Tuesday July 07, 2015

Slashdot: Mozilla's Plans For Firefox: More Partnerships, Better Add-ons, Faster Updates

(posted on Tuesday July 07, 2015 at 15:02 AWST)

An anonymous reader writes: Mozilla is reexamining and revamping the way it builds, communicates, and decides features for its browser. In short, big changes are coming to Firefox. Dave Camp, Firefox's director of engineering, sent out two lengthy emails, just three minutes apart: Three Pillars and Revisiting how we build Firefox. Both offer a lot more detail into what Mozilla is hoping to achieve.

Read more of this story at Slashdot.

SC Magazine: Hacking Team tells clients to stop using its spyware

(posted on Tuesday July 07, 2015 at 13:18 AWST)

Government spy ops could be exposed.

Slashdot: Extreme Reduction Gearing Device Offers an Amazing Gear Ratio

(posted on Tuesday July 07, 2015 at 12:32 AWST)

ErnieKey writes: The 3D printed extreme reduction gearing device, created by long-time puzzle maker M. Oskar van Deventer, may leave you puzzled for its obvious applications, but the coaxial cranking mechanism offers potential in a variety of real-world applications with multi-colored gears that move in opposite directions at a ratio of 11,373,076 : 1. This 3D printed reduction gearing device is compact and multi-colored, and looks deceivingly simple at first glance. Developed through a complex algorithm, it could possibly offer potential as parts for machines like 3D printers, aerospace and automotive components, as well as perhaps robotics and a variety of motors.

Read more of this story at Slashdot.

SC Magazine: When spyware merchants get hacked

(posted on Tuesday July 07, 2015 at 12:30 AWST)

Hacking Team attack points to bad business practices all round.

SC Magazine: Lloyds Bank trials NFC for app authentication

(posted on Tuesday July 07, 2015 at 11:33 AWST)

'Tap to bank' removes need for a phone call.

SC Magazine: DFAT's SATIN overhaul escapes audit

(posted on Tuesday July 07, 2015 at 10:21 AWST)

Shared services in the spotlight.

SC Magazine: Apple files patent for Watch handshake payments

(posted on Tuesday July 07, 2015 at 10:15 AWST)

Bumps and hugs will transfer funds.

Slashdot: Click-Fraud Trojan Politely Updates Flash On Compromised Computers

(posted on Tuesday July 07, 2015 at 10:07 AWST)

jfruh writes: Kotver is in many ways a typical clickfraud trojan: it hijacks the user's browser process to create false clicks on banner ads, defrauding advertisers and ad networks. But one aspect of it is unusual: it updates the victim's installation of Flash to the most recent version, ensuring that similar malware can't get in.

Read more of this story at Slashdot.

Slashdot: How Bad User Interfaces Can Ruin Lives

(posted on Tuesday July 07, 2015 at 08:18 AWST)

Lauren Weinstein writes: A couple of months ago, in "Seeking Anecdotes Regarding 'Older' Persons' Use of Web Services," I asked for stories and comments regarding experiences that older users have had with modern Web systems, with an emphasis on possible problems and frustrations. I purposely did not define "older" — with the result that responses arrived from users (or regarding users) self-identifying as ages ranging from their 30s to well into their 90s (suggesting that "older" is largely a point of view rather than an absolute). Before I began the survey I had some preconceived notions of how the results would appear. Some of these were proven correct, but overall the responses also contained many surprises, often both depressing and tragic in scope. The frustration of caregivers in these contexts was palpable. They'd teach an older user how to use a key service like Web-based mail to communicate with their loved ones, only to discover that a sudden UI change caused them to give up in frustration and not want to try again. When the caregiver isn't local the situation is even worse. While remote access software has proven a great boon in such situations, they're often too complex for the user to set up or fix by themselves when something goes wrong, remaining cut off until the caregiver is back in their physical presence.

Read more of this story at Slashdot.

Slashdot: Prototype Wave Energy Device Passes Grid-Connected Pilot Test

(posted on Tuesday July 07, 2015 at 07:35 AWST)

coondoggie writes: A prototype wave energy device advanced with backing from the Energy Department and U.S. Navy has passed its first grid-connected open-sea pilot testing. According to the DOE, the device, called Azura, was recently launched and installed in a 30-meter test berth at the Navy's Wave Energy Test Site (WETS) in Kaneohe Bay, on the island of Oahu, Hawaii. This pilot testing is now giving U.S. researchers the opportunity to evaluate the long-term performance of the nation’s first grid-connected 20-kilowatt wave energy converter (WEC) device to be independently tested by a third party—the University of Hawaii—in the open ocean, the DOE said.

Read more of this story at Slashdot.

Slashdot: Supercomputing Cluster Immersed In Oil Yields Extreme Efficiency

(posted on Tuesday July 07, 2015 at 06:52 AWST)

1sockchuck writes: A new supercomputing cluster immersed in tanks of dielectric fluid has posted extreme efficiency ratings. The Vienna Scientific Cluster 3 combines several efficiency techniques to create a system that is stingy in its use of power, cooling and water. VSC3 recorded a PUE (Power Usage Efficiency) of 1.02, putting it in the realm of data centers run by Google and Facebook. The system avoids the use of chiillers and air handlers, and doesn't require any water to cool the fluid in the cooling tanks. Limiting use of water is a growing priority for data center operators, as cooling towers can use large volumes of water resources. The VSC3 system packs 600 teraflops of computing power into 1,000 square feet of floor space.

