DRM

Sega Saturn's DRM Cracked Almost 23 Years After Launch (gamasutra.com) 96

An anonymous reader writes from a report via Gamasutra: The Sega Saturn's DRM has finally been cracked after it hit store shelves nearly 23 years ago in November 1994. Engineer James Laird-Wah first set forth to break through the console's copy protection in an attempt to harness its chiptune capabilities. Laird-Wah has, however, developed a way to run games and other software from a USB stick in the process. Since disc drive failure is a common fault with the game console, his method circumvents the disc drive altogether, instead reworking the Video CD Slot so it can take games stored on a USB stick and run them directly through the Saturn's CD Block. "This is now at the point where, not only can it boot and run games, I've finished just recently putting in audio support, so it can play audio tracks," explained Laird-Wah, speaking to YouTuber debuglive. "For the time being, I possess the only Saturn in the world that's capable of writing files to a USB stick. There's actually, for developers of home-brew, the ability to read and write files on the USB stick that's attached to the device.
Databases

Leaky Database Leaves Oklahoma Police, Bank Vulnerable To Intruders (dailydot.com) 16

blottsie quotes a report from The Daily Dot: A leaky database has exposed the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank. The vulnerability -- which has reportedly been fixed -- was revealed on Tuesday by Chris Vickery, a MacKeeper security researcher who this year has revealed numerous data breaches affecting millions of Americans. The misconfigured database, which was managed by a company called Automation Integrated, was exposed for at least a week, according to Vickery, who said he spoke to the company's vice president on Saturday. Reached on Tuesday, however, an Automation Integrated employee said "no one" in the office was aware of the problem. Vickery was able to retrieve images of various doors, locks, RFID access panels, and the controller board of an alarm system all of which could be previously accessed without a username or password. The database also contained "details on the make, model, location, warranty coverage, and even whether or not the unit was still functional," Vickery said. What's worse is that Automated Integration is far from the only company whose database are left exposed online. "I have a constantly fluctuating list of 50 to 100 similar breaches that need to be reported," he said. "This one just happened to involve a security-related company and government buildings, so it got bumped to the top of my list."
Databases

FBI Has Collected 430,000 Iris Scans In 'Pilot Program' (theverge.com) 32

An anonymous reader writes from a report via The Verge: The Verge has obtained documents that reveal the San Bernardino Sheriff's Department has been collecting iris data from at least 200,000 arrestees over the last two and a half years. The department was collecting an average of 189 iris scans each day in the early months of 2016. The activity is part of a larger pilot program organized by the Federal Bureau of Investigation. "Since its launch in 2013, the program has stockpiled iris scans from 434,000 arrestees, an FBI spokesperson confirmed," reports The Verge. Through information-sharing agreements with various other agencies across the country, the new national biometric database stretches the traditional boundaries of a pilot program, and just barely stays out of reach of privacy mandates. The Verge reports: "A 2013 memo signed by representatives from the FBI and California Department of Justice summarizes responsibilities. At that time, according to the memo, the FBI had more than 30,000 images but did not have a way to search through them. The length of the California program was to be kept at one year, and reassessed after, but the documents show the partnership has been renewed every year since. The FBI would not comment on numbers from any particular source. However, 'operations reports' obtained by The Verge through the California Public Records Act requests the catalogue of the program's progress and suggest the state has been a major asset in the construction of the database. A document dated February of this year lists more than a quarter of a million 'enrollments' in the database from the California Department of Justice. In both 2014 and 2015, according to the document, more than 100,000 records were added to the system. Those scans are sent to the FBI by the California Justice Department, which in turn receives them from three counties: Los Angeles, San Bernardino, and Riverside. Despite its relatively small population, the documents show San Bernardino County made more than 190,000 enrollments alone since 2014, far outpacing Los Angeles and Riverside counties." The pilot program has no privacy impact assessment "because the pilot was conducted with very limited participation for a limited period of time in order to evaluate iris technology," an FBI representative told The Verge. The vast majority of the 430,000 enrollments were added after that determination was made. The bureau is reportedly in the process of creating a privacy impact assessment but there's no word as to when that will be complete. In June, the Government Accountability Office published a report that says the FBI has access to hundreds of millions of photos.
Programming

