Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

900 Embedded Devices Share Hard-Coded Certs, SSH Host Keys 45

An anonymous reader writes: Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks. SEC Consult has analyzed firmware images of more than 4000 embedded devices of over 70 vendors — firmware of routers, IP cameras, VoIP phones, modems, etc. — and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

AMD's Crimson Radeon Driver For Linux Barely Changes Anything (phoronix.com) 93

An anonymous reader writes: AMD Windows customers were greeted this week to the new "Crimson" Radeon Software that brought many bug fixes, performance improvements, and brand new control panel. While AMD also released this Crimson driver for Linux, it really doesn't change much. The control panel is unchanged except for replacing "Catalyst" strings with "Radeon" and there's been no performance changes but just some isolated slowdowns. The Crimson Linux release notes only mention two changes: a fix for glxgears stuttering and mouse cursor corruption.

Will You Be Able To Run a Modern Desktop Environment In 2016 Without Systemd? 708

New submitter yeupou writes: Early this year, David Edmundson from KDE, concluded that "In many cases [systemd] allows us to throw away large amounts of code whilst at the same time providing a better user experience. Adding it [systemd] as an optional extra defeats the main benefit". A perfectly sensible explanation. But, then, one might wonder to which point KDE would remain usable without systemd?

Recently, on one Devuan box, I noticed that KDE power management (Powerdevil) no longer supported suspend and hibernate. Since pm-utils was still there, for a while, I resorted to call pm-suspend directly, hoping it would get fixed at some point. But it did not. So I wrote a report myself. I was not expecting much. But neither was I expecting it to be immediately marked as RESOLVED and DOWNSTREAM, with a comment accusing the "Debian fork" I'm using to "ripe out" systemd without "coming with any of the supported solutions Plasma provides". I searched beforehand about the issue so I knew that the problem also occurred on some other Debian-based systems and that the bug seemed entirely tied to upower, an upstream software used by Powerdevil. So if anything, at least this bug should have been marked as UPSTREAM.

While no one dares (yet) to claim to write software only for systemd based operating system, it is obvious that it is now getting quite hard to get support otherwise. At the same time, bricks that worked for years without now just get ruined, since, as pointed out by Edmunson, adding systemd as "optional extra defeats its main benefit". So, is it likely that we'll still have in 2016 a modern desktop environment, without recent regressions, running without systemd?

Pearson Credential Manager System Used By Cisco, IBM, F5 Has Been Breached 25

An anonymous reader writes with a report from Help Net Security that the credential management system used by Pearson VUE (part of education company and publisher Pearson) has been breached "by an unauthorized third party with the help of malware." Pearson VUE specializes in computer-based assessment testing for regulatory and certification boards. From the story: Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs. The company is still assessing the scope of the breach, and says that they do not think that US Social Security numbers or full payment card information were compromised. But because the PMC is custom designed to fit specific customer requirements, they are still looking into how this incident affected each of their customers. According to a note on Pearson's site, the system remains down for the time being.

Zuckerberg To Take 2 Months Paternity Leave To Give His Kid a Better Outcome (techcrunch.com) 164

theodp writes: TechCrunch reports that Facebook CEO Mark Zuckerberg will take two months off from Facebook for paternity leave. Why? "Studies show that when working parents take time to be with their newborns, outcomes are better for the children and families," Zuckerberg explained in a FB post on Friday. "At Facebook we offer our U.S. employees up to 4 months of paid maternity or paternity leave which they can take throughout the year." No word on why the child will only get 50% of that time — maybe that's what the gains chart suggested as a good tradeoff — or if expectant parents who apply to send their children to Zuckerberg's new Primary School, which aims to "help children from underserved communities reach their full potential," will be expected to make a similar commitment.

FTC Amends Telemarketing Rule To Ban Payment Methods Used By Scammers 48

An anonymous reader writes: The Federal Trade Commission has approved final amendments to its Telemarketing Sales Rule (TSR), including a change that will help protect consumers from fraud by prohibiting four discrete types of payment methods favored by scammers. The TSR changes will stop telemarketers from dipping directly into consumer bank accounts by using certain kinds of checks and "payment orders" that have been "remotely created" by the telemarketer or seller. In addition, the amendments will bar telemarketers from receiving payments through traditional "cash-to-cash" money transfers – provided by companies like MoneyGram, Western Union, and RIA.
Operating Systems

Jolla Goes For Debt Restructuring (phoronix.com) 46

jones_supa writes: Months after the smartphone company Jolla announced its split and intent to focus on Sailfish OS licensing, its financial situation has not improved. Jolla's latest financing round has been delayed and so they have had to file for debt restructuring in Finland. As part of that, the company is temporarily laying off a big part of its personnel (Google translation of Finnish original). Jolla co-founder Antti Saarnio said, "Our operating system Sailfish OS is in great shape currently and it is commercially ready. Unfortunately the development until this point has required quite a lot of time and money (PDF). To get out of this death valley we need to move from a development phase into a growth phase. At the same time we need to adapt our cost levels to the new situation. One of the main actions is to tailor the operating system to fit the needs of different clients. We have several major and smaller potential clients who are interested in using Sailfish OS in their projects."

