Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Open Source

Linus Loves GPL, But Hates GPL Lawsuits (cio.com) 131

Long-time Slashdot reader sfcrazy writes: During LinuxCon, Torvalds was full of praise for GNU GPL: "The GPL ensures that nobody is ever going to take advantage of your code. It will remain free and nobody can take that away from you. I think that's a big deal for community management... FSF [Free Software Foundation] and I don't have a loving relationship, but I love GPL v2. I really think the license has been one of the defining factors in the success of Linux because it enforced that you have to give back, which meant that the fragmentation has never been something that has been viable from a technical standpoint."

And he thinks the BSD license is bad for everyone: "Over the years, I've become convinced that the BSD license is great for code you don't care about," Torvalds said.

But Linus also addressed the issue of enforcing the GPL on the Linux foundation mailing list when someone proposed a discussion of it at Linuxcon. "I think the whole GPL enforcement issue is absolutely something that should be discussed, but it should be discussed with the working title 'Lawyers: poisonous to openness, poisonous to community, poisonous to projects'... quite apart from the risk of loss in a court, the real risk is something that happens whether you win or lose, and in fact whether you go to court or just threaten: the loss of community, and in particular exactly the kind of community that can (and does) help. You lose your friends."
Privacy

Eavesdropping On Tinder: Researcher Demonstrates Man-in-the-Middle Attacks (hert.org) 16

An anonymous Slashdot reader writes: Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, "Not only we can eavesdrop on the conversation of two strangers, we can also change their reality." The attack can easily be extended to SMS, Whatsapp, iMessage and voice.
"At some point people exchange phone numbers and the Tinder convo stops. That's not a problem..." Zboralski explains, suggesting more ways to continue the man-in-the-middle exploits..

His article drew a response from Tinder, arguing they "employ several manual and automated mechanisms" to deter fake and duplicate profiles. But while they're looking for ways to improve, "ultimately, it is unrealistic for any company to positively validate the real-world identity of millions of users while maintaining the commonly expected level of usability."
Ubuntu

Ubuntu Linux 16.10 'Yakkety Yak' Beta 1 Now Available For Download (betanews.com) 89

An anonymous reader quotes a report from BetaNews: Today, the first beta of Ubuntu Linux 16.10 sees release. Once again, a silly animal name is assigned, this time being the letter "Y" for the horned mammal, "Yakkety Yak." This is also a play on the classic song "Yakety Yak" by The Coasters. Please be sure not to "talk back" while testing this beta operating system! "Pre-releases of the Yakkety Yak are not encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage. They are, however, recommended for Ubuntu flavor developers and those who want to help in testing, reporting and fixing bugs as we work towards getting this bos grunniens ready. Beta 1 includes a number of software updates that are ready for wider testing. These images are still under development, so you should expect some bugs," says Set Hallstrom, Ubuntu Studio project lead. He adds: "While these Beta 1 images have been tested and work, except as noted in the release notes, Ubuntu developers are continuing to improve the Yakkety Yak. In particular, once newer daily images are available, system installation bugs identified in the Beta 1 installer should be verified against the current daily image before being reported in Launchpad. Using an obsolete image to re-report bugs that have already been fixed wastes your time and the time of developers who are busy trying to make 16.10 the best Ubuntu release yet. Always ensure your system is up to date before reporting bugs." Here are the following download links: Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio.
Communications

Twitter Is Working On Anti-Harassment Keyword Filtering Tool, Says Report (bloomberg.com) 131

Twitter CEO Jack Dorsey has made it a top priority for company to limit hateful conduct. In late December 2015, for example, the company changed its rules to explicitly ban "hateful conduct" for the first time. A new report says Twitter is working to further curb the rise of hateful conduct as it is "working on a keyword-based tool that will let people filter the posts they see, giving users a more effective way to block out harassing and offensive tweets." Bloomberg reports: "The San Francisco-based company has been discussing how to implement the tool for about a year as it seeks to stem abuse on the site, said the people [familiar with the matter], who asked not to be identified because the initiative isn't public. By using keywords, users could block swear words or racial slurs, for example, to screen out offenders. The filtering tool could eventually become a moderator for any kind of content, the people said. For example, users could block a hashtag about an event they don't care to read about."
Democrats

