Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
China

China Orders App Stores To Join Register (bbc.com) 19

China's internet regulator has ordered mobile app stores to register themselves with it immediately. The Cyberspace Administration of China (CAC) said the move would help "promote the healthy and orderly development of the mobile internet." From a report on BBC: Most smartphones in the country run Android, but Google does not operate its Play Store locally, meaning users go elsewhere to add software. A report last year linked this to the spread of malware. Cheetah Mobile Security -- a Beijing-based firm -- reported that more than 1.4 million Chinese users' mobile devices had been struck by infections as of January 2016, making it the worst afflicted nation. India and Indonesia were in second and third place. This follows previous efforts to censor what appears online, including a recent demand that Apple remove the New York Times from the Chinese version of its iOS App Store. The US newspaper was the first to report the watchdog's move outside of China itself. Because of the Play store's absence, Android users in China typically go to stores operated by local tech giants including Tencent, Xiaomi, Baidu and Huawei.
Microsoft

Microsoft's Security Bulletins Will End In February (computerworld.com) 28

Remember how Microsoft switched to cumulative updates? Now Computerworld points out that that's bringing another change. An anonymous reader quotes their report: Microsoft next month will stop issuing detailed security bulletins, which for nearly 20 years have provided individual users and IT professionals information about vulnerabilities and their patches... A searchable database of support documents will replace the bulletins; that database has been available, albeit in preview, since November on the portal Microsoft dubbed the "Security Updates Guide," or SUG. The documents stored in the database are specific to a vulnerability on an edition of Windows, or a version of another Microsoft product. They can be sorted and filtered by the affected software, the patch's release date, its CVE identifier, and the numerical label of the KB, or "knowledge base" support document.
Redmond Magazine reports that Microsoft still plans to continue to issue its security advisories, and to issue "out-of-band" security update releases as necessary.
Privacy

Hackers Corrupt Data For Cloud-Based Medical Marijuana System (bostonglobe.com) 127

Long-time Slashdot reader t0qer writes: I'm the IT director at a medical marijuana dispensary. Last week the point of sales system we were using was hacked... What scares me about this breach is, I have about 30,000 patients in my database alone. If this company has 1,000 more customers like me, even half of that is still 15 million people on a list of people that "Smoke pot"...
" No patient, consumer, or client data was ever extracted or viewed," the company's data directory has said. "The forensic analysis proves that. The data was encrypted -- so it couldn't have been viewed -- and it was never extracted, so nobody has it and could attempt decryption." They're saying it was a "targeted" attack meant to corrupt the data rather than retrieve it, and they're "reconstructing historical data" from backups, though their web site adds that their backup sites were also targeted.

"In response to this attack, all client sites have been migrated to a new, more secure environment," the company's CEO announced on YouTube Saturday, adding that "Keeping our client's data secure has always been our top priority." Last week one industry publication had reported that the outage "has sent 1,000 marijuana retailers in 23 states scrambling to handle everything from sales and inventory management to regulatory compliance issues."
Open Source

Ask Slashdot: What's The Best Place To Suggest New Open Source Software? 211

dryriver writes: Somebody I know has been searching up and down the internet for an open source software that can apply GPU pixel shaders (HLSL/GLSL/Cg/SweetFX) to a video and save the result out to a video file. He came up with nothing, so I said "Why not petition the open source community to create such a tool?" His reply was "Where exactly does one go to ask for a new open source software?"

So that is my question: Where on the internet can one best go to request that a new open source software tool that does not exist yet be developed? Or do open source tools only come into existence when someone -- a coder -- starts to build a software, opens the source, and invites other coders to join the fray?

This is a good place to discuss the general logistics of new open source projects -- so leave your best answers in the comments. What's the best place to suggest new open source software?
Supercomputing

D-Wave Open Sources Its Quantum Computing Tool (gcn.com) 38

Long-time Slashdot reader haruchai writes: Canadian company D-Wave has released their qbsolv tool on GitHub to help bolster interest and familiarity with quantum computing. "qbsolv is a metaheuristic or partitioning solver that solves a potentially large QUBO problem by splitting it into pieces that are solved either on a D-Wave system or via a classical tabu solver," they write on GitHub.

This joins the QMASM macro assembler for D-Wave systems, a tool written in Python by Scott Pakin of Los Alamos National Labs. D-Wave president Bo Ewald says "D-Wave is driving the hardware forward but we need more smart people thinking about applications, and another set thinking about software tools."

