Businesses

LibreOffice Gets a Streamlined Makeover With 4.4 Release 119

Posted by samzenpus
from the check-it-out dept.
TechCurmudgeon sends word that LibreOffice 4.4 has been released. "The Document foundation announced availability of the latest version of LibreOffice on Thursday, which it says is the most beautiful version of the open source productivity suite yet. LibreOffice 4.4 also fixes some compatibility issues with files that are saved in Microsoft's OOXML formats. LibreOffice 4.4 has got a lot of UX and design love," Jan "Kendy" Holesovsky, who leads the design team for Libreoffice, said in a statement. LibreOffice 4.4 is currently available for Windows."
Intel

FSF-Endorsed Libreboot X200 Laptop Comes With Intel's AMT Removed 147

Posted by timothy
from the if-thine-eye-offends-thee dept.
gnujoshua (540710) writes "The Free Software Foundation has announced its endorsement of the Libreboot X200, a refurbished Lenovo ThinkPad X200 sold by Gluglug. The laptop ships with 100% free software and firmware, including the FSF's endorsed Trisquel GNU/Linux and Libreboot. One of the biggest challenges overcome in achieving FSF's Respects Your Freedom certification was the complete removal of Intel's ME and AMT firmware. The AMT is a controversial proprietary backdoor technology that allows remote access to a machine even when it is powered off. Quoting from the press release: "The ME and its extension, AMT, are serious security issues on modern Intel hardware and one of the main obstacles preventing most Intel based systems from being liberated by users. On most systems, it is extremely difficult to remove, and nearly impossible to replace. Libreboot X200 is the first system where it has actually been removed, permanently," said Gluglug Founder and CEO, Francis Rowe."
Security

Georgia Institute of Technology Researchers Bridge the Airgap 82

Posted by timothy
from the always-type-in-gibberish dept.
An anonymous reader writes Hacked has a piece about Georgia Institute of Technology researchers keylogging from a distance using the electromagnetic radiation of CPUs. They can reportedly do this from up to 6 meters away. In this video, using two Ubuntu laptops, they demonstrate that keystrokes are easily interpreted with the software they have developed. In their white paper they talk about the need for more research in this area so that hardware and software manufacturers will be able to develop more secure devices. For now, Faraday cages don't seem as crazy as they used to, or do they?
Government

Drone Maker Enforces No-Fly Zone Over DC, Hijacking Malware Demonstrated 157

Posted by samzenpus
from the fly-that-anywhere dept.
An anonymous reader writes A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. Rahul Sasi, a security engineer at Citrix R&D, created MalDrone, the first backdoor malware for the AR drone ARM Linux system to target Parrot AR Drones, but says it can be modified to target others as well. The malware can be silently installed on a drone, and be used to control the drone remotely and to conduct remote surveillance. Meanwhile, the Chinese company that created the drone that crashed on the White House grounds has announced a software update for its "Phantom" series that will prohibit flight within 25 kilometers of the capital.
Businesses

One In Five Developers Now Works On IoT Projects 246

Posted by samzenpus
from the that's-a-whole-lot-of-things dept.
dcblogs writes Evans Data Corp., which provides research and intelligence for the software development industry, said that of the estimated 19 million developers worldwide, 19% are now doing IoT-related work. A year ago, the first year IoT-specific data was collected, that figure was 17%. But when developers were asked whether they plan to work in IoT development over the next year, 44% of the respondents said they are planning to do so, said Michael Rasalan, director of research at Evans.
Books

Book Review: Designing and Building a Security Operations Center 29

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators. This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues. In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. Keep reading for the rest of Ben's review
Programming

