Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Graphics

NVIDIA Fixes Old Compiz Bug 47

Posted by timothy
from the mayan-long-count dept.
jones_supa writes NVIDIA has fixed a long-standing issue in the Ubuntu Unity desktop by patching Compiz. When opening the window of a new application, it would go black or become transparent on NVIDIA hardware. There have been bug reports dating back to Ubuntu 12.10 times. The problem was caused by Compiz, which had some leftover code from a port. An NVIDIA developer posted on Launchpad and said the NVIDIA team has been looking at this issue, and they also proposed a patch. "Our interpretation of the specification is that creating two GLX pixmaps pointing at the same drawable is not allowed, because it can lead to poorly defined behavior if the properties of both GLX drawables don't match. Our driver prevents this, but Compiz appears to try to do this," wrote NVIDIA's Arthur Huillet. The Compiz patch has been accepted upstream.
Security

Lizard Squad Claims Attack On Lenovo Days After Superfish 36

Posted by Soulskill
from the some-publicity-is-bad-publicity dept.
Amanda Parker writes with news that hacker group Lizard Squad has claimed responsibility for a defacement of Lenovo's website. This follows last week's revelations that Lenovo installed Superfish adware on consumer laptops, which included a self-signed certificate authority that could have allowed man-in-the-middle attacks. The hackers seemingly replaced the manufacturer's website with images of an unidentified youth, displayed with a song from the Disney film High School Musical playing in the background. Taking to a new Twitter account that has only been active a matter of days, the Lizards also posted emails alleged to be from Lenovo, leading some to speculate that the mail system had been compromised. While some have seen the attack as retaliation for the Superfish bug, it is also possible that Lizard Squad are jumping on the event merely to promote their own hacking services.
Medicine

Drug-Resistant Malaria May Pose Major Threat 71

Posted by timothy
from the not-just-crazy-dream-pills dept.
According to Newsweek, "A strain of drug-resistant malaria that was discovered last summer along the Thailand-Cambodia border has been been spreading throughout Southeast Asia, to Laos, Vietnam, Cambodia and Myanmar." Specifically, the samples are resistant to anti-malarial artemisinin. The study analyzed more than 900 blood samples from malaria patients at over 55 different sites in Myanmar. The results showed that the drug-resistant bug was widespread, and dangerously close to the Indian border in the country’s Sagaing region. "Our study shows that artemisinin resistance extends over more of southeast Asia than had previously been known, and is now present close to the border with India,” wrote the researchers in the study abstract.
Bug

Duplicate SSH Keys Put Tens of Thousands of Home Routers At Risk 114

Posted by timothy
from the vewy-vewy-quiet dept.
alphadogg (971356) writes A setup mistake has apparently left hundreds of thousands of home routers running the SSH (Secure Shell) remote access tool with identical private and public keys. John Matherly, founder of a specialized search engine company whose technology is used for querying Internet-connected devices, found more than 250,000 devices that appear to be deployed by Telefónica de España sharing the same public SSH key. A different search found another 150,000 devices, mostly in China and Taiwan, that have the same problem. Matherly said in a phone interview on Wednesday it is possible the manufacturers copied the same operating system image to all of the routers.
Education

Carnegie-Mellon Sends Hundreds of Acceptance Letters By Mistake 131

Posted by timothy
from the about-that dept.
An anonymous reader writes As reported in the Pittsburgh Post-Gazette, Carnegie-Mellon University mistakenly sent 800 acceptances for its Master of Science in Computer Science program. They're not saying "computer error," but what are the other explanations? High irony all around. The program accepts fewer than nine percent of more than 1,200 applicants, which places the acceptance level at about a hundred, so they're bad at math, too.
Security

Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers 248

Posted by timothy
from the hey-man-you're-s'posed-to-join-the-nsa-first dept.
An anonymous reader writes It looks like Lenovo has been installing adware onto new consumer computers from the company that activates when taken out of the box for the first time. The adware, named Superfish, is reportedly installed on a number of Lenovo's consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user's permission. Another anonymous reader points to this Techspot article, noting that that it doesn't mention the SSL aspect, but this Lenovo Forum Post, with screen caps, is indicating it may be a man-in-the-middle attack to hijack an SSL connection too. It's too early to tell if this is a hoax or not, but there are multiple forum posts about the Superfish bug being installed on new systems. Another good reason to have your own fresh install disk, and to just drop the drivers onto a USB stick. Also at ZDnet.
Encryption

