Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Operating Systems

Researchers Bypass ASLR Protection On Intel Haswell CPUs ( 68

An anonymous reader writes: "A team of scientists from two U.S. universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures, including Intel Haswell CPUs, the processor they used for tests in their research," reports Softpedia. The researchers discovered that by blasting the BTB with random data, they could run a successful collision attack that reveals the memory locations where apps execute code in the computer's memory -- the very thing that ASLR protection was meant to hide. While during their tests they used a Linux PC with a Intel Haswell CPU, researchers said the attack can be ported to other CPU architectures and operating systems where ASLR is deployed, such as Android, iOS, macOS, and Windows. From start to finish, the collision attack only takes 60 milliseconds, meaning it can be embedded with malware or any other digital forensics tool and run without needing hours of intense CPU processing. You can read the research paper, titled "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR," here.
Operating Systems

OMGUbuntu: 'Why Use Linux?' Answered in 3 Short Words ( 255

Linux-focused blog OMGUbuntu's Joey-Elijah Sneddon shared a post today in which he is trying to explain why people should Linux. He stumbled upon the question when he typed "Why use" and Google suggested Linux as one of the most frequent questions. From the article: The question posed is not one that I sincerely ask myself very often. The answer has, over the years, become complicated. It's grown into a bloated ball of elastic bands, each reason stretched around and now reliant on another. But I wanted to answer. Helpfully, my brain began to spit out all the predictable nouns: "Why use Linux? Because of security! Because of control! Because of privacy, community, and a general sense of purpose! Because it's fast! Because it's virus free! Because I'm dang-well used to it now! Because, heck, I can shape it to look like pretty much anything I want it to using themes and widgets and CSS and extensions and blingy little desktop trinkets!"

'Cultlike' Devotion: Apple Once Refused To Join Open Compute Project, So Their Entire Networking Team Quit ( 233

mattydread23 writes: Great story about the Open Compute Project from Business Insider's Julie Bort here, including this fun tidbit: "'OCP has a cultlike following,' one person with knowledge of the situation told Business Insider. 'The whole industry, internet companies, vendors, and enterprises are monitoring OCP.' OCP aims to do for computer hardware what the Linux operating system did for software: make it 'open source' so anyone can take the designs for free and modify them, with contract manufacturers standing by to build them. In its six years, OCP has grown into a global entity, with board members from Facebook, Goldman Sachs, Intel, and Microsoft. In fact, there's a well-known story among OCP insiders that demonstrates this cultlike phenom. It involves Apple's networking team. This team was responsible for building a network at Apple that was so reliable, it never goes down. Not rarely -- never. Building a 100% reliable network to meet Apple's exacting standards was no easy task. So, instead of going it alone under Apple's secrecy, the Apple networking team wanted to participate in the revolution, contributing and receiving help. But when the Apple team asked to join OCP, Apple said 'no.' 'The whole team quit the same week,' this person told us."

The Linux Foundation Helps Launch the JS Foundation ( 34

An anonymous reader writes from a report via Softpedia: Today, the Linux Foundation announced the creation of a new entity named the JS Foundation that will serve as an umbrella project and guiding force for various open-source utilities at the heart of the JavaScript ecosystem. The JS Foundation is actually the jQuery Foundation, which was expanded with the help of companies such as IBM and Samsung. With jQuery slowly bowing out to newer tools, the jQuery Foundation's members and their unmatched expertise will most likely be put to good use in managing the slew of new tools making up today's JavaScript landscape. The list of JS Foundation founding members includes Bocoup, IBM, Ripple, Samsung, Sauce Labs, Sense Tecnic Systems, SitePen, StackPath, University of Westminster and WebsiteSetup. In alphabetical order, the JS Foundation's initial projects are Appium, Chassis, Dojo Toolkit, ESLint, Esprima, Globalize, Grunt, Interledger.js, Intern, Jed, JerryScript, jQuery, jQuery Mobile, jQuery UI, Lodash, Mocha, Moment, Node-RED, PEP, QUnit, RequireJS, Sizzle, and webpack. "Using jQuery can constitute the use of a sledgehammer for putting small nails into an Ikea TV stand; however, as a piece of engineering, it really is a thing of beauty," says A. M. Douglas, British freelance web developer. "[T]he word 'jQuery' has become synonymous with 'JavaScript' for many. As of today, jQuery's days as a relevant tool are indeed numbered, but I think jQuery's source code will always have relevance, as it is a brilliant example to study for anybody seeking to learn and master JavaScript," Douglas also adds.

