An anonymous reader quotes Ars Technica: A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates. The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec...

In communications earlier this month, Trustico notified DigiCert that 50,000 Symantec-issued certificates Trustico had resold should be mass revoked because of security concerns. When Jeremy Rowley, an executive vice president at DigiCert, asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates, according to an account posted to a Mozilla security policy forum. The report produced a collective gasp among many security practitioners who said it demonstrated a shockingly cavalier treatment of the digital certificates that form one of the most basic foundations of website security... In a statement, Trustico officials said the keys were recovered from "cold storage," a term that typically refers to offline storage systems. "Trustico allows customers to generate a Certificate Signing Request and Private Key during the ordering process," the statement read. "These Private Keys are stored in cold storage, for the purpose of revocation."
"There's no indication the email was encrypted," reports Ars Technica, and the next day DigiCert sent emails to Trustico's 23,000+ customers warning that their certificates were being revoked, according to Bleeping Computer.

In a related development, Thursday Trustico's web site went offline, "shortly after a website security expert disclosed a critical vulnerability on Twitter that appeared to make it possible for outsiders to run malicious code on Trustico servers."

A survey of satellite data published in the journal Cryosphere confirms what scientists have suspected for a while now: ice loss from the critical region of Antarctica is happening at an increasingly fast pace. Quartz reports: In total, researchers found that Antarctica lost roughly 1,929 gigatons of ice in 2015, which amounts to an increase of roughly 36 gigatons per year every year since 2008. (A gigaton is one billion tons.) Nearly 90% of that increase in loss occurred in West Antarctica, "probably in response to ocean warming," according to NASA. The new data analysis mostly confirms other recent research, but does so with a higher degree of precision by using a new technique that can process a larger amount of satellite data than was possible before.

West Antarctica has been losing a lot of ice in recent years, and at an ever-growing pace, while East Antarctica is losing ice more steadily. The West Antarctic ice sheet is of particular concern because, like a building that stands on an uneven foundation, it is inherently unstable, making it especially vulnerable to the warming climate. If the entire ice sheet were destabilized and melted into the sea, researchers estimate it would lead to 3 meters (9 feet) of sea level rise globally. Models suggest that under a low-emissions scenario, where the world commits to "peaking" and then steadily reducing emissions in the near future, complete destabilization of the West Antarctic ice sheet is possible to avoid. But under medium- or high-emissions scenarios, the loss of the ice sheet becomes inevitable.

hyperclocker shares a report from Popular Mechanics: The future of spacecraft in lower Earth orbit (LEO) looks to be an increasingly commercial affair. Bigelow Aerospace, a Las Vegas-based company that builds livable space habitats, has now created a spinoff company known as Bigelow Space Operations (BSO). BSO will market and operate any space habitats that Bigelow sells. The creation of BSO signals that Bigelow is preparing for a future of commercial space living. Recently leaked NASA documents show that the Trump Administration wants to convert the International Space Station into a commercial venture, and BSO is betting that businesses including private scientific ventures and hotels will be interested in creating a profit above the Earth. A prototype Bigelow habitat, the Bigelow Expandable Activity Module (BEAM), has been connected to the ISS since 2016. It's proven such a successful addition that last year NASA extended its contract for an additional three years. But Bigelow is thinking past the BEAM. In its press release announcing BSO, it highlights its planned launches of the B330-1 and B330-2, spacecraft with 6-person capacity, in 2021.

Since the latest graphics processing units (GPUs) are so popular with cryptocurrency miners, the SETI project -- short for "Search for Extraterrestrial Intelligence" -- can't find the graphics cards it needs to expand its operations. The SETI@home project helps provide some computing power, as it involves thousands of volunteers who turn the power of their computers over to the project, but it's only a portion of the SETI project's total computing power. Motherboard reports: Searching the stars is intense work that "uses radio telescopes to listen for narrow-bandwidth radio signals from space." Analyzing all of the data from these telescopes uses a lot of computing power. "We'd like to use the latest GPUs and we can't get 'em," Dan Werthimer, chief scientist of SETI, told the BBC. "That's limiting our search for extraterrestrials." Manufacturers such as Nvidia are struggling to keep up with demand for graphics cards. It recently told investors it would rise to meet its manufacturing challenge while focusing on its core market -- gamers. It even suggested vendors limit purchases of graphics cards from individual buyers in an effort to stop miners from buying up all the cards. "This is a new problem, it's only happened on orders we've been trying to make in the last couple of months," Werthimer told the BBC. "We've got the money, we've contacted the vendors, and they say, 'we just don't have them.'"

