23 Sep 2017

feedSlashdot

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs

An anonymous reader writes from a report via Bleeping Computer: The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding most bugs in Apple's Safari. Results showed that Safari had by far the worst DOM engine, with 17 new bugs discovered after Fratric's test. Second was Edge with 6, then IE and Firefox with 4, and last was Chrome with only 2 new issues. The tests were carried out with a new fuzzing tool created by Google engineers named Domato, also open-sourced on GitHub. This is the third fuzzing tool Google creates and releases into open-source after OSS-Fuzz and syzkaller. Researchers focused on testing DOM engines for vulnerabilities because they expect them to be the next target for browser exploitation after Flash reaches end-of-life in 2020.

Share on Google+

Read more of this story at Slashdot.

23 Sep 2017 12:05am GMT

22 Sep 2017

feedSlashdot

Verizon Backtracks Slightly In Plan To Kick Customers Off Network

An anonymous reader quotes a report from Ars Technica: Verizon Wireless is giving a reprieve to some rural customers who are scheduled to be booted off their service plans, but only in cases when customers have no other options for cellular service. Verizon recently notified 8,500 customers in 13 states that they will be disconnected on October 17 because they used roaming data on another network. But these customers weren't doing anything wrong -- they are being served by rural networks that were set up for the purpose of extending Verizon's reach into rural areas. Today, Verizon said it is extending the deadline to switch providers to December 1. The company is also letting some customers stay on the network -- although they must switch to a new service plan. "If there is no alternative provider in your area, you can switch to the S (2GB), M (4GB), 5GB single-line, or L (8GB) Verizon plan, but you must do so by December 1," Verizon said in a statement released today. These plans range from $35 to $70 a month, plus $20 "line fees" for each line. The 8,500 customers who received disconnection letters have a total of 19,000 lines. Verizon sells unlimited plans in most of the country but said only those limited options would be available to these customers. Verizon also reiterated its promise that first responders will be able to keep their Verizon service even though some public safety officials received disconnection notices. "We have become aware of a very small number of affected customers who may be using their personal phones in their roles as first responders and another small group who may not have another option for wireless service," Verizon said. "After listening to these folks, we are committed to resolving these issues in the best interest of the customers and their communities. We're committed to ensuring first responders in these areas keep their Verizon service."

Share on Google+

Read more of this story at Slashdot.

22 Sep 2017 11:20pm GMT

Walmart Wants To Deliver Groceries Straight To Your Fridge

New submitter Rick Schumann writes: Walmart has a new marketing idea: "Going to the store? No one has time for that anymore," Walmart says. They want to partner with a company called August Home, who makes smart locks, so a delivery service can literally deliver groceries right into your refrigerator -- while you watch remotely on your phone. Great, time-saving idea, or super-creepy invasion of your privacy? You decide. Here's how the company says it would work: 1. Place an order on Walmart.com for groceries or other goods. 2. A driver for Deliv -- a same-day delivery service -- retrieves items when the order is ready, and brings them to the customer's home. 3. If no one answers, the delivery person can use a one-time passcode that's been pre-authorized by the customer to open the home's smart lock. 4. The customer receives a smartphone notification when the delivery is occurring, and can choose to watch it all play out in real-time on home security cameras through a dedicated app. 5. Delivery person leaves packages in the foyer, then brings the groceries to the kitchen, unloads them into the fridge, and leaves. 6. Customer receives notification that the door has locked behind them.

Share on Google+

Read more of this story at Slashdot.

22 Sep 2017 10:40pm GMT

feedArs Technica

Shareholders force Zuckerberg to give up plan for non-voting shares

The plan would have further cemented Zuck's total control over Facebook.

22 Sep 2017 9:29pm GMT

In spectacular fail, Adobe security team posts private PGP key on blog

Since deleted, post gave public and private key for Adobe incident response team.

22 Sep 2017 8:37pm GMT

7Up gets a new ingredient in Mexico—meth

Seven people have been sickened so far, and one person died.

