Forgot your password?
typodupeerror

Please create an account to participate in the Slashdot moderation system

Open Source

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion? 499

Posted by Soulskill
from the or-at-least-marginally-less-unsafe dept.
jammag writes: "Heartbleed has dealt a blow to the image of free and open source software. In the self-mythology of FOSS, bugs like Heartbleed aren't supposed to happen when the source code is freely available and being worked with daily. As Eric Raymond famously said, 'given enough eyeballs, all bugs are shallow.' Many users of proprietary software, tired of FOSS's continual claims of superior security, welcome the idea that Heartbleed has punctured FOSS's pretensions. But is that what has happened?"
Encryption

Snowden Used the Linux Distro Designed For Internet Anonymity 161

Posted by Soulskill
from the NSA-can't-make-heads-or-something-of-it dept.
Hugh Pickens DOT Com writes: "When Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. Now Klint Finley reports that Snowden also used The Amnesic Incognito Live System (Tails) to keep his communications out of the NSA's prying eyes. Tails is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. 'Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally,' writes Finley. 'This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources.'

The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. 'The NSA has been pressuring free software projects and developers in various ways,' the group says. But since we don't know who wrote Tails, how do we know it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. 'With Tails,' say the distro developers, 'we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal.'"
Security

OpenBSD Team Cleaning Up OpenSSL 274

Posted by timothy
from the devil-you-say dept.
First time accepted submitter Iarwain Ben-adar (2393286) writes "The OpenBSD has started a cleanup of their in-tree OpenSSL library. Improvements include removing "exploit mitigation countermeasures", fixing bugs, removal of questionable entropy additions, and many more. If you support the effort of these guys who are responsible for the venerable OpenSSH library, consider a donation to the OpenBSD Foundation. Maybe someday we'll see a 'portable' version of this new OpenSSL fork. Or not."
Encryption

First Phase of TrueCrypt Audit Turns Up No Backdoors 170

Posted by Unknown Lamer
from the only-slightly-insecure dept.
msm1267 (2804139) writes "A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase. A report on the first phase of the audit was released today (PDF) by iSEC Partners, which was contracted by the Open Crypto Audit Project (OCAP), a grassroots effort that not only conducted a successful fundraising effort to initiate the audit, but raised important questions about the integrity of the software.

The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly."
Businesses

Apple's Spotty Record of Giving Back To the Tech Industry 266

Posted by samzenpus
from the giving-back dept.
chicksdaddy (814965) writes "Given Apple's status as the world's most valuable company and its enormous cash hoard, the refusal to offer even meager support to open source and industry groups is puzzling. From the article: 'Apple bundles software from the Apache Software Foundation with its OS X operating system, but does not financially support the Apache Software Foundation (ASF) in any way. That is in contrast to Google and Microsoft, Apple's two chief competitors, which are both Platinum sponsors of ASF — signifying a contribution of $100,000 annually to the Foundation. Sponsorships range as low as $5,000 a year (Bronze), said Sally Khudairi, ASF's Director of Marketing and Public Relations. The ASF is vendor-neutral and all code contributions to the Foundation are done on an individual basis. Apple employees are frequent, individual contributors to Apache. However, their employer is not, Khudairi noted. The company has been a sponsor of ApacheCon, a for-profit conference that runs separately from the Foundation — but not in the last 10 years. "We were told they didn't have the budget," she said of efforts to get Apple's support for ApacheCon in 2004, a year in which the company reported net income of $276 million on revenue of $8.28 billion.'"
The Internet

Why the IETF Isn't Working 103

Posted by Soulskill
from the maybe-we-should-pay-these-people dept.
An anonymous reader writes "Vidya Narayanan spent seven years working on the Internet Engineering Task Force, and was nominated for the Internet Architecture Board. But she declined the nomination and left the IETF because standards bodies are not able to keep up with the rapid pace of tech development. She says, '[W]hile the pace at which standards are written hasn't changed in many years, the pace at which the real world adopts software has become orders of magnitude faster. Standards, unfortunately, have become the playground for hashing out conflicts and carrying out silo-ed agendas and as a result, have suffered a drastic degradation. ... Running code and rough consensus, the motto of the IETF, used to be realizable at some point. Nowadays, it is as though Margaret Thatcher's words, "consensus is the lack of leadership" have come to life. In the name of consensus, we debate frivolous details forever. In the name of patents, we never finish. One recent case in point is the long and painful codec battles in the WebRTC working group.'"
Businesses

Ask Slashdot: How To Start With Linux In the Workplace? 450

Posted by timothy
from the sounds-like-mint-works-for-you dept.
An anonymous reader writes "Recently my boss has asked me about the advantages of Linux as a desktop operating system and if it would be a good idea to install it instead of upgrading to Windows 7 or 8. About ten boxes here are still running Windows XP and would be too old to upgrade to any newer version of Windows. He knows that i am using Linux at work on quite outdated hardware (would have gotten a new PC but never requested new hardware — Linux Mint x64 runs quite well on it) and i always managed to get my stuff done with it. I explained to him that there are no licensing issues with Linux, there is no anti-virus software to deal with and that Linux is generally a bit more efficient on old hardware than operating systems from Microsoft. The boss seems interested." But that's not quite the end; read on for this reader's question.
Security

