Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Are You Vulnerable to Shellshock? (

halls-of-valhalla writes: Remember Heartbleed a while back this year and all the hype that was made over it? Well this new vulnerability, dubbed "Shellshock" may just be even worse. Stephane Chazelas, a security research from Akamai, uncovered a massive flaw in the Unix Bash shell, leaving Linux machines, OS X machines, routers, older IoT devices, and more open to devastating attacks.

Bash is a Unix shell written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell (sh). Most Unix-based operating systems today use bash as the default shell including Linux and Mac OS X, and additionally bash has been ported to many other systems including Windows (with software such as Cygwin) and Android. The fact that bash is so widely used means that this is an extremely significant vulnerability.

This new Shellshock vulnerability potentially allows attackers to execute arbitrary shell commands on your machine. But the even scarier thing about this vulnerability is that it's extremely old, meaning that it could have potentially been exploited for years now (and may have even been exploited without having been revealed). Since the vulnerability is so old, it's quite widespread, which means that it will likely still be seen unpatched in many systems for quite some time.

For more info about checking if you're vulnerable and patching your system, continue here: Are You Shellshocked?

Submission + - From PHP 5 to 7 (

halls-of-valhalla writes: Since around 2005 we've heard talk about PHP 6 development. There have even been books sold about it. But where is PHP 6? As of July of this year it was decided that there won't be one and that PHP will skip directly to PHP 7. Why is it skipping to the next major version, and what ever happened with PHP 6?

In 2005, work began on a project headed by Andrei Zmievski to bring native Unicode support to PHP by embedding the International Components for Unicode (ICU) library and internally representing strings as UTF-16. Because this project would lead to major internal and user-affecting changes, it was planned to be the next major PHP version (i.e. PHP 6) along with a few other features.

By using UTF-16 as default encoding, developers would need to convert the code and all input (e.g. data from requests, database, etc.) from one encoding to UTF-16 and back again. This conversion takes a lot of CPU time, memory (to store the much larger strings), and creates a higher complexity in the implementation due to the increased need to detect the proper encoding for the situation. In light of all of this and the relatively small gain, many contributors became unwilling to use "trunk" as their main development branch and instead either using the stable 5.2/5.3 branches or refusing to do development at all. This shortage of developers led to delays in the project.

After a vote in July of 2014, it was officially decided that the next major release would be called PHP 7. The primary reason for even considering the name is the widely-known existence of the previous failed attempt of a new major release, and the existence of numerous books and other resources which already referred to the previous PHP 6. To address potential confusion, there was an RFC (i.e. request for comments) and a vote on whether or not to reuse this name.

In the end it was decided to release PHP 7 as the next major version, arguing that the worst case scenario is that they needlessly skipped a version as opposed to the worst case of releasing it as PHP 6 which is widespread confusion in the community.

Read the full story here: Valhalla News — From PHP 5 to 7

Submission + - The German BSI Security Blunder (

halls-of-valhalla writes: The German BSI (Bundesamt für Sicherheit in der Informationstechnik, translated as Federal Office for Information Security) just discovered that 16 million email accounts have been stolen. The cyber criminals responsible are using many of these hacked accounts to send spam and obtain access to other connected accounts on sites such as Facebook.

What the BSI have done is to provide a site where users can enter their email address, and the BSI will check their database and send you an email to indicate whether or not your account was amongst the hacked accounts. The online test, is a relatively simple-looking website with a single input field for entering your email address. A hacker could simply register "" (note the hyphen between sicherheitstest and bsi), and setup an identical site to collect email addresses. Upon receiving an email address, the hacker can send an email to this user stating that their account has indeed been hacked, and then provide a link where the user can change their password by entering the old and new passwords, with which the hacker can additionally collect the user's password.

Submission + - RoboEarth Released, but is it Safe? (

halls-of-valhalla writes: After four years of European Union-funded work, scientist of the Dutch University of Eindhoven released today their project dubbed "RoboEarth", the first Internet designed specifically for robots. RoboEarth is a cloud based database which serves as knowledge base and allows connected robots to communicate with and to learn from each other. RoboEarth was presented to the public by four robots which worked collaboratively together to help patients in a hospital in a simulated enviroment. They can see maps that were created by other robots to self-navigate in an unknown environment. However, the information exchange goes much deeper; as soon as a robot learns a new object or a new task other robots that are connected to RoboEarth can view this information and learn from it without any further programming.

