Feed aggregator

Chrome picks up bonus security features on Windows 10

Ars Technica - Fri, 05/02/2016 - 05:15

(credit: Moyan Brenn)

The Windows 10 November update (version 1511, build 10586) included a handful of new security features to provide protection against some security issues that have kept on popping up in Windows for a number of years. Google yesterday added source code support for these features to the Chrome browser, making Windows 10 the best version of Windows to use with Google's browser.

Over the last few years, Windows has had a number of flaws that relate to its font handling. The TrueType and PostScript fonts that Windows supports are complex things, and for historic reasons, much of the code used to handle these fonts runs in Windows' kernel mode. This makes it attractive to attackers: if a bug exists in this font-handling code, it can be used to obtain kernel-level privileges.

Compounding this, the code is also quite exposed: a Word document, for example, can contain its own embedded fonts, and opening the document means that those embedded fonts will be loaded into the kernel. If the fonts are malicious, constructed to exploit bugs in the font-handling code, this can compromise your system simply by opening a document.

Read 11 remaining paragraphs | Comments

There was a massive population crash in Europe over 14,500 years ago

Ars Technica - Fri, 05/02/2016 - 01:35

Europe wasn't a very hospitable place fifteen millennia ago. The westernmost landmass of the Eurasian continent had endured a long ice age, with glaciers stretching across northern Europe and into the region we now call Germany. But suddenly, about 14,500 years ago, things started to warm up quickly. The glaciers melted so fast around the globe that they caused sea levels to rise 52 feet in just 500 years. Meanwhile, the environment was in chaos, with wildlife trying vainly to adjust to the rapid fluctuations in temperature. Humans weren't immune to the changes, either.

A new, comprehensive analysis of ancient European DNA published today in Current Biology magazine by an international group of researchers reveals that this period also witnessed a dramatic shift in the human populations of Europe. Bloodlines of hunter-gatherers that had flourished for thousands of years disappeared, replaced with a new group of hunter-gatherers of unknown origin.

Researchers discovered this catastrophic population meltdown by sequencing the mitochondrial DNA of 35 people who lived throughout Europe between 35 and 7 thousand years ago. Mitochondrial DNA is a tiny amount of genetic material that's inherited virtually unchanged via the maternal line, and thus it serves as a good proxy for relatedness over time. Two people from the same maternal stock share almost the same mitochondrial DNA, even if separated by thousands of years, because this kind of DNA evolves very slowly.

Read 6 remaining paragraphs | Comments

Greed, lies, and Shkreli’s smug “performance”: Lawmakers go ballistic

Ars Technica - Fri, 05/02/2016 - 01:13

Martin Shkreli, former CEO of Turing, smirked his way through Thursday's Congressional hearing. (credit: CSPAN)

WASHINGTON—After Turing Pharmaceutical raised the price of the decades-old, life-saving drug, Daraprim, from $13.50 a pill to $750 last fall—leaving some patients with $16,000 co-pays—Turing executives handed out six-figure bonuses, spent thousands of dollars on a lavish yacht party, and paid a public relations firm to help them shine their tarnished reputation.

The revelations came amid a Thursday hearing by the House Committee on Oversight and Government Reform, which focused on such high-profile cases of drug price-hikes that the committee argues are helping to fuel the soaring costs of healthcare. The committee, chaired by Rep. Jason Chaffetz (R-Ut.), aimed to understand why some drugs’ prices have skyrocketed and figure out how to stop it.

One of the key witnesses they called to testify was Martin Shkreli, Turing’s majority shareholder and former CEO, who was largely responsible for Daraprim’s price hike. Shkreli stepped down as CEO in December, shortly after being indicted on fraud charges for allegedly running a Ponzi-like scheme with two former hedge funds and swindling another former pharmaceutical company, Retrophin, out of millions of dollars. In light of his impending criminal trial, Shkreli said prior to the hearing that he would not answer questions from the lawmakers and would invoke his Fifth Amendment right to avoid self-incrimination. He kept to his word.

Read 21 remaining paragraphs | Comments

Twitter Beefs Are Now Front Page News in The Boston Globe

Wired - Fri, 05/02/2016 - 00:20

In an amazing feat of technological prowess, The Boston Globe has embedded tweets on the front page of its newspaper. Well, not exactly.

The post Twitter Beefs Are Now Front Page News in The Boston Globe appeared first on WIRED.

New FreeBSD Quarterly Status Report published

OS news - Fri, 05/02/2016 - 00:01
The latest FreeBSD Quarterly Status Report is out. Efforts to bring our BSD high standards to new architectures continue, with impressive work on arm64 leading to its promotion to Tier-2 status and a flurry of work bringing up the new RISC-V hardware architecture. Software architecture is also under active development, including system startup and service management. A handful of potential init system replacements are mentioned in this report: launchd, relaunchd, and nosh. Architectural changes originating both from academic research (multipath TCP) and from the realities of industry (sendfile(2) improvements) are also under way. It is heartening to see how FreeBSD provides a welcoming platform for contributions from both research and industry. Everything you need to know to be up to date with FreeBSD.

