SoylentNews

Phoenix666 writes:

When we first looked at Swift last summer, we predicted it was Apple's future. Objective-C wouldn't go away any time soon, but Apple would almost certainly nudge developers toward the company's new baby for a few years before turning the nudge into a violent shove.

Such nudging has begun. For years, Apple has been adding new features and syntax to the Objective-C language, things like automatic reference counting and closures. These features have generally made it easier and safer to develop in a language that can easily let you shoot yourself in the foot or make ObjC a better fit for some of the design patterns of Apple's own frameworks.

This time around, ObjC gets a grand total of two new features. One of these is a useful feature stolen from Swift (generics); the second lets ObjC behave a bit closer to Swift's expectations (nullability). Realistically, the only reason either of them are here is to make it a bit easier for projects to mix code from the two languages. (Although ObjC developers did get a new tool to help diagnose memory-related crashes—see below—it's not a language feature.)

Swift, on the other hand... Swift gets bumped to version 2.0. This language has received a lot of attention. But let's be clear: a lot of that attention was needed to bring the new language closer to where ObjC was already. That doesn't mean that the new features aren't good; it's just that with one major exception, they're playing catch up.

The article covers the new features added to Swift, among them, error handling. Do those developing for the Apple ecosystem welcome the transition from ObjC?

Original Submission

AndyTheAbsurd writes:

To read some of the content of the e-mail (which really is stunning, if only for how openly the MPAA is doing this), read more here: TechDirt article

takyon: Dec. 12: Google Ends MPAA Anti-Piracy Cooperation
Dec. 23: As Hollywood Funds a SOPA Revival Through State Officials, Google (And The Internet) Respond
Jul. 3: Google Scolds MPAA on Cozy Relationship With the Mississippi Attorney General

Original Submission

Arthur T Knackerbracket finds one for the gamers out there:

Over the weekend, game publisher Valve patched a vulnerability that let user accounts have their passwords reset without proper validation.

UK gamer Elm Hoe demonstrated the simple attack in this Youtube Video.

In case you don't have time to watch it, the coding error was simplicity in itself. After the usual “forgot password” preliminaries, a user is supposed to get an e-mail with a reset code, and use that code to take them to the “new password” page.Only: as Hoe showed, the server wasn't validating the codes. If he left the “enter the code” field empty, he could click through to the “new password” page.

Since users can easily see the userid of other players, it was trivial to hijack any other users account.

As he points out, now [that] Valve is aware of the issue, anyone trying the hijack would be risking a permanent ban.

Original Submission

AndyTheAbsurd writes:

Pale Moon, an alternative browser that forked from Firefox around the time that Firefox went to the "Australis" interface and is a favorite of many Soylentils, has released version 25.6.0 as of today. So what's new in Pale Moon? Let's check the changelog (I'll abbreviate to give you a quick runthrough):

Plus many others that seems less significant to me (but click through for the full list if you'd like to make your own decisions about what's "significant").

There's also a number of security fixes, which I won't quote here but can be found after the list of non-security-related changes.

Original Submission

An Anonymous Coward writes:

Xinuous (the company birthed from SCO's ashes) has announced its new OpenServer X operating system. It is described as a "mature and proven 64-bit operating system to support your most critical line of business applications, yet is affordably priced to host all computing needs", and it is "the continuation and consolidation of all previous Xinuos product families, SCO OpenServer® 5 & 6 and SCO UnixWare® 7".

According to the announcement,

Also announced is the Xinuos Business One Developer Program,

AnonTechie writes:

Computers aren't just doing hard math problems and showing us cat videos. Increasingly, they judge our character. Maybe we should be grateful.

A company in Palo Alto, Calif., called Upstart has over the last 15 months lent $135 million to people with mostly negligible credit ratings. Typically, they are recent graduates without mortgages, car payments or credit card settlements.

Those are among the things that normally earn a good or bad credit score, but these people haven't been in the working world that long. So Upstart looks at their SAT scores, what colleges they attended, their majors and their grade-point averages. As much as job prospects, the company is assessing personality.

The idea, validated by data, is that people who did things like double-checking the homework or studying extra in case there was a pop quiz are thorough and likely to honor their debts.

http://bits.blogs.nytimes.com/2015/07/26/using-algorithms-to-determine-character/

[Other Companies Involved With Similar Programs]: ZestFinance , Workday

Original Submission

Arthur T Knackerbracket, following our story here, found this over the weekend:

Fiat Chrysler's bad week just got even worse: the US National Highway Traffic Safety Administration has recalled 1.4 million of the manufacturer's cars after a dangerous software flaw was revealed just days ago.

