You are here

Agreguesi i feed

Apple Loses Ebook Price Fixing Appeal, Must Pay $450 Million

Slashdot.org - Mër, 01/07/2015 - 12:00pd
An anonymous reader writes: A federal appeals court ruled 2-1 today that Apple indeed conspired with publishers to increase ebook prices. The ruling puts Apple on the hook for the $450 million settlement reached in 2014 with lawyers and attorneys general from 33 states. The Justice Dept. contended that the price-fixing conspiracy raised the price of some e-books from the $10 standard set by Amazon to $13-$15. The one dissenting judge argued that Apple's efforts weren't anti-competitive because Amazon held 90% of the market at the time. Apple is unhappy with the ruling, but they haven't announced plans to take the case further. They said, "While we want to put this behind us, the case is about principles and values. We know we did nothing wrong back in 2010 and are assessing next steps."

Read more of this story at Slashdot.

Stanford Starts the 'Secure Internet of Things Project'

Slashdot.org - Mar, 30/06/2015 - 11:18md
An anonymous reader writes: The internet-of-things is here to stay. Lots of people now have smart lights, smart thermostats, smart appliances, smart fire detectors, and other internet-connect gadgets installed in their houses. The security of those devices has been an obvious and predictable problem since day one. Manufacturers can't be bothered to provide updates to $500 smartphones more than a couple years after they're released; how long do you think they'll be worried about security updates for a $50 thermostat? Security researchers have been vocal about this, and they've found lots of vulnerabilities and exploits before hackers have had a chance to. But the manufacturers have responded in the wrong way. Instead of developing a more robust approach to device security, they've simply thrown encryption at everything. This makes it temporarily harder for malicious hackers to have their way with the devices, but also shuts out consumers and white-hat researchers from knowing what the devices are doing. Stanford, Berkeley, and the University of Michigan have now started the Secure Internet of Things Project, which aims to promote security and transparency for IoT devices. They hope to unite regulators, researchers, and manufacturers to ensure nascent internet-connected tech is developed in a way that respects customer privacy and choice.

Read more of this story at Slashdot.

Amazon introduces new open-source TLS implementation 's2n'

LinuxSecurity.com - Mar, 30/06/2015 - 10:36md
LinuxSecurity.com: Unless you haven't been on the net for a year, you know Transport Layer Security/Secure Socket Layer (TLS/SSL) software, such as OpenSSL, have had numerous serious security problems. Now, Amazon, is introducing a new TLS implementation: "Signal to noise," s2n.

Georges Basile Stavracas Neto: GSoC: report #3

Planet GNOME - Mar, 30/06/2015 - 10:35md

During the last couple of week, the following points were achieved:

  • The list of recently connected servers is now correctly saved.
  • Initial work on keyboard support.
  • Some real research on how Nautilus will handle the new mocups.

Fortunately, my graduation is now totally finished. I was also accepted in the Mastering Course in Information Systems here at University of São Paulo (yay!). From now on, I’ll be fully committed to the Summer of Code project, and you guys will see much more updates :)

This week, I’ll:

  • Submit GtkPlacesView widget for review
  • Start serious hacking on Nautilus

Georges Basile Stavracas Neto: GSoC: report #3

Planet GNOME - Mar, 30/06/2015 - 10:35md

During the last couple of week, the following points were achieved:

  • The list of recently connected servers is now correctly saved.
  • Initial work on keyboard support.
  • Some real research on how Nautilus will handle the new mocups.

Fortunately, my graduation is now totally finished. I was also accepted in the Mastering Course in Information Systems here at University of São Paulo (yay!). From now on, I’ll be fully committed to the Summer of Code project, and you guys will see much more updates :)

This week, I’ll:

  • Submit GtkPlacesView widget for review
  • Start serious hacking on Nautilus

Cory Doctorow Talks About Fighting the DMCA (2 Videos)

Slashdot.org - Mar, 30/06/2015 - 10:27md
Wikipedia says, 'Cory Efram Doctorow (/kri dktro/; born July 17, 1971) is a Canadian-British blogger, journalist, and science fiction author who serves as co-editor of the blog Boing Boing. He is an activist in favour of liberalising copyright laws and a proponent of the Creative Commons organization, using some of their licenses for his books. Some common themes of his work include digital rights management, file sharing, and post-scarcity economics.' Timothy Lord sat down with Cory at the O'Reilly Solid Conference and asked him about the DMCA and how the fight against it is going. Due to management-imposed restraints on video lengths, we broke the ~10 minute interview into two parts, both attached to this paragraph. The transcript covers both videos, so it's your choice: view, read or listen to as much of this interview as you like.

