Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Open Source Codec Encodes Voice Into Only 700 Bits Per Second (rowetel.com)

Bruce Perens writes: David Rowe VK5DGR has been working on ultra-low-bandwidth digital voice codecs for years, and his latest quest has been to come up with a digital codec that would compete well with single-sideband modulation used by ham contesters to score the longest-distance communications using HF radio. A new codec records clear, but not hi-fi, voice in 700 bits per second, that's 88 bytes per second. Connected to an already-existing Open Source digital modem, it might beat SSB.

Obviously there are other uses for recording voice at ultra-low-bandwidth. Many smartphones could record your voice for your entire life using their existing storage. A single IP packet could carry 15 seconds of speech. Ultra-low-bandwidth codecs don't help conventional VoIP, though. The payload size for low-latency voice is only a few bytes, and the packet overhead will be at least 10 times that size.

Submission + - OPEN-SOURCE PARAMETRIC CAD IN YOUR BROWSER (hackaday.com)

mmiscool writes: Until recently, computer-aided design (CAD) software was really only used by engineering companies who could afford to pay thousands of dollars a year per license. The available software, while very powerful, had a very high learning curve and took a lot of training and experience to master. But, with the rise of hobbyist 3D printing, a number of much more simple CAD programs became available.

While these programs certainly helped makers get into 3D modeling, most had serious limitations. Only a few have been truly open-source, and even fewer have been both open-source and parametric. Parametric CAD allows you to create 3D models based on a series of parameters, such as defining a cube by its origin and dimensions. This is in contrast to sculpting style 3D modeling software, which is controlled much more visually. The benefit of parametric modeling is that parameters can be changed later, and the model can be updated on the fly. Features can also be defined mathematically, so that they change in relation to each other.

While still in its infancy, JS.Sketcher is seeking to fill that niche. It is 100% open-source, runs in your browser using only JavaScript, and is fully parametric (with both constraints and editable dimensions). At this time, available features are still pretty limited and simple. You can: extrude/cut, revolve, shell, and do boolean operations with solids. More advanced features aren’t available yet, but hopefully will be added in the future.

Jsketcher is available on git hub
https://github.com/xibyte/jske...
and can be used form the following url.
http://web-cad.org/

Submission + - Smart Electricity Meters Can Be Dangerously Insecure, Warns Expert (theguardian.com)

An anonymous reader writes: Smart electricity meters, of which there are more than 100 million installed around the world, are frequently “dangerously insecure," a security expert has said. The lack of security in the smart utilities raises the prospect of a single line of malicious code cutting power to a home or even causing a catastrophic overload leading to exploding meters or house fires, according to Netanel Rubin, co-founder of the security firm Vaultra. If a hacker took control of a smart meter they would be able to know “exactly when and how much electricity you’re using”, Rubin told the 33rd Chaos Communications Congress in Hamburg. An attacker could also see whether a home had any expensive electronics. “He can do billing fraud, setting your bill to whatever he likes [...] The scary thing is if you think about the power they have over your electricity. He will have power over all of your smart devices connected to the electricity. This will have more severe consequences: imagine you woke up to find you’d been robbed by a burglar who didn’t have to break in. “But even if you don’t have smart devices, you are still at risk. An attacker who controls the meter also controls the meter’s software, allowing him to cause it to literally explode.” The problems at the heart of the insecurity stem from outdated protocols, half-hearted implementations and weak design principles. To communicate with the utility company, most smart meters use GSM, the 2G mobile standard. That has a fairly well-known weakness whereby an attacker with a fake mobile tower can cause devices to “hand over” to the fake version from the real tower, simply by providing a strong signal. In GSM, devices have to authenticate with towers, but not the other way round, allowing the fake mast to send its own commands to the meter. Worse still, said Rubin, all the meters from one utility used the same hardcoded credentials. “If an attacker gains access to one meter, it gains access to them all. It is the one key to rule them all.”

Submission + - Dashcam Footage Shows Tesla Autopilot Predicting Surprise Crash (inverse.com)

SonicSpike writes: Tesla’s autopilot might make you drive like a grandma, but that’s a small price to pay since it can also, apparently, see the future. A dashcam video seems to show the autopilot for a Tesla Model X predict that the two cars ahead of it were about to crash, even though the human driver would’ve had no way to see the collision coming.

Electek reports that the crash took place on the Autobahn in the Netherlands. Hans Noordsij, a Dutch electric car enthusiast who first reported the incident, said that nobody in the crash was seriously injured, according to the driver of the Tesla. In the video, you can hear the Tesla’s Forward Collision Warning start pinging for seemingly no reason — then the car ahead of the Tesla slams into the SUV in front of it that had been hidden from view.

