You are here

Site në gjuhë të huaj

Music Streaming Hailed as Industry's Saviour as Labels Enjoy Profit Surge

Slashdot.org - Enj, 29/12/2016 - 6:20md
Not long ago, the music industry was losing money left and right. Recession, rampant piracy, falling CD sales and a fear that "kids just don't buy music any more" had giant record labels, once oozing wealth, counting the pennies. But that all changed this year, and the industry's saviour is not what many predicted. From a report on The Guardian: Profits from music streaming, first championed by Spotify and now offered by Apple and Amazon, have given some labels their largest surge in revenue in more than a decade. At the beginning of December, one of the world's biggest labels, Warner Music, announced revenues of $3.25bn this year -- its highest in eight years. More significantly, $1bn of that was from streaming, more than double its download revenue and more than $100m more than its physical revenue. The surge in profits is being seen across all the major labels. In the first half of 2016, streaming revenue in the US grew by 57% to $1.6bn, and worldwide digital revenues overtook those from physical sales for the first time in music industry history, mainly because of streaming. This year's most-streamed artist was Drake, with 4.2bn streams.

Read more of this story at Slashdot.

Android Users Are So Committed that Exploding Note 7 Did Little To Help Apple: NPD

Slashdot.org - Enj, 29/12/2016 - 5:40md
An anonymous reader writes: Like loyalty to a political party or hometown sports team, smartphone users are extremely passionate about their choices -- a commitment that led many customers to stick with Samsung, despite the disaster of its downright dangerous Galaxy Note 7. Earlier this week, mobile analytics firm Flurry published data from the holiday season, showing that Apple saw twice as many device activations as rival Samsung. Despite Apple's continued commanding lead in holiday sales of smartphones and tablets, however, the numbers suggested Apple's share was lower and Samsung's was slightly higher from last year. Attempting to explain the trends shown in the data, NPD analyst Stephen Baker told The Wall Street Journal he believes that Android loyalists are committed, and even dangerous exploding batteries in the Galaxy Note 7 were not enough to push significant numbers of customers over to the iPhone. "Most of those who bought or wanted to buy a Note 7 opted for a different high-end Galaxy phone," Baker said.

Read more of this story at Slashdot.

Sven Hoexter: Out of the comfort zone: OpenSuSE support for an ordinary user - f*ck my morals

Planet Debian - Enj, 29/12/2016 - 5:31md

A friend of mine choose for $reasons to install the latest OpenSuSE 42.2 release as his new laptop operating system. It's been a while that I had contact with the SuSE Linux distribution. Must be around 12 years or so. The unsual part here is that I've to support a somewhat eccentric, but mostly ordinary user of computers. And to my surprise it's still hard to just plug in your existing stuff and expect it work. I've done so many dirty things to this installation in the last three days, my system egineering heart is bleeding.

printing with a Canon Pixma iP100 printer

This is a small portable Canon printer, about four years old. It provides a decent quality and its main strength is that it's small and really portable. Sadly the gutenprint driver just pushes through a blank page. No ink wasted on it at all. So the only reasonable other choice was a four year old binary rpm package provided by Canon. It has a file dependency on "libtiff.so.3" which is no longer available in recent GNU/Linux distributions. So I cheated and

- unpacked the tarball - installed the rpm from the "packages" folder zypper install cnijfilter-common-3.70-1.x86_64.rpm cnijfilter-ip100series-3.70-1.x86_64.rpm ... and choose to ignore the missing file dependency on libtiff.so.5. ln -s /usr/lib64/libtiff.so /usr/lib64/libtiff.so.5 - re-ran the ./install.sh which registered the printer with cups and does whatever else magic is included in 1906 lines of shell.

To my surprise this driver still works and provides the expected quality. Though it's just a question of time until this setup will break. Be it an incompatible ABI change in libtiff or another lib in use by those Canon provided tools.

