Recent /. Posts

Syndicate content Slashdot
News for nerds, stuff that matters
Updated: 4 hours 47 min ago

Tor Blacklisting Exit Nodes Vulnerable To Heartbleed

Thu, 04/17/2014 - 8:21am
msm1267 (2804139) writes "The Tor Project has published a list of 380 exit relays vulnerable to the Heartbleed OpenSSL vulnerability that it will reject. This comes on the heels of news that researcher Collin Mulliner of Northeastern University in Boston found more than 1,000 nodes vulnerable to Heartbleed where he was able to retrieve plaintext user traffic. Mulliner said he used a random list of 5,000 Tor nodes from the Dan.me.uk website for his research; of the 1,045 vulnerable nodes he discovered, he recovered plaintext traffic that included Tor plaintext announcements, but a significant number of nodes leaked user traffic in the clear."

Read more of this story at Slashdot.








The Dismal State of SATCOM Security

Thu, 04/17/2014 - 7:40am
An anonymous reader writes "Satellite Communications (SATCOM) play a vital role in the global telecommunications system, but the security of the devices used leaves much to be desired. The list of security weaknesses IOActive found while analyzing and reverse-engineering firmware used on the most widely deployed Inmarsat and Iridium SATCOM terminals does not include only design flaws but also features in the devices themselves that could be of use to attackers. The uncovered vulnerabilities include multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. These vulnerabilities allow remote, unauthenticated attackers to compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability; just sending a simple SMS or specially crafted message from one ship to another ship would be successful for some of the SATCOM systems."

Read more of this story at Slashdot.








Apache OpenOffice Reaches 100 Million Downloads. Now What?

Thu, 04/17/2014 - 6:54am
We're thankfully long past the days when an emailed Word document was useless without a copy of Microsoft Word, and that's in large part thanks to the success of the OpenOffice family of word processors. "Family," because the OpenOffice name has been attached to several branches of a codebase that's gone through some serious evolution over the years, starting from its roots in closed-source StarOffice, acquired and open-sourced by Sun to become OpenOffice.org. The same software has led (via some hamfisted moves by Oracle after its acquisition of Sun) to the also-excellent LibreOffice. OpenOffice.org's direct descendant is Apache OpenOffice, and an anonymous reader writes with this excellent news from that project: "The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 170 Open Source projects and initiatives, announced today that Apache OpenOffice has been downloaded 100 million times. Over 100 million downloads, over 750 extensions, over 2,800 templates. But what does the community at Apache need to do to get the next 100 million?" If you want to play along, you can get the latest version of OpenOffice from SourceForge (Slashdot's corporate cousin). I wonder how many government offices -- the U.S. Federal government has long been Microsoft's biggest customer -- couldn't get along just fine with an open source word processor, even considering all the proprietary-format documents they're stuck with for now.

Read more of this story at Slashdot.








RCMP Arrest Canadian Teen For Heartbleed Exploit

Thu, 04/17/2014 - 6:13am
According to PC Mag, a "19-year-old Canadian was arrested on Tuesday for his alleged role in the breach of the Canada Revenue Agency (CRA) website, the first known arrest for exploiting the Heartbleed bug. Stephen Arthuro Solis-Reyes (pictured) of London, Ontario faces one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data." That exploit led to a deadline extension for some Canadian taxpayers in getting in their returns this year. The Register has the story as well. The Montreal Gazette has some pointed questions about how much the Canadian tax authorities knew about the breach, and when.

Read more of this story at Slashdot.








SSD-HDD Price Gap Won't Go Away Anytime Soon

Thu, 04/17/2014 - 5:26am
storagedude (1517243) writes "Flash storage costs have been dropping rapidly for years, but those gains are about to slow, and a number of issues will keep flash from closing the cost gap with HDDs for some time, writes Henry Newman at Enterprise Storage Forum. As SSD density increases, reliability and performance decrease, creating a dilemma for manufacturers who must balance density, cost, reliability and performance. '[F]lash technology and SSDs cannot yet replace HDDs as primary storage for enterprise and HPC applications due to continued high prices for capacity, bandwidth and power, as well as issues with reliability that can only be addressed by increasing overall costs. At least for the foreseeable future, the cost of flash compared to hard drive storage is not going to change.'"

