Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Popular Android Apps Full of Bugs: Researchers Blame Recycling of Code

timothy posted 24 minutes ago | from the little-of-this-little-of-that dept.

Android 9

First time accepted submitter Brett W (3715683) writes "The security researchers that first published the 'Heartbleed' vulnerabilities in OpenSSL have spent the last few months auditing the Top 50 downloaded Android apps for vulnerabilities and have found issues with at least half of them. Many send user data to ad networks without consent, potentially without the publisher or even the app developer being aware of it. Quite a few also send private data across the network in plain text. The full study is due out later this week."

Valencia Linux School Distro Saves 36 Million Euro

timothy posted 6 hours ago | from the oh-no-big-deal dept.

Education 58

jrepin (667425) writes "The government of the autonomous region of Valencia (Spain) earlier this month made available the next version of Lliurex, a customisation of the Edubuntu Linux distribution. The distro is used on over 110,000 PCs in schools in the Valencia region, saving some 36 million euro over the past nine years, the government says." I'd lke to see more efforts like this in the U.S.; if mega school districts are paying for computers, I'd rather they at least support open source development as a consequence.

Linus Torvalds: "GCC 4.9.0 Seems To Be Terminally Broken"

timothy posted 9 hours ago | from the you'll-never-believe-what-he-actually-said dept.

Bug 416

hypnosec (2231454) writes to point out a pointed critique from Linus Torvalds of GCC 4.9.0. after a random panic was discovered in a load balance function in Linux 3.16-rc6. in an email to the Linux kernel mailing list outlining two separate but possibly related bugs, Linus describes the compiler as "terminally broken," and worse ("pure and utter sh*t," only with no asterisk). A slice: "Lookie here, your compiler does some absolutely insane things with the spilling, including spilling a *constant*. For chrissake, that compiler shouldn't have been allowed to graduate from kindergarten. We're talking "sloth that was dropped on the head as a baby" level retardation levels here .... Anyway, this is not a kernel bug. This is your compiler creating completely broken code. We may need to add a warning to make sure nobody compiles with gcc-4.9.0, and the Debian people should probably downgrate their shiny new compiler."

Ask Slashdot: What Would You Do With Half a Rack of Server Space?

timothy posted 11 hours ago | from the give-it-a-piece-of-my-mind dept.

IT 181

New submitter Christian Gainsbrugh (3766717) writes I work at a company that is currently transitioning all our servers into the cloud. In the interim we have half a rack of server space in a great datacenter that will soon be sitting completely idle for the next few months until our lease runs out. Right now the space is occupied by around 8 HP g series servers, a watchguard xtm firewall, Cisco switch and some various other equipment. All in all there are probably around 20 or so physical XEON processors, and probably close to 10 tb of storage among all the machines. We have a dedicated 10 mbs connection that is burstable to 100mbs.

I'm curious what Slashdot readers would do if they were in a similar situation. Is there anything productive that could be done with these resources? Obviously something revenue generating is great, but even if there is something novel that could be done with these servers we would be interested in putting them to good use.

Bad "Buss Duct" Causes Week-long Closure of 5,000 Employee Federal Complex

timothy posted yesterday | from the something-to-be-indignant-about dept.

Bug 117

McGruber (1417641) writes In Atlanta, an electrical problem in a "Buss Duct" has caused the Sam Nunn Atlanta Federal Center to be closed for at least a week. 5,000 federal employees work at the center. While many might view this as another example of The Infrastructure Crisis in the USA, it might actually be another example of mismanagement at the complex's landlord, the General Service Administration (GSA). Probably no one wants to go to work in an Atlanta July without a working A/C.

Private Data On iOS Devices Not So Private After All

timothy posted yesterday | from the it's-totally-intuitive dept.

IOS 97

theshowmecanuck (703852) writes with this excerpt from Reuters summarizing the upshot of a talk that Jonathan Zdziarski gave at last weekend's HOPE conference: Personal data including text messages, contact lists and photos can be extracted from iPhones through previously unpublicized techniques by Apple Inc employees, the company acknowledged this week. The same techniques to circumvent backup encryption could be used by law enforcement or others with access to the 'trusted' computers to which the devices have been connected, according to the security expert who prompted Apple's admission. Users are not notified that the services are running and cannot disable them, Zdziarski said. There is no way for iPhone users to know what computers have previously been granted trusted status via the backup process or block future connections. If you'd rather watch and listen, Zdziarski has posted a video showing how it's done.

Cable Companies: We're Afraid Netflix Will Demand Payment From ISPs

timothy posted 2 days ago | from the who-pays-whom-for-what dept.

