For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Security

UK Researchers Find IPv6-Related Data Leaks In 11 of 14 VPN Providers 65 65

jan_jes writes: According to researchers at Queen Mary University of London, services used by hundreds of thousands of people in the UK to protect their identity on the web are vulnerable to leaks. The study of 14 popular VPN providers found that 11 of them leaked information about the user because of a vulnerability known as 'IPv6 leakage'. The leakage occurs because network operators are increasingly deploying a new version of the protocol used to run the Internet called IPv6. The study also examined the security of various mobile platforms when using VPNs and found that they were much more secure when using Apple's iOS, but were still vulnerable to leakage when using Google's Android. Similarly Russian researchers have exposed the breakthrough U.S. spying program few months back. The VPNs they tested certainly aren't confined to the UK; thanks to an anonymous submitter, here's the list of services tested: Hide My Ass, IPVanish, Astrill, ExpressVPN, StrongVPN, PureVPN, TorGuard, AirVPN, PrivateInternetAccess, VyprVPN, Tunnelbear, proXPN, Mullvad, and Hotspot Shield Elite.
Open Source

Ask Slashdot: Choosing the Right Open Source License 157 157

NicknamesAreStupid writes: I need to choose an open source license. I am developing an open source iOS application that use a significant number of other open source projects which, in turn, use a number of different open source licenses such as MPL/GPL, MIT, and BSD. I am also using sample code from Apple's developer site, which has their own terms of use. The code dependencies are such that my code would not be of much use without theirs. If this project is used, then it would be nice to pick a license that best fits in with this mashup. I am interested in maintaining the freedom of my code but do not want to create a catch-22 or make life hard for people who need to use this project for personal use or profit. My inclination is to use MIT's, as I have done so before. I asked an IP lawyer about this matter, and she replied (pro bono), "it probably doesn't matter." Of course, that advice was worth every penny. Moving away from legal issues and looking at this from a social perspective, which license would appeal most and offend least? I thought about no license but was warned (pro bono), "If you do not, then someone else may." Any suggestions?
Microsoft

Is Microsoft's .NET Ecosystem On the Decline? 250 250

Nerval's Lobster writes: In a posting that recently attracted some buzz online, .NET developer Justin Angel (a former program manager for Silverlight) argued that the .NET ecosystem is headed for collapse—and that could take interest in C# along with it. "Sure, you'll always be able to find a job working in C# (like you would with COBOL), but you'll miss out on customer reach and risk falling behind the technology curve," he wrote. But is C# really on the decline? According to Dice's data, the popularity of C# has risen over the past several years; it ranks No. 26 on Dice's ranking of most-searched terms. But Angel claims he pulled data from Indeed.com that shows job trends for C# on the decline. Data from the TIOBE developer interest index mirrors that trend, he said, with "C# developer interest down approximately 60% down back to 2006-2008 levels." Is the .NET ecosystem really headed for long-term implosion, thanks in large part to developers devoting their energies to other platforms such as iOS and Android?
Open Source

Reasons To Use Mono For Linux Development 355 355

Nerval's Lobster writes: In the eleven years since Mono first appeared, the Linux community has regarded it with suspicion. Because Mono is basically a free, open-source implementation of Microsoft's .NET framework, some developers feared that Microsoft would eventually launch a patent war that could harm many in the open-source community. But there are some good reasons for using Mono, developer David Bolton argues in a new blog posting. Chief among them is MonoDevelop, which he claims is an excellent IDE; it's cross-platform abilities; and its utility as a game-development platform. That might not ease everybody's concerns (and some people really don't like how Xamarin has basically commercialized Mono as an iOS/Android development platform), but it's maybe enough for some people to take another look at the platform.
United States

Is Surespot the Latest Crypto War Victim? 26 26

George Maschke writes: Patrick G. Eddington writes in a Christian Science Monitor op-ed about indications that the government may be snooping on users of Surespot, a free and open source encrypted messaging app for Android and iOS. Such users include, but are hardly limited to, Islamic State militants. He writes in the piece: "Has encrypted chat service Surespot been compromised by the US government? Surespot user and former Army intelligence officer George Maschke recently published a provocative theory suggesting the answer is yes. Mr. Maschke’s key pieces of evidence are intriguing. In May 2014, he e-mailed 2Fours LLC, which is Surespot’s parent company, asking whether the company had ever received a National Security Letter (NSL), a court order to provide information, or other government request to cooperate in an investigation. He was assured in writing that 2Fours had received no such requests. That changed in November 2014, when Surespot’s founder, Adam Patacchiola, told Maschke via e-mail that 'we have received an e-mail asking us how to submit a subpoena to us which we haven’t received yet.'"
Security

