By yaelk from Slashdot's programming-the-world department
snydeq writes: Stuffing bits in databases is boring, InfoWorld's Peter Wayner writes, so why not program everything around you? "The barrier between bits and atoms is disappearing, with programmers no longer confined to the virtual realm, in part thanks to the Internet of things becoming more real. Now we can do more than write ones and zeros to a disk: We can actually write code that tells a machine how to extrude, cut, bend, or morph atoms," Wayner writes in a survey of programming languages. "Rapidly developing domains such as autonomous cars, smart homes, intelligent office spaces, and mass customization require programmers to be savvy about how changes in data structures can lead to changes in objects. If the term "object-oriented programming" weren't already taken, it would be perfect."Read Replies (0)
By timothy from Slashdot's best-kind-of-angels department
blottsie writes: Over her career, Shari Steel has taken on United States Department of Justice, the National Security Agency, and the Federal Bureau of Investigation. She built the Electronic Frontier Foundation into an international powerhouse for protecting online rights. Today, she has a new mission, perhaps her heaviest challenge yet: Take the Internet's most powerful privacy tool mainstream. From the Daily Dot article linked, a hint of one reason that bringing Tor mainstream isn't straightforward:
At the heart of Tor's image problems are what's known as "hidden services" -- sites that are only accessible through the Tor network. Hidden services have been home to drug and gun marketplaces, child pornography forums, fraud and hacking sites, and sites where you can place bets on when a high-profile target may be assassinated. While the media tends to focus on the nefarious elements Tor enables, hidden services make up only about 1 percent of the Tor network, according to Steele, and are in no way operated by the Tor Project.
"I'm trying to teach everyone that we need to recognize that we are doing the work of the angels," Steele says. "What we are providing is really important and really great, and there happen to be uses that are residual that aren't what we're doing. We're not creating this for [illegal activity]. And OK, maybe it's being used for that, but that's not what we're about!"Read Replies (0)
By timothy from Slashdot's patched-upstream-that-is department
An anonymous reader writes: Today Google's online security team publicly disclosed a severe vulnerability in the Gnu C Library's DNS client. Due to the ubiquity of Glibc, this affects an astounding number of machines and software running on the internet, and raises questions about whether Glibc ought to still be the preferred C library when alternatives like musl are gaining maturity. As one example of the range of software affected, nearly every Bitcoin implementation is affected.
Reader msm1267 adds some information about the vulnerability, discovered independently by security researchers at Red Hat as well as at Google, which has since been patched: The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said today in its advisory. "A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches," Red Hat said in an advisory. It's likely that all Linux servers and web frameworks such as Rails, PHP and Python are affected, as well as Android apps running glibc.Read Replies (0)