By EditorDavid from Slashdot's stop-button department
Microsoft's announced they'll discontinue "individual patches" for Windows 7 and 8.1 (as well as Windows Server 2008 R2, 2012, and 2012 R2). Instead they'll have monthly "cumulative" rollups of each month's patches, and while there will be a separate "security-only" bundle each month, "individual patches will no longer be available." This has one anonymous Slashdot reader asking what's the alternative:
We've read about the changes coming to Windows Update in October 2016... But what happens when it's time to wipe and reload the OS? Or what about installing Windows on different hardware? Admittedly, there are useful non-security updates worth having, but plenty to avoid (e.g. telemetry).
How does one handle this challenge? Set up a personal WSUS box before October to sync all desired updates through October 2016? System images can work if you don't change primary hardware, but what if you do? Or should one just bend the knee to Microsoft...?
Should they use AutoPatcher? Switch to Linux? Or just disconnect their Windows boxes from the internet... Leave your answers in the comments. How do you plan to handle Microsoft's new 'cumulative' Windows Updates?Read Replies (0)
By EditorDavid from Slashdot's stupid-passwords department
The five most common ways of hacking an organization all involve stolen credentials, "based on data from 75 organizations, 100 penetration tests, and 450 real-world attacks," writes an anonymous Slashdot reader. In fact, 66% of the researchers' successful attacks involved cracking a weak domain user password. From an article on Dark Reading:
Playing whack-a-mole with software vulnerabilities should not be top of security pros' priority list because exploiting software doesn't even rank among the top five plays in the attacker's playbook, according to a new report from Praetorian. Organizations would be far better served by improving credential management and network segmentation...
"If we assume that 1 percent [of users] will click on the [malicious] link, what will we do next?" says Joshua Abraham, practice manager at Praetorian. The report suggests specific mitigation tactics organizations should take in response to each one of these attacks -- tactics that may not stop attackers from stealing credentials, but "building in the defenses so it's really not a big deal if they do"... [O]ne stolen password should not give an attacker (or pen tester) the leverage to access an organization's entire computing environment, exfiltrating all documents along the way.
Similar results were reported in Verizon's 2016 Data Breach Investigations Report.Read Replies (0)
By EditorDavid from Slashdot's money-of-the-future department
It's "an epic sci-fi adventure about the human race's journey into a theoretical technological Singularity." Or is it an "entertainment industry boondoggle...part DRM snake oil marketing, part pseudo-Bitcoin scam and part sincere Singularitarian weirdness?"
Long-term Slashdot reader David Gerard writes:
SingularDTV is an exciting new blockchain-based entertainment industry startup. Their plan is to adapt the DRM that made $121.54 for Imogen Heap, make their own completely pre-mined altcoin and use that to somehow sell two million views of a sci-fi TV show about the Singularity. Using CODE, which is explicitly modeled on The DAO ... which spectacularly imploded days after its launch. There's a white paper [PDF], but here's an analysis of why these schemes are a terrible idea for musicians.
'Singular' will be a one-hour adventure/drama "that explores the impact technology will have on the future of our planet and how it will shape the evolution of our human race," set in the years 2021 to 2045, "as an unprecedented technological revolution sweeps over the world..."Read Replies (0)
By EditorDavid from Slashdot's tweet-terminators department
Twitter just began rolling out "new ways to control your experience," promising the two new features "will give you more control over what you see and who you interact with on Twitter." An anonymous Slashdot reader quotes a report from Wired UK:
First up, notification settings will allow those using Twitter on the web or on desktop to limit the notifications they receive for @ mentions, RTs, and other interactions to just be from people they follow. The feature can be turned on through the notifications tab. Twitter is also expanding its quality filter -- also accessible through notifications. "When turned on, the filter can improve the quality of Tweets you see by using a variety of signals, such as account origin and behavior," the company's product manager Emil Leong said in a blog post.
In December 2015, the company changed its rules to explicitly ban "hateful conduct" for the first time, while back in February last year, Twitter's then-CEO Dick Costolo admitted the network needed to improve how it handled trolls and abuse. In a leaked memo he said: "I'm frankly ashamed of how poorly we've dealt with this issue during my tenure as CEO. It's absurd. There's no excuse for it. I take full responsibility for not being more aggressive on this front. It's nobody else's fault but mine, and it's embarrassing."