Read more of this story at Slashdot.

White House Lures Mudge From Google To Launch Cyber UL

Slashdot.org - Mar, 30/06/2015 - 9:53md
chicksdaddy writes: The Obama Whitehouse has tapped famed hacker Peiter Zatko (aka "Mudge") to head up a new project aimed at developing an "underwriters' lab" for cyber security. The new organization would function as an independent, non-profit entity designed to assess the security strengths and weaknesses of products and publishing the results of its tests. Zatko is a famed hacker and security luminary, who cut his teeth with the Boston-based hacker collective The L0pht in the 1990s before moving on to work in private industry and, then, to become a program manager at the DARPA in 2010. Though known for keeping a low profile, his scruffy visage (circa 1998) graced the pages of the Washington Post in a recent piece that remembered testimony that Mudge and other L0pht members gave to Congress about the dangers posed by insecure software.

Read more of this story at Slashdot.

Microsoft To Sell Bing Maps, Advertising Sections

Slashdot.org - Mar, 30/06/2015 - 9:09md
UnknowingFool writes: Microsoft has announced that they will sell some Bing Maps technology to Uber and their advertising business to AOL. About 1,300 employees are expected to be offered positions in their new companies. CEO Nadella said previously that there would be "tough choices" to be made. Some outside analysts have said neither venture was very profitable for Microsoft and may have been unprofitable at times.

Read more of this story at Slashdot.

Test Pilot: the F-35 Can't Dogfight

Slashdot.org - Mar, 30/06/2015 - 8:26md
schwit1 sends this report from the War Is Boring column: A test pilot has some very, very bad news about the F-35 Joint Strike Fighter. The pricey new stealth jet can't turn or climb fast enough to hit an enemy plane during a dogfight or to dodge the enemy's own gunfire, the pilot reported following a day of mock air battles back in January. And to add insult to injury, the JSF flier discovered he couldn't even comfortably move his head inside the radar-evading jet's cramped cockpit. "The helmet was too large for the space inside the canopy to adequately see behind the aircraft." That allowed the F-16 to sneak up on him. The test pilot's report is the latest evidence of fundamental problems with the design of the F-35 — which, at a total program cost of more than a trillion dollars, is history's most expensive weapon. Your tax dollars at work.

Read more of this story at Slashdot.

Ask Slashdot: What To Do With Empty Toner Cartridges?

Slashdot.org - Mar, 30/06/2015 - 7:44md
New submitter MoarSauce123 writes: Over time I accumulated a number of empty toner cartridges for a Brother laser printer. Initially, I wanted to take a local office supply chain store up on their offer to give me store credit for the returned cartridge. For that credit to be issued I would have to sign up for their store card providing a bunch of personal information. The credit is so lousy that after the deduction from the sales price of a new toner cartridge the price is still much higher than from a large online retailer. And the credit only applies to one new cartridge, so I cannot keep collecting the credit and then get a cartridge 'for free' at some point. I also looked into a local store of a toner refill chain. Their prices are a bit better, but the closest store is about half an hour away with rather odd business hours. Still, at the end they charge more than the large online retailer asks for a brand new cartridge. For now I bring the empty cartridges to the big office supply store and tell them that I do not want their dumb store credit. I rather have big corp make some bucks on me than throw these things in the trash and have it go to a landfill. Are there any better options? Anything from donating it to charity to refilling myself is of interest.

Read more of this story at Slashdot.

What If You Could See Asteroids In the Night Sky?

Slashdot.org - Mar, 30/06/2015 - 7:20md
An anonymous reader writes: As part of Asteroid Day a 360-degree video rendering the night sky with the population of near-earth asteroids included has been created by 'Astronogamer' Scott Manley. The video shows how the Earth flies through a cloud of asteroids on its journey around the sun, and yet we've only discovered about 1% of the near earth asteroid population.

