SoylentNews

An Anonymous Coward writes:

As reported here at Soylent News some time ago, the Haskell programming language project's deb.haskell.org Debian build server was compromised. It is now over a week later, but the project's server status page still hasn't seen any additional updates posted.

At the time of submission, the latest update shown is the one from February 15, 2015:

February 15, 2015 1:07AM CST
February 15, 2015 7:07AM UTC
[Investigating] deb.haskell.org has been compromised; dating back to February 12th when suspicious anomalies were detected in outgoing traffic. `deb.haskell.org` was already offline and suspended shortly after these traffic changes were detected by the host monitoring system, meaning the window for package compromise was very very small.
We're continuing to investigate the breach and the extent to which it might have spread.

This lack of information will no doubt be concerning to any security-conscious individual, and will leave such an individual with many questions: Why is this investigation taking so long? Is the investigation still actually happening? Why are we not getting more frequent updates? Is there any risk that the other servers of the Haskell project have been compromised? Why is it taking so long to get a rebuilt Debian build system put together? Were any Debian packages compromised? Is there any risk to anyone who may have used these Debian packages recently?

Regardless of the answers to such questions, it is becoming clearer on a daily basis that these answers are needed, and needed quickly. Uncertainty is never a good thing when security is involved, and the reputation of Haskell will suffer if more information about this breach isn't presented to the community.

Rliegh writes:

Security research performed by GFI found the UNIX-certified OS X operating systems to contain more security vulnerabilities than Windows and and Linux-based Android. This is contrary to the popular wisdom that OSX's obscurity makes it a less attractive target for hackers. This, of course, has wide implications for users of IOS-based devices such as ipads and iphones. While it's not time to ditch your UNIX servers for Windows 2012 R2 (or IS it?), it's certainly something to give IT managers food for thought.

AnonTechie writes:

Quantum mechanics is often described as "weird" and "strange" because it abandons many of the intuitive traits of classical physics. For example, the ideas that the world is objective, is deterministic, and exists independent of measurement are basic features of classical theory, but do not always hold up in quantum theory. But what if it turns out that these intuitive ideas are not true features of classical physics, either? Would classical theory be just as weird as quantum theory ?

In a new study published in Physical Review Letters, physicists Radu Ionicioiu, et al., have shown that the three apparently reasonable classical assumptions mentioned above—objectivity, determinism, and independence—are mutually incompatible with any theory, not only with quantum mechanics. The scientists show that, while any two of the three assumptions are compatible, all three are not. All told, our seemingly reasonable classical assumptions may not be so reasonable after all.

http://phys.org/news/2015-02-classical-theory-weird-quantum.html

[Abstract]: http://journals.aps.org/prl/abstract/10.1103/PhysRevLett.114.060405

"gewg_" writes:

Blogger Dedoimedo is known for his fascination with bling and his attention to compatibility with MICROS~1's pseudo-standards. So, how did the most recent version of the popular FOSS office suite fare in his test?

LibreOffice 4.4 review - Finally, it rocks

[...]As a free, open-source and cross-platform solution, LibreOffice allows people to enjoy the world of writing, spreadsheets, presentations, and [the like] without having to spend hefty sums of money. The only problem till now was that it didn't quite work as advertised. Microsoft Office support was, for the lack of a better word, lacking.

[...] The most important part, [it now has] Microsoft Office support

[...]my 182-page [DOCX] document, full of images, references, footnotes, preformatted code, and other cool elements, all of which were initially conceived in LaTeX then transformed to PDF and finally to DOCX looked pretty much spotless. The image quality was a little low, but it has nothing to do with LibreOffice. I was amazed. I had not expected this, and it seems for the first time ever, LibreOffice is a most viable solution for home office use. Blimey.

LibreOffice 4.4 is everything you could have hoped for, and then some. It's beautiful. It's streamlined. It has an improved UI, which offers much more intuitive work flows, resulting in an immediate boost in productivity. It comes with enhanced menus, a more intelligent way of working with styles, easier graphics, copy & paste options, a simpler method of polishing up presentations. Most importantly, it offers a genuinely good support for the proprietary Microsoft file formats, allowing you, for the very first time, to consider LibreOffice as the one and only office suite you'll ever need.

