Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Businesses

Comcast-TWC Merger Review On Hold 88

Posted by Soulskill from the checking-their-bona-fides dept.
An anonymous reader writes: When the U.S. Federal Communications Commission began reviewing the merger between Comcast and Time Warner Cable, it imposed a 180-day deadline on the review process. The agency has now pushed that deadline back a few weeks after learning that TWC withheld over 7,000 documents they shouldn't have. TWC originally claimed the documents fall under attorney-client privilege, but that appears not to be the case.

Perhaps more disturbing, the article says another 31,000 documents "went missing" because of a vendor error. (Perhaps even more disturbing is that this is a drop in the bucket compared to the sum total of information TWC dumped on the FCC — apparently over 5 million pages. How they can be expected to properly review that much material is beyond me.)

The FCC is also ready to close the public comment period for the merger, during which over 600,000 comments were filed. Critics are making their final arguments and Comcast is tallying up all the nice things people (and paid public relations agencies) had to say.
Open Source

Docker Image Insecurity 73

Posted by Soulskill from the totally-secure-for-undefined-values-of-secure dept.
An anonymous reader writes Developer Jonathan Rudenberg has discovered and pointed out a glaring security hole in Docker's system. He says, "Recently while downloading an 'official' container image with Docker I saw this line: ubuntu:14.04: The image you are pulling has been verified

I assumed this referenced Docker's heavily promoted image signing system and didn't investigate further at the time. Later, while researching the cryptographic digest system that Docker tries to secure images with, I had the opportunity to explore further. What I found was a total systemic failure of all logic related to image security.

Docker's report that a downloaded image is 'verified' is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities." Docker's lead security engineer has responded here.

Submission + - Startups: The crazy ones, the misfits, the rebels ... the dumb ones (pcworld.com)

Submitted by Anonymous Coward
An anonymous reader writes: Many companies emerged in 2014 offering new ways to help people connect, get stuff done, or find that special someone. Slack, for example, offers a chatty alternative to work email. Or Yonomi might actually make an Internet connected home feasible. But other new startups, looking for that new and original thing, peddled products that were gimmicky, legally unsound, or just not super useful.
Lord of the Rings

Ars: Final Hobbit Movie Is 'Soulless End' To 'Flawed' Trilogy 351

Posted by Soulskill from the things-you'll-pay-for-even-though-you-know-you'll-hate dept.
An anonymous reader writes: The final chapter to Peter Jackson's series of films based on The Hobbit debuted last week, and the reviews haven't been kind. Ars Technica just posted theirs, and it highlights all the problems with Battle of the Five Armies, a two-hour and twenty-four minute film based on only 72 pages of the book. Quoting: "The battles in Battle of the Five Armies are deadly boring, bereft of suspense, excessively padded, and predictable to the point of being contemptuous of the audience. Suspense is attempted mostly by a series of last-minute saves and switches. ... There are other problems. Everyone in this movie takes themselves way too seriously, which makes them even harder to sympathize with. Peter Jackson leans way too hard on voice modulation to make characters seem menacing or powerful. The movie's tone is still way out of step with the book's tone. ... There's one big thing that doomed these movies from the outset — the fiscally smart but artistically bankrupt decision to make a single, shortish children's novel into three feature-length prequel films." Other review titles: "Peter Jackson Must Be Stopped," "The Phantom Menace of Middle Earth," and "Lots of Fighting, Not Much Hobbit."

Submission + - Parisian company uses Arduino to let anyone control its Christmas tree (dailydot.com)

Submitted by Molly McHugh
Molly McHugh writes: Reputation Squad is a digital agency and creative lab that experiments with emerging technologies like Google Glass and virtual reality. While playing with an Arduino-based light-notification system for webpage errors, the team realized they could use the same Arduino technology to create an interactive light-up Christmas tree.

