Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

Why Screen Lockers On X11 Cannot Be Secure 354

Posted by Soulskill
from the targeted-for-improvement dept.
jones_supa writes: One thing we all remember from Windows NT is the security feature requiring the user to press CTRL-ALT-DEL to unlock the workstation (this can still be enabled with a policy setting). The motivation was to make it impossible for other programs to mimic a lock screen, as they couldn't react to the special key combination. Martin Gräßlin from the KDE team takes a look at the lock screen security on X11. On a protocol level, X11 doesn't know anything of screen lockers. Also the X server doesn't know that the screen is locked as it doesn't understand the concept. This means the screen locker can only use the core functionality available to emulate screen locking. That in turn also means that any other client can do the same and prevent the screen locker from working (for example opening a context menu on any window prevents the screen locker from activating). That's quite a bummer: any process connected to the X server can block the screen locker, and even more it could fake your screen locker.
ch

Davos 2015: Less Innovation, More Regulation, More Unrest. Run Away! 333

Posted by Soulskill
from the can't-we-all-just-get-along dept.
Freshly Exhumed writes: Growing income inequality was one of the top four issues at the 2015 World Economic Forum meeting in Davos, Switzerland, ranking alongside European adoption of quantitative easing and geopolitical concerns. Felix Salmon, senior editor at Fusion, said there was a consensus that global inequality is getting worse, fueling overriding pessimism at the gathering. The result, he said, could be that the next big revolution will be in regulation rather than innovation. With growing inequality and the civil unrest from Ferguson and the Occupy protests fresh in people's mind, the world's super rich are already preparing for the consequences. At a packed session, former hedge fund director Robert Johnson revealed that worried hedge fund managers were already planning their escapes. "I know hedge fund managers all over the world who are buying airstrips and farms in places like New Zealand because they think they need a getaway," he said. Looking at studies like NASA's HANDY and by KPMG, the UK Government Office of Science, and others, Dr Nafeez Ahmed, executive director of the Institute for Policy Research & Development, warns that the convergence of food, water and energy crises could create a "perfect storm" within about fifteen years.
Security

Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid? 467

Posted by Soulskill
from the what-would-you-put-on-your-grandma's-computer dept.
CryoKeen writes: I got a new laptop recently after trading in my old laptop for store credit. While I was waiting to check out, the sales guy just handed me some random antivirus software (Trend Micro) that was included with the purchase. I don't think he or I realized at the time that the CD/DVD he gave me would not work because my new laptop does not have a CD/DVD player.

Anyway, it got me wondering whether I should use it or not. Would I be better off downloading something like Avast or Malwarebytes? Is there one piece of antivirus software that's significantly better than the others? Are any of the paid options worthwhile, or should I just stick to the free versions? What security software would you recommend in addition to anti-virus?
Transportation

Fake Engine Noise Is the Auto Industry's Dirty Little Secret 809

Posted by timothy
from the mazda-puts-it-right-up-front dept.
HughPickens.com writes Stomp on the gas in a new Ford Mustang or F-150 and you'll hear a meaty, throaty rumble — the same style of roar that Americans have associated with auto power and performance for decades. Now Drew Harwell reports at the Washington Post that the auto industry's dirty little secret is that the engine growl in some of America's best-selling cars and trucks is actually a finely tuned bit of lip-syncing, boosted through special pipes or digitally faked altogether. "Fake engine noise has become one of the auto industry's dirty little secrets, with automakers from BMW to Volkswagen turning to a sound-boosting bag of tricks," writes Harwell. "Without them, today's more fuel-efficient engines would sound far quieter and, automakers worry, seemingly less powerful, potentially pushing buyers away." For example Ford sound engineers and developers worked on an "Active Noise Control" system on the 2015 Mustang EcoBoost that amplifies the engine's purr through the car speakers. Afterward, the automaker surveyed members of Mustang fan clubs on which processed "sound concepts" they most enjoyed.

