Linux fréttir

Things you don't do with Elasticsearch dbs, number 1: Put them on the web

Exclusive Infosec researchers have uncovered a data breach affecting 1.3TB of web server log entries held by Chinese e-commerce website LightInTheBox.com.…

Poor entropy in embedded devices leading to weaker certificates: study

A preponderance of weak keys is leaving IoT devices at risk of being hacked, and the problem won't be an easy one to solve.…

Maintainer: 'Most companies were reluctant to support the project their product depends on because it is available for free'

Interview In May this year, users of popular open source project FUSE for macOS noticed the source code for the latest update was missing. The project had become closed source and was no longer free for commercial use. But as The Reg discovered when we had a talk with its maintainer, there was a very good reason for that – and it's not a good look for the many companies that used it.…

Also: Office 365 goes Swiss and Visual Studio for Mac gains scaffolding

Roundup Microsoft has had a busy week, from hammering the final nail in the coffin of its previous mobile strategy to unveiling a black monolith of an overpowered games console. Today's roundup takes a look at what you might have missed in all the excitement.…

Business Insider ran a disturbing opinion column by their senior finance correspondent: The detention camps where the Chinese government has interned more than 1 million Muslim Uighurs serves a dual purpose. It not only oppresses what the Chinese government considers a troublesome minority on its western frontier but also serves as a lab for the development of surveillance technology by Chinese companies. China must export these tools as part of its plan to transform its economy into a world leader in technological development. "It's not unusual that colonies on the periphery become laboratories of surveillance and control that are then applied elsewhere," Philip Thai, a historian of modern China at Northeastern University, said. "They're doing a lot of testing in an area that is remote and against a people who are not as politically organized or connected... To go up the value chain, China has to own the tech that is the tech of the future, so AI, surveillance. China believes fields like this could help it climb the value chain so it can reap the benefit from exporting these technologies instead of making the lower end and having foreign companies captures most of the gains...." The push to develop this kind of technology has become more imperative as the Chinese economy has slowed in recent years. Sectors like manufacturing and heavy industry that used to drive its economy are declining and laden with debt, so the government needs new sources of growth to continue to power the Chinese economic miracle... If we're going to acknowledge what's happening in Xinjiang, we have to acknowledge it's a testing ground for those kinds of weapons and it's China's aim to enrich itself by unleashing them on the world.

Read more of this story at Slashdot.

Season's not much of a miracle for under-pressure workers, says union

Amazon Germany is facing potential strike action at a bunch of its logistics hubs, but is reassuring punters that they will still get their packages in time for Christmas.…

Your quick catch-up on neural-net news

Roundup It's nearly the end of the year, and if you're not bored of AI yet, here's more bits and bytes for you to consume.…

Your quick summary of infosec news beyond everything else we've reported

Roundup Here's your Register security roundup of infosec news about stuff that's unfit for production but fit for print.…

An anonymous reader quotes the Wall Street Journal: Boeing Co. is considering either suspending or cutting back production of the 737 MAX amid growing uncertainty over the troubled plane's return to service and could disclose a decision as soon as Monday, according to people familiar with the matter. Boeing management increasingly sees pausing production as the most viable among difficult options as the plane maker's board began a meeting Sunday in Chicago, these people said. Support for halting production comes days after U.S. regulators warned the aerospace giant it had been setting unrealistic expectations for when the jet would be allowed to fly again, these people said. Boeing has already "signaled to U.S. aviation officials last week that it anticipates a production-related announcement this week amounting to at least a significant rollback of MAX output," the Journal reports, citing a source "familiar with the matter."

Read more of this story at Slashdot.

