Leap Towards a Career in Ethical Hacking with 60+ Hours of Prep Toward CISM, CISA, & More Certification Exams at 95% off ×
Android

Op-ed: Oracle Attorney Says Google's Court Victory Might Kill the GPL (arstechnica.com) 139

Annette Hurst, an attorney at Orrick, Herrington & Sutcliffe who represented Oracle in the recent Oracle v. Google trial, has written an opinion piece for Ars Technica in which he urges developers and creators to not celebrate Google's win in the hard-fought copyright case as the decision -- if remains intact -- is poised to make them "suffer" everywhere and also the free software movement itself "now faces substantial jeopardy." As you're aware, in a verdict earlier this week, a federal court announced that Google's Android operating system didn't infringe on Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." Hurst writes: No business trying to commercialize software with any element of open software can afford to ignore this verdict. Dual licensing models are very common and have long depended upon a delicate balance between free use and commercial use. Royalties from licensed commercial exploitation fuel continued development and innovation of an open and free option. The balance depends upon adherence to the license restrictions in the open and free option. This jury's verdict suggests that such restrictions are now meaningless, since disregarding them is simply a matter of claiming "fair use." It is hard to see how GPL can survive such a result. In fact, it is hard to see how ownership of a copy of any software protected by copyright can survive this result. Software businesses now must accelerate their move to the cloud where everything can be controlled as a service rather than software. Consumers can expect to find decreasing options to own anything for themselves, decreasing options to control their data, decreasing options to protect their privacy.
Crime

FBI Raids Dental Software Researcher Who Found Patient Records On Public Server (dailydot.com) 119

blottsie writes: Yet another security researcher is facing possible prosecution under the CFAA for accessing data on a publicly accessible server. The FBI on Tuesday raided Texas-based dental software security researcher Justin Shafer, who found the protected health records of 22,000 patients stored on an anonymous FTP. "This is a troubling development. I hope the government doesn't think that accessing unsecured files on a public FTP server counts as an unauthorized access under the CFAA," Orin Kerr, a George Washington University law professor and CFAA scholar told the Daily Dot. "If that turns out to be the government's theory -- which we don't know yet, as we only have the warrant so far -- it will be a significant overreach that raises the same issues as were briefed but not resolved in [Andrew 'weev' Auernheimer's] case. I'll be watching this closely." It was also reported this week via The Intercept that a provision snuck into the still-secret text of the Senate's annual intelligence authorization that would give the FBI the ability to demand individuals' email data and possibly web-surfing history from their service providers using those beloved 'National Security Letters' -- without a warrant and in complete secrecy.
Microsoft

Microsoft May Ban Your Favorite Password (securityweek.com) 232

wiredmikey writes from a report via SecurityWeek.Com: Microsoft is taking a step to better protect users by banning the use of weak and commonly-used passwords across its services. Microsoft has announced that it is dynamically banning common passwords from Microsoft Account and Azure Active Directory (AD) system. In addition to banning commonly used passwords to improve user account safety, Microsoft has implemented a feature called smart password lockout, meant to add an extra level of protection when an account is attacked. [Alex Weinert, Group Program Manager of Azure AD Identity Protection team explains in a blog post that] Microsoft is seeing more than 10 million accounts being attacked each day, and that this data is used to dynamically update the list of banned passwords. This list is then used to prevent people from choosing a common or similar password. Microsoft's new feature comes after last week's leak of 117 million LinkedIn credentials.
Open Source

Ask Slashdot: Have You Migrated To Node.js? 340

A developer maintaining his company's "half-assed LAMP / WordPress stack pipeline for web and web application development" is considering something more scalable that could eventually be migrated into the cloud. Qbertino asks Slashdot: Have you moved from LAMP (PHP) to Node.js for custom product development and if so, what's your advice? What downsides of JS on the server and in Node.js have a real-world effect? Is callback hell really a thing? And what is the state of free and open-source Node products...? Is there any trend inside the Node.js camp on building a platform and CMS product that competes with the PHP camp whilst maintaining a sane architecture, or is it all just a ball of hype with a huge mess of its own growing in the background, Rails-style?
Condensing Qbertino's original submission: he wants to be able to quickly deliver "pretty, working, and half-way reliable products that make us money" -- and to build a durable pipeline. So leave your educated opinions in the comments. What did you experience moving to Node.js?
EU