Read more of this story at Slashdot.

Slashdot: Philips Is Revolutionizing Urban Farming With New GrowWise Indoor Farm

(posted on Tuesday July 07, 2015 at 06:09 AWST)

Kristine Lofgren writes: With arable land dwindling and the cost — both economically and environmentally — of growing and transporting food increasing, it's time to redefine farming. So Philips is creating a revolution with their new GrowWise indoor farm, which uses customized 'light recipes' in high-tech cells to grow plants that don't need pesticides or chlorine washes, and use a fraction of the water that traditional farming requires. The system can churn out 900 pots of basil a year in just one square meter of floor space, and bees keep things humming year-round for farming that is truly local, even in the middle of a city.

Read more of this story at Slashdot.

Rusty Russell: Bitcoin Core CPU Usage With Larger Blocks

(posted on Tuesday July 07, 2015 at 05:58 AWST)

Since I was creating large blocks (41662 transactions), I added a little code to time how long they take once received (on my laptop, which is only an i3).

The obvious place to look is CheckBlock: a simple 1MB block takes a consistent 10 milliseconds to validate, and an 8MB block took 79 to 80 milliseconds, which is nice and linear.  (A 17MB block took 171 milliseconds).

Weirdly, that’s not the slow part: promoting the block to the best block (ActivateBestChain) takes 1.9-2.0 seconds for a 1MB block, and 15.3-15.7 seconds for an 8MB block.  At least it’s scaling linearly, but it’s just slow.

So, 16 Seconds Per 8MB Block?

I did some digging.  Just invalidating and revalidating the 8MB block only took 1 second, so something about receiving a fresh block makes it worse. I spent a day or so wrestling with benchmarking[1]…

Indeed, ConnectTip does the actual script evaluation: CheckBlock() only does a cursory examination of each transaction.  I’m guessing bitcoin core is not smart enough to parallelize a chain of transactions like mine, hence the 2 seconds per MB.  On normal transaction patterns even my laptop should be about 4 times faster than that (but I haven’t actually tested it yet!).

So, 4 Seconds Per 8MB Block?

But things are going to get better: I hacked in the currently-disabled libsecp256k1, and the time for the 8MB ConnectTip dropped from 18.6 seconds to 6.5 seconds.

So, 1.6 Seconds Per 8MB Block?

I re-enabled optimization after my benchmarking, and the result was 4.4 seconds; that’s libsecp256k1, and an 8MB block.

Let’s Say 1.1 Seconds for an 8MB Block

This is with some assumptions about parallelism; and remember this is on my laptop which has a fairly low-end CPU.  While you may not be able to run a competitive mining operation on a Raspberry Pi, you can pretty much ignore normal verification times in the blocksize debate.


 

[1] I turned on -debug=bench, which produced impenetrable and seemingly useless results in the log.

So I added a print with a sleep, so I could run perf.  Then I disabled optimization, so I’d get understandable backtraces with perf.  Then I rebuilt perf because Ubuntu’s perf doesn’t demangle C++ symbols, which is part of the kernel source package. (Are we having fun yet?).  I even hacked up a small program to help run perf on just that part of bitcoind.   Finally, after perf failed me (it doesn’t show 100% CPU, no idea why; I’d expect to see main in there somewhere…) I added stderr prints and ran strace on the thing to get timings.

Comments

SC Magazine: Rural dwellers employ elaborate setups for internet

(posted on Tuesday July 07, 2015 at 05:35 AWST)

Review submissions raise satellite concerns.

Slashdot: What Goes Into a Decision To Take Software From Proprietary To Open Source

(posted on Tuesday July 07, 2015 at 05:26 AWST)

Lemeowski writes: It's not often that you get to glimpse behind the curtain and see what led a proprietary software company to open source its software. Last year, the networking software company Midokura made a strategic decision to open source its network virtualization platform MidoNet, to address fragmentation in the networking industry. In this interview, Midokura CEO and CTO Dan Mihai Dumitriu explains the company's decision to give away fours years of engineering to the open source community, how it changed the way its engineers worked, and the lessons learned along the way. Among the challenges was helping engineers overcome the culture change of broadcasting their work to a broader community.

Read more of this story at Slashdot.

Slashdot: More Supermassive Black Holes Than We Thought!

(posted on Tuesday July 07, 2015 at 04:43 AWST)

LeadSongDog writes: The Royal Astronomical Society reports five supermassive black holes (SMBHs) that were previously hidden by dust and gas have been uncovered. The discovery suggests there may be millions more supermassive black holes in the universe than were previously thought. George Lansbury, a postgraduate student in the Centre for Extragalactic Astronomy, at Durham University, said: “For a long time we have known about supermassive black holes that are not obscured by dust and gas, but we suspected that many more were hidden from our view. Thanks to NuSTAR for the first time we have been able to clearly see these hidden monsters that are predicted to be there, but have previously been elusive because of their ‘buried’ state. Although we have only detected five of these hidden supermassive black holes, when we extrapolate our results across the whole Universe then the predicted numbers are huge and in agreement with what we would expect to see.”

Read more of this story at Slashdot.

SC Magazine: Hardware failure hits iiNet broadband, 3G data

(posted on Tuesday July 07, 2015 at 04:42 AWST)

Mobile broadband data services affected throughout Australia.