Read more of this story at Slashdot.

Interviews: Brian Krebs Answers Your Questions

Slashdot.org - Mar, 30/06/2015 - 7:00md
A few weeks ago you had a chance to ask Brian Krebs about security, cybercrime and what it's like to be the victim of Swatting. Below you will find his answers to your questions.

Read more of this story at Slashdot.

Nvidia Details 'Gameworks VR', Aims To Boost Virtual Reality Render Performance

Slashdot.org - Mar, 30/06/2015 - 6:18md
An anonymous reader writes: In a guest article published to Road to VR, Nvidia graphics programmer Nathan Reed details Nvidia's 'Gameworks VR' initiative which the company says is designed to boost virtual reality render performance, including support for 'VR SLI' which will render one eye view per GPU for low latency stereoscopy. While many Gameworks VR features will be supported as far back as GeForce 6xx cards, the company's latest 'Maxwell' (9xx and Titan X) GPUs offer 'Multi-projection' which Reed says, 'enables us to very efficiently rasterize geometry into multiple viewports within a single render target at once... This better approximates the shading rate of the warped image that will eventually be displayed—in other words, it avoids rendering a ton of extra pixels that weren't going to make it to the display anyway, and gives you a substantial performance boost for no perceptible reduction in image quality.'

Read more of this story at Slashdot.

Valentín Barros: F-Spot icon view decorations —and gtk-sharp compiled from development version

Planet GNOME - Mar, 30/06/2015 - 6:09md

With my last pull request, which you can see here, I'm trying to recover a few aesthetic features that was missing on F-Spot/gtk3, mainly the decorations of icon view mode thumbnails —date, tag icons and rating stars.

But the most interesting task I've accomplished last week was to investigate the reason of tons of weird GLib errors I was seeing when navigating through photos, just like this one:

Domain: 'GLib' Level: Critical
Message: Source ID 1915 was not found when attempting to remove it
Trace follows:
at GLib.Log.PrintTraceLogFunction(System.String domain, LogLevelFlags level, System.String message)
at GLib.Log.NativeCallback(IntPtr log_domain_native, LogLevelFlags flags, IntPtr message_native, IntPtr user_data)
at GLib.Source.g_source_remove(UInt32 )
at GLib.Source.Remove(UInt32 tag)
at GLib.Idle+IdleProxy.Dispose(Boolean disposing)
at GLib.Idle+IdleProxy.Finalize()

After some debugging I've found the source of the problem: One error message was being printed for each call to g_idle_add, so I decided to write two little programs to see if the error was with F-Spot or with something between gtk-sharp or GLib itself —and I've discarded F-Spot because my C# test program had exactly the same problem.

After searching the Web finding no more than complaints about the problem, but no solutions nor explanations about it, I've been able to understand the problem simply changing the return value of the callback function I was using to perform the tests: It looks like gtk-sharp glib bindings has an error in stable version that makes GLib complain about trying to double free a non existent source if the callback you passed to g_idle_add has returned false —since returning false makes GLib free that source, so it shouldn't be freed again.

So I've compiled and installed the git version of gtk-sharp and I've started seeing weird crashes in my test programs and also in F-Spot:

