25 Jun 2017

feedSlashdot

Why So Many Top Hackers Come From Russia

Long-time Slashdot reader tsu doh nimh writes: Brian Krebs has an interesting piece this week on one reason that so many talented hackers (malicious and benign) seem to come from Russia and the former Soviet States: It's the education, stupid. Krebs's report doesn't look at the socioeconomic reasons, but instead compares how the U.S. and Russia educate students from K-12 in subjects which lend themselves to a mastery in coding and computers -- most notably computer science. The story shows that the Russians have for the past 30 years been teaching kids about computer science and then testing them on it starting in elementary school and through high school. The piece also looks at how kids in the U.S. vs. Russia are tested on what they are supposed to have learned. Fossbytes also reports that Russia claimed the top spot in this year's Computer Programming Olympics -- their fourth win in six years -- adding that "the top 9 positions out of 14 were occupied by Russian or Chinese schools." The only two U.S. schools in the top 20 were the University of Central Florida (#13) and MIT (#20).

Share on Google+

Read more of this story at Slashdot.

25 Jun 2017 10:34pm GMT

New HyperThreading Flaw Affects Intel 6th And 7th Generation Skylake and Kaby Lake-Based Processors

MojoKid writes: A new flaw has been discovered that impacts Intel 6th and 7th Generation Skylake and Kaby Lake-based processors that support HyperThreading. The issue affects all OS types and is detailed by Intel errata documentation and points out that under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers, as well as their corresponding wider register (e.g. RAX, EAX or AX for AH), may cause unpredictable system behavior, including crashes and potential data loss. The OCaml toolchain community first began investigating processors with these malfunctions back in January and found reports stemming back to at least the first half of 2016. The OCaml team was able pinpoint the issue to Skylake's HyperThreading implementation and notified Intel. While Intel reportedly did not respond directly, it has issued some microcode fixes since then. That's not the end of the story, however, as the microcode fixes need to be implemented into BIOS/UEFI updates as well and it is not clear at this time if all major vendors have included these changes in their latest revisions.

Share on Google+

Read more of this story at Slashdot.

25 Jun 2017 9:34pm GMT

feedOSNews

32TB of Windows 10 beta builds, driver source code leaked

Seeing "Windows 10 source code leaked!" headlines or tweets? Not so fast - while there was a leak, it wasn't anything particularly interesting. The only truly interesting bit is this, as explained by Ars' Peter Bright: The leak is also described as containing a source code package named the "Shared Source Kit." This is a package of source code for things like the USB, storage, and Wi-Fi stacks, and the Plug-and-Play system. It isn't the core operating system code (part of which leaked in 2004) but rather contains those parts of the driver stack that third parties have to interact most intimately with. Microsoft routinely gives access to the source code of a wide variety of parts of Windows to academic institutions, certain enterprise customers, and, of course, hardware makers - which is what the above mentioned source code package refers to. While interesting, it seems unlikely this leak is of any significance to anyone.

25 Jun 2017 8:35pm GMT

feedSlashdot

Anthem To Pay $115 Million In The Largest Data Breach Settlement Ever

An anonymous reader quotes CNET: Anthem, the largest health insurance company in the U.S., has agreed to settle a class action lawsuit over a 2015 data breach for a record $115 million, according to lawyers for the plaintiffs. The settlement still has to be approved by US District Court Judge Lucy Koh, who is scheduled to hear the case on August 17 in San Jose, California. And Anthem, which didn't immediately respond to a request for confirmation and comment, isn't admitting any admitting any wrongdoing, according to a statement it made to CyberScoop acknowledging the settlement. But if approved, it would be the largest data breach settlement in history, according to the plaintiffs' lawyers, who announced the agreement Friday. The funds would be used to provide victims of the data breach at least two years of credit monitoring and to reimburse customers for breach-related expenses. The settlement would also guarantee a certain level of funding for "information security to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls," the plaintiff attorneys said. The breach compromised data for 80 million people, including their social security numbers, birthdays, street addresses (and email addresses) as well as income data. The $115 million settlement averages out to $1.43 for every person who was affected.

Share on Google+

Read more of this story at Slashdot.

25 Jun 2017 8:34pm GMT

feedOSNews

Google to stop scanning e-mail for ads

Google is stopping one of the most controversial advertising formats: ads inside Gmail that scan users' email contents. The decision didn't come from Google's ad team, but from its cloud unit, which is angling to sign up more corporate customers. Alphabet Inc.'s Google Cloud sells a package of office software, called G Suite, that competes with market leader Microsoft Corp. Paying Gmail users never received the email-scanning ads like the free version of the program, but some business customers were confused by the distinction and its privacy implications, said Diane Greene, Google's senior vice president of cloud. "What we're going to do is make it unambiguous," she said. Good move, and in the current climate, Google really couldn't continue this practice - automated algorithms or no.