The Tesla was able to tell this was going to happen thanks to the September autopilot update, which added radar — a tried-and-true technology that Elon Musk said could cut accident rates in half. The radar aspect of the autopilot allowed the Model X to track two cars ahead of itself. Even though the SUV wasn’t visible, the radar knew where it was — and that it was about to get rear-ended.

Submission + - Creepy Website IknowWhatYouDownload Makes Your Torrenting History Open To All (iknowwhatyoudownload.com) 2

dryriver writes: The highly invasive and possibly Russian owned and operated website http://iknowwhatyoudownload.co... immediately shows the bittorent download history for your IP address when you land on it. What's more, it also shows the torrenting history of any specific IP address you enter, and also of IP addresses similar to your's, so you can see what others near you — perhaps the nice neighbours in the house next door — have downloaded when they thought nobody was looking. Upon clicking on somebody else's IP link in my range, for example, I found that the person had downloaded a tremendous amount of Porn content of a certain rather embarrassing type in what they thought was the privacy of their own home. The website highlights XXX content in bright red on its download list, a feature that appears explicitly designed to embarrass people who torrent porn. There is also a nasty little "Track Downloads" feature that lets you send a "trick URL" to somebody else. When they click on the URL — thinking its something cool on Facebook, Twitter or the general internet — THEY see what they URL promised, but YOU get sent their entire torrenting history, including anything embarrassing or otherwise compromising content they may have downloaded in private. A website this malicious and invasive can only have been built by the big content producers to deter people from downloading piratedcontent methinks. The website appears to offer an API, customized download reports and more to interested parties in the hopes of generating big cash from making other people's torrenting activities public. I wonder how long it takes before some teenager commits suicide or similar because his school friends sent him a "trick URL" from this site that outed him/her as downloading gay porn or similar.

Comment Re:NN FTW (Score 1) 61

As one of those dutch consumers - not so much. While i do totally understand and subscribe the need of net neutrality, this example already shows it is not always in the consumers best interest.

Another dutch provider (KPN, market leader) wanted to do this a few years ago, and ran into the same legal issue. Their final solution(s): 1. increase all data with all plans and 2. sell a discounted spotify subscription that came with 'free' additional data, the latter apparently being a legal solution.

This (net-neutrality thingy) was well known in the Netherlands, and T-Mobile should have been aware of this. I do recall seeing their advertisements for this unlimited streaming plan 2 months ago, just before i left the country, and already wondered how they would legally do this. Now i know the answer - they don't.

But back to the consumer - i'm not sure if consumers are better of as 'heavy users' are forced to premium plans just for their streaming needs. Then again, data plans in Holland (and in Europe in general) seem to be a lot cheaper than in the USA. This may partly be due to fragmentation - most plans in Europe are national, for a Europe-wide plan you'd pay a premium and streaming when abroad is more or less out of the question since you easily pay $10 for 100MB on the other side of your national borders. - and partly because of more competition - the Netherlands has a multiple of providers compared to the USA where only 3 providers seem to control the market. (Having said that, in Netherlands only 3* providers have their own network (*4 if you count in tele2), the rest are resellers).

Concluding: you can get anything as long you pay up. The more casual users are either left in the cold or forced to pay a premium for service they don't use. The market is not free to bind users in a way they see fit, because of some arbitrary legal requirement.

Submission + - GoboLinux 016 released, featuring its own filesystem virtualization tool

paranoidd writes: GoboLinux announced today the availability of a new major release. What's special about it is that it comes together with a container-free filesystem virtualization that's kind of unique thanks to the way that installed programs are arranged by the distro. Rather than having to create full-fledged containers simply to get around conflicting libraries, a lightweight solution simply plays with overlays to create dynamic filesystem views for each process that wants them. Even more interesting, the whole concept also enables 32-bit and 64-bit programs to coexist with no need for a lib64 directory (as implemented by mostly all bi-arch distributions out there). The announcement page brings some more interesting pieces of work coming from the 15-years old project.

Submission + - 0-days hitting Fedora and Ubuntu open desktops to a world of hurt (arstechnica.com)

An anonymous reader writes: It's the year of the linux desktop....getting pwned. Chris Evans (not the red white and blue one) has released a number of linux zero day exploits, the most recent of which employs specially crafted audio files to compromise linux desktop machines. From the story:

"I like to prove that vulnerabilities are not just theoretical—that they are actually exploitable to cause real problems," Evans told Ars when explaining why he developed—and released—an exploit for fully patched systems. "Unfortunately, there's still the occasional vulnerability disclosure that is met with skepticism about exploitability. I'm helping to stamp that out."'