Slashdot: "We Screwed Up," Says Reddit CEO In Formal Apology

(posted on Tuesday July 07, 2015 at 04:00 AWST)

An anonymous reader writes: After moderators locked up some of Reddit's most popular pages in protest against the dismissal of Victoria Taylor, and an online petition asking the company to fire CEO Ellen Pao reached more than 175,000 signatures over the weekend, Pao has issued an apology. The statement reads in part: "We screwed up. Not just on July 2, but also over the past several years. We haven't communicated well, and we have surprised moderators and the community with big changes. We have apologized and made promises to you, the moderators and the community, over many years, but time and again, we haven't delivered on them. When you've had feedback or requests, we haven't always been responsive. The mods and the community have lost trust in me and in us, the administrators of reddit. Today, we acknowledge this long history of mistakes. We are grateful for all you do for reddit, and the buck stops with me."

Read more of this story at Slashdot.

Slashdot: The DARPA Robotics Challenge Was a Bust; Let's Try Again

(posted on Tuesday July 07, 2015 at 03:18 AWST)

malachiorion writes: The DARPA Robotics Challenge, the biggest and most well-funded international robotics competition in years, was a failure. After years of grueling work on the part of brilliant roboticists around the world, and millions in funding from the Pentagon, the finals came and went with little to no coverage from the mainstream media. The only takeaway, for those who aren't extremely dialed into robotics, is that a ton of robots fell down in funny ways. There were winners, but considering how downgraded the tasks were, compared to the ones initially announced in 2012, it was closer to the first DARPA Grand Challenge, where none of the robot cars finished, than the Urban Challenge, which kicked off the race to build deployable driverless cars. So just as DARPA regrouped after that first fizzle of a race, here's my argument for Popular Science: It's time to do it again, and make falling, and getting up, mandatory.

Read more of this story at Slashdot.

Slashdot: Software Devs Leaving Greece For Good, Finance Minister Resigns

(posted on Tuesday July 07, 2015 at 02:35 AWST)

New submitter TheHawke writes with this story from ZDNet about the exodus of software developers from Greece. "In the last three years, almost 80 percent of my friends, mostly developers, left Greece," software developer Panagiotis Kefalidis told ZDNet. "When I left for North America, my mother was not happy, but... it is what it is." It's not just the software developers quitting either. The Greek Finance Minister Yanis Varoufakis also resigned. A portion of his resignation announcement reads: "Soon after the announcement of the referendum results, I was made aware of a certain preference by some Eurogroup participants, and assorted ‘partners’, for my ‘absence’ from its meetings; an idea that the Prime Minister judged to be potentially helpful to him in reaching an agreement. For this reason I am leaving the Ministry of Finance today."

Read more of this story at Slashdot.

Slashdot: Japanese and US Piloted Robots To Brawl For National Pride

(posted on Tuesday July 07, 2015 at 01:52 AWST)

jfruh writes: Japan may have just lost the Women's World Cup to the U.S., but the country is hoping for a comeback in another competition: a battle between giant robots. Suidobashi Heavy Industry has agreed to a challenge from Boston-based MegaBots that would involve titanic armored robots developed by each startup, the first of its kind involving piloted machines that are roughly 4 meters tall. "We can't let another country win this," Kogoro Kurata, who is CEO of Suidobashi, said in a video posted to YouTube. "Giant robots are Japanese culture."

Read more of this story at Slashdot.

Slashdot: Google's Waze Jumps Into the Ride-Sharing Business

(posted on Tuesday July 07, 2015 at 01:10 AWST)

An anonymous reader writes: Waze, the online mapping company owned by Google, is testing a ride-sharing service in Israel called RideWith. The service will allow commuters to pay drivers for rides to and from work. This is a hard limit — drivers can give no more than two rides per day. If the restriction remains after the initial test, it could be a simple way to avoid pseudo-professional drivers, and all the taxi-related legal problems that go with them (see: Uber). "RideWith calculates a cost based on the anticipated fuel consumption and 'depreciation' based on mileage, and the driver is free to accept or decline the ride accordingly." One can't help but speculate about future involvement with Google's autonomous car project.

Read more of this story at Slashdot.

Slashdot: Ask Slashdot: Have You Tried a Standing Desk?

(posted on Tuesday July 07, 2015 at 00:28 AWST)

An anonymous reader writes: Evidence is piling up that sitting down all day is really bad for you. I work primarily from home, and as I grow older, I'm starting to worry about long term consequences to riding a desk full-time. We talked about this a few years ago, but the science has come a long way since then, and so have the options for standing desks. My questions: do you use a standing desk? What kind of setup do you have? There are a lot of options, and a lot of manufacturers. Further studies have questioned the wisdom of standing all day, so I've been thinking about a standing/sitting combo, and just switching every so often. If you do this, do you have time limits or a particular frequency with which you change from sitting to standing? I'm also curious about under-desk treadmills — I could manage slowly walking during parts of my work, and the health benefits are easy to measure. Also, any ergonomic tips? A lot of places seem to recommend: forearms parallel to the ground, top of monitor at eye level, and a pad for under your feet. Has your experience been the same? Those of you who have gone all-out on a motorized setup, was it worth the cost? The desks are dropping in price, but I can still see myself dropping upward of $1k on this, easily.

Read more of this story at Slashdot.