UPSat is the first open source -- both hardware and software -- satellite to have ever been launched in orbit. Pierros Papadeas, the Director of Operations for Libre Space Foundation, which helped build the UPSat, talked about the project at FOSDEM, a non-commercial, volunteer-organized European event focused on free and open-source software development. You can watch the talk here; and read an interview of him with folks at FOSDEM ahead of the talk here. Two excerpts from the interview: Q: What challenges did you encounter while designing, building, testing and eventually launching UPSat in orbit?
PP: The challenges where numerous, starting with the financial ones. Lack of appropriate funding led us to invest heavily in the project (through Libre Space Foundation funds) to ensure its successful completion. Countless volunteer participation was also key to the success. On the technical side, with minimal documentation and knowledge sharing around space projects we had to re-invent the wheel and discover many procedures and practices in a really short time-frame (6 months - unheard for a space mission). Lack of tools and equipment made our building process a creative exploration as we had to figure out ways to achieve specific tasks resorting to purpose-built projects in our local lab (hackerspace.gr). Testing and verification facilities where also a challenge mainly as we had to undergo much more extensive tests than other missions, having none of our components already "flight proven". Again creativity and countless hours of negotiations and documentation got us to the final delivery point. Launching UPSat in orbit was secured once the delivery happened, but as any typical space mission it came with long delays and timeline push-backs.

Q: What do you hope to accomplish by giving this talk? What do you expect?
Through this talk we would like to raise awareness for open source initiatives in space, and inspire open source technologists (engineers, programmers, analysts, makers) to engage in an open source project. We would also love to gather feedback and ideas on next steps and provide contribution opportunities for interested parties.

Today is the 20th anniversary of the phrase "open source software," which this article says was coined by the executive director of the Foresight Institute, a nonprofit think tank focused on nanotech and artificial intelligence. The phrase first entered the world on February 3rd, 1998, according to Christine Peterson: Of course, there are a number of accounts of the coining of the term, for example by Eric Raymond and Richard Stallman, yet this is mine, written on January 2, 2006. It has never been published, until today. The introduction of the term "open source software" was a deliberate effort to make this field of endeavor more understandable to newcomers and to business, which was viewed as necessary to its spread to a broader community of users... Interest in free software was starting to grow outside the programming community, and it was increasingly clear that an opportunity was coming to change the world... [W]e discussed the need for a new term due to the confusion factor. The argument was as follows: those new to the term "free software" assume it is referring to the price. Oldtimers must then launch into an explanation, usually given as follows: "We mean free as in freedom, not free as in beer." At this point, a discussion on software has turned into one about the price of an alcoholic beverage...

Between meetings that week, I was still focused on the need for a better name and came up with the term "open source software." While not ideal, it struck me as good enough. I ran it by at least four others: Eric Drexler, Mark Miller, and Todd Anderson liked it, while a friend in marketing and public relations felt the term "open" had been overused and abused and believed we could do better. He was right in theory; however, I didn't have a better idea... Later that week, on February 5, 1998, a group was assembled at VA Research to brainstorm on strategy. Attending -- in addition to Eric Raymond, Todd, and me -- were Larry Augustin, Sam Ockman, and attending by phone, Jon "maddog" Hall... Todd was on the ball. Instead of making an assertion that the community should use this specific new term, he did something less directive -- a smart thing to do with this community of strong-willed individuals. He simply used the term in a sentence on another topic -- just dropped it into the conversation to see what happened.... A few minutes later, one of the others used the term, evidently without noticing, still discussing a topic other than terminology. Todd and I looked at each other out of the corners of our eyes to check: yes, we had both noticed what happened...

Toward the end of the meeting, the question of terminology was brought up explicitly, probably by Todd or Eric. Maddog mentioned "freely distributable" as an earlier term, and "cooperatively developed" as a newer term. Eric listed "free software," "open source," and "sourceware" as the main options. Todd advocated the "open source" model, and Eric endorsed this... Eric Raymond was far better positioned to spread the new meme, and he did. Bruce Perens signed on to the effort immediately, helping set up Opensource.org and playing a key role in spreading the new term... By late February, both O'Reilly & Associates and Netscape had started to use the term. After this, there was a period during which the term was promoted by Eric Raymond to the media, by Tim O'Reilly to business, and by both to the programming community. It seemed to spread very quickly.
Peterson remembers that "These months were extremely exciting for open source," adding "Every week, it seemed, a new company announced plans to participate. Reading Slashdot became a necessity, even for those like me who were only peripherally involved. I strongly believe that the new term was helpful in enabling this rapid spread into business, which then enabled wider use by the public."

