Trailrunner7 writes: Security issues continue to crop up within the so-called "smart home." A pair of vulnerabilities have been reported for the Tuxedo Touch controller made by Honeywell, a device that's designed to allow users to control home systems such as security, climate control, lighting, and others. The controller, of course, is accessible from the Internet. Researcher Maxim Rupp discovered that the vulnerabilities could allow an attacker to take arbitrary actions, including unlocking doors or modifying the climate controls in the house.

An anonymous reader writes: I recently stumbled upon Apple's headline for version 2 of its Swift programming language: "Now everyone can build amazing apps." My question: is this what we really need? Tech giants (not just Apple, but Microsoft, Facebook, and more) are encouraging kids and adults to become developers, adding to an already-troubled IT landscape. While many software engineering positions are focused only on a business's internal concerns, many others can dramatically affect other people's lives. People write software for the cars we drive; our finances are in the hands of software, and even the medical industry is replete with new software these days. Poor code here can legitimately mess up somebody's life. Compare this to other high-influence professions: can you become surgeon just because you bought a state-of-art turbo laser knife? Of course not. Back to Swift: the app ecosystem is already chaotic, without solid quality control and responsibility from most developers. If you want simple to-do app, you'll get never-ending list of software artifacts that will drain your battery, eat memory, freeze the OS and disappoint you in every possible way. So, should we really be focusing on quantity, rather than quality?

Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. And cynicism. Tom is a world-class cynic, no doubt about it. Why? Cover enterprise IT security and other computing topics long enough for big-time industry publications like ITWorld and its IDG brethren, and you too may start to think that no matter what you do, your systems will always have (virtual) welcome mats in front of them, inviting crackers to come in and have a high old time with your data.

Note: Alert readers have probably noticed that we talked with Tom about cloud security back in March. Another good interview, worth seeing (or reading).

An anonymous reader writes: DHI Group Inc. (formerly known as Dice Holdings Inc.) announced plans to sell Slashdot Media (slashdot.org & sourceforge.net) in their Q2 financial report. This is being reported by multiple sources. Editor's note: Yep, looks like we're being sold again. We'll keep you folks updated, but for now I don't have any more information than is contained in the press release. Business as usual until we find a buyer (and hopefully after). The company prepared a statement for our blog as well — feel free to discuss the news here, there, or in both places.

An anonymous reader writes: In June of 2013, a petition was posted to Whitehouse.gov demanding that Edward Snowden receive a full pardon for his leaks about the NSA and U.S. surveillance practices. The petition swiftly passed 100,000 signatures — the point at which the White House said it would officially respond to such petitions. For two years, the administration was silent, but now they've finally responded. In short: No, Edward Snowden won't be receiving a pardon.

Lisa Monaco, the President's Advisor on Homeland Security and Counterterrorism, said, "Mr. Snowden's dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it. If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and — importantly — accept the consequences of his actions. He should come home to the United States, and be judged by a jury of his peers — not hide behind the cover of an authoritarian regime. Right now, he's running away from the consequences of his actions."

New submitter codguy writes to note that a few days ago, and after a previous failed attempt to fight patent troll TQP Development in late 2013, Newegg has now beaten this troll in a rematch. From the linked post: "Newegg went against a company that claimed its patent covered SSL and RC4 encryption, a common encryption system used by many retailers and websites. This particular patent troll has gone against over 100 other companies, and brought in $45 million in settlements before going after Newegg." This follows on Intuit's recent success in defending itself against this claim.

tobiasly writes: A serious bug in the just-released .NET 4.6 runtime causes the JIT compiler to generate incorrectly-optimized code which results in methods getting called with different parameters than what were passed in. Nick Craver of Stack Exchange has an excellent write-up of the technical details and temporary workarounds; Microsoft has acknowledged the problem and submitted an as-yet unreleased patch.

This problem is compounded by Microsoft's policy of replacing the existing .NET runtime, as opposed to the side-by-side runtimes which were possible until .NET 2.0. This means that even if your project targets .NET 4.5, it will get the 4.6 runtime if it was installed on that machine. Since it's not possible to install the just-released Visual Studio 2015 without .NET 4.6, this means developers must make the difficult choice between using the latest tools or risking crippling bugs such as this one.

An anonymous reader writes: At OSCON this year, Red Hat's Tom Callaway gave a talk entitled "This is Why You Fail: The Avoidable Mistakes Open Source Projects STILL Make." In 2009, Callaway was starting to work on the Chromium project—and to say it wasn't a pleasant experience was the biggest understatement Callaway made in his talk. Callaway said he likes challenges, but he felt buried by the project, and reached a point where he thought he should just quit his work. (Callaway said it's important to note that Chromium's code is not bad code; it's just a lot of code and a lot of code that Google didn't write.) This was making Callaway really frustrated, and people wanted to know what was upsetting him. Callaway wanted to be able to better explain his frustration, so he crafted this list which he called his "Points of Fail."

HughPickens.com writes: Keith Collins writes at Quartz that the going rate for a stolen identity is about twenty bucks on the internet black market. Collins analyzed hundreds of listings for a full set of someone's personal information—identification number, address, birthdate, etc., known as "fullz" that were put up for sale over the past year, using data collected by Grams, a search engine for the dark web. The listings ranged in price from less than $1 to about $450, converted from bitcoin. The median price for someone's identity was $21.35. The most expensive fullz came from a vendor called "OsamaBinFraudin," and listed a premium identity with a high credit score for $454.05. Listings on the lower end were typically less glamorous and included only the basics, like the victim's name, address, social security number, perhaps a mother's maiden name. Marketplaces on the dark web, not unlike eBay, have feedback systems for vendors ("cheap and good A+"), refund policies (usually stating that refunds are not allowed), and even well-labeled sections. "There is no shortage of hackers willing to do about anything, computer related, for money," writes Elizabeth Clarke. "and they are continually finding ways to monetize personal and business data."

schwit1 writes: If quantum computing is at the Goddard level that would be a good thing for quantum computing. This means that the major fundamental breakthrough that would put them over the top was in hand and merely a lot of investment, engineering and scaling was needed. The goal of being able to solve NP-hard or NP-Complete problems with quantum computers is similar to being able to travel to the moon, mars or deeper into space with rockets. Conventional flight could not achieve those goals because of the lack of atmosphere in space. Current computing seems like they are very limited in being able to tackle NP-hard and NP Complete problems. Although clever work in advanced mathematics and approximations can give answers that are close on a case by case basis.

An anonymous reader writes: Researchers from Ben Gurion University managed to extract GSM signals from air gapped computers using only a simple cellphone. According to Yuval Elovici, head of the University’s Cyber Security Research Center, the air gap exploit works because of the fundamental way that computers put out low levels of electromagnetic radiation. The attack requires both the targeted computer and the mobile phone to have malware installed on them. Once the malware has been installed on the targeted computer, the attack exploits the natural capabilities of each device to exfiltrate data using electromagnetic radiation.

StartsWithABang writes: The Andromeda galaxy is our closest large neighbor, dominating our local group with more than double the number of stars found in the Milky Way. While visible light can reveal a tremendous amount of information, it's by going to shorter (UV) and longer (IR) wavelengths that we can learn where the newest, hottest stars are, find that they form in clusters along the arms and in the center, see through the (visible) light-blocking dust, and pinpoint the location of the neutral gas that will form the next generation of stars.