×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Heartbleed Sparks 'Responsible' Disclosure Debate

Soulskill posted about half an hour ago | from the arguing-about-ethics dept.

14

bennyboy64 writes: "IT security industry experts are beginning to turn on Google and OpenSSL, questioning whether the Heartbleed bug was disclosed 'responsibly.' A number of selective leaks to Facebook, Akamai, and CloudFlare occurred prior to disclosure on April 7. A separate, informal pre-notification program run by Red Hat on behalf OpenSSL to Linux and Unix operating system distributions also occurred. But router manufacturers and VPN appliance makers Cisco and Juniper had no heads up. Nor did large web entities such as Amazon Web Services, Twitter, Yahoo, Tumblr and GoDaddy, just to name a few. The Sydney Morning Herald has spoken to many people who think Google should've told OpenSSL as soon as it uncovered the critical OpenSSL bug in March, and not as late as it did on April 1. The National Cyber Security Centre Finland (NCSC-FI), which reported the bug to OpenSSL after Google, on April 7, which spurred the rushed public disclosure by OpenSSL, also thinks it was handled incorrectly. Jussi Eronen, of NCSC-FI, said Heartbleed should have continued to remain a secret and be shared only in security circles when OpenSSL received a second bug report from the Finnish cyber security center that it was passing on from security testing firm Codenomicon. 'This would have minimized the exposure to the vulnerability for end users,' Mr. Eronen said, adding that 'many websites would already have patched' by the time it was made public if this procedure was followed."

New Facebook Phone App Lets You Stalk Your Friends

samzenpus posted 1 hour ago | from the I-won't-be-ignored dept.

15

Hugh Pickens DOT Com (2995471) writes "Iain Thomson reports that Facebook is adding a new application called 'Nearby Friends' that alerts smartphone users when their friends are nearby. 'If you turn on Nearby Friends, you'll occasionally be notified when friends are nearby, so you can get in touch with them and meet up,' says Facebook in a statement. 'For example, when you're headed to the movies, Nearby Friends will let you know if friends are nearby so you can see the movie together or meet up afterward.' The feature, which is opt-in, allows users to select which friends get a warning that you are in the area, and prepare a subset of people who might like to know when you're near, if they have the Nearby Friends activated as well. According to Josh Constine what makes 'Nearby Friends' different than competitors and could give it an advantage is that it's centered around broadcasting proximity, not location. 'If someone's close, you'll know, and can ping them about their precise location and meeting up. Broadcasting location is creepy so we're less likely to share it, and can cause awkward drop-ins where someone tries to come see you when you didn't want them to.'"

Lying Eyes: Cyborg Glasses Simulate Eye Expressions

samzenpus posted 3 hours ago | from the all-the-better-to-see-you-with dept.

29

Rambo Tribble (1273454) writes "A researcher in Japan has taken what is, perhaps, the next step after Google Glass: Glasses which produce animated images of the user's eyes to simulate emotional responses. They are intended to aid workers in emotionally-intensive environments. As the researcher explains, '... they allowed others to feel they were "cared" about ...'"

Criminals Using Drones To Find Cannabis Farms and Steal Crops

samzenpus posted 8 hours ago | from the red-eye-in-the-sky dept.

112

schwit1 (797399) writes "There has been a huge surge in the number of hidden cannabis farms across Halesowen, Cradley Heath and Oldbury, towns on the outskirts of rural Shropshire some seven miles from central Birmingham. They require hydroponic lights for the marijuana plants to grow – and the huge amounts of excess heat given off make them easily spottable for a would-be criminal with a drone carrying infrared cameras. One such man says that after finding a property with a cannabis farm he and his crew either burgle or 'tax' the victim."

Oracle Deflects Blame For Troubled Oregon Health Care Site

samzenpus posted 11 hours ago | from the who's-to-blame dept.

97

itwbennett (1594911) writes "Oracle is gearing up for a fight with officials in Oregon over its role developing an expensive health insurance exchange website that still isn't fully operational. In a letter obtained by the Oregonian newspaper this week, Oracle co-president Safra Catz said that Oregon officials have provided the public with a 'false narrative' concerning who is to blame for Cover Oregon's woes. In the letter, Catz pointed out that Oregon's decision to act as their own systems integrator on the project, using Oracle consultants on a time-and-materials basis, was 'criticized frequently by many'. And as far as Oracle is concerned, 'Cover Oregon lacked the skills, knowledge or ability to be successful as the systems integrator on an undertaking of this scope and complexity,' she added."

'Accidental' Siberian Mummies Part of Mysterious Ancient Arctic Civilization

samzenpus posted 12 hours ago | from the who-are-you-who-who-who-who? dept.