Researchers Find Major Keychain Vulnerability in iOS and OS X 78 78

An anonymous reader notes a report from El Reg on a major cross-app resource vulnerability in iOS and Mac OS X. Researchers say it's possible to break app sandboxes, bypass App Store security checks, and crack the Apple keychain. The researchers wrote, "specifically, we found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by [malware] to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote. Further, the design of the App sandbox on OS X was found to be vulnerable, exposing an app’s private directory to the sandboxed malware that hijacks its Apple Bundle ID. As a result, sensitive user data, like the notes and user contacts under Evernote and photos under WeChat, have all been disclosed. Fundamentally, these problems are caused by the lack of app-to-app and app-to-OS authentications." Their full academic paper (PDF) is available online, as are a series of video demos. They withheld publication for six months at Apple's request, but haven't heard anything further about a fix.
Businesses

Apple Will Pay More To Streaming Music Producers Than Spotify -- But Not Yet 141 141

Reader journovampire supplies a link to Music Business Worldwide (based on a re/code report) that says Apple's new Apple Music service, after a trial period during which the company has refused to pay royalties, is expected to pay a bit more than 70 percent of its subscription revenue out to the companies supplying it, rather than the 58 percent that some in the music industry had feared. Notes journovampire: "If 13% of iOS device users in the world paid $9.99-per-month for Apple Music, it would generate more cash each year than the entire recorded music biz manages right now."
Businesses

US Navy Solicits Zero Days 59 59

msm1267 writes: The US Navy posted a RFP, which has since removed from FedBizOpps.gov, soliciting contractors to share vulnerability intelligence and develop zero day exploits for most of the leading commercial IT software vendors. The Navy said it was looking for vulnerabilities, exploit reports and operational exploit binaries for commercial software, including but not limited to Microsoft, Adobe, [Oracle] Java, EMC, Novell, IBM, Android, Apple, Cisco IOS, Linksys WRT and Linux, among others. The RFP seemed to indicate that the Navy was not only looking for offensive capabilities, but also wanted use the exploits to test internal defenses.The request, however, does require the contractor to develop exploits for future released CVEs. "Binaries must support configurable, custom, and/or government owned/provided payloads and suppress known network signatures from proof of concept code that may be found in the wild," the RFP said.
Advertising

iOS 9 To Have Ad Blocking Capabilities 161 161

An anonymous reader writes: iOS 9 will reportedly carry ad blocking capabilities for it's Safari browser when it is released later this year. The feature wasn't rolled out with the usual fanfare one might expect, and flew under the radar. ZDNet reports: "It's not immediately clear why the new ad-blocking privacy feature was included in iOS 9, due out later this year. After all, the iPhone and iPad maker has its own advertising network -- even if its success was limited (which is putting it nicely). What's clear is that allowing ad-blockers in iOS 9 could deliver a serious blow to Google, the biggest rival to Apple in the mobile space, because advertising remains a massive portion of the search giant's income."
IOS