Security

Student Hacker Faces 10 Years in Prison For Spyware That Hit 16,000 Computers (vice.com) 172

An anonymous reader quotes Motherboard: A 21-year-old from Virginia plead guilty on Friday to writing and selling custom spyware designed to monitor a victim's keystrokes. Zachary Shames, from Great Falls, Virginia, wrote a keylogger, malware designed to record every keystroke on a computer, and sold it to more than 3,000 people who infected more than 16,000 victims with it, according to a press release from the U.S. Department of Justice.

Shames, who appears to be a student at James Madison University, developed the first version of the spyware while he was still a high school student in 2013, "and continued to modify and market the illegal product from his college dorm room," according to the feds... While the feds only vaguely referred to it as "some malicious keylogger software," it appears the spyware was actually called "Limitless Keylogger Pro," according to evidence found by a security researcher who asked to remain anonymous... According to what appears to be Shames Linkedin page, he was an intern for the defense contractor Northrop Grumman from May 2015 until August 2016.

The Department of Justice announced that he'll be sentenced on June 16, and faces a maximum of 10 years in prison.
Privacy

Tor Onion Browser's Creator Explains Free Version For iOS (mike.tig.as) 26

The free iOS version of the Tor browser "sparked a tidal wave of interest" after its release in December, according to Silicon.co. Mickeycaskill writes: The cost has been scrapped due to developer Mike Tigas' worries that the price was limiting access to anonymous browsing for those who need it most. "Given recent events, many believe it's more important than ever to exercise and support freedom of speech, privacy rights, and digital security," Tigas wrote in a blog post. "I think now is as good a time as ever to make Onion Browser more accessible to everyone."
"I'm still a little terrified that I've made this change," Tigas adds. For four years the Tor Onion browser was available on the Apple App Store for $0.99, the lowest non-free price allowed by Apple, providing a "reliable" income to Tigas which helped him move to New York for a new job while allowing him "the economic freedom to continue working on side projects that have a positive impact in the world." Tigas also writes that "there's now a Patreon page and other ways to support the project."

Last month the Tor Project also released the first alpha version of the sandboxed Tor Browser.
Communications

Open Source Codec Encodes Voice Into Only 700 Bits Per Second (rowetel.com) 127

Longtime Slashdot reader Bruce Perens writes: David Rowe VK5DGR has been working on ultra-low-bandwidth digital voice codecs for years, and his latest quest has been to come up with a digital codec that would compete well with single-sideband modulation used by ham contesters to score the longest-distance communications using HF radio. A new codec records clear, but not hi-fi, voice in 700 bits per second -- that's 88 bytes per second. Connected to an already-existing Open Source digital modem, it might beat SSB. Obviously there are other uses for recording voice at ultra-low-bandwidth. Many smartphones could record your voice for your entire life using their existing storage. A single IP packet could carry 15 seconds of speech. Ultra-low-bandwidth codecs don't help conventional VoIP, though. The payload size for low-latency voice is only a few bytes, and the packet overhead will be at least 10 times that size.
Facebook

Facebook No Longer Clearly Labels Edited Posts (mashable.com) 52

An anonymous reader quotes a report from Mashable: Have you ever made a cringeworthy mistake in a Facebook post? Don't lie, the answer is yes. If you have a sense of shame, Facebook at least allows you to go back and correct your gaffe by editing the post, a feature that certain other social media networks still haven't added. But evidence of your slip-up lived on with the tiny "Edited" label on the bottom of the post, signaling to your followers that you cared just enough to correct yourself on the internet. Sad. Apparently, however, that's no longer the case. It seems that Facebook has removed the on-post edited label, making it much more difficult to know when someone actually took the time to fix their mistake. In order to actually know whether or not your eyes were playing tricks on you when a friend's rant no longer has 15 spelling errors the second time you see it, you'll need to do some digging. Here's how the new editing looks, courtesy of my colleague Raymond Wong and his doubts about how cool the upcoming Nintendo Switch actually is. I noticed that he added a comment about the Switch, so I checked out the post information, via the drop-down menu. To see what happened, I have to view the edit history. When I look at his edit history, I can see all the changes that were made. In most cases, this type of editing isn't a big deal, but the move to hide post edit labels takes away one of the few features that provided any transparency for our online behavior.
Android

