Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Submission + - Human Exploration of Planets cheaper than sending Robots (arxiv.org)

buchner.johannes writes: Putting humans on Mars will get you more bang for the buck, according to a new analysis by the Director of the UCL/Birkbeck Centre for Planetary Science and Astrobiology. Humans are simply better at complex tasks like drilling, while robots have a difficult time just navigating through the rugged terrain, and can thus cover less ground. Small, autonomous, cheap and very intelligent rovers have thus not become a reality — instead the size (and cost) of robots has steadily increased, contrary to Moore-law-like predictions. The autonomous navigation is a hard problem that is not easily solved technically. The article compares the cost of the Apollo missions and the Mars Science Laboratory in detail to illustrate the comparison of human vs. robotic exploration programs. The original article (PDF) also notes that human space-flight benefits from non-scientific motivations, which can further increase the available budget.

Submission + - Btrfs becomes stable, releases v3.12 1

buchner.johannes writes: Btrfs is the next-gen filesystem for Linux, likely to replace ext3 and ext4 in coming years and filling the space between ZFS and Reiser4. Btrfs offers many compelling new features but development has been a long time coming in the "unstable" status leaving many users unsure whether to entrust their data to. Since August, their web page declares Btrfs as stable. Have you tried it since? What has been your experience with Btrfs? Fedora users probably are already using it on a daily basis.

Submission + - My primary work is

buchner.johannes writes: My primary work is
  [a] developing software for a company
  [b] developing software for a research institute
  [c] research
  [d] management or consulting (not coding)
  [e] I'm unemployed
  [f] something else

Submission + - WebM license made GPL and Apache compatible (blogspot.com)

buchner.johannes writes: Google updated its licensing terms for WebM, which is now a pure BSD license, with a standalone patent grant.

Using patent language borrowed from both the Apache and GPLv3 patent clauses, in this new iteration of the patent clause we've decoupled patents from copyright, thus preserving the pure BSD nature of the copyright license. This means we are no longer creating a new open source copyright license, and the patent grant can exist on its own.

Here is the WebM license FAQ. Time to make a GPLv3 fork?

Submission + - Ethics of producing Non-malicious Malware 2

buchner.johannes writes: I was fed up with the general consent that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help whitehat hackers point out that the system can be turned into a botnet client, by simply downloading BOINC and attaching it to my user account, helping scientific projects. It does not exploit any security holes, but loose security configurations and mindless execution of unverified downloads: I tested it to be injected by a PHP script (even circumventing safemode), so that the web server runs it, hell I even got a proxy server that injects it into shell scripts and Makefiles in tarballs on the fly, and adds onto windows executable for execution in wine (Z: is /). If executed by the user, it can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation).
But now I have a problem: I am unsure of whether it is ethically ok to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, can be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary.
Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?

"The most important thing in a man is not what he knows, but what he is." -- Narciso Yepes