Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - New Linux Trojan Is All-Around Threat: DDoS Tool, Bitcoin Miner, Web Ransomware (softpedia.com)

An anonymous reader writes: A trojan that targeted Drupal sites on Linux servers last May that was incredibly simplistic and laughable in its attempt to install (and fail) web ransomware on compromised websites, has now received a major update and has become a top threat on the malware scene. That trojan, named Rex, has evolved in only three months into an all-around threat that can: (1) compromise servers and devices running platforms like Drupal, WordPress, Magento, Jetspeed, Exarid, AirOS; (2) install cryptocurrency mining in the background; (3) send spam; (4) use a complex P2P structure to manage its botnet; and (5) install a DDoS agent which crooks use to launch DDoS attacks.

Worse is that they use their DDoS capabilities to extort companies. The crooks send emails to server owners announcing them of 15-minute DDoS tests, as a forewarning of future attacks unless they pay a ransom. To scare victims, they pose as a known hacking group named Armada Collective. Other groups have used the same tactic, posing as Armada Collective, and extorting companies, according to CloudFlare.

Submission + - Is KDE Dying? 2

fwells writes: I have to confess that I've been a loyal KDE user and fan from day one. I've always felt that it was the more complete and integrated of the many Linux desktop environments and generally the most familiar to the broader user base. Thus having the most potential to win over new Linux converts. For whatever reason, that clearly hasn't happened. Nonetheless, lately I'm really starting to feel that KDE has become rather stale and stagnant. While the underling KDE technologies may (?or may not?) be advancing, as a user I just don't feel it the way I once did.

KDE-Look.org, once a fairly vibrant and active contributory site, has become a virtual ghost town. Perhaps the same might be said for its GNOME-look.org counterpart, which I honestly don't know since, as a KDE user, I rarely have the need visit GNOME anything. Perhaps that will change.

Various core KDE components and features are quite broken and have been so for some time. One simple and frustrating example is Recent Items (aka Application Launcher History), which works only on occasion with no clear rhyme or reason as to why. KDEPIM/KMail frankly seems targeted specifically at the poweruser, maintaining over many years its rather plain and arguably retro interface. The Konqueror web browser has been a virtual carcus for several years, yet it mysteriously remains an integral component. I honestly wonder if even a single KDE user uses it over any of the other popular browsers. The KDE theming engine seems disjoint and rather non-intuitive. The default Application Launcher and Task Manager widgets are also starting to feel quite old and stale as well.

Now, having said all that, I confess that I continue to use KDE exclusively and have no major functional issues with it. It does serve my needs from a practical perspective. But I can't help but feel like I do when I'm cruising accross town in my 12 year old Chevy truck, feature rich for its time, which I keep for similarly practical reasons. Solid and reliable, but definitely starting to fade and certainly lacking some modern creature comforts.

I do recognize that Desktop development has largely been sidelined by the more sexy and lucrative mobile platform development. However, the Desktop is certainly here to stay for the foreseeable future and users really are paying attention to its evolution — as seemingly evidenced by the gleeful adoption of Windows 10, which arguably has quite an impressively polished user interface (finally). And I say that as a religiously staunch and loyal opponent to virtualy anything coming out of Redmond (rationality notwithstanding).

I've thought for many years that what the Linux desktop (and for that matter open source in general) fundamentally lacks is basic curb appeal. Developers must be willing to accept that the larger user community actually does prefer form over function and then develop accordingly. We're drawn to what looks and smells good. Substance is secondary as unfortunate as that may seem. Ignoring this, however technically principled, I feel has innevitably led to the questionable demise I'm rasing here.

So, back to my opening question... Is KDE Dying? Has innovation and development evaporated in a development world dominated by the mobile device? And, if so, can it be reinvogorated? Will the pendulum ever swing back? Can it? Should it?

Submission + - Recording Industry: Copyright Terms At Life+50, instead of Life+70 is too costly (techdirt.com)

schwit1 writes: Okay. I've heard lots of crazy arguments from the record labels, but I may have found the craziest. We've discussed how ridiculous it is that the TPP includes a provision saying that every country that signs on must make sure the minimum copyright term is life plus 70 years. This will impact many of the countries that negotiated the agreement, which currently have terms set at life plus 50. This was a key point that the recording industry and Hollywood fought hard for. When even the Copyright Office recognizes that life plus 70 is too long in many cases, the legacy industries recognized that getting copyright term extension through Congress in the US might be difficult — so why not lock stuff in via international agreements?