Python Is On the Rise, While PHP Falls (dice.com) 231

Nerval's Lobster writes: While this month's lists of the top programming languages uniformly put Java in the top spot, that's not the only detail of interest to developers. Which language has gained the most users over the past five years? And which are tottering on the edge of obsolescence? According to PYPL, which pulls its raw data for analysis from Google Trends, Python has grown the most over the past five years—up 5 percent since roughly 2010. Over the same period, PHP also declined by 5 percent. Since PYPL looks at how often language tutorials are searched on Google, its data is a good indicator of how many developers are (or aren't) learning a language, presumably because they see it as valuable to their careers. Just because PYPL shows PHP losing market-share over the long term doesn't mean that language is in danger of imminent collapse; over the past year or so, the PHP community has concentrated on making the language more pleasant to use, whether by improving features such as package management, or boosting overall performance. Plus, PHP is still used on hundreds of millions of websites, according to data from Netcraft. Indeed, if there's any language on these analysts' lists that risks doom, it's Objective-C, the primary language used for programming iOS and Mac OS X apps, and its growing obsolescence is by design.

NVIDIA Jetson TX1 Performance Shines For GPU Computing (phoronix.com) 22

An anonymous reader writes: Following last week's announcement of the Jetson TX1 development board, NVIDIA is now allowing independent reports of performance for their $599 USD 64-bit ARM development board. Linux results published by Phoronix show very strong performance for the Jetson TX1 when looking at the Cortex-A57 speed relative to the Tegra K1 and older Tegra SoCs along with other ARM hardware like Calxeda and Raspberry Pi. The Jetson TX1 was generally multiple times faster than ARM hardware a few years old. The graphics performance was twice as fast as the year-old Jetson TK1 thanks to the Maxwell GPU. Compared to x86 hardware, in CPU-bound tasks the performance is comparable to an AMD Sempron/Phenom except when utilizing GPGPU computing where it's then faster than Intel Skylake and Xeon processors. The Jetson TX1 had a peak power consumption of 16 Watts and an average power use of under 10 Watts.

Linux 4.4 Kernel To Bring Raspberry Pi Graphics Driver, Open-Channel SSD Support (phoronix.com) 67

An anonymous reader writes: Linux 4.4-rc1 has been released. New features of Linux 4.4 include a Raspberry Pi kernel mode-setting driver, support for 3D acceleration by QEMU guest virtual machines, AMD Stoney APU support, Qualcomm Snapdragon 820 support, expanded eBPF virtual machine programs, new hardware peripheral support, file-system fixes, faster SHA crypto support on Intel hardware, and LightNVM / Open-Channel SSD support.

Experimental Drug Targeting Alzheimer's Disease Shows Anti-Aging Effects (nextbigfuture.com) 101

schwit1 writes with news that researchers at the Salk Institute have found that an experimental drug candidate aimed at combating Alzheimer's disease has a host of unexpected anti-aging effects in animals. Says the article: The Salk team expanded upon their previous development of a drug candidate, called J147, which takes a different tack by targeting Alzheimer's major risk factor–old age. In the new work, the team showed that the drug candidate worked well in a mouse model of aging not typically used in Alzheimer's research. When these mice were treated with J147, they had better memory and cognition, healthier blood vessels in the brain and other improved physiological features.

"Initially, the impetus was to test this drug in a novel animal model that was more similar to 99 percent of Alzheimer's cases," says Antonio Currais, the lead author and a member of Professor David Schubert's Cellular Neurobiology Laboratory at Salk. "We did not predict we'd see this sort of anti-aging effect, but J147 made old mice look like they were young, based upon a number of physiological parameters."


Tor Project Claims FBI Paid University Researchers $1m To Unmask Tor Users 108

An anonymous reader writes: Have Carnegie Mellon University researchers been paid by the FBI to unmask a subset of Tor users so that the agents could discover who operated Silk Road 2.0 and other criminal suspects on the dark web? Tor Project Director Roger Dingledine believes so, and says that they were told by sources in the information security community that the FBI paid at least $1 million for the service. From the article: "There is no indication yet that they had a warrant or any institutional oversight by Carnegie Mellon's Institutional Review Board. We think it's unlikely they could have gotten a valid warrant for CMU's attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once," noted Dingledine. "Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users," he pointed out.

