an update for Mavericks, Mountain Lion, and Lion yesterday, Snow Leopard users have not seen a security update since September, 2013. This would not be noteworthy if Apple, like a host of other major software vendors, would clearly spell out its OS support policies and warn users of such changes, but they have not. Thus, the approximately 20% of Mac users still running Snow Leopard now find themselves in a very vulnerable state without the latest security updates."

Submission + - Interview: Ask Richard Stallman What You Will

Submitted by samzenpus
samzenpus writes: Richard Stallman (RMS) founded the GNU Project in 1984, the Free
        Software Foundation in 1985, and remains one of the most important
        and outspoken advocates for software freedom. RMS now spends much
        of his time fighting excessive extension of copyright laws,
        digital rights management, and software patents. He's agreed to
        answer your questions about GNU/Linux, how GNU relates to Linux
        the kernel, free software, why he disagrees with the idea of open source, and other issues of public concern. As usual, ask as many as you'd like, but please, one question per post.

Submission + - FFmpeg's VP9 Decoder Faster Than Google's Decoder (phoronix.com)

Submitted by Anonymous Coward
An anonymous reader writes: A VP9 video decoder written for FFmpeg, FFvp9, now holds the title of being the world's fastest VP9 video decoder. FFvp9 is faster than Google's de facto VP9 decoder found in libvpx, but this doesn't come as too much of a surprise given that FFmpeg also produced a faster VP8 video decoder than Google a few years back with both single and multi-threaded performance.

Submission + - Slashdot Beta: Because They Hate You 3

Submitted by boolithium
boolithium writes: People on here are missing the point of the Beta roll out. The elimination of the existing user base is not a side effect, it is a feature. Slashdot as a brand has value, but as a site has limited commercial appeal. The users are the kids at the lunch table, where not even the foreign exchange students want to sit. Nobody ever got laid from installing NetBSD.

Once they are finished with their nerd cleansing, they can build a new Slashdot. A sexier Slashdot. A Slashdot the kids can dance to.

They aren't ignoring you. They are exterminating you.

Submission + - Slashdot Beta Woes 16

Submitted by s.petry
s.petry writes: What is a Slashdot and why the Beta might destroy it?

Slashdot has been around, well, a very long time. Longer than any of it's competators, but not as long as IIRC. Slashdot was a very much one of the first true social media web sites.

On Slashdot, you could create a handle or ID. Something personal, but not too personal, unless you wanted it to be. But it was not required either. We know each other by our handles, we have watched each other grow as people. We may have even taken pot shots at each other in threads. Unless of course you are anonymous, but often we can guess who that really is.

One of Slashdot's first motto's was "News for Nerds" that Matters. I have no idea when that was removed. I have not always scoured the boards here daily, life can get too busy for that. That excuses my ignorance in a way. I guess someone thought it politically incorrect, but most of us "Nerds" enjoyed it. We are proud of who we are, and what we know. Often we use that pride and knowledge to make someone else look bad. That is how we get our digs in, and we enjoy that part of us too. We don't punch people, we belittle them. It's who we are!

What made Slashdot unique were a few things. What you will note here is "who" has been responsible for the success of Slashdot. Hint, it has never been a just the company taking care of the servers and software.

— First, the user base submitted stories that "they" thought mattered. It was not a corporate feed. Sure, stories were submitted about companies. The latest break through from AMD and Intel, various stories regarding the graphic card wars, my compiler is better than your compiler, and yes your scripting language stinks! Microsoft IIS has brought us all a few laughs and lots of flame wars to boot. Still, we not only read about the products but get to my second point.

— User comments. This is the primary why we have been coming here for as long as we have, many of us for decades. We provide alternative opinions or back what was given in the article. This aspect not only makes the "News" interesting, but often leads to other news and information sharing. It's not always positive, but this is the nature of allowing commentary. It also brings out the third point.