Among purists, the trickery has inspired an identity crisis and cut to the heart of American auto legend. The "aural experience" of a car, they argue, is an intangible that's just as priceless as what's revving under the hood. "For a car guy, it's literally music to hear that thing rumble," says Mike Rhynard, "It's a mind-trick. It's something it's not. And no one wants to be deceived." Other drivers ask if it really matters if the sound is fake? A driver who didn't know the difference might enjoy the thrum and thunder of it nonetheless. Is taking the best part of an eight-cylinder rev and cloaking a better engine with it really, for carmakers, so wrong? "It may be a necessary evil in the eyes of Ford," says Andrew Hard, "but it's sad to think that an iconic muscle car like the Mustang, a car famous for its bellowing, guttural soundtrack, has to fake its engine noise in 2015. Welcome to the future."
Censorship

Blogger Who Revealed GOP Leader's KKK Ties Had Home Internet Lines Cut 418

Posted by timothy
from the coud-be-coincidence dept.
blottsie writes Last month, Lamar White, Jr. set off a firestorm in Washington when a post on his personal blog revealed that House Majority Whip Steve Scalise, the third most powerful Republican in the House of Representatives, was a featured speaker at a white nationalist conference put on by former Klu Klux Klan Grand Wizard David Duke. Then someone climbed in his back yard and severed his Internet cables.
Earth

Doomsday Clock Could Move 145

Posted by samzenpus
from the closer-to-midnight dept.
Lasrick writes The ominous minute hand of the 'Doomsday Clock' has been fixed at 5 minutes to midnight for the past three years. But it could move tomorrow. The clock is a visual metaphor that was created nearly 70 years ago by The Bulletin of the Atomic Scientists, whose Board of Governors boasts 18 Nobel laureates. Each year, the Bulletin's Science and Security Board assesses threats to humanity — with special attention to nuclear warheads and climate change — to decide whether the Doomsday Clock needs an adjustment. The event will be streamed live from the Bulletin's website at 11 am EST.
Microsoft

Hands On With Microsoft's Holographic Goggles 171

Posted by samzenpus
from the check-it-out dept.
First time accepted submitter mkukuluk writes Forget Google Glass — Jessi Hempel describes the amazing experience she had with the new Holographic goggles from Microsoft. From the article: "The headset is still a prototype being developed under the codename Project Baraboo, or sometimes just “B.” [inventor Alex] Kipman, with shoulder-length hair and severely cropped bangs, is a nervous inventor, shifting from one red Converse All-Star to the other. Nervous, because he’s been working on this pair of holographic goggles for five years. No, even longer. Seven years, if you go back to the idea he first pitched to Microsoft, which became Kinect. When the motion-sensing Xbox accessory was released, just in time for the 2010 holidays, it became the fastest-selling consumer gaming device of all time. Right from the start, he makes it clear that Baraboo will make Kinect seem minor league."
Google

Tracking Down How Many (Or How Few) People Actively Use Google+ 209

Posted by samzenpus
from the run-the-numbers dept.
BarbaraHudson writes Business Insider is reporting that despite billions of sign-ups, almost nobody is publicly active on Google+. Analytics and visualization blogger Kevin Anderson studied data compiled by Edward Morbius, who says that just 9% of Google+'s 2.2 billion users actively post public content. "We've got a grand spanking total of 24 profiles out of 7,875 whose 2015 post activity isn't YouTube comments but Google+ posts. That a 0.3% rate of all profile pages, going back to our 2.2 billion profiles. No wonder Dave Besbris (Google+ boss) doesn't want to talk about numbers," Morbius writes. For those interested both his methodology and the scripts used can be found here.
Security

Doxing Victim Zoe Quinn Launches Online "Anti-harassment Task Force" 687

Posted by Soulskill
from the life-free-of-swat-teams-and-unordered-pizzas dept.
AmiMoJo writes: On Friday, developer and doxing victim Zoe Quinn launched an online "anti-harassment task force" toolset, staffed by volunteers familiar with such attacks, to assist victims of a recent swell of "doxing" and "swatting" attacks. The Crash Override site, built by Quinn and game developer Alex Lifschitz, offers free services from "experts in information security, white hat hacking, PR, law enforcement, legal, threat monitoring, and counseling" for "victims of online mob harassment."

They have already managed to preemptively warn at least one victim of a swatting attempt in Enumclaw, Washington. As a result, the police department's head e-mailed the entire department to ask any police sent to the address in question to "knock with your hand, not your boot."
Android

Ask Slashdot: Can I Trust Android Rooting Tools? 184

Posted by timothy
from the spider-sense dept.
Qbertino writes After a long period of evaluation and weighing cons and pros I've gotten myself a brand new Android tablet (10" Lenovo Yoga 2, Android Version) destined to be my prime mobile computing device in the future. As any respectable freedom-loving geek/computer-expert I want to root it to be able to install API spoofing libraries and security tools to give me owners power over the machine and prevent services like Google and others spying on me, my files, photos, calendar and contacts. I also want to install an ad-blocking proxy (desperately needed — I forgot how much the normal web sucks!). I've searched for some rooting advice and tools, and so far have only stumbled on shady looking sites that offer various Windows-based rooting kits for android devices.

