Security

Ask Slashdot: Should You Store Medical Details In The Cloud? (caremonkey.com) 262

"Paper forms are a security risk", warns the web site for CareMonkey, which maintains digital and up-to-date medical information in the cloud "for any organization with a duty of care". This is raising concerns for long-time Slashdot reader rolandw, who says he's being asked by his daughter's school to approve using the site to store "her full medical details". CareMonkey say that this data is stored on AWS and their security page says that it is secured by every protocol ever claimed by AWS (apparently). As a sysadmin and developer who has used AWS extensively for non-secure information my alarm bells are sounding.
Should he ignore those alarm bells and approve the storage of his daughter's medical history in the cloud? And if not, what specific reason would you give for refusing?
Oracle

Those 100,000 Lost Air Force Files Have Been Found Again (govexec.com) 36

The Air Force now says it will be able to recover those 100,000 investigation files dating back to 2004, after "aggressively leveraging all vendor and department capabilities." An anonymous reader quotes a report from Government Executive about the mysteriously corrupted database: In a short, four-sentence statement released midday on Wednesday, service officials said the Air Force continues to investigate the embarrassing incident in which the files and their backups were corrupted. "Through extensive data recovery efforts over the weekend and this week, the Air Force has been able to regain access to the data in the Air Force Inspector General Automated Case Tracking System..." the statement reads. Earlier on Wednesday, the Air Force chief of staff said that the effort to recover the files involved Lockheed Martin and Oracle, the two defense contractors that run the database, plus Air Force cyber and defense cyber crime personnel.
The Chief of Staff hopes "there won't be a long-term impact, other than making sure we understand exactly what happened, how it happened and how we keep it from ever happening again." The Air Force is conducting an independent review, while Lockheed Martin is now also performing a separate internal review.
Microsoft

Microsoft Open-Sources 'Checked C,' A Safer C Version (softpedia.com) 208

An anonymous reader writes from a report via Softpedia: Microsoft has open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues. As its name hints, Checked C will add checking to C, and more specifically pointer bounds checking. The company hopes to curb the high-number of security bugs such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts, all which would be easier to catch in Checked C. Despite tangible benefits to security, the problem of porting code to Checked C still exists, just like it did when C# or Rust came out, both C alternatives.
Privacy

GitHub Presses Big Red Password Reset Button After Third-Party Breach (theregister.co.uk) 32

John Leyden, writing for The Register: GitHub has reset the passwords of users targeted in an attack this week that relied on using stolen credentials from a breach at a third-party site. The software repository itself has not suffered a breach. Hackers behind the assault were trying to break into the accounts of users who had inadvisedly used the same login credentials on an unnamed site that had suffered a breach, as a statement by GitHub explains. GitHub said it had reset the passwords on all affected accounts before beginning the process of notifying those affected. "We encourage all users to practise good password hygiene and enable two-factor authentication to protect your account," GitHub sensibly advised.
Businesses

Samsung Buys US Cloud Services Firm Joyent (venturebeat.com) 43

An anonymous reader writes from a report via VentureBeat: Samsung has announced Thursday that it has acquired Joyent, a company with public cloud infrastructure and private cloud software, to help beef-up its software and services around its smartphone business. While terms of the deal weren't disclosed, Samsung did say Joyent will continue to operate as a standalone company. "Until now, we lacked one thing. We lacked the scale required to compete effectively in the large, rapidly growing and fiercely competitive cloud computing market. Now, that changes," Joyent chief executive Scott Hammond wrote in a blog post. With Samsung's brand name and money to invest, Joyent may become more popular and challenge some of the top cloud infrastructure providers like Amazon Web Services, Microsoft Azure, and the Google Cloud Platform. Joyent was the original steward of server-side JavaScript framework Node.js and helped to establish the Node.js Foundation in 2015.
Databases

FBI Can Access Hundreds of Millions of Face Recognition Photos (eff.org) 97

An anonymous reader writes from a report via EFF: The federal Government Accountability Office published a report on the FBI's face recognition capabilities that says the FBI has access to hundreds of millions of photos. According to the GAO report, the FBI's Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to the FBI's Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, but it also has access to the State Department's Visa and Passport databases, the Defense Department's biometric database, and the drivers license databases of at least 16 states. This totals 411.9 million images, most of which are Americans and foreigners who have committed no crimes. In May, it was reported that the FBI is keeping information contained in the NGI database private and unavailable. It argues in a proposal that the database should be exempt from the Privacy Act.
Safari

Safari 10 In macOS Sierra Deactivates Flash, Silverlight and Other Plug-Ins by Default (webkit.org) 114

