Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Will You Be Able To Run a Modern Desktop Environment In 2016 Without Systemd? 84

New submitter yeupou writes: Early this year, David Edmundson from KDE, concluded that "In many cases [systemd] allows us to throw away large amounts of code whilst at the same time providing a better user experience. Adding it [systemd] as an optional extra defeats the main benefit". A perfectly sensible explanation. But, then, one might wonder to which point KDE would remain usable without systemd?

Recently, on one Devuan box, I noticed that KDE power management (Powerdevil) no longer supported suspend and hibernate. Since pm-utils was still there, for a while, I resorted to call pm-suspend directly, hoping it would get fixed at some point. But it did not. So I wrote a report myself. I was not expecting much. But neither was I expecting it to be immediately marked as RESOLVED and DOWNSTREAM, with a comment accusing the "Debian fork" I'm using to "ripe out" systemd without "coming with any of the supported solutions Plasma provides". I searched beforehand about the issue so I knew that the problem also occurred on some other Debian-based systems and that the bug seemed entirely tied to upower, an upstream software used by Powerdevil. So if anything, at least this bug should have been marked as UPSTREAM.

While no one dares (yet) to claim to write software only for systemd based operating system, it is obvious that it is now getting quite hard to get support otherwise. At the same time, bricks that worked for years without now just get ruined, since, as pointed out by Edmunson, adding systemd as "optional extra defeats its main benefit". So, is it likely that we'll still have in 2016 a modern desktop environment, without recent regressions, running without systemd?
The Military

KGB Software Almost Triggered War In 1983 ( 109

An anonymous reader writes: Who here remembers WarGames? As it turns out, the film was a lot closer to reality than we knew. Newly-released documents show that the Soviet Union's KGB developed software to predict sneak attacks from the U.S. and other nations in the early 1980s. During a NATO wargame in November, 1983, that software met all conditions necessary to forecast the beginning of a nuclear war. "Many of these procedures and tactics were things the Soviets had never seen, and the whole exercise came after a series of feints by U.S. and NATO forces to size up Soviet defenses and the downing of Korean Air Lines Flight 007 on September 1, 1983. So as Soviet leaders monitored the exercise and considered the current climate, they put one and one together. Able Archer, according to Soviet leadership at least, must have been a cover for a genuine surprise attack planned by the U.S., then led by a president possibly insane enough to do it." Fortunately, when the military exercise ended, so did Soviet fears that an attack was imminent.

AMD's 'Crimson' Driver Software Released ( 42

An anonymous reader writes: Yesterday marked the launch of AMD's 'Crimson' driver software. It replaces the old Catalyst driver software, and represents a change in how AMD develops bug fixes, improves performance, and adds features. AnandTech took a detailed look at the new driver software. They say, "By focusing feature releases around the end of the year driver, AMD is able to cut down on what parts of the driver they change (and thereby can possibly break) at other times of the year, and try to knock out all of their feature-related bugs at once. At the same time it makes the annual driver release a significant event, as AMD releases a number of new features all at once. However on the other hand this means that AMD has few features launching any other time of the year, which can make it look like they're not heavily invested in feature development at those points." On a more positive note, the article adds, "Looking under the hood there's no single feature that's going to blow every Radeon user away at once, but overall there are a number of neat features here that should be welcomed by various user groups. ... Meanwhile AMD's radical overhaul of their control panel via the new Radeon Settings application will be quickly noticed by everyone."

Windows 10 Fall Update Uninstalls Desktop Software Without Informing Users ( 261

ourlovecanlastforeve sends this report from Martin Brinkmann of gHacks: Microsoft's Windows 10 operating system may uninstall programs — desktop programs that is — from the computer after installation of the big Fall update that the company released earlier this month. I noticed the issue on one PC that I upgraded to Windows 10 Version 1511 but not on other machines. The affected PC had Speccy, a hardware information program, installed and Windows 10 notified me after the upgrade that the software had been removed from the system because of incompatibilities. There was no indication beforehand that something like this would happen, and what made this rather puzzling was the fact that a newly downloaded copy of Speccy would install and run fine on the upgraded system. An IT Director I know had this happen with ESET antivirus as well, on multiple computers. He says fixes have been rolled out for both TH2 and the antivirus software to prevent this from happening. Other reports mention CPU-Z, AMD's Catalyst Control Center, and CPUID as software that's being automatically uninstalled.

