For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Security

Malwarebytes Offers Pirates Its Premium Antimalware Product For Free 74 74

Posted by samzenpus
from the our-bad dept.
An anonymous reader writes: If you have a cracked or pirated version of Malwarebytes Anti-Malware (MBAM) product the company has debuted an Amnesty program for you. Venturebeat reports: "If you pirated Malwarebytes Anti-Malware, purchased a counterfeit version of the software, or are having problems with your key in general, the company is offering a free replacement key." CEO Marcin Kleczynski explained the program and his statement reads in part: "When I started Malwarebytes, I absolutely had no idea how successful we would be today. I am extremely grateful for all of the support from everyone and how fast we’ve grown. That being said, I picked a very insecure license key algorithm and as such, generating a pirated key was, and is, very simple.

The problem with pirated keys is that they may collide with a legitimate key just by the sheer numbers. For example, Larry may generate a pirated key that matches the exact key that I already bought. Yes, this is silly, and yes, this is literally the first thing a professional software company thinks of when building license key generation, but when you think you’re building a product for just a few people you don’t hash out these details.

Now we’ve grown up, and we’ve got a new licensing system that we’ve rolled out in stages. The only problem is that we have millions of users that we’ve sold keys to, or a reseller has sold keys to, or we’ve given out keys to without keeping track. It is a mess, and you as a consumer have every right to be upset.
Advertising

Avira Wins Case Upholding Its Right To Block Adware 50 50

Posted by samzenpus
from the keeping-the-door-closed dept.
Mark Wilson writes: Security firm Avira has won a court case that can not only be chalked up as a win for consumer rights, but could also set something of a precedent. Germany company Freemium.com took Avira to court for warning users about "potentially unwanted applications" that could be bundled along with a number of popular games and applications. Freemium.com downloads included a number of unwanted extras in the form of browser toolbars, free trial applications, adware, and other crapware. Avira's antivirus software warned users installing such applications; Freemium took objection to this and filed a cease and desist letter, claiming anti-competitive practices. But the court ruled in Avira's favor, saying it could continue to flag up and block questionable software.
Bug

MIT System Fixes Software Bugs Without Access To Source Code 70 70

Posted by Soulskill
from the copies-solutions-from-stack-overflow dept.
jan_jes writes: MIT researchers have presented a new system at the Association for Computing Machinery's Programming Language Design and Implementation conference that repairs software bugs by automatically importing functionality from other, more secure applications. According to MIT, "The system, dubbed CodePhage, doesn't require access to the source code of the applications. Instead, it analyzes the applications' execution and characterizes the types of security checks they perform. As a consequence, it can import checks from applications written in programming languages other than the one in which the program it's repairing was written."
Medicine

Pass the Doritos, Scientists Develop Computer Game Targeted At Healthy Choices 78 78

Posted by timothy
from the it-puts-the-lotion-on-its-skin-or-else-it-gets-basal-cell-carcinoma dept.
MojoKid writes: Psychologists at the University of Exeter and Cardiff University have published a study that demonstrates how a simple computer game can help people lose weight. Participants in the study who played the specialized game lost and average of 1.5 pounds in the first seven days, and 4.5 pounds after six months. They also reduced their daily caloric consumption by 220 calories. Dr. Natalia Lawrence led the team of researchers that developed the computer game for the study. It was designed to train people to resist unhealthy food snack foods through a "stop versus go" process. Participants sat in front of a Pentium 3 PC running Matlab software on a 17-inch monitor. They were then instructed to press certain keys when images of things like fruits and clothes would appear, indicating a "go." But for images of calorie-dense foods (chips and cake, for example) they were instructed not to do anything, indicating a "stop" action.
Build