Hillary Clinton Used BleachBit To Wipe Emails (neowin.net) 502

An anonymous reader quotes a report from Neowin: The open-source disk cleaning application, BleachBit, got quite a decent ad pitch from the world of politics after it was revealed lawyers of the presidential hopeful, Hillary Clinton, used the software to wipe her email servers. Clinton is currently in hot water, being accused of using private servers for storing sensitive emails. "[South Carolina Representative, Trey Gowdy, spoke to Fox News about Hillary Clinton's lawyers using BleachBit to wipe the private servers. He said:] 'She and her lawyers had those emails deleted. And they didn't just push the delete button; they had them deleted where even God can't read them. They were using something called BleachBit. You don't use BleachBit for yoga emails or bridesmaids emails. When you're using BleachBit, it is something you really do not want the world to see.'" Two of the main features that are listed on the BleachBit website include "Shred files to hide their contents and prevent data recovery," and "Overwrite free disk space to hide previously deleted files." These two features would make it pretty difficult for anyone trying to recover the deleted emails. Slashdot reader ahziem adds: The IT team for presidential candidate Hillary Clinton used the open source cleaning software BleachBit to wipe systems "so even God couldn't read them," according to South Carolina Rep. Trey Gowdy on Fox News. His comments on the "drastic cyber-measure" were in response to the question of whether emails on her private Microsoft Exchange Server were simply about "yoga and wedding plans." Perhaps Clinton's team used an open-source application because, unlike proprietary applications, it can be audited, like for backdoors. In response to the Edward Snowden leaks in 2013, privacy expert Bruce Schneier advised in an article in which he stated he also uses BleachBit, "Closed-source software is easier for the NSA to backdoor than open-source software." Ironically, Schneier was writing to a non-governmental audience. Have any Slashdotters had any experience with BleachBit? Specifically, have you used it for erasing "yoga emails" or "bridesmaids emails?"
Media

The Slashdot Interview With VideoLAN President and Lead VLC Developer Jean-Baptiste Kempf 38

You asked, he answered!

VideoLan President and Lead Developer of VLC Jean-Baptiste Kempf has responded to questions submitted by Slashdot readers. Read on to find out about the upcoming VideoLAN projects; how they keep VLC sustainable; what are some mistakes they wish they hadn't made; and what security challenges they face, among others!
AI

Amazon, NVIDIA and The CIA Want To Teach AI To Watch Us From Space (technologyreview.com) 59

An anonymous reader quotes a report from MIT Technology Review: Satellite operator DigitalGlobe is teaming up with Amazon, the venture arm of the CIA, and NVIDIA to make computers watch the Earth from above and automatically map our roads, buildings, and piles of trash. MIT Technology Review reports: "In a joint project, DigitalGlobe today released satellite imagery depicting the whole of Rio de Janeiro to a resolution of 50 centimeters. The outlines of 200,000 buildings inside the city's roughly 1,900 square kilometers have been manually marked on the photos. The SpaceNet data set, as it is called, is intended to spark efforts to train machine-learning algorithms to interpret high-resolution satellite photos by themselves. DigitalGlobe says the SpaceNet data set should eventually include high-resolution images of half a million square kilometers of Earth, and that it will add annotations beyond just buildings. DigitalGlobe's data is much more detailed than publicly available satellite data such as NASA's, which typically has a resolution of tens of meters. Amazon will make the SpaceNet data available via its cloud computing service. Nvidia will provide tools to help machine-learning researchers train and test algorithms on the data, and CosmiQ Works, a division of the CIA's venture arm In-Q-Tel focused on space, is also supporting the project." "We need to develop new algorithms for this data," says senior vice president at DigitalGlobe, Tony Frazier. He goes on to say that health and aid programs are to benefit from software that is able to map roads, bridges and various other infrastructure. The CEO of Descartes Labs, Mark Johnson, a "startup that predicts crop yields from public satellite images," says the data that is collected "should be welcome to startups and researchers," according to MIT Technology Review. "Potential applications could include estimated economic output from activity in urban areas, or guiding city governments on how to improve services such as trash collections, he says."
Data Storage

