Feed aggregator

Security updates for Friday

LWN Headlines -

Security updates have been issued by CentOS (bind, firefox, java-1.8.0-openjdk, and nss and nss-util), Debian (icedove), Fedora (jenkins-xstream and xstream), Mageia (chromium-browser-stable, flash-player-plugin, gimp, and wireshark), openSUSE (gstreamer-0_10-plugins-base), Oracle (bind, firefox, java-1.8.0-openjdk, and nss and nss-util), Red Hat (firefox and java-1.8.0-openjdk), Scientific Linux (bind, firefox, nss and nss-util, and nss-util), SUSE (xen), and Ubuntu (bind9, curl, freetype, and qemu).

US Prepares Charges To Seek Arrest of WikiLeaks' Julian Assange

Slashdot -

An anonymous reader quotes a report from CNN: U.S. authorities have prepared charges to seek the arrest of WikiLeaks founder Julian Assange, U.S. officials familiar with the matter tell CNN. The Justice Department investigation of Assange and WikiLeaks dates to at least 2010, when the site first gained wide attention for posting thousands of files stolen by the former U.S. Army intelligence analyst now known as Chelsea Manning. Prosecutors have struggled with whether the First Amendment precluded the prosecution of Assange, but now believe they have found a way to move forward. During President Barack Obama's administration, Attorney General Eric Holder and officials at the Justice Department determined it would be difficult to bring charges against Assange because WikiLeaks wasn't alone in publishing documents stolen by Manning. Several newspapers, including The New York Times, did as well. The investigation continued, but any possible charges were put on hold, according to U.S. officials involved in the process then.The U.S. view of WikiLeaks and Assange began to change after investigators found what they believe was proof that WikiLeaks played an active role in helping Edward Snowden, a former NSA analyst, disclose a massive cache of classified documents. Attorney General Jeff Sessions said at a news conference Thursday that Assange's arrest is a "priority." "We are going to step up our effort and already are stepping up our efforts on all leaks," he said. "This is a matter that's gone beyond anything I'm aware of. We have professionals that have been in the security business of the United States for many years that are shocked by the number of leaks and some of them are quite serious. So yes, it is a priority. We've already begun to step up our efforts and whenever a case can be made, we will seek to put some people in jail." Meanwhile, Assange's lawyer said they have "had no communication with the Department of Justice."

Read more of this story at Slashdot.

Error'd: When Good Dev Tools Go Bad

The Daily WTF -

"I'd say that this brings new meaning to what a 'core dump' really is," Paul N. writes.

 

"Looks like someone at Google got tired of typing exit names all day," Shawn A. writes, "And in case you wondered, voice navigation actually spelled 'ASD'."

 

"At first glance, Google News got the wrong pic, but the more you think about it, maybe it didn't," wrote Matt S.

 

Mike S. writes, "I was hoping for overflow, but all I got was NaN."

 

"I got this dialog/error message pixel for pixel (originally 2930x128) today and boy I am glad that I have two monitors or I wouldn't be able to press the OK button," writes John A.

 

"I'd love to see the datetime logic that resulted in this gem," writes Baldrick.

 

Pramod V. writes, "Now this is what I call the ULTIMATE portable!"

 

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

Neuroscientists Offer a Reality Check On Facebook's 'Typing By Brain' Project

Slashdot -

the_newsbeagle writes: Yesterday, Facebook announced that it's working on a "typing by brain" project, promising a non-invasive technology that can decode signals from the brain's speech center and translate them directly to text (see the video beginning at 1:18:00). What's more, Facebook exec Regina Dugan said, the technology will achieve a typing rate of 100 words per minute. Here, a few neuroscientists are asked: Is such a thing remotely feasible? One neuroscientist points out that his team set the current speed record for brain-typing earlier this year: They enabled a paralyzed man to type 8 words per minute, and that was using an invasive brain implant that could get high-fidelity signals from neurons. To date, all non-invasive methods that read brain signals through the scalp and skull have performed much worse. Thomas Naselaris, an assistant professor at the Medical University of South Carolina, says, "Our understanding of the way the words and their phonological and semantic attributes are encoded in brain activity is actually pretty good currently, but much of this understanding has been enabled by fMRI, which is noninvasive but very slow and not at all portable," he said. "So I think that the bottleneck will be the [optical] imaging technology," which is what Facebook's gear will be using.

