handsomepete - Slashdot User

OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes 126

Posted by timothy on Friday October 24, 2014 @11:14PM from the if-you-could-turn-back-time dept.

operator_error notes a report that ownCloud developer Lukas Reschke has emailed the Ubuntu Devel mailing list to request that ownCloud (server) be removed from the Ubuntu repositories because it contains "multiple critical security bugs for which no fixes have been backported," through which an attacker could "gain complete control [of] the web server process." From the article: However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2). Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical. You can follow the discussion @ Ubuntu Devel mailing list. So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service."

Submission + - openSUSE Factory to merge with Tumbleweed (linuxveda.com)

Submitted by sfcrazy on Friday October 24, 2014 @10:52PM

sfcrazy writes: The two projects will merge to become a single release. The release will follow the development cycle of Factory but take the more appealing name ‘Tumbleweed’. Though Factory won’t disappear; it will remain the name of the development process where openSUSE’s new developments are integrated. It will become a ‘development project’ for creating the ‘user-ready’ Tumbleweed.

Submission + - Profits! Profits! Profits! Ballmer Says Amazon Isn't a Real Business

Submitted by theodp on Friday October 24, 2014 @10:48PM

theodp writes: According to Steve Ballmer, Amazon.com is not a real business. “They make no money,” Ballmer said on the Charlie Rose Show. “In my world, you’re not a real business until you make some money. I have a hard time with businesses that don’t make money at some point.” Ballmer’s comments come as Amazon posted a $437 million loss for the third quarter, disappointing Wall Street. "If you are worth $150 billion," Ballmer added, "eventually somebody thinks you’re going to make $15 billion pre-tax. They make about zero, and there’s a big gap between zero and 15." Fired-up as ever, LA Clippers owner Ballmer's diss comes after fellow NBA owner Mark Cuban similarly slammed IBM, saying Big Blue is no longer a tech company (Robert X. Cringely seems to concur). "Today, they [IBM] specialize in financial engineering," Cuban told CNBC after IBM posted another disappointing quarter. "They're no longer a tech company, they are an amalgamation of different companies that they are trying to arb[itrage] on Wall Street, and I'm not a fan of that at all."

Submission + - Paranautical Activity Dev Apologizes for Valve Death Threat. (softpedia.com)

Submitted by DemonOnIce on Friday October 24, 2014 @10:26PM

DemonOnIce writes: Softpedia reported that Mike Maulbeck, one of the developers working at Code Avarice,the independent studio behind Paranautical Activity, has publicly apologized for issuing a death threat to Valve founder Gabe Newell and confirms that he's no longer associated with the team or the game.

Steam is the biggest digital distribution platform available across PC, Mac, and Linux, offering tens of millions of owners access to all sorts of games, such as the recent Paranautical Activity, which was made by startup studio Code Avarice.

Unfortunately, the game was at the center of a massive controversy, as after exiting the Steam Early Access section and becoming fully available on the storefront, Valve mistakenly listed it as still being in Early Access.

This sent one of its designers, Mike Maulbeck, into a Twitter tirade, which ended with a death threat to Valve boss Gabe Newell.

The game was promptly taken off of the Steam storefront, with Valve issuing a statement saying that it doesn't take threats to its employees lightly.

Now, Maulbeck is apologizing for his actions on the Code Avarice blog, and confirms that, while the threat wasn't serious, it was still unwarranted and Valve hasn't made a mistake by delisting the game.

Microsoft Now Makes Money From Surface Line, Q1 Sales Reach Almost $1 Billion 117

Posted by timothy on Friday October 24, 2014 @08:07PM from the but-that's-just-on-the-surface dept.

SmartAboutThings writes Microsoft has recently published its Q1 fiscal 2015 earnings report, disclosing that it has made $4.5 billion in net income on $23.20 billion in revenue. According to the report, revenue has increased by $4.67 billion, compared to $18.53 billion from the same period last year. However, net income has decreased 14 percent compared to last year's $5.24 billion mainly because of the $1.14 billion cost associated with the integration and restructuring expenses related to the Nokia acquisition.

