Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - "Most serious" Linux privilege-escalation bug ever is under active exploit (arstechnica.com)

operator_error writes: Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.

By Dan Goodin — 10/20/2016

A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time."

The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."

Submission + - Microsoft Unleashes Second Raspberry Pi IoT Starter Kit

Mickeycaskill writes: Microsoft is releasing a second version of its Raspberry Pi Internet of Things (IoT) starter pack, which combines microcomputer hardware with a lightweight version of Windows 10.

The new version come with the Raspberry Pi 3, a beefed up version of its predecessor with integrated Wi-Fi and Bluetooth connectivity, making it more flexible without the need for hardware add-ons.

Microsoft also announced a new IoT starter kit created by Seeed Studio. The Seeed Grove Starter Kit for IoT based on Raspberry Pi, is how its rather clunky name would suggest; an IoT package that can be used with the Raspberry Pi 3 and Raspberry Pi 2, and comes with the Grove connector, a module that offers common connectors for sensors in order to make it easier to connect them to a device platform without the need to worry about soldering electrical wires.

The package comes with Windows 10 Core, but also works with Microsoft’s Azure cloud platform.

Submission + - Multiple Linux Distributions Affected by Crippling Bug in systemd (agwa.name) 1

An anonymous reader writes: System administrator Andrew Ayer has discovered a potentially critical bug in systemd which can bring a vulnerable Linux server to its knees with one command. "After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system." According to the bug report, Debian, Ubuntu, and CentOS are among the distros susceptible to various levels of resource exhaustion. The bug, which has existed for more than two years, does not require root access to exploit.

Submission + - Should we bring extinct species back from the dead? (sciencemag.org)

sciencehabit writes: For decades the notion of “de-extinction” hovered on the scientific fringes, but new advances in genetic engineering, especially the CRISPR-Cas9 revolution, have researchers believing that it’s time to start thinking seriously about which animals we might be able to bring back, and which ones would do the most good for the ecosystems they left behind. Science Magazine explores why and how we might do this, which animals might be first, and the big risks involved.

Submission + - What are the FLOSS community's answers to Siri and AI? (upon2020.com)

jernst writes: A decade ago, we in the free and open-source community could build our own versions of pretty much any proprietary software system out there, and we did. Publishing, collaboration, commerce, you name it. Some apps were worse, some were better than closed alternatives, but much of it was clearly good enough to use every day.

But is this still true? For example, voice control is clearly going to be a primary way we interact with our gadgets in the future. Speaking to an Amazon Echo-like device while sitting on my couch makes a lot more sense than using a web browser. Will we ever be able to do that without going through somebody’s proprietary silo like Amazon’s or Apple’s? Where are the free and/or open-source versions of Siri, Alexa and so forth?

The trouble, of course, is not so much the code, but in the training. The best speech recognition code isn’t going to be competitive unless it has been trained with about as many millions of hours of example speech as the closed engines from Apple, Google and so forth have been. How can we do that?

The same problem exists with AI. There’s plenty of open-source AI code, but how good is it unless it gets training and retraining with gigantic data sets? We don’t have those in the FLOSS world, and even if we did, would we have the money to run gigantic graphics card farms 24×7? Will we ever see truly open AI that is not black-box machinery guarded closely by some overlord company, but something that “we can study how it works, change it so it does our computing as we wish” and all the other values embodied in the Free Software Definition?

Who has a plan, and where can I sign up to it?

Submission + - Android-x86 6.0 Released to Let You Run Android 6.0 Marshmallow on Your PC

prisoninmate writes: Android-x86 6.0 has been in the works since early this year, and it received a total of two RC (Release Candidate) builds during its entire development cycle, one in June and another in August. After joining the Remix OS team, Chih-Wei Huang now has all the reasons to update and improve its Android-x86 system for the latest Android releases. Therefore, as you might have guessed already, Android-x86 6.0 is the first stable version of the project to be based on Google's Linux kernel-based Android 6.0 Marshmallow mobile operating system, and includes the most recent AOSP (Android Open Source Project) security updates too. Under the hood, Android-x86 6.0 is using the long-term supported Linux 4.4.20 kernel with an updated graphics stack based on Mesa 12.0.2 3D Graphics Library, and offers support for Samsung's F2FS file system for SSD drives, better Wi-Fi support after resume and suspend, and initial HDMI audio support.

Submission + - Warner Brothers reports own site as illegal (bbc.com)

An anonymous reader writes: Film studio Warner Brothers has asked Google to remove its own website from search results, saying it violates copyright laws.
It also asked the search giant to remove links to legitimate movie streaming websites run by Amazon and Sky, as well as the film database IMDB.
The request was submitted on behalf of Warner Brothers by Vobile, a company that files hundreds of thousands of takedown requests every month.

Warner Brothers has yet to comment.

BBC News links to https://torrentfreak.com/warne... Warner Bros. is vigorously trying to prevent pirated content from showing up in search results, but in doing so the movie studio has shot itself in the foot. Recently, Warner asked Google to take down several of its own pages, claiming that they are copyright-infringing.

