You are here

Site në gjuhë të huaj

Trane Takes 2 Years To Remove Hard-Coded Root Passwords From IoT Thermostat

Slashdot.org - Mër, 10/02/2016 - 9:41md
An anonymous reader writes: It took 22 months for Trane to patch three security bugs in its ComfortLink II XL950 smart Wi-Fi thermostat product, the ComfortLink II XL950, a modern IoT device along the lines of Google Nest, which offers a simple way to manage your apartment's or building's internal temperature. Researchers contacted Trane about their three issues in April 2014, the company fixed the RCE flaws in April 2015 and recently released a firmware update at the end of January to fix the last issue. During all this time, the company barely answered emails and continued to sell an exposed product.

Read more of this story at Slashdot.

Women Get Pull Requests Accepted More (Except When You Know They're Women)

Slashdot.org - Mër, 10/02/2016 - 9:01md
An anonymous reader writes: In the largest study of gender bias [in programming] to date, researchers found that women tend to have their pull requests accepted at a higher rate than men, across a variety of programming languages. This, despite the finding that their pull requests are larger and less likely to serve an immediate project need. At the same time, when the gender of the women is identifiable (as opposed to hidden), their pull requests are accepted less often than men's.

Read more of this story at Slashdot.

Twitter's Timeline Option Puts Important Tweets Up Top

Slashdot.org - Mër, 10/02/2016 - 8:22md
Twitter is doing its best to make sure you see the best content in your timeline (at least thats what its hoping its doing with today's announcement of a new timeline option). The new feature drops what Twitter determines are the best tweets at the top of a user's timeline. For now, this feature is optional, so users can opt-in to see this timeline. In the coming weeks, it will slowly be rolled out to all users.

Read more of this story at Slashdot.

DjangoCon 2016 To Be Held In Philadelphia In July

Slashdot.org - Mër, 10/02/2016 - 7:51md
New submitter FlipperPA writes: It has just been announced that the 2016 vintage of DjangoCon US will be held in Philadelphia at The Wharton School of the University of Pennsylvania from July 17th through 22nd. DjangoCon US is a 6-day international community conference for the community by the community, held each year in North America, about the Django web framework. From its humble beginnings in a newsroom in Lawrence, KS, Django now powers some of the better known web sites on the planet, including The Washington Post, Mozilla, Instagram, Disqus, and Pinterest. Considered by many to be the "batteries included" web framework for Python, Django continues to attract new developers across the globe.

Read more of this story at Slashdot.

Identity Thieves Obtain 100,000 Electronic Filing PINs From IRS System

Slashdot.org - Mër, 10/02/2016 - 7:30md
itwbennett writes: In January attackers targeted an IRS Web application in an attempt to obtain E-file PINs corresponding to 464,000 previously stolen social security numbers (SSNs) and other taxpayer data. The automated bot was blocked by the IRS after obtaining 100,000 PINs. The IRS said in a statement Tuesday that the SSNs were not stolen from the agency and that the agency would be notifying affected taxpayers.

Read more of this story at Slashdot.

Putin's Internet Czar Wants To Ban Windows On Government PCs

Slashdot.org - Mër, 10/02/2016 - 6:55md
SmartAboutThings writes: The Russian government is allegedly looking to ban Microsoft's Windows operating system, increase taxes on foreign technology companies, develop its homegrown OS and encourage local tech companies to grow. All these proposals comes from German Klimenko, Vladimir Putin's new 'internet czar, as Bloomberg describes him. In a 90-minute interview, Klimenko said forcing Google and Apple to pay more taxes and banning Microsoft Windows from government computers are necessary measures, as he is trying to raise taxes on U.S. companies, thus helping local Russian competitors such as Yandex and Mail.ru.

Read more of this story at Slashdot.

Microsoft Launches Windows 10 Update History Site To Share Update Release Notes

Slashdot.org - Mër, 10/02/2016 - 6:14md
Mark Wilson writes: Keeping up to date with the latest updates for Windows 10 can be something of a full time job, particularly if you're signed up to get Insider builds. To make it easier to keep track of what changes each update brings, Microsoft has launched the Windows 10 update history site.The site is in response to feedback from Windows 10 users who have been looking for an accessible way of learning about updates. The site provides details of exactly what the updates delivered through Windows Update. It is something of a work in progress at the moment, but one of the recent updates featured fixes a bug that meant browsing sessions in Microsoft Edge's InPrivate mode were not necessarily completely private.

