Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Old Apache Code At Root of Android FakeID Mess

Soulskill posted 3 hours ago | from the write-once-run-anywhere dept.

Android 69

chicksdaddy writes: A four-year-old vulnerability in an open source component that is a critical part of Android leaves hundreds of millions of mobile devices susceptible to silent malware infections. The vulnerability affects devices running Android versions 2.1 to 4.4 ("KitKat"), according to a statement released by Bluebox. The vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes, "an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim."

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.

35% of American Adults Have Debt 'In Collections'

Soulskill posted 3 hours ago | from the all-the-cool-kids-are-doing-it dept.

The Almighty Buck 187

New submitter meeotch writes: According to a new study by the Urban Institute, 35% of U.S. adults with a credit history (91% of the adult population of the U.S.) have debt "in collections" — a status generally not acquired until payments are at least 180 days past due. Debt problems seem to be worse in the South, with states hovering in the 40%+ range, while the Northeast has it better, at less than 30%. The study's authors claim their findings actually underrepresent low-income consumers, because "adults without a credit file are more likely to be financially disadvantaged."

Oddly, only 5% of adults have debt 30-180 days past due. This latter fact is partially accounted for by the fact that a broader range of debt can enter "in collections" status than "past due" status (e.g. parking tickets)... But also perhaps demonstrates that as one falls far enough along the debt spiral, escape becomes impossible. Particularly in the case of high-interest debt such as credit cards — the issuers of which cluster in states such as South Dakota, following a 1978 Supreme Court ruling that found that states' usury laws did not apply to banks headquartered in other states.

Even taking into account the folks who lost a parking ticket under their passenger seat, 35% is a pretty shocking number. Anyone have other theories why this number is so much higher than the 5% of people who are just "late"? How about some napkin math on the debt spiral?

Which Is Better, Adblock Or Adblock Plus?

Soulskill posted 4 hours ago | from the who-blacklists-the-blacklisters dept.

The Internet 106

An anonymous reader writes: Wladimir Palant is the creator of the Adblock Plus browser extension, but he often gets asked how it compares to a similar extension for Chrome called Adblock. In the past, he's told people the two extensions achieve largely the same end, but in slightly different ways. However, recent changes to the Adblock project have him worried. "AdBlock covertly moved from an open development model towards hiding changes from its users. Users were neither informed about that decision nor the reasons behind it." He goes through the changelog and highlights some updates that call into question the integrity of Adblock. For example, from an update on June 6th: "Calling home functionality has been extended. It now sends user's locale in addition to the unique user ID, AdBlock version, operating system and whether Google Search ads are being allowed. Also, AdBlock will tell getadblock.com (or any other website if asked nicely) whether AdBlock has just been installed or has been used for a while — again, in addition to the unique user ID." Of course, Palant has skin in this game, and Adblock Plus has dealt with fallout from their "acceptable ads policy," but at least it's still developed in the open.

seL4 Verified Microkernel Now Open Source

Unknown Lamer posted 6 hours ago | from the formal-verification-for-the-rest-of-us dept.

Open Source 41

Back in 2009, OKLabs/NICTA announced the first formally verified microkernel, seL4 (a member of the L4 family). Alas, it was proprietary software. Today, that's no longer the case: seL4 has been released under the GPLv2 (only, no "or later versions clause" unfortunately). An anonymous reader writes OSnews is reporting that the formally verified sel4 microkernel is now open source: "General Dynamics C4 Systems and NICTA are pleased to announce the open sourcing of seL4, the world's first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement. It is still the world's most highly assured OS." Source is over at Github. It supports ARM and x86 (including the popular Beaglebone ARM board). If you have an x86 with the VT-x and Extended Page Table extensions you can even run Linux atop seL4 (and the seL4 website is served by Linux on seL4).

Senate Bill Would Ban Most Bulk Surveillance

Soulskill posted 8 hours ago | from the assuming-they-can-pass-anything dept.

Government 148

An anonymous reader writes: Today Senator Patrick Leahy (D-VT) introduced a bill that would ban bulk collection of telephone records and internet data for U.S. citizens. This is a stronger version of the legislation that passed the U.S. House in May, and it has support from the executive branch as well. "The bill, called the USA Freedom Act, would prohibit the government from collecting all information from a particular service provider or a broad geographic area, such as a city or area code, according to a release from Leahy's office. It would expand government and company reporting to the public and reform the Foreign Intelligence Surveillance Court, which reviews NSA intelligence activities. Both House and Senate measures would keep information out of NSA computers, but the Senate bill would impose stricter limits on how much data the spy agency could seek."