Google rolling out Marshmallow for Android Wear

OS news - Thu, 04/02/2016 - 23:59
Evidence has been mounting over the last few days and it looks like it's finally happening: Android 6.0 for Wear is starting to roll out. Googler Wayne Piekarski just announced on his Google+ feed that OTAs have begun and should continue over the next few weeks. An official blog post by Google lists some of the new features we can expect in the new firmware, including: newly navigation gestures, audio support on speaker-equipped watches, and expanded support for messaging clients. The update itself seems a bit 'eh', but the interesting thing here is that all Android Wear devices will be getting this update to Marshmallow, even the first generation Wear smartwatches. Goes to show that Google does, in fact, know how to do this - now they just need to apply this to phones and tablets.

Sony further extends PS4’s console sales lead over the 2015 holidays

Ars Technica - Thu, 04/02/2016 - 23:20

Fig. 1: PS4's record-setting holiday quarter shipments easily outpaced estimates for Xbox One shipments over the same time.

4 more images in gallery

.related-stories { display: none !important; }

The last time we checked in on the sales battle between the big name video game consoles, Microsoft had seen its annual sales increase, but not fast enough to catch up to the still-surging PS4. The same trend was apparent in 2015's all-important holiday quarter, which saw Sony continuing to extend its sales lead over the competition.

In recent earnings reports for the fourth calendar quarter last year (October through December), Sony announced shipments of 8.4 million PS4 units to retailers (Fig. 1), a record for the system and a 2 million unit improvement from the 2014 holiday quarter (more on the difference between shipments and "sell-through" below). Nintendo, however, announced 1.87 million shipments of Wii U hardware. That marks the system's second straight year of slight decreases in holiday performance, which came despite the availability of well-regarded 2015 releases like Splatoon and Super Mario Maker.

Read 16 remaining paragraphs | Comments

First Ubuntu Touch Tablet Brings Convergence at Last (Linux.com)

LWN.net - Thu, 04/02/2016 - 23:18
Over at Linux.com, Eric Brown looks at the newly announced Ubuntu Touch tablet. The hardware: "The Aquaris M10 is equipped with a 64-bit, quad-core, Cortex-A53 MediaTek MT8163A system-on-chip clocked to 1.5GHz, along with a high-powered ARM Mali-T720 MP2 GPU. The tablet ships with 2GB of RAM, 16GB flash, and a microSD slot." It is said to have 1920x1200 resolution and an 8 megapixel camera capable of HD recording. The interface will change to take advantage of larger displays and additional input devices (e.g. keyboard, mouse). "It appears that the upcoming Ubuntu 16.04 “Xenial Xerus” LTS release due in April will be the first true convergence release. According to PC World, it will still be optional, however, with a traditional Unity 7 build with X.org available alongside the newly converged Unity 8 with the new Mir display server. The new tablet, and Unity 8, will feature Ubuntu Touch’s Scopes interface, which presents frequently used content and services as an alternative to traditional apps. In addition to automatically changing the interface in response to new screens and input devices, Ubuntu is also providing convergence on the application development level. Developers are already developing single apps that can automatically morph into desktop, phone, and tablet formats."

Marley Natural’s Elegant Pot Gear Is for Smokers Who Say ‘Whoa Sir,’ Not ‘Whoa Dude’

Wired - Thu, 04/02/2016 - 23:01

Marley Natural's accessories look more like Chemex pour-over coffee equipment than the swirled glass tie-dyed pipes you’d normally find in a head shop.

The post Marley Natural’s Elegant Pot Gear Is for Smokers Who Say ‘Whoa Sir,’ Not ‘Whoa Dude’ appeared first on WIRED.

Europe’s top court mulls legality of hyperlinks to copyrighted content

Ars Technica - Thu, 04/02/2016 - 22:40

(credit: Hernán Piñera)

Europe's highest court is considering whether every hyperlink in a Web page should be checked for potentially linking to material that infringes copyright, before it can be used. Such a legal requirement would place an unreasonable burden on anyone who uses hyperlinks, thereby destroying the Web we know and love.

The current GS Media case examining hyperlinks builds on an earlier ruling by the European Union's Court of Justice (CJEU) in 2014. In that case, known as Svensson, the court decided that netizens didn't need a licence from the copyright holder to link to an article that had already been posted on the Internet, where previous permission had been granted by the copyright owner.

