Forgot your password?
typodupeerror

Become a fan of Slashdot on Facebook

Bug

Bug Bounties Don't Help If Bugs Never Run Out 129

Posted by Soulskill
from the trying-to-bail-the-ocean dept.
Bennett Haselton writes: "I was an early advocate of companies offering cash prizes to researchers who found security holes in their products, so that the vulnerabilities can be fixed before the bad guys exploited them. I still believe that prize programs can make a product safer under certain conditions. But I had naively overlooked that under an alternate set of assumptions, you might find that not only do cash prizes not make the product any safer, but that nothing makes the product any safer — you might as well not bother fixing certain security holes at all, whether they were found through a prize program or not." Read on for the rest of Bennett's thoughts.
The Courts

Oracle Deflects Blame For Troubled Oregon Health Care Site 133

Posted by samzenpus
from the who's-to-blame dept.
itwbennett (1594911) writes "Oracle is gearing up for a fight with officials in Oregon over its role developing an expensive health insurance exchange website that still isn't fully operational. In a letter obtained by the Oregonian newspaper this week, Oracle co-president Safra Catz said that Oregon officials have provided the public with a 'false narrative' concerning who is to blame for Cover Oregon's woes. In the letter, Catz pointed out that Oregon's decision to act as their own systems integrator on the project, using Oracle consultants on a time-and-materials basis, was 'criticized frequently by many'. And as far as Oracle is concerned, 'Cover Oregon lacked the skills, knowledge or ability to be successful as the systems integrator on an undertaking of this scope and complexity,' she added."
Linux Business

Linux Voice is a New Magazine for Linux Users — On Paper (Video) 60

Posted by Roblimo
from the there's-nothing-quite-like-the-smell-of-ink-on-paper dept.
This is an interview with Graham Morrison, who is one of four people behind the shiny-new Linux Voice magazine, which is printed on (gasp) paper. Yes, paper, even though it's 2014 and a lot of people believe the idea of publishing a physical newspaper or magazine is dead. But, Graham says, when you have a tight community (like Linux users and developers) you have an opportunity to make a successful magazine for that community. This is a crowdfunded venture, through Indiegogo, where they hoped to raise £90,000 -- but ended up with £127,603, which is approximately $214,288 as of this video's publishing date. So they have a little capital to work with. Also note: these are not publishing neophytes. All four of the main people behind Linux Voice used to work on the well-regarded Linux Format magazine. Graham says they're getting subscribers and newsstand sales at a healthy rate, so they're happily optimistic about their magazine's future. (Here's an alternate video link)
Ubuntu

Ubuntu Linux 14.04 LTS Trusty Tahr Released 167

Posted by timothy
from the what-in-tahr-nation dept.
An anonymous reader writes with this announcement: "Ubuntu Linux version 14.04 LTS (code named "Trusty Tahr") has been released and available for download. This updated version includes the Linux kernel v3.13.0-24.46, Python 3.4, Xen 4.4, Libreoffice 4.2.3, MySQL 5.6/MariaDB 5.5, Apache 2.4, PHP 5.5, improvements to AppArmor allow more fine-grained control over application, and more. The latest release of Ubuntu Server is heavily focused on supporting cloud and scale-out computing platforms such as OpenStack, Docker, and more. As part of the wider Ubuntu 14.04 release efforts the Ubuntu Touch team is proud to make the latest and greatest touch experience available to our enthusiast users and developers. You can install Ubuntu on Nexus 4 Phone (mako), Nexus 7 (2013) Tablet (flo), and Nexus 10 Tablet (manta) by following these instructions. On a hardware front, ARM multiplatform support has been added, enabling you to build a single ARM kernel image that can boot across multiple hardware platforms. Additionally, the ARM64 and Power architectures are now fully supported. See detailed release notes for more information. A quick upgrade to a newer version of Ubuntu is possible over the network."
Open Source