QGIS and gdal with ECW support

While the printer stuff is a rather common use case, having a map viewer for map files in the ECW format is the eccentric part. I found some hints on stackoverflow and subsequently https://trac.osgeo.org/gdal/wiki/ECW that a non-free library is required and a specific build of gdal. Then QGIS should be able to work with ECW files. Lucky us there is at least a OpenSuSE repository for gdal and QGIS. So I did the following:

zypper addrepo http://download.opensuse.org/repositories/Application:/Geo/openSUSE_Leap_42.2/Application:Geo.repo zypper install qgis

Then I had to download the non-free ECW SDK from http://download.hexagongeospatial.com/downloads/erdas-ecw-jp2-sdk-v5.3-%28linux%29 - you'll and up with a '.bin' installer file. The installation process left me with "ERDAS-ECW_JPEG_2000_SDK-5.3.0" folder in my $HOME. I moved that one to /opt. Next step is adding the library to the ldconfig search path.

echo "/opt/ERDAS-ECW_JPEG_2000_SDK-5.3.0/Desktop_Read-Only/lib/x64/release/" > /etc/ld.so.conf.d/ecw.conf; ldconfig

Now it was "just" about rebuild gdal with ECW support. So I downloaded the required source packages with "zypper source-install gdal", edited the spec somewhere in "/usr/src/" to make the following modifications

--with-ecw=/opt/ERDAS-ECW_JPEG_2000_SDK-5.3.0/Desktop_Read-Only

added to the "./configure" invocation. And somewhere at the top we had to relax the requirement that all installed files have to be referenced inside the package.

%define _unpackaged_files_terminate_build 0

As a last step I had to "rpmbuild -ba" the package and force the installation via zypper once more, because this time we have a file depedency on the libecw stuff and it's obviously not listed in the rpm database. Last but not least I tried to put the gdal build on hold with

zypper addlock gdal libgdal20

to ensure it's not removed on the next update.

Other non-free tools

Beside of those two issues I had to install a range of other non-free tools, but currently they work without further issues or modifications. One is Teamviewer (i686 multiarch rpm) and the other one is XnViewMP. XnView is also able to show ECW files, but only the smaller ones. It crashes on bigger ones but that's also the case on Windows. Then there is also (required by some Italian map related websites) the ugly Adobe Flash Plugin for Firefox, but that one is sadly still a widespread issue. We also tried to try out the nvidia graphic drivers but at the moment we could only get the build in Intel card to work. Usually the preferred solution from my point of view but sometimes we see rendering glitches and I'm not sure if it's the driver or something else.

my personal take away

I hate to admit it but it's nothing extraordinary that was requested here. But still it took me the better part of two evenings to figure everything out. And even now it's not properly integrated and doomed to fail any day due to various updates and changes in the surounding ecosystem. I've full sympathy for every average user that would give up after two hours of research and try&error on this journey.

For the printer drivers I'm happy to blame Canon. The printer situation as a whole improved from my point of view during the last decade, but it's still a pain in the ass with the very short shelf life you usually see with consumer models.

For the ECW case one could discuss if it would be legally possible and helpful to do ugly dlopen() stuff to dynamcially load the shared libs. But then again someone has to make his hands dirty during the build and discussions about the legal use of header files will be the next chapter (hello Oracle). It's just ugly. Actually I know too little about the world of image formats to judge if someone has a good reason to keep this format commercial or not. From my personal point of view it's not useful and maybe even morally wrong.

Technically one could argue if it would make sense to keep a local copy of the gdal build in "/opt" and start QGIS with a modified library path to prefer the private gdal build. Not sure if that is any better. On the other hand there are evolving mechanism like flatpack that would ease the handling of such situations. Buth then again we would be catering non-free software. It feels a lot like giving up.

While my private working environment is except for firmware blobs free, I now created for someone a real "FrankenSuSE" to satisfy his everyday needs. On the one hand we now have another mostly satisfied user of a mostly free operating system. On the other hand that was only possible by adding a vast amount of non-free software. For sure we did not win the war, I'm not even sure if we've won a single battle here. It's just frustrating to see what is required to get someone up and running. With my personal attitude towards open source software it even feels wrong to invest so much time into fiddling with non-free components.

