Sorry, you need to enable JavaScript to visit this website.

Feed aggregator

Keith Packard's Work On Better Supporting VR HMDs Under Linux With X.Org/DRM

Phoronix - Sat, 23/09/2017 - 11:25am
Earlier this year Keith Packard started a contract gig for Valve working to improve Linux's support for virtual reality head-mounted displays (VR HMDs). In particular, working on Direct Rendering Manager (DRM) and X.Org changes needed so VR HMDs will work well under Linux with the non-NVIDIA drivers...

Apple: iPhones Are Too 'Complex' To Allow Unauthorized Repair

Slashdot - Sat, 23/09/2017 - 10:00am
Jason Koebler writes: Apple's top environmental officer made the company's most extensive statements about the repairability of Apple hardware on Tuesday: "Our first thought is, 'You don't need to repair this.' When you do, we want the repair to be fairly priced and accessible to you," Lisa Jackson, Apple's vice president of policy and social initiatives said at TechCrunch Disrupt in San Francisco. "To think about these very complex products and say the answer to all our problems is that you should have anybody to repair and have access to the parts is not looking at the whole problem." Apple has lobbied against "Fair Repair" bills in 11 states that would require the company to make its repair guides available and to sell replacement parts to the general public. Instead, it has focused on an "authorized service provider" model that allows the company to control the price and availability of repair.

Read more of this story at Slashdot.

Spanish govt slammed over bizarre Catalan .cat internet registry cop raid

El Reg - Sat, 23/09/2017 - 9:15am
Heavy-handed tactics during lead up to independence referendum

The Spanish government has come under increasing criticism for raiding the offices of the .cat internet registry in the lead-up to a referendum on Catalan's independence.…

Super-Accurate GPS Chips Coming To Smartphones In 2018

Slashdot - Sat, 23/09/2017 - 7:00am
schwit1 writes about a new mass-market Broadcom chip designed for the next generation of smartphones: It'll know where you are to within 30 centimeters (11.8 inches), rather than five meters. At least that's the claim chip maker Broadcom is making. It says that some of its next-generation smartphone chips will use new global positioning satellite signals to boost accuracy. In a detailed report on the announcement and how the new signals work, IEEE Spectrum says that the new chips, which are expected to appear in some phones as soon as next year, will also use half the power of today's chips and even work in cities where tower blocks often interfere with existing systems. All told, it sounds like a massive change for those who rely on their phones to find their way.

Read more of this story at Slashdot.

New Antibody Attacks 99% of HIV Strains

Slashdot - Sat, 23/09/2017 - 3:30am
An anonymous reader quotes a report from BBC: Scientists have engineered an antibody that attacks 99% of HIV strains and can prevent infection in primates. It is built to attack three critical parts of the virus -- making it harder for HIV to resist its effects. The work is a collaboration between the US National Institutes of Health and the pharmaceutical company Sanofi. Our bodies struggle to fight HIV because of the virus' incredible ability to mutate and change its appearance. These varieties of HIV -- or strains -- in a single patient are comparable to those of influenza during a worldwide flu season. So the immune system finds itself in a fight against an insurmountable number of strains of HIV. But after years of infection, a small number of patients develop powerful weapons called "broadly neutralizing antibodies" that attack something fundamental to HIV and can kill large swathes of HIV strains. Researchers have been trying to use broadly neutralizing antibodies as a way to treat HIV, or prevent infection in the first place. The study, published in the journal Science, combines three such antibodies into an even more powerful "tri-specific antibody." The experiments conducted on 24 monkeys showed none of those given the tri-specific antibody developed an infection when they were later injected with the virus. "We're getting 99% coverage, and getting coverage at very low concentrations of the antibody," said Dr Gary Nabel, the chief scientific officer at Sanofi and one of the report authors.

Read more of this story at Slashdot.

Hackers Using iCloud's Find My iPhone Feature To Remotely Lock Macs, Demand Ransom Payments

Slashdot - Sat, 23/09/2017 - 2:05am
AmiMoJo shares a report from Mac Rumors: Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone. With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here. Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device. The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers. Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.

Read more of this story at Slashdot.

Court Rules That Imported Solar Panels Are Bad For US Manufacturing

Slashdot - Sat, 23/09/2017 - 1:25am
The International Trade Commission has ruled that American companies are being hurt by cheap solar panels from overseas, providing an opportunity for President Donald Trump to tax imports from countries like China. The Verge reports: Today's unanimous decision ruled that the companies SolarWorld Americans and Suniva were struggling financially not because of their own poor management, but because they couldn't compete with cheap panels from countries like China, Mexico, and South Korea. Suniva is now suggesting import duties of 40 cents a watt for solar cells, and a floor price of 78 cents a watt for panels. (Right now, the average floor price, worldwide, for panels is about 32 cents.) The Solar Energy Industries Association warned that implementing these suggestions could end up doubling the price of solar, thus destroying demand and causing Americans to lose their jobs.