Monday July 06, 2015

SC Magazine: APRA updates cloud guidance for banks

(posted on Monday July 06, 2015 at 15:12 AWST)

Stands firm against offshore, public cloud for systems of record.

EEV Blog: EEVblog #762 – How Secure Are Electronic Safe Locks?

EEV Blog (posted on Monday July 06, 2015 at 15:02 AWST)


How secure are electronic locks used on safes?
Dave tries a power line analysis attack on a standard La Gard (LG) 3740/3750 Basic electronic digital lock on a CMI home safe.
Can you crack an electronic digital safe lock with just a resistor and an oscilloscope?
All sorts of safe cracking techniques are discussed – thermal camera imaging, bumping, drilling, and spiking the solenoid.
And naturally there is a complete teardown of the La Gard lock and a demonstration on how it works.
And then Dave does something incredibly dumb, and has to fix it the old fashioned way, Hollywood style.
It’s a tail of epic fails and stunning wins.

Forum HERE

Brochure
ST ST62T25 OTP Microcontroller
AT93C46 EEPROM

Comments

DFES Media Releases: ​State Emergency Service Awards finalists announced

DFES Media Releases (posted on Monday July 06, 2015 at 13:33 AWST)

Content:

Volunteers who have made an invaluable contribution assisting communities throughout Western Australia have been named as finalists in this year’s State Emergency Service (SES) Awards.

The 2015 finalists were nominated for a variety of reasons, including dedicating hundreds of hours responding to the Northcliffe bushfire in February 2015 and Tropical Cyclone Olwyn in March 2015, delivering high quality training to fellow SES members and showing outstanding leadership skills. 

The awards recognise volunteers who have demonstrated excellence, dedication and innovation in their service to the SES and communities throughout the state. 

Fire and Emergency Services Commissioner Wayne Gregson said SES personnel are trusted and respected members of the community who give up their own time to help others in times of need.

SES volunteers are there 24 hours a day, seven days a week,” Commissioner Gregson said. 

During an emergency, they are the ones leaving their homes and families to help the community when everyone else is safe inside and out of harm’s way.

These dedicated men and women are to be commended for sacrificing their own time to help others in times of need.”

SES volunteers responded to more than 1400 requests for assistance across WA in the past year.

The SES Awards are an opportunity to thank and recognise not just this year’s finalists but the more than 2000 SES volunteers who have assisted during storms, cyclones, searches and rescues in the last year.

The winners will be announced at the State Emergency Service Awards Ceremony on Saturday 19 September as part of the Western Australian Fire and Emergency Services Conference.

The 2015 State Emergency Service Awards finalists are:

Peter Keillor Award:

Jane Campbell – Bayswater SES Unit

James Hines – Northshore SES Unit

Robyn Trainor – Bridgetown SES Unit

Team Achievement Award:

Manjimup SES Unit

Youth Achievement Award:

Kirsten Beidatch – Mount Barker SES Unit

Kyle McGann – Karratha SES Unit

For more information about the 2015 SES Awards, visit www.dfes.wa.gov.au/awards.

END

Media Contact: DFES Media and Corporate Communications 9225 5955

Publication Time: 6/07/2015 2:00 PM

DFES Media Releases: WA Firefighting Awards finalists take commitment to a new level

DFES Media Releases (posted on Monday July 06, 2015 at 13:34 AWST)

Content:

​The outstanding efforts of 13 career and volunteer firefighters have been recognised with the announcement of finalists for the prestigious Western Australian Firefighting Awards.

The 2015 finalists were nominated for a variety of reasons, including putting aside their own needs to help the community prepare and respond to Tropical Cyclone Olwyn which impacted the Midwest Gascoyne in March 2015, developing the Urban Search and Rescue (USAR) Canine Training program and leading brigades that travelled thousands of kilometres across the State to fight bushfires. 

The awards honour the achievements of fire and emergency services personnel who have excelled in their service to the community.  

Fire and Emergency Services Commissioner Wayne Gregson said while all firefighters possess a strong work ethic and a willingness to serve the community, the finalists announced today have taken that commitment to a new level.

These finalists have all shown a dedication to duty beyond expectation and have made significant personal contributions to firefighting and emergency response efforts in our State,” Commissioner Gregson said. 

“The awards are a way of acknowledging and thanking these outstanding men and women for their tremendous individual efforts to help keep Western Australians safe.”

The winners will be announced on Sunday 20 September at the Firefighting Awards Ceremony during the Western Australian Fire and Emergency Services Conference.

The 2015 Firefighting Awards finalists are:

Career Fire and Rescue Service Award:

Adam Bannister – District Officer Stirling 

Martin Cable – Kalgoorlie Fire Station

Serena Monks – Rockingham Fire Station

Murray Lang Bush Fire Service Award:

Michael Cave – Narpyn Volunteer Bush Fire Brigade (VBFB)

Sean Corbin – East Gidgegannup VBFB

Terri Kowal – Bunbury VBFB

Volunteer Fire and Emergency Services Award:

Fraser McGregor and Sandra Lymbery – Coral Bay Volunteer Emergency Service (VES)

Volunteer Fire and Rescue Service Award:

Eru and Tracy Hepi – Derby Volunteer Fire and Rescue Service (VFRS)

Deidre Marchese – Kambalda VFRS

Paul Williamson – Albany VFRS

Youth Achievement Award:

Nathan Garrington – East Swan VBFB

Matt Holland – Witchcliffe VFRS

Sarah Williamson – Carnarvon VFRS

For more information about the 2015 Firefighting Awards, visit www.dfes.wa.gov.au/awards.