Netatmo Weather Station Sends WPA Passwords In the Clear 37

Posted by samzenpus
from the out-in-the-open dept.
UnderAttack writes The SANS Internet Storm Center is writing that Netatmo weather stations will send the users WPA password in the clear back to Netatmo. Netatmo states that this is some forgotten debug code that was left in the device. Overall, the device doesn't bother with encryption, but sends all data, not just the password, in the clear. From the article: "After reporting the bug to Netatmo, the company responded, acknowledging that it does indeed dump all that data from the weather station’s memory unencrypted and that it would stop doing that the coming weeks."
Windows

Microsoft Fixes Critical Remotely Exploitable Windows Root-Level Design Bug 136

Posted by timothy
from the lurking-beneath-the-surface dept.
An anonymous reader writes "In this month's Patch Tuesday, Microsoft has released nine security bulletins to address 56 unique vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software. Of the nine security bulletins, three are rated Critical in severity, and among these three is one that addresses a years-old design flaw that can be exploited remotely to grant attackers administrator-level privileges to the targeted machine or device. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." Reader jones_supa writes, though, that the most recent patch rollout came with a bug of its own, since corrected: the company apparently botched a rollup update for Visual Studio 2010 Tools for Office Runtime: "There is an issue with KB3001652: many users are reporting that it is locking up their machines while trying to install it. It does not seem that this patch is doing any other damage though, such as bricking the operating system. These days Microsoft appears to be reacting quickly to this kind of news as it looks like the patch has already been pulled from Windows Update."
Communications

Tracking System Bug Delays SpaceX's DSCOVR Launch 48

Posted by timothy
from the for-want-of-a-highly-sophisticated-tracking-system dept.
The SpaceX two-fer launch that was scheduled for today has been scrubbed. NBC News reports that the launch was postponed until Monday at the earliest due to a problem with the range-tracking system in Florida. That means an ambitious second attempt to land the Falcon 9 rocket's first stage on an oceangoing platform will also have to be delayed. ... Satellites such as the Advanced Composition Explorer and Solar and Heliospheric Observatory, which are already located at the L1 point, can provide up to an hour's warning of major storms. Both those satellites are well past their anticipated lifetimes, however, and DSCOVR is designed to provide a much-needed backup. SpaceX's two-stage Falcon 9 rocket will boost DSCOVR into a preliminary orbit, but it will take 110 days of in-space maneuvers to get the probe into the right position. This launch would mark the first time that SpaceX has sent a spacecraft so far, and it will be judged a success if DSCOVR reaches its intended orbit. The delayed launch could take place as soon as tomorrow (Monday) evening.
Bug

RMS Objects To Support For LLVM's Debugger In GNU Emacs's Gud.el 551

Posted by timothy
from the purity-in-body-mind-and-spirit dept.
An anonymous reader writes with the news that Richard Stallman is upset over the prospect of GNU Emacs's Grand Unified Debugger (Gud.el) supporting LLVM's LLDB debugger. Stallman says it looks like there is a systematic effort to attack GNU packages and calls for the GNU Project to respond strategically. He wrote his concerns to the mailing list after a patch emerged that would optionally support LLDB alongside GDB as an alternative debugger for Emacs. Other Emacs developers discounted RMS' claims by saying Emacs supports Windows and OS X, so why not support a BSD-licensed compiler/debugger? The Emacs maintainer has called the statements irrelevant and won't affect their decision to merge the LLDB support.
Bug

Xenon Flashes Can Make New Raspberry Pi 2 Freeze and Reboot 192

Posted by timothy
from the camera-shy dept.
An anonymous reader writes Unfortunately for Raspberry Pi 2 owners who are trying to photograph their devices, ... the Raspberry Pi 2 has been found to be Xenon flash sensitive. Any camera with a Xenon flash aimed at the device is causing the device to freeze for a few seconds before rebooting. The forum thread about the bug is an interesting play-by-play of how the problem was narrowed down.
Security