Ask Slashdot: Open Hard- & Software Based Security Token?

timothy posted 10 hours ago | from the you-could-use-postcards-scanned-by-an-arduino dept.

Security 95

Qbertino (265505) writes I've been musing about a security setup to allow my coworkers/users access to files from the outside. I want security to be a little safer than pure key- or password-based SSH access, and some super-expensive RSA Token setup is out of question. I've been wondering whether there are any feasible and working FOSS and open hardware-based security token generator projects out there. It'd be best with ready-made server-side scripts/daemons. Perhaps something Arduino or Raspberry Pi based? Has anybody tried something like this? What are your experiences? What do you use? How would you attempt an open hardware FOSS solution to this problem?

Ridley Scott to Produce Philip K Dick's The Man In the High Castle

timothy posted 12 hours ago | from the it's-all-in-your-head dept.

Sci-Fi 110

hawkinspeter (831501) writes Amazon has given the green light to produce the Hugo award-winning "The Man in the High Castle". This is after the four-hour mini-series was rejected by Syfy and afterwards by the BBC. Philip K Dick's novel takes place in an alternate universe where the Axis Powers won the Second World War. It's one of his most successful works, probably due to him actually spending the time to do some editing on it (most of his fiction was produced rapidly in order to get some money). Ridley Scott has previously adapted PKD's "Do Androids Dream of Electric Sheep" as the film Blade Runner, so it will be interesting to see how close he keeps to the source material this time. This news has been picked up by a few sites: International Business Times; The Register and Deadline.

London Police Placing Anti-Piracy Warning Ads On Illegal Sites

timothy posted yesterday | from the since-you're-here-anyhow dept.

Piracy 152

mrspoonsi (2955715) writes "The City of London police has started placing banner advertisements on websites believed to be offering pirated content illegally. The messages, which will appear instead of paid-for ads, will ask users to close their web browsers. The move comes as part of a continuing effort to stop piracy sites from earning money through advertising. Police said the ads would make it harder for piracy site owners to make their pages look authentic. "When adverts from well known brands appear on illegal websites, they lend them a look of legitimacy and inadvertently fool consumers into thinking the site is authentic," said Detective Chief Inspector Andy Fyfe from the City of London Police Intellectual Property Crime Unit (Pipcu). "This new initiative is another step forward for the unit in tackling IP crime and disrupting criminal profits. "Copyright infringing websites are making huge sums of money though advert placement, therefore disrupting advertising on these sites is crucial and this is why it is an integral part of Operation Creative.""

Dear Museums: Uploading Your Content To Wikimedia Commons Just Got Easier

Unknown Lamer posted yesterday | from the who-doesn't-need-more-bird-videos? dept.

Wikipedia 24

The ed17 (2834807) writes Galleries, libraries, archives, and museums (GLAMs) are now facing fewer barriers to uploading their content to Wikimedia Commons — the website that stores most of Wikipedia's images and videos. Previously, these institutions had to build customized scripts or be lucky enough to find a Wikimedia volunteer to do the work for them. According to the toolset's coordinator Liam Wyatt, 'this is a giant leap forward in giving GLAMs the agency to share with Commons on their own terms.' The Netherlands Institute for Sound and Vision has a short article on their use of the new toolkit to upload hundreds of videos of birds. See also the GWToolset project page and documentation on the upload system (includes screencasts). Before the toolset, organizations wishing to donate collections had to write one-off tools to translate between their metadata schema and Wikimedia's schema. The GWToolset allows the organization to generate and upload a single XML file containing metadata (using arbitrary, even mixed, schemas, with some limitations) for all items in a batch upload, prompts for mappings between the vocabulary used by the organization and the vocabulary accepted by Mediawiki, and then pulls the files into the Commons.

US States Edge Toward Cryptocoin Regulation

timothy posted yesterday | from the hey-these-still-smell-like-dollars dept.

Bitcoin 154

SonicSpike points out an article from the Pew Charitable Trusts' Research & Analysis department on the legislation and regulation schemes emerging in at least a few states in reaction to the increasing use of digital currencies like Bitcoin. A working group called the Conference of State Bank Supervisors’ Emerging Payments Task Force has been surveying the current landscape of state rules and approaches to digital currencies, a topic on which state laws are typically silent. In April, the task force presented a model consumer guidance to help states provide consumers with information about digital currencies. A number of states, including California, Massachusetts and Texas, have issued warnings to consumers that virtual currencies are not subject to “traditional regulation or monetary policy,” including insurance, bonding and other security measures, and that values can fluctuate dramatically. ... The article focuses on the high-population, big-economy states of New York, California and Texas, with a touch of Kansas -- but other states are sure to follow. Whether you live in the U.S. or not, are there government regulations that you think would actually make sense for digital currencies?

