Forgot your password?
typodupeerror
Security

Ask Slashdot: Open Hard- & Software Based Security Token? 53

Posted by timothy
from the you-could-use-postcards-scanned-by-an-arduino dept.
Qbertino (265505) writes I've been musing about a security setup to allow my coworkers/users access to files from the outside. I want security to be a little safer than pure key- or password-based SSH access, and some super-expensive RSA Token setup is out of question. I've been wondering whether there are any feasible and working FOSS and open hardware-based security token generator projects out there. It'd be best with ready-made server-side scripts/daemons. Perhaps something Arduino or Raspberry Pi based? Has anybody tried something like this? What are your experiences? What do you use? How would you attempt an open hardware FOSS solution to this problem?
Security

Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing 52

Posted by timothy
from the they'll-take-a-look-see dept.
cold fjord (826450) writes with an excerpt from ZDNet At OSCon, The Department of Homeland Security (DHS) ... quietly announced that they're now offering a service for checking out your open-source code for security holes and bugs: the Software Assurance Marketplace (SWAMP). ... Patrick Beyer, SWAMP's Project Manager at Morgridge Institute for Research, the project's prime contractor, explained, "With open source's popularity, more and more government branches are using open-source code. Some are grabbing code from here, there, and everywhere." Understandably, "there's more and more concern about the safety and quality of this code. We're the one place you can go to check into the code" ... funded by a $23.4 million grant from the Department of Homeland Security Science & Technology Directorate (DHS S&T), SWAMP is designed by researchers from the Morgridge Institute, the University of Illinois-Champaign/Urbana, Indiana University, and the University of Wisconsin-Madison. Each brings broad experience in software assurance, security, open source software development, national distributed facilities and identity management to the project. ... SWAMP opened its services to the community in February of 2014 offering five open-source static analysis tools that analyze source code for possible security defects without having to execute the program. ... In addition, SWAMP hosts almost 400 open source software packages to enable tool developers to add enhancements in both the precision and scope of their tools. On top of that the SWAMP provides developers with software packages from the National Institute for Standards and Technology's (NIST) Juliet Test Suite. I got a chance to talk with Beyer at OSCON, and he emphasized that anyone's code is eligible — and that there's no cost to participants, while the center is covered by a grant.
DRM

Free Copy of the Sims 2 Contains SecuROM 203

Posted by Unknown Lamer
from the get-your-free-rootkits dept.
dotarray (1747900) writes By now, everybody should know that if something looks too good to be true, it probably is. Let's apply that to EA, shall we? The publisher is giving away copies of The Sims 2: Ultimate Collection, for free... and not mentioning that it includes the controversial SecuROM anti-piracy software. Nobody likes SecuROM.
Portables

Ask Slashdot: Where Can I Find Resources On Programming For Palm OS 5? 149

Posted by Unknown Lamer
from the civilized-pda-for-a-civilized-business-climate dept.
First time accepted submitter baka_toroi (1194359) writes I got a Tungsten E2 from a friend and I wanted to give it some life by programming for it a little bit. The main problem I'm bumping up against is that HP thought it would be awesome to just shut down every single thing related to Palm OS development. After Googling a lot I found out CodeWarrior was the de facto IDE for Palm OS development... but I was soon disappointed as I learned that Palm moved from the 68K architecture to ARM, and of course, CodeWarrior was just focused on Palm OS 4 development.

Now, I realize Palm OS 4 software can be run on Palm OS 5, but I'm looking to use some of the 'newer' APIs. Also, I have the Wi-fi add-on card so I wanted to create something that uses it. I thought what I needed was PODS (Palm OS Development Suite) but not only I can't find it anywhere but also it seems it was deprecated during Palm OS's lifetime. It really doesn't help the fact that I'm a beginner, but I really want to give this platform some life. Any general tip, book, working link or even anecdotes related to all this will be greatly appreciated.
Programming

A Fictional Compression Metric Moves Into the Real World 122

Posted by Unknown Lamer
from the best-thing-since-sliced-scatterplots dept.
Tekla Perry (3034735) writes The 'Weissman Score' — created for HBO's "Silicon Valley" to add dramatic flair to the show's race to build the best compression algorithm — creates a single score by considering both the compression ratio and the compression speed. While it was created for a TV show, it does really work, and it's quickly migrating into academia. Computer science and engineering students will begin to encounter the Weissman Score in the classroom this fall."
Oracle