Gone fishing for power – with a coat hanger

Who, Me? Monday has arrived, and with it another tale to send administrators scurrying for their event logs, and engineers reaching for the coat hanger. Yes, it's Who, Me?…

Catch up with public sector developments and more

Promo If you missed this year's re:Invent – the annual Amazon Web Services cloud-computing mega-conference held in Las Vegas at the beginning of December – you can catch up with some of the highlights in London, England, on 22 January.…

Scammer and pals blew the cash on cosmetic surgery, jewelry, swanky pads, flash motors

A 73-year-old fraudster has been sentenced to four years in prison for conspiracy to defraud – after bilking investors out of $2.3m (£1.7m) by convincing them that they were investing in a sure-fire winner: caffeine-infused chocolates for the tech sector.…

66-year-old Lucasfilm President Kathleen Kennedy reveals what they'll do after Star Wars: The Rise of Skywalker. Kennedy says that streaming "is a really important transition... What we've been focused on these last five or six years is finishing that family saga around the Skywalkers. Now is the time to start thinking about how to segue into something new and different." Kennedy also blames the poor box office of the 2018 movie Solo on the release of too many Star Wars movies too quickly, and remembers getting Disney's okay on a "pause" before future films. "We're literally making this up from whole cloth and bringing in filmmakers to find what these stories might be," Kennedy said. "It can take a while before you find what direction you might want to go. We need the time to do that." The next "Star Wars" film is expected to arrive in 2022, and that's essentially all that's known about it. Marvel Studios President Kevin Feige has an idea for a "Star Wars" movie, but it's in the early stages, according to Kennedy. Rian Johnson, who wrote and directed "The Last Jedi," is also developing more "Star Wars" films. Kennedy said she plans to make key decisions about the direction of the franchise in the coming weeks. But some things she already knows. While the "Skywalker" saga is ending, the company won't abandon the characters created in the most recent trilogy. Additionally, she said, the plan is to move beyond trilogies, which can be restricting. "I think it gives us a more open-ended view of storytelling and doesn't lock us into this three-act structure," she said. "We're not going to have some finite number and fit it into a box. We're really going to let the story dictate that." The article also notes that George Lucas complained there was "nothing new" in The Force Awakens, according to Bob Iger's recent book The Ride of a Lifetime. And though that film was a commercial and critical success, the Times also writes that "Debates over the franchise persisted." "The Last Jedi," for example, was criticized in some circles for going too far in subverting "Star Wars" tropes. Kennedy says the company heeds feedback from "Star Wars" fans. For example, Lucasfilm decided to revive "The Clone Wars" TV series for Disney+ following a prolonged campaign by viewers. "It does matter what they say and what they care about," Kennedy said. "All of those things play a role in our decision making." Aside from films, Lucasfilm has ample "Star Wars" material in the works, especially for Disney+. The studio is working on shows starring Ewan McGregor as Obi-Wan Kenobi and Diego Luna as his rebel spy character from "Rogue One." Additionally, the company is experimenting with new formats. Lucasfilm's ILMxLab, a virtual reality and augmented reality unit founded in 2015, this year released a VR series called "Vader Immortal" that puts users face-to-face with Darth Vader and trains headset users to wield a lightsaber.

Read more of this story at Slashdot.

An anonymous reader quotes USA Today: Two programmers in Las Vegas recently admitted to running two of the largest illegal television and movie streaming services in the country, according to federal officials... An FBI investigation led officials to Darryl Polo, 36, and Luis Villarino, 40, who have pleaded guilty to copyright infringement charges for operating iStreamItAll, a subscription-based streaming site, and Jetflix, a large illegal TV streaming service, federal officials said Friday. With roughly 118,000 TV episodes and 11,000 movies, iStreamItAll provided members with more content than Netflix, Amazon Prime, Hulu and Vudu, according to prosecutors. Polo urged members of iStreamItAll via email to cancel licensed services in favor of pirated content, according to his plea agreement. He also admitted to earning $1 million from his piracy operations, officials said. He also admitted to downloading the content from torrent websites. "Specifically, Polo used sophisticated computer programming to scour global pirate sites for new illegal content; to download, process, and store these works; and then make the shows and movies available on servers in Canada," officials said.

Read more of this story at Slashdot.

