Oracle

Java Installer Flaw Shows Why You Should Clear Your Downloads Folder (csoonline.com) 14

itwbennett writes: On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason: Older versions of the Java installer were vulnerable to binary planting in the Downloads folder. 'Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user's system,' said Eric Maurice, Oracle's software security assurance director, in a blog post.
Businesses

How the Cloud Has Changed (Since Last You Looked) 21

snydeq writes: InfoWorld's Peter Wayner takes a look at the new services and pricing models that are making cloud computing more powerful, complex, and cheaper than it was a few short years ago. 'We get more, but using it isn't always as simple as it could be. Sure, you still end up on root on some box that's probably running Linux, but getting the right performance out of that machine is more complex,' Wayner writes. "But the real fun comes when you try to figure out how to pay for your planned cloud deployment because there are more options than ever. ... In some cases, the cost engineering can be more complex than the software engineering."
Open Source

GitHub Open Sources Their Internal Testing Tool (thenewstack.io) 34

destinyland writes: Last week GitHub released a new open source tool called Scientist, a Ruby-based library they've been using in-house for several years. "It's the most terrifying moment when you flip the switch," GitHub engineer Jesse Toth told one technology reporter, who notes that the tool is targeted at developers transitioning from a legacy system. "Scientist was born when GitHub engineers needed to rewrite the permissions code — one of the most critical systems in the GitHub application." The tool measures execution duration and other metrics for both test and production code during runtime, and Toth reports that they're now also developing new versions in Node.js, C#, and .Net..
Security

Researcher Finds Tens of Software Products Vulnerable To Simple Bug (softpedia.com) 115

An anonymous reader writes: There's a German security researcher that is arduously testing the installers of tens of software products to see which of them are vulnerable to basic DLL hijacking. Surprisingly, many companies are ignoring his reports. Until now, only Oracle seems to have addressed this problem in Java and VirtualBox. Here's a short (probably incomplete) list of applications that he found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple iTunes. Mr. Kanthak also seems to have paid special attention to antivirus software installers. Here are some of the security products he discovered vulnerable to DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, Rapid7's ScanNowUPnP, Kaspersky, and F-Secure.
GNU is Not Unix

Talos Secure Workstation Is Free-Software Centric — and $3100 [Updated] 84

jones_supa writes: These days, the motivation to use open source software for many people is to avoid backdoors placed by intelligence organizations and to avoid software that has hidden privacy-intruding characteristics. For the operating system and userspace software, open choices are already available. The last remaining island has been the firmware included in various ROM chips in a computer. Libreboot has introduced an open BIOS, but it is not available for newer systems featuring the Intel ME or AMD PSP management features. Talos' Secure Workstation fills this need, providing a modern system with 8-core POWER8 CPU, 132 GB RAM, and open firmware. The product is currently in a pre-release phase where Raptor Engineering is trying to understand if it's possible to do a production run of the machine. If you are interested, it's worth visiting the official website. Adds an anonymous reader about the new system, which rings in at a steep $3100: "While the engineers found solace in the POWER8 architecture with being more open than AMD/Intel CPUs, they still are searching for a graphics card that is open enough to receive the FSF Respect Your Freedom certification." Update: 02/08 18:44 GMT by T : See also Linux hacker and IBM employee Stewart Smith's talk from the just-completed linux.conf.au on, in which he walks through "all of the firmware components and what they do, including the boot sequence from power being applied up to booting an operating system." Update: 02/08 23:30 GMT by T :FSF Licensing & Compliance Manager Joshua Gay wrote to correct the headline originally appeared with this story, which said that the Talos workstation described was "FSF Certified"; that claim was an error I introduced. "The FSF has not certified this hardware," says Gay, "nor is it currently reviewing the hardware for FSF certification." Sorry for the confusion.
Advertising

Adblock Plus Maker Seeks Deal With Ad Industry Players (yahoo.com) 308

An anonymous reader writes with Yahoo's report that the makers of Adblock Plus are "looking to reach out to advertisers and identify an 'acceptable' level and form of advertising on the net." That involves convincing advertisers to conform to the company's own guidelines for advertising, or an alternative path much disliked by some of the software's users — to pay the company to ignore ads that don't meet those guidelines. From the article: Big websites can pay a fee not to be blocked. And it is these proceeds that finance the Cologne-based company and its 49-strong workforce. While Google and Amazon have paid up, others refuse. Axel Springer, which publishers Germany's best-selling daily Bild, accuses [Adblock Plus maker] Eyeo of racketeering. "We believe Eyeo's business model is against the law," a spokesman for Springer told AFP. "Clearly, Eyeo's primary aim is to get its hands on a share of the advertising revenues." Ultimately, such practices posed a threat to the professional journalism on the web, he suggested, an argument Eyeo rejects.
China

