Apple

The Right To Repair Movement Is Forcing Apple To Change (vice.com) 165

The executive director of Repair.org says Apple has "decided to be nicer to consumers in order to stop them from demanding their right to repair," according to Motherboard. Slashdot reader Jason Koebler shared this article: It's increasingly looking like Apple can no longer ignore the repair insurgency that's been brewing: The right to repair movement is winning, and Apple's behavior is changing. In the last few months, Apple has made political, design, and customer service decisions that suggest the right to repair movement is having a real impact on the company's operations...

Apple has repeatedly made small concessions to its customers on the issues that Repair.org and the larger repair community have decided to highlight. The question is whether these concessions are going to be enough to satiate customers who want their devices to be easily repairable and upgradable, and whether the right to repair movement can convince those people to continue demanding fair treatment.

The article notes that at least 12 U.S. states are still considering "fair repair" laws, which would force Apple to sell replacement parts to both independent repair shops and the general public.
Debian

Debian 9 (Stretch) Will Be Released Today (twitter.com) 196

The Debian Project has been liveblogging today's release of Debian 9 (Stretch) using the Twitter hashtag #releasingstretch. Some of the announcements:
  • The oldstable suite (wheezy) has now been renamed to oldoldstable
  • Debian jessie now been renamed to oldstable!
  • The Debian stretch suites have now been renamed to stable!
  • The draft debian-devel-announce post is ready, archive docs are being cleaned up

This release is named after that purple octopus in Toy Story 3, and more tantalizing tidbits of information keep appearing on Debian's micronews site:

  • At least 1436 people and 18 teams contributed to Debian in 2017
  • Stretch has 25,357 source packages with 9,808,465 source files
  • There were 13 different themes proposed to be the official Debian stretch theme
  • Debian Stretch ships with the free mathematical software SageMath, you can install it with apt
  • During the stretch development, 101 contributors became Debian Developers, and 94 more become Debian Maintainers
  • Debian Stretch will ship with the first release of the Debian Astro Pure Blend [for astronomers]
  • Debian Popularity Contest gathers anonymous statistics about Debian packages usage from about 195,000 reports

Security

What Happens When Software Companies Are Liable For Security Vulnerabilities? (techbeacon.com) 221

mikeatTB shares an article from TechRepublic: Software engineers have largely failed at security. Even with the move toward more agile development and DevOps, vulnerabilities continue to take off... Things have been this way for decades, but the status quo might soon be rocked as software takes an increasingly starring role in an expanding range of products whose failure could result in bodily harm and even death. Anything less than such a threat might not be able to budge software engineers into taking greater security precautions. While agile and DevOps are belatedly taking on the problems of creating secure software, the original Agile Manifesto did not acknowledge the threat of vulnerabilities as a problem, but focused on "working software [as] the primary measure of progress..."

"People are doing exactly what they are being incentivized to do," says Joshua Corman, director of the Cyber Statecraft Initiative for the Atlantic Council and a founder of the Rugged Manifesto, a riff on the original Agile Manifesto with a skew toward security. "There is no software liability and there is no standard of care or 'building code' for software, so as a result, there are security holes in your [products] that are allowing attackers to compromise you over and over." Instead, almost every software program comes with a disclaimer to dodge liability for issues caused by the software. End-User License Agreements (EULAs) have been the primary way that software makers have escaped liability for vulnerabilities for the past three decades. Experts see that changing, however.

The article suggests incentives for security should be built into the development process -- with one security professional warning that in the future, "legal precedent will likely result in companies absorbing the risk of open source code."
The Almighty Buck

Venezuelans Flock To Cryptocoins Amid Spiralling Inflation (bloomberg.com) 127

An anonymous reader quotes Bloomberg: Demand for digital coins is soaring in Venezuela amid an escalating political crisis that has protesters demanding that President Nicolas Maduro step down. Inflation has spiraled to the triple digits, debasing the bolivar and depleting savings, while citizens struggle to find everything from food to medicine on store shelves. "If you're going to be in something volatile, you might as well be in something that's volatile and rising than volatile and falling," says Ryan Taylor, chief executive officer of crypto currency Dash Core, the third-largest digital coin by number of transactions... Bitcoin trading volume in Venezuela jumped to $1.3 million this week, about double the amount that changed hands two months ago, according to LocalBitcoins.com...

Venezuela's currency has become nearly worthless in the black market, where it takes more than 6,000 bolivars to buy $1, while bitcoin surged 53 percent in the past month alone. But it's not just about shielding against the falling bolivar, as some Venezuelans are using crypto currencies to buy and sell everyday goods and services, according to Jorge Farias, the CEO of Cryptobuyer.

