Researchers have found (
Abstract) that the more gruesome a description of a crime is, the more the person hearing the description thinks the perpetrator should be punished. However, if the act was unintentional, the description did not change the severity judged as fair.
When the responses were analyzed, the researchers found that the manner in which the harmful consequences of an action are described significantly influences the level of punishment that people consider appropriate: When the harm was described in a graphic or lurid fashion then people set the punishment level higher than when it was described matter-of-factly. However, this higher punishment level only applied when the participants considered the resulting harm to be intentional. When they considered it to be unintentional, the way it was described didn't have any effect.
Version 14 of XBMC, the popular HTPC software, is changing its name to "Kodi" to further distance itself from its Xbox origins.
The
renaming announcement further explains their reasons:
Six years have passed since the Xbox Media Center became XBMC, and simply put, "XBMC" fits less now than it did even in 2008. The software only barely runs on the original Xbox, and then only because some clever developers are still hacking on that platform. It has never run on the Xbox 360 or Xbox One.
Beyond the nonsensical nature of the software's name, there is a secondary issue. Because "XBMC" was originally based on the name Xbox, the developers of the software (that's us) have never had any sort of legal control over the use of its name, which has resulted in a whole slew of problems.
An
interesting discussion appeared on
MacRumors today pointing to the work of security researcher Karsten Nohl of Berlin's
SR Labs. He has discovered an attack vector exploiting the firmware of generic USB devices. It appears that with the vector involves reprogramming the USB controller software for arbitrary devices which can than emulate other devices to cause a large variety of undesired outcomes (such as emulating a keyboard to type on behalf of a user or spoofing a network card and redirecting web traffic). At present, this attack vector appears to be impossible to prevent or detect with existing software-only security measures. A more detailed discussion of Nohl's work and the associated risk are
available from Wired or the
SR Labs website itself.
A notable quote from the Wired article:
"Blaze speculates that the USB attack may in fact already be common practice for the NSA. He points to a spying device known as Cottonmouth, revealed earlier this year in the leaks of Edward Snowden. The device, which hid in a USB peripheral plug, was advertised in a collection of NSA internal documents as surreptitiously installing malware on a target's machine. The exact mechanism for that USB attack wasn't described. I wouldn't be surprised if some of the things [Nohl and Lell] discovered are what we heard about in the NSA catalogue....The alternative is to treat USB devices like hypodermic needles."
This Friday's distro is
Securepoint Security Solutions, a firewall and VPN distro that offers a full-featured suite of firewall tools designed for enterprisewide deployment. Not only can it protect an internal network from outside attacks, it also helps segregate parts of your internal network and define custom protection rules for each. Securepoint lets you create and manage VPN tunnels for remote users and define traffic filters, reports, and alerts for your entire network. Securepoint Freeware is a very secure and free firewall solution for protecting your Internet gateway. Securepoint can as well be used with existing firewalls and to protect interconnected locations or divisions.
These days a lot of distros are built off of Debian or Ubuntu. This isn't one of them. In fact it appears the distro is simply the software side of a hardware solution they sell at
http://www.securepoint.cc/ along with VPN clients, email archiving storage, and other products aimed for the modern corporation or enterprise.
I've tried building a system like this myself though and realized it's not easy. If they are making it easier to build and manage segregated networks they are probably going to find a ready market interested in this software.
Steven J. Vaughan-Nichols has just reviewed the recently released LibreOffice 4.3, and gives it a thumbs up. It has made huge strides since the OpenOffice.org - LibreOffice "divorce" and this version includes improvements in office format interoperability, spreadsheet performance and usability, comment management, and the arrival of 3D models in Impress.
The program's code quality has also been greatly improved in the last two years. Coverity Scan found the defect density per 1,000 lines of code has shrunk from an above the average 1.11 to an industry leading 0.13 since 2012. According to Coverity, "LibreOffice has done an excellent job of addressing key defects in their code in the short time they have been part of the Coverity Scan service."
Like previous versions, LibreOffice is available for Linux, Mac, and Windows systems. You can also run an older version, LibreOffice 4.2, from the cloud using a Software-as-a-Service (SaaS) model.
With the United Kingdom making LibreOffice's native ODF its default format for government documents, LibreOffice is certain to become more popular. Other cash-strapped governments, such as Italy's Umbria province, have found switching to LibreOffice from Microsoft Office has saved them hundreds of thousands of Euros per thousand PCs.
The release notes are available here. Gentlemen, start your downloading engines!
The Tor network has published the following advisory on the tor-announce mailing list:
SUMMARY
On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.
The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.
The Tor folks confess it's still unclear what "affected" includes:
We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don't know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in deanonymizing users too.
Relays should upgrade to a recent Tor release (0.2.4.23 or 0.2.5.6-alpha), to close the particular protocol vulnerability the attackers used - but remember that preventing traffic confirmation in general remains an open research problem. Clients that upgrade (once new Tor Browser releases are ready) will take another step towards limiting the number of entry guards that are in a position to see their traffic, thus reducing the damage from future attacks like this one. Hidden service operators should consider changing the location of their hidden service."
Today, Digia announced that they will spin off the QT project into its own dedicated company. In 2012, Digia acquired Qt from Nokia and has been maintaining the enterprise and open source versions at qt.digia.com and qt-project.org, respectively. Merging the two branches and forming a dedicated company will allow the developers to focus 100% on Qt while separating development costs from Digia.
Developers in Canada are working on a new security enhanced operating system.