Did A German Nuclear Plant Intentionally Leak Radioactive Waste? (thelocal.de) 133

mdsolar shares this report from a Berlin news site: A former engineer at one of Germanyâ(TM)s nuclear reactors has made an astonishing claim: that the plant intentionally pumped radioactive waste into the atmosphere in 1986. Speaking to the Westfalischer Anzeiger, 83-year-old retired engineer Hermann Schollmeyer apparently decided it was time to come clean, three decades after the incident he describes.

The official story had always been that radioactive waste was unintentionally leaked into the air at the THTR reactor in Hamm in May 1986, the western German newspaper reports. But Schollmeyer now claims that the plant used the cover of the Chernobyl -- which had released a cloud of radioactive waste over western Europe -- to pump their own waste into the atmosphere, believing no one would notice.

"It was done intentionally," Schollmeyer said. "We had problems at the plant and I was present at a few of the meetings."

AI

Ask Slashdot: Can You Have A Smart Home That's Not 'In The Cloud'? 183

With the announcement of Google Home on Wednesday, one anonymous Slashdot reader asks a timely question about cloud-based "remote control" services that feed information on your activities into someone else's advertising system: In principle, this should not be the case, but it is in practice. So how hard is it, really, to do 'home automation' without sending all your data to Google, Samsung, or whoever -- just keep it to yourself and share only what you want to share?

How hard would it be, for instance, to hack a Nest thermostat so it talks to a home server rather than Google? Or is there something already out there that would do the same thing as a Nest but without 'the cloud' as part of the requirement? Yes, a standard programmable thermostat does 90% of what a Nest does, but there are certain things that it won't do like respond to your comings and goings at odd hours, or be remotely switchable to a different mode (VPN to your own server from your phone and deal with it locally, perhaps?) Fundamentally, is there a way to get the convenience and not expose my entire life and home to unknown actors who by definition (read the terms of service) do not have my best interest in mind?

Yesterday one tech company asked its readers, "What company do you trust most to always be listening inside your home?" The winner was "nobody", with 63% of the votes -- followed by Google with 16%, and Apple with 13%. (Microsoft scored just 3%, while Amazon scored 2%.) So share your alternatives in the comments. What's the best way to set up home automation without sending data into the cloud?
Android

Android Wear 2.0 Gets A Keyboard, Standalone Apps, Activity Recognition, New UI (techcrunch.com) 31

An anonymous reader writes: Google unveiled the biggest update to Android Wear yet at Google I/O -- Android Wear version 2.0. Google VP of Engineering for Android Wear David Singleton said the new version represents a "holistic pass across the design of the whole system" and focuses on providing users more glanceable information, improved messaging tools (including support for keyboards, handwriting recognition and smart replies), as well as new fitness and wellness features. The design features improved Material Design aesthetics with an emphasis on color. By default, the navigation drawer is always at the top of the screen and notifications themselves will always show up at the bottom. Android Wear 2.0 features standalone apps that communicate directly over the Internet via Bluetooth, Wi-Fi, or cellular. Apps are no longer exclusively relying on a tethered phone or cloud syncing. There's a Complications API, which allows developers to pass raw data to watch faces. Wear 2.0 adds two new input methods: a swipe-style keyboard for typing and a handwriting recognition mode to sketch letters on your watch's screen to spell out messages. There have also been various Google Fit-related improvements to make Android Wear watches better fitness trackers. Android Wear 2.0 is available today as a developer preview, with the finished product being released this fall.
Cloud

Google Turns Firebase Into Its Unified Platform For Mobile Developers (techcrunch.com) 11

