By Soulskill from
Slashdot's holes-in-legacy-code department:
An anonymous reader sends a report about
a new vulnerability found in open source virtualization software QEMU, which is run on hardware in datacenters around the world (
CVE-2015-3456). "The cause is a widely-ignored, legacy virtual floppy disk controller that, if sent specially crafted code, can crash the entire hypervisor. That can allow a hacker to break out of their own virtual machine to access other machines — including those owned by other people or companies." The vulnerable code is used in Xen, KVM, and VirtualBox, while VMware, Hyper-V, and Bochs are unaffected. "Dan Kaminsky, a veteran security expert and researcher, said in an email that the bug went unnoticed for more than a decade because almost nobody looked at the legacy disk drive system, which happens to be in almost every virtualization software." The vulnerability has been dubbed "Venom," for "
Virtualized Environment Neglected Operations Manipulation."
Read Replies (0)
By Soulskill from
Slashdot's now-only-incredibly-profitable-instead-of-ridiculously-profitable department:
mpicpp sends news that Verizon has agreed to pay
$90 million (PDF), and Sprint another
$68 million (PDF), to
settle claims that they placed unauthorized charges on their customers's bills. The process, known as "cramming," has already cost
T-Mobile and
AT&T settlements in the tens of millions as well. Most of the settlement money will go towards setting up refund programs, but Verizon and Sprint will be able to keep 30% and 35% of the fees they collected, respectively. In response to the news, both companies issued vague statements about "putting customers first." They are now banned from charging for premium text message services and must set up systems to ensure informed consent for third-party charges.
Read Replies (0)
By Soulskill from
Slashdot's not-enough-oxidation department:
An anonymous reader sends an article
taking a harsh look at Rust, the language created by Mozilla Research, and arguing that despite all the flaws of C and C++, the two older languages are likely to remain in heavy use for a long time to come. Here are a few of the arguments: "[W]hat actually makes Rust safe, by the way? To put it simple, this is a language with a built-in code analyzer and it's a pretty tough one: it can catch all the bugs typical of C++ and dealing not only with memory management, but multithreading as well. Pass a reference to an assignable object through a pipe to another thread and then try to use this reference yourself - the program just will refuse to compile. And that's really cool. But C++ too hasn't stood still during the last 30 years, and plenty of both static and dynamic analyzers supporting it have been released during this time."
Further, "Like many of new languages, Rust is walking the path of simplification. I can generally understand why it doesn't have a decent inheritance and exceptions, but the fact itself that someone is making decisions for me regarding things like that makes me feel somewhat displeased. C++ doesn't restrict programmers regarding what they can or cannot use." And finally, "I can't but remind you for one more time that the source of troubles is usually in humans, not technology . If your C++ code is not good enough or Java code is painfully slow, it's not because the technology is bad - it's because you haven't learned how to use it right. That way, you won't be satisfied with Rust either, but just for some other reasons."
Read Replies (0)
By Soulskill from
Slashdot's trying-to-print-a-better-stock-price department:
merbs sends an update on MakerBot, one of the most well known names in the 3D-printing industry. After its acquisition
by Stratasys in 2013,
defective parts plagued the company's printers in 2014. MakerBot co-founder and CEO Bre Pettis stepped down, and the company
laid off 20% of its employees. The new CEO, Jonathan Jaglom, is now
talking about how they're rebuilding MakerBot, and where we can expect it to go in the future. "The 39-year-old, Swiss-born Jaglom says that his priorities since taking over have been to dedicate more attention to customer support, to address the remaining fallout from the extruder problem, and to reorient the company to target its Replicators to the professional and educational markets."
Jaglom also envisions a sort of "iTunes for 3D printing," where people can easily buy designs online and print them out at home. He says, "I'll be sitting at home. Maybe something broke; maybe my glasses. Maybe I want to reprint it and I'll go to Oakley, Ray Ban, whatever, Philippe Starck in this case, download the file, pay $3.49 for it, and print it at home. And then you will have to go to your Kinko's or your Fab Labs, your local 3D printing, if you want it in metal or plastics you can't have at home."
Read Replies (0)
By Soulskill from
Slashdot's digital-is-different department:
SonicSpike writes with news of a ruling in U.S. District Court that
the seizure and search of a man's laptop without a warrant while he was in an airport during an international border crossing was not justified. According to
Judge Amy Jackson's ruling (PDF), the defendant was already the subject of an investigation when officials used his international flight as a pretext for rifling through his laptop. The government argued that a laptop was simply a "container," and thus subject to warrantless searches to protect the homeland. But the judge said the search "was supported by so little suspicion of ongoing or imminent criminal activity, and was so invasive of Kim's privacy and so disconnected from not only the considerations underlying the breadth of the government's authority to search at the border, but also the border itself, that it was unreasonable."
She also noted that laptop searches may require more stringent legal support, since they are capable of holding much more private information than a box or duffel bag. And while a routine search involves a quick look through a container, this search was quite different: "[T]he agents created an identical image of Kim's entire computer hard drive and gave themselves unlimited time to search the tens of thousands of documents, images, and emails it contained, using an extensive list of search terms, and with the assistance of two forensic software programs that organized, expedited, and facilitated the task."
Read Replies (0)