Crime

FBI Warns of Email Death Threats Demanding Bitcoin (abc7.com) 95

An anonymous reader writes: "I will be short. I've got an order to kill you," the note said, demanding $2,800 in U.S. dollars or Bitcoin. "I switched from being upset about it to, 'I need to get the word out'," one of its targets told a local newscaster. They filed a report through the FBI's web site.

"If only 1% of people send money -- there's no overhead for them; that's money in the bank," one FBI agent tells the news team. A quick Google search finds recent reports of two nearly identical threats using the same text.

"I have been thinking for a long time whether it is worth sending this notice, and decided that you still have the right to know... I've got an order to kill you, because some of your activity causes trouble to several people... I decided to break some rules, as this will be my final order... As soon as I receive the funds, I will forward you the name of the man [this] order came from, and all other information I have."

Ubuntu

Ubuntu 18.04 LTS Will Default To The X.Org Stack, Not Wayland (phoronix.com) 194

An anonymous reader writes: Five years after their original goal to ship Ubuntu with Wayland, Ubuntu 17.10 transitioned to using the Wayland display system by default as part of their transition to GNOME Shell as the default desktop. But with the upcoming Ubuntu 18.04 LTS release, Canonical has decided to transition back to the X.Org Server. Their reasoning for moving to an X.Org Server by default is better support for screen sharing, remote desktop, and better recovery from crashes. But for those interested the Wayland session will still be available as a log-in option.
Transportation

Tesla Owner Attempts Autopilot Defense During DUI Stop (arstechnica.com) 139

It turns out driving drunk is still illegal, even with a driver-assistance system active. "On Saturday, January 13, police discovered a man in his Tesla vehicle on the San Francisco-Oakland Bay Bridge," reports Ars Technica. "The San Francisco Chronicle reports that 'the man had apparently passed out in the stopped car while stuck in the flow of busy bridge traffic at 5:30pm, according to the California Highway Patrol." From the report: When police woke the man up, he assured officers that everything was fine because the car was "on autopilot." No one was injured in the incident, and the California Highway Patrol made a snarky tweet about it. Needless to say, other Tesla owners -- and people who own competing systems like Cadillac's Super Cruise -- should not follow this guy's example. No cars on the market right now have fully driverless technology available. Autopilot, Supercruise, and other products are driver assistance products -- they're designed to operate with an attentive human driver as a backup. Driving drunk using one of these systems is just as illegal as driving drunk in a conventional car.
United States

Apple and Google Are Rerouting Their Employee Buses as Attacks Resume (mashable.com) 292

Slashdot reader sqorbit writes: Apple runs shuttle buses for it's employees in San Francisco. It seems someone who is not happy with Apple has decided to take out their anger on these buses. In an email obtained by Mashable, Apple states "Due to recent incidents of broken windows along the commute route, specifically on highway 280, we're re-routing coaches for the time being. This change in routes could mean an additional 30-45 minutes of commute time in each direction for some riders." It has been reported that at least four buses have had windows broken, some speculating that it might caused by rubber bullets.
"Around four years ago, people started attacking the shuttle buses that took Google employees to and from work, as a way of protesting the tech-company-driven gentrification taking place around San Francisco," remembers Fortune, adding "it seems to be happening again."

At least one Google bus was also attacked, according to the San Francisco Chronicle, which adds that the buses "were not marked with company logos, and the perpetrators are suspected of broadly targeting technology shuttle buses rather than a specific company."
Power

California Will Close Its Last Nuclear Power Plant (sfchronicle.com) 368

An anonymous reader quotes the San Francisco Chronicle: California's last nuclear power plant -- Diablo Canyon, whose contentious birth helped shape the modern environmental movement -- will close in 2025, state utility regulators decided Thursday. The unanimous vote by the California Public Utilities Commission will likely bring an end to nuclear energy's long history in the state. State law forbids building more nuclear plants in California until the federal government creates a long-term solution for dealing with their waste, a goal that remains elusive despite decades of effort.

The decision comes even as California expands its fight against global warming. Owned by Pacific Gas and Electric Co., Diablo Canyon is the state's largest power plant, supplying 9 percent of California's electricity while producing no greenhouse gases. "With this decision, we chart a new energy future by phasing out nuclear power here in California," said commission President Michael Picker. "We've looked hard at all the arguments, and we agree the time has come."

