×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

  • Forbes Blasts Latests Windows 7 Patch as Malware

    Forbes contributor Jason Evangelho has nothing good to say about a recent Windows 7 patch that's causing a range of trouble for some users. He writes: If you have Windows 7 set to automatically update every Tuesday, it may be to permanently disable that feature. Microsoft has just confirmed that a recent update — specifically KB 3004394 — is causing a range of serious problems and recommends removing it. The first issue that caught my attention, via AMD’s Robert Hallock, is that KB 3004394 blocks the installation or update of graphics drivers such as AMD’s new Catalyst Omega. Nvidia users are also reporting difficulty installing GeForce drivers, though I can’t confirm this personally as my machines are all Windows 8.1. Hallock recommended manually uninstalling the update, advice now echoed officially by Microsoft. More troubles are detailed in the article; on the upside, Microsoft has released a fix.

    228 comments | 3 days ago

  • Computer Error Grounds Flights In the UK

    Rambo Tribble writes: Reuters reports that flights from Heathrow, Gatwick, and many other airports have been shut down "due to a computer failure." The information comes from European air traffic control body Eurocontrol. No official word as yet as to the nature of the failure. "One source told the BBC the problem was caused by a computer glitch that co-ordinates the flights coming into London and puts the flights in sequence as they come into land or take off. He described it as a 'flight planning tool problem.'" Incoming flights are still being accommodated.

    68 comments | about a week ago

  • AMD Offers a Performance Boost, Over 20 New Features With Catalyst Omega Drivers

    MojoKid writes: AMD just dropped its new Catalyst Omega driver package that is the culmination of six months of development work. AMD Catalyst Omega reportedly brings over 20 new features and a wealth of bug fixes to the table, along with performance increases both on AMD Radeon GPUs and integrated AMD APUs. Some of the new functionality includes Virtual Super Resolution, or VSR. VSR is "game- and engine-agnostic" and renders content at up to 4K resolution, then displays it at a resolution that your monitor actually supports. AMD says VSR allows for increased image quality, similar in concept to Super Sampling Anti-Aliasing (SSAA). Another added perk of VSR is the ability to see more content on the screen at once. To take advantage of VSR, you'll need a Radeon R9 295X2, R9 290X, R9 290, or R9 285 discrete graphics card. Both single- and multi-GPU configurations are currently supported. VSR is essentially AMD's answer to NVIDIA's DSR, or Dynamic Super Resolution. In addition, AMD is claiming performance enhancements in a number of top titles with these these new drivers. Reportedly, as little as 6 percent improvement in performance in FIFA Online to as much as a 29 percent increase in Batman: Arkham Origins can be gained when using an AMD 7000-Series APU, for example. On discrete GPUs, an AMD Radeon R9 290X's performance increases ranged from 8 percent in Grid 2 to roughly 16 percent in Bioshock Infinity.

    73 comments | about a week ago

  • Just-Announced X.Org Security Flaws Affect Code Dating Back To 1987

    An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.

    170 comments | about two weeks ago

  • Linux 3.18 Released, Lockup Bug Still Present

    jones_supa writes As anticipated, Linus Torvalds officially released Linux 3.18. The new version is now out there, though that nasty lockup issue has still yet to be resolved. Dave Jones is nearing the end of dissecting the issue, but since it also affects Linux 3.17 and not too many people seem to get hit by the lockups, Linus Torvalds decided to go ahead and do the 3.18 release on schedule. Linus was also concerned that dragging out the 3.18 release would then complicate the Linux 3.19 merge window due to the holidays later this month. Now the Linux 3.19 kernel merge window is open for two weeks of exciting changes.

    106 comments | about two weeks ago

  • Ask Slashdot: Paying For Linux Support vs. Rolling Your Own?

    schmaustech writes: A lot of businesses pay for Linux support. But at what point does that stop being worth the money? When would a company be better served by setting up their own internal support? When does it make sense for them to write their own patches, which could be submitted back to the community? The inherit risk is that the organization is accountable and accepts the risks if a major bug is encountered within any of the open source applications they are using. What's your perspective on this, and how many major corporations are taking this approach?

    118 comments | about two weeks ago

  • Bad Lockup Bug Plagues Linux

    jones_supa (887896) writes "A hard to track system lockup bug seems to have appeared in the span of couple of most recent Linux kernel releases. Dave Jones of Red Hat was the one to first report his experience of frequent lockups with 3.18. Later he found out that the issue is present in 3.17 too. The problem was first suspected to be related to Xen. A patch dating back to 2005 was pushed for Xen to fix a vmalloc_fault() path that was similar to what was reported by Dave. The patch had a comment that read "the line below does not always work. Needs investigating!" But it looks like this issue was never properly investigated. Due to the nature of the bug and its difficulty in tracking down, testers might be finding multiple but similar bugs within the kernel. Linus even suggested taking a look in the watchdog code. He also concluded the Xen bug to be a different issue. The bug hunt continues in the Linux Kernel Mailing List."