END

Media Contact: DFES Media and Corporate Communications 9225 5955

Publication Time: 6/07/2015 2:00 PM

SC Magazine: Government exploit vendor hacked, client data exposed

(posted on Monday July 06, 2015 at 11:17 AWST)

Update: Australian agencies potentially compromised.

SC Magazine: NSW to revisit legal protection for personal privacy

(posted on Monday July 06, 2015 at 10:25 AWST)

Weighing up measures to protect against drones, revenge porn.

Latest Kernel Versions: 4.2-rc1: mainline

(posted on Monday July 06, 2015 at 02:02 AWST)

Version:4.2-rc1 (mainline)
Released:2015-07-05
Source:linux-4.2-rc1.tar.xz
PGP Signature:linux-4.2-rc1.tar.sign
Patch:patch-4.2-rc1.xz

Friday July 03, 2015

Linux Mint: How to upgrade to Linux Mint 17.2

(posted on Friday July 03, 2015 at 20:09 AWST)

It is now possible to upgrade the Cinnamon and MATE editions of Linux Mint 17 and Linux Mint 17.1 to version 17.2.

If you’ve been waiting for this I’d like to thank you for your patience.

Upgrade for a reason

“If it ain’t broke, don’t fix it”.

You might want to upgrade to 17.2 because some bug that annoys you is fixed or because you want to get some of the new features. In any case, you should know why you’re upgrading.

As excited as we are about 17.2, upgrading blindly for the sake of running the latest version does not make much sense, especially if you’re already happy and everything is working perfectly.

Make sure to read the release notes and to known the new features so you have all the information you need before deciding whether you want to upgrade.

Be selective with updates

Upgrading to 17.2 will upgrade to Rafaela of course, but also apply all level 1 updates for you.

You do not need to apply level 2, 3, 4 or 5 updates to upgrade to the new version of Linux Mint, and doing so won’t apply these for you.

Level 4 and 5 updates are not recommended unless they bring solutions to issues you’re facing. Level 3 updates should be applied selectively and with precautions.

Enjoy

Upgrading to 17.2 is relatively easy:

In the Update Manager, click on the Refresh button to check for any new version of mintupdate and mint-upgrade-info. If there are updates for these packages, apply them.

Launch the System Upgrade by clicking on “Edit->Upgrade to Linux Mint 17.2 Rafaela”.

Follow the instructions on the screen.

Once the upgrade is finished, reboot your computer.

Additional info

  • The same upgrade path will be available for the Xfce and KDE editions, after they are released as stable 17.2.
  • Although Linux Mint 17.2 features a newer kernel, this upgrade does not change the kernel on your behalf. This is a decision only you should take. Should you decide to upgrade to 17.2’s recommended kernel you can do so by applying the “linux-kernel-generic” update, post-upgrade.
  • Your grub menu won’t be automatically updated on your behalf. After you rebooted the computer, you can trigger that update with the following command: “sudo update-grub”.

Comments

Rusty Russell: Wrapper for running perf on part of a program.

(posted on Friday July 03, 2015 at 11:19 AWST)

Linux’s perf competes with early git for title of least-friendly Linux tool.  Because it’s tied to kernel versions, and the interfaces changes fairly randomly, you can never figure out how to use the version you need to use (hint: always use -g).

But when it works, it’s very useful.  Recently I wanted to figure out where bitcoind was spending its time processing a block; because I’m a cool kid, I didn’t use gprof, I used perf.  The problem is that I only want information on that part of bitcoind.  To start with, I put a sleep(30) and a big printf in the source, but that got old fast.

Thus, I wrote “perfme.c“.  Compile it (requires some trivial CCAN headers) and link perfme-start and perfme-stop to the binary.  By default it runs/stops perf record on its parent, but an optional pid arg can be used for other things (eg. if your program is calling it via system(), the shell will be the parent).

Comments

pfSense: filesystem corruption: closed

(posted on Friday July 03, 2015 at 08:56 AWST)

Today our upstream, FreeBSD accepted our patch to fix the corruption / truncation issue we identified.  Some additional details are here and here.   In particular, the details on the second link show how we went about recreating the issue, and then testing it to ensure that the bug is really fixed.

It’s taken a few months to first reproduce, then fix the issue.  After we had identified the cause, I wrote to  Kirk McKusick, who knows UFS better than anyone.  Kirk explained the situation thus:

What is happening is that the files in question are being truncated then rewritten with new contents. SU ensures that after the truncation they will either show the correct new result or be zero length. Absent SU they can show up claiming the unwritten blocks which is why you see random data. Marking the filesystems sync should fix the problem as you will not have the (up to) two minute gap between the write and the data being flushed to disk.

Indeed, mounting the filesystem “sync” does fix the issue, which is why we made the change to pfSense 2.2.3. We knew that we needed more time to test before pronouncing the issue fixed without impacting performance.  It’s better to have a safe, stable system than one that can corrupt itself on the next reboot.

Many applications write or re-write configuration files or other files that are critical for the operation of the system after a reboot (due to power failure or just a reboot.)  Applications that are properly written take these steps to ensure stability of the system:

  1. write the new file to a temporary name.
  2. fsync newly written file, (or mark the descriptor for direct I/O before writing.)
  3. close the file.
  4. rename temporary file to the file that is being updated.