The Almighty Buck

Cryptocurrency Exchange Kraken Suddenly Goes Dark For Two Days (sfchronicle.com) 118

An anonymous reader quotes the San Francisco Chronicle: One of the biggest cryptocurrency exchanges was down more than 40 hours this week, causing clients to freak out... San Francisco's Kraken went offline at 9 p.m. on Wednesday for maintenance that was initially scheduled to last two hours, plus an additional two to three hours for withdrawals, according to an announcement on the company's website. "We are still working to resolve the issues that we have identified and our team is working around the clock to ensure a smooth upgrade," according to a status update on Kraken's website posted early Friday. "This means it may still take several hours before we can relaunch." Shortly after noon, the company said it was "still working to track down an elusive bug which is holding up launch." It promised customers "a substantial amount of free trading" after the problem was resolved. In previous updates, Kraken mentioned it is working on "unexpected and delicate issues" and assured clients their funds were secure, adding that "Yes, this is our new record for downtime since we launched in 2013. No, we're not proud of it."
It's 53 hours after the downtime began, and their web page is still showing the same announcement.

"Kraken is presently offline for maintenance."
Electronic Frontier Foundation

Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules (eff.org) 82

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.
Programming

C Programming Language 'Has Completed a Comeback' (infoworld.com) 243

InfoWorld reports that "the once-declining C language" has "completed a comeback" -- citing its rise to second place in the Tiobe Index of language popularity, the biggest rise of any language in 2017. An anonymous reader quotes their report: Although the language only grew 1.69 percentage points in its rating year over year in the January index, that was enough beat out runners-up Python (1.21 percent gain) and Erlang (0.98 percent gain). Just five months ago, C was at its lowest-ever rating, at 6.477 percent; this month, its rating is 11.07 percent, once again putting it in second place behind Java (14.215 percent) -- although Java dropped 3.05 percent compared to January 2017. C's revival is possibly being fueled by its popularity in manufacturing and industry, including the automotive market, Tiobe believes...

But promising languages such as Julia, Hack, Rust, and Kotlin were not able to reach the top 20 or even the top 30, Tiobe pointed out. "Becoming part of the top 10 or even the top 20 requires a large ecosystem of communities and evangelists including conferences," said Paul Jansen, Tiobe managing director and compiler of the index. "This is not something that can be developed in one year's time."

For 2017 Tiobe also reports that after Java and C, the most popular programming languages were C++, Python, C#, JavaScript, Visual Basic .Net, R, PHP, and Perl.

The rival Pypl Popularity of Programming Language index calculates that the most popular languages are Java, Python, PHP, JavaScript, C#, C++, C, R, Objective-C, and Swift.
Space

The Alien Megastructure Around Mysterious 'Tabby's Star' Is Probably Just Dust, Analysis Shows (theguardian.com) 75

An analysis by more than 200 astronomers has been published that shows the mysterious dimming of star KIC 8462852 -- nicknamed Tabby's star -- is not being produced by an alien megastructure. "The evidence points most strongly to a giant cloud of dust occasionally obscuring the star," reports The Guardian. From the report: KIC 8462852 is approximately 1,500 light years away from the Earth and hit the headlines in October 2015 when data from Nasa's Kepler space telescope showed that it was dimming by unexplainably large amounts. The star's light dropped by 20% first and then 15% making it unique. Even a large planet passing in front of the star would have blocked only about 1% of the light. For an object to block 15-20%, it would have to be approaching half the diameter of the star itself. With this realization, a few astronomers began whispering that such a signal would be the kind expected from a gigantic extraterrestrial construction orbiting in front of the star -- and the idea of the alien megastructure was born.

In the case of Tabby's star, the new observations show that it dims more at blue wavelengths than red. Thus, its light is passing through a dust cloud, not being blocked by an alien megastructure in orbit around the star. The new analysis of KIC 8462852 showing these results is to be published in The Astrophysical Journal Letters. It reinforces the conclusions reached by Huan Meng, University of Arizona, Tucson, and collaborators in October 2017. They monitored the star at multiple wavelengths using Nasa's Spitzer and Swift missions, and the Belgian AstroLAB IRIS observatory. These results were published in The Astrophysical Journal.

Bug

'Kernel Memory Leaking' Intel Processor Design Flaw Forces Linux, Windows Redesign (theregister.co.uk) 416

According to The Register, "A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug." From the report: Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in this month's Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December. Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features -- specifically, PCID -- to reduce the performance hit. Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated -- the flaw is in the Intel x86 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or buy a new processor without the design blunder. Details of the vulnerability within Intel's silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft's Patch Tuesday next week. Indeed, patches for the Linux kernel are available for all to see but comments in the source code have been redacted to obfuscate the issue. The report goes on to share some details of the flaw that have surfaced. "It is understood the bug is present in modern Intel processors produced in the past decade," reports The Register. "It allows normal user programs -- from database applications to JavaScript in web browsers -- to discern to some extent the contents of protected kernel memory. The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI."
Programming

Which Programming Languages Are Most Prone to Bugs? (i-programmer.info) 247

An anonymous reader writes: The i-Programmer site revisits one of its top stories of 2017, about researchers who used data from GitHub for a large-scale empirical investigation into static typing versus dynamic typing. The team investigated 20 programming languages, using GitHub code repositories for the top 50 projects written in each language, examing 18 years of code involving 29,000 different developers, 1.57 million commits, and 564,625 bug fixes.