However such advancements, while full of great potential, always come with great risk. To the typical techie, the first thought that probably comes to mind is "Skynet". There is a great fear that when all robots are able to learn and grow independently of humans, and additionally when they can communicate from all across the world, they will become dominant. Therefore, this network would need to be very closely observed. It should become very limited in its capabilities, and have restrictions to what type of information can be shared in order to ensure any degree of security in this regard.

In addition to the "robot uprising" topic, there are more present-day security issues to address with this type of advancement as well. There will need to be heavy safeguards to prevent hackers from corrupting and stealing information contained within this network. If, for example, a cyber terrorist were to 'spoof' the knowledge of a newly-learned task regarding the preparation of food for household robots, and they were to include the instruction that potassium cyanide should be included as an ingredient, there would be quite a problem if all robots were to accept these instructions. In addition to that, this network could potentially contain extensive information about the day-to-day happenings within every household across the world, which would be extremely tempting for groups such as the NSA.

RoboEarth is still an excellent idea and has a lot of potential. Finding a way for robots to learn independently is the natural course of events, and it will assuredly continue. For more information about how RoboEarth works, see their website,

Submission + - Google Buys Nest Labs for $3.2 Billion (

halls-of-valhalla writes: Google has announced plans to buy Nest Labs, a manufacturer of thermostats and smoke detectors founded in 2010 by former Apple engineers, Tony Fadell and Matt Rogers, for 3.2 billion dollars. Nest Labs sells a thermostat called Nest which is very popular current in the United States thanks to its built-in intelligence and its design. Nest will continue to be run by chief executive Tony Fadell. The Federal Trade Commission and the Justice Department must still approve the deal, but this is only as a formality.

Whatever Google makes from its acquisition, it is clear that it will raise the interests of critics due to the fact that the many intelligent, clever facilities which the company and its products enable are mainly used to gather more information about its customers. For the company little has changed and little will change; Google is first and foremost an information collecting company. What changes is only the method by which Google retrieves to the data.

Submission + - Clear Email Marketing Tricks To Improve Your Business (

ardi86 writes: It is very important to understand how email marketing works and the many benefits of a well setup email campaign for your business. Escaping from the junk folder and making sure that your reader eyes the email is essential. But what makes your email different from other emails? Explore the rest of the article to find out.
Striking subject line:

A striking subject will get you on the go. Since the title is the first thing a reader sees, it is important to assure that it’s witty and impressive. This will make them curious. When the reader opens your email, they will want to go on reading.
Create an itinerary:

Use an itinerary to deliver and track your newsletters. The delivery should be done regularly and accurately. Customers would want their newsletters to be delivered on time.

Create an agenda for delivery of newsletters and make sure to follow up on it. The newsletters should be delivered at the same time every week. Your customers want you to mail them the newsletters timely, as you guaranteed. Use brisk and captivating subject lines. A subject line should have less than 60 characters, so that it interests the customer. This increases the chance of a customer opening the mail. If it’s not possible to have a short subject, you should include the most crucial words first so that they don’t get cut off.

While using pre-headers, it’s beneficial to use email previewers. Pre-header is a part of an email that is located at the top. This attracts attention and is used after the subject line by email clients, such as Gmail.

Try not to send out important emails on or around any major holidays. Many people don’t access their emails on those days, and you risk them being overlooked among the others that arrived during that same time. Of course, you should adapt this to your target audience. These may include emails concerning Black Friday deals or other campaigns based on occasions. The hints above can transform your marketing campaign from useless spam to interesting mail, but you have to work at it. Use them for existing or new campaigns in order to increase success.

Submission + - Cloud Computing- Benifits and Risks (

An anonymous reader writes: Cloud computing is an emerging area of distributed computing that offers many potential benefits to organizations by making information technology services available as a commodity. It is transforming the way corporate IT services are delivered and managed. Most consumers are already heavy users of cloud-enabled services, including email, social media, online gaming, and many mobile applications. The business community has begun to embrace cloud computing as a viable option to reduce costs and to improve IT and business agility.

When users/organizations contract for cloud services, such as applications, software, data storage, and processing capabilities, organizations can improve their efficiency and their ability to respond more quickly and reliably to their customers’ needs. At the same time, there are risks to be considered, including maintaining the security and privacy of systems and information, and assuring the wise expenditure of IT resources.