And, of course, the USTR was fine with this, because the USTR goes along with basically everything that Hollywood asks for. But here's the crazy part: having gotten such a ridiculous thing, the recording industry is whining about its own victory. As Kimberlee Weatherall points out, the recording industry in New Zealand is bitching about the fact that the change doesn't go into effect immediately because it's "too costly" for copyright holders.

That's because the TPP has a "phase-in period" that allows countries to adjust and gradually move copyright terms upwards. But the record labels are having none of that:

Meeting before a parliamentary committee this week, Recorded Music chief executive Damian Vaughan said his advocacy group supports an article in the TPP deal that standardizes the terms of protection of a work to the life of an author plus 70 years. (New Zealand is one of several participating nations that currently has a term of 50 years after death.) However, Vaughan thinks a proposed phase-in period for nations upgrading to 70 years is unnecessary and a costly burden for rights holders.

"It's not making copyright simple or easy to understand to the music user or the public whatsoever," he said, according to RadioNZ. "It is making the process significantly more complicated, and it's the rights organizations and the copyright holders who will be forced to administer this We note the cost we incur will be far higher than any perceived cost savings."


Submission + - US army blames lost computer files for part of accounting nightmare (reuters.com)

Bruce66423 writes: "DFAS also could not make accurate year-end Army financial statements because more than 16,000 financial data files had vanished from its computer system. Faulty computer programming and employees’ inability to detect the flaw were at fault, the IG said."

Overall the report indicates that the army's accounts are massively fudged, and has been for years. The question is: Why has the executive branch failed to address the issue, and why hasn't congress ensured compliance with basic standards of behaviour. Meanwhile blaming the loss of computer files is the resort of the IT incompetent.

Submission + - Fedora 25 To Replace X.Org Server With Wayland (phoronix.com)

An anonymous reader writes: Fedora 25 will finally be the first release for this Linux distribution — and the first tier-one desktop Linux OS at large — that is going ahead and using Wayland by default. Wayland has been talked about for years as a replacement to the xorg-server and finally with the upcoming Fedora 25 release this is expected to become a reality. The X.Org Server will still be present on Fedora systems for those running into driver problems or other common issues.

Submission + - Computer Science Professor Gives Failing Grade to Newly Leaked NSA Hacking Tool (softpedia.com)

An anonymous reader writes: Stephen Checkoway, an Assistant Professor at the Department of Computer Science at the University of Illinois at Chicago, has analyzed some of the exploit code included in the recent Equation Group leak, and his verdict is "not impressed." The professor, who teaches Software Vulnerability Analysis and Advanced Computer Security at the University of Illinois, Chicago, gripes about the cryptography operations employed in the code of an exploit called BANANAGLEE, used against Fortinet firewalls. Some of his criticism include the words "ridiculous", "very bad", "crazy" and "boring memory leaks".

"I would expect relatively bug-free code. And I would expect minimal cryptographic competence. None of those were true of the code I examined which was quite surprising," the professor told Softpedia in an email.

Submission + - Oracle Is Funding A New Anti-Google Group (fortune.com)

An anonymous reader writes: Oracle says it is funding a new non-profit called "Campaign for Accountability," which consists of a campaign called "The Google Transparency Project" that claims to expose criminal behavior carried out by Google. "Oracle is absolutely a contributor (one of many) to the Transparency Project. This is important information for the public to know. It is 100 percent public records and accurate," said Ken Glueck, Senior Vice President of Oracle. Fortune reports: "Oracle's hidden hand is not a huge surprise since the company has a history of sneaky PR tactics, and is still embroiled in a bitter intellectual property lawsuit with Google." One would think Microsoft may be another contributor, but the company said it is not. Daniel Stevens, the deputy director of the CfA, declined to name the group's other donors, or to explain why it does not disclose its funders.

Submission + - Google Will Kill Chrome Apps For Windows, Mac, And Linux In Early 2018

An anonymous reader writes: Google today announced plans to kill off Chrome apps for Windows, Mac, and Linux in early 2018. Chrome extensions and themes will not be affected, while Chrome apps will continue to live on in Chrome OS. Here’s the deprecation timeline:
Late 2016: Newly published Chrome apps will not be available to Windows, Mac, and Linux users (when developers submit apps to the Chrome Web Store, they will only show up for Chrome OS). Existing Chrome apps will remain available as they are today and developers can continue to update them.
Second half of 2017: The Chrome Web Store will no longer show Chrome apps on Windows, Mac, and Linux.
Early 2018: Chrome apps will not load on Windows, Mac, and Linux.