Submission + - How Target's Mobile App Uses Indoor Location Tech (xconomy.com)

Submitted by Anonymous Coward
An anonymous reader writes: Big-box retailers are figuring out how to use mobile apps to drive in-store sales, but they’re also concerned about privacy. To see how they’re doing, Xconomy took Target’s app for a spin on one of the busiest shopping days of the year. The app uses indoor location-mapping technology from a startup called Point Inside. The verdict? The app saved a few minutes in locating items around the store, but it would work better if it knew where shoppers (and the items on their lists) are at any time. With Apple’s iBeacons set to roll out more widely, retail privacy will be a hot issue in 2015.
Movies

"Star Trek 3" To Be Helmed By "Fast & Furious" Franchise Director Justin Lin 332

Posted by timothy from the just-this-guy-you-know dept.
Dave Knott writes Although J.J. Abrams directed the first two films in the popular revamped Star Trek series, his new job masterminding the Star Wars sequels had left Star Trek 3 as one of the most prestigious unfilled directing assignments in Hollywood. No longer. It is now known that Justin Lin will direct the third Star Trek film. Lin is best known for revitalizing the long-running Fast & Furious series, helming the third through sixth films in that franchise. Several top-flight directors were under consideration for Star Trek 3, but Lin was the only one actually offered the job, following the postponement of the Bourne Legacy sequel that he had previously been set to direct.
Networking

Hotel Group Asks FCC For Permission To Block Some Outside Wi-Fi 293

Posted by timothy from the just-baby-steps dept.
alphadogg writes The FCC will soon decide whether to lay down rules regarding hotels' ability to block personal Wi-Fi hotspots inside their buildings, a practice that recently earned Marriott International a $600,000 fine. Back in August, Marriott, business partner Ryman Hospitality Properties and trade group the American Hotel and Lodging Association asked the FCC to clarify when hotels can block outside Wi-Fi hotspots in order to protect their internal Wi-Fi services. From elsewhere in the article: During the comment period, several groups called for the agency to deny the hotel group’s petition. The FCC made clear in October that blocking outside Wi-Fi hotspots is illegal, Google’s lawyers wrote in a comment. “While Google recognizes the importance of leaving operators flexibility to manage their own networks, this does not include intentionally blocking access to other commission-authorized networks, particularly where the purpose or effect of that interference is to drive traffic to the interfering operator’s own network,” they wrote.

Feed Google News Sci Tech: Google motion denied in lawsuit against Mississippi attorney general - San Jose (google.com)

From feed by feedfeeder

Jackson Clarion Ledger
Google motion denied in lawsuit against Mississippi attorney general
San Jose Mercury News
JACKSON, Miss. -- A federal judge has denied Google's motion to block enforcement of a subpoena issued by Mississippi Attorney General Jim Hood that seeks information from Google about parts of its operations, including information about advertising for...
Blind justice: Google lawsuit silences elected state prosecutorThe Register
Judge calls a time-out in fight between Google and Mississippi attorney generalWashington Post (blog)
Judge Tries to Calm Dispute Between Google, Mississippi OfficialWall Street Journal (blog)
HottyToddy.com
all 35 news articles

Submission + - The Death of Voice Mail 1

Submitted by HughPickens.com
HughPickens.com writes: Duane D. Stanford writes at Bloomberg that Coca-Cola's Atlanta Headquarters is the latest big campany to ditch its old-style voice mail, which requires users to push buttons to scroll through messages and listen to them one at a time. The change went into effect this month, and a standard outgoing message now throws up an electronic stiff arm, telling callers to try later or use “an alternative method” to contact the person. Techies have predicted the death of voice mail for years as smartphones co-opt much of the office work once performed by telephones and desktop computers. Younger employees who came of age texting while largely ignoring voice mail are bringing that habit into the workforce. “People north of 40 are schizophrenic about voice mail,” says Michael Schrage. “People under 35 scarcely ever use it.” Companies are increasingly combining telephone, e-mail, text and video systems into unified Internet-based systems that eliminate overlap. “Many people in many corporations simply don’t have the time or desire to spend 25 minutes plowing through a stack of 15 to 25 voice mails at the end or beginning of the day,” says Schrage, In 2012, Vonage reported its year-over-year voicemail volumes dropped 8%. More revealing, the number of people bothering to retrieve those messages plummeted 14%. More and more personal and corporate voicemail boxes now warn callers that their messages are rarely retrieved and that they’re better off sending emails or texts. "The truly productive have effectively abandoned voicemail, preferring to visually track who’s called them on their mobiles," concludes Schrage. "A communications medium that was once essential has become as clunky and irrelevant as Microsoft DOS and carbon paper."
OS X

Apple Pushes First Automated OS X Security Update 115

Posted by timothy from the little-cat-feet dept.
PC Magazine reports (as does Ars Technica) that Apple this week has pushed its first automated security update, to address critical flaws relating to Network Time Protocol: The flaws were revealed last week by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute—the latter of which identified a number of potentially affected vendors, including FreeBSD Project, NTP Project, OmniTI, and Watchguard Technologies, Inc. A number of versions of the NTP Project "allow attackers to overflow several buffers in a way that may allow malicious code to be executed," the Carnegie Mellon/DHS security bulletin said. ... The company's typical security patches come through Apple's regular software update system, and often require users to move through a series of steps before installing. This week's update, however, marks Cupertino's first implementation of its automated system, despite having introduced the function two years ago, Reuters said.