BMW Patches Security Flaw Affecting Over 2 Million Vehicles 44

Posted by samzenpus
from the safe-at-reasonable-speeds dept.
An anonymous reader writes BMW has fixed a security bug which left 2.2 million cars, including models from Rolls Royce and Mini, exposed to hackers. The flaw was discovered in vehicles using BMW's ConnectedDrive software, which runs from an installed on-board Sim card. Via the smartphone app, owners can remotely control a number of functions including door locks, air conditioning and sounding the horn. Researchers from the German motorist association ADAC identified the flaw which allowed the system to connect to fake mobile phone networks, enabling hackers to remotely control the Sim card.
Google

New Google Security Reward Program Announcement 32

Posted by samzenpus
from the new-rules dept.
jones_supa writes Since 2010, Security Reward Programs have been one cornerstone of Google's relationship with the security research community. In 2014, the company rewarded 200 different researchers with a total amount of $1.5 million. Google wants to celebrate the participants' contributions to the company, and in turn, their contributions back to the researchers. For 2015, two additions to the programs are being announced. It has been noted that researchers' efforts through these programs, combined with Google's internal security work, have made it increasingly difficult to find bugs. Of course, that's good news, but it can also be discouraging when researchers invest their time and struggle to find issues. With this in mind, today Google is rolling out a new, experimental program: Vulnerability Research Grants. These are up-front awards that will be provided to researchers before they even submit a bug. To learn more about the current grants, and review your eligibility, have a look at the rules page. Second, also starting today, all mobile applications officially developed by Google on Google Play and iTunes will now be within the scope of the Vulnerability Reward Program.
Open Source

Inkscape Version 0.91 Released 134

Posted by Soulskill
from the onward-and-upward dept.
Bryce writes: Four years since the last major Inkscape release, now news is out about version 0.91 of this powerful vector drawing and painting tool. The main reason for the multi-year delay is that they've switched from their old custom rendering engine to using Cairo now, improving their support for open source standards. This release also adds symbol libraries and support for Visio stencils, cross platform WMF and EMF import and export, a native Windows 64-bit build, scads of bug fixes, and much more. Check out the full release notes for more information about what has changed, or just jump right to downloading your package for Windows, Linux, or Mac OS X.
Graphics

GeForce GTX 980 and 970 Cards From MSI, EVGA, and Zotac Reviewed 66

Posted by Soulskill
from the price-vs.-performance-vs.-really-loud-fans dept.
MojoKid writes: In all of its iterations, NVIDIA's Maxwell architecture has proven to be a good performing, power-efficient GPU thus far. At the high-end of the product stack is where some of the most interesting products reside, however. When NVIDIA launches a new high-end GPU, cards based on the company's reference design trickle out first, and then board partners follow up with custom solutions packing unique cooling hardware, higher clocks, and sometimes additional features. With the GeForce GTX 970 and GTX 980, NVIDIA's board partners were ready with custom solutions very quickly. These three custom GeForce cards, from enthusiast favorites EVGA, MSI, and Zotac represent optimization at the high-end of Maxwell. Two of the cards are GTX 980s: the MSI GTX 980 Gaming 4G and the Zotac GeForce GTX 980 AMP! Omgea, the third is a GTX 970 from EVGA, their GeForce GTX 970 FTW with ACX 2.0. Besides their crazy long names, all of these cards are custom solutions, that ship overclocked from the manufacturer. In testing, NVIDIA's GeForce GTX 980 was the fastest, single-GPU available. The custom, factory overclocked MSI and Zotac cards cemented that fact. Overall, thanks to a higher default GPU-clock, the MSI GTX 980 Gaming 4G was the best performing card. EVGA's GeForce GTX 970 FTW was also relatively strong, despite its alleged memory bug. Although, as expected, it couldn't quite catch the higher-end GeForce GTX 980s, but occasionally outpaced the AMD's top-end Radeon R9 290X.
Security

Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites 203

Posted by samzenpus
from the watch-what-you-watch dept.
MojoKid writes Adobe issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year. This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn watchers. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites. It was also noted that even a top 1000 website was affected, so it's not as though victims are surfing to the murkiest depths of the web to come in contact with it.
Bug

Security-Focused BlackPhone Was Vulnerable To Simple Text Message Bug 46

Posted by Soulskill
from the nobody's-perfect dept.
mask.of.sanity sends this report from El Reg: The maker of BlackPhone – a mobile marketed as offering unusually high levels of security – has patched a critical vulnerability that allows hackers to run malicious code on the handsets. Attackers need little more than a phone number to send a message that can compromise the devices via the Silent Text application.