Linus Torvalds In Sweary Rant About Punctuation In Kernel Comments (theregister.co.uk) 523

An anonymous reader shares a report on The Register: Linus Torvalds has unleashed a sweary rant on the Linux Kernel Mailing List, labelling some members "brain-damaged" for their preferred method of punctuating comments. "Can we please get rid of the brain-damaged stupid networking comment syntax style, PLEASE?" the Linux Lord asked last Friday. "If the networking people cannot handle the pure awesomeness that is a balanced and symmetric traditional multi-line C style comments, then instead of the disgusting unbalanced crap that you guys use now, please just go all the way to the C++ mode."Torvalds despises the following two comment-punctuation styles (with his comments):/* This is disgusting drug-induced
* crap, and should die
*/
and:/* This is also very nasty
* and visually unbalanced */
Torvalds prefers the following two styles:/* This is a comment */ and:/*
* This is also a comment, but it can now be cleanly
* split over multiple lines
*/

Android

Google To Train 2 Million Indian Android Developers (thestack.com) 360

An anonymous reader quotes a report from The Stack: Google has announced its new "Android Fundamentals" training program, which aims to train and certify up to two million Android developers in India. The course, soon to be available online and at schools country-wide, is focused on training, testing, and certifying Android developers to prepare students for careers using Android technology. Google is currently working to update the skills of its existing trainers to prepare them to teach the Fundamentals course, as well as updating course materials to provide students a solid foundation in Android development. The new program works with Prime Minister Narendra Modi's 'Skill India' initiative, launched in 2015 with the intent of training 400 million Indian citizens with new vocational skills by 2022. Caesar Sengupta, VP Product Management for Google, said that while India is forecasted to have the largest developer population in the world by 2018, with almost four million developers, only a quarter of them are currently building for mobile.
Android

Ask Slashdot: How Often Do You Switch Programming Languages? 331

An anonymous Slashdot reader writes: I always see a lot of different opinions about programming languages, but how much choice do you really get to have over which language to use? If you want to develop for Android, then you're probably using Java...and if you're developing for iOS, then you've probably been using Swift or Objective-C. Even when looking for a job, all your most recent job experience is usually tied up in whatever language your current employer insisted on using. (Unless people are routinely getting hired to work on projects in an entirely different language than the one that they're using now...)

Maybe the question I really want to ask is how often do you really get to choose your programming languages... Does it happen when you're swayed by the available development environment or intrigued by the community's stellar reputation, or that buzz of excitement that keeps building up around one particular language? Or are programming languages just something that you eventually just fall into by default?

Leave your answers in the comments. How often do you switch programming languages?
Programming

Assembly Code That Took America to the Moon Now Published On GitHub (qz.com) 74

An anonymous Slashdot reader writes: "The code that took America to the moon was just published to GitHub, and it's like a 1960s time capsule," reports Quartz. Two lines of code include the comment "# TEMPORARY, I HOPE HOPE HOPE," and there's also a quote from Shakespeare's play Henry VI. In addition, the keyboard and display system program is named PINBALL_GAME_BUTTONS_AND_LIGHT, and "There's also code that appears to instruct an astronaut to 'crank the silly thing around.'"

A former NASA intern uploaded the thousands of lines of assembly code to GitHub, working from a 2003 transcription made from scans inherited by MIT from a Colorado airplane pilot, and developers are already using GitHub to submit funny issue tickets for the 40-year-old code -- for example, "Extension pack for picking up Matt Damon". Another issue complains that "A customer has had a fairly serious problem with stirring the cryogenic tanks with a circuit fault present." Because this issue succinctly describes the Apollo 13 mission in 1970, the issue has been marked "closed".

