Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

  • Multipath TCP Introduces Security Blind Spot

    msm1267 (2804139) writes If multipath TCP is the next big thing to bring resilience and efficiency to networking, then there are some serious security issues to address before it goes mainstream. An expert at next week's Black Hat conference is expected to explain how the TCP extension leaves network security gear blind to traffic moving over multiple network streams. Today's IDS and IPS, for example, cannot correlate and re-assemble traffic as it's split over multiple paths. While such attacks are not entirely practical today, as multipath TCP becomes a fixture on popular networking gear and mobile devices, the risks will escalate. "[Multipath TCP] solves big problems we have today in an elegant fashion," said Catherine Pearce, security consultant and one of the presenters, along with Patrick Thomas. "You don't have to replace hardware or software; it handles all that stuff behind the scenes. But security tools are naïve [to MPTCP], and make assumptions that are no longer valid that were valid in the past."

    52 comments | 9 hours ago

  • HP Gives OpenVMS New Life and Path To X86 Port

    dcblogs (1096431) writes Hewlett-Packard has changed its direction on OpenVMS. Instead of pushing its users off the system, it has licensed OpenVMS to a new firm that plans to develop ports to the latest Itanium chips and is promising eventual support for x86 processors. Last year, HP put OpenVMS on the path to extinction. It said it would not validate the operating system to its latest hardware or produce new versions of it. The move to license the OpenVMS source code to a new entity, VMS Software Inc. (VSI), amounts to a reversal of that earlier decision. VSI plans to validate the operating system on Intel's Itanium eight-core Poulson chips by early 2015, as well as support for HP hardware running the upcoming 'Kittson' chip. It will also develop an x86 port, although it isn't specifying a timeframe. And it plans to develop new versions of OpenVMS.

    131 comments | yesterday

  • PHP Finally Getting a Formal Specification

    itwbennett (1594911) writes "Despite becoming one of the most widely used programming languages on the Web, PHP didn't have a formal specification — until now. Facebook engineer and PHP core contributor Sara Golemon announced the initiative at OSCON earlier this month, and an initial draft of the specification was posted Wednesday on GitHub."

    147 comments | yesterday

  • "ExamSoft" Bar Exam Software Fails Law Grads

    New submitter BobandMax writes ExamSoft, the management platform software that handles digital bar exam submissions for multiple states, experienced a severe technical meltdown on Tuesday, leaving many graduates temporarily unable to complete the exams needed to practice law. The snafu also left bar associations from nearly 20 states with no choice but to extend their submission deadlines. It's not the first time, either: a classmate of mine had to re-do a state bar exam after an ExamSoft glitch on the first go-'round. Besides handling the uploading of completed exam questions, ExamSoft locks down the computer on which it runs, so Wikipedia is not an option.

    98 comments | yesterday

  • Chinese Government Probes Microsoft For Breaches of Monopoly Law

    DroidJason1 writes The Chinese government is investigating Microsoft for possible breaches of anti-monopoly laws, following a series of surprise visits to Redmond's offices in cities across China on Monday. These surprise visits were part of China's ongoing investigation [warning: WSJ paywall], and were based on security complaints about Microsoft's Windows operating system and Office productivity suite. Results from an earlier inspection apparently were not enough to clear Microsoft of suspicion of anti-competitive behavior. Microsoft's alleged anti-monopoly behavior is a criminal matter, so if found guilty, the software giant could face steep fines as well as other sanctions.

    107 comments | 2 days ago

  • Is the App Store Broken?

    A recent post by Instapaper's Marco Arment suggests that design flaws in Apple's App Store are harming the app ecosystem, and users are suffering because of it. "The dominance and prominence of 'top lists' stratifies the top 0.02% so far above everyone else that the entire ecosystem is encouraged to design for a theoretical top-list placement that, by definition, won’t happen to 99.98% of them." Arment notes that many good app developers are finding continued development to be unsustainable, while scammy apps are encouraged to flood the market.

    "As the economics get tighter, it becomes much harder to support the lavish treatment that developers have given apps in the past, such as full-time staffs, offices, pixel-perfect custom designs of every screen, frequent free updates, and completely different iPhone and iPad interfaces. Many will give up and leave for stable, better-paying jobs. (Many already have.)" Brent Simmons points out the indie developers have largely given up the dream of being able to support themselves through iOS development. Yoni Heisler argues that their plight is simply a consequence of ever-increasing competition within the industry, though he acknowledges that more app curation would be a good thing. What strategies could Apple (and the operators of other mobile application stories) do to keep app quality high?