What is still missing

We currently lack an image viewer that allows us to print only a selection of an image, which is useful to print parts of a map. That usually works with XnView on Windows but does not work with the Linux version at the moment. I also tried gwenview and geeqie and had the same issue. Not sure if it's maybe a bug in XnView or one of the Qt parts (gwenview is also Qt based). I did not research that yet.

Update: I spent quite some time looking into open bug reports for geeqie and gwenview. Seems the feature to print only a section of an image is something new. I've created #374299 (gwenview) and #457 (geeqie).

For XnView I expect it's a difference between XnViewMP (the portable version) and the Windows only XnView Classic. Needs to be clarified and it might be worth to try XnView Classic with wine. Maybe printing with wine via cups works, I found at least some results for it on the internet.

8,000 New US Jobs? Trump Takes Credit For Sprint, Startup Decisions

Slashdot.org - Enj, 29/12/2016 - 5:00md
President-elect Donald Trump has announced that Sprint is moving 5,000 offshore jobs back to the United States and OneWeb, a satellite Internet startup, is adding 3,000 more jobs in the U.S. From a report on USA Today: The jobs were made possible, Trump said, through Softbank CEO Masayoshi Son, a Japanese billionaire and technology investor, who met with Trump in New York earlier this month. After that meeting, the two businessmen announced Softbank would invest $50 billion in the U.S. and create 50,000 jobs. Softbank owns 80% of Sprint and this month it invested $1 billion in OneWeb, a venture that intends to offer affordable Internet access. Son called the investment a "first step" in his commitment to Trump.

Read more of this story at Slashdot.

Microsoft Tests New 'Green Screen of Death' On Latest Windows 10 Builds

Slashdot.org - Enj, 29/12/2016 - 4:20md
An anonymous reader writes: Windows 10 Insider builds will now feature Green Screen of Death (GSOD) instead of the classic Blue Screen of Death (BSOD) error page we have all become accustomed to. The change was teased on Twitter by Matthijs Hoekstra, Senior Program Manager for Windows Enterprise Developer Platform, and spotted by a user that goes by the nickname of Chris123NT. According to Hoekstra, only Windows 10 Insider builds will feature the green error screen, while stable Windows 10 versions will continue to use the classic blue-themed error page. Hoekstra didn't elaborate on the reasons behind the color change, but the color-coded error screens would allow Microsoft support staff to triage bugs and prioritize customers.

Read more of this story at Slashdot.

Singapore Will Add Iris Scans As Identifier For Citizens And Permanent Residents Starting January 1

Slashdot.org - Enj, 29/12/2016 - 3:40md
From the beginning of next year, authorities will start collecting iris images from Singapore citizens and permanent residents (PRs) when they register or re-register for their NRIC, or apply for or renew a passport, said the Ministry of Home Affairs (MHA). From a report: The iris images will serve as another identifier to boost verification methods, in addition to the photographs and fingerprints already used on the documents. The change is part of amendments to the National Registration Act, which were passed in Parliament in November and paves the way for iris scans to be introduced progressively at Singapore's land and sea checkpoints within the next two years. In a statement on Wednesday (Dec 28), MHA said the amendments will take effect on Jan 1.

Read more of this story at Slashdot.

Reproducible builds folks: Reproducible Builds: week 87 in Stretch cycle

Planet Debian - Enj, 29/12/2016 - 3:07md

What happened in the Reproducible Builds effort between Sunday December 18 and Saturday December 24 2016:

Media coverage

100% Of The 289 Coreboot Images Are Now Built Reproducibly by Phoronix, with more details in German by Pro-Linux.de.

We have further reports on our Reproducible Builds World summit #2 in Berlin from Rok Garbas of NixOS as well as Clemens Lang of MacPorts

Debian infrastructure work

Dak now archives buildinfo files thanks to a patch from Chris Lamb. We also have mostly finalised a design of how they will be distributed by the Debian FTP mirror network which we will start implementing soon. This is great for the future of Debianb but unfortunately this also means that we won't have .buildinfo files for Stretch as Debian will not rebuild its source packages and because these binary packages currently in the archive were mostly built with dpkg > 1.18.11.

reprepro/5.0.0-1 has added support for dealing with .buildinfo files that are included in .changes files. (Closes: #843402)

Reproducible work in other projects

The Chromium project is now working on making their build process (mostly) deterministic.