Oracle

Oracle Asks Judge To Throw Out Java/Google Verdict...Again (siliconvalley.com) 122

Just when you thought the six-year, $9 billion lawsuit was over, an anonymous reader quotes this report from the Bay Area Newsgroup: Oracle has asked a judge -- again -- to throw out the verdict that found Google rightfully helped itself to Oracle programming code to create the Android operating system... A judge already rejected a bid in May by Oracle to get the verdict thrown out. But the software and cloud company hasn't given up. On July 6, Oracle filed a motion in San Francisco U.S. District Court again asking the same judge, William Alsup, to toss the verdict.

The company cited case law suggesting use is not legal if the user "exclusively acquires conspicuous financial rewards'' from its use of the copyrighted material. Google, said Oracle, has earned more than $42 billion from Android. "Google's financial rewards are as 'conspicuous' as they come, and unprecedented in the case law," Oracle's filing said. Oracle wants the judge to adhere to the narrower and more traditional applications of fair use, "for example, when it is 'criticism, comment, news reporting, teaching ... scholarship, or research.'"

Java

TIOBE's Language-Popularity Index Sees A New Top 10 Language: Assembly (tiobe.com) 348

TIOBE's "Programming Community Index" measures the popularity of languages by the number of skilled engineers, courses, and third-party vendors. Their July report indicates that Assembly has become one of the 10 most popular languages: It might come as surprise that the lowest level programming language that exists has re-entered the TIOBE index top 10. Why would anyone write code at such a low level, being far less productive if compared to using any other programming language and being vulnerable to all kinds of programming mistakes? The only reasonable explanation for this is that the number of very small devices that are only able to run assembly code is increasing. Even your toothbrush or coffee machine are running assembly code nowadays. Another reason for adoption is performance. If performance is key, nobody can beat assembly code.
The report also noted that CFML (ColdFusion) jumped from #102 to #66, Maple from #94 to #74, and Tcl from #65 to #48. But Java still remains the #1 most-popular language, with C and C++ still holding the #2 and #3 positions. Over the last five years, C# and Python have risen into the #4 and #5 spots (made possible by PHP's drop to the #6 position) while JavaScript now holds the #7 position (up from #9 in 2011). Visual Basic .NET came in at #8, and Perl at #9.
Databases

Researchers Find Over 6,000 Compromised Redis Installations (riskbasedsecurity.com) 30

An anonymous Slashdot reader writes: Security researchers have discovered over 6,000 compromised installations of Redis, the open source in-memory data structure server, among the tens of thousands of Redis servers indexed by Shodan. "By default, Redis has no authentication or security mechanism enabled, and any security mechanisms must be implemented by the end user."

The researchers also found 106 different Redis versions compromised, suggesting "there are a lot of Redis installations that are not upgrading to the most recent versions to fix any known security issues." 5,892 infections were linked to the same email address, with two more email addresses that were both linked to more than 200. "The key take away from this research for us has been that insecure default installations continue to be a significant issue, even in 2016."

Redis "is designed to be accessed by trusted clients inside trusted environments," according to its documentation. "This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket... Redis is not optimized for maximum security but for maximum performance and simplicity."
Businesses

Nintendo Stock Price Up 9% After Pokemon Go Launch (venturebeat.com) 46

An anonymous reader writes: Following the release of the location-based mobile game Pokemon Go, Nintendo's stock is up 9 percent on the Tokyo Exchange. VentureBeat reports: "The iOS and Android app debuted Wednesday evening in the United States, and it has fans outside walking around looking for digital creatures to catch on a GPS-powered world map. The free download shot to No. 1 on the top-grossing chart in less than a day. With that level of demand, developer Niantic is having trouble keeping its servers up, and players are complaining about outages and connection issues. It comes from The Pokemon Company International, which is a separate entity that Nintendo only owns one-third of in partnership with Pokemon developers Creature Inc. and Game Freak. Having even just a piece of the Pokemon Go party should mean significant revenue for Nintendo, but this also keeps the brand relevant."
Open Source

Mesa 12.0 Released With OpenGL 4.3 Support, Intel Vulkan and More (phoronix.com) 24

