Forgot your password?
typodupeerror

Submission Summary: 0 pending, 2 declined, 1 accepted (3 total, 33.33% accepted)

+ - Studies Conclude Hands-free-calling & Apple Siri Distract Drivers->

Submitted by operator_error
operator_error (1363139) writes "In many cars, making a hands-free phone call can be more distracting than picking up your phone, according to a new study from AAA and the University of Utah.

In-dash phone systems are overly complicated and prone to errors, the study found, and the same is true for voice-activated functions for music and navigation.

A companion study also found that trying to use Siri — the voice control system on Apple phones — while driving was dangerously distracting. Two participants in the study had virtual crashes in an automotive simulator while attempting to use Siri, the study's authors reported.

In response, Toyota said the study did not show a link between cognitive distraction and car crashes.

"The results actually tell us very little about the relative benefits of in-vehicle versus hand-held systems; or about the relationship between cognitive load and crash risks," said Mike Michels, a Toyota spokesman."

Link to Original Source

+ - "Shellshock" may be partially patched, but it's still highly dangerous->

Submitted by operator_error
operator_error (1363139) writes "David A. Wheeler, a computer scientist who is an acknowledged expert in developing secure open-source code, posted a message to the Open Source Software Security (oss-sec) list this evening urging more changes to the bash code. And other developers have found that the current patch still has vulnerabilities similar to the original one, where an attacker could store malicious data in a variable named the same thing as frequently run commands. Norihiro Tanaka, a Japanese open-source developer, noted the problem in an e-mail to the bug-bash list today. By using an environmental variable called cat—the same name as a Unix utility that can concatenate files—he was able to bypass the fixes in the latest bash patch and pass through executable commands. Wheeler noted this vulnerability as well, in an email to both oss-sec and the bug bash list:

I appreciate the effort made in patch bash43-026, but this patch doesn't even BEGIN to solve the underlying shellshock problem. This patch just continues the "whack-a-mole" job of fixing parsing errors that began with the first patch. Bash's parser is certain have many many many other vulnerabilities; it was never designed to be security-relevant. John Haxby recently posted that "A friend of mine said this could be a vulnerability gift that keeps on giving.” Bash will be a continuous rich source of system vulnerabilities until it STOPS automatically parsing normal environment variables; all other shells just pass them through! I've turned off several websites I control because I have *no* confidence that the current official bash patches actually stop anyone, and I am deliberately *not* buying products online today for the same reason. I suspect others have done the same. I think it's important that bash change its semantics so that it "obviously has absolutely no problems of this kind".

In other words, “Shellshock” may be partially patched, but it’s still highly dangerous on systems that might use bash to pass information to the operating system or to launch other software. And it may take a significant change to fix the code."
Link to Original Source

+ - Nokia announces MeeGo 1.2 for Developers w/ N900->

Submitted by operator_error
operator_error (1363139) writes "Jukka Eklund at Nokia writes to the Meego Dev list: "I am thrilled to announce a little thing we started at Nokia. Basically we want to have MeeGo running in N900 device, so that it's really usable as your daily development device. Basic Handset UX should work, phone calls, SMS, web browsing. So we are concentrating on a few selected features and polish those to be "perfect". It might mean that we leave out some things in MeeGo 1.2 trunk for this edition, but that is not the default intention.

We are doing this fully on the open, and I hope this is an interesting project where we all in the community work towards the same goal: have a great MeeGo edition in the N900. This work is naturally based on the great work done already by N900 adaptation team lead by Harri and Carsten.

The wiki is up here: http://wiki.meego.com/ARM/N900/DeveloperEdition. It will populated with more information as we go, thanks for the patience.

Br,
Jukka
Developer Edition product manager" ...Also folks, be sure to stay tuned for the new Nokia N950 meant only as a (likely) unsubsidized Developer's hardware refresh of the N900. Only rumor has it that it will not arrive with a slide-out keyboard. How important is having a N900-style keyboard to you, along with the new Meego Love Nokia software continues to offer?"

Link to Original Source

Scientists will study your brain to learn more about your distant cousin, Man.

Working...