Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - 5-Year-Old Critical Linux Vulnerability Patched (threatpost.com)

msm1267 writes: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run a serious security issues in the operating system, most of which have been hiding in the code for years.

Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introduced in August 2011. A patch was pushed to the mainline Linux kernel Dec. 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes.

The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.

Submission + - Bluetooth 5 is here (betanews.com) 1

BrianFagioli writes: Today, the Bluetooth Special Interest Group announces the official adoption of the previously-announced Bluetooth 5. In other words, it is officially the next major version of the technology, which will eventually be found in many consumer devices.

So, will you start to see Bluetooth 5 devices and dongles with faster speeds and longer range in stores tomorrow? Nope — sorry, folks. Consumers will have to wait until 2017. The Bluetooth SIG says devices should become available between February and June next year.

Comment Re:Ubuntu makes to much decisions for me... (Score 0) 137

Well, you are right on most things, just this purist view brings the user nowhere. It's the old 'in an ideal world all lawyers would be jobless'...

And the example of windows is very wrong. A tonload of drivers for windows 7, hell, even drivers for vista and XP, just work on the latest windows 10. Simply because they have a well defined driver model. A thousand reasons to dislike Microsoft, but their driver model is not one of them.

It is not only a matter of developer resources. It is also that Linux is still a 'wild west' where anything that works might change in any newer version. And while the kernel maintainers have recognized this issue and proven a more stable ABI since kernel 2.6, some arbitrary projects still have a very egocentric view of the world.. Not to mention the zillion different distro's out there. Even the most well-willing hardware providers (and don't say that AMD and Intel and others aren't as they all showed tremendous effort) run against this wall of chaos...

Comment Re:Ubuntu makes to much decisions for me... (Score 2, Insightful) 137

And why, as end-user, do i care this? I need something that works. A newer version of xorg was apparently more important to drivers compatibility for the package maintainers. For me as user it was the other way around. And it is not trivially possible with Ubuntu to use an older version of xorg.

To elaborate on that: somewhere along the road the xorg developers decided to break something. How hard is it to design something and keep it (forward) compatible? Apparently for xorg very hard. I totally am ready to believe they had their reasons to do so, but you simply cannot expect all other involved developers to run behind them, within months, if they make make a change breaking stuff, totally ignoring the significant amount of testing the AMD developers would have to do. And surely the AMD developers still get the blame simply because they are 'closed source'.

From an idealistic stance of view, you are totally right. In an ideal world those drivers would be open source. From a practical stance of view, developers all over the world, both open and closed source, are hands tied down on license or agreements. And users just want something that works, not necessarily the latest greatest shiniest.

In case of Ubuntu 16.04 the AMD user is left in the cold, no matter who to blame. And this is why people who say 'Linux will never be ready for the desktop' are proven right. I did, and do, use and love Linux but in all fairness it has been a constant struggle, swimming upstream, because design decisions like those are not made from a user stance of view, and because i do not want to dedicate my life to the OS running on my computer. I just want to use my computer.

Comment Ubuntu makes to much decisions for me... (Score 3, Interesting) 137

After many years of Ubuntu use as primary desktop, the thing that drove me away was ending the support for the closed source AMD video drivers.

Someone decided that the open source drivers were 'good enough'. Well, they are not, at least for what i was doing. And the choice to use the drivers as released by AMD was removed, and doing so manually anything but trivial, as in, you'd have more luck on an arch based distro.

Imho, Ubuntu, and all derivatives like Mint, suddenly alienate half their user base with that decision. And if this wasn't an online forum i'd use stronger wordings for that.

Also, i just need to get work done. And most of the stuff i do is reasonable platform-agnostic but expects reasonable 3D performance. So, i'm back to windows 10 which serves my need, ironically has Ubuntu user land built in these days, and Linux will have to wait until i upgrade my graphics to nVidia, or when i can be bothered to try another distro, or when open source graphics drivers are really of comparable quality, whichever come first.

* Just 2 cents from a frustrated ex-Ubuntu&Mint user on the desktop. *

Submission + - Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com)

An anonymous reader writes: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds.

The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months.

Submission + - SPAM: Satellite Abandoned In 1967 Mysteriously Comes Back Online

schwit1 writes: An American satellite abandoned in 1967 suddenly came back online and began transmitting again for the first time in 50 years.

Amateur astronomers first suspected that they’d found the satellite in 2013, but needed years to confirm that it was still occasionally transmitting. The satellite, dubbed LES1, was built by the Massachusetts Institute of Technology (MIT) and launched into space in 1965.

A mistake in the satellite’s circuitry caused it to never leave its circular orbit, and it eventually stop transmitting in 1967. The satellite’s signal now fluctuates widely in strength, meaning that it’s likely only transmitting when its solar panels are in direct sunlight. Scientists expect that the satellite’s onboard batteries have disintegrated.

Link to Original Source

Submission + - "Most serious" Linux privilege-escalation bug ever is under active exploit (arstechnica.com)

operator_error writes: Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.

By Dan Goodin — 10/20/2016

A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time."