    241 comments | 2 days ago

  • Meet Apache Software Foundation VP Rich Bowen (Video)

    Apache is behind a huge percentage of the world's websites, and the Apache Software Foundation is the umbrella organization that provides licensing and stucture for open source projects ranging from the Apache Web server to Apache OpenOffice to small utilities that aren't household names but are often important to a surprising number of people and companies. Most of us never get to meet the people behind groups like the Apache Software Foundation -- except today we tag along with Tim Lord at OSCON and chat with Apache Software Foundation Executive Vice President Rich Bowen -- who is also Red Hat's OpenStack Community Liason. (Alternate Video Link) Update: 07/30 22:23 GMT by T : Note that Bowen formerly served as Slashdot sister site SourceForge's Community Manager, too.

    14 comments | 2 days ago

  • Which Is Better, Adblock Or Adblock Plus?

    An anonymous reader writes: Wladimir Palant is the creator of the Adblock Plus browser extension, but he often gets asked how it compares to a similar extension for Chrome called Adblock. In the past, he's told people the two extensions achieve largely the same end, but in slightly different ways. However, recent changes to the Adblock project have him worried. "AdBlock covertly moved from an open development model towards hiding changes from its users. Users were neither informed about that decision nor the reasons behind it." He goes through the changelog and highlights some updates that call into question the integrity of Adblock. For example, from an update on June 6th: "Calling home functionality has been extended. It now sends user's locale in addition to the unique user ID, AdBlock version, operating system and whether Google Search ads are being allowed. Also, AdBlock will tell getadblock.com (or any other website if asked nicely) whether AdBlock has just been installed or has been used for a while — again, in addition to the unique user ID." Of course, Palant has skin in this game, and Adblock Plus has dealt with fallout from their "acceptable ads policy," but at least it's still developed in the open.

    402 comments | 2 days ago

  • seL4 Verified Microkernel Now Open Source

    Back in 2009, OKLabs/NICTA announced the first formally verified microkernel, seL4 (a member of the L4 family). Alas, it was proprietary software. Today, that's no longer the case: seL4 has been released under the GPLv2 (only, no "or later versions clause" unfortunately). An anonymous reader writes OSnews is reporting that the formally verified sel4 microkernel is now open source: "General Dynamics C4 Systems and NICTA are pleased to announce the open sourcing of seL4, the world's first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement. It is still the world's most highly assured OS." Source is over at Github. It supports ARM and x86 (including the popular Beaglebone ARM board). If you have an x86 with the VT-x and Extended Page Table extensions you can even run Linux atop seL4 (and the seL4 website is served by Linux on seL4).

    80 comments | 3 days ago

  • Ask Slashdot: Open Hardware/Software-Based Security Token?

    Qbertino (265505) writes I've been musing about a security setup to allow my coworkers/users access to files from the outside. I want security to be a little safer than pure key- or password-based SSH access, and some super-expensive RSA Token setup is out of question. I've been wondering whether there are any feasible and working FOSS and open hardware-based security token generator projects out there. It'd be best with ready-made server-side scripts/daemons. Perhaps something Arduino or Raspberry Pi based? Has anybody tried something like this? What are your experiences? What do you use? How would you attempt an open hardware FOSS solution to this problem?

    110 comments | 3 days ago

  • Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing

    cold fjord (826450) writes with an excerpt from ZDNet At OSCon, The Department of Homeland Security (DHS) ... quietly announced that they're now offering a service for checking out your open-source code for security holes and bugs: the Software Assurance Marketplace (SWAMP). ... Patrick Beyer, SWAMP's Project Manager at Morgridge Institute for Research, the project's prime contractor, explained, "With open source's popularity, more and more government branches are using open-source code. Some are grabbing code from here, there, and everywhere." Understandably, "there's more and more concern about the safety and quality of this code. We're the one place you can go to check into the code" ... funded by a $23.4 million grant from the Department of Homeland Security Science & Technology Directorate (DHS S&T), SWAMP is designed by researchers from the Morgridge Institute, the University of Illinois-Champaign/Urbana, Indiana University, and the University of Wisconsin-Madison. Each brings broad experience in software assurance, security, open source software development, national distributed facilities and identity management to the project. ... SWAMP opened its services to the community in February of 2014 offering five open-source static analysis tools that analyze source code for possible security defects without having to execute the program. ... In addition, SWAMP hosts almost 400 open source software packages to enable tool developers to add enhancements in both the precision and scope of their tools. On top of that the SWAMP provides developers with software packages from the National Institute for Standards and Technology's (NIST) Juliet Test Suite. I got a chance to talk with Beyer at OSCON, and he emphasized that anyone's code is eligible — and that there's no cost to participants, while the center is covered by a grant.

    61 comments | 3 days ago

  • Free Copy of the Sims 2 Contains SecuROM

    dotarray (1747900) writes By now, everybody should know that if something looks too good to be true, it probably is. Let's apply that to EA, shall we? The publisher is giving away copies of The Sims 2: Ultimate Collection, for free... and not mentioning that it includes the controversial SecuROM anti-piracy software. Nobody likes SecuROM.

    232 comments | 3 days ago

  • Ask Slashdot: Where Can I Find Resources On Programming For Palm OS 5?