Off the Florida Coast, Astronauts Train For Asteroid Mission

timothy posted 2 days ago | from the in-space-no-one-can-hear-you-access-facebook dept.

NASA 77

Space.com gives an overview of the training that four astronauts are undergoing over 9 days submerged off the coast of Florida near Key Largo. The training mission, dubbed NEEMO 18, is one step toward a proposed (mid-2020s) mission to actually visit a captured asteroid in lunar orbit. In addition to the complications of working outside their school-bus sized habitat while awkwardly suited up in a low-gravity (or at least high buoyancy) environment, their mission also includes a 10-minute communications delay, to simulate the high-latency communications with mission control that would be inevitable for an actual asteroid mission. The experiments astronauts are doing during the mission, which began Monday (July 21), range from the physical to the behavioral. For example, each of the crew members sports a sensor that records how close the crew members work with each other inside the school-bus-size habitat. ... Communications with NEEMO Mission Control is usually constant, and there is the ability to send items to and from the habitat as needed. Also living inside the habitat are two support staff who are assisting with Aquarius maintenance and systems, as required. The crew members also have Internet and phone service to talk with family and friends.

Valencia Linux School Distro Saves 36 Million Euro

timothy posted 2 days ago | from the oh-no-big-deal dept.

Education 153

jrepin (667425) writes "The government of the autonomous region of Valencia (Spain) earlier this month made available the next version of Lliurex, a customisation of the Edubuntu Linux distribution. The distro is used on over 110,000 PCs in schools in the Valencia region, saving some 36 million euro over the past nine years, the government says." I'd lke to see more efforts like this in the U.S.; if mega school districts are paying for computers, I'd rather they at least support open source development as a consequence.

A Router-Based Dev Board That Isn't a Router

timothy posted 2 days ago | from the hook-it-to-anything dept.

Networking 53

An anonymous reader writes with a link to an intriguing device highlighted at Hackaday (it's an Indiegogo project, too, if it excites you $90 worth, and seems well on its way to meeting its modest goal): The DPT Board is something that may be of interest to anyone looking to hack up a router for their own connected project or IoT implementation: hardware based on a fairly standard router, loaded up with OpenWRT, with a ton of I/O to connect to anything.

It's called the DPT Board, and it's basically an hugely improved version of the off-the-shelf routers you can pick up through the usual channels. On board are 20 GPIOs, USB host, 16MB Flash, 64MB RAM, two Ethernet ports, on-board 802.11n and a USB host port. This small system on board is pre-installed with OpenWRT, making it relatively easy to connect this small router-like device to LED strips, sensors, or whatever other project you have in mind.

Satellite Images Show Russians Shelling Ukraine

timothy posted 2 days ago | from the one-for-all-and-what's-the-password? dept.

United States 558

U.S. officials today made public satellite imagery which they say proves that Russian forces have been shelling eastern Ukraine in a campaign to assist rebel groups fighting Ukraine’s government. The U.S. Office of the Director of National Intelligence, which released the civilian-taken satellite images Sunday, said they show visual evidence that Russia has been firing shells across the border at Ukrainian military forces. Officials also said the images show that Russia-backed separatists have used heavy artillery, provided by Russia, in attacks on Ukrainian forces from inside Ukraine. One image dated July 25/26 shows what DNI claims is “ground scarring” on the Russian side of the border from artillery aimed at Ukrainian military units in Ukraine, as well as the resultant ground craters on the Ukrainian side of the border:

SpaceX Executive Calls For $22-25 Billion NASA Budget

timothy posted 2 days ago | from the only-tax-dollars-after-all dept.

NASA 107

MarkWhittington (1084047) writes "While participating in a panel called "The US Space Enterprise Partnership" at the NewSpace Conference that was held by the Space Frontier Foundation on Saturday, SpaceX Chief Operating Officer Gwynne Shotwell opined that NASA's budget should be raised to $22-25 billion, according to a tweet by Space Policy Online's Marcia Smith. The theory is that a lot of political rancor has taken place in the aerospace community because of the space agency's limited budget. If the budget were to be increased to pay for everything on the space wish list, the rancor will cease.

The statement represents something of a departure of the usual mutual antagonism that exists between some in the commercial space community and some at NASA. Indeed Space Politics' Jeff Foust added a tweet, "Thought: a panel at a Space Frontier Foundation conf is talking about how to increase NASA budget. Imagine that in late 90s." The Space Frontier Foundation has been a leading voice for commercializing space, sometimes at the expense of NASA programs."