22 Sep 2017 8:16pm GMT

21 Sep 2017

feedOSNews

Dive into the details of iOS 11: is Apple still detail-oriented?

The unfinished feeling in iOS 11 mostly comes from UI and animation. UI elements in iOS are quite inconsistent, mixing a variety of UI elements, which might look quite similar but introduce a disconnected feeling for UX. The inconsistency of those elements majorly stems from those UI element updated in iOS 11, such as Large Title and new Search Bar. In my opinion, those newly introduced elements, which might be unfamiliar and new even to Apple engineers, have caused many inconsistent UI experience in iOS 11. Many of you will look at this and consider it a bunch of whiny nonsense, but the problem with Apple being lax on details is that it turns into a case of monkey see, monkey do. Third party developers will become lax as well, leading to an overall degradation of UI quality and consistency. This is the last thing iOS, which has never exactly been a visually consistent operating system to begin with, needs. People go nuts because the ports on the bottom of a Samsung phone - which you effectively never look at - aren't aligned, yet, ever since iOS 7, Apple has basically been winging its iOS UI design and polish. Something about grading on a curve.

21 Sep 2017 10:59am GMT

Google buys large part of HTC's smartphone team

Rick Osterloh, Google's senior vice president of hardware, writes: About a year and a half ago, I joined Google to pursue my dream job to create compelling hardware products, built with Google's smarts at their core. As a first step, we brought together various consumer hardware-related efforts and established a single hardware organization within the company. Our team's goal is to offer the best Google experience - across hardware, software and services - to people around the world. Last fall, we introduced our first family of Made by Google products, including Pixel smartphones, Google Home, Google Wifi, Daydream View and Chromecast Ultra, and we're preparing to unveil our second generation of products on October 4. We're excited about the 2017 lineup, but even more inspired by what's in store over the next five, 10, even 20 years. Creating beautiful products that people rely on every single day is a journey, and we are investing for the long run. That's why we've signed an agreement with HTC, a leader in consumer electronics, that will fuel even more product innovation in the years ahead. With this agreement, a team of HTC talent will join Google as part of the hardware organization. These future fellow Googlers are amazing folks we've already been working with closely on the Pixel smartphone line, and we're excited to see what we can do together as one team. The deal also includes a non-exclusive license for HTC intellectual property. This may elicit some flashbacks to Google buying Motorola, but said purchase was more about patents than it was about the company's hardware business - and even after selling Motorola, it turned out this was actually a pretty good deal. Google's sale of Motorola supposedly was part of a series of deals with Samsung, which included a patent-sharing agreement and Samsung promising to stick closer to stock Android. It seems like Google is feeling more confident now, and is willing to risk agitating Samsung by investing in their own hardware capabilities.

21 Sep 2017 10:59am GMT

20 Sep 2017

feedOSNews

Redox 0.3.3 released

Redox 0.3.3 has been released. Redox is an operating system written in Rust. This release brings much lower memory usage with ISO - 480 MB instead of 1300 MB. There are also other bug fixes, features, and improvements.

20 Sep 2017 12:23pm GMT

19 Oct 2016

feedThe Register - Software: Operating Systems

Who killed Cyanogen?

Well, it's hanging on in there, but why didn't it conquer the world?

Analysis Does European Commissioner for Competition Margrethe Vestager's team pay close attention to the tech news? If not, perhaps they should.…

19 Oct 2016 10:24am GMT

17 Oct 2016

feedThe Register - Software: Operating Systems

Bits of Google's dead Project Ara modular mobe live on in Linux 4.9

Linus Torvalds teaches devs a lesson with early rc1 release

Google may have killed off its modular smartphone Project Ara idea, but some of the code that would have made it happen looks like coming to the Linux Kernel.…

17 Oct 2016 6:58am GMT

BART barfs, racers crash, and other classic BSODs

Your weekly Windows entertainment large and small

This week's worldwide BSOD roundup starts with what looks to your writer like a virtualisation launch bug. Submitter Alexander tells us it came from Peterborough Station, in Cambridgeshire.…

17 Oct 2016 6:28am GMT

21 May 2016

feedBacarospo – Jetzt live Geld verdienen

Etoro – Social Trading geht doch?!

