netbuzz writes: While antivirus software pioneer John McAfee is in the media spotlight for his long-shot Libertarian presidential run, law enforcement authorities in Belize and the FBI have just this week reportedly questioned one of his ex-girlfriends as they continue to investigate the 2012 murder of McAfee's American neighbor. That probe prompted McAfee to flee Belize and eventually land back in the United States. McAfee has steadfastly denied any involvement in the murder.
destinyland writes: LinkedIn is open sourcing their testing frameworks, and sharing details of their revamped development process after their latest app required a year and over 250 engineers. Their new paradigm? "Release three times per day, with no more than three hours between when code is committed and when that code is available to members," according to a senior engineer on LinkedIn's blog. This requires a three-hour pipeline where everything is automated, from committing code to releasing it into production, along with automated analyses and testing. "Holding ourselves to this constraint ensures we won't revert to using manual validation to certify our releases."
jones_supa writes: Software developer Pavlo Rudyi has written a blog post about his experiences with the various desktop environments currently supporting Wayland. The results are not a big surprise, but nevertheless it is great to see the continued interest in Wayland and the ongoing work by many different parties in ensuring that Wayland will eventually be able to dominate the Linux desktop. To summarize, Pavlo found Weston to be "good," GNOME is "perfect," KDE is "bad," and Enlightenment is "good." He also created a video from his testing. Have you done any testing? What's your experience?
darthcamaro writes: For the last decade, the Pwn2own hacking competition has pitted the world's best hackers against web browsers to try and find zero-day vulnerabilities in a live event. The contest, which is sponsored by HPE and TrendMicro this year, is offering over half a million dollars in prize money, but for the first time, not a penny of that will directed to Mozilla Firefox. While Microsoft Edge, Google Chrome and Apple Safari are targets, Firefox isn't because it's apparently too easy and not keeping up with modern security: "'We wanted to focus on the browsers that have made serious security improvements in the last year,' Brian Gorenc, manager of Vulnerability Research at HPE said."
Andy Nicholls has been an R programmer and consultant for Mango Solutions since 2011 (where he currently manages the R consultancy team), after a long stint as a statistician in the pharmaceutical industry. He has a serious background in mathematics, too, with a Masters in math and another in Statistics with Applications in Medicine. Andy has taught more than 50 on-site R training courses and has been involved in the development of more than 30 R packages; he's also a regular contributor to events at LondonR, the largest R user group in the UK. But since not everyone can get to London for a user group meeting, you can get some of the insights he's gained as an R expert in Sams Teach Yourself R In 24 Hours (available in print or at Safari), of which he is the lead author. Today, though, you can ask Andy about the much-lauded statistics-oriented free software (GPL) language directly -- Why to use it, how to get started, how to get things done, and where those intriguing release names come from. (The about page is helpful, too.) As usual, please ask as many questions as you'd like, but one question at a time, please.
itwbennett writes: Cisco has published an advisory for a vulnerability with a CVSS (Common Vulnerability Scoring System) score of 10 that was discovered by researchers from Exodus Intelligence. According to the advisory, 'a vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.' As CSO's Dave Lewis points out, 'the part of this that is most pressing is that Cisco claims that there are over a million of these deployed.'
And attackers have not been sitting on their thumbs.
And attackers have not been sitting on their thumbs.
prisoninmate writes: After being in development for the last three months or so, LibreOffice 5.1 comes today to a desktop environment near you with some of the most attractive features you've ever seen in an open-source office suite software product, no matter the operating system used. The release highlights of LibreOffice 5.1 include a redesigned user interface for improved ease of use, better interoperability with OOXML files, support for reading and writing files on cloud servers, enhanced support for the ODF 1.2 file format, as well as additional Spreadsheet functions and features. Yesterday, even with the previous version, I was able to successfully use a moderately complex docx template without a hitch — the kind of thing that would have been a pipe-dream not too long ago.
