tcyun - Slashdot User

Android Was 2016's Most Vulnerable Product, Oracle the (bleepingcomputer.com) 147

Posted by msmash on Wednesday January 04, 2017 @01:23PM from the state-of-the-art dept.

An anonymous reader writes: According to CVE Details, a website that aggregates historical data on security bugs that have received a CVE identifier, during 2016, security researchers have discovered and reported 523 security bugs in Google's Android OS, winner by far of this "award." The rest of the top 10 is made up by Debian (319 bugs), Ubuntu (278 bugs), Adobe Flash Player (266 bugs), openSUSE Leap (259 bugs), openSUSE (228 bugs), Adobe Acrobat DC (227 bugs), Adobe Acrobat Reader DC (227 bugs), Adobe Acrobat (224 bugs), and the Linux Kernel (216 bugs).

When it comes to software vendors, the company for which the largest number of new CVE numbers have been assigned was Oracle, with a whopping 798 CVEs, who edged out Google (698 bugs), Adobe (548 bugs), Microsoft (492 bugs), Novell (394), IBM (382 bugs), Cisco (353 bugs), Apple (324 bugs), Debian Project (320 bugs), and Canonical (280 bugs).

Finland Set To Become First Country To Ban Coal Use For Energy (newscientist.com) 249

Posted by msmash on Thursday November 24, 2016 @09:00PM from the moving-forward dept.

Finland could become the first country to ditch coal for good. As part of a new energy and climate strategy due to be announced tomorrow, the government is considering banning the burning of coal for energy by 2030. From a New Scientist article: "Basically, coal would disappear from the Finnish market," says Peter Lund, a researcher at Aalto University, and chair of the energy programme at the European Academies' Science Advisory Council. The groundwork for the ban already seems to be in place. Coal use has been steadily declining in Finland since 2011, and the nation heavily invested in renewable energy in 2012, leading to a near doubling of wind power capacity the following year. It also poured a further $85 million into renewable power this past February. On top of this, Nordic energy prices, with the exception of coal, have been dropping since 2010. As a result of such changes, coal-fired power plants are being mothballed and shut all over Finland, leaving coal providing only 8 per cent of the nation's energy.

Where Does Jeff Bezos Foresee Putting Space Colonists? Inside O'Neill Cylinders (geekwire.com) 151

Posted by msmash on Monday October 31, 2016 @01:20PM from the different-views dept.

Elon Musk of SpaceX wants to settle humans on Mars. Some talk about taking the Moon Village route. But Jeff Bezos has a different kind of off-Earth home in mind when he talks about having millions of people living and working in space. His long-range vision focuses on a decades-old concept for huge artificial habitats that are best known today as O'Neill cylinders. From a report on GeekWire (edited and condensed): The concept was laid out in 1976 in a classic book by physicist Gerard O'Neill, titled "The High Frontier." The idea is to create cylinder-shaped structures in outer space, and give them enough of a spin that residents on the inner surface of the cylinder could live their lives in Earth-style gravity. The habitat's interior would be illuminated either by reflected sunlight or sunlike artificial light. Bezos referred to his long-term goal of having millions of people living and working in space, as well as his enabling goal of creating the 'heavy lifting infrastructure' to make that happen. In Bezos' view, dramatically reducing the cost of access to space is a key step toward those goals. "Then we get to see Gerard O'Neill's ideas start to come to life, and many of the other ideas from science fiction," Bezos said. "The dreamers come first. It's always the science-fiction guys: They think of everything first, and then the builders come along and they make it happen. But it takes time." For Musk, the prime driver behind settling people on Mars is to provide a backup plan for humanity in the event of a planetwide catastrophe -- an asteroid strike, for example, or environmental ruin, or a species-killing pandemic. Bezos sees a different imperative at work: humanity's growing need for energy. "We need to go into space if we want to continue growing civilization," he explained. "If you take baseline energy usage on Earth and compound it at just 3 percent per year for less than 500 years, you have to cover the entire surface of the Earth in solar cells. That's just not going to happen. [...] I predict that in the next few hundred years, all heavy industry will move off planet. It will be just way more convenient to do it in space, where you have better access to resources, better access to 24/7 solar power," he said last weekend. "Solar power on Earth is not that great, because the planet shades us half the time. In space, you get solar power all the time. So there'll be a lot of advantages to doing heavy manufacturing there, and Earth will end up zoned residential and light industry. [...] We want to go to space to save the Earth. I don't like the 'Plan B' idea that we want to go to space so we have a backup planet. ... We have sent probes to every planet in this solar system, and believe me, this is the best planet. There is no doubt. This is the one that you want to protect."

Submission + - Open Document Format 1.2 Published as ISO/IEC Standard (documentfoundation.org)

Submitted by jrepin on Friday July 17, 2015 @06:46AM

jrepin writes: The Open Document Format for Office Applications (ODF) Version 1.2, the native file format of LibreOffice and many other office applications, has been published as International Standard 26300:2015 by ISO/IEC. ODF defines a technical schema for office documents including text documents, spreadsheets, charts and graphical documents like drawings or presentations. The current version of the standard was published in 2011, and then was submitted to ISO/IEC in 2014.

