OS X

Apple Releases Meltdown and Spectre Fixes For Older Versions of MacOS (neowin.net) 18

An anonymous reader quotes a report from Neowin: Apple released its round of bug fix/security updates -- including iOS 11.2.5, macOS 10.13.3 High Sierra, watchOS 4.2.2, and tvOS 11.2.5 -- today. In doing so, it also offered some security updates for Macs running older versions of its OS, including OS X 10.11 El Capitan and macOS 10.12 Sierra. The security updates mainly focus on the Meltdown and Spectre vulnerabilities, which were fixed for High Sierra users a couple of weeks ago. OS X 10.11.6 El Capitan got the smallest update, including fixes for IOHIDFamily, Kernel, QuartzCore, and Wi-Fi. As for the Sierra update, it's available for machines that are running macOS 10.12.6. It includes the above fixes, but it also includes improvements for Audio, LinkPresentation, Security, and there's an additional Kernel fix.
Transportation

Tesla Model S Plows Into a Fire Truck While Using Autopilot (cnbc.com) 190

On Monday, a Tesla Model S plowed into the back of a fire truck on a freeway near Culver City, California. The driver is claiming the car was on Tesla's Autopilot driver assistance system. As a result, the National Traffic Safety Board will be investigating both driver and vehicle factors. CNBC reports: The Culver City Firefighters Association Local 1927 union chapter tweeted out a picture of the crash on Monday afternoon. The firetruck was on the freeway helping after a motorcycle accident, the union said in an Instagram post. The post said there were no injuries. The outcome could have been much worse if firefighters had been standing at the back of the truck, Battalion Chief Ken Powell told the San Jose Mercury News. "Autopilot is intended for use only with a fully attentive driver," Tesla said in a statement sent to CNBC.
Mozilla

Firefox 58 Gets Graphics Speed Boost, Web App Abilities (cnet.com) 164

Mozilla released on Tuesday a new version of its Firefox Quantum browser, boosting its graphics speed and improving a couple of new technologies designed to make the web more powerful. From a report: The browser, version 58, is the first major update since Mozilla's recovery plan hit full stride in November with the debut of Firefox Quantum. Speed is of the essence in Mozilla's recovery plan, and Firefox 58 does better than its predecessor in some graphics tasks by splitting work better across the multiple processor cores that computer chips have these days. The result should be scrolling that's smooth, uninterrupted by the stuttering that in computing circles goes by the disparaging term "jank." [...] Firefox 58 helps with two new web technologies. One, called WebAssembly, provides for dramatically faster web apps. Firefox 58 can get WebAssembly software running faster so you don't have to twiddle your thumbs waiting as long after clicking a link. Another is progressive web apps (PWAs), an initiative that came out of Google to help make the web a better match for the apps we all drop on our phones.
Software

Ask Slashdot: What Is Your View On Forced Subscription-Only Software? 586

dryriver writes: All used to be well in the world of Digital Content Creation (DCC) until two very major DCC software makers -- Adobe and Autodesk -- decided to force a monthly subscription model on pretty much every software package they make to please Wall Street investors. Important 2D and 3D DCC software like Photoshop, After Effects, Premiere, InDesign, 3DMax, Maya, and Mudbox is now only available to "rent" from these companies. You simply cannot buy a perpetual license or boxed copy for this software at all anymore, and what makes matters worse is that if you stop paying your subscription, the software locks itself down, leaving you unable to open even old files you created with the software for later review. Also annoying is that subscription software constantly performs "license validity" checks over the internet (subscription software cannot be run offline for any great length of time, or on an air-gapped PC) and the software is increasingly tied into various cloud services these companies have set up. The DCC companies want you to save your -- potentially confidential -- project files on their servers, not on your own hard disk.

