By EditorDavid from Slashdot's extending-an-embrace department
BrianFagioli quotes BetaNews: Today, Microsoft further pledges its loyalty to Linux and open source by becoming a platinum member of the Cloud Native Computing Foundation. If you aren't familiar, the CNCF is a part of the well-respected Linux Foundation (of which Microsoft is also a member). With the Windows-maker increasingly focusing its efforts on the cloud -- and profiting from it -- this seems like a match made in heaven. In fact, Dan Kohn, Executive Director of the foundation says, "We are honored to have Microsoft, widely recognized as one of the most important enterprise technology and cloud providers in the world, join CNCF as a platinum member." "CNCF is a part of the Linux Foundation, which helps govern for a wide range of cloud-oriented open source projects, such as Kubernetes, Prometheus, OpenTracing, Fluentd, Linkerd, containerd, Helm, gRPC, and many others," says John Gossman Azure Architect, Microsoft. "Since we joined the Linux Foundation last year, and now have decided to expand that relationship to CNCF membership as a natural next step to invest in open source communities and code at multiple levels, especially in the area of containers."
The announcement notes that Microsoft has already been contributing code to the Kubernetes project, "as well as running Kubernetes as part of the Azure Container Service."Read Replies (0)
By EditorDavid from Slashdot's clean-air-acts department
Here's how the Volkswagen emissions scandal ends in California -- and the rest of America. An anonymous reader quotes the Bay Area News Group:
In a decision with lasting implications for the growth of electric vehicles, state regulators on Thursday approved Volkswagen's plan to invest nearly $1 billion in California's EV network as penalty for its diesel-emission cheating scandal... San Jose and San Francisco are two of six cities slated for expanded community charging stations. A Volkswagen subsidiary, Electrify America, also will target low-income communities for at least 35 percent of the projects... The first phase calls for $120 million to build 400 charging stations with between 2,000 and 3,000 chargers. About $75 million will be used to develop a high-speed, highway charging network, mostly consisting of 150 kilowatt fast-chargers. The other $45 million will build community charging stations in six metro areas: San Jose, San Francisco, Sacramento, Fresno, Los Angeles and San Diego. Another $44 million will build a "Green City" in Sacramento. It will provide access to zero-emission vehicles to low-income residents, through ride-sharing and other programs. As part of the 10-year comprehensive plan, Electrify America will build a nationwide network of fast-charging stations with universal technology.
That nationwide network is expected to cost another $2 billion.Read Replies (0)
By EditorDavid from Slashdot's knowing-when-you've-been-bad-or-good department
An anonymous reader quotes Computerworld's article on the implications of New York City's plan to blanket the city with "smart" kiosks offering ultrafast Wi-Fi.
The existence of smart-city implementations like Intersection's LinkNYC means that New Yorkers won't actually need mobile contracts anymore. Most who would otherwise pay for them will no doubt continue to do so for the convenience. But those who could not afford a phone contract in the past will have ubiquitous fast connectivity in the future. This strongly erodes the digital divide within smart cities. A 2015 study conducted by New York City found that more than a quarter of city households had no internet connectivity at home, and more than half a million people didn't own their own computer...
Over the next 15 years, the city will go through the other two phases, where sensor data will be processed by artificial intelligence to gain unprecedented insights about traffic, environment and human behavior and eventually use it to intelligently re-direct traffic and shape other city functions... And as autonomous cars gradually roll out, New York will be well positioned to be one of the first cities to legalize them, because they'll be safer thanks to 5G, sensors and data from all those kiosks.
Intersection, a Google-backed startup, has already installed 1,000 of the kiosks in New York, and is planning to install 7,000 more. The sides of the kiosk have screens which show alerts and other public information -- as well as advertisements, which cover all the costs of the installations and even bring extra money into the city coffers.
New York's move "puts pressure on other U.S. cities to follow suit," the article also points out, adding that privacy policies "are negotiated agreements between the company and the city. So if a city wants to use those cameras and sensors for surveillance, it can."Read Replies (0)
By EditorDavid from Slashdot's secret-ballot-machines department
An anonymous reader quotes The Hill:
Hackers at at a competition in Las Vegas were able to successfully breach the software of U.S. voting machines in just 90 minutes on Friday, illuminating glaring security deficiencies in America's election infrastructure. Tech minds at the annual "DEF CON" in Las Vegas were given physical voting machines and remote access, with the instructions of gaining access to the software. According to a Register report, within minutes, hackers exposed glaring physical and software vulnerabilities across multiple U.S. voting machine companies' products. Some devices were found to have physical ports that could be used to attach devices containing malicious software. Others had insecure Wi-Fi connections, or were running outdated software with security vulnerabilities like Windows XP.
