SoylentNews

CoolHand writes:

PCWorld reports that Adobe has decided to start supporting Flash player on Linux again. This seems to entail mostly security updates for now and not many new features. Also, Flash seems to be on the decline. However, it is still likely welcome news for those required to use sites with Flash, and who do not want to use Chrome browser..

Adobe just pulled a major about-face. After axing the NPAPI Flash plugin used by Firefox and other browsers on Linux in 2012, Adobe has decided to begin updating it again and to keep it updated after the previously announced 2017 end-of-life date.

The NPAPI version of Flash for Linux, used by Firefox and other browsers, has been stuck at version 11.2 since 2012. Adobe also axed its Adobe Reader and Adobe AIR software for Linux. Adobe's been providing security updates for Flash since then, but promised it would stop doing so in 2017.

The PPAPI Flash plugin for Linux, which is included with Google Chrome, has been kept up to date with the latest features. But many browsers, such as Firefox, must use the NPAPI plugin instead of the PPAPI plugin

Adobe just had a sudden change of heart and decided to update the NPAPI plugin for Linux. The NPAPI Flash plugin for Linux is about to catapult from version 11.2 to version 23 and will stay current with the other Flash plugins going forward. "We have done this significant change to improve security and provide additional mitigation to the Linux community," reads Adobe's blog post on the subject.

Original Submission

Phoenix666 writes:

South LA resident Elvis Summers only got started building tiny homes in 2015, but his work has received a tremendous amount of attention since then. Last year, his colorful little dwellings—built for members of the city's growing homeless population—began popping up on sidewalks and freeway overpasses around the city.

A successful crowdfunding campaign, helped by a feature in People, brought in nearly $100,000 to finance the homes. In February, however, citing health and safety concerns, city officials began confiscating the houses. Eventually, after a run of bad press, the city gave the houses back to Summers.

Since the city tightened its unattended property ordinance, however, Summers has been forced to find private property on which to keep the homes. In spite of this complication, he's continued with his project, and has begun constructing mobile shower units as well. We checked in with him to see how his work is coming along.
...
They're roughly six feet wide by eight feet long and about seven feet tall inside. There's two windows on each side. Every house has a steel reinforced door, American flag and address, smoke detectors, alarms on the windows, solar panel on the roof—which powers two lightbulbs and has a port to charge a cellphone—brand new carpet, and I provide everyone with a compost toilet.

Tiny houses and homelessness are not usual Soylent topics, but DIY (Do It Yourself) projects are. Are DIY projects like this a better way to tackle our challenges as a society than waiting for the government to take care of them?

Original Submission

stormwyrm writes:

The BBC reports on the results of a survey by Deloitte, on smartphone usage trends in the United Kingdom, which shows that the UK has never been more addicted to smartphones.

People in the UK have never been more addicted to their smartphones, according to a report from Deloitte.

One in three adults check for messages at night, and admit their overuse is causing rows with their partners.

For some, FOMO - or the fear of missing out - leaves them in the grip of an addiction to their devices, according to the survey.

"What smartphones enable people to do is to keep tags of what's happening, what people are saying, what people are posting. You can do that throughout the day and what smartphones are encouraging people to do is to do that at night," Paul Lee, head of technology, media and telecommunications research at Deloitte told Today.

Original Submission

stormwyrm writes:

BBC technology correspondent Rory Cellan-Jones has met with representatives of the Israeli company Cellebrite, which helps police forces gain access to the data on the mobile phones of suspected criminals. They were rumoured to have aided the FBI in gaining access to the iPhone used by the San Bernardino shooter (though some reports contradict this). From the article:

It's an Israeli company that helps police forces gain access to data on the mobile phones of suspected criminals.

Cellebrite was in the headlines earlier this year when it was rumoured to have helped the FBI to crack an iPhone used by the San Bernardino shooter.