An anonymous reader writes: Google has announced a plethora of new features to Firebase, its cloud services provider that mobile developers can use to power their apps. TechCrunch reports: "In its previous incarnation, Firebase was somewhat similar to Facebook's now-defunct Parse in that it offered a database service, user authentication features and hosting tools. In this new version, Firebase takes many of Google's existing developer tools, like Google Cloud Messaging, and combines them with new and existing Firebase services. With this update, Google is turning Firebase into a unified app platform for its now 470,000 developers on the service (up from 110,000 when it acquired Firebase)." The new Firebase features deeply integrated analytics services, allowing developers to track specific parts of their apps with fine-grained events. Firebase can build audience segments and allow developers to analyze their behavior in even more detail than before, and view how their advertising campaigns are performing. With these audience segments, developers can make remote configuration changes in apps and take advantage of Firebase's new notifications system. This feature is based on Google Cloud Messaging, which is now changing its name to Firebase Cloud Messaging. Google is offering all Firebase users free and unlimited notifications with support for iOS, Android and the Web. They're also integrating its Cloud Test Lab into Firebase for testing mobile apps on real hardware, renaming it the Firebase Test Lab. Other new features include crash reporting, the ability to create dynamic deep links into your app, Firebase Invites for allowing app users to share referral codes, Firebase App Indexing for bringing app content into Google Search, and integration with Google's AdWords and AdMob advertising platforms. Last but not least, Google is introducing new pricing plans for Firebase, including a new free plan, a fixed-rate plan, and a pay-as-you go plan.
Google

Google Assistant and Google Home: Amazon Echo, But From Google (arstechnica.com) 80

At its developer conference I/O, Google on Wednesday unveiled Google Home, a small round gadget with microphones and speakers that listens and responds to your questions and commands. As you may have guessed, Google Home will compete with Amazon Echo. The company also announced Assistant. Ars Technica reports: Google's conversational assistant is in the same vein as Cortana and Siri, Google Assistant. Google Assistant will be on phones and wearables too, and Google says that it will be better at picking out the context of what you're doing than any of the competitors. As an example, when standing near Cloud Gate, better known as The Bean, in Chicago, you can ask Google Assistant "Who designed this?" Based on your location alone, Assistant will understand that you're probably referring to the large shiny sculpture in front of you, and answer "Anish Kapoor."The Google Home will be available for purchase later this year. CNET has more details.
Cloud

Amazon Introduces $20 Dash-Like Button For IoT (slashgear.com) 52

An anonymous reader shares a Slashgear article: Amazon has revealed a programmable Dash Button which can be assigned to any product or purpose, a customizable version of its one-touch reordering gadgets. The AWS IoT Button looks just like the existing Dash Buttons, which allow products from more than 100 brands to be ordered with a single tap -- no web browser required -- and delivered to a preset address, but is designed for developers and Internet of Things tinkerers to dig into. So, rather than having a new multipack of toilet rolls, or a fresh box of laundry detergent added to your shopping list, the AWS IoT Button could be used to trigger your lights, integrate with popular APIs from Twitter, Slack, Facebook, or others, or summon a car through Uber.It appears Amazon has already sold out its current batch.
Transportation

Hyperloop One Technology Tested Successfully In Nevada Desert 100

Dave Knott quotes a report from CBC.ca: Hyperloop One (formerly known as Hyperloop Technologies) conducted a successful test of its high speed transportation technology Wednesday in the desert outside Las Vegas. The seconds-long, outdoor demonstration featured what appeared to be a blip of metal gliding across a small track before disappearing into a cloud against the desert landscape. A fully operational hyperloop would whisk passengers and cargo in pods through a low pressure tube at speeds of up to 1,207 kph (750 mph). Maglev technology would levitate the pods to reduce friction in the city-to-city system, which would be fully autonomous and electric powered. A day earlier, the company had announced the closing of $80 million in financing and said it plans to conduct a full system test before the end of the year.
GNOME

Fedora Project Releases Fedora 24 Beta; Stable Version Comes Next Month (betanews.com) 78