Submission + - European Space Agency invited to contribute a lander to NASA's Europa Clipper (examiner.com)

Submitted by MarkWhittington on Sunday April 12, 2015 @02:47PM

MarkWhittington writes: According to a Friday story in Spaceflight Now, NASA has invited the European Space Agency to participate in its upcoming Europa Clipper project. Europa Clipper, pushed by Rep. John Culberson, the chair of the House Appropriations subcommittee that oversees NASA, recently received backing from the Obama administration. Europa Clipper would launch in the early 2020s and would be placed in an orbit around Jupiter that would cause it to fly by Europa, a moon of Jupiter, at least 45 times during its operational life.

Submission + - Argonne National Laboratory shuts down Online Ask a Scientist Program (anl.gov)

Submitted by itamblyn on Tuesday February 24, 2015 @10:17PM

itamblyn writes: In a surprising decision, Argonne National Laboratory has decided to pull the plug on its long-standing NEWTON Ask A Scientist Program. NEWTON is (soon to be was) an on online repository of science questions submitted by school children from around the world. A volunteer group of scientists contributed grade-level appropriate answers to these questions.

For the past 25 years, a wide range of topics ranging have been covered, including the classic “why is the sky blue” to “is there way to break down the components of plastics completely into their original form”. Over the years, over 20,000 questions have been answered.

According to ANL, the website will be shut down permanently on 1 March. There is no plan to make the content available in an alternate form or to hand over stewardship to another organization.

When contacted about transferring the repository to another institution or moving to a donation model, the response from ANL was simply: "Thank you again for all your support for Newton. Unfortunately, moving Newton to another organization is not a possibility at this time. Thank you again for your energy and support.”

Given the current state of scientific literacy in the general public, it is difficult to understand how removing 20,000 scientific FAQ from the internet makes any sense. If you’re interested in starting a letter writing campaign, the Director of ANL, Peter Littlewood, can be reached at pblittlewood@anl.gov. I’m sure he would love to hear from all of us.

Full disclosure: I am one of those scientific volunteers and I’ve already run wget on the site. It’s about 300 mb in total. I do not have the ability to host the material at scale (apparently NEWTON receives millions of hits / month).

Submission + - Is Pascal an Underrated Programming Language? 6

Submitted by Anonymous Coward on Sunday January 25, 2015 @01:26AM

An anonymous reader writes: In the recent Slashdot discussion on the D programming language, I was surprised to see criticisms of Pascal that were based on old information and outdated implementations. While I’m sure that, for example, Brian Kernighan’s criticisms of Pascal were valid in 1981, things have moved on since then. Current Object Pascal largely addresses Kernighan’s critique and also includes language features such as anonymous methods, reflection and attributes, class helpers, generics and more (see also Marco Cantu’s recent Object Pascal presentation). Cross-platform development is fairly straightforward with Pascal. Delphi targets Windows, OS X, iOS and Android. Free Pascal targets many operating systems and architectures and Lazarus provides a Delphi-like IDE for Free Pascal. So what do you think? Is Pascal underrated?

NASA 'Emails' a Socket Wrench To the ISS 152

Posted by Soulskill on Sunday December 21, 2014 @03:16AM from the hardware-as-a-service dept.

HughPickens.com writes: "Sarah LeTrent reports at CNN that NASA just emailed the design of a socket wrench to astronauts so that they could print it out in the orbit. The ratcheting socket wrench was the first "uplink tool" printed in space, according to Grant Lowery, marketing and communications manager for Made In Space, which built the printer in partnership with NASA. The tool was designed on the ground, emailed to the space station and then manufactured where it took four hours to print out the finished product. The space agency hopes to one day use the technology to make parts for broken equipment in space and long-term missions would benefit greatly from onboard manufacturing capabilities. "I remember when the tip broke off a tool during a mission," recalls NASA astronaut TJ Creamer, who flew aboard the space station during Expedition 22/23 from December 2009 to June 2010. "I had to wait for the next shuttle to come up to bring me a new one. Now, rather than wait for a resupply ship to bring me a new tool, in the future, I could just print it."

Submission + - Why Elon Musk's Batteries Scare the Hell Out of Electric Companies (bloomberg.com)

Submitted by JoeyRox on Friday December 05, 2014 @10:55AM

JoeyRox writes: Tesla's 'gigafactory' publicized goal is to make electric cars more affordable. However that benefit may soon be eclipsed by the gigafactory's impact on roof-top solar power storage costs, putting the entire business model of utilities in peril. “The mortal threat that ever cheaper on-site renewables pose” comes from systems that include storage, said Amory Lovins, co-founder of the Rocky Mountain Institute, a Snowmass, Colorado-based energy consultant. “That is an unregulated product you can buy at Home Depot that leaves the old business model with no place to hide.”

Which Programming Language Pays the Best? Probably Python 277

Posted by Soulskill on Wednesday December 03, 2014 @02:08PM from the from-employer-import-dollars dept.

