Forgot your password?
typodupeerror
Bug

OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes 2

Posted by timothy
from the if-you-could-turn-back-time dept.
operator_error notes a report that ownCloud developer Lukas Reschke has emailed the Ubuntu Devel mailing list to request that ownCloud (server) be removed from the Ubuntu repositories because it contains "multiple critical security bugs for which no fixes have been backported," through which an attacker could "gain complete control [of] the web server process." From the article: However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2). Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical. You can follow the discussion @ Ubuntu Devel mailing list. So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service."
Microsoft

Microsoft Now Makes Money From Surface Line, Q1 Sales Reach Almost $1 Billion 40

Posted by timothy
from the but-that's-just-on-the-surface dept.
SmartAboutThings writes Microsoft has recently published its Q1 fiscal 2015 earnings report, disclosing that it has made $4.5 billion in net income on $23.20 billion in revenue. According to the report, revenue has increased by $4.67 billion, compared to $18.53 billion from the same period last year. However, net income has decreased 14 percent compared to last year's $5.24 billion mainly because of the $1.14 billion cost associated with the integration and restructuring expenses related to the Nokia acquisition.

But what's finally good news for the company is that the Surface gross margin was positive this quarter, which means the company finally starts making money on Surface sales. Microsoft didn't yet reveal Surface sales, but we know that Surface revenue was $908 million this quarter, up a massive 127 percent from the $400 million this time last year. However, if we assume that the average spent amount on the purchase of this year's Surface Pro 3 was around $1000, then we have less than 1 million units sold, which isn't that impressive, but it's a good start.
Canada

Days After Shooting, Canada Proposes New Restrictions On and Offline 134

Posted by timothy
from the absolute-security dept.
New submitter o_ferguson writes As Slashdot reported earlier this week, a lone shooter attacked the war memorial and parliament buildings in Ottawa, Canada on Wednesday. As many comments predicted, the national government has seized this as an opportunity to roll out considerable new regressive legislation, including measures designed to* increase data access for domestic intelligence services, institute a new form of extra-judicial detention, and, perhaps most troubling, criminalize some forms of religious and political speech online. As an example of the type of speech that could, in future, be grounds for prosecution, the article mentions that the killer's website featured "a black ISIS flag and rejoiced that 'disbelievers' will be consigned to the fires of Hell for eternity." A government MP offers the scant assurance that this legislation is not "trauma tainted," as it was drafted well prior to this week's instigating incidents. Needless to say, some internet observes remain, as always, highly skeptical of the manner in which events are being portrayed. (Please note that some articles may be partially paywalled unless opened in a private/incognito browser window.)

Google News Sci Tech: UPDATE 1-Google's Pichai to oversee major products and services - Reuters->

From feed by feedfeeder

Business Insider

UPDATE 1-Google's Pichai to oversee major products and services
Reuters
(Adds confirmation of promotion by Google spokesman). By Alexei Oreskovic. SAN FRANCISCO Oct 24 (Reuters) - Google Inc Chief Executive Officer Larry Page has put Sundar Pichai, one of his key lieutenants, in charge of the Internet company's products.
Google giving more control to Android, Chrome chief Sundar PichaiZDNet
Google makes a strategic move, crowns Sundar Pichai as head of product at ... PCWorld (blog)
Google CEO Larry Page appoints Sundar Pichai to lead nearly every product at ... VentureBeat
Android Police-SlashGear-PhoneDog
all 22 news articles

Link to Original Source

+ - Days after shooting, Canada proposes new restrictions on and offline.->

Submitted by o_ferguson
o_ferguson (836655) writes "As Slashdot reported earlier this week, a lone shooter attacked the war memorial and parliament buildings in Ottawa, Canada on Wednesday.

As many comments predicted, the national government has seized this as an opportunity to roll out considerable new regressive legislation, including measures designed to* increase data access for domestic intelligence services, institute a new form of extra-judicial detention, and, perhaps most troubling, criminalize some forms of religious and political speech online. As an example of the type of speech that could, in future, be grounds for prosecution, the article mentions that the killer's website featured "a black ISIS flag and rejoiced that 'disbelievers' will be consigned to the fires of Hell for eternity."