WWDC 2015 Roundup 415 415

Here's an overview of the main announcements and new products unveiled at WWDC today.
  • The latest OS X will be named OS X El Capitan. Features include: Natural language searches and auto-arrange windows. You can make the cursor bigger by shaking the mouse and pin sites in Safari now. 1.4x faster than Yosemite. Available to developers today, public beta in July, out for free in the fall.
  • Metal, the graphics API is coming to Mac. "Metal combines the compute power of OpenCL and the graphics power of OpenGL in a high-performance API that does both." Up to 40% greater rendering efficiency.
  • iOS 9: New Siri UI. There’s an API for search. Siri and Spotlight are getting more integrated. Siri getting better at prediction with a far lower word error rate. You can make checklists, draw and sketch inside of Notes. Maps gets some love. New app called News "We think this offers the best mobile reading experience ever." Like Flipboard it pulls in news articles from your favorite sites. HomeKit now supports window shades, motion sensors, security systems, and remote access via iCloud. Public Beta for iOS 9.
  • Apple Pay: All four major credit card companies and over 1 million locations supporting Apple Pay as of next month. Apple Pay reader developed by Square, for peer-to-peer transactions. Apple Pay coming to the UK next month support in 250,000 locations including the London transportation system. Passbook is being renamed "Wallet."
  • iPad: Shortcuts for app-switching, split-screen multitasking and QuickType. Put two fingers down on the keyboard and it becomes a trackpad. Side by side apps. Picture in picture available on iPad Air and up, Mini 2 and up.
  • CarPlay: Now works wirelessly and supports apps by the automaker.
  • Swift 2,the latest version of Apple’s programing language . Swift will be open source.
  • The App Store: Over 100 billion app downloads, and $30 billion paid to developers.
  • Apple Watch: watchOS 2 with new watch faces. Developers can build their own "complications" (widgets with a terrible name that show updates and gauges on the watch face). A new feature called Time Travel lets you rotate the digital crown to zoom into the future and see what’s coming up. More new features: reply to email, bedside alarm clock, send scribbled messages in multiple colors. You can now play video on the watch. Developer beta of watchOS 2 available today, wide release in the fall for free.
  • Apple Music: “The next chapter in music. It will change the way you experience music forever,” says Cook. Live DJs broadcasting and hosting live radio streams you can listen to in 150 countries. Handpicked suggestions. 24/7 live global radio. Beats Connect lets unsigned artists connect with fans. Beats Music has all of iTunes’ music, to buy or stream. With curated recommendations. Launching June 30th in 100 countries with Android this fall, with Windows and Android versions. First three months free, $9.99 a month or $14.99 a month for family plan for up to six.
Bug

Typing 'http://:' Into a Skype Message Trashes the Installation Beyond Repair 225 225

An anonymous reader writes: A thread at the Skype community forums has brought to light a critical bug in Microsoft's Skype clients for Windows, iOS and Android: typing the incorrect URL initiator http://: into a text message on Skype will crash the client so badly that it can only be repaired by installing an older version and awaiting a fix from Microsoft. The bug does not affect OS X or the 'Metro'-style Windows clients — which means, effectively, that Mac users could kill the Skype installations on other platforms just by sending an eight-character message.
Android

Android M To Embrace USB Type-C and MIDI 106 106

jones_supa writes: USB Type-C connection is showing up in more and more devices, and Google is rolling support for the interface in its Android M operating system. The most significant additions relate to the USB Power Delivery spec. Charging will now work in both directions. That effectively means that Type-C devices can be used as external batteries for other devices. Android M is also finally introducing a feature that musicmakers have been long asking for: MIDI support. This builds on some of the audio features Google introduced in Android 5, including reduction in latency, multichannel audio stream mixing, and support for USB microphones, amplifiers, speakers, and other accessories. As others have written, music and media creation apps are much more prevalent in iOS than they are in Android, and Google hopes turning that around.
Android

The Tricky Road Ahead For Android Gets Even Trickier 344 344

HughPickens.com writes: Farhad Manjoo writes in the NYT that with over one billion devices sold in 2014 Android is the most popular operating system in the world by far, but that doesn't mean it's a financial success for Google. Apple vacuumed up nearly 90 percent of the profits in the smartphone business which prompts a troubling question for Android and for Google: How will the search company — or anyone else, for that matter — ever make much money from Android. First the good news: The fact that Google does not charge for Android, and that few phone manufacturers are extracting much of a profit from Android devices, means that much of the globe now enjoys decent smartphones and online services for low prices. But while Google makes most of its revenue from advertising, Android has so far been an ad dud compared with Apple's iOS, whose users tend to have more money and spend a lot more time on their phones (and are, thus, more valuable to advertisers). Because Google pays billions to Apple to make its search engine the default search provider for iOS devices, the company collects much more from ads placed on Apple devices than from ads on Android devices.

