Forgot your password?
typodupeerror

Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

Media

Open-Source Blu-Ray Library Now Supports BD-J Java 21

Posted by Soulskill
from the hack-it-until-it-works dept.
An anonymous reader writes: Updates to the open-source libbluray, libaacs, and libbdplus libraries have improved the open-source Blu-ray disc support to now enable the Blu-ray Java interactivity layer (BD-J). The Blu-ray Java code is in turn executed by OpenJDK or the Oracle JDK and is working well enough to play a Blu-ray disc on the Raspberry Pi when paired with the VLC media player."
Privacy

Black Hat Presentation On Tor Cancelled, Developers Working on Bug Fix 28

Posted by Soulskill
from the you-can't-say-that-on-television dept.
alphadogg writes A presentation on a low-budget method to unmask users of a popular online privacy tool Tor will no longer go ahead at the Black Hat security conference early next month. The talk was nixed by the legal counsel with Carnegie Mellon's Software Engineering Institute after a finding that materials from researcher Alexander Volynkin were not approved for public release, according to a notice on the conference's website. Tor project leader Roger Dingledine said, "I think I have a handle on what they did, and how to fix it. ... Based on our current plans, we'll be putting out a fix that relays can apply that should close the particular bug they found. The bug is a nice bug, but it isn't the end of the world." Tor's developers were "informally" shown materials about the bug, but never saw any details about what would be presented in the talk.
Firefox

Firefox 31 Released 103

Posted by Soulskill
from the baskin-robbins-edition dept.
An anonymous reader writes Mozilla has released version 31 of its Firefox web browser for desktops and Android devices. According to the release notes, major new features include malware blocking for file downloads, automatic handling of PDF and OGG files if no other software is available to do so, and a new certificate verification library. Smaller features include a search field on the new tab page, better support for parental controls, and partial implementation of the OpenType MATH table. Firefox 31 is also loaded with new features for developers. Mozilla also took the opportunity to note the launch of a new game, Dungeon Defenders Eternity, which will run at near-native speeds on the web using asm.js, WebGL, and Web Audio. "We're pleased to see more developers using asm.js to distribute and now monetize their plug-in free games on the Web as it strengthens support for Mozilla's vision of a high performance, plugin-free Web."
Businesses

Buying New Commercial IT Hardware Isn't Always Worthwhile (Video) 75

Posted by Roblimo
from the sometimes-it's-better-and-costs-less-to-stick-with-proven-hardware dept.
Ben Blair is CTO of MarkITx, a company that brokers used commercial IT gear. This gives him an excellent overview of the marketplace -- not just what companies are willing to buy used, but also what they want to sell as they buy new (or newer) equipment. Ben's main talking point in this interview is that hardware has become so commoditized that in a world where most enterprise software can be virtualized to run across multiple servers, it no longer matters if you have the latest hardware technology; that two older servers can often do the job of one new one -- and for less money, too. So, he says, you should make sure you buy new hardware only when necessary, not just because of the "Ooh... shiny!" factor" (Alternate Video Link)
Bug

Researchers Test Developer Biometrics To Predict Buggy Code 75

Posted by Soulskill
from the subject-was-asleep-when-this-code-was-checked-in dept.
rjmarvin writes: Microsoft Research is testing a new method for predicting errors and bugs while developers write code: biometrics. By measuring a developer's eye movements, physical and mental characteristics as they code, the researchers tracked alertness and stress levels to predict the difficulty of a given task with respect to the coder's abilities. In a paper entitled "Using Psycho-Physiological Measures to Assess Task Difficulty in Software Development," the researchers summarized how they strapped an eye tracker, an electrodermal sensor and an EEG sensor to 15 developers as they programmed for various tasks. Biometrics predicted task difficulty for a new developer 64.99% of the time. For a subsequent tasks with the same developer, the researchers found biometrics to be 84.38% accurate. They suggest using the information to mark places in code that developers find particularly difficult, and then reviewing or refactoring those sections later.
Operating Systems

Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS 124

Posted by timothy
from the compared-to-what? dept.
New submitter I Ate A Candle (3762149) writes Tails OS, the Tor-reliant privacy-focused operating system made famous by Edward Snowden, contains a number of zero-day vulnerabilities that could be used to take control of the OS and execute code remotely. At least that's according to zero-day exploit seller Exodus Intelligence, which counts DARPA amongst its customer base. The company plans to tell the Tails team about the issues "in due time", said Aaron Portnoy, co-founder and vice president of Exodus, but it isn't giving any information on a disclosure timeline. This means users of Tails are in danger of being de-anonymised. Even version 1.1, which hit public release today (22 July 2014), is affected. Snowden famously used Tails to manage the NSA files. The OS can be held on a USB stick and leaves no trace once removed from the drive. It uses the Tor network to avoid identification of the user, but such protections may be undone by the zero-day exploits Exodus holds.
Security

AirMagnet Wi-Fi Security Tool Takes Aim At Drones 50

Posted by timothy
from the command-and-control-is-next dept.
alphadogg (971356) writes "In its quest to help enterprises seek out and neutralize all threats to their Wi-Fi networks, AirMagnet is now looking to the skies. In a free software update to its AirMagnet Enterprise product last week, the Wi-Fi security division of Fluke Networks added code specifically crafted to detect the Parrot AR Drone, a popular unmanned aerial vehicle that costs a few hundred dollars and can be controlled using a smartphone or tablet. Drones themselves don't pose any special threat to Wi-Fi networks, and AirMagnet isn't issuing air pistols to its customers to shoot them down. The reason the craft are dangerous is that they can be modified to act as rogue access points and sent into range of a victim's wireless network, potentially breaking into a network to steal data."
Science

Method Rapidly Reconstructs Animal's Development Cell By Cell 39

Posted by samzenpus
from the best-baby-pictures dept.
An anonymous reader writes Researchers at the Howard Hughes Medical Institute's Janelia Research Campus have developed software that can track each and every cell in a developing embryo. The software will allow a researcher to pick out a single cell at any point in development and trace its life backward and forward during the embryo's growth. Philipp Keller, a group leader at Janelia says: "We want to reconstruct the elemental building plan of animals, tracking each cell from very early development until late stages, so that we know everything that has happened in terms of cell movement and cell division. In particular, we want to understand how the nervous system forms. Ultimately, we would like to collect the developmental history of every cell in the nervous system and link that information to the cell's final function. For this purpose, we need to be able to follow individual cells on a fairly large scale and over a long period of time."
Cellphones

Why My LG Optimus Cellphone Is Worse Than It's Supposed To Be 285

Posted by samzenpus
from the no-sir-I-don't-like-it dept.
Bennett Haselton writes My LG Optimus F3Q was the lowest-end phone in the T-Mobile store, but a cheap phone is supposed to suck in specific ways that make you want to upgrade to a better model. This one is plagued with software bugs that have nothing to do with the cheap hardware, and thus lower one's confidence in the whole product line. Similar to the suckiness of the Stratosphere and Stratosphere 2 that I was subjected to before this one, the phone's shortcomings actually raise more interesting questions — about why the free-market system rewards companies for pulling off miracles at the hardware level, but not for fixing software bugs that should be easy to catch. Read below to see what Bennett has to say.
Patents

Appeals Court Affirms Old Polaroid Patent Invalid 44

Posted by Unknown Lamer
from the bite-the-dust dept.
mpicpp (3454017) writes with news of a notoriously abused (basically "method of displaying images on a machine") software patent being declared invalid. From the article: The ruling from last week is one of the first to apply new Supreme Court guidance about when ideas are too "abstract" to be patented. ... The patents in this case describe a type of "device profile" that allows digital images to be accurately displayed on different devices. US Patent No. 6,128,415 was originally filed by Polaroid in 1996. After a series of transfers, in 2012 the patent was sold to Digitech Image Technologies, a branch of Acacia Research Corporation, the largest publicly traded patent assertion company. ... In the opinion, a three-judge panel found that the device profile described in the patent is a "collection of intangible color and spatial information," not a machine or manufactured object. "Data in its ethereal, non-physical form is simply information that does not fall under any of the categories of eligible subject matter under section 101," wrote Circuit Judge Jimmie Reyna on behalf of the panel.
Communications

