Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Education

Reglue: Opening Up the World To Deserving Kids With Linux Computers 15

Posted by Soulskill
from the never-too-early-for-your-first-tux dept.
jrepin writes: Today, a child without access to a computer (and the Internet) at home is at a disadvantage before he or she ever sets foot in a classroom. The unfortunate reality is that in an age where computer skills are no longer optional, far too many families don't possess the resources to have a computer at home. Linux Journal recently had the opportunity to talk with Ken Starks about his organization, Reglue (Recycled Electronics and Gnu/Linux Used for Education) and its efforts to bridge this digital divide.
Android

Old Apache Code At Root of Android FakeID Mess 98

Posted by Soulskill
from the write-once-run-anywhere dept.
chicksdaddy writes: A four-year-old vulnerability in an open source component that is a critical part of Android leaves hundreds of millions of mobile devices susceptible to silent malware infections. The vulnerability affects devices running Android versions 2.1 to 4.4 ("KitKat"), according to a statement released by Bluebox. The vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes, "an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim."

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.
The Internet

Which Is Better, Adblock Or Adblock Plus? 197

Posted by Soulskill
from the who-blacklists-the-blacklisters dept.
An anonymous reader writes: Wladimir Palant is the creator of the Adblock Plus browser extension, but he often gets asked how it compares to a similar extension for Chrome called Adblock. In the past, he's told people the two extensions achieve largely the same end, but in slightly different ways. However, recent changes to the Adblock project have him worried. "AdBlock covertly moved from an open development model towards hiding changes from its users. Users were neither informed about that decision nor the reasons behind it." He goes through the changelog and highlights some updates that call into question the integrity of Adblock. For example, from an update on June 6th: "Calling home functionality has been extended. It now sends user's locale in addition to the unique user ID, AdBlock version, operating system and whether Google Search ads are being allowed. Also, AdBlock will tell getadblock.com (or any other website if asked nicely) whether AdBlock has just been installed or has been used for a while — again, in addition to the unique user ID." Of course, Palant has skin in this game, and Adblock Plus has dealt with fallout from their "acceptable ads policy," but at least it's still developed in the open.
Open Source

seL4 Verified Microkernel Now Open Source 59

Posted by Unknown Lamer
from the formal-verification-for-the-rest-of-us dept.
Back in 2009, OKLabs/NICTA announced the first formally verified microkernel, seL4 (a member of the L4 family). Alas, it was proprietary software. Today, that's no longer the case: seL4 has been released under the GPLv2 (only, no "or later versions clause" unfortunately). An anonymous reader writes OSnews is reporting that the formally verified sel4 microkernel is now open source: "General Dynamics C4 Systems and NICTA are pleased to announce the open sourcing of seL4, the world's first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement. It is still the world's most highly assured OS." Source is over at Github. It supports ARM and x86 (including the popular Beaglebone ARM board). If you have an x86 with the VT-x and Extended Page Table extensions you can even run Linux atop seL4 (and the seL4 website is served by Linux on seL4).
Security

Ask Slashdot: Open Hard- & Software Based Security Token? 101

Posted by timothy
from the you-could-use-postcards-scanned-by-an-arduino dept.
Qbertino (265505) writes I've been musing about a security setup to allow my coworkers/users access to files from the outside. I want security to be a little safer than pure key- or password-based SSH access, and some super-expensive RSA Token setup is out of question. I've been wondering whether there are any feasible and working FOSS and open hardware-based security token generator projects out there. It'd be best with ready-made server-side scripts/daemons. Perhaps something Arduino or Raspberry Pi based? Has anybody tried something like this? What are your experiences? What do you use? How would you attempt an open hardware FOSS solution to this problem?
Networking

A Router-Based Dev Board That Isn't a Router 53

Posted by timothy
from the hook-it-to-anything dept.
An anonymous reader writes with a link to an intriguing device highlighted at Hackaday (it's an Indiegogo project, too, if it excites you $90 worth, and seems well on its way to meeting its modest goal): The DPT Board is something that may be of interest to anyone looking to hack up a router for their own connected project or IoT implementation: hardware based on a fairly standard router, loaded up with OpenWRT, with a ton of I/O to connect to anything.

It's called the DPT Board, and it's basically an hugely improved version of the off-the-shelf routers you can pick up through the usual channels. On board are 20 GPIOs, USB host, 16MB Flash, 64MB RAM, two Ethernet ports, on-board 802.11n and a USB host port. This small system on board is pre-installed with OpenWRT, making it relatively easy to connect this small router-like device to LED strips, sensors, or whatever other project you have in mind.
Open Source