California now has one million solar roofs, representing about 14% of all renewable power generated in the state. But solar advocates "said the milestone has come despite escalating efforts by utilities to undermine rooftop solar installations," according to the San Diego Union-Tribune. "They said those attacks include everything from hefty fees on ratepayers to calling for dramatic cuts to the credits residents receive for generating energy from the sun." "We will seek sensible solutions that continue to encourage solar power but don't adversely affect working families who can't afford solar systems," said SDG&E spokesman Wes Jones. Advocates have said that utilities are exaggerating the challenges that rooftop solar creates and downplaying the value it adds to the overall system. "They trot out this cost-shifting argument that looks on the face of it like they care about equity, but really the opposite is true," said Dave Rosenfeld, executive director of the Solar Rights Alliance, a new consumer rights group funded by ratepayers and rooftop solar companies. "If you do the numbers right, solar is contributing to a reduction in the cost of operating the electricity grid now and in the future..." Power providers specifically argued that homeowners with solar panels weren't paying their fair share of the costs associated with building, maintaining and operating the state's extensive energy grid as well as fees associated with state-mandated energy efficiency and other programs. Over the last century, the price tag of expanding the state's electrical infrastructure to service remote communities and hook up to new power plants has largely been socialized, spread evenly over the customer base through rate increases approved by the utilities commission. All of those costs get baked into electric bills, but because the net metering program credits rooftop solar at the retail rate, rather than the wholesale rate, utilities say folks with solar panels have been getting something of a free ride. Utility officials have said that as a result they have had to shift those costs onto customers without solar. "Through the existing net energy metering policy, rooftop solar customers are subsidized by customers without solar rooftops," said Ari Vanrenen, spokesman for PG&E.... Advocates of rooftop solar strongly disagreed with this assessment. They said the technology, especially when paired with batteries, will eventually bring down the cost of electricity for everyone -- specifically by reducing the need for costly upgrades to the power grid. They argued that investor-owned utilities oppose rooftop solar because it will eventually curb the growth model that companies have long used to reward shareholders and pay out large salaries. SDG&E and others have an incentive to build solar out in the desert because it requires building long power lines, which are then used to justify rate hikes, said Bill Powers, a prominent electrical engineering consultant and consumer advocate. The article also points out that some California utilities have raised their minimum bill -- with one specifically saying they were doing it to target solar customers, and another launching a new $65-a-month fee on any customer who installs solar panels.

Read more of this story at Slashdot.

"ICANN has delayed its approval of the sale of .Org to private equity company Ethos Capital by requesting more information," reports Domain Name Wire: According to its contract with Public Interest Registry (PIR) to run .org, ICANN had 30 days from when PIR notified it of the transaction to request more information. It has now done so. After it receives the responses, it has 30 days to either approve or withhold its consent of the registry transfer. The Register recently published two articles criticizing ICANN's "opaque decision-making," while the General Counsel for ICANN has sent a letter to the CEOs of both PIR and ISOC saying they're also "uncomfortable" with the lack of transparency. ICANN is requesting information "related to the continuity of the operations of the .ORG registry, the nature of the proposed transaction, how the proposed new ownership structure would continue to adhere to the terms of our current agreement with Public Internet Registry, and how they intend to act consistently with their promises to serve the .ORG community with more than 10 million domain name registrations... "We acknowledge the questions and concerns that are being raised and directed to ISOC, PIR, and ICANN relating to this change. To ease those concerns and maintain trust in the .ORG community, we urge PIR, ISOC, and Ethos Capital to act in an open and transparent manner throughout this process... "ICANN takes its responsibility in evaluating this proposed transaction very seriously. We will thoughtfully and thoroughly evaluate the proposed acquisition to ensure that the .ORG registry remains secure, reliable, and stable."

Read more of this story at Slashdot.

America's Air Force is seeking proposals for technologies "for operations far beyond geosynchronous Earth orbit, near the moon's orbit," reports SpaceNews: Specific items the Air Force wants: payloads for providing space domain awareness from the lunar surface, lightweight sensors for space-based space domain awareness, and methodologies for orbit determination and catalog maintenance in cislunar space. The Air Force also is interested in concepts for providing position, navigation and timing solutions for cislunar space operations; visualization of cislunar orbits; and terrestrial-based concepts for achieving space domain awareness of cislunar space. The inclusion of cislunar space capabilities in the Small Business Innovation Research program was unexpected, said Shawn Usman, an astrophysicist and founder of the space consulting firm Rhea Space Activity. The industry sees this as a sign that the Air Force, and the future Space Force, are responding to advances made by China, Usman told SpaceNews. "This is definitely a pretty big turning point for the U.S. Air Force, the U.S. 'new space' industry, our near-peer competitors, and for the upcoming Space Force."