Although that was good news for the online world, it left open a related question: what would the situation be if the material that was linked to had not been posted with the copyright owner's permission? Would it still be legal under EU law to link to that pirated copy? Those are the issues that the latest CJEU case seeks to resolve for the whole of the 28-member-state bloc, and its 500 million citizens.

Read 5 remaining paragraphs | Comments

Gas company hit with wrongful death suit over massive natural gas leak

Ars Technica - Thu, 04/02/2016 - 22:10

Protesters and attendants at an Aliso Canyon community meeting. (credit: Cal OES)

In late January, an elderly woman with lung cancer died in the community of Porter Ranch just north of Los Angeles. Shortly thereafter, her family sued Southern California Gas Company (PDF) for wrongful death in connection with a massive natural gas leak that started in the area in late October.

The woman, Zelda Rothman, was diagnosed in spring 2015, several months before the leak started. While the family isn’t asserting that Rothman’s lung cancer was caused by the gas leak, they claim that the leak hastened her death.

Rothman lived less than three miles from the leak, the complaint states, attributing her alleged undoing to her proximity. “Continuously leaking gas exacerbated Ms. Rothman’s condition and disrupted her already fragile health. The gas replaced precious oxygen in the air that she breathed, causing her to suffer from difficult and labored breathing.” Eventually, Rothman had to be placed on an oxygen tank 24 hours a day. The gas also allegedly caused “intense headaches and migraines, among other symptoms.”

Read 8 remaining paragraphs | Comments

Hey, drone owners! Don’t fly at the Super Bowl

Ars Technica - Thu, 04/02/2016 - 22:00

Do not be trying to get aerial shots of Peyton Manning. Thanks, the FAA. (credit: Kevin Baird)

Hey, all you newly minted unmanned air vehicle enthusiasts out there (and especially those of you in the San Francisco Bay area)! The Know Before You Fly campaign has an important message for you: don't bring (or fly) your drone to Super Bowl 50. The campaign—a joint effort of the Association for Unmanned Vehicle Systems International (AUVSI), the Academy of Model Aeronautics (AMA), and the Federal Aviation Administration (FAA)—is urging drone and model aircraft owners to respect the temporary flight restrictions (TFR) covering everywhere in a 32 nautical mile radius around Levi's Stadium in Santa Clara, California, on February 7.

The FAA usually places restrictions on the airspace around any major event with attendance of 30,000 people or more, including sporting events and concerts. But because of its high-security profile, the Super Bowl is getting a much larger no-fly zone than usual. The Super Bowl TFR, which lasts from 2:00pm Pacific Time until midnight, covers almost all of the Bay Area, including all of San Francisco and Oakland to the north and Santa Cruz and most of the northern Monterey Bay coast to the south.

Super Bowl Sunday's flight restriction zone (the two red concentric circles) are a no-fly zone for drones or model aircraft of any kind.

The Know Before You Fly campaign, which operates the website for registering new drones under the FAA's recently announced regulations, is part of a broader effort by the FAA and its industry and nonprofit partners to reduce the risk of drones interfering with commercial and government aircraft or injuring people on the ground. The FAA has also launched a mobile app, called B4UFLY, to allow drone operators to check for TFRs where they are, based on geolocation data. Hint: if you live in a major urban area, you are probably in a restricted flight area, since any hospital or other facility with a helicopter pad qualifies as an "airport" for FAA purposes. The app is in Apple's iOS App Store, and an Android version is in testing now through the Google Play Store (though Ars was unable to access the test version).

Read 1 remaining paragraphs | Comments

Vincent Fourmond: Making oprofile work again with recent kernels

Planet Debian - Thu, 04/02/2016 - 21:54
I've been using oprofile for profiling programs for a while now (and especially QSoas, because it doesn't require specific compilation options, and doesn't make your program run much more slowly (like valgrind does, which can also be used to some extent for profiling). It's a pity the Debian package was dropped long ago, but the ubuntu packages work out of the box on Debian. But, today, while trying to see what takes so long in some fits I'm running, here's what I get:
~ operf QSoas Unexpected error running operf: Permission denied
Looking further using strace, I could see that what was not working was the first call to perf_event_open.
It took me quite a long time to understand why it stopped working and how to get it working again, so here's for those of you who googled the error and couldn't find any answer (including me, who will probably have forgotten the anwser in a couple of months). The reason behing the change is that, for security reason, non-privileged users do not have the necessary privileges since Debian kernel 4.1.3-1; here's the relevant bit from the changelog:

* security: Apply and enable GRKERNSEC_PERF_HARDEN feature from Grsecurity, disabling use of perf_event_open() by unprivileged users by default (sysctl: kernel.perf_event_paranoid)
The solution is simple, just run as root:
~ sysctl kernel.perf_event_paranoid=1
(the default value seems to be 3, for now). Hope it helps !