Apache OpenOffice Reaches 100 Million Downloads. Now What? 266

Posted by timothy
from the hundreds-of-millions-served dept.
We're thankfully long past the days when an emailed Word document was useless without a copy of Microsoft Word, and that's in large part thanks to the success of the OpenOffice family of word processors. "Family," because the OpenOffice name has been attached to several branches of a codebase that's gone through some serious evolution over the years, starting from its roots in closed-source StarOffice, acquired and open-sourced by Sun to become OpenOffice.org. The same software has led (via some hamfisted moves by Oracle after its acquisition of Sun) to the also-excellent LibreOffice. OpenOffice.org's direct descendant is Apache OpenOffice, and an anonymous reader writes with this excellent news from that project: "The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 170 Open Source projects and initiatives, announced today that Apache OpenOffice has been downloaded 100 million times. Over 100 million downloads, over 750 extensions, over 2,800 templates. But what does the community at Apache need to do to get the next 100 million?" If you want to play along, you can get the latest version of OpenOffice from SourceForge (Slashdot's corporate cousin). I wonder how many government offices -- the U.S. Federal government has long been Microsoft's biggest customer -- couldn't get along just fine with an open source word processor, even considering all the proprietary-format documents they're stuck with for now.
Programming

Code Quality: Open Source vs. Proprietary 131

Posted by Soulskill
from the put-your-money-where-your-code-is dept.
just_another_sean sends this followup to yesterday's discussion about the quality of open source code compared to proprietary code. Every year, Coverity scans large quantities of code and evaluates it for defects. They've just released their latest report, and the findings were good news for open source. From the article: "The report details the analysis of 750 million lines of open source software code through the Coverity Scan service and commercial usage of the Coverity Development Testing Platform, the largest sample size that the report has studied to date. A few key points: Open source code quality surpasses proprietary code quality in C/C++ projects. Linux continues to be a benchmark for open source quality. C/C++ developers fixed more high-impact defects. Analysis found that developers contributing to open source Java projects are not fixing as many high-impact defects as developers contributing to open source C/C++ projects."
Businesses

Survey: 56 Percent of US Developers Expect To Become Millionaires 450

Posted by Soulskill
from the you-totally-could-have-invented-flappy-birds dept.
msmoriarty writes: "According to a recent survey of 1,000 U.S.-based software developers, 56 percent expect to become millionaires in their lifetime. 66 percent also said they expect to get raises in the next year, despite the current state of the economy. Note that some of the other findings of the study (scroll to bulleted list) seem overly positive: 84 percent said they believe they are paid what they're worth, 95 percent report they feel they are 'one of the most valued employees at their organization,' and 80 percent said that 'outsourcing has been a positive factor in the quality of work at their organization.'"
Open Source

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion? 579

Posted by Soulskill
from the or-at-least-marginally-less-unsafe dept.
jammag writes: "Heartbleed has dealt a blow to the image of free and open source software. In the self-mythology of FOSS, bugs like Heartbleed aren't supposed to happen when the source code is freely available and being worked with daily. As Eric Raymond famously said, 'given enough eyeballs, all bugs are shallow.' Many users of proprietary software, tired of FOSS's continual claims of superior security, welcome the idea that Heartbleed has punctured FOSS's pretensions. But is that what has happened?"
Encryption

Snowden Used the Linux Distro Designed For Internet Anonymity 167

Posted by Soulskill
from the NSA-can't-make-heads-or-something-of-it dept.
Hugh Pickens DOT Com writes: "When Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. Now Klint Finley reports that Snowden also used The Amnesic Incognito Live System (Tails) to keep his communications out of the NSA's prying eyes. Tails is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. 'Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally,' writes Finley. 'This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources.'