Ask Slashdot: What Makes a Great Software Developer? 209

Posted by Soulskill
from the highlander-style-combat dept.
Nerval's Lobster writes: What does it take to become a great — or even just a good — software developer? According to developer Michael O. Church's posting on Quora (later posted on LifeHacker), it's a long list: great developers are unafraid to learn on the job, manage their careers aggressively, know the politics of software development (which he refers to as 'CS666'), avoid long days when feasible, and can tell fads from technologies that actually endure... and those are just a few of his points. Over at Salsita Software's corporate blog, meanwhile, CEO and founder Matthew Gertner boils it all down to a single point: experienced programmers and developers know when to slow down. What do you think separates the great developers from the not-so-fantastic ones?
GNU is Not Unix

Serious Network Function Vulnerability Found In Glibc 209

Posted by Soulskill
from the audits-finding-gold dept.
An anonymous reader writes: A very serious security problem has been found and patched in the GNU C Library (Glibc). A heap-based buffer overflow was found in __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to make an application call to either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the program. The vulnerability is easy to trigger as gethostbyname() can be called remotely for applications that do any kind of DNS resolving within the code. Qualys, who discovered the vulnerability (nicknamed "Ghost") during a code audit, wrote a mailing list entry with more details, including in-depth analysis and exploit vectors.
Opera

Opera Founder Is Back, WIth a Feature-Heavy, Chromium-Based Browser 158

Posted by timothy
from the sink-within-a-sink dept.
New submitter cdysthe writes Almost two years ago, the Norwegian browser firm Opera ripped out the guts of its product and adopted the more standard WebKit and Chromium technologies, essentially making it more like rivals Chrome and Safari. But it wasn't just Opera's innards that changed; the browser also became more streamlined and perhaps less geeky. Many Opera fans were deeply displeased at the loss of what they saw as key differentiating functionality. So now Jon von Tetzchner, the man who founded Opera and who would probably never have allowed those drastic feature changes, is back to serve this hard core with a new browser called Vivaldi. The project's front page links to downloads of a technical preview, available for Linux, Mac OS X, and Windows. Firefox users who likewise prefer a browser with more rather than fewer features (but otherwise want to stick with Firefox) might also consider SeaMonkey, which bundles not just a browser but email, newsgroup client and feed reader, HTML editor, IRC chat and web development tools.
Education

Brought To You By the Letter R: Microsoft Acquiring Revolution Analytics 105

Posted by timothy
from the interesting-choice-of-letter dept.
theodp writes Maybe Bill Gates' Summer Reading this year will include The Art of R Programming. Pushing further into Big Data, Microsoft on Friday announced it's buying Revolution Analytics, the top commercial provider of software and services for the open-source R programming language for statistical computing and predictive analytics. "By leveraging Revolution Analytics technology and services," blogged Microsoft's Joseph Sirosh, "we will empower enterprises, R developers and data scientists to more easily and cost effectively build applications and analytics solutions at scale." Revolution Analytics' David Smith added, "Now, Microsoft might seem like a strange bedfellow for an open-source company [RedHat:Linux as Revolution Analytics:R], but the company continues to make great strides in the open-source arena recently." Now that it has Microsoft's blessing, is it finally time for AP Statistics to switch its computational vehicle to R?
Internet Explorer

In Addition To Project Spartan, Windows 10 Will Include Internet Explorer 99

Posted by timothy
from the ultra-backwards-compatible dept.
An anonymous reader writes After unveiling its new Project Spartan browser for Windows 10, Microsoft is now offering more details. The company confirmed that Windows 10 will also include Internet Explorer for enterprise sites, though it didn't say how exactly this will work. Spartan comes with a new rendering engine, which doesn't rely on the versioned document modes the company has historically used. It also provides compatibility with the millions of existing enterprise websites specifically designed for Internet Explorer by loading the IE11 engine when needed. In this way, the browser uses the new rendering engine for modern websites and the old one for legacy purposes.
Encryption

OpenSSL 1.0.2 Released 96

Posted by timothy
from the early-days dept.
kthreadd writes The OpenSSL project has released its second feature release of the OpenSSL 1.0 series, version 1.0.2 which is ABI compatible with the 1.0.0 and 1.0.1 series. Major new features in this release include Suite B support for TLS 1.2 and DTLS 1.2 and support for DTLS 1.2. selection. Other major changes include TLS automatic EC curve selection, an API to set TLS supported signature algorithms and curves, the SSL_CONF configuration API, support for TLS Brainpool, support for ALPN and support for CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
Communications

