Join our Folding@Home team:
Main F@H site
Our team page
Support us: Subscribe Here
and buy SoylentNews Swag
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
Common Vulnerabilities and Exposures (CVE) is a standard identifier for referencing known security vulnerabilities in the information security world. The identifiers are broadly used in security products such as vulnerability scanners, providing a convenient way of cross-referencing data between various tools and databases. For most of its existence, the CVE Identifier for any given vulnerability has been in the format CVE-YYYY-NNNN, where YYYY is the year the identifier was assigned, and NNNN is an incrementing fixed-width number that restarts every year.
Because the time is fast approaching where there will be more than 10,000 CVE Identifiers assigned in a year, the CVE Identifier syntax has been updated to support variable-length numbers which is likely to pose a problem for applications which have not been updated to permit more than 4 digits in the identifier. The change was adopted in July of last year, taking effect on January 1, 2014.
Personally, it sometimes feels to me that CVE identifiers are being wasted on silly things like esoteric mobile apps, but I concede that running out of numbers is an inevitability regardless of the editorial stance of the CVE Editorial Board.
Ars Technica brings us some good news out of the FCC - Sorry, AT&T and Verizon: 4Mbps isn’t fast enough for “broadband”
Contrary to what AT&T and Verizon would have you believe, FCC Chairman Tom Wheeler today said 4Mbps is too slow to be considered broadband and that Internet service providers who accept government subsidies should offer at least 10Mbps.
Last week, we reported on AT&T and Verizon urging the FCC to abandon a proposal that would redefine broadband download speeds from 4Mbps to 10Mbps. If the standard is raised, ISPs that accept government subsidies to build networks in hard-to-reach rural areas would have to provide the higher speed. AT&T and Verizon argued that 4Mbps is good enough, but Wheeler said otherwise today at a hearing in front of the US House Committee on Small Business.
So a small bit of good news, but do these huge companies even deserve subsidies? Why not just tell them that "if you don't include rural America; we'll break you up?"
The Register has found itself subject to a certain amount of criticism for this author's skepticism ( Richard Chirgwin http://www.theregister.co.uk/Author/2242 ) regarding whether the NSA has been snooping on optical fibre cables by cutting them.
Glenn Greenwald's recent “NSA cut New Zealand's cables” story is illustrative of credibility problems that surround the ongoing Edward Snowden leak stories: everybody is too willing to accept that “if it's classified, it must be because it's true”, and along the way, attribute super-powers to spy agencies.
In running the line that undersea cables were cut, Greenwald is straying far enough from what's feasible and credible that his judgement on other claims needs to be questioned. It seems to The Register almost certain that neither Glenn Greenwald nor Edward Snowden have actually held a submarine fibre cable in their hands.
http://www.theregister.co.uk/2014/09/18/spies_arent_superheroes/
Do you think that it is credible that these undersea fibre cables were tapped when it is easier to tap onshore installations?
Andrea Germanos, at Common Dreams - USDA's Greenlighting of 'Agent Orange' Crops Sparks Condemnation
Following widespread outcry, Dow's new genetically engineered corn and soybeans get approval.
The U.S. Department of Agriculture's decision this week to approve two new genetically engineered crops is being denounced by watchdog groups as a false solution to herbicide-resistant weeds and a move that threatens human and environment safety alike.
The crops are Dow AgroSciences' Enlist corn and soybeans, engineered to be resistant to its Duo herbicide, which contains 2,4-D, a component of the notorious Agent Orange. 2,4-D has been linked to Parkinson's, birth defects, reproductive problems, and endocrine disruption. Dow states that the new system will address the problem of weeds that have become resistant to glyphosate, the active ingredient in Monsanto's widely-used Roundup.
...
“Farmers have been sold the lie that they can increase yields and prevent crop failure from weeds by buying Monsanto’s and Dow’s GMO seeds and dousing them in toxic poisons, also manufactured and sold by Monsanto and Dow," Cummins continued. "But just as scientists predicted, these 'miracle' crops are evolving to resist the poisons thrown on them, causing the USDA and the EPA to approve increasingly toxic poisons to fight increasingly resistant weeds. Where does the escalation end?"
So I think I'm gonna go buy a farm and plant some heirloom crops. If I can't trust the food i buy to not poison me; who should I trust?
The Developer Console for the Google Play Store has a notification that from the 30th September, all listing will require a physical address to be shown on the app details page. The notification states:
Add a physical contact address Beginning September 30, 2014, you need to add a physical address to your Settings page. After you've added an address, it will be available on your app's detail page to all users on Google Play. If your physical address changes, make sure to update your information on your Settings page.
If you have paid apps or apps with in-app purchases, it's mandatory to provide a physical address where you can be contacted, as you are the seller of that content, to comply with with consumer protection laws. If you don't provide a physical address on your account, it may result in your apps being removed from the Play Store.