Read more of this story at Slashdot.

Microsoft and Canonical Make Custom Linux Kernel

Slashdot - Sat, 23/09/2017 - 12:45am
Billly Gates writes: Microsoft and Canonical's relationship is getting closer besides Ubuntu for Windows. Azure will soon be offering more customized Ubuntu containers with a MS optimized kernel. Uname -r will show 4.11.0-1011-azure for Ubuntu cloud based 16.04 LTS. If you want the non MS kernel you can still use it on Azure by typing: $ sudo apt install linux-virtual linux-cloud-tools-virtual $ sudo apt purge linux*azure $ sudo reboot The article mentions several benefits over the generic Linux kernel for Azure

Read more of this story at Slashdot.

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs

Slashdot - Sat, 23/09/2017 - 12:05am
An anonymous reader writes from a report via Bleeping Computer: The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding most bugs in Apple's Safari. Results showed that Safari had by far the worst DOM engine, with 17 new bugs discovered after Fratric's test. Second was Edge with 6, then IE and Firefox with 4, and last was Chrome with only 2 new issues. The tests were carried out with a new fuzzing tool created by Google engineers named Domato, also open-sourced on GitHub. This is the third fuzzing tool Google creates and releases into open-source after OSS-Fuzz and syzkaller. Researchers focused on testing DOM engines for vulnerabilities because they expect them to be the next target for browser exploitation after Flash reaches end-of-life in 2020.

Read more of this story at Slashdot.

Don’t fear the software shopkeeper: T&Cs banning bad reviews aren’t legal in America

El Reg - Fri, 22/09/2017 - 11:32pm
Doesn’t stop them trying to put the frighteners, tho

DerbyCon  Security vendors are inserting language into their products' terms and conditions that attempt to silence critics, folks attending this year's DerbyCon conference were told on Friday.…

Verizon Backtracks Slightly In Plan To Kick Customers Off Network

Slashdot - Fri, 22/09/2017 - 11:20pm
An anonymous reader quotes a report from Ars Technica: Verizon Wireless is giving a reprieve to some rural customers who are scheduled to be booted off their service plans, but only in cases when customers have no other options for cellular service. Verizon recently notified 8,500 customers in 13 states that they will be disconnected on October 17 because they used roaming data on another network. But these customers weren't doing anything wrong -- they are being served by rural networks that were set up for the purpose of extending Verizon's reach into rural areas. Today, Verizon said it is extending the deadline to switch providers to December 1. The company is also letting some customers stay on the network -- although they must switch to a new service plan. "If there is no alternative provider in your area, you can switch to the S (2GB), M (4GB), 5GB single-line, or L (8GB) Verizon plan, but you must do so by December 1," Verizon said in a statement released today. These plans range from $35 to $70 a month, plus $20 "line fees" for each line. The 8,500 customers who received disconnection letters have a total of 19,000 lines. Verizon sells unlimited plans in most of the country but said only those limited options would be available to these customers. Verizon also reiterated its promise that first responders will be able to keep their Verizon service even though some public safety officials received disconnection notices. "We have become aware of a very small number of affected customers who may be using their personal phones in their roles as first responders and another small group who may not have another option for wireless service," Verizon said. "After listening to these folks, we are committed to resolving these issues in the best interest of the customers and their communities. We're committed to ensuring first responders in these areas keep their Verizon service."

Read more of this story at Slashdot.

Facebook U-turn: React, other libraries freed from unloved patent license

El Reg - Fri, 22/09/2017 - 11:07pm
Hybrid BSD pact will be replaced by MIT deal for some projects

Faced with growing dissatisfaction about licensing requirements for some of its open-source projects, Facebook today said it will move React, Jest, Flow, and Immutable.js under the MIT license next week.…

Walmart Wants To Deliver Groceries Straight To Your Fridge

Slashdot - Fri, 22/09/2017 - 10:40pm
New submitter Rick Schumann writes: Walmart has a new marketing idea: "Going to the store? No one has time for that anymore," Walmart says. They want to partner with a company called August Home, who makes smart locks, so a delivery service can literally deliver groceries right into your refrigerator -- while you watch remotely on your phone. Great, time-saving idea, or super-creepy invasion of your privacy? You decide. Here's how the company says it would work: 1. Place an order on Walmart.com for groceries or other goods. 2. A driver for Deliv -- a same-day delivery service -- retrieves items when the order is ready, and brings them to the customer's home. 3. If no one answers, the delivery person can use a one-time passcode that's been pre-authorized by the customer to open the home's smart lock. 4. The customer receives a smartphone notification when the delivery is occurring, and can choose to watch it all play out in real-time on home security cameras through a dedicated app. 5. Delivery person leaves packages in the foyer, then brings the groceries to the kitchen, unloads them into the fridge, and leaves. 6. Customer receives notification that the door has locked behind them.

