125482254
submission
operator_error writes:
Scientists at the University of Massachusetts Amherst have developed a device that uses a natural protein to create electricity from moisture in the air, a new technology they say could have significant implications for the future of renewable energy, climate change and in the future of medicine.
As reported today in Nature, the laboratories of electrical engineer Jun Yao and microbiologist Derek Lovley at UMass Amherst have created a device they call an "Air-gen." or air-powered generator, with electrically conductive protein nanowires produced by the microbe Geobacter. The Air-gen connects electrodes to the protein nanowires in such a way that electrical current is generated from the water vapor naturally present in the atmosphere.
86869561
submission
operator_error writes:
Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.
By Dan Goodin — 10/20/2016
A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.
While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.
"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time."
The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."
80050789
submission
operator_error writes:
Verizon has now chosen to reverse "its strategy to expand in hosting and colocation services after it acquired data center operator Terremark Worldwide Inc in 2011 for $1.4 billion", and has "started a process to sell its data center assets".
The so-called 'colocation' portfolio up for sale includes 48 data centers, and generates annual earnings before interest, tax, depreciation and amortization of around $275 million.
The enterprise telecommunications industry has had to adapt in recent years to corporate customers seeking more sophisticated and cheaper offerings to manage their data. Verizon joins a host of its rivals in telecommunications who are shedding their data centers.
The article doesn't mention alternative, scalable, virtual machine technologies or companies with such a focus, like as Amazon, Xen, KVM, or VMware, but Slashdot readers might be able to draw such conclusions for themselves.
65751057
submission
operator_error writes:
ownCloud developer Lukas Reschke has sent an email to the Ubuntu Devel mailing list, requesting that ownCloud (server) is removed from the Ubuntu repositories because the package is old and there are multiple critical security bugs for which no fixes have been backported. He adds that:
"Those security bugs allows an unauthenticated attacker to gain complete control about the web server process".
However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2).
Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical.
You can follow the discussion @ Ubuntu Devel mailing list.
So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service
65229519
submission
operator_error writes:
In many cars, making a hands-free phone call can be more distracting than picking up your phone, according to a new study from AAA and the University of Utah.
In-dash phone systems are overly complicated and prone to errors, the study found, and the same is true for voice-activated functions for music and navigation.
A companion study also found that trying to use Siri — the voice control system on Apple phones — while driving was dangerously distracting. Two participants in the study had virtual crashes in an automotive simulator while attempting to use Siri, the study's authors reported.
In response, Toyota said the study did not show a link between cognitive distraction and car crashes.
"The results actually tell us very little about the relative benefits of in-vehicle versus hand-held systems; or about the relationship between cognitive load and crash risks," said Mike Michels, a Toyota spokesman.