Read more of this story at Slashdot.








5-Year Suspended Sentence For S. Africa's First Online Pirate

Thu, 04/17/2014 - 4:46am
An anonymous reader writes "South Africa's first prosecution for online piracy was concluded this morning, with a five-year, wholly suspended sentence handed down to a filesharer who uploaded local movie Four Corners to The Pirate Bay. The man — who lost his job recently — said he's relieved by the verdict, which was the result of a plea bargain. Director Ian Gabriel, who made the film, recently said he was 'philosophical' about piracy."

Read more of this story at Slashdot.








Switching From Sitting To Standing At Your Desk

Thu, 04/17/2014 - 4:07am
Hugh Pickens DOT Com (2995471) writes "Chris Bowlby reports at BBC that medical research has been building up for a while now, suggesting constant sitting is harming our health — potentially causing cardiovascular problems or vulnerability to diabetes. Advocates of sit-stand desks say more standing would benefit not only health, but also workers' energy and creativity. Some big organizations and companies are beginning to look seriously at reducing 'prolonged sitting' among office workers. 'It's becoming more well known that long periods of sedentary behavior has an adverse effect on health,' says GE engineer Jonathan McGregor, 'so we're looking at bringing in standing desks.' The whole concept of sitting as the norm in workplaces is a recent innovation, points out Jeremy Myerson, professor of design at the Royal College of Art. 'If you look at the late 19th Century,' he says, Victorian clerks could stand at their desks and 'moved around a lot more'. 'It's possible to look back at the industrial office of the past 100 years or so as some kind of weird aberration in a 1,000-year continuum of work where we've always moved around.' What changed things in the 20th Century was 'Taylorism' — time and motion studies applied to office work. 'It's much easier to supervise and control people when they're sitting down,' says Myerson. What might finally change things is if the evidence becomes overwhelming, the health costs rise, and stopping employees from sitting too much becomes part of an employer's legal duty of care. 'If what we are creating are environments where people are not going to be terribly healthy and are suffering from diseases like cardiovascular disease and diabetes,' says Prof Alexi Marmot, a specialist on workplace design, 'it's highly unlikely the organization benefits in any way.'"

Read more of this story at Slashdot.








Ask Slashdot: System Administrator Vs Change Advisory Board

Thu, 04/17/2014 - 1:27am
thundergeek (808819) writes "I am the sole sysadmin for nearly 50 servers (win/linux) across several contracts. Now a Change Advisory Board (CAB) is wanting to manage every patch that will be installed on the OS and approve/disapprove for testing on the development network. Once tested and verified, all changes will then need to be approved for production. Windows servers aren't always the best for informing admin exactly what is being 'patched' on the OS, and the frequency of updates will make my efficiency take a nose dive. Now I'll have to track each KB, RHSA, directives and any other 3rd party updates, submit a lengthy report outlining each patch being applied, and then sit back and wait for approval. What should I use/do to track what I will be installing? Is there already a product out there that will make my life a little less stressful on the admin side? Does anyone else have to go toe-to-toe with a CAB? How do you handle your patch approval process?"

Read more of this story at Slashdot.








The Squishy Future of Robotics

Wed, 04/16/2014 - 11:09pm
An anonymous reader writes "The field of soft robotics is fast growing and may be the key to allowing robots and humans to work side-by-side. 'Roboticists are prejudiced toward rigid structures, for which algorithms can be inherited from the well-established factory robot industry. Soft robots solve two huge problems with current robots, however. They don't have to calculate their movements as precisely as hard robots, which rely on springs and joints, making them better for navigating uncontrolled environments like a house, disaster area, or hospital room. They're naturally "cage free," meaning they can work shoulder-to-shoulder with humans. If a soft robot tips over or malfunctions, the danger is on par with being attacked by a pillow. The robot is also less prone to hurt itself.'"

Read more of this story at Slashdot.