Businesses 190

Dega704 (1454673) writes While the network neutrality debate has focused primarily on whether ISPs should be able to charge companies like Netflix for faster access to consumers, cable companies are now arguing that it's really Netflix who holds the market power to charge them. This argument popped up in comments submitted to the FCC by Time Warner Cable and industry groups that represent cable companies. (National Journal writer Brendan Sasso pointed this out.) The National Cable & Telecommunications Association (NCTA), which represents many companies including Comcast, Time Warner Cable, Cablevision, Cox, and Charter wrote to the FCC:

"Even if broadband providers had an incentive to degrade their customers' online experience in some circumstances, they have no practical ability to act on such an incentive. Today's Internet ecosystem is dominated by a number of "hyper-giants" with growing power over key aspects of the Internet experience—including Google in search, Netflix and Google (YouTube) in online video, Amazon and eBay in e-commerce, and Facebook in social media. If a broadband provider were to approach one of these hyper-giants and threaten to block or degrade access to its site if it refused to pay a significant fee, such a strategy almost certainly would be self-defeating, in light of the immediately hostile reaction of consumers to such conduct. Indeed, it is more likely that these large edge providers would seek to extract payment from ISPs for delivery of video over last-mile networks."
Related: an article at Gizmodo explains that it takes surprisingly little hardware to replicate (at least most of) Netflix's current online catalog in a local data center.

Russia Posts $110,000 Bounty For Cracking Tor's Privacy

Soulskill posted 2 days ago | from the what-happens-in-siberia-stays-in-siberia dept.

Encryption 95

hypnosec writes: The government of Russia has announced a ~$110,000 bounty to anyone who develops technology to identify users of Tor, an anonymising network capable of encrypting user data and hiding the identity of its users. The public description (in Russian) of the project has been removed now and it only reads "cipher 'TOR' (Navy)." The ministry said it is looking for experts and researchers to "study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network."

Switching From Microsoft Office To LibreOffice Saves Toulouse 1 Million Euros

Soulskill posted 2 days ago | from the all-about-the-napoleans dept.

EU 261

jrepin sends this EU report: The French city of Toulouse saved 1 million euro by migrating all its desktops from Microsoft Office to LibreOffice. This project was rooted in a global digital policy which positions free software as a driver of local economic development and employment. Former IT policy-maker Erwane Monthubert said, "Software licenses for productivity suites cost Toulouse 1.8 million euro every three years. Migration cost us about 800,000 euro, due partly to some developments. One million euro has actually been saved in the first three years. It is a compelling proof in the actual context of local public finance. ... France has a high value in free software at the international level. Every decision-maker should know this."

New SSL Server Rules Go Into Effect Nov. 1

Soulskill posted 2 days ago | from the encrypt-your-calendars dept.

Encryption 88

alphadogg writes: Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks. The concern is that SSL server digital certificates issued by CAs at present for internal corporate e-mail servers, Web servers and databases are not unique and can potentially be used in man-in-the-middle attacks involving the setup of rogue servers inside the targeted network, say representatives for the Certification Authority/Browser Forum (CA/B Forum), the industry group that sets security and operational guidelines for digital certificates. Members include the overwhelming bulk of public CAs around the globe, plus browser makers such as Microsoft and Apple. The problem today is that network managers often give their servers names like 'Server1' and allocate internal IP addresses so that SSL certificates issued for them through the public CAs are not necessarily globally unique, notes Trend Micro's Chris Bailey.

Comcast Carrying 1Tbit/s of IPv6 Internet Traffic

Unknown Lamer posted 3 days ago | from the hurd-1.0-released dept.

Networking 143

New submitter Tim the Gecko (745081) writes Comcast has announced 1Tb/s of Internet facing, native IPv6 traffic, with more than 30% deployment to customers. With Facebook, Google/YouTube, and Wikipedia up to speed, it looks we are past the "chicken and egg" stage. IPv6 adoption by other carriers is looking better too with AT&T at 20% of their network IPv6 enabled, Time Warner at 10%, and Verizon Wireless at 50%. The World IPv6 Launch site has measurements of global IPv6 adoption.

Social Security Administration Joins Other Agencies With $300M "IT Boondoggle"

Unknown Lamer posted 3 days ago | from the should-have-gone-into-government-IT dept.

Government 140

alphadogg (971356) writes with news that the SSA has joined the long list of federal agencies with giant failed IT projects. From the article: "Six years ago the Social Security Administration embarked on an aggressive plan to replace outdated computer systems overwhelmed by a growing flood of disability claims. Nearly $300 million later, the new system is nowhere near ready and agency officials are struggling to salvage a project racked by delays and mismanagement, according to an internal report commissioned by the agency. In 2008, Social Security said the project was about two to three years from completion. Five years later, it was still two to three years from being done, according to the report by McKinsey and Co., a management consulting firm. Today, with the project still in the testing phase, the agency can't say when it will be completed or how much it will cost.

Mac OS X Yosemite Beta Opens

Unknown Lamer posted 3 days ago | from the smells-like-system-7 dept.