To significantly close the window, you can fsync the enclosing the directory.  For master.passwd(5)group(5), pwd.db and spwd.db, the enclosing directory is /etc.   So this is exactly what the patch does for both the libc routines that access the group and master.passwd file, and the pwd_mkdb(8) command, which generates pwd.db and spwd.db.

The rest of the patch ensures that master.passwd(5) is always opened such that writes to it are written to the underlying media, and fixes a bug we noted in the pw_util(3) man page.  Similar patches are being developed for cap_mkdb(1) and services_mkdb(8).

I will note that we have tested the result of these patches on filesystems with and without soft updates (SU), as well as soft-updates with journaling (SU+J), and all meet with success.

I’d like to offer thanks to the team here (Renato, Jim Pingle, Chris, Matt, SteveW) as well as Luiz Souza (loos@), George Neville-Neil (gnn@), Baptiste Daroussin (bapt@), and Kirk McKusick, all of whom provided assistance.

Someone on a project which forked pfSense claimed only yesterday:

We’ve discussed this a couple more times internally and have come to the conclusion that this issue is not fixable, or at least not in the way it has been presented and discussed. While it’s true that “sync” completely circumvents the issue, it seems that UFS has gotten a lot more error prone in FreeBSD 10 because of a yet to be discovered regression.  We do not intend to switch our installs to “sync” or use journaling on top of soft updates.

Some free advice: If you don’t understand the system, don’t attempt to disguise your lack of knowledge with infantile rambling, and anyone who thinks ext2 is an appropriate primary filesystem for FreeBSD has questionable motives and poor taste.

Comments

Wednesday July 01, 2015

Drupal Contrib Security: Views Bulk Operations - Moderately critical - Access Bypass - SA-CONTRIB-2015-131

(posted on Wednesday July 01, 2015 at 23:35 AWST)

Description

The Views Bulk Operations module enables you to add bulk operations to administration views, executing actions on multiple selected rows.

The module doesn't sufficiently guard user entities against unauthorized modification. If a user has access to a user account listing view with VBO enabled (such as admin/people when the administration_views module is used), they will be able to edit their own account and give themselves a higher role (such as "administrator") even if they don't have the "'administer users'" permission.

This vulnerability is mitigated by the fact that an attacker must have access to such a user listing page and that the bulk operation for changing Roles is enabled.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Views Bulk Operations 7.x-3.x versions prior to 7.x-3.3.
  • Views Bulk Operations 6.x-1.x versions.

Drupal core is not affected. If you do not use the contributed Views Bulk Operations (VBO) module, there is nothing you need to do.

Solution

Install the latest version:

  • If you use the Views Bulk Operations module for Drupal 7.x, upgrade to Views Bulk Operations 7.x-3.3
  • If you use the Views Bulk Operations module for Drupal 6.x, uninstall the module.

Also see the Views Bulk Operations (VBO) project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 

Drupal Contrib Security: Migrate - Less critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-130

(posted on Wednesday July 01, 2015 at 23:21 AWST)

Description

This module enables you to manage migration processes through the administrative UI.

The module doesn't sufficiently sanitize destination field labels thereby exposing a Cross Site Scripting vulnerability (XSS).

This vulnerability is mitigated by the fact that an attacker must have a role
with permission to create/edit fields (such as "administer taxonomy"), or be able to modify source data being imported by an administrator. Furthermore, the migrate_ui submodule must be enabled.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Migrate 7.x-2.x versions prior to 7.x-2.8.

Drupal core is not affected. If you do not use the contributed Migrate module, there is nothing you need to do.

Solution

Install the latest version:

  • If you use the migrate module's migrate_ui submodule for Drupal 7.x, upgrade to Migrate 7.x-2.8

Also see the Migrate project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 

EEV Blog: EEVblog #761 – Pebble Time Smartwatch Teardown

EEV Blog (posted on Wednesday July 01, 2015 at 21:55 AWST)


What’s inside the new Pebble Time Smartwatch?
Dave does a teardown after taking it through the torture test, and gives it a close up view with the Tagarno microscope.
How easy is it to disassemble and replace the battery?
How much do the components cost?
What is the manufacturing quality like?
How does the Bluetooth antenna work?
Forum HERE

Comments

EEV Blog: EEVblog #760 – Pebble Time Smartwatch Torture Test!

EEV Blog (posted on Wednesday July 01, 2015 at 21:51 AWST)


Dave takes the new Pebble Time Smartwatch through the 2015 Tough Bloke Challenge in Sydney. 8km of mud, water, and obstacles. Will it survive?
Unfair test? – Yes
Fun? – Hell yes!
Teardown VIDEO
Unboxing & Review VIDEO
Forum HERE

Comments

OpenBSD Journal: Out With the Old, in With the New

OpenBSD Journal (posted on Wednesday July 01, 2015 at 20:25 AWST)

Ted Unangst (tedu@) has given out a blog post detailing some of the recent work going into OpenBSD:

Notes and thoughts on various OpenBSD replacements and reductions. Existing functionality and programs are frequently rewritten and replaced for the sake of simplicity or security or whatever it is that OpenBSD is all about. This process has been going on for some time, of course, but some recent activity is worth highlighting.