Thus far there have been no explanation for the requirement, with some speculation that it may be to satisfy a legal requirement for merchants to provide a physical address, with some concerned about how it could impact independent developers.
When coffee leaf rust—which was first spotted in East Africa in the 1860s—made it to South America in the 1970s, Colombia's national coffee research center, Cenicafé, was already a decade into its rust resistance breeding program.
The rust, called roya in Spanish, is a fungus (Hemileia vastatrix) that is highly contagious due to airborne fungal spores. It affects different varieties, but the Arabica beans are especially susceptible. Rainy weather worsens the problem. The rust typically enters the coffee leaf via the stomata.
Their methods were traditional cross, breeding, planting, evaluating rust resistance, comparing taste and aroma. It was a long and arduous process, sometimes taking 25 years to develop a cultivar that was rust resistant. Still, Cenicafé succeeded with two cultivars, Colombia (in 1980) and Castillo (in 2005) that have been reasonably rust resistant.
Now ScienceMag is reporting that sequencing the genome of major Coffee families is shortening this development cycle by documenting those coffee genes that provide resistance. At the same time the sequencing of rust genes has identified those elements of its genome that are involved in gaining entry into the coffee leaf.
By selecting coffee for cross breeding with a map of the genome in hand, and analyzing the genome of the resultant plant, they can shorten the 25 year development cycle down to less than a year, without having to wait until the trees mature.
Unlike genetically modifying seed to tolerate pesticides, this method of selecting for the most resistant strains does not require the use of pesticides.
"Coffee farms the world over are still planting susceptible cultivars that increasingly require pesticides to fend off disease. This heavy application of pesticides is irresponsible", Álvaro Gaitán, a plant pathologist at Colombia's national coffee research center, says, "especially on small-holder farms like the ones dotting Colombia. "Every time you recommend the use of a pesticide you're exposing the farm family, too, because they live very close to these fields," he says. "And many of these coffee diseases are controlled by natural enemies of the fungus. You don't want to kill those off."
The US government will be offering a 5 million dollar aid package in partnership with Texas A&M Coffee Research Center to combat the fungus.
There's an interesting paper on an Ambient Temperature Power Harvester, which was presented at The ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp):
...we present a thermal power harvester that utilizes naturally changing ambient temperature in the environment as the power source. In contrast to traditional thermoelectric power harvesters, our approach does not require a spatial temperature gradient; instead it relies on temperature fluctuations over time, enabling it to be used freestanding in any environment in which temperature changes throughout the day.
This design is inspired by the Atmos Clock, a 17th century clock design, which contains a small expansion chamber, and uses the expansion and condensation of a gas to make a small mechanical motion. There are details on How the Atmos Clock works, and the history of the clock. The original clock used the motion for mechanical winding, where this design converts the motion to electrical energy, and provides:
...the ability to power a sensor node, transmit sensor data wirelessly, and update a bistable E-ink display
after as little as a 0.25 °C ambient temperature change.
The paper itself is a available for download as a five page PDF, and there's a simple demonstration video of the device.
Reported at New Scientist, with earlier stories from Nanowerk and The University of Washington.
Today the Ig Nobel Prizes 2014 were awarded. Among the winning topic were
and some others you always wanted to know more about. Have fun :-)
The Enlightenment desktop's development team reports:
The E19 Release Cycle has concluded. Thanks to everyone who helped along the way.
Major changes since the last stable release include:
Features:
- greatly improved wayland support
- E_WL_FORCE environment variable for forcing output types
- e_uuid_store: Add infrastructure to store window/surface properties.
- Add a tiling profile.
- per-screen desklock logo visibility config
- Tiling: Merge the tiling module rework..
- check udisks1 DevicePresentationHide flag
- ACTIVATE_EXCLUDE window active hint policy
- show video resolution in filepreview widget
- add fileman option to clamp video size for video previews
- handle xrandr backlight using a single, accurate handler
- blanking options for wakeup on events (urgent + notify)
- packagekit module for package manager integration
- ibar now optionaly triggers its menu on mouse in
- selective redirection toggling
- new focus option "raise on revert focus"
- add PIN-style desklock for lokker module
- make desklock hookable, break out current desklock into module, move pam stuff to separate file
- revive personal desklock passwords
- allow moveresize visuals to be replaced
- allow desk flip animations to be handled completely externally
- E16-style live pager returns!
- comp config is no longer a module
- E_FIRST_FRAME env variable
- new compositor API
- add E_MODULE_SRC_PATH for setting current module src path without needing to install modules
- use non-recursive makefiles for entire build system
Improvements:
- filemanager popups no longer span multiple monitors
- system operations no longer dim screen until action has begun
- window stacking and focus restore is more accurate across restarts
- gstreamer1 is now used for media previews
- improved multiple monitor setup reliability
- shaped windows now render more accurately
Phoronix notes
The Enlightenment E19 update is a huge upgrade over E18 or E17, especially if you're an early Wayland adopter.
