Open Source

Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account

Slashdot - 3 hours 17 min ago
An anonymous reader quotes Hot Hardware: Stu Gale, who just so happens to be a computer security expert, had the misfortune of having his laptop stolen from his car overnight. However, Gale did have remote software installed on the device which allowed him to track whenever it came online. So, he was quite delighted to see that a notification popped up on one of his other machines alerting him that his stolen laptop was active. Gale took the opportunity to remote into the laptop, only to find that the not-too-bright thief was using his laptop to login to her Facebook account. The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers. In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow. Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."

Read more of this story at Slashdot.

Categories: Open Source, Technology

Trump’s Flack Said a Lot of Wrong Stuff. Nerds Ain’t Having It

Wired - Top Stories - Sat, 01/21/2017 - 11:38pm
The geekiest Twitterati are taking White House Press Secretary Sean Spicer to task for his news conference today. The post Trump’s Flack Said a Lot of Wrong Stuff. Nerds Ain’t Having It appeared first on WIRED.
Categories: Open Source, Technology

Free Software Foundation Shakes Up Its List of Priority Projects

Slashdot - Sat, 01/21/2017 - 11:34pm
alphadogg quotes Network World: The Free Software Foundation Tuesday announced a major rethinking of the software projects that it supports, putting top priority on a free mobile operating system, accessibility, and driver development, among other areas. The foundation has maintained the High Priority Projects list since 2005, when it contained just four free software projects. [That rose to 12 projects by 2008, though the changelog shows at least seven projects have since been removed.] Today's version mostly identifies priority areas, along with a few specific projects in key areas. The new list shows the FSF will continue financially supporting Replicant, their free version of Android, and they're also still supporting projects to create a free software replacement for Skype with real-time voice and video capabilities. But they're now also prioritizing various projects to replace Siri, Google Now, Alexa, and Cortana with a free-software personal assistant, which they view as "crucial to preserving users' control over their technology and data while still giving them the benefits such software has for many." And other priorities now include internationalization, accessibility, decentralization and self-hosting, and encouraging governments to adopt free software.

Read more of this story at Slashdot.

Categories: Open Source, Technology

The Women’s March Defines Protest in the Facebook Age

Wired - Top Stories - Sat, 01/21/2017 - 10:24pm
It was a protest as sprawling, diverse, and ubiquitous as the platform that spawned it. The post The Women’s March Defines Protest in the Facebook Age appeared first on WIRED.
Categories: Open Source, Technology

Knuth Previews New Math Section For 'The Art of Computer Programming'

Slashdot - Sat, 01/21/2017 - 9:34pm
In 1962, 24-year-old Donald Knuth began writing The Art of Computer Programming -- and 55 years later, he's still working on it. An anonymous reader quotes Knuth's web site at Stanford: Volume 4B will begin with a special section called 'Mathematical Preliminaries Redux', which extends the 'Mathematical Preliminaries' of Section 1.2 in Volume 1 to things that I didn't know about in the 1960s. Most of this new material deals with probabilities and expectations of random events; there's also an introduction to the theory of martingales. You can have a sneak preview by looking at the current draft of pre-fascicle 5a (52 pages), last updated 18 January 2017. As usual, rewards will be given to whoever is first to find and report errors or to make valuable suggestions. I'm particularly interested in receiving feedback about the exercises (of which there are 125) and their answers (of which there are 125). Over the years Knuth gave out over $20,000 in rewards, though most people didn't cash his highly-coveted "hexadecimal checks", and in 2008 Knuth switched to honorary "hexadecimal certificates". In 2014 Knuth complained about the "dumbing down" of computer science history, and his standards remain high. In his most-recent update, 79-year-old Knuth reminds readers that "There's stuff in here that isn't in Wikipedia yet!"

Read more of this story at Slashdot.

Categories: Open Source, Technology

New Wyoming Bill Penalizes Utilities Using Renewable Energy

Slashdot - Sat, 01/21/2017 - 7:34pm
An anonymous reader quotes a Christian Science Monitor report on "a bill that would essentially ban large-scale renewable energy" in Wyoming. The new Wyoming bill would forbid utilities from using solar or wind sources for their electricity by 2019, according to Inside Climate News... The bill would require utilities to use "eligible resources" to meet 95 percent of Wyoming's electricity needs in 2018, and all of its electricity needs in 2019. Those "eligible resources" are defined solely as coal, hydroelectric, natural gas, nuclear, oil, and individual net metering... Utility-scale wind and solar farms are not included in the bill's list of "eligible resources," making it illegal for Wyoming utilities to use them in any way if the legislation passes. The bill calls for a fine of $10 per megawatt-hour of electricity from a renewable source to be slapped on Wyoming utilities that provide power from unapproved sources to in-state customers. The bill also prohibits utilities from raising rates to cover the cost of those penalties, though utilities wouldn't be penalized if they exported that energy to other states. But one local activist described it as 'talking-point' legislation, and even the bill's sponsor gives it only a 50% chance of passing.