Submission + - 5-Year-Old Critical Linux Vulnerability Patched (threatpost.com)

msm1267 writes: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run a serious security issues in the operating system, most of which have been hiding in the code for years.

Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introduced in August 2011. A patch was pushed to the mainline Linux kernel Dec. 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes.

The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.

Submission + - Bluetooth 5 is here (betanews.com) 1

BrianFagioli writes: Today, the Bluetooth Special Interest Group announces the official adoption of the previously-announced Bluetooth 5. In other words, it is officially the next major version of the technology, which will eventually be found in many consumer devices.

So, will you start to see Bluetooth 5 devices and dongles with faster speeds and longer range in stores tomorrow? Nope — sorry, folks. Consumers will have to wait until 2017. The Bluetooth SIG says devices should become available between February and June next year.

Comment Re:Ubuntu makes to much decisions for me... (Score 0) 137

Well, you are right on most things, just this purist view brings the user nowhere. It's the old 'in an ideal world all lawyers would be jobless'...

And the example of windows is very wrong. A tonload of drivers for windows 7, hell, even drivers for vista and XP, just work on the latest windows 10. Simply because they have a well defined driver model. A thousand reasons to dislike Microsoft, but their driver model is not one of them.

It is not only a matter of developer resources. It is also that Linux is still a 'wild west' where anything that works might change in any newer version. And while the kernel maintainers have recognized this issue and proven a more stable ABI since kernel 2.6, some arbitrary projects still have a very egocentric view of the world.. Not to mention the zillion different distro's out there. Even the most well-willing hardware providers (and don't say that AMD and Intel and others aren't as they all showed tremendous effort) run against this wall of chaos...

Comment Re:Ubuntu makes to much decisions for me... (Score 2, Insightful) 137

And why, as end-user, do i care this? I need something that works. A newer version of xorg was apparently more important to drivers compatibility for the package maintainers. For me as user it was the other way around. And it is not trivially possible with Ubuntu to use an older version of xorg.

To elaborate on that: somewhere along the road the xorg developers decided to break something. How hard is it to design something and keep it (forward) compatible? Apparently for xorg very hard. I totally am ready to believe they had their reasons to do so, but you simply cannot expect all other involved developers to run behind them, within months, if they make make a change breaking stuff, totally ignoring the significant amount of testing the AMD developers would have to do. And surely the AMD developers still get the blame simply because they are 'closed source'.

From an idealistic stance of view, you are totally right. In an ideal world those drivers would be open source. From a practical stance of view, developers all over the world, both open and closed source, are hands tied down on license or agreements. And users just want something that works, not necessarily the latest greatest shiniest.

In case of Ubuntu 16.04 the AMD user is left in the cold, no matter who to blame. And this is why people who say 'Linux will never be ready for the desktop' are proven right. I did, and do, use and love Linux but in all fairness it has been a constant struggle, swimming upstream, because design decisions like those are not made from a user stance of view, and because i do not want to dedicate my life to the OS running on my computer. I just want to use my computer.

Comment Ubuntu makes to much decisions for me... (Score 3, Interesting) 137

After many years of Ubuntu use as primary desktop, the thing that drove me away was ending the support for the closed source AMD video drivers.

Someone decided that the open source drivers were 'good enough'. Well, they are not, at least for what i was doing. And the choice to use the drivers as released by AMD was removed, and doing so manually anything but trivial, as in, you'd have more luck on an arch based distro.

Imho, Ubuntu, and all derivatives like Mint, suddenly alienate half their user base with that decision. And if this wasn't an online forum i'd use stronger wordings for that.

Also, i just need to get work done. And most of the stuff i do is reasonable platform-agnostic but expects reasonable 3D performance. So, i'm back to windows 10 which serves my need, ironically has Ubuntu user land built in these days, and Linux will have to wait until i upgrade my graphics to nVidia, or when i can be bothered to try another distro, or when open source graphics drivers are really of comparable quality, whichever come first.

* Just 2 cents from a frustrated ex-Ubuntu&Mint user on the desktop. *

Submission + - Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com)

An anonymous reader writes: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds.

The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months.

Slashdot Top Deals

The only thing worse than X Windows: (X Windows) - X

Working...