Halloween Friday Distro: Ubuntu Satanic Edition

by zafiro17@pipedot.org in linux on 2014-10-31 11:13 (#2TTH)

When I proposed a Linux Distro every Friday, I'd hoped to mostly avoid distros that are simply "Ubuntu plus a theme and/or windowmanager choice" but this week it's impossible. World, meet Ubuntu Linux Satanic Edition, the most appropriate distro for a Halloween Friday. Linux for the Damned is their subtitle, and if you're planning on going off to hell after this and listening to all sorts of awesome death metal in the afterlife, this is probably for you.

So what is it? It's Ubuntu, with a special selection of wallpapers, and a pre-configured Eternity Screensaver set to play the "Eternal Damnation" ray-traced screensaver when it kicks in. I looked around a bit to figure out if there's anything to Ubuntu Satanic other than the screensaver and wallpapers and found something unique: this distro also comes preconfigured with a ton of metal music! I think preloading a soundtrack on a distro might be unique; at least, I am not aware of any other distros that take this approach. Install U/S and you too can enjoy dozens of tunes by the likes of Severed Fifth, Blueprint for Disaster, Music for the Damned, Frontside, Taste of Hell, Holy Pain, and ScapeGoat. To my surprise, most of the artists are French and all of it is licensed freely via Jamendo.

All of this supports U/S's motto: "Ubuntu Satanic Edition is dedicated to combining the best software with the heaviest music." U/S connects you to Ubuntu's own repos, so no worries about the best software consisting of a reduced subset. To those of you who are offended by the presence of a Satanic distro, no worries: there are Ubuntu Muslim Editions and Christian editions as well, all using the same repos - just think about that for a second.

Happy Halloween, Pipedotters! Next time, we'll go back to distros that offer more than superficial skins (although hopefully we'll find some more distros with awesome soundtracks).

Australia poised to introduce controversial data retention laws

by Anonymous Coward in legal on 2014-10-31 10:27 (#2TTE)

The Australian government has introduced data retention laws that are highly controversial. Under the new provisions, all internet data would be retained for two years, leading to additional expenses related to capturing and storing data that would cost Australian internet users $100 to $200 per year each. The data will be used for copyright enforcement and to track the exact location of mobile phone users.

The Australian Pirate Party is incensed, naturally, and states that this policy destroys any semblance of a free society.
“There are far too many flaws in this legislation to enumerate,” said Brendan Molloy, President of the Pirate Party. “There has been no discussion as to why the current retention order provisions are insufficient. This legislation is disproportionate and unnecessary. ‘Metadata’ is ill-defined in such a way as to contain so much information that it is effectively the content of the communication, insofar that it contains the context and location of all communications. This is a massive issue for journalists, whistleblowers, activists, and a whole host of other persons whose activities are in many cases legal but perhaps not in the interests of the state to let happen without some level of harassment.

“There are significant issues relating to cost and security of the data. Steve Dalby of iiNet said yesterday that iiNet would consider storing the data where it is the cheapest, which includes Chinese cloud providers. There will be a significant ‘surveillance tax’ introduced by retailers to cover the costs of storing this data that nobody wants stored.
The data retention laws have been delayed in the legal process, but not stopped. Pipedotter Tanuki64 points out "Sooner or later this bill will go through. It is just a matter of time. Same in Germany. A data retention law was rejected several times, but is reintroduced in almost regular intervals. The interests behind these laws are powerful and they have to succeed only once. Once such a law is enacted, it is almost impossible to repeal it again."

Apple Pay Rival CurrentC Has Been Hacked

by tanuki64@pipedot.org in security on 2014-10-30 16:32 (#2TT4)

story imageTechCrunch reports:
MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments solution CurrentC meant to rival newcomer Apple Pay, has been hacked.
CurrentC is still in its pilot phase. Only emails of the early app testers have been stolen. No payment data or other personal informations. Furthermore since the project is still in the pilot phase, many of those emails belonged to dummy accounts.

Since there might be a war coming between CurrentC, Apple Pay, Google Wallet, and perhaps the established credit card companies, it would be easy to construct a nice conspiracy theory. However: Never ascribe to malice that which is adequately explained by incompetence. And even incompetence does not describe it correctly. The developers of each of those systems on the one side are probably vastly outmatched by the black hats, who try break it, on the other side. And the black hats just need to find one single implementation error, while the developers have to anticipate everything. I cases like this, where real money can be made, the Linus's Law is definitely applicable.