Well, I'm sure we've all seen the news by now that Apple has discontinued the iPod Classic. Which means they no longer offer any dedicated MP3 players with more than 64GB of storage.
My father has been using the iPod Classic for many years, and has over 100GB in his music collection at the moment, so he's been asking me for some advice on what he could buy once his current Classic eventually dies. And frankly, I can't find much! Cowon has a few models with enough storage, but those are all essentially miniature Android tablets. It's a potential solution, but it would be nice to have something with actual hardware controls rather than just a single touch screen since he mostly uses it while driving or at the gym. Something like the Sansa Clip might work, as it does have an SD card slot, but the interface looks like it would be pretty painful if you have more than a dozen or so albums.
Does anyone still manufacture anything comparable to the iPod Classic?
"We recommend that you upgrade your apt packages." with apt of course... (via https://twitter.com/ioerror)
https://www.debian.org/security/2014/dsa-3025
"It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490)."
Systemd has turned into the Godzilla of Linux controversies. "Everywhere you look it's stomping through blogs, rampaging through online discussion threads, and causing white-hot flames that resemble Godzilla's own breath of death," writes Jim Lynch. Now Sam Varghese reports at iTWire that although Linus Torvalds is well-known for his strong opinions, when it comes to systemd, Torvalds is neutral. "When it comes to systemd, you may expect me to have lots of colorful opinions, and I just don't," says Torvalds. "I don't personally mind systemd, and in fact my main desktop and laptop both run it."
Oh, there's been bitter fights before. Just think about the emacs vs vi wars. Or, closer to systemd, the whole "SysV init" vs "BSD init" differences certainly ended up being things that people had "heated discussions" about. Or think about the desktop comparisons.
I'm not really sure how different the systemd brawls are from those. It's technical, but admittedly the systemd developers have also been really good at alienating people on a purely personal level too. Not that that is anything particularly new under the sun _either_: the (very) bitter wars between the GPL and the BSD license camps during late-80s and early-90s were almost certainly more about the persons involved and how they pissed off people than necessarily deeply about other differences (which existed, obviously, but still).
Torvalds was asked if systemd didn't create a single point of failure which makes a system unbootable if it fails. "I think people are digging for excuses. I mean, if that is a reason to not use a piece of software, then you shouldn't use the kernel either."
On September 14th 2014, a massive fireball streaked across the skies over the northeastern USA. Reports said that for a brief moment it was brighter than the full moon, bright enough to cast shadows on the ground, and visibly broke up. Hundreds of reports show this meteor traveling across Pennsylvania, New Jersey, and New York; with it being visible as far away as North Carolina, Illinois, and New Hampshire.
Are there any Soylents here who saw it? Have you ever seen a fireball? How about a meteor shower or even a meteor storm? Maybe the Aurora Borealis? What is your most memorable astronomical observation?
Gigaom reports that Apple may have received an order under Section 215 of the USA Patriot Act. The death of Apple's Patriot Act canary is a notable change since Apple's first Transparency Report back in 2013.
The Government Accountability Office released a report Thursday on the security of the Federal Health Care website, through which millions of Americans bought coverage under the health law last year and which millions more will be urged to use. [Summary, highlights (pdf), full report (pdf), full report (text-only).]
The GAO said the Centers for Medicare & Medicaid Services (CMS) failed to ensure system-security plans were complete and was relying on a draft data-use agreement with a contractor tasked with verifying users' identities.
Moreover, the CMS skipped some assessments of privacy risks and didn't perform comprehensive security testing of the Healthcare.gov system that used all of the security controls specified by the government ahead of the site's launch. Testing remained incomplete as of June 2014, GAO said.
As a freelancer, Obamacare is literally the best thing the federal government has done for me in ages. I will be signing up for coverage this fall. But the system's security has always been a big concern for me, particularly since I "know how the sausage is made" in the industry. I hope this publicity will lead to significant improvements. I think their system may be one of the most attractive targets for identity thieves on the internet. They won't get credit-card numbers, but there is so much personal information that goes into those systems that they are practically the keys to kingdom. So attractive that I find it hard to believe that the systems aren't already fully compromised and we are just waiting for the other shoe to drop.
Kaiser Health News provides, for each of several publications, a summary paragraph and a link to the full article. It is quite interesting to see how each publication puts a different spin on the same material.
On the technical side, are there any Soylents with first-hand information on the site's development they'd like to share, or, in developing software for a major bureaucracy, in general? What are the greatest impediments you've found to "getting it right?"