Though some of the machines were out of date, they were all from "major U.S. voting machine companies" like Diebold Nixorf, Sequoia Voting Systems, and WinVote -- and were purchased on eBay or at government auctions. One of the machines apparently still had voter registration data stored in plain text in an SQLite database from a 2008 election, according to event's official Twitter feed.
By Saturday night they were tweeting video of a WinVote machine playing Rick Astley's "Never Gonna Give You Up."Read Replies (0)
By EditorDavid from Slashdot's mass-producing-with-metal department
Big Hairy Ian shares an article from New Atlas: Desktop Metal -- remember the name. This Massachussetts company is preparing to turn manufacturing on its head, with a 3D metal printing system that's so much faster, safer and cheaper than existing systems that it's going to compete with traditional mass manufacturing processes... Plenty of design studios and even home users run desktop printers, but the only affordable printing materials are cheap ABS plastics. And at the other end of the market, while organizations like NASA and Boeing are getting valuable use out of laser-melted metal printing, it's a very slow and expensive process that doesn't seem to scale well.
But a very exciting company out of Massachusetts, headed by some of the guys who came up with the idea of additive manufacture in the first place, believes it's got the technology and the machinery to boost 3D printing into the big time, for real. Desktop Metal is an engineering-driven startup whose founders include several MIT professors, and Emanuel Sachs, who has patents in 3D printing dating back to the dawn of the field in 1989. The company has raised a ton of money in the last few months, including some US$115 million in a recent Series D round that brings total equity investments up over US$210 million. That money has come from big players, too, including Google Ventures... And if Desktop Metal delivers on its promises -- that it can make reliable metal printing up to 100 times faster, with 10 times cheaper initial costs and 20 times cheaper materials costs than existing laser technologies, using a much wider range of alloys -- these machines might be the tipping point for large scale 3D manufacturing.Read Replies (0)
By EditorDavid from Slashdot's don't-be-an-evil-app department
An anonymous reader quotes Ars Technica:
Google has expelled 20 Android apps from its Play marketplace after finding they contained code for monitoring and extracting users' e-mail, text messages, locations, voice calls, and other sensitive data. The apps, which made their way onto about 100 phones, exploited known vulnerabilities to root devices running older versions of Android.... As a result, the apps were capable of surreptitiously accessing sensitive data stored, sent, or received by at least a dozen other apps, including Gmail, Hangouts, LinkedIn, and Messenger. The now-ejected apps also collected messages sent and received by Whatsapp, Telegram, and Viber, which all encrypt data in an attempt to make it harder for attackers to intercept messages while in transit... To conceal their surveillance capabilities, the apps posed as utilities for cleaning unwanted files or backing up data.
Google reports that the malicious apps also had these functions:
Call recordingVOIP recordingRecording from the device microphoneLocation monitoringTaking screenshotsTaking photos with the device camera(s)Fetching device information and filesFetching user information (contacts, call logs, SMS, application-specific data)
12 hours later an antivirus provider reported two more Google Play apps could surreptitiously steal text messages by downloading a malicious plugin -- and that the apps had already been downloaded at least 100,000 times.Read Replies (0)
By EditorDavid from Slashdot's have-you-now-or-have-you-ever-used department
An anonymous reader quotes Reuters:
A U.S. congressional panel this week asked 22 government agencies to share documents on Moscow-based cyber firm Kaspersky Lab, saying its products could be used to carry out "nefarious activities against the United States," according to letters seen by Reuters. The requests made on Thursday by the U.S. House of Representatives Committee on Science, Space and Technology are the latest blow to the antivirus company, which has been countering accusations by U.S. officials that it may be vulnerable to Russian government influence... The committee "is concerned that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage, or other nefarious activities against the United States," wrote the panel's Republican chairman, Lamar Smith, in the letters... A committee aide told Reuters the survey was a "first step" designed to canvas the U.S. government and that more action may follow depending on the results.