Read more of this story at Slashdot.

Dustin Kirkland: Docker, Alpine, Ubuntu, and You

Planet UBUNTU - Mër, 10/02/2016 - 6:09md

There's no shortage of excitement, controversy, and readership, any time you can work "Docker" into a headline these days.  Perhaps a bit like "Donald Trump", but for CIO tech blogs and IT news -- a real hot button.  Hey, look, I even did it myself in the title of this post!

Sometimes an article even starts out about CoreOS, but gets diverted into a discussion about Docker, like this one, where shykes (Docker's founder and CTO) announced that Docker's default image would be moving away from Ubuntu to Alpine Linux.


I have personally been Canonical's business and technical point of contact with Docker Inc, since September of 2013, when I co-presented at an OpenStack Meetup in Austin, Texas, with Ben Golub and Nick Stinemates of Docker.  I can tell you that, along with most of the rest of the Docker community, this casual declaration in an unrelated Hacker News thread, came as a surprise to nearly all of us!

Docker's default container image is certainly Docker's decision to make.  But it would be prudent to examine at a few facts:

(1) Check DockerHub and you may notice that while Busybox (Alpine Linux) has surpassed Ubuntu in the number downloads (66M to 40M), Ubuntu is still by far the most "popular" by number of "stars" -- likes, favorites, +1's, whatever, (3.2K to 499).

(2) Ubuntu's compressed, minimal root tarball is 59 MB, which is what is downloaded over the Internet.  That's different from the 188 MB uncompressed root filesystem, which has been quoted a number of times in the press.

(3) The real magic of Docker is such that you only ever download that base image, one time!  And you only store one copy of the uncompressed root filesystem on your disk! Just once, sudo docker pull ubuntu, on your laptop at home or work, and then launch thousands of images at a coffee shop or airport lounge with its spotty wifi.  Build derivative images, FROM ubuntu, etc. and you only ever store the incremental differences.

Actually, I encourage you to test that out yourself...  I just launched a t2.micro -- Amazon's cheapest instance type with the lowest networking bandwidth.  It took 15.938s to sudo apt install docker.io.  And it took 9.230s to sudo docker pull ubuntu.  It takes less time to download Ubuntu than to install Docker!

ubuntu@ip-172-30-0-129:~⟫ time sudo apt install docker.io -y
...
real 0m15.938s
user 0m2.146s
sys 0m0.913s

As compared to...

ubuntu@ip-172-30-0-129:~⟫ time sudo docker pull ubuntu
latest: Pulling from ubuntu
f15ce52fc004: Pull complete
c4fae638e7ce: Pull complete
a4c5be5b6e59: Pull complete
8693db7e8a00: Pull complete
ubuntu:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:457b05828bdb5dcc044d93d042863fba3f2158ae249a6db5ae3934307c757c54
Status: Downloaded newer image for ubuntu:latest
real 0m9.230s
user 0m0.021s
sys 0m0.016s

Now, sure, it takes even less than that to download Alpine Linux (0.747s by my test), but again you only ever do that once!  After you have your initial image, launching Docker containers take the exact same amount of time (0.233s) and identical storage differences.  See:

ubuntu@ip-172-30-0-129:/tmp/docker⟫ time sudo docker run alpine /bin/true
real 0m0.233s
user 0m0.014s
sys 0m0.001s
ubuntu@ip-172-30-0-129:/tmp/docker⟫ time sudo docker run ubuntu /bin/true
real 0m0.234s
user 0m0.012s
sys 0m0.002s

(4) I regularly communicate sincere, warm congratulations to our friends at Docker Inc, on its continued growth.  shykes publicly mentioned the hiring of the maintainer of Alpine Linux in that Hacker News post.  As a long time Linux distro developer myself, I have tons of respect for everyone involved in building a high quality Linux distribution.  In fact, Canonical employs over 700 people, in 44 countries, working around the clock, all calendar year, to make Ubuntu the world's most popular Linux OS.  Importantly, that includes a dedicated security team that has an outstanding track record over the last 12 years, keeping Ubuntu servers, clouds, desktops, laptops, tablets, and phones up-to-date and protected against the latest security vulnerabilities.  I don't know personally Natanael, but I'm intimately aware of what a spectacular amount of work it is to maintain and secure an OS distribution, as it makes its way into enterprise and production deployments.  Good luck!

