By EditorDavid from Slashdot's Debian-debuts department
The Debian Project has been liveblogging today's release of Debian 9 (Stretch) using the Twitter hashtag #releasingstretch. Some of the announcements:
The oldstable suite (wheezy) has now been renamed to oldoldstableDebian jessie now been renamed to oldstable!The Debian stretch suites have now been renamed to stable!The draft debian-devel-announce post is ready, archive docs are being cleaned up
This release is named after that purple octopus in Toy Story 3, and more tantalizing tidbits of information keep appearing on Debian's micronews site:
At least 1436 people and 18 teams contributed to Debian in 2017Stretch has 25,357 source packages with 9,808,465 source filesThere were 13 different themes proposed to be the official Debian stretch theme Debian Stretch ships with the free mathematical software SageMath, you can install it with aptDuring the stretch development, 101 contributors became Debian Developers, and 94 more become Debian MaintainersDebian Stretch will ship with the first release of the Debian Astro Pure Blend [for astronomers] Debian Popularity Contest gathers anonymous statistics about Debian packages usage from about 195,000 reportsRead Replies (0)
By EditorDavid from Slashdot's end-times-for-end-user-license-agreements department
mikeatTB shares an article from TechRepublic:
Software engineers have largely failed at security. Even with the move toward more agile development and DevOps, vulnerabilities continue to take off... Things have been this way for decades, but the status quo might soon be rocked as software takes an increasingly starring role in an expanding range of products whose failure could result in bodily harm and even death. Anything less than such a threat might not be able to budge software engineers into taking greater security precautions. While agile and DevOps are belatedly taking on the problems of creating secure software, the original Agile Manifesto did not acknowledge the threat of vulnerabilities as a problem, but focused on "working software [as] the primary measure of progress..."
"People are doing exactly what they are being incentivized to do," says Joshua Corman, director of the Cyber Statecraft Initiative for the Atlantic Council and a founder of the Rugged Manifesto, a riff on the original Agile Manifesto with a skew toward security. "There is no software liability and there is no standard of care or 'building code' for software, so as a result, there are security holes in your [products] that are allowing attackers to compromise you over and over." Instead, almost every software program comes with a disclaimer to dodge liability for issues caused by the software. End-User License Agreements (EULAs) have been the primary way that software makers have escaped liability for vulnerabilities for the past three decades. Experts see that changing, however.
The article suggests incentives for security should be built into the development process -- with one security professional warning that in the future, "legal precedent will likely result in companies absorbing the risk of open source code."Read Replies (0)
By EditorDavid from Slashdot's real-world-problems department
An anonymous reader quotes Bloomberg:
Demand for digital coins is soaring in Venezuela amid an escalating political crisis that has protesters demanding that President Nicolas Maduro step down. Inflation has spiraled to the triple digits, debasing the bolivar and depleting savings, while citizens struggle to find everything from food to medicine on store shelves. "If you're going to be in something volatile, you might as well be in something that's volatile and rising than volatile and falling," says Ryan Taylor, chief executive officer of crypto currency Dash Core, the third-largest digital coin by number of transactions... Bitcoin trading volume in Venezuela jumped to $1.3 million this week, about double the amount that changed hands two months ago, according to LocalBitcoins.com...