WhatsApp vs. WhatsApp Plus Fight Gets Ugly For Users 192

Posted by timothy
from the for-your-convenience-we-have-disabled-convenience dept.
BarbaraHudson writes WhatsApp is locking out users for 24 hours who use WhatsApp Plus to access the service. The company claims they brought in the temporary ban to make users aware that they are not using the correct version and their privacy could be comprised using the unofficial WhatsApp Plus. "Starting today, we are taking aggressive action against unauthorized apps and alerting the people who use them." Is this a more aggressive rerun of "This site best viewed with Internet Explorer"?
Security

Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid? 467

Posted by Soulskill
from the what-would-you-put-on-your-grandma's-computer dept.
CryoKeen writes: I got a new laptop recently after trading in my old laptop for store credit. While I was waiting to check out, the sales guy just handed me some random antivirus software (Trend Micro) that was included with the purchase. I don't think he or I realized at the time that the CD/DVD he gave me would not work because my new laptop does not have a CD/DVD player.

Anyway, it got me wondering whether I should use it or not. Would I be better off downloading something like Avast or Malwarebytes? Is there one piece of antivirus software that's significantly better than the others? Are any of the paid options worthwhile, or should I just stick to the free versions? What security software would you recommend in addition to anti-virus?
Transportation

Local Motors Looks To Disrupt the Auto Industry With 3D-Printed Car Bodies 128

Posted by Soulskill
from the you-wouldn't-download-a-car? dept.
An anonymous reader writes: Local Motors solicits design ideas through crowdsourcing, allows anyone to use open source software to contribute ideas, and then 3D prints car bodies according to the chosen specs in a matter of days. To prove they mean business, Local Motors 3D-printed a car on the floor of the Detroit Auto Show last week. "It took 44 hours to print the Strati’s 212 layers. Once 3D printing is complete, the Strati moves to a Thermwood CNC router—a computer-controlled cutting machine that mills the finer details—before undergoing the final assembly process, which adds the drivetrain, electrical components, wiring, tires, gauges, and a showroom-ready paint job."

Here's another big difference from the current auto industry: "Customers can also bring their vehicles in at any time for hardware and software upgrades, or they can choose to melt their vehicle down and, for instance, add a seat. Because Local Motors uses a distributed manufacturing system to make only what is purchased, it doesn't stock inventory. Anyone can come into a Local Motors microfactory, use its design lab, and work on a vehicle project free of charge."
Crime

Fujitsu Psychology Tool Profiles Users At Risk of Cyberattacks 30

Posted by timothy
from the did-you-click-on-the-taboola-link? dept.
itwbennett writes Fujitsu Laboratories is developing an enterprise tool that can identify and advise people who are more vulnerable to cyberattacks, based on certain traits. For example, the researchers found that users who are more comfortable taking risks are also more susceptible to virus infections, while those who are confident of their computer knowledge were at greater risk for data leaks. Rather than being like an antivirus program, the software is more like "an action log analysis than looks into the potential risks of a user," said a spokesman for the lab. "It judges risk based on human behavior and then assigns a security countermeasure for a given user."
Security

Adobe Patches One Flash Zero Day, Another Still Unfixed 47

Posted by timothy
from the cross-platform dept.
Trailrunner7 writes Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit. The vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks. The patch for Flash comes just a day after Kafeine disclosed that some instances of the Angler exploit kit contained an exploit for a previously unknown vulnerability in the software. Adobe officials said Wednesday that they were investigating the reports. Kafeine initially saw Angler attacking the latest version of Flash in IE on Windows XP, Vista, 7 and 8, but said the exploit wasn't being used against Chrome or Firefox. On Thursday he said on Twitter that the group behind Angler had changed the code to exploit Firefox as well as fully patched IE 11 on Windows 8.1.
Blackberry