The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."

Submission + - Microsoft Unleashes Second Raspberry Pi IoT Starter Kit

Mickeycaskill writes: Microsoft is releasing a second version of its Raspberry Pi Internet of Things (IoT) starter pack, which combines microcomputer hardware with a lightweight version of Windows 10.

The new version come with the Raspberry Pi 3, a beefed up version of its predecessor with integrated Wi-Fi and Bluetooth connectivity, making it more flexible without the need for hardware add-ons.

Microsoft also announced a new IoT starter kit created by Seeed Studio. The Seeed Grove Starter Kit for IoT based on Raspberry Pi, is how its rather clunky name would suggest; an IoT package that can be used with the Raspberry Pi 3 and Raspberry Pi 2, and comes with the Grove connector, a module that offers common connectors for sensors in order to make it easier to connect them to a device platform without the need to worry about soldering electrical wires.

The package comes with Windows 10 Core, but also works with Microsoft’s Azure cloud platform.

Submission + - Multiple Linux Distributions Affected by Crippling Bug in systemd (agwa.name) 1

An anonymous reader writes: System administrator Andrew Ayer has discovered a potentially critical bug in systemd which can bring a vulnerable Linux server to its knees with one command. "After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system." According to the bug report, Debian, Ubuntu, and CentOS are among the distros susceptible to various levels of resource exhaustion. The bug, which has existed for more than two years, does not require root access to exploit.

Submission + - Should we bring extinct species back from the dead? (sciencemag.org)

sciencehabit writes: For decades the notion of “de-extinction” hovered on the scientific fringes, but new advances in genetic engineering, especially the CRISPR-Cas9 revolution, have researchers believing that it’s time to start thinking seriously about which animals we might be able to bring back, and which ones would do the most good for the ecosystems they left behind. Science Magazine explores why and how we might do this, which animals might be first, and the big risks involved.

Submission + - What are the FLOSS community's answers to Siri and AI? (upon2020.com)

jernst writes: A decade ago, we in the free and open-source community could build our own versions of pretty much any proprietary software system out there, and we did. Publishing, collaboration, commerce, you name it. Some apps were worse, some were better than closed alternatives, but much of it was clearly good enough to use every day.

But is this still true? For example, voice control is clearly going to be a primary way we interact with our gadgets in the future. Speaking to an Amazon Echo-like device while sitting on my couch makes a lot more sense than using a web browser. Will we ever be able to do that without going through somebody’s proprietary silo like Amazon’s or Apple’s? Where are the free and/or open-source versions of Siri, Alexa and so forth?

The trouble, of course, is not so much the code, but in the training. The best speech recognition code isn’t going to be competitive unless it has been trained with about as many millions of hours of example speech as the closed engines from Apple, Google and so forth have been. How can we do that?

The same problem exists with AI. There’s plenty of open-source AI code, but how good is it unless it gets training and retraining with gigantic data sets? We don’t have those in the FLOSS world, and even if we did, would we have the money to run gigantic graphics card farms 24×7? Will we ever see truly open AI that is not black-box machinery guarded closely by some overlord company, but something that “we can study how it works, change it so it does our computing as we wish” and all the other values embodied in the Free Software Definition?

Who has a plan, and where can I sign up to it?

Submission + - Android-x86 6.0 Released to Let You Run Android 6.0 Marshmallow on Your PC

prisoninmate writes: Android-x86 6.0 has been in the works since early this year, and it received a total of two RC (Release Candidate) builds during its entire development cycle, one in June and another in August. After joining the Remix OS team, Chih-Wei Huang now has all the reasons to update and improve its Android-x86 system for the latest Android releases. Therefore, as you might have guessed already, Android-x86 6.0 is the first stable version of the project to be based on Google's Linux kernel-based Android 6.0 Marshmallow mobile operating system, and includes the most recent AOSP (Android Open Source Project) security updates too. Under the hood, Android-x86 6.0 is using the long-term supported Linux 4.4.20 kernel with an updated graphics stack based on Mesa 12.0.2 3D Graphics Library, and offers support for Samsung's F2FS file system for SSD drives, better Wi-Fi support after resume and suspend, and initial HDMI audio support.

Submission + - Warner Brothers reports own site as illegal (bbc.com)

An anonymous reader writes: Film studio Warner Brothers has asked Google to remove its own website from search results, saying it violates copyright laws.
It also asked the search giant to remove links to legitimate movie streaming websites run by Amazon and Sky, as well as the film database IMDB.
The request was submitted on behalf of Warner Brothers by Vobile, a company that files hundreds of thousands of takedown requests every month.

Warner Brothers has yet to comment.

BBC News links to https://torrentfreak.com/warne... Warner Bros. is vigorously trying to prevent pirated content from showing up in search results, but in doing so the movie studio has shot itself in the foot. Recently, Warner asked Google to take down several of its own pages, claiming that they are copyright-infringing.

Slashdot Top Deals

"I've seen it. It's rubbish." -- Marvin the Paranoid Android

Working...