posted 3 days ago on slashdot
Slashdot reader mschaffer writes:It appears that Jim Zemlin, President of the Linux Foundation, was using MacOS while declaring "2017 is officially the year of the Linux desktop!" at the Open Source Summit 2017. This was observed by several YouTube channels: Switched to Linux and The Lunduke Show. Finally it was reported by It's FOSS. if, indeed, this is the year of desktop Linux, why oh why cannot people like Zemlin present a simple slide presentation -- let alone actually use a Linux distro for work. A security developer at Google has now "spotted Jim Zemlin using Apple's macOS twice in last four years," according to the article, which complains the Foundation's admirable efforts on cloud/container technology has them neglecting Linux on the desktop. Ironically, in March Zemlin told a cloud conference that organizations that "don't harvest the shared innovation" of open source "will fail."

Read More...
posted 3 days ago on slashdot
An anonymous reader quotes the Verge: Essential's debut smartphone has received approval to run on Verizon, meaning it's now supported by all four major US carriers. Sprint was the device's launch partner, so it of course had support, and both AT&T and T-Mobile gave tacit support ahead of the phone's launch. But Verizon, for some reason, said it couldn't guarantee that the Essential Phone would work and that the phone still had to clear a certification process. Evidently it's now done that, with Essential tweeting out this morning that the phone is now compatible with Verizon.

Read More...
posted 3 days ago on slashdot
schwit1 shares a story from the AP: Tourists heading to central Idaho will be in the dark if local officials get their way. The first International Dark Sky Reserve in the United States would fill a chunk of the state's sparsely populated region that contains night skies so pristine that interstellar dust clouds are visible in the Milky Way... Supporters say excess artificial light causes sleeping problems for people and disrupts nocturnal wildlife and that a dark sky can solve those problems, boost home values and draw tourists. Opposition to dark sky measures elsewhere in the U.S. have come from the outdoor advertising industry and those against additional government regulations. Researchers say 80 percent of North Americans live in areas where light pollution blots out the night sky. Central Idaho contains one of the few places in the contiguous United States large enough and dark enough to attain reserve status, Barentine said. Only 11 such reserves exist in the world... The proposed Idaho reserve is mainly land managed by the U.S. Forest Service and contains the wilderness of the Sawtooth National Recreation Area... Leaders in the cities of Ketchum and Sun Valley, the tiny mountain town of Stanley, other local and federal officials, and a conservation group have been working for several years to apply this fall to designate 1,400 square miles (3,600 square kilometers) as a reserve. A final decision by the association would come about 10 weeks after the application is submitted.

Read More...
posted 3 days ago on slashdot
Remember those two ex-Googlers who started a company to replace mom-and-pop corner stores with automated vending kiosks? An anonymous reader writes: The company's CEO has now "apologized in the face of mounting outrage," according to CNN. CEO Paul McDonald had shared a vision with Fast Company of a world where centralized shopping locations "won't be necessary" because there'll be a tiny automated one every 100 feet. Within hours McDonald was writing a new apologetic essay insisting he's not trying to replace corner stores, which carry more items and include a human staff who "offer an integral human connection to their patrons that our automated storefronts never will." In fact, he added that "Rather than take away jobs, we hope Bodega will help create them. We see a future where anyone can own and operate a Bodega -- delivering relevant items and a great retail experience to places no corner store would ever open." Promising to review criticism, he added his hope was to "bring a useful, new retail experience to places where commerce currently doesn't exist." Bodega's CEO sees it as a way to beat Amazon by offering immediate access to popular products, and TechCrunch reports the company has already raised $2.5 million, while Fast Company notes "angel" investments from executives at Facebook, Twitter, Google, and Dropbox. The company has already begun testing 30 Bodega boxes over the last ten months, and unveiled 50 more boxes last week, with hopes to have over 1,000 by the end of next year.

Read More...
posted 3 days ago on slashdot
A vaccine against tooth decay "is urgently needed" writes Nature -- and a team of Chinese scientists is getting close. hackingbear writes: Scientists at Wuhan Institute of Virology, Chinese Academy of Sciences developed low side effects and high protective efficiency using flagellin-rPAc fusion protein KFD2-rPAc, a promising vaccine candidate. In rat challenge models, KFD2-rPAc induces a robust rPAc-specific IgA response, and confers efficient prophylactic and therapeutic efficiency as does KF-rPAc, while the flagellin-specific inflammatory antibody responses are highly reduced.

