Forgot your password?
typodupeerror

+ - Consumer Reports: New iPhones Not As Bendy As Believed->

Submitted by Anonymous Coward
An anonymous reader writes "Over the past several days, we've been hearing reports about some amount of users noticing that their brand new iPhone 6 Plus is bending in their pockets. The pictures and videos shown so far have kicked off an investigation, and Consumer Reports has done one of the more scientific tests so far. They found that the iPhone 6 Plus takes 90 pounds of pressure before it permanently deforms. The normal iPhone 6 took even less: 70 lbs. They tested other phones as well: HTC One (M8): 70 lbs, LG G3: 130 lbs, iPhone 5: 130 lbs, Samsung Galaxy Note 3: 150 lbs. The Verge also did a report on how Apple torture-tests its devices before shipping them. Apple's standard is about 55 lbs of pressure, though it does so thousands of times before looking for bends. One analysis suggests that Apple's testing procedure only puts pressure on the middle of the phone, which doesn't sufficiently evaluate the weakened area where holes have been created for volume buttons. Consumer Reports' test presses on the middle of the device as well."
Link to Original Source

+ - "Shellshock" may be partially patched, but it's still highly dangerous->

Submitted by operator_error
operator_error (1363139) writes "David A. Wheeler, a computer scientist who is an acknowledged expert in developing secure open-source code, posted a message to the Open Source Software Security (oss-sec) list this evening urging more changes to the bash code. And other developers have found that the current patch still has vulnerabilities similar to the original one, where an attacker could store malicious data in a variable named the same thing as frequently run commands. Norihiro Tanaka, a Japanese open-source developer, noted the problem in an e-mail to the bug-bash list today. By using an environmental variable called cat—the same name as a Unix utility that can concatenate files—he was able to bypass the fixes in the latest bash patch and pass through executable commands. Wheeler noted this vulnerability as well, in an email to both oss-sec and the bug bash list:

I appreciate the effort made in patch bash43-026, but this patch doesn't even BEGIN to solve the underlying shellshock problem. This patch just continues the "whack-a-mole" job of fixing parsing errors that began with the first patch. Bash's parser is certain have many many many other vulnerabilities; it was never designed to be security-relevant. John Haxby recently posted that "A friend of mine said this could be a vulnerability gift that keeps on giving.” Bash will be a continuous rich source of system vulnerabilities until it STOPS automatically parsing normal environment variables; all other shells just pass them through! I've turned off several websites I control because I have *no* confidence that the current official bash patches actually stop anyone, and I am deliberately *not* buying products online today for the same reason. I suspect others have done the same. I think it's important that bash change its semantics so that it "obviously has absolutely no problems of this kind".

In other words, “Shellshock” may be partially patched, but it’s still highly dangerous on systems that might use bash to pass information to the operating system or to launch other software. And it may take a significant change to fix the code."
Link to Original Source

+ - Underwater landslide may have doubled 2011 Japanese tsunami->

Submitted by sciencehabit
sciencehabit (1205606) writes "An underwater landslide the size of the Paris may have triggered the worst of the tsunami that struck Japan on 11 March 2011, a new study claims. In the new study, researchers worked back from details of the ocean surface motion recorded by gauges along the Japanese shore on the day of the earthquake. Much as sound waves can help the ear pinpoint the source of a gunshot and whether a small pistol or a large cannon fired it, tsunami waves carry the imprint of the ocean floor disturbance that created them. The team concludes that during the earthquake a slab of sediment 20 km by 40 km and up to 2 km thick slid about 300 meters down the steep slope of Japan Trench, “acting like a piston.”"
Link to Original Source

+ - Kids Reportedly Paid to Squat Overnight in Parking Spots at 'Fort Zuckerberg'

Submitted by theodp
theodp (442580) writes "Valleywag checks in on reports that squatters are being paid to hold parking spots for construction workers renovating Mark Zuckerberg's $10 million San Francisco "fixer-upper". People, usually in pairs, regularly sit in parked cars overnight near Zuckerberg's home on 21st street near Dolores Street, according to a neighbor of what has been dubbed 'Fort Zuckerberg.' CBS reports the young squatters, one of whom had what looked like a college textbook to study while they waited in the dark, claim they were hired by Zuckerberg to hold additional parking spots aside from the 4-5 allotted for construction vehicles during the morning. Zuckerberg's FWD.us PAC, you may recall, has been meeting with the White House on labor issues, and helping the White House with their efforts to connect with the Young and the Rich."