Read more of this story at Slashdot.

CEO of Silicon Valley's $400 Juicer Promises Refunds After Hand-Squeezing Demonstration

Slashdot -

Anthony Ha writes via TechCrunch: Jeff Dunn, the former Coca-Cola executive who became CEO of Juicero last year, has responded to a wave of coverage suggesting that the company's juice press isn't all that was promised -- and he's offering dissatisfied customers their money back. A Bloomberg report showed that Juicero's packs could be squeezed by hand, no expensive juicer required. Dunn's response? He doesn't deny that hand-squeezing is a very real possibility, but he does quibble about what you'll find inside, saying it's "nothing but fresh, raw, organic chopped produce" -- see, it's not juice yet because it hasn't been pressed. "What you will get with hand-squeezed hacks is a mediocre (and maybe very messy) experience that you won't want to repeat once, let alone every day," he argued. More importantly, he said, "The value of Juicero is more than a glass of cold-pressed juice. Much more." At the beginning of his post, Dunn said his goal was to "demonstrate the incredible value we know our connected system delivers." And if you're not convinced this is worth $400, well, there's another option for disillusioned Juicero buyers -- Dunn said the company's "Happiness Guarantee" (i.e. its return policy) has been extended to cover anyone who's ever purchased a Juicero Press. So for the next 30 days, anyone who's bought a Press should be able to return it for a full refund.

Read more of this story at Slashdot.

Ambient Light Sensors Can Be Used To Steal Browser Data

Slashdot -

An anonymous reader writes: "Over the past decade, ambient light sensors have become quite common in smartphones, tablets, and laptops, where they are used to detect the level of surrounding light and automatically adjust a screen's intensity to optimize battery consumption... and other stuff," reports Bleeping Computer. "The sensors have become so prevalent, that the World Wide Web Consortium (W3C) has developed a special API that allows websites (through a browser) to interact with a device's ambient light sensors. Browsers such as Chrome and Firefox have already shipped versions of this API with their products." According to two privacy and security experts, Lukasz Olejnik and Artur Janc, malicious web pages can launch attacks using this new API and collect data on users, such as URLs they visited in the past and extract QR codes displayed on the screen. This is possible because the light coming from the screen is picked up by these sensors. Mitigating such attacks is quite easy, as it only requires browser makers and the W3C to adjust the default frequency at which the sensors report their readings. Furthermore, the researcher also recommends that browser makers quantize the result by limiting the precision of the sensor output to only a few values in a preset range. The two researchers filed bug reports with both Chrome and Firefox in the hopes their recommendations will be followed.

Read more of this story at Slashdot.

Plastc Swiped $9 Million From Backers, Now It Plans To File For Bankruptcy and Shut Down

Slashdot -

Plastc announced today that it is planning to file for bankruptcy and will shut down on April 20, 2017, after raising more than $9 million through preorders and shipping to no backers. "Plastc launched in 2014 with the promise of shipping a single card that could digitally hold 20 credit or debit cards that a user could switch between," reports The Verge. From the report: With that, all backers' money is lost, and no Plastc cards will ship. Plastc announced the news on its website today along with the fact that all its employees have been laid off. Its customer care and social media channels have also been shut down. The company explains that it thought it would close $3.5 million in funding in February this year, but that fell through. Another possible investment deal of $6.75 million fell through, too. What's not clear is how more than $9 million wasn't sufficient to get backers their orders. Backers will likely have questions and want their money back, but with no one to turn to from Plastc, they'll likely be out the cash.

Read more of this story at Slashdot.

Dries Buytaert: Thoughts as we head to DrupalCon Baltimore

Drupal Planet -

The past weeks have been difficult. I'm well aware that the community is struggling, and it really pains me. I respect the various opinions expressed, including opinions different from my own. I want you to know that I'm listening and that I'm carefully considering the different aspects of this situation. I'm doing my best to progress through the issues and support the work that needs to happen to evolve our governance model. For those that are attending DrupalCon Baltimore and want to help, we just added a community discussions track.

