Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Bug

OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes 13

Posted by timothy
from the if-you-could-turn-back-time dept.
operator_error notes a report that ownCloud developer Lukas Reschke has emailed the Ubuntu Devel mailing list to request that ownCloud (server) be removed from the Ubuntu repositories because it contains "multiple critical security bugs for which no fixes have been backported," through which an attacker could "gain complete control [of] the web server process." From the article: However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2). Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical. You can follow the discussion @ Ubuntu Devel mailing list. So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service."
Microsoft

Microsoft Now Makes Money From Surface Line, Q1 Sales Reach Almost $1 Billion 45

Posted by timothy
from the but-that's-just-on-the-surface dept.
SmartAboutThings writes Microsoft has recently published its Q1 fiscal 2015 earnings report, disclosing that it has made $4.5 billion in net income on $23.20 billion in revenue. According to the report, revenue has increased by $4.67 billion, compared to $18.53 billion from the same period last year. However, net income has decreased 14 percent compared to last year's $5.24 billion mainly because of the $1.14 billion cost associated with the integration and restructuring expenses related to the Nokia acquisition.

But what's finally good news for the company is that the Surface gross margin was positive this quarter, which means the company finally starts making money on Surface sales. Microsoft didn't yet reveal Surface sales, but we know that Surface revenue was $908 million this quarter, up a massive 127 percent from the $400 million this time last year. However, if we assume that the average spent amount on the purchase of this year's Surface Pro 3 was around $1000, then we have less than 1 million units sold, which isn't that impressive, but it's a good start.
Canada

Days After Shooting, Canada Proposes New Restrictions On and Offline 154

Posted by timothy
from the absolute-security dept.
New submitter o_ferguson writes As Slashdot reported earlier this week, a lone shooter attacked the war memorial and parliament buildings in Ottawa, Canada on Wednesday. As many comments predicted, the national government has seized this as an opportunity to roll out considerable new regressive legislation, including measures designed to* increase data access for domestic intelligence services, institute a new form of extra-judicial detention, and, perhaps most troubling, criminalize some forms of religious and political speech online. As an example of the type of speech that could, in future, be grounds for prosecution, the article mentions that the killer's website featured "a black ISIS flag and rejoiced that 'disbelievers' will be consigned to the fires of Hell for eternity." A government MP offers the scant assurance that this legislation is not "trauma tainted," as it was drafted well prior to this week's instigating incidents. Needless to say, some internet observes remain, as always, highly skeptical of the manner in which events are being portrayed. (Please note that some articles may be partially paywalled unless opened in a private/incognito browser window.)
AT&T

AT&T Locks Apple SIM Cards On New iPads 69

Posted by timothy
from the well-that's-not-cricket dept.
As reported by MacRumors, the unlocked, carrier-switchable SIM cards built into the newest iPads aren't necessarily so -- at least if you buy them from an AT&T store. Though the card comes from Apple with the ability to support (and be switched among with software, if a change is necessary) all major carriers, "AT&T is not supporting this interchangeability and is locking the SIM included with cellular models of the iPad Air 2 and Retina iPad mini 3 after it is used with an AT&T plan. ... AT&T appears to be the only participating carrier that is locking the Apple SIM to its network. T-Mobile's John Legere has indicated that T-Mobile's process does not lock a customer in to T-Mobile, which appears to be confirmed by Apple's support document, and Sprint's process also seems to leave the Apple SIM unlocked and able to be used with other carrier plans. Verizon, the fourth major carrier in the United States, did not opt to allow the Apple SIM to work with its network." The iPad itself can still be activated and used on other networks, but only after the installation of a new SIM.
Security