I have never quite expected this. In fact, LibreOffice 4.4 should have been called 5.0, because it is that much better. Perhaps grander changes are needed to justify a full new release. Just think of the possibilities, if we got all this in a single dot revision. Imagine what will happen when LibreOffice finally matures toward the next large release.

One wonders how long it will be till MSFT alters their "standard" so that compatibility is broken again.

takyon writes:

Leaked cables from South Africa's State Security Agency reveal that "Binyamin Netanyahu's dramatic declaration to world leaders in 2012 that Iran was about a year away from making a nuclear bomb was contradicted by his own secret service, according to a top-secret Mossad document."

It is part of a cache of hundreds of dossiers, files and cables from the world's major intelligence services - one of the biggest spy leaks in recent times.

Brandishing a cartoon of a bomb with a red line to illustrate his point, the Israeli prime minister warned the UN in New York that Iran would be able to build nuclear weapons the following year and called for action to halt the process. But in a secret report shared with South Africa a few weeks later, Israel's intelligence agency concluded that Iran was "not performing the activity necessary to produce weapons". The report highlights the gulf between the public claims and rhetoric of top Israeli politicians and the assessments of Israel's military and intelligence establishment. The disclosure comes as tensions between Israel and its staunchest ally, the US, have dramatically increased ahead of Netanyahu's planned address to the US Congress on 3 March.

The documents, almost all marked as confidential or top secret, span almost a decade of global intelligence traffic, from 2006 to December last year. It has been leaked to the al-Jazeera investigative unit and shared with the Guardian. The papers include details of operations against al-Qaida, Islamic State and other terrorist organisations, but also the targeting of environmental activists.

The files reveal that:

• The CIA attempted to establish contact with Hamas in spite of a US ban.
• South Korean intelligence targeted the leader of Greenpeace.
• Barack Obama "threatened" the Palestinian president to withdraw a bid for recognition of Palestine at the UN.
• South African intelligence spied on Russia over a controversial $100m joint satellite deal.

A senior Israeli government official said there was no contradiction between Netanyahu's statements on the Iranian nuclear threat and "the quotes in your story - allegedly from Israeli intelligence". Both the prime minister and Mossad said Iran was enriching uranium in order to produce weapons, he added.

Additional articles:

South Africa monitored Iranian agents under US pressure, spy cables show
Spy cables: MI6 intervened to halt South African firm's deal with Iranian client
Cables describe British attempt to recruit N Korean spy: Leaked intelligence document shows MI6 asked South Africa for help in recruiting a North Korean informant.
The Spy Cables: A glimpse into the world of espionage

Over the coming days, Al Jazeera's Investigative Unit is publishing The Spy Cables, in collaboration with The Guardian newspaper.

q.kontinuum writes:

Alexander Larsson has an interesting blog entry about sandboxed Gnome applications for Linux. Similar to mobile phone apps, the apps programmed using this paradigm will get very limited access to the underlying system. The advantages should be security and flexibility (less risks of conflicts with other applications). The disadvantage seems to be duplication of libraries, which increases bloat and requires updates separately for each app.

A better description of the sandbox can be found here.

takyon writes:

Appearing before cryptographers, technology company security officers, and journalists at the New America Foundation, Director of the National Security Agency and Commander of U.S. Cyber Command Michael S. Rogers has defended government intrusion into communications and technology companies.

Rogers mounted an elaborate defense of Barack Obama's evolving cybersecurity strategy in an appearance before an audience of cryptographers, tech company security officers and national security reporters at the New America Foundation in Washington. In an hour-long question-and-answer session, Rogers said a cyber-attack against Sony pictures by North Korea last year showed the urgency and difficulty of defending against potential cyber threats. For most of the appearance, however, Rogers was on the defensive, at pains to explain how legal or technological protections could be put in place to ensure that government access to the data of US technology companies would not result in abuse by intelligence agencies. The White House is trying to broker a deal with companies such as Apple, Yahoo and Google, to ensure holes in encryption for the government to access mobile data, cloud computing and other data.