There is a lot to figure out, and I know that it's difficult when there are unresolved questions. Leading up to DrupalCon Baltimore next week, it may be helpful for people to know that Larry Garfield and I are talking. As members of the Community Working Group reported this week, Larry remains a member of the community. While we figure out Larry's future roles, Larry is attending DrupalCon as a regular community member with the opportunity to participate in sessions, code sprints and issue queues.

As we are about to kick off DrupalCon Baltimore, please know that my wish for this conference is for it to be everything you've made it over the years; a time for bringing out the best in each other, for learning and sharing our knowledge, and for great minds to work together to move the project forward. We owe it to the 3,000 people who will be in attendance to make DrupalCon about Drupal. To that end, I ask for your patience towards me, so I can do my part in helping to achieve these goals. It can only happen with your help, support, patience and understanding. Please join me in making DrupalCon Baltimore an amazing time to connect, collaborate and learn, like the many DrupalCons before it.

(I have received a lot of comments and at this time I just want to respond with an update. I decided to close the comments on this post.)

Canada Rules To Uphold Net Neutrality

Slashdot -

According to a new ruling by Canada's telecommunications regulator, internet service providers should not be able to exempt certain types of content, such as streaming music or video, from counting toward a person's data cap. The ruling upholds net neutrality, which is the principle that all web services should be treated equally by providers. CBC.ca reports: "Rather than offering its subscribers selected content at different data usage prices, Internet service providers should be offering more data at lower prices," said Jean-Pierre Blais, chairman of the CRTC in a statement. "That way, subscribers can choose for themselves what content they want to consume." The decision stems from a 2015 complaint against the wireless carrier Videotron, which primarily operates in Quebec. Videotron launched a feature in August of that year, enabling customers to stream music from services such as Spotify and Google Play Music without it counting against a monthly data cap as a way to entice people to subscribe to Videotron's internet service. The decision means that Videotron cannot offer its unlimited music streaming plan to subscribers in its current form -- nor can other internet providers offer similar plans that zero-rate other types of internet content, such as video streaming or social media.

Read more of this story at Slashdot.

Apple Forces Recyclers To Shred All iPhones and MacBooks

Slashdot -

An anonymous reader quotes a report from Motherboard: Apple released its Environmental Responsibility Report Wednesday, an annual grandstanding effort that the company uses to position itself as a progressive, environmentally friendly company. Behind the scenes, though, the company undermines attempts to prolong the lifespan of its products. Apple's new moonshot plan is to make iPhones and computers entirely out of recycled materials by putting pressure on the recycling industry to innovate. But documents obtained by Motherboard using Freedom of Information requests show that Apple's current practices prevent recyclers from doing the most environmentally friendly thing they could do: Salvage phones and computers from the scrap heap. Apple rejects current industry best practices by forcing the recyclers it works with to shred iPhones and MacBooks so they cannot be repaired or reused -- instead, they are turned into tiny shards of metal and glass. "Materials are manually and mechanically disassembled and shredded into commodity-sized fractions of metals, plastics, and glass," John Yeider, Apple's recycling program manager, wrote under a heading called "Takeback Program Report" in a 2013 report to Michigan Department of Environmental Quality. "All hard drives are shredded in confetti-sized pieces. The pieces are then sorted into commodities grade materials. After sorting, the materials are sold and used for production stock in new products. No reuse. No parts harvesting. No resale."

Read more of this story at Slashdot.

Chapter Three: Installing Drupal 8 from configuration

Drupal Planet -

Wouldn't it be great if???

Configuration management is one of the most useful site development features in Drupal 8. It makes a site's configuration exportable, importable and manageable in git. Whilst building the configuration management feature, a thought that often occurred was "Wouldn't it be great if you can take an existing set of configuration and install a new site from it?". Every Drupal developer has turned up to a new project and had to learn a different way to build a development site. Do you get the code from github? Download a database from production or some other special location? And is that database sanitised?