Creator of Android Andy Rubin Nears His Comeback, Complete With an 'Essential' Phone (bloomberg.com) 73

From a report on Bloomberg: Rubin, creator of the Android operating system, is planning to marry his background in software with artificial intelligence in a risky business: consumer hardware. Armed with about a 40-person team, filled with recruits from Apple and Google, Rubin is preparing to announce a new company called Essential and serve as its Chief Executive Officer, according to people familiar with the matter. A platform company designed to tie multiple devices together, Essential is working on a suite of consumer hardware products, including ones for the mobile and smart home markets, one of the people said. The centerpiece of the system is a high-end smartphone with a large edge-to-edge screen that lacks a surrounding bezel. At the Consumer Electronics Show in Las Vegas in early January, Rubin discussed the smartphone with mobile carrier executives, including some from Sprint Corp., people familiar with the talks said. The smartphone, according to the report, would go on sale around the middle of this year and will cost nearly as much as iPhone 7 ($649, off contract).
Google

Google's New Compression Tool Uses 75% Less Bandwidth Without Sacrificing Image Quality (thenextweb.com) 103

An anonymous reader quotes a report from The Next Web: Google just released an image compression technology called RAISR (Rapid and Accurate Super Image Resolution) designed to save your precious data without sacrificing photo quality. Claiming to use up to 75 percent less bandwidth, RAISR analyzes both low and high-quality versions of the same image. Once analyzed, it learns what makes the larger version superior and simulates the differences on the smaller version. In essence, it's using machine learning to create an Instagram-like filter to trick your eye into believing the lower-quality image is on par with its full-sized variant. Unfortunately for the majority of smartphone users, the tech only works on Google+ where Google claims to be upscaling over a billion images a week. If you don't want to use Google+, you'll just have to wait a little longer. Google plans to expand RAISR to more apps over the coming months. Hopefully that means Google Photos.
Nintendo

Nintendo Switch Will Launch On March 3rd For $299, Won't Feature Region-Locking Software (cnet.com) 154

Nintendo has released more details about its upcoming Nintendo Switch gaming console. We have learned that the console will be launching on March 3rd worldwide, and in North America the console will be available for $299.99. What's more is that it won't feature region-locking for software, meaning you can play games from any region no matter where you buy your console. CNET reports: There will also be a Nintendo Switch online service that will be a paid service. It will launch as a trial with pricing to be announced later in 2017. For fans of imports of Japanese exclusives, it was announced the new system will have no region locking -- a big break from tradition for Nintendo. The Switch itself is said to have battery life from 2.5 to 6 hours and can be charged over USB-C. Nintendo says it will have portable battery accessories also available to charge on the go. The Joy-con is the name for new controller, usable in a combined controller style or separated into two halves to let two players play together. It will also be available in a range of colors for people who want to mix things up. The Joy-con has a whole bunch of clever tricks -- motion control, IR sensor, haptic feedback -- and a series of 'versus' game ideas called "1, 2, Switch" that let you play games (like a quick draw shooting game) without needing to look at the screen, just face each other down with the Joy-con controllers. Other games announced that need you to keep the full Joy-con all to yourself include 'Arms', a robotic boxing battle game, and Splatoon 2. Plus the new Mario game, Super Mario Odyssey, which aims to deliver a 'sandbox' experience across many realms outside the Mushroom kingdom, including the real world. And this time his cap has come to life. For the more serious RPG fans, Xenoblade Chronicles 2 was also announced for the Nintendo Switch. Followed by a very small tease for Fire Emblem Warriors. All up, Nintendo says there are over 80 games in development for the Nintendo Switch. If you live in New York, "a limited quantity of pre-orders for the #NintendoSwitch will begin on 1/13 at 9AM while supplies last," Nintendo NY tweeted.
Medicine

Study Shows Wearable Sensors Can Tell When You Are Getting Sick (phys.org) 54

skids quotes a report from Phys.Org: Wearable sensors that monitor heart rate, activity, skin temperature and other variables can reveal a lot about what is going on inside a person, including the onset of infection, inflammation and even insulin resistance, according to a study by researchers at the Stanford University School of Medicine. Altogether, the team collected nearly 2 billion measurements from 60 people, including continuous data from each participant's wearable biosensor devices and periodic data from laboratory tests of their blood chemistry, gene expression and other measures. Participants wore between one and eight commercially available activity monitors and other monitors that collected more than 250,000 measurements a day. The team collected data on weight; heart rate; oxygen in the blood; skin temperature; activity, including sleep, steps, walking, biking and running; calories expended; acceleration; and even exposure to gamma rays and X-rays. "We want to study people at an individual level," said Michael Snyder, PhD, professor and chair of genetics. "We have more sensors on our cars than we have on human beings," said Snyder. In the future, he said, he expects the situation will be reversed and people will have more sensors than cars do.

