SoylentNews

Blackmoore writes:

Der Spiegel and The Intercept have just released more leaked NSA documents, this time covering the surveillance of foreign officials. This is the sort of thing we expect the NSA to be doing, although perhaps without targeting our allies. (Germany's Angela Merkel is on the list, something that will come as no surprise to anyone.)

One undated document shows how British GCHQ operatives hacked into the computer servers of the German satellite communications providers Stellar and Cetel, and also targeted IABG, a security contractor and communications equipment provider with close ties to the German government. The document outlines how GCHQ identified these companies' employees and customers, making lists of emails that identified network engineers and chief executives. It also suggests that IABG's networks may have been "looked at" by the NSA's Network Analysis Center.

With all the announcements we've made today, and all the muffin and bacon drama, we've taken a break to roll out a new retro entertainment feature for the community, a MUD. If you're not familiar with the concept, a MUD is a text-based RPG, hosted online and free to play. This MUD, called SoylentMud for the time being, is available via telnet at mud.soylentnews.org, port 9000. It is based on the ROM source code, that being what I am most familiar with, and is entirely programmed in C.

We've added this feature because we want soylentnews.org to be a one-stop hub for all your nerd news and interaction. It is integrated with our IRC Network, allowing users on the MUD to chat with our IRC users, and vice versa, if desired. We'd like to offer the community a variety of outlets for interaction, and this seemed to be a good addition.

Historically, MUDs were pretty popular among nerds in the 1990s, and were the predecessors to the MMORPGs we now see everywhere. Additionally, most MUD source code was freely available on the internet for anyone to download and use, albeit with some weird licensing restrictions, such as having to send an email to a 24-year old account that no longer works.

It is pretty primitive and generally straight-out-of-the-box, last updated in 1998 (aside from my IRC port, which is largely based on sic), so stay tuned for updates. We will probably pursue running a completely FOSS MUD at some point, so feedback on that would be useful.

Telnet, while fully functional and the "best" client for the completely retro experience, isn't exactly the best client for actually playing MUDs though, so I recommend you pick up a dedicated MUD client, such as the FOSS client Mudlet. (Sourcecode available here. There is one known bug I've encountered, see here for the fix for login.) Using a dedicated client should allow you to use the color codes embedded in the software, as well as allow you to use triggers, one-keyclick commands, mapping, and the like. This will enhance the gaming experience, but isn't required to play.

NCommander adds: Although not open source, DikuMUD is an interesting piece of history, and despite its non-free license, I feel that users should have the ability to experience this living relic first hand. I have a hobby in software archaeology, and I'd like to build a collection of games and other software that time has more or less forgotten. At some point, I'd like to setup an actual games server hosting relics such as the original Rogue or Hunt the Wumpus. If possible, I'd like to see if we could recover the source to some of the old BBS games and host those as well.

• SoylentNews (this page): http://7rmath4ro2of2a42.onion
• Development Site: http://skgmctqnhyvfava3.onion
• Wiki: http://kvs3xgkasyoqd4hx.onion
• Site Status: http://kvs3xgkasyoqd4hx.onion

Since these services are accessible directly in the Tor Network, and do not need to pass through an exit node, it should be considerably faster to access SoylentNews via the onion links than going through directly. There are a couple of caveats you should be aware of though using this service.

Open4D writes:

Pipedot has picked up on this remarkable New Scientist article: "Gunshot victims to be suspended between life and death."

From the article:

Doctors will try to save the lives of 10 patients with knife or gunshot wounds by placing them in suspended animation, buying time to fix their injuries. ... The technique involves replacing all of a patient's blood with a cold saline solution, which rapidly cools the body and stops almost all cellular activity. ... At lower temperatures, cells need less oxygen because all chemical reactions slow down. This explains why people who fall into icy lakes can sometimes be revived more than half an hour after they have stopped breathing. ... The technique was first demonstrated in pigs in 2002.

The surgeon leading the trial (who apparently prefers to avoid the term "suspended animation") says he "eventually hopes to extend the technique to other conditions." I'm not surprised. Isn't the potential here enormous?

And the ethical issues are interesting in their own right. These are discussed towards the end of the article, and in this separate (self-contradictory) opinion piece (which appeared in print under the headline "Opt out is a cop-out").

Blackmoore writes:

SN reported last week the story of a search by Microsoft through a reporter's Hotmail account looking for evidence of stolen IP, which resulted in quite a bit of criticism for Microsoft's heavy-handed approach.

Mike Masnick at TechDirt reports that Microsoft and its legal team took the criticism seriously. Microsoft's General Counsel Brad Smith has now put out a new blog post announcing a complete change in policy, promising that it will not unilaterally look through any Microsoft user's content in search of "stolen" intellectual property. If such a search is thought necessary they will refer the matter to Law Enforcement.