Subway Sues Canada Network Over Claim Its Chicken Is 50 Percent Soy

Slashdot -

jenningsthecat writes: As reported here back in February, the CBC, (Canada's national broadcaster), revealed DNA test results which indicated the chicken used in Subway Restaurants' sandwiches only contained about 50% chicken. Now, Subway is suing the public broadcaster for $210 million, because "its reputation and brand have taken a hit as a result of the CBC reports." The suit claims that "false statements [...] were published and republished, maliciously and without just cause or excuse, to a global audience, which has resulted in pecuniary loss to the plaintiffs." Personally, my working assumption here is that the CBC report is substantially correct. It will be interesting to see how the case plays out -- but should this have happened at all? Regulatory agencies here in Canada seem to be pretty good when it comes to inspecting meat processing facilities. Should they also be testing the prepared foods served by major restaurant chains to ensure that claims regarding food content are true and accurate?

Read more of this story at Slashdot.

Tesla Recalls 53,000 Model S, Model X Cars For Stuck Parking Brakes

Slashdot -

Tesla has issued a voluntary recall for approximately 53,000 Model S and Model X cars, which may be susceptible to having stuck parking brakes. The company hasn't received any reports of the parking brake system failing, but decided to issue a recall for precautionary reasons. According to CNET, the recall affects 31,000 Model S and Model X cars in the U.S., "and all affected vehicles carry build dates between February and October 2016." From the report: The problem lies with the electric parking brakes that help secure the vehicles when placed in Park. The parking brakes contain a small gear that might fracture, which would prevent the parking brake from releasing. Thus, a car that enters Park may not be able to move again. This has no bearing on the vehicles' regular brakes, and Tesla has received no reports of the parking brake system failing to hold a car in place. Tesla estimates that about 2 percent of the vehicles recalled contain the improperly manufactured gear. It should be noted that the parking brake assembly is from a third-party supplier, as well.

Read more of this story at Slashdot.

Google Home Now Recognizes Specific Users' Voices, Gains Support For Multiple Accounts

Slashdot -

Google has issued a long-awaited feature for Google Home: support for multiple users. In an update rolling out today, up to six people will be able to connect their Google account to a Google Home, and the unit will try to distinguish each person's voice from the other users connected to the device. Therefore, each person will be able to get access to their schedule, playlists, and more. PhoneDog reports: Support for multiple users is rolling out in the U.S. now and will be available in the U.K. in the coming months. To know if the feature is available to you, launch the Google Home app and look for a card that says "Multi-user is available." You can also click the icon in the upper right corner, find your Google Home, and select "Link your account." From there, you'll train the Google Assistant to recognize your voice so that it knows it's you when you're talking and not the other people with connected accounts. You'll say "Ok Google" and "Hey Google" twice each.

Read more of this story at Slashdot.

FCC Takes First Step Toward Allowing More Broadcast TV Mergers

Slashdot -

An anonymous reader quotes a report from The Verge: In a divided vote today, the Federal Communications Commission took steps that could lead to more consolidation among TV broadcasters, reducing the number of sources of local news. Today's changes revolve around the media ownership cap -- a limit on how many households a TV or radio broadcaster is allowed to reach. The rules are meant to promote diversity of media ownership, giving consumers access to different content and viewpoints. The cap currently prevents a company from reaching no more than 39 percent of U.S. households with broadcast TV. Large broadcasters hate the cap because it prevents them from getting even bigger. And since Trump took office and Ajit Pai was named chairman of the FCC, they've been lobbying to have it revised. The FCC's vote today starts to do that. First, it reinstates a rule known as the "UHF discount," which lets broadcasters have a bigger reach in areas where they use a certain type of technology. And second, it starts plans to revisit and raise the media ownership cap.

Read more of this story at Slashdot.

