Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Google Identified Major Kernel Vulnerability In Apple's OS And iOS Systems (thestack.com)

An anonymous reader writes: In June Google’s Project Zero team identified a devastatingly effective exploit in Apple’s XNU kernel, and was able to develop perfect privilege escalation attacks by targeting a task port process thread called 'owningTask'. Project Zero member Ian Beer became dubious about the name of the task: 'OwningTask implies an ownership relationship which might lead kernel extension developers to believe that behind the scenes IOKit is actually maintaining an ownership relationship which will ensure that the lifetime of this userclient will always be dominated by the lifetime of the owningTask. This is a dangerous assumption.' Project Zero apprised Apple of the vulnerability at the beginning of June, and initially refused Apple's request for sixty days' grace, but eventually settled on September 21st for disclosure. But when Apple's last-minute September fix turned out to be ineffective, Project Zero agreed to keep quiet, eventually granting Apple nearly five months of silence about the task_t bug — which has now been fixed in the latest updates to Mac OS and iOS.

Submission + - SPAM: 40 bugs found in the FreeBSD kernel with the help of PVS-Studio analyzer

Andrey_Karpov writes: Svyatoslav Razmyslov from PVS-Studio Team published an article on the check of the FreeBSD kernel. PVS-Studio developers are known for analyzing various projects to show the abilities of their product, and do some advertisement, of course. Perhaps, this is one of the most acceptable and useful ways of promoting a proprietary application. They have already checked more than 200 projects and detected 9355 bugs. At least that's the number of bugs in the error base of their company.

So now it was FreeBSD kernel's turn. The source code was taken from GitHub 'master' branch. Svyatoslav states that PVS-Studio detected more than 1000 suspicious code fragments that are most likely bugs or inaccurate code. He described 40 of them in the article. The list of warnings was given to the FreeBSD developer team and they have already started editing the code.

A couple of words for programmers who are still not familiar with PVS-Studio. PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++ and C#. It performs static code analysis and generates a report that helps a programmer find and fix the errors in the code. You can see a more detailed description of the tool on the company website and download a trial version.
The Internet

Submission + - BitTorrent Creator Demos Live P2P Streaming

Dave writes: BitTorrent creator Bram Cohen is now focused on developing a new P2P live streaming protocol that would be superior to all other streaming solutions currently on the market. Cohen demonstrated the unfinished technology this week, but he has yet to release any solid technical details. He did say, however, that the technology should be revealed this summer. Although P2P live streaming has been done before, Cohen thinks that his implementation will set itself apart from competitors in terms of both efficiency and low latency.

Submission + - The Proton Just got smaller (nature.com) 1

inflame writes: A new paper published in Nature has said that the proton may be smaller than we previously thought. The article states 'The difference is so infinitesimal that it might defy belief that anyone, even physicists, would care. But the new measurements could mean that there is a gap in existing theories of quantum mechanics. "It's a very serious discrepancy," says Ingo Sick, a physicist at the University of Basel in Switzerland, who has tried to reconcile the finding with four decades of previous measurements. "There is really something seriously wrong someplace."'

Would this indicate new physics if proven?


OpenSSH 5.4 Released 127

HipToday writes "As posted on the OpenBSD Journal, OpenSSH 5.4 has been released: 'Some highlights of this release are the disabling of protocol 1 by default, certificate authentication, a new "netcat mode," many changes on the sftp front (both client and server) and a collection of assorted bugfixes. The new release can already be found on a large number of mirrors and of course on www.openssh.com.'"

Submission + - Harvard: Computers Don't Save Hospitals Money (computerworld.com)

Lucas123 writes: Researchers at Harvard Medical School pored over survey data from more than 4,000 "wired" hospitals and determined that computerization of those facilities not only didn't save them a dime, but the technology didn't improve administrative efficiency. The study also showed most of the IT systems were aimed improving efficiency for hospital management not doctors, nurses and medical technicians. "For 45 years or so, people have been claiming computers are going to save vast amounts of money and that the payoff was just around the corner. So the first thing we need to do is stop claiming things there's no evidence for. It's based on vaporware and [hasn't been] shown to exist or shown to be true," said Dr. David Himmelstein, the study's lead author.

Submission + - Obama wins Nobel Peace Prize (reuters.com) 3

AbbeyRoad writes: "OSLO (Reuters) — U.S. President Barack Obama won the Nobel Peace Prize on Friday for giving the world "hope for a better future" and striving for nuclear disarmament. ... The Norwegian Nobel Committee praised Obama for "his extraordinary efforts to strengthen international diplomacy and cooperation between peoples.""