Renowned hackers Charlie Miller and Chris Valasek warned on Tuesday of a ridiculous vuln in the computer systems built into Fiat Chrysler cars: the flaw can be exploited by an attacker to wirelessly take control of the engine, brakes and entertainment system.

The cars connect to the internet via Fiat Chrysler's uConnect cellular network, and thus can be accessed and tampered with from miles away by anyone who knows the vehicle's public IP address. No authentication is required. The US network has been attempting to block incoming connections, we're told. The motor giant has produced a software fix for the root cause of the vulnerability – unfortunately, the update has to be manually installed via a USB stick plugged into the car.

Original Submission

rickatech writes:

Several places have been mentioning new findings about massless, charge carrying Weyl fermion particles:

So what exactly is a Weyl fermion? Although we're often taught in high school science that the Universe is made up of atoms, from a particle physics point of view, everything is actually made up of fermions and bosons. Put very simply, fermions are the building blocks that make up all matter, such as electrons, and bosons are the things that carry force, such as photons.

Electrons are the backbone of today's electronics, and while they carry charge pretty well, they also have the tendency to bounce into each other and scatter, losing energy and producing heat. But back in 1929, a German physicist called Hermann Weyl theorised that a massless fermion must exist, that could carry charge far more efficiently than regular electrons.

And now the team at Princeton has shown that they do indeed exist. In fact, they've shown that in a test medium, Weyl electrons can carry charge at least 1,000 times faster than electrons in ordinary semiconductors, and twice as fast as inside wonder-material graphene.

Most notably, it might we be possible to build better ways to produce them en masse for further study. The strange monopole arrangement they express is still puzzling scientists, but applications may abound:

What's particularly cool about the discovery is that the researchers found the Weyl fermion in a synthetic crystal in the lab, unlike most other particle discoveries, such as the famous Higgs boson, which are only observed in the aftermath of particle collisions. This means that the research is easily reproducible, and scientists will be able to immediately begin figuring out how to use the Weyl fermion in electronics.

Original Submission

Arthur T Knackerbracket gave us the following:

From CNET:

There aren't many universal truths out there in the world, but there is one that stands tall and strong: lasers make everything cooler.

..

Researchers claim that they can attach microlasers to a number of different cells with an optical micro-resonator that the patient swallows. This micro-resonator gives the cells the ability to naturally produce a green laser light using "nanojoule light pulses" that generate within the cell, according to the study.

Researchers who conducted the study tested their procedure on a group of white blood cells taken from a human and were able to keep track of them for almost an entire day, according to the statement.

Attaching lasers to cells to track their movement isn't a new concept. However, this smaller version of the optical resonator eliminates the need to physically insert the cell into the optical resonator to produce the trackable lasers, according to the university.

"This miniaturization paves the way to applying cell lasers as a new tool in biophotonics. In the future, these new lasers can help us understand important processes in biomedicine," says Malte Gather, a professor at the University of St. Andrews' School of Physics and Astronomy who co-authored in the study. "For instance, we may be able to track one by one a large number of cancer cells as they invade tissue or follow each immune cell migrating to a site of inflammation."

Original Submission

Arthur T Knackerbracket shines a light on one state's effort to protect the monetization of its annotated laws:

The State of Georgia in the US is suing the owner of the Public.Resource.org website for publishing the State of Georgia's own laws online.

According to the lawsuit [PDF] filed this week, Carl Malamud has "engaged in an 18 year long crusade to control the accessibility of U.S. government documents by becoming the United States’ Public Printer."

Although an alternative reading could be that he was simply publishing public laws on the internet.

At the center of the issue is not Georgia's basic legal code – that is made readily available online and off – but the annotated version of it. That annotated version is frequently used by the courts to make decisions of law, and as such Malamud decided it should also be made easily accessible online.

Georgia says that information is copyrighted, however, and it wants him to stop publishing it. Currently you can access the information through legal publisher Lexis Nexis, either by paying $378 for a printed copy or by going through an unusual series of online steps from Georgia's General Assembly website through to Lexis Nexis' relevant webpages (going direct to the relevant Lexis Nexis webpages will give you a blank page).

[...] However, the State of Georgia filing points to a little more animus than concerns over scanned documents. In particular it uses a quote of Malamud's from an article in 2009 in which he talked about committing "standards terrorism" to actually accuse Malamud of committing a form of terrorism. "Consistent with its strategy of terrorism, Defendant freely admits to the copying and distribution of massive numbers of Plaintiff’s Copyrighted Annotations," reads the lawsuit in part.