There's Bugs In The Windows 10 Implementation of Bash ( 163

First-time submitter Big O Notation shares "an honest review about the new Ubuntu Bash" that shipped with the Windows 10 Anniversary Update. While it's still officially beta, most of the commands work as expected, and it includes popular programs like the Pico text editor. Here's some of the review's highlights: Pros: You can also manage and manipulate other files inside your entire Hard Disk, even those outside of your Linux home directory.
Cons: Even if you chmod something properly, when you use ls -l the Bash would not show the correct permissions. [And] if you try to create a Folder in your Linux Home Directory by using the Windows GUI, it would be impossible to read and manage it. Don't try this at home.

Microsoft says they've included the Windows Subsystem for Linux primarily as "a tool for developers -- especially web developers and those who work on or with open source projects." One Scandinavian developer has even tried running X on Bash on Ubuntu on Windows, reporting success running simpler programs like xcalc and xclock, as well as Gnome Control Center and xeditor and SciTE. "Things start to fall apart if you try to get more ambitious, though."
GNU is Not Unix

KDE Turns 20, Happy Birthday! ( 127

prisoninmate writes from Softpedia: Can you believe it's been 20 years since the KDE (Kool Desktop Environment) was announced on the 14th of October, 1996, by project founder Matthias Ettrich? Well, it has, and today we'd like to say a happy 20th birthday to KDE! "On October 14, KDE celebrates its 20th birthday. The project that started as a desktop environment for Unix systems, today is a community that incubates ideas and projects which go far beyond desktop technologies. Your support is very important for our community to remain active and strong," reads the timeline page prepared by the KDE project for this event. Feel free to share your KDE experiences in a comment below! You can read the announcement "that started the revolution of the modern Linux desktop," as well as view the timeline "prepared by the KDE team for this unique occasion."
PlayStation (Games)

You Can Now Claim Your Cash In the PS3 'Other PS3' Settlement ( 85

If you've purchased a "fat" PlayStation 3 before April of 2010, you can now claim up to $55 as part of the settlement over the removal of the console's "Other OS" feature. PS3 owners with proof of purchase or evidence of a PSN sign-in from the system can receive $9 from the company. However, if you've used the "Other OS" feature to install Linux on your PS3, you can receive $55. The online claim form can be found here. Ars Technica reports: The opening of claims after a long legal saga that began in March of 2010, when Sony announced it would be removing the "Other OS" feature from the PS3. Sony claimed it was a security concern, but many class-action lawsuits filed in 2010 alleged the company was more worried about software piracy. While one lawsuit over the matter was dismissed by a judge in 2011, another worked its way through the courts until June, when Sony finally decided to settle. Though the company doesn't admit any wrongdoing, it puts itself on the hook for payments to up to 10 million PS3 owners. Note to those affected: "Claims are due by December 7, and payments should be sent out early next year pending final approval of the settlement."
Operating Systems

Ubuntu 16.10 Released, Ready to Download ( 78

After six months of development, Ubuntu 16.10, the latest stable release of the world's most popular desktop Linux distro, is now available to download. The ISO image file of Ubuntu 16.10 is a little larger (up from 1.4GB to 1.5GB). OMGUbuntu talks about the new features (condensed): Ubuntu 16.10 is not a big update over Ubuntu 16.04 LTS, released back in April. If you were hoping it'd be a compelling or must-have upgrade you'll be sadly disappointed. There are a number of small improvements to the Unity desktop and the Compiz window manager that powers it. Improvements that help everything work that little bit faster, and that little bit smoother. Ubuntu 16.10 also performs better in virtual machines thanks to the new Unity Low Graphics Mode. An all-new version of the Nautilus file manager also features, and is packed with some significant UI and UX differences. Plus, as always, there's a newer Linux kernel to enjoy.

Chrome 54 Arrives With YouTube Flash Embed Rewriting To HTML5 ( 76

Krystalo quotes a report from VentureBeat: Google today launched Chrome 54 for Windows, Mac, and Linux. This release is mainly focused on developers, but the improvements to how the browser handles YouTube embeds is also noteworthy. You can update to the latest version now using the browser's built-in silent updater, or download it directly from Chrome 54 rewrites YouTube Flash players to use the YouTube HTML5 embed style. YouTube ditched Flash for HTML5 by default in January 2015, but the old embeds still exist all over the web. Google says the change improves both performance and security for its desktop browser. The report adds that "Chrome also now provides support for the custom elements V1 spec," which allows "developers to create custom HTML tags as well as define their API and behavior in JavaScript." BroadcastChannel API will also be implemented "to allow one-to-many messaging between windows, tabs, iframes, web workers, and service workers." You can read more about Chrome 54 on Google's blog post.