High Level Coding Language Used To Create New POS Malware ( 90

An anonymous reader writes: A new malware framework called ModPOS is reported to pose a threat to U.S. retailers, and has some of the highest-quality coding work ever put into a ill-intentioned software of this nature. Security researchers iSight say of the ModPOS platform that it is 'much more complex than average malware'. The researchers believe that the binary output they have been studying for three years was written in a high-level language such as C, and that the software took 'a significant amount of time and resources to create and debug'.

Second Root Cert-Private Key Pair Found On Dell Computer ( 65

msm1267 writes: A second root certificate and private key, similar to eDellRoot [mentioned here yesterday], along with an expired Atheros Authenticode cert and private key used to sign Bluetooth drivers has been found on a Dell Inspiron laptop. The impact of these two certs is limited compared to the original eDellRoot cert. The related eDellRoot cert is also self-signed but has a different fingerprint than the first one. It has been found only on two dozen machines according to the results of a scan conducted by researchers at Duo Security. Dell, meanwhile, late on Monday said that it was going to remove the eDellroot certificate from all Dell systems moving forward, and for existing affected customers, it has provided permanent removal instructions (.DOCX download), and starting today will push a software update that checks for the eDellroot cert and removes it. The second certificate / key pair was found by researchers at Duo Security.

Axel Springer Goes After iOS 9 Ad Blockers In New Legal Battlle ( 210

An anonymous reader writes: Germany's Axel Springer, owner of newspapers like Bild and Die Welt, is pursuing legal action against the developers of Blockr, an ad blocker for iOS 9. Techcrunch reports: "In October, Axel Springer forced visitors to Bild to turn off their ad blockers or pay a monthly fee to continue using the site. Earlier this month, the publisher reported the success of this measure, saying that the proportion of readers using ad blockers dropped from 23% to the single digits when faced with the choice to turn off the software or pay. 'The results are beyond our expectations,' said Springer chief exec Mathias Döpfner at the time. 'Over two-thirds of the users concerned switched off their adblocker.' He also noted that the website received an additional 3 million visits from users who could now see the ads in the first two weeks of the experiment going live."

Ask Slashdot: What Single Change Would You Make To a Tech Product? 491

An anonymous reader writes: We live in an age of sorcery. The supercomputers in our pockets are capable of doing things it took armies of humans to accomplish even a hundred years ago. But let's face it: we're also complainers at heart. For every incredible, revolutionary device we use, we can find something that's obviously wrong with it. Something we'd instantly fix if we were suddenly put in charge of design. So, what's at the top of your list? Hardware, software, or service — don't hold back.

Here's an example: over the past several years, e-readers have standardized on 6-inch screens. For all the variety that exists in smartphone and tablet sizing, the e-reader market has decided it must copy the Kindle form factor or die trying. Having used an e-reader before all this happened, I found a 7-8" e-ink screen to be an amazingly better reading experience. Oh well, I'm out of luck. It's not the worst thing in the world, but I'd fix it immediately if I could.
The Gimp

20 Years of GIMP ( 348

jones_supa writes: Back in 1995, University of California students Peter Mattis and Kimball Spencer were members of the eXperimental Computing Facility, a Berkeley campus organization. In June of that year, the two hinted at their intentions to write a free graphical image manipulation program as a means of giving back to the free software community. On November 21st, 20 years ago today, Peter Mattis announced the availability of the "General Image Manipulation Program" on Usenet (later "GNU Image Manipulation Program"). Over the years, GIMP amassed a huge amount of new features designed for all kinds of users and practical applications: general image editing, retouching and color grading, digital painting, graphic design, science imaging, and so on. To celebrate the 20th anniversary, there is an update of the current stable branch of GIMP. The newly released version 2.8.16 features support for layer groups in OpenRaster files, fixes for layer groups support in PSD, various user interface improvements, OSX build system fixes, translation updates, and more.