Intel Launches Flurry of 3D NAND-Based SSDs For Consumer and Enterprise Markets (hothardware.com) 138

MojoKid writes: Intel launched a handful of new SSD products today that cover a broad spectrum of applications and employ 3D NAND technology. The SSD 600p Series is offered in four capacities ranging from 128GB, to 256GB, 512GB and 1TB. The drivers are targeted at consumer desktops and notebooks and are available in the M.2 form-factor. The entry-level 128GB model offers sequential reads and writes of up to 770 MB/sec and 450 MB/sec respectively. At higher densities, the multi-channel 1TB model offers sequential reads and writes that jump to 1,800 MB/sec and 560 MB/sec respectively. The 128GB SSD 600p weighs in at $69, while the 1TB model is priced at $359, or about .36 cents per GiB. For the data center, Intel has also introduced the DC P3520 and DC S3520 Series SSDs in 2.5-inch and PCIe half-height card form-factors. Available in 450GB to 2TB capacities, the range-topping 2TB model offers random reads/writes of 1,700 MB/sec and 1,350 MB/sec respectively. Finally, Intel launched the SSD E 6000p (PCIe M.2) and SSD E 5420s Series (SATA). The former supports Core vPro processors and is targeted at point-of-sale systems and digital signage. The latter is aimed at helping customers ease the transition from HDDs to SSDs in IoT applications.
Medicine

The Big Short: Security Flaws Fuel Bet Against St. Jude (securityledger.com) 74

chicksdaddy writes: "Call it The Big Short -- or maybe just the medical device industry's 'Shot Heard Round The World': a report from Muddy Waters Research recommends that its readers bet against (or 'short') St. Jude Medical after learning of serious security vulnerabilities in a range of the company's implantable cardiac devices," The Security Ledger reports. "The Muddy Waters report on St. Jude's set off a steep sell off in St. Jude Medical's stock, which finished the day down 5%, helping to push down medical stocks overall. The report cites the 'strong possibility that close to half of STJ's revenue is about to disappear for approximately two years' as a result of 'product safety' issues stemming from remotely exploitable vulnerabilities in STJ's pacemakers, implantable cardioverter defibrillator (ICD), and cardiac resynchronization therapy (CRT) devices. The vulnerabilities are linked to St. Jude's Merlin at home remote patient management platform, said Muddy Waters. The firm cited research by MedSec Holdings Ltd., a cybersecurity research firm that identified the vulnerabilities in St. Jude's ecosystem. Muddy Waters said that the affected products should be recalled until the vulnerabilities are fixed. In an e-mail statement to Security Ledger, St. Jude's Chief Technology Officer, Phil Ebeling, called the allegations 'absolutely untrue.' 'There are several layers of security measures in place. We conduct security assessments on an ongoing basis and work with external experts specifically on Merlin at home and on all our devices,' Ebeling said."

More controversial: MedSec CEO Justine Bone acknowledged in an interview with Bloomberg that her company did not first reach out to St. Jude to provide them with information on the security holes before working with Muddy Waters. Information security experts who have worked with the medical device industry to improve security expressed confusion and dismay. "If safety was the goal then I think (MedSec's) execution was poor," said Joshua Corman of The Atlantic Institute and I Am The Cavalry. "And if profit was the goal it may come at the cost of safety. It seems like a high stakes game that people may live to regret."