Read more...

Monday July 06, 2015

OpenBSD Journal: Call for Testing: Valgrind on OpenBSD

OpenBSD Journal (posted on Monday July 06, 2015 at 20:21 AWST)

Masao Uebayashi (uebayasi@) has given us a call for testing cleverly disguised as a quick how-to on using valgrind natively on OpenBSD:
  • Use the latest OpenBSD/amd64 and devel/valgrind (valgrind-3.10.1p5).
  • Dynamically link your target program.
    • Valgrind overrides some functions (alloc, free, string, memory) in libc using $LD_PRELOAD.
  • Embed symbols (cc -g).
    • Otherwise Valgrind reports problems using symbols.
Read more...

Wednesday July 01, 2015

Linux Australia: Linux Australia council meeting minutes to be published on the planet

(posted on Wednesday July 01, 2015 at 09:36 AWST)

Wed, 2015-07-01 11:33

Last fortnight the Linux Australia council resolved to begin publishing their minutes to planet.linux.org.au.

While meeting minutes may seem boring, they in fact contain a lot of useful and interesting information about what the organisation and its various subcommittees are up to. As such we felt that this was useful information to publish wider and starting from now we'll be publishing them to the planet.

If you are interested in previous meetings and minute notes, you can find them at http://linux.org.au/news

Tuesday June 30, 2015

Linux Mint: Linux Mint 17.2 “Rafaela” MATE released!

(posted on Tuesday June 30, 2015 at 18:58 AWST)

The team is proud to announce the release of Linux Mint 17.2 “Rafaela” MATE.

Linux Mint 17.2 Rafaela MATE Edition

Linux Mint 17.2 is a long term support release which will be supported until 2019. It comes with updated software and brings refinements and many new features to make your desktop even more comfortable to use.

New features at a glance:

For a complete overview and to see screenshots of the new features, visit: “What’s new in Linux Mint 17.2 MATE“.

Important info:

To be aware of issues and read about explanations and possible solutions related to this release, visit: “Release Notes for Linux Mint 17.2 MATE

System requirements:

  • 512MB RAM (1GB recommended for a comfortable usage).
  • 9GB of disk space (20GB recommended).
  • Graphics card capable of 800×600 resolution (1024×768 recommended).
  • DVD drive or USB port.

Notes:

  • The 64-bit ISO can boot with BIOS or UEFI.
  • The 32-bit ISO can only boot with BIOS.
  • The 64-bit ISO is recommend for all modern computers (Almost all computers sold in the last 10 years are equipped with 64-bit processors).

Upgrade instructions:

  • If you want to upgrade from Linux Mint 17.2 RC, simply launch the Update Manager and install any Level 1 update available.
  • If you want to upgrade from Linux Mint 17 or Linux Mint 17.1, please wait for a few days while we release a new version of the Update Manager to you. In the meantime, you do not need to download or to reinstall anything. We’ll make announcements next week when this is ready.

Download:Md5 sum:

Torrents:

HTTP Mirrors for the 32-bit DVD ISO:

HTTP Mirrors for the 64-bit DVD ISO:

Alternative downloads:

No-codecs images:

Distributors and magazines in Japan, USA and countries where distributing media codecs is problematic can use the “No Codecs” ISO images.  These images will be made available next week, for both the MATE and Cinnamon edition in 32-bit and 64-bit at the following address:

http://www.linuxmint.com/release.php?id=25

OEM images:

Manufacturers can pre-install Linux Mint on their computers using the OEM installation images. These images will be made available next week, for both the MATE and Cinnamon edition in 64-bit at the following address:

http://www.linuxmint.com/release.php?id=25

Enjoy!

We look forward to receiving your feedback. Thank you for using Linux Mint and have a lot of fun with this new release!

Comments

Linux Mint: Linux Mint 17.2 “Rafaela” Cinnamon released!

(posted on Tuesday June 30, 2015 at 18:58 AWST)

The team is proud to announce the release of Linux Mint 17.2 “Rafaela” Cinnamon.

Linux Mint 17.2 Rafaela Cinnamon Edition

Linux Mint 17.2 is a long term support release which will be supported until 2019. It comes with updated software and brings refinements and many new features to make your desktop even more comfortable to use.

New features at a glance:

To be aware of issues and read about explanations and possible solutions related to this release, visit: “Release Notes for Linux Mint 17.2 Cinnamon

System requirements:

  • 512MB RAM (1GB recommended for a comfortable usage).
  • 9GB of disk space (20GB recommended).
  • Graphics card capable of 800×600 resolution (1024×768 recommended).
  • DVD drive or USB port.

Notes:

  • The 64-bit ISO can boot with BIOS or UEFI.
  • The 32-bit ISO can only boot with BIOS.
  • The 64-bit ISO is recommend for all modern computers (Almost all computers sold in the last 10 years are equipped with 64-bit processors).

Upgrade instructions:

  • If you want to upgrade from Linux Mint 17.2 RC, simply launch the Update Manager and install any Level 1 update available.
  • If you want to upgrade from Linux Mint 17 or Linux Mint 17.1, please wait for a few days while we release a new version of the Update Manager to you. In the meantime, you do not need to download or to reinstall anything. We’ll make announcements next week when this is ready.