"'Backdoor' is not the context I would use, because when I hear the phrase 'backdoor' I think: 'Well this is kind of shady, why wouldn't you want to go in the front door, be very public?'" Rogers said. "We can create a legal framework for how we do this."

Rogers admitted that concerns about US government infiltration of US companies' data represented a business risk for US companies, but he suggested that the greater threat was from cyber-attacks.

"I think it's a very valid concern to say 'Look, are we losing US market segment here?'" Rogers said. "What's the economic impact of this? I just think, between a combination of technology, legality and policy, we can get to a better place than we are now."

The basic discomfort of the new partnership the government would like to see with technology companies once again burst into full view on Monday when Alex Stamos, the chief information security officer at Yahoo, challenged Rogers on his recommendation for built-in "defects-slash-backdoors, or golden master keys" to serve government purposes. Stamos asked Rogers how companies such as Yahoo, with 1.3 billion users worldwide, would be expected to reply to parallel requests for backdoors from foreign governments, and told Rogers such backdoors would be like "drilling a hole through a windshield".

"I've got a lot of world-class cryptographers at the National Security Agency," replied Rogers, skipping over the question of foreign government requests. "I think that this is technically feasible. Now it needs to done within a framework."

"gewg_" writes:

It's no secret that Linux Torvalds is not fond of large trailing numbers in the version numbers of the kernel e.g. 2.6.39. He recently put out the question as to whether the upcoming kernel should be numbered 3.20 or 4.0.

On February 22, in the Linux Kernel Mailing List, he revealed the outcome.

Date: Sun, 22 Feb 2015 19:06:40 -0800Subject: Linux 4.0-rc1 out..From: Linus Torvalds

.. let's see how much, if anything, breaks due to the version number. Probably less than during the 3.0 timeframe, but I can just imagine somebody checking for meaningful versions.

Because the people have spoken, and while most of it was complete gibberish, numbers don't lie. People preferred 4.0, and 4.0 it shall be. Unless somebody can come up with a good argument against it.

So far, the arguments against it seem to have been "major number should go with a major new feature or breaking of compatibility", which just shows how little people know. We don't break compatibility,and we haven't done feature-based releases since basically forever.

On the other hand, the strongest argument for some people advocating 4.0 seems to have been a wish to see 4.1.15 - because "that was the version of Linux skynet used for the T-800 terminator".

So on the whole, I wouldn't read too much into the number.

On an actual technical side, this was a *fairly* small release. By modern standards, that is. It's certainly noticeably smaller than some recent kernels have been, although we're talking ~9k non-merge commits rather than 10-11k, so it's not like it's that huge of a difference.

The live patching infrastructure made some news, but my personal favorite features are actually some vm cleanups, where this release is getting rid of the largely unused non-linear remapping code (replaced with just emulating it with lots of smaller mappings) and unifies the NUMA and PROTNONE handling for page tables.

But nobody should notice. Because moving to 4.0 does *not* mean that we somehow changed what people see. It's all just more of the same, just with smaller numbers so that I can do releases without having to take off my socks again.

[Editors Note: The text has been reformatted and some spelling corrections made rather than making a straight copy of the LKML entry, which isn't suited to our format. I don't think any mistakes have been introduced but will apologise now if any are subsequently discovered.]

SemperOSS writes:

Bloomberg has an article that Apple plans to spend €1.7 billion ($1.9 billion) on new data centers in Denmark and Ireland.

It seems that Apple is focusing on green technology using only renewable energy for these centers:

The centers, located in Athenry, Ireland, and Viborg, Denmark, will be powered by renewable energy, Cupertino, California-based Apple said on Monday. The facilities are scheduled to begin operations in 2017 in the two countries known for their use of wind power.

The project lets Apple address European requests for data to be stored closer to local users and authorities, while also allowing it to benefit from a chilly climate that helps save on equipment-cooling costs.