Their motivation is to save both "[money] (less hardware is required) and developer time (reduced latency by having less work to do on the TS and CI)".

Unreproducible bugs filed Reviews of unreproducible packages

39 package reviews have been added, 75 have been updated and 44 have been removed in this week, adding to our knowledge about identified issues.

2 issue types have been updated:

Weekly QA work

During our reproducibility testing, some FTBFS bugs have been detected and reported by:

  • Adrian Bunk (1)
  • Chris Lamb (7)
  • Lucas Nussbaum (4)
diffoscope development

diffoscope 66 was uploaded to unstable by Chris Lamb. It included contributions from:

  • Emanuel Bronshtein:
    • Use ssh-keygen for comparing OpenSSH public keys
    • Use js-beautify as JavaScript code beautifier for .js files (with tests).
    • Many CSS & HTML improvements.
    • Change all HTTP URLs to HTTPS where applicable.
  • anthraxx:
    • Enable the use of ssh-keygen on Arch Linux.
  • Maria Glukhova:
    • Add detection of order-only difference in plain text format. (Closes: #848049)
    • Change icc-recognizing regexp to reflect changes in file type description. (Closes: #848814)
  • Chris Lamb:
    • Update tests for compatibility with enjarify >= 1.0.3. (Closes: #849142)
    • When skipping tests because the version of an external is too low, print the detected version.
    • Avoid unpacking packages twice when comparing .changes. (Closes: #843531)
    • Add a simple profiling framework (enabled via --profile).
    • Various code quality and reliability improvements.
    • Document how to sign PyPI uploads.
strip-nondeterminism development

strip-nondeterminism 0.029-1 was uploaded to unstable by Chris Lamb. It included no new content from this week, but rather included contributions from previous weeks.

reproducible-website development

The website is now also accessible via the https://www.reproducible-builds.org URL.

  • Clemens Lang:
    • Add the definition of "reproducible", as drafted at the reproducible builds world summit in Berlin. Thanks to all participants in the sessions that worked these out!
  • Valerie R Young:
    • Force ordering of titles.
    • Various formatting improvements.
  • Holger Levsen:
  • Chris Lamb:
    • Various usability, style and wording improvements.
    • Add Debconf15, Skroutz.gz and MiniDebconfCambridge15 talks to resouces page.
tests.reproducible-builds.org
  • We changed the data storage backend from a single sqlite3 database file (651 MB) to a PostgreSQL database. With this change we'll be able to scale a lot more and add testing of the arm64 architecture.
    • Valerie Young wrote most of the code, Mattia Rizzolo reviewed and helped improve the code and Holger deployed it and found some minor bugs which have been fixed.
  • We are now testing the arm64 architecture for all packages on all suites, arranged by Holger. Many thanks to codethink for providing us with access to eight 8-core arm64 machines with 64GB memory, which allows us to rebuild Debian very fast!
Misc.

This week's edition was written by Ximin Luo, Holger Levsen & Chris Lamb and reviewed by a bunch of Reproducible Builds folks on IRC and the mailing lists.

Amazon's Digital Day is Like Cyber Monday But For Downloads

Slashdot.org - Enj, 29/12/2016 - 3:00md
Amazon is hoping to replicate the success of its online-only sales. It has announced a "Digital Day" sale on December 30, where it will offer discounts of up to 50 percent on apps, ebooks, games, movies, and music. From a report on CNET: Now, the Seattle-based online retailer giant is hoping to do the same with Digital Day. Movies like "Bolt," "The Lego Movie" and "Storks" are up to 50 percent off. So are games like Titanfall 2 and Rocket League. There will also be deals on Amazon's music streaming service and kids book app Amazon Rapids.

Read more of this story at Slashdot.