    First time accepted submitter baka_toroi (1194359) writes I got a Tungsten E2 from a friend and I wanted to give it some life by programming for it a little bit. The main problem I'm bumping up against is that HP thought it would be awesome to just shut down every single thing related to Palm OS development. After Googling a lot I found out CodeWarrior was the de facto IDE for Palm OS development... but I was soon disappointed as I learned that Palm moved from the 68K architecture to ARM, and of course, CodeWarrior was just focused on Palm OS 4 development.

    Now, I realize Palm OS 4 software can be run on Palm OS 5, but I'm looking to use some of the 'newer' APIs. Also, I have the Wi-fi add-on card so I wanted to create something that uses it. I thought what I needed was PODS (Palm OS Development Suite) but not only I can't find it anywhere but also it seems it was deprecated during Palm OS's lifetime. It really doesn't help the fact that I'm a beginner, but I really want to give this platform some life. Any general tip, book, working link or even anecdotes related to all this will be greatly appreciated.

    170 comments | 3 days ago

  • A Fictional Compression Metric Moves Into the Real World

    Tekla Perry (3034735) writes The 'Weissman Score' — created for HBO's "Silicon Valley" to add dramatic flair to the show's race to build the best compression algorithm — creates a single score by considering both the compression ratio and the compression speed. While it was created for a TV show, it does really work, and it's quickly migrating into academia. Computer science and engineering students will begin to encounter the Weissman Score in the classroom this fall."

    133 comments | 4 days ago

  • Oracle Offers Custom Intel Chips and Unanticipated Costs

    jfruh (300774) writes "For some time, Intel has been offering custom-tweaked chips to big customers. While most of the companies that have taken them up on this offer, like Facebook and eBay, put the chips into servers meant for internal use, Oracle will now be selling systems running on custom Xeons directly to end users. Those customers need to be careful about how they configure those systems, though: in the new Oracle 12c, the in-memory database option, which costs $23,000 per processor, is turned on by default."

    96 comments | 4 days ago

  • Attackers Install DDoS Bots On Amazon Cloud

    itwbennett (1594911) writes "Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers. Last week security researchers from Kaspersky Lab found new variants of Mayday, a Trojan program for Linux that's used to launch distributed denial-of-service (DDoS) attacks. The malware supports several DDoS techniques, including DNS amplification. One of the new Mayday variants was found running on compromised Amazon EC2 server instances, but this is not the only platform being misused, said Kaspersky Lab researcher Kurt Baumgartner Friday in a blog post."

    25 comments | 4 days ago

  • Popular Android Apps Full of Bugs: Researchers Blame Recycling of Code

    New submitter Brett W (3715683) writes The security researchers that first published the 'Heartbleed' vulnerabilities in OpenSSL have spent the last few months auditing the Top 50 downloaded Android apps for vulnerabilities and have found issues with at least half of them. Many send user data to ad networks without consent, potentially without the publisher or even the app developer being aware of it. Quite a few also send private data across the network in plain text. The full study is due out later this week.

    145 comments | 4 days ago

  • Valencia Linux School Distro Saves 36 Million Euro

    jrepin (667425) writes "The government of the autonomous region of Valencia (Spain) earlier this month made available the next version of Lliurex, a customisation of the Edubuntu Linux distribution. The distro is used on over 110,000 PCs in schools in the Valencia region, saving some 36 million euro over the past nine years, the government says." I'd lke to see more efforts like this in the U.S.; if mega school districts are paying for computers, I'd rather they at least support open source development as a consequence.

    154 comments | 5 days ago

  • Nasty Business: How To Drain Competitors' Google AdWords Budgets

    tsu doh nimh (609154) writes KrebsOnSecurity looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.The service allows companies to attack competitors by raising their costs or exhausting their ad budgets early in the day. Advertised on YouTube and run by a guy boldly named "GoodGoogle," the service employs a combination of custom software and hands-on customer service, and promises clients the ability to block the appearance of competitors' ads. From the story: "The prices range from $100 to block between three to ten ad units for 24 hours to $80 for 15 to 30 ad units. For a flat fee of $1,000, small businesses can use GoodGoogle's software and service to sideline a handful of competitors' ads indefinitely."

    97 comments | 5 days ago

  • Two South African Cancer Patients Receive 3D Printed Titanium Jaw Implants

    jigmypig (3675225) writes "Two patients in South Africa that have had their lives and more specifically their jaws severely affected by cancer, have just received 3D printed jaw implants. The jaws were 3D printed using a laser sintering process that melts powdered titanium, one layer at a time. The process saves a ton of money, and unlike traditional manufacturing of titanium jaws, it doesn't waste any materials. Traditional manufacturing wastes up to 80% of the titanium block used in the process, whereas with 3D printing there is little to no waste at all. This new process also allows for a fully customizable solution. The models are drawn up in CAD software, and then printed out to precisely fit the patient."

    71 comments | 5 days ago

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>