Malware Targets Skype Users, Records Conversations (softpedia.com) 48

An anonymous reader writes: A new backdoor trojan is making the rounds, coming equipped with features that allow it to steal files, take screengrabs, and record Skype conversations. Currently detected targeting US organizations, researchers linked it to previous malware developed by a Chinese cyber-espionage group called Admin@338. Besides recording Skype conversations, the malware can also steal Office documents, and includes a complicated installation procedure that allows it to avoid antivirus software installed on the machine.
Android

Report: Google Will Go In Big For VR Hardware This Year 50

The Financial Times reports that Google isn't going to let the VR hardware wars fall to the likes of Samsung and Oculus; instead, it's working on a (cardboard-free) VR headset of its own, to be released in conjunction with Android VR software intended not only to make Android more VR friendly in general but specifically to help developers reduce nausea-inducing lag. The report doesn't quite come out of the blue, considering that Google has shipped more than 5 million of its own Cardboard viewer already, and has several projects dealing with VR infrastructure, either directly (like Jump) or indrectly (like Project Tango). Google (or Alphabet) has proven itself a hardware behemoth, not just the "search giant" it's so often called in news stories, and of late seems to be more interested in making its footprint in hardware a bit firmer.
Firefox

Firefox Adopts a 6-8 Week Variable Release Schedule (mozilla.org) 228

AmiMoJo writes: Four years ago Mozilla moved to a fixed-schedule release model, otherwise known as the Train Model, in which we released Firefox every six weeks to get features and updates to users faster. Now Mozilla is moving to a variable 6-8 week cycle, with the same number of releases per year but some flexibility to 'respond to emerging user and market needs' and allow time for holidays. The new release schedule looks like this:
  • 2016-01-26 – Firefox 44
  • 2016-03-08 – Firefox 45, ESR 45 (6 weeks cycle)
  • 2016-04-19 – Firefox 46 (6 weeks cycle)
  • 2016-06-07 – Firefox 47 (7 weeks cycle)
  • 2016-08-02 – Firefox 48 (8 weeks cycle)
  • 2016-09-13 – Firefox 49 (6 weeks cycle)
  • 2016-11-08 – Firefox 50 (8 weeks cycle)
  • 2016-12-13 – Firefox 50.0.1 (5 week cycle, release for critical fixes as needed)
  • 2017-01-24 – Firefox 51 (6 weeks from prior release)

Businesses

Startup Uses Sensor Networks To Debug Science Experiments (xconomy.com) 22

gthuang88 writes: Environmental factors like temperature, humidity, or lighting often derail life science experiments. Now Elemental Machines, a startup from the founders of Misfit Wearables, is trying to help scientists debug experiments using distributed sensors and machine-learning software to detect anomalies. The product is in beta testing with academic labs and biotech companies. The goal is to help speed up things like biology research and drug development. Wiring up experiments is part of a broader effort to create "smart labs" that automate some of the scientific process.
Windows

Windows 10 Gets Core Console Host Enhancements (nivot.org) 242

x0n writes: As of Windows 10 TH2 (10.0.1058), the core console subsystem has support for a large number of ANSI and VT100 escape sequences. This is likely to prepare for full Open SSH server/client integration, which is already underway over on github. It looks like xterm is finally coming to Windows. OpenSSH was previously announced (last year) by the very forward-looking PowerShell team. The linked article provides some context, and explains that the console host isn't the same as either cmd.exe or powershell.exe, but there is a lot of overlap in functionality.
Classic Games (Games)

Bethesda To Unleash the Hounds of Hell On May 13th: Doom Release Date Confirmed (hothardware.com) 80

MojoKid writes: Bethesda and id Software are in the process rebooting the Doom franchise and it seems like it's been in development for ages. When we last visited the upcoming Doom remake, Bethesda had posted a giblet-filled trailer which showed some pretty impressive gameplay visuals, killer hand-to-hand combat and plenty of head stomping. However, Bethesda just clued gamers in on something that Doom fans have been anticipating for years, an actual release date. Mark your calendars for May 13th, because that's when Doom will be available for Xbox One, PlayStation 4 and of course, the PC platform. Bethesda also dropped a new campaign trailer for you to ogle.
Open Source

CFQ In Linux Gets BFQ Characteristics 65

jones_supa writes: Paolo Valente from University of Modena has submitted a Linux kernel patchset which replaces CFQ (Completely Fair Queueing) I/O scheduler with the last version of BFQ (Budget Fair Queuing, a proportional-share scheduler). This patchset first brings CFQ back to its state at the time when BFQ was forked from CFQ. Paolo explains: "Basically, this reduces CFQ to its engine, by removing every heuristic and improvement that has nothing to do with any heuristic or improvement in BFQ, and every heuristic and improvement whose goal is achieved in a different way in BFQ. Then, the second part of the patchset starts by replacing CFQ's engine with BFQ's engine, and goes on by adding current BFQ improvements and extra heuristics." He provides a link to the thread in which it is agreed on this idea, and a direct link to the e-mail describing the steps.
Bug