But what's finally good news for the company is that the Surface gross margin was positive this quarter, which means the company finally starts making money on Surface sales. Microsoft didn't yet reveal Surface sales, but we know that Surface revenue was $908 million this quarter, up a massive 127 percent from the $400 million this time last year. However, if we assume that the average spent amount on the purchase of this year's Surface Pro 3 was around $1000, then we have less than 1 million units sold, which isn't that impressive, but it's a good start.

Days After Shooting, Canada Proposes New Restrictions On and Offline 308

Posted by timothy on Friday October 24, 2014 @07:22PM from the absolute-security dept.

New submitter o_ferguson writes As Slashdot reported earlier this week, a lone shooter attacked the war memorial and parliament buildings in Ottawa, Canada on Wednesday. As many comments predicted, the national government has seized this as an opportunity to roll out considerable new regressive legislation, including measures designed to* increase data access for domestic intelligence services, institute a new form of extra-judicial detention, and, perhaps most troubling, criminalize some forms of religious and political speech online. As an example of the type of speech that could, in future, be grounds for prosecution, the article mentions that the killer's website featured "a black ISIS flag and rejoiced that 'disbelievers' will be consigned to the fires of Hell for eternity." A government MP offers the scant assurance that this legislation is not "trauma tainted," as it was drafted well prior to this week's instigating incidents. Needless to say, some internet observes remain, as always, highly skeptical of the manner in which events are being portrayed. (Please note that some articles may be partially paywalled unless opened in a private/incognito browser window.)

Feed Google News Sci Tech: UPDATE 1-Google's Pichai to oversee major products and services - Reuters (google.com)

From feed by feedfeeder on Friday October 24, 2014 @07:12PM

Business Insider

UPDATE 1-Google's Pichai to oversee major products and services
Reuters
(Adds confirmation of promotion by Google spokesman). By Alexei Oreskovic. SAN FRANCISCO Oct 24 (Reuters) - Google Inc Chief Executive Officer Larry Page has put Sundar Pichai, one of his key lieutenants, in charge of the Internet company's products.
Google giving more control to Android, Chrome chief Sundar PichaiZDNet
Google makes a strategic move, crowns Sundar Pichai as head of product at ... PCWorld (blog)
Google CEO Larry Page appoints Sundar Pichai to lead nearly every product at ... VentureBeat
Android Police-SlashGear-PhoneDog
all 22 news articles

Submission + - Days after shooting, Canada proposes new restrictions on and offline. (nationalpost.com)

Submitted by o_ferguson on Friday October 24, 2014 @07:00PM

o_ferguson writes: As Slashdot reported earlier this week, a lone shooter attacked the war memorial and parliament buildings in Ottawa, Canada on Wednesday.

As many comments predicted, the national government has seized this as an opportunity to roll out considerable new regressive legislation, including measures designed to* increase data access for domestic intelligence services, institute a new form of extra-judicial detention, and, perhaps most troubling, criminalize some forms of religious and political speech online. As an example of the type of speech that could, in future, be grounds for prosecution, the article mentions that the killer's website featured "a black ISIS flag and rejoiced that 'disbelievers' will be consigned to the fires of Hell for eternity."

A government MP offers the scant assurance that this legislation is not “trauma tainted," as it was drafted well prior to this week's instigating incidents. Needless to say, some internet observes remain, as always, highly skeptical of the manner in which events are being portrayed.

*Please note that some articles may be partially paywalled unless opened in a private/incognito browser window.

AT&T Locks Apple SIM Cards On New iPads 112

Posted by timothy on Friday October 24, 2014 @06:47PM from the well-that's-not-cricket dept.

As reported by MacRumors, the unlocked, carrier-switchable SIM cards built into the newest iPads aren't necessarily so -- at least if you buy them from an AT&T store. Though the card comes from Apple with the ability to support (and be switched among with software, if a change is necessary) all major carriers, "AT&T is not supporting this interchangeability and is locking the SIM included with cellular models of the iPad Air 2 and Retina iPad mini 3 after it is used with an AT&T plan. ... AT&T appears to be the only participating carrier that is locking the Apple SIM to its network. T-Mobile's John Legere has indicated that T-Mobile's process does not lock a customer in to T-Mobile, which appears to be confirmed by Apple's support document, and Sprint's process also seems to leave the Apple SIM unlocked and able to be used with other carrier plans. Verizon, the fourth major carrier in the United States, did not opt to allow the Apple SIM to work with its network." The iPad itself can still be activated and used on other networks, but only after the installation of a new SIM.