The results? "The languages with the strongest positive coefficients - meaning associated with a greater number of defect fixes are C++, C, and Objective-C, also PHP and Python. On the other hand, Clojure, Haskell, Ruby and Scala all have significant negative coefficients implying that these languages are less likely than average to result in defect fixing commits."

Or, in the researcher's words, "Language design does have a significant, but modest effect on software quality. Most notably, it does appear that disallowing type confusion is modestly better than allowing it, and among functional languages static typing is also somewhat better than dynamic typing."

Stats

Slashdot's 10 Most-Visited Stories of 2017 (slashdot.org) 35

Slashdot's most-visited story of 2017 was Google Has Demonstrated a Successful Practical Attack Against SHA-1, which was visited more than 212,000 times since it was published in Feburary.

And our second- and third-most popular stories also came in February -- both just one week before.

FCC Chairman Wants It To Be Easier To Listen To Free FM Radio On Your Smartphone and IT Decisions Makers and Executives Don't Agree On Cyber Security Responsibility.

Keep reading for a complete list of Slashdot's 10 most-visited stories of 2017.
Iphone

Samsung Could Make $22 Billion Off Next Year's iPhones (cnet.com) 43

According to a report by Korean outlet ETnews (via The Investor), Apple placed an order for 180 million to 200 million OLED displays from Samsung's manufacturing branch, Samsung Display, for the next round of iPhones. Each display is estimated to cost $110, which could mean the deal is worth up to $22 billion. CNET reports: The recently released iPhone X was Apple's first phone to feature an OLED display, rather than an LCD panel. Samsung, on the other hand, has been using OLED displays in its phones for quite some time. Currently Samsung holds a near monopoly on the world's manufacturing of OLED screens. As a result, Apple had little choice but to turn to its rival for this type of screen. This isn't the first deal of its kind. Earlier this year it was reported that Apple bought 60 million OLED displays from Samsung, apparently for what would later become the iPhone X. According to the report, Apple's next order is up to four times larger than this previous order. Demand is so high that Samsung considered opening a new manufacturing plant to process Apple's order, the report said, but has been able to manufacture enough of the panels to fill Apple's order.
Bug

Ubuntu 17.10 Temporarily Pulled Due To A BIOS Corrupting Problem (phoronix.com) 167

An anonymous reader writes: Canonical has temporarily pulled the download links for Ubuntu 17.10 "Artful Aardvark" from the Ubuntu website due to ongoing reports of some laptops finding their BIOS corrupted after installing this latest Ubuntu release. The issue is appearing most frequently with Lenovo laptops but there are also reports of issues with other laptop vendors as well. This issue appears to stem from the Intel SPI driver in the 17.10's Linux 4.13 kernel corrupting the BIOS for a select number of laptop motherboards. Canonical is aware of this issue and is planning to disable the Intel SPI drivers in their kernel builds. Canonical's hardware enablement team has already verified this works around the problem, but doesn't provide any benefit if your BIOS is already corrupted.
Star Wars Prequels

Ajit Pai Taunts Net Neutrality Critics. Mark Hamill Taunts Ajit Pai (mashable.com) 346

An anonymous reader writes: Just days before voting to repeal net neutrality regulations, FCC chairman Ajit Pai introduced a comedy video at the annual gathering of the Federal Communications Bar Association -- and it offered its own self-disparaging version of Pai's tenure as a Verizon attorney in 2003. "We want to brainwash and groom a Verizon puppet to install as FCC chairman," says a real-world Verizon executive appearing in the videotaped skit. "That sounds awesome," Pai responds.

And the day of the vote Pai also appeared in another trying-to-be-funny video on the conservative site The Daily Caller demonstrating "seven things you can still do on the internet after net neutrality." In the first image he's holding a fidget spinner and dressed as Santa Claus, and the unmistakably patronizing video reminds critics that they can still upload photos of their meals to Instagram and "post photos of cute animals, like puppies." He also demonstrated that net neutrality critics can still stay part of their favorite fan communities -- by showing himself holding a light saber. And this unexpectedly drew the wrath of Star Wars actor Mark Hamill, who responded on Twitter by calling him "Ajit 'Aren't I Precious?' Pai."