Heartbleed OpenSSL Vulnerability: A Technical Remediation 239

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes "Since the announcement malicious actors have been leaking software library data and using one of the several provided PoC codes to attack the massive amount of services available on the internet. One of the more complicated issues is that the OpenSSL patches were not in-line with the upstream of large Linux flavors. We have had a opportunity to review the behavior of the exploit and have come up with the following IDS signatures to be deployed for detection."
Input Devices

Princeton Students Develop Open Source Voice Control Platform For Any Device 34

Posted by Unknown Lamer
from the yell-at-your-computer-more-effectively dept.
rjmarvin (3001897) writes "Two Princeton computer science students have created an open source platform for developing voice-controlled applications that are always on. Created by Shubhro Saha and Charlie Marsh, Jasper runs on the Raspberry Pi under Raspbian, using a collection of open source libraries to make up a development platform for building voice-controlled applications. Marsh and Saha demonstrate Jasper's capability to perform Internet searches, update social media, and control music players such as Spotify. You need a few easily obtainable bits of hardware (a USB microphone, wifi dongle or ethernet, and speakers). The whole thing is powered by CMU Sphinx (which /. covered the open sourcing of back in 2000). Jasper provides Python modules (under the MIT license) for recognizing phrases and taking action, or speaking when events occur. There doesn't seem to be anything tying it to the Raspberry Pi either, so you could likely run it on an HTPC for always-on voice control of your media center.
Ubuntu

A Conversation with Ubuntu's Jono Bacon (Video) 53

Posted by Roblimo
from the the-world's-leading-death-metal-free-software-advocate dept.
You've probably heard Jono Bacon speak at a Linux or Open Source conference. Or maybe you've heard one of his podcasts or read something he's written in his job as Ubuntu's community manager or even, perhaps, read The Art of Community, which is Jono's well-regarded book about building online communities. Jono also wrote and performed the heavy metal version of Richard M. Stallman's infamous composition, The Free Software Song. An excerpt from the Jono version kicks off our interview, and the complete piece (about two minutes long) closes the video. Please note that this video is a casual talk with Jono Bacon, the person, rather than a talk with the "official" Ubuntu Jono Bacon. So please, pull up a chair, lean back, and join us. (Alternate Video Link)
Windows

Meet the Diehards Who Refuse To Move On From Windows XP 641

Posted by timothy
from the come-the-revolution dept.
Hugh Pickens DOT Com (2995471) writes "Nearly every longtime Windows user looks back on Windows XP with a certain fondness, but the party's over according to Microsoft. 'It's time to move on,' says Tom Murphy, Microsoft's director of communications for Windows. 'XP was designed for a different era.' But Ian Paul writes in PC World that many people around the world refuse to give up on XP. But why? What's so great about an operating system that was invented before the age of Dropbox and Facebook, an OS that's almost as old as the original Google search engine? Bob Appel, a retiree based in Toronto, says he uses 12 PCs in a personal Dropbox-like network—10 of which are running XP. 'I use a third-party firewall, a free virus checker, and run Housecall periodically,' says Appel. 'My Firefox browser uses Keyscrambler, HTTPS Anywhere, Ghostery, and Disconnect. I also have a VPN account (PIA) when traveling. For suspicious email attachments, I deploy private proprietary bioware (me!) to analyze before opening. All the "experts" say I am crazy. Thing is, I stopped the security updates in XP years ago after a bad update trashed my system, and yet I have never been infected, although online for hours each day. So, crazy though I be, I am sticking with XP.'" (Read more, below.)
Technology

A Bid To Take 3D Printing Mainstream 143

Posted by samzenpus
from the grandma's-printed-cookies dept.
Nerval's Lobster (2598977) writes "Can 3D printing go truly mainstream? Startup M3D is betting on it, having launched a Kickstarter campaign to create what it terms the first truly consumer 3D printer, built around proprietary auto-leveling and auto-calibration technology that (it claims) will allow the device to run in an efficient, easy-to-use way for quite some time. According to The Verge, the device is space-efficient, quiet, and sips power: 'One of the main obstacles between 3D printers and consumers has been clunky, unintuitive software. Here too, M3D promises improvements, having designed an app that's 'as interactive and enjoyable as a game' with a minimalist and touch-friendly interface.' Do you think 3D printing can capture a massive audience, or will it remain niche for the foreseeable future?"
Microsoft