— Moderation. Moderation has been done by the community for a very long time. It took lots of trial and error to get a working system. As with any public system it's imperfect, but it's been successful. People can choose to view poorly modded comments, but don't have to. As with posting anonymous versus with our own handle it's an option that allows us to personalize the way we see and read what's on the site. And as a reward for submitting something worth reading, you might get a mod point of your own to use as a reward for someone else.

Why we dislike Beta and what is being pushed, and why this will result in the end of an era if it becomes forced on the community.

1. Bulky graphics. We get that Dice and Slashdot need revenue. I have Karma good enough to disable advertisements, but have never kept this setting on. I realize that Slashdot/Dice make money with this. That said, the ads sit away from my news and out of the way. I can get there if I want it (but nobody has ever gotten a penny from me clicking an ad... nobody!), but it's not forced into my face or news feed.

2. Low text area. I like having enough on my screen to keep me busy without constant scrolling. Slashdot currently has the correct ratio of text to screen. This ratio has never been complained about, yet Beta reduces the usable text area by at least 1/2 and no option for changing the behavior. I hate reading Slashdot on mobile devices because I can't stand scrolling constantly.

3. JavaScript. We all know the risks of JS, and many of us disable it. We also have an option of reading in Lync or non-standard browsers that many of us toy with for both personal and professional reasons. This flexibility is gone in Beta, and we are forced to allow JS to run. If you don't know the risks of allowing JS to run, you probably don't read much on Slashdot. Those that allow JS do so accepting the risk (which is admittedly low on a well known site).

4. Ordering/Sorting/Referencing. Each entry currently gets tagged with a unique thread ID. This allows linking to the exact post in a thread, not just the top of the thread. In Beta this is gone. It could be that the site decided to simply hide the post ID or it was removed. Either way, going to specific posts is something that is used very commonly by the community.

5. Eye candy. Most of us are not here for "eye candy" and many have allergic reactions to eye candy. Slashdot has a good mix currently. It's not as simple as the site starting with a r-e-d-i-t, which is good. That site has a reputation that keeps many of us away, and their format matches my attitude of them (s-i-m-p-l-e-t-o-n). At the same time, it's not like watching some other "news" sites with so much scrolling crap I can't read an article without getting a headache. The wasted space in beta for big bulky borders, sure smells like eye candy. Nothing buzzes or scrolls yet, but we can sense what's coming in a patch later.

The thing is, the community cares about Slashdot. We come here because we care. We submit stories because of that, we vote because of that, we moderate because of that, and we comment because of that. At the same time we realize that without the community Slashdot loses most of its value. We respect that we don't host the servers, backup the databases, or patch the servers. Slashdot/Dice provide the services needed for Slashdot.

It's a give give relationship, and we each get something in return. Slashdot gets tons of Search hits and lots of web traffic. We get a place to learn, teach, and occasionally vent.

Look, if you want to change default color scheme or make pre-made palettes for us to choose from, we would probably be okay with that. If you want to take away our ability to block ads by Karma, or move the ads to the left side of my browser window, I would be okay with those things too.

If you want to make drastic changes to how the site works, this is a different story all together. The reason so many are against Beta is that it breaks some of the fundamental parts of what makes Slashdot work.

User input until recently has not been acknowledged. The acknowledgment we have received is not from the people that are making the decision to push Beta live. We told people Beta was broken, what it lacked, and we were rather surprised to get a warning that Beta would be live despite what we told people. People are already making plans to leave, which means that Slashdot could fade away very soon.

Whether this was the goal for Dice or not remains to be seen. If it is, it's been nice knowing you but I won't be back. A partnership only works when there is mutual respect between the parties. A word of caution, us Nerds have good memories and lots of knowledge. The loss of Slashdot impacts all of Dice holdings, not just Slashdot. I boycott everything a company holds, not just the product group that did me wrong.

If that was not the goal of Dice, you should quickly begin communicating with the user base. What are the plans are to fix what Beta has broken? Why is Beta being pushed live with things broken? A "Sorry we have not been communicating!", and perhaps even a "Thank you" to the user base for helping make Slashdot a success for so many years.

Slashdot Top Deals

The moon is made of green cheese. -- John Heywood

Close