Submission + - Jake looking for developers (jakeapp.com)

buchner.johannes writes: "Jake is the new kid on the block for team collaboration. Developed by students in Vienna, this serverless, open-source, cross-platform versioning tool is aimed for non-developers. What makes Jake unique is that the communication is done over XMPP, and that the look-and-feel is very native (unlike most Java apps).
We turn to Slashdot as we look for developers interested in picking up the work, forking it, contributing or reusing concepts in other projects. Slashdot already discussed the need for a painless, easy-to-use tool once. About Jake shows a small comparison to other tools."


Journal Journal: Jake looking for developers

Jake is the new kid on the block for team collaboration. Developed by students in Vienna, this serverless, open-source, cross-platform versioning tool is aimed for non-developers. What makes Jake unique is that the communication is done over XMPP, and that the look-and-feel is very native (unlike most Java apps).
We turn to Slashdot as we look for developers interested in picking up the work, forking it, cont

Submission + - 24h Open Source Coding Marathon Hackontest started (hackontest.org) 1

maemst writes: "Can you code 24 hours non-stop? Hackontest is a new Google-sponsored 24-hour programming competition between different open source projects. Its goals are to enhance Free Software projects according to user needs and to make visible how enthusiastically open source software is being developed. During the current online selection process users and developers of open source software may submit feature requests and rate and comment them. On Swiss national holiday August 1st, 2008 the Hackontest jury will pick the three most promising teams. They receive a free trip to Switzerland on September 24/25, 2008 to participate in the competition located at OpenExpo 2008 Zurich. Hacking 24 hours inside an etoy.CONTAINER, the teams and their virtually present communities will implement certain features based on the online ratings and jury selection. In the end, the Hackontest jury evaluates the code and awards the winners with a total of USD 8500. The jury is made up of 10 renowned open source contributors: Jeremy Alison (Samba), Jono Bacon (Ubuntu), Brian W. Fitzpatrick (Subversion), Martin F. Krafft (Debian), Alexander Limi (Plone), Federico Mena-Quintero (GNOME), Bram Moolenaar (vim), Bruce Perens (OSI founder), Lukas K. Smith (PHP) and Harald Welte (gpl-violations.org)."

Submission + - What The Best Applications For Cellphones?

An anonymous reader writes: CNET.co.uk has recently listed what it thinks are the best applications for cellphones, naming six apps including Google Maps, Shozu and Opera Mini — "Opera Mini is a brilliant free-to-download mobile Internet browser that lets you surf the Web in a similar way to your PC's browser, using a few sneaky tricks to overcome your phone's hardware limitations. Instead of cramming a full-sized page on to your little screen, it cleverly presents an overview of a page and you can easily zoom in and out." What do you think are the best apps for cellphones and are there any that you can't live without?
Data Storage

The Many Paths To Data Corruption 121

Runnin'Scared writes "Linux guru Alan Cox has a writeup on KernelTrap in which he talks about all the possible ways for data to get corrupted when being written to or read from a hard disk drive. This includes much of the information applicable to all operating systems. He prefaces his comments noting that the details are entirely device specific, then dives right into a fascinating and somewhat disturbing path tracing data from the drive, through the cable, into the bus, main memory and CPU cache. He also discusses the transfer of data via TCP and cautions, 'unfortunately lots of high performance people use checksum offload which removes much of the end to end protection and leads to problems with iffy cards and the like. This is well studied and known to be very problematic but in the market speed sells not correctness.'"

Submission + - Theo de Raadt on Relicensing BSD Code (kerneltrap.org)

iBSD writes: KernelTrap has an interesting article in which Theo de Raadt discusses the legal implications of the recent relicensing of OpenBSD's BSD licensed Atheros driver under the GPL. De Raadt says, 'it has been like pulling teeth since (most) Linux wireless guys and the SFLC do not wish to admit fault. I think that the Linux wireless guys should really think hard about this problem, how they look, and the legal risks they place upon the future of their source code bodies.' He stressed that the theory that BSD code can simply be relicensed to the GPL without making significant changes to the code is false, adding, 'in their zeal to get the code under their own license, some of these Linux wireless developers have broken copyright law repeatedly. But to even get to the point where they broke copyright law, they had to bypass a whole series of ethical considerations too.'

Slashdot Top Deals

"Well I don't see why I have to make one man miserable when I can make so many men happy." -- Ellyn Mustard, about marriage