Airbnb Fires Back, Accuses Hotel Industry Of Punishing the Middle-Class

Slashdot -

According to a legal documents, the American Hotel and Lodging Association (lobbying group for hotels in the U.S.) kicked off a plan last year to fight back Airbnb and other home-sharing services with a $5.6 million annual budget. Airbnb has responded to the revelation. From a report: The company's head of policy, Christopher Lehane, accused hoteliers of price-gouging customers and called their fight against Airbnb a "campaign to punish the middle-class" in a letter. It's only the latest salvo in a long fight between Airbnb and the American Hotel and Lodging Association (AHLA), which believes the startup is cutting into its business. [...] In a letter to the AHLA, Airbnb accused the group of trying to hurt middle-class property owners. The Airbnb head of policy argued that "we ought to be able to agree that the middle-class family that shares their home while traveling is not a commercial operator running a business." In its minutes, the AHLA alleged that many of the listings on Airbnb are operated by commercial entities. Lehane also accused the AHLA of being inconsistent on homesharing. He said the group's board meeting showed support for "the rights of property owners to occasionally rent out a room or their home."

Read more of this story at Slashdot.

Ben's SEO Blog: Don’t Miss This Drupal 8 SEO Session at DrupalCon!

Drupal Planet -

I hope you will be attending DrupalCon 2017 next week in Baltimore. This a great opportunity to update your Drupal knowledge and network with others. It’s also your chance to sign up for a special, two-hour training session on Drupal 8 SEO which is free to Drupalcon attendees.

I will be holding a Drupal 8 SEO Hands-On Seminar beginning at 15:45 on April 25 in room 321 at the Baltimore Convention Center. We will do the most important on-page optimizations that I’d execute for a Volacci SEO client. We’ll cover specific details that marketers should know to achieve SEO results with Drupal 8 with minimal need for developer help.

In addition, everyone who attends will receive a free electronic copy of my latest book, Drupal 8 SEO. This book is a step-by-step guide for ranking high in search engines with professional tips, modules, and best practices for Drupal 8 web sites.

Search Engine Optimization is a key part of the success of any Drupal website. With recent releases, Drupal 8 is ready for the SEO prime-time, but it can be difficult to know which modules to use and exactly how to configure them. This course will take the mystery out of Drupal 8 SEO.

In the hands-on portion of the class, you can optimize your very own website. Following Volacci’s Drupal SEO guidelines, the end-result will be a website that ranks better in search engine results, creates more leads and drives more revenue. If you want to do the hands-on portion of this class, you must bring your own dev environment. It can be your own Drupal website or a test website. Get the details here.

See you at DrupalCon!

2 Hours of Drupal SEO Training and a Free Book, Too!drupalcon, drupal 8 seo book, Planet Drupal

CC'ing the Boss on Email Makes Employees Feel Less Trusted, Study Finds

Slashdot -

Do you ever loop your boss when having a conversation with a colleague when his or her presence in the thread wasn't really necessary? Turns out, many people do this, and your colleague doesn't find it helpful at all. From an article: My collaborators and I conducted a series of six studies (a combination of experiments and surveys) to see how cc'ing influences organizational trust. While our findings are preliminary and our academic paper is still under review, a first important finding was that the more often you include a supervisor on emails to coworkers, the less trusted those coworkers feel (alternative link). In our experimental studies, in which 594 working adults participated, people read a scenario where they had to imagine that their coworker always, sometimes, or almost never copied the supervisor when emailing them. Participants were then required to respond to items assessing how trusted they would feel by their colleague. ("In this work situation, I would feel that my colleague would trust my 'competence,' 'integrity,' and 'benevolence.'") It was consistently shown that the condition in which the supervisor was "always" included by cc made the recipient of the email feel trusted significantly less than recipients who were randomly allocated to the "sometimes" or "almost never" condition. Organizational surveys of 345 employees replicated this effect by demonstrating that the more often employees perceived that a coworker copied their supervisor, the less they felt trusted by that coworker. To make matters worse, my findings indicated that when the supervisor was copied in often, employees felt less trusted, and this feeling automatically led them to infer that the organizational culture must be low in trust overall, fostering a culture of fear and low psychological safety.

Read more of this story at Slashdot.

Pages

Subscribe to Heydon Consulting aggregator