Software

Announcing 'build', Auto-Configuration In 1000 Lines Of Makefile (github.com) 103

Christophe de Dinechin created the XL programming language -- and as descubes he's also Slashdot reader #35,093. Today he shares his latest project, a simple makefile-based build system that he's split from ELFE/XL: Most open-source projects use tools such as autoconf and automake. For C and C++ projects, build is a make-based alternative that offers auto-configuration, build logs, colorization, testing and install targets, in about 1000 lines of makefile. A sample makefile looks like this:

BUILD=./
SOURCES=hello.cpp
PRODUCTS=hello.exe
CONFIG= <stdio.h> <iostream> clearenv libm
TESTS=product
include $(BUILD)rules.mk


Microsoft

Microsoft Will Disable WannaCry Attack Vector SMBv1 Starting This Fall (bleepingcomputer.com) 73

An anonymous reader writes: Starting this fall, with the public launch of the next major Windows 10 update — codenamed Redstone 3 -- Microsoft plans to disable SMBv1 in most versions of the Windows operating systems. SMBv1 is a three-decades-old file sharing protocol that Microsoft has continued to ship "enabled by default" with all Windows OS versions.

The protocol got a lot of attention recently as it was the main infection vector for the WannaCry ransomware. Microsoft officially confirmed Tuesday that it will not ship SMBv1 with the Fall Creators Update. This change will affect only users performing clean installs, and will not be shipped as an update. This means Microsoft decision will not affect existing Windows installations, where SMBv1 might be part of a critical system.

Movies

Studio-Defying VidAngel Launches New Video-Filtering Platform (yahoo.com) 201

Last December VidAngel fought three Hollywood studios in court for the right to stream filtered versions of movies. Now fogez reports that "they have come up with a new tactic in their attempts to bring filtering choice into the streaming media equation. Instead of leveraging the legal loophole that landed them in court, VidAngel is now going to insert themselves as a filtering proxy for services like Netflix and Amazon." From the Hollywood Reporter: Its new $7.99 per month service piggybacks on users' streaming accounts. Customers log into the VidAngel app, link it to their other accounts and then filter out the language, nudity and violence in that content to their heart's desire... "Out of the gate we'll be supporting Netflix and Amazon and HBO through Amazon channels," says Harmon, adding that Hulu, iTunes and Vudu will follow... Harmon says it remains to be seen if the studios will fight VidAngel's new platform, but his biggest concern is how Amazon and Netflix will respond. He says his company has reached out to the streamers, and he hopes they'll raise any concerns through conversation instead of litigation... "VidAngel's philosophy is very libertarian," he says. "Let directors create what they want, and let viewers watch how they want in their own home. That kind of philosophy respects the views of both parties."
The original submission describes the conflict as a "freedom of choice versus Hollywood."
Displays

Xerox Alto Designer, Co-Inventor Of Ethernet, Dies at 74 (arstechnica.com) 96

An anonymous reader quotes Ars Technica: Charles Thacker, one of the lead hardware designers on the Xerox Alto, the first modern personal computer, died of a brief illness on Monday. He was 74. The Alto, which was released in 1973 but was never a commercial success, was an incredibly influential machine... Thomas Haigh, a computer historian and professor at the University of Wisconsin, Milwaukee, wrote in an email to Ars, "Alto is the direct ancestor of today's personal computers. It provided the model: GUI, windows, high-resolution screen, Ethernet, mouse, etc. that the computer industry spent the next 15 years catching up to. Of course others like Alan Kay and Butler Lampson spent years evolving the software side of the platform, but without Thacker's creation of what was, by the standards of the early 1970s, an amazingly powerful personal hardware platform, none of that other work would have been possible."
In 1999 Thacker also designed the hardware for Microsoft's Tablet PC, "which was first conceived of by his PARC colleague Alan Kay during the early 1970s," according to the article. "I've found over my career that it's been very difficult to predict the future," Thacker said in a guest lecture in 2013. "People who tried to do it generally wind up being wrong."
Classic Games (Games)

Original Colossal Cave Adventure Now Playable On Alexa (amazon.com) 36

Last month Eric Raymond announced the open sourcing of the world's very first text adventure. Now Slashdot reader teri1337 brings news about their own special project: A few old-timers here may recall with fond memories the phrase "Somewhere nearby is Colossal Cave..." Well, a voice-playable version of Colossal Cave "Adventure" is now available on Amazon Echo devices as a [free] Alexa Skill. This is a port of the original 1976 text adventure game written by Willie Crowther and Don Woods, which started the interactive fiction genre and led to later games like Infocom's Zork. This version was written from scratch as an AWS Lamda function incorporating the original 350-point game database, and made available with permission from Don Woods.
The Military

Pentagon Cyberweapons 'Disappointing' Against ISIS (nytimes.com) 118

An anonymous reader quotes the New York Times: It has been more than a year since the Pentagon announced that it was opening a new line of combat against the Islamic State, directing Cyber Command, then six years old, to mount computer-network attacks... "In general, there was some sense of disappointment in the overall ability for cyberoperations to land a major blow against ISIS," or the Islamic State, said Joshua Geltzer, who was the senior director for counterterrorism at the National Security Council until March. "This is just much harder in practice than people think..."