Submission + - Hotel group asks FCC for permission to block some outside Wi-Fi

Submitted by alphadogg
alphadogg writes: The FCC will soon decide whether to lay down rules regarding hotels’ ability to block personal Wi-Fi hotspots inside their buildings, a practice that recently earned Marriott International a $600,000 fine. Back in August, Marriott, business partner Ryman Hospitality Properties and trade group the American Hotel and Lodging Association asked the FCC to clarify when hotels can block outside Wi-Fi hotspots in order to protect their internal Wi-Fi services.
United Kingdom

BT, Sky, and Virgin Enforce UK Porn Blocks By Hijacking Browsers 294

Posted by timothy from the big-enough-to-give-you-what-you-want dept.
An anonymous reader writes with this story at Ars Technica, excerpting: BT, Sky, and Virgin Media are hijacking people's web connections to force customers to make a decision about family-friendly web filters. The move comes as the December deadline imposed by prime minister David Cameron looms, with ISPs struggling to get customers to say yes or no to the controversial adult content blocks. The messages, which vary by ISP, appear during browser sessions when a user tries to access any website. BT, Sky,TalkTalk and Virgin Media are required to ask all their customers if they want web filters turned on or off, with the government saying it wants to create a "family friendly" Internet free from pornography, gambling, extreme violence and other content inappropriate for children. But the measures being taken by ISPs have been described as "completely unnecessary" and "heavy handed" by Internet rights groups. The hijacking works by intercepting requests for unencrypted websites and rerouting a user to a different page. ISPs are using the technique to communicate with all undecided customers. Attempting to visit WIRED.co.uk, for example, could result in a user being redirected to a page asking them about web filtering. ISPs cannot intercept requests for encrypted websites in the same way.

Feed Google News Sci Tech: Apple Pushes First Automated Security Update for Mac - PC Magazine (google.com)

From feed by feedfeeder

IBNLive
Apple Pushes First Automated Security Update for Mac
PC Magazine
Mac users this week received Apple's first automated security update, which was released to defend against newly identified bugs that could allow hackers remote access. According to Reuters, the tech giant launched the updated on Monday to fix "critical...
Apple automatically patches Macs to fix severe NTP security flawArs Technica
Apple issues automated Mac update to fix critical bugsUSA TODAY
Apple updates Macs for first time without asking -- to foil hackersCNET
TechSpot-TechCrunch-CNNMoney
all 130 news articles

Submission + - Apple automatically patches Macs to fix severe NTP security flaw (arstechnica.com) 1

Submitted by mpicpp
mpicpp writes: It's the first time OS X's auto-patcher has been used.

Most OS X security updates are issued alongside other fixes via the Software Update mechanism, and these require some kind of user interaction to install—you've either got to approve them manually or tell your Mac to install them automatically. Apple does have the ability to quietly and automatically patch systems if it needs to, however, and it has exercised that ability for the first time to patch a critical flaw in the Network Time Protocol (NTP) used to keep the system clock in sync.

This security hole became public knowledge late last week. When exploited, the NTP flaw can cause buffer overflows that allow remote attackers to execute code on your system. If you allow your system to "install system data files and security updates" automatically (checked by default), you've probably already gotten the update and seen the notification above. If not, Mountain Lion, Mavericks, and Yosemite users should use Software Update to download and install the update as soon as possible. The flaw may exist in Lion, Snow Leopard, and older OS X versions, but they're old enough that Apple isn't providing security updates for them anymore.

While this was the first time this particular auto-update function has been used, Apple also automatically updates a small database of malware definitions on all Macs that keeps users from installing known-bad software. That feature, dubbed "XProtect," was introduced in Snow Leopard in response to the Mac Defender malware and has since expanded to include several dozen items

Slashdot Top Deals

Say "twenty-three-skiddoo" to logout.

Close