This is good news for the two countries that have invested heavily in renewable energy, especially Denmark that supplies a quarter of all windmills globally. More local coverage of this can be found at the website of Danish newspaper Politiken (Danish, Google translation here) and Irish Business ETC

AnonTechie writes:

As you may have heard, last night was the Oscars -- Hollywood's favorite back-patting celebration. However, as a recent study found, films that were nominated for Oscars saw the number of unauthorized downloads and streams surge ( http://www.bbc.com/news/technology-31535132 ), as people wanted to make sure they had seen these celebrated films.

Films like American Sniper and Selma saw a massive increase in unauthorized downloads after being nominated. The company that did this study, Irdeto, argues that these unauthorized downloads represent a major loss for the films' producers -- but it seems like there's another explanation: the MPAA really ought to be targeting the Oscars for encouraging infringement.

https://www.techdirt.com/articles/20150222/15540130107/apparently-best-way-to-decrease-movie-piracy-is-to-get-rid-oscars.shtml

"gewg_" writes:

David Corn and Daniel Schulman report via Mother Jones

[Fox News host Bill] O'Reilly has repeatedly told his audience that he was a war correspondent during the Falklands war and that he experienced combat during that 1982 conflict between the United Kingdom* and Argentina. He has often invoked this experience to emphasize that he understands war as only someone who has witnessed it could. As he once put it, "I've been there. That's really what separates me from most of these other bloviators. I bloviate, but I bloviate about stuff I've seen. They bloviate about stuff that they haven't."

[...]In April 2013, while discussing the Boston Marathon bombing, O'Reilly shared a heroic tale of his exploits in the Falklands war:

I was in a situation one time, in a war zone in Argentina, in the Falklands, where my photographer got run down and then hit his head and was bleeding from the ear on the concrete. And the army was chasing us. I had to make a decision. And I dragged him off, you know, but at the same time, I'm looking around and trying to do my job, but I figure I had to get this guy out of there because that was more important.

[...]There is nothing in this memoir The No Spin Zone indicating that O'Reilly witnessed the fighting between British and Argentine military forces--or that he got anywhere close to the Falkland Islands, which are 300 miles off Argentina's shore and about 1,200 miles south of Buenos Aires.

"Nobody from CBS got to the Falklands," says Bob Schieffer. "For us, you were a thousand miles from where the fighting was. So we had some great meals."

In a followup article These Are the Questions Bill O'Reilly Won't Answer they specifically note:

Mother Jones sent O'Reilly and Fox News a detailed list of questions at 8:30 am on Thursday. We asked for a response by 3:00 pm. We then called Dana Klinghoffer, a spokeswoman for the network, several times to make sure the questions were received and to determine if O'Reilly and Fox would respond. She never took the call or returned the message. Shortly before 3:00 pm, we sent an email containing the questions to Bill Shine, a top exec at Fox News, saying that if O'Reilly and Fox needed more time, we would try to accommodate them. He, too, never responded. At 5:26 p.m., we posted the article.

Always a class act, O'Reilly started his usual name-calling.

the bottom rung of journalism in America [...] guttersnipe

So, let's see: Brian Williams, Hillary Clinton, John Kerry.

...meanwhile Chris Hedges actually has been under fire, always tells the truth about war, and was fired by the NY Times for doing so.

Hugh Pickens writes:

The racetrack is the ultimate test of driving skill, managing power, traction, and braking to produce the fastest times. Now BBC reports that engineers at Stanford University have raced their souped-up Audi TTS dubbed ‘Shelley’ on the racetrack at speeds above 120 mph. When they time tested it against David Vodden, the racetrack CEO and amateur touring class champion, the driverless race car was faster by 0.4 of a second. "We’ve been trying to develop cars that perform like the very best human drivers,” says Professor Chris Gerdes who tested Shelley at Thunderhill Raceway Park in Northern California. “We’ve got the point of being fairly comparable to an expert driver in terms of our ability to drive around the track.”

To get the cars up to speed, the Stanford team studied drivers, even attaching electrodes to their heads to monitor brain activity in the hope of learning which neural circuits are working during difficult manoeuvres. Scientists were intrigued to find that during the most complex tasks, the experts used less brain power. They appeared to be acting on instinct and muscle memory rather than using judgement as a computer program would. Although there was previously very little difference between the path a professional driver takes around the course and the route charted by Shelley's algorithms until now the very best human drivers were still faster around the track, if just by a few seconds. Now the researchers predict that within the next 15 years, cars will drive with the skill of Michael Schumacher. What remains to be seen is how Shelly will do when running fender to fender with real human race drivers.