Read more of this story at Slashdot.

Categories: Open Source, Technology

The SHA-1 End Times Have Arrived

Slashdot - Sat, 01/21/2017 - 6:34pm
"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain." Threatpost reports: Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"... Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant. The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and Cloudflare

Read more of this story at Slashdot.

Categories: Open Source, Technology

Raspberry Pi Gets Competitors

Slashdot - Sat, 01/21/2017 - 5:34pm
Hackaday reports that Asus has "quietly released their Tinker board that follows the Pi form factor very closely, and packs a 1.8 GHz quad-core ARM Cortes A17 alongside an impressive spec At £55 (about $68) where this is being written it's more expensive than the Pi, but Asus go to great lengths to demonstrate that it is significantly faster." And though the Raspberry Pi foundation upgraded their Compute Module, Pine64 has just unveiled their new SOPINE A64 64-bit computing module, a smaller version of the $15 Pine64 computer. An anonymous reader quotes ComputerWorld: At $29, the SOPINE A64 roughly matches the price of the Raspberry Pi Compute Module 3, which ranges from $25 to $30. The new SOPINE will ship in February, according to the website. The SOPINE A64 can't operate as a standalone computer like the Pine64. It needs to be plugged in as a memory slot inside a computer. But if you want a full-blown computer, Pine64 also sells the $15 SOPINE Baseboard Model-A, which "complements the SOPINE A64 Compute Module and turns it into a full single board computer," according to the company... The original Pine64 was crowdsourced and also became popular for its high-end components like a 64-bit chip and DDR3 memory... It has 2GB RAM, which is twice that of Raspberry Pi's compute module. SOPINE also has faster DDR3 memory, superior to DDR2 memory in Raspberry Pi Compute Module 3 board.

Read more of this story at Slashdot.

Categories: Open Source, Technology

Newest Tesla Autopilot Data Shows A 40% Drop in Crashes

Slashdot - Sat, 01/21/2017 - 4:34pm
There's a surprise in the data from an investigation into Tesla safety by the U.S. National Highway Traffic Safety Administration. An anonymous reader quotes Bloomberg: [W]hile all Tesla vehicles come with the hardware necessary for Autopilot, you need a software upgrade that costs thousands of dollars to make it work. Since buyers can add Autopilot features after purchase, this provides a perfect before-and-after comparison. It turns out that, according to the data Tesla gave investigators, installing Autopilot prevents crashes -- by an astonishing 40 percent... Now -- thanks to an investigation that initially hurt the company -- there is finally some real data, and it's good news for Tesla... As the software matures to match the new hardware, Musk said on Thursday via a Tweet, Tesla is targeting a 90 percent reduction in car crashes.

Read more of this story at Slashdot.

Categories: Open Source, Technology

Oracle to Block JAR Files Signed with MD5 Starting In April

Slashdot - Sat, 01/21/2017 - 3:34pm
An anonymous reader quotes BleepingComputer: Oracle says that starting with April 18, 2017, Java (JRE) will treat all JAR files signed with the MD5 algorithm as unsigned, meaning they'll be considered insecure and blocked from running. Oracle originally planned MD5's deprecation for the current Critical Patch Update, released this week, which included a whopping 270 security fixes, one of the biggest security updates to date. The company decided to give developers and companies more time to prepare and delayed MD5's deprecation for the release of Oracle Java SE 8u131 and the next Java CPU, scheduled for release in April... Oracle removed MD5 as a default code signing option from Java SE 6, released in 2006. Despite this, there will be thousands of Java apps that will never be resigned. For this, Oracle will allow system administrators to set up custom deployment rule sets and exception site lists to allow Java applets and Java Web Start applications signed with MD5 to run. Sometimes in the second half of 2017, Oracle also plans to change the minimum key length for Diffie-Hellman algorithms to 1024 bits. These updates are part of Oracle's long-standing plan for changes to the security algorithms in the Oracle Java Runtime Environment and Java SE Development Kit.

Read more of this story at Slashdot.

Categories: Open Source, Technology

Pwn2Own 2017 Offers Big Bounties For Linux, Browser, and Apache Exploits

Slashdot - Sat, 01/21/2017 - 2:34pm
Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March. Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu. "We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following: $100,000 for escaping a virtualization hypervisor$80,000 for a Microsoft Edge or Google Chrome exploit$50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint$50,000 for an Apple Safari exploit$30,000 for a Firefox exploit$30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)$200,000 for an Apache Web Server exploit

Read more of this story at Slashdot.

Categories: Open Source, Technology

Are Squirrels A Bigger Threat To Our Critical Infrastructure?

Slashdot - Sat, 01/21/2017 - 1:34pm
"The real threat to global critical infrastructure is not enemy states or organizations but squirrels, according to one security expert." Long-time Slashdot reader randomErr quotes the BBC. Cris Thomas has been tracking power cuts caused by animals since 2013... His Cyber Squirrel 1 project was set up to counteract what he called the "ludicrousness of cyber-war claims by people at high levels in government and industry", he told the audience at the Shmoocon security conference in Washington. Squirrels topped the list with 879 "attacks", followed by birds with 434 attacks and then snakes at 83 attacks. Those three animals -- along with rats -- have caused 1,700 different power cuts affecting nearly 5,000,000 people .

