Feed aggregator

Top open source projects in 2018, open source hardware, donation model for sustaining open source projects, and more news

LXer - Sat, 10/27/2018 - 17:08
In this edition of our open source news roundup, we take a look at GitHub and its efforts to protect open source in the EU, a novel idea for sustainable open source, the next FIDO2 security key being open source, and more.

Does Eating Organic Food Help Prevent Cancer?

Slashdot - Sat, 10/27/2018 - 16:37
An anonymous reader quotes USA Today: People who regularly eat organic food are less likely to develop cancer than those who don't, according to a new study out of France. A team of researchers studied 68,946 adult volunteers from France who provided information on how often they ate organic food, drinks and even dietary supplements. Participants were given a score, based on how often they eat organic food ranging from "most of the time" to "never" or "I don't know." During two follow-up appointments, one in 2009 and another in 2016, the researchers then tracked cancer diagnoses, the most prevalent being breast cancer. Other cancers observed included prostate cancer, skin cancer, colorectal cancer, non-Hodgkin lymphomas and lymphomas. People who reported higher organic food scores were less likely to be diagnosed with cancer than the rest of the group. For example, those who consumed the most organic food were 25 percent less likely to have cancer, according to the research. That number grew to more than half when looking at cases of non-Hodgkin lymphoma.

Read more of this story at Slashdot.

What Happens When Telecom Companies Search Your Home For Piracy

Slashdot - Sat, 10/27/2018 - 15:34
ted_pikul writes: Adam Lackman ran TVAddons, a site hosting unofficial addons for Kodi media center. Last year, a legal team representing some of Canada's most powerful telecom and media companies raided his home with a court order -- they searched his apartment, copying hard drives and devices, took his laptop, and shut down his website and Twitter account [which had 100,000 followers]. Now, he's being sued for piracy and sinking deep into debt as he fights to make it to trial. From Motherboard: Lackman did not have to let anybody into his home that morning. But it presented a legal catch-22: if he hadn't, he would be in breach of a court order and could have been subjected to fines or imprisonment. "In high school you learn that if someone doesn't have a warrant, you don't let them into your house," Lackman told me. "I didn't know there was this whole other law where big companies can spend money [on lawyers] and do whatever they want".... Shortly after the search, a federal judge ruled the search unlawful in a procedural hearing. The questioning was an "interrogation," the judge said, without the safeguards normally afforded to defendants, and presenting Lackman with a list of names to snitch on was "egregious." The plaintiffs also did not make a strong enough case that TVAddons was solely intended to enable piracy, the judge decided... The plaintiffs appealed this decision, and in February a panel of three judges -- this time in the federal court of appeals -- overturned the previous decision in its entirety. The search was lawful and conducted within legal parameters, the judges agreed. The list of names was only presented to Lackman to "expedite the questioning process," and "despite a few objectionable questions" the nine-hour question period was not an interrogation, the panel ruled.... Everything that's happened to him so far has occured before a trial where he can argue the facts of how TVAddons operated, and yet the judge who approved the search order and the judge who upheld it on appeal have already effectively ruled that his website was designed to facilitate piracy.... Lackman has already been ordered to pay $55,000 for the legal fees of the companies suing him, according to the article, and he's "already hundreds of thousands of dollars in debt to his own legal team... "[I]n the new Canadian anti-piracy regime led by powerful companies, just being accused of enabling piracy can come with immense personal consequences even before your day in court."

Read more of this story at Slashdot.

Design faster web pages, part 3: Font and CSS tweaks

LXer - Sat, 10/27/2018 - 15:14
Welcome back to this series of articles on designing faster web pages. Part 1 and part 2 of this series covered how to lose browser fat through optimizing and replacing images. This part looks at how to lose additional fat in CSS (Cascading Style Sheets) and fonts. Tweaking CSS First things first: let’s look at where […]

New SystemD Vulnerability Discovered

Slashdot - Sat, 10/27/2018 - 14:34
The Register reports that a new security bug in systemd "can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box" by a malicious host on the same network segment as the victim. According to one Red Hat security engineer, "An attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines, resulting in a denial of service or potential code execution." According to the bug description, systemd-networkd "contains a DHCPv6 client which is written from scratch and can be spawned automatically on managed interfaces when IPv6 router advertisements are received." OneHundredAndTen shared this article from the Register: In addition to Ubuntu and Red Hat Enterprise Linux, systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We're told RHEL 7, at least, does not use the vulnerable component by default. Systemd creator Leonard Poettering has already published a security fix for the vulnerable component -- this should be weaving its way into distros as we type. If you run a systemd-based Linux system, and rely on systemd-networkd, update your operating system as soon as you can to pick up the fix when available and as necessary.