The strengths and weaknesses of the different cloud technologies, configurations, service models, and deployment methods should be considered by organizations evaluating services to meet their requirements. Cloud computing also allows computer users to conveniently rent access to fully featured applications, to software development and deployment environments, and to computing infrastructure assets such as network-accessible data storage and processing.

Cloud computing is rapidly expanding; demand is increasing and providers are ramping up extra servers to meet predicted future capacity requirements. As more customers become cloud users, greater economies of scale will be reached and cloud providers will be able to more accurately predict capacity for computing demand.

Cloud Assessment at Shapia is done by experienced business analysts who have been on working cloud for several years now. Our uptime assurance for cloud is best explained when you’re on cloud. We do a cloud service guarantee of cloud functions very often.

Submission + - Angela Merkel's New Sercure Mobile Phone (

Kimomaru writes: Who didn't see it coming? The Snowden case has set off a technology race to create a new secure mobile phone for Germany's Chacellor Angela Merkel and her ministers. Two companies, Trust2Core and SecuSmart, are providing security solutions for the Android and Blackberry respectively. Trust2Core's solution, apparently, runs a virtual instance of Android that is supposed to be secure and separate from the regular Android environment. Interestingly, so far it seems that Apple's iPhone is not in the picture at all so far. In any case, it'll be interesting to see if this technology becomes available to the average consumer and whether or not the average consumer will even care enough to even buy it.

Submission + - Yet Another Bandwagon Facebook Privacy Lawsuit? (

halls-of-valhalla writes: Facebook is being sued once again for supposedly intercepting users' private messages, following links and sharing private data with advertisers and marketers. However, nearly every report only states the side of the plaintiff in this case but nobody is considering this topic with a pinch of skepticism.

Here is the full text of the original complaint: where they complain that Facebook uses data mining to sell info to advertisers and to target ads to users. This complaint is an interesting 36 page complaint, but again it contains very little real factual evidence in spite of the fact that it contains a section entitled "Factual Background".

The plaintiff references a study conducted in August 2013 by a Swiss firm called High-Tech Bridge. The study consisted of taking a web server and generating 50 random, secret URLs. HTB then tested each of these links on 50 of the top social networking sites and web services (one secret URL per website). They would perform actions such as sending messages, searching, etc. and monitor their web server logs to see if they received any requests from the tested services. They claim to have "trapped" six of the sites and observed traffic from them. These sites include Google+, Facebook, and Twitter and they state that these results are "quite interesting".

However, what they fail to mention is that making a request to a linked site and fetching data such as title, meta description, and share image are part of the normal, user-visible functionality of sites such as Facebook and Google+. When you paste a link into a post or a private message on Facebook, a loading icon momentarily appears and then a box is visible beneath the post with thumbnail info about the link. This study does not state that they excluded this functionality in their observations, so we can't rely on these results.

Additionally, Facebook clearly states in their terms of service that they use information from advertisers and info about you (such as geographic location) to target ads. So to anyone who actually reads the terms of service before accepting, it should be clear that they can expect targeted ads. So if this, and the fact that Facebook retrieves meta data for links, is the only evidence that Facebook is violating the users' privacy and reading their private messages, then there is essentially no evidence at all.

The plaintiff intends to file a class action suit on behalf of all members and intends to make Facebook pay damages of either $100 per day of the alleged violation, or $10,000 per affected user. This of course would be in addition to the damages under California law. We shall see what happens once a verdict is made.

For the full story, read here:,140

Submission + - US Bill to Ensure A Free Internet (

halls-of-valhalla writes: The United States Congress is working on proposing a bill intended to "promote a global Internet free from government control and to preserve and advance the successful multistakeholder model that governs the Internet".

A primary intent of this bill is to demonstrate an opposition to the International Telecommunication Union (ITU), however many critics believe that ulterior motives behind the new proposition include limiting the authority of the Federal Communications Commission (FCC).

One US Representative, Marsha Blackburn, states, "With all the problems we face domestically and internationally, the last thing we need is to back away from aggressively defending Internet freedom. Failing to [pass the bill] would send an incredibly bad and discouraging message to the rest of the world and put our innovators here at home in a very difficult position".