Submission + - Is Apache OpenOffice collapsing? (theregister.co.uk)

martiniturbide writes: On September first Dennis Hamilton, the volunteer vice-president of OpenOffice, just posted the idea of what should be the actions to shut down the Apache OpenOffice Project. His reasons to post that are the "limited capacity for sustaining" and "there is no ready supply of developers who have the capacity, capability, and will to supplement the roughly half-dozen volunteers holding the project together." He also states "My interest is in seeing any retirement happen gracefully." This quickly generated a lot of replies on the Apache OpenOffice developer’s forum of people trying to find solutions to keep the project going.
Conspiracy theories: Is this just a stunt pulled by Dennis to get people involved on Apache OpenOffice? Is Microsoft investment on the Apache Foundation starting to pay off? Does it make sense to maintain OpenOffice when there is the LibreOffice community also working on an open source office suite?

Submission + - Getty Sued For $1 Billion For Selling Publicly Donated Photos

An anonymous reader writes: Online stock media library Getty Images is facing a $1 billion lawsuit from an American photographer for illegally selling copyright for thousands of photos. The Seattle-based company has been sued by documentary photographer Carol Highsmith for ‘gross misuse’, after it sold more than 18,000 of her photos despite having already donated them for public use. Highsmith’s photos which were sold via Getty Images had been available for free via the Library of Congress. Getty has now been accused of selling unauthorised licenses of the images, not crediting the author, and for also sending threatening warnings and fines to those who had used the pictures without paying for the falsely imposed copyright.

Submission + - Analog Devices Set to Buy Competitor Linear Tech (transactionannouncement.com)

Jfetjunky writes: From Analog Devices' website:

On July 26, Analog Devices, Inc. and Linear Technology Corporation entered into a definitive agreement under which Analog Devices will acquire Linear Technology in a cash and stock transaction that values the combined enterprise at approximately $30 billion. The transaction is expected to close by the end of the first half of calendar year 2017."

This is a big move for Analog Devices, buying up one of the only other major competitors in the market space for precision analog devices and data converters besides Texas Instruments. They are taking on $7.3 billion of additional debt to complete the purchase of Linear Tech for approximately $14.8 billion. They advertise that the deal will finalize in the first half of 2017. According to their presentation, they have hopes this will nearly double their potential market share.

Submission + - When is 'Unnecessary' Code Necessary? 1

theodp writes: Catching himself terminating statements with semicolons out of habit when none were needed, Rick Wicklin asks: Do you write unnecessary code? And while Wicklin tries to skip certain unnecessary statements, there are others that he finds, well, necessary. "Sometimes I include optional statements in my programs for clarity, readability, or to practice defensive programming," he explains. Wicklin's post is geared towards SAS programming, but the question of when to include technically-unnecessary code — e.g., variable declarations, superfluous punctuation, block constructs for single statements, values for optional parameters that are the defaults, debugging/validation statements, non-critical error handling, explicitly destroying objects that would otherwise be deleted on exit, labeled NEXT statements, full qualification of objects/methods, unneeded code from templates — is a language-agnostic one. So when-and-why do you find it necessary to include 'unnecessary' code in your programs? And are you tolerant of co-workers' unnecessary code choices, or do you sometimes go all Tabs-vs-Spaces (YouTube) on them?

Comment Re:I give this about two weeks. (Score 1) 130

As an ingress player, I couldn't disagree with you more.

Having said that, I took a quick look at pokemon and although interesting, it's surely not my game. There are similarities to ingress, but it's also targeted at a very different audience. Another drawback I saw was their pricing scheme, they seem mostly interested in you dollars, whereas ingress is totally free to play, with only a few 'gimmicks' sold for the die-hard players, and surely will not drain your wallet till the max.

On-topic - ingress has put a lot of couchpotato's outside, made hiking and traveling more fun, and socializes team members in sometimes very close and active communities. I wonder if pokemon will have the same socializing effect.

Submission + - GTK developers decided to give up on long term API/ABI compatibility (gnome.org)

Artem Tashkinov writes: Just when you thought that the speed of software/hardware development has decreased owning to the fact that both software and hardware nowadays are good enough for pretty much everything and everyone, GTK developers decided they do not want to confine themselves to long term API/ABI compatibility and they will release new major incompatible releases every two years (4.0, 5.0, etc) and every six months they will release point releases which will be binary compatible with previous point releases (read 4.0, 4.2, 4.4, etc) but as a user or a software developer you won't be able to compile previous point releases software (say 4.0) on newer point releases (say 4.2, 4.4, 4.6, etc).

People frequently bemoan the fact the Linux is still not gaining any traction on the desktop but unfortunately Linux developers still do not want to develop anything resembling a long term supported platform which guarantees API/ABI compatibility between distros.

Comment Re:Make something the foreigners want (Score 1) 231

Europe has import taxes on about anything, ranging from 10% to over 20%. In particular end-consumer products are taxed very high. On top of that comes sales tax etc, making a lot of things way more expensive than anywhere else in the world.

A recent example is the solar-panel industry. It was said china was 'dumping' solar panels. Read: the prices were dropping so it was getting very interesting for private persons to install solar installations on their roof top, even without any subsidy at all (as lot of countries used to do - European countries love high taxes just to spend it on subsidies again).
So, solar installation companies were flowering. Yet, European solar panel industry was having a hard time making a profit as China would undercut them.

Reaction of European politicians? Just add a 30% import tax on solar panels, just and only to protect a local and very marginal industry. At the cost of delaying and discouraging renewable energies.

So despite all talk and political intentions for more renewables, in practice they only discouraged it and money talks.

On topic. I actually think a better trade agreement between USA & Europe and other countries is a good thing. Just the secrecy and the smoke curtain that surrounds it now is bad. It should be a more public debate allowing more stakeholders to share their views.

Slashdot Top Deals

Your program is sick! Shoot it and put it out of its memory.