Blackmoore writes:

Cory Doctorow at bOing bOing reports Newly disclosed documents from the trove Edward Snowden provided to journalists reveal the existence of the Nymrod database that listed 122 world leaders, many from nations friendly to the USA, that were spied upon by the NSA. Included in the list is German Chancellor Angela Merkel, who was already known to have been wiretapped by the NSA thanks to an earlier disclosure. Nymrod's "Target Knowledge Database" combed through the NSA's pool of global intercepts to amass dossiers of private communications emails, faxes, calls and Internet traffic related to the leaders.

Blackmoore writes:

Linux 3.14 has been released on Sun, 30 Mar 2014.

Prominent Features:

• Deadline scheduling class for better real-time scheduling
• zram: Memory compression mechanism considered stable
• Btrfs: inode properties
• Trigger support for tracing events
• Userspace probes access to all arguments
• Userspace locking validator
• Kernel address space randomization
• TCP automatic corking
• Antibufferbloat: "Proportional Integral controller Enhanced" packet scheduler.

lhsi writes:

The UK 's Pirate Party have raised concerns with how the City of London Police are acting with their "online database of websites 'verified' as being illegal with the aim of online advertisers using the database to restrict where their adverts will be displayed."

Exactly who verifies sites as being illegal and by which jurisdiction; how to work out if you are on this list, which will not be made public; and more importantly how to be removed from the list if inaccurately put on it is not yet clear. If the process is anything like the current censorship of pirate sites it will involve uncontested court rulings where the supposedly offending site isn't present to defend their legitimacy.

A pilot scheme saw only a 2% reduction in advertising from major household brands which makes it unclear how effective this initiative will be. However for any advertisers that utilise the list it will remove valuable and legitimate means for them to direct their desired customers towards their own legal products.

NCommander adds: This is, to my knowledge, the first time an ARM GPU has an open source driver able to run openarena. The article or blog isn't clear if this is running through X or talking to the framebuffer directly, but in either case, a huge win for the RPi guys in getting closer to a fully opensource system.

NCommander also adds: Proven wrong, the ARM Mali GPU family has open drivers which run openarena no problem. Here's hoping for a more open GPU drivers in the future.

Blackmoore and gishzida both write:

A Reuters story claims that a group of professors from Johns Hopkins, the University of Wisconsin, the University of Illinois and elsewhere now say they have discovered that a second NSA tool exacerbated the RSA software's vulnerability. The professors found that the tool, known as the "Extended Random" extension for secure websites, could help crack a version of RSA's Dual Elliptic Curve software tens of thousands of times faster. From the story:

While Extended Random was not widely adopted, the new research sheds light on how the NSA extended the reach of its surveillance under cover of advising companies on protection.

RSA, now owned by EMC Corp, did not dispute the research when contacted by Reuters for comment. The company said it had not intentionally weakened security on any product and noted that Extended Random did not prove popular and had been removed from RSA's protection software in the last six months. "We could have been more skeptical of NSA's intentions," RSA Chief Technologist Sam Curry told Reuters. "We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure." Curry declined to say if the government had paid RSA to incorporate Extended Random in its BSafe security kit, which also housed Dual Elliptic Curve.

An NSA spokeswoman declined to comment on the study or the intelligence agency's motives in developing Extended Random.

NCommander adds: This was also submitted by chloride, who added this note:

Interestingly, OpenSSL would be very vulnerable to attack, were it not for an easily-fixed bug that prevented the library from running if Dual EC was enabled. Also interesting, one of the authors of Extended Random, Eric Rescorla, works at Mozilla and is a member of the Web Applications Security Working Group at W3C.

The controversy around Mozilla's new CEO Brendan Eich continues. Eich made a personal $1000 donation to California's Yes on Proposition 8 campaign in 2008. Now, dating site OkCupid has started redirecting Firefox users to a page explaining Eich's views against marriage equality, and asking users to switch to IE, Chrome, or Opera.

The page states:

If individuals like Mr. Eich had their way, then roughly 8% of the relationships we've worked so hard to bring about would be illegal. Equality for gay relationships is personally important to many of us here at OkCupid. But it's professionally important to the entire company. OkCupid is for creating love. Those who seek to deny love and instead enforce misery, shame, and frustration are our enemies, and we wish them nothing but failure.

Visitors are then provided links to alternative browsers, or they can continue to the site by clicking a hyperlink at the bottom of the page.

Blackmoore writes:

Joe Mullin at Ars Technica writes that the US Supreme Court is keen to get a legal grip on patent trolling. "The Supreme Court's decision in this case - or indecision - matters. The court is aware of patent trolls, and it seems to genuinely dislike them. The justices also seem aware that Bilski did not do the job, and they want to devise some legal means of executing patents they don't like. The question then becomes "how?"