Meanwhile, the Twitter account of Wikipedia co-founder Jimmy Wales was hacked on Saturday.Read Replies (0)
By EditorDavid from Slashdot's speaking-of-KDE department
An anonymous Slashdot reader quotes a report from fossBytes:
Linux Mint 18 'Sarah' KDE Edition Beta is now available for download and testing. This release is based on the long-term supported Linux 4.4 kernel and KDE Plasma 5.6 desktop environment. The final release of this widely popular distro is expected to arrive in September... Just like MATE, Cinnamon, and Xfce releases, the KDE release is a long term release that will remain supported until 2021.
Linux Mint 18 'Sarah' KDE Edition ships with Mozilla Firefox as default web browser and LibreOffice as the default office suite. The Linux distro also features a wide range of popular KDE apps like Kontact, Dolphin, Gwenview, KMail, digiKam, KTorrent, Skanlite, Konversation, K3b, Konsole, Amarok, Ark, Kate, Okular, and Dragon Player.
"Unlike other Linux Mint editions, the KDE edition will ship with the SDDM display manager," reports the Linux Mint blog. Distrowatch notes that it's based on Ubuntu 16.04, and suggests "Mint's 'KDE' flavour might turn out to be the most interesting of the bunch, especially if the project's usually excellent quality assurance is applied to this edition in the same manner as in its 'MATE' and 'Cinnamon' variants."Read Replies (0)
By EditorDavid from Slashdot's angry-in-India department
"It is official now. The punishment for rape is actually less..." writes an anonymous Slashdot reader, who adds that "Some users think that this is all the fault of Bollywood/Hollywood movie studios. They are abusing power, court and money..." India Today reports:
The Indian government, with the help of internet service providers, and presumably under directives of court, has banned thousands of websites and URLs in the last five odd years. But until now if you somehow visited these "blocked URLs" all was fine. However, now if you try to visit such URLs and view the information, you may get a three-year jail sentence as well as invite a fine...
This is just for viewing a torrent file, or downloading a file from a host that may have been banned in India, or even for viewing an image on a file host like Imagebam. You don't have to download a torrent file, and then the actual videos or other files, which might have copyright. Just accessing information under a blocked URL will land you in jail and leave your bank account poorer.
While it's not clear how this will be enforced, visiting a blocked URL in India now leads to a warning that "Viewing, downloading, exhibiting or duplicating an illicit copy of the contents under this URL is punishable as an offence under the laws of India, including but not limited to under Sections 63, 63-A, 65 and 65-A of the Copyright Act, 1957 which prescribe imprisonment for 3 years and also fine of up to Rs. 3,00,000..."Read Replies (0)
By EditorDavid from Slashdot's plug-and-play-robot-brains department
Intel demoed their new robotics compute module this week. Scheduled for release in 2017, it's equipped with various sensors, including a depth-sensing camera, and it runs Ubuntu on a quad-core Atom. Slashdot reader DeviceGuru writes:
Designed for researchers, makers, and robotics developers, the device is a self contained, candy-bar sized compute module ready to pop into a robot. It's augmented with a WiFi hotspot, Bluetooth, GPS, and IR, as well as proximity, motion, barometric pressure sensors. There's also a snap-on battery. The device is preinstalled with Ubuntu 14.04 with Robot Operating System (ROS) Indigo, and can act as a supervisory processor to, say, an Arduino subsystem that controls a robot's low-level functions. Intel demoed a Euclid driven robot running an obstacle avoidance and follow-me tasks, including during CEO Brian Krzanich's keynote (YouTube video). Intel says they'll also release instructions on how to create an accompanying robot with a 3D printer. This plug-and-play robotics module is a proof-of-concept device -- the article includes some nice pictures -- but it already supports programming in Node.js (and other high-level languages), and has a web UI that lets you monitor performance in real-time and watch the raw camera feeds.Read Replies (0)
By EditorDavid from Slashdot's crimes-from-the-future department
The U.S. will phase out private prisons, a move made possible by fewer and shorter sentences for drug offenses, reports the BBC. But when it comes to reducing arrests for violent crimes, police officers in Chicago found themselves resorting ineffectively to a $2 million algorithm which ultimately had them visiting people before any crime had been committed. schwit1 quotes Ars Technica: Struggling to reduce its high murder rate, the city of Chicago has become an
incubator for experimental policing techniques. Community policing, stop and frisk, "interruption" tactics --- the city has tried many strategies. Perhaps most controversial and promising has been the city's futuristic "heat list" -- an algorithm-generated list identifying people most likely to be involved in a shooting.
The hope was that the list would allow police to provide social services to people in danger, while also preventing likely shooters from picking up a gun. But a new report from the RAND Corporation shows nothing of the sort has happened. Instead, it indicates that the list is, at best, not even as effective as a most wanted list. At worst, it unnecessarily targets people for police attention, creating a new form of profiling.
