First time accepted submitter punk2176 writes "Recently I started a free and open source project known as the PunkSPIDER project and presented it at ShmooCon 2013. If you haven't heard of it, it's at heart, a project with the goal of pushing for improved global website security. In order to do this we built a Hadoop distributed computing cluster along with a website vulnerability scanner that can use the cluster. Once we finished that we open sourced the code to our scanner and unleashed it on the Internet. The results of our scans are provided to the public for free in an easy-to-use search engine. The results so far aren't pretty." The Register has an informative article, too.
Please create an account to participate in the Slashdot moderation system
New submitter haberb writes "I always thought my HTC phones were of average or above average quality, and certainly no less secure than an vanilla Android install, but it turns out someone was still not impressed. 'Mobile device manufacturer HTC America has agreed to settle Federal Trade Commission charges that the company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.' Perhaps this will push HTC to release some of the ICS upgrades they promised a few months ago but never delivered, or perhaps the reason they fell through in the first place?"
Kagetsuki writes "There's a project on KickStarter for a Free and Open set of emoji [the graphical emoticon glyph set which has a block reserved in Unicode]. Currently there are no full sets of Emoji that are completely free (as in beer and and freedom), so if this project gets funded it will be the first and only set of emoji that can, say, be distributed with FLOSS Linux/BSD/GNU systems. Not to mention anyone will be able to incorporate them into any project without any restrictive conditions." And lest you think emoji devoid of literary value, reader coondoggie points out that the Library of Congress has just welcomed (or at least allowed) onto its vaunted shelves an all-emoji version of Melville's Moby Dick, created with the help of translators working through Amazon's Mechanical Turk.
Barence writes "Are faster grades of SD memory card worth the extra cash? PC Pro has conducted in-depth speed tests on different grades of SD card to find out if they're worth the premium. In camera tests, two top-end SD cards outshone the rest by far, while class 4 cards dawdled for more than a second between shots. However, with the buffer on modern DSLRs able to handle 20 full-res shots or more, it's unlikely an expensive card will make any difference to anyone other than professionals shooting bursts of fast-action shots. What about for expanding tablet or laptop memory? A regular class 4 or 6 card that's capable of recording HD video will also be fast enough to play it back on a tablet. The only advantage of a faster card for media is that syncing with your PC will be quicker. However, a faster card is recommended if you're using it to supplement the memory of an Ultrabook or MacBook Air."
An anonymous reader writes "Stanford researcher Jonathan Mayer has contributed a Firefox patch that will block third-party cookies by default. It's now on track to land in version 22. Kudos to Mozilla for protecting their users and being so open to community submissions. The initial response from the online advertising industry is unsurprisingly hostile and blustering, calling the move 'a nuclear first strike.'"
kthreadd writes "Minix, originally designed as an example for teaching operating system theory which was both inspiration and cause for the creation of Linux has just been released as version 3.2.1. Major new features include full support for shared libraries and improved support for USB devices such as keyboards, mice and mass storage devices. The system has received many performance improvements and several userland tools have been imported from NetBSD."
New submitter capsfan100 writes "At Christmas I got an $89 Android tablet by MID. The 7" tablet has sufficient RAM, etc. The battery, however, was rather pathetic out of the box. It's already fading, so we know where this is headed — decent tablet, but it constantly needs the plug. How would you take this 'old' tablet and turn it into a rockin' stereo component? Is there a ROM build out there titled Pimp My Tablet Into An MP3 Player? The current music app can look up lyrics on-line. I'd like to keep that feature. Any ideas on a good app for syncing music videos with my *ahem* random music collection? Any fun, off-beat party apps this middle-aged suburban dad hasn't heard of? Since the Android security nightmare is so well documented, I'd rather not use services that require passwords. I also need top-notch security and monitoring software so I can see what my kids and their friends are doing with it next year when I'm not home while keeping them anonymous and safe on-line. As for my living room stereo system, how best to mount a sleek MP3 tablet? I was thinking velcro, but it would ruin the feel. Maybe a wall-mount arm like my HDTV has? We want to be able to unplug it and move around the room, so I'll need to upgrade the speakers to wireless. Any thoughts there? I'm not afraid of the command line — indeed, I insist on one — but no Gentoo-type projects, thank you. Just a good sleek and secure ROM for optimal tunage with all the top apps the kids are using today."
walterbyrd writes with news that Nikon is the latest company to agree to pay Microsoft for the privilege of using Android on its devices — as you might expect from Nikon, the devices in this case are cameras. (Microsoft's press release.)
