Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Submission + - Reuse of Encryption Keys Plagues Embedded Devices and HTTPS Hosts (

jones_supa writes: Millions of IoT devices and HTTPS websites are vulnerable to private key attacks because of encryption key reuse, says SEC Consult in its most recent study. The company began its survey by analyzing 4,000 IoT devices from 70 different vendors. Their research focused on public keys, private keys, and certificates found inside the firmware. Despite the large number and the diversity of analyzed devices, 580 unique cryptographic keys were found, most being reshared among firmware images, and especially for SSH host keys and X.509 HTTPS certificates. Their second stage analysis showed that 9% of all detected HTTPS hosts on the web shared private keys, in the form of ~150 server certificates, distributed across 3.2 million hosts. They also found that the same issue was present for SSH keys, with 6% of all SSH hosts sharing private keys, in the form of ~80 SSH host keys, distributed across 0.9 million hosts. While previous research into private key reuse existed, SEC Consult puts the blame at a vendor and product level.

Submission + - Turkey Downs Intruding Russian Fighter Near Syria Border

jones_supa writes: Turkish fighter jets shot down a Russian Sukhoi SU-24 fighter near the Syrian border on Tuesday after repeated warnings over airspace violations. Moscow said it could prove the jet had not left Syrian air space. Footage from private Turkish broadcaster Haberturk TV showed the warplane going down in flames in a woodland area. Separate footage from Turkey's Anadolu Agency showed two pilots parachuting out of the jet before it crashed. A Syrian rebel group sent a video to Reuters that appeared to show one of the pilots immobile and badly wounded on the ground and an official from the group said he was dead. This is the first time a NATO member's armed forces have downed a Russian military aircraft since the 1950s. The Guardian is following the developments with live updates.

Comment Laptop stuff (Score 5, Informative) 491

I have many little ideas to improve laptops.

- Allow disabling LEDs or have them all under the lid. I don't want my whole room blinking when the machine is in suspend.
- Do not use eye-scorching low frequencies like 200 Hz for backlight PWM.
- Make Macs with matte screens.
- Put in place dedicated volume keys instead of clunky Fn buttons.
- Have a small maintenance hatch in every machine for easy dust removal from the heatsink.
- Include a trackball so I can play 3D games on couch without an external mouse.

Submission + - Dell Shipping Laptops With Rogue Root CA

jones_supa writes: Reddit user rotorcowboy writes:

"I got a shiny new XPS 15 laptop from Dell, and while attempting to troubleshoot a problem, I discovered that it came pre-loaded with a self-signed root CA by the name of eDellRoot. With it came its private key, marked as non-exportable. However, it is still possible to obtain a raw copy of the private key by using several tools available (I used NCC Group's Jailbreak tool). After briefly discussing this with someone else who had discovered this too, we determined that they are shipping every laptop they distribute with the exact same root certificate and private key, very similar to what Superfish did on Lenovo computers. For those that aren't familiar, this is a major security vulnerability that endangers all recent Dell customers."

Submission + - 20 Years of GIMP (

jones_supa writes: Back in 1995, University of California students Peter Mattis and Kimball Spencer were members of the eXperimental Computing Facility, a Berkeley campus organization. In June of that year, the two hinted at their intentions to write a free graphical image manipulation program as a means of giving back to the free software community. On November 21st, 20 years ago today, Peter Mattis announced the availability of the "General Image Manipulation Program" on Usenet (later "GNU Image Manipulation Program"). Over the years, GIMP amassed a huge amount of new features designed for all kinds of users and practical applications: general image editing, retouching and color grading, digital painting, graphic design, science imaging, and so on. To celebrate the 20th anniversary, there is an update of the current stable branch of GIMP. The newly released version 2.8.16 features support for layer groups in OpenRaster files, fixes for layer groups support in PSD, various user interface improvements, OSX build system fixes, translation updates, and more.

Submission + - Jolla Goes For Debt Restructuring (

jones_supa writes: Months after the smartphone company Jolla announced its split and intent to focus on Sailfish OS licensing, its financial situation has not improved. Jolla's latest financing round has been delayed and so they have had to file for debt restructuring in Finland. As part of that, the company is temporarily laying off a big part of its personnel. Jolla co-founder commented: "Our operating system Sailfish OS is in great shape currently and it is commercially ready. Unfortunately the development until this point has required quite a lot of time and money. To get out of this death valley we need to move from a development phase into a growth phase. At the same time we need to adapt our cost levels to the new situation. One of the main actions is to tailor the operating system to fit the needs of different clients. We have several major and smaller potential clients who are interested in using Sailfish OS in their projects."

Submission + - Julia Programming Language Receives $600k Donation

jones_supa writes: The Julia programming language has received a $600k donation from Moore Foundation. The foundation wants to get the language into a production version. This has a goal to create more efficient and powerful scientific computing tools to assist in data-driven research. The money will be granted over the next two years so the Julia Language team can move their core open computing language and libraries into the first production version. The Julia Language project aims to create a dynamic programming language that is general purpose but designed to excel at numerical computing and data science. It is especially good at running MATLAB and R style programs.

Submission + - Microsoft Open Sources "Visual Studio Code"

jones_supa writes: Microsoft has announced that they have open sourced Visual Studio Code. Not to be confused with the full-blown Visual Studio integrated development environment, Visual Studio Code is their more web-focused IDE based on GitHub's Atom text editor. Microsoft released the program earlier this year and they provide a native Linux version. Microsoft has opened up the source code under MIT license in GitHub and they are welcoming community contributions. The official announcement was made via the blog along with other updates made this month to Visual Studio Code.

Philosophy: A route of many roads leading from nowhere to nothing. -- Ambrose Bierce