Now the company has told the BBC that it can get through the defences of just about any modern smartphone. But the firm refuses to say whether it supplies its technology to the police forces of repressive regimes.

[...] Mr Ben-Moshe claimed that his firm could access data on "the largest number of devices that are out there in the industry".

Even Apple's new iPhone 7?

"We can definitely extract data from an iPhone 7 as well - the question is what data."

He said that Cellebrite had the biggest research and development team in the sector, constantly working to catch up with the new technology.

He was cagey about how much data could be extracted from services such as WhatsApp - "It's not a black/white yes/no answer" - but indicated that criminals might be fooling themselves if they thought any form of mobile communication was totally secure.

Original Submission

Phoenix666 writes:

A giant asteroid impact in the dwarf planet's past offers new insights into the possibility of an ocean beneath its surface.

Ever since NASA's New Horizons spacecraft flew by Pluto last year, evidence has been mounting that the dwarf planet may have a liquid ocean beneath its icy shell. Now, by modeling the impact dynamics that created a massive crater on Pluto's surface, a team of researchers has made a new estimate of how thick that liquid layer might be.

The study, led by Brown University geologist Brandon Johnson and published in Geophysical Research Letters, finds a high likelihood that there's more than 100 kilometers of liquid water beneath Pluto's surface. The research also offers a clue about the composition of that ocean, suggesting that it likely has a salt content similar to that of the Dead Sea.

Europa, Mars, Enceladus, Titan, and now...Pluto? Scientists who search for extra-terrestrial life focus on the presence of liquid water (or hydrocarbons, in the case of Titan), so the list of potential sites in the solar system is growing.

Original Submission

"exec" writes:

The convoluted method Microsoft used to fix the MS16-098 double-printing bug is a harbinger of screw-ups to come with the new all-or-nothing approach to patching

http://www.infoworld.com/article/3123670/microsoft-windows/microsoft-finally-fixes-double-print-bug-but-more-patching-problems-loom.html

Microsoft finally acknowledged yesterday that it has fixed the bug that breaks certain kinds of print jobs. The problem was created by a security patch issued on Aug. 9, and in the intervening six weeks the company offered a rat's nest of partial fixes, preferential treatment, and botched communications that don't bode well for Windows 10 forced patching. It's also bad news for the anticipated October patchocalypse, when Windows 7 and 8.1 customers will start being treated to a new all-or-nothing approach to patching.

The double-print bug was distributed to every version of Windows. Those users who updated earlier versions of Windows (Vista, Windows 7, 8.1, RT 8.1, as well as Server 2008, 2008 R2, 2012, and 2012 R2) got bit by the patch known as KB 3177725. If those users wanted to get rid of the bug, they only had to uninstall KB 3177725. Of course, Microsoft has dire warnings about uninstalling security patches, but if you fell victim to this particular bug (as was the case if you use, among many, the Seagull Scientific bar-code printing package BarTender), you could back it out by uninstalling the faulty patch. When the patch went away, the bug did, too.

That's been pretty much standard procedure for a decade or two.

Windows 10 users weren't so lucky. With Windows updating-as-a-service, the only option for uninstalling the buggy patch was to unwind all of the Aug. 9 patches -- all of the security patches and all of the other patches -- then use wushowhide to hide the bad patch until a bug-free version rolled around. That's not an easy task.

And from http://www.infoworld.com/article/3122260/microsoft-windows/gwx-swept-away-as-pattern-emerges-in-windows-updates.html there is this snippet:

All of the patches are optional and will thus appear in Windows Update as unchecked -- except the time zone change. It still amazes me that Microsoft hasn't implemented a more elegant way to change time zones. Guess they've been too busy with GWX.

There's a pattern emerging ... a harbinger, if you will. KB 3185278 and KB 3185279 -- the two September update rollups -- follow the pattern that I expect we'll see starting in October. Microsoft has released the September update rollups this month as Optional/unchecked, so they won't be automatically installed. My guess is we'll see those patches changed to Recommended in October.