Read more of this story at Slashdot.

Twelve Malicious Python Libraries Found and Removed From PyPI

Slashdot - Sat, 10/27/2018 - 13:34
An anonymous reader writes: A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages used typo-squatting in the hopes a user would install them by accident or carelessness when doing a "pip install" operation for a mistyped more popular package, like Django (ex: diango). Eleven libraries would attempt to either collect data about each infected environment, obtain boot persistence, or even open a reverse shell on remote workstations. A twelfth package, named "colourama," was financially-motivated and hijacked an infected users' operating system clipboard, where it would scan every 500ms for a Bitcoin address-like string, which it would replace with the attacker's own Bitcoin address in an attempt to hijack Bitcoin payments/transfers made by an infected user. 54 users downloaded that package -- although all 12 malicious packages have since been taken down. Four of the packages were misspellings of django -- diango, djago, dajngo, and djanga.

Read more of this story at Slashdot.

How to Install cPanel and WHM on CentOS 7

LXer - Sat, 10/27/2018 - 13:19
cPanel is the most popular and most widely-used control panel for managing and automating web hosting tasks. It is the world’s most intuitive and user-friendly control panel, with a very simple and straight-to-the-point graphical interface. cPanel is a Linux-based web hosting control panel, that utilizes a 3 tier structure for system administrators, resellers and end-user website owners, all via a web-browser. Other than the beautiful user interface, cPanel has command line access and API-based access for third-party software integration, for web hosting providers or developers and administrators to automate their system administration processes. In this tutorial, we will show you how to install WHM and cPanel on CentOS 7.

NASA Revives Hubble Space Telescope After Three-Week Mechanical Failure

Slashdot - Sat, 10/27/2018 - 12:34
"NASA's Hubble Space Telescope returned to normal operations late Friday, Oct. 26, and completed its first science observations on Saturday, Oct. 27 at 2:10 AM EDT," NASA reports. The observations were of the distant, star-forming galaxy DSF2237B-1-IR and were taken in infrared wavelengths with the Wide Field Camera 3 instrument. The return to conducting science comes after successfully recovering a backup gyroscope, or gyro, that had replaced a failed gyro three weeks earlier. A gyro is a device that measures the speed at which the spacecraft is turning, which is necessary to help Hubble turn and lock on to new targets. One of Hubble's gyros failed on Oct. 5, and the spacecraft's operations team activated a backup gyro the next day. However, the backup incorrectly returned rotation rates that were far in excess of the actual rates. Last week the operations team commanded Hubble to perform numerous maneuvers, or turns, and switched the gyro between different operational modes, which successfully cleared what was believed to be blockage between components inside the gyro that produced the excessively high rate values. Next, the team monitored and tested the gyro with additional maneuvers to make sure that the gyro was stable. The team then installed additional safeguards on the spacecraft in case the excessive rate values return, although this is not anticipated... Hubble is now back in its normal science operations mode with three fully functional gyros. Originally required to last 15 years, Hubble has now been at the forefront of scientific discovery for more than 28 years. The team expects the telescope will continue to yield amazing discoveries well into the next decade, enabling it to work alongside the James Webb Space Telescope.

Read more of this story at Slashdot.

Kansas 'Swat' Perpetrator Will Now Plead Guilty To Dozens More Swat Incidents

Slashdot - Sat, 10/27/2018 - 11:34
An anonymous reader quotes NBC News: The California man behind a years-long string of hoax 911 calls -- including one that ended in a Kansas man's death -- wants to plead guilty to all charges, court documents revealed. Tyler Rai Barriss, 25, intends to waive his right to trial and admit guilt to a 46-count federal indictment, according to a document he signed on Oct. 18 and was filed in U.S. District Court on Wednesday. Barriss faces up to life behind bars for his dozens of acts of "swatting" -- calling police to falsely report a serious crime, in hopes of drawing a massive response to the home of an unsuspecting target.... According to the court records, Barriss will admit to dozens of "swatting" incidents all over America between 2015 and the end of 2017, The false alarms connected to Barriss happened in Ohio, Nevada, Illinois, Indiana, Virginia, Texas, Arizona, Massachusetts, MIssouri, Maine, Pennsylvania, New Mexico, Indiana, Michigan, Florida, Connecticut and New York. Barriss performed SWATs if clients sent him $10 over PayPal -- occasionally demanding "upwards of $50," according to a new (possibly pay-walled) article on Wired. A Call of Duty player hired Barriss to SWAT a teammate who'd caused them to lose a $1.50 wager, but his intended target supplied a false address across town which resulted in the fatal police shooting. Both gamers are now "awaiting trial on lesser charges," reports NBC.

