Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - "Most serious" Linux privilege-escalation bug ever is under active exploit (

operator_error writes: Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.

By Dan Goodin — 10/20/2016

A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time."

The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."

Submission + - Bitcoin 'miners' face fight for survival as new supply halves (

SpzToid writes: On Saturday, the reward for miners will be slashed in half. Written into bitcoin's code when it was invented in 2008 was a rule dictating that the prize would be halved every four years, in a step designed to keep a lid on bitcoin inflation.

From around 1700 GMT on Saturday, instead of 25 bitcoins up for grabs globally every 10 minutes, worth around $16,000 at the current rate BTC=BTSP, there will be just 12.5.

That means only the mining companies with the leanest operations will survive the ensuing profit hit.

"The most important thing is to be the most efficient miner," said Streng, the 26-year-old co-founder of German firm Genesis Mining, which has "mining farms" in Canada, the United States and eastern Europe, as well as in Iceland. "When the others drop out, that means that they leave the market and give you a bigger share of the pie."

Comment Re:Dutch Motorcycle Gangs (Score 3, Informative) 77

Actually Dutch motorcycle gangs aren't funny, or even very nice:

The Hells Angels control much of the drug trade in the Netherlands, and are also involved in prostitution.[6] The Dutch police have stated that the Hells Angels smuggle cocaine into the country through terrorist organizations and drug cartels in Curaçao and Colombia, and also deal in ecstasy and illegal firearms.[175]

In October 2005, the Dutch police raided Hells Angels' clubhouses in Amsterdam, Haarlem, IJmuiden, Harlingen, Kampen and Rotterdam as well as a number of houses. Belgian police also raided two locations over the border. Police seized a grenade launcher, a flame thrower, hand grenades, 20 hand guns, a machine pistol and €70,000 (US$103,285) in cash. A number of Hells Angels members were later imprisoned on charges of international trafficking of cocaine and ecstasy, the production and distribution of marijuana, money laundering and murder, after an investigation that lasted over a year.[176]

In 2006 two Dutch newspapers reported that the Amsterdam brothel Yab Yum had long been controlled by the Dutch Hells Angels, who had taken over after a campaign of threats and blackmailing.[177] The city council of Amsterdam revoked the license of Yab Yum in December 2007. During a subsequent trial the city's attorney repeated these allegations and the brothel's attorney denied them.[178] The brothel was closed in January 2008.[179]

Submission + - Many password strength meters are downright weak, researchers say (

alphadogg writes: Website password strength meters often tell you only what you want to hear rather than what you need to hear. That’s the finding from researchers at Concordia University in Montreal, who examined the usefulness of those ubiquitous red-yellow-green password strength testers on websites run by big names such as Google, Yahoo, Twitter and Microsoft/Skype. The researchers used algorithms to send millions of “not-so-good” passwords through these meters, as well as through the meters of password management services such as LastPass and 1Password, and were largely underwhelmed by what they termed wildly inconsistent results.

Submission + - Win or lose, discrimination suit is having an effect on Silicon Valley (

SpzToid writes: "Even before there's a verdict in this case, and regardless of what the verdict is, people in Silicon Valley are now talking," said Kelly Dermody, managing partner at Lieff Cabraser Heimann & Bernstein, who chairs the San Francisco law firm's employment practice group.

"People are second-guessing and questioning whether there are exclusionary practices [and] everyday subtle acts of exclusion that collectively limit women's ability to succeed or even to compete for the best opportunities. And that's an incredibly positive impact."

Women in tech have long complained about an uneven playing field — lower pay for equal work, being passed over for promotions and a hostile "brogrammer" culture — and have waited for a catalyst to finally overhaul the status quo.

This trial — pitting a disgruntled, multimillionaire former junior partner against a powerful Menlo Park, Calif., venture capital firm — was far from the open-and-shut case that many women had hoped for.

More gender discrimination suits against big tech firms are expected to follow; some already have, including lawsuits against Facebook Inc. and Twitter Inc.

Submission + - LightEater malware attack places millions of unpatched BIOSes at risk (

Mark Wilson writes: Two minutes is all it takes to completely destroy a computer. In a presentation entitled "How many million BIOSes would you like to infect?" at security conference CanSecWest, security researchers Corey Kallenberg and Xeno Kovah revealed that even an unskilled person could use an implant called LightEater to infect a vulnerable system in mere moments.

The attack could be used to render a computer unusable, but it could also be used to steal passwords and intercept encrypted data. The problem affects motherboards from companies including Gigabyte, Acer, MSI, HP and Asus. It is exacerbated by manufactures reusing code across multiple UEFI BIOSes and places home users, businesses and governments at risk.

Submission + - Arkansas is Now the First State to Require That High Schools Teach Coding (

SternisheFan writes: Arkansas will be implementing a new law that requires public high schools to offer classes in computer science starting in the 2015-16 school year. Arkansas Gov. Asa Hutchinson, who signed the bill, believes it will provide “a workforce that’s sure to attract businesses and jobs” to the state.

$5 million of the governor’s proposed budget will go towards this new program. For the districts incapable of of administering these classes due to lack of space or qualified teachers, the law has provisions for online courses to be offered through Virtual Arkansas.

Although students will not be required to take computer science classes, the governor’s goal is to give students the opportunity if they “want to take it”.

Presently, only one in 10 schools nationwide offer computer science classes. Not only will Arkansas teach these classes in every public high school and charter school serving upper grades, the courses will count towards the state’s math graduation requirement as a further incentive for students .

Training programs for teacher preparation will be available, but with the majority of the infrastructure already primed, the execution of this new law should hopefully be painless and seamless.