Wikipedia notes that Linus Torvalds endorsed the term the day after it was announced, that Phil Hughes backed it in Linux Journal, and that Richard Stallman "initially seemed to adopt the term, but later changed his mind."

MojoKid writes: More drama is unfolding in the ultra-competitive retro arcade gaming scene... Billy Mitchell, the arcade legend who appeared as a central character opposite Steve Wiebe in the documentary The King of Kong: A Fistful of Quarters, has been accused of cheating his way into the record books for high scores in Donkey Kong. As a result, he's now been stripped of his 1.062 million score on the Donkey Kong Forums...

The legitimacy of his score was called into question by Donkey Kong high score judge Jeremy "Xelnia" Young laid out a body of evidence that seems to prove Mitchell recorded several of his high scores on the open source arcade emulator MAME, though he claimed his scores were obtained on an original arcade cabinet, and therefore were not subject to same strict authentication requirements. "It's possible they were recorded in one shot," Young says, but "Given the play style in Billy's videos, it's more likely that vanilla MAME's INP recording feature was abused."
Twin Galaxies recently threw out the 35-year-old record for the Atari 2600 game Dragster, and has now said they're "in the process of fully reviewing the compelling evidence provided by Jeremy Young."

An anonymous reader quotes the Seattle Post-Intelligencer: A private investigative team announced Thursday morning that members now believe D.B. Cooper was a black ops CIA operative possibly even involved with Iran-Contra, and that his identity has been actively hidden by government agents. The 40-member cold-case team comprised of several former FBI agents and led by Thomas and Dawna Colbert made its latest reveal after a code breaker working with the team found connections in each of five letters allegedly sent by Cooper in the days following the famed hijacking in 1971.

What's more, several people who knew Colbert's top suspect, a man named Robert W. Rackstraw, have noted possible connections to the CIA and to top-secret operations, Colbert said. "The new decryptions include a dare to agents, directives to apparent partners, and a startling claim that is followed by Rackstraw's own initials: If captured, he expects a get-out-of-jail card from a federal spy agency," Colbert said in a news release... In a brief phone call last year, Rackstraw only told SeattlePI to verify Colbert's claims; he didn't issue a denial, or comment further on Colbert's investigation...

Late last year, Colbert's team obtained a fifth letter allegedly sent by Cooper that Colbert said supports a possible FBI cover-up, but also included random letters and numbers. A code breaker on Colbert's team was able to decode the letters and numbers and find they pointed to three Army units Rackstraw was connected to during his military service in Vietnam. The code was meant to serve as a signal to his co-conspirators that he was alive and well after the jump, Colbert said... Another letter, in which Cooper claimed to be CIA openly, also had the letters "RWR" at the end -- the initials of Robert W. Rackstraw, according to Colbert.

A federal appeals court in San Francisco ruled yesterday that Twitter is not legally responsible for the deaths of two Americans in an ISIS-linked attack in Jordan, even though the Islamic State may have used its access to Twitter to spread its message of terrorism and recruit new members. The decision upholds a 2016 ruling on the same case, which was filed by the families of the victims of the terrorist attack. SFGate reports: "Without Twitter, the explosive growth of ISIS over the last few years into the most-feared terrorist group in the world would not have been possible," the suit said. The Americans, Lloyd Fields Jr. and James Creach, were former police officers working for U.S. companies training law enforcement officers in Jordan. They were among five people shot to death in November 2015 by a Jordanian police captain, later identified as a member of an Islamic State terror cell. Islamic State said it was responsible for killing the "American crusaders."

As an example of the Twitter activity, the women's lawyers showed a snapshot of an undated tweet, allegedly from Islamic State, that declared "there is no life without jihad." As of December 2014, the suit said, the terror group had 70,000 Twitter accounts, of which 79 were "official" Islamic State accounts. Only recently, the lawyers said, had Twitter changed its rules to prohibit threats of violence or terrorism and ordered the suspension of accounts promoting terrorism. But the Ninth U.S. Circuit Court of Appeals in San Francisco said the suit failed to show a direct connection between Islamic State's use of Twitter and the fatal attack. "At most, the (suit) establishes that Twitter's alleged provision of material support to ISIS facilitated the organization's growth and ability to plan and execute terrorist acts," Judge Milan Smith said in the 3-0 ruling, which upheld a federal judge's dismissal of the suit earlier.

schwit1 shares a report from ScienceAlert: People with high blood sugar stand to experience worse long-term cognitive decline than their healthy peers, even if they're not technically type 2 diabetic, new research suggests. The findings are not the first linking diabetes with impaired cognitive functions, but they're some of the clearest yet showing blood sugar isn't just a marker of our dietary health -- it's also a telling predictor of how our brains may cope as we get older. "Our findings suggest that interventions that delay diabetes onset, as well as management strategies for blood sugar control, might help alleviate the progression of subsequent cognitive decline over the long-term," explain the researchers, led by epidemiologist Wuxiang Xie from Imperial College London. The researchers sourced their data from the English Longitudinal Study of Aging, an ongoing assessment of the health of a representative sample of the English population aged 50 and older, which began in in 2002. For its analysis, the team tracked 5,189 participants -- 55 percent women, with an average age of 66 years -- assessing their level of cognitive function between 2004-2005 to 2014-2015, spanning several waves of the ELSA study. The findings are reported in the journal Diabetologia.