Original Submission

hemocyanin writes:

I was saddened to hear that two individuals who released fur animals and vandalized fur farms across America were busted: http://www.stltoday.com/news/national/fbi-arrests-activists-accused-of-releasing-mink/article_6c169b5d-dbbc-5dd1-adb0-534ee46af88b.html

But the arrest is sort of beside the point and there are two interesting tidbits in there. First and less interesting, is the ridiculous charge of terrorism under the "Animal Enterprise Terrorism Act" -- seriously, what they did is just plain old crime. Before you know it, going 10 over on the freeway will be considered an act of terrorism.

More intriguing, despite a lack of details on how they got busted, is this tidbit:

The indictment states that they covered their tracks by avoiding phones or logging into known online accounts and email. Instead, they used public Internet computers and encrypted email and cash for purchases while traveling. They would allegedly withdraw hundreds of dollars while back home in the San Francisco Bay Area before another trip.

The FBI states that they drafted communiques and posted them online to publicize their actions on websites associated with "animal rights extremists."

I'm going to guess automatic license plate readers were involved. Pure guess.

Original Submission

takyon writes:

The Electronic Frontier Foundation (EFF) is agitating for a new Librarian of Congress that will loosen restrictions on fair use and appreciate how content use has evolved in the digital age. The current Librarian, Dr. James Billington, has been criticized by EFF and others for failure to modernize the institution, being slow to grant exemptions to the Digital Millennium Copyright Act (DMCA), and reportedly communicating with staff by fax. Now that Billington is retiring, the EFF hopes that a fresh face will speed up digitization of LoC public domain works, do a better job of overseeing the Copyright Office, and improve access to the Congressional Research Service.

Jessamyn West, the librarian whose Librarian of PROgress campaign has become a focal point for this discussion, has been a leading voice on what we can hope for in, to use her term, the #nextLoC. In a post last week, she laid out a wishlist of what she and other members of the library community would like to see.

As she notes, these priorities could certainly match those of somebody who already works in a library—perhaps unsurprisingly, the American Library Association too has advocated that President Obama nominate a professional librarian for the position. But they could also come from somebody who is simply passionate about users rights. Free speech, privacy, and intellectual freedom are core values of both EFF and librarians everywhere, and we can always use another well-placed advocate. We urge the president to choose one.

The Atlantic also has a discussion about the next Librarian of Congress:

"A lot of people are very happy that Billington finally stepped down, so we can get some better technology infrastructure for both the Copyright Office and the Library," said Samuelson. The previous Librarian of Congress did not hire a permanent chief information officer—despite being exhorted to do so by the Government Accountability Office—and has instead churned through five IT chiefs in the last three years alone.

A new Librarian could also shape copyright policy, Band said, just by communicating to libraries that they should take advantage of recent changes to fair use. The 2012 HathiTrust decision, for instance, found that searching ebooks and making them accessible to the disabled is covered by fair use. The Copyright Office "is very troubled by the evolution of fair use," Band told me. "A different Librarian who is more involved with these issues should say, 'No, libraries can take more advantage of fair use than the Copyright Office feels.'"

Original Submission

HughPickens.com writes:

In the old days, criminals liked their ransom payments in briefcases full of unmarked bills. But the NYT reports that now criminals prefer Bitcoin because it can be held in a digital wallet that does not have to be registered with any government or financial authority — and because it can be easily exchanged for real money. "The criminal underground very much likes Bitcoin," says Curt Wilson. "It's enabled a greater sense of obfuscation." The latest reminder of Bitcoin's underbelly came last week with the arrest of two Florida men for running an underground Bitcoin exchange where ransom victims could buy Bitcoins to pay the ransom demanded by the malware. The complaint suggested that the criminals also used the site to launder their proceeds. In total, between approximately October 2013 and January 2015, Coin.mx exchanged at least $1.8 million for Bitcoins on behalf of tens of thousands of customers. The operators sought to trick the major financial institutions through which they operated into believing that their unlawful Bitcoin exchange business was simply a members-only association of individuals who discussed, bought, and sold collectable items, such as sports memorabilia.

Some leaders in the Bitcoin community have suggested potential ways to fend off the ransom threats, digitally marking any coins used for ransom payments, similar to how dollar bills used in hostage situations are marked with invisible dye. But such solutions have been held up because of the value that many Bitcoin believers have put in the virtual currency's unfettered free movement.