Submission + - A software project full of 'male anatomy' jokes is going crazy right now (

An anonymous reader writes: There's no question that the tech world is an overwhelmingly male place. There's legit concern that tech is run-amok with "brogrammers" that make women programmers feel unwelcome. On the other hand, people just want to laugh.

It's at that intersection that programmer Randy Hunt, aka "letsgetrandy" posted a "project" earlier this week to software hosting site GitHub called "DICSS."The project, which is actual free and open source software, is surrounded by geeky jokes about the male anatomy. And it's gone nuts, so to speak, becoming the most trending project on Github, and the subject of a lot of chatter on Twitter. And, Hunt tells us, the folks at Github are scratching their heads wondering what they should do about it.

Some people love DICSS (and, we have to admit, some of the jokes did make us snicker) ... and some people are, understandably, offended.
The offended people point out that this is exactly the sort of thing that makes tech unwelcoming to women, and not just because of the original project, but because of some of the comments (posted as "commits") that might take the joke too far. (And, we have to admit, the tech world really doesn't need another thing that encourages sexism. A lot of male programmers are just as sick of that as women are.)

Whats Slashdot's opinion? Harmless fun? Sexism run rampant?

Submission + - Germany Succeeded with Massive Power Drops/Surges with its Solar Grid Today (

SpzToid writes: Electrical grids in Europe succeeded in managing the unprecedented disruption to solar power from Friday's 2-1/2-hour eclipse that brought sudden, massive drops in supply.

Germany, Europe's leading economy and boasting the world's biggest solar-powered installations, was at the heart of the event.

"Good preparations paid off, we were able to handle all swings in production," said Ulrike Hoerchens, spokeswoman for one of the four high-voltage grid firms, TenneT, which operates in the region with the highest share of photovoltaic units.

Solar power output has expanded sharply to 38.2 gigawatts (GW) since the region's last notable eclipse in 2003, so the country — which borders nine nations — needed to prove its power market and network handling centres could function under extraordinary conditions.

German solar output right before the eclipse totalled 21.7 GW, then dropped to a low point of 6.2 GW, followed by an addition of 15 GW again within the following hour, TenneT said.

The speed of feed-in was treble the normal maximum, which could have caused disruptions.

Comment Not doing well in The Netherlands either (Score 5, Informative) 366

The Netherlands regulates taxis in order to maintain various standards of safety and fair competition. But Uber is an app that doesn't play by the rules. So they've been busted, several times.

Initially the drivers received warnings.

Then the fines started to increase, which Uber Corp. seems happy to pay. In January the penalties were 10,000 euros, and unlicensed drivers risk a criminal record:
(in Dutch)
(English, machine translation)

Did that stop Uber, even when they were warned the next time, and subsequent violations would become 100,000 euros. No way!
(in Dutch)
(English, machine translation)

Uber defends itself by saying that innovation is faster than legislation. Uber says The Taxi Act of 2000, is outdated, and just keeps on truckin'

Submission + - Exciting developments in artificial photosynthesis.

mjgday writes: Researchers at both Caltech and Yale have had breakthroughs in the complex details of making artificial photosynthesis work.

Caltech have found that plating the photo-cathode and photo-anode with Nickel Oxide can greatly improve their longevity.

and Yale meanwhile have discovered an iridium catalyst which help with water oxidation.

Maybe we won't need to give up on liquid fuels after all.

Comment I like dreamhost (Score 2, Interesting) 295

Gotta agree with Dreamhost first and foremost as a domain registrar. If you search back past Slashdots, you'll see folks have chimed in to say how simply searching and pricing your desirable domain name at a lot of registrars, effectively and immediately places your desirable domain name on other people's (or the registrar's) radar. In other words, it is not kept private for you, and if you delay much at all, you'll probably see someone else (like the registrar themselves) might very well snatch it up, so you'll at least have to pay more. I can vouch this doesn't happen with Dreamhost (I've tested it myself, along with the other registrars folks had mentioned, and saw those results too). Domain name searches at Dreamhost remain private. GoDaddy was one of the abusing registrars I am referring to, if I recall correctly. I've had assets on Dreamhost now for 10 years, this coming summer.

Also, if your website needs are as simple as you have written of, then dreamhost is an absolutely fine host. Their customer service is very good, prompt, and helpful too. A very good deal for the price, if your website needs are so simple.

That being said, I can tell you the cheapest level at Dreamhost is not suitable for a heavy CMS like Drupal. If you are running something like Drupal, then you should really buy the whole VPS. Dreamhost has invested heavily in their VPS options in the years since I was seriously trying to get Drupal to work over there, but I find and VPS options to be very good for the task. Also, just so you know, my recommendation for Linode and Digital ocean is based on my own rather heavy server installations and configurations.

Finally, domain names are like wo/men. All the desirable ones are already taken.

Submission + - Microsoft Blacklists Fake Finnish Certificate

jones_supa writes: Microsoft has issued a warning that a fraudulent SSL digital certificate has been issued in the name of a Finnish version of its Windows Live service. Although the company says it has revoked the certificate, security experts warn that older software may continue to "trust" the known bad certificate for months or even years, and that attackers could use it to trick users into running malware. "Microsoft is aware of an improperly issued SSL certificate for the domain '' that could be used in attempts to spoof content, perform phishing attacks or perform man-in-the-middle attacks," Microsoft says in a March 16 security alert. "It cannot be used to issue other certificates, impersonate other domains or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue."

Comment Re:The State Run Media did not report this (Score 1) 334

Because if there was, you'd already know all about this matter if you were paying any attention at all to The Fair & Balanced Network(tm) Fox News, instead of these here slashdots. Just trust me on this, okay? Here, let me help you:

Unless somehow, amazingly, Slashdot managed to scoop the very motivated Fox News, of course. I doubt it.

Slashdot Top Deals

The end of labor is to gain leisure.