An anonymous reader writes: Linus Torvalds has released Linux 4.15 following the lengthy development cycle due to the Spectre v2 and Meltdown CPU vulnerability mitigation work. This update comes with many kernel improvements including RISC-V architecture support, AMDGPU Display Code support, Intel Coffee Lake graphics support, and many other improvements.
"This obviously was not a pleasant release cycle, with the whole meltdown/spectre thing coming in in the middle of the cycle and not really gelling with our normal release cycle," Linus writes. "The extra two weeks were obviously mainly due to that whole timing issue... [T]he news cycle notwithstanding, the bulk of the 4.15 work is all the regular plodding 'boring' stuff. And I mean that in the best possible way. It may not be glamorous and get the headlines, but it's the bread and butter of kernel development, and is in many ways the really important stuff.

"Go forth and play with it, things actually look pretty good despite everything. And obviously this also means that the merge window for 4.16 is open... Hopefully we'll have a _normal_ and entirely boring release cycle for 4.16. Because boring really is good."

An anonymous reader writes: "I will be short. I've got an order to kill you," the note said, demanding $2,800 in U.S. dollars or Bitcoin. "I switched from being upset about it to, 'I need to get the word out'," one of its targets told a local newscaster. They filed a report through the FBI's web site.

"If only 1% of people send money -- there's no overhead for them; that's money in the bank," one FBI agent tells the news team. A quick Google search finds recent reports of two nearly identical threats using the same text.

"I have been thinking for a long time whether it is worth sending this notice, and decided that you still have the right to know... I've got an order to kill you, because some of your activity causes trouble to several people... I decided to break some rules, as this will be my final order... As soon as I receive the funds, I will forward you the name of the man [this] order came from, and all other information I have."

An anonymous reader writes: Five years after their original goal to ship Ubuntu with Wayland, Ubuntu 17.10 transitioned to using the Wayland display system by default as part of their transition to GNOME Shell as the default desktop. But with the upcoming Ubuntu 18.04 LTS release, Canonical has decided to transition back to the X.Org Server. Their reasoning for moving to an X.Org Server by default is better support for screen sharing, remote desktop, and better recovery from crashes. But for those interested the Wayland session will still be available as a log-in option.

It turns out driving drunk is still illegal, even with a driver-assistance system active. "On Saturday, January 13, police discovered a man in his Tesla vehicle on the San Francisco-Oakland Bay Bridge," reports Ars Technica. "The San Francisco Chronicle reports that 'the man had apparently passed out in the stopped car while stuck in the flow of busy bridge traffic at 5:30pm, according to the California Highway Patrol." From the report: When police woke the man up, he assured officers that everything was fine because the car was "on autopilot." No one was injured in the incident, and the California Highway Patrol made a snarky tweet about it. Needless to say, other Tesla owners -- and people who own competing systems like Cadillac's Super Cruise -- should not follow this guy's example. No cars on the market right now have fully driverless technology available. Autopilot, Supercruise, and other products are driver assistance products -- they're designed to operate with an attentive human driver as a backup. Driving drunk using one of these systems is just as illegal as driving drunk in a conventional car.

Slashdot reader sqorbit writes: Apple runs shuttle buses for it's employees in San Francisco. It seems someone who is not happy with Apple has decided to take out their anger on these buses. In an email obtained by Mashable, Apple states "Due to recent incidents of broken windows along the commute route, specifically on highway 280, we're re-routing coaches for the time being. This change in routes could mean an additional 30-45 minutes of commute time in each direction for some riders." It has been reported that at least four buses have had windows broken, some speculating that it might caused by rubber bullets.
"Around four years ago, people started attacking the shuttle buses that took Google employees to and from work, as a way of protesting the tech-company-driven gentrification taking place around San Francisco," remembers Fortune, adding "it seems to be happening again."

At least one Google bus was also attacked, according to the San Francisco Chronicle, which adds that the buses "were not marked with company logos, and the perpetrators are suspected of broadly targeting technology shuttle buses rather than a specific company."