Passwords: Too Much and Not Enough 138

Posted by Soulskill
from the 123456-trustno1-hunter2-letmein dept.
An anonymous reader writes: Sophos has a blog post up saying, "attempts to get users to choose passwords that will resist offline guessing, e.g., by composition policies, advice and strength meters, must largely be judged failures." They say a password must withstand 1,000,000 guesses to survive an online attack but 100,000,000,000,000 to have any hope against an offline one. "Not only is the difference between those two numbers mind-bogglingly large, there is no middle ground." "Passwords falling between the two thresholds offer no improvement in real-world security, they're just harder to remember." System administrators "should stop worrying about getting users to create strong passwords and should focus instead on properly securing password databases and detecting leaks when they happen."
Verizon

Verizon Injects Unique IDs Into HTTP Traffic 128

Posted by Soulskill
from the doing-the-wrong-thing-badly dept.
An anonymous reader writes: Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user." Just like they said they would.
The Internet

Secretive Funding Fuels Ongoing Net Neutrality Astroturfing Controversy 45

Posted by Soulskill
from the all-about-the-benjamins dept.
alphadogg writes: The contentious debate about net neutrality in the U.S. has sparked controversy over a lack of funding transparency for advocacy groups and think tanks, which critics say subverts the political process. News stories from a handful of publications in recent months have accused some think tanks and advocacy groups of "astroturfing" — quietly shilling for large broadband carriers. In a handful of cases, those criticisms appear to have some merit, although the term is so overused by people looking to discredit political opponents that it has nearly lost its original meaning. An IDG News Service investigation found that major groups opposing U.S. Federal Communications Commission reclassification and regulation of broadband as a public utility tend to be less transparent about their funding than the other side. Still, some big-name advocates of strong net neutrality rules also have limited transparency mechanisms in place.
Build

A Low Cost, Open Source Geiger Counter (Video) 36

Posted by Roblimo
from the be-sure-to-take-one-of-these-on-your-next-trip-to-chernobyl dept.
Sawaiz Syed's LinkedIn page says he's a "Hardware Developer at GSU [Georgia State University], Department of Physics." That's a great workplace for someone who designs low cost radiation detectors that can be air-dropped into an area where there has been a nuclear accident (or a nuclear attack; or a nuclear terrorist act) and read remotely by a flying drone or a robot ground vehicle. This isn't Sawaiz's only project; it's just the one Timothy asked him about most at the recent Maker Faire Atlanta. (Alternate Video Link)
Google

Computer Scientist Parachutes From 135,908 Feet, Breaking Record 147

Posted by Soulskill
from the touching-space dept.
An anonymous reader writes: The NY Times reports that Alan Eustace, a computer scientist and senior VP at Google, has successfully broken the record for highest freefall jump, set by Felix Baumgartner in 2012. "For a little over two hours, the balloon ascended at speeds up to 1,600 feet per minute to an altitude of 135,908 feet, more than 25 miles. Mr. Eustace dangled underneath in a specially designed spacesuit with an elaborate life-support system. He returned to earth just 15 minutes after starting his fall. ... Mr. Eustace cut himself loose from the balloon with the aid of a small explosive device and plummeted toward the earth at a speeds that peaked at more than 800 miles per hour, setting off a small sonic boom heard by observers on the ground. ... His technical team had designed a carbon-fiber attachment that kept him from becoming entangled in the main parachute before it opened. About four-and-a-half minutes into his flight, he opened the main parachute and glided to a landing 70 miles from the launch site."
Security

Researcher Finds Tor Exit Node Adding Malware To Downloads 95

Posted by Soulskill
from the at-least-it's-anonymous-malware dept.
Trailrunner7 writes: A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services. Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack.