Die Copy Trader ist die einfache und innovative Art und Weise , Geld online mit Forex Trading zu verdienen. Es ist ein gültiges und weithin bewährte System , gefolgt von vielen kleinen Investoren auf der ganzen Welt. Leider ist in Italien, sind sie so gut wie unbekannt diese Spiegel Handelssysteme oder Programme, mit denen Sie […]

21 May 2016 4:05pm GMT

28 Jun 2015

feedPlanet Sun

PicoChess 0.43 released

This is just a short hint for all fans of chess programs. PicoChess 0.43 has been released. Announced by J. Precour from ascent ag. If you are interested in chess and picochess, please visit PicoChess by LocutusOfPenguin. Home of a dedicated chess computer based on tiny ARM computers in conjunction with the DGT e-board. Go […]

28 Jun 2015 11:02pm GMT

20 May 2012

feedPlanet Sun

Annular Solar Eclipse on Sunday, May 20th 2012

On Sunday, May 20th 2012, people in a narrow strip from Japan to the western United States will be able to see an annular solar eclipse, the first in 18 years. The moon will cover as much as 94% of the sun. An Annular Solar Eclipse is different from a Total Solar Eclipse, when the […]

20 May 2012 9:51pm GMT

10 Nov 2011

feedLifehacker

Today’s Lifehacker Workout: The Deck of Cards [Video]

Click here to read Today’s Lifehacker Workout: The Deck of Cards

It's Wednesday, which means another Deck of Cards workout, the fun yet challenging segment of our group exercise program, The Lifehacker Workout. More »


10 Nov 2011 1:15am GMT

iPad Home Screens, Remote Troubleshooting, and Gmail Tasks [From The Tips Box]

Click here to read iPad Home Screens, Remote Troubleshooting, and Gmail Tasks

Readers offer their best tips for previewing your iPad home screen from another app, troubleshooting your friends and family's computers from far away, and accessing Google Tasks in the new Gmail layout. More »


10 Nov 2011 1:00am GMT

Facebook Brings Back the Old "Most Recent" News Feed Option (But It's Kind of Hidden) [Updates]

Click here to read Facebook Brings Back the Old "Most Recent" News Feed Option (But It's Kind of Hidden)

Facebook recently changed its layout, no longer allowing you to choose between "top stories" and "most recent" stories. Due to user outcry, however, they announced today that they'll be changing it back, though you might not notice it at first. Here's how it works. More »


10 Nov 2011 12:30am GMT

09 Nov 2011

feedIGN PC

2 Million Leave World of Warcraft

In the last year the number of World of Warcraft subscribers has fallen in the from 12 million to 10.3 million...

09 Nov 2011 11:55am GMT

AC: Revelations First-Person Missions

Assassin's Creed: Revelations will have first-person missions...

09 Nov 2011 10:58am GMT

An Experience Loophole in Battlefield 3

Via YouTube user DarkSydeGeoff, we came across a Battlefield 3 exploit that allows friends to boost enormous amounts of experience in hardcore matches...

09 Nov 2011 1:43am GMT

06 Nov 2011

feedPlanet Arch Linux

Tyrs a Microblogging Client based on Ncurses

Tyrs is a microblogging client, supporting Twitter and Status.net (identi.ca), it's based on console using the NCurses module from Python. The release of the 0.5.0 version is a good excuse to introduce Tyrs. Tyrs aims to get a good interaction with a fairly intuitive interface that can provide support ncurses. Tyrs tries also not to [...]