Amputee Is German Long Jump Champion

timothy posted 2 days ago | from the we-are-all-augmented dept.

Medicine 174

hweimer (709734) writes "German long jumper Markus Rehm has written sports history yesterday, becoming the first disabled athlete to win a national able-bodied championship. His jump to 8.24 meters put him on the 9th place of the current season rankings and make him egligible to compete in the upcoming European championships, further sparking the debate whether his prosthetic leg provides him with an unfair advantage."

Nasty Business: How To Drain Competitors' Google AdWords Budgets

timothy posted 2 days ago | from the this-one-weird-trick dept.

Advertising 95

tsu doh nimh (609154) writes KrebsOnSecurity looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.The service allows companies to attack competitors by raising their costs or exhausting their ad budgets early in the day. Advertised on YouTube and run by a guy boldly named "GoodGoogle," the service employs a combination of custom software and hands-on customer service, and promises clients the ability to block the appearance of competitors' ads. From the story: "The prices range from $100 to block between three to ten ad units for 24 hours to $80 for 15 to 30 ad units. For a flat fee of $1,000, small businesses can use GoodGoogle's software and service to sideline a handful of competitors' ads indefinitely."

In France, Most Comments on Gaza Conflict Yanked From Mainstream News Sites

timothy posted 2 days ago | from the national-brotherhood-week dept.

The Internet 496

An anonymous reader writes with an unpleasant statistic from France, quoting David Corchia, who heads a service employed by large French news organizations to sift through and moderate comments made on their sites. Quoting YNet News: Corchia says that as an online moderator, generally 25% to 40% of comments are banned. Moderators are assigned with the task of filtering comments in accordance with France's legal system, including those that are racist, anti-Semitic or discriminatory. Regarding the war between the Israelis and Hamas, however, Corchia notes that some 95% of online comments made by French users are removed. "There are three times as many comments than normal, all linked to the Israeli-Palestinian conflict," added Jeremie Mani, head of another moderation company Netino. "We see racist or anti-Semitic messages, very violent, that also take aim at politicians and the media, sometimes by giving journalists' contact details," he added. "This sickening content is peculiar to this conflict. The war in Syria does not trigger these kinds of comments."

When Spies and Crime-Fighters Squabble Over How They Spy On You

timothy posted 3 days ago | from the we-may-or-may-not-have-done-that dept.

United States 120

The Washington Post reports in a short article on the sometimes strange, sometimes strained relationship between spy agencies like the NSA and CIA and law enforcement (as well as judges and prosecutors) when it comes to evidence gathered using technology or techniques that the spy agencies would rather not disclose at all, never mind explain in detail. They may both be arms of the U.S. government, but the spy agencies and the law enforcers covet different outcomes. From the article: [S]sometimes it's not just the tool that is classified, but the existence itself of the capability — the idea that a certain type of communication can be wiretapped — that is secret. One former senior federal prosecutor said he knew of at least two instances where surveillance tools that the FBI criminal investigators wanted to use "got formally classified in a big hurry" to forestall the risk that the technique would be revealed in a criminal trial. "People on the national security side got incredibly wound up about it," said the former official, who like others interviewed on the issue spoke on condition of anonymity because of the topic’s sensitivity. "The bottom line is: Toys get taken away and put on a very, very high shelf. Only people in the intelligence community can use them." ... The DEA in particular was concerned that if it came up with a capability, the National Security Agency or CIA would rush to classify it, said a former Justice Department official.

Ask Slashdot: Where Do You Get (or Share) News About Open Source Projects?

timothy posted 3 days ago | from the just-start-typing-random-ips dept.

Open Source 85

An anonymous reader writes "Now that freshmeat.net / freecode.com doesn't accept any updates, I wonder how the Slashdot crowd gets news about new projects, and even new versions of existing projects. For project managers, where could you announce new versions of your project, so that it can reach not just those who already know the project. Freshmeat / Freecode had all the tools to explore and discover projects, see screenshots (a mandatory feature for any software project, even with only a console interface or no interface at all) and go to the homepage of the project. I subscribed years ago to the RSS feed and sometimes found interesting projects this way. You could replace these tools by subscribing to newsletters or feeds from the projects you follow, but that doesn't cover the discovery part." And do any of the major development / hosting platforms for Free / Open Source projects (GitHub, Launchpad, or Slashdot sister-site SourceForge) have tools you find especially useful for skimming projects of interest?

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...