FTC To Trap Robocallers With Open Source Software 124

Posted by Soulskill
from the about-bloody-time dept.
coondoggie writes: The Federal Trade Commission today announced the rules for its second robocall exterminating challenge, known this time as Zapping Rachel Robocall Contest. 'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012. The agency will be hosting a contest at next month's DEF CON security conference to build open-source methods to lure robocallers into honeypots and to predict which calls are robocalls. They'll be awarding cash prizes for the top solutions.
Google

Google To Stop Describing Games With In-App Purchases As 'Free' 138

Posted by Soulskill
from the insert-coin-to-continue dept.
An anonymous reader writes After a series of investigations, lawsuits, and fines over how in-app purchases are advertised and communicated to users, Google has agreed to stop labeling games that use in-app purchases as "Free." This change is the result of a request by the European Commission to stop misleading customers about the costs involved with using certain apps. "Games should not contain direct exhortation to children to buy items in a game or to persuade an adult to buy items for them; Consumers should be adequately informed about the payment arrangements for purchases and should not be debited through default settings without consumers' explicit consent." The EC notes that Apple has not yet done anything to address these concerns.
Businesses

Ask Slashdot: How Many Employees Does Microsoft Really Need? 271

Posted by Soulskill
from the might-be-time-to-reevaluate-the-Clippy-department dept.
An anonymous reader writes: Yesterday, word came down that Microsoft was starting to lay off some 18,000 workers. As of June 5th, Microsoft reported a total employee headcount of 127,005, so they're cutting about 15% of their jobs. That's actually a pretty huge percentage, even taking into account the redundancies created by the Nokia acquisition. Obviously, there's an upper limit to how much of your workforce you can let go at one time, so I'm willing to bet Microsoft's management thinks thousands more people aren't worth keeping around. How many employees does Microsoft realistically need? The company is famous for its huge teams that don't work together well, and excessive middle management. But they also have a huge number of software projects, and some of the projects, like Windows and Office, need big teams to develop. How would we go about estimating the total workforce Microsoft needs? (Other headcounts for reference: Apple: 80,000, Amazon: 124,600, IBM: 431,212, Red Hat: 5,000+, Facebook: 6,800, Google: 52,000, Intel: 104,900.)
Microsoft

Microsoft's Missed Opportunities: Memo From 1997 161

Posted by Unknown Lamer
from the hyper-cube-os dept.
New submitter gthuang88 (3752041) writes In the 1990s, Microsoft was in position to own the software and devices market. Here is Nathan Myhrvold's previously unpublished 1997 memo on expanding Microsoft Research to tackle problems in software testing, operating systems, artificial intelligence, and applications. Those fields would become crucial in the company's competition with Google, Apple, Amazon, and Oracle. But research didn't do enough to make the company broaden its businesses. While Microsoft Research was originally founded to ensure the company's future, the organization only mapped out some possible futures. And now Microsoft is undergoing the biggest restructuring in its history. At least F# and LINQ saw the light of day.
Open Source

Open Hardware and Digital Communications Conference On Free Video, If You Help 15

Posted by samzenpus
from the put-some-money-in-the-box dept.
Bruce Perens writes The TAPR Digital Communications Conference has been covered twice here and is a great meeting on leading-edge wireless technology, mostly done as Open Hardware and Open Source software. Free videos of the September 2014 presentations will be made available if you help via Kickstarter. For an idea of what's in them, see the Dayton Hamvention interviews covering Whitebox, our Open Hardware handheld software-defined radio transceiver, and Michael Ossman's HackRF, a programmable Open Hardware transceiver for wireless security exploration and other wireless research. Last year's TAPR DCC presentations are at the Ham Radio Now channel on Youtube.
Security

LibreSSL PRNG Vulnerability Patched 151

Posted by Soulskill
from the looking-forward-to-the-next-two-day-panic dept.
msm1267 writes: The OpenBSD project late last night rushed out a patch for a vulnerability in the LibreSSL pseudo random number generator (PRNG). The flaw was disclosed two days ago by the founder of secure backup company Opsmate, Andrew Ayer, who said the vulnerability was a "catastrophic failure of the PRNG." OpenBSD founder Theo de Raadt and developer Bob Beck, however, countered saying that the issue is "overblown" because Ayer's test program is unrealistic. Ayer's test program, when linked to LibreSSL and made two different calls to the PRNG, returned the exact same data both times.

