Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - UK home secretary peddling Security Snake Oil (bbc.co.uk)

Martin S. writes: Amanda Rudd the UK Home Secretary responsible for Policing is peddling security snake oil. Ignoring the big problem with information security is that is really is impossible to tell the difference between good security and bad security without an expert and we all know what the current crop of politicons they think of experts. https://www.schneier.com/crypt...

Submission + - Prominent Drupal and PHP dev kicked from the Drupal project over Gor beliefs (techcrunch.com)

An anonymous reader writes: Last week the Drupal community erupted in anger after its leader, Dries Buytaert, asked Larry Garfield, a prominent Drupal contributor and long-time member of the Drupal and PHP communities, “to leave the Drupal project.” Buytaert claims he did this "because it came to my attention that he holds views that are in opposition with the values of the Drupal project.". A huge furor has erupted in response — not least because the reason clearly has much to do with Garfield’s unconventional sex life. Buytaert made his post in response after Larry went public, outing himself to public opinion.

Comment Change the name to "Crash Supersonic"? (Score 3, Insightful) 122

"... marketing geniuses..."

Apparently a lot of technically-knowledgeable people don't have social ability. Boom Supersonic!!! "Boom" is what you hear when there is a crash.

There are many more like that. For example, Malwarebytes is software named after the problem it is supposed to cure. Doesn't anyone at BOOM have a mother?

Son: Mom, what do you think of the name BOOM for our company?

Mom: No, son, that's not a good name.

Son: Why not?

Mom: You're only 3 years old. You'll understand when you are 4.

Submission + - An Unexpected New Lung Function Has Been Found - They Make Blood (sciencealert.com) 1

schwit1 writes: Researchers have discovered that the lungs play a far more complex role in mammalian bodies than we thought, with new evidence revealing that they don't just facilitate respiration — they also play a key role in blood production.

In experiments involving mice, the team found that they produce more than 10 million platelets (tiny blood cells) per hour, equating to the majority of platelets in the animals' circulation. This goes against the decades-long assumption that bone marrow produces all of our blood components.

Researchers from the University of California, San Francisco also discovered a previously unknown pool of blood stem cells that makes this happen inside the lung tissue — cells that were incorrectly assumed to mainly reside in bone marrow.

"This finding definitely suggests a more sophisticated view of the lungs — that they're not just for respiration, but also a key partner in formation of crucial aspects of the blood," says one of the researchers, Mark R. Looney.

Submission + - Call for the security of the Electronic Voting Machine (EVM) to be tested

An anonymous reader writes: The IT minister of the Indian state of Karnataka has called for a hackathon for testing the electronic voting machines (EVMs) used in the recent elections in India.

In the elections in the Indian state of Uttar Pradesh, BJP, the party which is presently in power in the centre, won with a huge majority. Some from the opposition parties have argued that the EVMs may have been tampered with.

Narendra Modi, the present Prime Minister of India, was accused of using non-authoirzed EVMs in 2010 during the local elections in the state of Gujarat while he was a chief minister there. The EVMs were shown to be giving incorrect results.

In an earlier research done in 2010 by researchers from NetIndia, University of Michigan and a non-profit in Netherlands specializing in electronic voting related issues, the security of the electronic voting machines was found to be inadequate.

Submission + - Windows 10 forced upgrades spark legal action

AmiMoJo writes: Three people in Illinois have filed a lawsuit against Microsoft, claiming that its Windows 10 update destroyed their data and damaged their computers. The complaint, filed in Chicago's US District Court on Thursday, charges that Microsoft Windows 10 is a defective product and that its maker failed to provide adequate warning about the potential risks posed by Windows 10 installation – specifically system stability and data loss. The attorneys representing the trio are seeking to have the case certified as a class action that includes every person in the US who upgraded to Windows 10 from Windows 7 and suffered data loss or damage to software or hardware within 30 days of installation. They claim there are hundreds or thousands of affected individuals. Last June, a California woman won $10,000 after a Windows 10 update disabled her PC.

Submission + - Microsoft Posts 'No Boys Allowed' Signs at State of RI High School CS Event 4

theodp writes: "Girls and women are half of the world's population," Rhode Island Governor Gina Raimondo told hundreds of high school girls gathered behind doors with signs that read "[Microsoft] DigiGirlz: No Boys Allowed". "They are half of the world’s brains, problem-solvers, leaders. This world cannot solve problems unless they are at the table. That’s why I started programs like CS4RI, partnering with Microsoft and other leaders [including Microsoft-backed Code.org] to offer computer science in every Rhode Island school." Raimondo also noted she was dismayed to learn that only 12 of Rhode Island's 42 students who took the AP Computer Science test were girls (RI has 43,000+ enrolled HS students). The best way to make girls feel welcome in K-12 CS education, some influence-wielding tech giants, politicians, and educators seem to agree, is by making boys even more unwelcome via things like gender-based federal K-12 CS education funding; girls-only learn-to-code initiatives, STEM schools and summer computer camps; and gender-weighted teacher incentive programs from Google and tech-backed Code.org (Google and the U.S. Government even sought to exclude boys from programming White House Christmas tree lights in 2014).

Submission + - Why You Should Care About The Supreme Court Case On Toner Cartridges (consumerist.com)

rmdingler writes: A corporate squabble over printer toner cartridges doesn’t sound particularly glamorous, and the phrase “patent exhaustion” is probably already causing your eyes to glaze over. However, these otherwise boring topics are the crux of a Supreme Court case that will answer a question with far-reaching impact for all consumers: Can a company that sold you something use its patent on that product to control how you choose to use after you buy it?