Automatic Brakes Stopped Berlin Truck During Christmas Market Attack

Slashdot.org - Enj, 29/12/2016 - 2:00md
An anonymous reader quotes a report from Deutsche Welle: The truck that plowed into a Berlin Christmas market, killing 12, came to a halt due an automatic braking system, according to German media reports on Wednesday. The automatic braking system potentially saved the lives of many more people in the recent terrorist attack. An investigation by newspaper "Suddeutsche Zeitung" and broadcasters "NDR" and "WDR" found the Scania R 450 semi-trailer stopped after between 70 and 80 meters (250 feet). The system was reportedly engaged after sensing a collision. Previous reports speculated that the truck had driven erratically and stopped due to the heroic actions of the truck's Polish driver, who lay fatally wounded in the cabin. In 2012 the European Union adopted regulations requiring all new trucks exceeding 3,500 kilograms be fitted with advanced emergency braking systems. The systems initially alert drivers and then take evasive action. The regulation was adopted to reduce the number of rear end collisions by trucks.

Read more of this story at Slashdot.

Arturo Borrero González: My FLOSS activity in 2016

Planet Debian - Enj, 29/12/2016 - 12:30md

The year 2016, which is about to end, has been full of work and contributions to the FLOSS comunity.

Most of my focus goes to two important projects: Debian and Netfilter. This is no coincidence, since my main interests in the IT world are systems and networks.

Some numbers (no exhaustive count):

  • Netfilter patches/commits: ~60 contributions
  • Netfilter docs/wiki: ~20 contributions
  • Debian patches/commits: ~200 contributions
  • Debian package uploads: ~30 uploads (also some sponsored uploads)
  • Debian package maintenance: ~10 packages
  • Number of non-technical people migrated to linux: 2!!

I would like to note that most of my work is done in my spare time, and nobody is paying for it (with the exeption of the Suricata debian package).

My expectation for 2017 is to continue in this line, learn more and increment the quality of my contributions.

I’m especially proud of the the non-technical people who migrated to desktop linux due to my help. I’m targeting 2 or 3 more friends and relatives for 2017.

So, goodbye 2016! Exciting 2017 ahead.

Scientists Develop a Breathalyzer That Detects 17 Diseases With One Breath From a Patient

Slashdot.org - Enj, 29/12/2016 - 4:30pd
randomErr quotes a report from Quartz: In the last 10 years, researchers have developed specific sniff tests for diagnosing tuberculosis, hypertension, cystic fibrosis, and even certain types of cancer. A group of global researchers led by Hossam Haick at the Israel Institute of Technology have taken the idea a step further. They've built a device -- a kind of breathalyzer -- that is compact and can diagnose up to 17 diseases from a single breath of a patient. The breathalyzer has an array of specially created gold nanoparticles, which are sized at billionths of a meter, and mixed with similar-sized tubes of carbon. These together create a network that is able to interact differently with each of the nearly 100 volatile compounds that each person breaths out (apart from gases like nitrogen, oxygen, and carbon dioxide). Haick's team collected 2,800 breaths from more than 1,400 patients who were each suffering from at least one of 17 diseases (in three classes: cancer, inflammation, and neurological disorders). Each sample of the disease was then passed through the special breathalyzer, which then produced a dataset of the types of chemicals it could detect and in roughly what quantities. The team then applied artificial intelligence to the dataset to search for patterns in the types of compounds detected and the concentrations they were detected at. As they report in the journal ACS Nano, the data from the breathalyzer could be used to accurately detect that a person is suffering from a unique disease nearly nine out of ten times.

Read more of this story at Slashdot.

Patrick Uiterwijk: Fedora wiki and trac spam and first DWF

Planet GNOME - Enj, 29/12/2016 - 3:24pd

As some people might have noticed, Fedora has had some issues with spam on our Wiki and Trac instances.

This spam attack is a targeted attack, since they had to create a lot of new users, and not only did they work with the Fedora Account System (FAS),
but they also worked with our Contributor Agreement signing process, and everytime I edited one small thing to stop them, they'd edit their stuff to work with it.

We had been doubting our captcha for a while now, but changing the captcha system entirely was quite hard since the obvious candidates all would not suit us because they're not open source or they don't offer a sound version of the CAPTCHA.