20

concertina226 (2447056) writes "Russian archaeologists are trying to discover the origins of a group of 800-year-old bodies found just 29 km from the Arctic Circle, which were accidentally mummified by copper when they were buried. The mummies were discovered at Zeleniy Yar in Siberia, in 34 shallow graves, and 11 of the bodies found in the medieval burial place had either smashed skeletons or missing and shattered skulls. They may have been damaged by their peers deliberately to prevent spells emanating from them. There is only one female, a child, who is buried with her face masked by copper plates, and three male infant mummies, who wear copper masks and were bound in four or five copper hoops that each measure several centimetres wide."

NASA Proposes "Water World" Theory For Origin of Life

samzenpus posted 12 hours ago | from the from-the-water dept.

63

William Robinson (875390) writes "A new study from researchers at Nasa's Jet Propulsion Laboratory has proposed the "water world" theory as the answer to our evolution, which describes how electrical energy naturally produced at the sea floor might have given rise to life. While the scientists had already proposed this hypothesis called 'submarine alkaline hydrothermal emergence of life' the new report assembles decades of field, laboratory and theoretical research into a grand, unified picture."

In a Cloning First, Scientists Create Stem Cells From Adults

samzenpus posted 13 hours ago | from the use-your-cells dept.

37

Trax3001BBS (2368736) writes in with news about a breakthrough in creating stem cells perfectly matched to a person's DNA. "...Lanza's group used caffeine to prevent the fused egg from dividing prematurely. Rather than leaving the egg with its newly introduced DNA for 30 minutes before activating the dividing stage, they let the eggs rest for about two hours. This gave the DNA enough time to acclimate to its new environment and interact with the egg's development factors, which erased each of the donor cell's existing history and reprogrammed it to act like a brand new cell in an embryo.'"

MIT Designs Tsunami Proof Floating Nuclear Reactor

samzenpus posted yesterday | from the riding-the-waves dept.

156

First time accepted submitter Amtrak (2430376) writes "MIT has created designs for a nuclear plant that would avoid the downfall of the Fukushima Daiichi plant. The new design calls for the nuclear plant to be placed on a floating platform modeled after the platforms used for offshore oil drilling. A floating platform several miles offshore, moored in about 100 meters of water, would be unaffected by the motions of a tsunami; earthquakes would have no direct effect at all. Meanwhile, the biggest issue that faces most nuclear plants under emergency conditions — overheating and potential meltdown, as happened at Fukushima, Chernobyl, and Three Mile Island — would be virtually impossible at sea."

In Mississippi, Gov't Text Messages Are Officially Public Records

timothy posted yesterday | from the scum-floats-for-a-reason dept.

32

New submitter Chris Elkins (3620071) writes "Text messages [by public officials about government business] are now officially considered public records. An investigative reporter fought for access to what he believed were public records. He took his fight to the state and won. Mississippi open government and transparency advocates view this unanimous commission opinion as precedent-setting for all government bodies and public officials in the state."

Click Like? You May Have Given Up the Right To Sue

timothy posted yesterday | from the sue-you-sue-anybody dept.

179

sandbagger (654585) writes "The New York Times reports that General Mills, the maker of cereals like Cheerios and Chex as well as brands like Bisquick and Betty Crocker, has quietly added language to its website to alert consumers that they give up their right to sue the company if they download coupons, or 'join' it in social media communities. Who'd have imagined that clicking like requires a EULA?"

Mercedes Pooh-Poohs Tesla, Says It Has "Limited Potential"

timothy posted yesterday | from the is-it-a-king-george-moment? dept.

250

cartechboy (2660665) writes "They say you shouldn't bite the hand that feeds you. Maybe it should go you shouldn't trash talk the company you partner with. U.S. head of Mercedes-Benz Steve Cannon was just quoted as saying future service of Tesla's vehicles could be 'limited,' and that while it's great, the market could be more attracted to other luxury automakers once their products hit the market. Cannon also suggests that the current infrastructure isn't up to maintaining and fueling electric vehicles, in particularly Tesla's stores and go-to servicing can't handle high demands. Naturally he said Mercedes has the 'whole network' to put customers minds' at ease. Sounds like fighting words to me. Hey Mercedes, where's your Model S competitor?" There is a reason that Jim Rogers drove around the world in a Mercedes.

Ask Slashdot: Which Router Firmware For Bandwidth Management?

timothy posted yesterday | from the but-the-neighbors-will-object dept.

77

First time accepted submitter DeathByLlama (2813725) writes "Years ago I made the switch from DD-WRT to Tomato firmware for my Linksys router. I lost a couple features, but gained one of the best QoS and bandwidth management systems I have seen on a router to date. Admins can see graphs of current and historical bandwidth usage by IP, set minimum and maximum bandwidth limits by IP range, setup QoS rules, and see and filter graphs and lists of current connections by usage, class or source/destination — all from an elegantly designed GUI. This has allowed me to easily and intelligently allocate and adjust my network's bandwidth; when there is a problem, I can see where it's coming from and create rules around it. I'm currently using the Toastman's VPN Tomato firmware, which has about everything that I would want, except for one key thing: support for ARM-based routers (only Broadcom is supported). I have seen other firmware projects being actively developed in the last few years, so in picking a new 802.11ac router, I need to decide whether Tomato support is a deal-breaker. With solid bandwidth management as a priority, what firmware would you recommend? Stock Asuswrt? Asuswrt-Merlin? OpenWRT? DD-WRT? Tomato? _____?"