Read more of this story at Slashdot.

Categories: Open Source, Technology

Google Pressured 90,000 Android Developers Over Insecure Apps

Slashdot - Sat, 01/21/2017 - 12:34pm
An anonymous reader quotes PCWorld: Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps... In the early days of the App Security Improvement program, developers only received notifications, but were under no pressure to do anything. That changed in 2015 when Google expanded the types of issues it scanned for and also started enforcing deadlines for fixing many of them... Google added checks for six new vulnerabilities in 2015, all of them with a patching deadline, and 17 in 2016, 12 of which had a time limit for fixes. These issues ranged from security flaws in third-party libraries, development frameworks and advertising SDKs to insecure implementations of Android Java classes and interfaces. 100,000 applications had been patched by April of 2016, but that number tripled over the next nine months, with 90,000 developers fixing flaws in over 275,000 apps.

Read more of this story at Slashdot.

Categories: Open Source, Technology

FTC Dismantles Two Huge Robocall Organizations

Slashdot - Sat, 01/21/2017 - 11:34am
Billions of robocalls came from two groups selling extended auto warranties, SEO services, and home security systems over the last seven years -- many to numbers on the "Do Not Call" list -- but this week the Federal Trade Commission took action. Trailrunner7 shares this report from OnTheWire: Continuing its campaign against phone fraud operations, the FTC has dismantled two major robocall organizations... They and many of their co-defendants have agreed to court-ordered bans on robocall activities and financial settlements... The FTC and the FCC both have been cracking down on illegal robocall operations recently. The FCC has formed a robocall strike force with the help of carriers and also has signed an agreement to cooperate with Canadian authorities to address the problem. "The law is clear about robocalls," says one FTC executive. "If a telemarketer doesn't have consumers' written permission, it's illegal to make these calls."

Read more of this story at Slashdot.

Categories: Open Source, Technology

New Release Of Nim Borrows From Python, Rust, Go, and Lisp

Slashdot - Sat, 01/21/2017 - 10:34am
An anonymous reader writes: "Nim compiles and runs fast, delivers tiny executables on several platforms, and borrows great ideas from numerous other languages," according to InfoWorld. After six years, they write, Nim is finally "making a case as a mix of the best of many worlds: The compilation speed and cross-platform targeting of Go, the safe-by-default behaviors of Rust, the readability and ease of development of Python, and even the metaprogramming facilities of the Lisp family..." Fossbytes adds that Nim's syntax "might remind you of Python as it uses indented code blocks and similar syntax at some occasions. Just like Rust and Go, it uses strong types and first class functions... Talking about the benchmarks, it's comparable to C. Nim compiler produces C code by default. With the help of different compiler back-ends, one can also get JavaScript, C++, or Objective-C. There's an improved output system in the newest release, and both its compiler and library are MIT licensed. Share your thoughts and opinions in the comments. Is anybody excited about writing code in Nim?

Read more of this story at Slashdot.

Categories: Open Source, Technology

BrainDead Is the Perfect Show to Watch This Inauguration Weekend

Wired - Top Stories - Sat, 01/21/2017 - 9:00am
CBS's screwball comedy just feels right. The post BrainDead Is the Perfect Show to Watch This Inauguration Weekend appeared first on WIRED.
Categories: Open Source, Technology

Microsoft To Lay Off 700 Employees Next Week, Report Says

Slashdot - Sat, 01/21/2017 - 8:00am
According to a report by Business Insider (Warning: may be paywalled), Microsoft will cut about 700 jobs in conjunction with its quarterly earnings release next week. GeekWire reports: The latest layoffs are part of the company's previously announced plan to cut about 2,850 roles globally during its current fiscal year, according to the Business Insider report. The company declined to comment this afternoon, but we understand the report to be accurate, based on our own sources. Next week's cuts will be spread across a variety of job functions inside the company. The company's previous job cuts have come in areas including its smartphone business and global sales team. Microsoft announced its largest cuts in July 2014, eliminating 18,000 jobs, or 14 percent of the company at the time.

Read more of this story at Slashdot.

Categories: Open Source, Technology

Why Women (and Men) Are Marching Today, According to Twitter Data

Wired - Top Stories - Sat, 01/21/2017 - 7:00am
An analysis of tweets based on 40 march-related keywords and hashtags reveals the topics marchers are prioritizing. The post Why Women (and Men) Are Marching Today, According to Twitter Data appeared first on WIRED.
Categories: Open Source, Technology

11 Outrageously Fancy Cars You Can Buy This Weekend

Wired - Top Stories - Sat, 01/21/2017 - 7:00am
Fire up your private jet and hustle down to Arizona. The post 11 Outrageously Fancy Cars You Can Buy This Weekend appeared first on WIRED.
Categories: Open Source, Technology