The issue

After writing lots of scripts to automatically detect and delete the spam (which I'll open source soon) since we hoped that if we'd do that they'd stop, they still didn't stop (if anything, they only increased their rate), I looked into why they were able to create hundreds of accounts per day.

When looking through the logs, I saw that they were creating the accounts in bursts.
So they would create lots of accounts within a few minutes, then wait a while, before again creating lots of accounts within a few minutes.
With this information I dove into our captcha system, and I discovered that what it does is it makes the client submit both the captcha value that the user entered, and an encrypted version of the correct captcha.
It would then decrypt the correct captcha and check whether it had the same plaintext value as the user just entered, and also whether the captcha hadn't expired yet, which happens 5 minutes after generation.

At this point I started thinking that they probably just stored an encrypted version and the correct answer, and just submitted them together, which means that it would match.
This also matches the bursts, because after 5 minutes the captcha would expire and they would need to solve a new captcha, and they were able to again create lots of accounts in a burst.
After adding some logging code, I discovered that this is indeed what they had been doing.

Since we now have Distributed Weakness Filing and I am a DWF Number Authority, I decided to issue to very first DWF from my block to this issue: DWF-2016-89000.

What I ended up doing to fix this was adding a nonce system to the captcha library, to make sure each captcha is only used once.
This also required patches to FAS, to make sure that the captcha is stored in the database so it works in multi-server setups, but those are now out: TGCaptcha2 0.3.0 and FAS2 0.11.0 have
come to be!

Conclusion

At this moment, this issue is fixed, and I'm hoping again that this will stop the spammers, but if not, we'll continue the arms race, and I get to look into things like machine learning...

More Than One-Third of Schoolchildren Are Homeless In Shadow of Silicon Valley

Slashdot.org - Enj, 29/12/2016 - 2:25pd
Alastair Gee writes via The Guardian about Palo Alto's problem with homeless children. Palo Alto is one of the most expensive cities in the United States, yet "slightly more than one-third of students (1,147 children) are defined as homeless here, mostly sharing homes with other families because their parents cannot afford one of their own, and also living in RVs and shelters." From the report: The circumstances of the crisis are striking. Little more than a strip of asphalt separates East Palo Alto from tony Palo Alto, with its startups, venture capitalists, Craftsman homes and Whole Foods. East Palo Alto has traditionally been a center for African American and Latino communities. Its suburban houses are clustered on flat land by the bay, sometimes with no sidewalks and few trees, but residents say the town boasts a strong sense of cohesion. Yet as in the rest of Silicon Valley, the technology economy is drawing new inhabitants and businesses -- the Facebook headquarters is within Ravenswood's catchment area -- and contributing to dislocation as well as the tax base. "Now you have Caucasians moving back into the community, you have Facebookers and Googlers and Yahooers," said Pastor Paul Bains, a local leader. "That's what's driven the cost back up. Before, houses were rarely over $500,000. And now, can you find one under $750,000? You probably could, but it's a rare find." Several homeless families whose children attend local schools told the Guardian that they had considered moving to cheaper real estate markets, such as the agricultural Central Valley, but there were no jobs there. One man shares a single room with three children, in a house where three other families each have a room. Another woman lives with her partner and five children in a converted garage. Even teachers are not immune to such difficulties. Ten of the staff who work on early education programs -- one-third of the total -- commute two or more hours each way a day because they cannot find housing they can afford.

Read more of this story at Slashdot.