Crime

US Unveils Charges Against KickassTorrents, Names Two More Defendants (arstechnica.com) 110

A total of three men are said to be operators of file-sharing site KickassTorrents (KAT), according to U.S. prosecutors. Last month, federal authorities arrested the 30-year-old Ukrainian mastermind of KAT, Artem Vaulin, and formally charged him with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. Two other Ukrainians were named in the new indictment (PDF): Levgen (Eugene) Kutsenko and Oleksander (Alex) Radostin. While only Vaulin has been arrested, bench warrants have been issue for the arrest of all three men. Ars Technica reports: "Prosecutors say the three men developed and maintained the site together and used it to 'generate millions of dollars from the unlawful distribution of copyright-protected media, including movies, [...] television shows, music, video games, computer software, and electronic books.' They gave out 'Reputation' and 'User Achievement' awards to users who uploaded the most popular files, including a special award for users who had uploaded more than 1,000 torrents. The indictment presents a selection of the evidence that the government intends to use to convict the men, and it isn't just simple downloads of the copyrighted movies. The government combed through Vaulin's e-mails and traced the bitcoins that were given to him via a 'donation' button."
Open Source

Princeton Researchers Announce Open Source 25-Core Processor (pcworld.com) 111

An anonymous reader writes: Researchers at Princeton announced at Hot Chips this week their 25-core Piton Processor. The processor was designed specifically to increase data center efficiency with novel architecture features enabling over 8,000 of these processors to be connected together to build a system with over 200,000 cores. Fabricated on IBM's 32nm process and with over 460 million transistors, Piton is one of the largest and most complex academic processors every built. The Princeton team has opened their design up and released all of the chip source code, tests, and infrastructure as open source in the OpenPiton project, enabling others to build scalable, manycore processors with potentially thousands of cores.
Government

Malware Sold To Governments Helped Them Spy on iPhones (washingtonpost.com) 31

One of the world's most evasive digital arms dealers is believed to have been taking advantage of three security vulnerabilities in popular Apple products in its efforts to spy on dissidents and journalists, reports The New York Times. (Editor's note: the link could be paywalled, here's an alternate source). From the report: Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target's mobile phone, was responsible for the intrusions. The NSO Group's software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user. In response, Apple on Thursday released a patched version of its mobile software, iOS 9.3.5. Users can get the patch through a normal software update.The Washington Post reports that these "zero-day" flaws were previously used by the governments to take over victims' phones by tricking them into clicking on a link to a text message. Motherboard says that this is the first time anyone has uncovered such an attack in the wild. "Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars."
Transportation

Singapore Launches World's First 'Self-driving' Taxi Service (theguardian.com) 60

Days before ride-hailing service Uber debuts its self-driving car in Pittsburgh, a company in Singapore has beaten Uber to the race. The Guardian reports: The world's first "self-driving" taxi service has been launched in Singapore -- albeit with a human backup driver and co-pilot on board for the time being. Members of the public selected to take part in the trial would be able to hail a free ride through their smartphones, said nuTonomy, an autonomous vehicle software startup. The cars -- modified Renault Zoe and Mitsubishi i-MiEV electrics -- had a driver in the front prepared to take back the wheel and a researcher in the back watching the car's computers, the company said. Each was fitted with Lidar, a laser-based detection system like radar. An Associated Press reporter taking a ride on Wednesday observed that the safety driver had to step on the brakes once, when a car was obstructing the test car's lane and another vehicle, which appeared to be parked, suddenly began moving in the oncoming lane. The service would start with six cars, growing to a dozen by the end of the year, said nuTonomy, adding that it aimed to have a fully self-driving taxi fleet in Singapore by 2018.
Social Networks

Researchers Create Algorithm That Diagnoses Depression From Your Instagram Feed (inverse.com) 84