Unhandled Exception:
System.TypeInitializationException: An exception was thrown by the type initializer for FSpot.Utils.XdgThumbnailSpec ---> System.DllNotFoundException: libglib-2.0-0.dll
at (wrapper managed-to-native) GLib.Marshaller:g_malloc (uintptr)
at GLib.Marshaller.StringToPtrGStrdup (System.String str) [0x00000] in :0
at Hyena.SafeUri.FilenameToUri (System.String localPath) [0x00000] in /home/valentin/Escritorio/f-spot-sanva/external/Hyena/Hyena/Hyena/SafeUri.cs:88
at Hyena.SafeUri..ctor (System.String uri) [0x00047] in /home/valentin/Escritorio/f-spot-sanva/external/Hyena/Hyena/Hyena/SafeUri.cs:59
at FSpot.Utils.XdgThumbnailSpec..cctor () [0x00000] in /home/valentin/Escritorio/f-spot-sanva/src/Core/FSpot.Utils/XdgThumbnailSpec.cs:91
--- End of inner exception stack trace ---
at FSpot.Driver.Main (System.String[] args) [0x0006b] in /home/valentin/Escritorio/f-spot-sanva/src/Clients/MainApp/FSpot/main.cs:180
[ERROR] FATAL UNHANDLED EXCEPTION: System.TypeInitializationException: An exception was thrown by the type initializer for FSpot.Utils.XdgThumbnailSpec ---> System.DllNotFoundException: libglib-2.0-0.dll
at (wrapper managed-to-native) GLib.Marshaller:g_malloc (uintptr)
at GLib.Marshaller.StringToPtrGStrdup (System.String str) [0x00000] in :0
at Hyena.SafeUri.FilenameToUri (System.String localPath) [0x00000] in /home/valentin/Escritorio/f-spot-sanva/external/Hyena/Hyena/Hyena/SafeUri.cs:88
at Hyena.SafeUri..ctor (System.String uri) [0x00047] in /home/valentin/Escritorio/f-spot-sanva/external/Hyena/Hyena/Hyena/SafeUri.cs:59
at FSpot.Utils.XdgThumbnailSpec..cctor () [0x00000] in /home/valentin/Escritorio/f-spot-sanva/src/Core/FSpot.Utils/XdgThumbnailSpec.cs:91
--- End of inner exception stack trace ---
at FSpot.Driver.Main (System.String[] args) [0x0006b] in /home/valentin/Escritorio/f-spot-sanva/src/Clients/MainApp/FSpot/main.cs:180

In short, I've found this link and with the help of

ldconfig -p | grep 'libraryname'

I've been able to fix my system creating a symbolic link to every *.so file with the name Mono was expecting...

And now the GLib critical warnings are gone.

Shaun McCance: Mallard Documentation Sites With Pintail

Planet GNOME - Mar, 30/06/2015 - 5:54md

When we first designed Mallard, we designed it around creating documents: non-linear collections of pages about a particular subject. Documents are manageable and maintainable, and we’re able to define all of Mallard’s automatic linking within the confines of a document.

If you wanted to publish a set of Mallard documents on the web, you could build each of them individually with a tool like yelp-build, then output some extra navigation pages to help people find the right document. But there was no simple way to create those extra pages. What’s more, you couldn’t link between documents except by using external href links. Mallard’s automatic links are confined to documents.

Enter Pintail. Pintail lets you build entire web sites from Mallard sources. Just lay out your pages in the directory structure you like, and let Pintail build the site for you. Put full Mallard documents in their own directories, then use Mallard to create the extra navigation pages between them. Better still, you can use an extended xref syntax to refer to pages in other directories. Just include the path to the target page with slashes, like so:

<link xref="/about/learn/svg"/>

This isn’t just a simple link. You can use this in topic links and seealso links and anywhere else that Mallard lets you put an xref attribute. Pintail makes Mallard’s automatic linking work across multiple documents.

Pintail is designed to allow other formats to be used, so you could use it to build all your documentation in an environment where not everything is in one format. It already supports Mallard Ducktype as well as XML. But Mallard is the primary format.

One of the really nice features is that it can pull it documents in other git repositories, so you don’t have to keep all your documentation in a single source tree. In fact, the site in your main repository might be little more than glue pages and the pintail.cfg file that specifies where all the actual documentation lives.

Pintail builds the projectmallard.org web site right now, as well as a few other random sites I maintain. I hope it turns out to be useful for heavy Mallard users like GNOME, Ubuntu, and Endless. And I hope it makes Mallard easier for others who are considering using it.

No software is ever finished, but here are some of the top things I plan to add soon:

  •  Page merging: Mallard allows pages to be dropped into a document and seamlessly integrated into the navigation. Sometimes you want to publish a document with pages pulled from other places. For example, GNOME generally wants to publish GNOME Help with the optional Getting Started video pages merged in.
  • Translations: Mallard was designed from day one to be translator-friendly, and itstool ships with ITS rules for Mallard. I just need to hook the pieces together.
  • Search: An extensive documentation site needs configurable search. You often want to restrict search within a single document. Also, some documents (or versions of documents) shouldn’t appear in global search results.

What would you like to see a Mallard site tool do?