Some Google Pixel Devices Are Shutting Down At 30% Battery

Slashdot.org - Enj, 29/12/2016 - 1:45pd
An anonymous reader quotes a report from Android Authority: It seems that some Pixel devices are affected by the same infamous shutdown bug that plagued the Nexus 6P where the device would prematurely turn off at 25 to 35 percent. The Huawei Nexus 6P has finally received the Nougat update. But ever since, Google's last ever Nexus device has been on the news, and for all the wrong reasons. Among the problems was a shutdown bug: the phone would shut down when the battery is at 30 percent or so. Well, it looks like the issue isn't unique to those Nexus 6P users. A few Reddit users are reporting that their Pixel devices are also suffering from the same shutdown bug. Some Pixel phones would prematurely shut down at or around 30 percent and would not turn back on until a charger is connected. A user by the name of vrski_15, who started the thread explains: "Twice in last 5 days, has the phone shutdown abruptly while I am in middle of something. In both instances, battery was between 25-35%, and the phone under normal conditions should have lasted for at least next 3-4 hours." With the Nexus 6P, Huawei first ruled that this was not a hardware problem but a software-related one. However, users found that the problem persisted even after downgrading to Android Marshmallow. This led Huawei to investigate further with Google, and although the company hasn't revealed the cause yet, it is probably related to the problem that these Pixel users have been experiencing.

Read more of this story at Slashdot.

Czech Republic Sets Up Counter-Terrorism Unit To Counter Fake News Threat

Slashdot.org - Enj, 29/12/2016 - 1:05pd
According to CNN, the Czech Republic is setting up a new counter-terrorism unit to combat the rise of fake news or "foreign disinformation campaigns." The counter-terrorism unit is called "The Center Against Terrorism and Hybrid Threats," and is due to start operating on Sunday, according to an interior ministry statement. CNN reports: The new center is intended to monitor internal security threats, including attacks on soft targets and extremism, as well as "disinformation campaigns related to internal security." Its establishment follows the publication in September of a Czech intelligence service report that identified Russian disinformation and cyber-espionage activities as a potential threat to the Czech Republic, European Union and NATO. The Czech Republic is due to hold a general election next year. According to the Czech Security Information Service (BIS) annual report, Russia in 2015 used "influence and information operations" to try to manipulate public opinion in the Czech Republic in relation to Syria and Ukraine. Russia is involved in conflicts in both these countries. Russia's hybrid warfare operations included "weakening the strength of Czech media" through "covert infiltration of Czech media and the Internet, massive production of Russian propaganda and disinformation controlled by the state," the report said. Other Russian operations included founding puppet organizations, the "covert and open support of populist or extremist subjects," and "disrupting the coherence and readiness of NATO and the EU," the report claimed. "The above-mentioned activities pose a threat to the Czech Republic, EU and NATO not only in relation to the Ukrainian and Syrian conflicts. "The infrastructure created for achieving these goals will not disappear with the end of the two conflicts. It can be used to destabilize or manipulate Czech society or political environment at any time, if Russia wishes to do so." According to the Czech interior ministry, its new unit won't be interrogating anyone, censoring online content or bringing legal proceedings, nor will it "have a button for 'switching off the internet.'" But it will monitor threats, inform the public about "serious cases of disinformation" and promote internal security expertise.

Read more of this story at Slashdot.

Nevada Website Bug Leaks Thousands of Medical Marijuana Dispensary Applications

Slashdot.org - Enj, 29/12/2016 - 12:20pd
An anonymous reader quotes a report from ZDNet: Nevada's state government website has leaked the personal data on over 11,700 applicants for dispensing medical marijuana in the state. Each application, eight pages in length, includes the person's full name, home address, citizenship, and even their weight and height, race, and eye and hair color. The applications also include the applicant's citizenship, their driving license number (where applicable), and social security number. Security researcher Justin Shafer found the bug in the state's website portal, allowing anyone with the right web address to access and enumerate the thousands of applications. Though the medical marijuana portal can be found with a crafted Google search query, we're not publishing the web address out of caution until the bug is fixed. A spokesperson for the Nevada Dept. Health and Human Services, which runs the medical marijuana application program, told ZDNet that the website has been pulled offline to limit the vulnerability. The spokesperson added that the leaked data was a "portion" of one of several databases.

Read more of this story at Slashdot.

Ask Slashdot: Is Computing As Cool and Fun As It Once Was?