Venezuela's currency has become nearly worthless in the black market, where it takes more than 6,000 bolivars to buy $1, while bitcoin surged 53 percent in the past month alone. But it's not just about shielding against the falling bolivar, as some Venezuelans are using crypto currencies to buy and sell everyday goods and services, according to Jorge Farias, the CEO of Cryptobuyer.Read Replies (0)
By EditorDavid from Slashdot's filtering-on-demand department
Last December VidAngel fought three Hollywood studios in court for the right to stream filtered versions of movies. Now fogez reports that "they have come up with a new tactic in their attempts to bring filtering choice into the streaming media equation. Instead of leveraging the legal loophole that landed them in court, VidAngel is now going to insert themselves as a filtering proxy for services like Netflix and Amazon." From the Hollywood Reporter:
Its new $7.99 per month service piggybacks on users' streaming accounts. Customers log into the VidAngel app, link it to their other accounts and then filter out the language, nudity and violence in that content to their heart's desire... "Out of the gate we'll be supporting Netflix and Amazon and HBO through Amazon channels," says Harmon, adding that Hulu, iTunes and Vudu will follow... Harmon says it remains to be seen if the studios will fight VidAngel's new platform, but his biggest concern is how Amazon and Netflix will respond. He says his company has reached out to the streamers, and he hopes they'll raise any concerns through conversation instead of litigation... "VidAngel's philosophy is very libertarian," he says. "Let directors create what they want, and let viewers watch how they want in their own home. That kind of philosophy respects the views of both parties." The original submission describes the conflict as a "freedom of choice versus Hollywood."Read Replies (0)
By EditorDavid from Slashdot's Alto-from-Palo-Alto department
An anonymous reader quotes Ars Technica:
Charles Thacker, one of the lead hardware designers on the Xerox Alto, the first modern personal computer, died of a brief illness on Monday. He was 74. The Alto, which was released in 1973 but was never a commercial success, was an incredibly influential machine... Thomas Haigh, a computer historian and professor at the University of Wisconsin, Milwaukee, wrote in an email to Ars, "Alto is the direct ancestor of today's personal computers. It provided the model: GUI, windows, high-resolution screen, Ethernet, mouse, etc. that the computer industry spent the next 15 years catching up to. Of course others like Alan Kay and Butler Lampson spent years evolving the software side of the platform, but without Thacker's creation of what was, by the standards of the early 1970s, an amazingly powerful personal hardware platform, none of that other work would have been possible."
In 1999 Thacker also designed the hardware for Microsoft's Tablet PC, "which was first conceived of by his PARC colleague Alan Kay during the early 1970s," according to the article. "I've found over my career that it's been very difficult to predict the future," Thacker said in a guest lecture in 2013. "People who tried to do it generally wind up being wrong."Read Replies (0)
By EditorDavid from Slashdot's warring-on-terror department
An anonymous reader quotes the New York Times:
It has been more than a year since the Pentagon announced that it was opening a new line of combat against the Islamic State, directing Cyber Command, then six years old, to mount computer-network attacks... "In general, there was some sense of disappointment in the overall ability for cyberoperations to land a major blow against ISIS," or the Islamic State, said Joshua Geltzer, who was the senior director for counterterrorism at the National Security Council until March. "This is just much harder in practice than people think..."
Even one of the rare successes against the Islamic State belongs at least in part to Israel, which was America's partner in the attacks against Iran's nuclear facilities. Top Israeli cyberoperators penetrated a small cell of extremist bombmakers in Syria months ago, the officials said. That was how the United States learned that the terrorist group was working to make explosives that fooled airport X-ray machines and other screening by looking exactly like batteries for laptop computers... The information helped prompt a ban in March on large electronic devices in carry-on luggage on flights from 10 airports in eight Muslim-majority countries to the United States and Britain.
Citing military officials, the Times also reports that "locking Islamic State propaganda specialists out of their accounts -- or using the coordinates of their phones and computers to target them for a drone attack -- is now standard operating procedure."Read Replies (0)
By BeauHD from Slashdot's significant-chunk-of-change department
An anonymous reader quotes a report from Ars Technica: In 2014, the U.S. Government Accountability Office issued a report on cost estimates for the U.S. Air Force's program to launch national security payloads, which at the time consisted of a fleet of rockets maintained and flown entirely by United Launch Alliance (ULA). The report was critical of the non-transparent nature of ULA's launch prices and noted that the government "lacked sufficient knowledge to negotiate fair and reasonable launch prices" with the monopoly. At around the same time, the new space rocket company SpaceX began to aggressively pursue the opportunity to launch national security payloads for the government. SpaceX claimed to offer a substantially lower price for delivering satellites into various orbits around Earth. But because of the lack of transparency, comparing prices was difficult. The Air Force recently released budget estimates for fiscal year 2018, and these include a run out into the early 2020s. For these years, the budget combines the fixed price rocket and ELC contract costs into a single budget line. (See page 109 of this document). They are strikingly high. According to the Air Force estimate, the "unit cost" of a single rocket launch in fiscal year 2020 is $422 million, and $424 million for a year later. SpaceX sells basic commercial launches of its Falcon 9 rocket for about $65 million. But, for military launches, there are additional range costs and service contracts that add tens of millions of dollars to the total price. It therefore seems possible that SpaceX is taking a loss or launching at little or no profit to undercut its rival and gain market share in the high-volume military launch market. Elon Musk retweeted the article, adding "$300M cost diff between SpaceX and Boeing/Lockheed exceeds avg value of satellite, so flying with SpaceX means satellite is basically free."Read Replies (0)