Apple's web browser Safari 10, which will ship with macOS Sierra, will disable Flash, Java, Silverlight, QuickTime and other plug-ins by default. The move will help the company improve the overall web browsing experience by focusing on HTML5 content. From a post on WebKit blog, authored by Apple's Safari team: When a website directly embeds a visible plug-in object, Safari instead presents a placeholder element with a "Click to use" button. When that's clicked, Safari offers the user the options of activating the plug-in just one time or every time the user visits that website. Here too, the default option is to activate the plug-in only once.
Encryption

Hacker Steals 45 Million Accounts From Hundreds of Car, Tech, Sports Forums (zdnet.com) 47

An anonymous reader quotes a report from ZDNet: A hacker has stolen tens of millions of accounts from over a thousand popular forums, which host popular car, tech, and sports communities. The stolen database contains close to 45 million records from 1,100 websites and forums hosted by VerticalScope, a Toronto-based media company with dozens of major properties, including forums and sites run by AutoGuide.com, PetGuide.com, and TopHosts.com. "We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies," said Jerry Orban, vice-president of corporate development, in an email. In a sample given to ZDNet, the database shows email addresses, passwords that were hashed and salted passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user's IP address (which in some cases can determine location), and the site that the record was taken from. LeakedSource, which confirmed the findings, said in its blog post that it was "likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale." A LeakedSource group member said it was "not related" to the recent hacks against MySpace, LinkedIn, and Tumblr. The report goes on to say: "A cursory search of the list of domains caught up in the hack revealed that none of the sites [ZDNet] checked offered basic HTTPS website encryption, which would prevent usernames and passwords from being intercepted."
Debian

Adios Apt and Yum? Ubuntu's Snap Apps Are Coming To Distros Everywhere (arstechnica.com) 274

An anonymous reader shares an Ars Technica report: Ubuntu's "snappy" new way of packaging applications is no longer exclusive to Ubuntu. Canonical today is announcing that snapd, the tool that allows snap packages to be installed on Ubuntu, has been ported to other Linux distributions including Debian, Arch, Fedora, and Gentoo among others. To install snap packages on non-Ubuntu distributions, Linux desktop and server users will have to first install the newly cross-platform snapd. This daemon verifies the integrity of snap packages, confines them into their own restricted space, and acts as a launcher. Instructions for creating snaps and installing snapd on a variety of distributions are available at this website. Snaps can exist on the same system as either deb or RPM packages. Snaps aren't the only new package manager for Linux distributions that aims to simplify installation of applications. There's also AppImage and OrbitalApps.
Programming

Developer Accuses Apple Of Stealing His Breathe App (www.bgr.in) 170

On Monday at its Worldwide Developer's Conference, Apple announced a new app called Breathe as one of the new headline features for watchOS 3, the latest version of its operating system for Apple Watch. The health-centric app reminds users to take a moment and breathe. But was it company's own idea? App developer Ben Erez is accusing Apple of stealing features from his app. What's worse, he adds that the company even used the same name for its app. Erez tells BGR India in a statement: We've had the same concept, same spelling, same functionality in the App store for phone and watch for over a year. We built the app because the existing mindfulness apps were insufficient in that they all focus on intense sessions of 5-20 minutes, once per day. We wanted a mindfulness experience that was felt throughout the day in smaller bits.
Programming

Apple Introduces New File System AFPS With Tons Of 'Solid' Features (apple.com) 295

On the sidelines of its Worldwide Developer's Conference, Apple also quietly unveiled a new file system dubbed APFS (Apple File System). Here's how the company describes it: HFS+ and its predecessor HFS are more than 30 years old. These file systems were developed in an era of floppy disks and spinning hard drives, where file sizes were calculated in kilobytes or megabytes. Today, solid-state drives store millions of files, accounting for gigabytes or terabytes of data. There is now also a greater importance placed on keeping sensitive information secure and safe from prying eyes. A new file system is needed to meet the current needs of Apple products, and support new technologies for decades to come.Ars Technica dived into the documentation to find that APFS comes with a range of "solid" features including support for 64-bit inode numbering, and improved granularity of object time-stamping. "APFS supports nanosecond time stamp granularity rather than the 1-second time stamp granularity in HFS+." It also supports copy-on-write metadata scheme which aims to ensure that file system commits and writes to the file system journal stay in sync even if "something happens during the write -- like if the system loses power." The new file system offers an improvement over Apple's previous full-disk encryption File Vault application. It also features Snapshots (that lets you throw off a read-only instant of a file system at any given point in time), and Clones. According to the documentation, APFS can create file or directory clones -- and like a proper next-generation file system, it does so instantly, rather than having to wait for data to be copied. From the report: Also interesting is the concept of "space sharing," where multiple volumes can be created out of the same chunk of underlying physical space. This sounds on first glance a lot like enterprise-style thin provisioning, where you can do things like create four 1TB volumes on a single 1TB disk, and each volume grows as space is added to it. You can add physical storage to keep up with the volume's growth without having to resize the logical volume.As the documentation notes, things are in early stage, so it might take a while before AFPS becomes available to general users.
Programming