Slashdot.org - Mër, 28/12/2016 - 11:40md
dryriver writes: I got together with old computer nerd friends the other day. All of us have been at it since the 8-bit/1980s days of Amstrad, Atari, Commodore 64-type home computers. Everybody at the meeting agreed on one thing -- computing is just not as cool and as much fun as it once was. One person lamented that computer games nowadays are tied to internet DRM like Steam, that some crucial DCC software is available to rent only now (e.g. Photoshop) and that many "basic freedoms" of the old-school computer nerd are increasingly disappearing. Another said that Windows 10's spyware aspects made him give up on his beloved PC platform and that he will use Linux and Android devices only from now on, using consoles to game on instead of a PC because of this. A third complained about zero privacy online, internet advertising, viruses, ransomware, hacking, crapware. I lamented that the hardware industry still hasn't given us anything resembling photorealistic realtime 3D graphics, and that the current VR trend arrived a full decade later than it should have. A point of general agreement was that big tech companies in particular don't treat computer users with enough respect anymore. What do Slashdotters think? Is computing still as cool and fun as it once was, or has something "become irreversibly lost" as computing evolved into a multi-billion dollar global business?

Read more of this story at Slashdot.

Destructive KillDisk Malware Turns Into Ransomware

Slashdot.org - Mër, 28/12/2016 - 11:00md
wiredmikey writes from a report via SecurityWeek: A recently discovered variant of the KillDisk malware encrypts files and holds them for ransom instead of deleting them. Since KillDisk has been used in attacks aimed at industrial control systems (ICS), experts are concerned that threat actors may be bringing ransomware into the industrial domain. CyberX VP of research David Atch told SecurityWeek that the KillDisk variant they have analyzed is a well-written piece of ransomware, and victims are instructed to pay 222 bitcoins ($210,000) to recover their files, which experts believe suggests that the attackers are targeting "organizations with deep pockets." From the report: "The ransomware is designed to encrypt various types of files, including documents, databases, source code, disk images, emails and media files. Both local partitions and network folders are targeted. The contact email address provided to affected users is associated with Lelantos, a privacy-focused email provider only accessible through the Tor network. The Bitcoin address to which victims are told to send the ransom has so far not made any transactions. Atch pointed out that the same RSA public key is used for all samples, which means that a user who receives a decryptor will likely be able to decrypt files for all victims. According to CyberX, the malware requires elevated privileges and registers itself as a service. The threat terminates various processes, but it avoids critical system processes and ones associated with anti-malware applications, likely to avoid disrupting the system and triggering detection by security products."

Read more of this story at Slashdot.

North Korea's Android Tablet Takes a Screenshot Every Time You Open an App

Slashdot.org - Mër, 28/12/2016 - 10:20md
An anonymous reader quotes a report from Motherboard: When you think of North Korea, the first thing that springs to mind is probably not a well-featured tablet PC. But that's just what researchers at the Chaos Communication Congress hacking festival revealed on Tuesday. Called Woolim, this tablet is designed to limit the distribution of contraband media, track its users, and generally act as a propaganda platform for the Democratic People's Republic of Korea (DPRK). Woolim is a small, white Android device that looks like a fairly standard tablet. The hardware itself is made by Chinese manufacturer Hoozo, but the North Korean government has removed some components such as those for wi-fi and bluetooth, and put its own bespoke software on top. After the researchers presented work covering RedStar OS, North Korea's Linux-based operating system, a South Korean NGO offered the tablet to the group. Woolim is just one of several tablets designed for North Korea, but Woolim appears to be the most recent, likely dating from 2015. The tablet has PDFs on how to use it; various propaganda texts for users to read as well as the capability to play local TV and connect to the country's own internet, and it also comes with a slew of educational apps, such as French, Russian, and Chinese dictionaries. There's even an app for kids which teaches them how to type with a keyboard, and video games such as Angry Birds that have been lightly customized. The tablet only allows specific files to be used or played: users cannot just load whatever they want onto the device. Woolim also constantly keeps tabs on what its users are up to. Whenever a user opens an app, the tablet takes a screenshot. These screenshots are then available for viewing in another app, but they can't be deleted.

Read more of this story at Slashdot.

Faqet

Subscribe to AlbLinux agreguesi - Site në gjuhë të huaj