By BeauHD from Slashdot's no-level-safe department
According to an analysis released Thursday by the nonprofit advocacy group, the Environmental Defense Fund, twenty percent of 2,164 baby foods sampled between 2003 and 2013 by the Food and Drug Administration tested positive for lead. Ars Technica reports: Lead is a neurotoxin. Exposure at a young age can permanently affect a developing brain, causing lifelong behavioral problems and lower IQ. Though the levels in the baby food were generally below what the FDA considers unsafe, the agency's standards are decades old. The latest research suggests that there is no safe level of lead for children. Yet the Environmental Protection Agency this year has estimated that more than five percent of U.S. children (more than a million) get more than the FDA's recommended limit of lead from their diet. The products most often found to contain lead were fruit juices, root vegetable-based foods, and certain cookies, such as teething biscuits, the EDF reports. Oddly, the presence of lead was more common in baby foods than in the same foods marketed for adults. For instance, only 25 percent of regular apple juice tested positive for lead, while 55 percent of apple juices marketed for babies contained lead. Overall, only 14 percent of adult foods tested contained lead. The findings come from data collected in the FDA's annual survey of foods, called the Total Diet Survey, which the agency has run since the 1970s. Each year, the agency samples 280 types of foods from three different cities across the country, tracking nutrients, metals, pesticides, and other contaminants.Read Replies (0)
By BeauHD from Slashdot's cause-and-effect department
chicksdaddy writes from a report via The Security Ledger: After seeding the globe with hackable DVRs and webcams, Zhejiang Dahua Technology Co., Ltd. of Hangzhou, China will be working with the U.S. firm Synopsys to "enhance the security of its Internet of Things (IoT) devices and solutions." Dahua, based in Hangzhou, China said it will with Mountain View based Synopsys to "enhance the security of its Internet of Things (IoT) devices and solutions." In a joint statement, the companies said Dahua will be adopting secure "software development life cycle (SDLC) and supply chain" practices using Synopsys technologies in an effort to reduce the number of "vulnerabilities that can jeopardize our products," according to a statement attributed to Fu Liquan, Dahua's Chairman, The Security Ledger reports. Dahua's cameras and digital video recorders (DVRs) figured prominently in the Mirai botnet, which launched massive denial of service attacks against websites in Europe and the U.S., including the French web hosting firm OVH, security news site Krebsonsecurity.com and the New Hampshire based managed DNS provider Dyn. Cybercriminals behind the botnet apparently exploited an overflow vulnerability in the web interface for cameras and DVRs to gain access to the underlying Linux operating system and install the Mirai software, according to research by the firm Level3. In March, Dahua was called out for another, serious vulnerability in eleven models of video recorders and IP cameras. Namely: a back door account that gave remote attackers full control of vulnerable devices without the need to authenticate to the device. The flaw was first disclosed on the Full Disclosure mailing list and described as "like a damn Hollywood hack, click on one button and you are in."Read Replies (0)
By BeauHD from Slashdot's forecast-says department
Jess Shankleman reports via Bloomberg: Solar power, once so costly it only made economic sense in spaceships, is becoming cheap enough that it will push coal and even natural-gas plants out of business faster than previously forecast. That's the conclusion of a Bloomberg New Energy Finance outlook for how fuel and electricity markets will evolve by 2040. The research group estimated solar already rivals the cost of new coal power plants in Germany and the U.S. and by 2021 will do so in quick-growing markets such as China and India. The scenario suggests green energy is taking root more quickly than most experts anticipate. It would mean that global carbon dioxide pollution from fossil fuels may decline after 2026, a contrast with the International Energy Agency's central forecast, which sees emissions rising steadily for decades to come. The report also found that through 2040:
-China and India represent the biggest markets for new power generation, drawing $4 trillion, or about 39 percent all investment in the industry.
-The cost of offshore wind farms, until recently the most expensive mainstream renewable technology, will slide 71 percent, making turbines based at sea another competitive form of generation.
-At least $239 billion will be invested in lithium-ion batteries, making energy storage devices a practical way to keep homes and power grids supplied efficiently and spreading the use of electric cars.
-Natural gas will reap $804 billion, bringing 16 percent more generation capacity and making the fuel central to balancing a grid that's increasingly dependent on power flowing from intermittent sources, like wind and solar.Read Replies (0)