Ask Slashdot: For What Are You Using 3-D Printing? 249 249

Posted by timothy
from the endless-dollhouse-furniture dept.
An anonymous reader writes: I've been thinking about getting a 3-D printer for a while: the quality is rising, the software is better, STL files really do seem a sufficiently good standard ("sufficiently standard," that is — I'm not worried that printers are going to stop supporting it anytime soon), and prices have dropped quite a bit. Importantly to me, it also seems like less of a jumping-off-a-cliff decision, since I can get a completely assembled one from places as wild and crazy as ... the Home Depot (not that I plan to). However, even the stretchiest practical things I can think of to print can't truly actually justify the price, and that's OK — I hope not to require enough replacement knobs and chess pieces to necessarily *need* one, and playing around with it is the main likely upshot, which I'm OK with. But still, I'd like to hear what uses you have been putting your 3-D printer to, including printers that aren't yours but belong to a hackerspace, public library, eccentric neighbor, etc. What actually practical / useful tasks have you been using 3-D printing for, and with what printer technology? What playful purposes? It's OK if you just keep printing out those chess pieces and teapots, but I'm curious about less obvious reasons to have one around. (And I might just use the local Tech Shop's anyhow, but the question still applies.) If you've purchased a 3D printer, are you happy with the experience? If so, or if not, what kind did you get?
Microsoft

Samsung To Stop Blocking Automatic Windows Updates 23 23

Posted by timothy
from the just-keep-the-door-unlocked dept.
A few days ago, we mentioned that a piece of (nominally) utility software from Samsung was blocking critical security updates. Understandably, this isn't what users typically want. The Register reports that Samsung has now back-pedaled, though, and will be issuing a patch in the next few days to fix the glitch. (Users were able to manually install the updates anyhow, but the expected, automatic updates were blocked.) However, as the Register notes: The thought of a computer manufacturer disabling Windows Update will have had the Microsoft security team on edge. But there's also Windows 10 to consider. When the new operating system comes out, Windows Update will feed in fixes continuously, and if you're not a business customer those updates are going to be coming over the wires constantly. Enterprise users get Windows Update for Business, which allows them to choose when to patch, presumably after the plebs have beta-tested them.
The Almighty Buck

Philanthropy For Hackers 27 27

Posted by Soulskill
from the giving-it-good dept.
An anonymous reader writes: Sean Parker, co-founder of Napster and the first president of Facebook, was part of a generation of geeks who rode the dot-com boom to financial success. Over the past two decades, that population has dramatically increased, and former hackers are carving out spots as leaders of industry. In the Wall Street Journal, Parker has posted advice for how the hacker elite can approach philanthropy. He points out that they're already bringing a level of strategy and efficacy to charity work that hasn't been seen before. "These budding philanthropists want metrics and analytic tools comparable to the dashboards, like Mixpanel, that power their software products. They want to interact directly with the scientists, field workers and academics whose ideas power the philanthropic world but who have traditionally been hidden away in a backroom somewhere, shielded from their beneficiaries by so-called development officers." One thing he advises is keeping away from large charity organizations, which largely exist to keep themselves going. He also suggests getting actively involved with the political process, even if such organizations are often distasteful.
Programming

Mob Programming: When Is 5 Heads Really Better Than 1 (or 2)? 122 122

Posted by Soulskill
from the when-you-need-somebody-to-blame dept.
itwbennett writes: Proponents of Mob programming, an offshoot of Pair programming in which the whole team works together on the same computer, say that it increases both quality and productivity, but also acknowledge that the productivity gains might not be readily apparent. "If you measure by features or other classic development productivity metrics, Mobbing looks like it's achieving only 75 to 85 percent of individual or Pair output for, say, a team of six or seven working for a week," says Paul Massey, whose company Bluefruit Software is a heavy user of the Mob approach. So, where does the productivity come from? Matthew Dodkins, a software architect at Bluefruit says the biggest gains are in code merges. "In a day spent using traditional collaboration, you would have to first spend time agreeing on tasks, common goals, deciding who's doing what... and then going away to do that, write code, and come back and merge it, resolve problems," says Dodkins. By bringing everyone into the same room, "we try to merge frequently, and try to do almost continuous integration." Matt Schartman, whose company Appfolio also uses Mobbing and wrote about his experience, gave Mobbing high marks for producing a quality product, but didn't find that it improved productivity in any measurable way.
Encryption

Cisco Security Appliances Found To Have Default SSH Keys 112 112

Posted by Soulskill
from the invitation-to-misbehave dept.
Trailrunner7 writes: Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses. The company said all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability.

This bug is about as serious as they come for enterprises. An attacker who is able to discover the default SSH key would have virtually free reign on vulnerable boxes, which, given Cisco's market share and presence in the enterprise worldwide, is likely a high number. The default key apparently was inserted into the software for support reasons.