A government MP offers the scant assurance that this legislation is not “trauma tainted," as it was drafted well prior to this week's instigating incidents. Needless to say, some internet observes remain, as always, highly skeptical of the manner in which events are being portrayed.

*Please note that some articles may be partially paywalled unless opened in a private/incognito browser window. "

Link to Original Source
AT&T

AT&T Locks Apple SIM Cards On New iPads 67

Posted by timothy
from the well-that's-not-cricket dept.
As reported by MacRumors, the unlocked, carrier-switchable SIM cards built into the newest iPads aren't necessarily so -- at least if you buy them from an AT&T store. Though the card comes from Apple with the ability to support (and be switched among with software, if a change is necessary) all major carriers, "AT&T is not supporting this interchangeability and is locking the SIM included with cellular models of the iPad Air 2 and Retina iPad mini 3 after it is used with an AT&T plan. ... AT&T appears to be the only participating carrier that is locking the Apple SIM to its network. T-Mobile's John Legere has indicated that T-Mobile's process does not lock a customer in to T-Mobile, which appears to be confirmed by Apple's support document, and Sprint's process also seems to leave the Apple SIM unlocked and able to be used with other carrier plans. Verizon, the fourth major carrier in the United States, did not opt to allow the Apple SIM to work with its network." The iPad itself can still be activated and used on other networks, but only after the installation of a new SIM.

Comment: I hope they have plenty of kiosks ... (Score 1) 614

by timothy (#48225791) Attached to: Automation Coming To Restaurants, But Not Because of Minimum Wage Hikes

My dad does not always seem to grasp the concept of fast food, at least not the part of the process that takes place at ordering time. He arrives at the front of the line as if to a new planet, one filled with wonder, and choices beyond numbering. He looks at the menu as if for the first time, asks many questions, then retracts orders, revises with new ones, makes requests about customizing each thing ordered, then tacks on more items or changes. At a kiosk? Endless new joys, and menus to explore menus!

What I'd like to see is a FIFO system where people who are behind, say, my dad, can order with an app on their own phone or tablet, and if their order is ready, it starts getting made.

+ - Are New Domain Names Leading to Confusion for .com and .net?->

Submitted by darthcamaro
darthcamaro (735685) writes "A year ago, there were only 22 Top Level Domain Names, with .com and .net being the most commonly deployed. Now there are hundreds of new names and according to VeriSign (the people that manage .com and .net), it's leading to confusion.
Are you confused by new .xyz / .guru .anything domains?"

Link to Original Source

+ - OwnCloud Developer requests removal from Ubuntu repos: multiple vulnerabilities->

Submitted by operator_error
operator_error (1363139) writes "ownCloud developer Lukas Reschke has sent an email to the Ubuntu Devel mailing list, requesting that ownCloud (server) is removed from the Ubuntu repositories because the package is old and there are multiple critical security bugs for which no fixes have been backported. He adds that:

        "Those security bugs allows an unauthenticated attacker to gain complete control about the web server process".

However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2).

Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical.

You can follow the discussion @ Ubuntu Devel mailing list.

So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service"

Link to Original Source

Google News Sci Tech: Google exec sets records with leap from near-space - seattlepi.com->

From feed by feedfeeder

New York Times

Google exec sets records with leap from near-space
seattlepi.com
ROSWELL, N.M. (AP) — A Google executive has broken the sound barrier and set several skydiving records over the southern New Mexico desert after taking a leap from the edge of space. Alan Eustace's supersonic jump early Friday from a high-altitude,...
Google exec broke sound barrier, world record with 25.7-mile fallSilicon Valley Business Journal
Alan Eustace Jumps From Stratosphere, Breaking Felix Baumgartner's World ... New York Times
A Google Exec Just Beat The World Record For Highest-Altitude Jump From The ... Business Insider
9news.com.au
all 16 news articles