What's the gist on all this? How much of this stuff is potential malware? What are your experiences? Can I usually trust rooting strategies to be malware-free? Is there a rule-of-thumb for this? Is there perhaps a more generic way for a FOSS/Linux expert who isn't afraid of the CLI to root any Android 4.4 (Kitkat) device? Advice and own experiences, please.
Earth

The Anthropocene Epoch Began With 1945 Atomic Bomb Test, Scientists Say 154

Posted by Soulskill
from the either-that-or-the-day-we-invented-hot-pockets dept.
hypnosec writes: Scientists have proposed July 16, 1945 as the beginning of the Anthropocene Epoch. That was the day of the first nuclear detonation test. They say "the Great Acceleration" — the period when human activities started having a significant impact on Earth – are a good mark of the beginning of the new epoch. Since then, there has been a significant increase in population, environmental upheaval on land and oceans, and global connectivity. The group says in their article (abstract), "The beginning of the nuclear age ... marks the historic turning point when humans first accessed an enormous new energy source – and is also a time level that can be effectively tracked within geological strata, using a variety of geological clues."
Bug

Steam For Linux Bug Wipes Out All of a User's Files 329

Posted by Soulskill
from the big-oops dept.
An anonymous reader sends a report of a bug in Steam's Linux client that will accidentally wipe all of a user's files if they move their Steam folder. According to the bug report: I launched steam. It did not launch, it offered to let me browse, and still could not find it when I pointed to the new location. Steam crashed. I restarted it. It re-installed itself and everything looked great. Until I looked and saw that steam had apparently deleted everything owned by my user recursively from the root directory. Including my 3tb external drive I back everything up to that was mounted under /media. Another user reported a similar problem — losing his home directory — and problems with the script were found: at some point, the Steam script sets $STEAMROOT as the directory containing all Steam's data, then runs rm -rf "$STEAMROOT/"* later on. If Steam has been moved, $STEAMROOT returns as empty, resulting in rm -rf "/"* which causes the unexpected deletion.
Networking

Ask Slashdot: Migrating a Router From Linux To *BSD? 403

Posted by timothy
from the hiring-a-new-traffic-cop dept.
An anonymous reader writes I'm in the camp that doesn't trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I'd run Windows NT, not Linux. So I've decided to migrate my homebrew router/firewall/samba server to one of the BSDs. Question one is: which BSD? Question two: where's some good documentation regarding setting up a home router/firewall on your favorite BSD?
It's fine if the documentation is highly technical, I've written linux kernel drivers before :)
PHP

PHP vs. Node.js: the Battle For Developer Mind Share 245

Posted by Soulskill
from the my-script-is-scriptier-than-your-script dept.
snydeq writes: Simplicity vs. closures, speed of coding vs. raw speed — InfoWorld's Peter Wayner takes a look at how PHP and Node.js stack up against each other. "It's a classic Hollywood plot: the battle between two old friends who went separate ways. Often the friction begins when one pal sparks an interest in what had always been the other pal's unspoken domain. In the programming language version of this movie, it's the introduction of Node.js that turns the buddy flick into a grudge match: PHP and JavaScript, two partners who once ruled the Internet together but now duke it out for the mind share of developers."
United Kingdom

UK Prime Minister Says Gov't Should Be Capable of Reading Any Communications 329

Posted by Soulskill
from the in-the-case-of-security-v-freedom dept.
Dr_Barnowl writes: The BBC reports that UK Prime Minister David Cameron has vowed to introduce a "comprehensive piece of legislation" aimed at there being no "means of communication ... we cannot read," in the aftermath of the Charlie Hebdo attacks in Paris. While he didn't mention encryption specifically, the only logical means by which this could occur would be by the introduction of compulsory key escrow, and the banning of forms of encryption which do not use it. While the UK already essentially has a legal means to demand your encryption keys (and imprison you indefinitely if you don't comply), this would fall short if you have a credible reason for not having the key any more (such as using an OTR plugin for your chosen chat program).

The U.S. tried a similar tack with Clipper in the 90s. As we all know, terrorists with any technical chops are unlikely to be affected, given the vast amount of freely available, military-grade crypto now available, and the use of boring old cold war tradecraft. Ironically, France used to ban the use of strong cryptography but has largely liberalized its regime since 2011.

They laughed at Einstein. They laughed at the Wright Brothers. But they also laughed at Bozo the Clown. -- Carl Sagan

Working...