"The vulnerability is due to the presence of a default authorized SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv. An exploit could allow the attacker to access the system with the privileges of the root user," Cisco said.
Software

Ask Slashdot: User-Friendly, Version-Preserving File Sharing For Linux? 204 204

Posted by timothy
from the when-diff+cron-isn't-the-right-answer dept.
petherfile writes: I've been a professional with Microsoft stuff for more than 10 years and I'm a bit sick of it to be honest. The one that's got me stuck is really not where I expected it to be. You can use a combination of DFS and VSS to create a file share where users can put whatever files they are working on that is both redundant and has "previous versions" of files they can recover. That is, users have a highly available network location where they can "go back" to how their file was an hour ago. How do you do that with Linux?

This is a highly desirable situation for users. I know there are nice document management things out there that make sharepoint look silly, but I just want a simple file share, not a document management utility. I've found versioning file systems for Linux that do what Microsoft does with VSS so much better (for having previous version of files available.) I've found distributed file systems for Linux that make DFS look like a bad joke. Unfortunately, they seem to be mutually exclusive. Is there something simple I have missed?
Businesses

Put Your Enterprise Financial Data In the Cloud? Sure, Why Not 89 89

Posted by samzenpus
from the keeping-it-safe dept.
jfruh writes: For many, the idea of storing sensitive financial and other data in the cloud seems insane, especially considering the regulatory aspects that mandate how that data is protected. But more and more organizations are doing so as cloud providers start presenting offerings that fulfill regulatory needs — and people realize that information is more likely to be accidentally emailed out to the wrong address than hacked.
Businesses

Average Duration of Hiring Process For Software Engineers: 35 Days 178 178

Posted by Soulskill
from the moving-at-the-speed-of-HR dept.
itwbennett writes: Despite the high demand for tech workers of pretty much all stripes, the hiring process is still rather drawn out, with the average time-to-hire for Software Engineers taking 35 days. That's one of the findings of a new study from career site Glassdoor. The study, led by Glassdoor's Chief Economist Dr. Andrew Chamberlain, analyzed over 340,000 interview reviews, covering 74,000 unique job titles, submitted to the site from February 2009 through February 2015. Glassdoor found that the average time-to-hire for all jobs has increased 80% (from 12.6 days to 22.9 days) since 2010. The biggest reason for this jump: The increased reliance on screening tests of various sorts, from background checks and skills tests to drug tests and personality tests, among others.
Google

Google Tests Code Repository Service 44 44

Posted by Soulskill
from the a-challenger-appears dept.
An anonymous reader writes: VentureBeat notes that Google has begun testing an unannounced service to host and edit source code repositories as part of its cloud platform. It's called Cloud Source Repositories, and it's currently being beta-tested. "Google is taking a gradual approach with the new service: It can serve as a 'remote' for Git repositories sitting elsewhere on the Internet or locally. Still, over time the new tool could help Google become more of an all-in-one destination for building and deploying applications."
Robotics

Making a Birdhouse is Like 'Hello World' for a Versatile Factory Robot (2 Videos) 23 23

Posted by Roblimo
from the do-robot-birdhouse-builders-keep-robot-cats-as-pets? dept.
Many millions of American students have been called on to construct a wooden birdhouse as part of a middle- or high-school shop class. To make a birdhouse from wood and nails may not requite advanced carpentry, but it does take eye-hand coordination, object recognition, the ability to lift constituent pieces, and to grasp and wield tools -- and each of those can be broken down further into smaller tasks and skills of the kind that we as humans don't generally have to think about. ("Rotate wrist slightly to account for board angle.") For robots, it's another story: like the computers that run them, robots generally only do what they're told. Industrial robots can do some complex tasks, but they're expensive and complex to program.

Benjamin Cohen is a Ph.D candidate at the University of Pennsylvania working under adviser Maxim Likhachev with a real-world, cheap way to make robots to accomplish a multi-step project with minimal human intervention, which he calls "autonomous robotic assembly." Project Birdhouse -- part of his Ph.D. work, along with teammates Mike Phillips and Ellis Ranter -- is Cohen's effort to create a sort of "Hello, World" for robots. With a combination of a research-platform robot base, off-the-shelf parts, like a nail gun (read: "One not built for robot use"), and software to squeeze greater accuracy out of the system as a whole, he and his colleagues have come up with a robot that can grab a selection of parts, align them properly, and assemble them with nails into a functional birdhouse. QR codes let the robot give the robot a sort of recipe to follow, and the system is smart enough to squawk if it doesn't have the right parts to complete the task. (Check out more video with the robot in action, and a great many photos, sketches, and diagrams illustrating the project's evolution.)