An anonymous reader quotes the San Francisco Chronicle: California's last nuclear power plant -- Diablo Canyon, whose contentious birth helped shape the modern environmental movement -- will close in 2025, state utility regulators decided Thursday. The unanimous vote by the California Public Utilities Commission will likely bring an end to nuclear energy's long history in the state. State law forbids building more nuclear plants in California until the federal government creates a long-term solution for dealing with their waste, a goal that remains elusive despite decades of effort.

The decision comes even as California expands its fight against global warming. Owned by Pacific Gas and Electric Co., Diablo Canyon is the state's largest power plant, supplying 9 percent of California's electricity while producing no greenhouse gases. "With this decision, we chart a new energy future by phasing out nuclear power here in California," said commission President Michael Picker. "We've looked hard at all the arguments, and we agree the time has come."

An anonymous reader quotes the San Francisco Chronicle: One of the biggest cryptocurrency exchanges was down more than 40 hours this week, causing clients to freak out... San Francisco's Kraken went offline at 9 p.m. on Wednesday for maintenance that was initially scheduled to last two hours, plus an additional two to three hours for withdrawals, according to an announcement on the company's website. "We are still working to resolve the issues that we have identified and our team is working around the clock to ensure a smooth upgrade," according to a status update on Kraken's website posted early Friday. "This means it may still take several hours before we can relaunch." Shortly after noon, the company said it was "still working to track down an elusive bug which is holding up launch." It promised customers "a substantial amount of free trading" after the problem was resolved. In previous updates, Kraken mentioned it is working on "unexpected and delicate issues" and assured clients their funds were secure, adding that "Yes, this is our new record for downtime since we launched in 2013. No, we're not proud of it."
It's 53 hours after the downtime began, and their web page is still showing the same announcement.

"Kraken is presently offline for maintenance."

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.

InfoWorld reports that "the once-declining C language" has "completed a comeback" -- citing its rise to second place in the Tiobe Index of language popularity, the biggest rise of any language in 2017. An anonymous reader quotes their report: Although the language only grew 1.69 percentage points in its rating year over year in the January index, that was enough beat out runners-up Python (1.21 percent gain) and Erlang (0.98 percent gain). Just five months ago, C was at its lowest-ever rating, at 6.477 percent; this month, its rating is 11.07 percent, once again putting it in second place behind Java (14.215 percent) -- although Java dropped 3.05 percent compared to January 2017. C's revival is possibly being fueled by its popularity in manufacturing and industry, including the automotive market, Tiobe believes...

But promising languages such as Julia, Hack, Rust, and Kotlin were not able to reach the top 20 or even the top 30, Tiobe pointed out. "Becoming part of the top 10 or even the top 20 requires a large ecosystem of communities and evangelists including conferences," said Paul Jansen, Tiobe managing director and compiler of the index. "This is not something that can be developed in one year's time."
For 2017 Tiobe also reports that after Java and C, the most popular programming languages were C++, Python, C#, JavaScript, Visual Basic .Net, R, PHP, and Perl.

The rival Pypl Popularity of Programming Language index calculates that the most popular languages are Java, Python, PHP, JavaScript, C#, C++, C, R, Objective-C, and Swift.

An analysis by more than 200 astronomers has been published that shows the mysterious dimming of star KIC 8462852 -- nicknamed Tabby's star -- is not being produced by an alien megastructure. "The evidence points most strongly to a giant cloud of dust occasionally obscuring the star," reports The Guardian. From the report: KIC 8462852 is approximately 1,500 light years away from the Earth and hit the headlines in October 2015 when data from Nasa's Kepler space telescope showed that it was dimming by unexplainably large amounts. The star's light dropped by 20% first and then 15% making it unique. Even a large planet passing in front of the star would have blocked only about 1% of the light. For an object to block 15-20%, it would have to be approaching half the diameter of the star itself. With this realization, a few astronomers began whispering that such a signal would be the kind expected from a gigantic extraterrestrial construction orbiting in front of the star -- and the idea of the alien megastructure was born.

In the case of Tabby's star, the new observations show that it dims more at blue wavelengths than red. Thus, its light is passing through a dust cloud, not being blocked by an alien megastructure in orbit around the star. The new analysis of KIC 8462852 showing these results is to be published in The Astrophysical Journal Letters. It reinforces the conclusions reached by Huan Meng, University of Arizona, Tucson, and collaborators in October 2017. They monitored the star at multiple wavelengths using Nasa's Spitzer and Swift missions, and the Belgian AstroLAB IRIS observatory. These results were published in The Astrophysical Journal.