Nerval's Lobster writes: What programming language will earn you the biggest salary over the long run? According to Quartz, which relied partially on data compiled by employment-analytics firm Burning Glass and a Brookings Institution economist, Ruby on Rails, Objective-C, and Python are all programming skills that will earn you more than $100,000 per year. But salary doesn't necessarily correlate with popularity. Earlier this year, for example, tech-industry analyst firm RedMonk produced its latest ranking of the most-used languages, and Java/JavaScript topped the list, followed by PHP, Python, C#, and C++/Ruby. Meanwhile, Python was the one programming language to appear on Dice's recent list of the fastest-growing tech skills, which is assembled from mentions in Dice job postings. Python is a staple language in college-level computer-science courses, and has repeatedly topped the lists of popular programming languages as compiled by TIOBE Software and others. Should someone learn a language just because it could come with a six-figure salary, or are there better reasons to learn a particular language and not others?

Submission + - Culberson as chair of NASA fundng subcommittee makes Europa mission more likely (examiner.com)

Submitted by MarkWhittington on Friday November 21, 2014 @11:06AM

MarkWhittington writes: As many have expected, Rep. John Culberson, R-Texas has been elevated to chair the House Appropriations Subcommittee for Commerce, Justice, and Science.. The subcommittee has charge of NASA funding, something of keen interest for the congressman whose Houston district is close to the Johnson Spaceflight Center. Moreover, Culberson’s enthusiasm for space exploration goes far and beyond what would be expected from a Texas representative.

Culberson is a champion of a mission to Europa, a moon of Jupiter. Europa is an ice-covered moon that is thought to conceal an ocean of water, warmed by tidal forces, which might contain life. Using the heavy-lift Space Launch System NASA could launch a large-scale probe to study Europa and ascertain whether it harbors alien life or not. Culberson’s elevation makes such a mission far more likely to occur.

Google Finds Vulnerability In SSL 3.0 Web Encryption 68

Posted by Soulskill on Tuesday October 14, 2014 @08:04PM from the another-day-another-vuln dept.

AlbanX sends word that security researchers from Google have published details on a vulnerability in SSL 3.0 that can allow an attacker to calculate the plaintext of encrypted communications. Google's Bodo Moller writes, SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue. Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response (PDF) is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

Accessing One's Own Metadata 94

Posted by Soulskill on Friday October 10, 2014 @10:56AM from the freedom-of-my-own-bloody-information-request dept.

skegg writes: Frustrated journalist Ben Grubb has documented his attempts at gaining access to his own metadata from his carrier. "After more than a year of phone calls and emails and a private mediation session, it still hasn't released the information or answered my one key question satisfactorily: the government can access my Telstra metadata, so why can't I?" Later, he says, "Telstra's one and only valid argument to date has been that identifying who calls me would be in breach of that person's privacy if they called from an unlisted number. I've agreed and said that in providing me with my metadata they should remove unlisted numbers. They argue this would be too difficult to do, which I think is baloney."

Submission + - Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying (wired.com)

Submitted by wabrandsma on Saturday September 20, 2014 @05:07PM

wabrandsma writes: from Wired:

The National Security Agency has some of the brightest minds working on its sophisticated surveillance programs, including its metadata collection efforts. But a new chat program designed by a middle-school dropout in his spare time may turn out to be one of the best solutions to thwart those efforts.

John Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. The program, which he dubbed Ricochet, began as a hobby. But by the time he finished, he had a full-fledged desktop client that was easy to use, offered anonymity and encryption, and even resolved the issue of metadata—the “to” and “from” headers and IP addresses spy agencies use to identify and track communications—long before the public was aware that the NSA was routinely collecting metadata in bulk for its spy programs. The only problem Brooks had with the program was that few people were interested in using it. Although he’d made Ricochet’s code open source, Brooks never had it formally audited for security and did nothing to promote it, so few people even knew about it.

Then the Snowden leaks happened and metadata made headlines. Brooks realized he already had a solution that resolved a problem everyone else was suddenly scrambling to fix. Though ordinary encrypted email and instant messaging protect the contents of communications, metadata allows authorities to map relationships between communicants and subpoena service providers for subscriber information that can help unmask whistleblowers, journalists’s sources and others.

Submission + - SpaceShipTwo flies again (nbcnews.com)

Submitted by schwit1 on Wednesday July 30, 2014 @09:20AM

schwit1 writes: The competition heats up: For the first time in six months SpaceShipTwo completed a test flight today.

The article above is from NBC, which also has a deal with Virgin Galactic to televise the first commercial flight. It is thus in their interest to promote the spacecraft and company. The following two sentences from the article however clearly confirm every rumor we have heard about the ship in the past year, that they needed to replace or completely refit the engine and that the resulting thrust might not be enough to get the ship to 100 kilometers or 62 miles:
In January, SpaceShipTwo blasted off for a powered test and sailed through a follow-up glide flight, but then it went into the shop for rocket refitting. It’s expected to go through a series of glide flights and powered flights that eventually rise beyond the boundary of outer space (50 miles or 100 kilometers in altitude, depending on who’s counting).

Hopefully this test flight indicates that they have installed the new engine and are now beginning flight tests with equipment that will actually get the ship into space.

Slashdot Top Deals