There are millions of DCC professionals around the world who'd love to be able to buy a normal, perpetual, offline-use capable license for these software tools. That is no longer possible. Adobe and Autodesk no longer provide that. What is your view on this "forced subscription" model? What would happen if all the major commercial software developers forced this model on everyone simultaneously? What if the whole idea of being able to "purchase" a perpetual license for ANY commercial software went away completely, and it was subscription only from that point on?
Medicine

New Study Finds No Link Between Violent Video Games and Behavior (dailydot.com) 194

An anonymous reader quotes a report from The Daily Dot: Scientists have been investigating the impact of violent video games on behavior for more than two decades, and the results are still being debated. In a 2015 resolution on games, the American Psychological Association reported that multiple studies found a link between violent game exposure and aggressive behavior, though critics at the time questioned the findings. Now, a new study published by researchers at the University of York in the journal Computers in Human Behavior further challenges the connection.

It has long been theorized that exposure to in-game concepts like violence has a "priming" effect on players that ultimately impacts behavior, leading scientists to believe that a player exposed to in-game violence will be more susceptible to displaying such violence in real life. The new study found the exact opposite to be true in some instances. In a series of experiments with a little over 3,000 participants (more than any past study to date), university researchers found that exposure to video game concepts like violence won't necessarily impact behavior. It also found that increasing the realism of violent video games does mean aggressive behavior in gamers will increase.

Transportation

Tesla Owner Attempts Autopilot Defense During DUI Stop (arstechnica.com) 129

It turns out driving drunk is still illegal, even with a driver-assistance system active. "On Saturday, January 13, police discovered a man in his Tesla vehicle on the San Francisco-Oakland Bay Bridge," reports Ars Technica. "The San Francisco Chronicle reports that 'the man had apparently passed out in the stopped car while stuck in the flow of busy bridge traffic at 5:30pm, according to the California Highway Patrol." From the report: When police woke the man up, he assured officers that everything was fine because the car was "on autopilot." No one was injured in the incident, and the California Highway Patrol made a snarky tweet about it. Needless to say, other Tesla owners -- and people who own competing systems like Cadillac's Super Cruise -- should not follow this guy's example. No cars on the market right now have fully driverless technology available. Autopilot, Supercruise, and other products are driver assistance products -- they're designed to operate with an attentive human driver as a backup. Driving drunk using one of these systems is just as illegal as driving drunk in a conventional car.
Android

Android Can Now Tell You How Fast Wi-Fi Networks Are Before You Join Them (theverge.com) 44

Today, Google announced that Android 8.1 Oreo will now display the speed of nearby open Wi-Fi networks to help you decide whether they're even worth the effort of connecting to. The Wi-Fi settings menu will now display one of four speed labels: Very Fast, Fast, OK, or Slow. The Verge reports: The difference between Very Fast and Fast, according to Google, is that you can stream "very high-quality videos" on the former and "most videos" on the latter. Most coffee shop dwellers should be fine with the OK level, as that's enough for web browsing, social media, and Spotify streaming. Private Wi-Fi networks that require passwords don't display any speed data since it's really none of your business and Google can't randomly test them, but they do continue to indicate signal strength. Google says network administrators can also opt out of Android's Wi-Fi Assistant showing speed info by using a "canary URL."
Cloud

UK Hospitals Can Now Store Confidential Patient Records In the Public Cloud (zdnet.com) 73

The National Health Service (NHS) has given hospitals the go-ahead to store sensitive patient records in the cloud. "NHS Digital said the advantages of using cloud services include cost savings associated with not having to buy and maintain hardware and software, and availability of backup and fast system recovery," reports ZDNet. "'Together these features cut the risk of health information not being available due to local hardware failure,' said the report." From ZDNet: Rob Shaw, deputy chief executive at NHS Digital, said: "It is for individual organizations to decide if they wish to use cloud and data offshoring but there are a huge range of benefits in doing so, such as greater data security protection and reduced running costs when implemented effectively." The UK government introduced a 'cloud first' policy for public sector IT in 2013, and NHS Choices and NHS England's Code4Health initiative are already successfully using the cloud. NHS Digital's guidance said that the NHS and social care providers may use cloud computing services for NHS data, although data must only be hosted within the European Economic Area, a country deemed adequate by the European Commission, or in the U.S. where covered by Privacy Shield.
Software