Read more of this story at Slashdot.

5 mobile phone battery breakthroughs to watch

LXer - Sat, 10/27/2018 - 11:25
These five developments hold promise for personal productivity and enterprise mobile strategy

Authors of Controversial 'Seattle Minimum Wage' Study Revise Their Conclusions

Slashdot - Sat, 10/27/2018 - 10:34
Seattle's increase in the minimum wage "brought benefits to many workers employed at the time, while leaving few employed workers worse off," reports the New York Times -- citing a new study by the same researchers who'd claimed last year that workers were hurt by the wage increase. "The dire warnings about minimum-wage increases keep proving to be wrong," argues a Bloomberg columnist, in an article shared by gollum123: The authors behind an earlier study predicting a negative impact have all-but recanted their initial conclusions. However, the authors still seem perplexed about why they went awry in the first place.... The increase was an "economic death wish" that was going to tank the expansion and kill jobs, according to the sages at conservative think tanks... Despite their dire forecasts, not only were new restaurants not closing, they were in fact opening; employment in food services and drinking establishments has soared... As we noted in 2017, the study's fatal flaw was that its analysis excluded large multistate businesses with more than one location. When thinking about the impact of raising minimum wages, one can't simply omit most of the biggest minimum-wage employers in the region, such as McDonald's and other fast-food chains, or Wal-Mart and other major retailers... There were two other glaring defects in the first study that are worth mentioning. The first is that its findings contradicted the vast majority research on minimum wages. As was demonstrated back in 1994 by economists Alan Krueger and David Card, modest, gradual wage increases have not been shown to reduce employment or hours worked in any significant way. Ignoring that body of research without a very good reason made the initial University of Washington study questionable at best. Second, there potentially is a problem with having a lead researcher -- economist Jacob Vigdor, whose affiliations among others include the right-leaning Manhattan Institute -- whose impartiality is open to question. Long-time Slashdot reader Martin S. writes that "When the UK introduced the minimum wage we had the same doom and gloom scenarios," adding that "the reality was very different." He argues that increasing the minimum wage "increased productivity so business did not suffer, reduced government spending on benefits, and increased the the velocity of money improving the overall economy. "It had no measurable effect on unemployment."

Read more of this story at Slashdot.

Canonical Releases Statistics Showing Adoption of Snap Packages

Slashdot - Sat, 10/27/2018 - 09:34
Canonical is applauding what it calls "exceptional adoption" of snaps -- and has shared some new statistics about its whole "Snappy" software deployment and package management system. Long-time Slashdot reader AmiMoJo shared this article from Neowin: snaps are seeing 100,000 installs every day on cloud, server, container, desktop and on IoT devices, which works out to around three million installs each month. Of course, these statistics don't only take into account snap installs on Ubuntu, but other distributions too. Canonical said that snaps are supported on 41 Linux distributions including Ubuntu, Debian, Linux Mint, Arch Linux, Fedora, and many more... Snap packages first launched alongside Ubuntu 16.04 which was released in 2016. They have several benefits over typical Linux packages, for example, their dependencies are bundled into the package making them easy to install, they get automatic updates and can be rolled back by the maintainer if issues arise, and they're sandboxed, giving the user more security.

Read more of this story at Slashdot.

Women Who Tech and Mozilla Announce Winners of Women Startup Challenge Europe

LXer - Sat, 10/27/2018 - 09:31
Europe was at the center of a milestone for women in tech today as nonprofit Women Who Tech and tech giant Mozilla announced the winners of the Women Startup Challenge....