A month ahead of its final release, Fedora Project on Tuesday released Fedora 24 beta for users and enthusiasts to try. An anonymous reader writes: The workstation version -- the one most home users will target -- offers GNOME 3.20 preview as a desktop environment. The GNOME environment has improved leaps and bounds over the years, becoming one of the best UIs of any operating system. Wayland is available as preview, but not default. The display server protocol is still poised to replace X, but it will not yet be ready for Fedora 24. The team explains that it should be ready for 'future versions'. Whether that means version 25 is something that remains to be seen."We're pleased to announce that Fedora 24, the latest version of the Fedora operating system, is now available in beta. The Fedora Project is a global community that works together to lead the advancement of free and open source software. As part of the community's mission the project delivers three editions, each one a free, Linux-based operating system tailored to meet specific use cases: Fedora 24 Cloud Beta, Fedora 24 Server Beta, and Fedora 24 Workstation Beta," said Matthew Miller, Fedora Project Leader.
Businesses

Dropbox Cuts Several Employee Perks as Silicon Valley Startups Brace For Cold (businessinsider.com) 119

Not everything is working out at Dropbox, popular cloud storage and sharing service, last valued at $10 billion. Business Insider is reporting a major cost cutting at the San Francisco-based company. As part of it, the publication reports, Dropbox has cancelled its free shuttle in San Francisco, its gym washing service, pushed back dinner time by an hour and curtailed the number of guests to five per month (previously it was unlimited). These cuttings will directly impact Dropbox's profitability. According to a leaked memo, obtained by BI, employee perks alone cost the company at least $25,000 a year for each employee. (Dropbox has nearly 1,500 employees.) From the report: Dropbox isn't the only high-profile startup to unleash a company wide cost-cutting campaign lately. A number of unicorn startups, worth over $1 billion, including Evernote, Jawbone, and Tango, have all gone through some form of cost cuts, whether layoffs, office closures, or reduced employee perks. [...] A lot of this has to do with the slowing venture funding environment in Silicon Valley. Investors have become much more conservative with their money lately, and are losing patience for startups that have failed to generate returns after years of free spending. For Dropbox, the cost cuts may have less to do with the state of the VC market than with its own ambitions. Dropbox CEO Drew Houston has repeatedly said in the past that he doesn't need to raise capital in the private market anymore. Instead, Dropbox may want to show investors that its business is strong enough to IPO.
Music

Streaming Surpasses CD Sales At Warner Music (ft.com) 63

An anonymous reader writes: The times are a changin'. "Warner Music Group has become the first major record company to report that streaming has become its largest source of revenue, surpassing sales of physical formats such as CDs and vinyl," reports Financial Times. Last year, Warner's streaming revenue surpassed its sales for downloads. It goes to show just how much of an impact streaming services like Spotify and Apple Music are having on the music industry. Warner is the third-largest record company and has embraced streaming more quickly than the rest of the industry. "This rapid transformation is evidence of our ability to sign, develop and market artists that thrive in the streaming world," said Stephen Cooper, Warner's chief executive. The company reports that total recorded music revenue grew 10 percent to $610 million in the first three months of the year. Overall digital revenue increased 20 percent to $328 million, offsetting declines in physical formats like CDs.
Microsoft

Microsoft Sees Over 10 Million Cyberattacks Per Day On Its Online Infrastructure (softpedia.com) 63

An anonymous reader writes: Microsoft's user identity management systems, made up by Microsoft Account (formerly Live ID, for home users) and Azure Active Directory (for its cloud/corporate services), see over 13 billion user logins per day, with 1.3 billion for AAD. The company says that over 10 million (per day) of these login attempts are cyber-attacks, which the company is able to detect. This information comes via Microsoft's most recent Security Intelligence Report, which also reveals details about a new cyber-espionage group named Platinum and that hackers are still using the same vulnerability (CVE-2010-2568) even today, which was used in the Stuxnet attacks. According to Pew Research Center, there's an increasingly growing fear among Americans about cyberattacks. In fact, it's the second most feared entity to them, the first being ISIS.

Slashdot Top Deals