Oracle Offers Custom Intel Chips and Unanticipated Costs 91

Posted by timothy
from the your-fries-come-with-lobster dept.
jfruh (300774) writes "For some time, Intel has been offering custom-tweaked chips to big customers. While most of the companies that have taken them up on this offer, like Facebook and eBay, put the chips into servers meant for internal use, Oracle will now be selling systems running on custom Xeons directly to end users. Those customers need to be careful about how they configure those systems, though: in the new Oracle 12c, the in-memory database option, which costs $23,000 per processor, is turned on by default."
Security

Attackers Install DDoS Bots On Amazon Cloud 24

Posted by timothy
from the fully-buzzword-compliant dept.
itwbennett (1594911) writes "Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers. Last week security researchers from Kaspersky Lab found new variants of Mayday, a Trojan program for Linux that's used to launch distributed denial-of-service (DDoS) attacks. The malware supports several DDoS techniques, including DNS amplification. One of the new Mayday variants was found running on compromised Amazon EC2 server instances, but this is not the only platform being misused, said Kaspersky Lab researcher Kurt Baumgartner Friday in a blog post."
Android

Popular Android Apps Full of Bugs: Researchers Blame Recycling of Code 143

Posted by timothy
from the little-of-this-little-of-that dept.
New submitter Brett W (3715683) writes The security researchers that first published the 'Heartbleed' vulnerabilities in OpenSSL have spent the last few months auditing the Top 50 downloaded Android apps for vulnerabilities and have found issues with at least half of them. Many send user data to ad networks without consent, potentially without the publisher or even the app developer being aware of it. Quite a few also send private data across the network in plain text. The full study is due out later this week.
Education

Valencia Linux School Distro Saves 36 Million Euro 153

Posted by timothy
from the oh-no-big-deal dept.
jrepin (667425) writes "The government of the autonomous region of Valencia (Spain) earlier this month made available the next version of Lliurex, a customisation of the Edubuntu Linux distribution. The distro is used on over 110,000 PCs in schools in the Valencia region, saving some 36 million euro over the past nine years, the government says." I'd lke to see more efforts like this in the U.S.; if mega school districts are paying for computers, I'd rather they at least support open source development as a consequence.
Advertising

Nasty Business: How To Drain Competitors' Google AdWords Budgets 95

Posted by timothy
from the this-one-weird-trick dept.
tsu doh nimh (609154) writes KrebsOnSecurity looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.The service allows companies to attack competitors by raising their costs or exhausting their ad budgets early in the day. Advertised on YouTube and run by a guy boldly named "GoodGoogle," the service employs a combination of custom software and hands-on customer service, and promises clients the ability to block the appearance of competitors' ads. From the story: "The prices range from $100 to block between three to ten ad units for 24 hours to $80 for 15 to 30 ad units. For a flat fee of $1,000, small businesses can use GoodGoogle's software and service to sideline a handful of competitors' ads indefinitely."
Medicine

Two South African Cancer Patients Receive 3D Printed Titanium Jaw Implants 71

Posted by timothy
from the ok-but-they-did-already-need-them dept.
jigmypig (3675225) writes "Two patients in South Africa that have had their lives and more specifically their jaws severely affected by cancer, have just received 3D printed jaw implants. The jaws were 3D printed using a laser sintering process that melts powdered titanium, one layer at a time. The process saves a ton of money, and unlike traditional manufacturing of titanium jaws, it doesn't waste any materials. Traditional manufacturing wastes up to 80% of the titanium block used in the process, whereas with 3D printing there is little to no waste at all. This new process also allows for a fully customizable solution. The models are drawn up in CAD software, and then printed out to precisely fit the patient."
Open Source