25 Jun 2017 8:27pm GMT

Jolla's summer 2017 update

Jolla's CEO Sami Pienimäki: We have positive progress and major future business potential with Sailfish openings e.g. in China and Russia. While these projects are big and take time, they're developing steadily and we expect them to grow into sizable businesses for us overtime. These two are now our key customers but the projects are in early phase and our revenues are tight. At the same time realizing this opportunity requires significant R&D investments from our licensing customers and Jolla. Meanwhile, as Russia and China are progressing, we also have good traction with other new potential licensing customers in different regions. Good discussions are ongoing, and we’re waiting eagerly to get to share those with you. And yes, they're still going to at some point maybe possibly start the refunding process for the tablet. My Jolla Tablet spent about 5 minutes outside of the box, since there's not much you can actually do with it.

25 Jun 2017 8:21pm GMT

feedArs Technica

Australia advocates weakening strong crypto at upcoming “Five Eyes” meeting

Oz AG to discuss "ongoing challenges posed by terrorists and criminals using encryption."

25 Jun 2017 5:15pm GMT

Coming out as a Slytherin

Fantasy author Cecilia Tan thought she was a Ravenclaw-then she had to face facts.

25 Jun 2017 4:31pm GMT

SpaceX successfully launches its second rocket in three days [Updated]

The instantaneous launch window opens at 4:24pm ET.

25 Jun 2017 3:29pm GMT

10 Jan 2017

feedEcoGeek

The Surprising Green Lining at 2017 NAIAS

For an EcoGeek, there were many surprises at the 2017 edition of the North American International Auto Show (NAIAS). We've been watching the emphasis on green cars decline for a number of years. Some of that is in the mainstreaming of more efficient vehicles, with increased fuel efficiency standards, greater numbers of hybrid vehicles, and […]

10 Jan 2017 2:42pm GMT

19 Oct 2016

feedThe Register - Software: Operating Systems

Who killed Cyanogen?

Well, it's hanging on in there, but why didn't it conquer the world?

Analysis Does European Commissioner for Competition Margrethe Vestager's team pay close attention to the tech news? If not, perhaps they should.…

19 Oct 2016 10:24am GMT

17 Oct 2016

feedThe Register - Software: Operating Systems

Bits of Google's dead Project Ara modular mobe live on in Linux 4.9

Linus Torvalds teaches devs a lesson with early rc1 release

Google may have killed off its modular smartphone Project Ara idea, but some of the code that would have made it happen looks like coming to the Linux Kernel.…

17 Oct 2016 6:58am GMT

BART barfs, racers crash, and other classic BSODs

Your weekly Windows entertainment large and small

This week's worldwide BSOD roundup starts with what looks to your writer like a virtualisation launch bug. Submitter Alexander tells us it came from Peterborough Station, in Cambridgeshire.…

17 Oct 2016 6:28am GMT

31 Mar 2016

feedEcoGeek

Flow Batteries for Household Power Storage

Residential power storage options are starting to get more competitive with a flow battery being introduced to the market in Australia. Flow batteries have been something we've looked at for grid-scale storage, and the research into the technology has been making advances. But it has been primarily a utility-scale technology. However, the technology has been […]

31 Mar 2016 5:45pm GMT

08 Mar 2016

feedEcoGeek

Hybrid Airship Being Readied for Flight

The "world's largest aircraft," the Airlander 10, is being readied for flights to begin later this year. The Airlander 10 is a massive hybrid aircraft that combines helium lift, aerodynamic lift, and direct thrust for flight. As we've noted before, we are big fans of airships (and even if there are tradeoffs in time and […]

08 Mar 2016 7:10pm GMT

10 Nov 2011

feedLifehacker

Today’s Lifehacker Workout: The Deck of Cards [Video]

Click here to read Today’s Lifehacker Workout: The Deck of Cards

It's Wednesday, which means another Deck of Cards workout, the fun yet challenging segment of our group exercise program, The Lifehacker Workout. More »


10 Nov 2011 1:15am GMT

iPad Home Screens, Remote Troubleshooting, and Gmail Tasks [From The Tips Box]

Click here to read iPad Home Screens, Remote Troubleshooting, and Gmail Tasks

Readers offer their best tips for previewing your iPad home screen from another app, troubleshooting your friends and family's computers from far away, and accessing Google Tasks in the new Gmail layout. More »


10 Nov 2011 1:00am GMT

Facebook Brings Back the Old "Most Recent" News Feed Option (But It's Kind of Hidden) [Updates]

Click here to read Facebook Brings Back the Old "Most Recent" News Feed Option (But It's Kind of Hidden)

Facebook recently changed its layout, no longer allowing you to choose between "top stories" and "most recent" stories. Due to user outcry, however, they announced today that they'll be changing it back, though you might not notice it at first. Here's how it works. More »


10 Nov 2011 12:30am GMT

06 Nov 2011

feedPlanet Arch Linux

Tyrs a Microblogging Client based on Ncurses

Tyrs is a microblogging client, supporting Twitter and Status.net (identi.ca), it's based on console using the NCurses module from Python. The release of the 0.5.0 version is a good excuse to introduce Tyrs. Tyrs aims to get a good interaction with a fairly intuitive interface that can provide support ncurses. Tyrs tries also not to [...]