-- submitted from IRC

Original Submission #1  Original Submission #2 

Arthur T Knackerbracket has found the following story. However, having read the same source material it doesn't appear to me to say quite what The Register claims. A drug dealer has been arrested and it is disclosed that he was also dealing on the Dark Web. It does not state, in my reading, that the breakthrough in this case came as a result of his communications on the Dark Net being intercepted, but your interpretation may differ from mine:

Australian authorities say they can detect dark net transactions.

We know this because the nation's Border Force (ABF), the black-shirt wearing guardians of Australia's frontiers, says as much in its takedown notice of a "31-year-old man from Port Neill" in the State of South Australia. Said man fell foul of a joint ABF and South Australia Police (SAPOL) operation that "linked him to the importation and distribution of numerous border controlled drugs via the dark net."

"We are well aware of these websites and take any attempts to import illegal border controlled drugs very seriously," said Craig Palmer, the ABF's acting commander for immigration and customs enforcement. "

[...] The ABF hasn't previously publicised arrests made as a result of dark net activities, but early in 2016 advertised for workers with information security skills. Perhaps those hires' feet are well and truly under the desk? ®

Original Submission

Watch here: http://www.nasa.gov/nasalive

NASA Teleconference About Europa

takyon writes:

https://www.nasa.gov/press-release/nasa-to-hold-media-call-on-evidence-of-surprising-activity-on-europa

NASA will host a teleconference at 2 p.m. EDT Monday, Sept. 26, to present new findings from images captured by the agency's Hubble Space Telescope of Jupiter's icy moon, Europa.

Astronomers will present results from a unique Europa observing campaign that resulted in surprising evidence of activity that may be related to the presence of a subsurface ocean on Europa.

NASA currently plans to perform additional flybys of Europa and put a lander on the surface as part of the Europa Clipper mission. The ESA's Jupiter Icy Moon Explorer will also fly by Europa twice, but focus on Ganymede.

Nasa to Reveal 'Surprising' Activity On Jupiter's Moon Europa

Phoenix666 writes:

There's something going on beneath the surface of Jupiter's icy moon Europa. But what?

NASA teased a "surprising" announcement for Monday, based on Hubble Space Telescope images of the celestial body, which many experts believe could contain a subsurface ocean, even possibly some form of life.

The US space agency has already proclaimed that Europa has "strong evidence for an ocean of liquid water beneath its crust and which could host conditions favorable for life."

At Monday's announcement, "astronomers will present results from a unique Europa observing campaign that resulted in surprising evidence of activity that may be related to the presence of a subsurface ocean," it said in a statement.

The announcement will be made at a news conference at 2 pm (1800 GMT) Monday featuring Paul Hertz, NASA's director of astrophysics, and William Sparks, an astronomer with the Space Telescope Science Institute in Baltimore.

Original Submission #1  Original Submission #2 

-- OriginalOwner_ writes:

MetroUK reports

Red Dwarf and its crew are back and this is a seriously good thing.

Lister, the last surviving human, is returning with his crew consisting of his cat, which evolved into a human, his android Kryten, and his dead shipmate-turned-hologram Rimmer three million years into the future--and 28 since the start of the sitcom. Man are we glad it's back.

Metro.co.uk was lucky enough to have a look at the first two episodes, Twentica and Samsara, ahead of their first airing on Dave on Thursday September 22.

[...] Creator Doug Naylor has continued the success of X with XI, and we're pretty sure you're going to love it. Here's why:

1. It's a complete and utter return to form

2. The low budget is back

3. Good news--it's the return of the lads

Past series annoyed Red Dwarf fans because of the addition of extra characters, particularly when Lister was supposed to be the "last surviving human", yet more surviving humans popped up. Diehard fans really believe it's just about the core four.