(5) There are currently 5,854 packages available via apk in Alpine Linux (sudo docker run alpine apk search -v).  There are 8,862 packages in Ubuntu Main (officially supported by Canonical), and 53,150 binary packages across all of Ubuntu Main, Universe, Restricted, and Multiverse, supported by the greater Ubuntu community.  Nearly all 50,000+ packages are updated every 6 months, on time, every time, and we release an LTS version of Ubuntu and the best of open source software in the world every 2 years.  Like clockwork.  Choice.  Velocity.  Stability.  That's what Ubuntu brings.

Docker holds a special place in the Ubuntu ecosystem, and Ubuntu has been instrumental in Docker's growth over the last 3 years.  Where we go from here, is largely up to the cross-section of our two vibrant communities.

And so I ask you honestly...what do you want to see?  How would you like to see Docker and Ubuntu operate together?

I'm Canonical's Product Manager for Ubuntu Server, I'm responsible for Canonical's relationship with Docker Inc, and I will read absolutely every comment posted below.

Cheers,
:-Dustin

p.s. I'm speaking at Container Summit in New York City today, and wrote this post from the top of the (inspiring!) One World Observatory at the World Trade Center this morning.  Please come up and talk to me, if you want to share your thoughts (at Container Summit, not the One World Observatory)!


New bipartisan bill would prevent states from weakening encryption

LinuxSecurity.com - Mër, 10/02/2016 - 11:10pd
LinuxSecurity.com: A new bill introduced by two congressmen aims to prevent local legislatures from enacting laws weakening security or banning sales of encrypted smartphones in their states.

Gmail to warn you if your friends aren't using secure e-mail

LinuxSecurity.com - Mër, 10/02/2016 - 11:09pd
LinuxSecurity.com: Google has confirmed a number of changes to Gmail with the arrival of two new features that will let you know if the people you're corresponding with aren't hip with TLS encryption.

Senator McCain Calls For End-To-End Encryption Ban In US

LinuxSecurity.com - Mër, 10/02/2016 - 11:08pd
LinuxSecurity.com: After New York and California tried to pass bills that ban phones from using disk encryption that only the device owners can decrypt, senator John McCain wants to ban all encryption that can't be decrypted by companies and the government at the federal level.

Hacker Plans to Dump Alleged Details of 20,000 FBI, 9,000 DHS Employees

LinuxSecurity.com - Mër, 10/02/2016 - 11:07pd
LinuxSecurity.com: A hacker, who wishes to remain anonymous, plans to dump the apparent names, job titles, email addresses and phone numbers of over 20,000 supposed Federal Bureau of Investigation (FBI) employees, as well as over 9,000 alleged Department of Homeland Security (DHS) employees, Motherboard has learned.

Study Finds You Can Grow Brain Cells Through Exercise

Slashdot.org - Mër, 10/02/2016 - 8:18pd
phantomfive writes: Researchers have discovered that aerobic exercise may increase neurogenesis. Based on the results, rats that were put on a treadmill grew more brain cells than rats that didn't. Resistance training seemed to have no effect. This is significant, because the neuron reserve of the hippocampus can be increased, thus preconditions for learning for humans could be improved simply through aerobic exercise.

Read more of this story at Slashdot.

French Gov't Gives Facebook 3 Months To Stop Tracking Non-User Browsers

Slashdot.org - Mër, 10/02/2016 - 5:23pd
Reader iamthecheese writes RT reports that France's National Commission of Information and Freedoms found Facebook tracking of non-user browsers to be illegal. Facebook has three months to stop doing it. The ruling points to violations of members and non-members privacy in violation of an earlier ruling. The guidance, published last October, invalidates safe harbor provisions. If Facebook fails to comply the French authority will appoint someone to decide upon a sanction. Related: A copy of the TPP leaked last year no longer requires signing countries to have a safe harbor provision.