06 Nov 2011 9:43pm GMT

05 Nov 2011

feedPlanet Arch Linux

Pulling strings

After one year of managing a network of 10 servers with Cfengine I'm currently building two clusters of 50 servers with Puppet (which I'm using for the first time), and have various notes to share. With my experience I had a feeling Cfengine just isn't right for this project, and didn't consider it seriously. These servers are all running Debian GNU/Linux and Puppet felt natural because of the good Debian integration, and the number of users whom also produced a lot of resources. Chef was out of the picture soon because of the scary architecture; CouchDB, Solr and RabbitMQ... coming from Cfengine this seemed like a bad joke. You probably need to hire a Ruby developer when it breaks. Puppet is somewhat better in this regard.

Puppet master needs Ruby, and has a built-in file server using WEBrick. My first disappointment with Puppet was WEBrick. Though PuppetLabs claim you can scale it up to 20 servers, that proved way off, the built-in server has problems serving as little as 5 agents/servers, and you get to see many dropped connections and failed catalog transfers. I was forced to switch to Mongrel and Nginx as frontend very early in the project, on both clusters. This method works much better (even though Apache+Passenger is the recommended method now from PuppetLabs), and it's not a huge complication compared to WEBrick (and Cfengine which doesn't make you jump through any hoops). Part of the reason for this failure is my pull interval, which is 5 minutes with a random sleep time of up to 3 minutes to avoid harmonics (which is still a high occurrence with these intervals and WEBrick fails miserably). In production a customer can not wait on 30/45 minute pull intervals to get his IP address whitelisted for a service, or some other mundane task, it must happen within 10 minutes... but I'll come to these kind of unrealistic ideas a little later.

Unlike the Cfengine article I have no bootstrapping notes, and no code/modules to share. By default the fresh started puppet agent will look for a host called "puppet" and pull in what ever you defined to bootstrap servers in your manifests. As for modules, I wrote a ton of code and though I'd like to share it, my employer owns it. But unlike Cfengine v3 there's a lot of resources out there for Puppet which can teach you everything you need to know, so I don't feel obligated to even ask.

Interesting enough, published modules would not help you get your job done. You will have to write your own, and your team members will have to learn how to use your modules, which also means writing a lot of documentation. Maybe my biggest disappointment is getting disillusioned by most Puppet advocates and DevOps prophets. I found articles and modules most of them write, and experiences they share have nothing to do with the real world. It's like they host servers in a magical land where everything is done in one way and all servers are identical. Hosting big websites and their apps is a much, much different affair.

Every customer does things differently, and I had to write custom modules for each of them. Just between these two clusters a module managing Apache is different, and you can abstract your code a lot but you reach a point where you simply can't push it any more. Or if you can, you create a mess that is unusable by your team members, and I'm trying to make their jobs better not make them miserable. One customer uses an Isilon NAS, the other has a content distribution network, one uses Nginx as a frontend, other has chrooted web servers, one writes logs to a NFS, other to a Syslog cluster... Now imagine this on a scale with 2,000 customers and 3 times the servers and most of the published infrastructure design guidelines become laughable. Instead you find your self implementing custom solutions, and inventing your own rules, best that you can...

I'm ultimately here to tell you that the projects are in a better state then they would be with the usual cluster management policy. My best moment was an e-mail from a team member saying "I read the code, I now understand it [Puppet]. This is fucking awesome!". I knew at that moment I managed to build something good (or good enough), despite the shortcomings I found, and with nothing more than using PuppetLabs resources. Actually, that is not completely honest. Because I did buy and read the book Pro Puppet which contains an excellent chapter on using Git for collaboration on modules between sysadmins and developers, with proper implementation of development, testing and production (Puppet)environments.

05 Nov 2011 11:17pm GMT

Jshon

Creating json is now ten times easier.

05 Nov 2011 3:10am GMT

01 Jan 2009

feedLinux.com :: Features

A new year, a new Linux.com

Many of you have commented that our NewsVac section hasn't been refreshed since the middle of last month. Others have noticed that our story volume has dropped off. Changes are coming to Linux.com, and until they arrive, you won't see any new stories on the site.

01 Jan 2009 2:00pm GMT

31 Dec 2008

feedLinux.com :: Features

Android-powered G1 phone is an enticing platform for app developers

The free and open source software community has been waiting for the G1 cell phone since it was first announced in July. Source code for Google's Android mobile platform has been available, but the G1 marks its commercial debut. It's clearly a good device, but is it what Linux boosters and FOSS advocates have long been anticipating?

31 Dec 2008 2:00pm GMT

30 Dec 2008

feedLinux.com :: Features

Municipalities open their GIS systems to citizens

Many public administrations already use open source Geographic Information Systems (GIS) to let citizens look at public geographic data trough dedicated Web sites. Others use the same software to partially open the data gathering process: they let citizens directly add geographic information to the official, high-quality GIS databases by drawing or clicking on digital maps.

30 Dec 2008 2:00pm GMT