Well smegging brilliant, it's back to just the quartet, with the odd extra thrown in, like Rachel Barker in episode two and the Expanoids in episode one. But other than that, for the first two at least, it's just Lister, Rimmer, Cat, and Kryten.

4. One bit of bad news: [No] Holly

5. The insults are back

6. The live audience is back--and they basically create the gags

7. Yep, you'll be LOLing all the way through the new episodes

8. In 28 years they haven't changed a bit

Original Submission

Arthur T Knackerbracket has found the following story:

The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers.

The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible.

Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.

But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews.

NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.

That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them.

Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other's missteps.

Representatives of the NSA, the Federal Bureau of Investigation and the office of the Director of National Intelligence all declined to comment.

Original Submission

Arthur T Knackerbracket has found the following story:

Swiss voters have given a strong approval to a law on new surveillance powers for the intelligence agencies.

The new law would allow the authorities to tap phones, snoop on email and deploy hidden cameras and bugs.

It would help Switzerland catch up with other countries, supporters say.

Opponents have feared it could erode civil liberties and put Swiss neutrality at risk by requiring closer co-operation with foreign intelligence agencies.

Some 65.5% of voters agreed to accept the proposal. It will allow the Federal Intelligence Service and other agencies to put suspects under electronic surveillance if authorised by a court, the defence ministry and the cabinet.

The big vote in favour of new powers for the intelligence services shows just how concerned the Swiss have become about a possible militant attack.

For decades, ever since a scandal in the 1980s in which Switzerland's government was revealed to have been spying on tens of thousands of its citizens, the Swiss have been sceptical about state surveillance. CCTV cameras are rare; even Google Street View is restricted because of Swiss privacy laws.

But the dreadful events in neighbouring France have changed many Swiss minds. Despite arguments from opponents that increased surveillance would not automatically increase security, voters handed huge new powers to their intelligence services.

The Swiss government says the powers would be used about once a month to monitor the highest-risk suspects.

The new law was not comparable to the spying capabilities of the US or other major powers, which "go well beyond what is desired in terms of individual liberty and security for our citizens", Defence Minister Guy Parmelin said earlier this year.

Original Submission

Arthur T Knackerbracket has found the following story:

Whether you're a software developer or a sysadmin, I bet you're using SSH keys. Pushing your commits to Github or managing your Unix systems, it's best practice to do this over SSH with public key authentication rather than passwords. However, as time flies, many of you are using older keys and not aware of the need to generate fresh ones to protect your privates much better. In this post I'll demonstrate how to transition to an Ed25519 key smoothly, why you would want this and show some tips and tricks on the way there.

If you've created your key more than about four years ago with the default options it's probably insecure (RSA < 2048 bits). Even worse, I've seen tweeps, colleagues and friends still using DSA keys (ssh-dss in OpenSSH format) recently. That's a key type similar to RSA, but limited to 1024 bits size and therefore recommended against for a long time. It's plainly insecure and refused for valid reasons in recent OpenSSH versions (see also the changelog for 7.0).

The sad thing about it is that I see posts on how to re-enable DSA key support rather than moving to a more secure type of key. Really, it's unwise to follow instructions to change the configuration for PubkeyAcceptedKeyTypes or HostKeyAlgorithms (host keys are for a later post). Instead, upgrade your keys!

Compare DSA with the technology of locks using keys like this one. You wouldn't want this type of key to unlock your front door, right?

List all your keys:

You're probably thinking... "I'm using my key for a long time, I don't want to change them everywhere now." Valid point, but you don't have to! It's good to know you can have multiple keys on your system and your SSH client will pick the right one for the right system automatically.

It's part of the SSH protocol that it can offer multiple keys and the server picks the one your client will have to prove it has possession of the private key by a challenge. See it in action adding some verbosity to the SSH connect command (-vvv). Also if you're using an SSH agent you can load multiple keys and it will discover them all. Easy as that.