Amazon Screenplay-Writing Software Submits Work To Amazon Studios ( 33

An anonymous reader writes: Amazon has released new screenplay-writing software aimed to help connect new writing talent to its original content production company, Amazon Studios. Storywriter contains many of the autoformatting tools familiar to users of similar software such as Final Draft and Celtx, but no other screenwriting tool can claim to actually send unknown writers' output to potentially interested producers.

Mozilla Is Removing Tab Groups and Complete Themes From Firefox ( 313

An anonymous reader writes: As part of Mozilla's "Go Faster" initiative for Firefox, the company is removing features that aren't used by many and require a lot of technical effort to continually improve. VentureBeat learned that the first two features to get the axe are tab groups and complete themes. Dave Camp, Firefox’s director of engineering, said, "Tab Groups was an experiment to help users deal with large numbers of tabs. Very few people chose to use it, so we are retiring it because the work required to maintain it is disproportionate to its popularity."

TrueCrypt Safer Than Previously Thought ( 42

An anonymous reader writes: Back in September, members of Google's Project Zero team found a pair of flaws in the TrueCrypt disk encryption software that could lead to a system compromise. Their discovery raised concerns that TrueCrypt was unsuitable for use in securing sensitive data. However, the Fraunhofer Institute went ahead with a full audit of TrueCrypt's code, and they found it to be more secure than most people think. They correctly point out that for an attacker to exploit the earlier vulnerabilities (and a couple more vulnerabilities they found themselves), the attacker would already need to have "far-reaching access to the system," with which they could do far worse things than exploit an obscure vulnerability.

The auditors say, "It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system. This is because when a TrueCrypt volume is mounted its data is generally accessible through the file system, and with repeated access one can install key loggers etc. to get hold of the key material in many situations. Only when unmounted, and no key is kept in memory, can a TrueCrypt volume really be secure." For other uses, the software "does what it's designed for," despite its code flaws. Their detailed, 77-page report (PDF) goes into further detail.


Video Meet Mårten Mickos, Serial Open Source CEO (Video) 23

Marten was the MySQL CEO who built the company from a small-time free software database developer into a worldwide software juggernaut he sold to Sun Microsystems. Next, he became CEO of Eucalyptus Systems, another open source operation, which Hewlett Packard bought in 2014. Now Mårten is CEO of hackerone, a company that hooks security-worried companies up with any one of thousands of ethical hackers worldwide.

Some of those hackers might be companies that grew out of university CS departments, and some of them may be individual high school students working from their kitchen tables. Would a large company Board of Directors trust a kid hacker who came to them with a bug he found in their software? Probably not. But if Mårten or one of his hackerone people contacts that company, it's likely to listen -- and set up a bug bounty program if they don't have one already.

Essentially, once again Mårten is working as an intermediary between technically proficient people -- who may or may not conform to sociey's idea of a successful person -- and corporate executives who need hackers' skills and services but may not know how to find non-mainstream individuals or even know the difference between "hackers" and "crackers." Editor's note: I have known and respected Mårten for many years. If this interview seems like a conversation between two old friends, it is.

Ask Slashdot: Convincing a Team To Undertake UX Enhancements On a Large Codebase? 189

unteer writes: I work at a enterprise software company that builds an ERP system for a niche industry (i.e. not Salesforce or SAP size). Our product has been continuously developed for 10 years, and incorporates code that is even older. Our userbase is constantly expanding, and many of these users expect modern conveniences like intuitive UI and documented processes. However, convincing the development teams that undertaking projects to clean up the UI or build more self-explanatory features are often met with, "It's too big an undertaking," or, "it's not worth it." Help me out: What is your advice for how to quantify and qualify improving the user experience of an aging, fairly large,but also fairly niche, ERP product?