What Pitts found during his research is that an attacker with a MITM position can actively patch binaries–if not security updates–with his own code. In terms of defending against the sort of attack, Pitts suggested that encrypted download channels are the best option, both for users and site operators. "SSL/TLSis the only way to prevent this from happening. End-users may want to consider installing HTTPS Everywhere or similar plugins for their browser to help ensure their traffic is always encrypted," he said via email.
Education

Employers Worried About Critical Thinking Skills 407

Posted by Soulskill
from the employees-worried-about-it-too dept.
Nerval's Lobster writes: Every company needs employees who can analyze information effectively, discarding what's unnecessary and digging down into what's actually useful. But employers are getting a little bit worried that U.S. schools aren't teaching students the necessary critical-thinking skills to actually succeed once they hit the open marketplace. The Wall Street Journal talked with several companies about how they judge critical-thinking skills, a few of which ask candidates to submit to written tests to judge their problem-solving abilities. But that sidesteps the larger question: do schools need to shift their focus onto different teaching methods (i.e., downplaying the need for students to memorize lots of information), or is our educational pipeline just fine, thank you very much?
Science

Recent Nobel Prize Winner Revolutionizes Microscopy Again 30

Posted by Soulskill
from the magnified-consistency dept.
An anonymous reader writes: Eric Betzig recently shared in the Nobel Prize for Chemistry for his work on high-resolution microscopy. Just yesterday, Betzig and a team of researchers published a new microscopy technique (abstract) that "allows them to observe living cellular processes at groundbreaking resolution and speed." According to the article, "Until now, the best microscope for viewing living systems as they moved were confocal microscopes. They beam light down onto a sample of cells. The light penetrates the whole sample and bounces back. ... The light is toxic, and degrades the living system over time. Betzig's new microscope solves this by generating a sheet of light that comes in from the side of the sample, made up of a series of beams that harm the sample less than one solid cone of light. Scientists can now snap a high-res image of the entire section they're illuminating, without exposing the rest of the sample to any light at all."
Science

Decades-old Scientific Paper May Hold Clues To Dark Matter 84

Posted by Soulskill
from the how-scientists-become-hoarders dept.
sciencehabit writes: Here's one reason libraries hang on to old science journals: A paper from an experiment conducted 32 years ago may shed light on the nature of dark matter, the mysterious stuff whose gravity appears to keep the galaxies from flying apart. The old data put a crimp in the newfangled concept of a 'dark photon' and suggest that a simple bargain-basement experiment could put the idea to the test. The data come from E137, a "beam dump" experiment that ran from 1980 to 1982 at SLAC National Accelerator Laboratory in Menlo Park, California. In the experiment, physicists slammed a beam of high-energy electrons, left over from other experiments, into an aluminum target to see what would come out. Researchers placed a detector 383 meters behind the target, on the other side of a sandstone hill 179 meters thick that blocked any ordinary particles.
PC Games (Games)

PCGamingWiki Looks Into Linux Gaming With 'Port Reports' 67

Posted by Soulskill
from the welcome-to-our-home dept.
AberBeta writes: PCGamingWiki contributor Soeb has been looking into the recent larger budget game releases to appear on Linux, including XCOM: Enemy Unknown and Borderlands: The Pre–Sequel produced by Mac porting houses Feral and Aspyr. Soeb reports that while feature parity is high, performance could be a bit better. Performance differences aside, the games are finally arriving on Linux — now the userbase needs to expand to make a virtuous cycle.
The Almighty Buck

How To Beat Online Price Discrimination 144

Posted by Soulskill
from the complain-until-they-give-it-to-you-for-free dept.
New submitter Intrepid imaginaut sends word of a study (PDF) into how e-commerce sites show online shoppers different prices depending on how they found an item and what the sites know about the customer. "For instance, the study found, users logged in to Cheaptickets and Orbitz saw lower hotel prices than shoppers who were not registered with the sites. Home Depot shoppers on mobile devices saw higher prices than users browsing on desktops. Some searchers on Expedia and Hotels.com consistently received higher-priced options, a result of randomized testing by the websites. Shoppers at Sears, Walmart, Priceline, and others received results in a different order than control groups, a tactic known as “steering.” To get a better price, the article advises deleting cookies before shopping, using your browser's private mode, putting the items in your shopping cart without buying them right away, and using tools like Camelcamelcamel to keep an eye out for price drops.

Nothing is more admirable than the fortitude with which millionaires tolerate the disadvantages of their wealth. -- Nero Wolfe

Working...