Bidding At FCC TV Spectrum Auction May Be Restricted For Large Carriers

Wed, 04/16/2014 - 8:34pm
An anonymous reader writes "Rumors have surfaced that the Federal Communications Commission (FCC) will restrict bidding at their TV spectrum auction in 2015 to effectively favor smaller carriers. Specifically, when 'auction bidding hits an as-of-yet unknown threshold in a given market, the FCC would set aside up to 30MHz of spectrum in that market. Companies that hold at least one-third of the low-band spectrum in that market then wouldn't be allowed to bid on the 30MHz of spectrum that has been set aside.' Therefore, 'in all band plans less than 70MHz, restricted bidders—specifically AT&T and Verizon (and in a small number of markets, potentially US Cellular or CSpire)—would be limited to bidding for only three blocks.' The rumors may be true since AT&T on Wednesday threatened to not participate in the auction at all as a protest against what it sees as unfair treatment."

Read more of this story at Slashdot.








Bidding At FCC TV Spectrum Auction May Be Restricted For Large Carriers

Wed, 04/16/2014 - 8:34pm
An anonymous reader writes "Rumors have surfaced that the Federal Communications Commission (FCC) will restrict bidding at their TV spectrum auction in 2015 to effectively favor smaller carriers. Specifically, when 'auction bidding hits an as-of-yet unknown threshold in a given market, the FCC would set aside up to 30MHz of spectrum in that market. Companies that hold at least one-third of the low-band spectrum in that market then wouldn't be allowed to bid on the 30MHz of spectrum that has been set aside.' Therefore, 'in all band plans less than 70MHz, restricted bidders—specifically AT&T and Verizon (and in a small number of markets, potentially US Cellular or CSpire)—would be limited to bidding for only three blocks.' The rumors may be true since AT&T on Wednesday threatened to not participate in the auction at all as a protest against what it sees as unfair treatment."

Read more of this story at Slashdot.








Vintage 1960s Era Film Shows IRS Defending Its Use of Computers

Wed, 04/16/2014 - 6:02pm
coondoggie (973519) writes "It's impossible to imagine the Internal Revenue Service or most other number-crunching agencies or companies working without computers. But when the IRS went to computers — the Automatic Data Processing system --there was an uproar. The agency went so far as to produce a short film on the topic called Right On The Button, to convince the public computers were a good thing."

Read more of this story at Slashdot.








FBI Drone Deployment Timeline

Wed, 04/16/2014 - 4:33pm
An anonymous reader writes "The FBI insists that it uses drone technology to conduct surveillance in 'very limited circumstances.' What those particular circumstances are remain a mystery, particularly since the Bureau refuses to identify instances where agents deployed unmanned aerial vehicles, even as far back as 2006. In a letter to Senator Ron Paul last July, the FBI indicated that it had used drones a total of ten times since late 2006—eight criminal cases and two national security cases—and had authorized drone deployments in three additional cases, but did not actually fly them. The sole specific case where the FBI is willing to confirm using a drone was in February 2013, as surveillance support for a child kidnapping case in Alabama. New documents obtained by MuckRock as part of the Drone Census flesh out the timeline of FBI drone deployments in detail that was previously unavailable. While heavily redacted—censors deemed even basic facts that were already public about the Alabama case to be too sensitive for release, apparently—these flight orders, after action reviews and mission reports contain new details of FBI drone flights."

Read more of this story at Slashdot.








GoPro Project Claims Technology Is Making People Lose Empathy For Homeless

Wed, 04/16/2014 - 3:48pm
EwanPalmer (2536690) writes "A project involving GoPro cameras and people living on the streets of San Francisco has suggests technology is making people feel less compassionate towards the homeless. Started by Kevin F Adler, the Homeless GoPro project aims to 'build empathy through a first-hand perspective' by strapping one of the cameras onto homeless volunteers to document their lives and daily interactions. One of the volunteers, Adam Reichart, said he believes it is technology which is stopping people from feeling sympathy towards people living on the street as it's easier to have 'less feelings when you're typing something' than looking at them in the eye"

Read more of this story at Slashdot.








Industry-Wide Smartphone "Kill Switch" Closer To Reality

Wed, 04/16/2014 - 3:02pm
mpicpp (3454017) writes "The 'kill switch,' a system for remotely disabling smartphones and wiping their data, will become standard in 2015, according to a pledge backed by most of the mobile world's major players. Apple, Google, Samsung and Microsoft, along with the five biggest cellular carriers in the United States, are among those that have signed on to a voluntary program announced Tuesday by the industry's largest trade group. All smartphones manufactured for sale in the United States after July 2015 must have the technology, according to the program from CTIA. Advocates say the feature would deter thieves from taking mobile devices by rendering phones useless while allowing people to protect personal information if their phone is lost or stolen. Its proponents include law enforcement officials concerned about the rising problem of smartphone theft."