Docker Turns To Minecraft For Server Ops ( 93

dmleonard618 writes: A new GitHub project is allowing software teams to construct software like Legos. DockerCraft is a Minecraft mod that lets administrators handle and deploy servers within Minecraft. What makes this project really interesting is that it lets you navigate through server stacks in a 3D space. "In today's world, we wanted to focus more on building. Minecraft has emerged as the sandbox game of the decade, so we chose to use that as our visual interface to Docker," Docker wrote in a blog.

NASA Selects Universities To Develop Humanoid Robot Astronauts ( 21

MarkWhittington writes: NASA announced that it is sending copies of its R5 Valkyrie humanoid robot to two universities for software upgrades and other research and development. The effort is part of a continuing project to develop cybernetic astronauts that will assist human astronauts in exploring other worlds. The idea is that robot astronauts would initially scout potentially hazardous environments, say on Mars, and then actively collaborate with their human counterparts in exploration. NASA is paying each university chosen $250,000 per year for two years to perform the R&D. The university researchers will have access to NASA expertise and facilities to perform the upgrades. Spoiler alert: the robots are both going to Greater Boston, to teams at MIT and Northeastern University respectively.

The War On Campus Sexual Assault Goes Digital 399 writes: According to a recent study of 27 schools, about one-quarter of female undergraduates said they had experienced nonconsensual sex or touching since entering college, but most of the students said they did not report it to school officials or support services. Now Natasha Singer reports at the NYT that in an effort to give students additional options — and to provide schools with more concrete data — a nonprofit software start-up in San Francisco called Sexual Health Innovations has developed an online reporting system for campus sexual violence. One of the most interesting features of Callisto is a matching system — in which a student can ask the site to store information about an assault in escrow and forward it to the school only if someone else reports another attack identifying the same assailant. The point is not just to discover possible repeat offenders. In college communities, where many survivors of sexual assault know their assailants, the idea of the information escrow is to reduce students' fears that the first person to make an accusation could face undue repercussions.

"It's this last option that makes Callisto unique," writes Olga Khazan. "Most rapes are committed by repeat offenders, yet most victims know their attackers. Some victims are reluctant to report assaults because they aren't sure whether a crime occurred, or they write it off as a one-time incident. Knowing about other victims might be the final straw that puts an end to their hesitation—or their benefit of the doubt. Callisto's creators claim that if they could stop perpetrators after their second victim, 60 percent of campus rapes could be prevented." This kind of system is based partly on a Michigan Law Review article about "information escrows," or systems that allow for the transmitting of sensitive information in ways that reduce "first-mover disadvantage" also known to economists as the "hungry penguin problem". As game theorist Michael Chwe points out, the fact that each person creates her report independently makes it less likely they'll later be accused of submitting copycat reports, if there are similarities between the incidents.

Carnegie Mellon Denies FBI Paid For Tor-Breaking Research ( 79

New submitter webdesignerdudes writes with news that Carnegie Mellon University now implies it may have been subpoenaed to give up its anonymity-stripping technique, and that it was not paid $1 million by the FBI for doing so. Wired reports: "In a terse statement Wednesday, Carnegie Mellon wrote that its Software Engineering Institute hadn’t received any direct payment for its Tor research from the FBI or any other government funder. But it instead implied that the research may have been accessed by law enforcement through the use of a subpoena. 'In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed,' the statement reads. 'The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.'"

Microsoft Open-Sources Visual Studio Code ( 158

An anonymous reader writes: Microsoft today unleashed a torrent of news at its Connect(); 2015 developer event in New York City. The company open-sourced code editing software Visual Studio Code, launched a free Visual Studio Dev Essentials program, pushed out .NET Core 5 and ASP.NET 5 release candidates, unveiled Visual Studio cloud subscriptions, debuted the Visual Studio Marketplace, and a lot more. The source for Visual Studio Code is available at GitHub under the MIT license. They've also released an extension (preview) for Visual Studio that facilitates code debugging on Linux.