Corporate Cultural Issues Hold Back Secure Software Development (betanews.com) 56

An anonymous reader shares a report: As the digital economy expands and software becomes more critical, security worries grow. In a new survey, 74 percent of respondents agree that security threats due to software and code issues are a growing concern. The study of over 1,200 IT leaders, conducted by analysts Freeform Dynamics for software company CA Technologies, finds 58 percent of respondents cite existing culture and lack of skills as hurdles to being able to embed security within processes. In addition, only 24 percent strongly agree that their organization's culture and practices support collaboration across development, operations and security. On top of cultural limitations, less than a quarter of respondents strongly agree that senior management understands the importance of not sacrificing security for time-to-market success.
Intel

Intel Urges OEMs and End Users To Stop Deploying Spectre Patch As It May 'Introduce Higher Than Expected Reboots' (intel.com) 150

Intel executive vice president Neil Shenoy said on Monday that the chip-maker has identified the source of some of the recent problems, so it is now recommended that users skip the available patches. From the blog post: We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.
Android

Yale Privacy Lab and Exodus Privacy's F-Droid Android App Store is a Replacement for Google Play That Features Only FOSS Apps That Don't Do Any Tracking (wired.com) 58

Google Play, the marquee Android apps store, is filled with apps that are riddled with hidden trackers that siphon a smorgasbord of data from all sensors, in all directions, unknown to the Android user. Not content with the strides Google has made to curtail the issue, Yale Privacy Lab has collaborated with Exodus Privacy to detect and expose trackers with the help of the F-Droid app store. From a report on Wired: F-Droid is the best replacement for Google Play, because it only offers FOSS apps without tracking, has a strict auditing process, and may be installed on most Android devices without any hassles or restrictions. F-Droid doesn't offer the millions of apps available in Google Play, so some people will not want to use it exclusively. It's true that Google does screen apps submitted to the Play store to filter out malware, but the process is still mostly automated and very quick -- too quick to detect Android malware before it's published, as we've seen. Installing F-Droid isn't a silver bullet, but it's the first step in protecting yourself from malware.
The Media

LWN.Net Celebrates Its 20th Birthday (lwn.net) 24

Free software/Linux news site LWN.net just celebrated its 20th birthday, with publisher Jonathan Corbet calling the last two decades "an amazing journey." LWN published the first edition of their weekly newsletter on January 22, 1998, and Corbet (who also contributes to the Linux kernel) writes today that "It has been quite a ride. We in the free-software community set out to change the world, and we succeeded beyond our wildest expectations."

Here's how he described their second edition the next week... We were arguably helped by the lead news in that edition: Netscape's decision to open-source its "Communicator" web browser. That quickly brought the world's attention to open-source software, though that term would not be invented for a few months yet, and to Linux in particular. LWN was a shadow of what it is now, but it was evidently good enough to ride on that wave and establish itself as a part of the Linux community.
Corbet reviews the highlights. ("Companies discovered our little hobbyist system and invested billions into it, massively accelerating development at all levels of the system...") But he also adds that "Through all of this, we also got to learn some lessons about successfully running a community information source on the net." For the last 16 years the site has supported itself with $7.00-a-month subscriptions, offering early access to their Weekly Edition plus subscriber-only mailing lists, "allowing our content to quickly become part of the community record."

Plus, through events around the world, "we have met -- and become friends with -- many of our readers and many people in the community as a whole. This community is an amazing group of people; it has been a honor and a joy to be a part of it..."

"The free-software community's work is not done, and neither is ours. "
Graphics

Can A New Open Photo File Format Replace JPEGs? (cnet.com) 259

Got lossless compression? An anonymous reader quotes CNET: Google, Mozilla and others in a group called the Alliance for Open Media are working on a rival photo technology. In testing so far, the images are 15 percent smaller than Apple's HEIC photo format, said Tim Terriberry, a Mozilla principal research engineer working on the project. But smaller sizes are just the beginning... it's got a strong list of allies, an affinity for web publishing and modern features that could make it the best contender yet for overcoming JPEG's 1990s-era shortcomings... JPEG isn't just limited by needlessly large file sizes. It's also weak when it comes to supporting a wider range of bright and dark tones, a broader spectrum of colors, and graphic elements like text and logos...