Slashdot reader skids adds: "IT security being in the state it is, will we face the same decision about our actual lives that we already face about our social lives/identities: either risk very real hazards of misuse of your personal data, or get left behind?

Privacy

Fingerprinting Methods Identify Users Across Different Browsers On the Same PC (bleepingcomputer.com) 88

An anonymous reader quotes a report from BleepingComputer: A team of researchers from universities across the U.S. has identified different fingerprinting techniques that can track users when they use different browsers installed on the same machine. Named "cross-browser fingerprinting" (CBF), this practice relies on new technologies added to web browsers in recent years, some of which had been previously considered unreliable for cross-browser tracking and only used for single browser fingerprinting. These new techniques rely on making browsers carry out operations that use the underlying hardware components to process the desired data. For example, making a browser apply an image to the side of a 3D cube in WebGL provides a similar response in hardware parameters for all browsers. This is because the GPU card is the one carrying out this operation and not the browser software. According to the three-man research team led by Assistant Professor Yinzhi Cao from the Computer Science and Engineering Department at Lehigh University, the following browser features could be (ab)used for cross-browser fingerprinting operations: [Screen Resolution, Number of CPU Virtual Cores, AudioContext, List of Fonts, Line, Curve, and Anti-Aliasing, Vertex Shader, Fragment Shader, Transparency via Alpha Channel, Installed Writing Scripts (Languages), Modeling and Multiple Models, Lighting and Shadow Mapping, Camera and Clipping Planes.] Researchers used all these techniques together to test how many users they would be able to pin to the same computer. For tests, researchers used browsers such as Chrome, Firefox, Edge, IE, Opera, Safari, Maxthon, UC Browser, and Coconut. Results showed that CBF techniques were able to correctly identify 99.24% of all test users. Previous research methods achieved only a 90.84% result.
EU

Europe Calls For Mandatory 'Kill Switches' On Robots (cnn.com) 172

To combat the robot revolution, the European Parliament's legal affairs committee has proposed that robots be equipped with emergency "kill switches" to prevent them from causing excessive damage. Legislators have also suggested that robots be insured and even be made to pay taxes. "A growing number of areas of our daily lives are increasingly affected by robotics," said Mady Delvaux, the parliamentarian who authored the proposal. "To ensure that robots are and will remain in the service of humans, we urgently need to create a robust European legal framework." CNNMoney reports: The proposal calls for a new charter on robotics that would give engineers guidance on how to design ethical and safe machines. For example, designers should include "kill switches" so that robots can be turned off in emergencies. They must also make sure that robots can be reprogrammed if their software doesn't work as designed. The proposal states that designers, producers and operators of robots should generally be governed by the "laws of robotics" described by science fiction writer Isaac Asimov. The proposal also says that robots should always be identifiable as mechanical creations. That will help prevent humans from developing emotional attachments. "You always have to tell people that robot is not a human and a robot will never be a human," said Delvaux. "You must never think that a robot is a human and that he loves you." The report cites the example of care robots, saying that people who are physically dependent on them could develop emotional attachments. The proposal calls for a compulsory insurance scheme -- similar to car insurance -- that would require producers and owners to take out insurance to cover the damage caused by their robots. The proposal explores whether sophisticated autonomous robots should be given the status of "electronic persons." This designation would apply in situations where robots make autonomous decisions or interact with humans independently. It would also saddle robots with certain rights and obligations -- for example, robots would be responsible for any damage they cause. If advanced robots start replacing human workers in large numbers, the report recommends the European Commission force their owners to pay taxes or contribute to social security.
Transportation