Agencies contacted include both the Deparatment of Homeland Security and NASA. The committee wants to see internal risk assessments, plus a list of all systems using Kaspersky products and the names of government contractors using the software.Read Replies (0)
By EditorDavid from Slashdot's init-to-win-it department
Long-time Slashdot reader darkpixel2k shares a highlight from the Black Hat USA security conference. The Register reports:
The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year's ceremony in Las Vegas... The gongs are divided into categories, and nominations in each section are voted on by the hacker community... The award for best server-side bug went to the NSA's Equation Group, whose Windows SMB exploits were stolen and leaked online this year by the Shadow Brokers...
And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"
CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.Read Replies (0)
By EditorDavid from Slashdot's C-u-later department
An anonymous reader quotes InfoWorld:
Proponents of Rust, the language engineered by Mozilla to give developers both speed and memory safety, are stumping for the language as a long-term replacement for C and C++. But replacing software written in these languages can be a difficult, long-term project. One place where Rust could supplant C in the short term is in the traditionally C libraries used in other languages... [A] new spate of projects are making it easier to develop Rust libraries with convenient bindings to Python -- and to deploy Python packages that have Rust binaries.
The article specifically highlights these four new projects:
Rust-CPython - a set of bindings in Rust for the CPython runtime PyO3 - a basic way to write Rust software with bindings to Python in both directions. Snaek - lets developers create Rust libraries that are loaded dynamically into Python as needed, but don't rely on being linked statically against Python's runtime. Cookiecutter PyPackage Rust Cross-Platform Publish - simplifies the process of bundling Rust binaries with a Python library.Read Replies (0)
OpenMoko: Ten Years After
Posted by News Fetcher on July 29 '17 at 05:52 AM
By msmash from Slashdot's inside-story department
Michael Lauer, member of the core team at OpenMoko, a project that sought to create a family of open source mobile phones -- which included the hardware specs and the Linux-based OS -- has shared the inside story of what the project wanted to do and why it failed. From his blog post: For the 10th anniversary since the legendary OpenMoko announcement at the "Open Source in Mobile" (7th of November 2006 in Amsterdam), I've been meaning to write an anthology or -- as Paul Fertser suggested on #openmoko-cdevel -- an obituary. I've been thinking about objectively describing the motivation, the momentum, how it all began and -- sadly -- ended. I did even plan to include interviews with Sean, Harald, Werner, and some of the other veterans. But as with oh so many projects of (too) wide scope this would probably never be completed. As November 2016 passed without any progress, I decided to do something different instead. Something way more limited in scope, but something I can actually finish. My subjective view of the project, my participation, and what I think is left behind: My story, as OpenMoko employee #2. On top of that you will see a bunch of previously unreleased photos (bear with me, I'm not a good photographer and the camera sucked as well). [....] Right now my main occupation is writing software for Apple's platforms -- and while it's nice to work on apps using a massive set of luxury frameworks and APIs, you're locked and sandboxed within the software layers Apple allows you. I'd love to be able to work on an open source Linux-based middleware again. However, the sad truth is that it looks like there is no business case anymore for a truly open platform based on custom-designed hardware, since people refuse to spend extra money for tweakability, freedom, and security. Despite us living in times where privacy is massively endangered.Read Replies (0)
By msmash from Slashdot's gotcha department
An anonymous reader writes: Dutch Police is aggressively going after Dark Web vendors using data they collected from the recently seized Hansa Market. According to reports, police is using the Hansa login credentials to authenticate on other Dark Web portals, such as Dream. If vendors reused passwords, police take over the accounts and set up traps or map the sales of illegal products. Other crooks noticed the account hijacks because Dutch Police changed the PGP key for the hijacked accounts with their own, which was accidentally signed with the name "Dutch Police." The second method of operation spotted by the Dark Web community involves so-called "locktime" files that were downloaded from the Hansa Market before Dutch authorities shut it down on July 20. Under normal circumstances a locktime file is a simple log of a vendor's market transaction, containing details about the sold product, the buyer, the time of the sale, the price, and Hansa's signature. The files are used as authentication by vendors to request the release of Bitcoin funds after a sale's conclusion, or if the market was down due to technical reasons. Before the market went down, these locktime files were replaced with Excel files that contained a hidden image that would beacon back to police servers, exposing the vendor's real location. Dutch Police was able to do this because they took over Hansa servers on June 20 and operated the market for one more month, collecting data on vendors.Read Replies (0)