Linux Voice is a New Magazine for Linux Users — On Paper (Video)

Roblimo posted yesterday | from the there's-nothing-quite-like-the-smell-of-ink-on-paper dept.

58

This is an interview with Graham Morrison, who is one of four people behind the shiny-new Linux Voice magazine, which is printed on (gasp) paper. Yes, paper, even though it's 2014 and a lot of people believe the idea of publishing a physical newspaper or magazine is dead. But, Graham says, when you have a tight community (like Linux users and developers) you have an opportunity to make a successful magazine for that community. This is a crowdfunded venture, through Indiegogo, where they hoped to raise £90,000 -- but ended up with £127,603, which is approximately $214,288 as of this video's publishing date. So they have a little capital to work with. Also note: these are not publishing neophytes. All four of the main people behind Linux Voice used to work on the well-regarded Linux Format magazine. Graham says they're getting subscribers and newsstand sales at a healthy rate, so they're happily optimistic about their magazine's future. (Here's an alternate video link)

Kepler-186f: Most 'Earth-Like' Alien World Discovered

timothy posted yesterday | from the fire-up-the-speculation-device dept.

197

astroengine (1577233) writes "About 500 light-years away in the constellation Cygnus lives a star, which, though smaller and redder than the sun, has a planet that may look awfully familiar. With a diameter just 10 percent bigger than Earth's, the newly found world is the first of its size found basking in the benign temperature region around a parent star where water, if it exists, could pool in liquid form (abstract). Scientists on the hunt for Earth's twin are focused on worlds that could support liquid surface water, which may be necessary to brew the chemistry of life. "Kepler-186f is significant because it is the first exoplanet that is the same temperature and the same size (well, ALMOST!) as the Earth," David Charbonneau, with the Harvard-Smithsonian Center for Astrophysics, wrote in an email to Discovery News. "Previously, the exoplanet most like Earth was Kepler-62f, but Kepler-186f is significantly smaller. Now we can point to a star and say, 'There lies an Earth-like planet.'""

Ubuntu Linux 14.04 LTS Trusty Tahr Released

timothy posted yesterday | from the what-in-tahr-nation dept.

161

An anonymous reader writes with this announcement: "Ubuntu Linux version 14.04 LTS (code named "Trusty Tahr") has been released and available for download. This updated version includes the Linux kernel v3.13.0-24.46, Python 3.4, Xen 4.4, Libreoffice 4.2.3, MySQL 5.6/MariaDB 5.5, Apache 2.4, PHP 5.5, improvements to AppArmor allow more fine-grained control over application, and more. The latest release of Ubuntu Server is heavily focused on supporting cloud and scale-out computing platforms such as OpenStack, Docker, and more. As part of the wider Ubuntu 14.04 release efforts the Ubuntu Touch team is proud to make the latest and greatest touch experience available to our enthusiast users and developers. You can install Ubuntu on Nexus 4 Phone (mako), Nexus 7 (2013) Tablet (flo), and Nexus 10 Tablet (manta) by following these instructions. On a hardware front, ARM multiplatform support has been added, enabling you to build a single ARM kernel image that can boot across multiple hardware platforms. Additionally, the ARM64 and Power architectures are now fully supported. See detailed release notes for more information. A quick upgrade to a newer version of Ubuntu is possible over the network."

Tor Blacklisting Exit Nodes Vulnerable To Heartbleed

timothy posted yesterday | from the all-tor-up dept.

47

msm1267 (2804139) writes "The Tor Project has published a list of 380 exit relays vulnerable to the Heartbleed OpenSSL vulnerability that it will reject. This comes on the heels of news that researcher Collin Mulliner of Northeastern University in Boston found more than 1,000 nodes vulnerable to Heartbleed where he was able to retrieve plaintext user traffic. Mulliner said he used a random list of 5,000 Tor nodes from the Dan.me.uk website for his research; of the 1,045 vulnerable nodes he discovered, he recovered plaintext traffic that included Tor plaintext announcements, but a significant number of nodes leaked user traffic in the clear."

The Dismal State of SATCOM Security

timothy posted yesterday | from the my-sputnik-or-yours dept.

51

An anonymous reader writes "Satellite Communications (SATCOM) play a vital role in the global telecommunications system, but the security of the devices used leaves much to be desired. The list of security weaknesses IOActive found while analyzing and reverse-engineering firmware used on the most widely deployed Inmarsat and Iridium SATCOM terminals does not include only design flaws but also features in the devices themselves that could be of use to attackers. The uncovered vulnerabilities include multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. These vulnerabilities allow remote, unauthenticated attackers to compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability; just sending a simple SMS or specially crafted message from one ship to another ship would be successful for some of the SATCOM systems."

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...