Press2ToContinue writes: Forging a bold step in the right direction, Stack Overflow announced today that they don't care if you use an ad blocker when you visit their site. "The truth is: we don't care if our users use ad blockers on Stack Overflow. More accurately: we hope that they won't, but we understand that some people just don't like ads. Our belief is that if someone doesn't like them, and they won't click on them, any impressions served to them will only annoy them-- plus, serving ads to people who won't click on them harms campaign performance. ... Publishers can't win by forcing ads — especially low-quality ads — in people's faces. Think scantily-clad women selling flight deals, weight-loss supplement promos or wacky waving inflatable arm-flailing tube-men promoting car dealerships." It's possible that this declaration by SO might help to clarify to advertisers that it is the overabundance of low quality ads that practically force the public to seek out ad blockers. But seriously, what is the likelihood of that?
SourceForge has officially eliminated its DevShare program. The DevShare program delivered installer bundles as part of the download for participating projects. We want to restore our reputation as a trusted home for open source software, and this was a clear first step towards that. We are more interested in doing the right thing than making extra short-term profit. This is just the first step in a number of improvements we will outline in the coming weeks. SourceForge and Slashdot were acquired in late January by BIZX.
martiniturbide writes: To promote some new computer coding books for kids, Uborne Children's Books has put online 15 of its children books from the '80s to learn how to code games. The books are available for free in PDF format and has samples to create your game for Commodore 64, VIC 20, Apple, TRS 80, Spectrum and other. Maybe you read some of them like "Machine Code for Beginners" or "Write your own Adventure Program for MicroComputers." Should other publishers also start to make their '80s and '90s computer books available for free?
Dave Knott writes: Amazon has both announced and released a new, free game engine, Lumberyard, which offers deep integration with its Amazon Web Services server infrastructure to empower online play, and also with Twitch, its video game-focused streaming service. Lumberyard is powerful and full-featured enough to develop triple-A current-gen console games, with mobile support is coming down the road. Its core engine technology is based on Crytek's CryEngine. However, Lumberyard represents a branch of that tech, and the company is replacing or upgrading many of CryEngine's systems. Monetization for Lumberyard will come strictly through the use of Amazon Web Services' cloud computing. If you use the engine for your game, you're permitted to roll your own server tech, but if you're using a third-party provider, it has to be Amazon. Integration of Amazon's Twitch video streaming tools at a low level also helps to cement that platform's dominance in the game streaming space. Alongside Lumberyard, the company has also announced and released GameLift, a new managed service for deploying, operating, and scaling server-based online games using AWS. GameLift will be available only to developers who use Lumberyard, though it's an optional add-on. The game engine is in beta, but is freely usable and downloadable today.
itwbennett writes: On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason: Older versions of the Java installer were vulnerable to binary planting in the Downloads folder. 'Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user's system,' said Eric Maurice, Oracle's software security assurance director, in a blog post.
snydeq writes: InfoWorld's Peter Wayner takes a look at the new services and pricing models that are making cloud computing more powerful, complex, and cheaper than it was a few short years ago. 'We get more, but using it isn't always as simple as it could be. Sure, you still end up on root on some box that's probably running Linux, but getting the right performance out of that machine is more complex,' Wayner writes. "But the real fun comes when you try to figure out how to pay for your planned cloud deployment because there are more options than ever. ... In some cases, the cost engineering can be more complex than the software engineering."
destinyland writes: Last week GitHub released a new open source tool called Scientist, a Ruby-based library they've been using in-house for several years. "It's the most terrifying moment when you flip the switch," GitHub engineer Jesse Toth told one technology reporter, who notes that the tool is targeted at developers transitioning from a legacy system. "Scientist was born when GitHub engineers needed to rewrite the permissions code — one of the most critical systems in the GitHub application." The tool measures execution duration and other metrics for both test and production code during runtime, and Toth reports that they're now also developing new versions in Node.js, C#, and .Net..