Programmer Automates His Job For 6 Years, Gets Fired, Realizes He Has Forgotten How To Code 210

An anonymous reader writes: A user on Reddit forum who goes by the alias FiletOfFish1066 (referred to as Mr. Fish hereafter) has been let go by his company after it was discovered that Mr. Fish hadn't actually done anything for six years. Umm, well he did something, but nothing new and productive, his Bay Area-based firm says, which paid him $95,000 (avg) each of these years. When he first got his software testing quality assurance job, he spent eight months automating all of the programming tasks. With all of his tasks fully automated by a computer, he was able to literally sit back and do whatever he wanted. Mr. Fish is pretty despondent in tone after he posted about getting fired from his job. He's upset because he has completely forgotten how to code, having relegated all that work to the computer, and now possesses no marketable skills. But, he also is not stressed financially, having saved up $200,000 during his 6-year long "career."
Education

Apple Introduces Swift Playgrounds App To Teach Kids To Code (theverge.com) 73

An anonymous reader writes: At their Worldwide Developers Conference in San Francisco today, Apple CEO Tim Cook said, "We believe coding should be a required language in all schools." To help achieve this goal, Apple introduced Swift Playgrounds, a new app that is meant to teach kids basic coding skills in Apple's chosen language. It teaches concepts like loops and conditionals, and uses an animated character tasked with performing simple challenges in a digital maze to help make learning fun. The app also offers suggested coding languages and will be completely free. Tim Cook described it as "a powerful new way for kids to learn to code," and went on to compare writing code to basic literacy. "I wish Swift Playgrounds was around when I was first learning to code," said Apple's senior vice president of Software Engineering Craig Federighi. "Swift Playgrounds is the only app of its kind that is both easy enough for students and beginners, yet powerful enough to write real code. It's an innovative way to bring real coding concepts to life and empower the next generation with the skills they need to express their creativity." Apple announced a host of new features and improvements made to iOS and Mac OS X. Not only did they announce that OS X will now be called macOS, but the first version update will be called macOS Sierra. One of the biggest new features of the new OS is support for Siri.
IOS

Apple Announces iOS 10, watchOS 3, and new features for tvOS 86

Also at its annual developer conference, Apple announced major updates to its other platforms: Apple TV, iPhone and iPad, and Apple Watch. Starting with the Apple TV, the company announced that tvOS is getting a new feature called Live-Tune-In which uses Siri to allow users to simply state aloud what channel they want to watch. The company also announced a feature called Single sign-on, a cable networks feature which will let users sign-in to all their Apple TV accounts more efficiently and easily. There's a new TV Remote app for iPhone as well.

watchOS 3 comes with a range of new capabilities as well. Most importantly, it offers much faster app performance, thanks to something Apple calls Instant Launch. It does the job seven times faster than its counterpart in watchOS 2. The Verge reports about other changes: The updated interface includes Control Center, which is accessed via a swipe up from the bottom of the display. The side button has been remapped to launch the dock of recent and running apps instead of the contacts menu. Apple has also added a few new watch faces, including a Minnie Mouse version and new one that more prominently shows activity progress. Watch faces can be changed by swiping across the display. The Reminders and Find Friends apps have been redesigned, and third party apps can also now run in the dock area. The new Scribble feature lets you draw letters on the screen to type out words. It's similar to a feature recently announced for Android Wear.Coming to iPhone and iPad, they will be getting iOS 10 update later this year. One of its coolest feature lets one automatically download apps across all your devices. Apple has also improved its Continuity effort, allowing users to utilize Universal Clipboard. "Basically, snippets of text, hyperlinks, and the like that you copy on one iOS or macOS device will be available on all the others." There is another new feature called Raise to Wake, which wakes up your iPhone when it is lifted. 3D Touch feature has received some improvements, too. Siri now offers more contextual feedback, and it is likely to get even better as Apple has provided developers with SDK for Siri for the first time. The Verge reports: It makes intelligent suggestions based on your current location, calendar availability, contact information, recent addresses, and more. It's Siri growing more and more into the role of an AI or a bot. And yes, it's based on deep learning just like Google's rival system is.Apple Music has been redesigned from scratch, and Apple Maps and Messages are getting some nifty features, and they are also being opened to developers.
Perl

Interviews: Ask Perl Creator Larry Wall a Question 281

Larry Wall created the Perl programming language (as well as the Unix utility patch, and the Usenet client rn ). This Christmas saw the release of Perl 6 -- a "sister" language to the original Perl -- that's also free and open source, after 15 years of development. Now Larry has agreed to give some of his time to answer your questions (joking that "I doubt my remarks will be quite as controversial as, say, Donald Trump's, but I suspect I could say an interesting thing or two...")