An anonymous reader writes: Mesa3D developers have announced the release of Mesa 12.0. Mesa 12 notably adds open-source OpenGL 4.3 drivers for Intel, Radeon, and NVIDIA on Linux, and it also integrates the previously open-sourced Intel Vulkan graphics API driver. From the Phoronix analysis, "Mesa 12.0 is easily one of the biggest updates to this important open-source user-space OpenGL driver stack in quite some time and will offer much better support and features especially for Intel, Radeon, and NVIDIA open-source Linux desktop users/gamers." You can download Mesa 3D Graphics Library 12.0.0 here.
Java

Oracle Says It Is 'Committed' To Java EE 8 -- Amid Claims It Quietly Axed Future Development (theregister.co.uk) 66

Media reports, citing anonymous Oracle engineers, noted earlier this week that development of Java EE (Enterprise Edition) projects at Oracle had been "practically ceased" since last fall. This led many to wonder about the future of Java. Well, it's all cosy, says Oracle. The software firm assures that it is "committed" to Java. The Register reports: The Redwood City titan said it will present fresh plans for the future of Java EE 8 at its JavaOne conference in San Francisco in September. Version eight is due to be released in the first half of 2017. However, over the past six months, it appeared Oracle had pretty much ceased development of the enterprise edition -- a crucial component in hundreds of thousands of business applications -- and instead quietly focused its engineers on other products and projects. Oracle spokesman Mike Moeller tonight sought to allay those fears, and said a plan for the future of Java EE is brewing. "Oracle is committed to Java and has a very well defined proposal for the next version of the Java EE specification -- Java EE 8 -- that will support developers as they seek to build new applications that are designed using micro-services on large-scale distributed computing and container-based environments on the Cloud," said Moeller.
Debian

Debian Founder's 2015 Death Ruled A Suicide (theregister.co.uk) 160

gosand writes: According to a story on The Register, the death of Ian Murdock in late 2015 has been ruled a suicide. This news brings some closure to the sad ending of his life. An interesting note from the article that I never knew before: "he was the Ian in Debian; his girlfriend at the time, Debra Lynn, was the Deb." Debian has truly been a cornerstone in the Linux world, and the founder will be missed. The medical report was obtained on Wednesday by CNN journalists.
Security

FBI Director: Guccifer Admitted He Lied About Hacking Hillary Clinton's Email (dailydot.com) 289

blottsie writes from a report via The Daily Dot: The Romanian hacker known as Guccifer (real name Marcel Lehel Lazar) admitted to the FBI that he lied to the public when he said he repeatedly hacked into Hillary Clinton's email server in 2013. FBI Director James Comey testified before members on Congress on Thursday that Guccifer never hacked into Clinton's servers and in fact admitted that he lied. Lazar told Fox News and NBC News in May 2016 about his alleged hacking. Despite offering no proof, the claim caused a huge stir, including making headline news on some of America's biggest publications, which offered little skepticism of his claims. "Can you confirm that Guccifer never gained access to her server?" asked Texas Republican Rep. Blake Farenthold. "He did not. He admitted that was a lie," Comey replied. Lazar is currently imprisoned in Alexandria, Virginia, following his extradition from Romania.
Databases

Baton Rouge Police Database Hacked In Retaliation For Killing of Alton Sterling (dailydot.com) 393

Patrick O'Neill quotes a report from The Daily Dot: Just days after the fatal shooting of a black man by Baton Rouge police prompted international outrage and a Justice Department investigation, the Baton Rouge city government's servers have been hacked and 50,000 city police records leaked including names, addresses, emails, and phone numbers. A hacker that goes by the name @ox2Taylor claimed responsibility for the breach, which was confirmed by security intelligence analyst at Patch Penguin, Jamie-Luke Woodruff. He told the Daily Dot that the administrators of the website had failed to implement proper security measures. When the hacker first announced the hack, he accompanied the tweet with three hashtags revealing the motivation: #AltonSterling, #Hacked, and #BlackLivesMatters. "The reason i did it is because of what that officer did to alton sterling," Taylor told the Daily Dot in a private message. "i'm sick of seeing police abuse their power and all the killings."
Democrats