    257 comments | about three weeks ago

  • The People Who Are Branding Vulnerabilities

    antdude points out a story at ZDNet about how the naming of security vulnerabilities and exploits has evolved into branding and awareness campaigns. Heartbleed set the trend early this year, having a distinct name and logo to represent a serious security problem. It seemed to work; the underlying bug got massive exposure, even in the mainstream media. This raises a new set of issues — should the response to the disclosure of a vulnerability be dependent on how catchy its name is? No, but it probably will be. Heartbleed charmed the public, and in a way, it was designed to do so. By comparison Shellshock, POODLE (aka clumsy "Poodlebleed"), Sandworm, the secretively named Rootpipe, Winshock, and other vulns seem like proverbial "red headed stepchildren" — despite the fact that each of these vulns are critical issues, some are worse than Heartbleed, and all of which needed fast responses. The next "big bug" after Heartbleed was Shellshock — real name CVE-2014-6271. Shellshock didn't have a company's pocketbook or marketing team behind it. So, despite the fact that many said Shellshock was worse than Heartbleed (rated high on severity but low on complexity, making it easy for attackers), creating a celebrity out of Shellshock faced an uphill climb.

    64 comments | about three weeks ago

  • Some Early Nexus 6 Units Returned Over Startup Bug

    The Register reports that Motorola has issued a recall for an early batch of its hotly anticipated new Nexus 6 smartphones that were sold through U.S. mobile carrier AT&T, owing to a software glitch that can reportedly causes the devices to boot to a black screen. ... AT&T retail stores have reportedly been told to return their existing inventory of the Nexus 6 and wait for new units to arrive from Motorola, which has already corrected the problem on its assembly line. Any customer who brings a defective unit into an AT&T store will receive a replacement. Motorola's memo to stores says that only initial shipments were affected, and that the problem has been identified. However, as the article mentions, there's thus far less luck for those like me who've found that at least some original Nexus 7 tablets do not play nicely with Lollipop. (The effects look nice, but it's never a good sign to see "System UI isn't responding. Do you want to close it?" on a tablet's screen.)

    39 comments | about a month ago

  • Open Source Self-Healing Software For Virtual Machines

    An anonymous reader writes Computer scientists have developed Linux based software that not only detects and eradicates never-before-seen viruses and other malware, but also automatically repairs damage caused by them. If a virus or attack stops the service, A3 could repair it in minutes without having to take the servers down. The software then prevents the invader from ever infecting the computer again. "It's pretty cool when you can pick the Bug of the Week and it works." (Here's a paper with more details.)

    50 comments | about a month ago

  • Microsoft Patches OLE Zero-Day Vulnerability

    msm1267 writes: Microsoft today released a patch for a zero-day vulnerability under active exploit in the wild. The vulnerability in OLE, or Microsoft Windows Object Linking and Embedding, enables a hacker to remotely execute code on an infected machine, and has been linked to attacks by the Sandworm APT group against government agencies and energy utilities. Microsoft also issued a massive Internet Explorer patch, but warned organizations that have deployed version 5.0 of its Enhanced Mitigation Experience Toolkit (EMET) to upgrade to version 5.1 before applying the IE patches. Version 5.1 resolves some compatibility issues, in addition to several mitigation enhancements.

    37 comments | about a month ago

  • Pitivi Video Editor Surpasses 50% Crowdfunding Goal, Releases Version 0.94

    kxra writes With the latest developments, Pitivi is proving to truly be a promising libre video editor for GNU distributions as well as a serious contender for bringing libre video production up to par with its proprietary counterparts. Since launching a beautifully well-organized crowdfunding campaign (as covered here previously), the team has raised over half of their 35,000 € goal to pay for full-time development and has entered "beta" status for version 1.0. They've released two versions, 0.94 (release notes) being the most recent, which have brought full MPEG-TS/AVCHD support, porting to Python 3, lots of UX improvements, and—of course—lots and lots of bug fixes. The next release (0.95) will run on top of Non Linear Engine, a refined and incredibly more robust backend Pitivi developers have produced to replace GNonLin and bring Pitivi closer to the rock-solid stability needed for the final 1.0 release.

    67 comments | about a month ago

  • NSA Director Says Agency Shares Most, But Not All, Bugs It Finds

    Trailrunner7 writes: When the National Security Agency discovers a new vulnerability that looks like it might be of use in penetrating target networks, the agency considers a number of factors, including how popular the affected software is and where it's typically deployed, before deciding whether to share the new bug. The agency shares most of the bugs it finds, NSA Director Mike Rogers said, but not all of them.

    Speaking at an event at Stanford University, Rogers said that the NSA has been told by President Barack Obama that the default decision should be to share information on new vulnerabilities "The president has been very specific to us in saying, look, the balance I want you to strike will be largely focused on when you find vulnerabilities, we're going to share them. By orders of magnitude, when we find new vulnerabilities, we share them," Rogers said.