Cisco To Acquire OpenDNS

Slashdot.org - Mar, 30/06/2015 - 5:37md
New submitter Tokolosh writes: Both Cisco and OpenDNS announced today that the former is to acquire the latter. From the Cisco announcement: "To build on Cisco's advanced threat protection capabilities, we plan to continue to innovate a cloud delivered Security platform integrating OpenDNS' key capabilities to accelerate that work. Over time, we will look to unite our cloud-delivered solutions, enhancing Cisco's advanced threat protection capabilities across the full attack continuum—before, during and after an attack." With Cisco well-embedded with the US security apparatus (NSA, CIA, FBI, etc.) is it time to seek out alternatives to OpenDNS?

Read more of this story at Slashdot.

Richard Hughes: Parsing Option ROM Firmware

Planet GNOME - Mar, 30/06/2015 - 5:27md

A few weeks ago an issue was opened on fwupd by pippin. He was basically asking for a command to return all the hashes of the firmwares installed on his hardware, which I initially didn’t really see the point of doing. However, after doing a few hours research about all the malware that can hide in VBIOS for graphics cards, option ROM in network cards, and keyboard matrix EC processors I was suitably worried also. I figured fixing the issue was a good idea. Of course, malware could perhaps hide itself (i.e. hiding in an unused padding segment and masking itself out on read) but this at least raises the bar from a security audit point of view, and is somewhat easier than opening the case and attaching a SPI programmer to the chip itself.

Fast forward a few nights. We can now verify ATI, NVIDIA, INTEL and ColorHug firmware. I’ve not got any other hardware with ROM that I can read from userspace, so this is where I need your help. I need willing volunteers to compile fwupd from git master (or rebuild my srpm) and then run:

cd fwupd/src find /sys/devices -name rom -exec sudo ./fwupdmgr dump-rom {} \;

All being well you should see something like this:

/sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/rom -> f21e1d2c969dedbefcf5acfdab4fa0c5ff111a57 [Version: 013.012.000.019.000000]

If you see something just that, you’re not super helpful to me. If you see Error reading from file: Input/output error then you’re also not so helpful as the kernel module for your hardware is exporting a rom file and not hooking up the read vfuncs. If you get an error like Failed to detect firmware header [8950] or Firmware version extractor not known then you’ve just become interesting. If that’s you, can you send the rom file to richard_at_hughsie.com as an attachment along with any details you know about the hardware. Thanks!

Richard.

RFC 7568 Deprecates SSLv3 As Insecure

Slashdot.org - Mar, 30/06/2015 - 4:55md
AmiMoJo writes: SSLv3 should not be used, according to the IETF's RFC 7568. Despite being replaced by three versions of TLS, SSLv3 is still in use. Clients and servers are now recommended to reject requests to use SSLv3 for secure communication. "SSLv3 Is Comprehensively Broken," say the authors, and lay out its flaws in detail.

Read more of this story at Slashdot.

Christian Schaller: Protected: Fedora Workstation next steps : Introducing Pinos

Planet GNOME - Mar, 30/06/2015 - 4:35md

This content is password protected. To view it please enter your password below:

Password:

UK Researchers Find IPv6-Related Data Leaks In 11 of 14 VPN Providers

Slashdot.org - Mar, 30/06/2015 - 4:14md
jan_jes writes: According to researchers at Queen Mary University of London, services used by hundreds of thousands of people in the UK to protect their identity on the web are vulnerable to leaks. The study of 14 popular VPN providers found that 11 of them leaked information about the user because of a vulnerability known as 'IPv6 leakage'. The leakage occurs because network operators are increasingly deploying a new version of the protocol used to run the Internet called IPv6. The study also examined the security of various mobile platforms when using VPNs and found that they were much more secure when using Apple's iOS, but were still vulnerable to leakage when using Google's Android. Similarly Russian researchers have exposed the breakthrough U.S. spying program few months back. The VPNs they tested certainly aren't confined to the UK; thanks to an anonymous submitter, here's the list of services tested: Hide My Ass, IPVanish, Astrill, ExpressVPN, StrongVPN, PureVPN, TorGuard, AirVPN, PrivateInternetAccess, VyprVPN, Tunnelbear, proXPN, Mullvad, and Hotspot Shield Elite.

Read more of this story at Slashdot.

Faqet

Subscribe to AlbLinux agreguesi