Read More...
posted 3 days ago on slashdot
Slashdot reader whh3 brings surprising news from the Wall Street Journal. "Trump administration officials said Saturday the U.S. wouldn't pull out of the Paris Agreement, offering to re-engage in the international deal to fight climate change, according to multiple officials at a global warming summit." Today an anonymous reader writes: Even an official White House statement in response to the article insisted only that the U.S. would withdraw "unless we can re-enter on terms that are more favorable to our country." On Sunday White House National Security Adviser H.R. McMaster "said President Donald Trump could decide to keep the U.S. in the Paris Climate Accord if there is a better agreement that benefits the American people," according to ABC News, while CNBC reports that Secretary of State Rex Tillerson also "said the United States could remain in the Paris climate accord under the right conditions. 'The president said he is open to finding those conditions where we can remain engaged with others on what we all agree is still a challenging issue.'"

Read More...
posted 3 days ago on slashdot
Mark Wilson quote BetaNews: While many people welcomed the arrival of Windows Subsystem for Linux (WSL) in Windows 10, it has been found to be a potential security issue. A new technique known as a Bashware has been discovered by security researchers that makes it possible for malware to use the Linux shell to bypass security software. While administrator access is needed to execute a Bashware attack, this is fairly easily obtained, and the technique can be used to disguise malicious operations from antivirus software and other security tools. Researchers from Check Point Research point out that the danger stems from the fact that "existing security solutions are still not adapted to monitor processes of Linux executables running on Windows."

Read More...
posted 3 days ago on slashdot
IBM has open sourced a "high performance, scalable virtual machine" with "a great pedigree... [it's] at the core of many IBM enterprise software products." Slashdot reader dxb1230 writes: IBM has open sourced their JDK/JVM implementation named J9 as OpenJ9. The community now has an alternative implementation of Java which has been well tested on enterprise workloads and hardware. This unlike, OpenJDK, has all the bells and whistles like jit.

Read More...
posted 3 days ago on slashdot
An anonymous reader writes: I'm interested in creating really good open source software. However, unless programmers have an incentive to work on their projects for long periods, many projects are be abandoned. There's many business models surrounding free/libre open source software: support (pay for help, or additional features), premium (pay for more advanced software), hosting (pay for using the software on someone else's servers), donation (two versions of the same app, pay because you want to be nice to the developers), etc. Not all of those business models align the interests of the developer and the customer/user in the same way: support-based models for example, benefit developers who introduce certain mistakes or delay introducing features. (In the short term. In the long run, it opens a door for competitors...) Which of those align the interests of both? The original submission also asks if any of these models are "morally questionable" -- and if there's other business models that have proven successful for open source software. Leave your best thoughts in the comments. What's the best business model for an open source developer?

Read More...
posted 3 days ago on slashdot
Long-time Slashdot reader Zorro quotes the San Diego Union-Tribune: To many Americans, large technology firms embody much of what's good about the modern world. Franklin Foer has a different perspective. In his new book, "World Without Mind," the veteran journalist lays out a more ominous view of where Big Tech would like to take us -- in many ways, already has taken us... These firms have a program: to make the world less private, less individual, less creative, less human... Big Tech has imposed its will on the resident population with neither our input nor our permission. The reviewer summarizes the book's argument as "Once hooked, consumers are robbed of choice, milked for profit, deprived of privacy and made the subjects of stealth social engineering experiments." Interestingly, Foer was fired from The New Republic in 2014 by its new publisher -- Facebook co-founder Chris Hughes -- and Foer's new book includes strong criticism of the way companies are assembling detailed profiles on their users. "They have built their empires by pulverizing privacy; they will further ensconce themselves by pushing boundaries, by taking even more invasive steps that build toward an even more complete portrait of us."

Read More...
posted 3 days ago on slashdot
Adobe's VP of Mobile (and a former intellectual property lawyer) sees "a very possible future where Microsoft doesn't merely accept a peaceful coexistence with Linux, but instead enthusiastically embraces it as a key to its future," noting Microsoft's many Linux kernel developers and arguing it's already innovating around Linux -- especially in the cloud. An anonymous reader quotes InfoWorld: Even seemingly pedestrian work -- like making Docker containers work for Windows, not merely Linux -- is a big deal for enterprises that don't want open source politics infesting their IT. Or how about Hyper-V containers, which marry the high density of containers to the isolation of traditional VMs? That's a really big deal... Microsoft has started hiring Linux kernel developers like Matthew Wilcox, Paul Shilovsky, and (in mid-2016) Stephen Hemminger... Microsoft now employs 12 Linux kernel contributors. As for what these engineers are doing, Linux kernel maintainer Greg Kroah-Hartman says, "Microsoft now has developers contributing to various core areas of the kernel (memory management, core data structures, networking infrastructure), the CIFS filesystem, and of course many contributions to make Linux work better on its Hyper-V systems." In sum, the Linux Foundation's Jim Zemlin declares, "It is accurate to say they are a core contributor," with the likelihood that Hemminger's and others' contributions will move Microsoft out of the kernel contribution basement into the upper echelons. The article concludes that "Pigs, in other words, do fly. Microsoft, while maintaining its commitment to Windows, has made the necessary steps to not merely run on Linux but to help shape the future of Linux."