Fedora 25 Beta Released With GNOME 3.22 and Linux Kernel 4.8.1 37

Reader prisoninmate writes: Fedora Project released of the Beta milestone of the upcoming Fedora 25 Linux operating system, due for release in mid-November. Powered by Linux kernel 4.8.1, the Fedora 25 Beta is shipping with the recently released GNOME 3.22 desktop environment, which is enabled by default on top of a Wayland 1.12 session for the Workstation Edition). Of course, you'll also find the latest software versions, including the LibreOffice 5.2.2 office suite, Flatpak 0.6.12, Mozilla Firefox 49.0 web browser, and LibVirt 2.2.0. Additionally, users will find the Mesa 12.0.3 3D Graphics Library for better and faster graphics support, OpenSSH 7.3p1 and OpenSSL 1.0.2j for improved security, Python 3.5.2, Samba 4.5.0, systemd 231, TigerVNC 1.7.0, and the latest Git snapshot of the upcoming X.Org Server 1.19.0 display server. Fedora 25 Beta Workstation is available for download now.

Skype For Linux Adds 'Experimental' Video Calls, Disables Some Alpha Versions ( 42

An anonymous Slashdot reader writes: This morning Skype released version 1.10 of Skype for Linux which includes an "experimental version" of video calls. "We are not quite there. The 1-on-1 video calls work only between Skype for Linux Alpha clients for now," warns an announcement on the Skype forum. "Despite the early phase, we'd like to ask you, the Linux community, to help us with testing. Please let us know how the video works for you."

They're also disabling some older versions of the Skype for Linux Alpha (versions 1.1 through 1.6), saying "Those users will be asked to update to [the] latest version." But after a 20-month lull between releases for the old app, it's refreshing to see a much faster pace for development for this new WebRTC version. It's been less than a month since the release of version 1.8, and two weeks since version 1.9 came out, offering support for system HTTPS proxy.


Why Linus Torvalds Prefers x86 Over ARM ( 149

Linus Torvalds answered a question about his favorite chip architecture at the Linaro Connect conference. An anonymous Slashdot reader quotes PCWorld: People are too fixated with the instruction set and the CPU core, Torvalds said. But ultimately "what matters is all the infrastructure around the instruction set, and x86 has all that infrastructure... at a lot of different levels. It's open in a way that no other architecture is... Being compatible just wasn't as big of a deal for the ARM ecosystem as it has been traditionally for the x86 ecosystem... I've been personally pretty disappointed with ARM as a hardware platform, not as an instruction set, though I've had my issues there, too. As a hardware platform, it is still not very pleasant to deal with."
You can watch the whole half-hour conversation on YouTube. My favorite part is where Linus candidly acknowledges that "sometimes my grumpiness makes more news than my being nice... 99% of the time I'm a very happy manager, and I mentally pat people on the head all the time. That maybe then highlights the times when things don't work so well a bit more."

Linux Foundation Shares LinuxCon Highlights ( 50

An anonymous Slashdot reader writes: The Linux Foundation held its "LinuxCon Europe" this week, "where developers, sys admins, architects and all types and levels of technical talent gather together under one roof for education, collaboration and problem-solving to further the Linux platform." They've now updated their web site with photos and slide presentations.

The 44 presentations included a talk about Linux kernel security subsystem by kernel developer James Morris and an interesting talk by GitHub's Carol Smith arguing that mandatory math requirements can create a "steep barrier to entry" for people trying to launch programming careers. Karsten Gerloff also described how Siemens is making "strategic" use of free software.

Operating Systems

Unity 8 Desktop Session Arrives in Ubuntu 16.10 ( 56

The latest updates to Ubuntu 16.10 Yakkety Yak add a Unity8 desktop session to the Ubuntu login screen. OMGUbuntu adds: Added to the Ubuntu meta package, the new Unity 8 desktop session will be available to try on all new installs and upgrades of Ubuntu 16.10, but only as an alternate login session to Unity 7. Unity 8 is not -- repeat: not -- going to be the default session in this release. Shipping it as a preview session is a great idea. It means to try Unity 8 on Ubuntu 16.10 you won't need to install a set of packages, or faff around with special set-up, or add a PPA. When at the Unity Greeter (aka the login screen) just click the session selector button, followed by 'Unity 8,' and then proceed to login as normal.

Linus Torvalds Says 'Buggy Crap' Made It Into Linux 4.8 ( 294

Two days after Linus Torvalds announced the release of Linux 4.8, he began apologizing for a bug fix gone bad. The Register reports: "I'm really sorry I applied that last series from Andrew just before doing the 4.8 release, because they cause problems, and now it is in 4.8 (and that buggy crap is marked for stable too)." The "crap" in question is an attempt to fix a bug that's been present in Linux since version 3.15. Torvalds rates the fix for that bug "clearly worse than the bug it tried to fix, since that original bug has never killed my machine!" Torvalds isn't happy with kernel contributor Andrew Morton, who he says is debugging with a known bad use of BUG_ON(). "I've ranted against people using BUG_ON() for debugging in the past. Why the f*ck does this still happen?" Torvalds writes, pointing to a 2002 post to the kernel mailing list outlining how to do BUG_ON() right. He later adds "so excuse me for being upset that people still do this shit almost 15 years later."

Slashdot Top Deals