Ivan Ristic and SSL Labs: How One Man Changed the Way We Understand SSL 25

An anonymous reader writes: Ivan Ristic is well-known in the information security world, and his name has become almost a synonym for SSL Labs, a project he started in early 2009. Before that, he was mostly known for his work with OWASP and the development of the wildly popular open source web application firewall ModSecurity. While SSL Labs was something Ristic worked on in his spare time, over time it became his main focus. In fact, over the years, the project incorporated a great number of checks that are impossible to perform manually. It's a game changer because, to assess your TLS configuration, you don't need to be an expert. Read the story about the project's evolution on Help Net Security.

NVIDIA Releases JTX1 ARM Board That Competes With Intel's Skylake i7-6700K (phoronix.com) 84

An anonymous reader writes: NVIDIA has unveiled the Jetson TX1 development board powered by their Tegra X1 SoC. The Jetson TX1 has a Maxwell GPU capable of 1 TFLOP/s, four 64-bit ARM A57 processors, 4GB of RAM, and 16GB of onboard storage. NVIDIA isn't yet allowing media to publish benchmarks, but the company's reported figures show the graphics and deep learning performance to be comparable to an Intel Core i7-6700K while scoring multiple times better on performance-per-Watt. This development board costs $599 (or $299 for the educational version) and consumes less than 10 Watts.

Symbolic vs. Mnemonic Relational Operators: Is "GT" Greater Than ">"? 304

theodp writes: "Mnemonic operators," writes SAS's Rick Wicklin as he weighs the pros-and-cons of Symbolic Versus Mnemonic Logical Operators, "tend to appear in older languages like FORTRAN, whereas symbolic operators are common in more recent languages like C/C++, although some relatively recent scripting languages like Perl, PHP, and Windows PowerShell also support mnemonic operators. SAS software has supported both operators in the DATA step since the very earliest days, but the SAS/IML language, which is more mathematically oriented, supports only the symbolic operators. Functionally, the operators are equivalent, so which ones you use is largely a matter of personal preference. Since consistency and standards are essential when writing computer programming, which operators should you choose?"

ProtonMail Restores Services After Epic DDoS Attacks 57

An anonymous reader writes: After several days of intense work, Switzerland-based end-to-end encrypted e-mail provider ProtonMail has largely mitigated the DDoS attacks that made it unavailable for hours on end in the last week. The attacks exceeded 100Gbps, and are still going on, but they are no longer capable of knocking ProtonMail offline for extended periods of time. The ProtonMail community of users proved to be invaluable for the company. In fact, in just a few days, they donated over $50,000 to the company's "defense fund," providing the resources to resist further attacks against email privacy.

Steam Has Brought 1,600 Games To Linux In the Past Three Years (phoronix.com) 110

An anonymous reader writes: Today marks three years since Valve's Steam client went into beta on Linux. In that time over 1,600 games have become natively available for Linux. Going beyond having many new Linux games, Phoronix recaps, "we've seen Valve make significant investments into the open-source graphics stack and other areas of Linux (in part through their sponsorship of Collabora and LunarG). Valve developers are significantly pushing SDL2. We've seen more mainstream interest in Linux gaming, and Valve has been heavily involved in the creation of the Vulkan graphics API. They have given away their entire game collection to the Mesa/Ubuntu/Debian upstream developers, and much more." The three-year anniversary is coincidentally just days before the release of Steam Machines.

Crypto-Ransomware Encrypts Files "Offline" 54

An anonymous reader writes: Ransomware comes in various forms, and not all ransomware encrypts files — some just block computers until the ransom is paid. When the file encryption feature is included, the encryption key is usually sent to the malware's C&C server, which is controlled by the crooks — but not always. Researchers have recently analyzed a crypto-ransomware sample that demonstrated an alternative method of encrypting files and delivering the key (i.e., the information required to discover the right key) to the criminal behind the scheme — it doesn't need to contact a C&C to receive an encryption key or to send it to the crook.

Full Text of Trans-Pacific Partnership Released (Officially, This Time) (mfat.govt.nz) 247

EmagGeek writes: The full text of the Trans-Pacific Partnership, or TPP, has been officially released, and is available for the public to see. According to CNN, The TPP is a 12-nation deal that touches on 40% of the global economy. The provisions of the deal would knock down tariffs and import quotas, making it cheaper to import and export, and open new Asia-Pacific markets. Negotiations have been going on for years, led by the United States and Japan — with China conspicuously absent from the list of signees.