"It is actually only a problem with the author's contrived test program," Beck said. "While it's a real issue, it's actually a fairly minor one, because real applications don't work the way the author describes, both because the PID (process identification number) issue would be very difficult to have become a real issue in real software, and nobody writes real software with OpenSSL the way the author has set this test up in the article."
Hardware Hacking

SRI/Cambridge Opens CHERI Secure Processor Design 59

Posted by Unknown Lamer
from the dreaming-of-hurd/coyotos dept.
An anonymous reader writes with some exciting news from the world of processor design: Robert Watson at Cambridge (author of Capsicum) has written a blog post on SRI/Cambridge's recent open sourcing of the hardware and software for the DARPA-sponsored CHERI processor — including laser cutting directions for an FPGA-based tablet! Described in their paper The CHERI Capability Model: Reducing Risk in an age of RISC, CHERI is a 64-bit RISC processor able to boot and run FreeBSD and open-source applications, but has a Clang/LLVM-managed fine-grained, capability-based memory protection model within each UNIX process. Drawing on ideas from Capsicum, they also support fine-grained in-process sandboxing using capabilities. The conference talk was presented on a CHERI tablet running CheriBSD, with a video of the talk by student Jonathan Woodruff (slides).

Although based on the 64-bit MIPS ISA, the authors suggest that it would also be usable with other RISC ISAs such as RISC-V and ARMv8. The paper compares the approach with several other research approaches and Intel's forthcoming Memory Protection eXtensions (MPX) with favorable performance and stronger protection properties.
The processor "source code" (written in Bluespec Verilog) is available under a variant of the Apache license (modified for application to hardware). Update: 07/16 20:53 GMT by U L : If you have any questions about the project, regular Slashdot contributor TheRaven64 is one of the authors of the paper, and is answering questions.
Software

Australian Electoral Commission Refuses To Release Vote Counting Source Code 112

Posted by Soulskill
from the you-can-trust-us dept.
angry tapir writes: The Australian Electoral Commission has been fighting a freedom of information request to reveal the source code of the software it uses to calculate votes in elections for Australia's upper house of parliament. Not only has the AEC refused an FOI request (PDF) for the source code, but it has also refused an order from the Senate directing that the source code be produced. Apparently releasing the code could "leave the voting system open to hacking or manipulation."
IBM

Apple and IBM Announce Partnership To Bring iOS + Cloud Services To Enterprises 126

Posted by Soulskill
from the international-onebutton-machines dept.
jmcbain writes: According to an article on Recode, Apple and IBM have announced a major partnership to bring mobile services to enterprise customers. "The deal calls for IBM and Apple to develop more than 100 industry-specific applications that will run on the iPhone and iPad. Apple will add a new class of service to its AppleCare program and support aimed at enterprise customers. IBM will also begin to sell iPhones and iPads to its corporate customers and will devote more than 100,000 people, including consultants and software developers, to the effort. Enterprise applications will in many cases run on IBM's cloud infrastructure or on private clouds that it has built for its customers. Data for those applications will co-exist with personal data like photos and personal email that will run on Apple's iCloud and other cloud services."
Software

Is the Software Renaissance Ending? 170

Posted by Soulskill
from the da-vinci-code dept.
An anonymous reader writes Writer and former software engineer Matt Gemmell adds his voice to the recent rumblings about writing code as a profession. Gemmell worries that the latest "software Renaissance," which was precipitated by the explosion of mobile devices, is drawing to a close. "Small shops are closing. Three-person companies are dropping back to sole proprietorships all over the place. Products are being acquired every week, usually just for their development teams, and then discarded. The implacable, crushing wheels of industry, slow to move because of their size, have at last arrived on the frontier. Our frontier, or at least yours now. I've relinquished my claim." He also pointed out the cumulative and intractable harm being done by software patents, walled-garden app stores, an increasingly crowded market, and race-to-the-bottom pricing. He says that while the available tools make it a fantastic time to develop software, actually being an independent developer may be less sustainable than ever.

ASCII a stupid question, you get an EBCDIC answer.

Working...