Read more of this story at Slashdot.

Want to get around app whitelists by pretending to be Microsoft? Of course you can...

El Reg - Fri, 22/09/2017 - 10:27pm
...And here's how

DerbyCon  A sprinkle of code and an understanding of the Windows digital certificate process is all that's needed for a miscreant to sneak malware past Microsoft's application whitelist within a corporate environment.…

Adobe Security Team Accidentally Posts Private PGP Key On Blog

Slashdot - Fri, 22/09/2017 - 10:00pm
A member of Adobe's Product Security Incident Response Team (PSIRT) accidentally posted the PGP keys for PSIRT's email account -- both the public and the private keys. According to Ars Technica, "the keys have since been taken down, and a new public key has been posted in its stead." From the report: The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen. Nurminen was able to confirm that the key was associated with the psirt@adobe.com e-mail account. To be fair to Adobe, PGP security is harder than it should be. What obviously happened is that a PSIRT team member exported a text file from PSIRT's shared webmail account using Mailvelope, the Chrome and Firefox browser extension, to add to the team's blog. But instead of clicking on the "public" button, the person responsible clicked on "all" and exported both keys into a text file. Then, without realizing the error, the text file was cut/pasted directly to Adobe's PSIRT blog.

Read more of this story at Slashdot.

For Facebook, ignorance is the business model: Social net is shocked – SHOCKED – that people behave badly

El Reg - Fri, 22/09/2017 - 9:37pm
See no evil, hear no evil, speak of no evil

Analysis  No one at Facebook had any idea anyone might use its ad tools to target "Jew haters," said COO Sheryl Sandberg earlier this week.…

Passwords For 540,000 Car Tracking Devices Leaked Online

Slashdot - Fri, 22/09/2017 - 9:20pm
An anonymous reader quotes a report from The Hacker News: Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and businesses using its service. Just two days ago, Viacom was found exposing the keys to its kingdom on an unsecured Amazon S3 server, and this data breach is yet another example of storing sensitive data on a misconfigured cloud server. The Kromtech Security Center was first to discover a wide-open, public-facing misconfigured Amazon Web Server (AWS) S3 cloud storage bucket containing a cache belonging to SVR that was left publicly accessible for an unknown period. Stands for Stolen Vehicle Records, the SVR Tracking service allows its customers to track their vehicles in real time by attaching a physical tracking device to vehicles in a discreet location, so their customers can monitor and recover them in case their vehicles are stolen. The leaked cache contained details of roughly 540,000 SVR accounts, including email addresses and passwords, as well as users' vehicle data, like VIN (vehicle identification number), IMEI numbers of GPS devices. The leaked database also exposed 339 logs that contained photographs and data about vehicle status and maintenance records, along with a document with information on the 427 dealerships that use SVR's tracking services.

Read more of this story at Slashdot.

Aw, not you too, Verizon: US telco joins list of leaky AWS S3 buckets

El Reg - Fri, 22/09/2017 - 8:45pm
Now is a good time to go check your own Amazon settings. It's OK, we'll wait

Yet another major company has burned itself by failing to properly secure its cloud storage instances. Yes, it's Verizon.…

Game Engine Powered Arcan Display Server With Durden Desktop Updated

Phoronix - Fri, 22/09/2017 - 8:40pm
Arcan, the open-source display server powered by a game engine, is out with a new release. Its Durden desktop environment has also been updated...

Oracle Announces Java SE 9 and Java EE 8

Slashdot - Fri, 22/09/2017 - 8:40pm
rastos1 writes: Oracle has announced the general availability of Java SE 9 (JDK 9), Java Platform Enterprise Edition 8 (Java EE 8) and the Java EE 8 Software Development Kit (SDK). JDK 9 is a production-ready implementation of the Java SE 9 Platform Specification, which was recently approved together with Java EE 8 in the Java Community Process (JCP). Java SE 9 provides more than 150 new features, including a new module system and improvements that bring more scalability, improved security, better performance management and easier development to the world's most popular programming platform.

Read more of this story at Slashdot.

Syndicate content