Theranos Hopes to Fix Its Problems With a … Writer?

Wired - Thu, 04/02/2016 - 21:30

Qualified applicants must be able to "handle stressful situations."

The post Theranos Hopes to Fix Its Problems With a … Writer? appeared first on WIRED.

Iconic Designer Susan Kare Explains How ⌘ Came to Be

Wired - Thu, 04/02/2016 - 21:20

Susan Kare, icon of icons, talks about the creative decisions behind some of the best-loved symbols of the past four decades.

The post Iconic Designer Susan Kare Explains How ⌘ Came to Be appeared first on WIRED.

Mirror’s Edge: Catalyst Gets a Beta Test and New Trailer

Wired - Thu, 04/02/2016 - 21:19

The followup to the excellent free-runner Mirror's Edge is going into closed beta testing before its May 24th release date, Electronic Arts announced today.

The post Mirror’s Edge: Catalyst Gets a Beta Test and New Trailer appeared first on WIRED.

The New DOOM is Coming in May

Wired - Thu, 04/02/2016 - 21:18

Bethesda Softworks' reboot of the classic shooter series is coming out May 13, the company announced today. And it released a new trailer, to boot.

The post The New DOOM is Coming in May appeared first on WIRED.

Nintendo puts its sleep-tracker plans to sleep

Ars Technica - Thu, 04/02/2016 - 21:15

Tellingly left out of this old Nintendo flow chart: the part where it becomes an actual product.

Remember a little over a year ago when Nintendo announced it was taking some of its focus off of making video games and consoles to develop a "Quality of Life" sensor that monitors your sleep? That was weird, right? Apparently, Nintendo has come to this conclusion too, and the company has officially put the effort on hold.

"In regards to the Quality of Life [device], which was not mentioned in any of today’s questions, we do not have the conviction that the sleep-and-fatigue-themed [device] can enter the phase of actually becoming a product,” Nintendo President Tatsumi Kimishima said during an investors Q&A session (translated by Wired). "We no longer have any plans to release it by the end of March 2016."

The remarks echo similar comments Kimishima made to the Japanese newspaper Asahi (as translated by Kotaku), where he said the sleep-tracker is "not yet at the level of a Nintendo product. If we can release it, we’ll release it. If we can’t, then we’ll examine things further."

Read 2 remaining paragraphs | Comments

Android Wear gets wide Marshmallow rollout, adds speaker and LTE support

Ars Technica - Thu, 04/02/2016 - 21:10

The speaker-equipped Android Wear devices: The Huawei Watch (left) and ASUS ZenWatch 2 (49mm) (right). (credit: Google)

The Android 6.0 Marshmallow update for Android Wear is back. The update debuted on the disastrous LG Watch Urbane 2nd Edition LTE in November, but due to "image quality issues," LG pulled the watch from the market after only six days. The Marshmallow Android Wear update seemed to go down with the Watch Urbane, and the update went missing in action for the last two months. According to a post on the Official Android Blog, it's now back and will now roll out to "all Android Wear watches over the next few weeks."

Other than the update to a new base of Android, the new version of Android Wear adds the ability to send an instant message with your voice while specifying the service you want to use. For instance, it's now possible to command "OK Google, Send a WhatsApp message to Nathan: I’ll be right there." Google notes that you can currently call out Google Hangouts, Nextplus, Telegram, Viber, WeChat, and WhatsApp by name.

The other big update feature will require extra hardware—Android Wear now supports speakers. If you have a watch with a speaker, you can listen to audio messages and make calls directly from the watch. (There's no word on audio notifications, though.) Some watches currently on the market actually planned ahead for this and included speakers. Both the Huawei Watch and ASUS ZenWatch 2 (49mm) have included dormant speakers for instance, and with the update these should wake up and function.

Read 3 remaining paragraphs | Comments

Mysterious spike in WordPress hacks silently delivers ransomware to visitors

Ars Technica - Thu, 04/02/2016 - 21:00

If you're a gamer (or anyone else), this is not a screen you want to see. (credit: Bromium Labs)

It's still not clear how, but a disproportionately large number of websites that run on the WordPress content management system are being hacked to deliver crypto ransomware and other malicious software to unwitting end users.

In the past four days, researchers from three separate security firms have reported that a large number of legitimate WordPress sites have been hacked to silently redirect visitors to a series of malicious sites. The attack sites host code from the Nuclear exploit kit that's available for sale in black markets across the Internet. People who visit the WordPress sites using out-of-date versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer can then find their computers infected with the Teslacrypt ransomware package, which encrypts user files and demands a hefty ransom for the decryption key needed to restore them.

"WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads," Malwarebytes Senior Security Researcher Jérôme Segura wrote in a blog post published Wednesday. "This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit."

Read 6 remaining paragraphs | Comments

Syndicate content