Read More...
posted 3 days ago on slashdot
An anonymous reader quotes BleepingComputer: The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI -- Python Package Index -- the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages -- e.g.: "urlib" instead of "urllib." The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online. Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts. "These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code," NBU explained. Experts say the malicious code only collected information on infected hosts, such as name and version of the fake package, the username of the user who installed the package, and the user's computer hostname. Collected data, which looked like "Y:urllib-1.21.1 admin testmachine", was uploaded to a Chinese IP address. NBU officials contacted PyPI administrators last week who removed the packages before officials published a security advisory on Saturday." The advisory lays some of the blame on Python's 'pip' tool, which executes arbitrary code during installations without requiring a cryptographic signature. Ars Technica also reports that another team of researchers "was able to seed PyPI with more than 20 libraries that are part of the Python standard library," and that group now reports they've already received more than 7,400 pingbacks.

Read More...
posted 3 days ago on slashdot
turkeydance shares a story from ZeroHedge: Category 1 storm clouds are gathering over what has traditionally been one of the most lucrative, and perhaps only profitable, sectors to come out of Silicon Valley in decades: online advertising. Two months ago, it was P&G which fired the first shot across the "adtech" bow when not long after it announced it was slashing its digital ad spending because it thought it was not getting the kind of return on investment it desired, it made a striking discovery: "We didn't see a reduction in the growth rate." CFO Jon Moeller said "What that tells me is that that spending that we cut was largely ineffective"... So fast forward to last week, when during Thursday's Global Retailing Conference organized by Goldman Sachs, Restoration Hardware delightfully colorful CEO, Gary Friedman, divulged the following striking anecdote about the company's online marketing strategy, and the state of online ad spending in general... What Friedman revealed - in brief - was the following: "we've found out that 98% of our business was coming from 22 words. So, wait, we're buying 3,200 words and 98% of the business is coming from 22 words. What are the 22 words? And they said, well, it's the word Restoration Hardware and the 21 ways to spell it wrong, okay?" Stated simply, the vast, vast majority of online ad spending is wasted, chasing clicks that simply are not there....One wonders how long before all retailers - most of whom are notoriously strapped for revenues and profits courtesy of Amazon - and other "power users" of online advertising, do a similar back of the envelope analysis, and find that they, like RH, are getting a bang for only 2% of their buck?

Read More...
posted 4 days ago on slashdot
Ars Technica's health reporter argues that a new study suggesting sitting will kill you "is kind of a raging dumpster fire. It's funded by Big Soda and riddled with weaknesses -- including not measuring sitting." An anonymous reader quotes this report: Let's start with the money: It was funded in part by Coca-Cola... [I]t's hard to look past the fact that this is exactly the type of health and nutrition research Coke wants. In fact, Coca-Cola secretly spent $1.5 million to fund an entire network of academic researchers whose goal was to shift the national health conversation away from the harms of sugary beverages. Instead, their research focused on the benefits of exercise -- i.e., the health risks of sedentary and inactive lifestyles. The research network disbanded after The New York Times published an investigation on the network's funding in 2015... It didn't actually measure sitting... In their words, "Our study has several limitations. First, the Actical accelerometer cannot distinguish between postures (such as sitting vs. standing); thus, we relied on an intensity-only definition of sedentary behavior." The "intensity-only" definition of sedentary behavior is based on metabolic equivalents, basically units defined by how much oxygen a person uses up doing various activities. But those definitions are also not cut and dried. There are no clear lines between lying down, sitting, standing in place, or light movement... Then there's the participant data: It's not representative -- like, at all... At the time of wearing the accelerometer, the most active group's mean age was 65. The mean age of the least active group: 75. Groups were assigned based on just a week's worth of data -- or less. And the people placed in the least-active group were already more likely to be smokers, to have diabetes and hypertension, and to have a history of coronary heart disease and stroke.