Read more of this story at Slashdot.

McGruber quotes IEEE Spectrum: Greg Mills, co-owner of Southwest Engineering Concepts, is suing the state of Arizona's technical registration board to protest being fined for working without an engineering license, which Mills maintains he doesn't need because it doesn't pertain to the type of work he performs. It's the latest case pitting engineers against state licensing agencies that by some accounts have become more aggressive in attempting to regulate who can call themselves an engineer, even as the use of that term becomes more widespread. Meanwhile, licensing proponents maintain it's necessary for the public interest and point out that Arizona statutes have clear definitions of what an engineer is... The central issue is Mills' right to call himself an engineer despite not being a state-licensed professional engineer. Mills, an IEEE Member, has worked as an engineer for three decades, at first for aerospace and tech companies. For the last 10 years, he and his wife have co-owned a three-person engineering consulting firm that makes electronics prototypes and other equipment for startups and small and mid-sized companies that can't afford to hire in-house engineering staff... Mills is represented by the same public interest law firm that helped an Oregon engineer win a similar suit against that stateâ(TM)s engineering licensing agency.

Read more of this story at Slashdot.

Android Authority argues that the new Microsoft Chromium Edge browser "is full of neat tricks" and "packs more features than Firefox": The final major feature is called Apps. Essentially, Apps allows you to download and install web pages and web apps for use without the Edge browser. Previously, you had to find these dedicated web apps via the Microsoft Store, but now Edge handles downloading and managing web apps all in the browser. For example, you can download the Twitter web app via Edge just by visiting the Twitter website and clicking "install this site as an app" from the settings menu. Once installed, you can run the webpage as an app directly from your desktop, taskbar, or start menu like any other piece of software. It's like saving links only better, as some web apps can run offline too. Alternatively, you can install the Android Authority webpage and run it as an app to catch up with the latest news without having to boot up Edge each time. It's pretty neat and something that I intend to use more often. Overall, Edge offers everything you'll want in a web browser and more. Microsoft finally feels on the cutting edge of the internet. The browser does have a smaller range of supported extensions, but you can also manually install Chrome extensions, according to the article. It adds that Microsoft Edge Chromium "typically uses just 70 to 75 percent of the RAM required by Chrome [and] is even more lightweight than Firefox." And while acknowledging that Microsoft's Windows 10 "has its share" of telemetry issues, the article adds that "at no point during my couple of weeks with Edge have I noticed it thrashing my hard drive. "Chrome has a habit of scanning various files on my computer, despite opting out of all the available data sharing options. This isn't great for system performance and raises obvious security questions."

Read more of this story at Slashdot.

An anonymous reader quotes Mike Melanson's "This Week in Programming" column: WebAssembly is a binary instruction format for a stack-based virtual machine and this week, the World Wide Web Consortium (W3C) dubbed it an official web standard and the fourth language for the Web that allows code to run in the browser, joining HTML, CSS and JavaScript... With this week's news, WebAssembly has officially reached version 1.0 and is supported in the browser engines for Firefox, Chrome, Safari, and Internet Explorer, and the Bytecode Alliance launched last month to help ensure "a WebAssembly ecosystem that is secure by default" and for bringing WebAssembly to outside-the-browser use. Of course, not everything is 100% rosy. As pointed out by an article in The Register, WebAssembly also brings with it an increased level of obfuscation of what exactly is going on, giving it an increased ability to perform some surreptitious actions. For example, they cite one study that "found 'over 50 percent of all sites using WebAssembly apply it for malicious deeds, such as [crypto] mining and obfuscation.'" Nonetheless, with WebAssembly gaining this designation by W3C, it is, indeed, time to pay closer attention to the newly nominated Web language standard.

Read more of this story at Slashdot.