Read more of this story at Slashdot.

Scientists Turn Paper Waste Into Aerogel

Slashdot.org - Mër, 10/02/2016 - 3:55pd
Kristine Lofgren writes: A team of scientists have successfully turned paper waste into aerogel. Aerogels are used in insulation, and they are usually made out of polymers and silica. But a research team at the National University of Singapore managed to make the highly sought-after product using recycled paper, which could have huge implications not only for the rate at which we are filling up our landfills, but also for the amount of chemicals that we are producing and releasing into the environment.

Read more of this story at Slashdot.

SourceForge Eliminates DevShare Program

Slashdot.org - Mër, 10/02/2016 - 3:01pd
SourceForge has officially eliminated its DevShare program. The DevShare program delivered installer bundles as part of the download for participating projects. We want to restore our reputation as a trusted home for open source software, and this was a clear first step towards that. We are more interested in doing the right thing than making extra short-term profit. This is just the first step in a number of improvements we will outline in the coming weeks. SourceForge and Slashdot were acquired in late January by BIZX.

Read more of this story at Slashdot.

Hearthstone Cheats and Tools Spiked With Malware

Slashdot.org - Mër, 10/02/2016 - 2:05pd
itwbennett writes: Cheating at the online card game Hearthstone (which is based on Blizzard's World of Warcraft) can get you banned from the game, but now it also puts you at risk of 'financial losses and system ruin,' writes CSO's Steve Ragan. Symantec is warning Hearthstone players about add-on tools and cheat scripts that are spiked with malware. 'In one example, Hearth Buddy, a tool that allows bots to play the game instead of a human player (which is supposed to help with rank earnings and gold earning) compromises the entire system,' says Ragan. 'Another example, are the dust and gold hacking tools (Hearthstone Hack Tool), which install malware that targets Bitcoin wallets.'

Read more of this story at Slashdot.

Simon Quigley: I have a new avatar!

Planet UBUNTU - Mër, 10/02/2016 - 1:26pd
I now have a new avatar for my Launchpad page! It is made by Rafael Laguna, and although it isn't 100% accurate compared to my actual face, he did a PHENOMENAL job at making me an avatar.

A HUGE thanks to Rafael Laguna, who was kind enough to make this for me. He also makes the Lubuntu artwork and he does a wonderful job at what he does.

Uborne Children's Books Release For Free Computer Books From the '80s

Slashdot.org - Mër, 10/02/2016 - 12:57pd
martiniturbide writes: To promote some new computer coding books for kids, Uborne Children's Books has put online 15 of its children books from the '80s to learn how to code games. The books are available for free in PDF format and has samples to create your game for Commodore 64, VIC 20, Apple, TRS 80, Spectrum and other. Maybe you read some of them like "Machine Code for Beginners" or "Write your own Adventure Program for MicroComputers." Should other publishers also start to make their 80's and 90's computer books available for free?

Read more of this story at Slashdot.

The Sexual Misconduct Case That Has Rocked Anthropology

Slashdot.org - Mër, 10/02/2016 - 12:15pd
sciencehabit writes: An investigative report in Science describes allegations of sexual misconduct against noted paleoanthropologist Brian Richmond, as well as the field's response. The story highlights a major shift in how academic communities deal with sexual misconduct, going beyond delineating rules on paper to striving to change the culture of the field at the institutional level. This shift – "a long time coming," according to many researchers – was spurred in part by recent high-profile cases in astronomy and biology. Now, as Balter notes, "paleoanthropology is responding to its own complex case." The first public allegation against Richmond, the curator of human origins at the American Museum of Natural History in New York City, inspired a cascade of other allegations about him. This in turn motivated several senior paleoanthropologists, including one of Richmond's key mentors, Bernard Wood, to explore the allegations with peers. "As I talked to more and more current and former students at [George Washington University]," Wood said, "I became more concerned and alarmed about what I heard." In light of their findings, Wood and others in the field of anthropology are now tackling sexual misconduct head-on. The article details additional institutional efforts to stop sexual misconduct in science while trying to balance the rights of victims and accused, and provides the latest update on investigations into Richmond.

Read more of this story at Slashdot.

Faqet

Subscribe to AlbLinux agreguesi - Site në gjuhë të huaj