Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - Easy to exploit critical BIND DoS bug affects all DNS->

mask.of.sanity writes: Attackers now have the ability to disrupt large swathes of the web through a remote denial of service vulnerability found in the most widely used software for DNS servers. The BIND bug (CVE-2015-5477) patched overnight affects all DNS servers running the software, and can be attacked with ease. Attackers can send a crafted DNS query packet to trigger a REQUIRE assertion failure, causing BIND to exit.
Link to Original Source

Comment Re:Good point, but Uber is a bad example (Score 1) 432

Uber is exposing a problem with how city agencies work. Dwight Waldo published a book called "The Administrative State" in 1948 that describes how this happens at the Federal level. But at the local level the legislature (town/city council) delegates making laws to the Taxi and Limousine commissions in these municipalities. These commissions, quite naturally, will tend make rules that keep out the competition. By creating rules that say things like Uber cannot stop for hails, they ensure medallion prices stay high. These rules are really laws that should be debated and enacted by the legislature with public input, not the taxi commission. The taxi commission has a conflict of interest.
Open Source

Ask Slashdot: Choosing the Right Open Source License 171

NicknamesAreStupid writes: I need to choose an open source license. I am developing an open source iOS application that use a significant number of other open source projects which, in turn, use a number of different open source licenses such as MPL/GPL, MIT, and BSD. I am also using sample code from Apple's developer site, which has their own terms of use. The code dependencies are such that my code would not be of much use without theirs. If this project is used, then it would be nice to pick a license that best fits in with this mashup. I am interested in maintaining the freedom of my code but do not want to create a catch-22 or make life hard for people who need to use this project for personal use or profit. My inclination is to use MIT's, as I have done so before. I asked an IP lawyer about this matter, and she replied (pro bono), "it probably doesn't matter." Of course, that advice was worth every penny. Moving away from legal issues and looking at this from a social perspective, which license would appeal most and offend least? I thought about no license but was warned (pro bono), "If you do not, then someone else may." Any suggestions?

Submission + - BBC reveals links censored by Google's Right To Be Forgotten->

Mark Wilson writes: Google's Right To Be Forgotten gives people the chance to request the removal of search results linking to pages that contain information they believe to be "inadequate, irrelevant or no longer relevant". Google says it rejects more requests than it complies with, but there is still concern that the company is not providing enough detail about what it is doing. There have been calls for greater transparency from the company about the censorship that is taking place.

The BBC has published a list of all of the stories from its own site that have been removed from Google search results. The corporation announced that it wanted to be clear with people about which links has been deleted and plans to update the list each month. It already extends to nearly 200 entries and the BBC explains that while the stories may no longer be shown by Google, they are still available uncensored on the BBC site.

Writing on the BBC Internet blog, Neil McIntosh says that the list was important to maintain the integrity of the BBC's online archives.

Link to Original Source

Submission + - Australia passes site-blocking legislation->

ausrob writes: Cementing their position as Australia's most backwards and dangerous government in recent memory comes this nasty bit of legislation, riddled with holes (which is nothing new for this decrepit Government): "The legislation allows rights holders to go to a Federal Court judge to get overseas websites, or "online locations", blocked that have the "primary purpose" of facilitating copyright infringement. If a rights holder is successful in their blocking request, Australian internet providers, such as Telstra and Optus, will need to comply with a judge's order by disabling access to the infringing location."
Link to Original Source

Submission + - British Government instituted 3-month deletion policy, apparently to evade FOIA->

An anonymous reader writes: In late 2004, weeks before Tony Blair’s Freedom of Information (FOI) act first came into force, Downing Street adopted a policy [http://www.ft.com/cms/s/0/d42d3c68-141d-11e5-abda-00144feabdc0.html — PAYWALLED] of automatically deleting emails more than three months old. The IT decision has resulted in a 'dysfunctional' system according to former cabinet officials, with Downing Street workers struggling to agree on the details of meetings in the absence of a correspondence chain. It is still possible to preserve an email by dragging it to local storage, but the relevance of mails may not be apparent at the time that the worker must make the decision to do so.

Former special adviser to Nick Clegg Sean Kemp said: "Some people delete their emails on an almost daily basis, others just try to avoid putting anything potentially interesting in an email in the first place,”

Link to Original Source

Submission + - Apple CORED: Boffins reveal password-killer 0days for iOS and OS X->

An anonymous reader writes: Six university researchers have revealed dangerous zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's keychain, break app sandboxes and bypass its App Store security checks so that attackers can steal passwords from any installed app including the native email client without being detected.

The team was able to upload malware to the Apple app store, passing the vetting process without triggering alerts that could raid the keychain to steal passwords for services including iCloud and the Mail app, and all those store within Google Chrome.