In theory, the Court could go so far as to simply say software is not patentable. That's a very unlikely outcome, but it can't be ruled out entirely. The tiny possibility of such an outcome has spurred companies that favor software patents - including Microsoft, Adobe, and IBM - to file briefs focused on their importance. (While these companies extol software patents as a general category, no one defends Alice's patents.)

Internet companies, meanwhile, are trying to steer the court's attention to the harm caused by vague software patents. A pointed, 12-page brief filed by LinkedIn, Twitter, Yelp, Newegg, Netflix, Rackspace, and several smaller software companies does not go so far as to call for the abolition of patents on software, but it makes the signors' (sic) distaste for them crystal clear. "Innovation happens despite software patents, not because of them," states that brief, written by Stanford professor and patent litigator Mark Lemley.

• Mod points won't roll back after a post
• Moderators can post in the same discussion (either before or after moderating), but can not moderate replies to their posts.

I've heard various ideas such as limiting it only after mods have expended their points (this will require implementing a cooldown to prevent a user from getting points again too soon). I want to hear your feedback, and I'll roll together something for the next major update of the site. Leave your comments

Blackmoore writes:

Cory Doctrow at bOing bOing reports a demonstrated attack against Google Maps which took place about a month ago, through which it was possible to set up fake Secret Service offices in the company's geo-database, complete with fake phone numbers that rang a switch under his control and then were forwarded to real Secret Service offices, allowing him to intercept and record phone-calls made to the Secret Service (including one call from a police officer reporting counterfeit money). From the story:

As Dune Lawrence points out, this is a higher-stakes version of a common spam-attack on Google Maps practiced by locksmith, carpet cleaning, and home repair services. Spammers flood Google Maps with listing for fake "local" companies offering these services, and rake in high commissions when you call to get service, dispatching actual local tradespeople who often charge more than you were quoted (I fell victim to this once, when I had a key break off in the lock of my old office-door in London and called what appeared to be a "local" locksmith, only to reach a call-center who dispatched a locksmith who took two hours to arrive and charged a huge premium over what I later learned by local locksmiths would have charged).

A detailed post by Dan Austin describes this problem, points out that Google is more than four years late in delivering promised fixes to the problem, and offers solutions of his own. He suggests that the high Google Adwords revenue from spammy locksmiths and other services is responsible for the slow response to the problem.

• CSS and UI revamps, including a much cleaner user control panel
• Submissions now get properly formatted from the get go
• Lameass filter now reports why you're lame
• REDACTED
• REDACTED
• REDACTED
• REDACTED

You can download the latest hot piping tarballs here

The muffin has granted me a sliver of free will to talk about our update and upgrade policies.

mrbluze writes:

On the basis of a study published in the International Journal of Environmental Research and Public Health proposing a causal link between Glyphosate use and kidney injury, Sri Lanka has banned the use of the chemical. The proposed mechanism of injury is by the chelation of metal ions naturally present in the soil which are then concentrated in the ground water, posing a health hazard. The study states:

Although there is no agreement among scientists about the etiology of the disease, a majority of them has concluded that this is a toxic nephropathy. None of the hypotheses put forward so far could explain coherently the totality of clinical, biochemical, histopathological findings, and the unique geographical distribution of the disease and its appearance in the mid-1990s. A strong association between the consumption of hard water and the occurrence of this special kidney disease has been observed, but the relationship has not been explained consistently.

Here, we have hypothesized the association of using glyphosate, the most widely used herbicide in the disease endemic area and its unique metal chelating properties. The possible role played by glyphosate-metal complexes in this epidemic has not been given any serious consideration by investigators for the last two decades. Furthermore, it may explain similar kidney disease epidemics observed in Andra Pradesh (India) and Central America. Although glyphosate alone does not cause an epidemic of chronic kidney disease.

We're going to be making the first major upgrade to slashcode since the site went live tonight. We're scheduling one hour of downtime from 02:00 UTC to 03:00 UTC to do the upgrade. During this time, we'll leave varnish running so the main index and article pages will be visible, but attempts to post or access uncached pages will generate Guru Mediation errors. I'll bump this post to the top of the index just before we go offline

During this time, IRC will remain available. If there are unexpected issues, we'll update our new status page with our status. I'll have a changelog written up and posted within the next 24 hours.

[Downtime will be from: 22:00 Eastern Daylight Time, 03:00 British Summer Time, 11:00 Japan Standard Time]

NCommander adds: Bumping this to the top of the queue again as we're going down in less than an hour.

paulej72 adds: Update is done. Please submit any new bugs here.