Read more of this story at Slashdot.








Code Quality: Open Source vs. Proprietary

Wed, 04/16/2014 - 2:17pm
just_another_sean sends this followup to yesterday's discussion about the quality of open source code compared to proprietary code. Every year, Coverity scans large quantities of code and evaluates it for defects. They've just released their latest report, and the findings were good news for open source. From the article: "The report details the analysis of 750 million lines of open source software code through the Coverity Scan service and commercial usage of the Coverity Development Testing Platform, the largest sample size that the report has studied to date. A few key points: Open source code quality surpasses proprietary code quality in C/C++ projects. Linux continues to be a benchmark for open source quality. C/C++ developers fixed more high-impact defects. Analysis found that developers contributing to open source Java projects are not fixing as many high-impact defects as developers contributing to open source C/C++ projects."

Read more of this story at Slashdot.








Ask Slashdot: What Good Print Media Is Left?

Wed, 04/16/2014 - 1:35pm
guises writes: "A recent story discussing the cover of Byte Magazine reminded me of just how much we've lost with the death of print media. The Internet isn't what took down Byte, but a lot of other really excellent publications have fallen by the wayside as a result of the shift away from the printed page. We're not quite there yet, though. There seem to still be some holdouts, so I'm asking Slashdot: what magazines (or zines, or newsletters, or newspapers) are still hanging around that are worth subscribing to?"

Read more of this story at Slashdot.








Steam's Most Popular Games

Wed, 04/16/2014 - 12:54pm
An anonymous reader writes "The folks at Ars Technica scraped a ton of gameplay data from Steam's player profiles to provide statistics on how many people own each game, and how often it's played. For example: 37% of the ~781 million games owned by Steam users have never been played. Dota 2 has been played by almost 26 million people for a total of 3.8 billion hours. Players of CoD: Modern Warfare 2 spend six times as long in multiplayer as in single-player. This sampling gives much more precise data than we usually have about game sales rates. 'If there's one big takeaway from looking at the entirety of our Steam sales and player data, it's that a few huge ultra-hits are driving the majority of Steam usage. The vast majority of titles form a "long tail" of relative crumbs. Out of about 2,750 titles we've tracked using our sampling method, the top 110 sellers represent about half of the individual games registered to Steam accounts. That's about four percent of the distinct titles, each of which has sold 1.38 million copies or more. This represents about 50 percent of the registered sales on the service. ... about half of the estimated 18.5 billion man-hours that have been spent across all Steam games have gone toward just the six most popular titles.'"

Read more of this story at Slashdot.








'Thermoelectrics' Could One Day Power Cars

Wed, 04/16/2014 - 12:12pm
sciencehabit writes: "Fossil fuels power modern society by generating heat, but much of that heat is wasted. Researchers have tried to reclaim some of it with semiconductor devices called thermoelectrics, which convert the heat into power. But they remain too inefficient and expensive to be useful beyond a handful of niche applications. Now, scientists in Illinois report that they have used a cheap, well-known material to create the most heat-hungry thermoelectric so far (abstract). In the process, the researchers say, they learned valuable lessons that could push the materials to the efficiencies needed for widespread applications. If that happens, thermoelectrics could one day power cars and scavenge energy from myriad engines, boilers, and electrical plants."

Read more of this story at Slashdot.








Survey: 56 Percent of US Developers Expect To Become Millionaires

Wed, 04/16/2014 - 11:30am
msmoriarty writes: "According to a recent survey of 1,000 U.S.-based software developers, 56 percent expect to become millionaires in their lifetime. 66 percent also said they expect to get raises in the next year, despite the current state of the economy. Note that some of the other findings of the study (scroll to bulleted list) seem overly positive: 84 percent said they believe they are paid what they're worth, 95 percent report they feel they are 'one of the most valued employees at their organization,' and 80 percent said that 'outsourcing has been a positive factor in the quality of work at their organization.'"

Read more of this story at Slashdot.