Comment I hope they have plenty of kiosks ... (Score 1) 720

by timothy on Friday October 24, 2014 @06:23PM (#48225791) Attached to: Automation Coming To Restaurants, But Not Because of Minimum Wage Hikes

My dad does not always seem to grasp the concept of fast food, at least not the part of the process that takes place at ordering time. He arrives at the front of the line as if to a new planet, one filled with wonder, and choices beyond numbering. He looks at the menu as if for the first time, asks many questions, then retracts orders, revises with new ones, makes requests about customizing each thing ordered, then tacks on more items or changes. At a kiosk? Endless new joys, and menus to explore menus!

What I'd like to see is a FIFO system where people who are behind, say, my dad, can order with an app on their own phone or tablet, and if their order is ready, it starts getting made.

Submission + - Are New Domain Names Leading to Confusion for .com and .net? (datamation.com)

Submitted by darthcamaro on Friday October 24, 2014 @05:17PM

darthcamaro writes: A year ago, there were only 22 Top Level Domain Names, with .com and .net being the most commonly deployed. Now there are hundreds of new names and according to VeriSign (the people that manage .com and .net), it's leading to confusion.
Are you confused by new .xyz / .guru .anything domains?

Submission + - OwnCloud Developer requests removal from Ubuntu repos: multiple vulnerabilities (webupd8.org)

Submitted by operator_error on Friday October 24, 2014 @04:29PM

operator_error writes: ownCloud developer Lukas Reschke has sent an email to the Ubuntu Devel mailing list, requesting that ownCloud (server) is removed from the Ubuntu repositories because the package is old and there are multiple critical security bugs for which no fixes have been backported. He adds that:

"Those security bugs allows an unauthenticated attacker to gain complete control about the web server process".

However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2).

Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical.

You can follow the discussion @ Ubuntu Devel mailing list.

So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service

Feed Google News Sci Tech: Google exec sets records with leap from near-space - seattlepi.com (google.com)

From feed by feedfeeder on Friday October 24, 2014 @04:12PM

New York Times

Google exec sets records with leap from near-space
seattlepi.com
ROSWELL, N.M. (AP) — A Google executive has broken the sound barrier and set several skydiving records over the southern New Mexico desert after taking a leap from the edge of space. Alan Eustace's supersonic jump early Friday from a high-altitude,...
Google exec broke sound barrier, world record with 25.7-mile fallSilicon Valley Business Journal
Alan Eustace Jumps From Stratosphere, Breaking Felix Baumgartner's World ... New York Times
A Google Exec Just Beat The World Record For Highest-Altitude Jump From The ... Business Insider
9news.com.au
all 16 news articles

Submission + - Passwords: too much and not enough (sophos.com)

Submitted by Anonymous Coward on Friday October 24, 2014 @02:32PM

An anonymous reader writes: Sophos security has a blog post up saying "attempts to get users to choose passwords that will resist offline guessing, e.g., by composition policies, advice and strength meters, must largely be judged failures." They say a password must withstand 1,000,000 guesses to survive an online attack but 100,000,000,000,000 to have any hope against an offline one. "Not only is the difference between those two numbers mind-bogglingly large, there is no middle ground." "Passwords falling between the two thresholds offer no improvement in real-world security, they're just harder to remember." System administrators "should stop worrying about getting users to create strong passwords and should focus instead on properly securing password databases and detecting leaks when they happen."

Submission + - The man with the golden blood (mosaicscience.com)

Submitted by Torontoman on Friday October 24, 2014 @01:48PM

Torontoman writes: http://mosaicscience.com/story...

His doctor drove him over the border. It was quicker that way: if the man donated in Switzerland, his blood would be delayed while paperwork was filled out and authorisations sought.

The nurse in Annemasse, France, could tell from the label on the blood bag destined for Paris that this blood was pretty unusual. But when she read the details closely, her eyes widened. Surely it was impossible for this man seated beside her to be alive, let alone apparently healthy?

Thomas smiled to himself. Very few people in the world knew his blood type did – could – exist. And even fewer shared it. In 50 years, researchers have turned up only 40 or so other people on the planet with the same precious, life-saving blood in their veins.

Slashdot Top Deals