Should Microsoft Give Kids Programmable Versions of Office? 226

Posted by samzenpus
from the won't-somebody-please-think-of-the-children? dept.
theodp (442580) writes "Over at Microsoft on the Issues, Microsoft continues to lament the computer programming skills gap of American kids, while simultaneously lobbying for more H-1B visas to fill that gap. Saying that states must do more to 'help students gain critical 21st century skills,' Microsoft credits itself and partner Code.org for getting 30,606,732 students to experience coding through the Hour of Code, claiming that K-12 kids have 'written 1,332,784,839 lines of code' (i.e., dragged-and-dropped puzzle pieces), So, if it's concerned about helping students gain programming skills, shouldn't Microsoft be donating fully-functional desktop versions of MS-Office to schools, which would allow kids to use Visual Basic for Applications (VBA)? While Microsoft's pledge to give 12 million copies of its Office software to schools was heralded by the White House and the press, a review of the 'fine print' at Microsoft suggests it's actually the online VBA-free version of Office 365 Education that the kids will be getting, unless their schools qualify for the Student Advantage program by purchasing Office for the faculty and staff. Since Microsoft supported President Obama's call for kids to 'Don't Just Play on Your Phone, Program It', shouldn't it give kids the chance to program MS-Office, too?"
IBM

Fifty Years Ago IBM 'Bet the Company' On the 360 Series Mainframe 169

Posted by timothy
from the y'-tell-the-kids-that-today dept.
Hugh Pickens DOT Com (2995471) writes "Those of us of a certain age remember well the breakthrough that the IBM 360 series mainframes represented when it was unveiled fifty years ago on 7 April 1964. Now Mark Ward reports at BBC that the first System 360 mainframe marked a break with all general purpose computers that came before because it was possible to upgrade the processors but still keep using the same code and peripherals from earlier models. "Before System 360 arrived, businesses bought a computer, wrote programs for it and then when it got too old or slow they threw it away and started again from scratch," says Barry Heptonstall. IBM bet the company when they developed the 360 series. At the time IBM had a huge array of conflicting and incompatible lines of computers, and this was the case with the computer industry in general at the time, it was largely a custom or small scale design and production industry, but IBM was such a large company and the problems of this was getting obvious: When upgrading from one of the smaller series of IBM computers to a larger one, the effort in doing that transition was so big so you might as well go for a competing product from the "BUNCH" (Burroughs, Univac, NCR, CDC and Honeywell). Fred Brooks managed the development of IBM's System/360 family of computers and the OS/360 software support package and based his software classic "The Mythical Man-Month" on his observation that "adding manpower to a late software project makes it later." The S/360 was also the first computer to use microcode to implement many of its machine instructions, as opposed to having all of its machine instructions hard-wired into its circuitry. Despite their age, mainframes are still in wide use today and are behind many of the big information systems that keep the modern world humming handling such things as airline reservations, cash machine withdrawals and credit card payments. "We don't see mainframes as legacy technology," says Charlie Ewen. "They are resilient, robust and are very cost-effective for some of the work we do.""
EU

EU Should Switch To ODF Standard, Says MEP 111

Posted by timothy
from the so-should-the-u.s. dept.
DTentilhao (3484023) writes "The European institutions should switch to using the Open Document Format (ODF) as their internal default document format, says Member of the European Parliament Indrek Tarand. Speaking at a meeting of the European Parliament's Free Software User Group (Epfsug), last week Wednesday, MEP Tarand said: 'Moving to ODF would allow real innovation, and real procurement.'"
Encryption

"Nearly Unbreakable" Encryption Scheme Inspired By Human Biology 179

Posted by timothy
from the just-ask-the-creator dept.
rjmarvin (3001897) writes "Researchers at the U.K.'s Lancaster University have reimagined the fundamental logic behind encryption, stumbling across a radically new way to encrypt data while creating software models to simulate how the human heart and lungs coordinate rhythms. The encryption method published in the American Physical Society journal and filed as a patent entitled 'Encoding Data Using Dynamic System Coupling,' transmits and receive multiple encrypted signals simultaneously, creating an unlimited number of possibilities for the shared encryption key and making it virtually impossible to decrypt using traditional methods. One of the researchers, Peter McClintock, called the encryption scheme 'nearly unbreakable.'
Debian

Not Just Apple: GnuTLS Bug Means Security Flaw For Major Linux Distros 144

Posted by timothy
from the holes-to-plug dept.
According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple's iOS (and which Apple has since fixed). Says the article:"The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical 'goto fail' flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug." And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.
Sony

Blender Foundation Video Taken Down On YouTube For Copyright Violation 306

Posted by timothy
from the now-it's-ours dept.
An anonymous reader writes "As if the automated take downs on Youtube weren't already bad enough, today fans of the popular open source 3D software Blender were greeted by a copyright take down notice for their third open movie, Sintel, despite it being released under a Creative Commons license: 'This video contains content from Sony Pictures Movies & Shows, who has blocked it on copyright grounds.' It is believed that the takedown was a result of Sony Electronics adding Sintel to their official 4k demo pool."

He keeps differentiating, flying off on a tangent.

Working...