06 Nov 2011 9:43pm GMT

05 Nov 2011

feedPlanet Arch Linux

Pulling strings

After one year of managing a network of 10 servers with Cfengine I'm currently building two clusters of 50 servers with Puppet (which I'm using for the first time), and have various notes to share. With my experience I had a feeling Cfengine just isn't right for this project, and didn't consider it seriously. These servers are all running Debian GNU/Linux and Puppet felt natural because of the good Debian integration, and the number of users whom also produced a lot of resources. Chef was out of the picture soon because of the scary architecture; CouchDB, Solr and RabbitMQ... coming from Cfengine this seemed like a bad joke. You probably need to hire a Ruby developer when it breaks. Puppet is somewhat better in this regard.

Puppet master needs Ruby, and has a built-in file server using WEBrick. My first disappointment with Puppet was WEBrick. Though PuppetLabs claim you can scale it up to 20 servers, that proved way off, the built-in server has problems serving as little as 5 agents/servers, and you get to see many dropped connections and failed catalog transfers. I was forced to switch to Mongrel and Nginx as frontend very early in the project, on both clusters. This method works much better (even though Apache+Passenger is the recommended method now from PuppetLabs), and it's not a huge complication compared to WEBrick (and Cfengine which doesn't make you jump through any hoops). Part of the reason for this failure is my pull interval, which is 5 minutes with a random sleep time of up to 3 minutes to avoid harmonics (which is still a high occurrence with these intervals and WEBrick fails miserably). In production a customer can not wait on 30/45 minute pull intervals to get his IP address whitelisted for a service, or some other mundane task, it must happen within 10 minutes... but I'll come to these kind of unrealistic ideas a little later.

Unlike the Cfengine article I have no bootstrapping notes, and no code/modules to share. By default the fresh started puppet agent will look for a host called "puppet" and pull in what ever you defined to bootstrap servers in your manifests. As for modules, I wrote a ton of code and though I'd like to share it, my employer owns it. But unlike Cfengine v3 there's a lot of resources out there for Puppet which can teach you everything you need to know, so I don't feel obligated to even ask.

Interesting enough, published modules would not help you get your job done. You will have to write your own, and your team members will have to learn how to use your modules, which also means writing a lot of documentation. Maybe my biggest disappointment is getting disillusioned by most Puppet advocates and DevOps prophets. I found articles and modules most of them write, and experiences they share have nothing to do with the real world. It's like they host servers in a magical land where everything is done in one way and all servers are identical. Hosting big websites and their apps is a much, much different affair.

Every customer does things differently, and I had to write custom modules for each of them. Just between these two clusters a module managing Apache is different, and you can abstract your code a lot but you reach a point where you simply can't push it any more. Or if you can, you create a mess that is unusable by your team members, and I'm trying to make their jobs better not make them miserable. One customer uses an Isilon NAS, the other has a content distribution network, one uses Nginx as a frontend, other has chrooted web servers, one writes logs to a NFS, other to a Syslog cluster... Now imagine this on a scale with 2,000 customers and 3 times the servers and most of the published infrastructure design guidelines become laughable. Instead you find your self implementing custom solutions, and inventing your own rules, best that you can...

I'm ultimately here to tell you that the projects are in a better state then they would be with the usual cluster management policy. My best moment was an e-mail from a team member saying "I read the code, I now understand it [Puppet]. This is fucking awesome!". I knew at that moment I managed to build something good (or good enough), despite the shortcomings I found, and with nothing more than using PuppetLabs resources. Actually, that is not completely honest. Because I did buy and read the book Pro Puppet which contains an excellent chapter on using Git for collaboration on modules between sysadmins and developers, with proper implementation of development, testing and production (Puppet)environments.

05 Nov 2011 11:17pm GMT

Jshon

Creating json is now ten times easier.

05 Nov 2011 3:10am GMT

13 May 2011

feedPlanet Sun

The story behind Planet Sun

Some words about history of Planet Sun. For round about six years Planet Sun has been an aggregation of public weblogs written by employees of Sun Microsystems. Though it never was a product or publication of Sun Microsystems itself. The website was powered by Planet and run by David Edmondson. On 01 Mar 2010 David […]

13 May 2011 12:36am GMT