Blackberry CEO: Net Neutrality Means Mandating Cross-Platform Apps 307

Posted by timothy
from the fantasy-world-of-atlas-shrugged dept.
DW100 writes In a bizarre public blog post the CEO of BlackBerry, John Chen, has claimed that net neutrality laws should include forcing app developers to make their services available on all operating systems. Chen even goes as far as citing Apple's iMessage tool as a service that should be made available for BlackBerry, because at present the lack of an iMessage BlackBerry app is holding the firm back. Some excerpts from Chen's plea: Netflix, which has forcefully advocated carrier neutrality, has discriminated against BlackBerry customers by refusing to make its streaming movie service available to them. Many other applications providers similarly offer service only to iPhone and Android users. ... Neutrality must be mandated at the application and content layer if we truly want a free, open and non-discriminatory internet. All wireless broadband customers must have the ability to access any lawful applications and content they choose, and applications/content providers must be prohibited from discriminating based on the customer’s mobile operating system. Since "content providers" are writing code they think makes sense for one reason or another (expected returns financial or psychic), a mandate to write more code seems like a good way to re-learn why contract law frowns on specific performance.
Windows

Microsoft Reveals Windows 10 Will Be a Free Upgrade 570

Posted by samzenpus
from the try-it-free dept.
mpicpp was one of many to point out this bit of news about Windows 10."Microsoft just took another big step toward the release of Windows 10 and revealed it will be free for many current Windows users. The company unveiled the Windows 10 consumer preview on Wednesday, showcasing some of the new features in the latest version of the operating system that powers the vast majority of the world's desktop PCs. The developer preview has been available since Microsoft first announced Windows 10 in the fall, but it was buggy, limited in scope and very light on new features. Importantly, Windows 10 will be free for existing Windows users running versions of Windows back to Windows 7. That includes Windows 7, 8, 8.1 and Windows Phone. Microsoft specified it would only be free for the first year, indicating Windows would be software that users subscribe to, rather than buy outright. Microsoft Corporate Vice President of the Operating Systems Group Joe Belfiore showed off some of the new features in Windows 10. While Microsoft had already announced it would bring back the much-missed Start Menu, Belfiore revealed it would also have a full-screen mode that includes more of the Windows 8 Start screen. He said Windows machines would go back and forth between to two menus in a way that wouldn't confuse people. Belfiore also showed a new notification center for Windows, which puts a user's notifications in an Action Center menu that can appear along the right side, similar to how notifications work in Apple OS X. Microsoft Executive Vice President of Operating Systems Terry Myerson revealed that 1.7 million people had downloaded the Windows 10 developer preview, giving Microsoft over 800,000 individual piece of feedback. Myerson explained that Windows 10 has several main intents: the give users a mobility of experience from device to device, instill a sense of trust in users, and provide the most natural ways to interact with devices." More details are available directly from Microsoft.
Internet Explorer

Time For Microsoft To Open Source Internet Explorer? 165

Posted by Soulskill
from the if-you-can't-beat-'em dept.
An anonymous reader writes: Ars Technica's Peter Bright argues that it's time for Microsoft to make Internet Explorer open source. He points out that IE's major competitors are all either fully open source (Firefox), or partially open source (Chrome, Safari, and Opera), and this puts Microsoft at a huge disadvantage. Bright says, "It's time for Microsoft to fit in with the rest of the browser industry and open up Trident. One might argue that this argument could be made of any software, and that Microsoft should by this logic open source everything. But I think that the browser is special. The community that exists around Web standards does not exist in the same way around, say, desktop software development, or file system drivers, or user interfaces. Development in the open is integral to the Web in an almost unique way. ... Although Microsoft has endeavored to be more open about how it's developing its browser, and which features it is prioritizing, that development nonetheless takes place in private. Developing in the open, with a public bug tracker, source code repositories, and public discussion of the browser's future direction is the next logical step."