The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. 'The NSA has been pressuring free software projects and developers in various ways,' the group says. But since we don't know who wrote Tails, how do we know it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. 'With Tails,' say the distro developers, 'we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal.'"
Security

OpenBSD Team Cleaning Up OpenSSL 286

Posted by timothy
from the devil-you-say dept.
First time accepted submitter Iarwain Ben-adar (2393286) writes "The OpenBSD has started a cleanup of their in-tree OpenSSL library. Improvements include removing "exploit mitigation countermeasures", fixing bugs, removal of questionable entropy additions, and many more. If you support the effort of these guys who are responsible for the venerable OpenSSH library, consider a donation to the OpenBSD Foundation. Maybe someday we'll see a 'portable' version of this new OpenSSL fork. Or not."
Encryption

First Phase of TrueCrypt Audit Turns Up No Backdoors 171

Posted by Unknown Lamer
from the only-slightly-insecure dept.
msm1267 (2804139) writes "A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase. A report on the first phase of the audit was released today (PDF) by iSEC Partners, which was contracted by the Open Crypto Audit Project (OCAP), a grassroots effort that not only conducted a successful fundraising effort to initiate the audit, but raised important questions about the integrity of the software.

The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly."
Businesses

Apple's Spotty Record of Giving Back To the Tech Industry 266

Posted by samzenpus
from the giving-back dept.
chicksdaddy (814965) writes "Given Apple's status as the world's most valuable company and its enormous cash hoard, the refusal to offer even meager support to open source and industry groups is puzzling. From the article: 'Apple bundles software from the Apache Software Foundation with its OS X operating system, but does not financially support the Apache Software Foundation (ASF) in any way. That is in contrast to Google and Microsoft, Apple's two chief competitors, which are both Platinum sponsors of ASF — signifying a contribution of $100,000 annually to the Foundation. Sponsorships range as low as $5,000 a year (Bronze), said Sally Khudairi, ASF's Director of Marketing and Public Relations. The ASF is vendor-neutral and all code contributions to the Foundation are done on an individual basis. Apple employees are frequent, individual contributors to Apache. However, their employer is not, Khudairi noted. The company has been a sponsor of ApacheCon, a for-profit conference that runs separately from the Foundation — but not in the last 10 years. "We were told they didn't have the budget," she said of efforts to get Apple's support for ApacheCon in 2004, a year in which the company reported net income of $276 million on revenue of $8.28 billion.'"
The Internet

Why the IETF Isn't Working 103

Posted by Soulskill
from the maybe-we-should-pay-these-people dept.
An anonymous reader writes "Vidya Narayanan spent seven years working on the Internet Engineering Task Force, and was nominated for the Internet Architecture Board. But she declined the nomination and left the IETF because standards bodies are not able to keep up with the rapid pace of tech development. She says, '[W]hile the pace at which standards are written hasn't changed in many years, the pace at which the real world adopts software has become orders of magnitude faster. Standards, unfortunately, have become the playground for hashing out conflicts and carrying out silo-ed agendas and as a result, have suffered a drastic degradation. ... Running code and rough consensus, the motto of the IETF, used to be realizable at some point. Nowadays, it is as though Margaret Thatcher's words, "consensus is the lack of leadership" have come to life. In the name of consensus, we debate frivolous details forever. In the name of patents, we never finish. One recent case in point is the long and painful codec battles in the WebRTC working group.'"
Businesses

Ask Slashdot: How To Start With Linux In the Workplace? 451

Posted by timothy
from the sounds-like-mint-works-for-you dept.
An anonymous reader writes "Recently my boss has asked me about the advantages of Linux as a desktop operating system and if it would be a good idea to install it instead of upgrading to Windows 7 or 8. About ten boxes here are still running Windows XP and would be too old to upgrade to any newer version of Windows. He knows that i am using Linux at work on quite outdated hardware (would have gotten a new PC but never requested new hardware — Linux Mint x64 runs quite well on it) and i always managed to get my stuff done with it. I explained to him that there are no licensing issues with Linux, there is no anti-virus software to deal with and that Linux is generally a bit more efficient on old hardware than operating systems from Microsoft. The boss seems interested." But that's not quite the end; read on for this reader's question.
Security

Heartbleed OpenSSL Vulnerability: A Technical Remediation 239

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes "Since the announcement malicious actors have been leaking software library data and using one of the several provided PoC codes to attack the massive amount of services available on the internet. One of the more complicated issues is that the OpenSSL patches were not in-line with the upstream of large Linux flavors. We have had a opportunity to review the behavior of the exploit and have come up with the following IDS signatures to be deployed for detection."
Input Devices