Ask Slashdot: Where Do You Get (or Share) News About Open Source Projects? 85

Posted by timothy
from the just-start-typing-random-ips dept.
An anonymous reader writes "Now that freshmeat.net / freecode.com doesn't accept any updates, I wonder how the Slashdot crowd gets news about new projects, and even new versions of existing projects. For project managers, where could you announce new versions of your project, so that it can reach not just those who already know the project. Freshmeat / Freecode had all the tools to explore and discover projects, see screenshots (a mandatory feature for any software project, even with only a console interface or no interface at all) and go to the homepage of the project. I subscribed years ago to the RSS feed and sometimes found interesting projects this way. You could replace these tools by subscribing to newsletters or feeds from the projects you follow, but that doesn't cover the discovery part." And do any of the major development / hosting platforms for Free / Open Source projects (GitHub, Launchpad, or Slashdot sister-site SourceForge) have tools you find especially useful for skimming projects of interest?
EU

Switching From Microsoft Office To LibreOffice Saves Toulouse 1 Million Euros 284

Posted by Soulskill
from the all-about-the-napoleans dept.
jrepin sends this EU report: The French city of Toulouse saved 1 million euro by migrating all its desktops from Microsoft Office to LibreOffice. This project was rooted in a global digital policy which positions free software as a driver of local economic development and employment. Former IT policy-maker Erwane Monthubert said, "Software licenses for productivity suites cost Toulouse 1.8 million euro every three years. Migration cost us about 800,000 euro, due partly to some developments. One million euro has actually been saved in the first three years. It is a compelling proof in the actual context of local public finance. ... France has a high value in free software at the international level. Every decision-maker should know this."
Open Source

A Warm-Feeling Wooden Keyboard (Video) 80

Posted by Roblimo
from the keyboard-as-cool-as-a-woodie-station-wagon dept.
Plastic, plastic everywhere! Except on most surfaces of the Keyboardio ergonomic keyboard, which started as a 'scratch his itch' project by Jesse Vincent. According to his blurb on the Keyboardio site, Jesse 'has spent the last 20 years writing software like Request Tracker, K-9 Mail, and Perl. He types... a lot. He tried all the keyboards before finally making his own.'

His objective was to make a keyboard he really liked. And he apparently has. This video was shot in June, and Jesse already has a new model prototype under way that Tim Lord says is a notable improvement on the June version he already liked. || Note that the Keyboardio is hackable and open source, so if you think you can improve it, go right ahead. (Alternate Video Link)
Classic Games (Games)

ScummVM 1.7.0 Released 26

Posted by Unknown Lamer
from the manic-mansion dept.
jones_supa (887896) writes It's been a while since a new ScummVM release, but version 1.7.0 is now here with many exciting features. New games supported are The Neverhood, Mortville Manor, Voyeur, Return to Ringworld and Chivalry is Not Dead. The Roland MT-32 emulator has been updated, there is an OpenGL backend, the GUI has seen improvements, AGOS engine is enhanced, tons of SCI bug fixes have been applied, and various other improvements can be found. This version also introduces support for the OUYA gaming console and brings improvements to some other more exotic platforms. Please read the release notes for an accurate description of the new version. SCUMM being the language/interpreter used by many classic adventure games.
Media

Open-Source Blu-Ray Library Now Supports BD-J Java 94

Posted by Soulskill
from the hack-it-until-it-works dept.
An anonymous reader writes: Updates to the open-source libbluray, libaacs, and libbdplus libraries have improved the open-source Blu-ray disc support to now enable the Blu-ray Java interactivity layer (BD-J). The Blu-ray Java code is in turn executed by OpenJDK or the Oracle JDK and is working well enough to play a Blu-ray disc on the Raspberry Pi when paired with the VLC media player."
Firefox

Firefox 31 Released 172

Posted by Soulskill
from the baskin-robbins-edition dept.
An anonymous reader writes Mozilla has released version 31 of its Firefox web browser for desktops and Android devices. According to the release notes, major new features include malware blocking for file downloads, automatic handling of PDF and OGG files if no other software is available to do so, and a new certificate verification library. Smaller features include a search field on the new tab page, better support for parental controls, and partial implementation of the OpenType MATH table. Firefox 31 is also loaded with new features for developers. Mozilla also took the opportunity to note the launch of a new game, Dungeon Defenders Eternity, which will run at near-native speeds on the web using asm.js, WebGL, and Web Audio. "We're pleased to see more developers using asm.js to distribute and now monetize their plug-in free games on the Web as it strengthens support for Mozilla's vision of a high performance, plugin-free Web."
Communications

FTC To Trap Robocallers With Open Source Software 125

Posted by Soulskill
from the about-bloody-time dept.
coondoggie writes: The Federal Trade Commission today announced the rules for its second robocall exterminating challenge, known this time as Zapping Rachel Robocall Contest. 'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012. The agency will be hosting a contest at next month's DEF CON security conference to build open-source methods to lure robocallers into honeypots and to predict which calls are robocalls. They'll be awarding cash prizes for the top solutions.
Open Source

Meet LibreOffice Volunteer Robinson Tryon (Video) 26

Posted by Roblimo
from the sometimes-you-meet-nice-people-without-looking-for-them dept.
When Slashdot's Tim Lord went to Texas Linux Fest, one of the people he met there was Robinson Tryon. He's a volunteer with LibreOffice, and in this conversation he gave us a nice look at what's going on these days with LibreOffice and its parent organization, The Document Foundation. (Alternate Video Link)
X