The HEIC's new rival is from the Alliance for Open Media, a group whose top priority is a video compression technology called AV1 that's free of patent licensing requirements. It's got heavy hitters on board, including top browser makers Google, Microsoft, Mozilla and the most recent new member, Apple -- though Apple's plans haven't been made public. And it's got major streaming-video companies, too: Netflix, Amazon, Hulu, Facebook, videoconferencing powerhouse Intel and Google's YouTube. And with the support of chip designers Intel, Nvidia and Arm, AV1 should get the hardware acceleration that's crucial to making video easy on our laptop and phone batteries.

To use Apple's HEIC, "makers of software, processors and phones must jump through a lot of hoops to license patents," which CNET predicts "means HEIC will have trouble succeeding on the web: patent barriers are antithetical to the web's open nature."
Crime

Church Elder/'Jeopardy' Champion Charged With Computer Crimes (mlive.com) 102

Stephanie Jass, a record-setting, seven-time winner on Jeopardy, has been charged with two felonies for accessing the email accounts of two executives at the college where she worked as an assistant professor. An anonymous reader quotes MLive: Jass was able to access the accounts because of an April 24 issue with the college email system, hosted by Google. Frank Hribar, vice president for enrollment and student affairs, said there was network outage caused by loss of power. On April 25, users received a text message with a generic, standard passcode: "Please attempt to login to Gmail using this password. You should be prompted to change password after login..." Not everyone, however, was prompted to do so. Some did make the change using a tutorial. Some received an error and were unable to create a new password, the timeline states. Others did not alter the password at all. The method "worked just fine, had there not been manipulation of the system," said Hribar...

Jass, 47, of Tecumseh was charged in December with unauthorized access to a computer, program or network, and using a computer to commit a crime, both felonies... On May 5, the college deactivated Jass' email account and access to all other college software. The locks to her office door were changed and her desktop computer was confiscated, according to the timeline.

The police report "indicates Jass accessed emails while using an internet network at First Presbyterian Church of Tecumseh, where she served as an elder."
Nintendo

Nintendo's Newest Switch Accessories Are DIY Cardboard Toys (theverge.com) 75

sqorbit writes: Nintendo has announced a new experience for its popular Switch game console, called Nintendo Labo. Nintendo Labo lets you interact with the Switch and its Joy-Con controllers by building things with cardboard. Launching on April 20th, Labo will allow you to build things such as a piano and a fishing pole out of cardboard pieces that, once attached to the Switch, provide the user new ways to interact with the device. Nintendo of America's President, Reggie Fils-Aime, states that "Labo is unlike anything we've done before." Nintendo has a history of non-traditional ideas in gaming, sometimes working and sometimes not. Cardboard cuts may attract non-traditional gamers back to the Nintendo platform. While Microsoft and Sony appear to be focused on 4K, graphics and computing power, Nintendo appears focused on producing "fun" gaming experiences, regardless of how cheesy or technologically outdated they me be. Would you buy a Nintendo Labo kit for $69.99 or $79.99? "The 'Variety Kit' features five different games and Toy-Con -- including the RC car, fishing, and piano -- for $69.99," The Verge notes. "The 'Robot Kit,' meanwhile, will be sold separately for $79.99."
Security

Top Bug Hunters Make 2.7 Times More Money Than an Average Software Engineer (bleepingcomputer.com) 67

An anonymous reader shares a report: A survey of 1,700 bug bounty hunters registered on the HackerOne platform reveals that top white-hat hackers make on average 2.7 times more money than the average salary of a software engineer in the same country. The reported numbers are different for each country and may depend on a bug bunter's ability to find bugs, but the survey's results highlight the rising popularity of bug hunting as a sustainable profession, especially in less developed countries, where it can help talented programmers live a financially care-free life. According to HackerOne's report, it pays to be a vulnerability researcher in India, where top bug hunters can make 16 times more compared to the average salary of a software engineer. Other countries where bug hunting can assure someone a comfortable living are Argentina (x15.6), Egypt (x8.1), Hong Kong (x7.6), the Philippines (x5.4), and Latvia (x5.2).
Google