Princeton Students Develop Open Source Voice Control Platform For Any Device 34

Posted by Unknown Lamer
from the yell-at-your-computer-more-effectively dept.
rjmarvin (3001897) writes "Two Princeton computer science students have created an open source platform for developing voice-controlled applications that are always on. Created by Shubhro Saha and Charlie Marsh, Jasper runs on the Raspberry Pi under Raspbian, using a collection of open source libraries to make up a development platform for building voice-controlled applications. Marsh and Saha demonstrate Jasper's capability to perform Internet searches, update social media, and control music players such as Spotify. You need a few easily obtainable bits of hardware (a USB microphone, wifi dongle or ethernet, and speakers). The whole thing is powered by CMU Sphinx (which /. covered the open sourcing of back in 2000). Jasper provides Python modules (under the MIT license) for recognizing phrases and taking action, or speaking when events occur. There doesn't seem to be anything tying it to the Raspberry Pi either, so you could likely run it on an HTPC for always-on voice control of your media center.
Ubuntu

A Conversation with Ubuntu's Jono Bacon (Video) 53

Posted by Roblimo
from the the-world's-leading-death-metal-free-software-advocate dept.
You've probably heard Jono Bacon speak at a Linux or Open Source conference. Or maybe you've heard one of his podcasts or read something he's written in his job as Ubuntu's community manager or even, perhaps, read The Art of Community, which is Jono's well-regarded book about building online communities. Jono also wrote and performed the heavy metal version of Richard M. Stallman's infamous composition, The Free Software Song. An excerpt from the Jono version kicks off our interview, and the complete piece (about two minutes long) closes the video. Please note that this video is a casual talk with Jono Bacon, the person, rather than a talk with the "official" Ubuntu Jono Bacon. So please, pull up a chair, lean back, and join us. (Alternate Video Link)
Windows

Meet the Diehards Who Refuse To Move On From Windows XP 641

Posted by timothy
from the come-the-revolution dept.
Hugh Pickens DOT Com (2995471) writes "Nearly every longtime Windows user looks back on Windows XP with a certain fondness, but the party's over according to Microsoft. 'It's time to move on,' says Tom Murphy, Microsoft's director of communications for Windows. 'XP was designed for a different era.' But Ian Paul writes in PC World that many people around the world refuse to give up on XP. But why? What's so great about an operating system that was invented before the age of Dropbox and Facebook, an OS that's almost as old as the original Google search engine? Bob Appel, a retiree based in Toronto, says he uses 12 PCs in a personal Dropbox-like network—10 of which are running XP. 'I use a third-party firewall, a free virus checker, and run Housecall periodically,' says Appel. 'My Firefox browser uses Keyscrambler, HTTPS Anywhere, Ghostery, and Disconnect. I also have a VPN account (PIA) when traveling. For suspicious email attachments, I deploy private proprietary bioware (me!) to analyze before opening. All the "experts" say I am crazy. Thing is, I stopped the security updates in XP years ago after a bad update trashed my system, and yet I have never been infected, although online for hours each day. So, crazy though I be, I am sticking with XP.'" (Read more, below.)
Technology

A Bid To Take 3D Printing Mainstream 143

Posted by samzenpus
from the grandma's-printed-cookies dept.
Nerval's Lobster (2598977) writes "Can 3D printing go truly mainstream? Startup M3D is betting on it, having launched a Kickstarter campaign to create what it terms the first truly consumer 3D printer, built around proprietary auto-leveling and auto-calibration technology that (it claims) will allow the device to run in an efficient, easy-to-use way for quite some time. According to The Verge, the device is space-efficient, quiet, and sips power: 'One of the main obstacles between 3D printers and consumers has been clunky, unintuitive software. Here too, M3D promises improvements, having designed an app that's 'as interactive and enjoyable as a game' with a minimalist and touch-friendly interface.' Do you think 3D printing can capture a massive audience, or will it remain niche for the foreseeable future?"

Mathematics deals exclusively with the relations of concepts to each other without consideration of their relation to experience. -- Albert Einstein

Working...