Many supporters of the bill claim that the primary concern of the bill is to send a message to the world that the US is opposed to a takeover of Internet governance by the United Nations' ITU.

Many critics worry that the bill, with it's current wording, would hinder attempts to combat cyber crime and to maintain a safe, free flow of information on the Internet. However, the bill is currently still in the development stages, so this wording may soon change.


Submission + - US Law Requiring Logging of SMS Messages (

halls-of-valhalla writes: "A proposal is being presented to the United States Congressional Panel today which would require mobile providers to store copies of SMS messages in case they are needed by police for investigative purposes. If passed, this new requirement would be an amendment to the 1986 Electronic Communications Privacy Act (ECPA).

This PDF document,, contains prepared key points and remarks by Richard Littlehale, a supervisor within the Tennessee Bureau of Investigation, who will be making the presentation to Congress. These statements include remarks detailing how wide-spread the use of SMS is and how vital text messages could be in investigations into various crimes.

Mr. Littlehale's argument is that providers should be required to maintain this information and have quick availability of it so that law enforcers are able to maximize their investigative options. Littlehale also plans to propose that the existing "emergency" clause should be updated to allow police the possibility to demand records without a search warrant in emergency situations."


Submission + - Cisco and Arbor Networks Join to Fight DDoS (

halls-of-valhalla writes: "Due to the large number of network attacks the past few years connected with groups such as Anonymous, xl3gi0n, and Wikileaks, network security specialists have had to focus their attention towards methods to mitigate the risks of such attacks. Cisco, a company which makes network availability its business has devoted some time and manpower to this task.

The software giant has attempted to solve this problem (at least to an extent) by integrating into its routers technology developed by a company called Arbor Networks which specializes in network security software. This software called the Arbor Peakflow SP Threat Management System has been licensed by Cisco to embed into its Cisco Carrier-Grade Services Engine on its CRS-1 carrier class routers. By directly embedding this software into the routers, businesses can save time and resources due to the effect of not having to route attack traffic to dedicated centers to be cleaned up. Cisco has stated that each CGSE module will support 10Gbps of DDoS mitigation capability."


Submission + - First Bionic Hand That Can Feel (

halls-of-valhalla writes: "The first bionic hand that allows an amputee to feel what they are touching will be transplanted later this year in a pioneering operation that could introduce a new generation of artificial limbs with sensory perception.

The patient is an unnamed man in his 20s living in Rome who lost the lower part of his arm following an accident, said Silvestro Micera of the Ecole Polytechnique Federale de Lausanne in Switzerland.

The wiring of his new bionic hand will be connected to the patient’s nervous system with the hope that the man will be able to control the movements of the hand as well as receiving touch signals from the hand’s skin sensors.

Dr Micera said that the hand will be attached directly to the patient’s nervous system via electrodes clipped onto two of the arm’s main nerves, the median and the ulnar nerves.

This should allow the man to control the hand by his thoughts, as well as receiving sensory signals to his brain from the hand’s sensors. It will effectively provide a fast, bidirectional flow of information between the man’s nervous system and the prosthetic hand."


Submission + - Oxford Tests Self-Driving Cars (

halls-of-valhalla writes: "Using advances in 3D laser mapping technology, Oxford University has developed a car that is able to drive itself along familiar routes. This new self-driving automobile uses lasers and small cameras to memorize everyday trips such as the morning commute. This car is not dependant on GPS because this car is able to tell where it is by recognizing its surroundings. The intent is for this car to be capable of taking over the drive when on routes that it has travelled before.

While being driven, the car is capable of developing a 3D model of its environment and learning routes. When driving a particular journey a second time, an iPad on the dashboard informs the driver that it is capable of taking over and finishing the drive. The driver can then touch the screen and the car shifts to 'auto drive' mode. The driver can reclaim control of the car at any time by simply tapping the breaks.

The Oxford researchers are in the process of working on getting approval from the UK Department of Transportation to get permission to test drive it on the road. In the meantime, the team has developed a special testing environment with small roads and road markings.

The intent is to eventually mass-produce cars such as this and market them to consumers at low-cost to reduce driving stress. At the moment the system costs roughly 5000 pounds, but Professor Newman from the Oxford Department of Engineering hopes to eventually be able to lower the price to as low as 100 pounds."

Slashdot Top Deals

My idea of roughing it turning the air conditioner too low.