The Mighty Buzzard writes:

Yeah, sometimes people just make some astoundingly bad decisions.

Privdog has been designed to block certain trackers and advertisement from showing up while you browse the Internet. It blocks all advertisement that is not hosted directly on the domain you are visiting and replaces it with AdTrustMedia advertisement.

What's worse however is the fact that it installs a certificate on the system as well. While it does not share the same key on all installations, it has an arguably even bigger flaw than that: it intercepts all certificates and replaces them with one signed by its own root key.

All in this regard means valid and invalid certificates which in turn means that the browser you are using accepts any certificate regardless of whether it is valid or not.

I have no words for this incredible level of stupidity.

AnonTechie writes:

A newly disclosed National Security Agency document illustrates the striking acceleration of the use of cyberweapons by the United States and Iran against each other, both for spying and sabotage, even as Secretary of State John Kerry and his Iranian counterpart met in Geneva to try to break a stalemate in the talks over Iran’s disputed nuclear program.

The document ( https://firstlook.org/theintercept/document/2015/02/10/iran-current-topics-interaction-gchq ), which was written in April 2013 for Gen. Keith B. Alexander, then the director of the National Security Agency, described how Iranian officials had discovered new evidence the year before that the United States was preparing computer surveillance or cyberattacks on their networks.

It detailed how the United States and Britain had worked together to contain the damage from “Iran’s discovery of computer network exploitation tools” — the building blocks of cyberweapons. That was more than two years after the Stuxnet worm attack by the United States and Israel severely damaged the computer networks at Tehran’s nuclear enrichment plant.

http://www.nytimes.com/2015/02/23/us/document-reveals-growth-of-cyberwarfare-between-the-us-and-iran.html

"gewg_" writes:

Linux.com reports

The arrival last week of Linaro's open source 96Boards specification--ARM's first pseudo-official [single board computer] form factor standard--shows that ARM is serious about bringing order to the chaotic ARM hacker board scene. 96Boards is a preemptive attempt to consolidate Linux and Android development before a new wave of ARMv8 hacker boards hits the scene later this year.

Linaro's 96Boards.org developer community and standards organization has defined a 96Boards Consumer Edition (CE) spec for ARM [SBCs] running Debian, Android, and other Linux-based distros. The spec defines either an 85 x 54mm or 85 x 100mm footprint, as well as standardized 40- and 60-pin expansion connectors for stackable boards. A higher-end Enterprise Edition (EE) spec will follow in the second quarter.

[...]The not-for-profit Linaro, a development firm that builds standardized, open source Linux and Android tools for ARM processors, is overseeing 96Boards.org via a new Linaro Community Board Group (LCG) that will help it certify boards for compatibility. Linaro, which was founded by ARM and its key licensees, boasts some 200 engineers and 29 members, including major vendors like Qualcomm, and is one of the top upstream contributors to the Linux kernel.

In recent years, Linaro has helped to clean up the chaotic and fragmented ARM Linux code base. Their progress has been remarkable

[...]It's unclear if board vendors will go for all the specified pin assignments on the expansion connectors, or agree with the size and power requirements.

ARM and Linaro do, however, make a compelling case, as presented in Linaro CEO George Grey's 96Boards presentation at last week's Linaro Connect Hong Kong (see video below). By standardizing on size, expansion connectors, and basic features, 96Boards enables faster time to market, as well as the potential for a robust add-on market ecosystem, said Grey. Meanwhile, software developers can benefit from a single community website for common Linux and Android builds, as well as other downloads.

If nothing else, ARM has given itself a chance for success by getting out in front of the ARMv8 deluge rather than following the unruly masses of ARM hackers. It remains to be seen whether they will follow or cry "Standards? We don't need no stinking standards!"

Is anyone being reminded of the first PC/104 hardware?