Google Moves To Debian For In-house Linux Desktop (zdnet.com) 142

Google has officially confirmed the company is shifting its in-house Linux desktop from the Ubuntu-based Goobuntu to a new Linux distro, the DebianTesting-based gLinux. From a report: Margarita Manterola, a Google Engineer, quietly announced Google would move from Ubuntu to Debian-testing for its desktop Linux at DebConf17 in a lightning talk. Manterola explained that Google was moving to gLinux, a rolling release based on Debian Testing. This move isn't as surprising as it first looks. Ubuntu is based on Debian. In addition, Google has long been a strong Debian supporter. In 2017, Debian credited Google for making [sic] "possible our annual conference, and directly supports the progress of Debian and Free Software." Debian Testing is the beta for the next stable version of Debian. With gLinux, that means it's based on the Debian 10 "Buster" test operating system. Google takes each Debian Testing package, rebuilds it, tests it, files and fixes bugs, and once those are resolved, integrates it into the gLinux release candidate. GLinux went into beta on Aug. 16, 2017.
Wireless Networking

Google Releases Fix For Chromecast Wi-Fi Crashes (zdnet.com) 32

An anonymous reader quotes a report from ZDNet: Google on Wednesday said it will release an update Jan. 18 to fix a bug in Cast software on Android phones that dramatically slows down WiFi networks. Reports have been circulating this week that the Google Home Max speaker can knock the TP-Link Archer C7 router offline. In a support page, Google explains a bug caused the Cast software that connects with Chromecast devices to send a large amount of network traffic routers can't handle. Google said the update will roll out via a Google Play services update. Until the update is released, Google advises users to try rebooting their Android phone, and check that their WiFi router is updated with the latest firmware. Google didn't list specific routers impacted by the bug, but reports have indicated routers from Linksys and Synology are seeing network crashes as well.
Australia

Lifesaving Drone Makes First Rescue In Australia (yahoo.com) 45

Zorro shares a report from Yahoo News: A pair of Australian swimmers on Thursday became the first people to be rescued in the ocean by a drone when the aerial lifesaver dropped a safety device to distressed teens caught in rough seas. In what is believed to be a world-first drone surf rescue, two boys on Thursday got caught in three-meter (10-foot) swells while swimming off Lennox Head in New South Wales, near the border with Queensland. Beachgoers onshore raised the alarm to the lifeguards who then alerted the drone pilot, and the aerial lifesaver was deployed in moments.

Along with their ability to spot swimmers in trouble and deliver life saving devices faster than traditional lifesaving techniques, like launching surfboards or rubber dinghies, drones are being used in Australia to spot underwater predators like sharks and jellyfish. Artificial intelligence is being developed using thousands of images captured by a drone camera to build an algorithm that can identify different ocean objects. The software can differentiate between sea creatures, like sharks which it can recognize with more than 90 percent accuracy, compared to about 16 percent with the naked eye.

Security

'Text Bomb' Is Latest Apple Bug (bbc.com) 60

An anonymous reader quotes a report from the BBC: A new "text bomb" affecting Apple's iPhone and Mac computers has been discovered. Abraham Masri, a software developer, tweeted about the flaw which typically causes an iPhone to crash and in some cases restart. Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug -- even if the recipient did not click the link itself. Mr Masri said he "always reports bugs" before releasing them. Apple has not yet commented on the issue. On a Mac, the bug reportedly makes the Safari browser crash, and causes other slowdowns. Security expert Graham Cluley wrote on his blog that the bug does not present anything to be particularly worried about -- it's merely very annoying. After the link did the rounds on social media, Mr Masri removed the code from GitHub, therefore disabling the "attack" unless someone was to replicate the code elsewhere.

Slashdot Top Deals