An anonymous reader writes: There's a German security researcher that is arduously testing the installers of tens of software products to see which of them are vulnerable to basic DLL hijacking. Surprisingly, many companies are ignoring his reports. Until now, only Oracle seems to have addressed this problem in Java and VirtualBox. Here's a short (probably incomplete) list of applications that he found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple iTunes. Mr. Kanthak also seems to have paid special attention to antivirus software installers. Here are some of the security products he discovered vulnerable to DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, Rapid7's ScanNowUPnP, Kaspersky, and F-Secure.
jones_supa writes: These days, the motivation to use open source software for many people is to avoid backdoors placed by intelligence organizations and to avoid software that has hidden privacy-intruding characteristics. For the operating system and userspace software, open choices are already available. The last remaining island has been the firmware included in various ROM chips in a computer. Libreboot has introduced an open BIOS, but it is not available for newer systems featuring the Intel ME or AMD PSP management features. Talos' Secure Workstation fills this need, providing a modern system with 8-core POWER8 CPU, 132 GB RAM, and open firmware. The product is currently in a pre-release phase where Raptor Engineering is trying to understand if it's possible to do a production run of the machine. If you are interested, it's worth visiting the official website. Adds an anonymous reader about the new system, which rings in at a steep $3100: "While the engineers found solace in the POWER8 architecture with being more open than AMD/Intel CPUs, they still are searching for a graphics card that is open enough to receive the FSF Respect Your Freedom certification." Update: 02/08 18:44 GMT by T : See also Linux hacker and IBM employee Stewart Smith's talk from the just-completed linux.conf.au on, in which he walks through "all of the firmware components and what they do, including the boot sequence from power being applied up to booting an operating system." Update: 02/08 23:30 GMT by T :FSF Licensing & Compliance Manager Joshua Gay wrote to correct the headline originally appeared with this story, which said that the Talos workstation described was "FSF Certified"; that claim was an error I introduced. "The FSF has not certified this hardware," says Gay, "nor is it currently reviewing the hardware for FSF certification." Sorry for the confusion.
An anonymous reader writes with Yahoo's report that the makers of Adblock Plus are "looking to reach out to advertisers and identify an 'acceptable' level and form of advertising on the net." That involves convincing advertisers to conform to the company's own guidelines for advertising, or an alternative path much disliked by some of the software's users — to pay the company to ignore ads that don't meet those guidelines. From the article: Big websites can pay a fee not to be blocked. And it is these proceeds that finance the Cologne-based company and its 49-strong workforce. While Google and Amazon have paid up, others refuse. Axel Springer, which publishers Germany's best-selling daily Bild, accuses [Adblock Plus maker] Eyeo of racketeering. "We believe Eyeo's business model is against the law," a spokesman for Springer told AFP. "Clearly, Eyeo's primary aim is to get its hands on a share of the advertising revenues." Ultimately, such practices posed a threat to the professional journalism on the web, he suggested, an argument Eyeo rejects.
An anonymous reader writes: A new backdoor trojan is making the rounds, coming equipped with features that allow it to steal files, take screengrabs, and record Skype conversations. Currently detected targeting US organizations, researchers linked it to previous malware developed by a Chinese cyber-espionage group called Admin@338. Besides recording Skype conversations, the malware can also steal Office documents, and includes a complicated installation procedure that allows it to avoid antivirus software installed on the machine.
The Financial Times reports that Google isn't going to let the VR hardware wars fall to the likes of Samsung and Oculus; instead, it's working on a (cardboard-free) VR headset of its own, to be released in conjunction with Android VR software intended not only to make Android more VR friendly in general but specifically to help developers reduce nausea-inducing lag. The report doesn't quite come out of the blue, considering that Google has shipped more than 5 million of its own Cardboard viewer already, and has several projects dealing with VR infrastructure, either directly (like Jump) or indrectly (like Project Tango). Google (or Alphabet) has proven itself a hardware behemoth, not just the "search giant" it's so often called in news stories, and of late seems to be more interested in making its footprint in hardware a bit firmer.