NOTE: We split today's video in half, with both halves running right here, today. This way, if you watch the first video and and want to learn more, you can move on to the second one. And the transcript not only covers both videos, but has "bonus" material that isn't in either one.
United States

Google, Apple, and Others Remove Content Related To the Confederate Flag 812 812

Posted by Soulskill
from the symbols-are-for-the-symbol-minded dept.
davek writes with news that Google is removing results related to the Confederate Flag from Google Shopping, the company's online marketplace. They're also blocking advertisements involving the flag. They say, "We have determined that the Confederate flag violates our Ads policies, which don't allow content that's generally perceived as expressing hate toward a particular group." At the same time, Apple is removing from the App Store any games or other software featuring the Confederate Flag. This, of course, follows the recent shooting in South Carolina, which triggered a nationwide debate over whether the flag should be flown at government buildings (or anywhere). Major online merchant websites like eBay and Amazon have already taken the step of banning merchandise relating to the flag.
Open Source

The Open Container Project and What It Means 54 54

Posted by samzenpus
from the breaking-it-down dept.
An anonymous reader writes: Monday saw the announcement of the Open Container Project in San Francisco. It is a Linux Foundation project that will hold the specification and basic run-time software for using software containers. The list of folks signing up to support the effort contains the usual suspects, and this too is a good thing: Amazon Web Services, Apcera, Cisco, CoreOS, Docker, EMC, Fujitsu Limited, Goldman Sachs, Google, HP, Huawei, IBM, Intel, Joyent, the Linux Foundation, Mesosphere, Microsoft, Pivotal, Rancher Labs, Red Hat, and VMware. In this article Stephen R. Walli takes a look at what the project means for open source.
Windows

Samsung Cripples Windows Update To Prevent Incompatible Drivers 289 289

Posted by Soulskill
from the that's-not-how-this-works dept.
jones_supa writes: A file called Disable_Windowsupdate.exe — probably malware, right? It's actually a "helper" utility from Samsung, for which their reasoning is: "When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates." Too bad that the solution means disabling all critical security updates as well. This isn't the first time an OEM has compromised the security of its users. From earlier this year, we remember the Superfish adware from Lenovo, and system security being compromised by the LG split screen software.
Android

IT Pros Blast Google Over Android's Refusal To Play Nice With IPv6 287 287

Posted by Soulskill
from the do-as-we-say-not-as-we-do dept.
alphadogg writes: The widespread popularity of Android devices and the general move to IPv6 has put some businesses in a tough position, thanks to Android's lack of support for a central component in the newer standard. DHCPv6 is an outgrowth of the DHCP protocol used in the older IPv4 standard – it's an acronym for 'dynamic host configuration protocol,' and is a key building block of network management. Nevertheless, Google's wildly popular Android devices – which accounted for 78% of all smartphones shipped worldwide in the first quarter of this year – don't support DHCPv6 for address assignment.
Security

New Snowden Leaks Show NSA Attacked Anti-Virus Software 98 98

Posted by timothy
from the picking-your-locks-for-your-own-protection dept.
New submitter Patricbranson writes: The NSA, along with its British counterpart Government Communications Headquarters (GCHQ), spent years reverse-engineering popular computer security software in order to spy on email and other electronic communications, according to the classified documents published by the online news site The Intercept. With various countries' spy agencies trying to make sure computers aren't secure (from their own intrusions, at least), it's no wonder that Kaspersky doesn't want to talk about who hacked them.
Linux Business

CRYENGINE Finally Lands On Linux 57 57

Posted by Soulskill
from the welcome-to-crytux dept.
An anonymous reader writes: CRYENGINE, the video game engine from Crytek, will run natively on Linux starting from version 3.8.1. Other improvements include the ability to run on the Oculus Rift, support for OpenGL, 8-weight GPU vertex skinning, and improved POM self-shadowing. Here are the full release notes. They've also added Game Zero, a full blown example game that demonstrates how various features of the engine can work.