The final threat for Google's Android may be the most pernicious: What if a significant number of the people who adopted Android as their first smartphone move on to something else as they become power users? In Apple's last two earnings calls, Tim Cook reported that the "majority" of those who switched to iPhone had owned a smartphone running Android. Apple has not specified the rate of switching, but a survey found that 16 percent of people who bought the latest iPhones previously owned Android devices; in China, that rate was 29 percent. For Google, this may not be terrible news in the short run. If Google already makes more from ads on iOS than Android, growth in iOS might actually be good for Google's bottom line. Still, in the long run, the rise of Android switching sets up a terrible path for Google — losing the high-end of the smartphone market to the iPhone, while the low end is under greater threat from noncooperative Android players like Cyanogen which has a chance to snag as many as 1 billion handsets. Android has always been a tricky strategy concludes Manjoo; now, after finding huge success, it seems only to be getting even trickier.
Iphone

A Text Message Can Crash An iPhone and Force It To Reboot 248 248

DavidGilbert99 writes with news that a bug in iOS has made it so anyone can crash an iPhone by simply sending it a text message containing certain characters. "When the text message is displayed by a banner alert or notification on the lockscreen, the system attempts to abbreviate the text with an ellipsis. If the ellipsis is placed in the middle of a set of non-Latin script characters, including Arabic, Marathi and Chinese, it causes the system to crash and the phone to reboot." The text string is specific enough that it's unlikely to happen by accident, and users can disable text notification banners to protect themselves from being affected. However, if a user receives the crash-inducing text, they won't be able to access the Messages app without causing another crash. A similar bug crashed applications in OS X a few years ago.
AI

Microsoft Bringing Cortana To iOS, Android 65 65

An anonymous reader writes: While many big tech companies have their own personal assistant software these days, few of them are available on a broad variety of devices. Microsoft has now announced that it's becoming one of those few: Cortana will be available for iOS and Android devices later this year. It's part of an initiative by the company to ensure Windows 10 plays well with all sorts of devices, even phones made by the other major manufacturers. Microsoft said, "Regardless of the operating systems you choose across your devices – everything important to you should roam across the products you already own – including your phone." This led them to develop a "Phone Companion app," built into Windows 10, that's designed to help sync a user's PC with his phone.
Twitter

Tweets To Appear In Google Search Results 91 91

mpicpp writes with news that Google will now begin showing tweets alongside search results. Mobile users searching via the Android/iOS apps or through the browser will start seeing the tweets immediately, while the desktop version is "coming shortly." The tweets will only be available for the searches in English to start, but Twitter says they'll be adding more languages soon.
Security

Mobile Spy Software Maker MSpy Hacked, Customer Data Leaked 79 79

pdclarry writes: mSpy sells a software-as-a-service package that claims to allow you to spy on iPhones. It is used by ~2 million people to spy on their children, partners, Exes, etc. The information gleaned is stored on mSpy's servers. Brian Krebs reports that mSpy has been hacked and their entire database of several hundred GB of their customer's data has been posted on the Dark Web. The trove includes Apple IDs and passwords, as well as the complete contents of phones that have mSpy installed. So much for keeping your children safe.
IOS

Swift Vs. Objective-C: Why the Future Favors Swift 270 270

snydeq writes: InfoWorld's Paul Solt argues that It's high time to make the switch to the more approachable, full-featured Swift for iOS and OS X app dev. He writes in Infoworld: "Programming languages don't die easily, but development shops that cling to fading paradigms do. If you're developing apps for mobile devices and you haven't investigated Swift, take note: Swift will not only supplant Objective-C when it comes to developing apps for the Mac, iPhone, iPad, Apple Watch, and devices to come, but it will also replace C for embedded programming on Apple platforms. Thanks to several key features, Swift has the potential to become the de-facto programming language for creating immersive, responsive, consumer-facing applications for years to come."
Android

Google Can't Ignore the Android Update Problem Any Longer 434 434

An anonymous reader writes: An editorial at Tom's Hardware makes the case that Google's Android fragmentation problem has gotten too big to ignore any longer. Android 5.0 Lollipop and its successor 5.1 have seen very low adoption rates — 9.0% and 0.7% respectively. Almost 40% of users are still on KitKat. 6% lag far behind on Gingerbread and Froyo. The article points out that even Microsoft is now making efforts to both streamline Windows upgrades and adapt Android (and iOS) apps to run on Windows.

If Google doesn't adapt, "it risks having users (slowly but surely) switch to more secure platforms that do give them updates in a timely manner. And if users want those platforms, OEMs will have no choice but to switch to them too, leaving Google with less and less Android adoption." The author also says OEMs and carriers can no longer be trusted to handle operating system updates, because they've proven themselves quite incapable of doing so in a reasonable manner.