Hamill also added that "you are profoundly unworthy 2 wield a lightsaber. A Jedi acts selflessly for the common man, NOT lie 2 enrich giant corporations." When U.S. Senator Ted Cruz responded -- likening government overreach to Darth Vader and urging Hamill to "reject the dark side" -- Hamill responded again, complaining that the Senator was "smarm-splaining." Hamill also added, "you'd have more credibility if you spelled my name correctly. I mean IT'S RIGHT THERE IN FRONT OF YOU! Maybe you're just distracted from watching porn at the office again."

The Houston Chronicle reports that the newest meme on Twitter is now Pai's over-sized coffee mug stamped with the logo for Reese's Peanut Butter cups, "which he occasionally sipped from during the widely-criticized reversal." The Dangerous Minds site notes that some angry net neutrality supporters have even taken their complaints to Reese's Facebook page, adding "Perhaps these protester's pleas to the candy company are simply a misguided hope that someone, ANYONE will listen to their frustration."

"Clearly, the FCC wasn't listening to the estimated 83% of Americans who support net neutrality."
Crime

Stolen Car Recovered With 11,000 More Miles -- and Lyft Stickers (sfgate.com) 119

The San Francisco Bay Area has more car thefts than any region in America, according to SFGate.com. A National Insurance Crime Bureau report found that between 2012 and 2014, there were an average of 30,000 car thefts a year just in the cities of San Francisco, Oakland and Hayward. But one theft took a strange turn. An anonymous reader quotes their report: Cierra and Josh Barton purchased a new Honda HR-V at the beginning of summer. It was stolen while parked in front of their Livermore apartment complex at the end of August. Four months later, Hayward police called the Bartons to say they had recovered the vehicle... What they found, to their surprise, was a car in relatively good shape -- a few dents, a rattling hood. But in the back and front windows were Lyft stickers, Cierra Barton said.

The odometer had spiked from 2,000 miles to more than 13,000. And in the back seat, Cierra said she found a pillow, a jacket and a stuffed animal. "It wasn't burned out, it wasn't gutted, but it appeared to be have been used as a Lyft," she said. That, Cierra added, was even worse than she imagined. "Not only did someone steal our car, they made money off it!"

Lyft says that "Given the information provided, we are unable to match this vehicle to any Lyft accounts in the area," adding they "stand ready to assist law enforcement in any investigation."
AMD

AMD Is Open-Sourcing Their Official Vulkan Linux Driver (phoronix.com) 75

An anonymous reader writes: While many of you have likely heard of the "RADV" open-source Vulkan driver, it's been a community-written driver up to this point in the absence of AMD's official, cross-platform Vulkan driver being open-source. That's now changed with AMD now open-sourcing their official Vulkan driver. The code drop is imminent and they are encouraging the use of it for quick support of new AMD hardware, access to the Radeon GPU Profiler, easy integration of AMD Vulkan extensions, and enabling third-party extensions. For now at least it does provide better Vulkan performance than RADV but the RADV developers have indicated they plan to continue development of their Mesa-based Vulkan driver.
Python

Did Programming Language Flaws Create Insecure Apps? (bleepingcomputer.com) 100

Several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks, according to research presented at the Black Hat Europe 2017 security conference. An anonymous reader writes: The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi, who says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.

Windows

Lead Developer of Popular Windows Application Classic Shell Is Quitting 97

WheezyJoe writes: Classic Shell is a free Windows application that for years has replaced Microsoft's Start Screen or Start Menu with a highly configurable, more familiar non-tile Start menu. Yesterday, the lead developer released what he said would be the last version of Classic Shell. Citing other interests and the frequency at which Microsoft releases updates to Windows 10, as well as lagging support for the Win32 programming model, the developer says that he won't work on the program anymore. The application's source code is available on SourceForge, so there is a chance others may come and fork the code to continue development. There are several alternatives available, some pay and some free (like Start10 and Start Is Back++), but Classic Shell has an exceptionally broad range of tweaks and customizability.
Encryption

PHP Now Supports Argon2 Next-Generation Password Hashing Algorithm (bleepingcomputer.com) 94

An anonymous reader quotes Bleeping Computer: PHP got a whole lot more secure this week with the release of the 7.2 branch, a version that improves and modernizes the language's support for cryptography and password hashing algorithms.

Of all changes, the most significant is, by far, the support for Argon2, a password hashing algorithm developed in the early 2010s. Back in 2015, Argon2 beat 23 other algorithms to win the Password Hashing Competition, and is now in the midst of becoming a universally recognized Internet standard at the Internet Engineering Task Force (IETF), the reward for winning the contest. The algorithm is currently considered to be superior to Bcrypt, today's most widely used password hashing function, in terms of both security and cost-effectiveness, and is also slated to become a favorite among cryptocurrencies, as it can also handle proof-of-work operations.

The other major change in PHP 7.2 was the removal of the old Mcrypt cryptographic library from the PHP core and the addition of Libsodium, a more modern alternative.

Slashdot Top Deals