By timothy from Slashdot's little-cat-feet department
PC Magazine reports (as does Ars Technica
) that Apple this week has pushed its first automated security update
, to address critical flaws relating to Network Time Protocol
:The flaws were revealed last week by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute—the latter of which identified a number of potentially affected vendors, including FreeBSD Project, NTP Project, OmniTI, and Watchguard Technologies, Inc.
A number of versions of the NTP Project "allow attackers to overflow several buffers in a way that may allow malicious code to be executed," the Carnegie Mellon/DHS security bulletin said. ... The company's typical security patches come through Apple's regular software update system, and often require users to move through a series of steps before installing. This week's update, however, marks Cupertino's first implementation of its automated system, despite having introduced the function two years ago, Reuters said.Read Replies (0)
By timothy from Slashdot's big-enough-to-give-you-what-you-want department
An anonymous reader writes with this story at Ars Technica, excerpting: BT, Sky, and Virgin Media are hijacking people's web connections to force customers to make a decision about family-friendly web filters. The move comes as the December deadline imposed by prime minister David Cameron looms, with ISPs struggling to get customers to say yes or no to the controversial adult content blocks. The messages, which vary by ISP, appear during browser sessions when a user tries to access any website. BT, Sky,TalkTalk and Virgin Media are required to ask all their customers if they want web filters turned on or off, with the government saying it wants to create a "family friendly" Internet free from pornography, gambling, extreme violence and other content inappropriate for children. But the measures being taken by ISPs have been described as "completely unnecessary" and "heavy handed" by Internet rights groups. The hijacking works by intercepting requests for unencrypted websites and rerouting a user to a different page. ISPs are using the technique to communicate with all undecided customers. Attempting to visit WIRED.co.uk, for example, could result in a user being redirected to a page asking them about web filtering. ISPs cannot intercept requests for encrypted websites in the same way.Read Replies (0)
By timothy from Slashdot's ho-ho-ho-and-a-merry-old-hoax-except-it's-real-these-days department
Alek Komarnitsky, Colorado (and the Internet's) own Clark Griswold, has decided to retire as his own props master, programmer, best boy, and effects specialist. After 10 years of increasingly elaborate set-ups, Alek's decided to go out with a bang, with his largest-yet rooftop display of open-source powered, remotely controllable, internet-connected Christmas lights
. (This year, he even matches the fictional Griswold's 25,000 lights
, but truth tops fiction, with live webcams, animated props, and more.) We talked with Alek last year
, too; but now he's got a full decade's worth of reminiscing about his jest-made-real hobby as That Guy With the Lights, and some advice for anyone who'd like to take on a project like this.
Alek has managed to stay on good terms with his neighbors, despite the car and foot traffic that his display has drawn, and kept himself from serious harm despite a complex of minor, overlapping risks including ladders, squirrels, a fair amount of electricity and (the most dangerous, he says) wind. The lights are what the world sees, but the video capture and distribution to the vast online audience is an equal part of the work. Alek has learned a lot along the way about automation, logistics, wireless networking, and the importance of load balancing. It's always possible the lights will return in some form, or that someone will take up the mantle as Blinkenlights master, but this tail end of 2014 (and the first day of 2015) is your last good chance to tune in and help toggle some of those lights. (The display operates from 1700-2200 Mountain time.) Alternate Video Link
< article continued at Slashdot
>Read Replies (0)