The police argue they've updated the algorithm and improved their techniques for using it. But the article notes that the researchers began following the "heat list" when it launched in 2013, and "found that the program has saved no lives at all."Read Replies (0)
By EditorDavid from Slashdot's talking-Turkey department
Slashdot reader mirandakatz writes:
In releasing an unredacted database of emails from the Turkish party AKP, WikiLeaks exposed the public to a collection of malware -- and even after a Bulgarian security expert pointed this out publicly, the organization only removed the select pieces of malware that he identified, leaving well over a thousand malicious files on the site.
That AKP leak also included the addresses and other personal details of millions of Turkish women, not unlike the recent DNC leak, which included the personal data of many private individuals. WikiLeaks says this is all in the name of its "accuracy policy," but the organization seems to be increasingly putting the public at risk.
The article opens with the question, "What the hell happened to WikiLeaks?" then argues that "Once an inspiring effort at transparency, WikiLeaks now seems more driven by personal grudges and reckless releases of information..."Read Replies (0)
By EditorDavid from Slashdot's revenge-of-the-fake-ransomware department
An anonymous reader writes: A trojan that targeted Drupal sites on Linux servers last May that was incredibly simplistic and laughable in its attempt to install (and fail) web ransomware on compromised websites, has now received a major update and has become a top threat on the malware scene. That trojan, named Rex, has evolved in only three months into an all-around threat that can: (1) compromise servers and devices running platforms like Drupal, WordPress, Magento, Jetspeed, Exarid, AirOS; (2) install cryptocurrency mining in the background; (3) send spam; (4) use a complex P2P structure to manage its botnet; and (5) install a DDoS agent which crooks use to launch DDoS attacks. Worse is that they use their DDoS capabilities to extort companies. The crooks send emails to server owners announcing them of 15-minute DDoS tests, as a forewarning of future attacks unless they pay a ransom. To scare victims, they pose as a known hacking group named Armada Collective. Other groups have used the same tactic, posing as Armada Collective, and extorting companies, according to CloudFlare.Read Replies (0)
Ask Slashdot: Is KDE Dying?
Posted by News Fetcher on August 20 '16 at 08:07 PM
By EditorDavid from Slashdot's demise-of-desktop-development? department
A long-time loyal KDE user "always felt that it was the more complete and integrated of the many Linux desktop environments...thus having the most potential to win over new Linux converts." And while still using KDE exclusively without any major functional issues, now Slashdot reader fwells shares concerns about the future of desktop development, along with a personal opinion -- that KDE is becoming stale and stagnant:
KDE-Look.org, once a fairly vibrant and active contributory site, has become a virtual ghost town... Various core KDE components and features are quite broken and have been so for some time... KDEPIM/KMail frankly seems targeted specifically at the poweruser, maintaining over many years its rather plain and arguably retro interface. The Konqueror web browser has been a virtual carcass for several years, yet it mysteriously remains an integral component...
So, back to my opening question... Is KDE Dying? Has innovation and development evaporated in a development world dominated by the mobile device? And, if so, can it be reinvigorated? Will the pendulum ever swing back? Can it? Should it?
The original submission has some additional thoughts on Windows 10 and desktop development -- but also specific complaints about KDE's Recent Items/Application Launcher History and the KDE theming engine (which "seems disjointed and rather non-intuitive".) The argument seems to be that KDE lacks curb appeal to fulfill that form-over-function preference of the larger community of users, so instead it's really retaining the practical appeal of "my 12 year old Chevy truck, feature rich for its time... Solid and reliable, but definitely starting to fade and certainly lacking some modern creature comforts."
So leave your own thoughts in the comments. Does desktop development need to be reinvigorated in a world focused on mobile devices -- and if so, what is its future? And is KDE slowly dying?Read Replies (0)
By EditorDavid from Slashdot's bandits-vs-bandwidth department
Long-time Slashdot reader coondoggie quotes an article from Network World: The FBI today said it released a new application making it easier for the public -- as well as financial institutions, law enforcement agencies, and others -- to view photos and information about bank robberies in different geographic areas of the country.
The FBI's new "Bank Robbers" application runs on both Android and iOS, according to the article, "and lets users sort bank robberies by the date they occurred, the category they fall under (i.e., armed serial bank robber), the FBI field office working the case, or the state where the robbery occurred." The app ties into BankRobbers.fbi.gov, which overlays FBI information about bank robberies onto Google Maps.
The app's users "can also select push notifications to be informed when a bank robbery has taken place near their location," according to the FBI's site, which adds innocently that
"If the location services on your device are enabled, you can view a map that shows the relevant bank robberies that took place in your geographic area..."Read Replies (0)