US EPA Accuses Fiat Chrysler of Excess Diesel Emissions (yahoo.com) 125

The U.S. Environmental Protection Agency on Thursday accused Fiat Chrysler Automobiles NV of illegally using hidden software to allow excess diesel emissions to go undetected, the result of a probe that stemmed from regulators' investigation of rival Volkswagen AG. From a report: FCA shares plummeted as the maximum fine is about $4.6 billion. The EPA action affects 104,000 U.S. trucks and SUVs sold since 2014, about one-sixth the vehicles in the Volkswagen case. The EPA and California Air Resources Board told Fiat Chrysler it believes its undeclared auxiliary emissions control software allowed vehicles to generate excess pollution in violation of the law. Fiat Chrysler Chief Executive Sergio Marchionne angrily rejected the allegations at a hastily-assembled conference call with reporters, saying there was no wrongdoing and the company never attempted to create software to cheat emissions rules by detecting when the vehicle was in test mode.
Businesses

Amazon To Add 100,000 Full-Time US Jobs in Next 18 Months (geekwire.com) 184

An anonymous reader shares a GeekWire report: Amazon just made a big statement about its continued growth aspirations, announcing that it plans to add another 100,000 full-time jobs in the U.S. over the next 18 months, an increase of more than 55 percent in its domestic workforce. The growth would push Amazon's U.S. workforce to more than 280,000 people by mid 2018. Amazon said in an announcement that the jobs will be available to people "all across the country and with all types of experience, education and skill levels -- from engineers and software developers to those seeking entry-level positions and on-the-job training."
Businesses

The Flying Lily Camera Drone is Dead, Buyers Will Be Refunded (mashable.com) 88

The Lily Camera drone, which could begin recording as soon as you threw it into the air and would follow your movements automatically, has failed to materialize. The startup, which took pre-orders worth more than $34 million for its drone camera said Thursday they are shutting down the company and will issue refunds. From a report: The Lily company faced "many ups and downs" last year, the company said, adding that they couldn't secure financing for manufacturing and shipping the first batch of units. The Lily cameras were originally started to begin shipping in February 2016, but the co-founders said "software issues" resulted in a delay in the shipment. Later in October, the team gave people another chance to purchase the device, adding that stores will re-open in 2017. As of last month, the company hadn't shipped a single unit.
Opera

Opera Neon Turns Your Web Browser Into a Mini Desktop (engadget.com) 78

Opera today announced it's launching a new browser called Opera Neon. From a report on Engadget:It's a separate "concept" browser that shows where software could go. It's much more visual, with an uncluttered look, tabs and shortcuts as bubbles and a side control bar that largely gets out of your way. However, the real fun starts when you want to juggle multiple sites -- this is more of an intelligent desktop than your usual web client. If you want to have two pages running side by side, it's relatively easy: you drag one of your open tabs to the top of the window, creating a split view much like what you see in Windows or the multi-window modes on mobile devices. Also, Neon acknowledges that your browser can frequently double as a media player. You can listen to tunes in the background, or pop out a video in order to switch websites while you watch. These aren't completely novel concepts all by themselves, but it's rare to see all of them in a browser at the same time.
Medicine

Implantable Cardiac Devices Could Be Vulnerable To Hackers, FDA Warns (vice.com) 60

The U.S. Food and Drug Administration warned on Monday that pacemakers, defibrillators and other devices manufactured by St. Jude Medical, a medical device company based in Minnesota, could have put patients' lives at risk, as hackers could remotely access the devices and change the heart rate, administer shocks, or quickly deplete the battery. Thankfully, St. Jude released a new software patch on the same day as the FDA warning to address these vulnerabilities. Motherboard reports: St. Jude Medical's implantable cardiac devices are put under the skin, in the upper chest area, and have insulated wires that go into the heart to help it beat properly, if it's too slow or too fast. They work together with the Merlin@home Transmitter, located in the patient's house, which sends the patient's data to their physician using the Merlin.net Patient Care Network. Hackers could have exploited the transmitter, the manufacturer confirmed. "[It] could (...) be used to modify programming commands to the implanted device," the FDA safety communication reads. In an emailed response to Motherboard, a St. Jude Medical representative noted that the company "has taken numerous measures to protect the security and safety of our devices," including the new patch, and the creation of a "cyber security medical advisory board." The company plans to implement additional updates in 2017, the email said. This warning comes a few days after Abbott Laboratories acquired St. Jude Medical, and four months after a group of experts at Miami-based cybersecurity company MedSec Holding published a paper explaining several vulnerabilities they found in St. Jude Medical's pacemakers and defibrillators. They made the announcement at the end of August 2016, together with investment house Muddy Waters Capital.

Slashdot Top Deals