DOJ Will Not File Charges Against Former Secretary of State Hillary Clinton (politico.com) 801

An anonymous reader writes: After FBI Director James Comey recommended not to indict Hillary Clinton for her email misconduct yesterday, U.S. Attorney General Loretta Lynch said on Wednesday that the Justice Department has decided not to pursue charges against Hillary Clinton or her aids and that the department will close the investigation into her use of a private email server during her tenure as secretary of state. "Late this afternoon, I met with FBI Director James Comey and career prosecutors and agents who conducted the investigation of Secretary Hillary Clinton's use of a personal email system during her time as Secretary of State," Lynch said in a statement on Wednesday. "I received and accepted their unanimous recommendation that the thorough, year-long investigation be closed and that no charges be brought against any individuals within the scope of the investigation."
Crime

Password Sharing Is a Federal Crime, Appeals Court Rules (vice.com) 165

An anonymous reader writes from a report via Motherboard: An appeals court ruled Wednesday that sharing passwords can be a violation of the Computer Fraud and Abuse Act, a catch-all "hacking" law that has been widely used to prosecute behavior that bears no resemblance to hacking. Motherboard reports: "In this particular instance, the conviction of David Nosal, a former employee of Korn/Ferry International research firm, was upheld by the Ninth Circuit Court of Appeals, who said that Nosal's use of a former coworker's password to access one of the firm's databases was an 'unauthorized' use of a computer system under the CFAA. In the majority opinion, Judge Margaret McKeown wrote that 'Nosal and various amici spin hypotheticals about the dire consequences of criminalizing password sharing. But these warnings miss the mark in this case. This appeal is not about password sharing.' She then went on to describe a thoroughly run-of-the-mill password sharing scenario -- her argument focuses on the idea that Nosal wasn't authorized by the company to access the database anymore, so he got a password from a friend -- that happens millions of times daily in the United States, leaving little doubt about the thrust of the case. The argument McKeown made is that the employee who shared the password with Nosal 'had no authority from Korn/Ferry to provide her password to former employees.' At issue is language in the CFAA that makes it illegal to access a computer system 'without authorization.' McKeown said that 'without authorization' is 'an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission.' The question that legal scholars, groups such as the Electronic Frontier Foundation, and dissenting judge Stephen Reinhardt ask is an important one: Authorization from who?"
Digital

Man Builds Giant Homemade Computer To Play Tetris (bbc.com) 127

An anonymous reader quotes a report from BBC: A man has finished building an enormous computer in the sitting room of his bungalow in Cambridge. James Newman started work on the "Megaprocessor," which is 33ft (10m) wide and 6ft (2m) high, in 2012. It does the job of a chip-sized microprocessor and Mr Newman has spent $53,000 creating it. It contains 40,000 transistors, 10,000 LED lights and it weighs around half a ton (500kg). So far, he has used it to play the classic video game Tetris. Mr Newman, a digital electronics engineer, started the project because he was learning about transistors and wanted to visualize how a microprocessor worked. The components all light up as the huge device carries out a task. Mr Newman hopes the Megaprocessor will be used as an educational tool and is planning a series of open days at his home over the summer. You can watch a video demonstration of the monstrosity here.
IOS

Apple To Encourage Organ Donation With Health App (cnet.com) 63

An anonymous reader writes: Apple announced today that its updated Health app, which will be available as part of iOS 10, will allow people to sign-up to be organ donors. The app will use its Medical ID feature, which has been used in the past to keep track of medical and health information, to include the ability to register as a donor of organs, eyes and tissues. The registrations will be forwarded to the National Donate Life Registry, an organization managed by Donate Life of America. All you need to do is tap the registration button in the Health app to volunteer as an organ donor. That adds your status as a donor to an "emergency information" screen that can appear even when the phone is locked. Tapping another button brings up information on organ donation. The demand for organs greatly exceeds the supply, as more than 120,000 Americans are currently waiting for a transplant -- every 10 minutes a new person is added to that waiting list, according to Apple. The feature is currently available for developers, but will be rolling out to the public in the public beta soon.

Slashdot Top Deals