Read More...
posted 4 days ago on slashdot
Slashdot reader eatvegetables writes: The U.S. National Security Agency launched Codebreaker Challenge 2017 Friday night (Sept 15) at 9 p.m. EST. It started off as a reverse-engineering challenge a few years ago but has grown in scope to include network analysis, reverse-engineering, and vulnerability discovery/exploitation. This year's challenge story centers around hackers attacking critical "supervisory control and data acquisition" (SCADA) infrastructure. Your mission, should you choose to accept it, is to figure out how the SCADA network is being attacked, find the attack vector(s), and stop the bad guy(s)/gal(s)/other(s). Codebreaker-Challenge is unusual for capture-the-flag(ish) contests due to the scope/number of challenges and how long the contest runs (now until end of year). Also (this year, at least), the challenge is built around a less than well-known networking protocol, MQTT. It's open to anyone with a school.edu email address. A site leader-board shows which school/University has the most l33t students. Carnegie Mellon and Georgia Institute of Tech are at the top of the leader-board as of Saturday morning. Last year, 3,300 students (from 481 schools) participated, with 15 completing all six tasks. One Carnegie Mellon student finished in less than 18 hours. A resources page offers "information on reverse engineering," and the NSA says the first 50 students who complete all the tasks ths year will receive a "small token" of appreciation from the agency.

Read More...
posted 4 days ago on slashdot
An anonymous reader quote TechCrunch: Matt Mullenweg, the co-founder of the popular open source web publishing software WordPress, has said the community will be pulling away from using Facebook's React JavaScript library over concerns about a patent clause in Facebook's open source license. In a blog post explaining the decision yesterday, Mullenweg said he had hoped to officially adopt React for WordPress -- noting that Automattic, the company behind WordPress.com which he also founded, had already used React for the Calypso ground-up rewrite of WordPress.com a few years ago, while the WordPress community had started using it for its major Gutenberg core project. But he said he has changed his mind after seeing Facebook dig in behind the patent clause -- which was recently added to the Apache Software Foundation's list of disallowed licenses... [H]e writes that he cannot, in good conscience, require users of the very widely used open source WordPress software to inherit the patent clause and associated legal risk. So he's made the decision to ditch React. Facebook can revoke their license if a React user challenges Facebook's patents.

Read More...
posted 4 days ago on slashdot
An anonymous reader quotes CNN: Special counsel Robert Mueller and his team are now in possession of Russian-linked ads run on Facebook during the presidential election, after they obtained a search warrant for the information. Facebook gave Mueller and his team copies of ads and related information it discovered on its site linked to a Russian troll farm, as well as detailed information about the accounts that bought the ads and the way the ads were targeted at American Facebook users, a source with knowledge of the matter told CNN. The disclosure, first reported by the Wall Street Journal, may give Mueller's office a fuller picture of who was behind the ad buys and how the ads may have influenced voter sentiment during the 2016 election... As CNN reported Thursday, Facebook is still not sure whether pro-Kremlin groups may have made other ad buys intended to influence American politics that it simply hasn't discovered yet. It is even possible that unidentified ad buys may still exist on the social media network today.

Read More...
posted 4 days ago on slashdot
An anonymous reader writes: "The 27th First Annual Ig Nobel Prize Ceremony" happened Thursday at Harvard's Sanders theatre, recognizing real (but unusual) research papers from all over the world "that make people laugh, then think." This year's prize in the physics category went to Marc-Antoine Fardin, who used fluid dynamics to probe the question "Can a cat be both a solid and a liquid?" Six prize-winning Swiss researchers also demonstrated that regular playing of a didgeridoo is an effective treatment for obstructive sleep apnoea and snoring, while two Australians tested how contact with a live crocodile affects a person's willingness to gamble. And five French researchers won the medicine prize for their use of advanced brain-scanning technology to investigate "the neural basis of disugst for cheese." You can watch the ceremony online -- and Reuters got an interesting quote from the editor of the Annals of Improbable Research, who founded the awards ceremony 27 years ago. "We hope that this will get people back into the habits they probably had when they were kids of paying attention to odd things and holding out for a moment and deciding whether they are good or bad only after they have a chance to think."

Read More...
posted 4 days ago on slashdot
An anonymous reader writes: Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF — Internet Engineering Task Force — seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site's security policies. The file is akin to robots.txt, a standard used by websites to communicate and define policies for web and search engine crawlers... For example, if a security researcher finds a security vulnerability on a website, he can access the site's security.txt file for information on how to contact the company and securely report the issue. According to the current security.txt IETF draft, website owners would be able to create security.txt files that look like this: #This is a comment Contact: [email protected] Contact: +1-201-555-0123 Contact: https://example.com/security Encryption: https://example.com/pgp-key.tx... Acknowledgement: https://example.com/acknowledg... Disclosure: Full

Read More...
posted 4 days ago on slashdot
Mark Wilson writes: When it comes to the Pirate Bay, it's usually movie studios, music producers and software creators that get annoyed with the site — you know, copyright and all that. But in an interesting twist it is now users who find themselves irked by and disappointed in the most famous torrent site in the world. So what's happened? Out of the blue, the Pirate Bay has added a Javascript-powered Bitcoin miner to the site. Nestling in the code of the site is an embedded cryptocurrency miner from Coinhive. Users who have noticed an increase in resource usage on their computers as a result of this are not happy. TorrentFreak reports the miner is being tested for about 24 hours -- as a possible way to earn enough revenue to remove advertising from the site.