Ask Slashdot: Where Do You Get (or Share) News About Open Source Projects? 85

Posted by timothy
from the just-start-typing-random-ips dept.
An anonymous reader writes "Now that freshmeat.net / freecode.com doesn't accept any updates, I wonder how the Slashdot crowd gets news about new projects, and even new versions of existing projects. For project managers, where could you announce new versions of your project, so that it can reach not just those who already know the project. Freshmeat / Freecode had all the tools to explore and discover projects, see screenshots (a mandatory feature for any software project, even with only a console interface or no interface at all) and go to the homepage of the project. I subscribed years ago to the RSS feed and sometimes found interesting projects this way. You could replace these tools by subscribing to newsletters or feeds from the projects you follow, but that doesn't cover the discovery part." And do any of the major development / hosting platforms for Free / Open Source projects (GitHub, Launchpad, or Slashdot sister-site SourceForge) have tools you find especially useful for skimming projects of interest?
Television

How Stanford Engineers Created a Fictitious Compression For HBO 89

Posted by timothy
from the buzzword-bingo dept.
Tekla Perry (3034735) writes Professor Tsachy Weissman and Ph.D student Vinith Misra came up with (almost) believable compression algorithms for HBO's Silicon Valley. Some constraints -- they had to seem plausible, look good when illustrated on a whiteboard, and work with the punchline, "middle out." Next season the engineers may encourage producers to tackle the challenge of local decodability.
EU

Switching From Microsoft Office To LibreOffice Saves Toulouse 1 Million Euros 280

Posted by Soulskill
from the all-about-the-napoleans dept.
jrepin sends this EU report: The French city of Toulouse saved 1 million euro by migrating all its desktops from Microsoft Office to LibreOffice. This project was rooted in a global digital policy which positions free software as a driver of local economic development and employment. Former IT policy-maker Erwane Monthubert said, "Software licenses for productivity suites cost Toulouse 1.8 million euro every three years. Migration cost us about 800,000 euro, due partly to some developments. One million euro has actually been saved in the first three years. It is a compelling proof in the actual context of local public finance. ... France has a high value in free software at the international level. Every decision-maker should know this."
The Military

"Magic Helmet" For F-35 Ready For Delivery 184

Posted by samzenpus
from the watch-your-six-and-stay-frosty dept.
Graculus writes with news that the so called "magic helmets" for the controversial F-35 are ready for action. This week, Lockheed Martin officially took delivery of a key part of the F-35 fighter's combat functionality—the pilot's helmet. The most expensive and complicated piece of headgear ever constructed, the F-35 Gen III Helmet Mounted Display System (HMDS) is one of the multipurpose fighter's most critical systems, and it's essential to delivering a fully combat-ready version of the fighter to the Marine Corps, the Navy, and the Air Force. But it almost didn't make the cut because of software problems and side effects akin to those affecting 3D virtual reality headsets.

Built by Rockwell Collins ESA Vision Systems International (a joint venture between Rockwell Collins and the Israeli defense company Elbit Systems), the HMDS goes way beyond previous augmented reality displays embedded in pilots' helmets. In addition to providing the navigational and targeting information typically shown in a combat aircraft's heads-up display, the HMDS also includes aspects of virtual reality, allowing a pilot to look through the plane. Using a collection of six high-definition video and infrared cameras on the fighter's exterior called the Distributed Aperture System (DAS), the display extends vision a full 360 degrees around the aircraft from within the cockpit. The helmet is also equipped with night vision capabilities via an infrared sensor that projects imagery inside the facemask
Open Source

A Warm-Feeling Wooden Keyboard (Video) 80

Posted by Roblimo
from the keyboard-as-cool-as-a-woodie-station-wagon dept.
Plastic, plastic everywhere! Except on most surfaces of the Keyboardio ergonomic keyboard, which started as a 'scratch his itch' project by Jesse Vincent. According to his blurb on the Keyboardio site, Jesse 'has spent the last 20 years writing software like Request Tracker, K-9 Mail, and Perl. He types... a lot. He tried all the keyboards before finally making his own.'

