We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
operator_error (1363139) writes "A new musical from the Academy Award-winning songwriters of "Frozen" will tell the story of a socially awkward computer repairman named Dan who becomes attracted to Lindsay, a t-shirt designer. But his overactive imagination keeps getting in the way of a potential relationship.
"Up Here" will delve into the overactive imagination of its 30-something protagonist, bringing to life the "circus of judgmental, neurotic, ever-changing characters that rule an ordinary man's mind."" Link to Original Source top
OwnCloud Developer requests removal from Ubuntu repos: multiple vulnerabilities
operator_error (1363139) writes "ownCloud developer Lukas Reschke has sent an email to the Ubuntu Devel mailing list, requesting that ownCloud (server) is removed from the Ubuntu repositories because the package is old and there are multiple critical security bugs for which no fixes have been backported. He adds that:
"Those security bugs allows an unauthenticated attacker to gain complete control about the web server process".
However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2).
Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your/etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical.
You can follow the discussion @ Ubuntu Devel mailing list.
So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service" Link to Original Source top
Studies Conclude Hands-free-calling & Apple Siri Distract Drivers
operator_error (1363139) writes "In many cars, making a hands-free phone call can be more distracting than picking up your phone, according to a new study from AAA and the University of Utah.
In-dash phone systems are overly complicated and prone to errors, the study found, and the same is true for voice-activated functions for music and navigation.
A companion study also found that trying to use Siri — the voice control system on Apple phones — while driving was dangerously distracting. Two participants in the study had virtual crashes in an automotive simulator while attempting to use Siri, the study's authors reported.
In response, Toyota said the study did not show a link between cognitive distraction and car crashes.
"The results actually tell us very little about the relative benefits of in-vehicle versus hand-held systems; or about the relationship between cognitive load and crash risks," said Mike Michels, a Toyota spokesman." Link to Original Source top
"Shellshock" may be partially patched, but it's still highly dangerous
operator_error (1363139) writes "David A. Wheeler, a computer scientist who is an acknowledged expert in developing secure open-source code, posted a message to the Open Source Software Security (oss-sec) list this evening urging more changes to the bash code. And other developers have found that the current patch still has vulnerabilities similar to the original one, where an attacker could store malicious data in a variable named the same thing as frequently run commands.
Norihiro Tanaka, a Japanese open-source developer, noted the problem in an e-mail to the bug-bash list today. By using an environmental variable called cat—the same name as a Unix utility that can concatenate files—he was able to bypass the fixes in the latest bash patch and pass through executable commands.
Wheeler noted this vulnerability as well, in an email to both oss-sec and the bug bash list:
I appreciate the effort made in patch bash43-026, but this patch doesn't even BEGIN to solve the underlying shellshock problem. This patch just continues the "whack-a-mole" job of fixing parsing errors that began with the first patch. Bash's parser is certain have many many many other vulnerabilities; it was never designed to be security-relevant. John Haxby recently posted that "A friend of mine said this could be a vulnerability gift that keeps on giving.” Bash will be a continuous rich source of system vulnerabilities until it STOPS automatically parsing normal environment variables; all other shells just pass them through! I've turned off several websites I control because I have *no* confidence that the current official bash patches actually stop anyone, and I am deliberately *not* buying products online today for the same reason. I suspect others have done the same. I think it's important that bash change its semantics so that it "obviously has absolutely no problems of this kind".
In other words, “Shellshock” may be partially patched, but it’s still highly dangerous on systems that might use bash to pass information to the operating system or to launch other software. And it may take a significant change to fix the code." Link to Original Source
operator_error (1363139) writes "Jukka Eklund at Nokia writes to the Meego Dev list: "I am thrilled to announce a little thing we started at Nokia. Basically we want to have MeeGo running in N900 device, so that it's really usable as your daily development device. Basic Handset UX should work, phone calls, SMS, web browsing. So we are concentrating on a few selected features and polish those to be "perfect". It might mean that we leave out some things in MeeGo 1.2 trunk for this edition, but that is not the default intention.
We are doing this fully on the open, and I hope this is an interesting project where we all in the community work towards the same goal: have a great MeeGo edition in the N900. This work is naturally based on the great work done already by N900 adaptation team lead by Harri and Carsten.
Br, Jukka Developer Edition product manager"...Also folks, be sure to stay tuned for the new Nokia N950 meant only as a (likely) unsubsidized Developer's hardware refresh of the N900. Only rumor has it that it will not arrive with a slide-out keyboard. How important is having a N900-style keyboard to you, along with the new Meego Love Nokia software continues to offer?" Link to Original Source