Original Submission

Arthur T Knackerbracket has found the following story:

If a foreign government is behind the massive computer attack that compromised a half billion user accounts at Yahoo, as the company says, the breach could be part of a long-term strategy that's aimed at gathering intelligence rather than getting rich.

Yahoo says the breach involved users' email addresses, passwords and other information—including birthdates—but not payment card or bank account numbers. Although the stolen data could still be used in financial crimes, such as identity theft, experts say a foreign intelligence agency might combine the Yahoo files with information from other sources to build extensive dossiers on U.S. government or corporate officials in sensitive positions.

"With state-sponsored attacks, it's not just financial information that's of value," said Lance Hoffman, co-director of the Cyberspace Security and Privacy Institute at George Washington University. "In the long run, if the state accumulates a lot of information on you, and especially if it corroborates that with other sources, it can assemble a pretty good profile."

Governments have also been known to hack email accounts to keep tabs on their own citizens or dissidents. Experts believe that was one motive behind a 2010 hacking of Google Gmail accounts used by Chinese human rights activists.

Yahoo hasn't revealed the evidence that led it to blame a "state-sponsored actor" for the latest attack, which the Sunnyvale, California, company said occurred two years ago and was discovered only in recent weeks.

Some analysts warn that "state sponsored" can be a vague term. It might also be an easy excuse to deflect blame for a company's own security lapses, by suggesting it had no hope of defeating hackers who had all the resources of a government intelligence agency behind them, warned Gunter Ollmann, chief security officer at Vectra Networks, a San Jose, California, security firm.

Original Submission

Arthur T Knackerbracket has found the following story:

If you want to find all the oldest computer in government, then you might as well just wait until government up and decides to find them all itself. So congratulations everybody, we found all of them! Well, the Government Accountability Office did.

Since the start of my project, one of my goals has been to find repeatable language for getting information about computer inventories from agencies. This report contains one very helpful step towards that goal: it brought the Clinger-Cohen Act of 1996 to my attention.

[...] One of this report's key findings was that of all the money the Federal Government spends on their information systems, about 75% of that is spent on operations and maintenance (O&M) alone, with "5,233 of the government's approximately 7,000 IT investments [...] spending all of their funds on O&M activities." This means that there's less funding available for new investments or upgrades to existing ones. Instead, we're just spending all of our time making sure that what we already have works.

Also, the age of an investment isn't determined by hardware alone: neglecting software upgrades can also hold back the age of an investment. For this reason, the Department of Treasury's master tax record system is stuck in the mid–60's. While they've upgraded the hardware to more modern IBM mainframes, those mainframes are still running vintage assembly. When considering systems investments, this makes the Treasury's the oldest in the Federal government.

So, mission accomplished, right? We found the oldest computer! And it's the computers inside the IRS that makes sure everybody is paying their taxes! The Simpsons did it!

We did indeed find the oldest computer in government, but it's not really a computer at all; it's computer software. In some ways that's satisfying: old software needs just as much maintenance, expertise, and money to keep it running the machines correctly. It's also what's most exploitable, even if exploits written against custom assembly are unlikely. Anyway, the hardware can't run without the software. If this is the oldest hardware, then the machines running the nuclear defense system are the clear winners of the "oldest computer prize."

However, there remains a lot more research to be done. In particular, I'm starting to have a lot of questions about this tax software and the management around it. Why's it not been updated? Is anybody inside Treasury advocating for it to be updated? Does anyone care? What are the consequences of catastrophic systems failure within the IRS? And the perennial computing question: have they made backups?

This report also only covers the federal government. We have 50 states, some with HVAC systems run by Amigas.

Original Submission

butthurt writes:

The Washington Post reports that a police officer has been charged with "first-degree manslaughter" after the on-duty, fatal shooting of Terence Crutcher in Tulsa, Oklahoma. If found guilty, she would be imprisoned for at least four years. KJRH-TV has a transcript of the district attorney's press conference.

Original Submission