With Few US Students Taking CS Classes, Code.org 'Scales Back' Funding For CS Education

Slashdot - Sat, 10/27/2018 - 08:34
"In 2012, most CS teacher professional development was paid for by the National Science Foundation or Google." And in the years that followed, 80,000 primary and secondary school teachers received opportunities to learn how to teach computer science without paying any fees -- thanks to tech-bankrolled Code.org. But is anyone taking the classes? Slashdot reader theodp quotes a Communications of the ACM post by University of Michigan professor Mark Guzdial: In 2013, Code.org began, and they changed the face of CS education in the United States . It started out as just a video (linked here, seen over 14 million times), and grew into an organization that created and provided curriculum, offered teacher professional development, and worked with states and districts around public policy initiatives. A recent report from Code.org showed that 44 states have enacted public policies to promote computing education in the five years from 2013 to 2018, and much of that happened through Code.org's influence.... Now, Code.org has announced that they are starting to scale back their funding, which begins a multi-year transition to shift the burden of paying for teacher professional development to the local regions.... The only question is whether it's too soon. Will local regions step up and demonstrate that they value computer science by paying for it...? I'd guess that many states have between 40% and 70% of their high schools now offering computer science. However, even though many schools offer computer science, there are still few students taking computer science. Indiana reported that only 0.4% of Indiana high school students had enrolled in their most popular course. Meanwhile in one region in Texas, 54 of 159 high schools offer computer science, yet only 2.3% of their students have ever taken a computer science class. But of course, there's another issue. "If Code.org (or NSF or Google) are paying for all the development of CS teachers, then the districts don't get to say, 'In our community we care about this and we care less about that.' The U.S. education system is organized around the local regions calling the shots, setting the priorities, and deciding what they want teachers to teach."

Read more of this story at Slashdot.

Linux whatis Command Tutorial for Beginners (5 Examples)

LXer - Sat, 10/27/2018 - 07:36
Man pages are one of the most useful resources when it comes to understanding command line utilities. A man page, however, contains a lot of details about the command. IIf you are looking for a short help text, the command whatis becomes handy.

Yahoo! $50m! hack! damages! bill!, Russian trolls menaced by Uncle Sam inaction, computer voting-machine UI confusion, and more

TheRegister - Sat, 10/27/2018 - 07:19
Plus, GSA shamed for glacial notification pace

Roundup This week's headlines included buggy cranes, WebEx cockups, and DNS drama.…

Morocco Decides To Scrap Seasonal Time Changes

Slashdot - Sat, 10/27/2018 - 07:00
An anonymous reader quotes a report from the BBC: Morocco has decided to scrap winter time and will instead keep its clocks at summer time, GMT+1, all year around. Greenwich Mean Time (GMT) is the time measured on the Earth's zero degree line of longitude, or meridian. The announcement comes less than two days before the clocks would have gone back by one hour on Sunday. Avoiding the switch would save "an hour of natural light", Administrative Reform Minister Mohammed Ben Abdelkader told Maghreb Arabe Press. The north African nation joins a number of others, mainly in Africa and Asia, which do not use daylight saving.

Read more of this story at Slashdot.

Weekend Reading: Privacy

Linux Journal - Sat, 10/27/2018 - 06:59
by Carlie Fairchild

Most people simply are unaware of how much personal data they leak on a daily basis as they use their computers. Enter this weekend's reading topic: Privacy.

FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid by Matthias Pfau

Seven years ago Tutanota was built, an encrypted email service with a strong focus on security, privacy and open source. Long before the Snowden revelations, Tutanota's team felt there was a need for easy-to-use encryption that would allow everyone to communicate online without being snooped upon.

The Wire by Shawn Powers

In the US, there has been recent concern over ISPs turning over logs to the government. During the past few years, the idea of people snooping on our private data (by governments and others) really has made encryption more popular than ever before. One of the problems with encryption, however, is that it's generally not user-friendly to add its protection to your conversations. Thankfully, messaging services are starting to take notice of the demand. For me, I need a messaging service that works across multiple platforms, encrypts automatically, supports group messaging and ideally can handle audio/video as well. Thankfully, I found an incredible open-source package that ticks all my boxes: Wire.

Facebook Compartmentalization by Kyle Rankin

Whenever people talk about protecting privacy on the internet, social-media sites like Facebook inevitably come up—especially right now. It makes sense—social networks (like Facebook) provide a platform where you can share your personal data with your friends, and it doesn't come as much of a surprise to people to find out they also share that data with advertisers (it's how they pay the bills after all). It makes sense that Facebook uses data you provide when you visit that site. What some people might be surprised to know, however, is just how much. Facebook tracks them when they aren't using Facebook itself but just browsing around the web.

Some readers may solve the problem of Facebook tracking by saying "just don't use Facebook"; however, for many people, that site may be the only way they can keep in touch with some of their friends and family members. Although I don't post on Facebook much myself, I do have an account and use it to keep in touch with certain friends. So in this article, I explain how I employ compartmentalization principles to use Facebook without leaking too much other information about myself.

Protection, Privacy and Playoffs by Shawn Powers

Go to Full Article
Syndicate content