X.Org Server 1.16 Brings XWayland, GLAMOR, Systemd Integration 225

Posted by Unknown Lamer
from the x11-will-outlast-us-all dept.
An anonymous reader writes The much anticipated Xorg Server 1.16 release is now available. The X.Org "Marionberry Pie" release features XWayland integration, GLAMOR support, systemd support, and many other features. XWayland support allows for legacy X11 support in Wayland environments via GL acceleration, GLAMOR provides generic 2D acceleration, non-PCI GPU device improvements, and countless other changes. The systemd integration finally allows the X server to run without root privileges, something in the works for a very long time. The non-PCI device improvements mean System-on-a-Chip graphics will work more smoothly, auto-enumerating just like PCI graphics devices do. As covered previously, GLAMOR (the pure OpenGL acceleration backend) has seen quite a bit of improvement, and now works with Xephyr and XWayland.
Open Source

Open Hardware and Digital Communications Conference On Free Video, If You Help 15

Posted by samzenpus
from the put-some-money-in-the-box dept.
Bruce Perens writes The TAPR Digital Communications Conference has been covered twice here and is a great meeting on leading-edge wireless technology, mostly done as Open Hardware and Open Source software. Free videos of the September 2014 presentations will be made available if you help via Kickstarter. For an idea of what's in them, see the Dayton Hamvention interviews covering Whitebox, our Open Hardware handheld software-defined radio transceiver, and Michael Ossman's HackRF, a programmable Open Hardware transceiver for wireless security exploration and other wireless research. Last year's TAPR DCC presentations are at the Ham Radio Now channel on Youtube.
Education

ChickTech Brings Hundreds of Young Women To Open Source 158

Posted by Soulskill
from the more-engineers-more-cool-stuff dept.
ectoman writes: Opensource.com is running an interview with Jennifer Davidson of ChickTech, a non-profit organization whose mission is to create communities of support for women and girls pursuing (or interested in pursuing) careers in tech. "In the United States, many girls are brought up to believe that 'girls can't do math' and that science and other 'geeky' topics are for boys," Davidson said. "We break down that idea." Portland, OR-based ChickTech is quickly expanding throughout the United States—to cities like Corvallis and San Francisco—thanks to the "ChickTech: High School" initiative, which gathers hundreds of young women for two-day workshops featuring open source technologies. "We fill a university engineering department with 100 high school girls—more girls than many engineering departments have ever seen," Davidson said. "The participants can look around the building and see that girls from all backgrounds are just as excited about tech as they are."
KDE

KDE Releases Plasma 5 108

Posted by Unknown Lamer
from the wobblier-windows dept.
KDE Community (3396057) writes "KDE proudly announces the immediate availability of Plasma 5.0, providing a visually updated core desktop experience that is easy to use and familiar to the user. Plasma 5.0 introduces a new major version of KDE's workspace offering. The new Breeze artwork concept introduces cleaner visuals and improved readability. Central work-flows have been streamlined, while well-known overarching interaction patterns are left intact. Plasma 5.0 improves support for high-DPI displays and ships a converged shell, able to switch between user experiences for different target devices. Changes under the hood include the migration to a new, fully hardware-accelerated graphics stack centered around an OpenGL(ES) scenegraph. Plasma is built using Qt 5 and Frameworks 5." sfcrazy reviewed the new desktop experience. It would appear the semantic desktop search features finally work even if you don't have an 8-core machine with an SSD.
Networking

OpenWRT 14.07 RC1 Supports Native IPv6, Procd Init System 71

Posted by Unknown Lamer
from the bofh-excuse-#3847-replacing-router-os dept.
An anonymous reader writes Release Candidate One of OpenWRT 14.07 "Barrier Breaker" is released. Big for this tiny embedded Linux distribution for routers in 14.07 is native IPv6 support and the procd init system integration. The native IPv6 support is with the RA and DHCPv6+PD client and server support plus other changes. Procd is OpenWRT's new preinit, init, hotplug, and event system. Perhaps not too exciting is support for upgrading on devices with NAND, and file system snapshot/restore so you can experiment without fear of leaving your network broken. There's also experimental support for the musl standard C library.
Education

Prof. Andy Tanenbaum Retires From Vrije University 136

Posted by timothy
from the congratulations-and-good-wishes dept.
When Linus Torvalds first announced his new operating system project ("just a hobby, won't be big and professional like gnu"), he aimed the announcement at users of Minix for a good reason: Minix (you can download the latest from the Minix home page) was the kind of OS that tinkerers could afford to look at, and it was intended as an educational tool. Minix's creator, Professor Andrew Stuart "Andy" Tanenbaum, described his academic-oriented microkernel OS as a hobby, too, in the now-famous online discussion with Linus and others. New submitter Thijssss (655388) writes with word that Tanenbaum, whose educational endeavors led indirectly to the birth of Linux, is finally retiring. "He has been at the Vrije Universiteit for 43 years, but everything must eventually end."

Your program is sick! Shoot it and put it out of its memory.

Working...