    170 comments | about a month and a half ago

  • Another Election, Another Slew of Voting Machine Glitches

    An anonymous reader writes: As Election Day in the U.S. starts to wind down, reports from around the country highlight another round of technological failures at the polls. In Virginia, the machines are casting votes for the wrong candidates. In North Carolina, polling sites received the wrong set of thumb drives, delaying voters for hours. In Michigan, software glitches turned voters away in the early morning, including a city mayor. A county in Indiana saw five of its polling sites spend hours trying to get the machines to boot correctly. And in Connecticut, an as-yet-unspecified computer glitch caused a judge to keep the polls open for extra time. When are we going to get this right?

    388 comments | about a month and a half ago

  • Dangerous Vulnerability Fixed In Wget

    jones_supa writes: A critical flaw has been found and patched in the open source Wget file retrieval utility that is widely used on UNIX systems. The vulnerability is publicly identified as CVE-2014-4877. "It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP server can stomp over your entire filesystem, tweets HD Moore, chief research officer at Rapid 7, who is the original reporter of the bug.

    58 comments | about a month and a half ago

  • OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes

    operator_error notes a report that ownCloud developer Lukas Reschke has emailed the Ubuntu Devel mailing list to request that ownCloud (server) be removed from the Ubuntu repositories because it contains "multiple critical security bugs for which no fixes have been backported," through which an attacker could "gain complete control [of] the web server process." From the article: However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2). Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical. You can follow the discussion @ Ubuntu Devel mailing list. So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service."

    126 comments | about 2 months ago

  • Cisco Fixes Three-Year-Old Telnet Flaw In Security Appliances

    Trailrunner7 writes "There is a severe remote code execution vulnerability in a number of Cisco's security appliances, a bug that was first disclosed nearly three years ago. The vulnerability is in Telnet and there has been a Metasploit module available to exploit it for years. The FreeBSD Project first disclosed the vulnerability in telnet in December 2011 and it was widely publicized at the time. Recently, Glafkos Charalambous, a security researcher, discovered that the bug was still present in several of Cisco's security boxes, including the Web Security Appliance, Email Security Appliance and Content Security Management Appliance. The vulnerability is in the AsyncOS software in those appliances and affects all versions of the products." At long last, though, as the article points out, "Cisco has released a patched version of the AsyncOS software to address the vulnerability and also has recommended some workarounds for customers."

    60 comments | about 2 months ago

  • Software Glitch Caused 911 Outage For 11 Million People

    HughPickens.com writes: Brian Fung reports at the Washington Post that earlier this year emergency services went dark for over six hours for more than 11 million people across seven states. "The outage may have gone unnoticed by some, but for the more than 6,000 people trying to reach help, April 9 may well have been the scariest time of their lives." In a 40-page report (PDF), the FCC found that an entirely preventable software error was responsible for causing 911 service to drop. "It could have been prevented. But it was not," the FCC's report reads. "The causes of this outage highlight vulnerabilities of networks as they transition from the long-familiar methods of reaching 911 to [Internet Protocol]-supported technologies."

    On April 9, the software responsible for assigning the identifying code to each incoming 911 call maxed out at a pre-set limit; the counter literally stopped counting at 40 million calls. As a result, the routing system stopped accepting new calls, leading to a bottleneck and a series of cascading failures elsewhere in the 911 infrastructure. Adm. David Simpson, the FCC's chief of public safety and homeland security, says having a single backup does not provide the kind of reliability that is ideal for 911. "Miami is kind of prone to hurricanes. Had a hurricane come at the same time [as the multi-state outage], we would not have had that failover, perhaps. So I think there needs to be more [distribution of 911 capabilities]."

    115 comments | about 2 months ago

  • Samsung Acknowledges and Fixes Bug On 840 EVO SSDs

    Lucas123 writes: Samsung has issued a firmware fix for a bug on its popular 840 EVO triple-level cell SSD. The bug apparently slows read performance tremendously for any data more than a month old that has not been moved around on the NAND. Samsung said in a statement that the read problems occurred on its 2.5-in 840 EVO SSDs and 840 EVO mSATA drives because of an error in the flash management software algorithm. Some users on technical blog sites, such as Overclock.net, say the problem extends beyond the EVO line. They also questioned whether the firmware upgrade was a true fix or if it just covers up the bug by moving data around the SSD.

    101 comments | about 2 months ago

  • After Negative User Response, ChromeOS To Re-Introduce Support For Ext{2,3,4}

    NotInHere writes: Only three days after the public learned that the ChromeOS project was going to disable ext2fs support for external drives (causing Linux users to voice many protests on websites like Slashdot and the issue tracker), the ChromeOS team now plans to support it again. To quote Ben Goodger's comment: "Thanks for all of your feedback on this bug. We've heard you loud and clear. We plan to re-enable ext2/3/4 support in Files.app immediately. It will come back, just like it was before, and we're working to get it into the next stable channel release."

    183 comments | about 2 months ago

Slashdot Login

Need an Account?

Forgot your password?