What does it mean for the customers? They should be extra careful. Neither Apple, nor Google, nor MCX have much experience as payment service providers. Their technologies are new and most certainly will have weaknesses, which is bad. But also for the courts these system will be uncharted waters. For a duped user this might even be worse. So before using one of those shiny new and convenient payment options: Read the fine print in the contracts. Check who carries the risk and the burden of proof in case of a misuse.

ChromeOS and Android to remain separate for now

by zafiro17@pipedot.org in mobile on 2014-10-29 12:31 (#2TS3)

CNET just interviewed Brian Rakowski, Google's vice president of product management for Android, who has confirmed that the two teams in charge of the Android mobile device software and the Chrome OS software for PCs [should] work together much more. But that won't mean sweeping changes, at least for now.

"There's no plans to change the way the products work," said Rakowski. That might be disappointing to fans of Android who were hoping to see convergence of the two product lines as a result of internal reorganization that sees both Android and Chrome being developed under the same division.
Android and Chrome, both headed by Google Senior Vice President Sundar Pichai, are important businesses to Google. The company's cash cow is still search and advertising -- now a $50 billion a year business -- but Google CEO and co-founder Larry Page has called Android "the future" of the company.
There's some more, related commentary at OSNews.

wget prior to 1.16 allows for a web server to write arbitrary files on the client side

by Anonymous Coward in security on 2014-10-29 12:25 (#2TS1)

Here's a concern for most of us. Be aware that the popular program wget, in versions prior to 1.16, allows for a FTP server to write arbitrary files on the client side. Wget is commonly used in shell scripts to get files or web pages from servers for further processing locally. Wget has many other uses as well, and is an important part of much command line sorcery.

A Metasploit module is available for testing:

https://github.com/rapid7/metasploit-framework/pull/4088

the disclosure is here:

https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access

Redhat's bug is here:

https://bugzilla.redhat.com/show_bug.cgi?id=1139181

Orbital Sciences' Antares rocket and Cygnus cargo spacecraft explodes moments after launch

by evilviper@pipedot.org in space on 2014-10-29 00:27 (#2TRQ)

story imageAn unmanned NASA-contracted rocket exploded early Tuesday evening along the eastern Virginia coast, causing a huge fireball. Video shows the rocket rising into the air for a few seconds before an explosion. It then plummets back to Earth, causing more flames as it hits the ground. NASA tweeted that the failure occurred six seconds after launch. Afterward, the launch director said on NASA's feed that all personnel were accounted for and that no injuries were reported.

According to NASA, the Orbital Sciences Corp.'s Antares rocket and Cygnus cargo spacecraft were set to launch at 6:22 p.m. ET from the Wallops Flight Facility along the Atlantic Ocean. It was set to carry some 5,000 pounds of supplies and experiments to the International Space Station. Since the end of NASA's space shuttle program, it has relied on private companies -- specifically Orbital Sciences and SpaceX -- to bring materials to the space station, albeit using NASA facilities for launch. Tuesday's launch was supposed to be the fourth flight for Orbital until it ended, as the company acknowledged in a statement, in "catastrophic failure." Marking the first accident since NASA turned to private operators to deliver cargo to the International Space Station.

Verizon Wireless uniquely identifies your traffic for all to see

by tierack@pipedot.org in internet on 2014-10-28 16:06 (#2TRD)

Wired reports that Verizon inserts a unique identifier into all HTTP requests going over its wireless network, subverting Do Not Track, private browsing sessions, using different browsers, or moving around their network. Verizon has an opt out page, but it only opts you out of having it being used by Verizon and its partners from targeting ads based on it. Obviously, anyone else seeing the headers are under no agreement to not use them to build a profile of you. There are anecdotal reports AT&T may be doing the same. Security researcher Kenneth White set up a page to check for this header with more information.