His objective was to make a keyboard he really liked. And he apparently has. This video was shot in June, and Jesse already has a new model prototype under way that Tim Lord says is a notable improvement on the June version he already liked. || Note that the Keyboardio is hackable and open source, so if you think you can improve it, go right ahead. (Alternate Video Link)
Classic Games (Games)

Raspberry Pi Gameboy 60

Posted by Soulskill
from the what's-old-is-new dept.
An anonymous reader writes: An enterprising hacker took on a project to rebuild a broken Gameboy using emulation software, a Raspberry Pi, and a few other easily-obtainable parts. The result: success! The hacker has posted a detailed walkthrough explaining all of the challenges and how they were solved. "Using a Dremel, I cut out a most of the battery compartment as well as some posts that on the case for the LCD that would no longer be needed. Doing so, the Pi sits flush with the back of the DMG case. ... The screen was the first challenge. The screen runs off 12V out of the box which wouldn't work with the USB battery pack. The USB battery pack is rated at 5V, 1000mAH so the goal was go modify the screen to allow it to run at 5V. ... I finally got it to work by removing the power converter chip as well as soldering a jumper between the + power in and the resister on the top right."
Programming

'Just Let Me Code!' 368

Posted by Soulskill
from the not-until-you-finish-your-vegetables dept.
An anonymous reader writes: Andrew Binstock has an article about the ever-increasing complexity required to write code. He says, "I got into programming because I like creating stuff. Not just any stuff, but stuff other people find useful. I like the constant problem solving, the use of abstractions that exist for long periods nowhere but in my imagination, and I like seeing the transformation into a living presence. ... The simple programs of a few hundred lines of C++ long ago disappeared from my experience. What was the experience of riding a bicycle has become the equivalent of traveling by jumbo jet; replete with the delays, inspections, limitations on personal choices, and sudden, unexplained cancellations — all at a significantly higher cost. ... Project overhead, even for simple projects, is so heavy that it's a wonder anyone can find the time to code, much less derive joy from it. Software development has become a mostly operational activity, rather than a creative one. The fundamental problem here is not the complexity of apps, but the complexity of tools. Tools have gone rather haywire during the last decade chasing shibboleths of scalability, comprehensiveness, performance. Everything except simplicity."
Microsoft

Microsoft FY2014 Q4 Earnings: Revenues Up, Profits Down Slightly 66

Posted by Unknown Lamer
from the still-enough-to-fill-money-pool dept.
Microsoft has released their latest earnings report, and it's not as bleak as last week's news might have you suspect. Quoting Forbes: Microsoft reported $23.38 billion of revenue for the fourth quarter, up 17.5% from the same period last year. Net income, however, came in at $4.6 billion, down from last year and behind Wall Street analysts' consensus estimate, both about $5 billion. At 55 cents earnings per share were down 4 cents and a nickel short of the Street’s call. For the full year, revenue clocked in at $86.8 billion an 11.5% increase from a year earlier. Net income was $22.1 billion and earnings per share were $2.63. They took a hit from finalizing the acquisition of Nokia's handset division (not unexpected). The cloud services side of the business appears to be growing, while traditional software sales have stagnated. The layoffs will cost Microsoft between $1.1 and $1.6 billion over the first half of next year.
Cellphones

Amazon Fire Phone Reviews: Solid But Overly Ambitious 58

Posted by Soulskill
from the disturbing-lack-of-actual-fire dept.
An anonymous reader writes: Amazon's Fire Phone launches later this week, and the reviews have started to come in. The hardware: "There's nothing terribly special about the Fire Phone's hardware, but there's very little to turn you off either." "The nice-looking IPS display in the Fire Phone gets bright enough for outdoor viewing, and it has nice viewing angles—a necessity for a phone that's meant to be tilted around and looked at from every which way." "An indistinct slab of glass and plastic, the Fire Phone looks more like a minimalist prototype than a finished product."

Software: "Firefly can recognize lots of things, but it's incredibly, hilariously inconsistent." "Firefly is the one Fire Phone feature you'll want on any phone you're currently using. Let's hope that it gets enough developer support that it isn't just a link to Amazon's storefronts." "First, and to be absolutely clear, Dynamic Perspective will impress you the first time you see it, and Amazon is pretty good at showing it off. ... But if there's some cool, useful functionality to be had from super-aggressive, super-accurate face tracking, the Fire Phone doesn't have it." Conclusion: "Smartphones are for work, for life. They're not toys, they're tools. Amazon doesn't understand that, and the Fire Phone doesn't reflect it."

Uncompensated overtime? Just Say No.

Working...