Download:

Md5 sum:

Torrents:

HTTP Mirrors for the 32-bit DVD ISO:

HTTP Mirrors for the 64-bit DVD ISO:

Alternative downloads:

No-codecs images:

Distributors and magazines in Japan, USA and countries where distributing media codecs is problematic can use the “No Codecs” ISO images.  These images will be made available next week, for both the MATE and Cinnamon edition in 32-bit and 64-bit at the following address:

http://www.linuxmint.com/release.php?id=25

OEM images:

Manufacturers can pre-install Linux Mint on their computers using the OEM installation images. These images will be made available next week, for both the MATE and Cinnamon edition in 64-bit at the following address:

http://www.linuxmint.com/release.php?id=25

Enjoy!

We look forward to receiving your feedback. Thank you for using Linux Mint and have a lot of fun with this new release!

Comments

EEV Blog: EEVblog #759 – Mailbag

EEV Blog (posted on Tuesday June 30, 2015 at 08:41 AWST)


A big mailbag episode, getting through lots of backlog.
P.S. Yes I failed to twig to the cordless ESD strap. Will have to do a video debunking this!
Forum HERE

SPOILERS:
NicaDrone EPM688 OpenGrab Electro Permanent Magnet
For UAV/drone payload pickup

Fused USB to UART adapter (FTDI-Free)

A PCB designed in AutoCAD.
Freescale tower system modular development platform

Perf prototype board

Pulsed Light laser LIDAR module

A fun FAIL button, and a whole lot more.

Comments

Latest Kernel Versions: 4.1.1: stable

(posted on Tuesday June 30, 2015 at 03:55 AWST)

Version:4.1.1 (stable)
Released:2015-06-29
Source:linux-4.1.1.tar.xz
PGP Signature:linux-4.1.1.tar.sign
Patch:patch-4.1.1.xz
ChangeLog:ChangeLog-4.1.1

Latest Kernel Versions: 4.0.7: stable

(posted on Tuesday June 30, 2015 at 03:29 AWST)

Version:4.0.7 (stable)
Released:2015-06-29
Source:linux-4.0.7.tar.xz
PGP Signature:linux-4.0.7.tar.sign
Patch:patch-4.0.7.xz (Incremental)
ChangeLog:ChangeLog-4.0.7

Monday June 29, 2015

EEV Blog: Mystery Keysight Unboxing

EEV Blog (posted on Monday June 29, 2015 at 21:06 AWST)


Comments

OpenBSD Journal: Handling Leap Seconds the OpenBSD Way

OpenBSD Journal (posted on Monday June 29, 2015 at 04:17 AWST)

Christian Weisberger (naddy@) let us all know what we need to do to prepare for the impending leap second:

As you may have heard, a leap second will be upon us at 23:59:60
UTC on June 30.

The sky will fall, civilization will end, and dinosaurs will roam
the earth again.  Well, maybe not.

Neither the OpenBSD kernel nor OpenNTPD handle leap seconds in any
way.  So what will happen?
Read more...

Latest Kernel Versions: 3.18.17: longterm

(posted on Monday June 29, 2015 at 01:41 AWST)

Version:3.18.17 (longterm)
Released:2015-06-28
Source:linux-3.18.17.tar.xz
PGP Signature:linux-3.18.17.tar.sign
Patch:patch-3.18.17.xz (Incremental)
ChangeLog:ChangeLog-3.18.17

Saturday July 04, 2015

Latest Kernel Versions: 3.14.47: longterm

(posted on Saturday July 04, 2015 at 10:49 AWST)

Version:3.14.47 (longterm)
Released:2015-07-04
Source:linux-3.14.47.tar.xz
PGP Signature:linux-3.14.47.tar.sign
Patch:patch-3.14.47.xz (Incremental)
ChangeLog:ChangeLog-3.14.47

Friday June 26, 2015

DFES Media Releases: Fire and Emergency Services Commissioner honoured by recognition

DFES Media Releases (posted on Friday June 26, 2015 at 15:11 AWST)

Content:

Fire and Emergency Services Commissioner Wayne Gregson has today been named the 2015 Murdoch University Leader of the Year working in State or Federal Government at the Institute of Public Administration Australia WA Awards in Perth. 

The award recognises Commissioner Gregson’s excellence in leadership in public administration and his achievements driving significant strategic change at the Department of Fire and Emergency Services (DFES).

Commissioner Gregson said he was honoured to be recognised and acknowledged the huge volume of work being undertaken by DFES personnel to achieve widespread reforms.

“It is a tremendous honour to receive this award which ultimately recognises the work everyone at DFES is doing to reshape our organisation and better serve the Western Australian community,” he said.

“I am privileged to be leading a team of truly committed and dedicated people, both staff and volunteers, who work incredibly hard to protect and serve our community.” 

Commissioner Gregson was appointed Chief Executive Officer of the former Fire and Emergency Services Authority (FESA) in September 2011 for a 12-month period. He was appointed Commissioner upon the formation of the Department of Fire and Emergency Services on 1 November 2012.

Since then, Commissioner Gregson has led a major reform program beginning with a refocus towards supporting frontline services, the implementation of a 12-year strategic plan and increasing transparency, accountability and collaboration.

Commissioner Gregson was nominated for the award by his colleagues for the individual excellence he has displayed in leading cultural and organisational change at DFES. 

END

Media Contact: DFES Media and Corporate Communications 9225 5955

Publication Time: 26/06/2015 3:00 PM