Have Your iPhone 6 Repaired, Only To Get It Bricked By Apple (theguardian.com) 401

New submitter Nemosoft Unv. writes: In case you had a problem with the fingerprint sensor or some other small defect on your iPhone 6 and had it repaired by a non-official (read: cheaper) shop, you may be in for a nasty surprise: error 53. What happens is that during an OS update or re-install the software checks the internal hardware and if it detects a non-Apple component, it will display an error 53 and brick your phone. Any photos or other data held on the handset is lost – and irretrievable. Thousands of people have flocked to forums to express their dismay at this. What's more insiduous is that the error may only appear weeks or months after the repair. Incredibly, Apple says this cannot be fixed by any hard- or software update, while it is clearly their software that causes the problem in the first place. And then you thought FTDI was being nasty ...
Security

Anti-Malware Maker Files Lawsuit Over Bad Review (csoonline.com) 162

itwbennett writes: In a lawsuit filed January 8, 2016, Enigma Software, maker of anti-malware software SpyHunter, accuses self-help portal Bleeping Computer of making 'false, disparaging, and defamatory statements.' At issue: a bad review posted by a user in September, 2014. The lawsuit also accuses Bleeping Computer of profiting from driving traffic to competitor Malwarebytes via affiliate links: 'Bleeping has a direct financial interest in driving traffic and sales to Malwarebytes and driving traffic and sales away from ESG.' Perhaps not helping matters, one of the first donations to a fund set up by Bleeping Computer to help with legal costs came from Malwarebytes.
Piracy

Torrents Time Lets Anyone Launch Their Own Web Version of Popcorn Time 143

An anonymous reader writes: Popcorn Time, an app for streaming video torrents, just got its own web version: Popcorn Time Online. Unlike other attempts to bring Popcorn Time into the browser, this one is powered by a tool called Torrents Time, which delivers the movies and TV shows via an embedded torrent client. Oh, and the developers have released the code so that anyone can create their own version. If Popcorn Time is Hollywood's worst nightmare, Torrents Time is trying to make sure Hollywood can't wake up.
Microsoft

Microsoft To Acquire SwiftKey Predictive Keyboard Technology Company For $250M (hothardware.com) 118

MojoKid writes: SwiftKey has been one of the more popular predictive keyboard offerings in the mobile space since it was first released in beta form on the Android market back in 2010. What made SwiftKey so appealing was its intelligent predictive texting technology. SwiftKey isn't a simple keyboard replacement. Rather, the software uses a combination of artificial intelligence technologies that give it the ability to learn usage patterns and predict the next word the user most likely intends to type. SwiftKey refines its predictions, learning over time by analyzing data from SMS, Facebook, and Twitter messages, then offering predictions based on the text being entered at the time. It is estimated that SwiftKey is installed on upwards of 500 million mobile devices. According to reports, Microsoft is apparently buying the UK-based company for a cool $250 Million. What Microsoft intends to do with SwiftKey is not clear just yet, but the company has been purchasing mobile apps at a good clip as of late.
Communications

Big Satellite Systems, Simulated On Your Desktop (sf.net) 44

An anonymous reader writes: Big systems of hundreds of satellites are under development to provide wireless Internet globally, with Richard Branson's OneWeb and Thales' LeoSat aiming at consumers and business markets respectively. It's like reliving the late 1990s, when Bill Gates' Teledesic and Motorola's Celestri were trying to do the same thing before merging their efforts and then giving up. And now you can simulate OneWeb and LeoSat for yourself, and compare them to older systems, in the new release of the vintage SaVi satellite simulation package, which was created in the 1990s during the first time around. Bear in mind Karl Marx's dictum of history: the first time is tragedy, and the second time is farce. Do these new systems stand a chance?
Operating Systems

GNU Hurd Begins Supporting Sound, Still Working On 64-bit & USB Support (phoronix.com) 312

An anonymous reader writes: GNU developer Samuel Thibault presented at this weekend's FOSDEM conference about the current state of GNU Hurd. He shared that over the past year they've started working on experimental sound support as their big new feature. They also have x86 64-bit support to the point that the kernel can boot, but not much beyond that stage yet. USB and other functionality remains a work-in-progress. Those curious about this GNU kernel project can find more details via the presentation media.
Security

NSA Hacker Chief Explains How To Keep Him Out of Your System (wired.com) 70

An anonymous reader writes: Rob Joyce, the nation's hacker-in-chief, took up the ironic task of telling a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems. Joyce himself did little to shine a light on the TAO's classified operations. His talk was mostly a compendium of best security practices. But he did drop a few of the not-so-secret secrets of the NSA's success, with many people responding to his comments on Twitter.

Slashdot Top Deals