An anonymous reader quotes a report from Inverse: Harvard University's Andrew Reece and the University of Vermont's Chris Danforth crafted an algorithm that can correctly diagnose depression, with up to 70 percent accuracy, based on a patient's Instagram feed alone. After a careful screening process, the team analyzed almost 50,000 photos from 166 participants, all of whom were Instagram users and 71 of whom had already been diagnosed with clinical depression. Their results confirmed their two hypotheses: first, that "markers of depression are observable in Instagram user behavior," and second, that "these depressive signals are detectable in posts made even before the date of first diagnosis." The duo had good rationale for both hypotheses. Photos shared on Instagram, despite their innocent appearance, are data-laden: Photos are either taken during the day or at night, in- or outdoors. They may include or exclude people. The user may or may not have used a filter. You can imagine an algorithm drooling at these binary inputs, all of which reflect a person's preferences, and, in turn, their well-being. Metadata is likewise full of analyzable information: How many people liked the photo? How many commented on it? How often does the user post, and how often do they browse? Many studies have shown that depressed people both perceive less color in the world and prefer dark, anemic scenes and images. The majority of healthy people, on the other hand, prefer colorful things. [Reece and Danforth] collected each photo's hue, saturation, and value averages. Depressed people, they found, tended to post photos that were more bluish, unsaturated, and dark. "Increased hue, along with decreased brightness and saturation, predicted depression," they write. The researchers found that happy people post less than depressed people, happy people post photos with more people in them than their depressed counterparts. and that depressed participants were less likely to use filters. The majority of "healthy" participants chose the Valencia filter, while the majority of "depressed" participants chose the Inkwell filter. Inverse has a neat little chart embedded in their report that shows the usage of Instagram filters between depressed and healthy users.
Operating Systems

Latest Windows 10 Update Breaks PowerShell (infoworld.com) 209

whoever57 writes: According to a report via InfoWorld, the latest Windows 10 update [KB 3176934] breaks Desired State Configuration (DSC) functionality in PowerShell. Some things that were broken in the prior update, such as support of many webcams and a freeze issue, don't appear to have been fixed in this update. Windows PowerShell Blog reported last night: "Due to a missing .MOF file in the build package, the update breaks DSC. All DSC operations will result in an 'Invalid Property' error. If you are using DSC from or on any Windows client, take the following steps: Uninstall the update if already installed [...]; If using WSUS, do not approve the update. Otherwise, Use Group Policy to set the 'Configure Automatic Updates' to '2 -- Notify for download and notify for install' [...] A fix for this issue will be included in the next Windows update which is due out 8/30/2016."
The Internet

MIT Scientists Develop New Wi-Fi That's 330% Faster (msn.com) 85

An anonymous reader quotes a report from MSN: Scientists at MIT claim to have created a new wireless technology that can triple Wi-Fi data speeds while also doubling the range of the signal. Dubbed MegaMIMO 2.0, the system will shortly enter commercialization and could ease the strain on our increasingly crowded wireless networks. Multiple-input-multiple-output technology, or MIMO, helps networked devices perform better by combining multiple transmitters and receivers that work simultaneously, allowing then to send and receive more than one data signal at the same time. MIT's MegaMIMO 2.0 works by allowing several routers to work in harmony, transmitting data over the same piece of spectrum. MIT claimed that during tests, MegaMIMO 2.0 was able to increase data transfer speed of four laptops connected to the same Wi-Fi network by 330 percent. Paper co-author Rahul said the technology could also be applied to mobile phone networks to solve similar congestion issues. "In today's wireless world, you can't solve spectrum crunch by throwing more transmitters at the problem, because they will all still be interfering with one another," Ezzeldin Hamed, lead author on a paper on the topic, told MIT News. "The answer is to have all those access points work with each other simultaneously to efficiently use the available spectrum."
Security

Over 25 Million Accounts Stolen After Mail.ru Forums Hacked (zdnet.com) 25

An anonymous reader writes: Over 25 million accounts associated with forums hosted by Russian internet giant Mail.ru have been stolen by hackers. Two hackers carried out attacks on three separate game-related forums in July and August. One forum alone accounted for almost half of the breached data -- a little under 13 million records; the other two forums making up over 12 million records. The databases were stolen in early August, according to breach notification site LeakedSource.com, which obtained a copy of the databases. The hackers' names aren't known, but used known SQL injection vulnerabilities found in older vBulletin forum software to get access to the databases. An analysis of the breached data showed that hackers took 12.8 million accounts from cfire.mail.ru; a total of 8.9 million records from parapa.mail.ru, and 3.2 million accounts from tanks.mail.ru. The hackers were able to obtain usernames, email addresses, scrambled passwords, and birthdays.
Android