Original Submission

HughPickens.com writes:

The Washington Post reports that an internet escort in Charleston, W.Va., may have saved her own life and the lives of many other women, when she shot and killed an alleged attacker who showed up at the woman's home on July 18 after answering an escort ad she had placed on Backpage.com. Neal Falls showed up with multiple pairs of handcuffs and a Subaru full of weapons and tools, including a shovel, knives, a bulletproof vest, a machete, bleach, trash bags, sledgehammers and axes. In Falls's pocket, police said, was a list of names of potential future victims, all of whom are sex workers who advertised on Backpage. Investigators are trying to determine whether Falls is responsible for a string of slayings targeting sex workers in Ohio and Nevada. "We are entering his DNA profile into CODIS, which is a national crime DNA database, to see if it matches any previous submissions from anywhere in the United States," says Steve Cooper, the Charleston Police Department's chief of detectives. "If his DNA has been located in any other crimes and his profile was entered into CODIS, there will be a match."

From the moment Falls showed up at the home of his latest alleged victim, he turned violent. "I knew he was there to kill me," says the victim who asked not to be identified. Falls pulled a gun on her and began strangling her. "When he strangled me he just wouldn't let me get any air. I grabbed my rake and when he laid the gun down to get the rake out of my hands, I shot him. I just grabbed the gun and shot behind me." Local authorities are treating the shooting as an act of self-defense. According to Cooper, "when we find multiple sets of handcuffs, a machete, an axe, a bulletproof vest and container of bleach, the first thing that comes to an investigator's mind is, 'This is a serial killer kit.'"

Original Submission

takyon writes:

The Register has published an interview with Roozbeh Shafiee, a "Cloud Infrastructure Architect" and Iran's OpenStack community manager:

[...] The Register: What's the technology community like in Iran? Are there lots of meet-ups and user groups?

Roozbeh Shafiee: There are too many communities based on technologies in Iran. Open source communities like Linux User Groups (LUG), OpenStack Users Group, Docker and Python (PUG) to startup communities like Startup Grind and Startup Weekend are active and hold their periodic meetings and meet-ups every week, or at least once a month. You can find their pages on meetup.com.

[...] The Register: What do foreign sanctions mean to you, your work and your family?

Roozbeh Shafiee: It is not true if I say the foreign sanctions do not effect on our life and work. Prices for goods and commodities were the first to be affected by the sanctions, for people and the government. But we had to find a way to overcome problems caused by sanctions and finally we did it. We found a way to meet the requirements. We couldn't use them in the production stage but we found the technologies for future self-sufficiency. For example, I was present at one of those projects for more than a year, designing and producing a native storage server.

The Register: Is that the MetaNAS project listed on your GitHub page? Why did you develop them? How long did it take?

Roozbeh Shafiee: In middle of 2011, after a range of sanctions by the US and Europe because of Iran's nuclear activities, we started these projects to produce our native products. The main goal and reason for these projects was to produce cost-effective native products for our domestic consumption.

LibreBSD was an open-source software platform for producing native enterprise appliances and equipment. MetaNAS was one of my projects for the company I worked for previously. The development of the early version of that took two years. That was focussed on a small operating system for our native storage servers for small businesses.

The Register: What will the Vienna agreements to remove sanctions mean for you, your work and your family?

Roozbeh Shafiee: For us, the Vienna agreements mean a return to the world community, reconciliation with the world, more interaction and co-operation in science, technology, economy and politics, and more respect in a win-win game. Iran is a country with young people and is the second country in its population of engineers, according to world statistics. This opportunity means we can help each other to make and improve a better world.

In short, today is the first day of the rest of our lives for all of us.

Other (and actual) eXpat Files articles are worth checking out.

Original Submission

canopic jug wrote in with:

Peter N. M. Hansteen writes about a bug that occurs when Pluggable Authentication Modules (PAM) are used in conjunction with OpenSSH set to keyboard-interactive. The bug first blogged about back on the 16th, which showed a way to bypass MaxAuthTries limits for certain configurations. When the bug is exploited it allows virtually unlimited tries at password authentication, good enough for brute-force password guessing. One easy way to mitigate this is to disable password authentication all together and use only keys with OpenSSH.

Mr. Hansteen tested several various systems on OpenBSD, Linux, and FreeBSD, and could only find issue with the FreeBSD box, as the others apparently had default configurations which did not allow this. The original blog does have a simple one line ssh command to test if your system is vulnerable. Fail2ban should help stop this, but may not completely mitigate depending on firewall rule setup.

Here is some more interesting info on the subject from the OpenBSD mailing list. Most comments seem to indicate that while this may be concerning it probably isn't world-shattering. Still it is something to keep in mind when hardening systems.

Original Submission