GUI 164

New submitter David Hames (3763525) writes Would you like to test drive the newest release of the Macintosh operating system? Apple is opening up the beta for Mac OS X Yosemite starting Thursday to the first million people who sign up. Beta users won't be able to access such promised Yosemite features such as the ability to make or receive your iPhone calls or text messages on your Mac, turn on your iPhone hotspot feature from your Mac, or "Handoff" the last thing you were doing on your iOS 8 device to your Mac and vice versa. A new iCloud Drive feature is also off-limits, while any Spotlight search suggestions are U.S.-based only. Don't expect all your Mac apps to run either. Ars has a preview of Yosemite.

Internet Explorer Vulnerabilities Increase 100%

samzenpus posted 3 days ago | from the protect-ya-neck dept.

Security 137

An anonymous reader writes Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities. Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.

The Psychology of Phishing

samzenpus posted 3 days ago | from the click-and-release dept.

Security 126

An anonymous reader writes Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals understand that we are a generation of clickers and they use this to their advantage. They will take the time to create sophisticated phishing emails because they understand that today users can tell-apart spam annoyances from useful email, however they still find it difficult identifying phishing emails, particularly when they are tailored to suit each recipient individually. Fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link. To put that into context a legitimate marketing department at a FTSE 100 company typically expects less than a 2% click rate on their advertising campaigns. So, how are the cybercriminals out-marketing the marketing experts?

Dropbox Head Responds To Snowden Claims About Privacy

samzenpus posted 4 days ago | from the protect-ya-neck dept.

Security 173

First time accepted submitter Carly Page writes When asked for its response to Edward Snowden's claims that "Dropbox is hostile to privacy", Dropbox told The INQUIRER that users concerned about privacy should add their own encryption. The firm warned however that if users do, not all of the service's features will work. Head of Product at Dropbox for Business Ilya Fushman says: "We have data encrypted on our servers. We think of encryption beyond that as a users choice. If you look at our third-party developer ecosystem you'll find many client-side encryption apps....It's hard to do things like rich document rendering if they're client-side encrypted. Search is also difficult, we can't index the content of files. Finally, we need users to understand that if they use client-side encryption and lose the password, we can't then help them recover those files."

VP Biden Briefs US Governors On H-1B Visas, IT, and Coding

Soulskill posted 4 days ago | from the at-least-he-was-wearing-pants dept.

Government 223

theodp writes: Back in 2012, Computerworld blasted Vice President Joe Biden for his ignorance of the H-1B temporary work visa program. But Joe's got his H-1B story and he's sticking to it, characterizing the visa program earlier this month in a speech to the National Governors Association as "apprenticeships" of sorts that companies provide to foreign workers to expand the Information Technology industry only after proving there are no qualified Americans to fill the jobs. Biden said he also learned from his talks with tech's top CEOs that 200,000 of the jobs that companies provide each year to highly-skilled H-1B visa holders could in fact be done by Americans with no more than a two-year community college degree.

Intel Launches Self-Encrypting SSD

Soulskill posted 4 days ago | from the masochistic-storage-devices dept.

Data Storage 91

MojoKid writes: Intel just launched their new SSD 2500 Pro series solid state drive, the follow-up to last year's SSD 1500 Pro series, which targets corporate and small-business clients. The drive shares much of its DNA with some of Intel's consumer-class drives, but the Pro series cranks things up a few notches with support for advanced security and management features, low power states, and an extended management toolset. In terms of performance, the Intel SSD 2500 Pro isn't class-leading in light of many enthusiast-class drives but it's no slouch either. Intel differentiates the 2500 Pro series by adding support for vPro remote-management and hardware-based self-encryption. The 2500 Pro series supports TCG (Trusted Computing Group) Opal 2.0 features and is Microsoft eDrive capable as well. Intel also offers an administration tool for easy management of the drive. With the Intel administration tool, users can reset the PSID (physical presence security ID), though the contents of the drive will be wiped. Sequential reads are rated at up to 540MB/s, sequential writes at up to 480MB/s, with 45K – 80K random read / write IOps.

CNN iPhone App Sends iReporters' Passwords In the Clear

Unknown Lamer posted 4 days ago | from the safe-reporting dept.

Encryption 40

chicksdaddy (814965) writes The Security Ledger reports on newly published research from the firm zScaler that reveals CNN's iPhone application transmits user login session information in clear text. The security flaw could leave users of the application vulnerable to having their login credential snooped by malicious actors on the same network or connected to the same insecure wifi hotspot. That's particularly bad news if you're one of CNN's iReporters — citizen journalists — who use the app to upload photos, video and other text as they report on breaking news events. According to a zScaler analysis, CNN's app for iPhone exposes user credentials in the clear both during initial setup of the account and in subsequent mobile sessions. The iPad version of the CNN app is not affected, nor is the CNN mobile application for Android. A spokesman for CNN said the company had a fix ready and was working with Apple to have it approved and released to the iTunes AppStore.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...