Here’s the background: Lexmark makes printers. Printers need toner in order to print, and Lexmark also happens to sell toner.

Then there’s Impression Products, a third-party company makes and refills toner cartridges for use in printers, including Lexmark’s.

Submission + - EFF needs your help to stop Congress dismantling Internet privacy protections! (eff.org)

Peter Eckersley writes: Last year the FCC passed rules forbidding ISPs (both mobile and landline) from using your personal data without your consent for purposes other than providing you Internet access. In other words, the rules prevent ISPs from turning your browsing history into a revenue stream to sell to marketers and advertisers. Unfortunately, members of Congress are scheming to dismantle those protections as early as this week. If they succeed, ISPs would be free to resume selling users' browsing histories, pre-loading phones with spyware, and generally doing all sorts of creepy things to your traffic.

The good news is, we can stop them. We especially need folks in the key states of Alaska, Colorado, Maine, Montana, Nevada, Ohio, and Pennsylvania to call their senators this week and tell them not to kill the FCC's Broadband Privacy Rules.

Together, we can stop Congress from undermining these crucial privacy protections.

Submission + - How the Internet Gave Mail-Order Brides the Power (backchannel.com)

mirandakatz writes: For decades, the mail-order bride system in the Philippines went something like this: Western men picked Filipinas out of catalogues, and the women had little to no information about the men they were agreeing to marry. The internet has changed all of that. As Meredith Talusan reports at Backchannel, technology has empowered Filipinas to be choosy about the Western men they pursue—and indeed, when it comes to online dating, they now hold much of the power. As Talusan writes, "in one sense, the leveling of dating power between Filipinas and Westerners is the fulfillment of the global internet’s promise to equalize relations between disparate places and people. Yet even as Filipinas and Westerners face off as equals online, the world of dating exposes the ultimate limitations of the web."

Submission + - SPAM: New hobby of PVS-Studio team: fixing potential vulnerabilities in open source

Andrey_Karpov writes: The topic of vulnerabilities detected in various open source projects is extremely popular nowadays. The news about that can be found on different sites (example: Adobe fixes 8 Security Vulnerabilities in Adobe Flash Player & Shockwave Player). However, it is of no use to discuss these vulnerabilities (CVE) from a programmers' point of view. It is more important to prevent these vulnerabilities at the stage of writing the code, rather than worry that some leak was found again. Therefore, the Common Weakness Enumeration list (CWE) is of greater interest to the developers.

This list (CWE) presents systematized errors that may cause vulnerabilities. There are different factors that influence the fact, if an error turns into a vulnerability or not. In other words, a defect sometimes can be exploited, and sometimes not, depending on luck.

What is significant, is that by eliminating the errors, given in CWE, a programmer protects the code from a great number of potential vulnerabilities in advance. Static analyzers can be great assistants in this case.

PVS-Studio has always been able to detect a large number of various weaknesses (potential vulnerabilities) in the program code. However, historically, we positioned PVS-Studio as a tool to search for errors. As I've already said, there is a trend in the software development to look for vulnerabilities in the code, although it's just the same. We started rebranding of our tool. Common Weakness Enumeration (CWE) was the first thing we looked at and wrote an article where provided a draft of a table, presenting the comparison of PVS-Studio diagnostics and CWE. We also demonstrated a couple of potential vulnerabilities in Apache HTTP Server.

That was not the end. We got interested in fixing potential vulnerabilities in various projects. Moreover, we decided to compile these small actions on making the world a better place, into small weekly reports. The first one covered the defects in C# projects (CoreFX, MSBuild).

The second would be interesting for the community of C and C++ programmers. It is about errors in such projects as FreeBSD, GCC, Clang.

Some may say that nor every project requires testing for the potential vulnerabilities from the CWE point of view. I agree. But it's useful to find bugs and fix them in any case. Plus it demonstrates that PVS-Studio can be used to look for security issues.

Submission + - Critical Cisco Flaw Found Buried in Vault 7 Documents

Trailrunner7 writes: Hundreds of models of Cisco switches are vulnerable to a remote-code execution bug in the company’s IOS software that can be exploited with a simple Telnet command. The vulnerability was uncovered by company researchers in the CIA hacking tool dump known as Vault 7.

The bug is a critical one and an attacker who is able to exploit it would be able to get complete control of a target device. The flaw lies in the Cluster Management Protocol (CMP) that’s used in IOS, and Cisco said it’s caused by the incorrect processing of CMP-specific Telnet options, as well as accepting and processing these commands from any Telnet connection.

“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device,” the Cisco advisory says.

Submission + - Windows 10 will download some updates even over a metered connection

AmiMoJo writes: Until now Windows 10 has allowed users to avoid downloading updates over metered (pay-per-byte) connections, to avoid racking up huge bills. Some users were setting their ethernet/wifi connections as metered in order to prevent Windows 10 from downloading and installing updates without their permission. In its latest preview version of the OS, Microsoft is now forcing some updates necessary for "smooth operation" to download even on these connections. As well as irritating users who want to control when updates download and install, users of expensive pay-per-byte connections could face massive bills.

Slashdot Top Deals

The means-and-ends moralists, or non-doers, always end up on their ends without any means. -- Saul Alinsky

Working...