Opera Brings Its Free VPN Service To Android (techcrunch.com) 26

Frederic Lardinois, writing for TechCrunch: Earlier this year, Opera launched its free and unlimited VPN service for iOS; today it is bringing the same functionality to Android. Like the iOS version, the Android app is based on Opera's acquisition of SurfEasy in 2015 and allows you to surf safely when you are on a public network. While Opera's marketing mostly focuses on safety, Opera VPN also allows you to appear as if you are in the U.S., Canada, Germany, Singapore and The Netherlands, so it's also a way to route around certain geo-restrictions without having to opt for a paid service. In addition to its VPN features, the service also allows you to block ad trackers. Somewhat ironically, though, the app itself will show you some pretty unintrusive ads. "The Opera VPN app for Android sets itself apart from other VPNs by offering a completely free service; without a data limit, no log-in required, advanced Wi-Fi protection features and no need for a subscription," says Chris Houston, the president of Opera's SurfEasy VPN division, in today's announcement.
Communications

Facebook Is Testing Autoplaying Video With Sound (thenextweb.com) 151

An anonymous reader writes: Facebook is testing a "feature" that autoplays video clips on your feed with sound. It's not a very big test, but there's a possibility the company could roll it out to a larger group of users. The Next Web reports: "The company is currently trying two methods of getting people to watch video with sound in Australia: the aforementioned autoplaying, and an unmute button on the lower right corner of videos, like Vine videos on a desktop. The latter certainly sounds more reasonable; the last thing you want is to be checking Facebook quickly during a meeting or class, and suddenly have your phone blaring out an advert because you happened to stop on a video. Thankfully, you can disable the 'feature' from your settings, but the point is there's nothing wrong with the current opt-in approach, especially considering how many companies are embracing video captioning, and that Facebook even has its own auto-caption tool for advertisers." "We're running a small test in News Feed where people can choose whether they want to watch videos with sound on from the start," a Facebook spokesperson told Mashable Australia. "For people in this test who do not want sound to play, they can switch it off in Settings or directly on the video itself. This is one of several tests we're running as we work to improve the video experience for people on Facebook."
Programming

20% of Scientific Papers On Genes Contain Conversion Errors Caused By Excel, Says Report (winbeta.org) 345

An anonymous reader writes from a report via WinBeta: A new report from scientists Mark Ziemann, Yotam Eren, and Assam El-Osta says that 20% of scientific papers on genes contain gene name conversion errors caused by Excel. In the scientific article, titled "Gene name errors are widespread in the scientific literature," article's abstract section, the scientists explain: "The spreadsheet software Microsoft Excel, when used with default settings, is known to convert gene names to dates and floating-point numbers. A programmatic scan of leading genomics journals reveals that approximately one-fifth of papers with supplementary Excel gene lists contain erroneous gene name conversions."

It's easy to see why Excel might have problems with certain gene names when you see the "gene symbols" that the scientists use as examples: "For example, gene symbols such as SEPT2 (Septin 2) and MARCH1 [Membrane-Associated Ring Finger (C3HC4) 1, E3 Ubiquitin Protein Ligase] are converted by default to '2-Sep' and '1-Mar', respectively. Furthermore, RIKEN identifiers were described to be automatically converted to floating point numbers (i.e. from accession '2310009E13' to '2.31E+13'). Since that report, we have uncovered further instances where gene symbols were converted to dates in supplementary data of recently published papers (e.g. 'SEPT2' converted to '2006/09/02'). This suggests that gene name errors continue to be a problem in supplementary files accompanying articles. Inadvertent gene symbol conversion is problematic because these supplementary files are an important resource in the genomics community that are frequently reused. Our aim here is to raise awareness of the problem."
You can view the scientific paper in its entirety here.

Slashdot Top Deals