Larry also gave one of Slashdot's very first interviews back in 2002 -- so it's high time we had him back for more heartfelt and entertaining insights. Ask as many questions as you'd like, but please, one per comment. (And feel free to also leave your suggestions for who Slashdot should interview next.) We'll pick the very best questions -- and forward them on to Larry Wall himself.
Open Source

Ask Slashdot: What's The Best CMS? 222

Slashdot reader pipingguy recently inherited a 2012 installation of Joomla 1.5.26, and while performing four years worth of updates, began wondering about other content management systems. I've built more than a few static websites (I use Sublime Text 3 or Atom, not some fancy-pants WYSIWYG doohickey) and am quite familiar with CSS, but databases not so much. I've been through lots of online documentation and am a bit bewildered, but I'm following the recommendations regarding backups and the like.

What are Slashdot readers' latest opinions on the three most popular CMSes -- Drupal, Joomla and WordPress? Any tips for me before I accidentally blow away the existing site and have to rebuild everything...?

Leave your educated opinions in the comments...
The Military

Air Force Has Lost 100,000 Inspector General Records (thehill.com) 116

schwit1 shares an article from The Hill: The Air Force announced on Friday that it has lost thousands of records belonging to the service's inspector general due to a database crash. "We estimate we've lost information for 100,000 cases dating back to 2004," Air Force spokeswoman Ann Stefanek told The Hill in an email. "The database crashed and there is no data..." The database, called the Automated Case Tracking System (ACTS), holds all records related to IG complaints, investigations, appeals and Freedom of Information Act requests.... "We also use ACTS to track congressional/constituent inquiries."
The Air Force said they were "aggressively" trying to recover the data, adding that they had no evidence of malicious intent.
Databases

DEA Wants Access To Medical Records Without Warrant (thedailybeast.com) 176

mi writes from a report via The Daily Beast: Unlike in cases of commercially-held data, where the Third Party doctrine allows police warrantless access, prescription drug monitoring databases are maintained by state-governments. The difference is lost to the Obama Administration, which argues that "since the records have already been submitted to a third party (a state's Prescription Drug Monitoring Program) that patients no longer enjoy an expectation of privacy." The DEA has claimed for years that under federal law it has the authority to access the states' prescription drug databases using only an "administrative subpoena." These are unilaterally issued orders that do not require a showing of probable cause before a court, like what's required to obtain a warrant. Some states, like Oregon, fight it; some, like Wisconsin, do not. "The federal government is eager to see all these databases linked," reports The Daily Beast. "The Department of Justice has developed a software platform to facilitate sharing among all state PDMPs. So far 32 states already share their PDMP data through a National Association of Boards of Pharmacy program. The Comprehensive Addiction and Recovery Act (CARA), which passed Congress in March, calls for expanding sharing of PDMP data."
Programming

jQuery 3.0 Stops Supporting Internet Explorer Workarounds (softpedia.com) 80

An anonymous reader writes: Thursday's release of jQuery 3.0 is "the first version that features absolutely no workarounds for old Internet Explorer browsers," reports Softpedia. "If customers are still asking you to work with IE6, IE7, and IE8, then you should stick with jQuery 1.0 for the foreseeable future." The jQuery blog explains that over 18 months of development, "We set out to create a slimmer, faster version of jQuery (with backwards compatibility in mind)... It is a continuation of the 2.x branch, but with a few breaking changes that we felt were long overdue." Besides jQuery's free, open source JavaScript library, they also released a "slim" version that excludes ajax and effects modules (as well as deprecated code), and a new version of the jQuery Migrate plugin.
Communications

Facebook Now Lets Users Comment With a Video (techcrunch.com) 29

An anonymous reader writes: As internet users continue to consume more videos than ever before, Facebook has decided to further add to the trend and officially launch video comments. Users are watching so many videos that the Cisco Visual Networking Index forecasts internet video traffic will represent 82% of all consumer internet traffic by 2020. Facebook said via a blog post that the new feature was developed at Facebook's 50th Hackathon. The team that built the feature included: Bob Baldwin who lead the initiative with Hermes Pique and Sameer Madan working on iOS, Muhammed Ibrahim worked on the web, and Billy Ng worked on Android. Baldwin's past projects consisted of features that let Facebook users include photos or stickers in the comments. The new video comments feature may help Facebook catch up to Snapchat in terms of daily videos viewed on the social media platform.

Slashdot Top Deals