Comment: Sam Knows You (Score 2) 47

by operator_error (#37623700) Attached to: Europeans Needed To Create Broadband Performance Measure

samknows.eu is the URL. Which is sort of a creepy sign right there I think.

Volunteers will receive a purpose-built broadband measurement unit which can be plugged into the existing modem/router. This is called the SamKnows Whitebox.

Will these folks be blessed with any rights of immunity, against anything that is dug up? Might be a good method for a TOR onion router perhaps.

Comment: Re:Check your radios, folks (Score 1) 257

by operator_error (#37551002) Attached to: Teach Your Router New Tricks With DD-WRT

As a happy DD-WRT user for users, with many SO-HO routers and LANs to my name, I never buy any routers unless it shows up on the DD-WRT router support database first. To do anything less is probably a waste of time.

http://www.dd-wrt.com/site/support/router-database

BTW, how is this word actually pronounced? Does is sound like rowter or rooter? /troll

Comment: Re:Does this effect Flash 11 beta? (Score 2) 56

by operator_error (#37476876) Attached to: Adobe Pushes Emergency Flash Player Security Fix

Oh man, I hate replying to my own ./ post, but *that* ./ article headline and summary are completely false. If your read all the waaaay down to the bottom of TFA, on the linked-to slashdot piece, it says "Flash Player 11 and AIR 3 would be publicly available in early October, Adobe said in a statement." So no v11 Release happened at all.

Adobe specifically states "Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android.". Hope this info helps.

https://www.adobe.com/support/security/bulletins/apsb11-26.html

Comment: Re:Does this effect Flash 11 beta? (Score 1) 56

by operator_error (#37476820) Attached to: Adobe Pushes Emergency Flash Player Security Fix

Adobe released Flash 11 yesterday, so no need to use the beta anymore; and I'm assuming the security issue was addressed or the release wouldn't be happening.

http://apple.slashdot.org/story/11/09/21/1559246/Adobe-Releases-Flash-11-and-AIR-3

TFA specifically calls out Flash 10.3 though, not v11. Also the Flash 11 beta on Linux doesn't mention the new release at all. I am using Ubuntu and using the Flash Preferences (in System > Preferences), I am not informed of any actual new release. Maybe because I am in Europe and Adobe's CDN hasn't woken up yet? (ha ha). I clicked the Advanced tab, and then Updates > Check Now. My browser opens a page at adobe.com which tells me:

You have version 11,0,1,98 installed

Actually, I have Beta 2 installed from at least a week ago, not the Sept. 21 release.

Go Adobe! Go!

Comment: Re:I did the same thing. (Score 1) 835

by operator_error (#36982226) Attached to: Linus Torvalds Ditches GNOME 3 For Xfce

May I point out there's Linux Mint for Debian XFCE for us to consider? It looks (and sounds) like a nice workstation OS, based on Debian testing. Arguably, the Linux Mint devs are competing head to head with Canonical, using Debian, while keeping a steady eye on Ubuntu releases.

http://blog.linuxmint.com/?p=1725

FAQ # 2

2. Is Linux Mint switching to Debian?

No. Linux Mint is Linux Mint, it’s not based on anything per se. It provides different editions which include different upstream components. In regards to package bases and repositories, what’s happening today is that the Xfce edition of Linux Mint is switching two important things:

        It’s switching its package base from a frozen Ubuntu pool to the rolling Debian Testing branch.
        It’s switching its lightweight software selection to a more mainstream one.

Many people are unenthusiastic about their work.

Working...