Read More...
posted 4 days ago on slashdot
An anonymous reader quotes the New York Post: As the staggering national student loan debt tally sits at an all-time high of $1.33 trillion, according to the Department of Education, many millennials say they would go to extreme lengths to wipe their slate clean. According to a new survey from Credible, a personal finance website, 50 percent of all respondents (ages 18-34) said they would give up their right to vote during the next two presidential elections in order to never have to make another loan payment again. Yet only 44% said they'd be willing to give up Uber and Lyft -- and only 13% said they'd be willing to give up texting.

Read More...
posted 4 days ago on slashdot
Mark.JUK writes: Researchers at Brunel University in London have begun to develop a new 10 Gbps home wireless network using both Li-Fi (light fidelity) and 5G based mmWave technology, which will fit inside LED (light-emitting diode) light bulbs on your ceiling. In simple terms, the Visible Light Communication (VLC) based Li-Fi technology works by flicking a LED light off and on thousands of times a second (by altering the length of the flickers you can introduce digital communications). The article says it'd be more energy efficient (and faster) than a standard Wi-Fi network -- though both technologies have trouble penetrating walls, so "you'd have to buy lots of pricey new bulbs in order to cover your home..." "It's probably not something that an ordinary home owner would want to install; unless you're happy with running lots of optical fibre cable around your various light fittings."

Read More...
posted 4 days ago on slashdot
phalse phace quotes MarketWatch: Following on the heels of a story that revealed that Equifax hired a music major with no education related to technology or security as its Chief Security Officer, Equifax announced on Friday afternoon that Chief Security Officer Susan Mauldin has quit the company along with Chief Information Officer David Webb. Chief Information Officer David Webb and Chief Security Officer Susan Mauldin retired immediately, Equifax said in a news release that did not mention either of those executives by name. Mark Rohrwasser, who had been leading Equifax's international information-technology operations since 2016, will replace Webb and Russ Ayres, a member of Equifax's IT operation, will replace Mauldin. The company revealed Thursday that the attackers exploited Apache Struts bug CVE-2017-5638 -- "identified and disclosed by U.S. CERT in early March 2017" -- and that they believed the unauthorized access happened from May 13 through July 30, 2017. Thus, MarketWatch reports, Equifax "admitted that the security hole that attackers used was known in March, about two months before the company believes the breach began." And even then, Equifax didn't notice (and remove the affected web applications) until July 30.

Read More...
posted 4 days ago on slashdot
schwit1 shares a report from The Guardian: Millions of people are eating the wrong sorts of food for good health. Eating a diet that is low in whole grains, fruit, nuts and seeds and fish oils and high in salt raises the risk of an early death, according to the huge and ongoing study Global Burden of Disease. The study, based at the Institute of Health Metrics and Evaluation at the University of Washington, compiles data from every country in the world and makes informed estimates where there are gaps. Five papers on life expectancy and the causes and risk factors of death and ill health have been published by the Lancet medical journal. Diet is the second highest risk factor for early death after smoking. Other high risks are high blood glucose which can lead to diabetes, high blood pressure, high body mass index (BMI) which is a measure of obesity, and high total cholesterol. All of these can be related to eating the wrong foods, although there are also other causes.

Read More...
posted 4 days ago on slashdot
A new report by eMarketer predicts that 22.2 million U.S. adults will have cut the cord on cable, satellite or telco TV service by the end of 2017, which is up 33% over 2016. It also notes that ad investment will expand just 0.5% to $71.65 billion this year, down from the $72.72 billion predicted in the company's original first quarter forecast for 2017. From a report via DSLReports: This year, there will be 22.2 million cord-cutters ages 18 and older, a figure up 33.2% over 2016. That's notably higher than the 15.4 million eMarketer previously estimated. The total number of U.S. adult cord-nevers (users that have never signed up for a traditional cable TV connection) will grow 5.8% this year to 34.4 million. Note that eMarketer's numbers don't include streaming options from the likes of Dish (Sling TV) or AT&T (DirecTV Now), though so far gains in subscribers for these services haven't offset the decline in traditional cable TV subscribers anyway.

Read More...