Press2ToContinue writes with this excerpt from ExtremeTech: "With products like Google's Glass, the Oculus Rift, and even certain features found on the Nintendo 3DS, augmented, mixed, and virtual reality are starting to make some headway in the consumer space. Canon, best known for its cameras, is looking to break into the mixed reality scene with its new head-mounted display. ... The core of the setup is the Canon HMD (head-mounted display) which works in conjunction with various sensors — optical and magnetic, as well as visual markers — to help create the mixed reality environment. The HMD employs two cameras located in front of each eye that captures video and shoots it off to an off-board, tethered computer. The computer then combines the real-world visuals with computer-generated visuals, and beams that back to two monitors placed in front of the eyes within the HMD. The unit combines with a development platform, dubbed the MR Platform, which allows companies to create mixed reality images to display on the HMD."
An anonymous reader writes "AllThingsD's Kara Swisher reported and tweeted that Marissa Mayer (CEO since July 2012) has just sent an all-hands email ending Yahoo's policy of allowing remote employees. Hundreds of workers have been given the choice: start showing up for work at HQ (which would require relocation in many cases), or resign. (They can forget about Yahoo advice pieces like this). Mayer has also been putting her stamp on Yahoo's new home page, which was rolled out Wednesday."
Z80xxc! writes "The White House Office of Science and Technology Policy announced a "policy memorandum" today requiring any federal agency with over $100 million in R&D expenditures each year to develop plans for making all research funded by that agency freely available to the public within one year of publication in any peer-reviewed scholarly journal. The full memorandum is available on the White House website. It appears that this policy would not only apply to federal agencies conducting research, but also to any university, private corporation, or other entity conducting research that arises from federal funding. For those in academia and the public at large, this is a huge step towards free open access to publicly funded research." Edward Tufte calls the move timid and unimaginative, linking to a Verge article that explains that it's not quite as sweeping as the summary above sounds.
rtfa-troll writes "There has been a worldwide (all locations) total outage of storage in Microsoft's Azure cloud. Apparently, 'Microsoft unwittingly let an online security certificate expire Friday, triggering a worldwide outage in an online service that stores data for a wide range of business customers,' according to the San Francisco Chronicle (also Yahoo and the Register). Perhaps too much time has been spent sucking up to storage vendors and not enough looking after the customers? This comes directly after a week-long outage of one of Microsoft's SQL server components in Azure. This is not the first time that we have discussed major outages on Azure and probably won't be the last. It's certainly also not the first time we have discussed Microsoft cloud systems making users' data unavailable."
Hugh Pickens writes "William D. Hartung, director of the Arms and Security Project at the Center for International Policy, writes that although we have been bombarded with tales of woe about the potentially devastating impacts of cutting the Pentagon budget 8% under the sequester, examples of egregious waste and misplaced spending priorities at the Pentagon abound. One need look no further than the department's largest weapons program, the F-35 combat aircraft, which has just been grounded again after a routine inspection revealed a crack on a turbine blade in the jet engine of an F-35 test aircraft in California. Even before it has moved into full-scale production, the plane has already increased in price by 75%, and it has so far failed to meet basic performance standards. By the Pentagon's own admission, building and operating three versions of the F-35 — one for the Air Force, one for the Navy and one for the Marines — will cost more than $1.4 trillion over its lifetime, making it the most expensive weapons program ever undertaken. And in an era in which aerial combat is of diminishing importance and upgraded versions of current generation U.S. aircraft can more than do the job, it is not at all clear that we need to purchase more than 2,400 of these planes. Cutting the two most expensive versions of the F-35 will save over $60 billion in the next decade."
At last year's RSA security conference, we ran into the Pwnie Plug. The company has just come out with a new take on the same basic idea of pen-testing devices based on commodity hardware. Reader puddingebola writes with an excerpt from Wired: "The folks at security tools company Pwnie Express have built a tablet that can bash the heck out of corporate networks. Called the Pwn Pad, it's a full-fledged hacking toolkit built atop Google's Android operating system. Some important hacking tools have already been ported to Android, but Pwnie Express says that they've added some new ones. Most importantly, this is the first time that they've been able to get popular wireless hacking tools like Aircrack-ng and Kismet to work on an Android device." Pwnie Express will be back at RSA and so will Slashdot, so there's a good chance we'll get a close-up look at the new device, which runs about $800.
judgecorp writes "France is planning a €20 billion programme to get super-fast broadband to its rural population. About half the funds will come from government investment, and President Hollande believes the work will create 10,000 jobs. Half the population should have fast broadband in the next five years, and the whole country in ten years. France is at a disadvantage for broadband as it is a large country with a lot of rural areas. However, it also has a more left-leaning government willing to take on infrastructure projects."