The impact of the flaw is troubling because BlackPhone attracts what hackers see as high-value victims: those willing to invest AU$765 (£415, $630) in a phone that claims to put security above form and features may well have valuable calls and texts to hide from eavesdroppers.
Bug

NVIDIA GTX 970 Specifications Corrected, Memory Pools Explained 113

Posted by samzenpus
from the under-the-hood dept.
Vigile writes Over the weekend NVIDIA sent out its first official response to the claims of hampered performance on the GTX 970 and a potential lack of access to 1/8th of the on-board memory. Today NVIDIA has clarified the situation again, this time with some important changes to the specifications of the GPU. First, the ROP count and L2 cache capacity of the GTX 970 were incorrectly reported at launch (last September). The GTX 970 has 52 ROPs and 1792 KB of L2 cache compared to the GTX 980 that has 64 ROPs and 2048 KB of L2 cache; previously both GPUs claimed to have identical specs. Because of this change, one of the 32-bit memory channels is accessed differently, forcing NVIDIA to create 3.5GB and 0.5GB pools of memory to improve overall performance for the majority of use cases. The smaller, 500MB pool operates at 1/7th the speed of the 3.5GB pool and thus will lower total graphics system performance by 4-6% when added into the memory system. That occurs when games request MORE than 3.5GB of memory allocation though, which happens only in extreme cases and combinations of resolution and anti-aliasing. Still, the jury is out on whether NVIDIA has answered enough questions to temper the fire from consumers.
Bug

NVIDIA Responds To GTX 970 Memory Bug 145

Posted by timothy
from the can't-remeber-why-you'upset dept.
Vigile writes Over the past week or so, owners of the GeForce GTX 970 have found several instances where the GPU was unable or unwilling to address memory capacities over 3.5GB despite having 4GB of on-board frame buffer. Specific benchmarks were written to demonstrate the issue and users even found ways to configure games to utilize more than 3.5GB of memory using DSR and high levels of MSAA. While the GTX 980 can access 4GB of its memory, the GTX 970 appeared to be less likely to do so and would see a dramatic performance hit when it did. NVIDIA responded today saying that the GTX 970 has "fewer crossbar resources to the memory system" as a result of disabled groups of cores called SMMs. NVIDIA states that "to optimally manage memory traffic in this configuration, we segment graphics memory into a 3.5GB section and a 0.5GB section" and that the GPU has "higher priority" to the larger pool. The question that remains is should this affect gamers' view of the GTX 970? If performance metrics already take the different memory configuration into account, then I don't see the GTX 970 declining in popularity.
Bug

Linus Fixes Kernel Regression Breaking Witcher 2 126

Posted by timothy
from the where-is-your-itch? dept.
jones_supa writes There has been quite a debate around the Linux version of The Witcher 2: Assassins of Kings and the fact that it wasn't really a port. A special kind of wrapper was used to make the Windows version of the game run on Linux systems, similar to Wine. The performance on Linux systems took a hit and users felt betrayed because they thought that they would get a native port. However, after the game stopped launching properly at some point, the reason was actually found to be a Linux regression. Linus quickly took care of the issue on an unofficial Witcher 2 issue tracker on GitHub: "It looks like LDT_empty is buggy on 64-bit kernels. I suspect that the behavior was inconsistent before the tightening change and that it's now broken as a result. I'll write a patch. Serves me right for not digging all the way down the mess of macros." This one goes to the bin "don't break userspace". Linus also reminds of QA: "And maybe this is an excuse for somebody in the x86 maintainer team to try a few games on steam. They *are* likely good tests of odd behavior.."