More than 350,000 AT&T customers apply for "cramming" refunds

by evilviper@pipedot.org in legal on 2014-10-28 15:50 (#2TRC)

After spending most of the last decade profiting off of cramming, AT&T this month was finally held accountable by the government and fined $105 million by the FTC, FCC, and state governments. A similar investigation is ongoing again T-Mobile, and you can likely expect similar settlements in time with both Verizon and Sprint, who also turned a blind eye for years while scammers bilked their customers (because they netted 30-40% of the profits). The FTC case against AT&T is a great read detailing at length how AT&T not only turned a blind eye to the scams, but actually made it harder for customers to identify they were being scammed and to obtain refunds.

With the customer refund process underway, the FTC tells Time that more than 359,000 customers have already applied for refunds, with many many more expected. AT&T of course generates $105 million in about the time it took me to write this post, and the money they made off these scams was potentially dozens of times larger than the fine. Still, it's nice to see the government do its job when big companies are involved, as for most of the decade the FTC and FCC ignored how large carriers helped make these scams possible. Customers need to file their claim before May 1, 2015.

FCC Postpones Auction Of Broadcast TV Spectrum To 2016

by evilviper@pipedot.org in mobile on 2014-10-27 06:20 (#2TQT)

The FCC has been working on a voluntary auction of broadcast TV frequencies for years, with plans to have it take place in mid-2015. But today the agency says it will postpone the sale to early 2016 as it grapples with a lawsuit from the National Association of Broadcasters complaining that many TV stations would end up with reduced coverage areas. Supporters of the auction say that unless wireless service providers have more spectrum, the fast-growing ranks of consumers using smart phones, tablets, and other mobile devices will face dropped calls, dead zones, slow speeds, and high prices. The Obama administration is eager to free up 300MHz of bandwidth over five years, and 500MHz over a decade. That will be hard to accomplish without help from broadcasters – the biggest users of spectrum outside of the military, and operating on frequencies with propagation characteristics that are particularly desirable for mobile service providers.

The FCC has also said that its auction could be a windfall for some stations because they would share some of the proceeds. In fact a full-power TV station in Los Angeles could get as much as $570 million for its spectrum in the federal incentive auction. It's little wonder, then, that Los Angeles area public broadcast stations KCET and KLCS already announced joining forces to split a single over-the-air broadcast television channel, even as their business and programming operations remain separate, in order to free a channel for auction.

This delay comes shortly after the FCC pushed back the digital switch-over date for translators and low-power TV stations (from September 2015) allowing them another year to see how the auction results will affect their licenses, but now may require yet another delay. Which seems just as well, as the spectrum auction actually gives no consideration to their facilities at all, likely repurposing their channels, with no guarantee there will be any others slots left available for them to switch over to. This has some lawmakers taking-up their cause trying to ensure the survival of small community TV stations, and all broadcast TV in remote areas.

New G.fast standard offers gigabit DSL over short distances

by evilviper@pipedot.org in hardware on 2014-10-25 20:30 (#2TQA)

story imageAt the Broadband World Forum in Amsterdam this week, several companies are announcing and demonstrating products that bring DSL -- or digital subscriber line -- into a future with a speed of 1 gigabit per second. That's about 1,000 times the data-transfer speed the technology offered when it arrived in the late 1990s. The DSL upgrade comes through a new technology called G.fast. The technology should arrive in homes starting in 2016.

Much of the world doesn't have cable-TV infrastructure at all, and still less of it has fiber-optic connections. Phone networks, though, are widely used, and covered about 422 million DSL subscribers globally in 2013, according to analyst firm IHS. That should rise to 480 million by 2018. But reflecting the competitive threat to DSL equipment makers, fiber optic links are expected to spread much more rapidly -- from 113 million in 2013 to 200 million in 2018. European customers are likely to favor G.fast in particular, Triductor CEO Tan Yaolong said. That's because labor costs are very high in that region, which discourages extensive renovation projects.

To meet its full gigabit-per-second potential, G.fast connections will require broadband providers to use network equipment close to the customers' buildings -- 50 meters (about 160 feet) or less. A 200-meter distance will still be good enough for about 600Mbps. That's why broadband providers have been placing their network gear closer to homes -- often in boxes under sidewalks, in cabinets by roads, or boxes attached to telephone poles. That's also why it's so expensive to upgrade broadband networks: the ISPs have had to extend their networks to bring that network gear closer to their customers.
12345678910...