Link to Original Source
Build

A Low Cost, Open Source Geiger Counter (Video) 35

Posted by Roblimo
from the be-sure-to-take-one-of-these-on-your-next-trip-to-chernobyl dept.
Sawaiz Syed's LinkedIn page says he's a "Hardware Developer at GSU [Georgia State University], Department of Physics." That's a great workplace for someone who designs low cost radiation detectors that can be air-dropped into an area where there has been a nuclear accident (or a nuclear attack; or a nuclear terrorist act) and read remotely by a flying drone or a robot ground vehicle. This isn't Sawaiz's only project; it's just the one Timothy asked him about most at the recent Maker Faire Atlanta. (Alternate Video Link)

+ - Passwords: too much and not enough->

Submitted by Anonymous Coward
An anonymous reader writes "Sophos security has a blog post up saying "attempts to get users to choose passwords that will resist offline guessing, e.g., by composition policies, advice and strength meters, must largely be judged failures." They say a password must withstand 1,000,000 guesses to survive an online attack but 100,000,000,000,000 to have any hope against an offline one. "Not only is the difference between those two numbers mind-bogglingly large, there is no middle ground." "Passwords falling between the two thresholds offer no improvement in real-world security, they're just harder to remember." System administrators "should stop worrying about getting users to create strong passwords and should focus instead on properly securing password databases and detecting leaks when they happen.""
Link to Original Source

+ - The man with the golden blood->

Submitted by Torontoman
Torontoman (829262) writes "http://mosaicscience.com/story...

His doctor drove him over the border. It was quicker that way: if the man donated in Switzerland, his blood would be delayed while paperwork was filled out and authorisations sought.

The nurse in Annemasse, France, could tell from the label on the blood bag destined for Paris that this blood was pretty unusual. But when she read the details closely, her eyes widened. Surely it was impossible for this man seated beside her to be alive, let alone apparently healthy?

Thomas smiled to himself. Very few people in the world knew his blood type did – could – exist. And even fewer shared it. In 50 years, researchers have turned up only 40 or so other people on the planet with the same precious, life-saving blood in their veins."

Link to Original Source

+ - Researcher Finds Tor Exit Node Adding Malware to Downloads

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services.

Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack. Downloading any kind of file from the Internet is a dodgy proposition these days, and many users know that if they’re downloading files from some random torrent site in Syria or The Marshall Islands, they are rolling the dice. Malware runs rampant on these kinds of sites.

But the scenario that worries security experts much more involves an attacker being able to control the download mechanism for security updates, say for Windows or OS X. If an attacker can insert malware into this channel, he could cause serious damage to a broad population of users, as those update channels are trusted implicitly by the users’ and their machines. Legitimate software vendors typically will sign their binaries and modified ones will cause verification errors. What Pitts found during his research is that an attacker with a MITM position can actively patch binaries–if not security updates–with his own code.

In terms of defending against the sort of attack, Pitts suggested that encrypted download channels are the best option, both for users and site operators.

“SSL/TLSis the only way to prevent this from happening. End-users may want to consider installing HTTPS Everywhere or similar plugins for their browser to help ensure their traffic is always encrypted,” he said via email."

+ - Peter Kuran:Visual Effects Artist and Atomic Bomb Archivist->

Submitted by Lasrick
Lasrick (2629253) writes "Great interview with Peter Kuran, an animator of the original Star Wars and legendary visual effects artist. If you saw the recent remake of Godzilla, you saw stock footage from Atom Central, known on YouTube as “the atomic bomb channel.” Atom Central is the brainchild of Kuran, who among his many talents is an expert on archival films of the atmospheric testing era of 1945 to 1963. Combining his film restoration and photography expertise with his interest in nuclear history, he has also produced and directed five documentaries. He is currently working with Lawrence Livermore and Los Alamos National Laboratories to preserve and catalog images from the bomb-testing era, and to produce a technical handbook that will help people understand these images and the techniques used to create them. Awesome slideshow accompanies the article"
Link to Original Source

Nothing is more admirable than the fortitude with which millionaires tolerate the disadvantages of their wealth. -- Nero Wolfe

Working...