Lead researcher Luyi Xing says he and his team complied with Apple's request to withhold publication of the research for six months, but had not heard back as of the time of writing. [Paper] [video demos]

Link to Original Source

Submission + - NSA Planned to Hijack Google App Store to Hack Smartphones->

Advocatus Diaboli writes: "The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals. The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia."

"The newly published document shows how the agencies wanted to “exploit” app store servers – using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones."

Link to Original Source

Submission + - Linux Dev's Purported 4096 bit RSA Key Factored 1

An anonymous reader writes: A PGP subkey for Kernel developer Peter Anvin from a public Sks Keyserver was discovered to be divisible by 3. The weak key was discovered by a web service which calls itself the Phuctor which has since factored two other keys as a chews on an sks keyserver dump. Whether the key was generated weak or if it was strong before becoming corrupted on a keyserver it is extremely troubling that such a weak key representing such an important Linux developer could be served.

Submission + - Ask Slashdot best way to solve a unique networking issue

petro-tech writes: I work as a service technician, maintaining and repairing gas pumps and POS equipment.

In my day to day activities, one that consumes a ton of time and is relatively regular is the process of upgrading the software on pumps.
This is done by connecting to the pump via direct ethernet from my laptop, then running a manufacturer provided program that connects to the device and pushes the new software.

Some sites have 8+ pumps with 2 devices in each, and at 20-30 minutes apiece this can be quite time consuming.

Unfortunately the devices are not actually on a network, and as such cannot be updated remotely, also since they are not on a network, they are all configured with the same IP address. Additionally the software doesn't allow you to specify the adapter to use.

I would like to be able to get to a site, connect a cable to each pump, and load them all at the same time.

The only way I can figure to accomplish this with the software we've been provided is to do this:

Get a 16 port powered usb hub, with a usb-ethernet adaptor in each port. Set up 16 VM's with extremely stripped down XP running on each, with only one usb-ethernet adaptor assigned to each VM. Set xp to boot the application for loading software as its shell. and load each device that way at the same time.

Is there a better way to accomplish this?

Submission + - MenuetOS, an operating system written entirely in assembly, hits 1.0->

angry tapir writes: MenuetOS, a GUI-toting, x86-based operating system written entirely in assembly language that's super-fast and can fit on a floppy disk, has hit version 1.0 — after almost a decade and a half of development. (And yes, it can run Doom). I caught up with its developers to talk about the operating system and what comes next for it.
Link to Original Source

Submission + - DSLreports new bufferbloat test->

mtaht writes: While I have long advocated using professional tools like netperf-wrapper's rrul test suite to diagnose and fix your bufferbloat issues, there has long been a need for a simpler web based test for it. Now dslreports has incorporated bufferbloat testing in their speedtest. What sort of bloat do slashdot readers experience? Give the test a shot at http://www.dslreports.com/speedtest

Has anyone here got around to applying fq_codel against their bloat?

Link to Original Source

Submission + - Something Smells: Cities Use High Tech to Investigate Intrusive Odors 1

HughPickens.com writes: Kate Murphy reports at the NYT that local governments are beginning to regulate intrusive and unpleasant smells using high tech devices. If you time-traveled back 200 years or so, you’d likely scrunch up your nose because our forebears threw sewage out their windows, and the primary mode of transport — horses — relieved themselves in the streets. These days 'we have so reduced the level of background odor pollution, we are becoming more sensitive to anything we smell,” says Pamela Dalton, an olfactory researcher at Monell Chemical Senses Center, a nonprofit group in Philadelphia that studies smell and taste. In the past offenders were typically livestock operations and wastewater treatment plants, but more recently odor inspectors are getting calls about smells emanating from ethnic restaurants, coffee roasters and candle and bath shops. In an effort to be objective, a growing number of locales have begun using a device called a Nasal Ranger, which looks like a megaphone for the nose and measures the intensity of smells according to a so-called dilution ratio (PDF). An odor is considered intrusive if the average person can smell it when it is diluted with seven parts clean air — a decades-old threshold of stinky.

New York City received more than 10,000 odor complaints last year, many from residents upset about cooking smells wafting into their apartments from restaurants and coffeehouses — smells that might be pleasing when patronizing those same establishments. “A lot of it has to do with tolerance level in neighborhoods that are getting gentrified,” says Ben Siller. “People at lower socioeconomic levels may tolerate something much better than someone who moves into the same area and buys a house, sinks a fortune into remodeling and then goes out in the backyard and smells a pot grower, charbroiler, pet food manufacturer or something stinky like that.”

Don't sweat it -- it's only ones and zeros. -- P. Skelly

Working...