Even one of the rare successes against the Islamic State belongs at least in part to Israel, which was America's partner in the attacks against Iran's nuclear facilities. Top Israeli cyberoperators penetrated a small cell of extremist bombmakers in Syria months ago, the officials said. That was how the United States learned that the terrorist group was working to make explosives that fooled airport X-ray machines and other screening by looking exactly like batteries for laptop computers... The information helped prompt a ban in March on large electronic devices in carry-on luggage on flights from 10 airports in eight Muslim-majority countries to the United States and Britain.

Citing military officials, the Times also reports that "locking Islamic State propaganda specialists out of their accounts -- or using the coordinates of their phones and computers to target them for a drone attack -- is now standard operating procedure."
Government

Snowden's Former Employer Under Criminal Investigation For Fraudulent Billing (boozallen.com) 45

McGruber writes: Booz Allen Hamilton, the contracting firm that was Edward Snowden's employer when he leaked classified information from the NSA has announced that it is under a federal civil and criminal investigation of its billing practices. The disclosure in a regulatory filing sent shares of parent company Booz Allen Hamilton Holding Corp. tumbling $7.33, or 18.6 percent, to $32 in Friday trading.
Medicine

Research Suggests Effects of Shift Work or Jet Lag On Our Body Clocks Can Be Reduced By Simply Changing Meal Times (qz.com) 51

Jonathan Johnston reports via Quartz: Around one in five people in Western countries could be putting their health at risk simply by going to work. This is because working shifts outside of the rest of the population's normal hours has been linked to obesity, diabetes, heart disease, cancer and even declines in brain function. Scientists think this is because our bodies are programmed to run on cycles known as circadian rhythms, and changes in our routine caused by shift work or traveling long distances disrupts those rhythms. But our new research suggests that the effects of shift work or jet lag on our body clocks could be reduced simply by changing the times at which people eat. The key to this theory is the idea that each person doesn't just have a single body clock but rather a complex network of billions of cellular clocks found throughout the body. In humans and other mammals, there is a master clock within a region of the brain called the suprachiasmatic nuclei (SCN) and many peripheral clocks found elsewhere. For our research, we wanted to see how one aspect of this approach -- changing meal times -- affected circadian rhythms. We found that delaying meals by a certain amount caused a similar shift in some peripheral clocks, without changing the master clock. This is important because research in animals suggests peripheral clocks take longer to adjust to a new routine.
The Almighty Buck

Air Force Budget Reveals How Much SpaceX Undercuts Launch Prices (arstechnica.com) 97

An anonymous reader quotes a report from Ars Technica: In 2014, the U.S. Government Accountability Office issued a report on cost estimates for the U.S. Air Force's program to launch national security payloads, which at the time consisted of a fleet of rockets maintained and flown entirely by United Launch Alliance (ULA). The report was critical of the non-transparent nature of ULA's launch prices and noted that the government "lacked sufficient knowledge to negotiate fair and reasonable launch prices" with the monopoly. At around the same time, the new space rocket company SpaceX began to aggressively pursue the opportunity to launch national security payloads for the government. SpaceX claimed to offer a substantially lower price for delivering satellites into various orbits around Earth. But because of the lack of transparency, comparing prices was difficult. The Air Force recently released budget estimates for fiscal year 2018, and these include a run out into the early 2020s. For these years, the budget combines the fixed price rocket and ELC contract costs into a single budget line. (See page 109 of this document). They are strikingly high. According to the Air Force estimate, the "unit cost" of a single rocket launch in fiscal year 2020 is $422 million, and $424 million for a year later. SpaceX sells basic commercial launches of its Falcon 9 rocket for about $65 million. But, for military launches, there are additional range costs and service contracts that add tens of millions of dollars to the total price. It therefore seems possible that SpaceX is taking a loss or launching at little or no profit to undercut its rival and gain market share in the high-volume military launch market. Elon Musk retweeted the article, adding "$300M cost diff between SpaceX and Boeing/Lockheed exceeds avg value of satellite, so flying with SpaceX means satellite is basically free."
China

Chinese Satellite Breaks Distance Record For Quantum-Key Exchange (sciencemag.org) 42

slew writes: Science Magazine reports a team of physicists using the Chinese Micius satellite (launched back in August 2016) have sent quantum-entangled photons from a satellite to ground stations separated by 1200 kilometers, smashing the previous world record. Sending entangled photons through space instead of optical fiber networks with repeaters has long been the dream of those promoting quantum-key exchange for modern cryptography. Don't hold your breath yet, as this is only an experiment. They were only able to recover about 1000 photons out of about 6 billion sent and the two receiving stations were on Tibetan mountains to reduce the amount of air that needed to be traversed. Also the experiment was done at night to minimize interference from the sun. Still, baby steps... Next steps for the program: a bigger satellite for more power and moving to quantum teleportation instead of simple key exchange. The results of the experiment were published in the journal Science.

Slashdot Top Deals