Submission + - Sourceforge Hijacks the Nmap Sourceforge Account (seclists.org) 2

vivaoporto writes: Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites insecure.org, nmap.org, seclists.org, and sectools.org) warns on the nmap development mailing list that the Sourceforge Nmap account was hijacked from him.

According to him the old Nmap project page (located at http://sourceforge.net/projects/nmap/, screenshot) was changed to a blank page and its contents were moved to a new page (http://sourceforge.net/projects/nmap.mirror/, screenshot) which controlled by sf-editor1 and sf-editor3, in pattern mirroring the much discussed the takeover of GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week Slashdot.

That happens after Sourceforge promises to stop "presenting third party offers for unmaintained SourceForge projects. At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."

To their credit Fyodor states that "So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) and we haven't caught them trojaning Nmap the way they did with GIMP" but reiterates "that you should only download Nmap from our official SSL Nmap site: https://nmap.org/download.html"

Submission + - SF Says AdWare Bundled with Gimp Is Intentional (google.com) 5

tresf writes: In response to a Google+ post from the Gimp project claiming that "[Sourceforge] is now distributing an ads-enabled installer of GIMP", Sourceforge had this response:

In cases where a project is no longer actively being maintained, SourceForge has in some cases established a mirror of releases that are hosted elsewhere. This was done for GIMP-Win.

Editor's note: Gimp is actively being maintained and the definition of "mirror" is quite misleading here as a modified binary is no longer a verbatim copy. Download statistics for Gimp on Windows show SourceForge as offering over 1,000 downloads per day of the Gimp software. In an official response to this incident, the official Gimp project team reminds users to use official download methods. Slashdotters may remember the last time news like this surfaced (2013) when the Gimp team decided to move downloads from SourceForge to their own FTP service.

Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page.

Note: SourceForge and Slashdot share a corporate parent.

Submission + - Toronto PET Users Group stages flash mob at Starbucks

psychonaut writes: In the fall of 2014, PET-wielding members of the Toronto PET Users Group descended en masse upon a local Starbucks to share their love of old-school Commodores with today's tablet- and smartphone-using public. This was the club's second such flash mob (the first, in 2013, commemorated the 30-year anniversary of the Commodore SX-64 "luggable" computer) and this time Starbucks itself sent a film crew. The result was T.P.U.G., a short promo documentary which the company released in October. The film shows the club, once the world's largest and now the world's oldest user group, still going strong after nearly 37 years in operation.

Comment News: Tony Abbott evolved a punchable face (Score 1) 190

OLDUVAI GORGE, Warringah, Monday (NTN) — A new theory suggests that Tony Abbott's ancestors evolved remarkably punchable facial features, accounting for people's deep desire to do so today.

The bones most commonly broken in prehistoric Liberal Party punch-ups gained the most strength in early "conservative" evolution. They are also the bones that show most divergence between Liberals and Nationals.

The paper, in the journal Guardian Australia, argues that the reinforcements evolved amid fighting over females and resources, in which communication by kicking each other's heads drove key policy changes.

Fossil records show that Australopithecus menzieii had strikingly robust facial structures. This was long seen as an adaptation to a tough diet including nuts, seeds and Malcom Turnbull's balls. But more recent findings suggest that violent intra-party competition was the cause: the "protective buttressing hypothesis".

Interestingly, the evolutionary descendants of Australopithecus — including more left-leaning humans — have displayed less and less facial buttressing. "Human arms and upper bodies are not nearly as strong as those found in Liberal Party members," said the author, Prof David Carrier, dusting off his gloves.

Studies from Canberra emergency wards show that faces are particularly vulnerable to violent injuries, many self-inflicted from being banged against desks when Coalition policy proposals reach the news.

"The historical record goes back a short time, but anatomy holds clues as to what selection was important, what behaviours were important; and so it gives us important information about what caveman notion Mr Abbott is going to come out with next."

Photo: Tony Abbott actually getting punched in the face. What a happy-making photograph this is.

Slashdot Top Deals

This is a good time to punt work.

Working...